lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e6f30c7317
linux-kernel-test/net/netfilter
History
Willem de Bruijn e6f30c7317 netfilter: x_tables: add xt_bpf match 
Support arbitrary linux socket filter (BPF) programs as x_tables
match rules. This allows for very expressive filters, and on
platforms with BPF JIT appears competitive with traditional
hardcoded iptables rules using the u32 match.

The size of the filter has been artificially limited to 64
instructions maximum to avoid bloating the size of each rule
using this new match.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-01-21 12:20:19 +01:00
..
ipset netfilter: ipset: Increase the number of maximal sets automatically 2012-12-03 14:36:08 +01:00
ipvs Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
core.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
Kconfig netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
Makefile netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
nf_conntrack_acct.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_amanda.c netfilter: nf_nat: support IPv6 in amanda NAT helper 2012-08-30 03:00:21 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: add connlabel conntrack extension 2013-01-18 00:28:15 +01:00
nf_conntrack_ecache.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_expect.c netfilter: nf_ct_expect: fix possible access to uninitialized timer 2012-08-16 11:49:53 +02:00
nf_conntrack_extend.c netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries 2012-09-24 14:29:40 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper 2012-10-22 12:21:55 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_irc.c netfilter: nf_nat: support IPv6 in IRC NAT helper 2012-08-30 03:00:23 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c netfilter: ctnetlink: allow userspace to modify labels 2013-01-18 00:28:17 +01:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: allow userspace to modify labels 2013-01-18 00:28:17 +01:00
nf_conntrack_pptp.c netfilter: nf_nat: add protoff argument to packet mangling functions 2012-08-30 03:00:13 +02:00
nf_conntrack_proto_dccp.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: prepare l4proto->init_net cleanup 2012-06-27 18:31:14 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init 2012-06-27 19:13:31 +02:00
nf_conntrack_proto_tcp.c netfilter: ctnetlink: nla_policy updates 2012-12-03 15:13:10 +01:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_udplite.c netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function 2012-06-27 19:12:52 +02:00
nf_conntrack_proto.c netfilter: nf_conntrack: remove unnecessary RTNL locking 2012-08-20 12:46:29 +02:00
nf_conntrack_sane.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_sip.c netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones 2013-01-17 21:12:44 +01:00
nf_conntrack_snmp.c netfilter: nf_ct_snmp: add include file 2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c netfilter: nf_conntrack: fix BUG_ON while removing nf_conntrack with netns 2013-01-12 14:12:36 +01:00
nf_conntrack_tftp.c netfilter: nf_nat: support IPv6 in TFTP NAT helper 2012-08-30 03:00:24 +02:00
nf_conntrack_timeout.c netfilter: nf_ct_ext: add timeout extension 2012-03-07 17:41:25 +01:00
nf_conntrack_timestamp.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_internals.h netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue() 2012-09-03 13:52:54 +02:00
nf_log.c various: Fix spelling of "registered" in comments. 2012-11-19 14:29:46 +01:00
nf_nat_amanda.c netfilter: nf_nat: support IPv6 in amanda NAT helper 2012-08-30 03:00:21 +02:00
nf_nat_core.c netfilter: nf_nat: remove obsolete rcu_read_unlock call 2012-09-21 12:09:25 +02:00
nf_nat_ftp.c netfilter: nf_nat: support IPv6 in FTP NAT helper 2012-08-30 03:00:20 +02:00
nf_nat_helper.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_irc.c netfilter: nf_nat: support IPv6 in IRC NAT helper 2012-08-30 03:00:23 +02:00
nf_nat_proto_common.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_dccp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_sctp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_tcp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udplite.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_unknown.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_sip.c netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones 2013-01-17 21:12:44 +01:00
nf_nat_tftp.c netfilter: nf_nat: support IPv6 in TFTP NAT helper 2012-08-30 03:00:24 +02:00
nf_queue.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nf_sockopt.c
nf_tproxy_core.c
nfnetlink_acct.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
nfnetlink_cthelper.c netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries 2012-09-24 14:29:40 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix buffer overflow 2012-11-21 23:50:14 +01:00
nfnetlink_log.c netfilter: nfnetlink_log: fix possible compilation issue due to missing include 2012-12-17 01:16:17 +01:00
nfnetlink_queue_core.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nfnetlink_queue_ct.c netfilter: nfnetlink_queue: fix sparse warning due to missing include 2012-06-23 02:13:38 +02:00
nfnetlink.c net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
x_tables.c netfilter: x_tables: print correct hook names for ARP 2013-01-13 12:54:12 +01:00
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_AUDIT.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
xt_bpf.c netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlabel.c netfilter: add connlabel conntrack extension 2013-01-18 00:28:15 +01:00
xt_connlimit.c netfilter: xt_connlimit: remove revision 0 2012-06-07 14:58:39 +02:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: xt_CT: fix unset return value if conntrack zone are disabled 2013-01-10 13:11:00 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: fix namespace destroy path 2012-12-26 18:14:48 +01:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c ipv6: Move ipv6_find_hdr() out of Netfilter code. 2012-11-09 17:05:07 -08:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_iprange.c
xt_ipvs.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
xt_LED.c
xt_length.c
xt_limit.c netfilter: xt_limit: have r->cost != 0 case work 2012-09-26 01:33:16 +02:00
xt_LOG.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets 2012-10-15 13:39:12 +02:00
xt_NETMAP.c netfilter: combine ipt_NETMAP and ip6t_NETMAP 2012-09-21 12:11:08 +02:00
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_NFLOG.c
xt_NFQUEUE.c netfilter: sparse endian fixes 2012-08-20 12:45:57 +02:00
xt_osf.c netfilter: sparse endian fixes 2012-08-20 12:45:57 +02:00
xt_owner.c userns: xt_owner: Add basic user namespace support. 2012-08-14 21:55:30 -07:00
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_rateest.c
xt_RATEEST.c
xt_realm.c
xt_recent.c netfilter: xt_recent: avoid high order page allocations 2013-01-04 20:14:42 +01:00
xt_REDIRECT.c netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
xt_socket.c netfilter: xt_socket: fix compilation warnings with gcc 4.7 2012-09-03 13:31:39 +02:00
xt_state.c
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: don't use destination address found in header 2012-10-17 11:00:31 +02:00
xt_time.c netfilter: xt_time: add support to ignore day transition 2012-09-24 14:29:01 +02:00
xt_TPROXY.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xt_TRACE.c
xt_u32.c