iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Florian Westphal e3b5e1ec75 Revert "netfilter: x_tables: ensure last rule in base chain matches underflow/policy" 
This reverts commit 0d7df906a0e78079a02108b06d32c3ef2238ad25.

Valdis Kletnieks reported that xtables is broken in linux-next since
0d7df906a0e78  ("netfilter: x_tables: ensure last rule in base chain
matches underflow/policy"), as kernel rejects the (well-formed) ruleset:

[   64.402790] ip6_tables: last base chain position 1136 doesn't match underflow 1344 (hook 1)

mark_source_chains is not the correct place for such a check, as it
terminates evaluation of a chain once it sees an unconditional verdict
(following rules are known to be unreachable). It seems preferrable to
fix libiptc instead, so remove this check again.

Fixes: 0d7df906a0e78 ("netfilter: x_tables: ensure last rule in base chain matches underflow/policy")
Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-03-30 12:20:32 +02:00
..
ila
net: Convert ila_net_ops
2018-02-27 11:01:39 -05:00
netfilter
Revert "netfilter: x_tables: ensure last rule in base chain matches underflow/policy"
2018-03-30 12:20:32 +02:00
addrconf_core.c
net: ipv6: Make inet6addr_validator a blocking notifier
2017-10-20 13:15:07 +01:00
addrconf.c
ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses
2018-03-01 13:43:06 -05:00
addrlabel.c
net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops
2018-02-19 14:19:11 -05:00
af_inet6.c
net: Convert inet6_net_ops
2018-02-19 14:19:09 -05:00
ah6.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-11-15 11:56:19 -08:00
anycast.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
calipso.c
net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
datagram.c
net: ipv6: Allow connect to linklocal address from socket bound to vrf
2018-01-08 14:11:18 -05:00
esp6_offload.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-01-23 13:51:56 -05:00
esp6.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-01-17 00:10:42 -05:00
exthdrs_core.c
inet: whitespace cleanup
2018-02-28 11:43:28 -05:00
exthdrs_offload.c
ipv6: fix exthdrs offload registration in out_rt path
2015-09-02 15:31:00 -07:00
exthdrs.c
ipv6: sr: fix TLVs not being copied using setsockopt
2018-01-10 16:03:55 -05:00
fib6_notifier.c
net: Add module reference to FIB notifiers
2017-09-01 20:33:42 -07:00
fib6_rules.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
fou6.c
fou: make local function static
2017-05-21 13:42:36 -04:00
icmp.c
net/ipv6: Add support for path selection using hash of 5-tuple
2018-03-04 13:04:23 -05:00
inet6_connection_sock.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-01-28 10:33:06 -05:00
inet6_hashtables.c
inet: Add a 2nd listener hashtable (port+addr)
2017-12-03 10:18:28 -05:00
ip6_checksum.c
udplite: fix partial checksum initialization
2018-02-16 15:57:42 -05:00
ip6_fib.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
ip6_flowlabel.c
net: Convert ip6_flowlabel_net_ops
2018-02-19 14:19:11 -05:00
ip6_gre.c
gre: add sequence number for collect md mode.
2018-03-04 18:35:02 -05:00
ip6_icmp.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip6_input.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-04-20 10:35:33 -04:00
ip6_offload.c
gso: fix payload length when gso_size is zero
2017-10-08 10:12:15 -07:00
ip6_offload.h
udp: Add GRO functions to UDP socket
2016-04-07 16:53:29 -04:00
ip6_output.c
ip6mr: Make mroute_sk rcu-based
2018-03-01 13:13:23 -05:00
ip6_tunnel.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
ip6_udp_tunnel.c
ip6_udp_tunnel: remove unused IPCB related codes
2016-11-02 15:18:36 -04:00
ip6_vti.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
ip6mr.c
ipmr, ip6mr: Unite dumproute flows
2018-03-01 13:13:23 -05:00
ipcomp6.c
net: inet: Support UID-based routing in IP protocols.
2016-11-04 14:45:23 -04:00
ipv6_sockglue.c
inet: whitespace cleanup
2018-02-28 11:43:28 -05:00
Kconfig
ipmr,ipmr6: Define a uniform vif_device
2018-03-01 13:13:23 -05:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mcast_snoop.c
mcast.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
mip6.c
ktime: Get rid of ktime_equal()
2016-12-25 17:21:23 +01:00
ndisc.c
net: Convert icmpv6_sk_ops, ndisc_net_ops and igmp6_net_ops
2018-02-19 14:19:10 -05:00
netfilter.c
netfilter: remove struct nf_afinfo and its helper functions
2018-01-08 18:11:02 +01:00
output_core.c
net: accept UFO datagrams from tuntap and packet
2017-11-24 01:37:35 +09:00
ping.c
net: Convert ping_v6_net_ops
2018-02-19 14:19:11 -05:00
proc.c
inet: whitespace cleanup
2018-02-28 11:43:28 -05:00
protocol.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
raw.c
net: Convert raw6_net_ops, udplite6_net_ops, ipv6_proc_ops, if6_proc_net_ops and ip6_route_net_late_ops
2018-02-19 14:19:10 -05:00
reassembly.c
net: Convert ip6_frags_ops
2018-02-19 14:19:11 -05:00
route.c
net/ipv6: Add support for path selection using hash of 5-tuple
2018-03-04 13:04:23 -05:00
seg6_hmac.c
ipv6: sr: Use ARRAY_SIZE macro
2017-09-01 18:35:23 -07:00
seg6_iptunnel.c
ipv6: sr: add support for encapsulation of L2 frames
2017-08-25 17:10:23 -07:00
seg6_local.c
net/ipv6: Pass skb to route lookup
2018-03-04 13:04:22 -05:00
seg6.c
net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops
2018-02-19 14:19:11 -05:00
sit.c
net: Convert sit_net_ops
2018-02-27 11:01:38 -05:00
syncookies.c
tcp: Namespace-ify sysctl_tcp_workaround_signed_windows
2017-10-28 19:24:38 +09:00
sysctl_net_ipv6.c
net/ipv6: Add support for path selection using hash of 5-tuple
2018-03-04 13:04:23 -05:00
tcp_ipv6.c
net: Convert tcpv6_net_ops
2018-02-19 14:19:10 -05:00
tcpv6_offload.c
gso: validate gso_type in GSO handlers
2018-01-22 16:01:30 -05:00
tunnel6.c
ipv6: fix tunnel error handling
2015-11-03 10:52:13 -05:00
udp_impl.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
udp_offload.c
gso: validate gso_type in GSO handlers
2018-01-22 16:01:30 -05:00
udp.c
net: delete /proc THIS_MODULE references
2018-01-16 15:01:33 -05:00
udplite.c
net: Convert ip_tables_net_ops, udplite6_net_ops and xt_net_ops
2018-02-19 14:19:12 -05:00
xfrm6_input.c
xfrm: Reinject transport-mode packets through tasklet
2017-12-19 08:23:21 +01:00
xfrm6_mode_beet.c
networking: make skb_pull & friends return void pointers
2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
2017-06-02 13:57:27 -04:00
xfrm6_mode_transport.c
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
2017-06-02 13:57:27 -04:00
xfrm6_mode_tunnel.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-01-24 23:44:15 -05:00
xfrm6_output.c
xfrm: Add an IPsec hardware offloading API
2017-04-14 10:06:10 +02:00
xfrm6_policy.c
net: Convert xfrm6_net_ops
2018-02-19 14:19:11 -05:00
xfrm6_protocol.c
xfrm: input: constify xfrm_input_afinfo
2017-02-09 10:22:17 +01:00
xfrm6_state.c
inet: whitespace cleanup
2018-02-28 11:43:28 -05:00
xfrm6_tunnel.c
net: Convert simple pernet_operations
2018-02-27 11:01:35 -05:00