system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-02 01:10:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal fdacd57c79 netfilter: x_tables: never register tables by default 
For historical reasons x_tables still register tables by default in the
initial namespace.
Only newly created net namespaces add the hook on demand.

This means that the init_net always pays hook cost, even if no filtering
rules are added (e.g. only used inside a single netns).

Note that the hooks are added even when 'iptables -L' is called.
This is because there is no way to tell 'iptables -A' and 'iptables -L'
apart at kernel level.

The only solution would be to register the table, but delay hook
registration until the first rule gets added (or policy gets changed).

That however means that counters are not hooked either, so 'iptables -L'
would always show 0-counters even when traffic is flowing which might be
unexpected.

This keeps table and hook registration consistent with what is already done
in non-init netns: first iptables(-save) invocation registers both table
and hooks.

This applies the same solution adopted for ebtables.
All tables register a template that contains the l3 family, the name
and a constructor function that is called when the initial table has to
be added.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-08-09 10:22:01 +02:00
..
6lowpan 6lowpan: Fix some typos in nhc_udp.c 2021-03-24 17:52:11 -07:00
9p 9p/trans_virtio: Fix spelling mistakes 2021-06-02 14:01:55 -07:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-01 11:21:57 -07:00
8021q dev_ioctl: split out ndo_eth_ioctl 2021-07-27 20:11:45 +01:00
appletalk net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
atm atm: Use list_for_each_entry() to simplify code in resources.c 2021-06-10 14:08:09 -07:00
ax25 net/ax25: Delete obsolete TODO file 2021-03-30 16:54:50 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-18 19:47:02 -07:00
bluetooth TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
bpf Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-07-23 16:13:06 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-06-25 13:13:50 +02:00
bridge netfilter: ebtables: do not hook tables by default 2021-08-02 11:40:45 +02:00
caif net: fix uninit-value in caif_seqpkt_sendmsg 2021-07-15 11:08:33 -07:00
can can: j1939: j1939_xtp_rx_dat_one(): use separate pointer for session skb control buffer 2021-07-25 11:36:25 +02:00
ceph Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
core devlink: Allocate devlink directly in requested net namespace 2021-07-30 13:16:38 -07:00
dcb net: dcb: Return the correct errno code 2021-06-01 17:01:33 -07:00
dccp memcg: enable accounting for inet_bin_bucket cache 2021-07-20 06:00:38 -07:00
decnet net: convert fib_treeref from int to refcount_t 2021-07-30 15:33:24 +02:00
dns_resolver
dsa net: dsa: don't set skb->offload_fwd_mark when not offloading the bridge 2021-07-29 22:17:37 +01:00
ethernet Revert "net: dsa: Allow drivers to filter packets they can decode source port from" 2021-07-26 22:35:22 +01:00
ethtool dev_ioctl: pass SIOCDEVPRIVATE data separately 2021-07-27 20:11:44 +01:00
hsr net: hsr: don't check sequence number if tag removal is offloaded 2021-06-16 12:13:01 -07:00
ieee802154 net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
ife
ipv4 netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
ipv6 netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
iucv s390: iucv: Avoid field over-reading memcpy() 2021-07-01 15:54:01 -07:00
kcm net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
key net: Remove unnecessary variables 2021-05-26 07:03:39 +02:00
l2tp l2tp: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
l3mdev l3mdev: Correct function names in the kerneldoc comments 2021-03-28 17:56:55 -07:00
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc llc2: Remove redundant assignment to rc 2021-04-27 14:16:14 -07:00
mac80211 mac80211: Switch to a virtual time-based airtime scheduler 2021-06-23 18:12:00 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-06 22:42:16 +02:00
mctp mctp: Allow per-netns default networks 2021-07-29 15:06:50 +01:00
mpls mpls: defer ttl decrement in mpls_forward() 2021-07-23 17:17:56 +01:00
mptcp net: Use nlmsg_unicast() instead of netlink_unicast() 2021-07-13 09:28:29 -07:00
ncsi net/ncsi: add dummy response handler for Intel boards 2021-07-08 14:16:39 -07:00
netfilter netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
netlabel net: cipso: fix warnings in netlbl_cipsov4_add_std 2021-07-27 20:58:30 +01:00
netlink net: netlink: Remove unused function 2021-07-30 18:35:47 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-18 09:48:59 -07:00
nfc nfc: hci: cleanup unneeded spaces 2021-07-30 17:22:53 +02:00
nsh
openvswitch openvswitch: fix sparse warning incorrect type 2021-07-27 11:48:43 +01:00
packet Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
phonet phonet: use siocdevprivate 2021-07-27 20:11:43 +01:00
psample psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
qrtr net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
rds Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
rfkill Another set of updates, all over the map: 2021-04-20 16:44:04 -07:00
rose net: rose: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
rxrpc Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
sched net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sctp sctp: do not update transport pathmtu if SPP_PMTUD_ENABLE is not set 2021-07-21 14:17:58 -07:00
smc net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
strparser net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
sunrpc NFS client updates for Linux 5.14 2021-07-09 09:43:57 -07:00
switchdev net: switchdev: fix FDB entries towards foreign ports not getting propagated to us 2021-07-22 00:45:40 -07:00
tipc tipc: fix an use-after-free issue in tipc_recvmsg 2021-07-25 10:43:30 +01:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-29 15:45:27 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-07-15 22:40:10 -07:00
vmw_vsock Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
wireless cfg80211: Support hidden AP discovery over 6GHz band 2021-06-23 13:05:09 +02:00
x25 net: x25: Use list_for_each_entry() to simplify code in x25_route.c 2021-06-10 14:08:09 -07:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-29 15:45:27 -07:00
xfrm Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
compat.c net: Return the correct errno code 2021-06-03 15:13:56 -07:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
Kconfig mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
Makefile mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
socket.c mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
sysctl_net.c net: Ensure net namespace isolation of sysctls 2021-04-12 13:27:11 -07:00