bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-04-24 14:07:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bianbu-linux-6.6/net/netfilter
History
Pablo Neira Ayuso bfd05c68e4 netfilter: nf_tables: wait for rcu grace period on net_device removal 
[ Upstream commit c03d278fdf35e73dd0ec543b9b556876b9d9a8dc ]

8c873e2199 ("netfilter: core: free hooks with call_rcu") removed
synchronize_net() call when unregistering basechain hook, however,
net_device removal event handler for the NFPROTO_NETDEV was not updated
to wait for RCU grace period.

Note that 835b803377 ("netfilter: nf_tables_netdev: unregister hooks
on net_device removal") does not remove basechain rules on device
removal, I was hinted to remove rules on net_device removal later, see
5ebe0b0eec ("netfilter: nf_tables: destroy basechain and rules on
netdevice removal").

Although NETDEV_UNREGISTER event is guaranteed to be handled after
synchronize_net() call, this path needs to wait for rcu grace period via
rcu callback to release basechain hooks if netns is alive because an
ongoing netlink dump could be in progress (sockets hold a reference on
the netns).

Note that nf_tables_pre_exit_net() unregisters and releases basechain
hooks but it is possible to see NETDEV_UNREGISTER at a later stage in
the netns exit path, eg. veth peer device in another netns:

 cleanup_net()
  default_device_exit_batch()
   unregister_netdevice_many_notify()
    notifier_call_chain()
     nf_tables_netdev_event()
      __nft_release_basechain()

In this particular case, same rule of thumb applies: if netns is alive,
then wait for rcu grace period because netlink dump in the other netns
could be in progress. Otherwise, if the other netns is going away then
no netlink dump can be in progress and basechain hooks can be released
inmediately.

While at it, turn WARN_ON() into WARN_ON_ONCE() for the basechain
validation, which should not ever happen.

Fixes: 835b803377 ("netfilter: nf_tables_netdev: unregister hooks on net_device removal")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-14 13:19:32 +01:00
..
ipset netfilter: ipset: Fix suspicious rcu_dereference_protected() 2024-06-27 13:49:08 +02:00
ipvs ipvs: properly dereference pe in ip_vs_add_service 2024-08-03 08:54:04 +02:00
core.c netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core 2024-06-27 13:49:08 +02:00
Kconfig bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
Makefile bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
nf_bpf_link.c netfilter: bpf: must hold reference on net namespace 2024-11-01 01:58:28 +01:00
nf_conncount.c netfilter: nf_conncount: fix wrong variable type 2024-09-12 11:11:29 +02:00
nf_conntrack_acct.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c
nf_conntrack_bpf.c netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() 2023-09-15 10:17:55 -07:00
nf_conntrack_broadcast.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nf_conntrack_core.c netfilter: bridge: confirm multicast packets before passing them up the stack 2024-03-06 14:48:36 +00:00
nf_conntrack_ecache.c netfilter: ctnetlink: make event listener tracking global 2023-02-22 00:28:47 +01:00
nf_conntrack_expect.c netfilter: allow exp not to be removed in nf_ct_find_expectation 2023-07-20 10:06:36 +02:00
nf_conntrack_extend.c netfilter: conntrack: fix extension size table 2023-09-13 21:57:50 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed 2022-09-20 23:50:03 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:19 -04:00
nf_conntrack_h323_main.c netfilter: nf_ct_h323: cap packet size at 64k 2022-08-11 16:50:49 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-07-05 14:42:15 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-07 15:55:23 +02:00
nf_conntrack_labels.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_netbios_ns.c netfilter: nf_conntrack_netbios_ns: fix helper module alias 2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS 2024-10-04 16:29:42 +02:00
nf_conntrack_ovs.c netfilter: use nf_ip6_check_hbh_len in nf_ct_skb_network_trim 2023-03-08 14:25:41 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add missing __rcu annotations 2022-07-11 16:25:15 +02:00
nf_conntrack_proto.c netfilter: conntrack: remove pr_debug calls 2023-01-18 13:05:24 +01:00
nf_conntrack_proto_dccp.c nf_conntrack: fix -Wunused-const-variable= 2023-07-27 13:45:51 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: gre: don't set assured flag for clash entries 2023-07-05 14:42:15 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: set icmpv6 redirects as RELATED 2022-11-30 23:01:20 +01:00
nf_conntrack_proto_sctp.c netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new 2024-03-01 13:34:51 +01:00
nf_conntrack_proto_tcp.c netfilter: conntrack: correct window scaling with retransmitted SYN 2024-02-05 20:14:36 +00:00
nf_conntrack_proto_udp.c netfilter: conntrack: udp: fix seen-reply test 2023-02-01 12:18:51 +01:00
nf_conntrack_sane.c netfilter: nf_ct_sane: remove pseudo skb linearization 2022-08-11 16:50:25 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-06-26 17:18:48 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core 2024-06-27 13:49:08 +02:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_dup_netdev.c netfilter: nf_dup_netdev: add and use recursion counter 2022-06-21 10:50:41 +02:00
nf_flow_table_core.c netfilter: nft_flow_offload: release dst in case direct xmit path is used 2024-03-01 13:35:09 +01:00
nf_flow_table_inet.c netfilter: flowtable: validate vlan header 2024-08-29 17:33:49 +02:00
nf_flow_table_ip.c netfilter: flowtable: validate vlan header 2024-08-29 17:33:49 +02:00
nf_flow_table_offload.c netfilter: flowtable: initialise extack before use 2024-08-29 17:33:19 +02:00
nf_flow_table_procfs.c netfilter: nf_flow_table: count pending offload workqueue tasks 2022-07-11 16:25:14 +02:00
nf_hooks_lwtunnel.c netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n 2024-07-05 09:33:47 +02:00
nf_internals.h netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core 2024-06-27 13:49:08 +02:00
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-05 20:14:36 +00:00
nf_log_syslog.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:35:59 -08:00
nf_nat_amanda.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_bpf.c bpf: Add __bpf_kfunc tag to all kfuncs 2023-02-02 00:25:14 +01:00
nf_nat_core.c netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash 2024-10-17 15:24:20 +02:00
nf_nat_ftp.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_helper.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
nf_nat_irc.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_masquerade.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_nat_ovs.c netfilter: nf_nat: fix action not being set for all ct states 2024-01-10 17:16:50 +01:00
nf_nat_proto.c netfilter: nat: move nf_xfrm_me_harder to where it is used 2021-04-26 03:20:07 +02:00
nf_nat_redirect.c netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:59:37 +01:00
nf_nat_sip.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:35:59 -08:00
nf_sockopt.c
nf_synproxy_core.c ip: Fix data-races around sysctl_ip_default_ttl. 2022-07-15 11:49:55 +01:00
nf_tables_api.c netfilter: nf_tables: wait for rcu grace period on net_device removal 2024-11-14 13:19:32 +01:00
nf_tables_core.c netfilter: nf_tables: set transport offset from mac header for netdev/egress 2024-01-10 17:16:47 +01:00
nf_tables_offload.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nf_tables_trace.c netfilter: nf_tables: do not store rule in traceinfo structure 2023-04-22 01:39:41 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-08 04:00:02 +02:00
nfnetlink_acct.c netfilter: use nfnetlink_unicast() 2021-05-29 01:04:53 +02:00
nfnetlink_cthelper.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit 2022-06-17 23:31:20 +02:00
nfnetlink_hook.c netfilter: nfnetlink hook: dump bpf prog id 2023-04-21 11:34:14 -07:00
nfnetlink_log.c netfilter: nfnetlink_log: use proper helper for fetching physinif 2024-01-25 15:35:59 -08:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-06 18:07:49 +02:00
nfnetlink_queue.c netfilter: nf_queue: drop packets with cloned unconfirmed conntracks 2024-08-29 17:33:19 +02:00
nft_bitwise.c netfilter pull request 23-06-26 2023-06-26 12:59:18 -07:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:19:52 +00:00
nft_chain_filter.c netfilter: nf_tables: honor table dormant flag from netdev release event path 2024-05-02 16:32:39 +02:00
nft_chain_nat.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_chain_route.c netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec() 2021-05-29 01:04:54 +02:00
nft_cmp.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nft_compat.c netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() 2024-03-06 14:48:36 +00:00
nft_connlimit.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_counter.c netfilter: nft_counter: Synchronize nft_counter_reset() against reader. 2024-08-29 17:33:47 +02:00
nft_ct.c netfilter: nft_ct: fix l3num expectations with inet pseudo family 2024-03-15 10:48:18 -04:00
nft_ct_fast.c netfilter: nf_tables: fix ct untracked match breakage 2023-05-03 13:49:08 +02:00
nft_dup_netdev.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_dynset.c netfilter: nf_tables: bail out on mismatching dynset and set expressions 2023-12-13 18:45:09 +01:00
nft_exthdr.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-13 18:45:09 +01:00
nft_fib.c netfilter: nft_fib: allow from forward/input without iif selector 2024-06-12 11:12:58 +02:00
nft_fib_inet.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib_netdev.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_flow_offload.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
nft_fwd_netdev.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_hash.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_immediate.c netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx 2024-11-14 13:19:32 +01:00
nft_inner.c nf_tables: fix NULL pointer dereference in nft_inner_init() 2023-10-12 10:28:45 +02:00
nft_last.c netfilter: nft_last: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_limit.c netfilter: nft_limit: reject configurations that cause integer overflow 2024-01-31 16:19:03 -08:00
nft_log.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_lookup.c netfilter: nf_tables: missing iterator type in lookup walk 2024-09-30 16:25:13 +02:00
nft_masq.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_meta.c netfilter: nft_inner: validate mandatory meta and payload 2024-06-21 14:38:34 +02:00
nft_nat.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
nft_numgen.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_osf.c netfilter: nft_osf: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_payload.c netfilter: nft_payload: sanitize offset and length before calling skb_checksum() 2024-11-08 16:28:19 +01:00
nft_queue.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_quota.c netfilter: nft_quota: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_range.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_redir.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_reject.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_reject_inet.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_rt.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
nft_set_bitmap.c netfilter: nf_tables: restore set elements when delete set fails 2024-10-10 11:58:07 +02:00
nft_set_hash.c netfilter: nf_tables: restore set elements when delete set fails 2024-10-10 11:58:07 +02:00
nft_set_pipapo.c netfilter: nf_tables: restore set elements when delete set fails 2024-10-10 11:58:07 +02:00
nft_set_pipapo.h netfilter: nf_set_pipapo: fix initial map fill 2024-08-03 08:54:04 +02:00
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo_avx2: disable softinterrupts 2024-08-03 08:54:37 +02:00
nft_set_pipapo_avx2.h netfilter: nf_tables: prefer direct calls for set lookups 2021-05-29 01:04:27 +02:00
nft_set_rbtree.c netfilter: nf_tables: restore set elements when delete set fails 2024-10-10 11:58:07 +02:00
nft_socket.c netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() 2024-09-30 16:25:13 +02:00
nft_synproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
nft_tproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
nft_tunnel.c netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV 2024-02-05 20:14:36 +00:00
nft_xfrm.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:19:03 -08:00
utils.c netfilter: move br_nf_check_hbh_len to utils 2023-03-08 14:25:40 +01:00
x_tables.c netfilter: Fix use-after-free in get_info() 2024-11-08 16:28:19 +01:00
xt_addrtype.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_AUDIT.c netfilter: fix clang-12 fmt string warnings 2021-06-01 23:53:51 +02:00
xt_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
xt_cgroup.c
xt_CHECKSUM.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_CLASSIFY.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_cluster.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_comment.c
xt_connbytes.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_connlabel.c
xt_connlimit.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_connmark.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_CONNSECMARK.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_length.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2023-02-22 21:25:23 -08:00
xt_limit.c netfilter: x_tables: improve limit_mt scalability 2021-05-29 01:04:52 +02:00
xt_LOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c netfilter: xtables: fix typo causing some targets not to load on IPv6 2024-11-01 01:58:29 +01:00
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c netfilter: Remove unnecessary conversion to bool 2020-12-01 09:45:29 +01:00
xt_NFLOG.c netfilter: xtables: fix typo causing some targets not to load on IPv6 2024-11-01 01:58:29 +01:00
xt_NFQUEUE.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-20 22:43:42 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 18:45:10 +01:00
xt_physdev.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:35:59 -08:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_RATEEST.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 11:59:36 +01:00
xt_REDIRECT.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-03-22 21:48:59 +01:00
xt_repldata.h netfilter: xtables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-08-30 17:34:01 +02:00
xt_SECMARK.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-17 15:24:28 +02:00
xt_set.c
xt_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
xt_string.c
xt_TCPMSS.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c xtables: move icmp/icmpv6 logic to xt_tcpudp 2023-03-22 21:48:59 +01:00
xt_TEE.c
xt_time.c
xt_TPROXY.c netfilter: xt_TPROXY: remove pr_debug invocations 2022-07-21 00:56:00 +02:00
xt_TRACE.c netfilter: xtables: fix typo causing some targets not to load on IPv6 2024-11-01 01:58:29 +01:00
xt_u32.c netfilter: xt_u32: validate user space input 2023-08-30 17:34:01 +02:00