superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/tools
History
Florian Westphal ce7de847f1 netfilter: conntrack: set icmpv6 redirects as RELATED 
[ Upstream commit 7d7cfb48d8 ]

icmp conntrack will set icmp redirects as RELATED, but icmpv6 will not
do this.

For icmpv6, only icmp errors (code <= 128) are examined for RELATED state.
ICMPV6 Redirects are part of neighbour discovery mechanism, those are
handled by marking a selected subset (e.g.  neighbour solicitations) as
UNTRACKED, but not REDIRECT -- they will thus be flagged as INVALID.

Add minimal support for REDIRECTs.  No parsing of neighbour options is
added for simplicity, so this will only check that we have the embeeded
original header (ND_OPT_REDIRECT_HDR), and then attempt to do a flow
lookup for this tuple.

Also extend the existing test case to cover redirects.

Fixes: 9fb9cbb108 ("[NETFILTER]: Add nf_conntrack subsystem.")
Reported-by: Eric Garver <eric@garver.life>
Link: https://github.com/firewalld/firewalld/issues/1046
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-12-31 13:32:19 +01:00
..
accounting
arch x86/cpu: Restore AMD's DE_CFG MSR after resume 2022-11-15 10:15:58 -08:00
bootconfig
bpf bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE 2022-11-02 12:05:42 +01:00
build perf bpf: Fix build with libbpf 0.7.0 by checking if bpf_program__set_insns() is available 2022-10-25 17:40:48 -03:00
certs
cgroup
counter
debugging
edid
firewire
firmware
gpio
hv
iio tools: iio: iio_generic_buffer: Fix read size 2022-11-01 08:48:13 +00:00
include bpf-for-netdev 2022-11-03 19:51:02 -07:00
io_uring
kvm/kvm_stat tools/kvm_stat: update exit reasons for vmx/svm/aarch64/userspace 2022-11-09 12:26:52 -05:00
laptop
leds
lib libbpf: Btf dedup identical struct test needs check for nested structs/arrays 2022-12-31 13:32:04 +01:00
memory-model
objtool objtool, kcsan: Add volatile read/write instrumentation to whitelist 2022-12-31 13:31:48 +01:00
pci
pcmcia
perf perf tools: Add the include/perf/ directory to .gitignore 2022-11-08 18:54:41 -03:00
power pm-graph v5.10 2022-10-25 17:46:15 +02:00
rcu
scripts
spi
testing netfilter: conntrack: set icmpv6 redirects as RELATED 2022-12-31 13:32:19 +01:00
thermal
time
tracing
usb
verification rv/dot2c: Make automaton definition static 2022-10-20 16:02:45 -04:00
virtio
vm tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" 2022-11-30 14:49:41 -08:00
wmi
Makefile