FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-14 05:12:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Pablo Neira Ayuso bc6bcb59dd netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary 
This target assumes that tcph->doff is well-formed, that may be well
not the case. Add extra sanity checkings to avoid possible crash due
to read/write out of the real packet boundary. After this patch, the
default action on malformed TCP packets is to drop them. Moreover,
fragments are skipped.

Reported-by: Rafal Kupka <rkupka@telemetry.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-05-16 17:35:53 +02:00
..
ipset
netfilter: ipset: set match: add support to match the counters
2013-04-29 20:09:03 +02:00
ipvs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-04-30 03:55:20 -04:00
core.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
Kconfig
Driver core patches for 3.9-rc1
2013-02-21 12:05:51 -08:00
Makefile
netfilter: x_tables: add xt_bpf match
2013-01-21 12:20:19 +01:00
nf_conntrack_acct.c
netfilter: nf_ct_acct: move initialization out of pernet_operations
2013-01-23 12:55:29 +01:00
nf_conntrack_amanda.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2013-05-01 14:08:52 -07:00
nf_conntrack_ecache.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_expect.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2013-04-19 17:55:29 -04:00
nf_conntrack_extend.c
nf_conntrack_ftp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_irc.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c
netfilter: nf_ct_labels: move initialization out of pernet_operations
2013-01-23 12:56:23 +01:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
netfilter: ctnetlink: allow to dump expectation per master conntrack
2013-03-19 17:02:18 +01:00
nf_conntrack_pptp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_proto_dccp.c
netfilter: nf_log: prepare net namespace support for loggers
2013-04-05 20:12:54 +02:00
nf_conntrack_proto_generic.c
netfilter: nf_conntrack: generalize nf_ct_l4proto_net
2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_proto_sctp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_proto_tcp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_proto_udp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_proto_udplite.c
netfilter: nf_log: prepare net namespace support for loggers
2013-04-05 20:12:54 +02:00
nf_conntrack_proto.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_sane.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_conntrack_sip.c
netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet
2013-04-06 14:03:18 +02:00
nf_conntrack_snmp.c
netfilter: nf_ct_snmp: add include file
2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_tftp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_timeout.c
netfilter: nf_ct_timeout: move initialization out of pernet_operations
2013-01-23 12:56:02 +01:00
nf_conntrack_timestamp.c
netfilter: nf_ct_tstamp: move initialization out of pernet_operations
2013-01-23 12:55:39 +01:00
nf_internals.h
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue()
2012-09-03 13:52:54 +02:00
nf_log.c
netfilter: log: netns NULL ptr bug when calling from conntrack
2013-05-15 14:11:07 +02:00
nf_nat_amanda.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_nat_core.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2013-04-25 00:53:40 -04:00
nf_nat_ftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_nat_helper.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_nat_irc.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_nat_proto_common.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_dccp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_sctp.c
sctp: Correct type and usage of sctp_end_cksum()
2013-04-29 20:09:08 +02:00
nf_nat_proto_tcp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_udp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_udplite.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_unknown.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_sip.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_nat_tftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_queue.c
netfilter: move skb_gso_segment into nfnetlink_queue module
2013-04-29 20:09:05 +02:00
nf_sockopt.c
nf_tproxy_core.c
nfnetlink_acct.c
netfilter: nfnetlink_acct: return -EINVAL if object name is empty
2013-03-25 14:21:30 +01:00
nfnetlink_cthelper.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
nfnetlink_cttimeout.c
netfilter: cttimeout: fix buffer overflow
2012-11-21 23:50:14 +01:00
nfnetlink_log.c
netfilter: log: netns NULL ptr bug when calling from conntrack
2013-05-15 14:11:07 +02:00
nfnetlink_queue_core.c
netfilter: nf_{log,queue}: fix compilation without CONFIG_PROC_FS
2013-05-06 12:28:01 +02:00
nfnetlink_queue_ct.c
nfnetlink.c
nfnetlink: add support for memory mapped netlink
2013-04-19 14:58:36 -04:00
x_tables.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
xt_addrtype.c
xt_AUDIT.c
netfilter: xt_AUDIT: only generate audit log when audit enabled
2013-03-04 14:45:25 +01:00
xt_bpf.c
netfilter: x_tables: add xt_bpf match
2013-01-21 12:20:19 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
netfilter: add connlabel conntrack extension
2013-01-18 00:28:15 +01:00
xt_connlimit.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_cpu.c
xt_CT.c
netfilter: xt_CT: add alias flag
2013-02-05 01:49:26 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
ipv6: Move ipv6_find_hdr() out of Netfilter code.
2012-11-09 17:05:07 -08:00
xt_IDLETIMER.c
xt_iprange.c
xt_ipvs.c
ipvs: API change to avoid rescan of IPv6 exthdr
2012-09-28 11:34:33 +09:00
xt_LED.c
xt_length.c
xt_limit.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_LOG.c
netfilter: log: netns NULL ptr bug when calling from conntrack
2013-05-15 14:11:07 +02:00
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets
2012-10-15 13:39:12 +02:00
xt_NETMAP.c
netfilter: combine ipt_NETMAP and ip6t_NETMAP
2012-09-21 12:11:08 +02:00
xt_nfacct.c
xt_NFLOG.c
netfilter: log: netns NULL ptr bug when calling from conntrack
2013-05-15 14:11:07 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: coalesce IPv4 and IPv6 hashing
2013-04-02 01:26:10 +02:00
xt_osf.c
netfilter: nf_log: prepare net namespace support for loggers
2013-04-05 20:12:54 +02:00
xt_owner.c
userns: xt_owner: Add basic user namespace support.
2012-08-14 21:55:30 -07:00
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
xt_realm.c
xt_recent.c
proc: Supply PDE attribute setting accessor functions
2013-05-01 17:29:18 -04:00
xt_REDIRECT.c
netfilter: combine ipt_REDIRECT and ip6t_REDIRECT
2012-09-21 12:12:05 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c
netfilter: ipset: set match: add support to match the counters
2013-04-29 20:09:03 +02:00
xt_socket.c
netfilter: xt_socket: fix compilation warnings with gcc 4.7
2012-09-03 13:31:39 +02:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_TCPOPTSTRIP.c
netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary
2013-05-16 17:35:53 +02:00
xt_tcpudp.c
xt_TEE.c
netfilter: xt_TEE: don't use destination address found in header
2012-10-17 11:00:31 +02:00
xt_time.c
netfilter: xt_time: add support to ignore day transition
2012-09-24 14:29:01 +02:00
xt_TPROXY.c
net: Fix (nearly-)kernel-doc comments for various functions
2012-07-10 23:13:45 -07:00
xt_TRACE.c
xt_u32.c