leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10f7b40e4f
linux/net/ipv6/netfilter
History
Florian Westphal 47a6959fa3 netfilter: allow to turn off xtables compat layer 
The compat layer needs to parse untrusted input (the ruleset)
to translate it to a 64bit compatible format.

We had a number of bugs in this department in the past, so allow users
to turn this feature off.

Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y
to keep existing behaviour.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-04-26 18:16:56 +02:00
..
ip6_tables.c netfilter: allow to turn off xtables compat layer 2021-04-26 18:16:56 +02:00
ip6t_ah.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_eui64.c
ip6t_frag.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_hbh.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_ipv6header.c
ip6t_mh.c
ip6t_NPT.c netfilter: ip6t_NPT: rewrite addresses in ICMPv6 original packet 2020-08-28 19:18:48 +02:00
ip6t_REJECT.c netfilter: use actual socket sk for REJECT action 2020-12-01 14:33:55 +01:00
ip6t_rpfilter.c
ip6t_rt.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_srh.c
ip6t_SYNPROXY.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
ip6table_filter.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_mangle.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_nat.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_raw.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_security.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
Kconfig netfilter: nf_log_ipv6: merge with nf_log_syslog 2021-03-31 00:37:27 +02:00
Makefile netfilter: nf_log_ipv6: merge with nf_log_syslog 2021-03-31 00:37:27 +02:00
nf_conntrack_reasm.c netfilter: nf_defrag_ipv6: use net_generic infra 2021-04-06 00:34:51 +02:00
nf_defrag_ipv6_hooks.c netfilter: disable defrag once its no longer needed 2021-04-26 03:20:07 +02:00
nf_dup_ipv6.c
nf_flow_table_ipv6.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nf_reject_ipv6.c selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
nf_socket_ipv6.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
nf_tproxy_ipv6.c
nft_dup_ipv6.c netfilter: nftables: add nft_parse_register_load() and use it 2021-01-27 22:53:29 +01:00
nft_fib_ipv6.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_reject_ipv6.c netfilter: use actual socket sk for REJECT action 2020-12-01 14:33:55 +01:00