shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-03 11:43:03 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ebffc54843bc85ef94e15df521929bb44ddd7d4
linux/net
History
Stefano Brivio ad7013cd6d netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets 
[ Upstream commit 8cc4ccf583 ]

There doesn't seem to be any reason to restrict MAC address
matching to source MAC addresses in set types bitmap:ipmac,
hash:ipmac and hash:mac. With this patch, and this setup:

  ip netns add A
  ip link add veth1 type veth peer name veth2 netns A
  ip addr add 192.0.2.1/24 dev veth1
  ip -net A addr add 192.0.2.2/24 dev veth2
  ip link set veth1 up
  ip -net A link set veth2 up

  ip netns exec A ipset create test hash:mac
  dst=$(ip netns exec A cat /sys/class/net/veth2/address)
  ip netns exec A ipset add test ${dst}
  ip netns exec A iptables -P INPUT DROP
  ip netns exec A iptables -I INPUT -m set --match-set test dst -j ACCEPT

ipset will match packets based on destination MAC address:

  # ping -c1 192.0.2.2 >/dev/null
  # echo $?
  0

Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-01-26 09:32:33 +01:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-07-06 12:32:12 +02:00
9p
9p/net: put a lower bound on msize
2019-01-13 09:51:08 +01:00
802
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
8021q
net: remove blank lines at end of file
2018-07-24 14:10:43 -07:00
appletalk
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
atm
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
ax25
ax25: fix a use-after-free in ax25_fillin_cb()
2019-01-09 17:38:30 +01:00
batman-adv
batman-adv: Expand merged fragment buffer for full packet
2018-12-13 09:16:10 +01:00
bluetooth
Bluetooth: SMP: fix crash in unpairing
2018-09-26 12:39:32 +03:00
bpf
bpf/test_run: support cgroup local storage
2018-08-03 00:47:32 +02:00
bpfilter
net: bpfilter: use get_pid_task instead of pid_task
2018-10-17 22:03:40 -07:00
bridge
net: clear skb->tstamp in bridge forwarding path
2019-01-26 09:32:33 +01:00
caif
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
can
can: gw: ensure DLC boundaries after CAN frame modification
2019-01-22 21:40:28 +01:00
ceph
libceph: fall back to sendmsg for slab pages
2018-11-27 16:13:11 +01:00
core
net, skbuff: do not prefer skb allocation fails early
2019-01-26 09:32:32 +01:00
dcb
net: dcb: Add priority-to-DSCP map getters
2018-07-27 13:17:50 -07:00
dccp
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
decnet
decnet: fix using plain integer as NULL warning
2018-08-09 14:11:24 -07:00
dns_resolver
net: remove blank lines at end of file
2018-07-24 14:10:43 -07:00
dsa
net: dsa: Drop GPIO includes
2018-08-27 15:24:33 -07:00
ethernet
net: Convert GRO SKB handling to list_head.
2018-06-26 11:33:04 +09:00
hsr
net: hsr: Convert timers to use timer_setup()
2017-10-25 13:00:27 +09:00
ieee802154
ieee802154: lowpan_header_create check must check daddr
2019-01-09 17:38:31 +01:00
ife
net: sched: ife: check on metadata length
2018-04-22 21:12:00 -04:00
ipv4
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
2019-01-22 21:40:31 +01:00
ipv6
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
2019-01-26 09:32:33 +01:00
iucv
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
kcm
Revert "kcm: remove any offset before parsing messages"
2018-09-17 18:43:42 -07:00
key
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2018-07-27 09:33:37 -07:00
l2tp
l2tp: fix a sock refcnt leak in l2tp_tunnel_register
2018-11-23 08:17:05 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts
2017-11-21 16:35:54 -08:00
llc
llc: do not use sk_eat_skb()
2018-12-01 09:37:27 +01:00
mac80211
mac80211: free skb fraglist before freeing the skb
2019-01-13 09:51:02 +01:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-08-06 11:21:37 +02:00
mpls
mpls: allow routes on ip6gre devices
2018-09-24 12:19:27 -07:00
ncsi
net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler
2018-08-22 21:39:08 -07:00
netfilter
netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
2019-01-26 09:32:33 +01:00
netlabel
netlabel: check for IPV4MASK in addrinfo_get
2018-09-21 18:58:34 -07:00
netlink
Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net
2018-08-05 13:04:31 -07:00
netrom
netrom: fix locking in nr_find_socket()
2019-01-09 17:38:32 +01:00
nfc
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
nsh
nsh: set mac len based on inner packet
2018-07-12 16:55:29 -07:00
openvswitch
openvswitch: Fix push/pop ethernet validation
2018-11-04 14:50:52 +01:00
packet
packet: Do not leak dev refcounts on error exit
2019-01-22 21:40:30 +01:00
phonet
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
net: qrtr: Reset the node and port ID of broadcast messages
2018-07-05 20:20:03 +09:00
rds
rds: RDS (tcp) hangs on sendto() to unresponding address
2018-10-10 22:19:52 -07:00
rfkill
Merge tag 'mac80211-for-davem-2018-09-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
2018-09-03 22:12:02 -07:00
rose
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
rxrpc
rxrpc: Fix lockup due to no error backoff after ack transmit error
2018-11-23 08:17:07 +01:00
sched
net: Prevent invalid access to skb->prev in __qdisc_drop_all
2018-12-17 09:24:27 +01:00
sctp
sctp: allocate sctp_sockaddr_entry with kzalloc
2019-01-22 21:40:36 +01:00
smc
smc: move unhash as early as possible in smc_release()
2019-01-22 21:40:31 +01:00
strparser
strparser: remove redundant variable 'rd_desc'
2018-08-01 10:00:06 -07:00
sunrpc
sunrpc: handle ENOMEM in rpcb_getport_async
2019-01-22 21:40:35 +01:00
switchdev
net: bridge: Add/del switchdev object on host join/leave
2017-11-10 13:41:40 +09:00
tipc
tipc: fix uninit-value in tipc_nl_compat_doit
2019-01-22 21:40:36 +01:00
tls
net/tls: Init routines in create_ctx
2019-01-13 09:51:00 +01:00
unix
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
vmw_vsock
VSOCK: Send reset control packet when socket is partially bound
2019-01-09 17:38:34 +01:00
wimax
wimax: remove blank lines at EOF
2018-07-24 14:10:42 -07:00
wireless
nl80211: fix memory leak if validate_pae_over_nl80211() fails
2019-01-13 09:51:02 +01:00
x25
x25: remove blank lines at EOF
2018-07-24 14:10:42 -07:00
xdp
xsk: do not call synchronize_net() under RCU read lock
2018-10-11 10:19:01 +02:00
xfrm
xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry.
2019-01-13 09:50:57 +01:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 17:38:33 +01:00
Kconfig
net: remove blank lines at end of file
2018-07-24 14:10:43 -07:00
Makefile
bpfilter: check compiler capability in Kconfig
2018-06-28 13:36:39 +09:00
socket.c
net: socket: fix a missing-check bug
2018-10-18 16:43:06 -07:00
sysctl_net.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00