aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
2023-10-18netfilter: nf_tables: revert do not remove elements if set backend implements...Pablo Neira Ayuso1-4/+1
2023-10-18netfilter: nft_set_rbtree: .deactivate fails if element has expiredPablo Neira Ayuso1-0/+2
2023-10-18netfilter: nf_tables: audit log object reset once per tablePhil Sutter1-22/+28
2023-10-18netfilter: nf_tables: de-constify set commit ops function argumentFlorian Westphal1-4/+3
2023-10-18netfilter: make nftables drops visible in net dropmonitorFlorian Westphal2-4/+8
2023-10-18netfilter: nf_nat: mask out non-verdict bits when checking return valueFlorian Westphal1-2/+3
2023-10-18netfilter: conntrack: convert nf_conntrack_update to netfilter verdictsFlorian Westphal2-31/+42
2023-10-18netfilter: nf_tables: mask out non-verdict bits when checking return valueFlorian Westphal2-3/+7
2023-10-12netfilter: nft_payload: fix wrong mac header matchingFlorian Westphal1-1/+1
2023-10-12nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()Xingyuan Mo1-1/+1
2023-10-12nf_tables: fix NULL pointer dereference in nft_inner_init()Xingyuan Mo1-0/+1
2023-10-12netfilter: nf_tables: do not refresh timeout when resetting elementPablo Neira Ayuso1-13/+5
2023-10-12netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_byKees Cook1-1/+1
2023-10-12netfilter: nfnetlink_log: silence bogus compiler warningFlorian Westphal1-1/+1
2023-10-12netfilter: nf_tables: do not remove elements if set backend implements .abortPablo Neira Ayuso1-1/+4
2023-10-10netfilter: conntrack: prefer tcp_error_log to pr_debugFlorian Westphal1-3/+4
2023-10-10netfilter: conntrack: simplify nf_conntrack_alter_replyFlorian Westphal2-24/+1
2023-10-10netfilter: nf_tables: Don't allocate nft_rule_dump_ctxPhil Sutter1-13/+6
2023-10-10netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctxPhil Sutter1-4/+4
2023-10-10netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctxPhil Sutter1-10/+9
2023-10-10netfilter: nf_tables: Drop pointless memset when dumping rulesPhil Sutter1-4/+0
2023-10-10netfilter: nf_tables: Always allocate nft_rule_dump_ctxPhil Sutter1-27/+21
2023-10-06xfrm: pass struct net to xfrm_decode_session wrappersFlorian Westphal1-1/+1
2023-10-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski5-48/+106
2023-10-04Merge tag 'nf-next-23-09-28' of https://git.kernel.org/pub/scm/linux/kernel/g...Jakub Kicinski2-18/+89
2023-10-04netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failureFlorian Westphal1-17/+29
2023-10-04netfilter: nf_tables: Deduplicate nft_register_obj audit logsPhil Sutter1-16/+28
2023-10-04netfilter: handle the connecting collision properly in nf_conntrack_proto_sctpXin Long1-10/+33
2023-10-04netfilter: nft_payload: rebuild vlan header on h_proto accessFlorian Westphal1-1/+12
2023-10-01inet: implement lockless IP_MTU_DISCOVEREric Dumazet1-1/+1
2023-10-01inet: implement lockless IP_MULTICAST_TTLEric Dumazet1-1/+1
2023-10-01net: prevent address rewrite in kernel_bind()Jordan Rife1-2/+2
2023-10-01net: replace calls to sock->ops->connect() with kernel_connect()Jordan Rife1-2/+2
2023-09-28netfilter: nf_tables: Utilize NLA_POLICY_NESTED_ARRAYPhil Sutter1-9/+9
2023-09-28netfilter: nf_tables: missing extended netlink error in lookup functionsPablo Neira Ayuso1-6/+19
2023-09-28netfilter: nf_nat: undo erroneous tcp edemux lookup after port clashFlorian Westphal1-3/+61
2023-09-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netPaolo Abeni7-38/+82
2023-09-20netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAPJozsef Kadlecsik1-2/+10
2023-09-20netfilter: nf_tables: fix memleak when more than 255 elements expiredFlorian Westphal1-2/+8
2023-09-20netfilter: nf_tables: disable toggling dormant table state more than onceFlorian Westphal1-0/+4
2023-09-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller1-0/+2
2023-09-15netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry()Ilya Leoshkevich1-0/+2
2023-09-15Merge tag 'nf-23-09-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netf...David S. Miller5-34/+58
2023-09-15ipv6: lockless IPV6_MTU_DISCOVER implementationEric Dumazet1-1/+1
2023-09-15ipv6: lockless IPV6_MULTICAST_HOPS implementationEric Dumazet1-1/+1
2023-09-15ipv6: lockless IPV6_MULTICAST_LOOP implementationEric Dumazet1-6/+2
2023-09-13netfilter: nf_tables: Fix entries val in rule reset audit logPhil Sutter1-6/+10
2023-09-13netfilter: conntrack: fix extension size tableFlorian Westphal1-2/+2
2023-09-11netfilter: nf_tables: disallow element removal on anonymous setsPablo Neira Ayuso1-4/+5
2023-09-07Merge tag 'net-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netd...Linus Torvalds7-27/+109
2023-09-08netfilter: nft_set_hash: try later when GC hits EAGAIN on iterationPablo Neira Ayuso1-6/+3
2023-09-08netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation failsPablo Neira Ayuso1-1/+1
2023-09-08netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GCPablo Neira Ayuso4-6/+22
2023-09-08netfilter: nft_set_rbtree: use read spinlock to avoid datapath contentionPablo Neira Ayuso1-4/+2
2023-09-08netfilter: nf_tables: disallow rule removal from chain bindingPablo Neira Ayuso1-5/+13
2023-09-06netfilter: nf_tables: Unbreak audit log resetPablo Neira Ayuso1-5/+6
2023-09-06netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash...Kyle Zeng1-0/+1
2023-09-06netfilter: nft_set_rbtree: skip sync GC for new elements in this transactionPablo Neira Ayuso1-2/+6
2023-09-06netfilter: nfnetlink_osf: avoid OOB readWander Lairson Costa1-0/+8
2023-09-06netfilter: nftables: exthdr: fix 4-byte stack OOB writeFlorian Westphal1-8/+14
2023-08-31netfilter: nf_tables: Audit log rule resetPhil Sutter1-0/+18
2023-08-31netfilter: nf_tables: Audit log setelem resetPhil Sutter1-3/+28
2023-08-30netfilter: xt_u32: validate user space inputWander Lairson Costa1-0/+21
2023-08-30netfilter: xt_sctp: validate the flag_info countWander Lairson Costa1-0/+2
2023-08-30netfilter: nft_exthdr: Fix non-linear header modificationXiao Liang1-12/+8
2023-08-29Merge tag 'sysctl-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/m...Linus Torvalds5-12/+27
2023-08-29Merge tag 'mm-stable-2023-08-28-18-26' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-3/+3
2023-08-24minmax: add in_range() macroMatthew Wilcox (Oracle)1-3/+3
2023-08-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski4-11/+31
2023-08-23netfilter: nf_tables: defer gc run if previous batch is still pendingFlorian Westphal2-0/+6
2023-08-23netfilter: nf_tables: fix out of memory error handlingFlorian Westphal1-3/+10
2023-08-23netfilter: nf_tables: use correct lock to protect gc_listPablo Neira Ayuso1-2/+2
2023-08-23netfilter: nf_tables: GC transaction race with abort pathPablo Neira Ayuso1-1/+5
2023-08-23netfilter: nf_tables: flush pending destroy work before netlink notifierPablo Neira Ayuso1-1/+1
2023-08-23netfilter: nf_tables: validate all pending tablesFlorian Westphal1-4/+7
2023-08-22netfilter: nf_tables: allow loop termination for pending fatal signalFlorian Westphal1-0/+6
2023-08-22netfilter: xtables: refactor deprecated strncpyJustin Stitt1-1/+1
2023-08-22netfilter: x_tables: refactor deprecated strncpyJustin Stitt1-3/+2
2023-08-22netfilter: nft_meta: refactor deprecated strncpyJustin Stitt1-3/+3
2023-08-22netfilter: nft_osf: refactor deprecated strncpyJustin Stitt1-3/+3
2023-08-22netfilter: nf_tables: refactor deprecated strncpyJustin Stitt1-1/+1
2023-08-22netfilter: nf_tables: refactor deprecated strncpyJustin Stitt1-1/+1
2023-08-22netfilter: ipset: refactor deprecated strncpyJustin Stitt1-5/+5
2023-08-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski5-29/+66
2023-08-16inet: move inet->nodefrag to inet->inet_flagsEric Dumazet1-2/+2
2023-08-16inet: move inet->mc_loop to inet->inet_fragsEric Dumazet1-3/+1
2023-08-15netfilter: Update to register_net_sysctl_szJoel Granados5-12/+27
2023-08-16netfilter: nft_dynset: disallow object mapsPablo Neira Ayuso1-0/+3
2023-08-16netfilter: nf_tables: GC transaction race with netns dismantlePablo Neira Ayuso1-1/+6
2023-08-16netfilter: nf_tables: fix GC transaction races with netns and netlink event e...Pablo Neira Ayuso1-4/+32
2023-08-16ipvs: fix racy memcpy in proc_do_sync_thresholdSishuai Gong1-0/+4
2023-08-16netfilter: set default timeout to 3 secs for sctp shutdown send and recv stateXin Long1-3/+3
2023-08-16netfilter: nf_tables: don't fail inserts if duplicate has expiredFlorian Westphal1-19/+4
2023-08-16netfilter: nf_tables: deactivate catchall elements in next generationFlorian Westphal1-0/+1
2023-08-16netfilter: nf_tables: fix kdoc warnings after gc reworkFlorian Westphal1-1/+1
2023-08-16netfilter: nf_tables: fix false-positive lockdep splatFlorian Westphal1-1/+12
2023-08-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski4-173/+431
2023-08-10netfilter: nf_tables: remove busy mark and gc batch APIPablo Neira Ayuso1-47/+1
2023-08-10netfilter: nft_set_hash: mark set element as dead when deleting from packet pathPablo Neira Ayuso1-2/+4
2023-08-10netfilter: nf_tables: adapt set backend to use GC transaction APIPablo Neira Ayuso4-103/+173
2023-08-10netfilter: nf_tables: GC transaction API to avoid race with control planePablo Neira Ayuso1-11/+237
2023-08-09netfilter: nf_tables: don't skip expired elements during walkFlorian Westphal4-10/+16
2023-08-08netfilter: nfnetlink_log: always add a timestampMaciej Żenczykowski1-4/+2
2023-08-03Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf...Jakub Kicinski3-15/+117
2023-08-03Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-3/+3
2023-08-03net: invert the netdevice.h vs xdp.h dependencyJakub Kicinski1-0/+1
2023-07-31netfilter: bpf: Only define get_proto_defrag_hook() if necessaryDaniel Xu1-0/+2
2023-07-31net: flow_dissector: Use 64bits for used_keysRatheesh Kannoth3-18/+19
2023-07-29net: annotate data-races around sk->sk_markEric Dumazet2-3/+3
2023-07-28netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter linkDaniel Xu1-15/+108
2023-07-28netfilter: defrag: Add glue hooks for enabling/disabling defragDaniel Xu1-0/+6
2023-07-27Merge tag 'nf-next-23-07-27' of https://git.kernel.org/pub/scm/linux/kernel/g...Jakub Kicinski7-31/+22
2023-07-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-17/+35
2023-07-27netfilter: conntrack: validate cta_ip via parsingLin Ma1-6/+2
2023-07-27netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag optionsFlorian Westphal5-25/+18
2023-07-27nf_conntrack: fix -Wunused-const-variable=Zhu Wang1-0/+2
2023-07-26netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHA...Pablo Neira Ayuso1-2/+3
2023-07-26netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERRORPablo Neira Ayuso1-9/+18
2023-07-26netfilter: nft_set_rbtree: fix overlap expiration walkFlorian Westphal1-6/+14
2023-07-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-3/+15
2023-07-20netfilter: nf_tables: skip bound chain on rule flushPablo Neira Ayuso1-0/+2
2023-07-20netfilter: nf_tables: skip bound chain in netns release pathPablo Neira Ayuso1-0/+3
2023-07-20netfilter: nft_set_pipapo: fix improper element removalFlorian Westphal1-1/+5
2023-07-20netfilter: nf_tables: can't schedule in nft_chain_validateFlorian Westphal1-2/+2
2023-07-20netfilter: nf_tables: fix spurious set element insertion failureFlorian Westphal1-0/+3
2023-07-20netfilter: allow exp not to be removed in nf_ct_find_expectationXin Long3-3/+5
2023-07-06Merge tag 'nf-23-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/netf...Paolo Abeni8-96/+148
2023-07-06netfilter: nf_tables: prevent OOB access in nft_byteorder_evalThadeu Lima de Souza Cascardo1-7/+7
2023-07-05netfilter: nf_tables: do not ignore genmask when looking up chain by idThadeu Lima de Souza Cascardo1-4/+7
2023-07-05netfilter: conntrack: don't fold port numbers into addresses before hashingFlorian Westphal1-13/+7
2023-07-05netfilter: conntrack: Avoid nf_ct_helper_hash uses after freeFlorent Revest1-0/+4
2023-07-05netfilter: conntrack: gre: don't set assured flag for clash entriesFlorian Westphal1-1/+9
2023-07-05netfilter: nf_tables: report use refcount overflowPablo Neira Ayuso4-71/+114
2023-07-03Merge tag 'leds-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/le...Linus Torvalds1-2/+1
2023-06-28Merge tag 'net-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds31-201/+543
2023-06-27Merge tag 'hardening-v6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-5/+5
2023-06-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-5/+55
2023-06-26Merge tag 'nf-next-23-06-26' of git://git.kernel.org/pub/scm/linux/kernel/git...Jakub Kicinski21-70/+194
2023-06-26netfilter: nf_tables: fix underflow in chain reference counterPablo Neira Ayuso1-1/+3
2023-06-26netfilter: nf_tables: unbind non-anonymous set if rule construction failsPablo Neira Ayuso1-0/+2
2023-06-26netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return va...Ilia.Gavrilov1-1/+1
2023-06-26netfilter: conntrack: dccp: copy entire header to stack buffer, not just basi...Florian Westphal1-3/+49
2023-06-26netfilter: nf_tables: limit allowed range via nla_policyFlorian Westphal15-21/+21
2023-06-26netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESETPhil Sutter1-20/+48
2023-06-26netfilter: snat: evict closing tcp entries on reply tuple collisionFlorian Westphal1-4/+88
2023-06-26netfilter: nf_tables: permit update of set sizeFlorian Westphal1-0/+4
2023-06-26netfilter: ipset: remove rcu_read_lock_bh pair from ip_set_testFlorian Westphal1-2/+0
2023-06-26netfilter: nft_payload: rebuild vlan header when neededPablo Neira Ayuso1-1/+2
2023-06-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski9-96/+417
2023-06-20netfilter: nf_tables: Fix for deleting base chains with payloadPhil Sutter1-7/+9
2023-06-20netfilter: nfnetlink_osf: fix module autoloadPablo Neira Ayuso2-1/+1
2023-06-20netfilter: nf_tables: drop module reference after updating chainPablo Neira Ayuso1-0/+2
2023-06-20netfilter: nf_tables: disallow timeout for anonymous setsPablo Neira Ayuso1-0/+7
2023-06-20netfilter: nf_tables: disallow updates of anonymous setsPablo Neira Ayuso1-0/+3
2023-06-20netfilter: nf_tables: reject unbound chain set before commit phasePablo Neira Ayuso1-0/+13
2023-06-20netfilter: nf_tables: reject unbound anonymous set before commit phasePablo Neira Ayuso1-3/+32
2023-06-20netfilter: nf_tables: disallow element updates of bound anonymous setsPablo Neira Ayuso1-2/+5
2023-06-20netfilter: nf_tables: fix underflow in object reference counterPablo Neira Ayuso1-8/+5
2023-06-20netfilter: nft_set_pipapo: .walk does not deal with generationsPablo Neira Ayuso1-1/+5
2023-06-20netfilter: nf_tables: drop map element references from preparation phasePablo Neira Ayuso5-31/+163
2023-06-20netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chainPablo Neira Ayuso2-7/+41
2023-06-20netfilter: nf_tables: fix chain binding transaction logicPablo Neira Ayuso2-40/+133
2023-06-20netfilter: ipset: Replace strlcpy with strscpyAzeem Shaikh1-5/+5
2023-06-19ipvs: align inner_mac_header for encapsulationTerin Stock1-0/+2
2023-06-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski5-22/+112
2023-06-14net/sched: act_ct: Fix promotion of offloaded unreplied tuplePaul Blakey2-5/+12
2023-06-10net: move gso declarations and functions to their own filesEric Dumazet2-0/+2
2023-06-08netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULEPablo Neira Ayuso1-1/+2
2023-06-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski4-2/+15
2023-06-08netfilter: nfnetlink: skip error delivery on batch in case of ENOMEMPablo Neira Ayuso1-1/+2
2023-06-08netfilter: nf_tables: integrate pipapo into commit protocolPablo Neira Ayuso2-15/+96
2023-06-07netfilter: nf_tables: out-of-bound check in chain blobPablo Neira Ayuso1-1/+1
2023-06-07netfilter: ipset: Add schedule point in call_ad().Kuniyuki Iwashima1-0/+8
2023-06-07netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelperTijs Van Buggenhout1-0/+3
2023-06-07netfilter: nft_bitwise: fix register trackingJeremy Sowden1-1/+1
2023-06-07netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_...Gavrilov Ilia1-0/+2
2023-06-02ipv4: Drop tos parameter from flowi4_update_output()Guillaume Nault1-2/+2
2023-06-01ipvs: dynamically limit the connection hash tableJulian Anastasov1-9/+17
2023-06-01ipvs: increase ip_vs_conn_tab_bits range for 64BITAbhijeet Rastogi2-15/+16
2023-05-25leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-valueHans de Goede1-2/+1
2023-05-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-10/+18
2023-05-18netfilter: flowtable: split IPv6 datapath in helper functionsPablo Neira Ayuso1-41/+71
2023-05-18netfilter: flowtable: split IPv4 datapath in helper functionsPablo Neira Ayuso1-42/+77
2023-05-18netfilter: flowtable: simplify route logicPablo Neira Ayuso2-25/+11
2023-05-18netfilter: conntrack: allow insertion clash of gre protocolFaicker Mo1-0/+1
2023-05-18netfilter: nft_set_pipapo: Use struct_size()Christophe JAILLET1-4/+2
2023-05-18netfilter: nft_exthdr: add boolean DCCP option matchingJeremy Sowden1-0/+106
2023-05-18netfilter: nf_tables: always increment set element countFlorian Westphal1-4/+7
2023-05-18netfilter: nf_tables: relax set/map validation checksFlorian Westphal1-8/+15
2023-05-17netfilter: nft_set_rbtree: fix null deref on element insertionFlorian Westphal1-7/+13
2023-05-17netfilter: nf_tables: fix nft_trans type confusionFlorian Westphal1-3/+1
2023-05-17netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with C...Tom Rix1-0/+4
2023-05-10netfilter: conntrack: fix possible bug_on with enable_hooks=1Florian Westphal2-3/+6
2023-05-10netfilter: nf_tables: always release netdev hooks from notifierFlorian Westphal1-3/+6
2023-05-05Merge tag 'net-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netd...Linus Torvalds5-19/+42
2023-05-03netfilter: nf_tables: fix ct untracked match breakageFlorian Westphal1-4/+10
2023-05-03netfilter: nf_tables: deactivate anonymous set from preparation phasePablo Neira Ayuso4-3/+15
2023-05-03netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with mi...Pablo Neira Ayuso1-12/+17
2023-04-27Merge tag 'driver-core-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2023-04-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netPaolo Abeni3-5/+13
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-21 04:15:42 +0000