linux/net/ipv6/netfilter
Jozsef Kadlecsik 9c13886665 netfilter: ip6table_raw: fix table priority
The order of the IPv6 raw table is currently reversed, that makes impossible
to use the NOTRACK target in IPv6: for example if someone enters

ip6tables -t raw -A PREROUTING -p tcp --dport 80 -j NOTRACK

and if we receive fragmented packets then the first fragment will be
untracked and thus skip nf_ct_frag6_gather (and conntrack), while all
subsequent fragments enter nf_ct_frag6_gather and reassembly will never
successfully be finished.

Singed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-25 11:17:26 +01:00
..
ip6_queue.c
ip6_tables.c netfilter: xtables: restore indentation 2010-02-26 17:53:31 +01:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_LOG.c
ip6t_mh.c
ip6t_REJECT.c ipv6: drop unused "dev" arg of icmpv6_send() 2010-02-18 14:30:17 -08:00
ip6t_rt.c
ip6table_filter.c
ip6table_mangle.c
ip6table_raw.c netfilter: ip6table_raw: fix table priority 2010-03-25 11:17:26 +01:00
ip6table_security.c
Kconfig
Makefile
nf_conntrack_l3proto_ipv6.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_reasm.c netfilter: nf_conntrack_reasm: properly handle packets fragmented into a single fragment 2010-02-19 18:18:37 +01:00