Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v4.12 2017-05-16T08:24:27Z 2017-05-16T08:24:27Z Gao Feng gfree.wind@vip.163.com 2017-05-16T01:30:18Z urn:sha1:c953d63548207a085abcb12a15fefc8a11ffdf0a The info->target comes from userspace and it would be used directly. So we need to add the sanity check to make sure it is a valid standard target, although the ebtables tool has already checked it. Kernel needs to validate anything coming from userspace. If the target is set as an evil value, it would break the ebtables and cause a panic. Because the non-standard target is treated as one offset. Now add one helper function ebt_invalid_target, and we would replace the macro INVALID_TARGET later. Signed-off-by: Gao Feng <gfree.wind@vip.163.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-04-26T07:30:21Z Florian Westphal fw@strlen.de 2017-04-19T22:45:48Z urn:sha1:aee12a0a3727e16fb837367c4755cb6daaf45109 Similar to ip_register_table, pass nf_hook_ops to ebt_register_table(). This allows to handle hook registration also via pernet_ops and allows us to avoid use of legacy register_hook api. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2016-07-03T08:55:07Z Joe Perches joe@perches.com 2016-06-24T20:25:22Z urn:sha1:c37a2dfa67f7920b14ea77dc9f9f9660f7a1f6dd netfilter uses multiple FWINV #defines with identical form that hide a specific structure variable and dereference it with a invflags member. $ git grep "#define FWINV" include/linux/netfilter_bridge/ebtables.h:#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg)) net/bridge/netfilter/ebtables.c:#define FWINV2(bool, invflg) ((bool) ^ !!(e->invflags & invflg)) net/ipv4/netfilter/arp_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg))) net/ipv4/netfilter/ip_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg))) net/ipv6/netfilter/ip6_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ip6info->invflags & (invflg))) net/netfilter/xt_tcpudp.c:#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) Consolidate these macros into a single NF_INVF macro. Miscellanea: o Neaten the alignment around these uses o A few lines are > 80 columns for intelligibility Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2015-09-18T19:57:35Z Eric W. Biederman ebiederm@xmission.com 2015-09-18T19:32:54Z urn:sha1:97b59c3a91d5ee4777658ff2136d1fdf13bd23d0 Nearly everything thing of interest to ebt_do_table is already present in nf_hook_state. Simplify ebt_do_table by just passing in the skb, nf_hook_state, and the table. This make the code easier to read and maintenance easier. To support this create an nf_hook_state on the stack in ebt_broute (the only caller without a nf_hook_state already available). This new nf_hook_state adds no new computations to ebt_broute, but does use a few more bytes of stack. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-23T21:08:54Z Linus Torvalds torvalds@linux-foundation.org 2015-06-23T21:08:54Z urn:sha1:cb8a4deaf9b2778653c4391d8ccb24c5ab159f9d Pull trivial tree updates from Jiri Kosina: "As usual, mostly comment, kerneldoc and printk() fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: lpfc: Grammar s/an negative/a negative/ ARM: lib/lib1funcs.S: fix typo s/substractions/subtractions/ cx25821: cx25821-medusa-reg.h: fix 0x0x prefix lib: crc-itu-t.[ch] fix 0x0x prefix in integer constants rapidio: Fix kerneldoc and comment qla4xxx: Fix printk() in qla4_83xx_read_reset_template() and qla4_83xx_pre_loopback_config() treewide: Kconfig: fix wording / spelling usb/serial: fix grammar in Kconfig help text for FTDI_SIO megaraid_sas: fix kerneldoc netfilter: ebtables: fix comment grammar drm/radeon: fix comment isdn: fix grammar in comment ARM: KVM: fix comment 2015-05-26T13:10:01Z Geert Uytterhoeven geert+renesas@glider.be 2015-03-03T10:58:14Z urn:sha1:069d4a7b583274e3fd8712c92a035626e0ebf7be s/stongly inspired on/strongly inspired by/ Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 2015-04-13T18:08:38Z Pablo Neira Ayuso pablo@netfilter.org 2015-04-08T17:41:40Z urn:sha1:24477e57412a7a7dea62637ac990bc5c1cff0665 linux/if.h creates conflicts in userspace with net/if.h By using it here we force userspace to use linux/if.h while net/if.h may be needed. Note that: include/linux/netfilter_ipv4/ip_tables.h and include/linux/netfilter_ipv6/ip6_tables.h don't include linux/if.h and they also refer to IFNAMSIZ, so they are expecting userspace to include use net/if.h from the client program. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-17T11:31:15Z David Howells dhowells@redhat.com 2012-10-17T11:31:15Z urn:sha1:64d7155cdfe5546ca0730daf7dd73ee52a74eeaf Remove non-UAPI Kbuild files that have become empty as a result of UAPI disintegration. They used to have only header-y lines in them and those have now moved to the Kbuild files in the corresponding uapi/ directories. Possibly these should not be removed but rather have a comment inserted to say they are intentionally left blank. This would make it easier to add generated header lines in future without having to restore the infrastructure. Note that at this point not all the UAPI disintegration parts have been merged, so it is likely that more empty Kbuild files will turn up. It is probably necessary to make the files non-empty to prevent the patch program from automatically deleting them when it reduces them to nothing. Signed-off-by: David Howells <dhowells@redhat.com> 2012-10-09T08:48:58Z David Howells dhowells@redhat.com 2012-10-09T08:48:58Z urn:sha1:55c5cd3cc179eb87faa9cc2d9741047dd1642aaf Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com> 2012-02-21T12:29:06Z Joerg Willmann joe@clnt.de 2012-02-21T12:26:14Z urn:sha1:88ba136d6635b262f77cc418d536115fb8e4d4ab ebt_among extension of ebtables uses __alignof__(_xt_align) while the corresponding kernel module uses __alignof__(ebt_replace) to determine the alignment in EBT_ALIGN(). These are the results of these values on different platforms: x86 x86_64 ppc __alignof__(_xt_align) 4 8 8 __alignof__(ebt_replace) 4 8 4 ebtables fails to add rules which use the among extension. I'm using kernel 2.6.33 and ebtables 2.0.10-4 According to Bart De Schuymer, userspace alignment was changed to _xt_align to fix an alignment issue on a userspace32-kernel64 system (he thinks it was for an ARM device). So userspace must be right. The kernel alignment macro needs to change so it also uses _xt_align instead of ebt_replace. The userspace changes date back from June 29, 2009. Signed-off-by: Joerg Willmann <joe@clnt.de> Signed-off by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>