Linux TCP/IP Netfilter Devel

• Thread Index

• [PATCH] audit: fix memory leak in nf_tables_commit
  • From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
• [PATCH v2] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• [PATCH nftables] src: support for nat with interval concatenation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] netlink_delinearize: stmt and expr error path memleaks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] net: Use nlmsg_unicast() instead of netlink_unicast()
  • From: Yajun Deng <yajun.deng@xxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Felix Fietkau <nbd@xxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Aleksander Bajkowski <olek2@xxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Martin Blumenstingl <martin.blumenstingl@xxxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Andrea Mayer <andrea.mayer@xxxxxxxxxxx>
• Re: [PATCH net 01/11] selftest: netfilter: add test case for unreplied tcp connections
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH net 11/11] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 10/11] netfilter: nft_last: incorrect arithmetics when restoring last used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 09/11] netfilter: nft_last: honor NFTA_LAST_SET on restoration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 08/11] netfilter: conntrack: Mark access for KCSAN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 06/11] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 07/11] netfilter: conntrack: add new sysctl to disable RST check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 05/11] netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 04/11] netfilter: conntrack: nf_ct_gre_keymap_flush() removal
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 03/11] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 02/11] netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 01/11] selftest: netfilter: add test case for unreplied tcp connections
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 00/11] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: netfilter: Use netlink_ns_capable to verify the permisions of netlink messages
  • From: iLifetruth <yixiaonn@xxxxxxxxx>
• Netdevconf 0x15 update
  • From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
• Re: netfilter: Use netlink_ns_capable to verify the permisions of netlink messages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] include: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf] netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH 1/2] net/netfilter/nf_conntrack_core: Mark access for KCSAN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• LPC 2021 Networking and BPF Track CFP (Reminder)
  • From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH] net: Add netfilter hooks to track SRv6-encapsulated flows
  • From: Ryoga Saito <proelbtn@xxxxxxxxx>
• [PATCH libnetfilter_queue] src: examples: Use libnetfilter_queue cached linux headers throughout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] src: add last statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] expr: last: add NFTNL_EXPR_LAST_SET
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] include: fix header file name in 3 comments
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] include: fix header file name in 3 comments
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nft_last: incorrect arithmetics when restoring last used
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nft_last: honor NFTA_LAST_SET on restoration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Documentation question
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Documentation question
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf-next] include: fix header file name in 3 comments
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: aabdallah <aabdallah@xxxxxxx>
• Re: Documentation question
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] build: get `make distcheck` to pass again
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support xtables API
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Documentation question
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nftables] build: get `make distcheck` to pass again
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue] src: annotation: Correctly identify item for which header is needed
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER v2] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/2] netfilter: conntrack: do not renew timeout while in tcp SYN_SENT state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH NETFILTER v2] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Vasily Averin <vvs@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: gre: nf_ct_gre_keymap_flush() removal
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH NETFILTER] netfilter: nfnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Reload IPtables
  • From: slow_speed@xxxxxxx
• Re: Reload IPtables
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: slow_speed@xxxxxxx
• [PATCH nft] cmd: incorrect error reporting when table declaration exists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] cmd: incorrect table location in error reporting
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Netfilter rules to replicate, consume ingress packet locally and forward clone packet.
  • From: rakesh goyal <goyal.rakesh@xxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Reload IPtables
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• [PATCH] net: netfilter: Add RFC-7597 Section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH] extensions: masquerade: Add RFC-7597 section 5.1 PSID support
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH ipset,v4 0/4] nftables to ipset translation infrastructure
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• [PATCH 0/2] Fixes for KCSAN findings
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 2/2] ipc/sem.c: use READ_ONCE()/WRITE_ONCE() for use_global_lock
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 1/2] net/netfilter/nf_conntrack_core: Mark access for KCSAN
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH iptables] extensions: libxt_multiport: add translation for -m multiport --ports
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 3/4] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 4/4] tests: add tests ipset to nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 2/4] lib: Detach restore routine from parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 1/4] lib: split parser from command execution
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset,v4 0/4] nftables to ipset translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• AW: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Walter Harms <wharms@xxxxxx>
• Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH ipset 3/3,v3] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] selftest: netfilter: add test case for unreplied tcp connections
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/2] netfilter: conntrack: do not renew timeout while in tcp SYN_SENT state
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: "Georg Kohmann (geokohma)" <geokohma@xxxxxxxxx>
• [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: Georg Kohmann <geokohma@xxxxxxxxx>
• Re: [PATCH net] ipv6/netfilter: Drop Packet Too Big with invalid payload
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 6/6] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 5/6] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 4/6] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 2/6] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/6] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 4/6] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 2/6] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/6] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [PATCH nft] rule: obj_free() releases timeout state string
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: memleak in rate limit parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] libnftables: fix memleak when first message in batch is used to report error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] libnftables: fix memleak when EOPNOTSUPP
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: string memleak in YYERROR path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: string memleak when datatype is incorrect
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] WARNING: zero-size vmalloc in corrupted
  • From: syzbot <syzbot+c2f6f09fe907a838effb@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net 1/8] MAINTAINERS: netfilter: add irc channel
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [PATCH net 0/8] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 0/8] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH net 5/8] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/8] netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 8/8] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 7/8] netfilter: nf_tables: skip netlink portID validation if zero
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/8] netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/8] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/8] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/8] MAINTAINERS: netfilter: add irc channel
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/8] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: fix maps with key and data concatenations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nf 2/2,v2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nf_tables: skip netlink portID validation if zero
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libmnl 1/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libmnl 0/1] build: doc: "make" builds & installs a full set of man pages
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: "Paul E. McKenney" <paulmck@xxxxxxxxxx>
• [PATCH nf,v4] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Guvenc Gulce <guvenc@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• [PATCH nf,v3] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in smc_tx_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• [syzbot] general protection fault in smc_tx_sendmsg
  • From: syzbot <syzbot+5dda108b672b54141857@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Florian Westphal <fw@xxxxxxxxx>
• can't compile with CLANG + ThinLTO
  • From: Pascal Dupuis <cdemills@xxxxxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in check_all_holdout_tasks_trace
  • From: syzbot <syzbot+7b2b13f4943374609532@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH net-next] netfilter: nfnetlink_hook: fix check for snprintf() overflow
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• [PATCH] netfilter: nf_tables: memleak in hw offload abort path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: conntrack: pass hook state to log functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2] rule: memleak of list of timeout policies
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] rule: memleak of list of timeout policies
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: memleak in osf flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] netlink_delinearize: memleak when listing ct event rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: memleak in error path of the set to segtree conversion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf-next,v6] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] netlink_delinearize: memleak in string netlink postprocessing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: memleak in binary operation transfer to RHS
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next,v4] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nft 8/8] src: queue: allow use of MAP statement for queue number retrieval
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 7/8] tests: extend queue testcases for new sreg support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 6/8] src: queue: allow use of arbitrary queue expressions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 5/8] parser: new queue flag input format
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 4/8] parser: add queue_stmt_compat
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 3/8] src: add queue expr and flags to queue_stmt_alloc
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/8] parser: restrict queue num expressiveness
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/8] evaluate: fix hash expression maxval
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/8] Enableruntime queue selection via jhash, numgen and map statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next,v5] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: conntrack: pass hook state to log functions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf,v2 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] evaluate: unbreak verdict maps with implicit map with interval concatenations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/2] evaluate: do not skip evaluation of mapping set elements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: nfqueue hashing on TCP/UDP port
  • From: Jake Owen <jake.owen@xxxxxxxxxxxxx>
• [PATCH nft v2 3/3] tests: add a icmp-reply only and icmpv6 id test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 2/3] payload: do not remove icmp echo dependency
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 0/3] fix icmpv6 id dependeny handling
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nfqueue hashing on TCP/UDP port
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• nfqueue hashing on TCP/UDP port
  • From: Jake Owen <jake.owen@xxxxxxxxxxxxx>
• Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"
  • From: Aleksander Jan Bajkowski <olek2@xxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• [PATCH nft 3/3] tests: add a icmp-reply only and icmpv6 id test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/3] payload: do not remove icmp echo dependency
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/3] netlink_delinearize: add missing icmp id/sequence support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/3] fix icmpv6 id dependeny handling
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] src: use opencoded NFT_SET_ANONYMOUS set flag check by set_is_anonymous()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] src: add xzalloc_array() and use it to allocate the expression hashtable
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] src: add xzalloc_array() and use it to allocate the expression hashtable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables] evaluate: add set to cache once
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] evaluate: add set to cache once
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables,v2] src: add vlan dei
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] evaluate: restore interval + concatenation in anonymous set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] src: add vlan dei
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 00/10] Some covscan fixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH v27 18/25] LSM: security_secid_to_secctx in netlink netfilter
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 16/25] LSM: Use lsmcontext in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 15/25] LSM: Ensure the correct LSM context releaser
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v27 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH libnftnl 2/2] expr: missing netlink attribute in last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 1/2] expr: add last match time support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: extend connlimit test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: nft_osf: check for TCP packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nft_exthdr: check for IPv6 packet before further processing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/3] netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/3] selftests: netfilter: add fib test case
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/3] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next PATCH] netfilter: nft_exthdr: Search chunks in SCTP packets only
  • From: Phil Sutter <phil@xxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in blk_mq_exit_sched
  • From: syzbot <syzbot+77ba3d171a25c56756ea@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• Re: [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
• Re: linux-next: Tree for Jun 9 (net/netfilter/nfnetlink_hook.c)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: linux-next: Tree for Jun 9 (net/netfilter/nfnetlink_hook.c)
  • From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
• linux-next: Fixes tags need some work in the netfilter-next tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• [PATCH net-next 13/13] netfilter: nf_tables: move base hook annotation to init helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 12/13] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 11/13] netfilter: nfnetlink_hook: fix array index out-of-bounds error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 10/13] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 09/13] netfilter: add new hook nfnl subsystem
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 08/13] netfilter: annotate nf_tables base hook ops
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 07/13] netfilter: flowtable: Set offload timeouts according to proto values
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 06/13] netfilter: conntrack: Introduce udp offload timeout configuration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 05/13] netfilter: conntrack: Introduce tcp offload timeout configuration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 04/13] netfilter: nftables: add nf_ct_pernet() helper function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 03/13] netfilter: nf_tables: remove nft_ctx_init_from_setattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 02/13] netfilter: nf_tables: remove nft_ctx_init_from_elemattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 01/13] netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 00/13] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: move nf_tables base hook annotation to init helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH][next] etfilter: fix array index out-of-bounds error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 0/2] netfilter: nft_fib: ignore icmpv6 packets from ::
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v4] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] segtree: Fix segfault when restoring a huge interval set
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH -next] netfilter: Make NETFILTER_NETLINK_HOOK depends on NF_TABLES
  • From: He Ying <heying24@xxxxxxxxxx>
• [PATCH nf-next] netfilter: move nf_tables base hook annotation to init helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next] netfilter: nfnetlink_hook: add depends-on nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] WARNING in cancel_delayed_work
  • From: syzbot <syzbot+35e70efb794757d7e175@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2] netlink: quick sort array of devices
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH][next] etfilter: fix array index out-of-bounds error
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH nf-next] nfilter: nf_hooks: fix build failure with NF_TABLES=n
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] netlink: quick sort array of devices
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] cmd: check for table mismatch first in error reporting
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 2/2] netfilter: ipv6: skip ipv6 packets from any to link-local
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 1/2] selftests: netfilter: add fib test case
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 0/2] netfilter: nft_fib: ignore icmpv6 packets from ::
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] general protection fault in kcm_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next PATCH v2] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next PATCH] netfilter: nft_exthdr: Fix for unsafe packet data read
  • From: Phil Sutter <phil@xxxxxx>
• Re: [syzbot] KASAN: use-after-free Read in hci_chan_del
  • From: syzbot <syzbot+305a91e025a73e4fd6ce@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>
• [PATCH nf-next,v3] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [syzbot] general protection fault in kcm_sendmsg
  • From: Pavel Skripkin <paskripkin@xxxxxxxxx>
• Re: [syzbot] BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
  • From: Matthew Wilcox <willy@xxxxxxxxxxxxx>
• Re: [syzbot] BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
  • From: syzbot <syzbot+3eec59e770685e3dc879@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2] netfilter: nf_tables: add last expression
  • From: kernel test robot <lkp@xxxxxxxxx>
• [syzbot] general protection fault in kcm_sendmsg
  • From: syzbot <syzbot+65badd5e74ec62cb67dc@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH nft v2 3/3] doc: add LISTING section
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 2/3] src: add support for base hook dumping
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v2 1/3] scanner: add list cmd parser scope
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next v2 0/2] netfilter: new hook nfnl subsystem
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] rule: rework CMD_OBJ_SETELEMS logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 4/4] tests: add test case for removal of anon sets with only a single element
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 3/4] evaluate: remove anon sets with exactly one element
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/4] tests: remove redundant test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/4] tests: ct: prefer normal cmp
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/4] nftables: convert single-elem anon sets to compare operation
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 2/2] netfilter: add new hook nfnl subsystem
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 1/2] netfilter: annotate nf_tables base hook ops
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 0/2] netfilter: new hook nfnl subsystem
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] KMSAN: uninit-value in translate_table (2)
  • From: syzbot <syzbot+761644ed2ba863e99b41@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: add last expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [netfilter] a0aa657b74: WARNING:at_kernel/locking/lockdep.c:#lockdep_init_map_type
  • From: Florian Westphal <fw@xxxxxxxxx>
• [netfilter] a0aa657b74: WARNING:at_kernel/locking/lockdep.c:#lockdep_init_map_type
  • From: kernel test robot <oliver.sang@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: initialize set before expression setup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: add last expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 5/5] extensions: libxt_conntrack: simplify translation using negation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 4/5] extensions: libxt_tcp: rework translation to use flags match representation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 3/5] extensions: libxt_connlimit: add translation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 2/5] tests: xlate-test: support multiline expectation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 1/5] libxtables: extend xlate infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2 0/5] iptables-translation enhancements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [syzbot] memory leak in ip_vs_add_service
  • From: Xin Long <lucien.xin@xxxxxxxxx>
• Re: [syzbot] memory leak in ip_vs_add_service
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCH nf-next 3/3] netfilter: flowtable: Set offload timeouts according to proto values
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf-next 2/3] netfilter: conntrack: Introduce udp offload timeout configuration
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf-next 1/3] netfilter: conntrack: Introduce tcp offload timeout configuration
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• [PATCH nf-next 0/3] Control nf flow table timeouts
  • From: Oz Shlomo <ozsh@xxxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: remove the repeated declaration
  • From: Shaokun Zhang <zhangshaokun@xxxxxxxxxxxxx>
• [PATCH iptables] extensions: libxt_conntrack: simplify translation using negation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables] extensions: libxt_tcp: rework translation to use flags match representation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] statement: connlimit: remove extra whitespace in print function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables 2/2] extensions: libxt_connlimit: add translation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables 1/2] libxtables: extend xlate infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] memory leak in ip_vs_add_service
  • From: Xin Long <lucien.xin@xxxxxxxxx>
• [PATCH nft] tests: py: update netdev reject test file
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] json: catchall element support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] general protection fault in nft_set_elem_expr_alloc
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] general protection fault in nft_set_elem_expr_alloc
  • From: syzbot <syzbot+ce96ca2b1d0b37c6422d@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [syzbot] general protection fault in lock_page_memcg
  • From: syzbot <syzbot+15a9609cfd4687eb7269@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [iptables PATCH 0/9] Fix a bunch of static analyzer warnings
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 3/9] libxtables: Fix memleak in xtopt_parse_hostmask()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 7/9] extensions: libebt_ip6: Use xtables_ip6parse_any()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 5/9] nft: Avoid buffer size warnings copying iface names
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 9/9] extensions: libxt_string: Avoid buffer size warning for strncpy()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/9] extensions: libebt_ip6: Drop unused variables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 4/9] nft: Avoid memleak in error path of nft_cmd_new()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/9] libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 8/9] libxtables: Introduce xtables_strdup() and use it everywhere
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 6/9] iptables-apply: Drop unused variable
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH net 2/2] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] json: fix parse of flagcmp expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] json: fix base chain output
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [syzbot] WARNING in idr_get_next
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [syzbot] WARNING in idr_get_next
  • From: syzbot <syzbot+f7204dcf3df4bb4ce42c@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING in idr_get_next
  • From: Matthew Wilcox <willy@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING in idr_get_next
  • From: syzbot <syzbot+f7204dcf3df4bb4ce42c@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: remove the repeated declaration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nftables: add nf_ct_pernet() helper function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING in idr_get_next
  • From: syzbot <syzbot+f7204dcf3df4bb4ce42c@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net-next 01/16] netfilter: nft_exthdr: Support SCTP chunks
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH net-next 16/16] netfilter: fix clang-12 fmt string warnings
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 14/16] netfilter: nf_tables: remove xt_action_param from nft_pktinfo
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 15/16] netfilter: nft_set_pipapo_avx2: fix up description warnings
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 13/16] netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 12/16] netfilter: nf_tables: add and use nft_thoff helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 09/16] netfilter: x_tables: reduce xt_action_param by 8 byte
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 10/16] netfilter: reduce size of nf_hook_state on 32bit platforms
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 11/16] netfilter: nf_tables: add and use nft_sk helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 04/16] netfilter: nf_tables: prefer direct calls for set lookups
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 06/16] netfilter: x_tables: improve limit_mt scalability
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 07/16] netfilter: xt_CT: Remove redundant assignment to ret
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 08/16] netfilter: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 05/16] netfilter: Remove leading spaces in Kconfig
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 03/16] netfilter: add and use nft_set_do_lookup helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 02/16] netfilter: nft_set_pipapo_avx2: Skip LDMXCSR, we don't need a valid MXCSR state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 01/16] netfilter: nft_exthdr: Support SCTP chunks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 00/16] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: add new hook nfnl subsystem
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: annotate nf_tables base hook ops
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/2] netfilter: new hook nfnl subsystem
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH ipset,v2] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset 3/3] add ipset to nftables translation infrastructure
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset 2/3] lib: Detach restore routine from parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH ipset 1/3] lib: split parser from command execution
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Thomas De Schampheleire <patrickdepinguin@xxxxxxxxx>
• Re: [PATCH RFC libnetfilter_queue 0/1] Eliminate packet copy when constructing struct pkt_buff
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf-next 3/3] netfilter: nf_tables: remove nft_ctx_init_from_setattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/3,v3] netfilter: nf_tables: remove nft_ctx_init_from_elemattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/3,v3] netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2 3/3] netfilter: nf_tables: remove nft_ctx_init_from_setattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2 2/3] netfilter: nf_tables: remove nft_ctx_init_from_elemattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2 1/3] netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 3/3] netfilter: nf_tables: remove nft_ctx_init_from_setattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/3] netfilter: nf_tables: remove nft_ctx_init_from_elemattr()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/3] netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_compat: fix bridge family target evaluation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: fix clang-12 fmt string warnings
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nft_set_pipapo_avx2: fix up description warnings
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nft_compat: fix bridge family target evaluation
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: remove the repeated declaration
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] netfilter: conntrack: remove the repeated declaration
  • From: Shaokun Zhang <zhangshaokun@xxxxxxxxxxxxx>
• [nf-next:master 14/14] net/netfilter/nft_compat.c:113:10: warning: address of 'xt.hotdrop' will always evaluate to 'true'
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [nf-next:master 4/14] net/netfilter/nft_set_pipapo.c:412:6: error: static declaration of 'nft_pipapo_lookup' follows non-static declaration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next:master 4/14] net/netfilter/nft_set_pipapo.c:412:6: error: static declaration of 'nft_pipapo_lookup' follows non-static declaration
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next:master 4/14] net/netfilter/nft_set_pipapo.c:412:6: error: static declaration of 'nft_pipapo_lookup' follows non-static declaration
  • From: kernel test robot <lkp@xxxxxxxxx>
• rebasing nf-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH conntrackd] cthelper: fix overlapping queue numbers in example file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH conntrackd,v2 2/2] doc: manual: Document userspace helper configuration at daemon startup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH conntrackd,v2 1/2] cthelper: Set up userspace helpers when daemon starts
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/6] netfilter: reduce size of core data structures
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 6/6] netfilter: nf_tables: remove xt_action_param from nft_pktinfo
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 5/6] netfilter: nft_set_pktinfo_unspec: remove unused arg
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 4/6] netfilter: nf_tables: add and use nft_thoff helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/6] netfilter: nf_tables: add and use nft_sk helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/6] netfilter: reduce size of nf_hook_state on 32bit platforms
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/6] netfilter: x_tables: reduce xt_action_param by 8 byte
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/6] netfilter: reduce size of core data structures
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] MAINTAINERS: netfilter: add irc channel
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• Re: [PATCH net 0/5] Netfilter/IPVS fixes for net
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• [PATCH conntrackd] doc: manual: Document userspace helper configuration at daemon startup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH conntrackd] cthelper: Set up userspace helpers when daemon starts
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH conntrackd] cthelper: Set up userspace helpers when daemon starts
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_queue v2 1/1] Eliminate packet copy when constructing struct pkt_buff
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nft_ct: skip expectations for confirmed conntrack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v3] netfilter: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/5] netfilter: nf_tables: fix table flag updates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/5] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/5] netfilter: nf_tables: extended netlink error reporting for chain type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/5] netfilter: nf_tables: missing error reporting for not selected expressions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/5] netfilter: conntrack: unregister ipv4 sockopts on error unwind
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/5] Netfilter/IPVS fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: x_tables: improve limit_mt scalability
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: Remove redundant assignment to ret
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ulogd2 PATCH] ulogd: printpkt: print pkt mark like kernel
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 5/6] tests: add test case for -O no-remove-dependencies
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 6/6] tests: add test case for removal of anon sets with only a single element
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 4/6] evaluate: optionally kill anon sets with one element
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 3/6] main: add -O help to dump list of supported optimzation flags
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/6] src: allow to turn off dependency removal
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/6] src: add proto ctx options
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/6] nftables: add --optimize support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next,v2] netfilter: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH-v2] netfilter: conntrack: add new sysctl to disable RST check
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• [PATCH] netfilter: conntrack: add new sysctl to disable RST check
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: [PATCH] Disable RST seq number check when tcp_be_liberal is greater 1
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• [ANNOUNCE] nftables 0.9.9 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/4] netfilter: annotate nf_tables base hook ops
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/4] netfilter: nf_tables: include function and module name in hook dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/4] netfilter: nf_tables: allow to dump all registered base hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 0/4] netfilter: add hook dump feature
  • From: Florian Westphal <fw@xxxxxxxxx>
• [ANNOUNCE] libnftnl 1.2.0 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Thomas De Schampheleire <patrickdepinguin@xxxxxxxxx>
• Re: [PATCH net] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
  • From: Simon Horman <horms@xxxxxxxxxxxx>
• [ulogd2 PATCH] ulogd: printpkt: print pkt mark like kernel
  • From: Cole Dishington <Cole.Dishington@xxxxxxxxxxxxxxxxxxx>
• [PATCH nftables] expression: display an error on unknown datatype
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] evaluate: allow == and != in the new shortcut syntax to match for flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
  • From: Julian Anastasov <ja@xxxxxx>
• Re: [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: fix table flag updates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] memory leak in ip_vs_add_service
  • From: syzbot <syzbot+e562383183e4b1766930@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [nftables PATCH] files: improve secmark.nft example
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nftables PATCH] files: improve secmark.nft example
  • From: Dominick Grift <dominick.grift@xxxxxxxxxxx>
• Re: [PATCH] Disable RST seq number check when tcp_be_liberal is greater 1
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• Re: [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• linux-next: Fixes tag needs some work in the netfilter tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next 1/4] netfilter: nf_tables: allow to dump all registered base hooks
  • From: kernel test robot <lkp@xxxxxxxxx>
• Re: [PATCH nft 3/3] doc: add LISTING section
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH v26 18/25] LSM: security_secid_to_secctx in netlink netfilter
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH v26 15/25] LSM: Ensure the correct LSM context releaser
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH nft 3/3] doc: add LISTING section
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/3] src: add support for base hook dumping
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/3] scanner: add list cmd parser scope
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/3] hook dump support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 4/4] netfilter: nf_tables: include table and chain name when dumping hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/4] netfilter: annotate nf_tables base hook ops
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/4] netfilter: nf_tables: include function and module name in hook dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/4] netfilter: nf_tables: allow to dump all registered base hooks
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/4] netfilter: add hook dump feature
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] Disable RST seq number check when tcp_be_liberal is greater 1
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: [PATCH] Avoid potentially erroneos RST drop.
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• Re: mmotm 2021-05-19-23-58 uploaded (net/netfilter/nft_set_pipapo_avx2.c)
  • From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
• Re: linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stefano Brivio <sbrivio@xxxxxxxxxx>
• Re: mmotm 2021-05-19-23-58 uploaded (net/netfilter/nft_set_pipapo_avx2.c)
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxx>
• Re: linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: mmotm 2021-05-19-23-58 uploaded (net/netfilter/nft_set_pipapo_avx2.c)
  • From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_ct: skip unconfirmed helper extension for unconfirmed conntrack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: warning splat in nftables ct expect
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: warning splat in nftables ct expect
  • From: Stéphane Veyret <sveyret@xxxxxxxxx>
• [nft PATCH] expr_postprocess: Avoid an unintended fall through
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf] netfilter: conntrack: improve RST handling when tuple is re-used
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] Avoid potentially erroneos RST drop.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: extended netlink error reporting for chain type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] rule: skip exact matches on fuzzy lookup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] cmd: typo in chain fuzzy lookup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] libnftables: location-based error reporting for chain type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] Avoid potentially erroneos RST drop.
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] Avoid potentially erroneos RST drop.
  • From: Ali Abdallah <ali.abdallah@xxxxxxxx>
• [PATCH nf] netfilter: nf_tables: missing error reporting for not selected expressions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] doc: nft.8: Extend monitor description by trace
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf,v2] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] doc: document cgroupv2
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nftables: accept all dummy chain when table is dormant
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] nft_set_pipapo_avx2: Skip LDMXCSR, we don't need a valid MXCSR state
  • From: Stefano Brivio <sbrivio@xxxxxxxxxx>
• [ebtables PATCH 2/2] configure.ac: add option --enable-kernel-64-userland-32
  • From: Thomas De Schampheleire <patrickdepinguin@xxxxxxxxx>
• [ebtables PATCH 1/2] ebtables.h: restore KERNEL_64_USERSPACE_32 checks
  • From: Thomas De Schampheleire <patrickdepinguin@xxxxxxxxx>
• Re: [PATCH nf-next] nft_set_pipapo_avx2: Skip LDMXCSR, we don't need a valid MXCSR state
  • From: Andy Lutomirski <luto@xxxxxxxxxx>
• Re: [PATCH] netfilter: Remove leading spaces in Kconfig
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/2] nf_tables: avoid retpoline overhead on set lookups
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] nft_set_pipapo_avx2: Skip LDMXCSR, we don't need a valid MXCSR state
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [net-next PATCH] net: netfilter: nft_exthdr: Support SCTP chunks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• warning splat in nftables ct expect
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables,v2] datatype: skip cgroupv2 rootfs in listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables 1/2] src: use PRIu64 format
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables 2/2] datatype: skip cgroupv2 rootfs in listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2 1/1] Eliminate packet copy when constructing struct pkt_buff
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue v2 0/1] Speed-up
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [syzbot] WARNING in __nf_unregister_net_hook (4)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: use nfnetlink_unicast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING in __nf_unregister_net_hook (4)
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [syzbot] WARNING in __nf_unregister_net_hook (4)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: Remove leading spaces in Kconfig
  • From: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
• Re: [PATCH] treewide: Remove leading spaces in Kconfig files
  • From: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
• Re: [PATCH] treewide: Remove leading spaces in Kconfig files
  • From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] treewide: Remove leading spaces in Kconfig files
  • From: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
• Re: [PATCH] treewide: Remove leading spaces in Kconfig files
  • From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
• [PATCH] treewide: Remove leading spaces in Kconfig files
  • From: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
• [PATCH nftables,v3] parser_bison: add shortcut syntax for matching flags without binary operations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/2] nf_tables: avoid retpoline overhead on set lookups
  • From: Stefano Brivio <sbrivio@xxxxxxxxxx>
• [PATCH nftables,v2] parser_bison: add shortcut syntax for matching flags without binary operations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Kees Cook <keescook@xxxxxxxxxxxx>
• Re: [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Kees Cook <keescook@xxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: flowtable: Remove redundant hw refresh bit
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH nf 2/2] netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 1/2] netfilter: flowtable: Remove redundant hw refresh bit
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [pablo@xxxxxxxxxxxxx: Re: [PATCH net 1/1] netfilter: flowtable: Remove redundant hw refresh bit]
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nftables PATCH] cache: check errno before invoking cache_release()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• RE: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Dexuan Cui <decui@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nf_tables: prefer direct calls for set lookups
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: add and use nft_set_do_lookup helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/2] nf_tables: avoid retpoline overhead on set lookups
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v26 18/25] LSM: security_secid_to_secctx in netlink netfilter
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v26 16/25] LSM: Use lsmcontext in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v26 15/25] LSM: Ensure the correct LSM context releaser
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Phil Sutter <phil@xxxxxx>
• [nftables PATCH] cache: check errno before invoking cache_release()
  • From: Marco Oliverio <marco.oliverio@xxxxxxxxxx>
• Re: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING in __nf_unregister_net_hook (4)
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• RE: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Dexuan Cui <decui@xxxxxxxxxxxxx>
• RE: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Dexuan Cui <decui@xxxxxxxxxxxxx>
• RE: netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Dexuan Cui <decui@xxxxxxxxxxxxx>
• Re: [syzbot] WARNING in __nf_unregister_net_hook (4)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] parser_bison: add shortcut syntax for matching flags without binary operations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables] netlink_delinearize: fix binary operation postprocessing with sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• netfilter: iptables-restore: setsockopt(3, SOL_IP, IPT_SO_SET_REPLACE, "security...", ...) return -EAGAIN
  • From: Dexuan Cui <decui@xxxxxxxxxxxxx>
• Re: [PATCH nftables,v3 2/2] src: add set element catch-all support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nftables,v2 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables,v3 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables,v2 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables,v2 2/2] src: add set element catch-all support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nftables 2/2] src: add set element catch-all support
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables,v2 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nftables 2/2] src: add set element catch-all support
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• Re: [PATCH nftables 2/2] src: add set element catch-all support
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nftables] evaluate: don't crash on set definition with incorrect datatype
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables 2/2] src: add set element catch-all support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nftables 1/2] parser_bison: add set_elem_key_expr rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>