iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Taehee Yoo 4ef360dd6a netfilter: nft_set: fix allocation size overflow in privsize callback. 
In order to determine allocation size of set, ->privsize is invoked.
At this point, both desc->size and size of each data structure of set
are used. desc->size means number of element that is given by user.
desc->size is u32 type. so that upperlimit of set element is 4294967295.
but return type of ->privsize is also u32. hence overflow can occurred.

test commands:
   %nft add table ip filter
   %nft add set ip filter hash1 { type ipv4_addr \; size 4294967295 \; }
   %nft list ruleset

splat looks like:
[ 1239.202910] kasan: CONFIG_KASAN_INLINE enabled
[ 1239.208788] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1239.217625] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
[ 1239.219329] CPU: 0 PID: 1603 Comm: nft Not tainted 4.18.0-rc5+ #7
[ 1239.229091] RIP: 0010:nft_hash_walk+0x1d2/0x310 [nf_tables_set]
[ 1239.229091] Code: 84 d2 7f 10 4c 89 e7 89 44 24 38 e8 d8 5a 17 e0 8b 44 24 38 48 8d 7b 10 41 0f b6 0c 24 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 3a 40 38 f2 7f 1a 84 d2 74 16
[ 1239.229091] RSP: 0018:ffff8801118cf358 EFLAGS: 00010246
[ 1239.229091] RAX: 0000000000000000 RBX: 0000000000020400 RCX: 0000000000000001
[ 1239.229091] RDX: 0000000000004082 RSI: 0000000000000000 RDI: 0000000000020410
[ 1239.229091] RBP: ffff880114d5a988 R08: 0000000000007e94 R09: ffff880114dd8030
[ 1239.229091] R10: ffff880114d5a988 R11: ffffed00229bb006 R12: ffff8801118cf4d0
[ 1239.229091] R13: ffff8801118cf4d8 R14: 0000000000000000 R15: dffffc0000000000
[ 1239.229091] FS:  00007f5a8fe0b700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000
[ 1239.229091] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1239.229091] CR2: 00007f5a8ecc27b0 CR3: 000000010608e000 CR4: 00000000001006f0
[ 1239.229091] Call Trace:
[ 1239.229091]  ? nft_hash_remove+0xf0/0xf0 [nf_tables_set]
[ 1239.229091]  ? memset+0x1f/0x40
[ 1239.229091]  ? __nla_reserve+0x9f/0xb0
[ 1239.229091]  ? memcpy+0x34/0x50
[ 1239.229091]  nf_tables_dump_set+0x9a1/0xda0 [nf_tables]
[ 1239.229091]  ? __kmalloc_reserve.isra.29+0x2e/0xa0
[ 1239.229091]  ? nft_chain_hash_obj+0x630/0x630 [nf_tables]
[ 1239.229091]  ? nf_tables_commit+0x2c60/0x2c60 [nf_tables]
[ 1239.229091]  netlink_dump+0x470/0xa20
[ 1239.229091]  __netlink_dump_start+0x5ae/0x690
[ 1239.229091]  nft_netlink_dump_start_rcu+0xd1/0x160 [nf_tables]
[ 1239.229091]  nf_tables_getsetelem+0x2e5/0x4b0 [nf_tables]
[ 1239.229091]  ? nft_get_set_elem+0x440/0x440 [nf_tables]
[ 1239.229091]  ? nft_chain_hash_obj+0x630/0x630 [nf_tables]
[ 1239.229091]  ? nf_tables_dump_obj_done+0x70/0x70 [nf_tables]
[ 1239.229091]  ? nla_parse+0xab/0x230
[ 1239.229091]  ? nft_get_set_elem+0x440/0x440 [nf_tables]
[ 1239.229091]  nfnetlink_rcv_msg+0x7f0/0xab0 [nfnetlink]
[ 1239.229091]  ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink]
[ 1239.229091]  ? debug_show_all_locks+0x290/0x290
[ 1239.229091]  ? sched_clock_cpu+0x132/0x170
[ 1239.229091]  ? find_held_lock+0x39/0x1b0
[ 1239.229091]  ? sched_clock_local+0x10d/0x130
[ 1239.229091]  netlink_rcv_skb+0x211/0x320
[ 1239.229091]  ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink]
[ 1239.229091]  ? netlink_ack+0x7b0/0x7b0
[ 1239.229091]  ? ns_capable_common+0x6e/0x110
[ 1239.229091]  nfnetlink_rcv+0x2d1/0x310 [nfnetlink]
[ 1239.229091]  ? nfnetlink_rcv_batch+0x10f0/0x10f0 [nfnetlink]
[ 1239.229091]  ? netlink_deliver_tap+0x829/0x930
[ 1239.229091]  ? lock_acquire+0x265/0x2e0
[ 1239.229091]  netlink_unicast+0x406/0x520
[ 1239.509725]  ? netlink_attachskb+0x5b0/0x5b0
[ 1239.509725]  ? find_held_lock+0x39/0x1b0
[ 1239.509725]  netlink_sendmsg+0x987/0xa20
[ 1239.509725]  ? netlink_unicast+0x520/0x520
[ 1239.509725]  ? _copy_from_user+0xa9/0xc0
[ 1239.509725]  __sys_sendto+0x21a/0x2c0
[ 1239.509725]  ? __ia32_sys_getpeername+0xa0/0xa0
[ 1239.509725]  ? retint_kernel+0x10/0x10
[ 1239.509725]  ? sched_clock_cpu+0x132/0x170
[ 1239.509725]  ? find_held_lock+0x39/0x1b0
[ 1239.509725]  ? lock_downgrade+0x540/0x540
[ 1239.509725]  ? up_read+0x1c/0x100
[ 1239.509725]  ? __do_page_fault+0x763/0x970
[ 1239.509725]  ? retint_user+0x18/0x18
[ 1239.509725]  __x64_sys_sendto+0x177/0x180
[ 1239.509725]  do_syscall_64+0xaa/0x360
[ 1239.509725]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1239.509725] RIP: 0033:0x7f5a8f468e03
[ 1239.509725] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb d0 0f 1f 84 00 00 00 00 00 83 3d 49 c9 2b 00 00 75 13 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8
[ 1239.509725] RSP: 002b:00007ffd78d0b778 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1239.509725] RAX: ffffffffffffffda RBX: 00007ffd78d0c890 RCX: 00007f5a8f468e03
[ 1239.509725] RDX: 0000000000000034 RSI: 00007ffd78d0b7e0 RDI: 0000000000000003
[ 1239.509725] RBP: 00007ffd78d0b7d0 R08: 00007f5a8f15c160 R09: 000000000000000c
[ 1239.509725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd78d0b7e0
[ 1239.509725] R13: 0000000000000034 R14: 00007f5a8f9aff60 R15: 00005648040094b0
[ 1239.509725] Modules linked in: nf_tables_set nf_tables nfnetlink ip_tables x_tables
[ 1239.670713] ---[ end trace 39375adcda140f11 ]---
[ 1239.676016] RIP: 0010:nft_hash_walk+0x1d2/0x310 [nf_tables_set]
[ 1239.682834] Code: 84 d2 7f 10 4c 89 e7 89 44 24 38 e8 d8 5a 17 e0 8b 44 24 38 48 8d 7b 10 41 0f b6 0c 24 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 3a 40 38 f2 7f 1a 84 d2 74 16
[ 1239.705108] RSP: 0018:ffff8801118cf358 EFLAGS: 00010246
[ 1239.711115] RAX: 0000000000000000 RBX: 0000000000020400 RCX: 0000000000000001
[ 1239.719269] RDX: 0000000000004082 RSI: 0000000000000000 RDI: 0000000000020410
[ 1239.727401] RBP: ffff880114d5a988 R08: 0000000000007e94 R09: ffff880114dd8030
[ 1239.735530] R10: ffff880114d5a988 R11: ffffed00229bb006 R12: ffff8801118cf4d0
[ 1239.743658] R13: ffff8801118cf4d8 R14: 0000000000000000 R15: dffffc0000000000
[ 1239.751785] FS:  00007f5a8fe0b700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000
[ 1239.760993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1239.767560] CR2: 00007f5a8ecc27b0 CR3: 000000010608e000 CR4: 00000000001006f0
[ 1239.775679] Kernel panic - not syncing: Fatal exception
[ 1239.776630] Kernel Offset: 0x1f000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1239.776630] Rebooting in 5 seconds..

Fixes: 20a69341f2d0 ("netfilter: nf_tables: add netlink set API")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-08-16 19:36:59 +02:00
..
ipset
netfilter: ipset: forbid family for hash:mac sets
2018-06-06 14:01:00 +02:00
ipvs
ipvs: don't show negative times in ip_vs_conn
2018-08-16 19:36:57 +02:00
core.c
netfilter: Add nf_ct_get_tuple_skb global lookup function
2018-07-10 20:06:34 -07:00
Kconfig
netfilter: kconfig: remove ct zone/label dependencies
2018-08-03 21:15:12 +02:00
Makefile
netfilter: nf_tables: add tunnel support
2018-08-03 21:12:12 +02:00
nf_conncount.c
netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search
2018-07-18 11:26:37 +02:00
nf_conntrack_acct.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c
netfilter: use nf_conntrack_helpers_register when possible
2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
nf_conntrack_core.c
netfilter: use kvmalloc_array to allocate memory for hashtable
2018-08-03 18:37:55 +02:00
nf_conntrack_ecache.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c
netfilter: use kvmalloc_array to allocate memory for hashtable
2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c
netfilter: conntrack: include kmemleak.h for kmemleak_not_leak()
2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c
netfilter: add __exit mark to helper modules
2018-04-24 10:29:14 +02:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: Remove unwanted comments.
2018-01-08 18:01:05 +01:00
nf_conntrack_h323_main.c
netfilter: move route indirection to struct nf_ipv6_ops
2018-01-08 18:01:26 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: use kvmalloc_array to allocate memory for hashtable
2018-08-03 18:37:55 +02:00
nf_conntrack_irc.c
netfilter: add __exit mark to helper modules
2018-04-24 10:29:14 +02:00
nf_conntrack_labels.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c
netfilter: Remove useless param helper of nf_ct_helper_ext_add
2018-07-18 11:26:42 +02:00
nf_conntrack_pptp.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
nf_conntrack_proto_dccp.c
Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net
2018-07-24 19:21:58 -07:00
nf_conntrack_proto_generic.c
netfilter: conntrack: remove get_timeout() indirection
2018-07-16 17:55:01 +02:00
nf_conntrack_proto_gre.c
netfilter: conntrack: remove get_timeout() indirection
2018-07-16 17:55:01 +02:00
nf_conntrack_proto_icmp.c
netfilter: conntrack: remove l3proto abstraction
2018-07-17 15:27:49 +02:00
nf_conntrack_proto_icmpv6.c
netfilter: conntrack: remove l3proto abstraction
2018-07-17 15:27:49 +02:00
nf_conntrack_proto_sctp.c
netfilter: conntrack: remove get_timeout() indirection
2018-07-16 17:55:01 +02:00
nf_conntrack_proto_tcp.c
netfilter: conntrack: remove get_timeout() indirection
2018-07-16 17:55:01 +02:00
nf_conntrack_proto_udp.c
netfilter: conntrack: remove get_timeout() indirection
2018-07-16 17:55:01 +02:00
nf_conntrack_proto.c
netfilter: conntrack: avoid use-after free on rmmod
2018-08-03 21:15:13 +02:00
nf_conntrack_sane.c
netfilter: add __exit mark to helper modules
2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_sip.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-05-06 21:51:37 -04:00
nf_conntrack_snmp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c
netfilter: conntrack: remove l3proto abstraction
2018-07-17 15:27:49 +02:00
nf_conntrack_tftp.c
netfilter: add __exit mark to helper modules
2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c
netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object
2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
nf_dup_netdev.c
netfilter: dup: resolve warnings about missing prototypes
2017-05-29 11:32:36 +02:00
nf_flow_table_core.c
netfilter: flowtables: use fixed renew timeout on teardown
2018-07-16 17:51:48 +02:00
nf_flow_table_inet.c
netfilter: nf_flow_table: move init code to nf_flow_table_core.c
2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c
netfilter: nf_flow_table: attach dst to skbs
2018-06-01 09:47:36 +02:00
nf_internals.h
netfilter: core: export raw versions of add/delete hook functions
2018-05-23 09:14:05 +02:00
nf_log_common.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
nf_log_netdev.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
nf_log.c
netfilter: nf_log: don't hold nf_log_mutex during user access
2018-06-26 16:48:40 +02:00
nf_nat_amanda.c
netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean
2017-04-06 22:01:38 +02:00
nf_nat_core.c
netfilter: use kvmalloc_array to allocate memory for hashtable
2018-08-03 18:37:55 +02:00
nf_nat_ftp.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
nf_nat_helper.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_irc.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_proto_dccp.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_proto_sctp.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_proto_tcp.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_proto_udp.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_proto_unknown.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_redirect.c
netfilter: nat: merge nf_nat_redirect into nf_nat
2018-05-29 00:25:40 +02:00
nf_nat_sip.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nf_nat_tftp.c
nf_queue.c
netfilter: remove duplicated include
2018-01-10 15:32:15 +01:00
nf_sockopt.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nf_synproxy_core.c
proc: introduce proc_create_net{,_data}
2018-05-16 07:24:30 +02:00
nf_tables_api.c
netfilter: nft_set: fix allocation size overflow in privsize callback.
2018-08-16 19:36:59 +02:00
nf_tables_core.c
netfilter: nf_tables: handle meta/lookup with direct call
2018-07-30 11:52:02 +02:00
nf_tables_set_core.c
netfilter: nf_tables: place all set backends in one single module
2018-07-06 19:31:53 +02:00
nf_tables_trace.c
netfilter: nf_tables: Allow chain name of up to 255 chars
2017-07-31 20:41:57 +02:00
nfnetlink_acct.c
netfilter: provide correct argument to nla_strlcpy()
2018-05-24 00:52:35 +02:00
nfnetlink_cthelper.c
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
nfnetlink_cttimeout.c
netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object
2018-08-07 17:14:15 +02:00
nfnetlink_log.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-06-06 18:39:49 -07:00
nfnetlink_osf.c
netfilter: nfnetlink_osf: fix using plain integer as NULL warning
2018-08-08 19:05:39 +02:00
nfnetlink_queue.c
netfilter: nf_queue: augment nfqa_cfg_policy
2018-06-18 14:13:24 +02:00
nfnetlink.c
netfilter: nf_tables: use dedicated mutex to guard transactions
2018-07-18 11:26:48 +02:00
nft_bitwise.c
netfilter: nf_tables: revisit chain/object refcounting from elements
2017-05-15 12:51:41 +02:00
nft_byteorder.c
netfilter: nf_tables: simplify the basic expressions' init routine
2016-11-09 23:42:23 +01:00
nft_chain_filter.c
netfilter: nf_tables: use dedicated mutex to guard transactions
2018-07-18 11:26:48 +02:00
nft_cmp.c
netfilter: mark expected switch fall-throughs
2018-01-08 18:01:01 +01:00
nft_compat.c
netfilter: nft_compat: explicitly reject ERROR and standard target
2018-07-09 16:06:19 +02:00
nft_connlimit.c
netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search
2018-07-18 11:26:37 +02:00
nft_counter.c
netfilter: nf_tables: add destroy_clone expression
2018-06-03 00:02:11 +02:00
nft_ct.c
netfilter: nft_ct: enable conntrack for helpers
2018-08-07 17:14:27 +02:00
nft_dup_netdev.c
nft_dynset.c
netfilter: nf_tables: use dedicated mutex to guard transactions
2018-07-18 11:26:48 +02:00
nft_exthdr.c
netfilter: nf_tables: merge exthdr expression into nft core
2018-04-27 00:00:56 +02:00
nft_fib_inet.c
netfilter: nf_tables: use hook state from xt_action_param structure
2016-11-03 11:52:34 +01:00
nft_fib_netdev.c
netfilter: nf_tables: add fib expression to the netdev family
2017-07-31 19:01:40 +02:00
nft_fib.c
netfilter: nft_fib: Support existence check
2017-03-13 13:45:36 +01:00
nft_flow_offload.c
netfilter: nf_tables: simplify lookup functions
2018-04-24 10:29:09 +02:00
nft_fwd_netdev.c
netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer
2018-06-01 10:35:47 +02:00
nft_hash.c
netfilter: fix ptr_ret.cocci warnings
2018-06-01 09:38:40 +02:00
nft_immediate.c
netfilter: nf_tables: fix jumpstack depth validation
2018-07-17 20:48:24 +02:00
nft_limit.c
netfilter: nft_limit: fix packet ratelimiting
2018-05-23 09:50:28 +02:00
nft_log.c
netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it
2018-06-07 16:14:00 -04:00
nft_lookup.c
netfilter: nf_tables: handle meta/lookup with direct call
2018-07-30 11:52:02 +02:00
nft_masq.c
netfilter: nf_tables: add single table list for all families
2018-01-10 15:32:08 +01:00
nft_meta.c
netfilter: nf_tables: handle meta/lookup with direct call
2018-07-30 11:52:02 +02:00
nft_nat.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
nft_numgen.c
netfilter: use PTR_ERR_OR_ZERO()
2018-07-30 14:07:09 +02:00
nft_objref.c
netfilter: nf_tables: simplify lookup functions
2018-04-24 10:29:09 +02:00
nft_osf.c
netfilter: nft_osf: use NFT_OSF_MAXGENRELEN instead of IFNAMSIZ
2018-08-07 17:14:04 +02:00
nft_payload.c
netfilter: fix a few (harmless) sparse warnings
2017-08-28 17:42:56 +02:00
nft_queue.c
netfilter: Remove exceptional & on function name
2017-04-07 18:24:47 +02:00
nft_quota.c
netfilter: nf_tables: add select_ops for stateful objects
2017-09-04 13:25:09 +02:00
nft_range.c
netfilter: nf_tables: revisit chain/object refcounting from elements
2017-05-15 12:51:41 +02:00
nft_redir.c
netfilter: nf_tables: add single table list for all families
2018-01-10 15:32:08 +01:00
nft_reject_inet.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_reject.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_rt.c
netfilter: nf_tables: merge rt expression into nft core
2018-04-27 00:00:55 +02:00
nft_set_bitmap.c
netfilter: nft_set: fix allocation size overflow in privsize callback.
2018-08-16 19:36:59 +02:00
nft_set_hash.c
netfilter: nft_set: fix allocation size overflow in privsize callback.
2018-08-16 19:36:59 +02:00
nft_set_rbtree.c
netfilter: nft_set: fix allocation size overflow in privsize callback.
2018-08-16 19:36:59 +02:00
nft_socket.c
netfilter: nft_socket: Expose socket mark
2018-07-18 11:26:52 +02:00
nft_tproxy.c
netfilter: nft_tproxy: Add missing config check
2018-08-03 20:20:53 +02:00
nft_tunnel.c
netfilter: nft_tunnel: fix sparse errors
2018-08-04 00:53:29 +02:00
utils.c
netfilter: utils: move nf_ip6_checksum* from ipv6 to utils
2018-07-16 17:51:48 +02:00
x_tables.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
xt_addrtype.c
netfilter: x_tables: use pr ratelimiting in matches/targets
2018-02-14 21:05:37 +01:00
xt_AUDIT.c
audit: eliminate audit_enabled magic number comparison
2018-06-19 10:43:55 -04:00
xt_bpf.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_cgroup.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
xt_CHECKSUM.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_CLASSIFY.c
xt_cluster.c
netfilter: xt_cluster: get rid of xt_cluster_ipv6_is_multicast
2018-03-05 23:15:43 +01:00
xt_comment.c
xt_connbytes.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_connlabel.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_connlimit.c
netfilter: use PTR_ERR_OR_ZERO()
2018-07-30 14:07:09 +02:00
xt_connmark.c
netfilter: xt_connmark: fix list corruption on rmmod
2018-06-12 19:35:52 +02:00
xt_CONNSECMARK.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_conntrack.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c
netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object
2018-08-07 17:14:15 +02:00
xt_dccp.c
xt_devgroup.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_dscp.c
netfilter: x_tables: remove pr_info where possible
2018-02-14 21:05:33 +01:00
xt_DSCP.c
netfilter: x_tables: remove pr_info where possible
2018-02-14 21:05:33 +01:00
xt_ecn.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c
netfilter/xt_hashlimit: switch to proc_create_{seq,single}_data
2018-05-16 07:24:30 +02:00
xt_helper.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c
netfilter: x_tables: remove pr_info where possible
2018-02-14 21:05:33 +01:00
xt_HMARK.c
netfilter: x_tables: use pr ratelimiting in matches/targets
2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
xt_ipcomp.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_l2tp.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_LED.c
netfilter: x_tables: fix missing timer initialization in xt_LED
2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c
netfilter: xt_limit: Spelling s/maxmum/maximum/
2018-03-05 23:15:50 +01:00
xt_LOG.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c
netfilter: xt_multiport: Fix wrong unmatch result with multiple ports
2016-12-06 21:48:20 +01:00
xt_nat.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
xt_NETMAP.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
xt_nfacct.c
netfilter: nfnetlink_acct: remove useless parameter
2018-03-05 23:15:43 +01:00
xt_NFLOG.c
netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet.
2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: use pr ratelimiting
2018-02-14 21:05:35 +01:00
xt_osf.c
netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c
2018-07-30 14:07:11 +02:00
xt_owner.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
xt_physdev.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_pkttype.c
netfilter: pkttype: unnecessary to check ipv6 multicast address
2017-01-18 20:32:43 +01:00
xt_policy.c
netfilter: x_tables: use pr ratelimiting in matches/targets
2018-02-14 21:05:37 +01:00
xt_quota.c
xtables: extend matches and targets with .usersize
2017-01-09 17:24:55 +01:00
xt_rateest.c
netfilter: make xt_rateest hash table per net
2018-03-05 23:15:44 +01:00
xt_RATEEST.c
netfilter: make xt_rateest hash table per net
2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
xt_REDIRECT.c
netfilter: add NAT support for shifted portmap ranges
2018-04-24 10:29:12 +02:00
xt_repldata.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xt_sctp.c
sctp: remove the typedef sctp_chunkhdr_t
2017-07-01 09:08:41 -07:00
xt_SECMARK.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_set.c
netfilter: ipset: Limit max timeout value
2018-06-06 14:00:54 +02:00
xt_socket.c
netfilter: check if the socket netns is correct.
2018-06-28 22:21:32 +09:00
xt_state.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_statistic.c
netfilter: x_tables: fix pointer leaks to userspace
2018-01-31 14:59:24 +01:00
xt_string.c
netfilter: ebtables: Add string filter
2018-03-30 11:04:12 +02:00
xt_tcpmss.c
xt_TCPMSS.c
netfilter: x_tables: use pr ratelimiting in all remaining spots
2018-02-14 21:05:38 +01:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
2016-07-03 10:55:07 +02:00
xt_TEE.c
netfilter: Kconfig: Change select IPv6 dependencies
2018-07-17 15:27:54 +02:00
xt_time.c
netfilter: Replace printk() with pr_*() and define pr_fmt()
2018-03-20 13:44:14 +01:00
xt_TPROXY.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-07-20 22:28:28 -07:00
xt_TRACE.c
netfilter: xt_TRACE: add explicitly nf_logger_find_get call
2016-06-23 13:26:49 +02:00
xt_u32.c