Eric Lee / smarc-fsl-linux-kernel | Embedian Git Server

03 Jun, 2019

1 commit

b8d195723 netfilter: use in_dev_for_each_ifa_rcu ... Browse Code »

Netfilter hooks are always running under rcu read lock, use
the new iterator macro so sparse won't complain once we add
proper __rcu annotations.

Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller

Florian Westphal
2019-06-03 09:06:26 +0800

21 May, 2019

1 commit

09c434b8a treewide: Add SPDX license identifier for more missed files ... Browse Code »

Add SPDX license identifiers to all files which:

- Have no license information of any form

- Have MODULE_LICENCE("GPL*") inside which was used in the initial
scan/conversion to ignore the file

These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:

GPL-2.0-only

Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman

Thomas Gleixner
2019-05-21 16:50:45 +0800

09 Apr, 2019

1 commit

22c7652cd netfilter: nft_osf: Add version option support ... Browse Code »

Add version option support to the nftables "osf" expression.

Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2019-04-09 05:27:12 +0800

28 Jan, 2019

1 commit

1a6a0951f netfilter: nfnetlink_osf: add missing fmatch check ... Browse Code »

When we check the tcp options of a packet and it doesn't match the current
fingerprint, the tcp packet option pointer must be restored to its initial
value in order to do the proper tcp options check for the next fingerprint.

Here we can see an example.
Assumming the following fingerprint base with two lines:

S10:64:1:60:M*,S,T,N,W6: Linux:3.0::Linux 3.0
S20:64:1:60:M*,S,T,N,W7: Linux:4.19:arch:Linux 4.1

Where TCP options are the last field in the OS signature, all of them overlap
except by the last one, ie. 'W6' versus 'W7'.

In case a packet for Linux 4.19 kicks in, the osf finds no matching because the
TCP options pointer is updated after checking for the TCP options in the first
line.

Therefore, reset pointer back to where it should be.

Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2019-01-28 18:09:11 +0800

16 Oct, 2018

1 commit

a218dc82f netfilter: nft_osf: Add ttl option support ... Browse Code »

Add ttl option support to the nftables "osf" expression.

Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2018-10-16 16:01:48 +0800

09 Aug, 2018

1 commit

e7ea2a52f netfilter: nfnetlink_osf: fix using plain integer as NULL warning ... Browse Code »

Fixes the following sparse warning:

net/netfilter/nfnetlink_osf.c:274:24: warning:
Using plain integer as NULL pointer

Signed-off-by: Wei Yongjun
Signed-off-by: Pablo Neira Ayuso

Wei Yongjun
2018-08-09 01:05:39 +0800

04 Aug, 2018

1 commit

ddba40be5 netfilter: nfnetlink_osf: rename nf_osf header file to nfnetlink_osf ... Browse Code »

The first client of the nf_osf.h userspace header is nft_osf, coming in
this batch, rename it to nfnetlink_osf.h as there are no userspace
clients for this yet, hence this looks consistent with other nfnetlink
subsystem.

Suggested-by: Jan Engelhardt
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2018-08-04 00:38:30 +0800

30 Jul, 2018

2 commits

f93249520 netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c ... Browse Code »

Move nfnetlink osf subsystem from xt_osf.c to standalone module so we can
reuse it from the new nft_ost extension.

Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2018-07-30 20:07:11 +0800
f6b7b5f4f netfilter: nf_osf: rename nf_osf.c to nfnetlink_osf.c ... Browse Code »

Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is
the OSF infraestructure.

Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso

Fernando Fernandez Mancera
2018-07-30 20:07:10 +0800