Searched hist:"75 e8d06d" (Results 1 – 6 of 6) sorted by relevance
| /openbmc/linux/net/netfilter/ |
| H A D | nft_masq.c | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| H A D | nft_redir.c | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| H A D | nft_nat.c | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| H A D | nf_tables_api.c | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| /openbmc/linux/net/bridge/netfilter/ |
| H A D | nft_reject_bridge.c | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| /openbmc/linux/include/net/netfilter/ |
| H A D | nf_tables.h | 75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
75e8d06d Wed Jan 14 08:33:57 CST 2015 Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_tables: validate hooks in NAT expressions
The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.
This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|