shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 10:42:58 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
052d22acd7da3ee89c119fc5eb45d3e3ac9d4b2a
linux/include/net/netfilter
History
Pablo Neira Ayuso ef87cd8132 netfilter: nf_tables: validate catch-all set elements 
[ Upstream commit d46fc89414 ]

catch-all set element might jump/goto to chain that uses expressions
that require validation.

Fixes: aaa31047a6 ("netfilter: nftables: add catch-all set element support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-26 14:28:33 +02:00
..
ipv4
netfilter: disable defrag once its no longer needed
2021-04-26 03:20:07 +02:00
ipv6
netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1
2021-09-28 13:04:55 +02:00
br_netfilter.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_acct.h
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_conntrack_act_ct.h
net/sched: act_ct: Fill offloading tuple iifidx
2022-01-04 12:12:55 +00:00
nf_conntrack_bpf.h
net: netfilter: move bpf_ct_set_nat_info kfunc in nf_nat_bpf.c
2022-10-03 09:17:32 -07:00
nf_conntrack_bridge.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_core.h
net: netfilter: Remove ifdefs for code shared by BPF and ctnetlink
2022-08-09 09:41:54 -07:00
nf_conntrack_count.h
netfilter: nf_conncount: reduce unnecessary GC
2022-05-16 13:05:40 +02:00
nf_conntrack_ecache.h
netfilter: prefer extension check to pointer check
2022-05-13 18:56:28 +02:00
nf_conntrack_expect.h
netfilter: fix coding-style errors.
2019-09-13 11:39:38 +02:00
nf_conntrack_extend.h
netfilter: extensions: introduce extension genid count
2022-05-13 18:52:16 +02:00
nf_conntrack_helper.h
netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()
2022-03-20 00:29:35 +01:00
nf_conntrack_l4proto.h
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_labels.h
netfilter: extensions: introduce extension genid count
2022-05-13 18:52:16 +02:00
nf_conntrack_seqadj.h
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_conntrack_synproxy.h
netfilter: conntrack: wrap two inline functions in config checks.
2019-09-13 12:47:10 +02:00
nf_conntrack_timeout.h
netfilter: nf_conntrack: add missing __rcu annotations
2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.h
netfilter: conntrack: remove extension register api
2022-02-04 06:30:28 +01:00
nf_conntrack_tuple.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_zones.h
netfilter: conntrack: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h.
2019-09-13 12:47:41 +02:00
nf_conntrack.h
netfilter: remove nf_conntrack_helper sysctl and modparam toggles
2022-08-31 12:12:32 +02:00
nf_dup_netdev.h
netfilter: nft_{fwd,dup}_netdev: add offload support
2019-09-10 22:44:29 +02:00
nf_flow_table.h
netfilter: flowtable: fix stuck flows on cleanup due to pending work
2022-08-24 07:43:21 +02:00
nf_hooks_lwtunnel.h
netfilter: add netfilter hooks to SRv6 data plane
2021-08-30 01:51:36 +02:00
nf_log.h
netfilter: nf_log_common: merge with nf_log_syslog
2021-03-31 22:34:10 +02:00
nf_nat_helper.h
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_masquerade.h
netfilter: update include directives.
2019-09-13 12:33:06 +02:00
nf_nat_redirect.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
nf_nat.h
netfilter: nf_nat: in nf_nat_initialized(), use const struct nf_conn *
2022-07-14 00:24:06 +02:00
nf_queue.h
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
nf_reject.h
netfilter: conntrack: skip verification of zero UDP checksum
2022-05-13 18:56:28 +02:00
nf_socket.h
netfilter: Decrease code duplication regarding transparent socket option
2018-06-03 00:02:01 +02:00
nf_synproxy.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_tables_core.h
netfilter: nf_tables: move nft_cmp_fast_mask to where its used
2022-07-11 16:40:46 +02:00
nf_tables_ipv4.h
netfilter: nf_tables: convert pktinfo->tprot_set to flags field
2021-11-01 09:30:20 +01:00
nf_tables_ipv6.h
netfilter: nf_tables: convert pktinfo->tprot_set to flags field
2021-11-01 09:30:20 +01:00
nf_tables_offload.h
netfilter: nf_tables: bail out early if hardware offload is not supported
2022-06-06 19:19:15 +02:00
nf_tables.h
netfilter: nf_tables: validate catch-all set elements
2023-04-26 14:28:33 +02:00
nf_tproxy.h
netfilter: tproxy: fix deadlock due to missing BH disable
2023-03-17 08:50:25 +01:00
nft_fib.h
netfilter: nft_fib: add reduce support
2022-03-20 00:29:47 +01:00
nft_meta.h
netfilter: nft_meta: extend reduce support to bridge family
2022-03-20 00:29:46 +01:00
nft_reject.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
xt_rateest.h
net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types
2021-10-18 12:54:41 +01:00