AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-08 06:35:03 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
a654de8fdc
linux_dsm_epyc7002/include/net
History
Pablo Neira Ayuso a654de8fdc netfilter: nf_tables: fix chain dependency validation 
The following ruleset:

 add table ip filter
 add chain ip filter input { type filter hook input priority 4; }
 add chain ip filter ap
 add rule ip filter input jump ap
 add rule ip filter ap masquerade

results in a panic, because the masquerade extension should be rejected
from the filter chain. The existing validation is missing a chain
dependency check when the rule is added to the non-base chain.

This patch fixes the problem by walking down the rules from the
basechains, searching for either immediate or lookup expressions, then
jumping to non-base chains and again walking down the rules to perform
the expression validation, so we make sure the full ruleset graph is
validated. This is done only once from the commit phase, in case of
problem, we abort the transaction and perform fine grain validation for
error reporting. This patch requires 003087911a ("netfilter:
nfnetlink: allow commit to fail") to achieve this behaviour.

This patch also adds a cleanup callback to nfnl batch interface to reset
the validate state from the exit path.

As a result of this patch, nf_tables_check_loops() doesn't use
->validate to check for loops, instead it just checks for immediate
expressions.

Reported-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-06-01 09:46:22 +02:00
..
9p
bluetooth Bluetooth: Add __hci_cmd_send function 2018-05-18 06:37:52 +02:00
caif
iucv
netfilter netfilter: nf_tables: fix chain dependency validation 2018-06-01 09:46:22 +02:00
netns netfilter: nf_tables: fix chain dependency validation 2018-06-01 09:46:22 +02:00
nfc
phonet
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-26 19:46:15 -04:00
tc_act
6lowpan.h
act_api.h net/sched: remove tcf_idr_cleanup() 2018-03-23 21:52:19 -04:00
addrconf.h net/ipv6: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
af_ieee802154.h
af_rxrpc.h rxrpc, afs: Use debug_ids rather than pointers in traces 2018-03-27 23:03:00 +01:00
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h net-next: ax88796: add interrupt status callback to platform data 2018-04-19 16:11:11 -04:00
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h bonding: allow use of tx hashing in balance-alb 2018-05-16 12:15:11 -04:00
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h nl80211: Update ERP info using NL80211_CMD_UPDATE_CONNECT_PARAMS 2018-05-23 11:21:35 +02:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h net: remove compat_sys_*() prototypes from net/compat.h 2018-04-02 20:16:17 +02:00
datalink.h
dcbevent.h
dcbnl.h net/dcb: Add dcbnl buffer attribute 2018-05-24 14:22:59 -07:00
devlink.h devlink: introduce a helper to generate physical port names 2018-05-19 16:30:39 -04:00
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: Plug in PHYLINK support 2018-05-11 12:03:06 -04:00
dsfield.h
dst_cache.h net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency 2018-03-05 12:52:45 -05:00
dst_metadata.h
dst_ops.h
dst.h net: core: dst: Add kernel-doc for 'net' parameter 2018-03-05 12:52:45 -05:00
erspan.h erspan: set bso bit based on mirrored packet's len 2018-05-20 18:31:42 -04:00
esp.h
ethoc.h inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
fib_notifier.h
fib_rules.h net: fib_rules: add extack support 2018-04-23 10:21:24 -04:00
firewire.h
flow_dissector.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-11 20:53:22 -04:00
flow.h net: Remove unused get_hash_from_flow functions 2018-03-04 13:04:23 -05:00
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h net: GRE: Add is_gretap_dev, is_ip6gretap_dev 2018-02-27 14:46:26 -05:00
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h mac80211: support reporting A-MPDU EOF bit value/known 2018-02-22 21:13:02 +01:00
ieee802154_netdev.h
if_inet6.h net/ipv6: Remove aca_idev 2018-04-19 15:40:13 -04:00
ife.h net: sched: ife: handle malformed tlv length 2018-04-22 21:12:00 -04:00
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h net: Introduce __inet_bind() and __inet6_bind 2018-03-31 02:15:43 +02:00
inet_connection_sock.h net: ipv4: remove define INET_CSK_DEBUG and unnecessary EXPORT_SYMBOL 2018-05-10 17:43:55 -04:00
inet_ecn.h
inet_frag.h inet: frags: reorganize struct netns_frags 2018-03-31 23:25:39 -04:00
inet_hashtables.h
inet_sock.h udp: generate gso with UDP_SEGMENT 2018-04-26 15:08:04 -04:00
inet_timewait_sock.h tcp: Add mark for TIMEWAIT sockets 2018-05-10 17:44:52 -04:00
inetpeer.h
ip6_checksum.h
ip6_fib.h net/ipv6: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
ip6_route.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-05-24 22:20:51 -04:00
ip6_tunnel.h
ip_fib.h net/ipv4: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
ip_tunnels.h net/ipv4: Update ip_tunnel_metadata_cnt static key to modern api 2018-05-10 15:13:33 -04:00
ip_vs.h netfilter: ipvs: Keep latest weight of destination 2018-04-09 10:10:55 +03:00
ip.h ipv4: support sport, dport and ip_proto in RTM_GETROUTE 2018-05-23 15:14:12 -04:00
ipcomp.h
ipconfig.h
ipv6.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-06 21:51:37 -04:00
ipx.h
iw_handler.h net: Spelling s/stucture/structure/ 2018-03-27 09:51:23 +02:00
kcm.h
l3mdev.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h llc: delete timers synchronously in llc_sk_free() 2018-04-22 14:55:03 -04:00
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h mac80211: Support adding duration for prepare_tx() callback 2018-05-23 11:06:10 +02:00
mac802154.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mrp.h
ncsi.h
ndisc.h
neighbour.h neighbour: support for NTF_EXT_LEARNED flag 2018-04-25 13:19:59 -04:00
net_namespace.h net: Introduce net_rwsem to protect net_namespace_list 2018-03-29 13:47:53 -04:00
net_ratelimit.h
netevent.h net/ipv6: Add support for path selection using hash of 5-tuple 2018-03-04 13:04:23 -05:00
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h net: fix rtnh_ok() 2018-04-07 22:32:31 -04:00
nl802154.h
nsh.h
p8022.h
page_pool.h xdp: introduce xdp_return_frame_rx_napi 2018-05-24 18:36:15 -07:00
ping.h
pkt_cls.h net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h cfg80211: read wmm rules from regulatory database 2018-03-29 11:11:40 +02:00
request_sock.h
rose.h
route.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
rsi_91x.h Bluetooth: btrsi: add new rsi bluetooth driver 2018-03-13 18:37:02 +02:00
rtnetlink.h
sch_generic.h sched: replace __QDISC_STATE_RUNNING bit with a spin lock 2018-05-17 12:46:54 -04:00
scm.h
secure_seq.h
seg6_hmac.h
seg6_local.h bpf: Add IPv6 Segment Routing helpers 2018-05-24 11:57:35 +02:00
seg6.h ipv6: sr: export function lookup_nexthop 2018-05-24 11:57:35 +02:00
slhc_vj.h slip: Check if rstate is initialized before uncompressing 2018-04-11 10:33:46 -04:00
smc.h
snmp.h
sock_reuseport.h
sock.h net/sock: Update memalloc_socks static key to modern api 2018-05-10 15:13:34 -04:00
Space.h net/mac89x0: Convert to platform_driver 2018-03-01 21:21:36 -05:00
stp.h
strparser.h
switchdev.h switchdev: Add fdb.added_by_user to switchdev notifications 2018-05-03 13:46:47 -04:00
tcp_states.h tcp: remove the hardcode in the definition of TCPF Macro 2018-02-21 15:06:05 -05:00
tcp.h tcp: add SACK compression 2018-05-18 11:40:27 -04:00
timewait_sock.h
tipc.h flow_dissector: do not rely on implicit casts 2018-05-08 00:02:41 -04:00
tls.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-21 16:01:54 -04:00
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h
udp.h udp: Do not pass checksum as a parameter to GSO segmentation 2018-05-08 22:30:06 -04:00
udplite.h udplite: fix partial checksum initialization 2018-02-16 15:57:42 -05:00
vsock_addr.h
vxlan.h vxlan: add ttl inherit support 2018-04-17 13:53:13 -04:00
wext.h
wimax.h
x25.h
x25device.h
xdp_sock.h xsk: clean up SPDX headers 2018-05-18 16:07:02 +02:00
xdp.h xdp: introduce xdp_return_frame_rx_napi 2018-05-24 18:36:15 -07:00
xfrm.h xfrm: Fix warning in xfrm6_tunnel_net_exit. 2018-04-16 07:50:09 +02:00