iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Phil Oester affe759dba netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 
As reported by Casper Gripenberg, in a bridged setup, using ip[6]t_REJECT
with the tcp-reset option sends out reset packets with the src MAC address
of the local bridge interface, instead of the MAC address of the intended
destination.  This causes some routers/firewalls to drop the reset packet
as it appears to be spoofed.  Fix this by bypassing ip[6]_local_out and
setting the MAC of the sender in the tcp reset packet.

This closes netfilter bugzilla #531.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-08-28 00:13:12 +02:00
..
netfilter
netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged
2013-08-28 00:13:12 +02:00
af_inet.c
gro: remove a sparse error
2013-06-12 15:03:24 -07:00
ah4.c
ipv4: properly refresh rtable entries on pmtu/redirect events
2013-06-03 00:07:42 -07:00
arp.c
arp: flush arp cache on IFF_NOARP change
2013-05-28 13:11:02 -07:00
cipso_ipv4.c
cipso: don't follow a NULL pointer when setsockopt() is called
2012-07-18 09:01:12 -07:00
datagram.c
ipv4: Add a socket release callback for datagram sockets
2013-01-21 14:17:05 -05:00
devinet.c
net: igmp: Allow user-space configuration of igmp unsolicited report interval
2013-08-09 11:27:46 -07:00
esp4.c
net: esp{4,6}: fix potential MTU calculation overflows
2013-08-05 12:26:50 -07:00
fib_frontend.c
netlink: fix splat in skb_clone with large messages
2013-06-27 22:44:16 -07:00
fib_lookup.h
ipv4: Fix nexthop caching wrt. scoping.
2011-03-24 18:06:47 -07:00
fib_rules.c
fib_rules: fix suppressor names and default values
2013-08-03 10:40:23 -07:00
fib_semantics.c
ipv4: use next hop exceptions also for input routes
2013-06-28 21:27:47 -07:00
fib_trie.c
fib_trie: remove potential out of bound access
2013-08-05 15:26:11 -07:00
gre_demux.c
net: gre: move GSO functions to gre_offload
2013-07-03 14:37:39 -07:00
gre_offload.c
gso: Update tunnel segmentation to support Tx checksum offload
2013-07-11 12:18:49 -07:00
icmp.c
icmp: avoid allocating large struct on stack
2013-06-03 00:28:44 -07:00
igmp.c
net: igmp: Allow user-space configuration of igmp unsolicited report interval
2013-08-09 11:27:46 -07:00
inet_connection_sock.c
tcp: Remove TCPCT
2013-03-17 14:35:13 -04:00
inet_diag.c
netlink: rename ssk to sk in struct netlink_skb_params
2013-04-19 14:57:56 -04:00
inet_fragment.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2013-07-09 18:24:39 -07:00
inet_hashtables.c
inet: fix spacing in assignment
2013-07-11 12:02:39 -07:00
inet_lro.c
ipv4: replace ip_fast_csum with csum_replace2
2013-03-15 09:12:25 -04:00
inet_timewait_sock.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
inetpeer.c
Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
2012-10-02 09:54:49 -07:00
ip_forward.c
ipv4: introduce rt_uses_gateway
2012-10-08 17:42:36 -04:00
ip_fragment.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-04-22 20:32:51 -04:00
ip_gre.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-08-16 15:37:26 -07:00
ip_input.c
net: add SNMP counters tracking incoming ECN bits
2013-08-08 22:24:59 -07:00
ip_options.c
net/ipv4: Ensure that location of timestamp option is stored
2013-03-12 05:35:39 -04:00
ip_output.c
ipv4: ip_output: remove inline marking of EXPORT_SYMBOL functions
2013-05-11 16:12:44 -07:00
ip_sockglue.c
net: prevent setting ttl=0 via IP_TTL
2013-01-08 17:57:10 -08:00
ip_tunnel_core.c
ip_tunnel: Do not use inner ip-header-id for tunnel ip-header-id.
2013-08-13 16:52:50 -07:00
ip_tunnel.c
ipip: potential race in ip_tunnel_init_net()
2013-08-25 18:39:59 -04:00
ip_vti.c
ipip: add x-netns support
2013-08-15 01:00:20 -07:00
ipcomp.c
ipv4: properly refresh rtable entries on pmtu/redirect events
2013-06-03 00:07:42 -07:00
ipconfig.c
ipconfig: add informative timeout messages while waiting for carrier
2013-04-02 14:35:33 -04:00
ipip.c
ipip: add x-netns support
2013-08-15 01:00:20 -07:00
ipmr.c
ipmr: change the prototype of ip_mr_forward().
2013-07-23 17:01:05 -07:00
Kconfig
Kconfig: remove dangling references to the deleted file
2013-06-04 15:17:39 -07:00
Makefile
net: gre: move GSO functions to gre_offload
2013-07-03 14:37:39 -07:00
netfilter.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
ping.c
net: proc_fs: trivial: print UIDs as unsigned int
2013-08-15 14:37:46 -07:00
proc.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-08-16 15:37:26 -07:00
protocol.c
ipv4: Disallow non-namespace aware protocols to register.
2013-02-05 14:42:23 -05:00
raw.c
net: proc_fs: trivial: print UIDs as unsigned int
2013-08-15 14:37:46 -07:00
route.c
ipv4: raise IP_MAX_MTU to theoretical limit
2013-08-20 15:05:04 -07:00
syncookies.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-04-22 20:32:51 -04:00
sysctl_net_ipv4.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-08-03 21:36:46 -07:00
tcp_bic.c
tcp: fix undo after RTO for BIC
2012-01-20 14:17:26 -05:00
tcp_cong.c
tcp: remove Appropriate Byte Count support
2013-02-05 14:51:16 -05:00
tcp_cubic.c
tcp: cubic: fix bug in bictcp_acked()
2013-08-07 10:35:08 -07:00
tcp_diag.c
inet_diag: Rename inet_diag_req into inet_diag_req_v2
2012-01-11 12:56:06 -08:00
tcp_fastopen.c
tcp: add server ip to encrypt cookie in fast open
2013-08-10 00:35:33 -07:00
tcp_highspeed.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_htcp.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_hybla.c
tcp: bool conversions
2012-05-17 14:59:59 -04:00
tcp_illinois.c
net: fix divide by zero in tcp algorithm illinois
2012-11-01 11:55:59 -04:00
tcp_input.c
tcp: increase throughput when reordering is high
2013-08-22 14:39:46 -07:00
tcp_ipv4.c
tcp: trivial: Remove nocache argument from tcp_v4_send_synack
2013-08-20 15:05:04 -07:00
tcp_lp.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
tcp_memcontrol.c
net: tcp_memcontrol: minor: remove unused variable
2013-04-14 15:41:49 -04:00
tcp_metrics.c
tcp: do not expire TCP fastopen cookies
2013-05-05 16:58:02 -04:00
tcp_minisocks.c
tcp: consolidate SYNACK RTT sampling
2013-07-22 17:53:42 -07:00
tcp_offload.c
net: tcp: move GRO/GSO functions to tcp_offload
2013-06-07 14:39:05 -07:00
tcp_output.c
tcp: TCP_NOTSENT_LOWAT socket option
2013-07-24 17:54:48 -07:00
tcp_probe.c
net: tcp_probe: allow more advanced ingress filtering by mark
2013-08-27 15:53:34 -04:00
tcp_scalable.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_timer.c
tcp: refactor F-RTO
2013-03-21 11:47:50 -04:00
tcp_vegas.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_westwood.c
tcp: refactor F-RTO
2013-03-21 11:47:50 -04:00
tcp_yeah.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
tcp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-08-26 16:37:08 -04:00
tunnel4.c
net: Convert printks to pr_<level>
2012-03-11 23:42:51 -07:00
udp_diag.c
netlink: rename ssk to sk in struct netlink_skb_params
2013-04-19 14:57:56 -04:00
udp_impl.h
ipv4: fix checkpatch errors
2012-04-15 12:37:19 -04:00
udp_offload.c
net: udp4: move GSO functions to udp_offload
2013-06-12 00:47:25 -07:00
udp.c
net: proc_fs: trivial: print UIDs as unsigned int
2013-08-15 14:37:46 -07:00
udplite.c
net: ipv4: Standardize prefixes for message logging
2012-03-12 17:05:21 -07:00
xfrm4_input.c
net: Add skb_unclone() helper function.
2013-02-15 15:10:37 -05:00
xfrm4_mode_beet.c
ipsec: be careful of non existing mac headers
2012-02-23 16:50:45 -05:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm: allow to avoid copying DSCP during encapsulation
2013-03-06 07:02:45 +01:00
xfrm4_output.c
xfrm4: Don't call icmp_send on local error
2011-07-01 17:33:19 -07:00
xfrm4_policy.c
xfrm: make gc_thresh configurable in all namespaces
2013-02-06 11:36:29 +01:00
xfrm4_state.c
net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules
2011-10-31 19:30:30 -04:00
xfrm4_tunnel.c
sit: add IPv4 over IPv4 support
2013-05-31 17:19:05 -07:00