github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8220171634
linux/net/netfilter
History
Taehee Yoo efac7747ad netfilter: nf_flow_table: do not remove offload when other netns's interface is down 
[ Upstream commit a3fb3698ca ]

When interface is down, offload cleanup function(nf_flow_table_do_cleanup)
is called and that checks whether interface index of offload and
index of link down interface is same. but only interface index checking
is not enough because flowtable is not pernet list.
So that, if other netns's interface that has index is same with offload
is down, that offload will be removed.
This patch adds netns checking code to the offload cleanup routine.

Fixes: 59c466dd68 ("netfilter: nf_flow_table: add a new flow state for tearing down offloading")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-01-27 14:49:59 +01:00
..
ipset netfilter: fix a use-after-free in mtype_destroy() 2020-01-23 08:21:33 +01:00
ipvs net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:13:37 +01:00
core.c jump_label: move 'asm goto' support test to Kconfig 2019-06-04 08:02:34 +02:00
Kconfig netfilter: fix NETFILTER_XT_TARGET_TEE dependencies 2019-05-04 09:20:12 +02:00
Makefile netfilter: nf_tables: add tunnel support 2018-08-03 21:12:12 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2019-01-22 21:40:29 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c netfilter: use nf_conntrack_helpers_register when possible 2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: conntrack: Use consistent ct id hash calculation 2019-08-25 10:48:02 +02:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c netfilter: nf_conntrack_ftp: Fix debug output 2019-09-21 07:17:01 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: restore boundary check correctness 2019-06-15 11:54:05 +02:00
nf_conntrack_h323_main.c netfilter: move route indirection to struct nf_ipv6_ops 2018-01-08 18:01:26 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_irc.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c netfilter: ctnetlink: netns exit must wait for callbacks 2020-01-12 12:17:05 +01:00
nf_conntrack_pptp.c netfilter: Remove duplicated rcu_read_lock. 2017-07-24 13:24:46 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_gre.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_sctp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_tcp.c netfilter: conntrack: always store window size un-scaled 2019-08-16 10:12:44 +02:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-05-16 19:41:24 +02:00
nf_conntrack_sane.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2019-01-13 09:50:57 +01:00
nf_conntrack_sip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-06 21:51:37 -04:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: remove l3proto abstraction 2018-07-17 15:27:49 +02:00
nf_conntrack_tftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c netfilter: dup: resolve warnings about missing prototypes 2017-05-29 11:32:36 +02:00
nf_flow_table_core.c netfilter: nf_flow_table: do not remove offload when other netns's interface is down 2020-01-27 14:49:59 +01:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: nf_flow_table: ignore DF bit setting 2019-07-10 09:53:30 +02:00
nf_internals.h netfilter: core: export raw versions of add/delete hook functions 2018-05-23 09:14:05 +02:00
nf_log_common.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_log.c netfilter: nf_log: don't hold nf_log_mutex during user access 2018-06-26 16:48:40 +02:00
nf_nat_amanda.c
nf_nat_core.c netfilter: nat: can't use dst_hold on noref dst 2019-01-13 09:50:59 +01:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_dccp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_sctp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_tcp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_udp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_unknown.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.c netfilter: nat: merge nf_nat_redirect into nf_nat 2018-05-29 00:25:40 +02:00
nf_nat_sip.c netfilter: nf_nat_sip: fix RTP/RTCP source port translations 2019-12-05 09:20:31 +01:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: enqueue skbs with NULL dst 2020-01-04 19:13:21 +01:00
nf_sockopt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_synproxy_core.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
nf_tables_api.c netfilter: nf_tables: fix flowtable list del corruption 2020-01-23 08:21:34 +01:00
nf_tables_core.c netfilter: nf_tables: check the result of dereferencing base_chain->stats 2019-04-05 22:33:00 +02:00
nf_tables_set_core.c netfilter: nf_tables: place all set backends in one single module 2018-07-06 19:31:53 +02:00
nf_tables_trace.c netfilter: nf_tables: Allow chain name of up to 255 chars 2017-07-31 20:41:57 +02:00
nfnetlink_acct.c netfilter: fix memory leaks on netlink_dump_start error 2018-08-16 19:37:00 +02:00
nfnetlink_cthelper.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
nfnetlink_cttimeout.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nfnetlink_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-06-06 18:39:49 -07:00
nfnetlink_osf.c netfilter: nfnetlink_osf: add missing fmatch check 2019-02-27 10:09:03 +01:00
nfnetlink_queue.c netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT 2018-09-11 01:31:47 +02:00
nfnetlink.c netfilter: nfnetlink: avoid deadlock due to synchronous request_module 2019-08-16 10:12:43 +02:00
nft_bitwise.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_byteorder.c
nft_chain_filter.c netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit 2018-08-16 19:37:03 +02:00
nft_cmp.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_compat.c netfilter: nft_compat: do not dump private area 2019-11-24 08:21:03 +01:00
nft_connlimit.c netfilter: nft_connlimit: disable bh on garbage collection 2019-10-29 09:19:34 +01:00
nft_counter.c netfilter: nf_tables: add destroy_clone expression 2018-06-03 00:02:11 +02:00
nft_ct.c netfilter: nf_tables: rework ct timeout set support 2018-08-29 13:04:38 +02:00
nft_dup_netdev.c
nft_dynset.c netfilter: nf_tables: bogus EBUSY when deleting set after flush 2019-05-02 09:58:51 +02:00
nft_exthdr.c netfilter: nf_tables: merge exthdr expression into nft core 2018-04-27 00:00:56 +02:00
nft_fib_inet.c
nft_fib_netdev.c netfilter: nf_tables: add fib expression to the netdev family 2017-07-31 19:01:40 +02:00
nft_fib.c
nft_flow_offload.c netfilter: nft_flow_offload: missing netlink attribute policy 2019-09-21 07:16:54 +02:00
nft_fwd_netdev.c netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer 2018-06-01 10:35:47 +02:00
nft_hash.c netfilter: nft_hash: fix symhash with modulus one 2019-08-16 10:12:44 +02:00
nft_immediate.c netfilter: nf_tables: unbind set in rule from commit path 2019-05-02 09:58:50 +02:00
nft_limit.c netfilter: nft_limit: fix packet ratelimiting 2018-05-23 09:50:28 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nf_tables: allow lookups in dynamic sets 2019-10-11 18:21:16 +02:00
nft_masq.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_meta.c netfilter: nf_tables: handle meta/lookup with direct call 2018-07-30 11:52:02 +02:00
nft_nat.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nft_numgen.c Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-11-27 16:13:02 +01:00
nft_objref.c netfilter: nf_tables: bogus EBUSY in helper removal from transaction 2019-05-02 09:58:51 +02:00
nft_osf.c netfilter: nft_osf: usage from output path is not valid 2020-01-27 14:49:58 +01:00
nft_payload.c netfilter: fix a few (harmless) sparse warnings 2017-08-28 17:42:56 +02:00
nft_queue.c
nft_quota.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_range.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_redir.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_reject_inet.c
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2019-11-20 18:46:50 +01:00
nft_rt.c netfilter: nf_tables: merge rt expression into nft core 2018-04-27 00:00:55 +02:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets 2020-01-12 12:17:09 +01:00
nft_socket.c netfilter: nft_socket: fix erroneous socket assignment 2019-10-01 08:26:12 +02:00
nft_tproxy.c netfilter: nft_tproxy: Fix port selector on Big Endian 2020-01-09 10:18:59 +01:00
nft_tunnel.c netfilter: nft_tunnel: fix null-attribute check 2020-01-23 08:21:34 +01:00
utils.c netfilter: utils: move nf_ip6_checksum* from ipv6 to utils 2018-07-16 17:51:48 +02:00
x_tables.c netfilter: compat: initialize all fields in xt_init 2019-03-23 20:09:45 +01:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2019-04-20 09:16:00 +02:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: fix a possible memory leak in htable_create() 2018-12-17 09:24:33 +01:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2018-11-27 16:13:03 +01:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix DNAT target for shifted portmap ranges 2018-11-13 11:08:20 -08:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info 2019-09-21 07:16:55 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c 2018-07-30 14:07:11 +02:00
xt_owner.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_physdev.c netfilter: xt_physdev: Fix spurious error message in physdev_mt_check 2019-09-21 07:17:01 +02:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: remove netns exit routine 2018-12-17 09:24:31 +01:00
xt_realm.c
xt_recent.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c sctp: remove the typedef sctp_chunkhdr_t 2017-07-01 09:08:41 -07:00
xt_SECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_tcpmss.c
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_u32.c