system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-20 19:17:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Sven Auhagen 3412e16418 netfilter: flowtable: nft_flow_route use more data for reverse route 
When creating a flow table entry, the reverse route is looked
up based on the current packet.
There can be scenarios where the user creates a custom ip rule
to route the traffic differently.
In order to support those scenarios, the lookup needs to add
more information based on the current packet.
The patch adds multiple new information to the route lookup.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-05-13 18:56:28 +02:00
..
ipset netfilter: ipset: Fix oversized kvmalloc() calls 2021-09-14 00:50:01 +02:00
ipvs net: Add skb_clear_tstamp() to keep the mono delivery_time 2022-03-03 14:38:48 +00:00
core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2022-03-28 08:57:10 -07:00
Kconfig netfilter: nf_tables: make counter support built-in 2021-12-23 01:07:35 +01:00
Makefile net/netfilter: Add unstable CT lookup helpers for XDP and TC-BPF 2022-01-18 14:26:42 -08:00
nf_conncount.c
nf_conntrack_acct.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_bpf.c net: netfilter: Reports ct direction in CT lookup helpers for XDP and TC-BPF 2022-04-06 09:58:30 -07:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_core.c netfilter: conntrack: add nf_conntrack_events autodetect mode 2022-05-13 18:56:28 +02:00
nf_conntrack_ecache.c netfilter: conntrack: add nf_conntrack_events autodetect mode 2022-05-13 18:56:28 +02:00
nf_conntrack_expect.c netfilter: conntrack: convert to refcount_t api 2022-01-09 23:30:13 +01:00
nf_conntrack_extend.c netfilter: extensions: introduce extension genid count 2022-05-13 18:52:16 +02:00
nf_conntrack_ftp.c netfilter: remove BUG_ON() after skb_header_pointer() 2021-05-05 23:45:48 +02:00
nf_conntrack_h323_asn1.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nf_conntrack_h323_main.c netfilter: fix clang-12 fmt string warnings 2021-06-01 23:53:51 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: remove __nf_ct_unconfirmed_destroy 2022-05-13 18:52:17 +02:00
nf_conntrack_irc.c netfilter: remove BUG_ON() after skb_header_pointer() 2021-05-05 23:45:48 +02:00
nf_conntrack_labels.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_netbios_ns.c netfilter: nf_conntrack_netbios_ns: fix helper module alias 2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_conntrack_pptp.c netfilter: conntrack: pptp: use single option structure 2022-02-04 06:30:28 +01:00
nf_conntrack_proto.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: nf_ct_gre_keymap_flush() removal 2021-07-02 02:07:01 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_proto_sctp.c netfilter: conntrack: don't refresh sctp entries in closed state 2022-02-04 05:38:15 +01:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options 2022-03-24 15:17:18 +01:00
nf_conntrack_proto_udp.c Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY" 2022-03-03 13:35:22 +01:00
nf_conntrack_sane.c netfilter: remove BUG_ON() after skb_header_pointer() 2021-05-05 23:45:48 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: add nf_conntrack_events autodetect mode 2022-05-13 18:56:28 +02:00
nf_conntrack_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_timeout.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_dup_netdev.c net: Add skb_clear_tstamp() to keep the mono delivery_time 2022-03-03 14:38:48 +00:00
nf_flow_table_core.c netfilter: flowtable: pass flowtable to nf_flow_table_iterate() 2022-03-20 00:29:48 +01:00
nf_flow_table_inet.c netfilter: flowtable: Fix QinQ and pppoe support for inet table 2022-03-16 11:25:04 +01:00
nf_flow_table_ip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
nf_flow_table_offload.c netfilter: flowtable: remove redundant field in flow_offload_work struct 2022-03-20 00:29:47 +01:00
nf_hooks_lwtunnel.c netfilter: add netfilter hooks to SRv6 data plane 2021-08-30 01:51:36 +02:00
nf_internals.h netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_log.c netfilter: nft_log: perform module load from nf_tables 2021-03-31 22:34:11 +02:00
nf_log_syslog.c netfilter: nf_log_syslog: Consolidate entry checks 2022-04-08 14:36:06 +02:00
nf_nat_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
nf_nat_ftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_helper.c
nf_nat_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_masquerade.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_nat_proto.c netfilter: nat: move nf_xfrm_me_harder to where it is used 2021-04-26 03:20:07 +02:00
nf_nat_redirect.c
nf_nat_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_queue.c netfilter: nf_queue: handle socket prefetch 2022-03-01 11:51:15 +01:00
nf_sockopt.c netfilter: switch nf_setsockopt to sockptr_t 2020-07-24 15:41:54 -07:00
nf_synproxy_core.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_tables_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-04-15 09:26:00 +02:00
nf_tables_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
nf_tables_offload.c netfilter: nf_tables_offload: incorrect flow offload action array size 2022-02-20 01:22:20 +01:00
nf_tables_trace.c netfilter: nf_tables: add rule blob layout 2022-01-09 23:35:17 +01:00
nfnetlink.c netfilter: nfnetlink: allow to detect if ctnetlink listeners exist 2022-05-13 18:56:28 +02:00
nfnetlink_acct.c netfilter: use nfnetlink_unicast() 2021-05-29 01:04:53 +02:00
nfnetlink_cthelper.c Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-06-07 13:01:52 -07:00
nfnetlink_cttimeout.c netfilter: conntrack: remove __nf_ct_unconfirmed_destroy 2022-05-13 18:52:17 +02:00
nfnetlink_hook.c net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
nfnetlink_log.c net: Get rcv tstamp if needed in nfnetlink_{log, queue}.c 2022-03-03 14:38:48 +00:00
nfnetlink_osf.c netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check 2021-05-05 22:26:09 +02:00
nfnetlink_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-03 11:55:12 -08:00
nft_bitwise.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 2022-04-11 11:47:58 +01:00
nft_byteorder.c netfilter: nf_tables: cancel tracking for clobbered destination registers 2022-03-20 00:29:46 +01:00
nft_chain_filter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-10-22 11:41:16 +01:00
nft_chain_nat.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_chain_route.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_cmp.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_compat.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_connlimit.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_counter.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_ct.c netfilter: nft_ct: track register operations 2022-03-20 00:29:46 +01:00
nft_dup_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_dynset.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_exthdr.c netfilter: nft_exthdr: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib.c netfilter: nft_fib: reverse path filter for policy-based routing on iif 2022-04-11 12:10:09 +02:00
nft_fib_inet.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib_netdev.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_flow_offload.c netfilter: flowtable: nft_flow_route use more data for reverse route 2022-05-13 18:56:28 +02:00
nft_fwd_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_hash.c netfilter: nft_hash: track register operations 2022-03-20 00:29:47 +01:00
nft_immediate.c netfilter: nft_immediate: cancel register tracking for data destination register 2022-03-20 00:29:47 +01:00
nft_last.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_limit.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_log.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_lookup.c netfilter: nft_lookup: only cancel tracking for clobbered dregs 2022-03-20 00:29:46 +01:00
nft_masq.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_meta.c netfilter: nft_meta: extend reduce support to bridge family 2022-03-20 00:29:46 +01:00
nft_nat.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_numgen.c netfilter: nft_numgen: cancel register tracking 2022-03-20 00:29:47 +01:00
nft_objref.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_osf.c netfilter: nft_osf: track register operations 2022-03-20 00:29:47 +01:00
nft_payload.c netfilter: nf_tables: cancel tracking for clobbered destination registers 2022-03-20 00:29:46 +01:00
nft_queue.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_quota.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_range.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_redir.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject.c netfilter: nft_reject: unify reject init and dump into nft_reject 2020-10-31 10:40:42 +01:00
nft_reject_inet.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_rt.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_set_bitmap.c netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_hash.c netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_pipapo.c netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone 2022-01-06 10:43:24 +01:00
nft_set_pipapo.h netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo_avx2: remove redundant pointer lt 2021-12-24 16:58:17 +01:00
nft_set_pipapo_avx2.h netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_rbtree.c netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_socket.c netfilter: nft_socket: make cgroup match work in input too 2022-04-11 12:12:46 +02:00
nft_synproxy.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_tproxy.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_tunnel.c netfilter: nft_tunnel: track register operations 2022-03-20 00:29:47 +01:00
nft_xfrm.c netfilter: nft_xfrm: track register operations 2022-03-20 00:29:47 +01:00
utils.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
x_tables.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_addrtype.c
xt_AUDIT.c netfilter: fix clang-12 fmt string warnings 2021-06-01 23:53:51 +02:00
xt_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
xt_connmark.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_CONNSECMARK.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: conntrack: convert to refcount_t api 2022-01-09 23:30:13 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_helper.c
xt_HL.c
xt_hl.c
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: replace snprintf in show functions with sysfs_emit 2021-11-08 12:14:05 +01:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c netfilter: x_tables: improve limit_mt scalability 2021-05-29 01:04:52 +02:00
xt_LOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
xt_NETMAP.c
xt_nfacct.c netfilter: Remove unnecessary conversion to bool 2020-12-01 09:45:29 +01:00
xt_NFLOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_NFQUEUE.c
xt_osf.c
xt_owner.c
xt_physdev.c netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers 2019-09-13 12:32:48 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types 2021-10-18 12:54:41 +01:00
xt_realm.c
xt_recent.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-03 23:02:44 +02:00
xt_set.c netfilter: inline four headers files into another one. 2019-08-13 12:14:26 +02:00
xt_socket.c netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES dependency 2022-02-13 23:55:48 +01:00
xt_state.c
xt_statistic.c
xt_string.c
xt_TCPMSS.c
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_TPROXY.c netfilter: disable defrag once its no longer needed 2021-04-26 03:20:07 +02:00
xt_TRACE.c netfilter: nf_log: add module softdeps 2021-03-31 22:34:10 +02:00
xt_u32.c