packet is source
filtered (e.g. a default route with a "from PD" attribute, where
PD is the delegated prefix).
Signed-off-by: Alin Nastac
---
net/ipv6/icmp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index bbcdfd2..8f17065 10
From: Alin Nastac
Some protocols have other means to verify the payload integrity
(AH, ESP, SCTP) while others are incompatible with nf_ip(6)_checksum
implementation because checksum is either optional or might be
partial (UDPLITE, DCCP, GRE). Because nf_ip(6)_checksum was used
to validate the
From: Alin Nastac
Some protocols have other means to verify the payload integrity
(AH, ESP, SCTP) while others are incompatible with nf_ip(6)_checksum
implementation because checksum is either optional or might be
partial (UDPLITE, DCCP, GRE). Because nf_ip(6)_checksum was used
to validate the
From: Alin Nastac
Some protocols have other means to verify the payload integrity
(AH, ESP, SCTP) while others are incompatible with nf_ip(6)_checksum
implementation because checksum is either optional or might be
partial (UDPLITE, DCCP, GRE). Because nf_ip(6)_checksum was used
to validate the
From: Alin Nastac
Previous implementation was not usable with CONFIG_IPV6=m.
Signed-off-by: Alin Nastac
---
net/netfilter/nf_conntrack_sip.c | 37 -
1 file changed, 16 insertions(+), 21 deletions(-)
diff --git a/net/netfilter/nf_conntrack_sip.c b/net
From: Alin Nastac
Typically transport protocols such as TCP and UDP use an IP
pseudo-header for their checksum computation, but ICMP does not
use it.
Fixes: 7fc38225363dd ("netfilter: reject: skip csum verification for protocols
that don't support it")
Signed-off-by: Alin Nastac
On big endian arches UDP/TCP checksum is incorrectly computed when
payload length is odd.
Signed-off-by: Alin Nastac
---
src/extra/checksum.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/extra/checksum.c b/src/extra/checksum.c
index 4d52a99..42389aa 100644
Furthermore, this extension use a mix of PRIu64 and %llu formats for
uint64_t values. IMO it should use only one, for the sake of consistency.
Signed-off-by: Alin Nastac
---
extensions/libxt_hashlimit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions
Furthermore, this extension use a mix of PRIu64 and %llu formats for
uint64_t values. IMO it should use only one, for the sake of consistency.
Signed-off-by: Alin Nastac
---
extensions/libxt_hashlimit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions
From: Alin Nastac
The remaining %llu formats are used for unsigned long long values.
Signed-off-by: Alin Nastac
---
extensions/libxt_hashlimit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 9e63e1e
From: Alin Nastac
nf_conntrack_proto_generic refuse to handle grev6 packets when
NF_CT_PROTO_GRE is enabled, resulting in grev6 packets being
categorized as INVALID.
---
net/netfilter/nf_conntrack_proto_gre.c | 49 +-
1 file changed, 48 insertions(+), 1 deletion
Perform the same SNAT translation on RTP/RTCP conntracks regardless of
who sends the first datagram.
Prior to this change, RTP packets send by the peer who required source
port translation were forwarded with unmodified source port when this
peer started its voice/video stream first.
---
net/netf
When ip6_route_me_harder is invoked, it resets outgoing interface of:
- link-local scoped packets sent by neighbor discovery
- multicast packets sent by MLD host
- multicast packets send by MLD proxy daemon that sets outgoing
interface through IPV6_PKTINFO ipi6_ifindex
Link-local and mul
multicast packets must keep their original oif after
ip6_route_me_harder is called.
Signed-off-by: Alin Nastac
---
net/ipv6/netfilter.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 5ae8e1c..8b075f0 100644
--- a/net/ipv6
-by: Alin Nastac
---
net/netfilter/nf_nat_sip.c | 35 +++
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c
index 1f30860..a1e23cc 100644
--- a/net/netfilter/nf_nat_sip.c
+++ b/net/netfilter
Allow media streams that are not passing through this router.
When enabled, the sip_external_media logic will leave SDP
payload untouched when it detects that interface towards INVITEd
party is the same with the one towards media endpoint.
Signed-off-by: Alin Nastac
---
net/netfilter
From: Alin Nastac
Allow media streams that are not passing through this router.
When enabled, the sip_external_media logic will leave SDP
payload untouched when it detects that interface towards INVITEd
party is the same with the one towards media endpoint.
Signed-off-by: Alin Nastac
---
net
From: Alin Nastac
Allow media streams that are not passing through this router.
When enabled, the sip_external_media logic will leave SDP
payload untouched when it detects that interface towards INVITEd
party is the same with the one towards media endpoint.
Signed-off-by: Alin Nastac
---
net
From: Alin Nastac
Each media stream negotiation between 2 SIP peers will trigger creation
of 4 different expectations (2 RTP and 2 RTCP):
- INVITE will create expectations for the media packets sent by the
called peer
- reply to the INVITE will create expectations for media packets sent
excluded from address translation (e.g. call forwards).
Signed-off-by: Alin Nastac
---
net/netfilter/nf_conntrack_sip.c | 42
1 file changed, 42 insertions(+)
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index c8d2b6688a2a
Link-local and multicast packets must keep their original oif after
ip6_route_me_harder is called.
Signed-off-by: Alin Nastac
---
net/ipv6/netfilter.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 39970e2..02811c5 100644
Link-local and multicast packets must keep their original oif after
ip6_route_me_harder is called.
Signed-off-by: Alin Nastac
---
net/ipv6/netfilter.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 39970e2..02811c5 100644
Extract IPv6 packet that triggered the sending of redirect message from
ICMPv6 Redirected Header option and check if conntrack table contain such
connection. Mark redirect packet as RELATED if a matching connection is found.
Signed-off-by: Alin Nastac
---
net/ipv6/netfilter
Extract IPv6 packet that triggered the sending of redirect message from
ICMPv6 Redirected Header option and check if conntrack table contain such
connection. Mark redirect packet as RELATED if a matching connection is found.
Signed-off-by: Alin Nastac
---
net/ipv6/netfilter
Signed-off-by: Alin Nastac
---
include/linux/netfilter_bridge/ebt_limit.h | 4
include/linux/netfilter_bridge/ebt_mark_m.h | 5 +
include/linux/netfilter_bridge/ebt_mark_t.h | 4
3 files changed, 13 insertions(+)
diff --git a/include/linux/netfilter_bridge/ebt_limit.h
b/include
not found in 32-bit ebtables application.
Signed-off-by: Alin Nastac
---
net/bridge/netfilter/ebtables.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 28a4c34..91cf3df 100644
--- a/net/bridge
26 matches
Mail list logo
