linux/net/netfilter
Florian Westphal 03a3ca37e4 netfilter: nf_nat: undo erroneous tcp edemux lookup
Under extremely rare conditions TCP early demux will retrieve the wrong
socket.

1. local machine establishes a connection to a remote server, S, on port
   p.

   This gives:
   laddr:lport -> S:p
   ... both in tcp and conntrack.

2. local machine establishes a connection to host H, on port p2.
   2a. TCP stack choses same laddr:lport, so we have
   laddr:lport -> H:p2 from TCP point of view.
   2b). There is a destination NAT rewrite in place, translating
        H:p2 to S:p.  This results in following conntrack entries:

   I)  laddr:lport -> S:p  (origin)  S:p -> laddr:lport (reply)
   II) laddr:lport -> H:p2 (origin)  S:p -> laddr:lport2 (reply)

   NAT engine has rewritten laddr:lport to laddr:lport2 to map
   the reply packet to the correct origin.

   When server sends SYN/ACK to laddr:lport2, the PREROUTING hook
   will undo-the SNAT transformation, rewriting IP header to
   S:p -> laddr:lport

   This causes TCP early demux to associate the skb with the TCP socket
   of the first connection.

   The INPUT hook will then reverse the DNAT transformation, rewriting
   the IP header to H:p2 -> laddr:lport.

Because packet ends up with the wrong socket, the new connection
never completes: originator stays in SYN_SENT and conntrack entry
remains in SYN_RECV until timeout, and responder retransmits SYN/ACK
until it gives up.

To resolve this, orphan the skb after the input rewrite:
Because the source IP address changed, the socket must be incorrect.
We can't move the DNAT undo to prerouting due to backwards
compatibility, doing so will make iptables/nftables rules to no longer
match the way they did.

After orphan, the packet will be handed to the next protocol layer
(tcp, udp, ...) and that will repeat the socket lookup just like as if
early demux was disabled.

Fixes: 41063e9dd1 ("ipv4: Early TCP socket demux.")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1427
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-02-28 00:25:16 +01:00
..
ipset netfilter: ipset: fix shift-out-of-bounds in htable_bits() 2020-12-17 19:44:52 +01:00
ipvs Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2021-02-06 15:34:23 -08:00
core.c netfilter: add inet ingress support 2020-10-12 01:57:34 +02:00
Kconfig net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
Makefile netfilter: nft_reject: add reject verdict support for netdev 2020-10-31 10:41:00 +01:00
nf_conncount.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_conntrack_acct.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_conntrack_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_core.c netfilter: conntrack: skip identical origin tuple in same zone only 2021-02-09 00:04:14 +01:00
nf_conntrack_ecache.c netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks 2019-10-26 12:36:42 +02:00
nf_conntrack_expect.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_conntrack_extend.c netfilter: conntrack: remove two export symbols 2019-12-17 22:59:31 +01:00
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
nf_conntrack_h323_asn1.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_h323_types.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 484 2019-06-19 17:09:52 +02:00
nf_conntrack_helper.c netfilter: conntrack: Remove a double space in a log message 2021-02-28 00:25:16 +01:00
nf_conntrack_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_labels.c netfilter: not mark a spinlock as __read_mostly 2019-08-27 18:07:03 +02:00
nf_conntrack_netbios_ns.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: remove get_ct indirection 2021-01-25 22:06:11 +01:00
nf_conntrack_pptp.c netfilter: delete repeated words 2020-08-28 20:11:38 +02:00
nf_conntrack_proto_dccp.c netfilter: ctnetlink: add timeout and protoinfo to destroy events 2020-12-12 11:44:42 +01:00
nf_conntrack_proto_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_conntrack_proto_gre.c netfilter: Update obsolete comments referring to ip_conntrack 2019-07-16 13:17:00 +02:00
nf_conntrack_proto_icmp.c netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_conntrack_proto_icmpv6.c netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_conntrack_proto_sctp.c netfilter: ctnetlink: add timeout and protoinfo to destroy events 2020-12-12 11:44:42 +01:00
nf_conntrack_proto_tcp.c netfilter: ctnetlink: add timeout and protoinfo to destroy events 2020-12-12 11:44:42 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: do not auto-delete clash entries on reply 2020-08-29 13:03:06 +02:00
nf_conntrack_proto.c netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled 2020-09-08 13:04:54 +02:00
nf_conntrack_sane.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_seqadj.c netfilter: conntrack, nat: prefer skb_ensure_writable 2019-05-31 18:02:45 +02:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_snmp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_standalone.c netfilter: conntrack: fix reading nf_conntrack_buckets 2021-01-10 09:39:22 +01:00
nf_conntrack_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_timeout.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_conntrack_timestamp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-22 14:49:36 +02:00
nf_flow_table_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-02-10 13:30:12 -08:00
nf_flow_table_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nf_flow_table_ip.c netfilter: flowtable: reduce calls to pskb_may_pull() 2020-10-12 01:58:10 +02:00
nf_flow_table_offload.c net: sched: Pass qdisc reference in struct flow_block_offload 2020-07-13 17:22:21 -07:00
nf_internals.h netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_log_netdev.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_log.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
nf_nat_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-11 00:34:11 +01:00
nf_nat_ftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_helper.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
nf_nat_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_masquerade.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nf_nat_proto.c netfilter: nf_nat: undo erroneous tcp edemux lookup 2021-02-28 00:25:16 +01:00
nf_nat_redirect.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
nf_nat_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_queue.c netfilter: nf_queue: prefer nf_queue_entry_free 2020-03-29 16:28:29 +02:00
nf_sockopt.c netfilter: switch nf_setsockopt to sockptr_t 2020-07-24 15:41:54 -07:00
nf_synproxy_core.c selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
nf_tables_api.c netfilter: nftables: introduce table ownership 2021-02-15 18:17:15 +01:00
nf_tables_core.c netfilter: nf_tables: Implement fast bitwise expression 2020-10-04 21:08:33 +02:00
nf_tables_offload.c netfilter: nftables_offload: set address type in control dissector 2020-11-27 12:10:46 +01:00
nf_tables_trace.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nfnetlink_acct.c netfilter: nfnl_acct: remove data from struct net 2020-12-01 09:45:29 +01:00
nfnetlink_cthelper.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nfnetlink_cttimeout.c netfilter: Use fallthrough pseudo-keyword 2020-07-22 01:18:05 +02:00
nfnetlink_log.c netfilter: ctnetlink: remove get_ct indirection 2021-01-25 22:06:11 +01:00
nfnetlink_osf.c netfilter: nf_osf: avoid passing pointer to local var 2020-04-29 21:17:57 +02:00
nfnetlink_queue.c netfilter: ctnetlink: remove get_ct indirection 2021-01-25 22:06:11 +01:00
nfnetlink.c netfilter: nf_tables: missing validation from the abort path 2020-10-30 12:57:39 +01:00
nft_bitwise.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_byteorder.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_chain_filter.c netfilter: nf_tables: add inet ingress support 2020-10-12 01:57:34 +02:00
nft_chain_nat.c netfilter: nft_chain_nat: inet family is missing module ownership 2020-03-06 18:00:43 +01:00
nft_chain_route.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
nft_cmp.c netfilter: nftables: remove redundant assignment of variable err 2021-02-06 02:43:07 +01:00
nft_compat.c netfilter: nft_compat: remove flush counter optimization 2020-08-10 13:03:36 +02:00
nft_connlimit.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_counter.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_ct.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_dup_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_dynset.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2021-02-06 15:34:23 -08:00
nft_exthdr.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_fib_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_fib_netdev.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_fib.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_flow_offload.c netfilter: conntrack: do not auto-delete clash entries on reply 2020-08-29 13:03:06 +02:00
nft_fwd_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_hash.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_immediate.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_limit.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_log.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
nft_lookup.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_masq.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_meta.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_nat.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_numgen.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_objref.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_osf.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_payload.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_queue.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_quota.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_range.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_redir.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_reject_inet.c netfilter: use actual socket sk for REJECT action 2020-12-01 14:33:55 +01:00
nft_reject_netdev.c netfilter: nft_reject: add reject verdict support for netdev 2020-10-31 10:41:00 +01:00
nft_reject.c netfilter: nft_reject: unify reject init and dump into nft_reject 2020-10-31 10:40:42 +01:00
nft_rt.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_set_bitmap.c netfilter: nf_tables: do not update stateful expressions if lookup is inverted 2020-04-05 23:26:36 +02:00
nft_set_hash.c netfilter: nftables: generalize set extension to support for several expressions 2020-12-12 19:20:24 +01:00
nft_set_pipapo_avx2.c nft_set_pipapo: Prepare for single ranged field usage 2020-03-15 15:27:46 +01:00
nft_set_pipapo_avx2.h x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
nft_set_pipapo.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
nft_set_pipapo.h nft_set_pipapo: Prepare for single ranged field usage 2020-03-15 15:27:46 +01:00
nft_set_rbtree.c netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match 2020-08-21 17:37:36 +02:00
nft_socket.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_synproxy.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_tproxy.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_tunnel.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_xfrm.c netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
utils.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
x_tables.c netfilter: x_tables: Switch synchronization to RCU 2020-12-08 12:57:39 +01:00
xt_addrtype.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_AUDIT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_bpf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_CHECKSUM.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_CLASSIFY.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_cluster.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_comment.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_connlimit.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
xt_connmark.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_CONNSECMARK.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_conntrack.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_cpu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_CT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_dccp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_devgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_dscp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_DSCP.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
xt_ecn.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_esp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_hashlimit.c netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
xt_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_hl.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_HL.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: target v1 - match Android layout 2020-04-05 23:26:37 +02:00
xt_ipcomp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xt_iprange.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-06-25 01:32:59 +02:00
xt_ipvs.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_l2tp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_LED.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164 2019-05-30 11:26:38 -07:00
xt_length.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_limit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_LOG.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_mac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_mark.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_MASQUERADE.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_multiport.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
xt_NETMAP.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_nfacct.c netfilter: Remove unnecessary conversion to bool 2020-12-01 09:45:29 +01:00
xt_NFLOG.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_NFQUEUE.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_osf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
xt_owner.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-06-25 01:32:59 +02:00
xt_physdev.c netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers 2019-09-13 12:32:48 +02:00
xt_pkttype.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_policy.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_quota.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_rateest.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2020-12-27 11:52:26 +01:00
xt_realm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_recent.c netfilter: xt_recent: Fix attempt to update deleted entry 2021-02-04 00:33:08 +01:00
xt_REDIRECT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_SECMARK.c netfilter: cleanup unused macro 2020-03-15 15:20:16 +01:00
xt_set.c netfilter: inline four headers files into another one. 2019-08-13 12:14:26 +02:00
xt_socket.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_state.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_statistic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_string.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_tcpmss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_TCPMSS.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
xt_TCPOPTSTRIP.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
xt_tcpudp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_TEE.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 3 2019-05-21 11:28:40 +02:00
xt_time.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_TPROXY.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_TRACE.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_u32.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00