Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv6/netfilter
History
Florian Westphal 47a6959fa3 netfilter: allow to turn off xtables compat layer 
The compat layer needs to parse untrusted input (the ruleset)
to translate it to a 64bit compatible format.

We had a number of bugs in this department in the past, so allow users
to turn this feature off.

Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y
to keep existing behaviour.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2021-04-26 18:16:56 +02:00
..
Kconfig netfilter: nf_log_ipv6: merge with nf_log_syslog 2021-03-31 00:37:27 +02:00
Makefile netfilter: nf_log_ipv6: merge with nf_log_syslog 2021-03-31 00:37:27 +02:00
ip6_tables.c netfilter: allow to turn off xtables compat layer 2021-04-26 18:16:56 +02:00
ip6t_NPT.c
ip6t_REJECT.c
ip6t_SYNPROXY.c
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_mh.c
ip6t_rpfilter.c
ip6t_rt.c
ip6t_srh.c
ip6table_filter.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_mangle.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_nat.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_raw.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
ip6table_security.c netfilter: ip6_tables: pass table pointer via nf_hook_ops 2021-04-26 03:20:47 +02:00
nf_conntrack_reasm.c netfilter: nf_defrag_ipv6: use net_generic infra 2021-04-06 00:34:51 +02:00
nf_defrag_ipv6_hooks.c netfilter: disable defrag once its no longer needed 2021-04-26 03:20:07 +02:00
nf_dup_ipv6.c
nf_flow_table_ipv6.c
nf_reject_ipv6.c
nf_socket_ipv6.c
nf_tproxy_ipv6.c
nft_dup_ipv6.c
nft_fib_ipv6.c
nft_reject_ipv6.c