linux/net/netfilter
Pablo Neira Ayuso 9b5ba5c9c5 netfilter: nf_tables: Unbreak audit log reset
Deliver audit log from __nf_tables_dump_rules(), table dereference at
the end of the table list loop might point to the list head, leading to
this crash.

[ 4137.407349] BUG: unable to handle page fault for address: 00000000001f3c50
[ 4137.407357] #PF: supervisor read access in kernel mode
[ 4137.407359] #PF: error_code(0x0000) - not-present page
[ 4137.407360] PGD 0 P4D 0
[ 4137.407363] Oops: 0000 [#1] PREEMPT SMP PTI
[ 4137.407365] CPU: 4 PID: 500177 Comm: nft Not tainted 6.5.0+ #277
[ 4137.407369] RIP: 0010:string+0x49/0xd0
[ 4137.407374] Code: ff 77 36 45 89 d1 31 f6 49 01 f9 66 45 85 d2 75 19 eb 1e 49 39 f8 76 02 88 07 48 83 c7 01 83 c6 01 48 83 c2 01 4c 39 cf 74 07 <0f> b6 02 84 c0 75 e2 4c 89 c2 e9 58 e5 ff ff 48 c7 c0 0e b2 ff 81
[ 4137.407377] RSP: 0018:ffff8881179737f0 EFLAGS: 00010286
[ 4137.407379] RAX: 00000000001f2c50 RBX: ffff888117973848 RCX: ffff0a00ffffff04
[ 4137.407380] RDX: 00000000001f3c50 RSI: 0000000000000000 RDI: 0000000000000000
[ 4137.407381] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff
[ 4137.407383] R10: ffffffffffffffff R11: ffff88813584d200 R12: 0000000000000000
[ 4137.407384] R13: ffffffffa15cf709 R14: 0000000000000000 R15: ffffffffa15cf709
[ 4137.407385] FS:  00007fcfc18bb580(0000) GS:ffff88840e700000(0000) knlGS:0000000000000000
[ 4137.407387] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4137.407388] CR2: 00000000001f3c50 CR3: 00000001055b2001 CR4: 00000000001706e0
[ 4137.407390] Call Trace:
[ 4137.407392]  <TASK>
[ 4137.407393]  ? __die+0x1b/0x60
[ 4137.407397]  ? page_fault_oops+0x6b/0xa0
[ 4137.407399]  ? exc_page_fault+0x60/0x120
[ 4137.407403]  ? asm_exc_page_fault+0x22/0x30
[ 4137.407408]  ? string+0x49/0xd0
[ 4137.407410]  vsnprintf+0x257/0x4f0
[ 4137.407414]  kvasprintf+0x3e/0xb0
[ 4137.407417]  kasprintf+0x3e/0x50
[ 4137.407419]  nf_tables_dump_rules+0x1c0/0x360 [nf_tables]
[ 4137.407439]  ? __alloc_skb+0xc3/0x170
[ 4137.407442]  netlink_dump+0x170/0x330
[ 4137.407447]  __netlink_dump_start+0x227/0x300
[ 4137.407449]  nf_tables_getrule+0x205/0x390 [nf_tables]

Deliver audit log only once at the end of the rule dump+reset for
consistency with the set dump+reset.

Ensure audit reset access to table under rcu read side lock. The table
list iteration holds rcu read lock side, but recent audit code
dereferences table object out of the rcu read lock side.

Fixes: ea078ae910 ("netfilter: nf_tables: Audit log rule reset")
Fixes: 7e9be1124d ("netfilter: nf_tables: Audit log setelem reset")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
2023-09-06 18:09:12 +02:00
..
ipset netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c 2023-09-06 18:09:12 +02:00
ipvs Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-18 12:44:56 -07:00
core.c netfilter: defrag: Add glue hooks for enabling/disabling defrag 2023-07-28 16:52:08 -07:00
Kconfig bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
Makefile bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
nf_bpf_link.c netfilter: bpf: Only define get_proto_defrag_hook() if necessary 2023-07-31 17:51:13 -07:00
nf_conncount.c netfilter: nf_conncount: reduce unnecessary GC 2022-05-16 13:05:40 +02:00
nf_conntrack_acct.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c
nf_conntrack_bpf.c net: invert the netdevice.h vs xdp.h dependency 2023-08-03 08:38:07 -07:00
nf_conntrack_broadcast.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nf_conntrack_core.c netfilter: allow exp not to be removed in nf_ct_find_expectation 2023-07-20 10:06:36 +02:00
nf_conntrack_ecache.c netfilter: ctnetlink: make event listener tracking global 2023-02-22 00:28:47 +01:00
nf_conntrack_expect.c netfilter: allow exp not to be removed in nf_ct_find_expectation 2023-07-20 10:06:36 +02:00
nf_conntrack_extend.c netfilter: extensions: introduce extension genid count 2022-05-13 18:52:16 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed 2022-09-20 23:50:03 +02:00
nf_conntrack_h323_asn1.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nf_conntrack_h323_main.c netfilter: nf_ct_h323: cap packet size at 64k 2022-08-11 16:50:49 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-07-05 14:42:15 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-07 15:55:23 +02:00
nf_conntrack_labels.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_netbios_ns.c netfilter: nf_conntrack_netbios_ns: fix helper module alias 2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c netfilter: conntrack: validate cta_ip via parsing 2023-07-27 13:45:51 +02:00
nf_conntrack_ovs.c netfilter: use nf_ip6_check_hbh_len in nf_ct_skb_network_trim 2023-03-08 14:25:41 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add missing __rcu annotations 2022-07-11 16:25:15 +02:00
nf_conntrack_proto_dccp.c nf_conntrack: fix -Wunused-const-variable= 2023-07-27 13:45:51 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: gre: don't set assured flag for clash entries 2023-07-05 14:42:15 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: set icmpv6 redirects as RELATED 2022-11-30 23:01:20 +01:00
nf_conntrack_proto_sctp.c netfilter: set default timeout to 3 secs for sctp shutdown send and recv state 2023-08-16 00:05:15 +02:00
nf_conntrack_proto_tcp.c netfilter: let reset rules clean out conntrack entries 2023-02-17 13:04:56 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: udp: fix seen-reply test 2023-02-01 12:18:51 +01:00
nf_conntrack_proto.c netfilter: conntrack: remove pr_debug calls 2023-01-18 13:05:24 +01:00
nf_conntrack_sane.c netfilter: nf_ct_sane: remove pseudo skb linearization 2022-08-11 16:50:25 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-06-26 17:18:48 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-10 08:50:39 +02:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_dup_netdev.c netfilter: nf_dup_netdev: add and use recursion counter 2022-06-21 10:50:41 +02:00
nf_flow_table_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-15 22:19:41 -07:00
nf_flow_table_inet.c netfilter: flowtable: cache info of last offload 2023-02-03 09:31:24 +00:00
nf_flow_table_ip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-15 22:19:41 -07:00
nf_flow_table_offload.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nf_flow_table_procfs.c netfilter: nf_flow_table: count pending offload workqueue tasks 2022-07-11 16:25:14 +02:00
nf_hooks_lwtunnel.c netfilter: add netfilter hooks to SRv6 data plane 2021-08-30 01:51:36 +02:00
nf_internals.h netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_log_syslog.c netfilter: use skb_ip_totlen and iph_totlen 2023-02-01 20:54:27 -08:00
nf_log.c netfilter: move from strlcpy with unused retval to strscpy 2022-09-07 16:46:03 +02:00
nf_nat_amanda.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_bpf.c bpf: Add __bpf_kfunc tag to all kfuncs 2023-02-02 00:25:14 +01:00
nf_nat_core.c netfilter: snat: evict closing tcp entries on reply tuple collision 2023-06-26 08:05:57 +02:00
nf_nat_ftp.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_helper.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
nf_nat_irc.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_masquerade.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_nat_ovs.c net: move the nat function to nf_nat_ovs for ovs and tc 2022-12-12 10:14:03 +00:00
nf_nat_proto.c netfilter: nat: move nf_xfrm_me_harder to where it is used 2021-04-26 03:20:07 +02:00
nf_nat_redirect.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-03-22 21:48:59 +01:00
nf_nat_sip.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: handle socket prefetch 2022-03-01 11:51:15 +01:00
nf_sockopt.c netfilter: switch nf_setsockopt to sockptr_t 2020-07-24 15:41:54 -07:00
nf_synproxy_core.c ip: Fix data-races around sysctl_ip_default_ttl. 2022-07-15 11:49:55 +01:00
nf_tables_api.c netfilter: nf_tables: Unbreak audit log reset 2023-09-06 18:09:12 +02:00
nf_tables_core.c netfilter: nf_tables: do not store rule in traceinfo structure 2023-04-22 01:39:41 +02:00
nf_tables_offload.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nf_tables_trace.c netfilter: nf_tables: do not store rule in traceinfo structure 2023-04-22 01:39:41 +02:00
nfnetlink_acct.c netfilter: use nfnetlink_unicast() 2021-05-29 01:04:53 +02:00
nfnetlink_cthelper.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit 2022-06-17 23:31:20 +02:00
nfnetlink_hook.c netfilter: nfnetlink hook: dump bpf prog id 2023-04-21 11:34:14 -07:00
nfnetlink_log.c netfilter: nfnetlink_log: always add a timestamp 2023-08-08 13:03:36 +02:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-06 18:07:49 +02:00
nfnetlink_queue.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-08 04:00:02 +02:00
nft_bitwise.c netfilter pull request 23-06-26 2023-06-26 12:59:18 -07:00
nft_byteorder.c netfilter: nf_tables: prevent OOB access in nft_byteorder_eval 2023-07-06 00:53:14 +02:00
nft_chain_filter.c netfilter: nf_tables: always release netdev hooks from notifier 2023-05-10 08:50:18 +02:00
nft_chain_nat.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_chain_route.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_cmp.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nft_compat.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_connlimit.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_counter.c netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET 2022-11-15 10:53:17 +01:00
nft_ct_fast.c netfilter: nf_tables: fix ct untracked match breakage 2023-05-03 13:49:08 +02:00
nft_ct.c netfilter: nf_tables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_dup_netdev.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_dynset.c netfilter: nft_dynset: disallow object maps 2023-08-16 00:05:15 +02:00
nft_exthdr.c netfilter: nftables: exthdr: fix 4-byte stack OOB write 2023-09-06 18:03:02 +02:00
nft_fib_inet.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib_netdev.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib.c netfilter: nf_tables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_flow_offload.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_fwd_netdev.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_hash.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_immediate.c netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR 2023-07-26 16:48:49 +02:00
nft_inner.c netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET 2022-11-15 10:53:17 +01:00
nft_last.c netfilter: nft_last: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_limit.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_log.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_lookup.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_masq.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_meta.c netfilter: nft_meta: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_nat.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_numgen.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_osf.c netfilter: nft_osf: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_payload.c netfilter: nft_payload: rebuild vlan header when needed 2023-06-26 08:05:45 +02:00
nft_queue.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_quota.c netfilter: nft_quota: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_range.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_redir.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_reject_inet.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_rt.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_set_bitmap.c netfilter: nf_tables: drop map element references from preparation phase 2023-06-20 22:43:40 +02:00
nft_set_hash.c netfilter: nf_tables: defer gc run if previous batch is still pending 2023-08-23 16:12:59 +02:00
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo_avx2: remove redundant pointer lt 2021-12-24 16:58:17 +01:00
nft_set_pipapo_avx2.h netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_pipapo.c netfilter: nf_tables: fix out of memory error handling 2023-08-23 16:12:10 +02:00
nft_set_pipapo.h netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction 2023-09-06 18:09:12 +02:00
nft_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
nft_synproxy.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_tproxy.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_tunnel.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_xfrm.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
utils.c netfilter: move br_nf_check_hbh_len to utils 2023-03-08 14:25:40 +01:00
x_tables.c netfilter: x_tables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
xt_addrtype.c
xt_AUDIT.c netfilter: fix clang-12 fmt string warnings 2021-06-01 23:53:51 +02:00
xt_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_connmark.c netfilter: conntrack: Fix data-races around ct mark 2022-11-18 15:21:00 +01:00
xt_CONNSECMARK.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c driver core: class: remove module * from class_create() 2023-03-17 15:16:33 +01:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-value 2023-05-25 12:16:27 +01:00
xt_length.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2023-02-22 21:25:23 -08:00
xt_limit.c netfilter: x_tables: improve limit_mt scalability 2021-05-29 01:04:52 +02:00
xt_LOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
xt_NETMAP.c
xt_nfacct.c netfilter: Remove unnecessary conversion to bool 2020-12-01 09:45:29 +01:00
xt_NFLOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_NFQUEUE.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-20 22:43:42 +02:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c netfilter: move from strlcpy with unused retval to strscpy 2022-09-07 16:46:03 +02:00
xt_realm.c
xt_recent.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_REDIRECT.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-03-22 21:48:59 +01:00
xt_repldata.h netfilter: xtables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-08-30 17:34:01 +02:00
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-03 23:02:44 +02:00
xt_set.c
xt_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c xtables: move icmp/icmpv6 logic to xt_tcpudp 2023-03-22 21:48:59 +01:00
xt_TEE.c
xt_time.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_TPROXY.c netfilter: xt_TPROXY: remove pr_debug invocations 2022-07-21 00:56:00 +02:00
xt_TRACE.c netfilter: nf_log: add module softdeps 2021-03-31 22:34:10 +02:00
xt_u32.c netfilter: xt_u32: validate user space input 2023-08-30 17:34:01 +02:00