• Florian Westphal's avatar
    netfilter: physdev: relax br_netfilter dependency · ebd0f306
    Florian Westphal authored
    [ Upstream commit 8e2f311a ]
    
    Following command:
      iptables -D FORWARD -m physdev ...
    causes connectivity loss in some setups.
    
    Reason is that iptables userspace will probe kernel for the module revision
    of the physdev patch, and physdev has an artificial dependency on
    br_netfilter (xt_physdev use makes no sense unless a br_netfilter module
    is loaded).
    
    This causes the "phydev" module to be loaded, which in turn enables the
    "call-iptables" infrastructure.
    
    bridged packets might then get dropped by the iptables ruleset.
    
    The better fix would be to change the "call-iptables" defaults to 0 and
    enforce explicit setting to 1, but that breaks backwards compatibility.
    
    This does the next best thing: add a request_module call to checkentry.
    This was a stray '-D ... -m physdev' won't activate br_netfilter
    anymore.
    Signed-off-by: 's avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    ebd0f306
Name
Last commit
Last update
..
9p Loading commit data...
bluetooth Loading commit data...
caif Loading commit data...
iucv Loading commit data...
netfilter Loading commit data...
netns Loading commit data...
nfc Loading commit data...
phonet Loading commit data...
sctp Loading commit data...
tc_act Loading commit data...
6lowpan.h Loading commit data...
Space.h Loading commit data...
act_api.h Loading commit data...
addrconf.h Loading commit data...
af_ieee802154.h Loading commit data...
af_rxrpc.h Loading commit data...
af_unix.h Loading commit data...
af_vsock.h Loading commit data...
ah.h Loading commit data...
arp.h Loading commit data...
atmclip.h Loading commit data...
ax25.h Loading commit data...
ax88796.h Loading commit data...
bond_3ad.h Loading commit data...
bond_alb.h Loading commit data...
bond_options.h Loading commit data...
bonding.h Loading commit data...
busy_poll.h Loading commit data...
calipso.h Loading commit data...
cfg80211-wext.h Loading commit data...
cfg80211.h Loading commit data...
cfg802154.h Loading commit data...
checksum.h Loading commit data...
cipso_ipv4.h Loading commit data...
cls_cgroup.h Loading commit data...
codel.h Loading commit data...
codel_impl.h Loading commit data...
codel_qdisc.h Loading commit data...
compat.h Loading commit data...
datalink.h Loading commit data...
dcbevent.h Loading commit data...
dcbnl.h Loading commit data...
devlink.h Loading commit data...
dn.h Loading commit data...
dn_dev.h Loading commit data...
dn_fib.h Loading commit data...
dn_neigh.h Loading commit data...
dn_nsp.h Loading commit data...
dn_route.h Loading commit data...
dsa.h Loading commit data...
dsfield.h Loading commit data...
dst.h Loading commit data...
dst_cache.h Loading commit data...
dst_metadata.h Loading commit data...
dst_ops.h Loading commit data...
erspan.h Loading commit data...
esp.h Loading commit data...
ethoc.h Loading commit data...
failover.h Loading commit data...
fib_notifier.h Loading commit data...
fib_rules.h Loading commit data...
firewire.h Loading commit data...
flow.h Loading commit data...
flow_dissector.h Loading commit data...
fou.h Loading commit data...
fq.h Loading commit data...
fq_impl.h Loading commit data...
garp.h Loading commit data...
gen_stats.h Loading commit data...
genetlink.h Loading commit data...
geneve.h Loading commit data...
gre.h Loading commit data...
gro_cells.h Loading commit data...
gtp.h Loading commit data...
gue.h Loading commit data...
hwbm.h Loading commit data...
icmp.h Loading commit data...
ieee80211_radiotap.h Loading commit data...
ieee802154_netdev.h Loading commit data...
if_inet6.h Loading commit data...
ife.h Loading commit data...
ila.h Loading commit data...
inet6_connection_sock.h Loading commit data...
inet6_hashtables.h Loading commit data...
inet_common.h Loading commit data...
inet_connection_sock.h Loading commit data...
inet_ecn.h Loading commit data...
inet_frag.h Loading commit data...
inet_hashtables.h Loading commit data...
inet_sock.h Loading commit data...
inet_timewait_sock.h Loading commit data...
inetpeer.h Loading commit data...
ip.h Loading commit data...
ip6_checksum.h Loading commit data...
ip6_fib.h Loading commit data...
ip6_route.h Loading commit data...
ip6_tunnel.h Loading commit data...
ip_fib.h Loading commit data...
ip_tunnels.h Loading commit data...
ip_vs.h Loading commit data...
ipcomp.h Loading commit data...
ipconfig.h Loading commit data...
ipv6.h Loading commit data...
ipv6_frag.h Loading commit data...
ipx.h Loading commit data...
iw_handler.h Loading commit data...
kcm.h Loading commit data...
l3mdev.h Loading commit data...
lag.h Loading commit data...
lapb.h Loading commit data...
lib80211.h Loading commit data...
llc.h Loading commit data...
llc_c_ac.h Loading commit data...
llc_c_ev.h Loading commit data...
llc_c_st.h Loading commit data...
llc_conn.h Loading commit data...
llc_if.h Loading commit data...
llc_pdu.h Loading commit data...
llc_s_ac.h Loading commit data...
llc_s_ev.h Loading commit data...
llc_s_st.h Loading commit data...
llc_sap.h Loading commit data...
lwtunnel.h Loading commit data...
mac80211.h Loading commit data...
mac802154.h Loading commit data...
mip6.h Loading commit data...
mld.h Loading commit data...
mpls.h Loading commit data...
mpls_iptunnel.h Loading commit data...
mrp.h Loading commit data...
ncsi.h Loading commit data...
ndisc.h Loading commit data...
neighbour.h Loading commit data...
net_failover.h Loading commit data...
net_namespace.h Loading commit data...
net_ratelimit.h Loading commit data...
netevent.h Loading commit data...
netlabel.h Loading commit data...
netlink.h Loading commit data...
netprio_cgroup.h Loading commit data...
netrom.h Loading commit data...
nexthop.h Loading commit data...
nl802154.h Loading commit data...
nsh.h Loading commit data...
p8022.h Loading commit data...
page_pool.h Loading commit data...
ping.h Loading commit data...
pkt_cls.h Loading commit data...
pkt_sched.h Loading commit data...
pptp.h Loading commit data...
protocol.h Loading commit data...
psample.h Loading commit data...
psnap.h Loading commit data...
raw.h Loading commit data...
rawv6.h Loading commit data...
red.h Loading commit data...
regulatory.h Loading commit data...
request_sock.h Loading commit data...
rose.h Loading commit data...
route.h Loading commit data...
rsi_91x.h Loading commit data...
rtnetlink.h Loading commit data...
sch_generic.h Loading commit data...
scm.h Loading commit data...
secure_seq.h Loading commit data...
seg6.h Loading commit data...
seg6_hmac.h Loading commit data...
seg6_local.h Loading commit data...
slhc_vj.h Loading commit data...
smc.h Loading commit data...
snmp.h Loading commit data...
sock.h Loading commit data...
sock_reuseport.h Loading commit data...
stp.h Loading commit data...
strparser.h Loading commit data...
switchdev.h Loading commit data...
tcp.h Loading commit data...
tcp_states.h Loading commit data...
timewait_sock.h Loading commit data...
tipc.h Loading commit data...
tls.h Loading commit data...
transp_v6.h Loading commit data...
tso.h Loading commit data...
tun_proto.h Loading commit data...
udp.h Loading commit data...
udp_tunnel.h Loading commit data...
udplite.h Loading commit data...
vsock_addr.h Loading commit data...
vxlan.h Loading commit data...
wext.h Loading commit data...
wimax.h Loading commit data...
x25.h Loading commit data...
x25device.h Loading commit data...
xdp.h Loading commit data...
xdp_sock.h Loading commit data...
xfrm.h Loading commit data...