linux/net/netfilter
Harald Welte ed77de9fc6 [NETFILTER] nfnetlink: only load subsystems if CAP_NET_ADMIN is set
Without this patch, any user can cause nfnetlink subsystems to be
autoloaded.  Those subsystems however could add significant processing
overhead to packet processing, and would refuse any configuration messages
from non-CAP_NET_ADMIN processes anyway.

This patch follows a suggestion from Patrick McHardy.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-11-09 13:02:16 -08:00
..
core.c [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
Kconfig [NETFILTER]: Add new "nfnetlink_log" userspace packet logging facility 2005-08-29 15:38:12 -07:00
Makefile [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
nf_internals.h [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
nf_log.c [NETFILTER]: Fix compilation when no PROC_FS enabled 2005-08-29 15:56:54 -07:00
nf_queue.c [NETFILTER] nf_queue: Fix Ooops when no queue handler registered 2005-11-05 16:43:29 -02:00
nf_sockopt.c [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
nfnetlink_log.c [NETFILTER] nfnetlink: Use kzalloc 2005-11-05 16:35:27 -02:00
nfnetlink_queue.c [NETFILTER] nfnetlink: Use kzalloc 2005-11-05 16:35:27 -02:00
nfnetlink.c [NETFILTER] nfnetlink: only load subsystems if CAP_NET_ADMIN is set 2005-11-09 13:02:16 -08:00