Star4
53
代码
代码
Issues27
Pull Requests19
流水线
讨论
Wiki
分析
Star4
53
proviiproviinetfilter: nft_ct: drop pending enqueued packets on removal
5e452a6d创建于 15 天前历史提交
文件最后提交记录最后更新时间
ipset
netfilter: ipset: Missing gc cancellations fixed1 年前
ipvs
ipvs: avoid stat macros calls from preemptible context1 年前
Kconfig
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y3 年前
Makefile
add quota2 patch3 年前
core.c
Remove DECnet support from kernel2 年前
nf_conncount.c
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()11 个月前
nf_conntrack_acct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
nf_conntrack_amanda.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_conntrack_broadcast.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_conntrack_core.c
netfilter: conntrack: clamp maximum hashtable size to INT_MAX1 年前
nf_conntrack_ecache.c
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack15 天前
nf_conntrack_expect.c
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack15 天前
nf_conntrack_extend.c
netfilter: conntrack: remove two export symbols6 年前
nf_conntrack_ftp.c
treewide: Remove uninitialized_var() usage5 年前
nf_conntrack_h323_asn1.c
netfilter: Use fallthrough pseudo-keyword5 年前
nf_conntrack_h323_main.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_conntrack_h323_types.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4846 年前
nf_conntrack_helper.c
netfilter: nf_conntrack_helper: pass helper to expect cleanup15 天前
nf_conntrack_irc.c
netfilter: nf_conntrack_irc: Fix forged IP logic3 年前
nf_conntrack_labels.c
netfilter: not mark a spinlock as __read_mostly6 年前
nf_conntrack_netbios_ns.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1526 年前
nf_conntrack_netlink.c
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack15 天前
nf_conntrack_pptp.c
netfilter: delete repeated words5 年前
nf_conntrack_proto.c
netfilter: conntrack: unregister ipv4 sockopts on error unwind4 年前
nf_conntrack_proto_dccp.c
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one2 年前
nf_conntrack_proto_generic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
nf_conntrack_proto_gre.c
netfilter: conntrack: Fix gre tunneling over ipv65 年前
nf_conntrack_proto_icmp.c
netfilter: ctnetlink: add kernel side filtering for dump5 年前
nf_conntrack_proto_icmpv6.c
netfilter: conntrack: set icmpv6 redirects as RELATED3 年前
nf_conntrack_proto_sctp.c
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp1 年前
nf_conntrack_proto_tcp.c
netfilter: ctnetlink: use netlink policy range checks30 天前
nf_conntrack_proto_udp.c
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state3 年前
nf_conntrack_sane.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_conntrack_seqadj.c
netfilter: conntrack, nat: prefer skb_ensure_writable6 年前
nf_conntrack_sip.c
!1938 merge cve-fix-20260519-master into master16 天前
nf_conntrack_snmp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1526 年前
nf_conntrack_standalone.c
netfilter: conntrack: fix possible bug_on with enable_hooks=12 年前
nf_conntrack_tftp.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_conntrack_timeout.c
netfilter: update include directives.6 年前
nf_conntrack_timestamp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 776 年前
nf_dup_netdev.c
netfilter: nf_fwd_netdev: clear timestamp in forwarding path5 年前
nf_flow_table_core.c
netfilter: conntrack: annotate data-races around ct->timeout3 年前
nf_flow_table_inet.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nf_flow_table_ip.c
netfilter: flowtable: reduce calls to pskb_may_pull()5 年前
nf_flow_table_offload.c
netfilter: flowtable: initialise extack before use1 年前
nf_internals.h
netfilter: ctnetlink: add kernel side filtering for dump5 年前
nf_log.c
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger1 年前
nf_log_common.c
netfilter: nf_log: missing vlan offload tag and proto5 年前
nf_log_netdev.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
nf_nat_amanda.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_nat_core.c
netfilter: nf_nat: Fix memleak in nf_nat_init5 年前
nf_nat_ftp.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_nat_helper.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net6 年前
nf_nat_irc.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_nat_masquerade.c
netfilter: nf_nat_masquerade: defer conntrack walk to work queue4 年前
nf_nat_proto.c
netfilter: nf_nat: undo erroneous tcp edemux lookup5 年前
nf_nat_redirect.c
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses1 年前
nf_nat_sip.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_nat_tftp.c
netfilter: nf_conntrack_sip: fix expectation clash6 年前
nf_queue.c
netfilter: nf_queue: handle socket prefetch3 年前
nf_sockopt.c
netfilter: switch nf_setsockopt to sockptr_t5 年前
nf_synproxy_core.c
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks3 年前
nf_tables_api.c
netfilter: nf_tables: reject immediate NF_QUEUE verdict15 天前
nf_tables_core.c
netfilter: nf_tables: add and use nft_thoff helper2 年前
nf_tables_offload.c
netfilter: nf_tables: use net_generic infra for transaction data2 年前
nf_tables_trace.c
netfilter: nf_tables: add and use nft_thoff helper2 年前
nfnetlink.c
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM2 年前
nfnetlink_acct.c
netfilter: add helper function to set up the nfnetlink header and use it3 年前
nfnetlink_cthelper.c
netfilter: add helper function to set up the nfnetlink header and use it3 年前
nfnetlink_cttimeout.c
netfilter: add helper function to set up the nfnetlink header and use it3 年前
nfnetlink_log.c
netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator15 天前
nfnetlink_osf.c
nfnetlink_osf: validate individual option lengths in fingerprints27 天前
nfnetlink_queue.c
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()1 年前
nft_bitwise.c
netfilter: nf_tables: upfront validation of data via nft_data_init()3 年前
nft_byteorder.c
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()1 年前
nft_chain_filter.c
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain1 年前
nft_chain_nat.c
netfilter: nft_chain_nat: inet family is missing module ownership6 年前
nft_chain_route.c
netfilter: use actual socket sk rather than skb sk when routing harder5 年前
nft_cmp.c
netfilter: nf_tables: upfront validation of data via nft_data_init()3 年前
nft_compat.c
netfilter: nft_compat: restrict match/target protocol to u161 年前
nft_connlimit.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_counter.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_ct.c
netfilter: nft_ct: drop pending enqueued packets on removal15 天前
nft_dup_netdev.c
netfilter: nftables: add nft_parse_register_load() and use it3 年前
nft_dynset.c
netfilter: nft_dynset: disallow object maps2 年前
nft_exthdr.c
netfilter: nf_tables: fix 'exist' matching on bigendian arches1 年前
nft_fib.c
netfilter: nf_tables: fix 'exist' matching on bigendian arches1 年前
nft_fib_inet.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_fib_netdev.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_flow_offload.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_fwd_netdev.c
netfilter: nftables: add nft_parse_register_load() and use it3 年前
nft_hash.c
netfilter: nftables: add nft_parse_register_store() and use it3 年前
nft_immediate.c
netfilter: nft_immediate: drop chain reference counter on error1 年前
nft_limit.c
netfilter: nft_limit: avoid possible divide error in nft_limit_init5 年前
nft_log.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_lookup.c
netfilter: nf_tables: deactivate anonymous set from preparation phase3 年前
nft_masq.c
netfilter: nft_masq: correct length for loading protocol registers2 年前
nft_meta.c
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()1 年前
nft_nat.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_numgen.c
netfilter: use get_random_u32 instead of prandom3 年前
nft_objref.c
netfilter: nf_tables: report use refcount overflow2 年前
nft_osf.c
netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families3 年前
nft_payload.c
netfilter: nft_payload: fix wrong mac header matching1 年前
nft_queue.c
netfilter: nftables: add nft_parse_register_load() and use it3 年前
nft_quota.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
nft_range.c
netfilter: nf_tables: upfront validation of data via nft_data_init()3 年前
nft_redir.c
netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs1 年前
nft_reject.c
netfilter: introduce support for reject at prerouting stage5 年前
nft_reject_inet.c
netfilter: nf_tables: add and use nft_sk helper2 年前
nft_rt.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_set_bitmap.c
netfilter: nf_tables: drop map element references from preparation phase2 年前
nft_set_hash.c
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration2 年前
nft_set_pipapo.c
netfilter: nft_set_pipapo: skip inactive elements during set walk3 个月前
nft_set_pipapo.h
netfilter: nft_set_pipapo: remove scratch_aligned pointer1 年前
nft_set_pipapo_avx2.c
netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry15 天前
nft_set_pipapo_avx2.h
x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX26 年前
nft_set_rbtree.c
netfilter: nft_set_rbtree: skip end interval element from gc1 年前
nft_socket.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_synproxy.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_tproxy.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
nft_tunnel.c
netfilter: nft_tunnel: restrict it to netdev family3 年前
nft_xfrm.c
netfilter: nf_tables: validate NFPROTO_* family1 年前
utils.c
netfilter: use actual socket sk rather than skb sk when routing harder5 年前
x_tables.c
netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP30 天前
xt_AUDIT.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_CHECKSUM.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_CLASSIFY.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_CONNSECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_CT.c
netfilter: xt_CT: drop pending enqueued packets on template removal30 天前
xt_DSCP.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net6 年前
xt_HL.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net6 年前
xt_HMARK.c
netfilter: xt_HMARK: Use ip_is_fragment() helper5 年前
xt_IDLETIMER.c
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels27 天前
xt_LED.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_LOG.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_MASQUERADE.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_NETMAP.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_NFLOG.c
netfilter: xtables: fix typo causing some targets not to load on IPv61 年前
xt_NFQUEUE.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_RATEEST.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_REDIRECT.c
netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs1 年前
xt_SECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_TCPMSS.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net6 年前
xt_TCPOPTSTRIP.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net6 年前
xt_TEE.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 年前
xt_TPROXY.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_TRACE.c
netfilter: xtables: fix typo causing some targets not to load on IPv61 年前
xt_addrtype.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_bpf.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_cgroup.c
netfilter: x_tables: ensure names are nul-terminated15 天前
xt_cluster.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_comment.c
treewide: Add SPDX license identifier for more missed files6 年前
xt_connbytes.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_connlabel.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_connlimit.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_connmark.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed1 年前
xt_conntrack.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_cpu.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_dccp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_devgroup.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_dscp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_ecn.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_esp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_hashlimit.c
netfilter: Replace zero-length array with flexible-array member6 年前
xt_helper.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_hl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_ipcomp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1526 年前
xt_iprange.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next6 年前
xt_ipvs.c
treewide: Add SPDX license identifier for more missed files6 年前
xt_l2tp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_length.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_limit.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_mac.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_mark.c
netfilter: xtables: fix typo causing some targets not to load on IPv61 年前
xt_multiport.c
netfilter: xt_multiport: validate range encoding in checkentry30 天前
xt_nat.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules5 年前
xt_nfacct.c
netfilter: Replace HTTP links with HTTPS ones5 年前
xt_osf.c
netfilter: nfnetlink_osf: fix module autoload2 年前
xt_owner.c
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket1 年前
xt_physdev.c
netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers6 年前
xt_pkttype.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_policy.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_quota.c
treewide: Add SPDX license identifier for more missed files6 年前
xt_quota2.c
add quota2 patch3 年前
xt_rateest.c
netfilter: x_tables: ensure names are nul-terminated15 天前
xt_realm.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_recent.c
netfilter: xt_recent: fix (increase) ipv6 literal buffer length1 年前
xt_repldata.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license8 年前
xt_sctp.c
netfilter: xt_sctp: validate the flag_info count2 年前
xt_set.c
netfilter: inline four headers files into another one.6 年前
xt_socket.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_state.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_statistic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_string.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_tcpmss.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5006 年前
xt_tcpudp.c
treewide: Add SPDX license identifier for more missed files6 年前
xt_time.c
netfilter: Replace HTTP links with HTTPS ones5 年前
xt_u32.c
netfilter: xt_u32: validate user space input2 年前