aboutsummaryrefslogtreecommitdiff
path: root/net/netfilter/xt_TCPOPTSTRIP.c
AgeCommit message (Collapse)Author
2013-05-16netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundaryPablo Neira Ayuso
This target assumes that tcph->doff is well-formed, that may be well not the case. Add extra sanity checkings to avoid possible crash due to read/write out of the real packet boundary. After this patch, the default action on malformed TCP packets is to drop them. Moreover, fragments are skipped. Reported-by: Rafal Kupka <rkupka@telemetry.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-12-16net:netfilter: use IS_ENABLEDIgor Maravić
Use IS_ENABLED(CONFIG_FOO) instead of defined(CONFIG_FOO) || defined (CONFIG_FOO_MODULE) Signed-off-by: Igor Maravić <igorm@etf.rs> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-12-03ipv6: Add fragment reporting to ipv6_skip_exthdr().Jesse Gross
While parsing through IPv6 extension headers, fragment headers are skipped making them invisible to the caller. This reports the fragment offset of the last header in order to make it possible to determine whether the packet is fragmented and, if so whether it is a first or last fragment. Signed-off-by: Jesse Gross <jesse@nicira.com>
2010-05-11netfilter: xtables: substitute temporary defines by final nameJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: update my email addressJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2008-10-08netfilter: xtables: move extension arguments into compound structure (4/6)Jan Engelhardt
This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-10-08netfilter: x_tables: use NFPROTO_* in extensionsJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-04-29netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retvalRoel Kluin
if tcphoff remains unsigned, a negative ipv6_skip_exthdr() return value will go unnoticed, Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: Update modules' descriptionsJan Engelhardt
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules, actually describing what the module does and not just "netfilter XYZ target". Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: x_tables: add TCPOPTSTRIP targetSven Schnelle
Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 20:52:59 +0000