microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net/netfilter
История
Numan Siddique e2ef5203c8 net: openvswitch: Be liberal in tcp conntrack. 
There is no easy way to distinguish if a conntracked tcp packet is
marked invalid because of tcp_in_window() check error or because
it doesn't belong to an existing connection. With this patch,
openvswitch sets liberal tcp flag for the established sessions so
that out of window packets are not marked invalid.

A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which
sets this flag for both the directions of the nf_conn.

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20201116130126.3065077-1-nusiddiq@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2020-11-20 09:53:48 -08:00
..
ipset treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
ipvs netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
Kconfig netfilter: nft_reject: add reject verdict support for netdev 2020-10-31 10:41:00 +01:00
Makefile netfilter: nft_reject: add reject verdict support for netdev 2020-10-31 10:41:00 +01:00
core.c netfilter: add inet ingress support 2020-10-12 01:57:34 +02:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: remove unneeded nf_ct_put 2020-08-28 19:51:27 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c netfilter: conntrack: remove two export symbols 2019-12-17 22:59:31 +01:00
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
nf_conntrack_h323_asn1.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-22 16:45:34 -07:00
nf_conntrack_pptp.c netfilter: delete repeated words 2020-08-28 20:11:38 +02:00
nf_conntrack_proto.c netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled 2020-09-08 13:04:54 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-08 23:31:22 +01:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_icmp.c netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_conntrack_proto_icmpv6.c netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_conntrack_proto_sctp.c netfilter: conntrack: allow sctp hearbeat after connection re-use 2020-08-20 14:13:49 +02:00
nf_conntrack_proto_tcp.c net: openvswitch: Be liberal in tcp conntrack. 2020-11-20 09:53:48 -08:00
nf_conntrack_proto_udp.c netfilter: conntrack: do not auto-delete clash entries on reply 2020-08-29 13:03:06 +02:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: proc: rename stat column 2020-09-22 01:33:35 +02:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-22 14:49:36 +02:00
nf_flow_table_core.c netfilter: flowtable: reduce calls to pskb_may_pull() 2020-10-12 01:58:10 +02:00
nf_flow_table_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nf_flow_table_ip.c netfilter: flowtable: reduce calls to pskb_may_pull() 2020-10-12 01:58:10 +02:00
nf_flow_table_offload.c net: sched: Pass qdisc reference in struct flow_block_offload 2020-07-13 17:22:21 -07:00
nf_internals.h netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_log.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_log_netdev.c
nf_nat_amanda.c
nf_nat_core.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c
nf_nat_proto.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: prefer nf_queue_entry_free 2020-03-29 16:28:29 +02:00
nf_sockopt.c netfilter: switch nf_setsockopt to sockptr_t 2020-07-24 15:41:54 -07:00
nf_synproxy_core.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
nf_tables_api.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nf_tables_core.c netfilter: nf_tables: Implement fast bitwise expression 2020-10-04 21:08:33 +02:00
nf_tables_offload.c netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create 2020-10-20 13:54:54 +02:00
nf_tables_trace.c
nfnetlink.c netfilter: nf_tables: missing validation from the abort path 2020-10-30 12:57:39 +01:00
nfnetlink_acct.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nfnetlink_cthelper.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nfnetlink_cttimeout.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nfnetlink_log.c netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS 2020-08-28 20:11:58 +02:00
nfnetlink_osf.c netfilter: nf_osf: avoid passing pointer to local var 2020-04-29 21:17:57 +02:00
nfnetlink_queue.c netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS 2020-08-28 20:11:58 +02:00
nft_bitwise.c netfilter: nf_tables: Implement fast bitwise expression 2020-10-04 21:08:33 +02:00
nft_byteorder.c
nft_chain_filter.c netfilter: nf_tables: add inet ingress support 2020-10-12 01:57:34 +02:00
nft_chain_nat.c netfilter: nft_chain_nat: inet family is missing module ownership 2020-03-06 18:00:43 +01:00
nft_chain_route.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
nft_cmp.c netfilter: nf_tables: Enable fast nft_cmp for inverted matches 2020-10-04 21:08:32 +02:00
nft_compat.c netfilter: nft_compat: remove flush counter optimization 2020-08-10 13:03:36 +02:00
nft_connlimit.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_counter.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_ct.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nft_dup_netdev.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_dynset.c netfilter: nft_dynset: validate set expression definition 2020-03-30 02:05:38 +02:00
nft_exthdr.c netfilter: nf_tables: nft_exthdr: the presence return value should be little-endian 2020-08-10 13:02:43 +02:00
nft_fib.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nft_fib_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_fib_netdev.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_flow_offload.c netfilter: conntrack: do not auto-delete clash entries on reply 2020-08-29 13:03:06 +02:00
nft_fwd_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-22 14:49:36 +02:00
nft_hash.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_immediate.c netfilter: nf_tables: Fix a use after free in nft_immediate_destroy() 2020-07-15 20:15:19 +02:00
nft_limit.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_log.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nft_lookup.c netfilter: nf_tables: do not update stateful expressions if lookup is inverted 2020-04-05 23:26:36 +02:00
nft_masq.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_meta.c netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid 2020-09-08 13:04:56 +02:00
nft_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_numgen.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_objref.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_osf.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_payload.c netfilter: nftables: allow re-computing sctp CRC-32C in 'payload' statements 2020-10-15 11:45:19 -07:00
nft_queue.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_quota.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_range.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2019-12-09 13:14:03 +01:00
nft_redir.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_reject.c netfilter: nft_reject: unify reject init and dump into nft_reject 2020-10-31 10:40:42 +01:00
nft_reject_inet.c netfilter: nft_reject_inet: allow to use reject from inet ingress 2020-11-01 12:52:17 +01:00
nft_reject_netdev.c netfilter: nft_reject: add reject verdict support for netdev 2020-10-31 10:41:00 +01:00
nft_rt.c
nft_set_bitmap.c netfilter: nf_tables: do not update stateful expressions if lookup is inverted 2020-04-05 23:26:36 +02:00
nft_set_hash.c netfilter: nf_tables: make all set structs const 2020-03-15 15:20:16 +01:00
nft_set_pipapo.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
nft_set_pipapo.h nft_set_pipapo: Prepare for single ranged field usage 2020-03-15 15:27:46 +01:00
nft_set_pipapo_avx2.c nft_set_pipapo: Prepare for single ranged field usage 2020-03-15 15:27:46 +01:00
nft_set_pipapo_avx2.h x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
nft_set_rbtree.c netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match 2020-08-21 17:37:36 +02:00
nft_socket.c netfilter: nft_socket: add wildcard support 2020-08-29 13:04:44 +02:00
nft_synproxy.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_tproxy.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-12-26 13:11:40 -08:00
nft_tunnel.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_xfrm.c
utils.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
x_tables.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_CT.c
xt_DSCP.c
xt_HL.c
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: target v1 - match Android layout 2020-04-05 23:26:37 +02:00
xt_LED.c
xt_LOG.c
xt_MASQUERADE.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
xt_REDIRECT.c
xt_SECMARK.c netfilter: cleanup unused macro 2020-03-15 15:20:16 +01:00
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
xt_nfacct.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: delete repeated words 2020-08-28 20:11:38 +02:00
xt_repldata.h
xt_sctp.c
xt_set.c
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_u32.c