aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter
AgeCommit message (Expand)AuthorFilesLines
2024-04-10netfilter: complete validation of user inputEric Dumazet2-0/+8
2024-04-04netfilter: validate user input for expected lengthEric Dumazet2-0/+8
2024-03-28netfilter: arptables: Select NETFILTER_FAMILY_ARP when building arp_tables.cKuniyuki Iwashima1-0/+1
2024-02-21netfilter: xtables: fix up kconfig dependenciesFlorian Westphal1-1/+2
2024-01-29netfilter: xtables: allow xtables-nft only buildsFlorian Westphal2-4/+13
2024-01-29netfilter: arptables: allow xtables-nft only buildsFlorian Westphal1-15/+13
2024-01-17netfilter: bridge: replace physindev with physinif in nf_bridge_infoPavel Tikhomirov1-3/+6
2024-01-17netfilter: propagate net to nf_bridge_get_physindevPavel Tikhomirov1-1/+1
2023-11-09Merge tag 'net-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netd...Linus Torvalds4-0/+4
2023-11-08netfilter: add missing module descriptionsFlorian Westphal4-0/+4
2023-11-02Merge tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/...Linus Torvalds1-0/+8
2023-10-27treewide: Add SPDX identifier to IETF ASN.1 modulesLukas Wunner1-0/+8
2023-10-18netfilter: xt_mangle: only check verdict part of return valueFlorian Westphal1-4/+5
2023-08-16inet: move inet->nodefrag to inet->inet_flagsEric Dumazet1-1/+1
2023-07-28netfilter: defrag: Add glue hooks for enabling/disabling defragDaniel Xu1-1/+16
2023-03-22xtables: move icmp/icmpv6 logic to xt_tcpudpFlorian Westphal1-67/+1
2023-03-06netfilter: tproxy: fix deadlock due to missing BH disableFlorian Westphal1-1/+1
2023-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nfJakub Kicinski2-2/+9
2023-02-22netfilter: x_tables: fix percpu counter block leak on error path when creatin...Pavel Tikhomirov2-0/+8
2023-02-22netfilter: ebtables: fix table blob use-after-freeFlorian Westphal1-2/+1
2023-02-17netfilter: let reset rules clean out conntrack entriesFlorian Westphal1-0/+1
2023-01-18netfilter: ip_tables: remove clusterip targetFlorian Westphal3-944/+0
2022-11-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-2/+2
2022-11-18netfilter: conntrack: Fix data-races around ct markDaniel Xu1-2/+2
2022-11-15netfilter: rpfilter/fib: clean up some inconsistent indentingJiapeng Chong1-3/+2
2022-11-15netfilter: nf_tables: Extend nft_expr_ops::dump callback parametersPhil Sutter1-1/+2
2022-10-19netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.Guillaume Nault2-0/+2
2022-10-12netfilter: rpfilter/fib: Populate flowic_l3mdev fieldPhil Sutter2-2/+2
2022-09-28netfilter: nft_fib: Fix for rpath check with VRF devicesPhil Sutter1-0/+3
2022-09-21netfilter: rpfilter: Remove unused variable 'ret'.Guillaume Nault1-1/+0
2022-09-20tcp: Access &tcp_hashinfo via net.Kuniyuki Iwashima2-11/+9
2022-09-07netfilter: nat: move repetitive nat port reserve loop to a helperFlorian Westphal1-56/+4
2022-07-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-2/+2
2022-07-15ip: Fix data-races around sysctl_ip_default_ttl.Kuniyuki Iwashima1-2/+2
2022-07-11netfilter: h323: merge nat hook pointers into oneFlorian Westphal1-28/+14
2022-05-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextDavid S. Miller1-3/+7
2022-05-13netfilter: conntrack: skip verification of zero UDP checksumKevin Mitchell1-3/+7
2022-04-28Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-0/+0
2022-04-25netfilter: flowtable: Remove the empty fileRongguang Wei1-0/+0
2022-04-11netfilter: nft_fib: reverse path filter for policy-based routing on iifPablo Neira Ayuso1-0/+4
2022-03-20netfilter: nf_nat_h323: eliminate anonymous module_init & module_exitRandy Dunlap1-4/+4
2022-03-20netfilter: nft_fib: add reduce supportFlorian Westphal1-0/+2
2022-03-20netfilter: nf_tables: do not reduce read-only expressionsPablo Neira Ayuso2-0/+2
2022-02-04netfilter: conntrack: pptp: use single option structureFlorian Westphal1-14/+10
2022-01-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfJakub Kicinski1-4/+0
2022-01-27netfilter: Remove flowtable relicsGeert Uytterhoeven1-4/+0
2022-01-22proc: remove PDE_DATA() completelyMuchun Song1-3/+3
2022-01-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+4
2022-01-05netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()Xin Xiong1-1/+4
2021-12-23netfilter: flowtable: remove ipv4/ipv6 modulesFlorian Westphal3-46/+2
2021-10-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller8-55/+20
2021-10-14netfilter: arp_tables: allow use of arpt_do_table as hookfnFlorian Westphal2-12/+5
2021-10-14netfilter: iptables: allow use of ipt_do_table as hookfnFlorian Westphal6-43/+15
2021-09-28netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1Florian Westphal1-21/+9
2021-09-21netfilter: iptable_raw: drop bogus net_init annotationFlorian Westphal1-1/+1
2021-08-25netfilter: x_tables: handle xt_register_template() returning an error valueLukas Bulwahn1-0/+2
2021-08-09netfilter: x_tables: never register tables by defaultFlorian Westphal6-63/+65
2021-08-01netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warningFlorian Westphal1-2/+3
2021-08-01netfilter: ipt_CLUSTERIP: only add arp mangle hook when requiredFlorian Westphal1-17/+34
2021-05-29netfilter: nf_tables: add and use nft_sk helperFlorian Westphal1-1/+1
2021-05-03netfilter: arptables: use pernet ops struct during unregisterFlorian Westphal2-4/+3
2021-04-26netfilter: allow to turn off xtables compat layerFlorian Westphal3-20/+20
2021-04-26netfilter: arp_tables: pass table pointer via nf_hook_opsFlorian Westphal2-18/+31
2021-04-26netfilter: ip_tables: pass table pointer via nf_hook_opsFlorian Westphal6-52/+65
2021-04-26netfilter: xt_nat: pass table to hookfnFlorian Westphal1-10/+34
2021-04-26netfilter: x_tables: remove paranoia testsFlorian Westphal6-18/+0
2021-04-26netfilter: arptables: unregister the tables by nameFlorian Westphal2-10/+12
2021-04-26netfilter: iptables: unregister the tables by nameFlorian Westphal6-32/+20
2021-04-26netfilter: x_tables: remove ipt_unregister_tableFlorian Westphal2-10/+1
2021-04-26netfilter: disable defrag once its no longer neededFlorian Westphal1-6/+24
2021-04-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-3/+20
2021-04-13netfilter: x_tables: fix compat match/target pad out-of-bound writeFlorian Westphal2-0/+4
2021-04-10netfilter: arp_tables: add pre_exit hook for table unregisterFlorian Westphal2-3/+16
2021-04-06netfilter: nf_defrag_ipv4: use net_generic infraFlorian Westphal1-5/+15
2021-03-31netfilter: nf_log_arp: merge with nf_log_syslogFlorian Westphal3-176/+4
2021-03-31netfilter: nf_log_ipv4: rename to nf_log_syslogFlorian Westphal3-397/+4
2021-03-15Revert "netfilter: x_tables: Switch synchronization to RCU"Mark Tomlinson2-14/+14
2021-03-15Revert "netfilter: x_tables: Update remaining dereference to RCU"Mark Tomlinson2-2/+2
2021-01-27netfilter: nftables: add nft_parse_register_load() and use itPablo Neira Ayuso1-9/+9
2021-01-19netfilter: rpfilter: mask ecn bits before fib lookupGuillaume Nault1-1/+1
2020-12-17netfilter: x_tables: Update remaining dereference to RCUSubash Abhinov Kasiviswanathan2-2/+2
2020-12-14Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextJakub Kicinski3-5/+7
2020-12-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-14/+14
2020-12-08netfilter: x_tables: Switch synchronization to RCUSubash Abhinov Kasiviswanathan2-14/+14
2020-12-01netfilter: use actual socket sk for REJECT actionJan Engelhardt3-5/+7
2020-11-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-2/+2
2020-11-01netfilter: nft_reject_inet: allow to use reject from inet ingressPablo Neira Ayuso1-2/+4
2020-10-31netfilter: nf_reject: add reject skbuff creation helpersJose M. Guisado Gomez1-0/+122
2020-10-30netfilter: use actual socket sk rather than skb sk when routing harderJason A. Donenfeld2-2/+2
2020-10-14netfilter: nf_log: missing vlan offload tag and protoPablo Neira Ayuso2-4/+21
2020-08-28netfilter: delete repeated wordsRandy Dunlap1-1/+1
2020-08-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-nextLinus Torvalds4-151/+81
2020-07-28net: remove sockptr_advanceChristoph Hellwig2-8/+8
2020-07-28netfilter: arp_tables: restore a SPDX identifierChristoph Hellwig1-1/+1
2020-07-24netfilter: switch nf_setsockopt to sockptr_tChristoph Hellwig2-26/+26
2020-07-24netfilter: switch xt_copy_counters to sockptr_tChristoph Hellwig2-8/+6
2020-07-19netfilter: remove the compat argument to xt_copy_counters_from_userChristoph Hellwig2-4/+2
2020-07-19netfilter/ip_tables: clean up compat {get,set}sockopt handlingChristoph Hellwig1-65/+21
2020-07-19netfilter/arp_tables: clean up compat {get, set}sockopt handlingChristoph Hellwig1-64/+21
2020-07-16treewide: Remove uninitialized_var() usageKees Cook1-3/+3
2020-07-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-0/+21
2020-07-06Replace HTTP links with HTTPS ones: IPv*Alexander A. Klimov1-1/+1
2020-06-30netfilter: introduce support for reject at prerouting stageLaura Garcia Liebana1-0/+21
2020-06-25netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c.David Wilder5-7/+44
2020-06-25netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit help...David Wilder1-1/+14
2020-06-25netfilter: Add MODULE_DESCRIPTION entries to kernel modulesRob Gill5-0/+5
2020-06-14treewide: replace '---help---' in Kconfig files with 'help'Masahiro Yamada1-8/+8
2020-05-25netfilter: nf_conntrack_pptp: prevent buffer overflows in debug codePablo Neira Ayuso1-5/+2
2020-03-15netfilter: Replace zero-length array with flexible-array memberGustavo A. R. Silva2-4/+4
2020-03-12inet: Use fallthrough;Joe Perches2-3/+3
2020-02-04proc: convert everything to "struct proc_ops"Alexey Dobriyan1-8/+8
2020-01-13netfilter: arp_tables: init netns pointer in xt_tgdtor_param structFlorian Westphal1-9/+10
2019-12-30netfilter: arp_tables: init netns pointer in xt_tgchk_param structFlorian Westphal1-11/+16
2019-11-15netfilter: nf_flow_table_offload: add IPv6 supportPablo Neira Ayuso1-1/+1
2019-11-12netfilter: nf_flow_table: hardware offload supportPablo Neira Ayuso1-0/+1
2019-11-12netfilter: nf_tables: add flowtable offload control planePablo Neira Ayuso1-0/+1
2019-11-05icmp: remove duplicate codeMatteo Croce1-9/+1
2019-10-01netfilter: drop bridge nf reset from nf_resetFlorian Westphal1-1/+1
2019-09-13netfilter: fix coding-style errors.Jeremy Sowden2-5/+5
2019-08-03netfilter: synproxy: rename mss synproxy_options fieldFernando Fernandez Mancera1-2/+2
2019-07-16netfilter: synproxy: fix erroneous tcp mss optionFernando Fernandez Mancera1-0/+2
2019-07-16netfilter: Update obsolete comments referring to ip_conntrackYonatan Goldschmidt1-2/+2
2019-07-16netfilter: nf_conntrack_sip: fix expectation clashxiao ruizhu1-6/+6
2019-07-16netfilter: Fix rpfilter dropping vrf packets by mistakeMiaohe Lin1-0/+1
2019-07-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds7-398/+20
2019-07-09Merge tag 'docs-5.3' of git://git.lwn.net/linuxLinus Torvalds1-1/+1
2019-06-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextPablo Neira Ayuso21-87/+21
2019-06-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller21-87/+21
2019-06-21netfilter: synproxy: fix manual bump of the reference counterFernando Fernandez Mancera1-1/+0
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner20-85/+20
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 484Thomas Gleixner1-2/+1
2019-06-17netfilter: synproxy: extract SYNPROXY infrastructure from {ipt, ip6t}_SYNPROXYFernando Fernandez Mancera1-388/+6
2019-06-14docs: kbuild: convert docs to ReST and rename to *.rstMauro Carvalho Chehab1-1/+1
2019-06-10Update my email addressJozsef Kadlecsik2-2/+2
2019-06-02netfilter: use in_dev_for_each_ifa_rcuFlorian Westphal1-2/+7
2019-06-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller4-5/+5
2019-05-31netfilter: ipv4: prefer skb_ensure_writableFlorian Westphal4-5/+5
2019-05-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller1-20/+3
2019-05-21netfilter: nft_fib: Fix existence check supportPhil Sutter1-20/+3
2019-05-21treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13Thomas Gleixner1-11/+1
2019-05-21treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 3Thomas Gleixner1-4/+1
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner1-0/+1
2019-05-21treewide: Add SPDX license identifier for more missed filesThomas Gleixner6-0/+6
2019-05-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds6-211/+5
2019-04-30netfilter: use macros to create module aliases.Flavio Leitner2-2/+2
2019-04-11netfilter: x_tables: merge ip and ipv6 masquerade modulesFlorian Westphal3-111/+3
2019-04-11netfilter: nf_nat: merge ip/ip6 masquerade headersFlorian Westphal1-1/+1
2019-04-09net/ipv4/netfilter: Update comment from call_rcu_bh() to call_rcu()Paul E. McKenney1-1/+1
2019-04-08netfilter: nf_tables: merge route type into coreFlorian Westphal3-98/+0
2019-03-01netfilter: nf_tables: merge ipv4 and ipv6 nat chain typesFlorian Westphal3-99/+0
2019-03-01netfilter: nf_tables: nat: merge nft_masq protocol specific modulesFlorian Westphal3-100/+0
2019-03-01netfilter: nf_tables: nat: merge nft_redir protocol specific modulesFlorian Westphal3-91/+0
2019-02-27netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.hFlorian Westphal2-9/+5
2019-02-27netfilter: nat: merge nf_nat_ipv4,6 into nat coreFlorian Westphal3-346/+2
2019-02-27netfilter: nat: move nlattr parse and xfrm session decode to coreFlorian Westphal1-58/+0
2019-02-27netfilter: nat: merge ipv4 and ipv6 masquerade functionalityFlorian Westphal3-202/+2
2019-02-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller2-8/+3
2019-02-16netfilter: ipt_CLUSTERIP: make symbol 'cip_netdev_notifier' staticWei Yongjun1-1/+1
2019-02-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2-1/+7
2019-02-13netfilter: reject: skip csum verification for protocols that don't support itAlin Nastac1-7/+2
2019-02-11netfilter: nat: fix spurious connection timeoutsFlorian Westphal1-0/+1
2019-02-11netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbsJann Horn1-1/+6
2019-01-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
2019-01-28netfilter: ipt_CLUSTERIP: fix warning unused variable cnAnders Roxell1-1/+1
2019-01-18netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookupsFlorian Westphal1-1/+1
2018-12-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller7-360/+112
2018-12-19netfilter: avoid using skb->nf_bridge directlyFlorian Westphal1-2/+4
2018-12-18netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is setTaehee Yoo1-1/+2
2018-12-18netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_p...Taehee Yoo1-5/+14
2018-12-18netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routineTaehee Yoo1-1/+0
2018-12-18netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routineTaehee Yoo1-68/+87
2018-12-17netfilter: nat: remove nf_nat_l4proto structFlorian Westphal4-107/+4
2018-12-17netfilter: nat: remove l4proto->manip_pktFlorian Westphal5-71/+2
2018-12-17netfilter: nat: remove l4proto->nlattr_to_rangeFlorian Westphal2-6/+0
2018-12-17netfilter: nat: remove l4proto->in_rangeFlorian Westphal2-12/+0
2018-12-17netfilter: nat: fold in_range indirection into callerFlorian Westphal1-8/+0
2018-12-17netfilter: nat: remove l4proto->unique_tupleFlorian Westphal2-71/+0
2018-12-17netfilter: remove NF_NAT_RANGE_PROTO_RANDOM supportFlorian Westphal1-7/+0
2018-12-01netfilter: Replace call_rcu_bh(), rcu_barrier_bh(), and synchronize_rcu_bh()Paul E. McKenney1-3/+3
2018-11-27netfilter: nat: fix double register in masquerade modulesTaehee Yoo1-7/+16
2018-11-27netfilter: add missing error handling code for register functionsTaehee Yoo3-7/+25
2018-10-16netfilter: nf_nat_snmp_basic: add missing helper alias nameTaehee Yoo1-0/+1
2018-10-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller2-4/+19
2018-09-28netfilter: masquerade: don't flush all conntracks if only one address deleted...Tan Hu1-3/+19
2018-09-20netfilter: nft_fib: Convert nft_fib4_eval to new dev helperDavid Ahern1-21/+6
2018-09-20netfilter: rpfilter: Convert rpfilter_lookup_reverse to new dev helperDavid Ahern1-16/+1
2018-09-17netfilter: nf_nat_ipv4: remove obsolete EXPORT_SYMBOLFlorian Westphal1-1/+0
2018-08-31netfilter: kconfig: nat related expression depend on nftables coreFlorian Westphal1-3/+5
2018-07-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller4-880/+3
2018-07-20Merge ra.kernel.org:/pub/scm/linux/kernel/git/torvalds/linuxDavid S. Miller2-6/+13
2018-07-17netfilter: conntrack: remove l3proto abstractionFlorian Westphal4-781/+3
2018-07-16netfilter: conntrack: remove get_timeout() indirectionFlorian Westphal1-5/+11
2018-07-16netfilter: conntrack: remove get_l4proto indirection from l3 protocol trackersFlorian Westphal1-30/+0
2018-07-16netfilter: conntrack: remove invert_tuple indirection from l3 protocol trackersFlorian Westphal2-12/+1
2018-07-16netfilter: conntrack: remove pkt_to_tuple indirection from l3 protocol trackersFlorian Westphal1-17/+0
2018-07-16netfilter: conntrack: remove ctnetlink callbacks from l3 protocol trackersFlorian Westphal1-47/+0
2018-07-06netfilter: nf_tproxy: fix possible non-linear access to transport headerMáté Eckl1-6/+12
2018-07-05netfilter: x_tables: set module owner for icmp(6) matchesFlorian Westphal1-0/+1
2018-06-28netfilter: check if the socket netns is correct.Flavio Leitner1-4/+4
2018-06-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller1-0/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-06 16:17:56 +0000