OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include/net/netfilter
History
Liping Zhang 8eeef23504 netfilter: nf_ct_ext: invoke destroy even when ext is not attached 
For NF_NAT_MANIP_SRC, we will insert the ct to the nat_bysource_table,
then remove it from the nat_bysource_table via nat_extend->destroy.

But now, the nat extension is attached on demand, so if the nat extension
is not attached, we will not be notified when the ct is destroyed, i.e.
we may fail to remove ct from the nat_bysource_table.

So just keep it simple, even if the extension is not attached, we will
still invoke the related ext->destroy. And this will also preserve the
flexibility for the future extension.

Fixes: 9a08ecfe74 ("netfilter: don't attach a nat extension by default")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2017-05-01 11:48:49 +02:00
..
ipv4 netfilter: udplite: Remove duplicated udplite4/6 declaration 2017-04-09 00:08:22 +02:00
ipv6 netfilter: udplite: Remove duplicated udplite4/6 declaration 2017-04-09 00:08:22 +02:00
br_netfilter.h
nf_conntrack.h netfilter: conntrack: move helper struct to nf_conntrack_helper.h 2017-04-19 17:55:16 +02:00
nf_conntrack_acct.h
nf_conntrack_core.h netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
nf_conntrack_ecache.h nefilter: eache: reduce struct size from 32 to 24 byte 2017-04-19 17:55:17 +02:00
nf_conntrack_expect.h netfilter: nf_ct_expect: Add nf_ct_remove_expect() 2017-04-06 18:39:40 +02:00
nf_conntrack_extend.h netfilter: nf_ct_ext: invoke destroy even when ext is not attached 2017-05-01 11:48:49 +02:00
nf_conntrack_helper.h netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_l3proto.h netfilter: conntrack: add nf_conntrack_default_on sysctl 2016-12-04 21:17:25 +01:00
nf_conntrack_l4proto.h netfilter: allow early drop of assured conntracks 2017-04-19 17:55:17 +02:00
nf_conntrack_labels.h
nf_conntrack_seqadj.h
nf_conntrack_synproxy.h netfilter: synproxy: only register hooks when needed 2017-04-26 09:30:21 +02:00
nf_conntrack_timeout.h netfilter: refcounter conversions 2017-03-17 12:49:43 +01:00
nf_conntrack_timestamp.h
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_dup_netdev.h netfilter: add and use nf_fwd_netdev_egress 2016-12-06 21:48:22 +01:00
nf_log.h netfilter: allow logging from non-init namespaces 2017-02-02 14:31:58 +01:00
nf_nat.h netfilter: don't attach a nat extension by default 2017-04-26 09:30:22 +02:00
nf_nat_core.h
nf_nat_helper.h netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_l3proto.h
nf_nat_l4proto.h netfilter: built-in NAT support for UDPlite 2016-12-04 20:45:32 +01:00
nf_nat_redirect.h
nf_queue.h netfilter: nf_queue: only call synchronize_net twice if nf_queue is active 2017-05-01 11:19:12 +02:00
nf_socket.h
nf_tables.h netfilter: nf_tables: add nft_is_base_chain() helper 2017-04-06 18:32:04 +02:00
nf_tables_core.h netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields 2016-12-06 21:47:54 +01:00
nf_tables_ipv4.h
nf_tables_ipv6.h netfilter: nf_tables: set pktinfo->thoff at AH header if found 2017-03-08 18:35:27 +01:00
nfnetlink_log.h
nft_dup.h
nft_fib.h netfilter: nft_fib: Support existence check 2017-03-13 13:45:36 +01:00
nft_masq.h
nft_meta.h
nft_redir.h
nft_reject.h
xt_rateest.h net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00