git.kernel.dk Git - linux-2.6-block.git/commit - net/netfilter/nft_set

author	Alexander A. Klimov <grandmaster@al2klimov.de>
	Sat, 25 Jul 2020 17:02:25 +0000 (19:02 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 29 Jul 2020 18:09:18 +0000 (20:09 +0200)
commit	50935339c394adfb3d7253055e3bc10ee70264b0
tree	7b3bf15253ece1cc8c92cc93ad95adb3dfe6895c	tree \| snapshot
parent	954d82979b2f9dd4c20b895226799650d4841b94	commit \| diff

netfilter: Replace HTTP links with HTTPS ones

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/uapi/linux/netfilter/xt_connmark.h		diff \| blob \| blame \| history
net/decnet/netfilter/dn_rtmsg.c		diff \| blob \| blame \| history
net/netfilter/Kconfig		diff \| blob \| blame \| history
net/netfilter/nfnetlink_acct.c		diff \| blob \| blame \| history
net/netfilter/nft_set_pipapo.c		diff \| blob \| blame \| history
net/netfilter/xt_CONNSECMARK.c		diff \| blob \| blame \| history
net/netfilter/xt_connmark.c		diff \| blob \| blame \| history
net/netfilter/xt_nfacct.c		diff \| blob \| blame \| history
net/netfilter/xt_time.c		diff \| blob \| blame \| history