q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Patrick McHardy 1f9352ae22 netfilter: {ip,ip6,arp}_tables: fix incorrect loop detection 
Commit e1b4b9f ([NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case
search for loops) introduced a regression in the loop detection algorithm,
causing sporadic incorrectly detected loops.

When a chain has already been visited during the check, it is treated as
having a standard target containing a RETURN verdict directly at the
beginning in order to not check it again. The real target of the first
rule is then incorrectly treated as STANDARD target and checked not to
contain invalid verdicts.

Fix by making sure the rule does actually contain a standard target.

Based on patch by Francis Dupont <Francis_Dupont@isc.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
 		2009-03-25 19:26:35 +01:00
..
netfilter netfilter: {ip,ip6,arp}_tables: fix incorrect loop detection 2009-03-25 19:26:35 +01:00
Kconfig ipsec: ipcomp - Merge IPComp implementations 2008-07-25 02:54:40 -07:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
addrconf.c ipv6/addrconf: common code located 2009-02-06 23:48:01 -08:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrlabel.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
af_inet6.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
ah6.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
anycast.c net: replace %#p6 format specifier with %pi6 2008-10-29 12:50:24 -07:00
datagram.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
esp6.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
exthdrs.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
exthdrs_core.c
fib6_rules.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
icmp.c net: fix xfrm reverse flow lookup for icmp6 2009-01-27 22:30:19 -08:00
inet6_connection_sock.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
inet6_hashtables.c net: Convert TCP/DCCP listening hash tables to use RCU 2008-11-23 17:22:55 -08:00
ip6_fib.c ipv6: Fix fib6_dump_table walker leak 2009-01-13 22:17:51 -08:00
ip6_flowlabel.c ipv6: Disallow rediculious flowlabel option sizes. 2009-02-06 00:49:55 -08:00
ip6_input.c IPv6: Fix multicast routing bugs. 2009-01-27 22:39:59 -08:00
ip6_output.c ipv6: Copy cork options in ip6_append_data 2009-02-05 15:15:50 -08:00
ip6_tunnel.c IPv6: fix to set device name when new IPv6 over IPv6 tunnel device is created. 2009-02-09 15:01:19 -08:00
ip6mr.c ipv6: compile fix for ip6mr.c 2009-01-31 00:51:49 -08:00
ipcomp6.c netns xfrm: state lookup in netns 2008-11-25 17:30:50 -08:00
ipv6_sockglue.c ipv6: IPV6_PKTINFO relied userspace providing correct length 2009-01-04 17:27:31 -08:00
mcast.c ipv6/mcast: join error paths using goto 2008-12-14 23:15:21 -08:00
mip6.c netns xfrm: KM reporting in netns 2008-11-25 17:51:01 -08:00
ndisc.c ipv6/ndisc: join error paths 2009-02-06 23:47:37 -08:00
netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
proc.c net: fix tiny output corruption of /proc/net/snmp6 2008-11-20 04:20:10 -08:00
protocol.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
raw.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
reassembly.c net: '&' redux 2008-11-03 18:21:05 -08:00
route.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
sit.c net: fix tunnels in netns after ndo_ changes 2008-11-23 17:26:26 -08:00
syncookies.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
sysctl_net_ipv6.c remove lots of double-semicolons 2009-01-08 08:31:14 -08:00
tcp_ipv6.c gro: Avoid copying headers of unmerged packets 2009-01-29 16:33:03 -08:00
tunnel6.c [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol tunnel. 2008-06-05 04:02:32 +09:00
udp.c ipv6: fix the outgoing interface selection order in udpv6_sendmsg() 2008-12-16 02:08:29 -08:00
udp_impl.h udp: introduce struct udp_table and multiple spinlocks 2008-10-29 01:41:45 -07:00
udplite.c udp: RCU handling for Unicast packets. 2008-10-29 02:11:14 -07:00
xfrm6_input.c netns xfrm: per-netns MIBs 2008-11-25 17:59:52 -08:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_policy.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
xfrm6_state.c xfrm: remove useless forward declarations 2008-11-25 01:05:54 -08:00
xfrm6_tunnel.c xfrm6_tunnel: join error paths using goto 2008-12-14 23:13:48 -08:00