47a6959fa3
The compat layer needs to parse untrusted input (the ruleset) to translate it to a 64bit compatible format. We had a number of bugs in this department in the past, so allow users to turn this feature off. Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y to keep existing behaviour. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| ebt_802_3.c | ||
| ebt_among.c | ||
| ebt_arp.c | ||
| ebt_arpreply.c | ||
| ebt_dnat.c | ||
| ebt_ip.c | ||
| ebt_ip6.c | ||
| ebt_limit.c | ||
| ebt_log.c | ||
| ebt_mark.c | ||
| ebt_mark_m.c | ||
| ebt_nflog.c | ||
| ebt_pkttype.c | ||
| ebt_redirect.c | ||
| ebt_snat.c | ||
| ebt_stp.c | ||
| ebt_vlan.c | ||
| ebtable_broute.c | ||
| ebtable_filter.c | ||
| ebtable_nat.c | ||
| ebtables.c | ||
| nf_conntrack_bridge.c | ||
| nft_meta_bridge.c | ||
| nft_reject_bridge.c | ||