OSDN Git Service

(root) / tomoyo / tomoyo-test1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 50f2db9) | patch
netfilter: allow to turn off xtables compat layer
authorFlorian Westphal <fw@strlen.de>
Mon, 26 Apr 2021 10:14:40 +0000 (12:14 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 26 Apr 2021 16:16:56 +0000 (18:16 +0200)
commit47a6959fa331fe892a4fc3b48ca08e92045c6bda
tree02aaee18c39de580c05dc3bb186a3e642200b81dtree | snapshot
parent50f2db9e368f73ecbbaa92da365183fa953aaba7commit | diff
netfilter: allow to turn off xtables compat layer

The compat layer needs to parse untrusted input (the ruleset)
to translate it to a 64bit compatible format.

We had a number of bugs in this department in the past, so allow users
to turn this feature off.

Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y
to keep existing behaviour.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
15 files changed:
include/linux/netfilter/x_tables.h diff | blob | history
include/linux/netfilter_arp/arp_tables.h diff | blob | history
include/linux/netfilter_ipv4/ip_tables.h diff | blob | history
include/linux/netfilter_ipv6/ip6_tables.h diff | blob | history
net/bridge/netfilter/ebt_limit.c diff | blob | history
net/bridge/netfilter/ebt_mark.c diff | blob | history
net/bridge/netfilter/ebt_mark_m.c diff | blob | history
net/bridge/netfilter/ebtables.c diff | blob | history
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv4/netfilter/ipt_CLUSTERIP.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
net/netfilter/Kconfig diff | blob | history
net/netfilter/x_tables.c diff | blob | history
net/netfilter/xt_limit.c diff | blob | history
This is a test repository.
About OSDN
Find Software
Develop Software
Help