9c13886665
The order of the IPv6 raw table is currently reversed, that makes impossible to use the NOTRACK target in IPv6: for example if someone enters ip6tables -t raw -A PREROUTING -p tcp --dport 80 -j NOTRACK and if we receive fragmented packets then the first fragment will be untracked and thus skip nf_ct_frag6_gather (and conntrack), while all subsequent fragments enter nf_ct_frag6_gather and reassembly will never successfully be finished. Singed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| ip6_queue.c | ||
| ip6_tables.c | ||
| ip6t_LOG.c | ||
| ip6t_REJECT.c | ||
| ip6t_ah.c | ||
| ip6t_eui64.c | ||
| ip6t_frag.c | ||
| ip6t_hbh.c | ||
| ip6t_ipv6header.c | ||
| ip6t_mh.c | ||
| ip6t_rt.c | ||
| ip6table_filter.c | ||
| ip6table_mangle.c | ||
| ip6table_raw.c | ||
| ip6table_security.c | ||
| nf_conntrack_l3proto_ipv6.c | ||
| nf_conntrack_proto_icmpv6.c | ||
| nf_conntrack_reasm.c | ||