Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[nf-next PATCH v4 00/16] Dynamic hook interface binding
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 09/16] netfilter: nf_tables: Drop __nft_unregister_flowtable_net_hooks()
- From: Phil Sutter <phil@xxxxxx>
Re: stable request: netfilter: make cgroupsv2 matching work with namespaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
stable request: netfilter: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf PATCH v2] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Florian Westphal <fw@xxxxxxxxx>
[nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH 1/5] LSM: Replace context+len with lsm_context
- From: Todd Kjos <tkjos@xxxxxxxxxx>
[PATCH 5.4.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
[PATCH 5.10.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
[PATCH 5.15.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Antonio Ojea <aojea@xxxxxxxxxx>
[PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 09/19] selftests/landlock: Test creating a ruleset with unknown access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 08/19] selftests/landlock: Test overlapped restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Florian Westphal <fw@xxxxxxxxx>
[no subject]
- From: Unknown
Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] cache: initialize filter when fetching implicit chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] cache: initialize filter when fetching implicit chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] doc: tproxy is non-terminal in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: conntrack: conditionally compile ctnetlink_label_size
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: conntrack: compile label helpers unconditionally
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next] netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nft] doc: tproxy is non-terminal in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
"libmnl" project doxygen-generated documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: more ransomization for timeout parameter
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [syzbot] [virt?] [netfilter?] INFO: rcu detected stall in ip_list_rcv (6)
- From: syzbot <syzbot+45b67ef6e09a39a2cbcd@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH libnetfilter_queue] doc: Install libnetfilter_queue.7 man page
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Phil Sutter <phil@xxxxxx>
[PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: TPROXY: Fix for translation being non-terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[iptables PATCH] extensions: TPROXY: Fix for translation being non-terminal
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[no subject]
- From: Unknown
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Florian Westphal <fw@xxxxxxxxx>
[no subject]
- From: Unknown
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Florian Westphal <fw@xxxxxxxxx>
[nf-next PATCH v3 16/16] selftests: netfilter: Torture nftables netdev hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 13/16] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 10/16] netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 08/16] netfilter: nf_tables: Introduce nft_hook_find_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 12/16] netfilter: nf_tables: flowtable: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 05/16] netfilter: nf_tables: Compare netdev hooks based on stored name
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 06/16] netfilter: nf_tables: Tolerate chains with no remaining hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 07/16] netfilter: nf_tables: Introduce functions freeing nft_hook objects
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 09/16] netfilter: nf_tables: Introduce nft_register_flowtable_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 04/16] netfilter: nf_tables: Use stored ifname in netdev hook dumps
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 00/16] Dynamic hook interface binding
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 14/16] netfilter: nf_tables: Support wildcard netdev hook specs
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 02/16] netfilter: nf_tables: Flowtable hook's pf value never varies
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH] docs: tproxy: ipt: ignore non-transparent sockets
- From: 谢致邦 (XIE Zhibang) <Yeking@xxxxxxxxx>
[PATCH v3] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next 5/5] netfilter: nf_tables: allocate element update information dynamically
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/5] netfilter: nf_tables: switch trans_elem to real flex array
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/5] netfilter: nf_tables: prepare for multiple elements in nft_trans_elem structure
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/5] netfilter: nf_tables: prefer nft_trans_elem_alloc helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/5] netfilter: nf_tables: add nft_trans_commit_list_add_elem helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/5] netfilter: nf_tables: reduce set element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] selftests: netfilter: tproxy tcp and udp tests
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH v2] selftests: netfilter: tproxy tcp and udp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
[PATCH nft] tests: py: fix up udp csum fixup output
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] ksleftest nfqueue race with dnat
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH] ksleftest nfqueue race with dnat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [RFC PATCH v3 05/19] selftests/landlock: Test adding a rule for each unknown access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 04/19] selftests/landlock: Test adding a rule with each supported access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 03/19] selftests/landlock: Test basic socket restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[PATCH nf-next 3/3] selftests: netfilter: add reverse-clash resolution test case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/3] netfilter: conntrack: add clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad
- From: Justin Stitt <justinstitt@xxxxxxxxxx>
Re: [PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nft] tests: shell: add test case for timeout updates
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft] tests: shell: extend vmap test with updates
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nft 2/2] proto: use NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag to mangle UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] tests: shell: stabilize packetpath/payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH nf-next v5 2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [RFC PATCH v3 01/19] landlock: Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[PATCH libmnl] doc: Address warnings emitted by doxygen 1.12.0
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH nf v2 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net-next 01/16] netfilter: ctnetlink: support CTA_FILTER for flush
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next v2 0/5] make use of the helper macro LIST_HEAD()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: David Ahern <dsahern@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH net-next 07/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 06/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [RFC PATCH v3 01/19] landlock: Support socket access-control
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 11/12] ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 10/12] netfilter: nf_dup4: Unmask upper DSCP bits in nf_dup_ipv4_route()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 09/12] netfilter: nft_flow_offload: Unmask upper DSCP bits in nft_flow_route()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 08/12] ipv4: netfilter: Unmask upper DSCP bits in ip_route_me_harder()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 04/12] ipv4: icmp: Unmask upper DSCP bits in icmp_reply()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 03/12] bpf: lwtunnel: Unmask upper DSCP bits in bpf_lwt_xmit_reroute()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 02/12] ipv4: ip_gre: Unmask upper DSCP bits in ipgre_open()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 01/12] netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next v1] netlink: specs: nftables: allow decode of tailscale ruleset
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH net-next 16/16] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 15/16] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 14/16] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 13/16] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 12/16] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 11/16] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 10/16] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 09/16] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 05/16] netfilter: nf_tables: drop unused 3rd argument from validate callback ops
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 07/16] netfilter: nf_tables: Add missing Kernel doc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 08/16] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 04/16] netfilter: conntrack: Convert to use ERR_CAST()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 06/16] netfilter: nf_tables: Correct spelling in nf_tables.h
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 03/16] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 02/16] netfilter: nft_counter: Use u64_stats_t for statistic.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 01/16] netfilter: ctnetlink: support CTA_FILTER for flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 00/16] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 11/12] ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 10/12] netfilter: nf_dup4: Unmask upper DSCP bits in nf_dup_ipv4_route()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 09/12] netfilter: nft_flow_offload: Unmask upper DSCP bits in nft_flow_route()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 08/12] ipv4: netfilter: Unmask upper DSCP bits in ip_route_me_harder()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 07/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 06/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 04/12] ipv4: icmp: Unmask upper DSCP bits in icmp_reply()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 03/12] bpf: lwtunnel: Unmask upper DSCP bits in bpf_lwt_xmit_reroute()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 02/12] ipv4: ip_gre: Unmask upper DSCP bits in ipgre_open()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 01/12] netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH] ext4: Fix error message when rejecting the default hash
- From: "Theodore Ts'o" <tytso@xxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v1 2/4] selftests/landlock: Implement per-syscall microbenchmarks
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Jiawei Ye <jiawei.ye@xxxxxxxxxxx>
[RFC PATCH v3 19/19] landlock: Document socket rule type support
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 18/19] samples/landlock: Support socket protocol restrictions
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 17/19] samples/landlock: Replace atoi() with strtoull() in populate_ruleset_net()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 16/19] selftests/landlock: Test that accept(2) is not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 15/19] selftests/landlock: Test SCTP peeloff restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 10/19] selftests/landlock: Test adding a rule with family and type outside the range
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 09/19] selftests/landlock: Test creating a ruleset with unknown access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 08/19] selftests/landlock: Test overlapped restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 05/19] selftests/landlock: Test adding a rule for each unknown access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 04/19] selftests/landlock: Test adding a rule with each supported access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 03/19] selftests/landlock: Test basic socket restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 02/19] landlock: Add hook on socket creation
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 01/19] landlock: Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 00/19] Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next v2 0/5] make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 5/5] net/core: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 1/5] net/ipv4: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 4/5] net/ipv6: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v1] netlink: specs: nftables: allow decode of tailscale ruleset
- From: Donald Hunter <donald.hunter@xxxxxxxxx>
Re: [PATCH v2 net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] libnftables: Zero ctx->vars after freeing it
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
[nft PATCH] libnftables: Zero ctx->vars after freeing it
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
[PATCH nf-next,v3 9/9] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 7/9] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 6/9] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 4/9] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 2/9] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 3/9] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 5/9] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 1/9] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] libnftables: set variable array to NULL after release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf-next,v2 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next v1] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v1] netfilter: conntrack: Convert to use ERR_CAST()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: drop unused 3rd argument from validate callback ops
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
[PATCH nft,v2] src: support for timeout never in elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 2/9] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 1/9] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 3/9] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 4/9] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 5/9] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 9/9] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 7/9] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 6/9] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2 net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/1] asn: fix missing quiet checks in xt_asn_build
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: David Ahern <dsahern@xxxxxxxxxx>
Re: [PATCH nft] tests: shell: extend coverage for meta l4proto netdev/egress matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Request for comments
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Donald Hunter <donald.hunter@xxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] ipset: Fix implicit declaration of function basename
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Request for comments
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH] ksleftest nfqueue race with dnat
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] ipset: Fix implicit declaration of function basename
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v4 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: tproxy: Add missing Kernel doc to nf_tproxy.h
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nf_tables: Add missing Kernel doc to nf_tables.h
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH v2 2/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH] ipset: Fix implicit declaration of function basename
- From: mpagano@xxxxxxxxxx
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
[PATCH libnetfilter_conntrack v1] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
Re: [PATCH net-next 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
Re: [PATCH net-next v2 0/6] replace deprecated strcpy with strscpy
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next v2 0/6] replace deprecated strcpy with strscpy
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v4 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH v2 2/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
[PATCH v2 1/2] err.h: Add ERR_PTR_PCPU(), PTR_ERR_PCPU() and IS_ERR_PCPU() macros
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
[PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Eric Garver <eric@xxxxxxxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Joshua Lant <joshualant@xxxxxxxxxxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft 4/5] cache: relax requirement for replace rule command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/5] cache: remove full cache requirement when echo flag is set on
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 5/5] cache: position does not require full cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/5] cache: clean up evaluate_cache_del()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH net 1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: Florian Westphal <fw@xxxxxxxxx>
BUG: general protection fault in arpt_do_table
- From: Xingyu Li <xli399@xxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/2] netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Correct spelling in nf_tables.h
- From: Simon Horman <horms@xxxxxxxxxx>
Re: Stateless NAT ICMP Payload Mismatch
- From: Echo Nar <echo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain()
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next 4/5] netfilter: iptables: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nft,v2 0/7] cache updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Stateless NAT ICMP Payload Mismatch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Joshua Lant <joshualant@xxxxxxxxxxxxxx>
[PATCH iptables 0/1] configure: Determine if musl is used for build
- From: Joshua Lant <joshualant@xxxxxxxxxxxxxx>
[PATCH net-next v2 2/6] net/ipv6: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 1/6] net: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 6/6] net/ipv4: net: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 3/6] net/netrom: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 5/6] net/tipc: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 4/6] net/netfilter: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 0/6] replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH v1] netfilter: conntrack: Convert to use ERR_CAST()
- From: Shen Lichuan <shenlichuan@xxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: drop unused 3rd argument from validate callback ops
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH -next 4/5] netfilter: iptables: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
Re: [PATCH -next 0/5] net: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 4/5] netfilter: iptables: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 2/5] netfilter: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 1/5] nfc: core: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 5/5] netfilter: nf_nat: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 3/5] netfilter: arptables: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
[PATCH -next 0/5] net: Use kmemdup_array() instead of kmemdup() for multiple allocation
- From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
Re: [PATCH net-next 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH] ext4: Fix error message when rejecting the default hash
- From: Gabriel Krisman Bertazi <krisman@xxxxxxx>
Re: [PATCH net-next 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net-next 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[no subject]
- From: Unknown
[PATCH nf] netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v3 2/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v3 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
[PATCH net-next 6/6] net/ipv4: net: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 5/6] net/tipc: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 4/6] net/netfilter: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 3/6] net/netrom: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 2/6] net/ipv6: replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 1/6] net: prefer strscpy over strcpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 0/6] replace deprecated strcpy with strscpy
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 5/5] net/core: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 4/5] net/ipv6: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 1/5] net/ipv4: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next 0/5] make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next] selftests: netfilter: nft_queue.sh: reduce test file size for debug build
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: restore IP sanity checks for netdev/egress
- From: Jorge Ortiz Escribano <jorge.ortiz.escribano@xxxxxxxxx>
Re: [PATCH net-next 2/9] selftests: netfilter: nft_queue.sh: sctp coverage
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[PATCH nft] tests: shell: extend coverage for meta l4proto netdev/egress matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nft,v2 0/7] cache updates
- From: Eric Garver <eric@xxxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: restore IP sanity checks for netdev/egress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 5/7] cache: consolidate reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 6/7] tests: shell: cover anonymous set with reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 7/7] tests: shell: cover reset command with counter and quota
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 3/7] cache: add filtering support for objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 0/7] cache updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 1/7] cache: reset filter for each command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 4/7] cache: only dump rules for the given table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2 2/7] cache: accumulate flags in batch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v1] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next v1] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Yan Zhen <yanzhen@xxxxxxxx>
[PATCH nft 5/5] tests: shell: cover reset command with counter and quota
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/5] cache: consolidate reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/5] cache: add filtering support for objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 4/5] tests: shell: cover anonymous set with reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 0/5] cache updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/5] cache: only dump rules for the given table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v2 2/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v2 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH] iptables: align xt_CONNMARK with current kernel headers
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[PATCH] iptables: align xt_CONNMARK with current kernel headers
- From: Joshua Lant <joshualant@xxxxxxxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 1
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH net-next 9/9] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 8/9] netfilter: nf_tables: allow loads only when register is initialized
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 7/9] netfilter: nf_tables: pass context structure to nft_parse_register_load
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 6/9] netfilter: move nf_ct_netns_get out of nf_conncount_init
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 5/9] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 4/9] netfilter: nf_tables: store new sets in dedicated list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 2/9] selftests: netfilter: nft_queue.sh: sctp coverage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 0/9] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 3/9] netfilter: nfnetlink: convert kfree_skb to consume_skb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net 1/3] netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nf-next 2/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: netfilter: Kconfig: IP6_NF_IPTABLES_LEGACY old =y behaviour question
- From: Breno Leitao <leitao@xxxxxxxxxx>
[kernel PATCH] nf_tables_ipv4: fix transport header offset comparison
- From: Jorge Ortiz <jorge.ortiz.escribano@xxxxxxxxx>
Re: [PATCH V6] fs/ext4: Filesystem without casefold feature cannot be mounted with spihash
- From: "Theodore Ts'o" <tytso@xxxxxxx>
Re: netfilter: Kconfig: IP6_NF_IPTABLES_LEGACY old =y behaviour question
- From: Florian Westphal <fw@xxxxxxxxx>
Re: netfilter: Kconfig: IP6_NF_IPTABLES_LEGACY old =y behaviour question
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: netfilter: Kconfig: IP6_NF_IPTABLES_LEGACY old =y behaviour question
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: Don't track counter updates of do_add_counters()
- From: takakura@xxxxxxxxxxxxx
Re: [PATCH net 3/3] netfilter: flowtable: validate vlan header
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/3] netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net,v2 0/3] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/3] netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 3/3] netfilter: flowtable: validate vlan header
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
netfilter: Kconfig: IP6_NF_IPTABLES_LEGACY old =y behaviour question
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH] netfilter: ctnetlink: support CTA_FILTER for flush
- From: Changliang Wu <changliang.wu@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH net 3/3] netfilter: flowtable: validate vlan header
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [syzbot] [ppp?] inconsistent lock state in valid_state (4)
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [PATCH] netfilter: Don't track counter updates of do_add_counters()
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[syzbot] [netfilter?] inconsistent lock state in gfs2_fill_super
- From: syzbot <syzbot+e9708296aa2eef438a51@xxxxxxxxxxxxxxxxxxxxxxxxx>
[PATCH] netfilter: Don't track counter updates of do_add_counters()
- From: takakura@xxxxxxxxxxxxx
[PATCH net 3/3] netfilter: flowtable: validate vlan header
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/3] netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/3] netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/3] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v2] netfilter: flowtable: validate vlan header
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [syzbot] [ppp?] inconsistent lock state in valid_state (4)
- From: syzbot <syzbot+d43eb079c2addf2439c3@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH] xtables: Fix compilation error with musl-libc
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
nftables build warning, parser_bison.y:206.1-19: warning: deprecated directive: ‘%name-prefix "nft_"’
- From: pgnd <pgnd@xxxxxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 1
- From: David Ahern <dsahern@xxxxxxxxxx>
Re: [PATCH net-next 12/12] ipv4: Unmask upper DSCP bits when using hints
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 11/12] ipv4: udp: Unmask upper DSCP bits during early demux
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 10/12] ipv4: icmp: Pass full DS field to ip_route_input()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 09/12] ipv4: Unmask upper DSCP bits in RTM_GETROUTE input route lookup
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 08/12] ipv4: Unmask upper DSCP bits in input route lookup
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 07/12] ipv4: Unmask upper DSCP bits in fib_compute_spec_dst()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 06/12] ipv4: ipmr: Unmask upper DSCP bits in ipmr_rt_fib_lookup()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] netfilter: nft_fib: Unmask upper DSCP bits
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 04/12] netfilter: rpfilter: Unmask upper DSCP bits
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 1
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next 03/12] ipv4: Unmask upper DSCP bits when constructing the Record Route option
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 02/12] ipv4: Unmask upper DSCP bits in NETLINK_FIB_LOOKUP family
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 01/12] bpf: Unmask upper DSCP bits in bpf_fib_lookup() helper
- From: Guillaume Nault <gnault@xxxxxxxxxx>
[PATCH net-next 12/12] ipv4: Unmask upper DSCP bits when using hints
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 11/12] ipv4: udp: Unmask upper DSCP bits during early demux
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 09/12] ipv4: Unmask upper DSCP bits in RTM_GETROUTE input route lookup
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 10/12] ipv4: icmp: Pass full DS field to ip_route_input()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 06/12] ipv4: ipmr: Unmask upper DSCP bits in ipmr_rt_fib_lookup()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 08/12] ipv4: Unmask upper DSCP bits in input route lookup
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 07/12] ipv4: Unmask upper DSCP bits in fib_compute_spec_dst()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 05/12] netfilter: nft_fib: Unmask upper DSCP bits
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 04/12] netfilter: rpfilter: Unmask upper DSCP bits
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 03/12] ipv4: Unmask upper DSCP bits when constructing the Record Route option
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 02/12] ipv4: Unmask upper DSCP bits in NETLINK_FIB_LOOKUP family
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 01/12] bpf: Unmask upper DSCP bits in bpf_fib_lookup() helper
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 00/12] Unmask upper DSCP bits - part 1
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH 0/2 nft] mnl: query netdevices for in/egress hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] src: mnl: always dump all netdev hooks if no interface name was given
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 0/2 nft] mnl: query netdevices for in/egress hooks
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/2] src: mnl: prepare for listing all device netdev device hooks
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [RFC PATCH v2 0/9] Support TCP listen access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 0/9] Support TCP listen access-control
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH net-next v2 0/3] Preparations for FIB rule DSCP selector
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [RFC PATCH v2 0/9] Support TCP listen access-control
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH] xtables: Fix compilation error with musl-libc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nfnetlink_log: remove unnecessary check in __build_packet_message()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 0/3] netfilter: nf_tables: reject loads from
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net 0/3] netfilter: nft_counter: Statistics fixes/ optimisation.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nf_tables: allow loads only when register is initialized
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/3] netfilter: nf_tables: reject loads from
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables: pass context structure to nft_parse_register_load
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH] doc: Update outdated info
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net 0/3] netfilter: nft_counter: Statistics fixes/ optimisation.
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH] doc: Update outdated info
- From: 谢致邦 (XIE Zhibang) <Yeking@xxxxxxxxx>
[PATCH net-next 3/3] netfilter: nft_counter: Use u64_stats_t for statistic.
- From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
[PATCH net 2/3] netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
- From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
[PATCH net 1/3] netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
- From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
[PATCH net 0/3] netfilter: nft_counter: Statistics fixes/ optimisation.
- From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
Re: [PATCH bpf-next] bpf: use kfunc hooks instead of program types
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
[PATCH bpf-next] bpf: use kfunc hooks instead of program types
- From: Matteo Croce <technoboy85@xxxxxxxxx>
Re: [PATCH nft 1/5] datatype: make "flags" field of datatype struct simple booleans
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 4/4] parser_json: fix crash in json_parse_set_stmt_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/4] parser_json: fix several expression memleaks from error path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/4] parser_json: fix handle memleak from error path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/4] parser_json: release buffer returned by json_dumps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 0/4] fixes for json parser
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] src: remove DTYPE_F_PREFIX
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] datatype: replace DTYPE_F_ALLOC by bitfield
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: pgnd <pgnd@xxxxxxxxxxxx>
Re: [PATCH] netfilter: ctnetlink: support CTA_FILTER for flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: pgnd <pgnd@xxxxxxxxxxxx>
Re: [PATCH] xtables: Fix compilation error with musl-libc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: remove unnecessary assignment in translate_table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] selftests: netfilter: nft_queue.sh: sctp coverage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: move nf_ct_netns_get out of nf_conncount_init
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 1/4] doc: add documentation about list hooks feature
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 1/4] doc: add documentation about list hooks feature
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[syzbot] [netfilter?] inconsistent lock state in valid_state (4)
- From: syzbot <syzbot+d43eb079c2addf2439c3@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement
- From: Phil Sutter <phil@xxxxxx>
[ANNOUNCE] Security evaluation by ANSSI of nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v4 4/4] netfilter: nfnetlink: Handle ACK flags for batch messages
- From: Jiri Slaby <jirislaby@xxxxxxxxxx>
Re: [PATCH net-next v4 4/4] netfilter: nfnetlink: Handle ACK flags for batch messages
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v4 4/4] netfilter: nfnetlink: Handle ACK flags for batch messages
- From: Jiri Slaby <jirislaby@xxxxxxxxxx>
Re: Please comment on my libnetfilter_queue build speedup patch
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[RFC PATCH v1 4/4] selftests/landlock: Add realworld workload based on find tool
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 3/4] selftests/landlock: Implement custom libbpf-based tracer
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 2/4] selftests/landlock: Implement per-syscall microbenchmarks
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 1/4] selftests/landlock: Implement performance impact measurement tool
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 0/4] Implement performance impact measurement tool
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Fwd: correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`
- From: pgnd <pgnd@xxxxxxxxxxxx>
[PATCH nft] cache: revisit reset command flags
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates
- From: Eric Garver <eric@xxxxxxxxxxx>
[PATCH 5.10 342/352] netfilter: nf_tables: prefer nft_chain_validate
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 5.10 341/352] netfilter: nf_tables: allow clone callbacks to sleep
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 5.10 340/352] netfilter: nf_tables: use timestamp to check for set element timeout
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]