Linux TCP/IP Netfilter Devel

• Thread Index

• Re: [PATCH libmnl] src: doc: Fix messed-up Netlink message batch diagram
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libmnl] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] netfilter: nf_queue: move hookfn registration out of struct net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] x_tables: never register tables by default
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] tests/py: Make netns spawning more robust
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH v2] netfilter: protect nft_ct_pcpu_template_refcnt with mutex
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2] netfilter: protect nft_ct_pcpu_template_refcnt with mutex
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [PATCH] netfiler: protect nft_ct_pcpu_template_refcnt with mutex
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [nft PATCH RFC] scanner: nat: Move to own scope
  • From: Phil Sutter <phil@xxxxxx>
• [ANNOUNCE] ipset 7.15 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: syzbot <syzbot+649e339fa6658ee623d3@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: syzbot <syzbot+649e339fa6658ee623d3@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 3/3] extensions: libxf_NFLOG: remove `--nflog-range` Python unit-tests.
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• [PATCH 2/3] extensions: libxt_NFLOG: dont truncate log prefix on print/save
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• [PATCH 1/3] extensions: libtxt_NFLOG: use nft built-in logging instead of xt_NFLOG
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [nft PATCH RFC] scanner: nat: Move to own scope
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: remove duplicate code
  • From: Kangmin Park <l4stpr0gr4m@xxxxxxxxx>
• [iptables PATCH] extensions: hashlimit: Fix tests with HZ=100
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH RFC] scanner: nat: Move to own scope
  • From: Phil Sutter <phil@xxxxxx>
• [syzbot] WARNING in destroy_conntrack
  • From: syzbot <syzbot+a1eb62c681423ee5c0d7@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [syzbot] KASAN: use-after-free Read in nf_tables_dump_sets
  • From: syzbot <syzbot+8cc940a9689599e10587@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [nft PATCH RFC] scanner: nat: Move to own scope
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nft PATCH RFC] scanner: nat: Move to own scope
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: doc: Insert SYNOPSIS sections for man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH net-next 3/3] selftests: netfilter: Add RFC-7597 Section 5.1 PSID selftests
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH net-next 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH net-next 1/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support xtables API
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH net-next 0/3] Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH v5 2/2] netfilter: add netfilter hooks to SRv6 data plane
  • From: proelbtn <contact@xxxxxxxxxxxx>
• [PATCH v5 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: proelbtn <contact@xxxxxxxxxxxx>
• [PATCH v5 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows
  • From: proelbtn <contact@xxxxxxxxxxxx>
• [PATCH libmnl] src: doc: Fix messed-up Netlink message batch diagram
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: syzbot <syzbot+649e339fa6658ee623d3@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
  • From: syzbot <syzbot+649e339fa6658ee623d3@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libmnl] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH] netfilter: remove duplicate code
  • From: Kangmin Park <l4stpr0gr4m@xxxxxxxxx>
• Re: [PATCH libnetfilter_queue] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH net 0/9,v2] Netfilter fixes for net
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• LPC 2021 Networking and BPF Track CFP (2nd reminder)
  • From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
• [PATCH net 9/9] netfilter: nfnetlink_hook: translate inet ingress to netdev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 7/9] netfilter: nfnetlink_hook: Use same family as request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/9] netfilter: nfnetlink_hook: use the sequence number of the request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 8/9] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/9] netfilter: nfnetlink_hook: missing chain family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/9] netfilter: nfnetlink_hook: strip off module name from hookfn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/9] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/9] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/9,v2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• [PATCH net 9/9] netfilter: nfnetlink_hook: translate inet ingress to netdev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 8/9] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 7/9] netfilter: nfnetlink_hook: Use same family as request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/9] netfilter: nfnetlink_hook: missing chain family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/9] netfilter: nfnetlink_hook: use the sequence number of the request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/9] netfilter: nfnetlink_hook: strip off module name from hookfn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/9] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/9] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/9] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nfnetlink_hook: translate inet ingress to netdev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/2] netfilter: ctnetlink: allow to filter dumps via ct->status
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: collect all entries in one cycle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH nf-next v2] netfilter: nf_queue: move hookfn registration out of struct net
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_queue: move hookfn registration out of struct net
  • From: Florian Westphal <fw@xxxxxxxxx>
• [syzbot] WARNING: proc registration bug in clusterip_tg_check (3)
  • From: syzbot <syzbot+08e6343a8cbd89b0c9d8@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH iptables] ip6tables: masquerade: use fully-random so that nft can understand the rule
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH iptables] ip6tables: masquerade: use fully-random so that nft can understand the rule
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
• [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: ipset: fix uninitialized variable bug
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH] netfilter: ipset: fix uninitialized variable bug
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2 1/1] Eliminate packet copy when constructing struct pkt_buff
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nfnetlink_hook: Use same family as request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nfnetlink_hook: use the sequence number of the request message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v3] mnl: revisit hook listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
  • From: Nathan Chancellor <nathan@xxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nf-next] x_tables: never register tables by default
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [iptables PATCH] tests/shell: Assert non-verbose mode is silent
  • From: Phil Sutter <phil@xxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [iptables PATCH] nft: Fix for non-verbose check command
  • From: Phil Sutter <phil@xxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• [PATCH nft,v2] mnl: revisit hook listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nfnetlink_hook: missing chain family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nfnetlink_hook: strip off module name from hookfn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] mnl: revisit hook listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v4 2/2] netfilter: add netfilter hooks to SRv6 data plane
  • From: proelbtn <contact@xxxxxxxxxxxx>
• [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: proelbtn <contact@xxxxxxxxxxxx>
• [PATCH v4 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows
  • From: proelbtn <contact@xxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH conntrack-tools 4/4] conntrack: add shorthand mnemonic for UNREPLIED
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH conntrack-tools 3/4] conntrack: enable kernel-based status filtering with -L -u STATUS
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH lnf-conntrack 2/4] src: add support for status dump filter
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH lnf-conntrack 1/4] include: sync uapi header with nf-next
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] conntrack-tools: support conntrack dump status filtering
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] ebtables: Dump atomic waste
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ebtables: do not hook tables by default
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [PATCH libmnl] build: doc: get rid of the need for manual updating of Makefile
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/3] netfilter: clusterip: don't register hook in all netns
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: ctnetlink: allow to filter dump by status bits
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: ctnetlink: add and use a helper for mark parsing
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/2] netfilter: ctnetlink: allow to filter dumps via ct->status
  • From: Florian Westphal <fw@xxxxxxxxx>
• [iptables PATCH] ebtables: Dump atomic waste
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• [PATCH v3 2/2] netfilter: add netfilter hooks to SRv6 data plane
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• [PATCH v3 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• [PATCH v3 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: [PATCH v2 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• [PATCH v2 2/2] netfilter: add netfilter hooks to SRv6 data plane
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• [PATCH v2 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• [PATCH v2 0/2] net: add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <contact@xxxxxxxxxxxx>
• [PATCH v3] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft] Regarding `tcp flags` (and a potential bug)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error
  • From: yajun.deng@xxxxxxxxx
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: [nft] Regarding `tcp flags` (and a potential bug)
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: [iptables PATCH] doc: ebtables-nft.8: Adjust for missing atomic-options
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [iptables PATCH] doc: ebtables-nft.8: Adjust for missing atomic-options
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH 0/1] ipset patch for the nf tree v2
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH 1/1] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [ANNOUNCE] ipset 7.14 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [ANNOUNCE] ipset 7.13 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [ANNOUNCE] ipset 7.13 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [ANNOUNCE] ipset 7.13 released
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nft] tests: py: check more flag match transformations to compact syntax
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Alex Forster <aforster@xxxxxxxxxxxxxx>
• [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Alex Forster <aforster@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Alex Forster <aforster@xxxxxxxxxxxxxx>
• Re: [nft] Regarding `tcp flags` (and a potential bug)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] netlink_delinearize: skip flags / mask notation for singleton bitmask
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/2] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Alex Forster <aforster@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
  • From: Kyle Bowman <kbowman@xxxxxxxxxxxxxx>
• Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] evaluate: disallow negation with binary operation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/3] expression: missing != in flagcmp expression print function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft] Regarding `tcp flags` (and a potential bug)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft] Regarding `tcp flags` (and a potential bug)
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• [PATCH 0/1] ipset patch for the nf tree
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH 1/1] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [nft] Regarding `tcp flags` (and a potential bug)
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• [ANNOUNCE] ipset 7.13 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: conntrack: collect all entries in one cycle
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: error reporting for missing statements in set/map declaration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] src: promote 'reject with icmp CODE' syntax
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: parse number as reject icmp code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH] tests: shell: Fix bogus testsuite failure with 100Hz
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nft PATCH] tests: shell: Fix bogus testsuite failure with 100Hz
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] parser_bison: stateful statement support in map
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Re: Nf_nat_h323 module not working with Panasonic VCs
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Nf_nat_h323 module not working with Panasonic VCs
  • From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
• [PATCH nft 1/2] src: fix nft_ctx_clear_include_paths in libnftables.map
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] src: expose nft_ctx_clear_vars as API
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH net 1/6] netfilter: nf_tables: fix audit memory leak in nf_tables_commit
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH net 4/6] netfilter: conntrack: adjust stop timestamp to real expiry value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/6] netfilter: flowtable: avoid possible false sharing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/6] netfilter: nfnl_hook: fix unused variable warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/6] netfilter: nft_nat: allow to specify layer 4 protocol NAT only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/6] netfilter: nf_tables: fix audit memory leak in nf_tables_commit
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/6] netfilter: nft_last: avoid possible false sharing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/6] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: ebtables: do not hook tables by default
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: nfnl_hook: fix unused variable warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: adjust stop timestamp to real expiry value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/2] parser_bison: missing initialization of ct timeout policy list
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] parser_json: inconditionally initialize ct timeout list
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 3/3] netfilter: remove xt pernet data
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/3] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/3] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/3] netfilter: clusterip: don't register hook in all netns
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v28 18/25] LSM: security_secid_to_secctx in netlink netfilter
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v28 16/25] LSM: Use lsmcontext in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v28 15/25] LSM: Ensure the correct LSM context releaser
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v28 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v28 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH] netfilter: nfnl_hook: fix unused variable warning
  • From: Arnd Bergmann <arnd@xxxxxxxxxx>
• [PATCH nf] netfilter: nft_nat: allow to specify layer 4 protocol NAT only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: fix inet nat with no layer 3 info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] src: add --define key=value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: flowtable: remove nf_ct_l4proto_find() call
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH nf] netfilter: conntrack: adjust stop timestamp to real expiry value
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: flowtable: remove nf_ct_l4proto_find() call
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2 1/1] Eliminate packet copy when constructing struct pkt_buff
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] build: doc: get rid of the need for manual updating of Makefile
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libmnl] build: doc: get rid of the need for manual updating of Makefile
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nft_last: avoid possible false sharing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: flowtable: avoid possible false sharing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: flowtable: remove nf_ct_l4proto_find() call
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nft_last: avoid possible false sharing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: flowtable: remove nf_ct_l4proto_find() call
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH RFC libnetfilter_queue 1/1] src: doc: supply missing SYNOPSIS in pktbuff man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH v3] audit: fix memory leak in nf_tables_commit
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 2/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH 3/3] selftests: netfilter: Add RFC-7597 Section 5.1 PSID selftests
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH 1/3] net: netfilter: Add RFC-7597 Section 5.1 PSID support xtables API
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH 0/3] Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] general protection fault in nf_tables_dump_flowtable
  • From: syzbot <syzbot+58a66a56fa9d7f98d19b@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: nft_compat: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] xtables: Call init_extensions6() for static builds
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• Re: [PATCH v2] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• [PATCH] xtables: Call init_extensions6() for static builds
  • From: Erik Wilson <erik.e.wilson@xxxxxxxxx>
• Re: [PATCH nftables,v2 1/2] src: infer interval from set
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH nftables,v3 3/3] src: support for nat with interval concatenation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables,v3 2/3] src: infer NAT mapping with concatenation from set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables,v3 1/3] src: remove STMT_NAT_F_INTERVAL flags and interval keyword
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_compat: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [PATCH v2] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: David Ahern <dsahern@xxxxxxxxx>
• Re: [PATCH v2] audit: fix memory leak in nf_tables_commit
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• Re: [PATCH v2] audit: fix memory leak in nf_tables_commit
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• [PATCH nftables,v2 2/2] src: support for nat with interval concatenation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables,v2 1/2] src: infer interval from set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] audit: fix memory leak in nf_tables_commit
  • From: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx>
• Re: [PATCH] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• Re: [PATCH] audit: fix memory leak in nf_tables_commit
  • From: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx>
• [issue] conntrack: lack of lock during nat
  • From: ze wang <wangze712@xxxxxxxxx>
• [PATCH] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• [PATCH v2] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• [PATCH nftables] src: support for nat with interval concatenation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] netlink_delinearize: stmt and expr error path memleaks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Felix Fietkau <nbd@xxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Aleksander Bajkowski <olek2@xxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Martin Blumenstingl <martin.blumenstingl@xxxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH net 01/11] selftest: netfilter: add test case for unreplied tcp connections
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH net 11/11] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 10/11] netfilter: nft_last: incorrect arithmetics when restoring last used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 09/11] netfilter: nft_last: honor NFTA_LAST_SET on restoration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 08/11] netfilter: conntrack: Mark access for KCSAN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 06/11] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 07/11] netfilter: conntrack: add new sysctl to disable RST check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 05/11] netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 04/11] netfilter: conntrack: nf_ct_gre_keymap_flush() removal
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 03/11] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 02/11] netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 01/11] selftest: netfilter: add test case for unreplied tcp connections
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 00/11] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: netfilter: Use netlink_ns_capable to verify the permisions of netlink messages
  • From: iLifetruth <yixiaonn@xxxxxxxxx>
• Netdevconf 0x15 update
  • From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
• Re: netfilter: Use netlink_ns_capable to verify the permisions of netlink messages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] include: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH 1/2] net/netfilter/nf_conntrack_core: Mark access for KCSAN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• LPC 2021 Networking and BPF Track CFP (Reminder)
  • From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• [PATCH libnetfilter_queue] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] src: add last statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] expr: last: add NFTNL_EXPR_LAST_SET
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] include: fix header file name in 3 comments
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] include: fix header file name in 3 comments
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nft_last: incorrect arithmetics when restoring last used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nft_last: honor NFTA_LAST_SET on restoration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Documentation question
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Documentation question
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf-next] include: fix header file name in 3 comments
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: aabdallah <aabdallah@xxxxxxx>
• Re: Documentation question
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] build: get `make distcheck` to pass again
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support xtables API
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Documentation question
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nftables] build: get `make distcheck` to pass again
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER v2] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/2] netfilter: conntrack: do not renew timeout while in tcp SYN_SENT state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH NETFILTER v2] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Reload IPtables
  • From: slow_speed@xxxxxxx
• Re: Reload IPtables
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: slow_speed@xxxxxxx
• [PATCH nft] cmd: incorrect error reporting when table declaration exists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] cmd: incorrect table location in error reporting
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Netfilter rules to replicate, consume ingress packet locally and forward clone packet.
  • From: rakesh goyal <goyal.rakesh@xxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH ipset,v4 0/4] nftables to ipset translation infrastructure
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• [PATCH 0/2] Fixes for KCSAN findings
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 2/2] ipc/sem.c: use READ_ONCE()/WRITE_ONCE() for use_global_lock
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 1/2] net/netfilter/nf_conntrack_core: Mark access for KCSAN
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH iptables] extensions: libxt_multiport: add translation for -m multiport --ports
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 3/4] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 4/4] tests: add tests ipset to nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 2/4] lib: Detach restore routine from parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 1/4] lib: split parser from command execution
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 0/4] nftables to ipset translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• AW: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Walter Harms <wharms@xxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH ipset 3/3,v3] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] selftest: netfilter: add test case for unreplied tcp connections
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/2] netfilter: conntrack: do not renew timeout while in tcp SYN_SENT state
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: "Georg Kohmann (geokohma)" <geokohma@xxxxxxxxx>
• [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: Georg Kohmann <geokohma@xxxxxxxxx>
• Re: [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 6/6] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 5/6] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 4/6] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 2/6] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/6] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 4/6] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 2/6] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/6] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [PATCH nft] rule: obj_free() releases timeout state string
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: memleak in rate limit parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] libnftables: fix memleak when first message in batch is used to report error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] libnftables: fix memleak when EOPNOTSUPP
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: string memleak in YYERROR path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: string memleak when datatype is incorrect
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net 1/8] MAINTAINERS: netfilter: add irc channel
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [PATCH net 0/8] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 0/8] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH net 5/8] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/8] netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 8/8] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 7/8] netfilter: nf_tables: skip netlink portID validation if zero
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/8] netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/8] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/8] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/8] MAINTAINERS: netfilter: add irc channel
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/8] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: fix maps with key and data concatenations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nf 2/2,v2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nf_tables: skip netlink portID validation if zero
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libmnl 0/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: "Paul E. McKenney" <paulmck@xxxxxxxxxx>
• [PATCH nf,v4] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Guvenc Gulce <guvenc@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• [PATCH nf,v3] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [syzbot] general protection fault in smc_tx_sendmsg
  • From: syzbot <syzbot+5dda108b672b54141857@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Florian Westphal <fw@xxxxxxxxx>
• can't compile with CLANG + ThinLTO
  • From: Pascal Dupuis <cdemills@xxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: syzbot <syzbot+7b2b13f4943374609532@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• [PATCH] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2] rule: memleak of list of timeout policies
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] rule: memleak of list of timeout policies
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: memleak in osf flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] netlink_delinearize: memleak when listing ct event rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: memleak in error path of the set to segtree conversion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf-next,v6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] netlink_delinearize: memleak in string netlink postprocessing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: memleak in binary operation transfer to RHS
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next,v4] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nft 8/8] src: queue: allow use of MAP statement for queue number retrieval
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 7/8] tests: extend queue testcases for new sreg support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 6/8] src: queue: allow use of arbitrary queue expressions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 5/8] parser: new queue flag input format
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 4/8] parser: add queue_stmt_compat
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 3/8] src: add queue expr and flags to queue_stmt_alloc
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/8] parser: restrict queue num expressiveness
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/8] evaluate: fix hash expression maxval
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/8] Enableruntime queue selection via jhash, numgen and map statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next,v5] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: conntrack: pass hook state to log functions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf,v2 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] evaluate: unbreak verdict maps with implicit map with interval concatenations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/2] evaluate: do not skip evaluation of mapping set elements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: nfqueue hashing on TCP/UDP port
  • From: Jake Owen <jake.owen@xxxxxxxxxxxxx>
• [PATCH nft v2 3/3] tests: add a icmp-reply only and icmpv6 id test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 2/3] payload: do not remove icmp echo dependency
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 0/3] fix icmpv6 id dependeny handling
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nfqueue hashing on TCP/UDP port
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• nfqueue hashing on TCP/UDP port
  • From: Jake Owen <jake.owen@xxxxxxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Aleksander Jan Bajkowski <olek2@xxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• [PATCH nft 3/3] tests: add a icmp-reply only and icmpv6 id test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/3] payload: do not remove icmp echo dependency
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/3] fix icmpv6 id dependeny handling
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] src: add xzalloc_array() and use it to allocate the expression hashtable
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] src: add xzalloc_array() and use it to allocate the expression hashtable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] evaluate: add set to cache once
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] evaluate: add set to cache once
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables,v2] src: add vlan dei
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] src: add vlan dei
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 00/10] Some covscan fixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH v27 18/25] LSM: security_secid_to_secctx in netlink netfilter
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 16/25] LSM: Use lsmcontext in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 15/25] LSM: Ensure the correct LSM context releaser
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH libnftnl 2/2] expr: missing netlink attribute in last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 1/2] expr: add last match time support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: extend connlimit test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/3] netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/3] selftests: netfilter: add fib test case
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/3] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in blk_mq_exit_sched
  • From: syzbot <syzbot+77ba3d171a25c56756ea@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• Re: [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
• Re: linux-next: Tree for Jun 9 (net/netfilter/nfnetlink_hook.c)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: linux-next: Tree for Jun 9 (net/netfilter/nfnetlink_hook.c)
  • From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
• linux-next: Fixes tags need some work in the netfilter-next tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• [PATCH net-next 13/13] netfilter: nf_tables: move base hook annotation to init helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 12/13] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 11/13] netfilter: nfnetlink_hook: fix array index out-of-bounds error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 10/13] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 09/13] netfilter: add new hook nfnl subsystem
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 08/13] netfilter: annotate nf_tables base hook ops
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 07/13] netfilter: flowtable: Set offload timeouts according to proto values
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 06/13] netfilter: conntrack: Introduce udp offload timeout configuration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 05/13] netfilter: conntrack: Introduce tcp offload timeout configuration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 04/13] netfilter: nftables: add nf_ct_pernet() helper function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 03/13] netfilter: nf_tables: remove nft_ctx_init_from_setattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 02/13] netfilter: nf_tables: remove nft_ctx_init_from_elemattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 01/13] netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 00/13] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: move nf_tables base hook annotation to init helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] etfilter: fix array index out-of-bounds error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 0/2] netfilter: nft_fib: ignore icmpv6 packets from ::
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v4] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] segtree: Fix segfault when restoring a huge interval set
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH -next] netfilter: Make NETFILTER_NETLINK_HOOK depends on NF_TABLES
  • From: He Ying <heying24@xxxxxxxxxx>
• [PATCH nf-next] netfilter: move nf_tables base hook annotation to init helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] WARNING in cancel_delayed_work
  • From: syzbot <syzbot+35e70efb794757d7e175@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2] netlink: quick sort array of devices
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH][next] etfilter: fix array index out-of-bounds error
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] netlink: quick sort array of devices
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] cmd: check for table mismatch first in error reporting
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: ipv6: skip ipv6 packets from any to link-local
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 1/2] selftests: netfilter: add fib test case
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 0/2] netfilter: nft_fib: ignore icmpv6 packets from ::
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in kcm_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next PATCH] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Phil Sutter <phil@xxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in hci_chan_del
  • From: syzbot <syzbot+305a91e025a73e4fd6ce@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>