aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/nf_tables_api.c
AgeCommit message (Expand)AuthorFilesLines
2024-04-18netfilter: nf_tables: fix memleak in map from abort pathPablo Neira Ayuso1-2/+14
2024-04-17netfilter: nf_tables: restore set elements when delete set failsPablo Neira Ayuso1-4/+40
2024-04-11netfilter: nft_set_pipapo: walk over current view on netlink dumpPablo Neira Ayuso1-0/+6
2024-04-11netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()Ziyang Xuan1-2/+6
2024-04-11netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()Ziyang Xuan1-2/+6
2024-04-04netfilter: nf_tables: discard table flag update with pending basechain deletionPablo Neira Ayuso1-4/+5
2024-04-04netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()Ziyang Xuan1-2/+7
2024-04-04netfilter: nf_tables: reject new basechain after table flag updatePablo Neira Ayuso1-0/+3
2024-04-04netfilter: nf_tables: flush pending destroy work before exit_net releasePablo Neira Ayuso1-0/+1
2024-04-04netfilter: nf_tables: release mutex after nft_gc_seq_end from abort pathPablo Neira Ayuso1-5/+8
2024-04-04netfilter: nf_tables: release batch on table validation from abort pathPablo Neira Ayuso1-5/+10
2024-03-28netfilter: nf_tables: skip netdev hook unregistration if table is dormantPablo Neira Ayuso1-6/+10
2024-03-28netfilter: nf_tables: reject table flag and netdev basechain updatesPablo Neira Ayuso1-1/+30
2024-03-28netfilter: nf_tables: reject destroy command to remove basechain hooksPablo Neira Ayuso1-1/+2
2024-03-21netfilter: nf_tables: Fix a memory leak in nf_tables_updchainQuan Tian1-13/+14
2024-03-21netfilter: nf_tables: do not compare internal table flags on updatesPablo Neira Ayuso1-1/+1
2024-03-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-0/+7
2024-03-07netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeoutPablo Neira Ayuso1-0/+1
2024-03-07netfilter: nf_tables: reject constant set with timeoutPablo Neira Ayuso1-0/+3
2024-03-07netfilter: nf_tables: disallow anonymous set with timeout flagPablo Neira Ayuso1-0/+3
2024-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-39/+42
2024-02-22netfilter: nf_tables: use kzalloc for hook allocationFlorian Westphal1-1/+1
2024-02-22netfilter: nf_tables: register hooks last when adding new chain/flowtablePablo Neira Ayuso1-38/+40
2024-02-22netfilter: nf_tables: set dormant flag on hook register failureFlorian Westphal1-0/+1
2024-02-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+3
2024-02-08netfilter: nf_tables: use timestamp to check for set element timeoutPablo Neira Ayuso1-1/+3
2024-02-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-5/+9
2024-01-31netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEVPablo Neira Ayuso1-5/+9
2024-01-29netfilter: nf_tables: pass flags to set backend selection routinePablo Neira Ayuso1-7/+2
2024-01-29netfilter: nf_tables: Implement table adoption supportPhil Sutter1-3/+16
2024-01-29netfilter: nf_tables: Introduce NFT_TABLE_F_PERSISTPhil Sutter1-0/+7
2024-01-24netfilter: nf_tables: reject QUEUE/DROP verdict parametersFlorian Westphal1-10/+6
2024-01-24netfilter: nf_tables: restrict anonymous set and map names to 16 bytesFlorian Westphal1-0/+4
2024-01-17netfilter: nf_tables: reject NFT_SET_CONCAT with not field length descriptionPablo Neira Ayuso1-1/+5
2024-01-17netfilter: nf_tables: skip dead set elements in netlink dumpPablo Neira Ayuso1-1/+1
2024-01-17netfilter: nf_tables: do not allow mismatch field size and set key lengthPablo Neira Ayuso1-1/+5
2024-01-17netfilter: nf_tables: check if catch-all set element is active in next genera...Pablo Neira Ayuso1-1/+1
2024-01-17netfilter: nf_tables: bail out if stateful expression provides no .clonePablo Neira Ayuso1-8/+7
2024-01-17netfilter: nf_tables: validate .maxattr at expression registrationPablo Neira Ayuso1-0/+3
2024-01-17netfilter: nf_tables: reject invalid set policyPablo Neira Ayuso1-1/+9
2024-01-04Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+1
2023-12-22netfilter: nf_tables: validate chain type update if availablePablo Neira Ayuso1-1/+10
2023-12-22netfilter: nf_tables: mark newset as dead on transaction abortFlorian Westphal1-0/+1
2023-12-22netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requestsPhil Sutter1-17/+81
2023-12-22netfilter: nf_tables: Introduce nft_set_dump_ctx_init()Phil Sutter1-16/+33
2023-12-22netfilter: nf_tables: Pass const set to nft_get_set_elemPhil Sutter1-3/+3
2023-12-20netfilter: nf_tables: skip set commit for deleted/destroyed setsPablo Neira Ayuso1-1/+1
2023-12-06netfilter: nf_tables: validate family when identifying table via handlePablo Neira Ayuso1-2/+3
2023-11-14netfilter: nf_tables: split async and sync catchall in two functionsPablo Neira Ayuso1-25/+30
2023-11-14netfilter: nf_tables: bogus ENOENT when destroying element which does not existPablo Neira Ayuso1-2/+3
2023-11-08netfilter: nf_tables: remove catchall element in GC sync pathPablo Neira Ayuso1-5/+17
2023-11-08netfilter: add missing module descriptionsFlorian Westphal1-0/+1
2023-10-24netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctxPhil Sutter1-10/+8
2023-10-24netfilter: nf_tables: set->ops->insert returns opaque set element in case of ...Pablo Neira Ayuso1-7/+10
2023-10-24netfilter: nf_tables: shrink memory consumption of set elementsPablo Neira Ayuso1-91/+75
2023-10-24netfilter: nf_tables: expose opaque set element as struct nft_elem_privPablo Neira Ayuso1-12/+15
2023-10-24netfilter: nf_tables: set backend .flush always succeedsPablo Neira Ayuso1-8/+1
2023-10-24netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctxPhil Sutter1-6/+6
2023-10-24netfilter: nf_tables: nft_obj_filter fits into cb->ctxPhil Sutter1-11/+5
2023-10-24netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctxPhil Sutter1-4/+5
2023-10-24netfilter: nf_tables: A better name for nft_obj_filterPhil Sutter1-16/+16
2023-10-24netfilter: nf_tables: Unconditionally allocate nft_obj_filterPhil Sutter1-21/+15
2023-10-24netfilter: nf_tables: Drop pointless memset in nf_tables_dump_objPhil Sutter1-3/+0
2023-10-24netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requestsPhil Sutter1-13/+64
2023-10-24netfilter: nf_tables: Introduce nf_tables_getrule_single()Phil Sutter1-31/+43
2023-10-24netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()Phil Sutter1-4/+15
2023-10-19Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-36/+34
2023-10-18netfilter: nf_tables: revert do not remove elements if set backend implements...Pablo Neira Ayuso1-4/+1
2023-10-18netfilter: nf_tables: audit log object reset once per tablePhil Sutter1-22/+28
2023-10-12nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()Xingyuan Mo1-1/+1
2023-10-12netfilter: nf_tables: do not refresh timeout when resetting elementPablo Neira Ayuso1-13/+5
2023-10-12netfilter: nf_tables: do not remove elements if set backend implements .abortPablo Neira Ayuso1-1/+4
2023-10-10netfilter: nf_tables: Don't allocate nft_rule_dump_ctxPhil Sutter1-13/+6
2023-10-10netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctxPhil Sutter1-4/+4
2023-10-10netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctxPhil Sutter1-10/+9
2023-10-10netfilter: nf_tables: Drop pointless memset when dumping rulesPhil Sutter1-4/+0
2023-10-10netfilter: nf_tables: Always allocate nft_rule_dump_ctxPhil Sutter1-27/+21
2023-10-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-16/+28
2023-10-04netfilter: nf_tables: Deduplicate nft_register_obj audit logsPhil Sutter1-16/+28
2023-09-28netfilter: nf_tables: Utilize NLA_POLICY_NESTED_ARRAYPhil Sutter1-9/+9
2023-09-28netfilter: nf_tables: missing extended netlink error in lookup functionsPablo Neira Ayuso1-6/+19
2023-09-20netfilter: nf_tables: fix memleak when more than 255 elements expiredFlorian Westphal1-2/+8
2023-09-20netfilter: nf_tables: disable toggling dormant table state more than onceFlorian Westphal1-0/+4
2023-09-13netfilter: nf_tables: Fix entries val in rule reset audit logPhil Sutter1-6/+10
2023-09-11netfilter: nf_tables: disallow element removal on anonymous setsPablo Neira Ayuso1-4/+5
2023-09-08netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GCPablo Neira Ayuso1-3/+19
2023-09-08netfilter: nf_tables: disallow rule removal from chain bindingPablo Neira Ayuso1-5/+13
2023-09-06netfilter: nf_tables: Unbreak audit log resetPablo Neira Ayuso1-5/+6
2023-08-31netfilter: nf_tables: Audit log rule resetPhil Sutter1-0/+18
2023-08-31netfilter: nf_tables: Audit log setelem resetPhil Sutter1-3/+28
2023-08-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-8/+15
2023-08-23netfilter: nf_tables: use correct lock to protect gc_listPablo Neira Ayuso1-2/+2
2023-08-23netfilter: nf_tables: GC transaction race with abort pathPablo Neira Ayuso1-1/+5
2023-08-23netfilter: nf_tables: flush pending destroy work before netlink notifierPablo Neira Ayuso1-1/+1
2023-08-23netfilter: nf_tables: validate all pending tablesFlorian Westphal1-4/+7
2023-08-22netfilter: nf_tables: allow loop termination for pending fatal signalFlorian Westphal1-0/+6
2023-08-16netfilter: nf_tables: GC transaction race with netns dismantlePablo Neira Ayuso1-1/+6
2023-08-16netfilter: nf_tables: fix GC transaction races with netns and netlink event e...Pablo Neira Ayuso1-4/+32
2023-08-16netfilter: nf_tables: deactivate catchall elements in next generationFlorian Westphal1-0/+1
2023-08-10netfilter: nf_tables: remove busy mark and gc batch APIPablo Neira Ayuso1-47/+1
2023-08-10netfilter: nf_tables: adapt set backend to use GC transaction APIPablo Neira Ayuso1-5/+2
2023-08-10netfilter: nf_tables: GC transaction API to avoid race with control planePablo Neira Ayuso1-11/+237
2023-08-09netfilter: nf_tables: don't skip expired elements during walkFlorian Westphal1-0/+4
2023-07-26netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHA...Pablo Neira Ayuso1-2/+3
2023-07-20netfilter: nf_tables: skip bound chain on rule flushPablo Neira Ayuso1-0/+2
2023-07-20netfilter: nf_tables: skip bound chain in netns release pathPablo Neira Ayuso1-0/+3
2023-07-20netfilter: nf_tables: can't schedule in nft_chain_validateFlorian Westphal1-2/+2
2023-07-20netfilter: nf_tables: fix spurious set element insertion failureFlorian Westphal1-0/+3
2023-07-05netfilter: nf_tables: do not ignore genmask when looking up chain by idThadeu Lima de Souza Cascardo1-4/+7
2023-07-05netfilter: nf_tables: report use refcount overflowPablo Neira Ayuso1-62/+101
2023-06-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+5
2023-06-26Merge tag 'nf-next-23-06-26' of git://git.kernel.org/pub/scm/linux/kernel/git...Jakub Kicinski1-20/+52
2023-06-26netfilter: nf_tables: fix underflow in chain reference counterPablo Neira Ayuso1-1/+3
2023-06-26netfilter: nf_tables: unbind non-anonymous set if rule construction failsPablo Neira Ayuso1-0/+2
2023-06-26netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESETPhil Sutter1-20/+48
2023-06-26netfilter: nf_tables: permit update of set sizeFlorian Westphal1-0/+4
2023-06-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-71/+295
2023-06-20netfilter: nf_tables: Fix for deleting base chains with payloadPhil Sutter1-7/+9
2023-06-20netfilter: nf_tables: drop module reference after updating chainPablo Neira Ayuso1-0/+2
2023-06-20netfilter: nf_tables: disallow timeout for anonymous setsPablo Neira Ayuso1-0/+7
2023-06-20netfilter: nf_tables: disallow updates of anonymous setsPablo Neira Ayuso1-0/+3
2023-06-20netfilter: nf_tables: reject unbound chain set before commit phasePablo Neira Ayuso1-0/+13
2023-06-20netfilter: nf_tables: reject unbound anonymous set before commit phasePablo Neira Ayuso1-3/+32
2023-06-20netfilter: nf_tables: disallow element updates of bound anonymous setsPablo Neira Ayuso1-2/+5
2023-06-20netfilter: nf_tables: fix underflow in object reference counterPablo Neira Ayuso1-8/+5
2023-06-20netfilter: nf_tables: drop map element references from preparation phasePablo Neira Ayuso1-17/+130
2023-06-20netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chainPablo Neira Ayuso1-7/+38
2023-06-20netfilter: nf_tables: fix chain binding transaction logicPablo Neira Ayuso1-31/+55
2023-06-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+58
2023-06-08netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULEPablo Neira Ayuso1-1/+2
2023-06-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+3
2023-06-08netfilter: nf_tables: integrate pipapo into commit protocolPablo Neira Ayuso1-0/+56
2023-06-07netfilter: nf_tables: out-of-bound check in chain blobPablo Neira Ayuso1-1/+1
2023-06-07netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_...Gavrilov Ilia1-0/+2
2023-05-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-3/+1
2023-05-18netfilter: nf_tables: always increment set element countFlorian Westphal1-4/+7
2023-05-17netfilter: nf_tables: fix nft_trans type confusionFlorian Westphal1-3/+1
2023-05-03netfilter: nf_tables: deactivate anonymous set from preparation phasePablo Neira Ayuso1-0/+12
2023-05-03netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with mi...Pablo Neira Ayuso1-12/+17
2023-04-22netfilter: nf_tables: allow to create netdev chain without devicePablo Neira Ayuso1-12/+11
2023-04-22netfilter: nf_tables: support for deleting devices in an existing netdev chainPablo Neira Ayuso1-11/+88
2023-04-22netfilter: nf_tables: support for adding new devices to an existing netdev chainPablo Neira Ayuso1-81/+136
2023-04-22netfilter: nf_tables: rename function to destroy hook listPablo Neira Ayuso1-4/+4
2023-04-22netfilter: nf_tables: do not send complete notification of deletionsPablo Neira Ayuso1-19/+51
2023-04-22netfilter: nf_tables: extended netlink error reporting for netdevicePablo Neira Ayuso1-14/+24
2023-04-22netfilter: nf_tables: make validation state per tableFlorian Westphal1-20/+18
2023-04-22netfilter: nf_tables: don't write table validation state without mutexFlorian Westphal1-6/+2
2023-04-22netfilter: nf_tables: don't store chain address on jumpFlorian Westphal1-7/+0
2023-04-22netfilter: nf_tables: merge nft_rules_old structure and end of ruleblob markerFlorian Westphal1-28/+27
2023-04-18netfilter: nf_tables: tighten netlink attribute requirements for catch-all el...Pablo Neira Ayuso1-1/+2
2023-04-18netfilter: nf_tables: validate catch-all set elementsPablo Neira Ayuso1-6/+58
2023-04-06netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNTChen Aotian1-1/+1
2023-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nfJakub Kicinski1-1/+1
2023-02-09netfilter: nf_tables: allow to fetch set elements when table has an ownerPablo Neira Ayuso1-1/+1
2023-02-01netfilter: nf_tables: fix wrong pointer passed to PTR_ERR()Yang Yingliang1-1/+1
2023-02-01netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()Alok Tiwari1-0/+3
2023-01-18netfilter: nf_tables: add support to destroy operationFernando Fernandez Mancera1-8/+103
2022-12-22netfilter: nf_tables: honor set timeout and garbage collection updatesPablo Neira Ayuso1-18/+45
2022-12-21netfilter: nf_tables: perform type checking for existing setsPablo Neira Ayuso1-1/+35
2022-12-21netfilter: nf_tables: add function to create set stateful expressionsPablo Neira Ayuso1-38/+68
2022-12-21netfilter: nf_tables: consolidate set descriptionPablo Neira Ayuso1-30/+28
2022-12-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextJakub Kicinski1-2/+2
2022-11-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-2/+4
2022-11-22netfilter: nft_inner: fix IS_ERR() vs NULL checkDan Carpenter1-2/+2
2022-11-18netfilter: nf_tables: do not set up extensions for end intervalPablo Neira Ayuso1-2/+4
2022-11-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextJakub Kicinski1-16/+33
2022-11-15netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESETPhil Sutter1-16/+33
2022-11-15netfilter: nf_tables: Extend nft_expr_ops::dump callback parametersPhil Sutter1-1/+1
2022-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+2
2022-11-08netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()Shigeru Yoshida1-1/+2
2022-11-03Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-3/+5
2022-11-01netfilter: nf_tables: release flow rule object from commit pathPablo Neira Ayuso1-3/+3
2022-11-01netfilter: nf_tables: netlink notifier might race to release objectsPablo Neira Ayuso1-0/+2
2022-10-28net: Remove the obsolte u64_stats_fetch_*_irq() users (net).Thomas Gleixner1-2/+2
2022-10-25netfilter: nft_inner: support for inner tunnel header matchingPablo Neira Ayuso1-0/+37
2022-10-19netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirementsPablo Neira Ayuso1-2/+3
2022-09-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-4/+4
2022-09-20netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()Tetsuo Handa1-0/+1
2022-09-20netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()Tetsuo Handa1-4/+3
2022-09-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextDavid S. Miller1-1/+1
2022-09-07netfilter: move from strlcpy with unused retval to strscpyWolfram Sang1-1/+1
2022-08-31netfilter: nf_tables: clean up hook list when offload flags check failsPablo Neira Ayuso1-1/+3
2022-08-24netfilter: nf_tables: disallow binding to already bound chainPablo Neira Ayuso1-0/+2
2022-08-24netfilter: nf_tables: do not leave chain stats enabled on errorPablo Neira Ayuso1-2/+4
2022-08-24netfilter: nf_tables: make table handle allocation per-netns friendlyPablo Neira Ayuso1-2/+1
2022-08-24netfilter: nf_tables: disallow updates of implicit chainPablo Neira Ayuso1-0/+3
2022-08-15netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specifiedPablo Neira Ayuso1-0/+5
2022-08-15netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVA...Pablo Neira Ayuso1-0/+3
2022-08-15netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flagsPablo Neira Ayuso1-0/+24
2022-08-12netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flagPablo Neira Ayuso1-4/+9
2022-08-11netfilter: nf_tables: really skip inactive sets when allocating namePablo Neira Ayuso1-1/+1
2022-08-11netfilter: nf_tables: fix scheduling-while-atomic splatFlorian Westphal1-4/+0
2022-08-10netfilter: nf_tables: possible module reference underflow in error pathPablo Neira Ayuso1-1/+1
2022-08-10netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERV...Pablo Neira Ayuso1-0/+1
2022-08-10netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id a...Pablo Neira Ayuso1-7/+13
2022-08-09netfilter: nf_tables: fix null deref due to zeroed list headFlorian Westphal1-0/+1
2022-08-09netfilter: nf_tables: disallow jump to implicit chain from set elementPablo Neira Ayuso1-0/+4
2022-08-09netfilter: nf_tables: upfront validation of data via nft_data_init()Pablo Neira Ayuso1-38/+40
2022-08-09netfilter: nf_tables: do not allow RULE_ID to refer to another chainThadeu Lima de Souza Cascardo1-2/+5
2022-08-09netfilter: nf_tables: do not allow CHAIN_ID to refer to another tableThadeu Lima de Souza Cascardo1-2/+4
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-03 10:39:19 +0000