renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-09 14:14:00 +08:00
Code
dd3733b3e7
linux-next/net/bridge/netfilter
History
Pablo Neira Ayuso 75e8d06d43 netfilter: nf_tables: validate hooks in NAT expressions 
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.

This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-01-19 14:52:39 +01:00
..
ebt_802_3.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_among.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_arp.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_arpreply.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_dnat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_ip6.c netfilter: ebt_ip6: fix source and destination matching 2013-11-19 15:33:29 +01:00
ebt_ip.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_limit.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_log.c netfilter: bridge: add generic packet logger 2014-06-27 13:20:47 +02:00
ebt_mark_m.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_mark.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_nflog.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
ebt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_redirect.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_snat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_stp.c bridge: netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:17 -04:00
ebt_vlan.c netfilter: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
ebtable_broute.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtable_filter.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtable_nat.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtables.c netfilter: ebtables: create audit records for replaces 2014-09-09 16:31:28 +02:00
Kconfig netfilter: bridge: add reject support 2014-07-22 12:00:22 +02:00
Makefile netfilter: kill remnants of ulog targets 2014-07-25 14:55:44 +02:00
nf_log_bridge.c netfilter: bridge: add generic packet logger 2014-06-27 13:20:47 +02:00
nf_tables_bridge.c netfilter: nf_tables_bridge: set the pktinfo for IPv4/IPv6 traffic 2014-11-27 13:08:29 +01:00
nft_meta_bridge.c netfilter: nf_tables: Add meta expression key for bridge interface name 2014-04-24 10:37:28 +02:00
nft_reject_bridge.c netfilter: nf_tables: validate hooks in NAT expressions 2015-01-19 14:52:39 +01:00