proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-02-01 18:52:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2851940ffe
mirror_ubuntu-kernels/net/ipv6
History
Michal Kubeček 2851940ffe netfilter: allow logging from non-init namespaces 
Commit 69b34fb996 ("netfilter: xt_LOG: add net namespace support for
xt_LOG") disabled logging packets using the LOG target from non-init
namespaces. The motivation was to prevent containers from flooding
kernel log of the host. The plan was to keep it that way until syslog
namespace implementation allows containers to log in a safe way.

However, the work on syslog namespace seems to have hit a dead end
somewhere in 2013 and there are users who want to use xt_LOG in all
network namespaces. This patch allows to do so by setting

  /proc/sys/net/netfilter/nf_log_all_netns

to a nonzero value. This sysctl is only accessible from init_net so that
one cannot switch the behaviour from inside a container.

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-02 14:31:58 +01:00
..
ila ila: Fix crash caused by rhashtable changes 2016-11-02 15:26:02 -04:00
netfilter netfilter: allow logging from non-init namespaces 2017-02-02 14:31:58 +01:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrconf.c ipv6 addrconf: Implemented enhanced DAD (RFC7527) 2016-12-03 23:21:37 -05:00
addrlabel.c ipv6/addrlabel: fix ip6addrlbl_get() 2015-12-22 15:57:54 -05:00
af_inet6.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ah6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
calipso.c calipso: fix resource leak on calipso_genopt failure 2016-08-13 14:56:17 -07:00
datagram.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
esp6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
exthdrs_core.c ipv6: constify the skb pointer of ipv6_find_tlv(). 2016-06-27 15:06:15 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c ktime: Get rid of the union 2016-12-25 17:21:22 +01:00
fib6_rules.c net: flow: Add l3mdev flow update 2016-09-10 23:12:51 -07:00
fou6.c fou: add Kconfig options for IPv6 support 2016-05-29 22:24:21 -07:00
icmp.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
inet6_connection_sock.c inet: Fix get port to handle zero port number with soreuseport set 2016-12-17 11:13:19 -05:00
inet6_hashtables.c inet: Fix missing return value in inet6_hash 2016-10-29 12:01:49 -04:00
ip6_checksum.c ipv6: fix checksum annotation in udp6_csum_init 2016-06-14 15:26:42 -04:00
ip6_fib.c ipv6: report NLM_F_CREATE and NLM_F_EXCL flags in RTM_NEWROUTE events 2016-09-09 16:50:23 -07:00
ip6_flowlabel.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ip6_gre.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
ip6_icmp.c ipv6: icmp: add a force_saddr param to icmp6_send() 2016-06-18 22:11:38 -07:00
ip6_input.c net: vrf: ipv6 support for local traffic to local addresses 2016-06-08 00:25:38 -07:00
ip6_offload.c ip6_offload: check segs for NULL in ipv6_gso_segment. 2016-12-02 13:34:58 -05:00
ip6_offload.h udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ip6_output.c net: ipv4, ipv6: run cgroup eBPF egress programs 2016-11-25 16:26:04 -05:00
ip6_tunnel.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ip6_udp_tunnel.c ip6_udp_tunnel: remove unused IPCB related codes 2016-11-02 15:18:36 -04:00
ip6_vti.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
ip6mr.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ipcomp6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
ipv6_sockglue.c net: Allow IP_MULTICAST_IF to set index to L3 slave 2016-12-30 15:24:47 -05:00
Kconfig ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
Makefile ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c ipv6: fix a potential deadlock in do_ipv6_setsockopt() 2016-10-21 11:29:02 -04:00
mip6.c ktime: Get rid of ktime_equal() 2016-12-25 17:21:23 +01:00
ndisc.c ipv6 addrconf: Implemented enhanced DAD (RFC7527) 2016-12-03 23:21:37 -05:00
netfilter.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
output_core.c ipv6: Set skb->protocol properly for local output 2016-12-02 12:34:22 -05:00
ping.c ipv6: remove unnecessary inet6_sk check 2016-12-29 12:05:49 -05:00
proc.c proc: Reduce cache miss in snmp6_seq_show 2016-09-30 01:50:44 -04:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c ipv6: handle -EFAULT from skb_copy_bits 2016-12-23 12:20:39 -05:00
reassembly.c ipv6: on reassembly, record frag_max_size 2016-11-03 15:41:11 -04:00
route.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
seg6_hmac.c ipv6: sr: add core files for SR HMAC support 2016-11-09 20:40:06 -05:00
seg6_iptunnel.c ipv6: sr: add calls to verify and insert HMAC signatures 2016-11-09 20:40:06 -05:00
seg6.c ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
sit.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
syncookies.c tcp: randomize tcp timestamp offsets for each connection 2016-12-02 12:49:59 -05:00
sysctl_net_ipv6.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
tcp_ipv6.c ipv4: Namespaceify tcp_tw_recycle and tcp_max_tw_buckets knob 2016-12-29 11:38:31 -05:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c ipv6: fix tunnel error handling 2015-11-03 10:52:13 -05:00
udp_impl.h udplite: call proper backlog handlers 2016-11-24 15:32:14 -05:00
udp_offload.c gso: Remove arbitrary checks for unsupported GSO 2016-05-20 18:03:15 -04:00
udp.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
udplite.c udplite: call proper backlog handlers 2016-11-24 15:32:14 -05:00
xfrm6_input.c vti6: fix input path 2016-09-21 10:09:14 +02:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: update skb->csum when CE mark is propagated 2016-01-15 15:07:23 -05:00
xfrm6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xfrm6_policy.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-12 15:52:44 -07:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00