OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6c35abaedc
linux/net/netfilter
History
Florian Westphal 3e5e524ffb netfilter: CONFIG_COMPAT: allow delta to exceed 32767 
with 32 bit userland and 64 bit kernels, it is unlikely but possible
that insertion of new rules fails even tough there are only about 2000
iptables rules.

This happens because the compat delta is using a short int.
Easily reproducible via "iptables -m limit" ; after about 2050
rules inserting new ones fails with -ELOOP.

Note that compat_delta included 2 bytes of padding on x86_64, so
structure size remains the same.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-02-15 18:17:10 +01:00
..
ipvs Merge branch 'master' of /repos/git/net-next-2.6 2010-02-10 14:17:10 +01:00
core.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
Kconfig netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
Makefile netfilter: xtables: add CT target 2010-02-03 17:17:06 +01:00
nf_conntrack_acct.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_amanda.c
nf_conntrack_core.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_ecache.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_expect.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_extend.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq() 2010-01-07 18:33:18 +01:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c Merge branch 'master' of /repos/git/net-next-2.6 2010-02-10 14:17:10 +01:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: add zone support 2010-02-15 18:14:57 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto_dccp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_generic.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udplite.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto.c
nf_conntrack_sane.c
nf_conntrack_sip.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_standalone.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_tftp.c
nf_internals.h
nf_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6 2009-12-08 07:38:50 -08:00
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink_log.c netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
nfnetlink_queue.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
nfnetlink.c netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
x_tables.c netfilter: CONFIG_COMPAT: allow delta to exceed 32767 2010-02-15 18:17:10 +01:00
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlimit.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_connmark.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_conntrack.c netfilter: xtables: fix conntrack match v1 ipt-save output 2009-11-23 10:43:57 +01:00
xt_CT.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_dccp.c
xt_dscp.c
xt_DSCP.c
xt_esp.c
xt_hashlimit.c netfilter: xtables: constify args in compat copying functions 2010-02-15 16:59:28 +01:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_iprange.c
xt_LED.c
xt_length.c
xt_limit.c netfilter: xtables: constify args in compat copying functions 2010-02-15 16:59:28 +01:00
xt_mac.c
xt_mark.c
xt_MARK.c
xt_multiport.c
xt_NFLOG.c
xt_NFQUEUE.c netfilter: xtables: do not grab random bytes at __init 2010-01-04 16:27:25 +01:00
xt_NOTRACK.c
xt_osf.c netfilter: xt_osf: change %pi4 to %pI4 2010-01-11 11:55:36 +01:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c netfilter: xtables: do not grab random bytes at __init 2010-01-04 16:27:25 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: inform user when hitcount is too large 2010-02-15 16:31:35 +01:00
xt_repldata.h netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
xt_sctp.c
xt_SECMARK.c
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c netfilter: xt_TCPMSS: SYN packets are allowed to contain data 2010-02-02 15:33:38 +01:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c