linux/net/ipv6/netfilter
Patrick McHardy dd63006b8f [NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED
The individual fragments of a packet reassembled by conntrack have the
conntrack reference from the reassembled packet attached, but nfctinfo
is not copied. This leaves it initialized to 0, which unfortunately is
the value of IP_CT_ESTABLISHED.

The result is that all IPv6 fragments are tracked as ESTABLISHED,
allowing them to bypass a usual ruleset which accepts ESTABLISHED
packets early.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07 16:08:01 -08:00
..
Kconfig [NETFILTER]: Kconfig: improve dependency handling 2007-02-12 11:15:02 -08:00
Makefile [NETFILTER]: ip6_tables: support MH match 2007-02-08 12:39:21 -08:00
ip6_queue.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
ip6_tables.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_HL.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_LOG.c [NETFILTER]: nf_log: minor cleanups 2007-02-12 11:11:55 -08:00
ip6t_REJECT.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_ah.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_eui64.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ip6t_frag.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ip6t_hbh.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ip6t_hl.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_ipv6header.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6t_mh.c [NETFILTER]: ip6t_mh: drop piggyback payload packet on MH packets 2007-02-12 11:16:17 -08:00
ip6t_owner.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ip6t_rt.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ip6table_filter.c [NETFILTER]: ip6_tables: remove redundant structure definitions 2007-02-08 12:39:23 -08:00
ip6table_mangle.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
ip6table_raw.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
nf_conntrack_l3proto_ipv6.c [NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED 2007-03-07 16:08:01 -08:00
nf_conntrack_proto_icmpv6.c [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
nf_conntrack_reasm.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00