Florian Westphal 0d7df906a0 netfilter: x_tables: ensure last rule in base chain matches underflow/policy ... Harmless from kernel point of view, but again iptables assumes that this is true when decoding ruleset coming from kernel. If a (syzkaller generated) ruleset doesn't have the underflow/policy stored as the last rule in the base chain, then iptables will abort() because it doesn't find the chain policy. libiptc assumes that the policy is the last rule in the basechain, which is only true for iptables-generated rulesets. Unfortunately this needs code duplication -- the functions need the struct layout of the rule head, but that is different for ip/ip6/arptables. NB: pr_warn could be pr_debug but in case this break rulesets somehow its useful to know why blob was rejected. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2018-03-05 23:15:44 +01:00
..
ila	net: Convert ila_net_ops	2018-02-27 11:01:39 -05:00
netfilter	netfilter: x_tables: ensure last rule in base chain matches underflow/policy	2018-03-05 23:15:44 +01:00
addrconf_core.c	net: ipv6: Make inet6addr_validator a blocking notifier	2017-10-20 13:15:07 +01:00
addrconf.c	ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses	2018-03-01 13:43:06 -05:00
addrlabel.c	net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops	2018-02-19 14:19:11 -05:00
af_inet6.c	net: Convert inet6_net_ops	2018-02-19 14:19:09 -05:00
ah6.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2017-11-15 11:56:19 -08:00
anycast.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
calipso.c
datagram.c	net: ipv6: Allow connect to linklocal address from socket bound to vrf	2018-01-08 14:11:18 -05:00
esp6_offload.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-01-23 13:51:56 -05:00
esp6.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-01-17 00:10:42 -05:00
exthdrs_core.c	inet: whitespace cleanup	2018-02-28 11:43:28 -05:00
exthdrs_offload.c
exthdrs.c	ipv6: sr: fix TLVs not being copied using setsockopt	2018-01-10 16:03:55 -05:00
fib6_notifier.c	net: Add module reference to FIB notifiers	2017-09-01 20:33:42 -07:00
fib6_rules.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
fou6.c
icmp.c	net/ipv6: Add support for path selection using hash of 5-tuple	2018-03-04 13:04:23 -05:00
inet6_connection_sock.c
inet6_hashtables.c	inet: Add a 2nd listener hashtable (port+addr)	2017-12-03 10:18:28 -05:00
ip6_checksum.c	udplite: fix partial checksum initialization	2018-02-16 15:57:42 -05:00
ip6_fib.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
ip6_flowlabel.c	net: Convert ip6_flowlabel_net_ops	2018-02-19 14:19:11 -05:00
ip6_gre.c	gre: add sequence number for collect md mode.	2018-03-04 18:35:02 -05:00
ip6_icmp.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
ip6_input.c
ip6_offload.c	gso: fix payload length when gso_size is zero	2017-10-08 10:12:15 -07:00
ip6_offload.h
ip6_output.c	ip6mr: Make mroute_sk rcu-based	2018-03-01 13:13:23 -05:00
ip6_tunnel.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
ip6_udp_tunnel.c
ip6_vti.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
ip6mr.c	ipmr, ip6mr: Unite dumproute flows	2018-03-01 13:13:23 -05:00
ipcomp6.c
ipv6_sockglue.c	inet: whitespace cleanup	2018-02-28 11:43:28 -05:00
Kconfig	ipmr,ipmr6: Define a uniform vif_device	2018-03-01 13:13:23 -05:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
mcast_snoop.c
mcast.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
mip6.c
ndisc.c	net: Convert icmpv6_sk_ops, ndisc_net_ops and igmp6_net_ops	2018-02-19 14:19:10 -05:00
netfilter.c	netfilter: remove struct nf_afinfo and its helper functions	2018-01-08 18:11:02 +01:00
output_core.c	net: accept UFO datagrams from tuntap and packet	2017-11-24 01:37:35 +09:00
ping.c	net: Convert ping_v6_net_ops	2018-02-19 14:19:11 -05:00
proc.c	inet: whitespace cleanup	2018-02-28 11:43:28 -05:00
protocol.c
raw.c	net: Convert raw6_net_ops, udplite6_net_ops, ipv6_proc_ops, if6_proc_net_ops and ip6_route_net_late_ops	2018-02-19 14:19:10 -05:00
reassembly.c	net: Convert ip6_frags_ops	2018-02-19 14:19:11 -05:00
route.c	net/ipv6: Add support for path selection using hash of 5-tuple	2018-03-04 13:04:23 -05:00
seg6_hmac.c	ipv6: sr: Use ARRAY_SIZE macro	2017-09-01 18:35:23 -07:00
seg6_iptunnel.c	ipv6: sr: add support for encapsulation of L2 frames	2017-08-25 17:10:23 -07:00
seg6_local.c	net/ipv6: Pass skb to route lookup	2018-03-04 13:04:22 -05:00
seg6.c	net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops	2018-02-19 14:19:11 -05:00
sit.c	net: Convert sit_net_ops	2018-02-27 11:01:38 -05:00
syncookies.c	tcp: Namespace-ify sysctl_tcp_workaround_signed_windows	2017-10-28 19:24:38 +09:00
sysctl_net_ipv6.c	net/ipv6: Add support for path selection using hash of 5-tuple	2018-03-04 13:04:23 -05:00
tcp_ipv6.c	net: Convert tcpv6_net_ops	2018-02-19 14:19:10 -05:00
tcpv6_offload.c	gso: validate gso_type in GSO handlers	2018-01-22 16:01:30 -05:00
tunnel6.c
udp_impl.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
udp_offload.c	gso: validate gso_type in GSO handlers	2018-01-22 16:01:30 -05:00
udp.c	net: delete /proc THIS_MODULE references	2018-01-16 15:01:33 -05:00
udplite.c	net: Convert ip_tables_net_ops, udplite6_net_ops and xt_net_ops	2018-02-19 14:19:12 -05:00
xfrm6_input.c	xfrm: Reinject transport-mode packets through tasklet	2017-12-19 08:23:21 +01:00
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-01-24 23:44:15 -05:00
xfrm6_output.c
xfrm6_policy.c	net: Convert xfrm6_net_ops	2018-02-19 14:19:11 -05:00
xfrm6_protocol.c
xfrm6_state.c	inet: whitespace cleanup	2018-02-28 11:43:28 -05:00
xfrm6_tunnel.c	net: Convert simple pernet_operations	2018-02-27 11:01:35 -05:00