Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
- From: Florian Westphal <fw@xxxxxxxxx>
Re: net/netfilter/nft_set_rbtree.c:636:33: warning: variable 'nft_net' set but not used
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables 0/4] add arptables-translate
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH nft] tests: meta: test hour decoding wrap
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tests: shell: Fix sets/reset_command_0 for current kernels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH v2] tests: shell: Fix sets/reset_command_0 for current kernels
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nft PATCH] tproxy: Drop artificial port printing restriction
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] tproxy: Drop artificial port printing restriction
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] tests: shell: Fix sets/reset_command_0 for current kernels
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft] tests: meta: test hour decoding wrap
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tproxy: Drop artificial port printing restriction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tproxy: Drop artificial port printing restriction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tests: shell: Fix sets/reset_command_0 for current kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH] tests: shell: Fix sets/reset_command_0 for current kernels
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tproxy: Drop artificial port printing restriction
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] tests: meta: test hour decoding wrap
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft] meta: fix hour decoding when timezone offset is negative
- From: Florian Westphal <fw@xxxxxxxxx>
[GIT PULL] Landlock updates for v6.7
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
Re: [PATCH nft 1/2] json: implement json() hook for "symbol_expr_ops"/"variabl_expr_ops"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/7] json: drop messages "warning: stmt ops chain have no json callback"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/2] json: drop handling missing json() hook for "struct expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/2] json: implement json() hook for "symbol_expr_ops"/"variabl_expr_ops"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft v2 0/7] no recursive make
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
Re: [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH nft 2/7] json: drop messages "warning: stmt ops chain have no json callback"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/1] tests/shell: fix mount command in "test-wrapper.sh"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/1] tests/shell: fix mount command in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 2/7] json: drop messages "warning: stmt ops chain have no json callback"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: bridge: initialize err to 0
- From: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
Re: [PATCH nft 0/7] add and check dump files for JSON in tests/shell
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 0/7] add and check dump files for JSON in tests/shell
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: bridge: initialize err to 0
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
[PATCH net-next] netfilter: nf_tables: Remove unused variable nft_net
- From: Yang Li <yang.lee@xxxxxxxxxxxxxxxxx>
Re: [PATCH nft 0/7] add and check dump files for JSON in tests/shell
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/7] json: fix use after free in table_flags_json()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/7] add and check dump files for JSON in tests/shell
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 7/7] tools: check for consistency of .json-nft dumps in "check-tree.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 5/7] tools: simplify error handling in "check-tree.sh" by adding msg_err()/msg_warn()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/7] tests/shell: check and generate JSON dump files
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/7] json: drop messages "warning: stmt ops chain have no json callback"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 6/7] tools: check more strictly for bash shebang in "check-tree.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules
- From: J Lovejoy <opensource@xxxxxxxxxxx>
Re: [RFC Draft PATCHv2 net-next] Doc: update bridge doc
- From: Hangbin Liu <liuhangbin@xxxxxxxxx>
[PATCH AUTOSEL 4.19 05/12] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 5.15 17/28] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 5.4 06/13] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 5.10 07/16] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 05/11] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.1 35/39] netfilter: nf_tables: audit log object reset once per table
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.1 18/39] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.5 47/52] netfilter: nf_tables: audit log object reset once per table
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.5 24/52] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH v14 00/12] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH 07/10] man: grammar fixes to some manpages
- From: Phil Sutter <phil@xxxxxx>
[PATCH] selftests/landlock: Add tests for FS topology changes with network rules
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH 07/10] man: grammar fixes to some manpages
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH v14 00/12] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC Draft PATCHv2 net-next] Doc: update bridge doc
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 07/10] man: grammar fixes to some manpages
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Re: Netfilter queue is unable to mangle fragmented UDP6: bug?
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Netfilter queue is unable to mangle fragmented UDP6: bug?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH net-next 0/4] net: fill in 18 MODULE_DESCRIPTION()s
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH 07/10] man: grammar fixes to some manpages
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH 09/10] man: use .TP for lists in xt_osf man page
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH 07/10] man: grammar fixes to some manpages
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH 09/10] man: use .TP for lists in xt_osf man page
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/10] man: reveal rateest's combination categories
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 08/10] man: use native bullet point markup
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 09/10] man: use .TP for lists in xt_osf man page
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 07/10] man: grammar fixes to some manpages
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 03/10] man: encode math minuses the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 04/10] man: encode hyphens the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 06/10] man: consistent casing of "IPv[46]"
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 05/10] man: encode minushyphen the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 02/10] man: encode emdash the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 01/10] man: display number ranges with an en dash
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH 1/6] man: encode minushyphen the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 12/12] landlock: Document network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 10/12] selftests/landlock: Add network tests
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 11/12] samples/landlock: Support TCP restrictions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 09/12] selftests/landlock: Share enforce_ruleset()
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 08/12] landlock: Add network rules and TCP hooks support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 06/12] landlock: Refactor layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 05/12] landlock: Move and rename layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 02/12] landlock: Allow FS topology changes for domains without such rule type
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 01/12] landlock: Make ruleset's access masks more generic
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v14 00/12] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH net 1/2] netfilter: flowtable: GC pushes back packets to classic path
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH net-next 18/19] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 19/19] netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 16/19] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 17/19] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 15/19] netfilter: nf_tables: set backend .flush always succeeds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 14/19] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 13/19] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 06/19] br_netfilter: use single forward hook for ip and arp
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 12/19] netfilter: nf_tables: nft_obj_filter fits into cb->ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 10/19] netfilter: nf_tables: A better name for nft_obj_filter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 05/19] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 11/19] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 09/19] netfilter: nf_tables: Unconditionally allocate nft_obj_filter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 08/19] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 04/19] netfilter: nf_tables: Introduce nf_tables_getrule_single()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 03/19] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 00/19] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Audit log dump reset after the fact
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Audit log dump reset after the fact
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 1/3] netfilter: nf_tables: Audit log dump reset after the fact
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 2/3] netfilter: nf_tables: Introduce nf_tables_getobj_single
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 0/3] Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: KASAN: vmalloc-out-of-bounds in ipt_do_table
- From: Kaustubh Pandey <quic_kapandey@xxxxxxxxxxx>
Re: [iptables PATCH 0/2] Fix up string match man page
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] evaluate: reject set in concatenation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Netfilter queue is unable to mangle fragmented UDP6: bug?
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
[PATCH net 2/2] net/sched: act_ct: additional checks for outdated flows
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/2] netfilter: flowtable: GC pushes back packets to classic path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/5] nf_tables set updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH 1/6] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: switch connlabels to atomic_t
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] br_netfilter: use single forward hook for ip and arp
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v4 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_set_rbtree: prefer sync gc to async worker
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/3] netfilter: nft_set_rbtree: rename gc deactivate+erase function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] sched: act_ct: additional checks for outdated flows
- From: Paul Blakey <paulb@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_flow_table: GC pushes back packets to classic path
- From: Paul Blakey <paulb@xxxxxxxxxx>
Re: [PATCH net] netfilter: flowtable: additional checks for outdated flows
- From: Vlad Buslov <vladbu@xxxxxxxxxx>
Re: [PATCH nf] sched: act_ct: additional checks for outdated flows
- From: Vlad Buslov <vladbu@xxxxxxxxxx>
Re: [PATCH net] netfilter: flowtable: additional checks for outdated flows
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] sched: act_ct: additional checks for outdated flows
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: flowtable: additional checks for outdated flows
- From: Vlad Buslov <vladbu@xxxxxxxxxx>
Re: [PATCH net] netfilter: flowtable: additional checks for outdated flows
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_flow_table: GC pushes back packets to classic path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net] netfilter: flowtable: additional checks for outdated flows
- From: Vlad Buslov <vladbu@xxxxxxxxxx>
Re: [PATCH 1/6] man: encode minushyphen the way groff/man requires it
- From: Phil Sutter <phil@xxxxxx>
[PATCH 6/6] man: use native bullet point markup
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 2/6] man: encode emdash the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 5/6] man: grammar fixes to some manpages
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 4/6] man: consistent casing of "IPv[46]"
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 1/6] man: encode minushyphen the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 3/6] man: encode hyphens the way groff/man requires it
- From: Jan Engelhardt <jengelh@xxxxxxx>
[nf-next PATCH] netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/2] Revert "extensions: string: Clarify description of --to"
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/2] Fix up string match man page
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] check-tree.sh: check and flag /bin/sh usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] check-tree.sh: check and flag /bin/sh usage
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 1/4] datatype: don't return a const string from cgroupv2_get_path()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 4/4] all: remove xfree() and use plain free()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 3/4] all: add free_const() and use it instead of xfree()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 0/4] [RESENT] remove xfree() and add free_const()+nft_gmp_free()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 2/4] gmputil: add nft_gmp_free() to free strings from mpz_get_str()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests/shell: add missing "elem_opts_compat_0.nodump" file
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Fwd: Guidance on deterministic NAT (CGNAT)
- From: Clint Todish <clint@xxxxxxxxxx>
[PATCH nf-next 3/5] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/5] netfilter: nf_tables: set backend .flush always succeeds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/5] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 4/5] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 0/5] nf_tables set updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 5/5] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/3] tests/shell: cover long interface name in "0042chain_variable_0" test
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/2] tools: reject unexpected files in "tests/shell/testcases/" with "check-tree.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/1] tests/shell: test for maximum length of "comment" in "comments_objects_0"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft] tests/shell: add missing "elem_opts_compat_0.nodump" file
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
Re: [PATCH netfilter] Fix hw flow offload from nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH netfilter] Fix hw flow offload from nftables
- From: Donald Hunter <donald.hunter@xxxxxxxxx>
Re: KASAN: vmalloc-out-of-bounds in ipt_do_table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[PATCH libnetfilter_queue] include: all: remove trailing spaces
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
- From: Linkui Xiao <xiaolinkui@xxxxxxxxxx>
Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules
- From: Lukas Wunner <lukas@xxxxxxxxx>
Netfilter queue is unable to mangle fragmented UDP6: bug?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue v2 0/1] New example program nfq6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue v2 1/1] examples: add an example which uses more functions
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules
- From: Richard Fontana <rfontana@xxxxxxxxxx>
[PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules
- From: Lukas Wunner <lukas@xxxxxxxxx>
[nf-next PATCH 1/6] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 2/6] netfilter: nf_tables: Unconditionally allocate nft_obj_filter
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 0/6] Refactor nft_obj_filter into nft_obj_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 3/6] netfilter: nf_tables: A better name for nft_obj_filter
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 4/6] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 5/6] netfilter: nf_tables: nft_obj_filter fits into cb->ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 6/6] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: switch connlabels to atomic_t
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v13 12/12] landlock: Document Landlock's network support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH nf-next,RFC 6/8] netfilter: nf_tables: use timestamp to check for set element timeout
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next,RFC 3/8] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] br_netfilter: use single forward hook for ip and arp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: "Linux regression tracking #update (Thorsten Leemhuis)" <regressions@xxxxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
- From: Linkui Xiao <xiaolinkui@xxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [nft PATCH v2] parser_bison: Fix for broken compatibility with older dumps
- From: Phil Sutter <phil@xxxxxx>
[PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH 0/1] ipset patch to fix race condition between swap/destroy and add/del/test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH v5 05/12] x86/bugs: Rename RETPOLINE to MITIGATION_RETPOLINE
- From: Breno Leitao <leitao@xxxxxxxxxx>
[nft PATCH v2] parser_bison: Fix for broken compatibility with older dumps
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] parser_bison: Fix for broken compatibility with older dumps
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 4/8] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 3/8] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 8/8] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 5/8] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 6/8] netfilter: nf_tables: use timestamp to check for set element timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 7/8] netfilter: nf_tables: add timeout extension to elements to prepare for updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 2/8] netfilter: nf_tables: set backend .flush always succeeds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 0/8] nf_tables set updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 1/8] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH v4 2/3] netfilter: nf_tables: Introduce nf_tables_getrule_single()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 0/3] Introduce locking for rule reset requests
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v2 6/7] build: no recursive make for "examples/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 7/7] build: no recursive make for "doc/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 5/7] build: no recursive make for "src/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 3/7] build: no recursive make for "py/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 2/7] build: no recursive-make for "include/**/Makefile.am"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 0/7] no recursive make
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 1/7] gitignore: ignore ".dirstamp" files
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Florian Westphal <fw@xxxxxxxxx>
[ANNOUNCE] nftables 1.0.9 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 2/3] netfilter: nf_tables: Introduce nf_tables_getrule_single()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 0/3] Introduce locking for rule reset requests
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL)
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v13 01/12] landlock: Make ruleset's access masks more generic
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH net 1/4] netfilter: nf_tables: audit log object reset once per table
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nf-next,RFC 2/2] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 1/2] netfilter: nf_tables: add timeout extension to elements to prepare for updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: Phil Sutter <phil@xxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: "U.Mutlu" <um@xxxxxxxxxxx>
[PATCH net 2/4] selftests: netfilter: Run nft_audit.sh in its own netns
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/4] netfilter: updates for net
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 4/4] netfilter: nf_tables: revert do not remove elements if set backend implements .abort
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/4] netfilter: nft_set_rbtree: .deactivate fails if element has expired
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 1/4] netfilter: nf_tables: audit log object reset once per table
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v13 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v13 01/12] landlock: Make ruleset's access masks more generic
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL)
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nf] Revert "netfilter: nf_tables: do not remove elements if set backend implements .abort"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: "U.Mutlu" <um@xxxxxxxxxxx>
Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next 1/7] netfilter: xt_mangle: only check verdict part of return value
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [nftables/nft] nft equivalent of "ipset test"
- From: "U.Mutlu" <um@xxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 7/7] netfilter: nf_tables: de-constify set commit ops function argument
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 6/7] netfilter: bridge: convert br_netfilter to NF_DROP_REASON
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 4/7] netfilter: nf_nat: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 5/7] netfilter: make nftables drops visible in net dropmonitor
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 3/7] netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 2/7] netfilter: nf_tables: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 1/7] netfilter: xt_mangle: only check verdict part of return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 0/7] netfilter updates for net-next
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nftables/nft] nft equivalent of "ipset test"
- From: <imnozi@xxxxxxxxx>
[PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL)
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)
- From: syzbot <syzbot+de4025c006ec68ac56fc@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] evaluate: validate maximum log statement prefix length
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Linkui Xiao <xiaolinkui@xxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nft_set_rbtree: .deactivate fails if element has expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Florian Westphal <fw@xxxxxxxxx>
[net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 3/3] tests/shell: skip "vlan_8021ad_tag" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 1/3] tests/shell: add "tests/shell/helpers/eval-exit-code"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Linkui Xiao <xiaolinkui@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to'
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH nft v2 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
0x17: Schedule is now up
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
[PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
[PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
[PATCH nft 1/2] tests/shell: use bash instead of /bin/sh for tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/3] tests/shell: skip "vlan_8021ad_tag" test instead of failing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] tests/shell: add missing "vlan_8021ad_tag.nodump" file
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re:Re: [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum
- From: "David Wang" <00107082@xxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH libnetfilter_queue] examples: add an example which uses more functions
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 0/1] New example program nfq6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH v13 12/12] landlock: Document Landlock's network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 11/12] samples/landlock: Add network demo
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 09/12] selftests/landlock: Share enforce_ruleset()
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 06/12] landlock: Refactor layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 05/12] landlock: Move and rename layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 02/12] landlock: Allow FS topology changes for domains without such rule type
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 01/12] landlock: Make ruleset's access masks more generic
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 00/12] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH libmnl] nlmsg, attr: fix false positives when validating buffer sizes
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH net 1/7] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[nf PATCH] selftests: netfilter: Run nft_audit.sh in its own netns
- From: Phil Sutter <phil@xxxxxx>
[net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to'
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nft_set_rbtree: prefer sync gc to async worker
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nft_set_rbtree: rename gc deactivate+erase function
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables: de-constify set commit ops function argument
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/3] netfilter: nf_tables: remove rbtree async garbage collection
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] evaluate: suggest != in negation error message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] evaluate: suggest != in negation error message
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: cleanup struct nft_table
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH conntrack,v6] conntrack: ct label update requires proper ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack,v4] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer
- From: Phil Sutter <phil@xxxxxx>
[PATCH net 7/7] netfilter: nft_payload: fix wrong mac header matching
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 6/7] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 2/7] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 4/7] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/7] netfilter updates for net
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 5/7] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/7] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 1/7] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf PATCH v2] netfilter: nf_tables: audit log object reset once per table
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH conntrack,v3] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/6] netfilter: nf_tables: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/6] netfilter: xt_mangle: only check verdict part of return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/6] netfilter: more accurate drop statistics
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 6/6] netfilter: bridge: convert br_netfilter to NF_DROP_REASON
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 5/6] netfilter: make nftables drops visible in net dropmonitor
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/6] netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/6] netfilter: nf_nat: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH nft,v2] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx>
[PATCH nft,v2] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
[PATCH net-next 6/8] netfilter: conntrack: simplify nf_conntrack_alter_reply
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 7/8] netfilter: conntrack: prefer tcp_error_log to pr_debug
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 8/8] netfilter: cleanup struct nft_table
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 5/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 4/8] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 3/8] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 2/8] netfilter: nf_tables: Drop pointless memset when dumping rules
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 0/8] netfilter updates for next
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[ANNOUNCE] iptables 1.8.10 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Florian Westphal <fw@xxxxxxxxx>
[RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH v2] netfilter: cleanup struct nft_table
- From: George Guo <guodongtai@xxxxxxxxxx>
[PATCH nf] netfilter: nft_payload: fix wrong mac header matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: Clean up errors in nf_conntrack_h323_asn1.h
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest
- From: Simon Horman <horms@xxxxxxxxxx>
iptales-restore cmd crash
- From: wenli xie <wlxie7296@xxxxxxxxx>
Re: [PATCH] netfilter: remove inaccurate code comments from struct nft_table
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: remove inaccurate code comments from struct nft_table
- From: George Guo <dongtai.guo@xxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH 2/3] tests/shell: preserve result directory with NFT_TEST_FAIL_ON_SKIP
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH 3/3] tests/shell: add "-S|--setup-host" option to set sysctl for rootless tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: prefer tcp_error_log to pr_debug
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: simplify nf_conntrack_alter_reply
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: xiaolinkui <xiaolinkui@xxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: work around newrule after chain binding
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next 1/4] netfilter: nf_nat: undo erroneous tcp edemux lookup after port clash
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/6] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/6] selftests: netfilter: test for sctp collision processing in nf_conntrack
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 4/6] selftests: netfilter: Extend nft_audit.sh
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 6/6] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 5/6] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/6] netfilter patches for net
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCHv2 nf 2/2] selftests: netfilter: test for sctp collision processing in nf_conntrack
- From: Xin Long <lucien.xin@xxxxxxxxx>
[PATCHv2 nf 1/2] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
[PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: "Arnd Bergmann" <arnd@xxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Simon Horman <horms@xxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: xiaolinkui <xiaolinkui@xxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH 5/5] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 3/5] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 2/5] netfilter: nf_tables: Drop pointless memset when dumping rules
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 1/5] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 4/5] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds()
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf 2/2] netfilter: nft_set_rbtree: remove async GC
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable
- From: "Linux regression tracking (Thorsten Leemhuis)" <regressions@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[ANNOUNCE] conntrack-tools 1.4.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] rule: never merge across non-expr statements
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
[PATCH libnetfilter_conntrack] src: reverse calloc() invocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: add vlan match test case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Florian Westphal <fw@xxxxxxxxx>
RE: [PATCH v2 2/2] Make num_actions unsigned
- From: David Laight <David.Laight@xxxxxxxxxx>
Re: [PATCH v3 2/2] Make num_actions unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 1/2] Make loop indexes unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue v3] make the HTML main page available as `man 7 libnetfilter_queue`
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH v3 2/2] Make num_actions unsigned
- From: Joao Moreira <joao@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 1/2] Make loop indexes unsigned
- From: Joao Moreira <joao@xxxxxxxxxxxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]