Linux TCP/IP Netfilter Devel
[Prev Page][Next Page]
- [PATCH v5 12/15] seltests/landlock: rules overlapping test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 15/15] samples/landlock: adds network demo
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 11/15] seltests/landlock: connect() with AF_UNSPEC tests
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 13/15] seltests/landlock: ruleset expanding test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 08/15] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 02/15] landlock: landlock_find/insert_rule refactoring
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 14/15] seltests/landlock: invalid user input data test
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 10/15] seltests/landlock: add tests for connect() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 09/15] seltests/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 03/15] landlock: merge and inherit function refactoring
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 04/15] landlock: helper functions refactoring
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 07/15] landlock: add support network rules
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 06/15] landlock: user space API network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 01/15] landlock: access mask renaming
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH v5 00/15] Network support for Landlock
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH v2] netfilter: nf_flowtable: move dst_check to packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf-next PATCH] nf_flow_table_offload: offload the PPPoE encap in the flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: conntrack: remove pr_debug callsites from tcp tracker
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf v2 2/2] netfilter: Use l3mdev flow key when re-routing mangled packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2 nf 1/4] netfilter: flowtable: fix excessive hw offload attempts after failure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] treewide: use uint* instead of u_int*
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH nf] netfilter: nft_numgen: disable preempt to access per-cpu data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Maciej Żenczykowski <maze@xxxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Nick <vincent@xxxxxxxxxxxx>
- [PATCH] treewide: use uint* instead of u_int*
- From: vincent@xxxxxxxxxxxx
- Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl] expr: extend support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Maciej Żenczykowski <maze@xxxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler
- From: Menglong Dong <menglong8.dong@xxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Maciej Żenczykowski <maze@xxxxxxxxxx>
- Re: [PATCH libnftnl] src: add dynamic register allocation infrastructure
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH libnftnl] src: add dynamic register allocation infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Maciej Żenczykowski <maze@xxxxxxxxxx>
- Re: [PATCH iptables 2/2] xshared: fix compilation with musl
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH libnftnl] src: add dynamic register allocation infrastructure
- From: Phil Sutter <phil@xxxxxx>
- [PATCH iptables 1/2] xtables: fix compilation with musl
- From: Nick Hainke <vincent@xxxxxxxxxxxx>
- [PATCH iptables 2/2] xshared: fix compilation with musl
- From: Nick Hainke <vincent@xxxxxxxxxxxx>
- Re: [PATCH v2 bpf-next 2/2] selftests/bpf: add selftest for bpf_ct_refresh_timeout kfunc
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: [PATCH v2 bpf-next 2/2] selftests/bpf: add selftest for bpf_ct_refresh_timeout kfunc
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: [PATCH v2 bpf-next 2/2] selftests/bpf: add selftest for bpf_ct_refresh_timeout kfunc
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- [PATCH net-next 12/17] netfilter: nfnetlink: allow to detect if ctnetlink listeners exist
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 17/17] netfilter: conntrack: skip verification of zero UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 14/17] netfilter: conntrack: add nf_conntrack_events autodetect mode
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 16/17] netfilter: flowtable: nft_flow_route use more data for reverse route
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 15/17] netfilter: prefer extension check to pointer check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 13/17] netfilter: conntrack: un-inline nf_ct_ecache_ext_add
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 09/17] netfilter: conntrack: remove unconfirmed list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 11/17] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 10/17] netfilter: conntrack: avoid unconditional local_bh_disable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 07/17] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 08/17] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 06/17] netfilter: extensions: introduce extension genid count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 05/17] netfilter: remove nf_ct_unconfirmed_destroy helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 03/17] netfilter: conntrack: remove the percpu dying list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 02/17] netfilter: conntrack: include ecache dying list in dumps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 04/17] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 00/17] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] netfilter: conntrack: do not disable bh during destruction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] netlink_delinearize: release last register on exit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [iptables PATCH] xshared: Fix build for -Werror=format-security
- From: Phil Sutter <phil@xxxxxx>
- [ANNOUNCE] iptables 1.8.8 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Felix Fietkau <nbd@xxxxxxxx>
- Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Felix Fietkau <nbd@xxxxxxxx>
- Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next] net: ipvs: random start for RR scheduler
- From: Julian Anastasov <ja@xxxxxx>
- [PATCH nf] nft_set_rbtree: Move clauses for expired nodes, last active node as leaf
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout
- From: Oz Shlomo <ozsh@xxxxxxxxxx>
- [nf-next PATCH v3 3/4] netfilter: nf_tables: Introduce expression flags
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v3 4/4] netfilter: nf_tables: Annotate reduced expressions
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v3 2/4] netfilter: nf_tables: Introduce struct nft_expr_dp
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v3 0/4] nf_tables: Export rule optimizer results to user space
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v3 1/4] netfilter: nf_tables: Store net size in nft_expr_ops::size
- From: Phil Sutter <phil@xxxxxx>
- [PATCH v2 bpf-next 2/2] selftests/bpf: add selftest for bpf_ct_refresh_timeout kfunc
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 1/2] net: netfilter: add kfunc helper to update ct timeout
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH v2 bpf-next 0/2] net: netfilter: add kfunc helper to update ct timeout
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH nf-next] netfilter: conntrack: remove pr_debug callsites from tcp tracker
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nf-next PATCH v2 1/2] netfilter: nf_tables: Introduce expression flags
- From: Phil Sutter <phil@xxxxxx>
- Re: [syzbot] INFO: task hung in usb_get_descriptor
- From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
- Re: [nf-next PATCH v2 1/2] netfilter: nf_tables: Introduce expression flags
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [nf-next PATCH v2 0/2] nf_tables: Export rule optimizer results to user space
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v2 2/2] netfilter: nf_tables: Annotate reduced expressions
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH v2 1/2] netfilter: nf_tables: Introduce expression flags
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler
- From: Julian Anastasov <ja@xxxxxx>
- Re: [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler
- From: Menglong Dong <menglong8.dong@xxxxxxxxx>
- Re: [nf_flowtable] 2cd764935d: kernel-selftests.netfilter.nft_flowtable.sh.ipsec_tunnel_mode_for_ns1/ns2.fail
- From: Oliver Sang <oliver.sang@xxxxxxxxx>
- Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: [PATCH bpf-next] net: netfilter: add kfunc helper to update ct timeout
- From: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
- [nf-next PATCH 1/2] netfilter: nf_tables: Introduce expression flags
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
- From: Phil Sutter <phil@xxxxxx>
- [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH bpf-next] net: netfilter: add kfunc helper to update ct timeout
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Call netfilter okfn on stolen packets
- From: Federico De Marchi <fede00001@xxxxxxxxxxxxxxxxxxxx>
- [PATCH v2] netfilter: nf_flowtable: move dst_check to packet path
- From: Ritaro Takenaka <ritarot634@xxxxxxxxx>
- Re: [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
- Re: [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler
- From: Julian Anastasov <ja@xxxxxx>
- [PATCH nf-next] netfilter: conntrack: do not disable bh during destruction
- From: Florian Westphal <fw@xxxxxxxxx>
- [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
- From: Felix Fietkau <nbd@xxxxxxxx>
- Re: [PATCH net-next] net: ipvs: random start for RR scheduler
- From: Julian Anastasov <ja@xxxxxx>
- [nf-next PATCH] nf_flow_table_offload: offload the PPPoE encap in the flowtable
- From: wenxu@xxxxxxxxxxxxxxx
- [PATCH net-next 12/17] netfilter: nfnetlink: allow to detect if ctnetlink listeners exist
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 17/17] netfilter: conntrack: skip verification of zero UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 10/17] netfilter: conntrack: avoid unconditional local_bh_disable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 06/17] netfilter: extensions: introduce extension genid count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 16/17] netfilter: flowtable: nft_flow_route use more data for reverse route
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 15/17] netfilter: prefer extension check to pointer check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 13/17] netfilter: conntrack: un-inline nf_ct_ecache_ext_add
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 08/17] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 14/17] netfilter: conntrack: add nf_conntrack_events autodetect mode
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 09/17] netfilter: conntrack: remove unconfirmed list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 11/17] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 02/17] netfilter: conntrack: include ecache dying list in dumps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 03/17] netfilter: conntrack: remove the percpu dying list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 04/17] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 00/17] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 07/17] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 05/17] netfilter: remove nf_ct_unconfirmed_destroy helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf_flowtable] 2cd764935d: kernel-selftests.netfilter.nft_flowtable.sh.ipsec_tunnel_mode_for_ns1/ns2.fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [nf_flowtable] 2cd764935d: kernel-selftests.netfilter.nft_flowtable.sh.ipsec_tunnel_mode_for_ns1/ns2.fail
- From: kernel test robot <oliver.sang@xxxxxxxxx>
- [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler
- From: menglong8.dong@xxxxxxxxx
- Re: [PATCH net-next] net: ipvs: random start for RR scheduler
- From: Menglong Dong <menglong8.dong@xxxxxxxxx>
- Re: [PATCH net-next] net: ipvs: random start for RR scheduler
- From: Menglong Dong <menglong8.dong@xxxxxxxxx>
- Re: [PATCH net-next] net: ipvs: random start for RR scheduler
- From: Julian Anastasov <ja@xxxxxx>
- Re: [PATCH] nf_flowtable: teardown fix race condition
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH] nf_flowtable: teardown fix race condition
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] nf_flowtable: teardown fix race condition
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- Re: [PATCH] nf_flowtable: teardown fix race condition
- From: Oz Shlomo <ozsh@xxxxxxxxxx>
- Re: [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Oz Shlomo <ozsh@xxxxxxxxxx>
- [PATCH net-next] net: ipvs: random start for RR scheduler
- From: menglong8.dong@xxxxxxxxx
- Re: [PATCH 2/4] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
- From: Felix Fietkau <nbd@xxxxxxxx>
- Re: [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- [PATCH v2 nf 2/4] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
- From: Felix Fietkau <nbd@xxxxxxxx>
- [PATCH v2 nf 4/4] netfilter: nft_flow_offload: fix offload with pppoe + vlan
- From: Felix Fietkau <nbd@xxxxxxxx>
- [PATCH v2 nf 3/4] net: fix dev_fill_forward_path with pppoe + bridge
- From: Felix Fietkau <nbd@xxxxxxxx>
- [PATCH v2 nf 1/4] netfilter: flowtable: fix excessive hw offload attempts after failure
- From: Felix Fietkau <nbd@xxxxxxxx>
- Re: [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Oz Shlomo <ozsh@xxxxxxxxxx>
- [PATCH] nf_flowtable: teardown fix race condition
- From: Sven Auhagen <Sven.Auhagen@xxxxxxxxxxxx>
- Re: [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Sven Auhagen <sven.auhagen@xxxxxxxxxxxx>
- [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout
- From: Oz Shlomo <ozsh@xxxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 2/4] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next 0/4] netfilter: conntrack: avoid eache extension allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3] netfilter: conntrack: skip verification of zero UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] nf_flowtable: nft_flow_route use more data for reverse route
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] intervals: deletion should adjust range not yet in the kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH xtables-addons 1/2] doc: fix some typos in man-pages
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH xtables-addons 2/2] doc: fix typo in help
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH xtables-addons 1/2] doc: fix some typos in man-pages
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [iptables PATCH v2 4/4] nft: Fix EPERM handling for extensions without rev 0
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 2/5] xshared: Move arp_opcodes into shared space
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 5/5] libxtables: Revert change to struct xtables_pprot
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 4/5] libxtables: Drop xtables_globals 'optstring' field
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 3/5] xshared: Extend xtables_printhelp() for arptables
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 0/5] Restore libxtables ABI compatibility
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 1/5] extensions: MARK: Drop extra newline at end of help
- From: Phil Sutter <phil@xxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [iptables PATCH 4/4] nft: Fix EPERM handling for extensions without rev 0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [iptables PATCH 4/4] nft: Fix EPERM handling for extensions without rev 0
- From: Phil Sutter <phil@xxxxxx>
- [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_cthelper 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: [iptables PATCH 4/4] nft: Fix EPERM handling for extensions without rev 0
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: "U'ren, Aaron" <Aaron.U'ren@xxxxxxxx>
- Re: [PATCH] netfilter: nf_conncount: reduce unnecessary GC
- From: William Tu <u9012063@xxxxxxxxx>
- [PATCHv2] netfilter: nf_conncount: reduce unnecessary GC
- From: William Tu <u9012063@xxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Thorsten Leemhuis <regressions@xxxxxxxxxxxxx>
- Re: [PATCH libnftnl,v3] src: add dynamic register allocation infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [iptables PATCH 0/4] Some misc fixes
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 4/4] nft: Fix EPERM handling for extensions without rev 0
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 3/4] extensions: LOG: Document --log-macdecode in man page
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 2/4] man: *NAT: Review --random* option descriptions
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 1/4] extensions: DNAT: Merge core printing functions
- From: Phil Sutter <phil@xxxxxx>
- Re: [Bridge] [PATCH v2 0/1] UDP traceroute packets with no checksum
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
- Re: [PATCH] netfilter: nf_conncount: reduce unnecessary GC
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH bpf-next] net: netfilter: add kfunc helper to update ct timeout
- From: kernel test robot <lkp@xxxxxxxxx>
- [RFC PATCH] net: netfilter: bpf_ct_refresh_timeout() can be static
- From: kernel test robot <lkp@xxxxxxxxx>
- [PATCH] netfilter: nf_conncount: reduce unnecessary GC
- From: William Tu <u9012063@xxxxxxxxx>
- [PATCH] netfilter: nf_conncount: reduce unnecessary GC
- From: William Tu <u9012063@xxxxxxxxx>
- [PATCH bpf-next] net: netfilter: add kfunc helper to update ct timeout
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- [PATCH nft 2/3] optimize: do not clone unsupported statement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 1/3] optimize: incorrect logic in verdict comparison
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 3/3] optimize: merge nat rules with same selectors into map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libnftnl,v3] src: add dynamic register allocation infrastructure
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH nft 0/3] nftables: add support for wildcard interfaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH conntrack] conntrack: consolidate socket open call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl,v3] src: add dynamic register allocation infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl,v2] src: add dynamic register allocation infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables,v2] nft: support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH libnftnl] src: add dynamic register allocation infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Ritaro Takenaka <ritarot634@xxxxxxxxx>
- [PATCH nf-next v3] netfilter: conntrack: skip verification of zero UDP checksum
- From: Kevin Mitchell <kevmitch@xxxxxxxxxx>
- [PATCH nft 3/3] sets_with_ifnames: add test case for concatenated range
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 1/3] netlink: swap byteorder for host-endian concat data
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 2/3] segtree: add pretty-print support for wildcard strings in concatenated sets
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 0/3] nftables: add support for wildcard interfaces
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next] selftests: netfilter: flowtable vlan filtering bridge support
- From: wenxu@xxxxxxxxxxxxxxx
- Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: Minor issue in iptables(8) man page
- From: Steve Brecher <steve@xxxxxxxxxxxx>
- Re: Minor issue in iptables(8) man page
- From: Florian Westphal <fw@xxxxxxxxx>
- Minor issue in iptables(8) man page
- From: Steve Brecher <steve@xxxxxxxxxxxx>
- [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/3] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2 nf] netfilter: nft_socket: only do sk lookups when indev is available
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH iptables 7/7] nft: support for dynamic register allocation
- From: Phil Sutter <phil@xxxxxx>
- [PATCH v2 nf] netfilter: nft_socket: only do sk lookups when indev is available
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_socket: only do sk lookup when indev is available
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: wenxu <wenxu@xxxxxxxxxxxxxxx>
- Re: [PATCH iptables 7/7] nft: support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nft_socket: only do sk lookup when indev is available
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: wenxu <wenxu@xxxxxxxxxxxxxxx>
- [PATCH nf] netfilter: nft_socket: allow socket expression from prerouting and input only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH nf-next v2 1/1] netfilter: conntrack: skip verification of zero UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net] netfilter: conn: fix udp offload timeout sysctl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net] netfilter: conn: fix udp offload timeout sysctl
- From: Volodymyr Mytnyk <volodymyr.mytnyk@xxxxxxxxxxx>
- [PATCH] nf_flowtable: nft_flow_route use more data for reverse route
- From: Sven Auhagen <Sven.Auhagen@xxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH v35 08/29] LSM: Use lsmblob in security_secctx_to_secid
- From: John Johansen <john.johansen@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- LPC 2022 Networking and BPF Track CFP
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
- Re: [PATCH iptables 7/7] nft: support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH iptables 7/7] nft: support for dynamic register allocation
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH 1/1] configure: add an option to compile the examples
- From: Dario Binacchi <dariobin@xxxxxxxxx>
- Re: [PATCH 1/1] configure: add an option to compile the examples
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Ritaro Takenaka <ritarot634@xxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: りたろう <ritarot634@xxxxxxxxx>
- Re: [PATCH nft] src: fix always-true assertions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] src: fix always-true assertions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] src: fix always-true assertions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring (TCP port 0)
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 09/15] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 06/15] landlock: landlock_add_rule syscall refactoring
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [PATCH 1/1] configure: add an option to compile the examples
- From: Dario Binacchi <dariobin@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [PATCH nf-next 4/4] netfilter: prefer extension check to pointer check
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 2/4] netfilter: conntrack: un-inline nf_ct_ecache_ext_add
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 3/4] netfilter: conntrack: add nf_conntrack_events autodetect mode
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 1/4] netfilter: nfnetlink: allow to detect if ctnetlink listeners exist
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next 0/4] netfilter: conntrack: avoid eache extension allocation
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net 1/4] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- [PATCH nf] netfilter: nf_conntrack_tcp: re-init for syn packets only
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH net 2/4] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/4] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/4] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 3/4] netfilter: flowtable: Remove the empty file
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 4/4] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf v2 1/2] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] nf_flowtable: ensure dst.dev is not blackhole
- From: Ritaro Takenaka <ritarot634@xxxxxxxxx>
- [PATCH iptables 7/7] nft: support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 5/7] nft: prepare for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 4/7] nft: pass handle to helper functions to build netlink payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 6/7] nft: split gen_payload() to allocate register and initialize expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 3/7] nft: native mark matching support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 1/7] nft-shared: update context register for bitwise expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 0/7] support for dynamic register allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH iptables 2/7] nft: pass struct nft_xt_ctx to parse_meta()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH net-next v1] net: Use csum_replace_... and csum_sub() helpers instead of opencoding
- From: kernel test robot <lkp@xxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- Re: [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH] socket gid and socket uid
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [PATCH] netfilter: nft_socket: socket expressions for GID & UID
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [PATCH v1] netfilter: Remove the empty file
- From: clement wei <clementwei90@xxxxxxx>
- Re: [PATCH nf v2 2/2] netfilter: Use l3mdev flow key when re-routing mangled packets
- From: David Ahern <dsahern@xxxxxxxxxx>
- Re: [PATCH nf v2 1/2] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: David Ahern <dsahern@xxxxxxxxxx>
- [PATCH nf v2 0/2] netfilter: Fix/update mangled packet re-routing within VRF domains
- From: Martin Willi <martin@xxxxxxxxxxxxxx>
- [PATCH nf v2 2/2] netfilter: Use l3mdev flow key when re-routing mangled packets
- From: Martin Willi <martin@xxxxxxxxxxxxxx>
- [PATCH nf v2 1/2] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: Martin Willi <martin@xxxxxxxxxxxxxx>
- Re: [PATCH nf-next v4 00/10] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf,v2] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf,v2] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Simon Horman <horms@xxxxxxxxxxxx>
- [PATCH v35 16/29] LSM: Use lsmcontext in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v35 18/29] LSM: security_secid_to_secctx in netlink netfilter
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v35 09/29] LSM: Use lsmblob in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v35 08/29] LSM: Use lsmblob in security_secctx_to_secid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH nft] intervals: set on EXPR_F_KERNEL flag for new elements in set cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 0/2] allow base integer type in concatenation
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 1/2] src: allow use of base integer types as set keys in concatenations
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nft 2/2] tests: add concat test case with integer base type subkey
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH v34 16/29] LSM: Use lsmcontext in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 18/29] LSM: security_secid_to_secctx in netlink netfilter
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 15/29] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 09/29] LSM: Use lsmblob in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 08/29] LSM: Use lsmblob in security_secctx_to_secid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [PATCH nf,v2] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Julian Anastasov <ja@xxxxxx>
- [PATCH nft,v2 2/3] intervals: fix deletion of multiple ranges with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2 3/3] intervals: build list of elements to be added from cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2 1/3] intervals: add elements with EXPR_F_KERNEL to purge list only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Simon Horman <horms@xxxxxxxxxxxx>
- [PATCH nft 2/2] intervals: fix deletion of multiple ranges with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft PATCH] intervals: Simplify element sanity checks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft 1/2] intervals: add elements with EXPR_F_KERNEL to purge list only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [nft PATCH] intervals: Simplify element sanity checks
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH nf] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: David Ahern <dsahern@xxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] intervals: remove check for EXPR_F_REMOVE in remove_element()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nft] intervals: unset EXPR_F_KERNEL for adjusted elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH nf] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: Martin Willi <martin@xxxxxxxxxxxxxx>
- [PATCH nft,v6 3/8] src: remove rbtree datastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 7/8] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 8/8] src: restore interval sets work with string datatypes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 5/8] intervals: add support to automerge with kernel elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 6/8] evaluate: allow for zero length ranges
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 2/8] src: replace interval segment tree overlap and automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 0/8] revisit overlap/automerge codebase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 4/8] mnl: update mnl_nft_setelem_del() to allow for more reuse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v6 1/8] src: add EXPR_F_KERNEL to identify expression in the kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nftables 5/9] src: make interval sets work with string datatypes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v5 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH] datatype: accept abbrevs and ignore case on parsing symbolic constants
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH v2 1/1] xt_ECHO, xt_TARPIT: make properly conditional on IPv6
- From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
- Re: [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 2/7] src: replace interval segment tree overlap and automerge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 5/7] intervals: add support to automerge with kernel elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 6/7] evaluate: allow for zero length ranges
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 4/7] mnl: update mnl_nft_setelem_del() to allow for more reuse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 3/7] src: remove rbtree datastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 0/7] revisit overlap/automerge codebase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v4 1/7] src: add EXPR_F_KERNEL to identify expression in the kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: David Ahern <dsahern@xxxxxxxxxx>
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 07/15] landlock: user space API network support
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 06/15] landlock: landlock_add_rule syscall refactoring
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH nf,v2] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Pengcheng Yang <yangpc@xxxxxxxxxx>
- Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring (TCP port 0)
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/2] netfilter: nf_tables: nft_parse_register can return a negative value
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nf_tables: nft_parse_register can return a negative value
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf] netfilter: Update ip6_route_me_harder to consider L3 domain
- From: Martin Willi <martin@xxxxxxxxxxxxxx>
- [PATCH nf] ipvs: correctly print the memory size of ip_vs_conn_tab
- From: Pengcheng Yang <yangpc@xxxxxxxxxx>
- Re: [RFC PATCH v4 08/15] landlock: add support network rules
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [PATCH nf] netfilter: nf_tables: nft_parse_register can return a negative value
- From: Antoine Tenart <atenart@xxxxxxxxxx>
- Re: [RFC PATCH v4 09/15] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 08/15] landlock: add support network rules
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 08/15] landlock: add support network rules
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [PATCH nf-next v4 10/10] netfilter: conntrack: avoid unconditional local_bh_disable
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 09/10] netfilter: conntrack: remove unconfirmed list
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 08/10] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 07/10] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 05/10] netfilter: remove nf_ct_unconfirmed_destroy helper
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 06/10] netfilter: extensions: introduce extension genid count
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 04/10] netfilter: cttimeout: decouple unlink and free on netns destruction
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 03/10] netfilter: conntrack: remove the percpu dying list
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 02/10] netfilter: conntrack: include ecache dying list in dumps
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 01/10] netfilter: ecache: use dedicated list for event redelivery
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next v4 00/10] netfilter: conntrack: remove percpu lists
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH net-next 01/11] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15
- From: Thorsten Leemhuis <regressions@xxxxxxxxxxxxx>
- [PATCH net-next 09/11] netfilter: bitwise: improve error goto labels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 11/11] selftests: netfilter: add fib expression forward test case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 02/11] netfilter: ecache: move to separate structure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 05/11] netfilter: nf_log_syslog: Merge MAC header dumpers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 08/11] netfilter: bitwise: replace hard-coded size with `sizeof` expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 10/11] netfilter: nft_fib: reverse path filter for policy-based routing on iif
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 06/11] netfilter: nf_log_syslog: Don't ignore unknown protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 07/11] netfilter: nf_log_syslog: Consolidate entry checks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 03/11] netfilter: conntrack: split inner loop of list dumping to own function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 04/11] netfilter: cttimeout: inc/dec module refcount per object, not per use refcount
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 00/11] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net-next 01/11] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_socket: make cgroup match work in input too
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [RFC PATCH] datatype: accept abbrevs and ignore case on parsing symbolic constants
- From: Jo-Philipp Wich <jo@xxxxxxx>
- Re: [PATCH nft] tests: py: Add meta time tests without 'meta' keyword
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nft_fib: reverse path filter for policy-based routing on iif
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next RFC 2/2] netfilter: conntrack: skip event delivery for the netns exit path
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_socket: make cgroup match work in input too
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next RFC 2/2] netfilter: conntrack: skip event delivery for the netns exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] tests: py: Add meta time tests without 'meta' keyword
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [libnetfilter_log PATCH] doc: correct non-native solecism
- From: Florian Westphal <fw@xxxxxxxxx>
- [libnetfilter_log PATCH] doc: correct non-native solecism
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH nftables 9/9] segtree: add support for get element with sets that contain ifnames
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 8/9] segtree: use correct byte order for 'element get'
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 7/9] tests: add testcases for interface names in sets
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 6/9] segtree: add string "range" reversal support
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 5/9] src: make interval sets work with string datatypes
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 4/9] evaluate: string prefix expression must retain original length
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 3/9] segtree: split prefix and range creation to a helper function
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 2/9] evaluate: keep prefix expression length
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 1/9] evaluate: make byteorder conversion on string base type a no-op
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nftables 0/9] nftables: add support for wildcard string as set keys
- From: Florian Westphal <fw@xxxxxxxxx>
- [nf-next PATCH v3 1/3] netfilter: bitwise: keep track of bit-length of expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v3 2/3] netfilter: bitwise: rename some boolean operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v3 0/3] netfilter: bitwise: support boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v3 3/3] netfilter: bitwise: add support for doing AND, OR and XOR directly
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [PATCH nft] tests: py: Add meta time tests without 'meta' keyword
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: [PATCH nf] netfilter: nft_socket: make cgroup match work in input too
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf] netfilter: nft_socket: make cgroup match work in input too
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [nf-next PATCH v2 3/5] netfilter: bitwise: improve error goto labels
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nf-next PATCH v2 2/5] netfilter: bitwise: replace hard-coded size with `sizeof` expression
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH] doc: Document that kernel may accept unimplemented expressions
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields
- From: "Kevin 'ldir' Darbyshire-Bryant" <ldir@xxxxxxxxxxxxxxxxxxxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next RFC 2/2] netfilter: conntrack: skip event delivery for the netns exit path
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 08/15] landlock: add support network rules
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft PATCH] tests: py: Don't colorize output if stderr is redirected
- From: Florian Westphal <fw@xxxxxxxxx>
- [nft PATCH] tests: monitor: Hide temporary file names from error output
- From: Phil Sutter <phil@xxxxxx>
- [nft PATCH] tests: py: Don't colorize output if stderr is redirected
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nf-next RFC 2/2] netfilter: conntrack: skip event delivery for the netns exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next RFC 1/2] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] tests: py: extend meta time coverage
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nf-next PATCH] netfilter: nf_log_syslog: Consolidate entry checks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf-next PATCH 2/2] netfilter: nf_log_syslog: Don't ignore unknown protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf-next PATCH 1/2] netfilter: nf_log_syslog: Merge MAC header dumpers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nft] tests: py: extend meta time coverage
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH nf-next v3 09/16] netfilter: nfnetlink_cttimeout: use rcu protection in cttimeout_get_timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] tests: py: extend meta time coverage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 8/9] x86/crypto: eliminate anonymous module_init & module_exit
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
- [PATCH nf-next v2 1/1] netfilter: conntrack: skip verification of zero UDP checksum
- From: Kevin Mitchell <kevmitch@xxxxxxxxxx>
- [PATCH v34 18/29] LSM: security_secid_to_secctx in netlink netfilter
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 16/29] LSM: Use lsmcontext in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 15/29] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 09/29] LSM: Use lsmblob in security_secid_to_secctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [PATCH v34 08/29] LSM: Use lsmblob in security_secctx_to_secid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [PATCH bpf-next] net: netfilter: reports ct direction in CT lookup helpers for XDP and TC-BPF
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH libnftnl 0/3] add description infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH libnftnl 0/3] add description infrastructure
- From: Phil Sutter <phil@xxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH 1/1] netfilter: conntrack: skip verification of zero UDP checksum
- From: Kevin Mitchell <kevmitch@xxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [PATCH v2 0/1] UDP traceroute packets with no checksum
- From: Kevin Mitchell <kevmitch@xxxxxxxxxx>
- Re: [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
- Re: meta time broken
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable
- From: wenx05124561@xxxxxxx
- Re: [PATCH] meta.c: fix compiler warning in date_type_parse()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meta time broken
- From: Lukas Straub <lukasstraub2@xxxxxx>
- [ANNOUNCE] libmnl 1.0.5 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: [PATCH nft] meta time: use uint64_t instead of time_t
- From: Phil Sutter <phil@xxxxxx>
- Re: [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels
- From: Florian Westphal <fw@xxxxxxxxx>
- [ANNOUNCE] libnfnetlink 1.0.2 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [PATCH nft] meta time: use uint64_t instead of time_t
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft PATCH v4 01/32] examples: add .gitignore file
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: meta time broken
- From: Phil Sutter <phil@xxxxxx>
- Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: meta time broken
- From: Florian Westphal <fw@xxxxxxxxx>
- [PATCH] meta.c: fix compiler warning in date_type_parse()
- From: Lukas Straub <lukasstraub2@xxxxxx>
- Re: [PATCH v2] nft: memcg accounting for dynamically allocated objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft] meta time: use uint64_t instead of time_t
- From: Lukas Straub <lukasstraub2@xxxxxx>
- Re: [PATCH v2] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 2/2] netfilter: nf_tables: memcg accounting for dynamically allocated objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meta time broken
- From: Lukas Straub <lukasstraub2@xxxxxx>
- meta time broken
- From: Lukas Straub <lukasstraub2@xxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [nft PATCH v4 19/32] evaluate: don't eval unary arguments
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 14/32] evaluate: relax type-checking for integer arguments in mark statements
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 22/32] evaluate: insert byte-order conversions for expressions between 9 and 15 bits
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 26/32] netlink_delinearize: add support for processing variable payload statement arguments
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 23/32] evaluate: set eval context to leftmost bitwise operand
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 10/32] netlink_delinearize: correct type and byte-order of shifts
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 25/32] netlink_delinearize: refactor stmt_payload_binop_postprocess
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 31/32] tests: shell: add tests for binops with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 18/32] include: add new bitwise boolean attributes to nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 11/32] netlink_delinearize: correct length of right bitwise operand
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 12/32] payload: set byte-order when completing expression
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 32/32] tests: py: add tests for binops with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 28/32] netlink: support (de)linearization of new bitwise boolean operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 17/32] tests: py: add test-cases for ct and packet mark payload expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 20/32] evaluate: prevent nested byte-order conversions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 29/32] parser_json: allow RHS ct, meta and payload expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 30/32] evaluate: allow binop expressions with variable right-hand operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 21/32] evaluate: don't clobber binop lengths
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 16/32] tests: shell: add test-cases for ct and packet mark payload expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 15/32] tests: shell: rename some test-cases
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 27/32] netlink: rename bitwise operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 24/32] netlink_delinearize: fix typo
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 09/32] netlink_delinearize: add postprocessing for payload binops
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 08/32] netlink: send bit-length of bitwise binops to kernel
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 04/32] datatype: support `NULL` symbol-tables when printing constants
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 07/32] include: add new bitwise bit-length attribute to nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 06/32] include: update nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 01/32] examples: add .gitignore file
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 03/32] src: move `byteorder_names` array
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nft PATCH v4 02/32] include: add missing `#include`
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 7/9] expr: bitwise: add support for kernel space AND, OR and XOR operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 8/9] tests: bitwise: refactor shift tests
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 9/9] tests: bitwise: add tests for new boolean operations
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 6/9] expr: bitwise: rename some boolean operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 4/9] include: add new bitwise boolean attributes to nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 5/9] expr: bitwise: fix a couple of white-space mistakes
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 3/9] expr: bitwise: pass bit-length to and from the kernel
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 2/9] include: add new bitwise bit-length attribute to nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 1/9] include: update nf_tables.h
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [libnftnl PATCH v2 0/9] bitwise: support for boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 4/5] netfilter: bitwise: rename some boolean operation functions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 0/5] netfilter: bitwise: support boolean operations with variable RHS operands
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 5/5] netfilter: bitwise: add support for doing AND, OR and XOR directly
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 3/5] netfilter: bitwise: improve error goto labels
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- [nf-next PATCH v2 2/5] netfilter: bitwise: replace hard-coded size with `sizeof` expression
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH v4 01/15] landlock: access mask renaming
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Vasily Averin <vvs@xxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
- [PATCH bpf-next] net: netfilter: reports ct direction in CT lookup helpers for XDP and TC-BPF
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Nikita Yushchenko <nikita.yushchenko@xxxxxxxxxx>
- Re: troubles caused by conntrack overlimit in init_netns
- From: Florian Westphal <fw@xxxxxxxxx>
- troubles caused by conntrack overlimit in init_netns
- From: Vasily Averin <vvs@xxxxxxxxxx>
- [PATCH v2] nft: memcg accounting for dynamically allocated objects
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Roman Gushchin <roman.gushchin@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH v4 01/15] landlock: access mask renaming
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- [no subject]
- [PATCH AUTOSEL 5.16 103/109] netfilter: conntrack: revisit gc autotuning
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.15 92/98] netfilter: conntrack: revisit gc autotuning
- From: Sasha Levin <sashal@xxxxxxxxxx>
- [PATCH AUTOSEL 5.17 143/149] netfilter: conntrack: revisit gc autotuning
- From: Sasha Levin <sashal@xxxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Florian Westphal <fw@xxxxxxxxx>
- Conntrack offload and ingress_ifindex
- From: Edward Cree <ecree.xilinx@xxxxxxxxx>
- Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Roman Gushchin <roman.gushchin@xxxxxxxxx>
- Re: [PATCH net 2/5] netfilter: conntrack: sanitize table size default settings
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [PATCH nf-next,v2] netfilter: nft_fib: reverse path filter for policy-based routing on iif
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nf-next,v2] netfilter: nft_fib: reverse path filter for policy-based routing on iif
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Re: [PATCH net 2/5] netfilter: conntrack: sanitize table size default settings
- From: Vincent Pelletier <plr.vincent@xxxxxxxxx>
- [PATCH nf-next] selftests: netfilter: add fib expression forward test case
- From: Florian Westphal <fw@xxxxxxxxx>
- [iptables PATCH v2 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 8/9] extensions: Merge REDIRECT into DNAT
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 1/9] man: DNAT: Describe shifted port range feature
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 5/9] extensions: ipt_DNAT: Combine xlate functions also
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 7/9] extensions: Merge IPv4 and IPv6 DNAT targets
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 6/9] extensions: DNAT: Rename from libipt to libxt
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH v2 9/9] extensions: man: Document service name support in DNAT and REDIRECT
- From: Phil Sutter <phil@xxxxxx>
- Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots
- From: Phil Sutter <phil@xxxxxx>
- [PATCH nft] nft: memcg accounting for dynamically allocated objects
- From: Vasily Averin <vasily.averin@xxxxxxxxx>
- Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [PATCH nf-next] netfilter: nft_fib: reverse path filter for policy-based routing on iif
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots
- From: Phil Sutter <phil@xxxxxx>
- Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [no subject]
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [iptables PATCH] xlate-test: Fix for empty source line on failure
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 6/9] extensions: DNAT: Rename from libipt to libxt
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 7/9] extensions: Merge IPv4 and IPv6 DNAT targets
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 5/9] extensions: ipt_DNAT: Combine xlate functions also
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 1/9] man: DNAT: Describe shifted port range feature
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 8/9] extensions: Merge REDIRECT into DNAT
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 0/9] extensions: Merge *_DNAT and *_REDIRECT
- From: Phil Sutter <phil@xxxxxx>
- [iptables PATCH 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
- From: Phil Sutter <phil@xxxxxx>
- Re: [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit
- From: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nf PATCH v2] netfilter: bitwise: fix reduce comparisons
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [libnfnetlink PATCH 1/2] include: Silence gcc warning in linux_list.h
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [libnfnetlink PATCH 2/2] libnfnetlink: Check getsockname() return code
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Support for loading firewall rules with cgroup(v2) expressions early
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- [PATCH nft] tests: py: add inet/vmap tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2 2/4] src: allow to use typeof of raw expressions in set declaration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2 4/4] optimize: Restore optimization for raw payload expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH nft,v2 3/4] src: allow to use integer type header fields via typeof set declaration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
