UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: Replace HTTP links with HTTPS ones 

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Alexander A. Klimov 2020-07-25 19:02:25 +02:00 committed by Pablo Neira Ayuso
parent 954d82979b
commit 50935339c3
9 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/uapi/linux/netfilter/xt_connmark.h
View File

@ -4,7 +4,7 @@
#include <linux/types.h> #include <linux/types.h>
/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> /* Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com> * by Henrik Nordstrom <hno@marasystems.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify

2
net/decnet/netfilter/dn_rtmsg.c
View File

@ -6,7 +6,7 @@
* *
* DECnet Routing Message Grabulator * DECnet Routing Message Grabulator
* *
* (C) 2000 ChyGwyn Limited - http://www.chygwyn.com/ * (C) 2000 ChyGwyn Limited - https://www.chygwyn.com/
* *
* Author: Steven Whitehouse <steve@chygwyn.com> * Author: Steven Whitehouse <steve@chygwyn.com>
*/ */

2
net/netfilter/Kconfig
View File

@ -447,7 +447,7 @@ config NF_TABLES
replace the existing {ip,ip6,arp,eb}_tables infrastructure. It replace the existing {ip,ip6,arp,eb}_tables infrastructure. It
provides a pseudo-state machine with an extensible instruction-set provides a pseudo-state machine with an extensible instruction-set
(also known as expressions) that the userspace 'nft' utility (also known as expressions) that the userspace 'nft' utility
(http://www.netfilter.org/projects/nftables) uses to build the (https://www.netfilter.org/projects/nftables) uses to build the
rule-set. It also comes with the generic set infrastructure that rule-set. It also comes with the generic set infrastructure that
allows you to construct mappings between matchings and actions allows you to construct mappings between matchings and actions
for performance lookups. for performance lookups.

2
net/netfilter/nfnetlink_acct.c
View File

@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later // SPDX-License-Identifier: GPL-2.0-or-later
/* /*
* (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org> * (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
* (C) 2011 Intra2net AG <http://www.intra2net.com> * (C) 2011 Intra2net AG <https://www.intra2net.com>
*/ */
#include <linux/init.h> #include <linux/init.h>
#include <linux/module.h> #include <linux/module.h>

4
net/netfilter/nft_set_pipapo.c
View File

@ -312,7 +312,7 @@
* Jay Ligatti, Josh Kuhn, and Chris Gage. * Jay Ligatti, Josh Kuhn, and Chris Gage.
* Proceedings of the IEEE International Conference on Computer * Proceedings of the IEEE International Conference on Computer
* Communication Networks (ICCCN), August 2010. * Communication Networks (ICCCN), August 2010.
* http://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf * https://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf
* *
* [Rottenstreich 2010] * [Rottenstreich 2010]
* Worst-Case TCAM Rule Expansion * Worst-Case TCAM Rule Expansion
@ -325,7 +325,7 @@
* Kirill Kogan, Sergey Nikolenko, Ori Rottenstreich, William Culhane, * Kirill Kogan, Sergey Nikolenko, Ori Rottenstreich, William Culhane,
* and Patrick Eugster. * and Patrick Eugster.
* Proceedings of the 2014 ACM conference on SIGCOMM, August 2014. * Proceedings of the 2014 ACM conference on SIGCOMM, August 2014.
* http://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf * https://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf
*/ */
#include <linux/kernel.h> #include <linux/kernel.h>

2
net/netfilter/xt_CONNSECMARK.c
View File

@ -6,7 +6,7 @@
* with the SECMARK target and state match. * with the SECMARK target and state match.
* *
* Based somewhat on CONNMARK: * Based somewhat on CONNMARK:
* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> * Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com> * by Henrik Nordstrom <hno@marasystems.com>
* *
* (C) 2006,2008 Red Hat, Inc., James Morris <jmorris@redhat.com> * (C) 2006,2008 Red Hat, Inc., James Morris <jmorris@redhat.com>

2
net/netfilter/xt_connmark.c
View File

@ -2,7 +2,7 @@
/* /*
* xt_connmark - Netfilter module to operate on connection marks * xt_connmark - Netfilter module to operate on connection marks
* *
* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> * Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com> * by Henrik Nordstrom <hno@marasystems.com>
* Copyright © CC Computer Consultants GmbH, 2007 - 2008 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
* Jan Engelhardt <jengelh@medozas.de> * Jan Engelhardt <jengelh@medozas.de>

2
net/netfilter/xt_nfacct.c
View File

@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later // SPDX-License-Identifier: GPL-2.0-or-later
/* /*
* (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org> * (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
* (C) 2011 Intra2net AG <http://www.intra2net.com> * (C) 2011 Intra2net AG <https://www.intra2net.com>
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

2
net/netfilter/xt_time.c
View File

@ -5,7 +5,7 @@
* based on ipt_time by Fabrice MARIE <fabrice@netfilter.org> * based on ipt_time by Fabrice MARIE <fabrice@netfilter.org>
* This is a module which is used for time matching * This is a module which is used for time matching
* It is using some modified code from dietlibc (localtime() function) * It is using some modified code from dietlibc (localtime() function)
* that you can find at http://www.fefe.de/dietlibc/ * that you can find at https://www.fefe.de/dietlibc/
* This file is distributed under the terms of the GNU General Public * This file is distributed under the terms of the GNU General Public
* License (GPL). Copies of the GPL can be obtained from gnu.org/gpl. * License (GPL). Copies of the GPL can be obtained from gnu.org/gpl.
*/ */