Skip to main content

Browse the archive

Revision f83a7ea2075ca896f2dbf07672bac9cf3682ff74 authored by Florian Westphal on 17 April 2013, 22:45:24 UTC, committed by Pablo Neira Ayuso on 18 April 2013, 22:11:59 UTC 
netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
 
Alex Efros reported rpfilter module doesn't match following packets:
IN=br.qemu SRC=192.168.2.1 DST=192.168.2.255 [ .. ]
(netfilter bugzilla #814).

Problem is that network stack arranges for the locally generated broadcasts
to appear on the interface they were sent out, so the IFF_LOOPBACK check
doesn't trigger.

As -m rpfilter is restricted to PREROUTING, we can check for existing
rtable instead, it catches locally-generated broad/multicast case, too.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 5add189
History
File Mode Size
hvc
ipwireless
serial
vt
Kconfig -rw-r--r-- 15.5 KB
Makefile -rw-r--r-- 1.1 KB
amiserial.c -rw-r--r-- 45.9 KB
bfin_jtag_comm.c -rw-r--r-- 9.3 KB
cyclades.c -rw-r--r-- 110.4 KB
ehv_bytechan.c -rw-r--r-- 23.0 KB
goldfish.c -rw-r--r-- 8.5 KB
isicom.c -rw-r--r-- 41.4 KB
metag_da.c -rw-r--r-- 16.5 KB
moxa.c -rw-r--r-- 52.6 KB
moxa.h -rw-r--r-- 8.4 KB
mxser.c -rw-r--r-- 70.4 KB
mxser.h -rw-r--r-- 4.5 KB
n_gsm.c -rw-r--r-- 78.6 KB
n_hdlc.c -rw-r--r-- 27.3 KB
n_r3964.c -rw-r--r-- 30.7 KB
n_tracerouter.c -rw-r--r-- 7.1 KB
n_tracesink.c -rw-r--r-- 7.1 KB
n_tracesink.h -rw-r--r-- 1.3 KB
n_tty.c -rw-r--r-- 55.2 KB
nozomi.c -rw-r--r-- 48.1 KB
pty.c -rw-r--r-- 20.7 KB
rocket.c -rw-r--r-- 94.1 KB
rocket.h -rw-r--r-- 3.8 KB
rocket_int.h -rw-r--r-- 41.6 KB
synclink.c -rw-r--r-- 229.9 KB
synclink_gt.c -rw-r--r-- 132.2 KB
synclinkmp.c -rw-r--r-- 147.0 KB
sysrq.c -rw-r--r-- 23.7 KB
tty_audit.c -rw-r--r-- 8.7 KB
tty_buffer.c -rw-r--r-- 14.3 KB
tty_io.c -rw-r--r-- 86.6 KB
tty_ioctl.c -rw-r--r-- 30.3 KB
tty_ldisc.c -rw-r--r-- 23.9 KB
tty_mutex.c -rw-r--r-- 1.4 KB
tty_port.c -rw-r--r-- 14.5 KB
back to top