Commit 50935339 authored Jul 25, 2020 by Alexander A. Klimov Committed by Pablo Neira Ayuso Jul 29, 2020

netfilter: Replace HTTP links with HTTPS ones

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^#

 \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 954d8297

include/uapi/linux/netfilter/xt_connmark.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@

		#include <linux/types.h>

		/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
		/* Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
		* by Henrik Nordstrom <hno@marasystems.com>
		*
		* This program is free software; you can redistribute it and/or modify

net/decnet/netfilter/dn_rtmsg.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -6,7 +6,7 @@
		*
		* DECnet Routing Message Grabulator
		*
		* (C) 2000 ChyGwyn Limited - http://www.chygwyn.com/
		* (C) 2000 ChyGwyn Limited - https://www.chygwyn.com/
		*
		* Author: Steven Whitehouse <steve@chygwyn.com>
		*/

net/netfilter/Kconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -447,7 +447,7 @@ config NF_TABLES
		replace the existing {ip,ip6,arp,eb}_tables infrastructure. It
		provides a pseudo-state machine with an extensible instruction-set
		(also known as expressions) that the userspace 'nft' utility
		(http://www.netfilter.org/projects/nftables) uses to build the
		(https://www.netfilter.org/projects/nftables) uses to build the
		rule-set. It also comes with the generic set infrastructure that
		allows you to construct mappings between matchings and actions
		for performance lookups.

net/netfilter/nfnetlink_acct.c

+1 −1

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0-or-later
		/*
		* (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
		* (C) 2011 Intra2net AG <http://www.intra2net.com>
		* (C) 2011 Intra2net AG <https://www.intra2net.com>
		*/
		#include <linux/init.h>
		#include <linux/module.h>

net/netfilter/nft_set_pipapo.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -312,7 +312,7 @@
		* Jay Ligatti, Josh Kuhn, and Chris Gage.
		* Proceedings of the IEEE International Conference on Computer
		* Communication Networks (ICCCN), August 2010.
		* http://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf
		* https://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf
		*
		* [Rottenstreich 2010]
		* Worst-Case TCAM Rule Expansion
		@@ -325,7 +325,7 @@
		* Kirill Kogan, Sergey Nikolenko, Ori Rottenstreich, William Culhane,
		* and Patrick Eugster.
		* Proceedings of the 2014 ACM conference on SIGCOMM, August 2014.
		* http://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf
		* https://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf
		*/

		#include <linux/kernel.h>