git/linux-cryptodev-2.6
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git synced 2026-04-18 03:23:53 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
779c60a5190c42689534172f4b49e927c9959e4e
linux-cryptodev-2.6/net/netfilter
History
Brian Witte 779c60a519 netfilter: nft_counter: serialize reset with spinlock 
Add a global static spinlock to serialize counter fetch+reset
operations, preventing concurrent dump-and-reset from underrunning
values.

The lock is taken before fetching the total so that two parallel
resets cannot both read the same counter values and then both
subtract them.

A global lock is used for simplicity since resets are infrequent.
If this becomes a bottleneck, it can be replaced with a per-net
lock later.

Fixes: bd662c4218 ("netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests")
Fixes: 3d483faa66 ("netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests")
Fixes: 3cb03edb4d ("netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests")
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Brian Witte <brianwitte@mailfence.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
2026-02-17 15:04:20 +01:00
..
ipset
netfilter: ipset: Remove unused htable_bits in macro ahash_region
2025-09-11 15:40:55 +02:00
ipvs
net/ipv6: Introduce payload_len helpers
2026-02-06 20:50:03 -08:00
core.c
netfilter: nf_dup{4, 6}: Move duplication check to task_struct
2025-05-23 13:57:12 +02:00
Kconfig
netfilter: Exclude LEGACY TABLES on PREEMPT_RT.
2025-07-25 18:38:50 +02:00
Makefile
netfilter: flowtable: move path discovery infrastructure to its own file
2025-11-27 23:59:43 +00:00
nf_bpf_link.c
bpf: Check netfilter ctx accesses are aligned
2025-08-01 09:22:44 -07:00
nf_conncount.c
netfilter: nf_conncount: fix tracking of connections from localhost
2026-01-20 16:23:38 +01:00
nf_conntrack_acct.c
nf_conntrack_amanda.c
netfilter: annotate NAT helper hook pointers with __rcu
2026-02-17 15:04:20 +01:00
nf_conntrack_bpf.c
Merge tag 'net-next-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2026-02-11 19:31:52 -08:00
nf_conntrack_broadcast.c
netfilter: conntrack: remove skb argument from nf_ct_refresh
2025-01-19 16:41:55 +01:00
nf_conntrack_core.c
netfilter: conntrack: warn when cleanup is stuck
2025-12-10 01:15:27 -08:00
nf_conntrack_ecache.c
net: replace use of system_wq with system_percpu_wq
2025-09-22 17:40:30 -07:00
nf_conntrack_expect.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
nf_conntrack_extend.c
netfilter: conntrack: fix extension size table
2023-09-13 21:57:50 +02:00
nf_conntrack_ftp.c
netfilter: annotate NAT helper hook pointers with __rcu
2026-02-17 15:04:20 +01:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
2024-03-07 03:10:35 +01:00
nf_conntrack_h323_main.c
netfilter: don't include xt and nftables.h in unrelated subsystems
2026-01-20 16:23:37 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
2025-08-27 11:53:38 +02:00
nf_conntrack_irc.c
netfilter: annotate NAT helper hook pointers with __rcu
2026-02-17 15:04:20 +01:00
nf_conntrack_labels.c
netfilter: conntrack: switch connlabels to atomic_t
2023-10-24 13:16:30 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_conntrack_ovs.c
net/ipv6: Introduce payload_len helpers
2026-02-06 20:50:03 -08:00
nf_conntrack_pptp.c
nf_conntrack_proto_generic.c
netfilter: nf_conntrack: Add allow_clash to generic protocol handler
2026-01-20 16:23:37 +01:00
nf_conntrack_proto_gre.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_conntrack_proto_icmp.c
netfilter: nf_conntrack: enable icmp clash support
2026-01-20 16:23:37 +01:00
nf_conntrack_proto_icmpv6.c
netfilter: nf_conntrack: enable icmp clash support
2026-01-20 16:23:37 +01:00
nf_conntrack_proto_sctp.c
netfilter: conntrack: cleanup timeout definitions
2025-01-12 20:21:01 -08:00
nf_conntrack_proto_tcp.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nf_conntrack_proto_udp.c
netfilter: conntrack: udp: fix seen-reply test
2023-02-01 12:18:51 +01:00
nf_conntrack_proto.c
netfilter: conntrack: remove DCCP protocol support
2025-07-03 13:51:39 +02:00
nf_conntrack_sane.c
netfilter: nf_ct_sane: remove pseudo skb linearization
2022-08-11 16:50:25 +02:00
nf_conntrack_seqadj.c
nf_conntrack_sip.c
netfilter: conntrack: remove skb argument from nf_ct_refresh
2025-01-19 16:41:55 +01:00
nf_conntrack_snmp.c
netfilter: annotate NAT helper hook pointers with __rcu
2026-02-17 15:04:20 +01:00
nf_conntrack_standalone.c
netfilter: conntrack: disable 0 value for conntrack_max setting
2025-10-30 12:52:45 +01:00
nf_conntrack_tftp.c
netfilter: annotate NAT helper hook pointers with __rcu
2026-02-17 15:04:20 +01:00
nf_conntrack_timeout.c
netfilter: nf_conntrack: use rcu accessors where needed
2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.c
nf_dup_netdev.c
netfilter: nf_dup_netdev: Move the recursion counter struct netdev_xmit
2025-05-23 13:57:12 +02:00
nf_flow_table_bpf.c
bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs
2026-01-02 12:04:28 -08:00
nf_flow_table_core.c
netfilter: flowtable: dedicated slab for flow entry
2026-02-06 13:34:55 +01:00
nf_flow_table_inet.c
net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
2024-09-12 15:41:03 +02:00
nf_flow_table_ip.c
netfilter: flowtable: Add IP6IP6 tx sw acceleration
2026-01-29 09:52:06 +01:00
nf_flow_table_offload.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_flow_table_path.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_flow_table_procfs.c
nf_flow_table_xdp.c
netfilter: nf_tables: Add flowtable map for xdp offload
2024-07-01 17:01:53 +02:00
nf_hooks_lwtunnel.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
nf_internals.h
netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
2024-06-19 18:41:59 +02:00
nf_log_syslog.c
net/ipv6: Introduce payload_len helpers
2026-02-06 20:50:03 -08:00
nf_log.c
netfilter: replace -EEXIST with -EBUSY
2026-01-01 11:31:48 +01:00
nf_nat_amanda.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_bpf.c
bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs
2026-01-02 12:04:28 -08:00
nf_nat_core.c
netfilter: nf_nat: remove bogus direction check
2025-12-11 13:08:37 +01:00
nf_nat_ftp.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_helper.c
treewide: use get_random_u32_below() instead of deprecated function
2022-11-18 02:15:15 +01:00
nf_nat_irc.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_masquerade.c
nf_nat_ovs.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_nat_proto.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nf_nat_redirect.c
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
2023-11-08 16:40:30 +01:00
nf_nat_sip.c
netfilter: nat: move repetitive nat port reserve loop to a helper
2022-09-07 16:46:04 +02:00
nf_nat_tftp.c
nf_queue.c
netfilter: move nf_reinject into nfnetlink_queue modules
2024-02-21 12:03:22 +01:00
nf_sockopt.c
nf_synproxy_core.c
netfilter: don't include xt and nftables.h in unrelated subsystems
2026-01-20 16:23:37 +01:00
nf_tables_api.c
netfilter: nft_set_rbtree: validate open interval overlap
2026-02-06 13:36:07 +01:00
nf_tables_core.c
netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE
2025-03-23 10:53:47 +01:00
nf_tables_offload.c
netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
2025-05-23 13:57:13 +02:00
nf_tables_trace.c
netfilter: nf_tables: hide clash bit from userspace
2025-07-14 15:22:35 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
netfilter: nf_conntrack: use rcu accessors where needed
2022-07-11 16:25:15 +02:00
nfnetlink_cttimeout.c
netfilter: conntrack: remove DCCP protocol support
2025-07-03 13:51:39 +02:00
nfnetlink_hook.c
netfilter: nfnetlink_hook: Dump flowtable info
2025-07-25 18:40:01 +02:00
nfnetlink_log.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
nfnetlink_osf.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nfnetlink_queue.c
netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
2026-02-06 13:34:55 +01:00
nfnetlink.c
netfilter: nfnetlink: reset nlh pointer during batch replay
2025-09-24 11:50:28 +02:00
nft_bitwise.c
netfilter: bitwise: add support for doing AND, OR and XOR directly
2024-11-15 12:07:04 +01:00
nft_byteorder.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
nft_chain_filter.c
Revert "netfilter: nf_tables: Add notifications for hook changes"
2025-07-14 15:22:47 +02:00
nft_chain_nat.c
netfilter: add missing module descriptions
2023-11-08 13:52:32 +01:00
nft_chain_route.c
nft_cmp.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_compat.c
netfilter: nft_compat: add more restrictions on netlink attributes
2026-01-20 16:23:37 +01:00
nft_connlimit.c
netfilter: nft_connlimit: add support to object update operation
2025-11-28 00:06:43 +00:00
nft_counter.c
netfilter: nft_counter: serialize reset with spinlock
2026-02-17 15:04:20 +01:00
nft_ct_fast.c
netfilter: nf_tables: fix ct untracked match breakage
2023-05-03 13:49:08 +02:00
nft_ct.c
netfilter: nft_ct: add seqadj extension for natted connections
2025-10-29 14:47:59 +01:00
nft_dup_netdev.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_dynset.c
netfilter: nft_set: remove indirection from update API call
2025-07-25 18:40:23 +02:00
nft_exthdr.c
netfilter: conntrack: remove DCCP protocol support
2025-07-03 13:51:39 +02:00
nft_fib_inet.c
nft_fib_netdev.c
nft_fib.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_flow_offload.c
netfilter: nf_conntrack: don't rely on implicit includes
2026-01-20 16:23:37 +01:00
nft_fwd_netdev.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_hash.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_immediate.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_inner.c
netfilter: nft_inner: Use nested-BH locking for nft_pcpu_tun_ctx
2025-05-23 13:57:12 +02:00
nft_last.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_limit.c
netfilter: nf_tables: allow clone callbacks to sleep
2024-05-10 11:13:45 +02:00
nft_log.c
audit: add audit_log_nf_skb helper function
2025-12-16 11:04:14 -05:00
nft_lookup.c
netfilter: nf_tables: use C99 struct initializer for nft_set_iter
2025-10-30 12:52:45 +01:00
nft_masq.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_meta.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_nat.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_numgen.c
netfilter: nf_tables: missing objects with no memcg accounting
2024-09-26 13:03:02 +02:00
nft_objref.c
netfilter: nft_objref: validate objref and objrefmap expressions
2025-10-08 13:17:25 +02:00
nft_osf.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_payload.c
netfilter: nft_payload: extend offset to 65535 bytes
2025-09-02 15:28:18 +02:00
nft_queue.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_quota.c
netfilter: nft_quota: match correctly when the quota just depleted
2025-05-05 13:15:09 +02:00
nft_range.c
netfilter: nf_tables: pass context structure to nft_parse_register_load
2024-08-20 12:37:24 +02:00
nft_redir.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject_inet.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject_netdev.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_reject.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_rt.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_set_bitmap.c
netfilter: nft_set_bitmap: fix lockdep splat due to missing annotation
2025-09-10 20:28:24 +02:00
nft_set_hash.c
netfilter: nft_set_hash: fix get operation on big endian
2026-02-06 13:34:55 +01:00
nft_set_pipapo_avx2.c
netfilter: nft_set_pipapo_avx2: fix skip of expired entries
2025-09-24 11:50:28 +02:00
nft_set_pipapo_avx2.h
netfilter: nft_set_pipapo: use avx2 algorithm for insertions too
2025-08-20 13:52:37 +02:00
nft_set_pipapo.c
netfilter: nf_tables: add .abort_skip_removal flag for set types
2026-01-22 17:18:13 +01:00
nft_set_pipapo.h
netfilter: nft_set_pipapo: Use nested-BH locking for nft_pipapo_scratch
2025-08-20 13:52:37 +02:00
nft_set_rbtree.c
netfilter: nft_set_rbtree: validate open interval overlap
2026-02-06 13:36:07 +01:00
nft_socket.c
netfilter: nft_socket: remove WARN_ON_ONCE with huge level value
2025-08-07 13:19:26 +02:00
nft_synproxy.c
netfilter: don't include xt and nftables.h in unrelated subsystems
2026-01-20 16:23:37 +01:00
nft_tproxy.c
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
2024-09-03 10:47:17 +02:00
nft_tunnel.c
netfilter: nft_tunnel: fix geneve_opt dump
2025-05-23 13:57:12 +02:00
nft_xfrm.c
xfrm: add generic iptfs defines and functionality
2024-12-05 10:01:28 +01:00
utils.c
netfilter: move nf_reinject into nfnetlink_queue modules
2024-02-21 12:03:22 +01:00
x_tables.c
netfilter: replace -EEXIST with -EBUSY
2026-01-01 11:31:48 +01:00
xt_addrtype.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_AUDIT.c
audit: add audit_log_nf_skb helper function
2025-12-16 11:04:14 -05:00
xt_bpf.c
xt_cgroup.c
net: cgroup: Guard users of sock_cgroup_classid()
2025-04-24 16:04:02 +02:00
xt_CHECKSUM.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_CLASSIFY.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_cluster.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_comment.c
xt_connbytes.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_connlabel.c
xt_connlimit.c
netfilter: nf_conncount: rework API to use sk_buff directly
2025-11-28 00:05:49 +00:00
xt_connmark.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_CONNSECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
netfilter: x_tables: use correct integer types
2022-07-11 16:40:45 +02:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c
netfilter: xt_hashlimit: replace vmalloc calls with kvmalloc
2025-03-12 16:37:48 +01:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
xt_length.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
2023-02-22 21:25:23 -08:00
xt_limit.c
xt_LOG.c
xt_mac.c
xt_mark.c
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
2025-05-22 17:16:02 +02:00
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
netfilter: xt_nfacct: don't assume acct name is null-terminated
2025-07-25 18:40:43 +02:00
xt_NFLOG.c
netfilter: xtables: fix typo causing some targets not to load on IPv6
2024-10-21 11:31:26 +02:00
xt_NFQUEUE.c
xt_osf.c
netfilter: nfnetlink_osf: fix module autoload
2023-06-20 22:43:42 +02:00
xt_owner.c
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
2023-12-06 17:52:15 +01:00
xt_physdev.c
netfilter: propagate net to nf_bridge_get_physindev
2024-01-17 12:02:48 +01:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_realm.c
xt_recent.c
netfilter: xt_recent: Lift restrictions on max hitcount value
2024-06-28 17:57:50 +02:00
xt_REDIRECT.c
netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs
2023-03-22 21:48:59 +01:00
xt_repldata.h
netfilter: xtables: Use strscpy() instead of strscpy_pad()
2025-03-23 10:53:47 +01:00
xt_sctp.c
netfilter: xt_sctp: validate the flag_info count
2023-08-30 17:34:01 +02:00
xt_SECMARK.c
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
2024-10-09 23:20:46 +02:00
xt_set.c
xt_socket.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
xt_string.c
xt_tcpmss.c
netfilter: xt_tcpmss: check remaining length before reading optlen
2026-01-20 16:23:38 +01:00
xt_TCPMSS.c
netfilter: x_tables: use correct integer types
2022-07-11 16:40:45 +02:00
xt_TCPOPTSTRIP.c
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
2025-05-22 17:16:02 +02:00
xt_tcpudp.c
xtables: move icmp/icmpv6 logic to xt_tcpudp
2023-03-22 21:48:59 +01:00
xt_TEE.c
xt_time.c
netfilter: xt_time: use is_leap_year() helper
2026-01-29 09:52:07 +01:00
xt_TPROXY.c
netfilter: xt_TPROXY: remove pr_debug invocations
2022-07-21 00:56:00 +02:00
xt_TRACE.c
netfilter: xtables: fix typo causing some targets not to load on IPv6
2024-10-21 11:31:26 +02:00
xt_u32.c
netfilter: xt_u32: validate user space input
2023-08-30 17:34:01 +02:00