summaryrefslogtreecommitdiffstats
path: root/net/netfilter
AgeCommit message (Expand)AuthorFilesLines
2014-11-25Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm against get_...Pablo Neira1-8/+6
2014-11-17netfilter: nfnetlink: fix insufficient validation in nfnetlink_bindPablo Neira Ayuso1-1/+11
2014-11-14netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpsebill bonaparte1-6/+8
2014-11-12netfilter: nf_tables: restore synchronous object release from commit/abortPablo Neira Ayuso1-16/+8
2014-11-12netfilter: nft_compat: use the match->table to validate dependenciesPablo Neira Ayuso1-2/+2
2014-11-12netfilter: nft_compat: relax chain type validationPablo Neira Ayuso1-30/+2
2014-11-12netfilter: nft_compat: use current net namespacePablo Neira Ayuso1-2/+2
2014-11-12ipvs: Keep skb->sk when allocating headroom on tunnel xmitCalvin Owens1-0/+2
2014-11-11netfilter: ipset: small potential read beyond the end of bufferDan Carpenter1-0/+6
2014-10-28ipvs: Avoid null-pointer deref in debug codeAlex Gartrell1-2/+2
2014-10-27netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()Arturo Borrero1-1/+1
2014-10-24netfilter: nf_log: release skbuff on nlmsg put failureHoucheng Lin1-9/+8
2014-10-24netfilter: nfnetlink_log: fix maximum packet length logged to userspaceFlorian Westphal1-3/+5
2014-10-24netfilter: nf_log: account for size of NLMSG_DONE attributeFlorian Westphal1-3/+3
2014-10-22netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocationSabrina Dubroca1-2/+2
2014-10-22netfilter: ipset: off by one in ip_set_nfnl_get_byindex()Dan Carpenter1-1/+1
2014-10-22netfilter: nf_conntrack: allow server to become a client in TW handlingMarcelo Leitner1-2/+2
2014-10-20net: make skb_gso_segment error handling more robustFlorian Westphal1-1/+1
2014-10-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller4-41/+150
2014-10-18netfilter: nft_nat: dump attributes if they are setPablo Neira Ayuso1-9/+11
2014-10-18netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MINPablo Neira Ayuso1-22/+28
2014-10-18netfilter: nft_nat: insufficient attribute validationPablo Neira Ayuso1-1/+3
2014-10-18netfilter: nft_compat: validate chain type in match/targetPablo Neira Ayuso1-9/+66
2014-10-14netfilter: nft_compat: fix hook validation for non-base chainsPablo Neira Ayuso1-0/+4
2014-10-14netfilter: replace strnicmp with strncasecmpRasmus Villemoes5-18/+18
2014-10-13netfilter: nf_tables: restrict nat/masq expressions to nat chain typePablo Neira Ayuso3-0/+38
2014-10-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller1-6/+4
2014-10-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds71-738/+2003
2014-10-07Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jik...Linus Torvalds1-1/+1
2014-10-07netfilter: fix wrong arithmetics regarding NFT_REJECT_ICMPX_MAXPablo Neira Ayuso1-6/+4
2014-10-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller10-120/+161
2014-10-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller4-8/+71
2014-10-02netfilter: explicit module dependency between br_netfilter and physdevPablo Neira Ayuso1-0/+3
2014-10-02netfilter: nft_compat: remove incomplete 32/64 bits arch compat codePablo Neira Ayuso1-101/+15
2014-10-02netfilter: nf_tables: wait for call_rcu completion on module removalPablo Neira Ayuso1-0/+1
2014-10-02netfilter: use IS_ENABLED(CONFIG_BRIDGE_NETFILTER)Pablo Neira Ayuso5-15/+15
2014-10-02netfilter: nft_reject: introduce icmp code abstraction for inet and bridgePablo Neira Ayuso2-4/+127
2014-09-30net: sched: make bstats per cpu and estimator RCU safeJohn Fastabend1-1/+1
2014-09-29netfilter: conntrack: disable generic tracking for known protocolsFlorian Westphal1-1/+25
2014-09-29netfilter: nf_tables: store and dump set policyArturo Borrero1-0/+6
2014-09-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller4-8/+71
2014-09-26net/netfilter/x_tables.c: use __seq_open_private()Rob Jones1-26/+4
2014-09-19netfilter: nf_tables: export rule-set generation IDPablo Neira Ayuso1-26/+114
2014-09-19netfilter: nfnetlink: use original skbuff when committing/abortingPablo Neira Ayuso1-3/+3
2014-09-18Merge branch 'ipvs-next'Pablo Neira Ayuso21-222/+529
2014-09-18ipvs: Allow heterogeneous pools now that we support themAlex Gartrell1-4/+20
2014-09-18ipvs: use the new dest addr family fieldJulian Anastasov4-16/+43
2014-09-18ipvs: use correct address family in scheduler logsJulian Anastasov9-12/+15
2014-09-16ipvs: address family of LBLCR entry depends on svc familyJulian Anastasov1-6/+6
2014-09-16ipvs: address family of LBLC entry depends on svc familyJulian Anastasov1-6/+6