aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
8 daysnetfilter: nf_tables: honor table dormant flag from netdev release event pathPablo Neira Ayuso1-1/+3
8 daysipvs: Fix checksumming on GSO of SCTP packetsIsmael Luceno1-2/+4
2024-04-18netfilter: nf_tables: fix memleak in map from abort pathPablo Neira Ayuso1-2/+14
2024-04-17netfilter: nf_tables: restore set elements when delete set failsPablo Neira Ayuso5-20/+45
2024-04-17netfilter: nf_tables: missing iterator type in lookup walkPablo Neira Ayuso2-1/+3
2024-04-11netfilter: flowtable: incorrect pppoe tuplePablo Neira Ayuso1-1/+1
2024-04-11netfilter: flowtable: validate pppoe headerPablo Neira Ayuso2-4/+7
2024-04-11netfilter: nft_set_pipapo: do not free live elementFlorian Westphal1-5/+9
2024-04-11netfilter: nft_set_pipapo: walk over current view on netlink dumpPablo Neira Ayuso2-2/+9
2024-04-11netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()Ziyang Xuan1-2/+6
2024-04-11netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()Ziyang Xuan1-2/+6
2024-04-04netfilter: nf_tables: discard table flag update with pending basechain deletionPablo Neira Ayuso1-4/+5
2024-04-04netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()Ziyang Xuan1-2/+7
2024-04-04netfilter: nf_tables: reject new basechain after table flag updatePablo Neira Ayuso1-0/+3
2024-04-04netfilter: nf_tables: flush pending destroy work before exit_net releasePablo Neira Ayuso1-0/+1
2024-04-04netfilter: nf_tables: release mutex after nft_gc_seq_end from abort pathPablo Neira Ayuso1-5/+8
2024-04-04netfilter: nf_tables: release batch on table validation from abort pathPablo Neira Ayuso1-5/+10
2024-03-28netfilter: nf_tables: skip netdev hook unregistration if table is dormantPablo Neira Ayuso1-6/+10
2024-03-28netfilter: nf_tables: reject table flag and netdev basechain updatesPablo Neira Ayuso1-1/+30
2024-03-28netfilter: nf_tables: reject destroy command to remove basechain hooksPablo Neira Ayuso1-1/+2
2024-03-21netfilter: nf_tables: Fix a memory leak in nf_tables_updchainQuan Tian1-13/+14
2024-03-21netfilter: nf_tables: do not compare internal table flags on updatesPablo Neira Ayuso1-1/+1
2024-03-21netfilter: nft_set_pipapo: release elements in clone only from destroy pathPablo Neira Ayuso1-4/+1
2024-03-12Merge tag 'net-next-6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds19-289/+385
2024-03-11Merge tag 'x86-core-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds4-7/+7
2024-03-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-6/+16
2024-03-07netfilter: nf_conntrack_h323: Add protection for bmp length out of rangeLena Wang1-0/+4
2024-03-07netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeoutPablo Neira Ayuso1-0/+1
2024-03-07netfilter: nft_ct: fix l3num expectations with inet pseudo familyFlorian Westphal1-6/+5
2024-03-07netfilter: nf_tables: reject constant set with timeoutPablo Neira Ayuso1-0/+3
2024-03-07netfilter: nf_tables: disallow anonymous set with timeout flagPablo Neira Ayuso1-0/+3
2024-03-02Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf...Jakub Kicinski2-4/+4
2024-03-01ipv6: annotate data-races around cnf.hop_limitEric Dumazet1-1/+1
2024-02-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-0/+21
2024-02-29netfilter: bridge: confirm multicast packets before passing them up the stackFlorian Westphal1-0/+1
2024-02-28netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()Ignat Korchagin1-0/+20
2024-02-22Merge tag 'nf-next-24-02-21' of https://git.kernel.org/pub/scm/linux/kernel/g...Jakub Kicinski10-257/+344
2024-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-42/+56
2024-02-22netfilter: nf_tables: use kzalloc for hook allocationFlorian Westphal1-1/+1
2024-02-22netfilter: nf_tables: register hooks last when adding new chain/flowtablePablo Neira Ayuso1-38/+40
2024-02-22netfilter: nft_flow_offload: release dst in case direct xmit path is usedPablo Neira Ayuso1-0/+1
2024-02-22netfilter: nft_flow_offload: reset dst in route object after setting up flowPablo Neira Ayuso1-3/+13
2024-02-22netfilter: nf_tables: set dormant flag on hook register failureFlorian Westphal1-0/+1
2024-02-21netfilter: x_tables: Use unsafe_memcpy() for 0-sized destinationKees Cook1-1/+2
2024-02-21netfilter: move nf_reinject into nfnetlink_queue modulesFlorian Westphal3-143/+142
2024-02-21netfilter: nft_set_pipapo: use GFP_KERNEL for insertionsFlorian Westphal1-7/+11
2024-02-21netfilter: nft_set_pipapo: speed up bulk element insertionsFlorian Westphal2-16/+69
2024-02-21netfilter: nft_set_pipapo: shrink data structuresFlorian Westphal2-40/+51
2024-02-21netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTRFlorian Westphal1-4/+12
2024-02-21netfilter: nft_set_pipapo: constify lookup fn args where possibleFlorian Westphal3-35/+48
2024-02-21netfilter: nft_osf: simplify init pathPablo Neira Ayuso1-8/+3
2024-02-21netfilter: nf_log: validate nf_logger_find_get()Pablo Neira Ayuso1-0/+5
2024-02-21netfilter: nf_log: consolidate check for NULL logger in lookup functionPablo Neira Ayuso1-2/+2
2024-02-21netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_exp...Kunwu Chan1-3/+1
2024-02-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski4-4/+8
2024-02-15Merge tag 'net-6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netd...Linus Torvalds3-3/+7
2024-02-15netfilter: nf_tables: fix bidirectional offload regressionFelix Fietkau1-0/+1
2024-02-15netfilter: nat: restore default DNAT behaviorKyle Swenson1-1/+4
2024-02-15netfilter: nft_set_pipapo: fix missing : in kdocPablo Neira Ayuso1-2/+2
2024-02-14Merge branch 'x86/bugs' into x86/core, to pick up pending changes before depe...Ingo Molnar4-7/+7
2024-02-12netfilter: conntrack: expedite rcu in nf_conntrack_cleanup_net_listEric Dumazet1-1/+1
2024-02-09work around gcc bugs with 'asm goto' with outputsLinus Torvalds1-1/+1
2024-02-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski12-99/+144
2024-02-08netfilter: nft_set_pipapo: remove scratch_aligned pointerFlorian Westphal3-39/+10
2024-02-08netfilter: nft_set_pipapo: add helper to release pcpu scratch areaFlorian Westphal1-5/+23
2024-02-08netfilter: nft_set_pipapo: store index in scratch mapsFlorian Westphal3-26/+44
2024-02-08netfilter: nft_set_rbtree: skip end interval element from gcPablo Neira Ayuso1-3/+3
2024-02-08netfilter: nfnetlink_queue: un-break NF_REPEATFlorian Westphal1-3/+10
2024-02-08netfilter: nf_tables: use timestamp to check for set element timeoutPablo Neira Ayuso4-13/+28
2024-02-08netfilter: nft_ct: reject direction for ct idPablo Neira Ayuso1-0/+3
2024-02-08netfilter: ctnetlink: fix filtering for zone 0Felix Huettner1-4/+8
2024-02-08netfilter: ipset: Missing gc cancellations fixedJozsef Kadlecsik2-2/+4
2024-02-08netfilter: nft_set_pipapo: remove static in nft_pipapo_get()Pablo Neira Ayuso1-1/+1
2024-02-07netfilter: nft_compat: restrict match/target protocol to u16Pablo Neira Ayuso1-1/+7
2024-02-07netfilter: nft_compat: reject unused compat flagPablo Neira Ayuso1-1/+2
2024-02-07netfilter: nft_compat: narrow down revision to unsigned 8-bitsPablo Neira Ayuso1-3/+3
2024-02-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski10-31/+106
2024-01-31bpf: treewide: Annotate BPF kfuncs in BTFDaniel Xu2-4/+4
2024-01-31netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectationsPablo Neira Ayuso1-0/+24
2024-01-31netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting loggerPablo Neira Ayuso1-3/+4
2024-01-31netfilter: ipset: fix performance regression in swap operationJozsef Kadlecsik4-18/+61
2024-01-31netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_newXin Long1-1/+1
2024-01-31netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEVPablo Neira Ayuso2-5/+10
2024-01-31netfilter: conntrack: correct window scaling with retransmitted SYNRyan Schaefer1-4/+6
2024-01-29netfilter: xtables: allow xtables-nft only buildsFlorian Westphal1-6/+6
2024-01-29ipvs: Simplify the allocation of ip_vs_conn slab cachesKunwu Chan1-3/+1
2024-01-29netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create()Kunwu Chan1-6/+2
2024-01-29netfilter: nf_tables: pass flags to set backend selection routinePablo Neira Ayuso1-7/+2
2024-01-29netfilter: nf_tables: Implement table adoption supportPhil Sutter1-3/+16
2024-01-29netfilter: nf_tables: Introduce NFT_TABLE_F_PERSISTPhil Sutter1-0/+7
2024-01-26Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf...Jakub Kicinski1-1/+1
2024-01-24bpf: Take into account BPF token when fetching helper protosAndrii Nakryiko1-1/+1
2024-01-24netfilter: nf_tables: validate NFPROTO_* familyPablo Neira Ayuso8-2/+47
2024-01-24netfilter: nf_tables: reject QUEUE/DROP verdict parametersFlorian Westphal1-10/+6
2024-01-24netfilter: nf_tables: restrict anonymous set and map names to 16 bytesFlorian Westphal1-0/+4
2024-01-24netfilter: nft_limit: reject configurations that cause integer overflowFlorian Westphal1-7/+16
2024-01-24netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechainPablo Neira Ayuso1-2/+9
2024-01-17ipvs: avoid stat macros calls from preemptible contextFedor Pchelkin1-2/+2
2024-01-17netfilter: nf_tables: reject NFT_SET_CONCAT with not field length descriptionPablo Neira Ayuso1-1/+5
2024-01-17netfilter: nf_tables: skip dead set elements in netlink dumpPablo Neira Ayuso1-1/+1
2024-01-17netfilter: nf_tables: do not allow mismatch field size and set key lengthPablo Neira Ayuso1-1/+5
2024-01-17netfilter: nf_tables: check if catch-all set element is active in next genera...Pablo Neira Ayuso1-1/+1
2024-01-17netfilter: propagate net to nf_bridge_get_physindevPavel Tikhomirov4-12/+13
2024-01-17netfilter: nf_queue: remove excess nf_bridge variablePavel Tikhomirov1-3/+1
2024-01-17netfilter: nfnetlink_log: use proper helper for fetching physinifPavel Tikhomirov1-4/+4
2024-01-17netfilter: nft_limit: do not ignore unsupported flagsPablo Neira Ayuso1-7/+12
2024-01-17netfilter: nf_tables: bail out if stateful expression provides no .clonePablo Neira Ayuso1-8/+7
2024-01-17netfilter: nf_tables: validate .maxattr at expression registrationPablo Neira Ayuso1-0/+3
2024-01-17netfilter: nf_tables: reject invalid set policyPablo Neira Ayuso1-1/+9
2024-01-11Merge tag 'net-next-6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds5-36/+131
2024-01-10Merge tag 'header_cleanup-2024-01-10' of https://evilpiepirate.org/git/bcachefsLinus Torvalds4-0/+5
2024-01-10x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINEBreno Leitao4-7/+7
2024-01-04Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski4-4/+5
2024-01-03netfilter: nft_immediate: drop chain reference counter on errorPablo Neira Ayuso1-1/+1
2024-01-03netfilter: nf_nat: fix action not being set for all ct statesBrad Cowie1-1/+2
2023-12-27Kill sched.h dependency on rcupdate.hKent Overstreet4-0/+5
2023-12-22netfilter: nf_tables: validate chain type update if availablePablo Neira Ayuso1-1/+10
2023-12-22netfilter: ctnetlink: support filtering by zoneFelix Huettner1-4/+8
2023-12-22netfilter: nf_tables: mark newset as dead on transaction abortFlorian Westphal1-0/+1
2023-12-22netfilter: nft_set_pipapo: prefer gfp_kernel allocationFlorian Westphal1-1/+1
2023-12-22netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requestsPhil Sutter1-17/+81
2023-12-22netfilter: nf_tables: Introduce nft_set_dump_ctx_init()Phil Sutter1-16/+33
2023-12-22netfilter: nf_tables: Pass const set to nft_get_set_elemPhil Sutter1-3/+3
2023-12-20netfilter: nf_tables: skip set commit for deleted/destroyed setsPablo Neira Ayuso1-1/+1
2023-12-20netfilter: nf_tables: set transport offset from mac header for netdev/egressPablo Neira Ayuso1-1/+1
2023-12-19Revert BPF token-related functionalityAndrii Nakryiko1-1/+1
2023-12-18Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf...Jakub Kicinski1-1/+1
2023-12-11ipv6: annotate data-races around np->mcast_oifEric Dumazet1-1/+1
2023-12-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski7-19/+40
2023-12-06bpf: take into account BPF token when fetching helper protosAndrii Nakryiko1-1/+1
2023-12-06netfilter: xt_owner: Fix for unsafe access of sk->sk_socketPhil Sutter1-4/+12
2023-12-06netfilter: nf_tables: validate family when identifying table via handlePablo Neira Ayuso1-2/+3
2023-12-06netfilter: nf_tables: bail out on mismatching dynset and set expressionsPablo Neira Ayuso1-4/+9
2023-12-06netfilter: nf_tables: fix 'exist' matching on bigendian archesFlorian Westphal2-4/+8
2023-12-06netfilter: nft_set_pipapo: skip inactive elements during set walkFlorian Westphal1-0/+3
2023-12-06netfilter: bpf: fix bad registration on nf_defragD. Wythe1-5/+5
2023-11-29tcp: Don't pass cookie to __cookie_v[46]_check().Kuniyuki Iwashima1-2/+2
2023-11-14netfilter: nf_tables: split async and sync catchall in two functionsPablo Neira Ayuso1-25/+30
2023-11-14netfilter: ipset: fix race condition between swap/destroy and kernel side add...Jozsef Kadlecsik1-7/+7
2023-11-14netfilter: nf_tables: bogus ENOENT when destroying element which does not existPablo Neira Ayuso1-2/+3
2023-11-14netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()Dan Carpenter2-3/+4
2023-11-14netfilter: nft_set_rbtree: Remove unused variable nft_netYang Li1-2/+0
2023-11-08Merge tag 'nf-23-11-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netf...Jakub Kicinski27-7/+69
2023-11-08netfilter: nat: fix ipv6 nat redirect with mapped and scoped addressesFlorian Westphal1-1/+26
2023-11-08netfilter: xt_recent: fix (increase) ipv6 literal buffer lengthMaciej Żenczykowski1-1/+1
2023-11-08ipvs: add missing module descriptionsFlorian Westphal16-0/+16
2023-11-08netfilter: nf_tables: remove catchall element in GC sync pathPablo Neira Ayuso1-5/+17
2023-11-08netfilter: add missing module descriptionsFlorian Westphal9-0/+9
2023-11-01bpf: Add __bpf_kfunc_{start,end}_defs macrosDave Marchevsky2-8/+4
2023-10-30Merge tag 'ipsec-next-2023-10-28' of git://git.kernel.org/pub/scm/linux/kerne...Jakub Kicinski1-1/+1
2023-10-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-7/+7
2023-10-26Merge tag 'nf-next-23-10-25' of git://git.kernel.org/pub/scm/linux/kernel/git...Paolo Abeni8-438/+486
2023-10-25netfilter: flowtable: GC pushes back packets to classic pathPablo Neira Ayuso1-7/+7
2023-10-24netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctxPhil Sutter1-10/+8
2023-10-24netfilter: nf_tables: set->ops->insert returns opaque set element in case of ...Pablo Neira Ayuso5-23/+26
2023-10-24netfilter: nf_tables: shrink memory consumption of set elementsPablo Neira Ayuso5-151/+107
2023-10-24netfilter: nf_tables: expose opaque set element as struct nft_elem_privPablo Neira Ayuso7-108/+148
2023-10-24netfilter: nf_tables: set backend .flush always succeedsPablo Neira Ayuso5-22/+6
2023-10-24netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flushPablo Neira Ayuso1-2/+3
2023-10-24netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctxPhil Sutter1-6/+6
2023-10-24netfilter: nf_tables: nft_obj_filter fits into cb->ctxPhil Sutter1-11/+5
2023-10-24netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctxPhil Sutter1-4/+5
2023-10-24netfilter: nf_tables: A better name for nft_obj_filterPhil Sutter1-16/+16
2023-10-24netfilter: nf_tables: Unconditionally allocate nft_obj_filterPhil Sutter1-21/+15
2023-10-24netfilter: nf_tables: Drop pointless memset in nf_tables_dump_objPhil Sutter1-3/+0
2023-10-24netfilter: conntrack: switch connlabels to atomic_tFlorian Westphal1-9/+8
2023-10-24netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requestsPhil Sutter1-13/+64
2023-10-24netfilter: nf_tables: Introduce nf_tables_getrule_single()Phil Sutter1-31/+43
2023-10-24netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()Phil Sutter1-4/+15
2023-10-24netfilter: nft_set_rbtree: prefer sync gc to async workerFlorian Westphal1-59/+65
2023-10-24netfilter: nft_set_rbtree: rename gc deactivate+erase functionFlorian Westphal1-5/+6
2023-10-23tcp: introduce tcp_clock_ms()Eric Dumazet1-1/+1
2023-10-19Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski6-39/+40
2023-10-18netfilter: nf_tables: revert do not remove elements if set backend implements...Pablo Neira Ayuso1-4/+1
2023-10-18netfilter: nft_set_rbtree: .deactivate fails if element has expiredPablo Neira Ayuso1-0/+2
2023-10-18netfilter: nf_tables: audit log object reset once per tablePhil Sutter1-22/+28
2023-10-18netfilter: nf_tables: de-constify set commit ops function argumentFlorian Westphal1-4/+3
2023-10-18netfilter: make nftables drops visible in net dropmonitorFlorian Westphal2-4/+8
2023-10-18netfilter: nf_nat: mask out non-verdict bits when checking return valueFlorian Westphal1-2/+3
2023-10-18netfilter: conntrack: convert nf_conntrack_update to netfilter verdictsFlorian Westphal2-31/+42
2023-10-18netfilter: nf_tables: mask out non-verdict bits when checking return valueFlorian Westphal2-3/+7
2023-10-12netfilter: nft_payload: fix wrong mac header matchingFlorian Westphal1-1/+1
2023-10-12nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()Xingyuan Mo1-1/+1
2023-10-12nf_tables: fix NULL pointer dereference in nft_inner_init()Xingyuan Mo1-0/+1
2023-10-12netfilter: nf_tables: do not refresh timeout when resetting elementPablo Neira Ayuso1-13/+5
2023-10-12netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_byKees Cook1-1/+1
2023-10-12netfilter: nfnetlink_log: silence bogus compiler warningFlorian Westphal1-1/+1
2023-10-12netfilter: nf_tables: do not remove elements if set backend implements .abortPablo Neira Ayuso1-1/+4
2023-10-10netfilter: conntrack: prefer tcp_error_log to pr_debugFlorian Westphal1-3/+4
2023-10-10netfilter: conntrack: simplify nf_conntrack_alter_replyFlorian Westphal2-24/+1
2023-10-10netfilter: nf_tables: Don't allocate nft_rule_dump_ctxPhil Sutter1-13/+6
2023-10-10netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctxPhil Sutter1-4/+4
2023-10-10netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctxPhil Sutter1-10/+9
2023-10-10netfilter: nf_tables: Drop pointless memset when dumping rulesPhil Sutter1-4/+0
2023-10-10netfilter: nf_tables: Always allocate nft_rule_dump_ctxPhil Sutter1-27/+21
2023-10-06xfrm: pass struct net to xfrm_decode_session wrappersFlorian Westphal1-1/+1
2023-10-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski5-48/+106
2023-10-04Merge tag 'nf-next-23-09-28' of https://git.kernel.org/pub/scm/linux/kernel/g...Jakub Kicinski2-18/+89
2023-10-04netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failureFlorian Westphal1-17/+29
2023-10-04netfilter: nf_tables: Deduplicate nft_register_obj audit logsPhil Sutter1-16/+28
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-03 09:56:38 +0000