UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
649,396 Commits 6 Branches 27 Tags 3.2 GiB
C 97%
Assembly 1.4%
C++ 0.6%
Makefile 0.3%
Shell 0.3%
Other 0.3%
Go to file
Jiri Kosina dfe75ff8ca netfilter: nf_ct_helper: warn when not applying default helper assignment 
Commit 3bb398d925 ("netfilter: nf_ct_helper: disable automatic helper
assignment") is causing behavior regressions in firewalls, as traffic
handled by conntrack helpers is now by default not passed through even
though it was before due to missing CT targets (which were not necessary
before this commit).

The default had to be switched off due to security reasons [1] [2] and
therefore should stay the way it is, but let's be friendly to firewall
admins and issue a warning the first time we're in situation where packet
would be likely passed through with the old default but we're likely going
to drop it on the floor now.

Rewrite the code a little bit as suggested by Linus, so that we avoid
spaghettiing the code even more -- namely the whole decision making
process regarding helper selection (either automatic or not) is being
separated, so that the whole logic can be simplified and code (condition)
duplication reduced.

[1] https://cansecwest.com/csw12/conntrack-attack.pdf
[2] https://home.regit.org/netfilter-en/secure-use-of-helpers/

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2017-02-06 12:03:35 +01:00
Documentation ARC fixes for 4.10-rc6 2017-01-28 11:00:08 -08:00
arch Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-02-01 09:24:00 -08:00
block blk-mq: Remove unused variable 2017-01-18 15:14:15 -07:00
certs certs: Add a secondary system keyring that can be added to dynamically 2016-04-11 22:48:09 +01:00
crypto crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg 2017-01-23 22:41:32 +08:00
drivers net: phy: Fix lack of reference count on PHY driver 2017-02-02 22:59:43 -05:00
firmware WHENCE: use https://linuxtv.org for LinuxTV URLs 2015-12-04 10:35:11 -02:00
fs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-02-01 10:30:56 -08:00
include Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-01 11:52:27 -08:00
init cgroup: move CONFIG_SOCK_CGROUP_DATA to init/Kconfig 2017-01-11 09:47:10 -05:00
ipc ipc/sem.c: fix incorrect sem_lock pairing 2017-01-10 18:31:55 -08:00
kernel It was reported to me that the thread created by the hwlat tracer does 2017-01-31 16:32:40 -08:00
lib mm: do not export ioremap_page_range symbol for external module 2017-01-24 16:26:14 -08:00
mm mm, page_alloc: fix premature OOM when racing with cpuset mems update 2017-01-24 16:26:14 -08:00
net netfilter: nf_ct_helper: warn when not applying default helper assignment 2017-02-06 12:03:35 +01:00
samples bpf: fix samples xdp_tx_iptunnel and tc_l2_redirect with fake KBUILD_MODNAME 2017-01-20 12:04:07 -05:00
scripts gcc-plugins: update gcc-common.h for gcc-7 2017-01-03 12:08:59 -08:00
security Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
sound ASoC: Fixes for v4.10 2017-01-11 19:49:27 +01:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-27 12:54:16 -08:00
usr kbuild: initramfs cleanup, set target from Kconfig 2017-01-05 09:40:16 -08:00
virt KVM/ARM updates for 4.10-rc4 2017-01-17 15:04:59 +01:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-08-02 16:48:52 -04:00
.mailmap mailmap: add codeaurora.org names for nameless email commits 2017-01-10 18:31:55 -08:00
COPYING
CREDITS CREDITS: Remove outdated address information 2016-12-21 15:21:29 -08:00
Kbuild scripts/gdb: provide linux constants 2016-05-23 17:04:14 -07:00
Kconfig
MAINTAINERS wireless-drivers fixes for 4.10 2017-01-30 15:19:23 -05:00
Makefile Linux 4.10-rc6 2017-01-29 14:25:17 -08:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.