summaryrefslogtreecommitdiff
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
2026-04-18netfilter: nft_ct: fix use-after-free in timeout object destroyTuan Do1-1/+1
2026-04-18netfilter: ipset: drop logically empty buckets in mtype_delYifan Wu1-1/+1
2026-04-18netfilter: nf_tables: reject immediate NF_QUEUE verdictPablo Neira Ayuso1-2/+5
2026-04-18netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for N...Pablo Neira Ayuso1-0/+23
2026-04-18netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absentQi Tang1-0/+6
2026-04-18netfilter: nf_conntrack_helper: pass helper to expect cleanupQi Tang1-1/+1
2026-04-18netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attrFlorian Westphal2-4/+4
2026-04-18netfilter: x_tables: ensure names are nul-terminatedFlorian Westphal2-0/+11
2026-04-18netfilter: nfnetlink_log: account for netlink header sizeFlorian Westphal1-1/+1
2026-04-18netfilter: ctnetlink: use netlink policy range checksDavid Carlier2-18/+8
2026-04-18netlink: introduce bigendian integer typesFlorian Westphal1-3/+3
2026-04-18netfilter: nft_payload: reject out-of-range attributes via policyFlorian Westphal1-3/+3
2026-04-18netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdpWeiming Shi1-4/+10
2026-04-18netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOADWeiming Shi1-6/+2
2026-04-18netfilter: nft_set_pipapo: split gc into unlink and reclaim phaseFlorian Westphal3-15/+35
2026-04-18nfnetlink_osf: validate individual option lengths in fingerprintsWeiming Shi1-0/+13
2026-04-18netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()Jenny Guanni Qu1-0/+2
2026-04-18netfilter: xt_time: use unsigned int for monthday bit shiftJenny Guanni Qu1-2/+2
2026-04-18netfilter: xt_CT: drop pending enqueued packets on template removalPablo Neira Ayuso1-0/+4
2026-04-18netfilter: nft_ct: drop pending enqueued packets on removalPablo Neira Ayuso1-0/+4
2026-04-18netfilter: nft_ct: add seqadj extension for natted connectionsAndrii Melnychenko1-0/+5
2026-04-18netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS caseJenny Guanni Qu1-0/+2
2026-04-18netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()Lukas Johannes Möller1-1/+5
2026-04-18netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()Hyunwoo Kim1-1/+25
2026-04-18netfilter: ctnetlink: remove refcounting in expectation dumpersFlorian Westphal1-24/+17
2026-04-18netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labelsYuan Tan1-0/+6
2026-04-18netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()Hyunwoo Kim1-4/+4
2026-04-18netfilter: nfnetlink_queue: fix entry leak in bridge verdict error pathHyunwoo Kim1-1/+3
2026-04-18netfilter: x_tables: guard option walkers against 1-byte tail readsDavid Dull2-4/+6
2026-04-18netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()Jenny Guanni Qu1-1/+2
2026-03-04netfilter: nf_conntrack_h323: fix OOB read in decode_choice()Vahagn Vardanian1-1/+1
2026-03-04netfilter: xt_tcpmss: check remaining length before reading optlenFlorian Westphal1-1/+1
2026-03-04netfilter: nf_conntrack: Add allow_clash to generic protocol handlerYuto Hamaguchi1-0/+1
2026-03-04netfilter: nf_conntrack_h323: don't pass uninitialised l3num valueFlorian Westphal1-5/+5
2026-03-04netfilter: nft_set_rbtree: check for partial overlaps in anonymous setsPablo Neira Ayuso1-5/+25
2026-03-04netfilter: nft_set_hash: fix get operation on big endianFlorian Westphal1-2/+7
2026-03-04netfilter: nf_conncount: fix tracking of connections from localhostFernando Fernandez Mancera1-2/+13
2026-03-04netfilter: nf_conncount: increase the connection clean up limit to 64Fernando Fernandez Mancera1-5/+10
2026-03-04netfilter: nf_conncount: make nf_conncount_gc_list() to disable BHFernando Fernandez Mancera2-13/+18
2026-02-11netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAXPablo Neira Ayuso1-0/+8
2026-02-06netfilter: nf_tables: typo NULL check in _clone() functionPablo Neira Ayuso1-1/+1
2026-01-19netfilter: nf_conncount: update last_gc only when GC has been performedFernando Fernandez Mancera1-1/+1
2026-01-19netfilter: nft_synproxy: avoid possible data-race on update operationFernando Fernandez Mancera1-3/+3
2026-01-19ipvs: fix ipv4 null-ptr-deref in route error pathSlavin Liu1-0/+3
2026-01-19netfilter: nf_conncount: fix leaked ct in error pathsFernando Fernandez Mancera1-11/+14
2026-01-19netfilter: nft_connlimit: memleak if nf_ct_netns_get() failsPablo Neira Ayuso1-1/+10
2026-01-19netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap ...Nicklas Bo Jensen1-2/+2
2026-01-19netfilter: nft_connlimit: update the count if add was skippedFernando Fernandez Mancera2-6/+19
2026-01-19netfilter: nf_conncount: rework API to use sk_buff directlyFernando Fernandez Mancera3-86/+126
2026-01-19netfilter: nf_conncount: reduce unnecessary GCWilliam Tu1-0/+11
generated by cgit v1.2.3 (git 2.39.0) at 2026-05-27 16:35:05 +0300