summaryrefslogtreecommitdiff
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
2024-04-13netfilter: nf_tables: discard table flag update with pending basechain deletionPablo Neira Ayuso1-1/+19
2024-04-13netfilter: nf_tables: release mutex after nft_gc_seq_end from abort pathPablo Neira Ayuso1-5/+8
2024-04-13netfilter: nf_tables: release batch on table validation from abort pathPablo Neira Ayuso1-5/+9
2024-04-10netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()Ziyang Xuan1-2/+7
2024-04-10netfilter: nf_tables: flush pending destroy work before exit_net releasePablo Neira Ayuso1-0/+1
2024-04-10netfilter: nf_tables: reject new basechain after table flag updatePablo Neira Ayuso1-0/+3
2024-04-03netfilter: nf_tables: reject constant set with timeoutPablo Neira Ayuso1-0/+3
2024-04-03netfilter: nf_tables: disallow anonymous set with timeout flagPablo Neira Ayuso1-0/+3
2024-04-03netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeoutPablo Neira Ayuso1-0/+1
2024-03-27netfilter: nf_tables: do not compare internal table flags on updatesPablo Neira Ayuso1-1/+1
2024-03-27netfilter: nft_set_pipapo: release elements in clone only from destroy pathPablo Neira Ayuso1-4/+1
2024-03-15netfilter: nf_conntrack_h323: Add protection for bmp length out of rangeLena Wang1-0/+4
2024-03-15netfilter: nft_ct: fix l3num expectations with inet pseudo familyFlorian Westphal1-6/+5
2024-03-06netfilter: bridge: confirm multicast packets before passing them up the stackFlorian Westphal1-0/+1
2024-03-06netfilter: let reset rules clean out conntrack entriesFlorian Westphal3-0/+63
2024-03-06netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()Ignat Korchagin1-0/+20
2024-03-06netfilter: nf_tables: disallow timeout for anonymous setsPablo Neira Ayuso1-0/+7
2024-03-01netfilter: nf_tables: use kzalloc for hook allocationFlorian Westphal1-1/+1
2024-03-01netfilter: nf_tables: register hooks last when adding new chain/flowtablePablo Neira Ayuso1-38/+40
2024-03-01netfilter: nf_tables: rename function to destroy hook listPablo Neira Ayuso1-4/+4
2024-03-01netfilter: nft_flow_offload: release dst in case direct xmit path is usedPablo Neira Ayuso1-0/+1
2024-03-01netfilter: nft_flow_offload: reset dst in route object after setting up flowPablo Neira Ayuso1-3/+13
2024-03-01netfilter: flowtable: simplify route logicPablo Neira Ayuso2-25/+11
2024-03-01netfilter: nf_tables: set dormant flag on hook register failureFlorian Westphal1-0/+1
2024-03-01netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_newXin Long1-1/+1
2024-02-23netfilter: ipset: Missing gc cancellations fixedJozsef Kadlecsik2-2/+4
2024-02-23netfilter: ipset: fix performance regression in swap operationJozsef Kadlecsik4-18/+61
2024-02-23work around gcc bugs with 'asm goto' with outputsLinus Torvalds1-1/+1
2024-02-16netfilter: nft_set_rbtree: skip end interval element from gcPablo Neira Ayuso1-3/+3
2024-02-16netfilter: nft_set_pipapo: remove scratch_aligned pointerFlorian Westphal3-39/+10
2024-02-16netfilter: nft_set_pipapo: add helper to release pcpu scratch areaFlorian Westphal1-5/+23
2024-02-16netfilter: nft_set_pipapo: store index in scratch mapsFlorian Westphal3-26/+44
2024-02-16netfilter: nft_ct: reject direction for ct idPablo Neira Ayuso1-0/+3
2024-02-16netfilter: nft_compat: restrict match/target protocol to u16Pablo Neira Ayuso1-1/+7
2024-02-16netfilter: nft_compat: reject unused compat flagPablo Neira Ayuso1-1/+2
2024-02-16netfilter: nft_compat: narrow down revision to unsigned 8-bitsPablo Neira Ayuso1-3/+3
2024-02-05netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectationsPablo Neira Ayuso1-0/+24
2024-02-05netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting loggerPablo Neira Ayuso1-3/+4
2024-02-05netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEVPablo Neira Ayuso2-5/+10
2024-02-05netfilter: conntrack: correct window scaling with retransmitted SYNRyan Schaefer1-4/+6
2024-02-01netfilter: nf_tables: reject QUEUE/DROP verdict parametersFlorian Westphal1-10/+6
2024-02-01netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechainPablo Neira Ayuso1-2/+9
2024-02-01netfilter: nf_tables: validate NFPROTO_* familyPablo Neira Ayuso8-2/+47
2024-02-01netfilter: nf_tables: restrict anonymous set and map names to 16 bytesFlorian Westphal1-0/+4
2024-02-01netfilter: nft_limit: reject configurations that cause integer overflowFlorian Westphal1-7/+16
2024-01-26ipvs: avoid stat macros calls from preemptible contextFedor Pchelkin1-2/+2
2024-01-26netfilter: nf_tables: reject NFT_SET_CONCAT with not field length descriptionPablo Neira Ayuso1-1/+5
2024-01-26netfilter: nf_tables: skip dead set elements in netlink dumpPablo Neira Ayuso1-1/+1
2024-01-26netfilter: nf_tables: do not allow mismatch field size and set key lengthPablo Neira Ayuso1-1/+5
2024-01-26netfilter: propagate net to nf_bridge_get_physindevPavel Tikhomirov4-12/+13
generated by cgit v1.2.3 (git 2.39.0) at 2026-01-14 19:19:28 +0300