906b1c394d0906a154fbdc904ca506bceb515756 |
|
30-Mar-2013 |
Matthias Schiffer <mschiffer@universe-factory.net> |
netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths The bitmask used for the prefix mangling was being calculated incorrectly, leading to the wrong part of the address being replaced when the prefix length wasn't a multiple of 32. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
a82783c91d5dce680dbd290ebf301a520b0e72a5 |
|
11-Mar-2013 |
Florian Westphal <fw@strlen.de> |
netfilter: ip6t_NPT: restrict to mangle table As the translation is stateless, using it in nat table doesn't work (only initial packet is translated). filter table OUTPUT works but won't re-route the packet after translation. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
2d2fd8c50a28b82481d193dca1c373907ea70965 |
|
15-Mar-2013 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
netfilter: ip6t_NPT: Use csum_partial() [ Some fixes went into mainstream before this patch, so I needed to rebase it upon the current tree, that's why it's different from the original one posted on the list --pablo ] Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
edb27228db22654a59711135a5f7a20fb49a1016 |
|
07-Feb-2013 |
YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> |
netfilter: ip6t_NPT: Ensure to check lower part of prefixes are zero RFC 6296 points that address bits that are not part of the prefix has to be zeroed. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
d4c38fa87d2b05be5daafb6a92b6ad15b66da8cb |
|
26-Jan-2013 |
YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> |
netfilter: ip6t_NPT: Fix prefix mangling Make sure only the bits that are part of the prefix are mangled. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
f5271fff56c76e92fde122bcc02f102e99da5c8a |
|
26-Jan-2013 |
YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> |
netfilter: ip6t_NPT: Fix adjustment calculation Cast __wsum from/to __sum16 is wrong. Instead, apply appropriate conversion function: csum_unfold() or csum_fold(). [ The original patch has been modified to undo the final ~ that csum_fold returns. We only need to fold the 32-bit word that results from the checksum calculation into a 16-bit to ensure that the original subnet is restored appropriately. Spotted by Ulrich Weber. ] Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
429da4c0b1e59837ec946cdf0f04eb1899586923 |
|
02-Jan-2013 |
Ulrich Weber <ulrich.weber@sophos.com> |
netfilter: ip6t_NPT: fix IPv6 NTP checksum calculation csum16_add() has a broken carry detection, should be: sum += sum < (__force u16)b; Instead of fixing csum16_add, remove the custom checksum functions and use the generic csum_add/csum_sub ones. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
8a91bb0c304b0853f8c59b1b48c7822c52362cba |
|
26-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
netfilter: ip6tables: add stateless IPv6-to-IPv6 Network Prefix Translation target Signed-off-by: Patrick McHardy <kaber@trash.net>
|