25 Jun, 2020
1 commit
-
The user tool modinfo is used to get information on kernel modules, including a
description where it is available.This patch adds a brief MODULE_DESCRIPTION to netfilter kernel modules
(descriptions taken from Kconfig file or code comments)Signed-off-by: Rob Gill
Signed-off-by: Pablo Neira Ayuso
10 Dec, 2019
1 commit
-
Replace all the occurrences of FIELD_SIZEOF() with sizeof_field() except
at places where these are defined. Later patches will remove the unused
definition of FIELD_SIZEOF().This patch is generated using following script:
EXCLUDE_FILES="include/linux/stddef.h|include/linux/kernel.h"
git grep -l -e "\bFIELD_SIZEOF\b" | while read file;
doif [[ "$file" =~ $EXCLUDE_FILES ]]; then
continue
fi
sed -i -e 's/\bFIELD_SIZEOF\b/sizeof_field/g' $file;
doneSigned-off-by: Pankaj Bharadiya
Link: https://lore.kernel.org/r/20190924105839.110713-3-pankaj.laxminarayan.bharadiya@intel.com
Co-developed-by: Kees Cook
Signed-off-by: Kees Cook
Acked-by: David Miller # for net
16 Jul, 2019
1 commit
-
Fix expression for autoloading.
Fixes: 5142967ab524 ("netfilter: nf_tables: fix module autoload with inet family")
Signed-off-by: Christian Hesse
Signed-off-by: Pablo Neira Ayuso
22 Jun, 2019
1 commit
-
Pull networking fixes from David Miller:
1) Fix leak of unqueued fragments in ipv6 nf_defrag, from Guillaume
Nault.2) Don't access the DDM interface unless the transceiver implements it
in bnx2x, from Mauro S. M. Rodrigues.3) Don't double fetch 'len' from userspace in sock_getsockopt(), from
JingYi Hou.4) Sign extension overflow in lio_core, from Colin Ian King.
5) Various netem bug fixes wrt. corrupted packets from Jakub Kicinski.
6) Fix epollout hang in hvsock, from Sunil Muthuswamy.
7) Fix regression in default fib6_type, from David Ahern.
8) Handle memory limits in tcp_fragment more appropriately, from Eric
Dumazet.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (24 commits)
tcp: refine memory limit test in tcp_fragment()
inet: clear num_timeout reqsk_alloc()
net: mvpp2: debugfs: Add pmap to fs dump
ipv6: Default fib6_type to RTN_UNICAST when not set
net: hns3: Fix inconsistent indenting
net/af_iucv: always register net_device notifier
net/af_iucv: build proper skbs for HiperTransport
net/af_iucv: remove GFP_DMA restriction for HiperTransport
net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge()
hvsock: fix epollout hang from race condition
net/udp_gso: Allow TX timestamp with UDP GSO
net: netem: fix use after free and double free with packet corruption
net: netem: fix backlog accounting for corrupted GSO frames
net: lio_core: fix potential sign-extension overflow on large shift
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
tun: wake up waitqueues after IFF_UP is set
net: remove duplicate fetch in sock_getsockopt
tipc: fix issues with early FAILOVER_MSG from peer
...
19 Jun, 2019
1 commit
-
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundationthis program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Enrico Weigelt
Reviewed-by: Kate Stewart
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman
01 Jun, 2019
1 commit
-
Use MODULE_ALIAS_NFT_EXPR() to make happy the inet family with nat.
Fixes: 63ce3940f3ab ("netfilter: nft_redir: add inet support")
Fixes: 071657d2c38c ("netfilter: nft_masq: add inet support")
Signed-off-by: Pablo Neira Ayuso
09 Apr, 2019
2 commits
-
allows to redirect both ipv4 and ipv6 with a single rule in an
inet nat table.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
Fix sparse warning:
net/netfilter/nft_redir.c:85:5:
warning: symbol 'nft_redir_dump' was not declared. Should it be static?Signed-off-by: YueHaibing
Signed-off-by: Pablo Neira Ayuso
18 Mar, 2019
1 commit
-
AF_INET4 does not exist.
Fixes: c78efc99c750 ("netfilter: nf_tables: nat: merge nft_redir protocol specific modules)"
Signed-off-by: Pablo Neira Ayuso
01 Mar, 2019
1 commit
-
before:
text data bss dec hex filename
990 832 0 1822 71e nft_redir.ko
697 896 0 1593 639 nft_redir_ipv4.ko
713 896 0 1609 649 nft_redir_ipv6.koafter:
text data bss dec hex filename
1910 960 0 2870 b36 nft_redir.kosize is reduced, all helpers from nft_redir.ko can be made static.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
10 Jan, 2018
1 commit
-
Place all existing user defined tables in struct net *, instead of
having one list per family. This saves us from one level of indentation
in netlink dump functions.Place pointer to struct nft_af_info in struct nft_table temporarily, as
we still need this to put back reference module reference counter on
table removal.This patch comes in preparation for the removal of struct nft_af_info.
Signed-off-by: Pablo Neira Ayuso
07 Mar, 2017
1 commit
-
When we want to validate the expr's dependency or hooks, we must do two
things to accomplish it. First, write a X_validate callback function
and point ->validate to it. Second, call X_validate in init routine.
This is very common, such as fib, nat, reject expr and so on ...It is a little ugly, since we will call X_validate in the expr's init
routine, it's better to do it in nf_tables_newexpr. So we can avoid to
do this again and again. After doing this, the second step listed above
is not useful anymore, remove them now.Patch was tested by nftables/tests/py/nft-test.py and
nftables/tests/shell/run-tests.sh.Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
05 Dec, 2016
2 commits
-
so that conntrack core will add the needed hooks in this namespace.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
The email address has changed, let's update the copyright statements.
Signed-off-by: Arturo Borrero Gonzalez
Signed-off-by: Pablo Neira Ayuso
13 Apr, 2015
2 commits
-
Add helper functions to parse and dump register values in netlink attributes.
These helpers will later be changed to take care of translation between the
old 128 bit and the new 32 bit register numbers.Signed-off-by: Patrick McHardy
Signed-off-by: Pablo Neira Ayuso -
Change nft_validate_input_register() to not only validate the input
register number, but also the length of the load, and rename it to
nft_validate_register_load() to reflect that change.Signed-off-by: Patrick McHardy
Signed-off-by: Pablo Neira Ayuso
19 Jan, 2015
1 commit
-
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.Signed-off-by: Pablo Neira Ayuso
12 Nov, 2014
1 commit
-
>> net/netfilter/nft_redir.c:39:26: sparse: incorrect type in assignment (different base types)
net/netfilter/nft_redir.c:39:26: expected unsigned int [unsigned] [usertype] nla_be32
net/netfilter/nft_redir.c:39:26: got restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:46:34: sparse: incorrect type in assignment (different base types)
net/netfilter/nft_redir.c:46:34: expected unsigned int [unsigned] [usertype] nla_be32
net/netfilter/nft_redir.c:46:34: got restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32
>> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32Fixes: e9105f1 ("netfilter: nf_tables: add new expression nft_redir")
Reported-by: kbuild test robot
Signed-off-by: Pablo Neira Ayuso
28 Oct, 2014
1 commit
-
This new expression provides NAT in the redirect flavour, which is to
redirect packets to local machine.Signed-off-by: Arturo Borrero Gonzalez
Signed-off-by: Pablo Neira Ayuso
