mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso 1cb5995a39 netfilter: nft_nat: allow to specify layer 4 protocol NAT only 
[ Upstream commit a33f387ecd ]

nft_nat reports a bogus EAFNOSUPPORT if no layer 3 information is specified.

Fixes: d07db9884a ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-08-04 12:23:46 +02:00
..
ipset netfilter: ipset: fix shift-out-of-bounds in htable_bits() 2021-01-12 20:10:24 +01:00
ipvs ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service 2021-06-10 13:24:05 +02:00
core.c jump_label: move 'asm goto' support test to Kconfig 2019-06-04 08:02:34 +02:00
Kconfig netfilter: fix NETFILTER_XT_TARGET_TEE dependencies 2019-05-04 09:20:12 +02:00
Makefile netfilter: nf_tables: add tunnel support 2018-08-03 21:12:12 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2019-01-22 21:40:29 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: conntrack: adjust stop timestamp to real expiry value 2021-08-04 12:23:45 +02:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c netfilter: nf_conntrack_ftp: Fix debug output 2019-09-21 07:17:01 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: restore boundary check correctness 2019-06-15 11:54:05 +02:00
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_irc.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo 2021-07-28 11:13:45 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build 2020-06-03 08:19:49 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-05-16 19:41:24 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_gre.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_sctp.c netfilter: conntrack: allow sctp hearbeat after connection re-use 2020-09-17 13:45:24 +02:00
nf_conntrack_proto_tcp.c netfilter: conntrack: connection timeout after re-register 2020-10-30 10:38:24 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_sane.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2019-01-13 09:50:57 +01:00
nf_conntrack_sip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-06 21:51:37 -04:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: Make global sysctls readonly in non-init netns 2021-05-22 10:59:47 +02:00
nf_conntrack_tftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-30 10:38:24 +01:00
nf_flow_table_core.c netfilter: flowtable: fix tcp and udp header checksum update 2021-02-23 15:00:57 +01:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} 2020-04-02 15:28:19 +02:00
nf_internals.h netfilter: core: export raw versions of add/delete hook functions 2018-05-23 09:14:05 +02:00
nf_log.c netfilter: nf_log: don't hold nf_log_mutex during user access 2018-06-26 16:48:40 +02:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:55:15 +01:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:22:38 +01:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_dccp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_sctp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_tcp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_udp.c netfilter: nat: never update the UDP checksum when it's 0 2020-05-14 07:57:23 +02:00
nf_nat_proto_unknown.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.c netfilter: nat: merge nf_nat_redirect into nf_nat 2018-05-29 00:25:40 +02:00
nf_nat_sip.c netfilter: nf_nat_sip: fix RTP/RTCP source port translations 2019-12-05 09:20:31 +01:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: enqueue skbs with NULL dst 2020-01-04 19:13:21 +01:00
nf_sockopt.c
nf_synproxy_core.c netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-30 08:48:17 -04:00
nf_tables_api.c netfilter: nf_tables: avoid false-postive lockdep splat 2020-12-11 13:25:04 +01:00
nf_tables_core.c netfilter: nf_tables: check the result of dereferencing base_chain->stats 2019-04-05 22:33:00 +02:00
nf_tables_set_core.c netfilter: nf_tables: place all set backends in one single module 2018-07-06 19:31:53 +02:00
nf_tables_trace.c
nfnetlink.c netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS 2020-09-09 19:04:26 +02:00
nfnetlink_acct.c netfilter: fix memory leaks on netlink_dump_start error 2018-08-16 19:37:00 +02:00
nfnetlink_cthelper.c netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches 2021-06-10 13:24:05 +02:00
nfnetlink_cttimeout.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nfnetlink_log.c netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS 2020-09-09 19:04:26 +02:00
nfnetlink_osf.c netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check 2021-05-22 10:59:44 +02:00
nfnetlink_queue.c netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS 2020-09-09 19:04:26 +02:00
nft_bitwise.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_byteorder.c
nft_chain_filter.c netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit 2018-08-16 19:37:03 +02:00
nft_cmp.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_compat.c netfilter: nft_compat: do not dump private area 2019-11-24 08:21:03 +01:00
nft_connlimit.c netfilter: nft_connlimit: disable bh on garbage collection 2019-10-29 09:19:34 +01:00
nft_counter.c netfilter: nf_tables: add destroy_clone expression 2018-06-03 00:02:11 +02:00
nft_ct.c netfilter: nf_tables: rework ct timeout set support 2018-08-29 13:04:38 +02:00
nft_dup_netdev.c
nft_dynset.c netfilter: nft_dynset: add timeout extension to template 2021-02-03 23:23:25 +01:00
nft_exthdr.c netfilter: nft_exthdr: check for IPv6 packet before further processing 2021-07-20 16:15:50 +02:00
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nft_flow_offload: add entry to flowtable after confirmation 2020-01-27 14:50:43 +01:00
nft_fwd_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-30 10:38:24 +01:00
nft_hash.c netfilter: nft_hash: fix symhash with modulus one 2019-08-16 10:12:44 +02:00
nft_immediate.c netfilter: nf_tables: unbind set in rule from commit path 2019-05-02 09:58:50 +02:00
nft_limit.c netfilter: nft_limit: avoid possible divide error in nft_limit_init 2021-04-28 13:16:50 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nf_tables: allow lookups in dynamic sets 2019-10-11 18:21:16 +02:00
nft_masq.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_meta.c netfilter: nf_tables: handle meta/lookup with direct call 2018-07-30 11:52:02 +02:00
nft_nat.c netfilter: nft_nat: allow to specify layer 4 protocol NAT only 2021-08-04 12:23:46 +02:00
nft_numgen.c Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-11-27 16:13:02 +01:00
nft_objref.c netfilter: nf_tables: bogus EBUSY in helper removal from transaction 2019-05-02 09:58:51 +02:00
nft_osf.c netfilter: nft_osf: check for TCP packet before further processing 2021-07-20 16:15:50 +02:00
nft_payload.c netfilter: nf_tables: fix destination register zeroing 2020-09-09 19:04:25 +02:00
nft_queue.c
nft_quota.c
nft_range.c netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() 2020-01-12 12:17:09 +01:00
nft_redir.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2019-11-20 18:46:50 +01:00
nft_reject_inet.c
nft_rt.c netfilter: nf_tables: merge rt expression into nft core 2018-04-27 00:00:55 +02:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nftables: avoid overflows in nft_hash_buckets() 2021-05-22 10:59:44 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() 2020-05-20 08:18:44 +02:00
nft_socket.c netfilter: nft_socket: fix erroneous socket assignment 2019-10-01 08:26:12 +02:00
nft_tproxy.c netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols 2021-07-20 16:15:50 +02:00
nft_tunnel.c netfilter: nft_tunnel: add missing attribute validation for tunnels 2020-03-18 07:14:24 +01:00
utils.c netfilter: utils: move nf_ip6_checksum* from ipv6 to utils 2018-07-16 17:51:48 +02:00
x_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:49:31 +02:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2019-04-20 09:16:00 +02:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: limit the max size of hashtable 2020-02-28 16:39:00 +01:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2018-11-27 16:13:03 +01:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix DNAT target for shifted portmap ranges 2018-11-13 11:08:20 -08:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info 2019-09-21 07:16:55 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c 2018-07-30 14:07:11 +02:00
xt_owner.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_physdev.c netfilter: xt_physdev: Fix spurious error message in physdev_mt_check 2019-09-21 07:17:01 +02:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2021-01-12 20:10:24 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: Fix attempt to update deleted entry 2021-02-23 15:00:57 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-22 10:59:43 +02:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_u32.c