Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-16 05:26:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/net/netfilter
History
Florian Westphal 0bfcb7b71e netfilter: xtables: avoid NFPROTO_UNSPEC where needed 
syzbot managed to call xt_cluster match via ebtables:

 WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780
 [..]
 ebt_do_table+0x174b/0x2a40

Module registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet
processing.  As this is only useful to restrict locally terminating
TCP/UDP traffic, register this for ipv4 and ipv6 family only.

Pablo points out that this is a general issue, direct users of the
set/getsockopt interface can call into targets/matches that were only
intended for use with ip(6)tables.

Check all UNSPEC matches and targets for similar issues:

- matches and targets are fine except if they assume skb_network_header()
  is valid -- this is only true when called from inet layer: ip(6) stack
  pulls the ip/ipv6 header into linear data area.
- targets that return XT_CONTINUE or other xtables verdicts must be
  restricted too, they are incompatbile with the ebtables traverser, e.g.
  EBT_CONTINUE is a completely different value than XT_CONTINUE.

Most matches/targets are changed to register for NFPROTO_IPV4/IPV6, as
they are provided for use by ip(6)tables.

The MARK target is also used by arptables, so register for NFPROTO_ARP too.

While at it, bail out if connbytes fails to enable the corresponding
conntrack family.

This change passes the selftests in iptables.git.

Reported-by: syzbot+256c348558aa5cf611a9@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netfilter-devel/66fec2e2.050a0220.9ec68.0047.GAE@google.com/
Fixes: 0269ea493734 ("netfilter: xtables: add cluster match")
Signed-off-by: Florian Westphal <fw@strlen.de>
Co-developed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2024-10-09 23:20:46 +02:00
..
ipset
netfilter: ipset: Fix suspicious rcu_dereference_protected()
2024-06-19 15:12:56 +02:00
ipvs
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
core.c
net/netfilter: make use of the helper macro LIST_HEAD()
2024-09-06 18:10:21 -07:00
Kconfig
netfilter: xtables: allow xtables-nft only builds
2024-01-29 15:43:21 +01:00
Makefile
netfilter: Add bpf_xdp_flow_lookup kfunc
2024-07-01 17:03:01 +02:00
nf_bpf_link.c
bpf: Take into account BPF token when fetching helper protos
2024-01-24 16:21:01 -08:00
nf_conncount.c
netfilter: move nf_ct_netns_get out of nf_conncount_init
2024-08-19 18:44:51 +02:00
nf_conntrack_acct.c
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c
netfilter: nf_conntrack_sip: fix expectation clash
2019-07-16 13:16:59 +02:00
nf_conntrack_bpf.c
net: netfilter: Make ct zone opts configurable for bpf ct helpers
2024-05-22 15:00:56 -07:00
nf_conntrack_broadcast.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nf_conntrack_core.c
netfilter: nfnetlink_queue: remove old clash resolution logic
2024-09-26 13:03:03 +02:00
nf_conntrack_ecache.c
netfilter: ctnetlink: make event listener tracking global
2023-02-22 00:28:47 +01:00
nf_conntrack_expect.c
netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_expect_init
2024-02-21 11:57:11 +01:00
nf_conntrack_extend.c
netfilter: conntrack: fix extension size table
2023-09-13 21:57:50 +02:00
nf_conntrack_ftp.c
netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed
2022-09-20 23:50:03 +02:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
2024-03-07 03:10:35 +01:00
nf_conntrack_h323_main.c
netfilter: nf_ct_h323: cap packet size at 64k
2022-08-11 16:50:49 +02:00
nf_conntrack_h323_types.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 484
2019-06-19 17:09:52 +02:00
nf_conntrack_helper.c
netfilter: conntrack: simplify nf_conntrack_alter_reply
2023-10-10 16:34:28 +02:00
nf_conntrack_irc.c
netfilter: nf_conntrack_irc: Tighten matching on DCC message
2022-09-07 15:55:23 +02:00
nf_conntrack_labels.c
netfilter: conntrack: switch connlabels to atomic_t
2023-10-24 13:16:30 +02:00
nf_conntrack_netbios_ns.c
netfilter: nf_conntrack_netbios_ns: fix helper module alias
2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c
netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS
2024-09-26 13:03:02 +02:00
nf_conntrack_ovs.c
netfilter: use nf_ip6_check_hbh_len in nf_ct_skb_network_trim
2023-03-08 14:25:41 +01:00
nf_conntrack_pptp.c
netfilter: nf_conntrack: add missing __rcu annotations
2022-07-11 16:25:15 +02:00
nf_conntrack_proto_dccp.c
netfilter: conntrack: dccp: try not to drop skb in conntrack
2024-05-06 11:13:56 +02:00
nf_conntrack_proto_generic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
nf_conntrack_proto_gre.c
netfilter: conntrack: gre: don't set assured flag for clash entries
2023-07-05 14:42:15 +02:00
nf_conntrack_proto_icmp.c
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_proto_icmpv6.c
netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery
2024-05-06 11:13:56 +02:00
nf_conntrack_proto_sctp.c
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
2024-01-31 23:13:57 +01:00
nf_conntrack_proto_tcp.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nf_conntrack_proto_udp.c
netfilter: conntrack: udp: fix seen-reply test
2023-02-01 12:18:51 +01:00
nf_conntrack_proto.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nf_conntrack_sane.c
netfilter: nf_ct_sane: remove pseudo skb linearization
2022-08-11 16:50:25 +02:00
nf_conntrack_seqadj.c
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
2023-06-26 17:18:48 +02:00
nf_conntrack_snmp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
nf_conntrack_standalone.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
nf_conntrack_tftp.c
netfilter: nf_conntrack_sip: fix expectation clash
2019-07-16 13:16:59 +02:00
nf_conntrack_timeout.c
netfilter: nf_conntrack: use rcu accessors where needed
2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.c
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_dup_netdev.c
netfilter: nf_dup_netdev: add and use recursion counter
2022-06-21 10:50:41 +02:00
nf_flow_table_bpf.c
netfilter: Add bpf_xdp_flow_lookup kfunc
2024-07-01 17:03:01 +02:00
nf_flow_table_core.c
net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
2024-09-12 15:41:03 +02:00
nf_flow_table_inet.c
net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
2024-09-12 15:41:03 +02:00
nf_flow_table_ip.c
netfilter: flowtable: validate vlan header
2024-08-22 12:14:18 +02:00
nf_flow_table_offload.c
netfilter: flowtable: initialise extack before use
2024-08-14 23:37:16 +02:00
nf_flow_table_procfs.c
netfilter: nf_flow_table: count pending offload workqueue tasks
2022-07-11 16:25:14 +02:00
nf_flow_table_xdp.c
netfilter: nf_tables: Add flowtable map for xdp offload
2024-07-01 17:01:53 +02:00
nf_hooks_lwtunnel.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
nf_internals.h
netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
2024-06-19 18:41:59 +02:00
nf_log_syslog.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
nf_log.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
nf_nat_amanda.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_bpf.c
bpf: treewide: Annotate BPF kfuncs in BTF
2024-01-31 20:40:56 -08:00
nf_nat_core.c
netfilter: nfnetlink_queue: remove old clash resolution logic
2024-09-26 13:03:03 +02:00
nf_nat_ftp.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_helper.c
treewide: use get_random_u32_below() instead of deprecated function
2022-11-18 02:15:15 +01:00
nf_nat_irc.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_masquerade.c
netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
2022-05-13 18:56:27 +02:00
nf_nat_ovs.c
netfilter: nf_nat: fix action not being set for all ct states
2024-01-03 11:17:17 +01:00
nf_nat_proto.c
ipsec-next-2023-10-28
2023-10-30 14:36:57 -07:00
nf_nat_redirect.c
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
2023-11-08 16:40:30 +01:00
nf_nat_sip.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_tftp.c
netfilter: nf_conntrack_sip: fix expectation clash
2019-07-16 13:16:59 +02:00
nf_queue.c
netfilter: move nf_reinject into nfnetlink_queue modules
2024-02-21 12:03:22 +01:00
nf_sockopt.c
netfilter: switch nf_setsockopt to sockptr_t
2020-07-24 15:41:54 -07:00
nf_synproxy_core.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nf_tables_api.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nf_tables_core.c
netfilter: nf_tables: don't initialize registers in nft_do_chain()
2024-08-20 12:37:25 +02:00
nf_tables_offload.c
netfilter: nf_tables: do not store nft_ctx in transaction objects
2024-06-25 20:40:47 +02:00
nf_tables_trace.c
net: add and use skb_get_hash_net
2024-06-12 14:33:38 -07:00
nfnetlink_acct.c
netfilter: use nfnetlink_unicast()
2021-05-29 01:04:53 +02:00
nfnetlink_cthelper.c
netfilter: nf_conntrack: use rcu accessors where needed
2022-07-11 16:25:15 +02:00
nfnetlink_cttimeout.c
netfilter: cttimeout: remove 'l3num' attr check
2024-06-26 00:54:53 +02:00
nfnetlink_hook.c
netfilter: nfnetlink hook: dump bpf prog id
2023-04-21 11:34:14 -07:00
nfnetlink_log.c
netfilter: nfnetlink_log: use proper helper for fetching physinif
2024-01-17 12:02:47 +01:00
nfnetlink_osf.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nfnetlink_queue.c
netfilter: nfnetlink_queue: unbreak SCTP traffic
2024-08-19 18:44:50 +02:00
nfnetlink.c
netfilter: nfnetlink: convert kfree_skb to consume_skb
2024-08-19 18:44:50 +02:00
nft_bitwise.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_byteorder.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nft_chain_filter.c
netfilter: nf_tables: remove NETDEV_CHANGENAME from netdev chain event handler
2024-05-06 11:13:55 +02:00
nft_chain_nat.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nft_chain_route.c
netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec()
2021-05-29 01:04:54 +02:00
nft_cmp.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_compat.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_connlimit.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_counter.c
netfilter: nft_counter: Use u64_stats_t for statistic.
2024-09-03 10:47:16 +02:00
nft_ct_fast.c
netfilter: nf_tables: fix ct untracked match breakage
2023-05-03 13:49:08 +02:00
nft_ct.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_dup_netdev.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_dynset.c
netfilter: nf_tables: set element timeout update support
2024-09-03 18:19:44 +02:00
nft_exthdr.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nft_fib_inet.c
netfilter: nft_fib: add reduce support
2022-03-20 00:29:47 +01:00
nft_fib_netdev.c
netfilter: nft_fib: add reduce support
2022-03-20 00:29:47 +01:00
nft_fib.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_flow_offload.c
netfilter: nft_flow_offload: Unmask upper DSCP bits in nft_flow_route()
2024-09-09 14:14:53 +01:00
nft_fwd_netdev.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_hash.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_immediate.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_inner.c
nf_tables: fix NULL pointer dereference in nft_inner_init()
2023-10-12 10:28:45 +02:00
nft_last.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_limit.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_log.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_lookup.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_masq.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_meta.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_nat.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_numgen.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_objref.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_osf.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_payload.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_queue.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_quota.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_range.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_redir.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject_inet.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject_netdev.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_rt.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_set_bitmap.c
netfilter: nf_tables: restore set elements when delete set fails
2024-04-17 17:43:11 +02:00
nft_set_hash.c
netfilter: nf_tables: restore set elements when delete set fails
2024-04-17 17:43:11 +02:00
nft_set_pipapo_avx2.c
netfilter: nft_set_pipapo_avx2: disable softinterrupts
2024-07-24 10:01:59 +02:00
nft_set_pipapo_avx2.h
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_set_pipapo.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_set_pipapo.h
netfilter: nf_set_pipapo: fix initial map fill
2024-07-17 19:00:47 +02:00
nft_set_rbtree.c
netfilter: nf_tables: restore set elements when delete set fails
2024-04-17 17:43:11 +02:00
nft_socket.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-09-15 09:13:19 -07:00
nft_synproxy.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_tproxy.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_tunnel.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_xfrm.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
utils.c
netfilter: move nf_reinject into nfnetlink_queue modules
2024-02-21 12:03:22 +01:00
x_tables.c
netfilter: x_tables: Use unsafe_memcpy() for 0-sized destination
2024-02-21 12:03:22 +01:00
xt_addrtype.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_AUDIT.c
netfilter: fix clang-12 fmt string warnings
2021-06-01 23:53:51 +02:00
xt_bpf.c
bpf: Refactor BPF_PROG_RUN into a function
2021-08-17 00:45:07 +02:00
xt_cgroup.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_CHECKSUM.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_CLASSIFY.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_cluster.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_comment.c
xt_connbytes.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_connlabel.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_connlimit.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_connmark.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_CONNSECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_conntrack.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_cpu.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_CT.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_dccp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_devgroup.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_dscp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_DSCP.c
netfilter: x_tables: use correct integer types
2022-07-11 16:40:45 +02:00
xt_ecn.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_esp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_hashlimit.c
proc: remove PDE_DATA() completely
2022-01-22 08:33:37 +02:00
xt_helper.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_hl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_HL.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
xt_HMARK.c
netfilter: xt_HMARK: Use ip_is_fragment() helper
2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_ipcomp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
xt_iprange.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-06-25 01:32:59 +02:00
xt_ipvs.c
xt_l2tp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_LED.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_length.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
2023-02-22 21:25:23 -08:00
xt_limit.c
netfilter: x_tables: improve limit_mt scalability
2021-05-29 01:04:52 +02:00
xt_LOG.c
netfilter: log: work around missing softdep backend module
2021-09-21 03:46:56 +02:00
xt_mac.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_mark.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_MASQUERADE.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_multiport.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_nat.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
xt_NETMAP.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_nfacct.c
netfilter: Remove unnecessary conversion to bool
2020-12-01 09:45:29 +01:00
xt_NFLOG.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_NFQUEUE.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_osf.c
netfilter: nfnetlink_osf: fix module autoload
2023-06-20 22:43:42 +02:00
xt_owner.c
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
2023-12-06 17:52:15 +01:00
xt_physdev.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
xt_pkttype.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_policy.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_quota.c
xt_rateest.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_RATEEST.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_realm.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_recent.c
netfilter: xt_recent: Lift restrictions on max hitcount value
2024-06-28 17:57:50 +02:00
xt_REDIRECT.c
netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs
2023-03-22 21:48:59 +01:00
xt_repldata.h
netfilter: xtables: refactor deprecated strncpy
2023-08-22 15:13:21 +02:00
xt_sctp.c
netfilter: xt_sctp: validate the flag_info count
2023-08-30 17:34:01 +02:00
xt_SECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_set.c
netfilter: inline four headers files into another one.
2019-08-13 12:14:26 +02:00
xt_socket.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
xt_state.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_statistic.c
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
xt_string.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_tcpmss.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xt_TCPMSS.c
netfilter: x_tables: use correct integer types
2022-07-11 16:40:45 +02:00
xt_TCPOPTSTRIP.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
xt_tcpudp.c
xtables: move icmp/icmpv6 logic to xt_tcpudp
2023-03-22 21:48:59 +01:00
xt_TEE.c
xt_time.c
netfilter: Replace HTTP links with HTTPS ones
2020-07-29 20:09:18 +02:00
xt_TPROXY.c
netfilter: xt_TPROXY: remove pr_debug invocations
2022-07-21 00:56:00 +02:00
xt_TRACE.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_u32.c
netfilter: xt_u32: validate user space input
2023-08-30 17:34:01 +02:00