aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
2016-11-24netfilter: nft_range: add the missing NULL pointer checkLiping Zhang1-0/+6
2016-11-24netfilter: nf_tables: fix inconsistent element expiration calculationAnders K. Pedersen1-5/+9
2016-11-24netfilter: nat: switch to new rhlist interfaceFlorian Westphal1-16/+24
2016-11-24netfilter: nat: fix cmp return valueFlorian Westphal1-3/+6
2016-11-24netfilter: nft_hash: validate maximum value of u32 netlink hash attributeLaura Garcia Liebana1-2/+5
2016-11-08netfilter: nf_tables: fix oops when inserting an element into a verdict mapLiping Zhang1-0/+1
2016-11-08netfilter: conntrack: refine gc worker heuristicsFlorian Westphal1-8/+41
2016-11-08netfilter: conntrack: fix CT target for UNSPEC helpersFlorian Westphal1-3/+8
2016-11-08netfilter: connmark: ignore skbs with magic untracked conntrack objectsFlorian Westphal1-2/+2
2016-11-08ipvs: use IPVS_CMD_ATTR_MAX for family.maxattrWANG Cong1-1/+1
2016-10-31netfilter: nf_tables: destroy the set if fail to add transactionLiping Zhang1-1/+3
2016-10-28netfilter: ip_vs_sync: fix bogus maybe-uninitialized warningArnd Bergmann1-2/+5
2016-10-27netfilter: nf_tables: fix type mismatch with error return from nft_parse_u32_...John W. Linville1-1/+1
2016-10-27netfilter: nf_conntrack_sip: extend request line validationUlrich Weber1-1/+4
2016-10-27netfilter: nf_tables: fix race when create new element in dynsetLiping Zhang1-3/+12
2016-10-27netfilter: nf_tables: fix *leak* when expr clone failLiping Zhang4-14/+19
2016-10-27netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabledLiping Zhang1-0/+3
2016-10-20netfilter: fix nf_queue handlingPablo Neira Ayuso3-27/+36
2016-10-20netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reachedNicolas Dichtel1-1/+1
2016-10-19netfilter: x_tables: suppress kmemcheck warningFlorian Westphal1-1/+1
2016-10-18netfilter: nf_tables: avoid uninitialized variable warningArnd Bergmann1-6/+4
2016-10-17netfilter: nft_range: validate operation netlink attributePablo Neira Ayuso1-1/+15
2016-10-17netfilter: nft_exthdr: fix error handling in nft_exthdr_init()Dan Carpenter1-1/+2
2016-10-17netfilter: nf_tables: underflow in nft_parse_u32_check()Dan Carpenter1-1/+1
2016-10-17netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policyLiping Zhang1-0/+1
2016-10-17netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias nameLiping Zhang1-0/+2
2016-10-17netfilter: xt_NFLOG: fix unexpected truncated packetLiping Zhang1-0/+1
2016-10-17netfilter: nft_dynset: fix element timeout for HZ != 1000Anders K. Pedersen1-2/+4
2016-10-17netfilter: xt_hashlimit: Add missing ULL suffixes for 64-bit constantsGeert Uytterhoeven1-2/+2
2016-10-11netfilter: Fix slab corruption.Linus Torvalds1-75/+33
2016-10-04netfilter: nft_limit: fix divided by zero panicLiping Zhang1-2/+2
2016-10-04netfilter: fix namespace handling in nf_log_proc_dostringJann Horn1-2/+4
2016-09-30netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit divisionVishwanath Pai1-7/+8
2016-09-30netfilter: accommodate different kconfig in nf_set_hooks_headAaron Conole1-4/+11
2016-09-30netfilter: Fix potential null pointer dereferenceAaron Conole1-1/+1
2016-09-25Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/...Pablo Neira Ayuso10-41/+120
2016-09-25netfilter: nf_log: get rid of XT_LOG_* macrosLiping Zhang1-2/+2
2016-09-25netfilter: nft_log: complete NFTA_LOG_FLAGS attr supportLiping Zhang2-2/+9
2016-09-25netfilter: nf_tables: add range expressionPablo Neira Ayuso3-2/+146
2016-09-25netfilter: evict stale entries when user reads /proc/net/nf_conntrackFlorian Westphal1-0/+5
2016-09-25netfilter: xt_hashlimit: Create revision 2 to support higher pps ratesVishwanath Pai1-68/+262
2016-09-25netfilter: xt_hashlimit: Prepare for revision 2Vishwanath Pai1-30/+31
2016-09-25netfilter: nft_ct: report error if mark and dir specified simultaneouslyLiping Zhang1-0/+2
2016-09-25netfilter: nft_ct: unnecessary to require dir when use ct l3proto/protocolLiping Zhang1-10/+9
2016-09-25netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ackGao Feng1-8/+12
2016-09-25netfilter: replace list_head with single linked listAaron Conole4-65/+112
2016-09-24netfilter: Only allow sane values in nf_register_net_hookAaron Conole1-0/+5
2016-09-24netfilter: Remove explicit rcu_read_lock in nf_hook_slowAaron Conole8-13/+13
2016-09-24netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and ...Gao Feng1-8/+4
2016-09-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-6/+7
2016-09-23netfilter: nft_lookup: remove superfluous element found checkPablo Neira Ayuso1-1/+1
2016-09-23netfilter: xt_helper: Use sizeof(variable) instead of literal numberGao Feng1-1/+1
2016-09-23netfilter: Enhance the codes used to get random onceGao Feng3-17/+4
2016-09-23netfilter: nf_tables: check tprot_set first when we use xt.thoffLiping Zhang3-10/+19
2016-09-23netfilter: nf_tables: improve nft payload fast evalLiping Zhang1-1/+1
2016-09-23netfilter: nft_queue: add _SREG_QNUM attr to select the queue numberLiping Zhang1-12/+90
2016-09-23netfilter: nf_tables: validate maximum value of u32 netlink attributesLaura Garcia Liebana6-8/+59
2016-09-22netfilter: nft_numgen: add number generation offsetLaura Garcia Liebana1-6/+26
2016-09-22sctp: rename WORD_TRUNC/ROUND macrosMarcelo Ricardo Leitner1-1/+1
2016-09-19net: Add _nf_(un)register_hooks symbolsMahesh Bandewar1-5/+46
2016-09-13netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensionsGao Feng2-4/+5
2016-09-13netfilter: nft_hash: fix hash overflow validationLaura Garcia Liebana1-1/+1
2016-09-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller6-30/+66
2016-09-12netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()Pablo Neira Ayuso1-1/+1
2016-09-12netfilter: nft_numgen: fix race between num generate and store itLiping Zhang1-1/+1
2016-09-12netfilter: conntrack: remove packet hotpath statsFlorian Westphal3-21/+7
2016-09-12netfilter: Add the missed return value check of nft_register_chain_typeGao Feng2-2/+8
2016-09-12netfilter: Add the missed return value check of register_netdevice_notifierGao Feng3-7/+28
2016-09-12netfilter: nf_conntrack: simplify __nf_ct_try_assign_helper() return logicPablo Neira1-9/+6
2016-09-12netfilter: introduce nft_set_pktinfo_{ipv4, ipv6}_validate()Pablo Neira Ayuso1-77/+2
2016-09-12netfilter: nf_tables: ensure proper initialization of nft_pktinfo fieldsPablo Neira Ayuso2-1/+5
2016-09-12netfilter: nft_dynset: allow to invert match criteriaPablo Neira Ayuso1-1/+19
2016-09-12netfilter: nft_hash: Add hash offset valueLaura Garcia Liebana1-4/+13
2016-09-09netfilter: nft_queue: check the validation of queues_total and queuenumLiping Zhang1-0/+11
2016-09-07netfilter: nf_ct_sip: allow tab character in SIP headersMarco Angaroni1-1/+1
2016-09-07netfilter: nft_quota: introduce nft_overquota()Pablo Neira Ayuso1-4/+4
2016-09-07netfilter: nft_quota: fix overquota logicPablo Neira Ayuso1-1/+1
2016-09-07netfilter: nft_numgen: rename until attribute by modulusLaura Garcia Liebana1-15/+15
2016-09-07netfilter: ftp: Remove the useless codeGao Feng1-12/+1
2016-09-07netfilter: ftp: Remove the useless dlen==0 condition check in find_patternGao Feng1-2/+0
2016-09-07netfilter: nf_ct_sip: correct allowed characters in Call-ID SIP headerMarco Angaroni1-2/+3
2016-09-07netfilter: nf_ct_sip: correct parsing of continuation lines in SIP headersMarco Angaroni1-2/+1
2016-09-07netfilter: gre: Use consistent GRE and PTTP header structure instead of the o...Gao Feng1-6/+6
2016-09-07netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfil...Gao Feng1-2/+2
2016-09-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller26-923/+1186
2016-09-05netfilter: nf_tables_trace: fix endiness when dump chain policyLiping Zhang1-1/+1
2016-08-30netfilter: log: Check param to avoid overflow in nf_log_setGao Feng1-3/+5
2016-08-30netfilter: remove __nf_ct_kill_acct helperFlorian Westphal1-7/+5
2016-08-30netfilter: conntrack: resched gc again if eviction rate is highFlorian Westphal1-0/+6
2016-08-30netfilter: conntrack: add gc worker to remove timed-out entriesFlorian Westphal1-0/+76
2016-08-30netfilter: evict stale entries on netlink dumpsFlorian Westphal1-1/+24
2016-08-30netfilter: conntrack: get rid of conntrack timerFlorian Westphal4-58/+56
2016-08-30netfilter: don't rely on DYING bit to detect when destroy event was sentFlorian Westphal1-8/+14
2016-08-30netfilter: restart search if moved to other chainFlorian Westphal1-0/+7
2016-08-30netfilter: nf_tables_netdev: remove redundant ip_hdr assignmentLiping Zhang1-1/+0
2016-08-26netfilter: nf_tables: Use nla_put_be32() to dump immediate parametersPablo Neira Ayuso2-5/+5
2016-08-26netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertionPablo Neira Ayuso3-13/+36
2016-08-25netfilter: nft_meta: improve the validity check of pkttype set exprLiping Zhang1-4/+13
2016-08-25netfilter: cttimeout: unlink timeout objs in the unconfirmed ct listsLiping Zhang1-1/+10
2016-08-25netfilter: cttimeout: put back l4proto when replacing timeout policyLiping Zhang1-18/+15
2016-08-25netfilter: nfnetlink: use list_for_each_entry_safe to delete all objectsLiping Zhang2-5/+6
2016-08-25netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUTLiping Zhang2-1/+22
2016-08-23netfilter: nf_tables: reject hook configuration updates on existing chainsPablo Neira Ayuso1-0/+31
2016-08-23netfilter: nf_tables: introduce nft_chain_parse_hook()Pablo Neira Ayuso1-63/+89
2016-08-22netfilter: nft_hash: fix non static symbol warningWei Yongjun1-1/+1
2016-08-22netfilter: fix spelling mistake: "delimitter" -> "delimiter"Colin Ian King1-1/+1
2016-08-22netfilter: nf_tables: add number generator expressionLaura Garcia Liebana3-0/+199
2016-08-22netfilter: nf_tables: add quota expressionPablo Neira Ayuso3-0/+128
2016-08-18netfilter: nf_conntrack: restore nf_conntrack_htable_size as exported symbolPablo Neira Ayuso1-0/+2
2016-08-18netfilter: cttimeout: fix use after free error when delete netnsLiping Zhang1-6/+10
2016-08-18netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroyLiping Zhang1-4/+4
2016-08-18netfilter: conntrack: simplify the code by using nf_conntrack_get_htLiping Zhang1-36/+10
2016-08-18netfilter: tproxy: properly refcount tcp listenersEric Dumazet1-0/+4
2016-08-18netfilter: nfnetlink_acct: report overquota to the right netnsLiping Zhang2-5/+6
2016-08-17netfilter: nfnetlink_log: add "nf-logger-3-1" module alias nameLiping Zhang1-0/+1
2016-08-17netfilter: conntrack: do not dump other netns's conntrack entries via procLiping Zhang1-0/+4
2016-08-13netfilter: remove ip_conntrack* sysctl compat codePablo Neira Ayuso6-378/+6
2016-08-12netfilter: nf_tables: add hash expressionLaura Garcia Liebana3-0/+143
2016-08-12netfilter: nf_tables: rename set implementationsPablo Neira Ayuso4-4/+4
2016-08-12ipvs: use nf_ct_kill helperFlorian Westphal1-5/+2
2016-08-12netfilter: use_nf_conn_expires helper in more placesFlorian Westphal3-9/+3
2016-08-12netfilter: physdev: add missed blankHangbin Liu1-2/+2
2016-08-12netfilter: conntrack: Only need first 4 bytes to get l4proto portsGao Feng5-8/+10
2016-08-10netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributesLaura Garcia Liebana1-2/+9
2016-08-09netfilter: ctnetlink: reject new conntrack request with different l4protoLiping Zhang1-0/+2
2016-08-09netfilter: nfnetlink_queue: reject verdict request from different portidLiping Zhang1-4/+2
2016-08-09netfilter: nfnetlink_queue: fix memory leak when attach expectation successfullyLiping Zhang1-6/+2
2016-08-09netfilter: nf_ct_expect: remove the redundant slash when policy name is emptyLiping Zhang1-1/+1
2016-08-08netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeqChristophe Leroy1-2/+2
2016-08-08netfilter: nft_rbtree: ignore inactive matching element with no descendantsPablo Neira Ayuso1-4/+6
2016-08-08netfilter: nf_ct_h323: do not re-activate already expired timerLiping Zhang1-1/+2
2016-07-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds36-808/+1009
2016-07-25Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-1/+22
2016-07-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller26-488/+589
2016-07-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller5-9/+17
2016-07-23netfilter: nft_compat: fix crash when related match/target module is removedLiping Zhang1-23/+20
2016-07-23netfilter: nft_compat: put back match/target module if init failLiping Zhang1-8/+24
2016-07-23netfilter: h323: Use mod_timer instead of set_expect_timeoutGao Feng1-14/+1
2016-07-22netfilter: connlabels: move set helper to xt_connlabelFlorian Westphal2-30/+16
2016-07-22netfilter: conntrack: support a fixed size of 128 distinct labelsFlorian Westphal4-26/+12
2016-07-21netfilter: nf_tables: allow to filter out rules by table and chainPablo Neira Ayuso1-0/+38
2016-07-21netfilter: nft_log: fix snaplen does not truncate packetsLiping Zhang1-1/+2
2016-07-21netfilter: nft_log: check the validity of log levelLiping Zhang1-0/+5
2016-07-21netfilter: nft_log: fix possible memory leak if log expr init failLiping Zhang1-8/+18
2016-07-21netfilter: Add helper array register/unregister functionsGao Feng6-181/+150
2016-07-19netfilter: nft_ct: fix unpaired nf_connlabels_get/put callLiping Zhang1-6/+19
2016-07-18netfilter: x_tables: speed up jump target validationFlorian Westphal1-0/+50
2016-07-12netfilter: conntrack: skip clash resolution if nat is in placePablo Neira Ayuso1-0/+1
2016-07-12netfilter: conntrack: protect early_drop by rcu read lockLiping Zhang1-0/+3
2016-07-11netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931Toby DiPasquale1-1/+2
2016-07-11Merge tag 'ipvs-for-v4.8' of https://git.kernel.org/pub/scm/linux/kernel/git/...Pablo Neira Ayuso1-2/+23
2016-07-11netfilter: nf_tables: get rid of possible_net_t from set and basechainPablo Neira Ayuso4-29/+29
2016-07-11netfilter: nft_ct: make byte/packet expr more friendlyLiping Zhang1-0/+3
2016-07-11netfilter: physdev: physdev-is-out should not work with OUTPUT chainHangbin Liu1-4/+4
2016-07-11netfilter: nat: convert nat bysrc hash to rhashtableFlorian Westphal1-58/+68
2016-07-11Merge tag 'ipvs-fixes2-for-v4.7' of https://git.kernel.org/pub/scm/linux/kern...Pablo Neira Ayuso1-2/+4
2016-07-11netfilter: move nat hlist_head to nf_connFlorian Westphal2-39/+9
2016-07-11netfilter: conntrack: simplify early_dropFlorian Westphal1-48/+47
2016-07-11netfilter: nf_ct_helper: unlink helper again when hash resize happenLiping Zhang1-6/+13
2016-07-11netfilter: cttimeout: unlink timeout obj again when hash resize happenLiping Zhang1-6/+14
2016-07-11netfilter: conntrack: fix race between nf_conntrack proc read and hash resizeLiping Zhang2-5/+26
2016-07-08netfilter: nft_ct: fix expiration getterFlorian Westphal1-5/+1
2016-07-07ipvs: count pre-established TCP states as activeMichal Kubecek1-2/+23
2016-07-07ipvs: fix bind to link-local mcast IPv6 address in backupQuentin Armitage1-2/+4
2016-07-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller17-321/+428
2016-07-05netfilter: nf_log: fix error on write NONE to logger choice sysctlPavel Tikhomirov1-5/+6
2016-07-04net: simplify and make pkt_type_ok() available for other usersJamal Hadi Salim1-8/+1
2016-07-03netfilter: Convert FWINV<[foo]> macros and uses to NF_INVFJoe Perches1-5/+2
2016-07-01netfilter: Remove references to obsolete CONFIG_IP_ROUTE_FWMARKMoritz Sichert1-6/+4
2016-07-01netfilter: conntrack: avoid integer overflow when resizingFlorian Westphal1-0/+7
2016-06-30Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller5-18/+16
2016-06-24netfilter: nf_tables: add support for inverted logic in nft_lookupArturo Borrero1-5/+32
2016-06-24netfilter: nf_tables: get rid of NFT_BASECHAIN_DISABLEDPablo Neira Ayuso1-37/+25
2016-06-24netfilter: conntrack: allow increasing bucket size via sysctl tooFlorian Westphal2-18/+59
2016-06-24netfilter: nft_hash: support deletion of inactive elementsPablo Neira Ayuso1-2/+4
2016-06-24netfilter: nft_rbtree: check for next generation when deactivating elementsPablo Neira Ayuso1-1/+1
2016-06-24netfilter: nf_tables: add generation mask to setsPablo Neira Ayuso3-32/+49
2016-06-24netfilter: nf_tables: add generation mask to chainsPablo Neira Ayuso1-31/+58
2016-06-24netfilter: nf_tables: add generation mask to tablesPablo Neira Ayuso1-44/+57
2016-06-24netfilter: nf_tables: add generic macros to check for generation maskPablo Neira Ayuso1-38/+8
2016-06-24netfilter: xt_NFLOG: nflog-range does not truncate packetsVishwanath Pai2-3/+9
2016-06-23netfilter: nft_meta: set skb->nf_trace appropriatelyLiping Zhang1-1/+1
2016-06-23netfilter: nf_tables: fix memory leak if expr init failsLiping Zhang1-1/+3
2016-06-23netfilter: Allow xt_owner in any user namespaceEric W. Biederman1-6/+35
2016-06-23netfilter: move zone info into struct nf_connFlorian Westphal1-31/+2
2016-06-23netfilter: nf_log: Remove NULL checkShivani Bhardwaj1-1/+1
2016-06-23netfilter: conntrack: align nf_conn on cacheline boundaryFlorian Westphal1-1/+1
2016-06-23netfilter: xt_TRACE: add explicitly nf_logger_find_get callLiping Zhang1-6/+19
2016-06-23netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put]Liping Zhang2-20/+21
2016-06-23netfilter: x_tables: fix possible ZERO_SIZE_PTR pointer dereferencing error.Xiubo Li1-0/+3
2016-06-15netfilter: nf_tables: fix a wrong check to skip the inactive rulesLiping Zhang1-1/+1
2016-06-15netfilter: nf_tables: fix wrong destroy anonymous sets if binding failsLiping Zhang1-6/+1
2016-06-15netfilter: nf_tables: reject loops from set element jump to chainPablo Neira Ayuso3-10/+11
2016-06-15netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_setLiping Zhang1-1/+1
2016-06-15netfilter: conntrack: destroy kmemcache on module removalFlorian Westphal1-0/+2
2016-06-14locking/spinlock, netfilter: Fix nf_conntrack_lock() barriersPeter Zijlstra1-1/+22
2016-06-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller13-29/+40
2016-06-07net: sched: do not acquire qdisc spinlock in qdisc/class stats dumpEric Dumazet1-1/+1
2016-06-07netfilter: helper: avoid extra expectation iterations on unregisterFlorian Westphal1-29/+32
2016-06-06ipvs: update real-server binding of outgoing connections in SIP-peMarco Angaroni2-4/+6
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-29 03:29:47 +0000