aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter/ip_tables.c
AgeCommit message (Expand)AuthorFilesLines
2024-04-10netfilter: complete validation of user inputEric Dumazet1-0/+4
2024-04-04netfilter: validate user input for expected lengthEric Dumazet1-0/+4
2023-03-22xtables: move icmp/icmpv6 logic to xt_tcpudpFlorian Westphal1-67/+1
2023-02-22netfilter: x_tables: fix percpu counter block leak on error path when creatin...Pavel Tikhomirov1-0/+4
2023-02-22netfilter: ebtables: fix table blob use-after-freeFlorian Westphal1-2/+1
2021-10-14netfilter: iptables: allow use of ipt_do_table as hookfnFlorian Westphal1-3/+4
2021-04-26netfilter: allow to turn off xtables compat layerFlorian Westphal1-8/+8
2021-04-26netfilter: ip_tables: pass table pointer via nf_hook_opsFlorian Westphal1-17/+36
2021-04-26netfilter: iptables: unregister the tables by nameFlorian Westphal1-4/+10
2021-04-26netfilter: x_tables: remove ipt_unregister_tableFlorian Westphal1-9/+0
2021-04-13netfilter: x_tables: fix compat match/target pad out-of-bound writeFlorian Westphal1-0/+2
2021-03-15Revert "netfilter: x_tables: Switch synchronization to RCU"Mark Tomlinson1-7/+7
2021-03-15Revert "netfilter: x_tables: Update remaining dereference to RCU"Mark Tomlinson1-1/+1
2020-12-17netfilter: x_tables: Update remaining dereference to RCUSubash Abhinov Kasiviswanathan1-1/+1
2020-12-08netfilter: x_tables: Switch synchronization to RCUSubash Abhinov Kasiviswanathan1-7/+7
2020-07-28net: remove sockptr_advanceChristoph Hellwig1-4/+4
2020-07-24netfilter: switch nf_setsockopt to sockptr_tChristoph Hellwig1-12/+12
2020-07-24netfilter: switch xt_copy_counters to sockptr_tChristoph Hellwig1-4/+3
2020-07-19netfilter: remove the compat argument to xt_copy_counters_from_userChristoph Hellwig1-2/+1
2020-07-19netfilter/ip_tables: clean up compat {get,set}sockopt handlingChristoph Hellwig1-65/+21
2020-06-25netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit help...David Wilder1-1/+14
2020-03-15netfilter: Replace zero-length array with flexible-array memberGustavo A. R. Silva1-2/+2
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner1-4/+1
2018-07-05netfilter: x_tables: set module owner for icmp(6) matchesFlorian Westphal1-0/+1
2018-06-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller1-0/+1
2018-06-08netfilter: x_tables: initialise match/target check parameter structFlorian Westphal1-0/+1
2018-05-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-1/+4
2018-05-23netfilter: xtables: allow table definitions not backed by hook_opsFlorian Westphal1-1/+4
2018-05-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-0/+1
2018-05-08netfilter: x_tables: add module alias for icmp matchesFlorian Westphal1-0/+1
2018-04-24netfilter: xtables: use ipt_get_target_c instead of ipt_get_targetTaehee Yoo1-1/+1
2018-03-30Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-19/+12
2018-03-30Revert "netfilter: x_tables: ensure last rule in base chain matches underflow...Florian Westphal1-16/+1
2018-03-27net: Drop pernet_operations::asyncKirill Tkhai1-1/+0
2018-03-05netfilter: x_tables: ensure last rule in base chain matches underflow/policyFlorian Westphal1-1/+16
2018-03-05netfilter: compat: prepare xt_compat_init_offsets to return errorsFlorian Westphal1-2/+6
2018-03-05netfilter: x_tables: add counters allocation wrapperFlorian Westphal1-1/+1
2018-03-05netfilter: x_tables: move hook entry checks into coreFlorian Westphal1-10/+3
2018-03-05netfilter: x_tables: check standard verdicts in coreFlorian Westphal1-5/+0
2018-03-05netfilter: unlock xt_table earlier in __do_replaceXin Long1-1/+2
2018-02-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+6
2018-02-19net: Convert ip_tables_net_ops, udplite6_net_ops and xt_net_opsKirill Tkhai1-0/+1
2018-02-14netfilter: add back stackpointer size checksFlorian Westphal1-1/+6
2018-01-31Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-15/+12
2018-01-19netfilter: remove messages print and boot/module load timePablo Neira Ayuso1-1/+0
2018-01-08netfilter: xtables: add and use xt_request_find_table_lockFlorian Westphal1-14/+12
2018-01-03Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-6/+1
2017-12-04netfilter: Remove now-redundant smp_read_barrier_depends()Paul E. McKenney1-6/+1
2017-11-20netfilter: remove redundant assignment to eColin Ian King1-1/+0
2017-10-24netfilter: x_tables: don't use seqlock when fetching old countersFlorian Westphal1-2/+21
2017-09-08netfilter: xtables: add scheduling opportunity in get_countersFlorian Westphal1-0/+1
2017-09-04net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.Varsha Rao1-9/+3
2017-09-03Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-3/+1
2017-08-02netfilter: constify nf_loginfo structuresJulia Lawall1-1/+1
2017-08-02netfilter: xtables: Remove unused variable in compat_copy_entry_from_user()Taehee Yoo1-2/+0
2017-07-31netfilter: x_tables: Fix use-after-free in ipt_do_table.Taehee Yoo1-4/+5
2017-04-07netfilter: Remove unnecessary cast on void pointersimran singhal1-12/+8
2017-01-09iptables: use match, target and data copy_to_user helpersWillem de Bruijn1-15/+6
2016-12-24Replace <asm/uaccess.h> with <linux/uaccess.h> globallyLinus Torvalds1-1/+1
2016-12-06netfilter: x_tables: pack percpu counter allocationsFlorian Westphal1-3/+6
2016-12-06netfilter: x_tables: pass xt_counters struct to counter allocatorFlorian Westphal1-4/+1
2016-12-06netfilter: x_tables: pass xt_counters struct instead of packet counterFlorian Westphal1-2/+2
2016-11-13netfilter: x_tables: simplify IS_ERR_OR_NULL to NULL testJulia Lawall1-10/+10
2016-11-03netfilter: x_tables: move hook state into xt_action_param structurePablo Neira Ayuso1-5/+1
2016-09-25netfilter: nft_log: complete NFTA_LOG_FLAGS attr supportLiping Zhang1-1/+1
2016-07-18netfilter: x_tables: speed up jump target validationFlorian Westphal1-21/+24
2016-07-03netfilter: Convert FWINV<[foo]> macros and uses to NF_INVFJoe Perches1-11/+9
2016-05-05netfilter: x_tables: get rid of old and inconsistent debuggingPablo Neira Ayuso1-204/+40
2016-04-29netfilter: fix IS_ERR_VALUE usagePablo Neira Ayuso1-2/+4
2016-04-14netfilter: x_tables: introduce and use xt_copy_counters_from_userFlorian Westphal1-43/+5
2016-04-14netfilter: x_tables: remove obsolete checkFlorian Westphal1-7/+0
2016-04-14netfilter: x_tables: remove obsolete overflow check for compat case tooFlorian Westphal1-2/+0
2016-04-14netfilter: x_tables: do compat validation via translate_tableFlorian Westphal1-126/+29
2016-04-14netfilter: x_tables: xt_compat_match_from_user doesn't need a retvalFlorian Westphal1-17/+9
2016-04-14netfilter: ip_tables: simplify translate_compat_table argsFlorian Westphal1-35/+24
2016-04-14netfilter: x_tables: check for bogus target offsetFlorian Westphal1-2/+3
2016-04-14netfilter: x_tables: add compat version of xt_check_entry_offsetsFlorian Westphal1-1/+2
2016-04-14netfilter: x_tables: kill check_entry helperFlorian Westphal1-12/+8
2016-04-14netfilter: x_tables: add and use xt_check_entry_offsetsFlorian Westphal1-11/+1
2016-04-14netfilter: x_tables: validate targets of jumpsFlorian Westphal1-0/+16
2016-04-14netfilter: x_tables: don't move to non-existent next ruleFlorian Westphal1-0/+4
2016-03-28netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_EN...Pablo Neira Ayuso1-0/+2
2016-03-28netfilter: x_tables: fix unconditional helperFlorian Westphal1-12/+11
2016-03-28netfilter: x_tables: make sure e->next_offset covers remaining blob sizeFlorian Westphal1-2/+4
2016-03-28netfilter: x_tables: validate e->target_offset earlyFlorian Westphal1-9/+8
2016-03-02netfilter: xtables: don't hook tables by defaultFlorian Westphal1-14/+28
2016-03-02netfilter: xtables: prepare for on-demand hook registerFlorian Westphal1-11/+10
2015-10-16netfilter: ipv4: code indentationIan Morris1-3/+3
2015-10-16netfilter: ipv4: function definition layoutIan Morris1-3/+3
2015-10-16netfilter: ipv4: ternary operator layoutIan Morris1-3/+3
2015-10-16netfilter: ipv4: label placementIan Morris1-1/+1
2015-09-18netfilter: x_tables: Pass struct net in xt_action_paramEric W. Biederman1-0/+1
2015-09-18inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_tableEric W. Biederman1-1/+1
2015-09-17netfilter: Use nf_hook_state.netEric W. Biederman1-4/+4
2015-08-28Revert "netfilter: xtables: compute exact size needed for jumpstack"Florian Westphal1-18/+10
2015-07-15netfilter: xtables: remove __pure annotationFlorian Westphal1-1/+1
2015-07-15netfilter: add and use jump label for xt_teeFlorian Westphal1-1/+2
2015-07-15netfilter: xtables: don't save/restore jumpstack offsetFlorian Westphal1-17/+20
2015-07-15netfilter: xtables: compute exact size needed for jumpstackFlorian Westphal1-10/+18
2015-06-15netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference.Eric Dumazet1-2/+2
2015-06-12netfilter: xtables: avoid percpu ruleset duplicationFlorian Westphal1-48/+16
2015-06-12netfilter: xtables: use percpu rule countersFlorian Westphal1-4/+27
2015-05-31Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-3/+1
2015-05-26netfilter: remove unused comefrom hookmask argumentFlorian Westphal1-3/+1
2015-05-20netfilter: ensure number of counters is >0 in do_replace()Dave Jones1-0/+6
2015-04-04netfilter: Pass nf_hook_state through ipt_do_table().David S. Miller1-7/+6
2015-03-19netfilter: restore rule tracing via nfnetlink_logPablo Neira Ayuso1-3/+3
2014-04-05netfilter: Can't fail and free after table replacementThomas Graf1-2/+4
2013-10-22netfilter: x_tables: fix ordering of jumpstack allocation and table updateWill Deacon1-0/+5
2013-04-18netfilter: add my copyright statementsPatrick McHardy1-0/+1
2013-04-05netfilter: nf_log: prepare net namespace support for loggersGao feng1-1/+2
2013-04-02netfilter: use IS_ENABLE to replace if defined in TRACE targetGao feng1-4/+2
2013-01-22netfilter: Use IS_ERR_OR_NULL().YOSHIFUJI Hideaki / 吉藤英明1-5/+5
2012-11-18net: Allow userns root to control ipv4Eric W. Biederman1-4/+4
2012-05-15net: Convert net_ratelimit uses to net_<level>_ratelimitedJoe Perches1-2/+1
2012-04-15net: cleanup unsigned to unsigned intEric Dumazet1-1/+1
2011-06-16netfilter: ip_tables: fix compile with debugSebastian Andrzej Siewior1-1/+1
2011-04-19Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/...David S. Miller1-16/+12
2011-04-04netfilter: get rid of atomic ops in fast pathEric Dumazet1-16/+12
2011-03-31Fix common misspellingsLucas De Marchi1-1/+1
2011-03-20netfilter: xtables: fix reentrancyEric Dumazet1-2/+2
2011-03-15netfilter: ip_tables: fix infoleak to userspaceVasiliy Kulikov1-0/+3
2011-01-19Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-31/+14
2011-01-13netfilter: x_table: speedup compat operationsEric Dumazet1-0/+2
2011-01-10netfilter: x_tables: dont block BH while reading countersEric Dumazet1-31/+14
2010-11-03ipv4: netfilter: ip_tables: fix information leak to userlandVasiliy Kulikov1-0/+1
2010-10-13netfilter: xtables: resolve indirect macros 3/3Jan Engelhardt1-9/+9
2010-10-13netfilter: xtables: resolve indirect macros 2/3Jan Engelhardt1-27/+27
2010-10-13netfilter: xtables: resolve indirect macros 1/3Jan Engelhardt1-6/+6
2010-08-23netfilter: fix CONFIG_COMPAT supportFlorian Westphal1-0/+3
2010-08-17netfilter: {ip,ip6,arp}_tables: avoid lockdep false positiveEric Dumazet1-0/+2
2010-08-02netfilter: {ip,ip6,arp}_tables: dont block bottom half more than necessaryEric Dumazet1-4/+6
2010-07-23netfilter: iptables: use skb->len for accountingChangli Gao1-1/+1
2010-06-15Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-1/+1
2010-06-04netfilter: vmalloc_node cleanupEric Dumazet1-2/+2
2010-05-31netfilter: xtables: stackptr should be percpuEric Dumazet1-1/+1
2010-05-13netfilter: cleanup printk messagesStephen Hemminger1-1/+1
2010-05-13netfilter: change NF_ASSERT to WARN_ONStephen Hemminger1-6/+1
2010-05-11netfilter: xtables: combine built-in extension structsJan Engelhardt1-35/+30
2010-05-11netfilter: xtables: change hotdrop pointer to direct modificationJan Engelhardt1-5/+4
2010-05-11netfilter: xtables: deconstify struct xt_action_param for matchesJan Engelhardt1-1/+1
2010-05-11netfilter: xtables: substitute temporary defines by final nameJan Engelhardt1-2/+2
2010-05-11netfilter: xtables: combine struct xt_match_param and xt_target_paramJan Engelhardt1-17/+15
2010-05-02netfilter: xtables: dissolve do_match functionJan Engelhardt1-17/+5
2010-05-02netfilter: ip_tables: fix compilation when debug is enabledJan Engelhardt1-2/+2
2010-04-22netfilter: ip_tables: convert pr_devel() to pr_debug()Patrick McHardy1-5/+5
2010-04-19netfilter: xtables: remove old comments about reentrancyJan Engelhardt1-2/+0
2010-04-19netfilter: xtables: make ip_tables reentrantJan Engelhardt1-30/+35
2010-03-25netfilter: xtables: change matches to return error codeJan Engelhardt1-1/+1
2010-03-25netfilter: xtables: change xt_match.checkentry return typeJan Engelhardt1-1/+1
2010-03-25netfilter: xtables: consolidate code into xt_request_find_matchJan Engelhardt1-10/+8
2010-03-25netfilter: xtables: make use of xt_request_find_targetJan Engelhardt1-12/+8
2010-03-25netfilter: xt extensions: use pr_<level> (2)Jan Engelhardt1-10/+8
2010-02-26netfilter: xtables: restore indentationJan Engelhardt1-10/+15
2010-02-24netfilter: xtables: reduce arguments to translate_tableJan Engelhardt1-27/+15
2010-02-24netfilter: xtables: optimize call flow around xt_ematch_foreachJan Engelhardt1-62/+31
2010-02-24netfilter: xtables: replace XT_MATCH_ITERATE macroJan Engelhardt1-17/+61
2010-02-24netfilter: xtables: optimize call flow around xt_entry_foreachJan Engelhardt1-120/+63
2010-02-24netfilter: xtables: replace XT_ENTRY_ITERATE macroJan Engelhardt1-56/+104
2010-02-15netfilter: xtables: add const qualifiersJan Engelhardt1-39/+49
2010-02-15netfilter: xtables: constify args in compat copying functionsJan Engelhardt1-2/+2
2010-02-10netfilter: xtables: generate initial table on-demandJan Engelhardt1-0/+7
2010-02-10Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-2/+2
2010-02-08netfilter: xtables: compat out of scope fixAlexey Dobriyan1-2/+2
2010-02-03netfilter: add struct net * to target parametersPatrick McHardy1-3/+5
2010-01-18netfilter: xtables: add struct xt_mtdtor_param::netAlexey Dobriyan1-12/+13
2010-01-18netfilter: xtables: add struct xt_mtchk_param::netAlexey Dobriyan1-10/+14
2009-11-23netfilter: net/ipv[46]/netfilter: Move && and || to end of previous lineJoe Perches1-23/+23
2009-08-24netfilter: xtables: mark initial tables constantJan Engelhardt1-1/+2
2009-08-10netfilter: xtables: check for standard verdicts in policiesJan Engelhardt1-2/+19
2009-08-10netfilter: xtables: check for unconditionality of policiesJan Engelhardt1-4/+7
2009-08-10netfilter: xtables: ignore unassigned hooks in check_entry_size_and_hooksJan Engelhardt1-1/+4
2009-08-10netfilter: xtables: use memcmp in unconditional checkJan Engelhardt1-8/+3
2009-08-10netfilter: iptables: remove unused datalen variableJan Engelhardt1-4/+0
2009-06-12netfilter: ip_tables: fix build errorPatrick McHardy1-1/+1
2009-06-04netfilter: x_tables: added hook number into match extension parameter structure.Evgeniy Polyakov1-1/+1
2009-05-08netfilter: xtables: consolidate comefrom debug cast accessJan Engelhardt1-4/+9
2009-05-08netfilter: xtables: remove another level of indentJan Engelhardt1-27/+25
2009-05-08netfilter: xtables: remove some gotoJan Engelhardt1-5/+2
2009-05-08netfilter: xtables: reduce indent level by oneJan Engelhardt1-69/+65
2009-05-08netfilter: xtables: consolidate open-coded logicJan Engelhardt1-4/+10
2009-05-08netfilter: xtables: fix const inconsistencyJan Engelhardt1-7/+7
2009-05-08netfilter: xtables: remove redundant castsJan Engelhardt1-1/+1
2009-05-08netfilter: xtables: use NFPROTO_ in standard targetsJan Engelhardt1-3/+3
2009-05-08netfilter: xtables: use NFPROTO_ for xt_proto_init callsitesJan Engelhardt1-2/+2
2009-04-28netfilter: revised locking for x_tablesStephen Hemminger1-91/+35
2009-04-02netfilter: use rcu_read_bh() in ipt_do_table()Eric Dumazet1-2/+2
2009-03-25netfilter: {ip,ip6,arp}_tables: fix incorrect loop detectionPatrick McHardy1-1/+3
2009-03-25netfilter: factorize ifname_compare()Eric Dumazet1-21/+2
2009-02-20netfilter: ip_tables: unfold two critical loops in ip_packet_match()Eric Dumazet1-12/+21
2009-02-20netfilter: iptables: lock free countersStephen Hemminger1-33/+87
2008-10-31net: replace NIPQUAD() in net/ipv4/netfilter/Harvey Harrison1-8/+4
2008-10-08netfilter: xtables: provide invoked family value to extensionsJan Engelhardt1-2/+8
2008-10-08netfilter: xtables: move extension arguments into compound structure (6/6)Jan Engelhardt1-3/+7
2008-10-08netfilter: xtables: move extension arguments into compound structure (5/6)Jan Engelhardt1-7/+10
2008-10-08netfilter: xtables: move extension arguments into compound structure (4/6)Jan Engelhardt1-14/+10
2008-10-08netfilter: xtables: move extension arguments into compound structure (3/6)Jan Engelhardt1-3/+7
2008-10-08netfilter: xtables: move extension arguments into compound structure (2/6)Jan Engelhardt1-26/+23
2008-10-08netfilter: xtables: move extension arguments into compound structure (1/6)Jan Engelhardt1-26/+20
2008-10-08netfilter: xtables: do centralized checkentry call (1/2)Jan Engelhardt1-14/+9
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-06 17:47:33 +0000