aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/netfilter/ip6_tables.c
AgeCommit message (Expand)AuthorFilesLines
2024-04-10netfilter: complete validation of user inputEric Dumazet1-0/+4
2024-04-04netfilter: validate user input for expected lengthEric Dumazet1-0/+4
2023-03-22xtables: move icmp/icmpv6 logic to xt_tcpudpFlorian Westphal1-67/+1
2023-02-22netfilter: x_tables: fix percpu counter block leak on error path when creatin...Pavel Tikhomirov1-0/+4
2023-02-22netfilter: ebtables: fix table blob use-after-freeFlorian Westphal1-2/+1
2021-10-14netfilter: ip6tables: allow use of ip6t_do_table as hookfnFlorian Westphal1-3/+3
2021-09-15netfilter: ip6_tables: zero-initialize fragment offsetJeremy Sowden1-0/+1
2021-05-29netfilter: x_tables: reduce xt_action_param by 8 byteFlorian Westphal1-1/+1
2021-04-26netfilter: allow to turn off xtables compat layerFlorian Westphal1-8/+8
2021-04-26netfilter: ip6_tables: pass table pointer via nf_hook_opsFlorian Westphal1-18/+33
2021-04-26netfilter: ip6tables: unregister the tables by nameFlorian Westphal1-4/+10
2021-04-26netfilter: x_tables: remove ipt_unregister_tableFlorian Westphal1-9/+0
2021-04-13netfilter: x_tables: fix compat match/target pad out-of-bound writeFlorian Westphal1-0/+2
2021-03-15Revert "netfilter: x_tables: Switch synchronization to RCU"Mark Tomlinson1-7/+7
2021-03-15Revert "netfilter: x_tables: Update remaining dereference to RCU"Mark Tomlinson1-1/+1
2020-12-17netfilter: x_tables: Update remaining dereference to RCUSubash Abhinov Kasiviswanathan1-1/+1
2020-12-08netfilter: x_tables: Switch synchronization to RCUSubash Abhinov Kasiviswanathan1-7/+7
2020-07-28net: remove sockptr_advanceChristoph Hellwig1-4/+4
2020-07-24netfilter: switch nf_setsockopt to sockptr_tChristoph Hellwig1-12/+12
2020-07-24netfilter: switch xt_copy_counters to sockptr_tChristoph Hellwig1-3/+3
2020-07-19netfilter: remove the compat argument to xt_copy_counters_from_userChristoph Hellwig1-2/+1
2020-07-19netfilter/ip6_tables: clean up compat {get, set}sockopt handlingChristoph Hellwig1-66/+21
2020-06-25netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit he...David Wilder1-1/+14
2020-03-15netfilter: Replace zero-length array with flexible-array memberGustavo A. R. Silva1-2/+2
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner1-4/+1
2018-07-05netfilter: x_tables: set module owner for icmp(6) matchesFlorian Westphal1-0/+1
2018-06-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller1-0/+1
2018-06-08netfilter: x_tables: initialise match/target check parameter structFlorian Westphal1-0/+1
2018-05-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-1/+4
2018-05-23netfilter: xtables: allow table definitions not backed by hook_opsFlorian Westphal1-1/+4
2018-05-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-0/+1
2018-05-08netfilter: x_tables: add module alias for icmp matchesFlorian Westphal1-0/+1
2018-04-24netfilter: x_tables: remove duplicate ip6t_get_target function callTaehee Yoo1-1/+0
2018-03-30Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-20/+13
2018-03-30Revert "netfilter: x_tables: ensure last rule in base chain matches underflow...Florian Westphal1-16/+1
2018-03-27net: Drop pernet_operations::asyncKirill Tkhai1-1/+0
2018-03-05netfilter: x_tables: ensure last rule in base chain matches underflow/policyFlorian Westphal1-1/+16
2018-03-05netfilter: compat: prepare xt_compat_init_offsets to return errorsFlorian Westphal1-3/+7
2018-03-05netfilter: x_tables: add counters allocation wrapperFlorian Westphal1-1/+1
2018-03-05netfilter: x_tables: move hook entry checks into coreFlorian Westphal1-10/+3
2018-03-05netfilter: x_tables: check standard verdicts in coreFlorian Westphal1-5/+0
2018-03-05netfilter: unlock xt_table earlier in __do_replaceXin Long1-1/+2
2018-03-05net: Convert arp_tables_net_ops and ip6_tables_net_opsKirill Tkhai1-0/+1
2018-02-14netfilter: add back stackpointer size checksFlorian Westphal1-0/+4
2018-01-31Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-15/+12
2018-01-19netfilter: remove messages print and boot/module load timePablo Neira Ayuso1-1/+0
2018-01-08netfilter: xtables: add and use xt_request_find_table_lockFlorian Westphal1-14/+12
2018-01-03Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-6/+1
2017-12-04netfilter: Remove now-redundant smp_read_barrier_depends()Paul E. McKenney1-6/+1
2017-11-20netfilter: remove redundant assignment to eColin Ian King1-1/+0
2017-10-24netfilter: x_tables: don't use seqlock when fetching old countersFlorian Westphal1-2/+20
2017-09-08netfilter: xtables: add scheduling opportunity in get_countersFlorian Westphal1-0/+1
2017-09-04net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.Varsha Rao1-9/+3
2017-08-02netfilter: constify nf_loginfo structuresJulia Lawall1-1/+1
2017-04-08netfilter: ip6_tables: Remove unneccessary commentsArushi Singhal1-9/+0
2017-04-07netfilter: Remove unnecessary cast on void pointersimran singhal1-12/+8
2017-01-09ip6tables: use match, target and data copy_to_user helpersWillem de Bruijn1-15/+6
2016-12-24Replace <asm/uaccess.h> with <linux/uaccess.h> globallyLinus Torvalds1-1/+1
2016-12-06netfilter: x_tables: pack percpu counter allocationsFlorian Westphal1-3/+6
2016-12-06netfilter: x_tables: pass xt_counters struct to counter allocatorFlorian Westphal1-4/+1
2016-12-06netfilter: x_tables: pass xt_counters struct instead of packet counterFlorian Westphal1-3/+2
2016-11-13netfilter: x_tables: simplify IS_ERR_OR_NULL to NULL testJulia Lawall1-10/+10
2016-11-03netfilter: x_tables: move hook state into xt_action_param structurePablo Neira Ayuso1-5/+1
2016-09-25netfilter: nft_log: complete NFTA_LOG_FLAGS attr supportLiping Zhang1-1/+1
2016-07-18netfilter: x_tables: speed up jump target validationFlorian Westphal1-21/+24
2016-07-03netfilter: Convert FWINV<[foo]> macros and uses to NF_INVFJoe Perches1-8/+8
2016-05-05netfilter: x_tables: get rid of old and inconsistent debuggingPablo Neira Ayuso1-188/+41
2016-04-29netfilter: fix IS_ERR_VALUE usagePablo Neira Ayuso1-2/+4
2016-04-14netfilter: x_tables: introduce and use xt_copy_counters_from_userFlorian Westphal1-44/+5
2016-04-14netfilter: x_tables: remove obsolete checkFlorian Westphal1-7/+0
2016-04-14netfilter: x_tables: remove obsolete overflow check for compat case tooFlorian Westphal1-2/+0
2016-04-14netfilter: x_tables: do compat validation via translate_tableFlorian Westphal1-125/+23
2016-04-14netfilter: x_tables: xt_compat_match_from_user doesn't need a retvalFlorian Westphal1-18/+9
2016-04-14netfilter: ip6_tables: simplify translate_compat_table argsFlorian Westphal1-35/+24
2016-04-14netfilter: x_tables: check for bogus target offsetFlorian Westphal1-2/+3
2016-04-14netfilter: x_tables: add compat version of xt_check_entry_offsetsFlorian Westphal1-1/+2
2016-04-14netfilter: x_tables: kill check_entry helperFlorian Westphal1-12/+8
2016-04-14netfilter: x_tables: add and use xt_check_entry_offsetsFlorian Westphal1-11/+1
2016-04-14netfilter: x_tables: validate targets of jumpsFlorian Westphal1-0/+16
2016-04-14netfilter: x_tables: don't move to non-existent next ruleFlorian Westphal1-0/+4
2016-03-28netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_EN...Pablo Neira Ayuso1-0/+2
2016-03-28netfilter: x_tables: fix unconditional helperFlorian Westphal1-12/+11
2016-03-28netfilter: x_tables: make sure e->next_offset covers remaining blob sizeFlorian Westphal1-2/+4
2016-03-28netfilter: x_tables: validate e->target_offset earlyFlorian Westphal1-9/+8
2016-03-02netfilter: xtables: don't hook tables by defaultFlorian Westphal1-14/+28
2016-03-02netfilter: xtables: prepare for on-demand hook registerFlorian Westphal1-11/+12
2015-10-14netfilter: ip6_tables: improve if statementsIan Morris1-3/+3
2015-10-13netfilter: ip6_tables: ternary operator layoutIan Morris1-2/+2
2015-10-13netfilter: ipv6: code indentationIan Morris1-2/+2
2015-10-13netfilter: ip6_tables: function definition layoutIan Morris1-3/+3
2015-10-13netfilter: ip6_tables: label placementIan Morris1-1/+1
2015-09-18netfilter: x_tables: Pass struct net in xt_action_paramEric W. Biederman1-0/+1
2015-09-18inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_tableEric W. Biederman1-1/+1
2015-09-17netfilter: Use nf_hook_state.netEric W. Biederman1-4/+4
2015-08-28Revert "netfilter: xtables: compute exact size needed for jumpstack"Florian Westphal1-15/+8
2015-07-15netfilter: xtables: remove __pure annotationFlorian Westphal1-1/+1
2015-07-15netfilter: add and use jump label for xt_teeFlorian Westphal1-1/+2
2015-07-15netfilter: xtables: don't save/restore jumpstack offsetFlorian Westphal1-12/+14
2015-07-15netfilter: xtables: compute exact size needed for jumpstackFlorian Westphal1-8/+15
2015-06-15netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference.Eric Dumazet1-2/+2
2015-06-12netfilter: xtables: avoid percpu ruleset duplicationFlorian Westphal1-49/+16
2015-06-12netfilter: xtables: use percpu rule countersFlorian Westphal1-5/+26
2015-05-31Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-3/+1
2015-05-26netfilter: remove unused comefrom hookmask argumentFlorian Westphal1-3/+1
2015-05-20netfilter: ensure number of counters is >0 in do_replace()Dave Jones1-0/+6
2015-04-04netfilter: Pass nf_hook_state through ip6t_do_table().David S. Miller1-7/+6
2015-03-25netfilter: Use LOGLEVEL_<FOO> definesJoe Perches1-1/+4
2015-03-19netfilter: restore rule tracing via nfnetlink_logPablo Neira Ayuso1-3/+3
2014-04-05netfilter: Can't fail and free after table replacementThomas Graf1-2/+4
2013-10-22netfilter: x_tables: fix ordering of jumpstack allocation and table updateWill Deacon1-0/+5
2013-04-18netfilter: add my copyright statementsPatrick McHardy1-0/+1
2013-04-05netfilter: nf_log: prepare net namespace support for loggersGao feng1-1/+2
2013-01-22netfilter: Use IS_ERR_OR_NULL().YOSHIFUJI Hideaki / 吉藤英明1-5/+5
2012-11-30Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/...David S. Miller1-103/+0
2012-11-18net: Allow userns root to control ipv6Eric W. Biederman1-4/+4
2012-11-09ipv6: Move ipv6_find_hdr() out of Netfilter code.Jesse Gross1-103/+0
2012-11-01ipv6: use IS_ENABLED()Amerigo Wang1-4/+2
2012-05-15net: Convert net_ratelimit uses to net_<level>_ratelimitedJoe Perches1-2/+1
2012-05-09netfilter: ip6_tables: add flags parameter to ipv6_find_hdr()Hans Schillstrom1-5/+31
2012-04-15net: cleanup unsigned to unsigned intEric Dumazet1-1/+1
2012-04-09netfilter: ip6_tables: ip6t_ext_hdr is now static inlinePablo Neira Ayuso1-14/+0
2011-04-19Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/...David S. Miller1-7/+12
2011-04-17netfilter: ip6_tables: Fix set-but-unused variables.David S. Miller1-2/+0
2011-04-04netfilter: get rid of atomic ops in fast pathEric Dumazet1-7/+12
2011-03-31Fix common misspellingsLucas De Marchi1-1/+1
2011-03-20netfilter: xtables: fix reentrancyEric Dumazet1-2/+2
2011-03-15ipv6: netfilter: ip6_tables: fix infoleak to userspaceVasiliy Kulikov1-0/+3
2011-01-19Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-31/+14
2011-01-13netfilter: x_table: speedup compat operationsEric Dumazet1-0/+2
2011-01-10netfilter: x_tables: dont block BH while reading countersEric Dumazet1-31/+14
2010-11-03netfilter: ip6_tables: fix information leak to userspaceJan Engelhardt1-0/+1
2010-10-21Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/...David S. Miller1-42/+42
2010-10-13netfilter: xtables: resolve indirect macros 3/3Jan Engelhardt1-9/+9
2010-10-13netfilter: xtables: resolve indirect macros 2/3Jan Engelhardt1-27/+27
2010-10-13netfilter: xtables: resolve indirect macros 1/3Jan Engelhardt1-6/+6
2010-09-23net: return operator cleanupEric Dumazet1-7/+7
2010-08-23netfilter: fix CONFIG_COMPAT supportFlorian Westphal1-0/+3
2010-08-17netfilter: {ip,ip6,arp}_tables: avoid lockdep false positiveEric Dumazet1-0/+2
2010-08-02netfilter: {ip,ip6,arp}_tables: dont block bottom half more than necessaryEric Dumazet1-4/+6
2010-07-23netfilter: ip6tables: use skb->len for accountingChangli Gao1-3/+1
2010-06-15Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-1/+1
2010-06-04netfilter: vmalloc_node cleanupEric Dumazet1-4/+3
2010-05-31netfilter: xtables: stackptr should be percpuEric Dumazet1-1/+1
2010-05-13netfilter: cleanup printk messagesStephen Hemminger1-1/+1
2010-05-13netfilter: change NF_ASSERT to WARN_ONStephen Hemminger1-6/+1
2010-05-11netfilter: xtables: combine built-in extension structsJan Engelhardt1-34/+30
2010-05-11netfilter: xtables: change hotdrop pointer to direct modificationJan Engelhardt1-6/+5
2010-05-11netfilter: xtables: deconstify struct xt_action_param for matchesJan Engelhardt1-1/+1
2010-05-11netfilter: xtables: substitute temporary defines by final nameJan Engelhardt1-2/+2
2010-05-11netfilter: xtables: combine struct xt_match_param and xt_target_paramJan Engelhardt1-14/+13
2010-05-02netfilter: xtables: dissolve do_match functionJan Engelhardt1-17/+5
2010-04-19netfilter: xtables: remove old comments about reentrancyJan Engelhardt1-2/+0
2010-04-19netfilter: xtables: make ip_tables reentrantJan Engelhardt1-34/+22
2010-03-25netfilter: xtables: change matches to return error codeJan Engelhardt1-1/+1
2010-03-25netfilter: xtables: change xt_match.checkentry return typeJan Engelhardt1-1/+1
2010-03-25netfilter: xtables: consolidate code into xt_request_find_matchJan Engelhardt1-10/+8
2010-03-25netfilter: xtables: make use of xt_request_find_targetJan Engelhardt1-12/+8
2010-03-25netfilter: xt extensions: use pr_<level> (2)Jan Engelhardt1-5/+4
2010-02-26netfilter: xtables: restore indentationJan Engelhardt1-10/+15
2010-02-24netfilter: xtables: reduce arguments to translate_tableJan Engelhardt1-27/+15
2010-02-24netfilter: xtables: optimize call flow around xt_ematch_foreachJan Engelhardt1-62/+31
2010-02-24netfilter: xtables: replace XT_MATCH_ITERATE macroJan Engelhardt1-17/+61
2010-02-24netfilter: xtables: optimize call flow around xt_entry_foreachJan Engelhardt1-118/+61
2010-02-24netfilter: xtables: replace XT_ENTRY_ITERATE macroJan Engelhardt1-56/+104
2010-02-15netfilter: xtables: add const qualifiersJan Engelhardt1-40/+48
2010-02-15netfilter: xtables: constify args in compat copying functionsJan Engelhardt1-2/+2
2010-02-10netfilter: xtables: generate initial table on-demandJan Engelhardt1-0/+7
2010-02-10Merge branch 'master' of /repos/git/net-next-2.6Patrick McHardy1-2/+2
2010-02-08netfilter: xtables: compat out of scope fixAlexey Dobriyan1-2/+2
2010-02-03netfilter: add struct net * to target parametersPatrick McHardy1-3/+5
2010-01-18netfilter: xtables: add struct xt_mtdtor_param::netAlexey Dobriyan1-17/+20
2010-01-18netfilter: xtables: add struct xt_mtchk_param::netAlexey Dobriyan1-6/+8
2009-11-23netfilter: net/ipv[46]/netfilter: Move && and || to end of previous lineJoe Perches1-21/+21
2009-08-24netfilter: xtables: mark initial tables constantJan Engelhardt1-1/+2
2009-08-10netfilter: xtables: check for standard verdicts in policiesJan Engelhardt1-2/+19
2009-08-10netfilter: xtables: check for unconditionality of policiesJan Engelhardt1-5/+7
2009-08-10netfilter: xtables: ignore unassigned hooks in check_entry_size_and_hooksJan Engelhardt1-1/+4
2009-08-10netfilter: xtables: use memcmp in unconditional checkJan Engelhardt1-8/+3
2009-06-04netfilter: x_tables: added hook number into match extension parameter structure.Evgeniy Polyakov1-1/+1
2009-05-08netfilter: xtables: consolidate comefrom debug cast accessJan Engelhardt1-5/+8
2009-05-08netfilter: xtables: remove another level of indentJan Engelhardt1-23/+21
2009-05-08netfilter: xtables: remove some gotoJan Engelhardt1-5/+2
2009-05-08netfilter: xtables: reduce indent level by oneJan Engelhardt1-68/+64
2009-05-08netfilter: xtables: consolidate open-coded logicJan Engelhardt1-4/+10
2009-05-08netfilter: xtables: fix const inconsistencyJan Engelhardt1-7/+7
2009-05-08netfilter: xtables: remove redundant castsJan Engelhardt1-1/+1
2009-05-08netfilter: xtables: use NFPROTO_ in standard targetsJan Engelhardt1-3/+3
2009-05-08netfilter: xtables: use NFPROTO_ for xt_proto_init callsitesJan Engelhardt1-2/+2
2009-04-28netfilter: revised locking for x_tablesStephen Hemminger1-86/+37
2009-04-06netfilter: ip6tables regression fixEric Dumazet1-0/+2
2009-04-02netfilter: use rcu_read_bh() in ipt_do_table()Eric Dumazet1-2/+2
2009-03-25netfilter: {ip,ip6,arp}_tables: fix incorrect loop detectionPatrick McHardy1-1/+3
2009-03-25netfilter: factorize ifname_compare()Eric Dumazet1-21/+2
2009-02-20netfilter: iptables: lock free countersStephen Hemminger1-35/+84
2009-02-19netfilter: ip6_tables: unfold two loops in ip6_packet_match()Eric Dumazet1-12/+21
2008-10-08netfilter: xtables: provide invoked family value to extensionsJan Engelhardt1-2/+8
2008-10-08netfilter: xtables: move extension arguments into compound structure (6/6)Jan Engelhardt1-3/+7
2008-10-08netfilter: xtables: move extension arguments into compound structure (5/6)Jan Engelhardt1-6/+10
2008-10-08netfilter: xtables: move extension arguments into compound structure (4/6)Jan Engelhardt1-13/+11
2008-10-08netfilter: xtables: move extension arguments into compound structure (3/6)Jan Engelhardt1-3/+7
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-14 16:56:09 +0000