Linux TCP/IP Netfilter Devel
[Prev Page][Next Page]
- [PATCH net 3/4] netfilter: nf_conntrack_irc: Tighten matching on DCC message
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 2/4] selftests: nft_concat_range: add socat support
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 1/4] netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 0/4] netfilter: bugfixes for net
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 bpf-next] selftests/bpf: fix ct status check in bpf_nf selftests
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: [PATCH bpf-next] selftests/bpf: fix ct status check in bpf_nf selftests
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: [PATCH bpf-next] selftests/bpf: fix ct status check in bpf_nf selftests
- From: Song Liu <song@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- [PATCH bpf-next v5 5/6] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 2/6] bpf: Add stub for btf_struct_access()
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 1/6] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 3/6] bpf: Use 0 instead of NOT_INIT for btf_struct_access() writes
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 6/6] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 4/6] bpf: Export btf_type_by_id() and bpf_log()
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v5 0/6] Support direct writes to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
- [PATCH net-next 8/8] netfilter: nat: avoid long-running port range loop
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 5/8] netfilter: remove NFPROTO_DECNET
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 2/8] netfilter: conntrack: ignore overly delayed tcp packets
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 4/8] netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 6/8] netfilter: move from strlcpy with unused retval to strscpy
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 7/8] netfilter: nat: move repetitive nat port reserve loop to a helper
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 3/8] netfilter: conntrack: remove unneeded indent level
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 1/8] netfilter: conntrack: prepare tcp_in_window for ternary return value
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 0/8] netfilter: patches for net-next
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net-next 0/2] netlink: add range checks for network byte integers
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH bpf-next] selftests/bpf: fix ct status check in bpf_nf selftests
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH nf] netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
- From: Song Liu <song@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Song Liu <song@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 2/4] selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation
- From: Song Liu <song@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 1/4] bpf: Add support for per-parameter trusted args
- From: Song Liu <song@xxxxxxxxxx>
- [PATCH nf-next 2/2] netfilter: nat: avoid long-running port range loop
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 0/2] netfilter: nat: avoid long-running loops
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 1/2] netfilter: nat: move repetitive nat port reserve loop to a helper
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v7 01/18] landlock: rename access mask
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 02/18] landlock: refactor landlock_find_rule/insert_rule
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 05/18] landlock: refactor helper functions
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 03/18] landlock: refactor merge/inherit_ruleset functions
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 18/18] landlock: Document Landlock's network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH nft v2] json: fix empty statement list output in sets and maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v7 17/18] samples/landlock: add network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 16/18] seltests/landlock: add invalid input data test
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 14/18] seltests/landlock: add rules overlapping test
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 13/18] seltests/landlock: add AF_UNSPEC family test
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 09/18] landlock: implement TCP network hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 07/18] landlock: user space API network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 11/18] seltests/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 10/18] seltests/landlock: move helper function
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 08/18] landlock: add network rules support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v7 04/18] landlock: move helper functions
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Eyal Birger <eyal.birger@xxxxxxxxx>
- [PATCH nf] selftests: nft_concat_range: add socat support
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v4] netlink: Bounds-check struct nlmsgerr creation
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH v2 nf] netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 1/4] bpf: Add support for per-parameter trusted args
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 2/4] selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH net-next 2/2] netfilter: nft_payload: reject out-of-range attributes via policy
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 1/2] netlink: introduce NLA_POLICY_MAX_BE
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net-next 0/2] netlink: add range checks for network byte integers
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2] json: fix empty statement list output in sets and maps
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH nft] json: fix empty statement list output in sets and maps
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH nft v2] json: add set statement list support
- From: "Fernando F. Mancera" <ffmancera@xxxxxxxxxx>
- Re: [PATCH nft v2] json: add set statement list support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] json: add table map statement support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] json: fix json schema version verification
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: CPE-ID?
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- CPE-ID?
- From: Nick <vincent@xxxxxxxxxxxx>
- [PATCH v4] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH net 1/4] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH v3] netlink: Bounds-check struct nlmsgerr creation
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH net 1/4] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH v3] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo.bianconi@xxxxxxxxxx>
- Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Daniel Müller <deso@xxxxxxxxxx>
- Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
- Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo.bianconi@xxxxxxxxxx>
- Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
- [PATCH nft] json: fix json schema version verification
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- [PATCH nft] json: add table map statement support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH net 1/4] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 1/4] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH v3] netlink: Bounds-check struct nlmsgerr creation
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [PATCH nftables] rule: check address family in set collapse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- [PATCH bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH bpf-next 1/4] bpf: Add support for per-parameter trusted args
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH bpf-next 2/4] selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH nftables] rule: check address family in set collapse
- From: Derek Hageman <hageman@inthat.cloud>
- Re: [PATCH 3/4] net-next: frags: add inetpeer frag_mem tracking
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [PATCH 3/4] net-next: frags: add inetpeer frag_mem tracking
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- Re: [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Neal Cardwell <ncardwell@xxxxxxxxxx>
- Re: [PATCH nft v2] json: add set statement list support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft v2] json: add set statement list support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [PATCH v2] netlink: Bounds-check struct nlmsgerr creation
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [PATCH v3] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- [PATCH net 4/4] netfilter: nf_conntrack_irc: Fix forged IP logic
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 1/4] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 2/4] netfilter: br_netfilter: Drop dst references before setting.
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 3/4] netfilter: nf_tables: clean up hook list when offload flags check fails
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 0/4] netfilter: bug fixes for net
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v2] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- [PATCH v2] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Eyal Birger <eyal.birger@xxxxxxxxx>
- RE: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: "Vink, Ronald" <ronald.vink@xxxxxxxxxxxx>
- Re: [PATCH 2/2] netlink: Bounds-check struct nlmsgerr creation
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- [PATCH 2/2] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- [PATCH 0/2] netlink: Bounds-check struct nlmsgerr creation
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- [PATCH 1/2] netlink: Bounds-check nlmsg_len()
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Re: [PATCH 2/2] netfilter: nf_conntrack_irc: Fix forged IP logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH nft] json: add set statement list support
- From: "Fernando F. Mancera" <ffmancera@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] json: add set statement list support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] tests/py: missing userdata in netlink payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl] rule, set_elem: remove trailing \n in userdata snprintf
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] json: add set statement list support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: clean up hook list when offload flags check fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [conntrack-tools PATCH] local: Avoid sockaddr_un::sun_path buffer overflow
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH nft] src: allow burst 0 for byte ratelimit and use it as default
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nf-next] netfilter: nf_tables: add ebpf expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bridge, v3] br_netfilter: Drop dst references before setting.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH bridge, v3] br_netfilter: Drop dst references before setting.
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH bridge, v3] br_netfilter: Drop dst references before setting.
- From: Harsh Modi <harshmodi@xxxxxxxxxx>
- [PATCH AUTOSEL 5.15 15/23] netfilter: conntrack: work around exceeded receive window
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.19 21/33] netfilter: conntrack: work around exceeded receive window
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH nft] src: allow burst 0 for byte ratelimit and use it as default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [nft PATCH] doc: nft.8: Add missing '-T' in synopsis
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH] erec: Dump locations' expressions only if set
- From: Phil Sutter <phil@xxxxxx>
- Re: [nft PATCH] doc: nft.8: Extend limit statement's burst value info
- From: Phil Sutter <phil@xxxxxx>
- Re: [nft PATCH] doc: nft.8: Extend limit statement's burst value info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2] netfilter: remove nf_conntrack_helper sysctl and modparam toggles
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: check offload flags before splicing hook list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [syzbot] memory leak in nft_chain_parse_hook
- From: syzbot <syzbot+5fcdbfab6d6744c57418@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Re: [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [PATCH 3/4] net-next: frags: add inetpeer frag_mem tracking
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [PATCH 4/4] net-next: frags: dynamic timeout under load
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- [PATCH v7 16/18] seltests/landlock: add invalid input data test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 15/18] seltests/landlock: add ruleset expanding test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 17/18] samples/landlock: add network demo
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 18/18] landlock: Document Landlock's network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 08/18] landlock: add network rules support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 12/18] seltests/landlock: add tests for connect() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 13/18] seltests/landlock: add AF_UNSPEC family test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 14/18] seltests/landlock: add rules overlapping test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 11/18] seltests/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 10/18] seltests/landlock: move helper function
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 09/18] landlock: implement TCP network hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 04/18] landlock: move helper functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 05/18] landlock: refactor helper functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 01/18] landlock: rename access mask
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 06/18] landlock: refactor landlock_add_rule syscall
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 07/18] landlock: user space API network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 03/18] landlock: refactor merge/inherit_ruleset functions
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 02/18] landlock: refactor landlock_find_rule/insert_rule
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v7 00/18] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH net-next] genetlink: start to validate reserved header bytes
- From: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
- Re: [PATCH nf] netfilter: remove nf_conntrack_helper sysctl toggle
- From: Aaron Conole <aconole@xxxxxxxxxx>
- Re: [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: john.p.donnelly@xxxxxxxxxx
- Re: [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: john.p.donnelly@xxxxxxxxxx
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nft,v2] optimize: expand implicit set element when merging into concatenation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next] genetlink: start to validate reserved header bytes
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH 1/4] net-next: frags: move inetpeer from ip4 to inet
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- [PATCH 4/4] net-next: frags: dynamic timeout under load
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- [PATCH 3/4] net-next: frags: add inetpeer frag_mem tracking
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- [PATCH 0/4] net-next: frags: add adaptive per-peer timeout under load
- From: Richard Gobert <richardbgobert@xxxxxxxxx>
- Re: [PATCH libnftnl] rule, set_elem: fix printing of user data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl] rule, set_elem: fix printing of user data
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- [iptables PATCH] nft: Expand extended error reporting to nft_cmd, too
- From: Phil Sutter <phil@xxxxxx>
- [PATCH v2 nf-next 4/4] netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 nf-next 1/4] netfilter: conntrack: prepare tcp_in_window for ternary return value
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 nf-next 2/4] netfilter: conntrack: ignore overly delayed tcp packets
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 nf-next 3/4] netfilter: conntrack: remove unneeded indent level
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 nf-next 0/4] netfilter: conntrack: ignore overly delayed tcp packets
- From: Florian Westphal <fw@xxxxxxxxx>
- [nft PATCH] doc: nft.8: Extend limit statement's burst value info
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nf] netfilter: remove nf_conntrack_helper sysctl toggle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH 2/2] netfilter: nf_conntrack_irc: Fix forged IP logic
- From: David Leadbeater <dgl@xxxxxx>
- [PATCH 1/2] netfilter: nf_conntrack_irc: Tighten matching on DCC message
- From: David Leadbeater <dgl@xxxxxx>
- Re: [PATCH net-next] genetlink: start to validate reserved header bytes
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
- [iptables PATCH] xtables-restore: Extend failure error message
- From: Phil Sutter <phil@xxxxxx>
- Re: [RFC PATCH nf-next] netfilter: ipvs: Divide estimators into groups
- From: Julian Anastasov <ja@xxxxxx>
- Re: [PATCH net 01/14] netfilter: ebtables: reject blobs that don't provide all entry points
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH net 14/14] netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- [PATCH AUTOSEL 4.14 3/4] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 4.9 2/3] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 4.19 4/5] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.4 6/8] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.10 09/11] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.15 15/20] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.19 31/38] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH net-next] genetlink: start to validate reserved header bytes
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- [PATCH net 12/14] netfilter: flowtable: add function to invoke garbage collection immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 13/14] netfilter: flowtable: fix stuck flows on cleanup due to pending work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 04/14] netfilter: nf_tables: disallow updates of implicit chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 09/14] netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 11/14] netfilter: nf_tables: disallow binding to already bound chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 08/14] netfilter: nf_tables: do not leave chain stats enabled on error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 14/14] netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 10/14] netfilter: nft_tunnel: restrict it to netdev family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 07/14] netfilter: nft_payload: do not truncate csum_offset and csum_type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 05/14] netfilter: nf_tables: make table handle allocation per-netns friendly
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 06/14] netfilter: nft_payload: report ERANGE for too long offset and length
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 03/14] netfilter: nft_tproxy: restrict to prerouting hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 02/14] netfilter: conntrack: work around exceeded receive window
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 01/14] netfilter: ebtables: reject blobs that don't provide all entry points
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 00/14] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf 2/2] netfilter: flowtable: fix stuck flows on cleanup due to pending work
- From: Paul Blakey <paulb@xxxxxxxxxx>
- Re: [PATCH] br_netfilter: Drop dst references before setting.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- [PATCH nft] expr: update EXPR_MAX and add missing comments
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: remove NFPROTO_DECNET
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Paul Blakey <paulb@xxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Paul Blakey <paulb@xxxxxxxxxx>
- [PATCH] br_netfilter: Drop dst references before setting.
- From: Harsh Modi <harshmodi@xxxxxxxxxx>
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: remove NFPROTO_DECNET
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH] bridge: move from strlcpy with unused retval to strscpy
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH nf 2/2] netfilter: flowtable: fix stuck flows on cleanup due to pending work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/2] netfilter: flowtable: add function to invoke garbage collection immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: remove NFPROTO_DECNET
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: disallow binding to already bound chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: data-race in nf_tables_newtable / nf_tables_newtable
- From: Gabriel Ryan <gabe@xxxxxxxxxxxxxxx>
- Re: data-race in nf_tables_newtable / nf_tables_newtable
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: data-race in nf_tables_newtable / nf_tables_newtable
- From: Gabriel Ryan <gabe@xxxxxxxxxxxxxxx>
- [PATCH bpf-next v4 1/5] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 5/5] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 2/5] bpf: Add stub for btf_struct_access()
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 3/5] bpf: Use 0 instead of NOT_INIT for btf_struct_access() writes
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 4/5] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 0/5] Support direct writes to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- [PATCH nf-next] netfilter: remove NFPROTO_DECNET
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net-next] Remove DECnet support from kernel
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: John Donnelly <john.p.donnelly@xxxxxxxxxx>
- [PATCH nf,v3 2/2] netfilter: nft_payload: do not truncate csum_offset and csum_type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf 1/3] netfilter: nft_dup: validate family and chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 3/3] netfilter: nft_tunnel: restrict it to netdev family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 2/3] netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/3] netfilter: nft_dup: validate family and chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: do not leave chain stats enabled on error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 1/2] netfilter: nft_payload: report ERANGE for too long offset and length
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 2/2] netfilter: nft_payload: do not truncate csum_offset and csum_type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_fwd: really validate family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2] netfilter: nft_dup: validate family and chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nft_fwd: really validate family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nft_dup: validate family and chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/2] netfilter: nft_payload: report ERANGE for too long offset and length
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 2/2] netfilter: nft_payload: do not truncate csum_offset and csum_type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_tables: make table handle allocation per-netns friendly
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Paul Blakey <paulb@xxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: make table handle allocation per-netns friendly
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: disallow updates of implicit chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [External] : [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
- Re: [PATCH nf] nefilter: nft_tproxy: restrict to prerouting hook
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [External] : Re: [PATCH] netfilter: ebtables: fix a NULL pointer dereference in ebt_do_table()
- From: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
- [PATCH nf] netfilter: ebtables: reject blobs that don't provide all entry points
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] netfilter: ebtables: fix a NULL pointer dereference in ebt_do_table()
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf] nefilter: nft_tproxy: restrict to prerouting hook
- From: Florian Westphal <fw@xxxxxxxxx>
- [BUG] nft_tproxy: Null pointer dereference on local-send UDP
- From: Shell Chen <xierch@xxxxxxxxx>
- [PATCH] netfilter: ebtables: fix a NULL pointer dereference in ebt_do_table()
- From: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
- Re: [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v3 4/5] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 1/5] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 0/5] Support direct writes to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 2/5] bpf: Add stub for btf_struct_access()
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 5/5] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v3 3/5] bpf: Use 0 instead of NOT_INIT for btf_struct_access() writes
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- [PATCH 5.10 283/545] netfilter: xtables: Bring SPDX identifier back
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: data-race in nf_tables_newtable / nf_tables_newtable
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] bridge: move from strlcpy with unused retval to strscpy
- From: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: move from strlcpy with unused retval to strscpy
- From: Simon Horman <horms@xxxxxxxxxx>
- [PATCH nft v3] src: Don't parse string as verdict in map
- From: Xiao Liang <shaw.leon@xxxxxxxxx>
- [PATCH nft v2] src: Don't parse string as verdict in map
- From: Xiao Liang <shaw.leon@xxxxxxxxx>
- Re: [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: conntrack: work around exceeded receive window
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] netfilter: move from strlcpy with unused retval to strscpy
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH] netfilter: move from strlcpy with unused retval to strscpy
- From: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>
- [PATCH] bridge: move from strlcpy with unused retval to strscpy
- From: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH nft] src: Don't parse string as verdict in map
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nft] src: Don't parse string as verdict in map
- From: Xiao Liang <shaw.leon@xxxxxxxxx>
- Re: [PATCH nft] src: Don't parse string as verdict in map
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] src: Don't parse string as verdict in map
- From: Xiao Liang <shaw.leon@xxxxxxxxx>
- [PATCH net 1/1] netfilter: flowtable: Fix use after free after freeing flow table
- From: Paul Blakey <paulb@xxxxxxxxxx>
- Re: [PATCH net-next] Remove DECnet support from kernel
- From: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
- Re: [PATCH net 01/17] netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH net-next] Remove DECnet support from kernel
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Martin KaFai Lau <kafai@xxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH bpf-next v2 2/4] bpf: Add stub for btf_struct_access()
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v2 4/4] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v2 4/4] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 2/4] bpf: Add stub for btf_struct_access()
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 3/4] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v2 0/4] Support direct writes to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: "Daniel Xu" <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: "Daniel Xu" <dxu@xxxxxxxxx>
- [PATCH net 16/17] testing: selftests: nft_flowtable.sh: use random netns names
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 17/17] testing: selftests: nft_flowtable.sh: rework test to detect offload failure
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 15/17] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 14/17] netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 13/17] netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 12/17] netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 11/17] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 06/17] netfilter: nf_ct_ftp: prefer skb_linearize
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 07/17] netfilter: nf_ct_irc: cap packet search space to 4k
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 10/17] netfilter: nf_tables: really skip inactive sets when allocating name
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 09/17] netfilter: nfnetlink: re-enable conntrack expectation events
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 08/17] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 02/17] netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 04/17] netfilter: nf_ct_sane: remove pseudo skb linearization
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 01/17] netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 00/17] netfilter: conntrack and nf_tables bug fixes
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 05/17] netfilter: nf_ct_h323: cap packet size at 64k
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 03/17] netfilter: nf_tables: possible module reference underflow in error path
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH libmnl v3 1/2] libmnl: update attribute function comments to use \return
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libmnl v3 2/2] libmnl: add support for signed types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] ipset-translate: allow invoking with a path name
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH nf-next] netfilter: ipvs: Divide estimators into groups
- From: Jiri Wiesner <jwiesner@xxxxxxx>
- [PATCH nf 2/2] testing: selftests: nft_flowtable.sh: rework test to detect offload failure
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 1/2] testing: selftests: nft_flowtable.sh: use random netns names
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 0/2] testing: selftests: nft_flowtable.sh: unbreak test script
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: "Daniel Xu" <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
- [PATCH 5.19 0617/1157] netfilter: xtables: Bring SPDX identifier back
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH bpf-next 3/3] selftests/bpf: Add tests for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH 5.18 0573/1095] netfilter: xtables: Bring SPDX identifier back
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH bpf-next 1/3] bpf: Remove duplicate PTR_TO_BTF_ID RO check
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 0/3] Support direct writes to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v4 0/3] Add more bpf_*_ct_lookup() selftests
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH 5.15 418/779] netfilter: xtables: Bring SPDX identifier back
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
- [PATCH nf,v2] netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4 2/2] netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- From: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
- Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- [PATCH nf,v3 2/2] netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 2/2] netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH nf-next] netfilter: ipvs: Divide estimators into groups
- From: Julian Anastasov <ja@xxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Thomas Backlund <tmb@xxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- [PATCH nf 2/2] netfilter: nf_tables: validate NFTA_SET_ELEM_KEY_END based on NFT_SET_CONCAT flag
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 1/2] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Neal Cardwell <ncardwell@xxxxxxxxxx>
- [RFC PATCH nf-next] netfilter: ipvs: Divide estimators into groups
- From: Jiri Wiesner <jwiesner@xxxxxxx>
- [PATCH bpf-next v4 0/3] Add more bpf_*_ct_lookup() selftests
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 3/3] selftests/bpf: Update CI kconfig
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 2/3] selftests/bpf: Add connmark read test
- From: Daniel Xu <dxu@xxxxxxxxx>
- [PATCH bpf-next v4 1/3] selftests/bpf: Add existing connection bpf_*_ct_lookup() test
- From: Daniel Xu <dxu@xxxxxxxxx>
- Re: [PATCH bpf-next v3 0/3] Add more bpf_*_ct_lookup() selftests
- From: "Daniel Xu" <dxu@xxxxxxxxx>
- [PATCH] ipset-translate: allow invoking with a path name
- From: Quentin Armitage <quentin@xxxxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf 0/4] netfilter: conntrack: remove 64kb max size assumptions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft 0/2] --optimize fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: Phil Sutter <phil@xxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: Phil Sutter <phil@xxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: fix scheduling-while-atomic splat
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] tests: shell: check for a tainted kernel
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: CFS for Netdev 0x16 open!
- From: Ferenc Fejes <ferenc.fejes@xxxxxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nft] evaluate: allow implicit ether -> vlan dep
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC] concat with dynamically sized fields like vlan id
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next v3 0/3] Add more bpf_*_ct_lookup() selftests
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH] Extends py/nftables.py
- From: Peter Collinson <11645080+pcollinson@xxxxxxxxxxxxxxxx>
- Re: [PATCH net 0/8] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net 1/8] netfilter: nf_tables: validate variable length element extension
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH net 0/8] Netfilter fixes for net
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH net 1/8] netfilter: nf_tables: validate variable length element extension
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH nf 3/4] netfilter: conntrack_ftp: prefer skb_linearize
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 5/8] netfilter: ip6t_LOG: Fix a typo in a comment
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 4/8] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 8/8] netfilter: nf_tables: fix null deref due to zeroed list head
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 6/8] netfilter: nf_tables: upfront validation of data via nft_data_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 7/8] netfilter: nf_tables: disallow jump to implicit chain from set element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/8] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/8] netfilter: nf_tables: validate variable length element extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/8] netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/8] netfilter: nf_tables: do not allow SET_ID to refer to another table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf,v2 1/2] netfilter: nf_tables: upfront validation of data via nft_data_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_tables: fix null deref due to zeroed list head
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 1/2] optimize: merging concatenation is unsupported
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 2/2] optimize: check for mergeable rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 0/2] --optimize fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] Extends py/nftables.py
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RESEND (v2) PATCH] netfilter: Fix a typo in a comment
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf,v4] netfilter: nf_tables: validate variable length element extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 3/3] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nfnetlink: re-enable conntrack expectation events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH 2/3] netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- [PATCH 3/3] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- [PATCH 1/3] netfilter: nf_tables: do not allow SET_ID to refer to another table
- From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
- RE: [PATCH nf 3/4] netfilter: conntrack_ftp: prefer skb_linearize
- From: Alexander Duyck <alexanderduyck@xxxxxx>
- Re: [PATCH bpf-next] net: netfilter: Remove ifdefs for code shared by BPF and ctnetlink
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH nf] netfilter: nf_tables: fix null deref due to zeroed list head
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf 3/4] netfilter: conntrack_ftp: prefer skb_linearize
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: [PATCH nf 3/4] netfilter: conntrack_ftp: prefer skb_linearize
- From: Alexander Duyck <alexanderduyck@xxxxxx>
- [PATCH] netfilter: nf_tables: possible module reference underflow in error path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] netfilter: nf_tables: really skip inactive sets when allocating name
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf 4/4] netfilter: conntrack_irc: cap packet search space to 4k
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 2/4] netfilter: conntrack: h323: cap packet size at 64k
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 1/4] netfilter: conntrack: sane: remove pseudo skb linearization
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 3/4] netfilter: conntrack_ftp: prefer skb_linearize
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 0/4] netfilter: conntrack: remove 64kb max size assumptions
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v4] netfilter: nf_tables: validate variable length element extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables] meta: don't use non-POSIX formats in strptime()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] tests/py: disable arp family for queue statement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nftables] meta: don't use non-POSIX formats in strptime()
- From: Jo-Philipp Wich <jo@xxxxxxx>
- [PATCH libmnl v3 1/2] libmnl: update attribute function comments to use \return
- From: Jacob Keller <jacob.e.keller@xxxxxxxxx>
- [PATCH libmnl v3 2/2] libmnl: add support for signed types
- From: Jacob Keller <jacob.e.keller@xxxxxxxxx>
- Re: [PATCH libmnl v2 2/2] libmnl: add support for signed types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [PATCH libmnl v2 2/2] libmnl: add support for signed types
- From: "Keller, Jacob E" <jacob.e.keller@xxxxxxxxx>
- [PATCH nf 2/2] netfilter: nf_tables: disallow jump to implicit chain from set element
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v2 1/2] netfilter: nf_tables: upfront validation of data via nft_data_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [PATCH libmnl v2 2/2] libmnl: add support for signed types
- From: "Keller, Jacob E" <jacob.e.keller@xxxxxxxxx>
- Re: [PATCH libmnl v2 1/2] libmnl: update attribute function comments to use \return
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libmnl v2 2/2] libmnl: add support for signed types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: upfront validation of data via nft_data_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf,v3] netfilter: nf_tables: validate variable length element extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [net] 2638eb8b50: WARNING:suspicious_RCU_usage
- From: kernel test robot <oliver.sang@xxxxxxxxx>
- [RESEND (v2) PATCH] netfilter: Fix a typo in a comment
- From: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
- [RESEND PATCH] netfilter: Fix a typo in a comment
- From: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
- Re: [PATCH libmnl v2 1/2] libmnl: update attribute function comments to use \return
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [PATCH bpf-next] net: netfilter: Remove ifdefs for code shared by BPF and ctnetlink
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH libmnl v2 1/2] libmnl: update attribute function comments to use \return
- From: Jacob Keller <jacob.e.keller@xxxxxxxxx>
- [PATCH libmnl v2 2/2] libmnl: add support for signed types
- From: Jacob Keller <jacob.e.keller@xxxxxxxxx>
- [PATCH nf] netfilter: nfnetlink: re-enable conntrack expectation events
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH libnetfilter_queue] build: doc: Update build_man.sh to find bash in PATH
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [PATCH libmnl] libmnl: add support for signed types
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- RE: [PATCH libmnl] libmnl: add support for signed types
- From: "Keller, Jacob E" <jacob.e.keller@xxxxxxxxx>
- Re: [PATCH libmnl] libmnl: add support for signed types
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH nf,v2] netfilter: nf_tables: validate variable length element extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libmnl] libmnl: add support for signed types
- From: Jacob Keller <jacob.e.keller@xxxxxxxxx>
- LPC 2022 Networking and BPF Track CFP (Final Reminder)
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
- Re: [PATCH nft v2 0/8] really handle stacked l2 headers
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nft v2 0/8] really handle stacked l2 headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libmnl 0/6] Doxygen Build Improvements
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [PATCH libmnl 0/6] Doxygen Build Improvements
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- [PATCH nf] netfilter: flowtable: fix incorrect Kconfig dependencies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libmnl 5/6] doc: move man-page sym-link shell-script into a separate file
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH libmnl 5/6] doc: move man-page sym-link shell-script into a separate file
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH libmnl 4/6] doc: move doxygen config file into doxygen directory
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 0/6] Doxygen Build Improvements
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 3/6] doc: change `INPUT` doxygen setting to `@top_srcdir@`
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 6/6] doc: fix doxygen `clean-local` rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 5/6] doc: move man-page sym-link shell-script into a separate file
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 2/6] doc: add .gitignore for Doxygen artefacts
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH libmnl 1/6] build: add `make dist` tar-balls to .gitignore
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [syzbot] general protection fault in br_nf_pre_routing_finish (2)
- From: syzbot <syzbot+dc42341ea62e8eb6c1f7@xxxxxxxxxxxxxxxxxxxxxxxxx>
- [PATCH iptables] tests: add ebtables among testcase
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash
- From: Mark Mentovai <mark@xxxxxxxxxxxx>
- [PATCH iptables] nft: fix ebtables among match when mac+ip addresses are used
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: iptables v1.6.2 EOS date
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft,v3] parser_json: fix device parsing in netdev family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2] parser_json: fix device parsing in netdev family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: iptables v1.6.2 EOS date
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH nf-next v2] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction
- From: wenxu@xxxxxxxxxxxxxxx
- iptables v1.6.2 EOS date
- From: Nicolas MAFFRE <nicolas.maffre.external@xxxxxxxxxx>
- Re: Re: [PATCH nf-next v2 2/3] nf_flow_table_offload: offload the PPPoE encap in the flowtable
- From: "wenxu@xxxxxxxxxxxxxxx" <wenxu@xxxxxxxxxxxxxxx>
- Re: Re: [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: "wenxu@xxxxxxxxxxxxxxx" <wenxu@xxxxxxxxxxxxxxx>
- Re: Re: [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: "wenxu@xxxxxxxxxxxxxxx" <wenxu@xxxxxxxxxxxxxxx>
- Re: Re: [PATCH nf-next] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction
- From: "wenxu@xxxxxxxxxxxxxxx" <wenxu@xxxxxxxxxxxxxxx>
- Re: [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: "U'ren, Aaron" <Aaron.U'ren@xxxxxxxx>
- [PATCH AUTOSEL 4.19 3/4] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.4 5/6] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.10 6/7] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.15 7/8] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.18 09/10] netfilter: nft_queue: only allow supported familes and hooks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.18 08/10] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash
- From: Mark Mentovai <mark@xxxxxxxxxxxx>
- [PATCH nf 0/2] netfilter: nf_tables: fix nf_trace related crash
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 1/2] netfilter: nf_tables: fix crash when nf_trace is enabled
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf 2/2] selftests: netfilter: add test case for nf trace infrastructure
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft] parser_json: fix device parsing in netdev family
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft v2 8/8] src: allow anon set concatenation with ether and vlan
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 7/8] evaluate: search stacked header list for matching payload dep
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 6/8] netlink_delinearize: also postprocess OP_AND in set element context
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 5/8] tests: add a test case for ether and vlan listing
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 4/8] debug: dump the l2 protocol stack
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 3/8] proto: track full stack of seen l2 protocols, not just cumulative offset
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 2/8] netlink_delinearize: postprocess binary ands in concatenations
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 1/8] netlink_delinearize: allow postprocessing on concatenated elements
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft v2 0/8] really handle stacked l2 headers
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v2] src: proto: support DF, LE PHB, VA for DSCP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft 2/7] netlink_delinearize: postprocess binary ands in set expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next v2 2/3] nf_flow_table_offload: offload the PPPoE encap in the flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft 2/7] netlink_delinearize: postprocess binary ands in set expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [RFC] Remove DECNET support from kernel
- From: David Laight <David.Laight@xxxxxxxxxx>
- [PATCH] ebtables: add "allstatic" build target
- From: Justin Swartz <justin.swartz@xxxxxxxxxxxxxxxx>
- Re: [RFC] Remove DECNET support from kernel
- From: David Ahern <dsahern@xxxxxxxxxx>
- Re: [RFC] Remove DECNET support from kernel
- From: Pali Rohár <pali@xxxxxxxxxx>
- [RFC] Remove DECNET support from kernel
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: "U'ren, Aaron" <Aaron.U'ren@xxxxxxxx>
- Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
- From: Erik Skultety <eskultet@xxxxxxxxxx>
- Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
- From: Phil Sutter <phil@xxxxxx>
- [PATCH libnftnl RFC 1/3] src: add string API support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl RFC 3/3] examples: update nft-rule-add to match on string
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl RFC 2/3] expr: add string expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH RFC 1/3] src: add string API support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH RFC 2/3] netfilter: nf_tables: add string set API
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH RFC 3/3] netfilter: nf_tables: add string expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH RFC 1/3] netfilter: add Aho-Corasick string match implementation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH RFC 0/3] nf_tables string match support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v6 02/17] landlock: refactors landlock_find/insert_rule
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v6 11/17] seltests/landlock: adds tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [iptables PATCH 3/3] xshared: Print protocol numbers if --numeric was given
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH resend] ebtables: extend the 'static' build target fix.
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v6 17/17] samples/landlock: adds network demo
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: "Konstantin Meskhidze (A)" <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH resend] ebtables: extend the 'static' build target fix.
- From: Justin Swartz <justin.swartz@xxxxxxxxxxxxxxxx>
- Re: [PATCH resend] ebtables: extend the 'static' build target fix.
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v6 17/17] samples/landlock: adds network demo
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nft 5/7] tests: add a test case for ether and vlan listing
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 4/7] debug: dump the l2 protocol stack
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 6/7] evaluate: search stacked header list for matching payload dep
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 7/7] src: allow anon set concatenation with ether and vlan
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 3/7] proto: track full stack of seen l2 protocols, not just cumulative offset
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 1/7] netlink_delinearize: allow postprocessing on concatenated elements
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 2/7] netlink_delinearize: postprocess binary ands in set expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 0/7] really handle stacked l2 headers
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_queue: only allow supported families
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v2 nf] netfilter: nft_queue: only allow supported familes and hooks
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v6 00/17] Network support for Landlock
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_queue: only allow supported families
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_queue: do not allow packet truncation below transport header offset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
- Re: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: add rescheduling points during loop detection walks
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf] netfilter: nft_queue: only allow supported families
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf] netfilter: nf_queue: do not allow packet truncation below transport header offset
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
- Re: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
- From: Erik Skultety <eskultet@xxxxxxxxxx>
- [PATCH nf-next] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction
- From: wenxu@xxxxxxxxxxxxxxx
- Re: [iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
- Re: [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next] net: netfilter: Remove ifdefs for code shared by BPF and ctnetlink
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
- From: Phil Sutter <phil@xxxxxx>
- Re: iptables 1.8.8 misses -j CT calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: iptables 1.8.8 misses -j CT calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- A probable bug in nftables doc
- From: Eve Adam <adameve1981zero@xxxxxxxxx>
- Re: [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [PATCH bpf-next v7 02/13] tools/resolve_btfids: Add support for 8-byte BTF sets
- From: Jiri Olsa <olsajiri@xxxxxxxxx>
- Re: [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status
- From: Zvi Effron <zeffron@xxxxxxxxxxxxx>
- iptables 1.8.8 misses -j CT calls
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH bpf-next v7 12/13] selftests/bpf: Add negative tests for new nf_conntrack kfuncs
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 13/13] selftests/bpf: Fix test_verifier failed test in unprivileged mode
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 11/13] selftests/bpf: Add tests for new nf_conntrack kfuncs
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 10/13] selftests/bpf: Add verifier tests for trusted kfunc args
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 08/13] net: netfilter: Add kfuncs to set and change CT timeout
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 02/13] tools/resolve_btfids: Add support for 8-byte BTF sets
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 05/13] bpf: Add documentation for kfuncs
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 06/13] net: netfilter: Deduplicate code in bpf_{xdp,skb}_ct_lookup
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 01/13] bpf: Introduce 8-byte BTF set
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 03/13] bpf: Switch to new kfunc flags infrastructure
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 09/13] net: netfilter: Add kfuncs to set and change CT status
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- Re: [iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
- From: Jan Engelhardt <jengelh@xxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
