Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
David Ahern eb63ecc170 net: vrf: Drop conntrack data after pass through VRF device on Tx 
Locally originated traffic in a VRF fails in the presence of a POSTROUTING
rule. For example,

    $ iptables -t nat -A POSTROUTING -s 11.1.1.0/24  -j MASQUERADE
    $ ping -I red -c1 11.1.1.3
    ping: Warning: source address might be selected on device other than red.
    PING 11.1.1.3 (11.1.1.3) from 11.1.1.2 red: 56(84) bytes of data.
    ping: sendmsg: Operation not permitted

Worse, the above causes random corruption resulting in a panic in random
places (I have not seen a consistent backtrace).

Call nf_reset to drop the conntrack info following the pass through the
VRF device.  The nf_reset is needed on Tx but not Rx because of the order
in which NF_HOOK's are hit: on Rx the VRF device is after the real ingress
device and on Tx it is is before the real egress device. Connection
tracking should be tied to the real egress device and not the VRF device.

Fixes: 8f58336d3f ("net: Add ethernet header for pass through VRF device")
Fixes: 35402e3136 ("net: Add IPv6 support to VRF device")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2016-12-17 10:47:31 -05:00
..
accessibility
acpi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-10 16:21:55 -05:00
amba
android
ata libata-scsi: disable SCT Write Same for the moment 2016-12-07 16:29:09 -05:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-06 21:33:19 -05:00
auxdisplay
base
bcma
block zram: restrict add/remove attributes to root only 2016-12-07 17:10:00 -08:00
bluetooth Bluetooth: btmrvl: drop duplicate header slab.h 2016-12-08 07:44:56 +01:00
bus
cdrom
char
clk
clocksource
connector
cpufreq
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-10 16:21:55 -05:00
dax device-dax: fix private mapping restriction, permit read-only 2016-12-06 17:42:37 -08:00
dca
devfreq
dio
dma
dma-buf
edac
eisa
extcon
firewire
firmware
fmc
fpga
gpio
gpu drm/amdgpu: just suspend the hw on pci shutdown 2016-12-07 11:17:21 -05:00
hid
hsi
hv
hwmon
hwspinlock
hwtracing
i2c
ide
idle
iio
infiniband
input
iommu
ipack
irqchip
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-10 16:21:55 -05:00
leds
lguest
lightnvm
macintosh
mailbox
mcb
md
media
memory
memstick
message
mfd
misc
mmc
mtd
net net: vrf: Drop conntrack data after pass through VRF device on Tx 2016-12-17 10:47:31 -05:00
nfc
ntb
nubus
nvdimm acpi, nfit, libnvdimm: fix / harden ars_status output length handling 2016-12-06 16:08:10 -08:00
nvme
nvmem
of
oprofile
parisc
parport
pci
pcmcia
perf
phy
pinctrl
platform
pnp
power
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc
reset
rpmsg
rtc
s390
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-10 16:21:55 -05:00
sfi
sh
sn
soc
spi
spmi
ssb
staging
target
tc
thermal
thunderbolt
tty Three patches for minor issues: 2016-12-12 09:06:38 -08:00
uio
usb
uwb
vfio
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-10 16:21:55 -05:00
video openrisc: prevent VGA console, fix builds 2016-12-12 23:10:29 +09:00
virt
virtio
vlynq
vme
w1
watchdog
xen
zorro
Kconfig
Makefile