Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nft_set_rbtree: .deactivate fails if element has expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Florian Westphal <fw@xxxxxxxxx>
[net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to'
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 3/3] tests/shell: skip "vlan_8021ad_tag" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 1/3] tests/shell: add "tests/shell/helpers/eval-exit-code"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Linkui Xiao <xiaolinkui@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to'
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH nft v2 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
0x17: Schedule is now up
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
[PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
[PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test
- From: xiaolinkui <xiaolinkui@xxxxxxxxx>
[PATCH nft 1/2] tests/shell: use bash instead of /bin/sh for tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/3] tests/shell: skip "vlan_8021ad_tag" test instead of failing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] tests/shell: add missing "vlan_8021ad_tag.nodump" file
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re:Re: [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum
- From: "David Wang" <00107082@xxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH libnetfilter_queue] examples: add an example which uses more functions
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 0/1] New example program nfq6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH v13 12/12] landlock: Document Landlock's network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 11/12] samples/landlock: Add network demo
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 08/12] landlock: Add network rules and TCP hooks support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 09/12] selftests/landlock: Share enforce_ruleset()
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 06/12] landlock: Refactor layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 05/12] landlock: Move and rename layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 02/12] landlock: Allow FS topology changes for domains without such rule type
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 01/12] landlock: Make ruleset's access masks more generic
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v13 00/12] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH libmnl] nlmsg, attr: fix false positives when validating buffer sizes
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH net 1/7] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[nf PATCH] selftests: netfilter: Run nft_audit.sh in its own netns
- From: Phil Sutter <phil@xxxxxx>
[net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to'
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nft_set_rbtree: prefer sync gc to async worker
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nft_set_rbtree: rename gc deactivate+erase function
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables: de-constify set commit ops function argument
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/3] netfilter: nf_tables: remove rbtree async garbage collection
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] evaluate: suggest != in negation error message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] evaluate: suggest != in negation error message
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: cleanup struct nft_table
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH conntrack,v6] conntrack: ct label update requires proper ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack,v4] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] extensions: string: Clarify description of --to
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer
- From: Phil Sutter <phil@xxxxxx>
[PATCH net 7/7] netfilter: nft_payload: fix wrong mac header matching
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 6/7] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 2/7] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 4/7] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/7] netfilter updates for net
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 5/7] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/7] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 1/7] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf PATCH v2] netfilter: nf_tables: audit log object reset once per table
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH conntrack,v3] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH conntrack] conntrack: label update requires a previous label in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/6] netfilter: nf_tables: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/6] netfilter: xt_mangle: only check verdict part of return value
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/6] netfilter: more accurate drop statistics
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 6/6] netfilter: bridge: convert br_netfilter to NF_DROP_REASON
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 5/6] netfilter: make nftables drops visible in net dropmonitor
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/6] netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/6] netfilter: nf_nat: mask out non-verdict bits when checking return value
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH nft,v2] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx>
[PATCH nft,v2] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
[PATCH net-next 6/8] netfilter: conntrack: simplify nf_conntrack_alter_reply
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 7/8] netfilter: conntrack: prefer tcp_error_log to pr_debug
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 8/8] netfilter: cleanup struct nft_table
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 5/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 4/8] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 3/8] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 2/8] netfilter: nf_tables: Drop pointless memset when dumping rules
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 0/8] netfilter updates for next
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] doc: remove references to timeout in reset command
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] doc: remove references to timeout in reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[ANNOUNCE] iptables 1.8.10 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC] nftables 0.9.8 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[RFC] nftables 0.9.8 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx>
Re: [RFC] nftables 1.0.6 -stable backports
- From: Florian Westphal <fw@xxxxxxxxx>
[RFC] nftables 1.0.6 -stable backports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init()
- From: Xingyuan Mo <hdthky0@xxxxxxxxx>
[PATCH v2] netfilter: cleanup struct nft_table
- From: George Guo <guodongtai@xxxxxxxxxx>
[PATCH nf] netfilter: nft_payload: fix wrong mac header matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: Clean up errors in nf_conntrack_h323_asn1.h
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest
- From: Simon Horman <horms@xxxxxxxxxx>
iptales-restore cmd crash
- From: wenli xie <wlxie7296@xxxxxxxxx>
Re: [PATCH] netfilter: remove inaccurate code comments from struct nft_table
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: remove inaccurate code comments from struct nft_table
- From: George Guo <dongtai.guo@xxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH 2/3] tests/shell: preserve result directory with NFT_TEST_FAIL_ON_SKIP
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH 3/3] tests/shell: add "-S|--setup-host" option to set sysctl for rootless tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
[nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: prefer tcp_error_log to pr_debug
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: simplify nf_conntrack_alter_reply
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: xiaolinkui <xiaolinkui@xxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: work around newrule after chain binding
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_log: silence bogus compiler warning
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next 1/4] netfilter: nf_nat: undo erroneous tcp edemux lookup after port clash
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/6] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/6] selftests: netfilter: test for sctp collision processing in nf_conntrack
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 4/6] selftests: netfilter: Extend nft_audit.sh
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 6/6] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 5/6] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/6] netfilter patches for net
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCHv2 nf 2/2] selftests: netfilter: test for sctp collision processing in nf_conntrack
- From: Xin Long <lucien.xin@xxxxxxxxx>
[PATCHv2 nf 1/2] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
[PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: "Arnd Bergmann" <arnd@xxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Re: linux-next: build warning after merge of the landlock tree
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Simon Horman <horms@xxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: xiaolinkui <xiaolinkui@xxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Florian Westphal <fw@xxxxxxxxx>
update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH 5/5] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 3/5] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 2/5] netfilter: nf_tables: Drop pointless memset when dumping rules
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 1/5] netfilter: nf_tables: Always allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 4/5] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds()
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf 2/2] netfilter: nft_set_rbtree: remove async GC
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable
- From: "Linux regression tracking (Thorsten Leemhuis)" <regressions@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[ANNOUNCE] conntrack-tools 1.4.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] rule: never merge across non-expr statements
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
[PATCH libnetfilter_conntrack] src: reverse calloc() invocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: add vlan match test case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access
- From: Florian Westphal <fw@xxxxxxxxx>
RE: [PATCH v2 2/2] Make num_actions unsigned
- From: David Laight <David.Laight@xxxxxxxxxx>
Re: [PATCH v3 2/2] Make num_actions unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 1/2] Make loop indexes unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue v3] make the HTML main page available as `man 7 libnetfilter_queue`
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH v3 2/2] Make num_actions unsigned
- From: Joao Moreira <joao@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 1/2] Make loop indexes unsigned
- From: Joao Moreira <joao@xxxxxxxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 5/5] datatype: use xmalloc() for allocating datatype in datatype_clone()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 0/8] Introduce locking for reset requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 3/8] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 2/8] netfilter: nf_tables: Introduce nf_tables_getrule_single()
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 6/8] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 4/8] netfilter: nf_tables: Introduce struct nft_obj_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH v2 5/8] netfilter: nf_tables: Introduce nf_tables_getobj_single
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tests: shell: Fix for failing nft-f/sample-ruleset
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
[PATCH net-next 4/4] netfilter: nf_tables: Utilize NLA_POLICY_NESTED_ARRAY
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 3/4] netfilter: nf_tables: missing extended netlink error in lookup functions
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 2/4] selftests: netfilter: test nat source port clash resolution interaction with tcp early demux
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 1/4] netfilter: nf_nat: undo erroneous tcp edemux lookup after port clash
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next 0/4] netfilter updates for net-next
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3 2/2] Make num_actions unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 1/2] Make loop indexes unsigned
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH nft 0/3] tests/shell: minor improvements to "run-tests.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 0/3] tests/shell: minor improvements to "run-tests.sh"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue v2] doc: make the HTML main page available as `man 7 libnetfilter_queue`
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/5] datatype: make "flags" field of datatype struct simple booleans
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 4/5] datatype: extend set_datatype_alloc() to change size
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/5] datatype: don't clone datatype in set_datatype_alloc() if byteorder already matches
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/5] datatype: don't clone static name/desc strings for datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/5] more various cleanups related to struct datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 5/5] datatype: use xmalloc() for allocating datatype in datatype_clone()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/1] include: include <string.h> in <nft.h>
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/1] include: include <string.h> in <nft.h>
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3 1/2] Make loop indexes unsigned
- From: joao@xxxxxxxxxxxxxxxxxx
[PATCH v3 2/2] Make num_actions unsigned
- From: joao@xxxxxxxxxxxxxxxxxx
[PATCH v3 0/2] Prevent potential write out of bounds
- From: joao@xxxxxxxxxxxxxxxxxx
Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 1/2] netfilter: nf_tables: unregister flowtable hooks on netns exit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 2/2] netfilter: nf_tables: double hook unregistration in netns path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH] netfilter: ipset: add ip_set lock to ip_set_test
- From: xiaolinkui <xiaolinkui@xxxxxxx>
Re: [PATCH nft v2 1/1] mergesort: avoid cloning value in expr_msort_cmp()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/3] Two fixes to avoid "-Wstrict-overflow" warnings
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft v2 1/1] mergesort: avoid cloning value in expr_msort_cmp()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH libnetfilter_queue] Fix typo in examples/nf-queue.c from patch 9a8e4c3
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] mergesort: avoid cloning value in expr_msort_cmp()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft] mergesort: avoid cloning value in expr_msort_cmp()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] Prevent potential write out of bounds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] Prevent potential write out of bounds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] mergesort: avoid cloning value in expr_msort_cmp()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH] netfilter: Clean up errors in nf_conntrack_h323_asn1.h
- From: chenguohua@xxxxxxx
[PATCH libnetfilter_queue] Fix typo in examples/nf-queue.c from patch 9a8e4c3
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH v2 2/2] Make num_actions unsigned
- From: joao@xxxxxxxxxxxxxxxxxx
[PATCH v2 1/2] Make loop indexes unsigned
- From: joao@xxxxxxxxxxxxxxxxxx
[PATCH v2 0/2] Prevent potential write out of bounds
- From: joao@xxxxxxxxxxxxxxxxxx
Re: [nf PATCH 0/3] Review nf_tables audit logging
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH net v6 3/3] net: prevent address rewrite in kernel_bind()
- From: Jordan Rife <jrife@xxxxxxxxxx>
[PATCH net v6 2/3] net: prevent rewrite of msg_name and msg_namelen in sock_sendmsg()
- From: Jordan Rife <jrife@xxxxxxxxxx>
[PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks
- From: Jordan Rife <jrife@xxxxxxxxxx>
[PATCH net v6 1/3] net: replace calls to sock->ops->connect() with kernel_connect()
- From: Jordan Rife <jrife@xxxxxxxxxx>
Re: [nft PATCH] tests: shell: features: Fix table owner flag check
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tests: shell: features: Fix table owner flag check
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 2/3] json: expose dynamic flag
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/3] tests: py: add map support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/3] json: expose dynamic flag
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH conntrack-tools] conntrackd: consolidate check for maximum number of channels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 5/5] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [syzbot] [netfilter?] INFO: rcu detected stall in gc_worker (3)
- From: syzbot <syzbot+eec403943a2a2455adaa@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH -stable,6.5 0/5] Netfilter stable fixes for 6.5
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Florian Westphal <fw@xxxxxxxxx>
[nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 0/3] Review nf_tables audit logging
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 1/3] selftests: netfilter: Extend nft_audit.sh
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 0/5] Introduce locking for reset requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 1/5] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 4/5] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 5/5] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH 3/5] netfilter: nf_tables: Introduce struct nft_obj_dump_ctx
- From: Phil Sutter <phil@xxxxxx>
[PATCH -stable,5.10 13/17] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 16/17] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 17/17] netfilter: nf_tables: fix memleak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 15/17] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 14/17] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 12/17] netfilter: nf_tables: defer gc run if previous batch is still pending
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 00/17] Netfilter stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 07/17] netfilter: nf_tables: don't fail inserts if duplicate has expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 08/17] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 04/17] netfilter: nf_tables: adapt set backend to use GC transaction API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 06/17] netfilter: nf_tables: remove busy mark and gc batch API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 05/17] netfilter: nft_set_hash: mark set element as dead when deleting from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 09/17] netfilter: nf_tables: GC transaction race with netns dismantle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 10/17] netfilter: nf_tables: GC transaction race with abort path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 11/17] netfilter: nf_tables: use correct lock to protect gc_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 01/17] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 02/17] netfilter: nf_tables: don't skip expired elements during walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 03/17] netfilter: nf_tables: GC transaction API to avoid race with control plane
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 17/17] netfilter: nf_tables: fix memleak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 05/17] netfilter: nf_tables: remove busy mark and gc batch API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 08/17] netfilter: nf_tables: GC transaction race with netns dismantle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 14/17] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 00/17] Netfilter stable fixes for 5.15
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 10/17] netfilter: nf_tables: use correct lock to protect gc_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 02/17] netfilter: nf_tables: GC transaction API to avoid race with control plane
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 07/17] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 16/17] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 04/17] netfilter: nft_set_hash: mark set element as dead when deleting from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 01/17] netfilter: nf_tables: don't skip expired elements during walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 13/17] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 06/17] netfilter: nf_tables: don't fail inserts if duplicate has expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 11/17] netfilter: nf_tables: defer gc run if previous batch is still pending
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 15/17] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 09/17] netfilter: nf_tables: GC transaction race with abort path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 12/17] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 03/17] netfilter: nf_tables: adapt set backend to use GC transaction API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 09/17] netfilter: nf_tables: GC transaction race with abort path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 17/17] netfilter: nf_tables: fix memleak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 10/17] netfilter: nf_tables: use correct lock to protect gc_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 15/17] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 16/17] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 11/17] netfilter: nf_tables: defer gc run if previous batch is still pending
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 12/17] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 13/17] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 08/17] netfilter: nf_tables: GC transaction race with netns dismantle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 14/17] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 07/17] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 06/17] netfilter: nf_tables: don't fail inserts if duplicate has expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 05/17] netfilter: nf_tables: remove busy mark and gc batch API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 03/17] netfilter: nf_tables: adapt set backend to use GC transaction API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 04/17] netfilter: nft_set_hash: mark set element as dead when deleting from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 02/17] netfilter: nf_tables: GC transaction API to avoid race with control plane
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[-stable,6.1 01/17] netfilter: nf_tables: don't skip expired elements during walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 00/17] Netfilter stable fixes for 6.1
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 5/5] netfilter: nf_tables: fix memleak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 3/5] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 4/5] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 2/5] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 1/5] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.5 0/5] Netfilter stable fixes for 6.5
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/9] datatype: drop flags field from datatype
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC nf] netfilter: nf_tables: nft_set_rbtree: invalidate greater range element on removal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC nf] netfilter: nf_tables: nft_set_rbtree: invalidate greater range element on removal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC nf] netfilter: nf_tables: nft_set_rbtree: invalidate greater range element on removal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: skip flowtable-uaf if we lack table owner support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 0/9] Misc JSON parser fixes
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/9] datatype: drop flags field from datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
LPC 2023 Networking and BPF Track CFP (Final Reminder)
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH net 1/3] netfilter: nf_tables: disable toggling dormant table state more than once
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [ANNOUNCE] ipset 7.18 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nft 3/9] datatype: drop flags field from datatype
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] ipset 7.19 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/3] nftables: add feature probes for sctp and multistmt set support
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/3] tests: shell: skip adding catchall elements if unuspported
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 3/3] tests: shell: add feature probe for sctp chunk matching
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 2/3] tests: shell: add feature probe for sets with more than one element
- From: Florian Westphal <fw@xxxxxxxxx>
[RFC nf] netfilter: nf_tables: nft_set_rbtree: invalidate greater range element on removal
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnetfilter_queue v2] doc: make the HTML main page available as `man 7 libnetfilter_queue`
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] datatype: return const pointer from datatype_get()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH 2/9] parser_json: Fix typo in json_parse_cmd_add_object()
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 3/9] parser_json: Proper ct expectation attribute parsing
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 9/9] parser_json: Default meter size to zero
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 4/9] parser_json: Fix flowtable prio value parsing
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 0/9] Misc JSON parser fixes
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 8/9] parser_json: Catch nonsense ops in match statement
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 5/9] parser_json: Fix limit object burst value parsing
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 6/9] parser_json: Fix synproxy object mss/wscale parsing
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 1/9] parser_json: Catch wrong "reset" payload
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 7/9] parser_json: Wrong check in json_parse_ct_timeout_policy()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] datatype: return const pointer from datatype_get()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/9] datatype: drop flags field from datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/9] datatype: drop flags field from datatype
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 8/9] datatype: use __attribute__((packed)) instead of enum bitfields
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 8/9] datatype: use __attribute__((packed)) instead of enum bitfields
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 8/9] datatype: use __attribute__((packed)) instead of enum bitfields
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 5/9] payload: use enum icmp_hdr_field_type in payload_may_dependency_kill_icmp()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 4/9] datatype: use "enum byteorder" instead of int in set_datatype_alloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 6/9] netlink: handle invalid etype in set_make_key()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 6/9] netlink: handle invalid etype in set_make_key()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 9/9] proto: add missing proto_definitions for PROTO_DESC_GENEVE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/4] gmputil: add nft_gmp_free() to free strings from mpz_get_str()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/9] src: fix indentation/whitespace
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 8/9] datatype: use __attribute__((packed)) instead of enum bitfields
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/3] tests/shell: run `nft --check` on persisted dump files
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v2] icmpv6: Allow matching target address in NS/NA, redirect and MLD
- From: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH nft 2/4] gmputil: add nft_gmp_free() to free strings from mpz_get_str()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 8/9] datatype: use __attribute__((packed)) instead of enum bitfields
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/9] datatype: drop flags field from datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 6/9] netlink: handle invalid etype in set_make_key()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 9/9] proto: add missing proto_definitions for PROTO_DESC_GENEVE
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 7/9] expression: cleanup expr_ops_by_type() and handle u32 input
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/9] include: fix missing definitions in <cache.h>/<headers.h>
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/9] src: fix indentation/whitespace
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/9] various cleanups related to enums and struct datatype
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 4/9] datatype: use "enum byteorder" instead of int in set_datatype_alloc()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 5/9] payload: use enum icmp_hdr_field_type in payload_may_dependency_kill_icmp()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH] build: Fix double-prefix w/ pkgconfig
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 2/4] gmputil: add nft_gmp_free() to free strings from mpz_get_str()
- From: Phil Sutter <phil@xxxxxx>
[PATCH] build: Fix double-prefix w/ pkgconfig
- From: Sam James <sam@xxxxxxxxxx>
[PATCH nft 4/4] all: remove xfree() and use plain free()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/4] datatype: don't return a const string from cgroupv2_get_path()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/4] gmputil: add nft_gmp_free() to free strings from mpz_get_str()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/4] remove xfree() and add free_const()+nft_gmp_free()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/4] all: add free_const() and use it instead of xfree()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [ANNOUNCE] ipset 7.18 released
- From: Sam James <sam@xxxxxxxxxx>
Re: [ANNOUNCE] ipset 7.18 released
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 4.19 046/273] netfilter: nft_flow_offload: fix underflow in flowtable reference counter
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 4.19 047/273] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [ANNOUNCE] ipset 7.18 released
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [ANNOUNCE] ipset 7.18 released
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 11/12] samples/landlock: Add network demo
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 01/12] landlock: Make ruleset's access masks more generic
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 08/12] landlock: Add network rules and TCP hooks support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 07/12] landlock: Refactor landlock_add_rule() syscall
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 12/12] landlock: Document Landlock's network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 10/12] selftests/landlock: Add 7 new test variants dedicated to network
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 00/12] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 06/12] landlock: Refactor layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH v12 05/12] landlock: Move and rename layer helpers
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
[PATCH net 1/3] netfilter: nf_tables: disable toggling dormant table state more than once
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 0/3] netfilter updates for net
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 2/3] netfilter: nf_tables: fix memleak when more than 255 elements expired
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 3/3] netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 0/1] ipset patch for nf tree
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] ipset 7.18 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH 1/1] netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
[PATCH 0/1] ipset patch for nf tree
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Re: [PATCH nft 1/1] datatype: explicitly set missing datatypes for TYPE_CT_LABEL,TYPE_CT_EVENTBIT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] datatype: initialize TYPE_CT_EVENTBIT slot in datatype array
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] datatype: initialize TYPE_CT_LABEL slot in datatype array
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] limit: display default burst when listing ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix memory leak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix memory leak when more than 255 elements expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix memory leak when more than 255 elements expired
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft] limit: display default burst when listing ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] libnftables: move init-once guard inside xt_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/2] libnftables: drop gmp_init() and mp_set_memory_functions()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/1] netlink: fix leaking typeof_expr_data/typeof_expr_key in netlink_delinearize_set()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: fix memory leak when more than 255 elements expired
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 2/2] libnftables: move init-once guard inside xt_init()
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/2] libnftables: drop gmp_init() and mp_set_memory_functions()
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/1] datatype: explicitly set missing datatypes for TYPE_CT_LABEL,TYPE_CT_EVENTBIT
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft 1/1] datatype: explicitly set missing datatypes for TYPE_CT_LABEL,TYPE_CT_EVENTBIT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/1] datatype: explicitly set missing datatypes for TYPE_CT_LABEL,TYPE_CT_EVENTBIT
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH libnetfilter_queue] doc: generate libnetfilter_queue.7 man page from HTML mainpage
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH nft,v2] evaluate: update mark datatype compatibility check from maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/1] tests/shell: honor NFT_TEST_FAIL_ON_SKIP variable to fail on any skipped tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] tests/shell: run `nft --check` on persisted dump files
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/3] tests/shell: simplify collecting error result in "test-wrapper.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/3] tests/shell: fix preserving ruleset diff after test
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 3/3] tests/shell: colorize NFT_TEST_HAS_SOCKET_LIMITS
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 1/3] tests/shell: set C locale in "run-tests.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 0/3] tests/shell: minor improvements to "run-tests.sh"
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 2/3] tests/shell: don't show the exit status for failed tests
- From: Thomas Haller <thaller@xxxxxxxxxx>
Re: [PATCH nft] evaluate: update mark datatype compatibility check from maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] evaluate: update mark datatype compatibility check from maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,4.19 2/2] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] evaluate: expand sets and maps before evaluation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 01/14] tests/shell: add and use chain binding feature probe
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 13/14] tests/shell: implement NFT_TEST_HAVE_json feature detection as script
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 12/14] tests/shell: skip reset tests if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 05/14] tests/shell: skip bitshift tests if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 14/14] tests/shell: check diff in "maps/typeof_maps_0" and "sets/typeof_sets_0" test
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 10/14] tests/shell: skip test cases involving osf match if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 11/14] tests/shell: skip test cases if ct expectation and/or timeout lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 08/14] tests/shell: skip destroy tests if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 09/14] tests/shell: skip catchall tests if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 03/14] tests/shell: skip map query if kernel lacks support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 06/14] tests/shell: skip some tests if kernel lacks netdev egress support
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 04/14] tests/shell: skip inner matching tests if unsupported
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 02/14] tests/shell: skip netdev_chain_0 if kernel requires netdev device
- From: Thomas Haller <thaller@xxxxxxxxxx>
[PATCH nft 00/14] tests/shell: fix tests to skip on lacking feature support
- From: Thomas Haller <thaller@xxxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]