system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-02 09:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Pablo Neira Ayuso 90d2723c6d netfilter: nf_tables: do not hold reference on netdevice from preparation phase 
The netfilter netdevice event handler hold the nfnl_lock mutex, this
avoids races with a device going away while such device is being
attached to hooks from the netlink control plane. Therefore, either
control plane bails out with ENOENT or netdevice event path waits until
the hook that is attached to net_device is registered.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-03-22 13:17:52 +01:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2018-02-01 14:41:46 -05:00
ipvs ipvs: remove IPS_NAT_MASK check to fix passive FTP 2018-02-28 19:48:26 +01:00
core.c netfilter: core: return EBUSY in case NAT hook is already in use 2018-01-10 15:32:16 +01:00
Kconfig netfilter: flowtable infrastructure depends on NETFILTER_INGRESS 2018-02-02 13:21:48 +01:00
Makefile netfilter: nf_tables: flow offload expression 2018-01-08 18:11:10 +01:00
nf_conncount.c netfilter: return booleans instead of integers 2018-01-19 14:02:18 +01:00
nf_conntrack_acct.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_amanda.c netfilter: use nf_conntrack_helpers_register when possible 2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c netfilter: Remove duplicated rcu_read_lock. 2017-07-24 13:24:46 +02:00
nf_conntrack_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
nf_conntrack_ecache.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_expect.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nf_conntrack_extend.c net: Replace NF_CT_ASSERT() with WARN_ON(). 2017-09-04 13:25:19 +02:00
nf_conntrack_ftp.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Remove unwanted comments. 2018-01-08 18:01:05 +01:00
nf_conntrack_h323_main.c netfilter: move route indirection to struct nf_ipv6_ops 2018-01-08 18:01:26 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: expect: add and use nf_ct_expect_iterate helpers 2017-07-31 19:09:38 +02:00
nf_conntrack_irc.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_l3proto_generic.c netfilter: conntrack: place print_tuple in procfs part 2017-08-24 18:52:32 +02:00
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c netfilter: helper: add build-time asserts for helper data size 2017-04-19 17:55:16 +02:00
nf_conntrack_netlink.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
nf_conntrack_pptp.c netfilter: Remove duplicated rcu_read_lock. 2017-07-24 13:24:46 +02:00
nf_conntrack_proto.c netfilter: conntrack: constify list of builtin trackers 2018-01-08 16:47:14 +01:00
nf_conntrack_proto_dccp.c netfilter: conntrack: l4 protocol trackers can be const 2018-01-08 18:00:54 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_proto_gre.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_proto_sctp.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack: add IPS_OFFLOAD status bit 2018-01-08 18:11:05 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_sane.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_sip.c netfilter: Remove duplicated rcu_read_lock. 2017-07-24 13:24:46 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nf_conntrack_tftp.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_timeout.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_dup_netdev.c netfilter: dup: resolve warnings about missing prototypes 2017-05-29 11:32:36 +02:00
nf_flow_table.c netfilter: nf_flow_offload: fix use-after-free and a resource leak 2018-02-07 11:55:52 +01:00
nf_flow_table_inet.c netfilter: nf_tables: fix flowtable free 2018-02-07 00:58:57 +01:00
nf_internals.h netfilter: core: remove synchronize_net call if nfqueue is used 2018-01-08 18:01:06 +01:00
nf_log.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nf_log_common.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_log_netdev.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_nat_amanda.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_core.c netfilter: nat: use test_and_clear_bit when deleting ct from bysource list 2017-10-24 17:54:47 +02:00
nf_nat_ftp.c treewide: Fix function prototypes for module_param_call() 2017-10-31 15:30:37 +01:00
nf_nat_helper.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_irc.c treewide: Fix function prototypes for module_param_call() 2017-10-31 15:30:37 +01:00
nf_nat_proto_common.c netfilter: nat: cope with negative port range 2018-02-14 21:05:40 +01:00
nf_nat_proto_dccp.c netfilter: built-in NAT support for DCCP 2016-12-04 20:45:30 +01:00
nf_nat_proto_sctp.c sctp: remove the typedef sctp_sctphdr_t 2017-07-01 09:08:41 -07:00
nf_nat_proto_tcp.c
nf_nat_proto_udp.c netfilter: nat: merge udp and udplite helpers 2017-01-03 14:33:25 +01:00
nf_nat_proto_unknown.c
nf_nat_redirect.c net: Replace NF_CT_ASSERT() with WARN_ON(). 2017-09-04 13:25:19 +02:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c netfilter: remove duplicated include 2018-01-10 15:32:15 +01:00
nf_sockopt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_synproxy_core.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nf_tables_api.c netfilter: nf_tables: do not hold reference on netdevice from preparation phase 2018-03-22 13:17:52 +01:00
nf_tables_core.c netfilter: constify nf_loginfo structures 2017-08-02 14:25:59 +02:00
nf_tables_inet.c netfilter: nf_tables: get rid of struct nft_af_info abstraction 2018-01-10 15:32:11 +01:00
nf_tables_netdev.c netfilter: nf_tables: get rid of struct nft_af_info abstraction 2018-01-10 15:32:11 +01:00
nf_tables_trace.c netfilter: nf_tables: Allow chain name of up to 255 chars 2017-07-31 20:41:57 +02:00
nfnetlink.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
nfnetlink_acct.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
nfnetlink_cthelper.c netfilter: nfnetlink_cthelper: Add missing permission checks 2017-12-04 11:30:09 +01:00
nfnetlink_cttimeout.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
nfnetlink_log.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nfnetlink_queue.c netfilter: delete /proc THIS_MODULE references 2018-01-19 14:10:53 +01:00
nft_bitwise.c netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
nft_byteorder.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nft_cmp.c netfilter: mark expected switch fall-throughs 2018-01-08 18:01:01 +01:00
nft_compat.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
nft_counter.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_ct.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_dup_netdev.c
nft_dynset.c netfilter: nf_tables: Fix trailing semicolon 2018-01-19 14:10:04 +01:00
nft_exthdr.c netfilter: exthdr: add missign attributes to policy 2017-12-11 13:46:04 +01:00
nft_fib.c netfilter: nft_fib: Support existence check 2017-03-13 13:45:36 +01:00
nft_fib_inet.c netfilter: nf_tables: use hook state from xt_action_param structure 2016-11-03 11:52:34 +01:00
nft_fib_netdev.c netfilter: nf_tables: add fib expression to the netdev family 2017-07-31 19:01:40 +02:00
nft_flow_offload.c netfilter: nft_flow_offload: move flowtable cleanup routines to nf_flow_table 2018-02-07 00:58:57 +01:00
nft_fwd_netdev.c netfilter: add and use nf_fwd_netdev_egress 2016-12-06 21:48:22 +01:00
nft_hash.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nft_immediate.c netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
nft_limit.c netfilter: nft_limit: add stateful object type 2017-09-04 13:25:16 +02:00
nft_log.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_lookup.c netfilter: nf_tables: add nft_set_lookup() 2017-03-06 18:23:23 +01:00
nft_masq.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_meta.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_nat.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_numgen.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_objref.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_payload.c netfilter: fix a few (harmless) sparse warnings 2017-08-28 17:42:56 +02:00
nft_queue.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_quota.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_range.c netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
nft_redir.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_reject.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_reject_inet.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_rt.c netfilter: move route indirection to struct nf_ipv6_ops 2018-01-08 18:01:26 +01:00
nft_set_bitmap.c netfilter: nf_tables: get set elements via netlink 2017-11-07 01:00:31 +01:00
nft_set_hash.c netfilter: nf_tables: meter: pick a set backend that supports updates 2018-03-20 13:52:10 +01:00
nft_set_rbtree.c netfilter: nf_tables: get set elements via netlink 2017-11-07 01:00:31 +01:00
utils.c netfilter: move reroute indirection to struct nf_ipv6_ops 2018-01-08 18:10:53 +01:00
x_tables.c netfilter: x_tables: add and use xt_check_proc_name 2018-03-11 21:24:29 +01:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CHECKSUM.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CLASSIFY.c
xt_cluster.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: connlimit: split xt_connlimit into front and backend 2018-01-08 18:01:22 +01:00
xt_connmark.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: xt_CT: use pr ratelimiting 2018-02-14 21:05:34 +01:00
xt_dccp.c
xt_devgroup.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: x_tables: add and use xt_check_proc_name 2018-03-11 21:24:29 +01:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: IDLETIMER: be syzkaller friendly 2018-02-19 18:28:59 +01:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LOG.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c netfilter: xt_multiport: Fix wrong unmatch result with multiple ports 2016-12-06 21:48:20 +01:00
xt_nat.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_NETMAP.c net: Replace NF_CT_ASSERT() with WARN_ON(). 2017-09-04 13:25:19 +02:00
xt_nfacct.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_NFLOG.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c netfilter: xt_osf: Add missing permission checks 2017-12-06 09:01:18 +01:00
xt_owner.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
xt_physdev.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_pkttype.c netfilter: pkttype: unnecessary to check ipv6 multicast address 2017-01-18 20:32:43 +01:00
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert 2018-02-07 00:58:57 +01:00
xt_rateest.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_realm.c
xt_recent.c netfilter: x_tables: add and use xt_check_proc_name 2018-03-11 21:24:29 +01:00
xt_REDIRECT.c netfilter: nat: add dependencies on conntrack module 2016-12-04 21:16:51 +01:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c sctp: remove the typedef sctp_chunkhdr_t 2017-07-01 09:08:41 -07:00
xt_SECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_set.c netfilter: xt_set: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_socket.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
xt_TEE.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_time.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TPROXY.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TRACE.c netfilter: xt_TRACE: add explicitly nf_logger_find_get call 2016-06-23 13:26:49 +02:00
xt_u32.c