Jakub Kicinski 10905b4a68 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf ... Pablo Neira Ayuso says: ==================== Netfilter fixes for net 1) Protect nft_ct template with global mutex, from Pavel Skripkin. 2) Two recent commits switched inet rt and nexthop exception hashes from jhash to siphash. If those two spots are problematic then conntrack is affected as well, so switch voer to siphash too. While at it, add a hard upper limit on chain lengths and reject insertion if this is hit. Patches from Florian Westphal. 3) Fix use-after-scope in nf_socket_ipv6 reported by KASAN, from Benjamin Hesmans. * git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf: netfilter: socket: icmp6: fix use-after-scope netfilter: refuse insertion if chain has grown too large netfilter: conntrack: switch to siphash netfilter: conntrack: sanitize table size default settings netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex ==================== Link: https://lore.kernel.org/r/20210903163020.13741-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2021-09-03 16:20:37 -07:00
..
ip6_tables.c	netfilter: x_tables: reduce xt_action_param by 8 byte	2021-05-29 01:04:53 +02:00
ip6t_ah.c	netfilter: ip6tables: Remove redundant null checks	2020-07-29 20:39:43 +02:00
ip6t_eui64.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
ip6t_frag.c	netfilter: ip6tables: Remove redundant null checks	2020-07-29 20:39:43 +02:00
ip6t_hbh.c	netfilter: ip6tables: Remove redundant null checks	2020-07-29 20:39:43 +02:00
ip6t_ipv6header.c	netfilter: move inline nf_ip6_ext_hdr() function to a more appropriate header.	2019-09-13 12:34:09 +02:00
ip6t_mh.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
ip6t_NPT.c	netfilter: ip6t_NPT: rewrite addresses in ICMPv6 original packet	2020-08-28 19:18:48 +02:00
ip6t_REJECT.c	netfilter: use actual socket sk for REJECT action	2020-12-01 14:33:55 +01:00
ip6t_rpfilter.c	netfilter: Fix rpfilter dropping vrf packets by mistake	2019-07-16 13:16:47 +02:00
ip6t_rt.c	netfilter: ip6tables: Remove redundant null checks	2020-07-29 20:39:43 +02:00
ip6t_srh.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
ip6t_SYNPROXY.c	netfilter: Add MODULE_DESCRIPTION entries to kernel modules	2020-06-25 00:50:31 +02:00
ip6table_filter.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
ip6table_mangle.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
ip6table_nat.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
ip6table_raw.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
ip6table_security.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
Kconfig	netfilter: nf_log_ipv6: merge with nf_log_syslog	2021-03-31 00:37:27 +02:00
Makefile	netfilter: nf_log_ipv6: merge with nf_log_syslog	2021-03-31 00:37:27 +02:00
nf_conntrack_reasm.c	netfilter: nf_defrag_ipv6: use net_generic infra	2021-04-06 00:34:51 +02:00
nf_defrag_ipv6_hooks.c	netfilter: disable defrag once its no longer needed	2021-04-26 03:20:07 +02:00
nf_dup_ipv6.c	netfilter: drop bridge nf reset from nf_reset	2019-10-01 18:42:15 +02:00
nf_flow_table_ipv6.c	netfilter: Add MODULE_DESCRIPTION entries to kernel modules	2020-06-25 00:50:31 +02:00
nf_reject_ipv6.c	selinux/stable-5.11 PR 20201214	2020-12-16 11:01:04 -08:00
nf_socket_ipv6.c	netfilter: socket: icmp6: fix use-after-scope	2021-09-03 18:25:31 +02:00
nf_tproxy_ipv6.c	netfilter: nft_tproxy: Fix typo in IPv6 module description.	2019-10-17 12:21:11 +02:00
nft_dup_ipv6.c	netfilter: nftables: add nft_parse_register_load() and use it	2021-01-27 22:53:29 +01:00
nft_fib_ipv6.c	netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local	2021-06-09 21:11:03 +02:00
nft_reject_ipv6.c	netfilter: nf_tables: add and use nft_sk helper	2021-05-29 01:04:53 +02:00