Blaster4385/linux-IllusionX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Performance oriented customized Linux kernel based on the mainline kernel.
1073817 commits 7 branches 0 tags 3.1 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Florian Westphal a82c25c366 Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" 
This reverts commit 878aed8db3.

This change breaks existing setups where conntrack is used with
asymmetric paths.

In these cases, the NAT transformation occurs on the syn-ack instead of
the syn:

1. SYN    x:12345 -> y -> 443 // sent by initiator, receiverd by responder
2. SYNACK y:443 -> x:12345 // First packet seen by conntrack, as sent by responder
3. tuple_force_port_remap() gets called, sees:
  'tcp from 443 to port 12345 NAT' -> pick a new source port, inititor receives
4. SYNACK y:$RANDOM -> x:12345   // connection is never established

While its possible to avoid the breakage with NOTRACK rules, a kernel
update should not break working setups.

An alternative to the revert is to augment conntrack to tag
mid-stream connections plus more code in the nat core to skip NAT
for such connections, however, this leads to more interaction/integration
between conntrack and NAT.

Therefore, revert, users will need to add explicit nat rules to avoid
port shadowing.

Link: https://lore.kernel.org/netfilter-devel/20220302105908.GA5852@breakpoint.cc/#R
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2051413
Signed-off-by: Florian Westphal <fw@strlen.de>
2022-03-08 13:52:11 +01:00
arch parisc unaligned handler fixes 2022-02-23 12:06:23 -08:00
block
certs certs: Fix build error when CONFIG_MODULE_SIG_KEY is empty 2022-01-23 00:08:44 +09:00
crypto
Documentation Devicetree fixes for v5.17, take 2: 2022-02-23 17:25:22 -08:00
drivers net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() 2022-03-03 10:29:13 +00:00
fs io_uring-5.17-2022-02-23 2022-02-24 11:08:15 -08:00
include Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2022-03-01 15:13:47 -08:00
init
ipc
kernel Networking fixes for 5.17-rc6, including fixes from bpf and netfilter. 2022-02-24 12:45:32 -08:00
lib Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-02-22 10:31:53 -08:00
LICENSES
mm
net Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" 2022-03-08 13:52:11 +01:00
samples
scripts
security selinux/stable-5.17 PR 20220223 2022-02-23 17:19:55 -08:00
sound
tools Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" 2022-03-08 13:52:11 +01:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS Networking fixes for 5.17-rc6, including fixes from bpf and netfilter. 2022-02-24 12:45:32 -08:00
Makefile
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.