1. 31a6e0d ipvs: do not schedule icmp errors from tunnels by Julian Anastasov · 5 years ago
  2. 9b04b51 netfilter: compat: initialize all fields in xt_init by Francesco Ruggeri · 5 years ago
  3. 54fa583 netfilter: nft_set_rbtree: check for inactive element after flag mismatch by Pablo Neira Ayuso · 5 years ago
  4. 2ae06da netfilter: physdev: relax br_netfilter dependency by Florian Westphal · 5 years ago
  5. 9204492 netfilter: nf_nat: skip nat clash resolution for same-origin entries by Martynas Pumputis · 5 years ago
  6. 304e1f0 ipvs: Fix signed integer overflow when setsockopt timeout by ZhangXiaoxu · 5 years ago
  7. deba234 netfilter: nf_tables: fix flush after rule deletion in the same batch by Pablo Neira Ayuso · 5 years ago
  8. 1894d7c netfilter: nf_tables: fix mismatch in big-endian system by Liping Zhang · 7 years ago
  9. 1231e25 netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel by Pan Bian · 6 years ago
  10. d013a1c netfilter: seqadj: re-load tcp header pointer after possible head reallocation by Florian Westphal · 6 years ago
  11. 3d7eec1 ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf by Xin Long · 6 years ago
  12. f184d30 netfilter: xt_IDLETIMER: add sysfs filename checking routine by Taehee Yoo · 6 years ago
  13. 919560a netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net by Eric Westbrook · 6 years ago
  14. 7e1e195 netfilter: conntrack: fix calculation of next bucket number in early_drop by Vasily Khoruzhick · 6 years ago
  15. dc3f9ba netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info by Xin Long · 7 years ago
  16. 3ea051b netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user by Eric Dumazet · 7 years ago
  17. a3db034 ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() by Tan Hu · 6 years ago
  18. f29eb8e netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state by Florian Westphal · 6 years ago
  19. d8a77d1 netfilter: nf_conntrack: Fix possible possible crash on module loading. by Andrey Ryabinin · 6 years ago
  20. f6a6768 netfilter: nf_log: fix uninit read in nf_log_proc_dostring by Jann Horn · 6 years ago
  21. 759fb7f netfilter: nf_tables: check msg_type before nft_trans_set(trans) by Alexey Kodanev · 6 years ago
  22. ac378e6 netfilter: nf_queue: augment nfqa_cfg_policy by Eric Dumazet · 6 years ago
  23. 1712fae netfilter: nf_log: don't hold nf_log_mutex during user access by Jann Horn · 6 years ago
  24. 440bf5a netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() by Taehee Yoo · 6 years ago
  25. 0063faa ipvs: fix buffer overflow with sync daemon and service by Julian Anastasov · 6 years ago
  26. f32bb2a netfilter: nf_tables: can't fail after linking rule into active rule list by Florian Westphal · 6 years ago
  27. 83797a7 ipvs: fix rtnl_lock lockups caused by start_sync_thread by Julian Anastasov · 6 years ago
  28. f51c454 netfilter: conntrack: don't call iter for non-confirmed conntracks by Florian Westphal · 7 years ago
  29. 2171500 netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize by Liping Zhang · 7 years ago
  30. c6ab7c6 netfilter: x_tables: add and use xt_check_proc_name by Florian Westphal · 6 years ago
  31. 3e8f962 netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch by Matthias Kaehlcke · 7 years ago
  32. c70c7be netfilter: x_tables: unlock on error in xt_find_table_lock() by Dan Carpenter · 7 years ago
  33. dfe9c1d ipvs: explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled by Paolo Abeni · 7 years ago
  34. 7ad1c43 netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded by Liping Zhang · 7 years ago
  35. 3a04271 netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink by Liping Zhang · 7 years ago
  36. 87cfd7f netfilter: xt_CT: fix refcnt leak on error path by Gao Feng · 7 years ago
  37. db6a0cb netfilter: x_tables: pack percpu counter allocations by Florian Westphal · 8 years ago
  38. dac4448 netfilter: x_tables: pass xt_counters struct to counter allocator by Florian Westphal · 8 years ago
  39. 61346e2 netfilter: x_tables: pass xt_counters struct instead of packet counter by Florian Westphal · 8 years ago
  40. 034ad9d netfilter: IDLETIMER: be syzkaller friendly by Eric Dumazet · 6 years ago
  41. 7d10575 netfilter: nat: cope with negative port range by Paolo Abeni · 6 years ago
  42. af4b424 netfilter: x_tables: fix missing timer initialization in xt_LED by Paolo Abeni · 6 years ago
  43. 8d5c422 netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert by Cong Wang · 6 years ago
  44. c6f3be7 netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1() by Cong Wang · 6 years ago
  45. b39f3f3 netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} by Eric Dumazet · 6 years ago
  46. 1099c70 netfilter: x_tables: fix int overflow in xt_alloc_table_info() by Dmitry Vyukov · 7 years ago
  47. 898eeca netfilter: xt_osf: Add missing permission checks by Kevin Cernekee · 7 years ago
  48. 2c3184e netfilter: nfnetlink_cthelper: Add missing permission checks by Kevin Cernekee · 7 years ago
  49. 0708a47 netfilter: nfnetlink_queue: fix secctx memory leak by Liping Zhang · 7 years ago
  50. 01060ac netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table by Liping Zhang · 7 years ago
  51. 0f0ac21 netfilter: nfnl_cthelper: Fix memory leak by Jeffy Chen · 7 years ago
  52. ec38fb4 netfilter: nfnl_cthelper: fix runtime expectation policy updates by Pablo Neira Ayuso · 7 years ago
  53. a463f9c netfilter: ipvs: Fix inappropriate output of procfs by KUWAZAWA Takuya · 7 years ago
  54. 0cab694 Fix handling of verdicts after NF_QUEUE by Debabrata Banerjee · 7 years ago
  55. 0117c75 netfilter: nf_tables: fix oob access by Florian Westphal · 8 years ago
  56. ea13fd4 netfilter: nft_queue: use raw_smp_processor_id() by Pablo Neira Ayuso · 8 years ago
  57. a23349b netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" by Florian Westphal · 7 years ago
  58. 25db12f netfilter: nat: avoid use of nf_conn_nat extension by Florian Westphal · 7 years ago
  59. c5493c6 netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family by Liping Zhang · 7 years ago
  60. f107c6d netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value. by Jarno Rajahalme · 7 years ago
  61. cd402b8 netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max by Liping Zhang · 7 years ago
  62. 146561a netfilter: invoke synchronize_rcu after set the _hook_ to NULL by Liping Zhang · 7 years ago
  63. 4c7f54a net/netfilter/nf_conntrack_core: Fix net_conntrack_lock() by Manfred Spraul · 7 years ago
  64. 5f81b1f netfilter: nat: fix src map lookup by Florian Westphal · 7 years ago
  65. 5170d21 netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister by Liping Zhang · 7 years ago
  66. 445ea10 ipvs: SNAT packet replies only for NATed connections by Julian Anastasov · 7 years ago
  67. b89bd0c netfilter: synproxy: fix conntrackd interaction by Eric Leblond · 7 years ago
  68. ced7689 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff by Eric Dumazet · 7 years ago
  69. c47538f netfilter: nft_log: restrict the log prefix length to 127 by Liping Zhang · 7 years ago
  70. fefdd79 netfilter: nf_tables: fix set->nelems counting with no NLM_F_EXCL by Pablo Neira Ayuso · 7 years ago
  71. d864e67 netfilter: nf_conntrack_sip: fix wrong memory initialisation by Christophe Leroy · 7 years ago
  72. 3eb235a netfilter: nft_set_rbtree: handle element re-addition after deletion by Pablo Neira Ayuso · 7 years ago
  73. 371d034 netfilter: conntrack: refine gc worker heuristics, redux by Florian Westphal · 7 years ago
  74. 5f7ff59 netfilter: conntrack: remove GC_MAX_EVICTS break by Florian Westphal · 7 years ago
  75. 8f9872b netfilter: nf_ct_helper: warn when not applying default helper assignment by Jiri Kosina · 7 years ago
  76. 49cdc4c netfilter: nft_range: add the missing NULL pointer check by Liping Zhang · 8 years ago
  77. d3e2a11 netfilter: nf_tables: fix inconsistent element expiration calculation by Anders K. Pedersen · 8 years ago
  78. 7223ecd netfilter: nat: switch to new rhlist interface by Florian Westphal · 8 years ago
  79. 728e87b netfilter: nat: fix cmp return value by Florian Westphal · 8 years ago
  80. abd66e9 netfilter: nft_hash: validate maximum value of u32 netlink hash attribute by Laura Garcia Liebana · 8 years ago
  81. 58c78e1 netfilter: nf_tables: fix oops when inserting an element into a verdict map by Liping Zhang · 8 years ago
  82. e0df8ca netfilter: conntrack: refine gc worker heuristics by Florian Westphal · 8 years ago
  83. 6114cc5 netfilter: conntrack: fix CT target for UNSPEC helpers by Florian Westphal · 8 years ago
  84. fb9c964 netfilter: connmark: ignore skbs with magic untracked conntrack objects by Florian Westphal · 8 years ago
  85. 8fbfef7 ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr by WANG Cong · 8 years ago
  86. c17c3cd netfilter: nf_tables: destroy the set if fail to add transaction by Liping Zhang · 8 years ago
  87. 5747620 netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning by Arnd Bergmann · 8 years ago
  88. f1d505b netfilter: nf_tables: fix type mismatch with error return from nft_parse_u32_check by John W. Linville · 8 years ago
  89. 444f901 netfilter: nf_conntrack_sip: extend request line validation by Ulrich Weber · 8 years ago
  90. dab4506 netfilter: nf_tables: fix race when create new element in dynset by Liping Zhang · 8 years ago
  91. 61f9e29 netfilter: nf_tables: fix *leak* when expr clone fail by Liping Zhang · 8 years ago
  92. bb6a6e8 netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled by Liping Zhang · 8 years ago
  93. 7034b56 netfilter: fix nf_queue handling by Pablo Neira Ayuso · 8 years ago
  94. 7bb6615 netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached by Nicolas Dichtel · 8 years ago
  95. 1ecc281 netfilter: x_tables: suppress kmemcheck warning by Florian Westphal · 8 years ago
  96. d2e4d59 netfilter: nf_tables: avoid uninitialized variable warning by Arnd Bergmann · 8 years ago
  97. ccca660 netfilter: nft_range: validate operation netlink attribute by Pablo Neira Ayuso · 8 years ago
  98. 21a9e0f netfilter: nft_exthdr: fix error handling in nft_exthdr_init() by Dan Carpenter · 8 years ago
  99. 09525a0 netfilter: nf_tables: underflow in nft_parse_u32_check() by Dan Carpenter · 8 years ago
  100. 5751e17 netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policy by Liping Zhang · 8 years ago