public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/net/netfilter
History
Julian Anastasov 6fcc02e3c2 ipvs: fix check on xmit to non-local addresses 
There is mistake in the rt_mode_allow_non_local assignment.
It should be used to check if sending to non-local addresses is
allowed, now it checks if local addresses are allowed.

As local addresses are allowed for most of the cases, the only
places that are affected are for traffic to transparent cache
servers:

- bypass connections when cache server is not available
- related ICMP in FORWARD hook when sent to cache server

Fixes: 4a4739d56b ("ipvs: Pull out crosses_local_route_boundary logic")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-06-04 18:28:47 +02:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
ipvs ipvs: fix check on xmit to non-local addresses 2018-06-04 18:28:47 +02:00
core.c netfilter: core: add missing __rcu annotation 2018-05-08 14:15:30 +02:00
Kconfig netfilter: fix CONFIG_NF_REJECT_IPV6=m link error 2018-04-16 17:47:25 +02:00
Makefile netfilter: nf_tables: build-in filter chain type 2018-03-30 11:29:19 +02:00
nf_conncount.c netfilter: conncount: Support count only use case 2018-03-20 13:27:18 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c
nf_conntrack_broadcast.c netfilter: nf_conntrack_broadcast: remove useless parameter 2018-03-05 23:15:43 +01:00
nf_conntrack_core.c net: Remove rtnl_lock() in nf_ct_iterate_destroy() 2018-03-29 13:47:54 -04:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: nf_conntrack_sip: allow duplicate SDP expectations 2018-04-09 17:05:27 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c netfilter: Fix handling simultaneous open in TCP conntrack 2018-04-27 00:39:29 +02:00
nf_conntrack_proto_udp.c
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: allow duplicate SDP expectations 2018-04-09 17:05:27 +02:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c
nf_flow_table.c netfilter: nf_flow_offload: fix use-after-free and a resource leak 2018-02-07 11:55:52 +01:00
nf_flow_table_inet.c netfilter: nf_tables: fix flowtable free 2018-02-07 00:58:57 +01:00
nf_internals.h
nf_log.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_log_common.c
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c
nf_nat_core.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: nat: cope with negative port range 2018-02-14 21:05:40 +01:00
nf_nat_proto_dccp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_unknown.c
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_synproxy_core.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_tables_api.c netfilter: nf_tables: check msg_type before nft_trans_set(trans) 2018-06-01 10:14:51 +02:00
nf_tables_core.c netfilter: nf_tables: disable preemption in nft_update_chain_stats() 2018-05-29 00:10:03 +02:00
nf_tables_trace.c
nfnetlink.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfnetlink_acct.c netfilter: provide correct argument to nla_strlcpy() 2018-05-24 00:52:35 +02:00
nfnetlink_cthelper.c netfilter: provide correct argument to nla_strlcpy() 2018-05-24 00:52:35 +02:00
nfnetlink_cttimeout.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfnetlink_log.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfnetlink_queue.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nft_bitwise.c
nft_byteorder.c
nft_chain_filter.c netfilter: nf_tables: build-in filter chain type 2018-03-30 11:29:19 +02:00
nft_cmp.c
nft_compat.c netfilter: nft_compat: fix handling of large matchinfo size 2018-05-09 10:09:27 +02:00
nft_counter.c
nft_ct.c netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() 2018-05-17 13:03:46 +02:00
nft_dup_netdev.c
nft_dynset.c netfilter: nf_tables: rename to nft_set_lookup_global() 2018-03-30 11:29:20 +02:00
nft_exthdr.c
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nft_flow_offload: move flowtable cleanup routines to nf_flow_table 2018-02-07 00:58:57 +01:00
nft_fwd_netdev.c
nft_hash.c
nft_immediate.c netfilter: nf_tables: bogus EBUSY in chain deletions 2018-05-09 10:09:30 +02:00
nft_limit.c netfilter: nft_limit: fix packet ratelimiting 2018-05-23 09:50:28 +02:00
nft_log.c
nft_lookup.c netfilter: nf_tables: rename to nft_set_lookup_global() 2018-03-30 11:29:20 +02:00
nft_masq.c
nft_meta.c netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval 2018-05-23 09:29:05 +02:00
nft_nat.c
nft_numgen.c
nft_objref.c netfilter: nf_tables: rename to nft_set_lookup_global() 2018-03-30 11:29:20 +02:00
nft_payload.c
nft_queue.c
nft_quota.c
nft_range.c
nft_redir.c
nft_reject.c
nft_reject_inet.c
nft_rt.c
nft_set_bitmap.c
nft_set_hash.c netfilter: nf_tables: meter: pick a set backend that supports updates 2018-03-20 13:52:10 +01:00
nft_set_rbtree.c
utils.c
x_tables.c netfilter: x_tables: check name length in find_match/target, too 2018-04-27 00:40:11 +02:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CHECKSUM.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: get rid of xt_cluster_ipv6_is_multicast 2018-03-05 23:15:43 +01:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: Refactor nf_conncount 2018-03-20 13:27:17 +01:00
xt_connmark.c netfilter: xt_connmark: do not cast xt_connmark_tginfo1 to xt_connmark_tginfo2 2018-04-19 16:19:28 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: xt_CT: Reject the non-null terminated string from user space 2018-06-01 10:14:51 +02:00
xt_dccp.c
xt_devgroup.c
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_NETMAP.c
xt_nfacct.c netfilter: nfnetlink_acct: remove useless parameter 2018-03-05 23:15:43 +01:00
xt_NFLOG.c
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c
xt_owner.c
xt_physdev.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_RATEEST.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_set.c netfilter: xt_set: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_socket.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: Rework xt_TEE netdevice notifier 2018-03-30 10:59:23 -04:00
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_TPROXY.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TRACE.c
xt_u32.c