shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-02 11:13:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
9fb2fc4e281e637ffc32aee9e2afeef0efdf2c73
linux/net/netfilter
History
Vasily Averin a7de505c4f netfilter: x_tables: gpf inside xt_find_revision() 
commit 8e24edddad upstream.

nested target/match_revfn() calls work with xt[NFPROTO_UNSPEC] lists
without taking xt[NFPROTO_UNSPEC].mutex. This can race with module unload
and cause host to crash:

general protection fault: 0000 [#1]
Modules linked in: ... [last unloaded: xt_cluster]
CPU: 0 PID: 542455 Comm: iptables
RIP: 0010:[<ffffffff8ffbd518>]  [<ffffffff8ffbd518>] strcmp+0x18/0x40
RDX: 0000000000000003 RSI: ffff9a5a5d9abe10 RDI: dead000000000111
R13: ffff9a5a5d9abe10 R14: ffff9a5a5d9abd8c R15: dead000000000100
(VvS: %R15 -- &xt_match,  %RDI -- &xt_match.name,
xt_cluster unregister match in xt[NFPROTO_UNSPEC].match list)
Call Trace:
 [<ffffffff902ccf44>] match_revfn+0x54/0xc0
 [<ffffffff902ccf9f>] match_revfn+0xaf/0xc0
 [<ffffffff902cd01e>] xt_find_revision+0x6e/0xf0
 [<ffffffffc05a5be0>] do_ipt_get_ctl+0x100/0x420 [ip_tables]
 [<ffffffff902cc6bf>] nf_getsockopt+0x4f/0x70
 [<ffffffff902dd99e>] ip_getsockopt+0xde/0x100
 [<ffffffff903039b5>] raw_getsockopt+0x25/0x50
 [<ffffffff9026c5da>] sock_common_getsockopt+0x1a/0x20
 [<ffffffff9026b89d>] SyS_getsockopt+0x7d/0xf0
 [<ffffffff903cbf92>] system_call_fastpath+0x25/0x2a

Fixes: 656caff20e ("netfilter 04/09: x_tables: fix match/target revision lookup")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-16 10:46:20 +09:00
..
ipset
netfilter: ipset: fix shift-out-of-bounds in htable_bits()
2023-05-16 10:25:31 +09:00
ipvs
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
2023-05-16 09:40:13 +09:00
core.c
Fix handling of verdicts after NF_QUEUE
2017-12-16 16:25:46 +01:00
Kconfig
ANDROID: netfilter: xt_quota2: make quota2_log work well
2017-01-27 13:55:12 -08:00
Makefile
ANDROID: netfilter: fixup the quota2, and enable.
2017-01-19 13:32:11 -08:00
nf_conntrack_acct.c
netfilter: Remove uses of seq_<foo> return values
2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_core.c
netfilter: conntrack: skip identical origin tuple in same zone only
2023-05-16 10:36:02 +09:00
nf_conntrack_ecache.c
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
2017-10-08 10:26:09 +02:00
nf_conntrack_expect.c
netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
2017-10-21 17:21:34 +02:00
nf_conntrack_extend.c
netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
2017-08-24 17:12:18 -07:00
nf_conntrack_ftp.c
netfilter: nf_conntrack_ftp: Fix debug output
2023-05-15 14:30:54 +09:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c
netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
2023-05-16 08:29:31 +09:00
nf_conntrack_h323_types.c
[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper
2008-01-31 19:28:07 -08:00
nf_conntrack_helper.c
netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink
2018-03-24 11:00:14 +01:00
nf_conntrack_irc.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_l3proto_generic.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c
netfilter: connlabels: move set helper to xt_connlabel
2016-07-22 17:05:10 +02:00
nf_conntrack_netbios_ns.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c
netfilter: ctnetlink: add a range check for l3/l4 protonum
2023-05-16 09:23:54 +09:00
nf_conntrack_pptp.c
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
2023-05-15 17:30:41 +09:00
nf_conntrack_proto_dccp.c
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
2023-05-12 17:07:53 +09:00
nf_conntrack_proto_generic.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_gre.c
netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
2016-09-07 10:36:52 +02:00
nf_conntrack_proto_sctp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_tcp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udplite.c
netfilter: conntrack: Only need first 4 bytes to get l4proto ports
2016-08-12 00:41:08 +02:00
nf_conntrack_proto.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_sane.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_seqadj.c
netfilter: seqadj: re-load tcp header pointer after possible head reallocation
2023-05-15 10:54:12 +09:00
nf_conntrack_sip.c
netfilter: nf_conntrack_sip: fix wrong memory initialisation
2017-06-17 06:41:49 +02:00
nf_conntrack_snmp.c
netfilter: nf_ct_snmp: add include file
2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c
netfilter: conntrack: fix reading nf_conntrack_buckets
2023-05-16 10:26:45 +09:00
nf_conntrack_tftp.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_timeout.c
netfilter: cttimeout: add netns support
2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.c
netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion
2013-12-20 14:58:29 +01:00
nf_dup_netdev.c
net: remove skb_sender_cpu_clear()
2016-03-01 17:36:47 -05:00
nf_internals.h
netfilter: fix nf_queue handling
2016-10-20 19:59:59 +02:00
nf_log_common.c
netfilter: nf_log: get rid of XT_LOG_* macros
2016-09-25 23:16:45 +02:00
nf_log.c
netfilter: nf_log: fix uninit read in nf_log_proc_dostring
2023-05-12 17:05:11 +09:00
nf_nat_amanda.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_nat_core.c
netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info
2023-05-15 09:08:29 +09:00
nf_nat_ftp.c
BACKPORT: treewide: Fix function prototypes for module_param_call()
2018-02-28 15:09:58 -08:00
nf_nat_helper.c
netfilter: nf_conntrack: make sequence number adjustments usuable without NAT
2013-08-28 00:26:48 +02:00
nf_nat_irc.c
BACKPORT: treewide: Fix function prototypes for module_param_call()
2018-02-28 15:09:58 -08:00
nf_nat_proto_common.c
netfilter: nat: cope with negative port range
2018-03-18 11:18:53 +01:00
nf_nat_proto_dccp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_sctp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udplite.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_unknown.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_redirect.c
netfilter: nf_nat_redirect: add missing NULL pointer check
2015-10-27 06:54:56 +01:00
nf_nat_sip.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_queue.c
netfilter: fix nf_queue handling
2016-10-20 19:59:59 +02:00
nf_sockopt.c
netfilter: don't use mutex_lock_interruptible()
2014-08-08 16:47:23 +02:00
nf_synproxy_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2015-09-05 21:57:42 -07:00
nf_tables_api.c
netfilter: nf_tables: add NFTA_SET_USERDATA if not null
2023-05-16 09:04:23 +09:00
nf_tables_core.c
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
2018-07-11 16:26:42 +02:00
nf_tables_inet.c
netfilter: Add the missed return value check of nft_register_chain_type
2016-09-12 19:54:45 +02:00
nf_tables_netdev.c
netfilter: Add the missed return value check of nft_register_chain_type
2016-09-12 19:54:45 +02:00
nf_tables_trace.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-09-25 23:34:19 +02:00
nfnetlink_acct.c
netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
2016-08-25 13:11:00 +02:00
nfnetlink_cthelper.c
netfilter: cthelper: add missing attribute validation for cthelper
2023-05-15 17:09:37 +09:00
nfnetlink_cttimeout.c
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
2017-10-08 10:26:09 +02:00
nfnetlink_log.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
nfnetlink_queue.c
netfilter: nf_queue: augment nfqa_cfg_policy
2018-07-17 11:37:54 +02:00
nfnetlink.c
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
2023-05-15 14:16:54 +09:00
nft_bitwise.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_byteorder.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_cmp.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_compat.c
netfilter: nft_compat: fix crash when related match/target module is removed
2016-07-23 12:25:00 +02:00
nft_counter.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nft_ct.c
netfilter: nf_tables: fix mismatch in big-endian system
2023-05-15 11:34:44 +09:00
nft_dup_netdev.c
netfilter: nf_tables: add packet duplication to the netdev family
2016-01-03 21:04:23 +01:00
nft_dynset.c
netfilter: nft_dynset: add timeout extension to template
2023-05-16 10:33:28 +09:00
nft_exthdr.c
netfilter: nft_exthdr: fix error handling in nft_exthdr_init()
2016-10-17 17:43:54 +02:00
nft_fwd_netdev.c
netfilter: nft_fwd_netdev: validate family and chain type
2023-05-15 17:11:55 +09:00
nft_hash.c
netfilter: nft_hash: validate maximum value of u32 netlink hash attribute
2016-11-24 14:40:03 +01:00
nft_immediate.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_limit.c
netfilter: nft_limit: fix divided by zero panic
2016-10-04 08:59:03 +02:00
nft_log.c
netfilter: nft_log: restrict the log prefix length to 127
2017-06-17 06:41:58 +02:00
nft_lookup.c
netfilter: nft_lookup: remove superfluous element found check
2016-09-23 09:30:48 +02:00
nft_masq.c
netfilter: nft_masq: support port range
2016-03-02 20:05:27 +01:00
nft_meta.c
netfilter: nf_tables: fix mismatch in big-endian system
2023-05-15 11:34:44 +09:00
nft_nat.c
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
2023-05-15 17:33:35 +09:00
nft_numgen.c
netfilter: nft_numgen: add number generation offset
2016-09-22 16:33:05 +02:00
nft_payload.c
netfilter: nf_tables: fix destination register zeroing
2023-05-16 09:04:25 +09:00
nft_queue.c
netfilter: nft_queue: use raw_smp_processor_id()
2017-11-30 08:39:14 +00:00
nft_quota.c
netfilter: nft_quota: introduce nft_overquota()
2016-09-07 11:02:06 +02:00
nft_range.c
netfilter: nft_range: add the missing NULL pointer check
2016-11-24 14:43:35 +01:00
nft_redir.c
netfilter: nf_tables: add register parsing/dumping helpers
2015-04-13 17:17:28 +02:00
nft_reject_inet.c
netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
2016-08-25 12:55:34 +02:00
nft_reject.c
netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
2016-08-25 12:55:34 +02:00
nft_set_hash.c
netfilter: nf_tables: fix race when create new element in dynset
2016-10-27 18:22:02 +02:00
nft_set_rbtree.c
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
2023-05-15 12:36:41 +09:00
x_tables.c
netfilter: x_tables: gpf inside xt_find_revision()
2023-05-16 10:46:20 +09:00
xt_addrtype.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_AUDIT.c
netfilter: Convert uses of __constant_<foo> to <foo>
2014-03-13 14:13:19 +01:00
xt_bpf.c
BACKPORT: fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'"
2018-03-14 11:39:19 -07:00
xt_cgroup.c
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
2018-02-25 11:05:43 +01:00
xt_CHECKSUM.c
netfilter: add CHECKSUM target
2010-07-15 17:20:46 +02:00
xt_CLASSIFY.c
netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table
2010-11-15 13:57:56 +01:00
xt_cluster.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_comment.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_connbytes.c
netfilter: Convert pr_warning to pr_warn
2014-09-10 12:40:10 -07:00
xt_connlabel.c
netfilter: connlabels: move set helper to xt_connlabel
2016-07-22 17:05:10 +02:00
xt_connlimit.c
netfilter: Enhance the codes used to get random once
2016-09-23 09:30:36 +02:00
xt_connmark.c
netfilter: connmark: ignore skbs with magic untracked conntrack objects
2016-11-08 23:53:36 +01:00
xt_CONNSECMARK.c
netfilter: xtables: substitute temporary defines by final name
2010-05-11 18:31:17 +02:00
xt_conntrack.c
netfilter: use_nf_conn_expires helper in more places
2016-08-12 00:43:13 +02:00
xt_cpu.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_CT.c
netfilter: xt_CT: fix refcnt leak on error path
2018-03-24 11:00:14 +01:00
xt_dccp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_devgroup.c
netfilter: xtables: add device group match
2011-02-03 00:05:43 +01:00
xt_dscp.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_DSCP.c
netfilter: fix various sparse warnings
2014-11-13 12:14:42 +01:00
xt_ecn.c
netfilter: xtables: collapse conditions in xt_ecn
2011-12-27 20:45:25 +01:00
xt_esp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_hashlimit.c
netfilter: xt_hashlimit: limit the max size of hashtable
2023-05-15 17:00:56 +09:00
xt_helper.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
xt_hl.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HL.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HMARK.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c
netfilter: xt_IDLETIMER: add sysfs filename checking routine
2023-05-15 09:51:25 +09:00
xt_ipcomp.c
netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name
2016-10-17 17:38:19 +02:00
xt_iprange.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-04 14:28:58 -08:00
xt_ipvs.c
ipvs: Pass ipvs into conn_out_get
2015-09-24 09:34:41 +09:00
xt_l2tp.c
netfilter: introduce l2tp match extension
2014-01-09 21:36:39 +01:00
xt_LED.c
netfilter: x_tables: fix missing timer initialization in xt_LED
2018-03-18 11:18:53 +01:00
xt_length.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_limit.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_LOG.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_mac.c
netfilter: Convert compare_ether_addr to ether_addr_equal
2012-05-09 20:49:18 -04:00
xt_mark.c
netfilter: xt_MARK: Add ARP support
2015-05-14 13:00:27 +02:00
xt_multiport.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_nat.c
netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets
2012-10-15 13:39:12 +02:00
xt_NETMAP.c
netfilter: combine ipt_NETMAP and ip6t_NETMAP
2012-09-21 12:11:08 +02:00
xt_nfacct.c
netfilter: nfnetlink_acct: report overquota to the right netns
2016-08-18 00:38:23 +02:00
xt_NFLOG.c
netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-17 17:38:19 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: separate reusable code
2013-12-07 23:20:45 +01:00
xt_osf.c
netfilter: xt_osf: Add missing permission checks
2018-01-31 12:55:52 +01:00
xt_owner.c
netfilter: Allow xt_owner in any user namespace
2016-06-23 13:58:55 +02:00
xt_physdev.c
netfilter: physdev: relax br_netfilter dependency
2023-05-15 12:21:38 +09:00
xt_pkttype.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_policy.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_qtaguid_internal.h
ANDROID: Use sk_uid to replace uid get from socket file
2017-09-21 10:39:35 -07:00
xt_qtaguid_print.c
ANDROID: Add untag hacks to inet_release function
2017-05-09 03:03:11 +00:00
xt_qtaguid_print.h
ANDROID: netfilter: add xt_qtaguid matching module
2017-01-19 13:32:09 -08:00
xt_qtaguid.c
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
2023-05-16 10:25:52 +09:00
xt_quota2.c
ANDROID: fix a bug in quota2
2023-05-16 08:54:26 +09:00
xt_quota.c
net: Fix files explicitly needing to include module.h
2011-10-31 19:30:28 -04:00
xt_rateest.c
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
xt_RATEEST.c
netfilter: xt_RATEEST: reject non-null terminated string from userspace
2023-05-16 10:25:32 +09:00
xt_realm.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_recent.c
netfilter: xt_recent: Fix attempt to update deleted entry
2023-05-16 10:35:59 +09:00
xt_REDIRECT.c
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
2014-11-27 13:08:42 +01:00
xt_repldata.h
net: netfilter: LLVMLinux: vlais-netfilter
2014-06-07 11:44:39 -07:00
xt_sctp.c
sctp: rename WORD_TRUNC/ROUND macros
2016-09-22 03:13:26 -04:00
xt_SECMARK.c
secmark: make secmark object handling generic
2010-10-21 10:12:48 +11:00
xt_set.c
netfilter: ipset: Fix coding styles reported by checkpatch.pl
2015-06-14 10:40:18 +02:00
xt_socket.c
ANDROID: net: xt_qtaguid/xt_socket: fix refcount underflow and crash
2017-01-19 13:32:31 -08:00
xt_state.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_statistic.c
net: replace macros net_random and net_srandom with direct calls to prandom
2014-01-14 15:15:25 -08:00
xt_string.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
xt_tcpmss.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TCPMSS.c
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
2017-07-05 14:40:16 +02:00
xt_TCPOPTSTRIP.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
xt_tcpudp.c
netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
2016-07-03 10:55:07 +02:00
xt_TEE.c
netfilter: Add the missed return value check of register_netdevice_notifier
2016-09-12 19:54:43 +02:00
xt_time.c
netfilter: xt_time: add support to ignore day transition
2012-09-24 14:29:01 +02:00
xt_TPROXY.c
netfilter: tproxy: properly refcount tcp listeners
2016-08-18 00:51:13 +02:00
xt_TRACE.c
netfilter: xt_TRACE: add explicitly nf_logger_find_get call
2016-06-23 13:26:49 +02:00
xt_u32.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00