WSL2-Linux-Kernel/net/netfilter
Pablo Neira Ayuso dfe42be15f netfilter: nft_flow_offload: skip tcp rst and fin packets
TCP rst and fin packets do not qualify to place a flow into the
flowtable. Most likely there will be no more packets after connection
closure. Without this patch, this flow entry expires and connection
tracking picks up the entry in ESTABLISHED state using the fixup
timeout, which makes this look inconsistent to the user for a connection
that is actually already closed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-08-14 11:09:07 +02:00
..
ipset netfilter: ipset: Fix rename concurrency with listing 2019-07-29 21:18:07 +02:00
ipvs Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-07-19 21:25:10 -07:00
Kconfig netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
Makefile netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
core.c netfilter: nf_queue: remove unused hook entries pointer 2019-07-04 02:29:49 +02:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_core.c netfilter: conntrack: Use consistent ct id hash calculation 2019-08-13 18:03:11 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_extend.c
nf_conntrack_ftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_h323_asn1.c netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
nf_conntrack_proto_icmp.c netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
nf_conntrack_proto_icmpv6.c
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c netfilter: conntrack: always store window size un-scaled 2019-07-16 13:17:02 +02:00
nf_conntrack_proto_udp.c
nf_conntrack_sane.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c
nf_flow_table_core.c netfilter: nf_flow_table: teardown flow timeout race 2019-08-09 14:41:21 +02:00
nf_flow_table_inet.c
nf_flow_table_ip.c netfilter: nf_flow_table: fix offload for flows that are subject to xfrm 2019-08-05 11:29:50 +02:00
nf_internals.h
nf_log.c
nf_log_common.c
nf_log_netdev.c
nf_nat_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_core.c netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
nf_nat_ftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_helper.c
nf_nat_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_masquerade.c
nf_nat_proto.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
nf_nat_redirect.c
nf_nat_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
nf_sockopt.c
nf_synproxy_core.c netfilter: synproxy: fix rst sequence number mismatch 2019-07-18 20:55:53 +02:00
nf_tables_api.c netfilter: nf_tables: use-after-free in failing rule with bound set 2019-08-09 14:41:13 +02:00
nf_tables_core.c netfilter: nft_meta: move bridge meta keys into nft_meta_bridge 2019-07-05 21:34:47 +02:00
nf_tables_offload.c net: flow_offload: add flow_block structure and use it 2019-07-19 21:27:45 -07:00
nf_tables_set_core.c
nf_tables_trace.c
nfnetlink.c netfilter: nfnetlink: avoid deadlock due to synchronous request_module 2019-07-15 07:56:58 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_log.c
nfnetlink_osf.c
nfnetlink_queue.c
nft_bitwise.c
nft_byteorder.c
nft_chain_filter.c netfilter: bridge: make NF_TABLES_BRIDGE tristate 2019-07-19 18:08:14 +02:00
nft_chain_nat.c netfilter: nf_tables: Support auto-loading for inet nat 2019-07-18 20:19:02 +02:00
nft_chain_route.c
nft_cmp.c netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
nft_compat.c
nft_connlimit.c
nft_counter.c
nft_ct.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nft_dup_netdev.c
nft_dynset.c
nft_exthdr.c
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nft_flow_offload: skip tcp rst and fin packets 2019-08-14 11:09:07 +02:00
nft_fwd_netdev.c
nft_hash.c netfilter: nft_hash: fix symhash with modulus one 2019-07-16 13:17:03 +02:00
nft_immediate.c netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
nft_limit.c
nft_log.c
nft_lookup.c
nft_masq.c
nft_meta.c netfilter: nf_tables: Make nft_meta expression more robust 2019-07-25 08:37:20 +02:00
nft_nat.c
nft_numgen.c
nft_objref.c
nft_osf.c
nft_payload.c netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
nft_queue.c
nft_quota.c
nft_range.c
nft_redir.c netfilter: nf_tables: fix module autoload for redir 2019-07-16 13:17:00 +02:00
nft_reject.c
nft_reject_inet.c
nft_rt.c
nft_set_bitmap.c
nft_set_hash.c
nft_set_rbtree.c
nft_socket.c
nft_synproxy.c netfilter: synproxy: fix erroneous tcp mss option 2019-07-16 13:17:01 +02:00
nft_tproxy.c
nft_tunnel.c
nft_xfrm.c
utils.c
x_tables.c
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_LED.c
xt_LOG.c
xt_MASQUERADE.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c
xt_REDIRECT.c
xt_SECMARK.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c
xt_repldata.h
xt_sctp.c
xt_set.c
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c