Linux TCP/IP Netfilter Devel
[Prev Page][Next Page]
- [PATCH iptables] nft-bridge: pass context structure to ops->add() to improve anonymous set support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH -stable,5.10,v2 01/11] netfilter: nf_tables: use net_generic infra for transaction data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH -stable,5.10,v2 01/11] netfilter: nf_tables: use net_generic infra for transaction data
- From: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
- [PATCH 1/1] xt_asn: add matching dump [query] utility
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 1/1] xt_asn: support quiet mode
- From: Philip Prindeville <philipp@xxxxxxxxxxxxxxxxxxxxx>
- Re: [PATCH 1/1] xt_asn: support quiet mode
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH v1] netfilter: conntrack: validate cta_ip via parsing
- From: Lin Ma <linma@xxxxxxxxxx>
- Re: [PATCH bpf-next v3 6/6] bpf: selftests: Add defrag selftests
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Igor Raits <igor@xxxxxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft PATCH] nftables: add flag for nft context to avoid blocking getaddrinfo()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Vineet Gupta <vgupta@xxxxxxxxxx>
- [nft PATCH] nftables: add flag for nft context to avoid blocking getaddrinfo()
- From: Thomas Haller <thaller@xxxxxxxxxx>
- Re: [PATCH net-next] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
- From: Julian Anastasov <ja@xxxxxx>
- Re: [nft PATCH 0/4] libnftables: minor cleanups initalizing nf_sock instance of nft_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH net-next] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
- From: Dust Li <dust.li@xxxxxxxxxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Gabriel Krisman Bertazi <krisman@xxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Igor Raits <igor@xxxxxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
- ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
- From: Igor Raits <igor@xxxxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx>
- [nft PATCH 3/4] libnftables: inline creation of nf_sock in nft_ctx_new()
- From: Thomas Haller <thaller@xxxxxxxxxx>
- [nft PATCH 0/4] libnftables: minor cleanups initalizing nf_sock instance of nft_ctx
- From: Thomas Haller <thaller@xxxxxxxxxx>
- [nft PATCH 4/4] libnftables: drop check for nf_sock in nft_ctx_free()
- From: Thomas Haller <thaller@xxxxxxxxxx>
- [nft PATCH 2/4] libnftables: drop unused argument nf_sock from nft_netlink()
- From: Thomas Haller <thaller@xxxxxxxxxx>
- [nft PATCH 1/4] libnftables: always initialize netlink socket in nft_ctx_new()
- From: Thomas Haller <thaller@xxxxxxxxxx>
- Re: linux-next: branches to be removed
- From: Florian Westphal <fw@xxxxxxxxx>
- linux-next: branches to be removed
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
- [PATCH 1/1] xt_asn: fix download script
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- [PATCH 1/1] xt_asn: support quiet mode
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- Re: [PATCH net-next] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
- From: Julian Anastasov <ja@xxxxxx>
- [PATCH nft] evaluate: place byteorder conversion before rshift
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH bpf-next v3 3/6] netfilter: bpf: Prevent defrag module unload while link active
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next v3 2/6] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next v3 1/6] netfilter: defrag: Add glue hooks for enabling/disabling defrag
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH bpf-next v3 6/6] bpf: selftests: Add defrag selftests
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 5/6] bpf: selftests: Support custom type and proto for client sockets
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 4/6] bpf: selftests: Support not connecting client socket
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 3/6] netfilter: bpf: Prevent defrag module unload while link active
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 2/6] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 1/6] netfilter: defrag: Add glue hooks for enabling/disabling defrag
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 0/6] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/6] netfilter: bpf: Prevent defrag module unload while link active
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
- From: Dust Li <dust.li@xxxxxxxxxxxxxxxxx>
- Re: [PATCH bpf-next v2 6/6] bpf: selftests: Add defrag selftests
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- [PATCH bpf-next v2 2/6] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 6/6] bpf: selftests: Add defrag selftests
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 5/6] bpf: selftests: Support custom type and proto for client sockets
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 4/6] bpf: selftests: Support not connecting client socket
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 3/6] netfilter: bpf: Prevent defrag module unload while link active
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 1/6] netfilter: defrag: Add glue hooks for enabling/disabling defrag
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 0/6] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Steven Rostedt <rostedt@xxxxxxxxxxx>
- Re: [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH nft] netlink_linearize: use div_round_up in byteorder length
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] netlink_linearize: use div_round_up in byteorder length
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH v11.1] selftests/landlock: Add 11 new test suites dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
- [PATCH net 6/6] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 5/6] netfilter: nf_tables: do not ignore genmask when looking up chain by id
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 4/6] netfilter: conntrack: don't fold port numbers into addresses before hashing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/6] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/6] netfilter: conntrack: gre: don't set assured flag for clash entries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/6] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH -stable,5.15 2/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- Re: [PATCH -stable,5.15 2/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH -stable,5.15 2/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 2/3] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 3/3] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 1/3] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 0/3] stable fixes for 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 09/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 05/10] netfilter: nf_tables: use net_generic infra for transaction data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 10/10] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 08/10] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 06/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 04/10] netfilter: add helper function to set up the nfnetlink header and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 03/10] netfilter: nftables: add helper function to set the base sequence number
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 01/10] netfilter: nf_tables: fix nat hook table deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.19 00/10] stable fixes for 4.19
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 10/10] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 08/10] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 09/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 06/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 04/10] netfilter: nf_tables: use net_generic infra for transaction data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 05/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 03/10] netfilter: add helper function to set up the nfnetlink header and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 00/10] stable fixes for 5.4
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 01/10] netfilter: nf_tables: fix nat hook table deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.4 02/10] netfilter: nftables: add helper function to set the base sequence number
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH -stable,5.10,v2 00/11] stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 11/11] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 09/11] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 10/11] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 08/11] netfilter: nftables: rename set element data activation/deactivation functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 07/11] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 05/11] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 06/11] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 02/11] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 00/11] stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 01/11] netfilter: nf_tables: use net_generic infra for transaction data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10,v2 04/11] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxx>
- [PATCH -stable,5.10,v2 03/11] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH -stable,5.10 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH -stable,5.10 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH -stable,5.10 10/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 09/10] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 08/10] netfilter: nftables: rename set element data activation/deactivation functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 06/10] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 07/10] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 05/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 01/10] netfilter: nf_tables: use net_generic infra for transaction data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 04/10] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 03/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 00/10] stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.15 2/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.15 1/2] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.15 0/2] stable fixes for 5.15
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: gre: don't set assured flag for clash entries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nf_tables: do not ignore genmask when looking up chain by id
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- [PATCH] netfilter: nf_tables: do not ignore genmask when looking up chain by id
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- Re: [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nf,v2] netfilter: nf_tables: report use refcount overflow
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [nft PATCH 0/4] cli: Make valgrind (kind of) happy
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nf] netfilter: conntrack: don't fold port numbers into addresses before hashing
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] tests: shell: refcount memleak in map rhs with timeouts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] expression: define .clone for catchall set element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH nf v2] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf v2] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: report use refcount overflow
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH nf] netfilter: conntrack: gre: don't set assured flag for clash entries
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network
- From: Günther Noack <gnoack3000@xxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nft] expression: define .clone for catchall set element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- [PATCH AUTOSEL 6.1 10/12] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.15 4/5] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 6.3 13/17] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 6.3 14/17] netfilter: nf_tables: drop module reference after updating chain
- From: Sasha Levin <sashal@xxxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v3] ipvs: increase ip_vs_conn_tab_bits range for 64BIT
- From: Simon Horman <horms@xxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Günther Noack <gnoack3000@xxxxxxxxx>
- Re: [nft PATCH] tests: py: Document JSON mode in README
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [nft PATCH] tests: py: Document JSON mode in README
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 4/7] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 4/7] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 3/7] netfilter: defrag: Add glue hooks for enabling/disabling defrag
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 1/6] lib/ts_bm: reset initial match offset for every block of text
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
- Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Bagas Sanjaya <bagasdotme@xxxxxxxxx>
- Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
- [PATCH net 5/6] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 6/6] netfilter: nf_tables: fix underflow in chain reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 4/6] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/6] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/6] linux/netfilter.h: fix kernel-doc warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/6] lib/ts_bm: reset initial match offset for every block of text
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/6] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Bagas Sanjaya <bagasdotme@xxxxxxxxx>
- Re: [PATCH bpf-next 1/7] tools: libbpf: add netfilter link attach helper
- From: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
- [PATCH bpf-next 7/7] bpf: selftests: Add defrag selftests
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 6/7] bpf: selftests: Support custom type and proto for client sockets
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 4/7] netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 5/7] bpf: selftests: Support not connecting client socket
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 3/7] netfilter: defrag: Add glue hooks for enabling/disabling defrag
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 2/7] selftests/bpf: Add bpf_program__attach_netfilter helper test
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 1/7] tools: libbpf: add netfilter link attach helper
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH net-next 1/8] ipvs: increase ip_vs_conn_tab_bits range for 64BIT
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 08/12] landlock: Add network rules and TCP hooks support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH -stable,5.10 0/3] stable fixes for 5.10
- From: Greg KH <greg@xxxxxxxxx>
- Re: [PATCH net] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next] linux/netfilter.h: fix kernel-doc warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf v2] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf v2] lib/ts_bm: reset initial match offset for every block of text
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 3/3] netfilter: nf_tables: hold mutex on netns pre_exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 2/3] netfilter: nf_tables: validate registers coming from userspace.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 0/3] stable fixes for 5.10
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,5.10 1/3] netfilter: nftables: statify nft_parse_register()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 8/8] netfilter: nf_tables: limit allowed range via nla_policy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 1/8] ipvs: increase ip_vs_conn_tab_bits range for 64BIT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 3/8] netfilter: nft_payload: rebuild vlan header when needed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 6/8] netfilter: snat: evict closing tcp entries on reply tuple collision
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 7/8] netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 5/8] netfilter: nf_tables: permit update of set size
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 0/8] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 4/8] netfilter: ipset: remove rcu_read_lock_bh pair from ip_set_test
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 2/8] ipvs: dynamically limit the connection hash table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Matthias Maier <tamiko@xxxxxxxx>
- Re: Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 2/2] netfilter: nf_tables: fix underflow in chain reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: "Jason Vas Dias" <jason.vas.dias@xxxxxx>
- Re: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: Florian Westphal <fw@xxxxxxxxx>
- Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: "Jason Vas Dias" <jason.vas.dias@xxxxxx>
- Re: [ulogd2 PATCH] Makefile: Create LZMA-compressed dist-files
- From: Phil Sutter <phil@xxxxxx>
- Re: ipset hash:net:port:net
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
- From: Phil Sutter <phil@xxxxxx>
- [ulogd2 PATCH] Makefile: Create LZMA-compressed dist-files
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [PATCH net] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx>
- Re: [PATCH net-next] linux/netfilter.h: fix kernel-doc warnings
- From: Simon Horman <simon.horman@xxxxxxxxxxxx>
- [PATCH net-next] linux/netfilter.h: fix kernel-doc warnings
- From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
- Re: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Steven Rostedt <rostedt@xxxxxxxxxxx>
- Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later
- From: Bagas Sanjaya <bagasdotme@xxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [nft PATCH 4/4] tests: shell: Introduce valgrind mode
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 0/4] cli: Make valgrind (kind of) happy
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 1/4] main: Make 'buf' variable branch-local
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 2/4] main: Call nft_ctx_free() before exiting
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 3/4] cli: Make cli_init() return to caller
- From: Phil Sutter <phil@xxxxxx>
- ipset hash:net:port:net
- From: Марк Коренберг <socketpair@xxxxxxxxx>
- Re: [PATCH] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
- From: Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH nf v2] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- [PATCH nf-next] netfilter: nf_tables: limit allowed range via nla_policy
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: vs conntrack changes TCP ports mid-stream
- From: Julian Anastasov <ja@xxxxxx>
- vs conntrack changes TCP ports mid-stream
- From: Sven Bartscher <sven.bartscher@xxxxxxxxxxxxxxxxxxxx>
- [PATCH nf v2] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- [PATCH nf] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nft PATCH] cli: Make valgrind happy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- Re: [nft PATCH] cli: Make valgrind happy
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [iptables PATCH] iptables: Fix handling of non-existent chains
- From: Phil Sutter <phil@xxxxxx>
- Re: [iptables PATCH] iptables: Fix setting of ipv6 counters
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH 09/11] sysctl: Remove the end element in sysctl table arrays
- From: Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Re: [lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check
- From: "Igor A. Artemiev" <Igor.A.Artemiev@xxxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net,v3 00/14] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH 09/11] sysctl: Remove the end element in sysctl table arrays
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- [PATCH 06/11] sysctl: Add size to register_net_sysctl function
- From: Joel Granados <j.granados@xxxxxxxxxxx>
- Re: [PATCH] netfilter: Don't parse CTCP message if shorter than minimum length
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH] netfilter: Don't parse CTCP message if shorter than minimum length
- From: Sohom <sohomdatta1@xxxxxxxxx>
- [PATCH nf,v3 01/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: ipset: Replace strlcpy with strscpy
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- [PATCH nft] src: avoid IPPROTO_MAX for array definitions
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v2] lib/ts_bm: add helper to reduce indentation and improve readability
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH net 00/14,v2] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check
- From: Florian Westphal <fw@xxxxxxxxx>
- [lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check
- From: Igor Artemiev <Igor.A.Artemiev@xxxxxxx>
- Re: [nft PATCH] cli: Make valgrind happy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft 4/6] parser: reject zero-length interface names
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH] cli: Make valgrind happy
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nft] json: add inner payload support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- CFS for Netdev 0x17 open!
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- Re: [PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability
- From: kernel test robot <lkp@xxxxxxxxx>
- [PATCH nft] src: add json support for last statement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 00/14,v2] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] cache: include set elements in "nft set list"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 6/6] ct timeout: fix 'list object x' vs. 'list objects in table' confusion
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 5/6] parser: reject zero-length interface names in flowtables
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 4/6] parser: reject zero-length interface names
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 3/6] parser: don't assert on scope underflows
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 2/6] evaluate: do not abort when prefix map has non-map element
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 1/6] json: dccp: remove erroneous const qualifier
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 0/6] Misc parser fixes
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Simon Horman <simon.horman@xxxxxxxxxxxx>
- Re: [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Simon Horman <simon.horman@xxxxxxxxxxxx>
- [PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf v2] lib/ts_bm: reset initial match offset for every block of text
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH v11 00/12] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 00/14] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11 00/12] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH nf] lib/ts_bm: reset initial match offset for every block of text
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nf] lib/ts_bm: reset initial match offset for every block of text
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [iptables PATCH] iptables: Fix handling of non-existent chains
- From: Jacek Tomasiak <jacek.tomasiak@xxxxxxxxx>
- [iptables PATCH] iptables: Fix setting of ipv6 counters
- From: Jacek Tomasiak <jacek.tomasiak@xxxxxxxxx>
- Re: [nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] cache: include set elements in "nft set list"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] cache: include set elements in "nft set list"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] cache: include set elements in "nft set list"
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- [PATCH nft] cache: include set elements in "nft set list"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft list sets changed behavior
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft list sets changed behavior
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list sets changed behavior
- From: nft.ogxzcrqhuhgchbvxcs4j7wws@xxxxxxxxxxxxxxxxxxxxxx
- Re: nft list sets changed behavior
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [iptables PATCH] xshared: fix memory leak in should_load_proto
- From: Phil Sutter <phil@xxxxxx>
- [nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nf,v4 09/10] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 03/10] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 10/10] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 04/10] netfilter: nft_set_pipapo: .walk does not deal with generations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 06/10] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 07/10] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 01/10] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 08/10] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 02/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 05/10] netfilter: nf_tables: fix underflow in object reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables] nft: use payload matching for layer 4 protocol
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH iptables v2] man: string: document BM false negatives
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH] netfilter: ipset: Replace strlcpy with strscpy
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- From: Florent Revest <revest@xxxxxxxxxxxx>
- [nft PATCH 3/3] Implement 'reset {set,map,element}' commands
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 1/3] evaluate: Merge some cases in cmd_evaluate_list()
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 2/3] evaluate: Cache looked up set for list commands
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH 0/3] Implement 'reset {set,map,element}' commands
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH] netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET
- From: Phil Sutter <phil@xxxxxx>
- Re: [conntrack-tools PATCH] conntrack: Don't override mark in non-list mode
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [conntrack-tools PATCH] conntrack: Don't override mark in non-list mode
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [conntrack-tools PATCH] conntrack: Don't override mark in non-list mode
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nfnetlink_osf: fix module autoload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2] ipvs: align inner_mac_header for encapsulation
- From: Simon Horman <horms@xxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: drop module reference after updating chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [conntrack-tools PATCH] conntrack: Don't override mark in non-list mode
- From: Jacek Tomasiak <jacek.tomasiak@xxxxxxxxx>
- [PATCH nf,v3 08/10] netfilter: nf_tables: drop map element references from preparation phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 02/10] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 01/10] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 09/10] netfilter: nft_set_pipapo: .walk does not deal with generations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 05/10] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 10/10] netfilter: nf_tables: fix underflow in object reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 06/10] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 03/10] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3 04/10] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] tests: shell: bogus EBUSY errors in transactions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: ipset: Replace strlcpy with strscpy
- From: Simon Horman <simon.horman@xxxxxxxxxxxx>
- Re: [PATCH net 1/1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH] netfilter: ipset: Replace strlcpy with strscpy
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH net 1/1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH xtables-addons] xt_ipp2p: change text-search algo to KMP
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH] netfilter: ipset: Replace strlcpy with strscpy
- From: Azeem Shaikh <azeemshaikh38@xxxxxxxxx>
- [PATCH xtables-addons] xt_ipp2p: change text-search algo to KMP
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH v2] ipvs: align inner_mac_header for encapsulation
- From: Julian Anastasov <ja@xxxxxx>
- [PATCH nf,v2 6/7] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 7/7] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 2/7] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 3/7] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 4/7] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 5/7] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 1/7] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] tests: shell: add test case for chain-in-use-splat
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf 1/6] netfilter: nf_tables: fix chain binding transaction logic
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf,v3] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- [PATCH nft] tests: shell: fix spurious errors in terse listing in json
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 5/6] netfilter: nf_tables: disallow updates of anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 4/6] netfilter: nf_tables: reject unbound chain set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/6] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 6/6] netfilter: nf_tables: disallow timeout for anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 3/6] netfilter: nf_tables: reject unbound anonymous set before commit phase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 2/6] netfilter: nf_tables: disallow element updates of bound anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables v2] man: string: document BM false negatives
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH iptables v2] man: string: document BM false negatives
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH iptables] man: string: document BM false negatives
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH iptables] man: string: document BM false negatives
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf] lib/ts_bm: reset initial match offset for every block of text
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH v2] ipvs: align inner_mac_header for encapsulation
- From: Terin Stock <terin@xxxxxxxxxxxxxx>
- [PATCH net 1/1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple
- From: Paul Blakey <paulb@xxxxxxxxxx>
- [PATCH nf 1/3] netfilter: nf_tables: fix chain binding transaction logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 2/3] netfilter: nf_tables: disallow unbound anonymous set from commit step
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 3/3] netfilter: nf_tables: disallow unbound chain from commit step
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables] nft: use payload matching for layer 4 protocol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Simon Horman <simon.horman@xxxxxxxxxxxx>
- [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/3] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/3] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/3] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf,v2] netfilter: nf_tables: integrate pipapo into commit protocol
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: String matcher "algo bm" broken in OUTPUT since 5.3.x
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf,v2] netfilter: nf_tables: integrate pipapo into commit protocol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- xtables-addons passes through an IP from RU
- From: Oláh Ambrus Sándor <aolah76@xxxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
- Re: [PATCH net 1/5] netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_basechain_hook()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH net 4/5] netfilter: ipset: Add schedule point in call_ad().
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/5] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/5] netfilter: nft_bitwise: fix register tracking
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/5] netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_basechain_hook()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/5] netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 5/5] netfilter: nf_tables: out-of-bound check in chain blob
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v1 nf] netfilter: ipset: Add schedule point in call_ad().
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next,v2 5/7] netfilter: nf_tables: add meta + cmp combo match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next v2] netfilter: snat: evict closing tcp entries on reply tuple collision
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: snat: evict closing tcp entries on reply tuple collision
- From: kernel test robot <lkp@xxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: out-of-bound check in chain blob
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 1/7] netfilter: nf_tables: remove expression reduce infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 5/7] netfilter: nf_tables: add meta + cmp combo match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 6/7] netfilter: nf_tables: add payload + bitwise + cmp combo match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 3/7] netfilter: nf_tables: track register store and load operations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 7/7] netfilter: nf_tables: skip comment match when building blob
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 2/7] netfilter: nf_tables: remove fast bitwise and fast cmp16
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 0/7] nf_tables combo match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2 4/7] netfilter: nf_tables: add payload + cmp combo match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v11 11/12] samples/landlock: Add network demo
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
- Re: [PATCH v11 12/12] landlock: Document Landlock's network support
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
- [PATCH nf-next] netfilter: snat: evict closing tcp entries on reply tuple collision
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH xtables-addons v2 0/7] xt_ipp2p: support for non-linear packets
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH nf-next] netfilter: nf_tables: permit update of set size
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next] netfilter: ipset: remove rcu_read_lock_bh pair from ip_set_test
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v11 00/12] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v11 00/12] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH nf-next] nft_payload: rebuild vlan header when needed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH xtables-addons v2 6/7] xt_ipp2p: use `skb_header_pointer` and `skb_find_text`
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 5/7] xt_ipp2p: use textsearch API for substring searching
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 3/7] xt_ipp2p: add helper for matching "\r\n"
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 4/7] xt_ipp2p: rearrange some conditionals and a couple of loops
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 7/7] xt_ipp2p: drop requirement that skb is linear
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 2/7] xt_ipp2p: change byte-orer conversion
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 1/7] xt_ipp2p: fix Soulseek false-positive matches
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons v2 0/7] xt_ipp2p: support for non-linear packets
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH xtables-addons 5/8] xt_ipp2p: rearrange some conditionals and a couple of loops
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH xtables-addons 5/8] xt_ipp2p: rearrange some conditionals and a couple of loops
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH xtables-addons 6/8] xt_ipp2p: use textsearch API for substring searching
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 0/8] xt_ipp2p: support for non-linear packets
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 2/8] xt_ipp2p: fix Soulseek false-positive matches
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 8/8] xt_ipp2p: drop requirement that skb is linear
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 5/8] xt_ipp2p: rearrange some conditionals and a couple of loops
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 7/8] xt_ipp2p: use `skb_header_pointer` and `skb_find_text`
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 1/8] xt_ipp2p: fix an off-by-one error
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 4/8] xt_ipp2p: add helper for matching "\r\n"
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 3/8] xt_ipp2p: change byte-orer conversion
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH] add some test cases to improve code coverage
- From: tongxiaoge1001@xxxxxxx
- [PATCH] define "i" only if attr is NFTNL_CHAIN_DEVICES. When attr isn't NFTNL_CHAIN_DEVICES, "i" is useless.
- From: tongxiaoge1001@xxxxxxx
- [PATCH] define "i" only if attr is NFTNL_CHAIN_DEVICES. When attr isn't NFTNL_CHAIN_DEVICES, "i" is useless.
- From: tongxiaoge1001@xxxxxxx
- Re: [PATCH v11 00/12] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH] add some test cases to improve code coverage
- From: tongxiaoge1001@xxxxxxx
- Re: [PATCH] fix typo
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] fix typo
- From: tongxiaoge1001@xxxxxxx
- Re: [PATCH nftables v2] exthdr: add boolean DCCP option matching
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nftables v2] exthdr: add boolean DCCP option matching
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nftables v2] exthdr: add boolean DCCP option matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables v2] exthdr: add boolean DCCP option matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft transaction semantics and flowtable hw offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Writers starve readers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Writers starve readers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Writers starve readers
- From: Phil Sutter <phil@xxxxxx>
- [PATCH] fix typo
- From: tongxiaoge1001@xxxxxxx
- Re: [PATCH iptables] nft: check for source and destination address in first place
- From: Phil Sutter <phil@xxxxxx>
- Re: nftables: Writers starve readers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables] nft: check for source and destination address in first place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next] ipvs: dynamically limit the connection hash table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v3] ipvs: increase ip_vs_conn_tab_bits range for 64BIT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] tests: extend tests for destroy command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [libnftnl PATCH] set: Do not leave free'd expr_list elements in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: xtables-addons: ipp2p does not block TCP traffic with nonlinear skb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] fix typo
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Writers starve readers
- From: Phil Sutter <phil@xxxxxx>
- [PATCH] fix typo
- From: tongxiaoge1001@xxxxxxx
- [PATCH] Add test cases to improve code coverage
- From: tongxiaoge1001@xxxxxxx
- [PATCH] fix typo
- From: tongxiaoge1001@xxxxxxx
- Re: nftables: Writers starve readers
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: Writers starve readers
- From: Phil Sutter <phil@xxxxxx>
- Re: xtables-addons: ipp2p does not block TCP traffic with nonlinear skb
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: xtables-addons: ipp2p does not block TCP traffic with nonlinear skb
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH] set: Do not leave free'd expr_list elements in place
- From: Phil Sutter <phil@xxxxxx>
- Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
- From: Phil Sutter <phil@xxxxxx>
- Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next 2/3] netfilter: nf_tables: validate register loads never access unitialised registers
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: xtables-addons: ipp2p does not block TCP traffic with nonlinear skb
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
- From: Phil Sutter <phil@xxxxxx>
- String matcher "algo bm" broken in OUTPUT since 5.3.x
- From: ValdikSS <iam@xxxxxxxxxxxxxxx>
- xtables-addons: ipp2p does not block TCP traffic with nonlinear skb
- From: ValdikSS <iam@xxxxxxxxxxxxxxx>
- Re: [PATCH v1 nf] netfilter: ipset: Add schedule point in call_ad().
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [iptables PATCH 3/4] Add --compat option to *tables-nft and *-nft-restore commands
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next 2/3] netfilter: nf_tables: validate register loads never access unitialised registers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [iptables PATCH] xshared: fix memory leak in should_load_proto
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [iptables PATCH] xshared: fix memory leak in should_load_proto
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH] xshared: fix memory leak in should_load_proto
- From: Christian Marangi <ansuelsmth@xxxxxxxxx>
- [PATCH 4.14 70/86] netfilter: nf_tables: fix register ordering
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 69/86] netfilter: nf_tables: do not allow SET_ID to refer to another table
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 68/86] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 67/86] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 66/86] netfilter: nf_tables: stricter validation of element data
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 65/86] netfilter: nf_tables: allow up to 64 bytes in the set element data area
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 64/86] netfilter: nf_tables: add nft_setelem_parse_key()
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 63/86] netfilter: nf_tables: validate registers coming from userspace.
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 62/86] netfilter: nftables: statify nft_parse_register()
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 61/86] netfilter: nftables: add nft_parse_register_store() and use it
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH 4.14 60/86] netfilter: nftables: add nft_parse_register_load() and use it
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH nft v5 8/8] tests: add tests for binops with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 1/8] netlink: support (de)linearization of new bitwise boolean operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 6/8] evaluate: allow binop expressions with variable right-hand operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 2/8] netlink_delinearize: refactor stmt_payload_binop_postprocess
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 7/8] parser_json: allow RHS mark and payload expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 5/8] evaluate: preserve existing binop properties
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 3/8] netlink_delinearize: add support for processing variable payload statement arguments
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 4/8] evaluate: prevent nested byte-order conversions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 3/5] expr: bitwise: add support for kernel space AND, OR and XOR operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 1/5] include: add new bitwise boolean attributes to nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 5/5] tests: bitwise: add tests for new boolean operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 2/5] expr: bitwise: rename some boolean operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 4/5] tests: bitwise: refactor shift tests
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libnftnl v3 0/5] bitwise: support for boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf-next v4 2/2] netfilter: bitwise: add support for doing AND, OR and XOR directly
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf-next v4 1/2] netfilter: bitwise: rename some boolean operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nf-next v4 0/2] netfilter: bitwise: support boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH -stable,4.14 00/11] more stable fixes for 4.14
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH nft] tests: extend tests for destroy command
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH -stable,4.14 09/11] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 10/11] netfilter: nf_tables: do not allow SET_ID to refer to another table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 11/11] netfilter: nf_tables: fix register ordering
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 07/11] netfilter: nf_tables: stricter validation of element data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 06/11] netfilter: nf_tables: allow up to 64 bytes in the set element data area
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 01/11] netfilter: nftables: add nft_parse_register_load() and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 08/11] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 05/11] netfilter: nf_tables: add nft_setelem_parse_key()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 00/11] more stable fixes for 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 04/11] netfilter: nf_tables: validate registers coming from userspace.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 02/11] netfilter: nftables: add nft_parse_register_store() and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH -stable,4.14 03/11] netfilter: nftables: statify nft_parse_register()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next,v1 4/6] netfilter: nf_tables: add meta combo match
- From: Florian Westphal <fw@xxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
