averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-05-20 14:35:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5bcade989a86caa4314aa91d6d3f652e8a82fe5
linux-stable-mirror/net/netfilter
T
History
Pablo Neira Ayuso d0009effa8 netfilter: nf_tables: validate NFPROTO_* family 
Several expressions explicitly refer to NF_INET_* hook definitions
from expr->ops->validate, however, family is not validated.

Bail out with EOPNOTSUPP in case they are used from unsupported
families.

Fixes: 0ca743a559 ("netfilter: nf_tables: add compatibility layer for x_tables")
Fixes: a3c90f7a23 ("netfilter: nf_tables: flow offload expression")
Fixes: 2fa841938c ("netfilter: nf_tables: introduce routing expression")
Fixes: 554ced0a6e ("netfilter: nf_tables: add support for native socket matching")
Fixes: ad49d86e07 ("netfilter: nf_tables: Add synproxy support")
Fixes: 4ed8eb6570 ("netfilter: nf_tables: Add native tproxy support")
Fixes: 6c47260250 ("netfilter: nf_tables: add xfrm expression")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2024-01-24 20:02:40 +01:00
..
ipset
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
ipvs
ipvs: avoid stat macros calls from preemptible context
2024-01-17 12:02:51 +01:00
core.c
netfilter: make nftables drops visible in net dropmonitor
2023-10-18 10:26:43 +02:00
Kconfig
Makefile
nf_bpf_link.c
Revert BPF token-related functionality
2023-12-19 08:23:03 -08:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_bpf.c
bpf: Add __bpf_kfunc_{start,end}_defs macros
2023-11-01 22:33:53 -07:00
nf_conntrack_broadcast.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nf_conntrack_core.c
netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
2023-10-18 10:26:43 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c
netfilter: conntrack: fix extension size table
2023-09-13 21:57:50 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: conntrack: simplify nf_conntrack_alter_reply
2023-10-10 16:34:28 +02:00
nf_conntrack_irc.c
nf_conntrack_labels.c
netfilter: conntrack: switch connlabels to atomic_t
2023-10-24 13:16:30 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
netfilter: ctnetlink: support filtering by zone
2023-12-22 12:15:20 +01:00
nf_conntrack_ovs.c
nf_conntrack_pptp.c
nf_conntrack_proto_dccp.c
nf_conntrack: fix -Wunused-const-variable=
2023-07-27 13:45:51 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c
nf_conntrack_proto_sctp.c
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
2023-10-04 14:12:01 +02:00
nf_conntrack_proto_tcp.c
netfilter: conntrack: prefer tcp_error_log to pr_debug
2023-10-10 16:34:28 +02:00
nf_conntrack_proto_udp.c
nf_conntrack_proto.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c
nf_conntrack_snmp.c
nf_conntrack_standalone.c
netfilter: Update to register_net_sysctl_sz
2023-08-15 15:26:17 -07:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c
nf_flow_table_core.c
netfilter: flowtable: GC pushes back packets to classic path
2023-10-25 11:35:46 +02:00
nf_flow_table_inet.c
nf_flow_table_ip.c
nf_flow_table_offload.c
net: flow_dissector: Use 64bits for used_keys
2023-07-31 09:11:24 +01:00
nf_flow_table_procfs.c
nf_hooks_lwtunnel.c
nf_internals.h
nf_log_syslog.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
nf_log.c
netfilter: Update to register_net_sysctl_sz
2023-08-15 15:26:17 -07:00
nf_nat_amanda.c
nf_nat_bpf.c
bpf: Add __bpf_kfunc_{start,end}_defs macros
2023-11-01 22:33:53 -07:00
nf_nat_core.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c
nf_nat_ovs.c
netfilter: nf_nat: fix action not being set for all ct states
2024-01-03 11:17:17 +01:00
nf_nat_proto.c
Merge tag 'ipsec-next-2023-10-28' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2023-10-30 14:36:57 -07:00
nf_nat_redirect.c
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
2023-11-08 16:40:30 +01:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
nf_sockopt.c
nf_synproxy_core.c
tcp: Don't pass cookie to __cookie_v[46]_check().
2023-11-29 20:16:19 -08:00
nf_tables_api.c
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
2024-01-24 20:02:39 +01:00
nf_tables_core.c
netfilter: nf_tables: set transport offset from mac header for netdev/egress
2023-12-20 10:43:21 +01:00
nf_tables_offload.c
net: flow_dissector: Use 64bits for used_keys
2023-07-31 09:11:24 +01:00
nf_tables_trace.c
netfilter: nf_tables: mask out non-verdict bits when checking return value
2023-10-18 10:26:43 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_hook.c
nfnetlink_log.c
netfilter: nfnetlink_log: use proper helper for fetching physinif
2024-01-17 12:02:47 +01:00
nfnetlink_osf.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nfnetlink_queue.c
netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
2023-10-18 10:26:43 +02:00
nfnetlink.c
nft_bitwise.c
nft_byteorder.c
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
2023-11-14 16:16:21 +01:00
nft_chain_filter.c
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
2024-01-24 19:50:21 +01:00
nft_chain_nat.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nft_chain_route.c
nft_cmp.c
net: flow_dissector: Use 64bits for used_keys
2023-07-31 09:11:24 +01:00
nft_compat.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_connlimit.c
nft_counter.c
nft_ct_fast.c
nft_ct.c
netfilter: nf_tables: refactor deprecated strncpy
2023-08-22 15:13:21 +02:00
nft_dup_netdev.c
nft_dynset.c
netfilter: nf_tables: bail out on mismatching dynset and set expressions
2023-12-06 17:15:43 +01:00
nft_exthdr.c
netfilter: nf_tables: fix 'exist' matching on bigendian arches
2023-12-06 17:15:42 +01:00
nft_fib_inet.c
nft_fib_netdev.c
nft_fib.c
netfilter: nf_tables: fix 'exist' matching on bigendian arches
2023-12-06 17:15:42 +01:00
nft_flow_offload.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_fwd_netdev.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nft_hash.c
nft_immediate.c
netfilter: nft_immediate: drop chain reference counter on error
2024-01-03 11:17:17 +01:00
nft_inner.c
nf_tables: fix NULL pointer dereference in nft_inner_init()
2023-10-12 10:28:45 +02:00
nft_last.c
nft_limit.c
netfilter: nft_limit: reject configurations that cause integer overflow
2024-01-24 20:01:16 +01:00
nft_log.c
nft_lookup.c
netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options
2023-07-27 13:45:51 +02:00
nft_masq.c
netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options
2023-07-27 13:45:51 +02:00
nft_meta.c
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
2023-11-14 16:16:21 +01:00
nft_nat.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_numgen.c
nft_objref.c
nft_osf.c
netfilter: nft_osf: refactor deprecated strncpy
2023-08-22 15:13:21 +02:00
nft_payload.c
netfilter: nft_payload: fix wrong mac header matching
2023-10-12 10:28:45 +02:00
nft_queue.c
nft_quota.c
nft_range.c
nft_redir.c
netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options
2023-07-27 13:45:51 +02:00
nft_reject_inet.c
nft_reject_netdev.c
nft_reject.c
nft_rt.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_set_bitmap.c
netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST
2023-10-24 13:37:46 +02:00
nft_set_hash.c
netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST
2023-10-24 13:37:46 +02:00
nft_set_pipapo_avx2.c
nft_set_pipapo_avx2.h
nft_set_pipapo.c
netfilter: nft_set_pipapo: prefer gfp_kernel allocation
2023-12-22 12:08:38 +01:00
nft_set_pipapo.h
netfilter: nf_tables: expose opaque set element as struct nft_elem_priv
2023-10-24 13:16:30 +02:00
nft_set_rbtree.c
netfilter: nft_set_rbtree: Remove unused variable nft_net
2023-11-14 16:10:20 +01:00
nft_socket.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_synproxy.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_tproxy.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
nft_tunnel.c
nft_xfrm.c
netfilter: nf_tables: validate NFPROTO_* family
2024-01-24 20:02:40 +01:00
utils.c
x_tables.c
netfilter: x_tables: refactor deprecated strncpy
2023-08-22 15:13:21 +02:00
xt_addrtype.c
xt_AUDIT.c
xt_bpf.c
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c
xt_LOG.c
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_osf.c
xt_owner.c
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
2023-12-06 17:52:15 +01:00
xt_physdev.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
xt_realm.c
xt_recent.c
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
2023-11-08 13:53:36 +01:00
xt_REDIRECT.c
xt_repldata.h
netfilter: xtables: refactor deprecated strncpy
2023-08-22 15:13:21 +02:00
xt_sctp.c
netfilter: xt_sctp: validate the flag_info count
2023-08-30 17:34:01 +02:00
xt_SECMARK.c
xt_set.c
xt_socket.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c
netfilter: xt_u32: validate user space input
2023-08-30 17:34:01 +02:00