Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[PATCH nf] netfilter: xt_cluster: restrict to ip/ip6tables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v1 2/2] selftests/landlock: Test non-TCP INET connection-based protocols
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC PATCH v1 1/2] landlock: Fix non-TCP sockets restriction
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 19/19] landlock: Document socket rule type support
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[syzbot] [netfilter?] WARNING in xt_cluster_mt (2)
- From: syzbot <syzbot+256c348558aa5cf611a9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v1 2/2] selftests/landlock: Test non-TCP INET connection-based protocols
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v1 1/2] landlock: Fix non-TCP sockets restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[RFC PATCH v1 2/2] selftests/landlock: Test non-TCP INET connection-based protocols
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 1/2] landlock: Fix non-TCP sockets restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v1 0/2] Fix non-TCP sockets restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 19/19] landlock: Document socket rule type support
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 18/19] samples/landlock: Support socket protocol restrictions
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 17/19] samples/landlock: Replace atoi() with strtoull() in populate_ruleset_net()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 16/19] selftests/landlock: Test that accept(2) is not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 15/19] selftests/landlock: Test SCTP peeloff restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH net 1/4] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [syzbot] [tipc?] BUG: soft lockup in do_sock_setsockopt
- From: syzbot <syzbot+10a41dc44eef71aa9450@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH v4] net/bridge: Optimizing read-write locks in ebtables.c
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[ANNOUNCE] nftables 1.1.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] libnftnl 1.2.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 4/4] selftests: netfilter: Add missing return value
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 3/4] netfilter: nf_tables: prevent nf_skb_duplicated corruption
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/4] selftests: netfilter: Fix nft_audit.sh for newer nft binaries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/4] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/4] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 9/9] monitor: Support NFT_MSG_(NEW|DEL)DEV events
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 4/9] tests: monitor: Run in own netns
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 9/9] monitor: Support NFT_MSG_(NEW|DEL)DEV events
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 2/9] tests: py: Fix for storing payload into missing file
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 0/9] Support wildcard netdev hooks and events
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 7/9] tests: shell: Adjust to ifname-based flowtables
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 1/9] json: Support typeof in set and map types
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 6/9] parser_bison: Accept ASTERISK_STRING in flowtable_expr_member
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 8/9] tests: monitor: Support running external commands
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 5/9] mnl: Support simple wildcards in netdev hooks
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 3/9] monitor: Recognize flowtable add/del events
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 4/4] device: Introduce nftnl_device
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 3/4] utils: Introduce nftnl_parse_str_attr()
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 0/4] Support wildcard netdev hooks and events
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 2/4] utils: Add helpers for interface name wildcards
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 1/4] include: utils.h needs errno.h
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next 3/4] netfilter: nf_nat: use skb_drop_reason
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/4] netfilter: nf_tables: use skb_drop_reason
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/4] netfilter: xt_nat: drop packet earlier
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/4] netfilter: xt_nat: compact nf_nat_setup_info calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/4] netfilter: use skb_drop_reason in more places
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] tests: shell: Adjust for recent changes in libnftnl
- From: Phil Sutter <phil@xxxxxx>
Re: [libnftnl PATCH] rule: Don't append a newline when printing a rule
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] tests: shell: Adjust for recent changes in libnftnl
- From: Phil Sutter <phil@xxxxxx>
Re: [libnftnl PATCH] rule: Don't append a newline when printing a rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[libnftnl PATCH] rule: Don't append a newline when printing a rule
- From: Phil Sutter <phil@xxxxxx>
Re: [libnftnl PATCH] Partially revert "rule, set_elem: remove trailing \n in userdata snprintf"
- From: Phil Sutter <phil@xxxxxx>
Re: [libnftnl PATCH] Partially revert "rule, set_elem: remove trailing \n in userdata snprintf"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] Partially revert "rule, set_elem: remove trailing \n in userdata snprintf"
- From: Phil Sutter <phil@xxxxxx>
Re: [libnftnl PATCH] Partially revert "rule, set_elem: remove trailing \n in userdata snprintf"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[libnftnl PATCH] Partially revert "rule, set_elem: remove trailing \n in userdata snprintf"
- From: Phil Sutter <phil@xxxxxx>
RE: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Danielle Ratson <danieller@xxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Petr Machata <petrm@xxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Petr Machata <petrm@xxxxxxxxxx>
Re: [RFC PATCH v3 18/19] samples/landlock: Support socket protocol restrictions
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 19/19] landlock: Document socket rule type support
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Petr Machata <petrm@xxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: "libmnl" project doxygen-generated documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v6] netfilter: Make legacy configs user selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH] nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
- From: Hannes Reinecke <hare@xxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
RE: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function
- From: Danielle Ratson <danieller@xxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: iptables 1.8.10 translate error
- From: Phil Sutter <phil@xxxxxx>
Re: iptables 1.8.10 translate error
- From: <imnozi@xxxxxxxxx>
Re: iptables 1.8.10 translate error
- From: Florian Westphal <fw@xxxxxxxxx>
iptables 1.8.10 translate error
- From: <imnozi@xxxxxxxxx>
Re: [RFC PATCH v3 17/19] samples/landlock: Replace atoi() with strtoull() in populate_ruleset_net()
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 16/19] selftests/landlock: Test that accept(2) is not restricted
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 15/19] selftests/landlock: Test SCTP peeloff restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[PATCH 6.1 62/73] netfilter: nf_tables: missing iterator type in lookup walk
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 6.1 61/73] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 6.6 46/54] netfilter: nf_tables: missing iterator type in lookup walk
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH 6.6 45/54] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] selftests: netfilter: Add missing resturn value.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] selftests: netfilter: Add missing resturn value.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH] selftests: netfilter: Fix nft_audit.sh for newer nft binaries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] selftests: netfilter: Add missing resturn value.
- From: Phil Sutter <phil@xxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH -stable,5.10 0/2] Netfilter fixes for -stable
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: stable request: netfilter: make cgroupsv2 matching work with namespaces
- From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
[PATCH] selftests: netfilter: Add missing resturn value.
- From: zhangjiao2 <zhangjiao2@xxxxxxxxxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[nf PATCH] selftests: netfilter: Fix nft_audit.sh for newer nft binaries
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v2 5/7] cache: consolidate reset command
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft,v2 5/7] cache: consolidate reset command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net 01/14] netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[PATCH net 13/14] kselftest: add test for nfqueue induced conntrack race
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 09/14] netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 02/14] netfilter: conntrack: add clash resolution for reverse collisions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next 5/7] netfilter: conntrack: rework offload nf_conn timeout extension logic
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net 10/14] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 06/14] docs: tproxy: ignore non-transparent sockets in iptables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 11/14] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 14/14] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 05/14] netfilter: ctnetlink: Guard possible unused functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 12/14] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 08/14] netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 07/14] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 04/14] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 01/14] netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 03/14] selftests: netfilter: add reverse-clash resolution test case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net,v2 00/14] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: наб <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH v5 06/18] netfilter: nf_tables: Simplify chain netdev notifier
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 05/18] netfilter: nf_tables: Tolerate chains with no remaining hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 14/18] netfilter: nf_tables: Wrap netdev notifiers
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 09/18] netfilter: nf_tables: Introduce nft_register_flowtable_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 08/18] netfilter: nf_tables: Introduce nft_hook_find_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 15/18] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 18/18] selftests: netfilter: Torture nftables netdev hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 11/18] netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 04/18] netfilter: nf_tables: Compare netdev hooks based on stored name
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 02/18] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 00/18] Dynamic hook interface binding
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 01/18] netfilter: nf_tables: Flowtable hook's pf value never varies
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 13/18] netfilter: nf_tables: flowtable: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 12/18] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 16/18] netfilter: nf_tables: Support wildcard netdev hook specs
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 10/18] netfilter: nf_tables: Drop __nft_unregister_flowtable_net_hooks()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 17/18] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 03/18] netfilter: nf_tables: Use stored ifname in netdev hook dumps
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v5 07/18] netfilter: nf_tables: Introduce functions freeing nft_hook objects
- From: Phil Sutter <phil@xxxxxx>
[bug report] netfilter: nf_tables: no size estimation if number of set elements is unknown
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH net 00/14] Netfilter fixes for net
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: наб <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
Re: [PATCH nft,v2 5/7] cache: consolidate reset command
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [RFC PATCH v2 02/12] landlock: Add hook on socket creation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: [nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Unsubscribe
- From: michael.steinmann@xxxxxxxxxxx
Re: [PATCH AUTOSEL 6.11 049/244] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Florian Westphal <fw@xxxxxxxxx>
[ANNOUNCE] libnetfilter_conntrack 1.1.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH AUTOSEL 6.11 049/244] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH AUTOSEL 6.6 038/139] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.10 040/197] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH AUTOSEL 6.11 049/244] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH AUTOSEL 6.11 049/244] netfilter: nf_tables: don't initialize registers in nft_do_chain()
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 6.11 048/244] netfilter: nf_tables: do not remove elements if set backend implements .abort
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH libnftnl] src: remove scaffolding around deprecated parser functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_conntrack] src: remove unused parameter from build functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v4] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
Re: [PATCH v3] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
[PATCH net 13/14] kselftest: add test for nfqueue induced conntrack race
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 14/14] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 12/14] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 11/14] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 10/14] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 08/14] netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 09/14] netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 07/14] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 05/14] netfilter: ctnetlink: Guard possible unused functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 06/14] docs: tproxy: ignore non-transparent sockets in iptables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 04/14] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 03/14] selftests: netfilter: add reverse-clash resolution test case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 02/14] netfilter: conntrack: add clash resolution for reverse collisions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 01/14] netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 00/14] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 7/7] netfilter: nft_flow_offload: do not remove flowtable entry for fin packets
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 6/7] netfilter: nft_flow_offload: never grow the timeout when moving packets back to slowpath
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 5/7] netfilter: conntrack: rework offload nf_conn timeout extension logic
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/7] netfilter: flowtable: prefer plain nf_ct_refresh for setting initial timeout
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/7] netfilter: conntrack: remove skb argument from nf_ct_refresh
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/7] netfilter: nft_flow_offload: update tcp state flags under lock
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/7] netfilter: nft_flow_offload: clear tcp MAXACK flag before moving to slowpath
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/7] netfilter: rework conntrack/flowtable interaction
- From: Florian Westphal <fw@xxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] net/bridge: Optimizing read-write locks in ebtables.c
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3] net/bridge: Optimizing read-write locks in ebtables.c
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [PATCH v3] net/bridge: Optimizing read-write locks in ebtables.c
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
[PATCH v3] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
Re: [PATCH v2] net/bridge: Optimizing read-write locks in ebtables.c
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH v2] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
Re: [PATCH v2] net/bridge: Optimizing read-write locks in ebtables.c
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH v2] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Chris Mi <cmi@xxxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Chris Mi <cmi@xxxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Florian Westphal <fw@xxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Chris Mi <cmi@xxxxxxxxxx>
Re: [RFC PATCH v1 0/4] Implement performance impact measurement tool
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] net/bridge: Optimizing read-write locks in ebtables.c
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [PATCH] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
Re: ct hardware offload ignores RST packet
- From: Florian Westphal <fw@xxxxxxxxx>
ct hardware offload ignores RST packet
- From: Chris Mi <cmi@xxxxxxxxxx>
Re: [PATCH] net/bridge: Optimizing read-write locks in ebtables.c
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH] net/bridge: Optimizing read-write locks in ebtables.c
- From: yushengjin <yushengjin@xxxxxxxxxxxxx>
[PATCH libnftnl] expr: dynset: validate expressions are of nested type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v4 13/16] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [nf-next PATCH v4 13/16] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Florian Westphal <fw@xxxxxxxxx>
[nf-next:testing 4/5] net/netfilter/nf_nat_masquerade.c:273:6: warning: variable 'ret' is uninitialized when used here
- From: kernel test robot <lkp@xxxxxxxxx>
[nf-next:testing 4/5] net/netfilter/nf_nat_masquerade.c:252:30: warning: variable 'newrange' set but not used
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [syzbot] [netfilter] BUG: soft lockup in batadv_iv_send_outstanding_bat_ogm_packet
- From: syzbot <syzbot+572f6e36bc6ee6f16762@xxxxxxxxxxxxxxxxxxxxxxxxx>
[nf-next PATCH v4 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 01/16] netfilter: nf_tables: Flowtable hook's pf value never varies
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 13/16] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 16/16] selftests: netfilter: Torture nftables netdev hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 12/16] netfilter: nf_tables: flowtable: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 02/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 08/16] netfilter: nf_tables: Introduce nft_register_flowtable_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 05/16] netfilter: nf_tables: Tolerate chains with no remaining hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 04/16] netfilter: nf_tables: Compare netdev hooks based on stored name
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 14/16] netfilter: nf_tables: Support wildcard netdev hook specs
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 10/16] netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 07/16] netfilter: nf_tables: Introduce nft_hook_find_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 03/16] netfilter: nf_tables: Use stored ifname in netdev hook dumps
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 06/16] netfilter: nf_tables: Introduce functions freeing nft_hook objects
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 00/16] Dynamic hook interface binding
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v4 09/16] netfilter: nf_tables: Drop __nft_unregister_flowtable_net_hooks()
- From: Phil Sutter <phil@xxxxxx>
Re: stable request: netfilter: make cgroupsv2 matching work with namespaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
stable request: netfilter: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf PATCH v2] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf PATCH v2] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Phil Sutter <phil@xxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Florian Westphal <fw@xxxxxxxxx>
[nf PATCH] netfilter: nf_tables: nft_flowtable_find_dev() lacks rcu_read_lock()
- From: Phil Sutter <phil@xxxxxx>
[nf PATCH] selftests: netfilter: Avoid hanging ipvs.sh
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH 1/5] LSM: Replace context+len with lsm_context
- From: Todd Kjos <tkjos@xxxxxxxxxx>
[PATCH 5.4.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
[PATCH 5.10.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
[PATCH 5.15.y 1/1] inet: inet_defrag: prevent sk release while still in use
- From: Saeed Mirzamohammadi <saeed.mirzamohammadi@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Antonio Ojea <aojea@xxxxxxxxxx>
[PATCH nf] kselftest: add test for nfqueue induced conntrack race
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_queue: remove old clash resolution logic
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 09/19] selftests/landlock: Test creating a ruleset with unknown access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 08/19] selftests/landlock: Test overlapped restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables: missing objects with no memcg accounting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Florian Westphal <fw@xxxxxxxxx>
[no subject]
- From: Unknown
Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.10 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,5.15 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.1 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 2/2] netfilter: nf_tables: missing iterator type in lookup walk
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 1/2] netfilter: nft_set_pipapo: walk over current view on netlink dump
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -stable,6.6 0/2] Netfilter fixes for -stable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] cache: initialize filter when fetching implicit chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] cache: initialize filter when fetching implicit chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v3] doc: tproxy is non-terminal in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: conntrack: conditionally compile ctnetlink_label_size
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: conntrack: compile label helpers unconditionally
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 0/2] netfilter: conntrack: label helpers conditional compilation updates
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next] netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nft] doc: tproxy is non-terminal in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
"libmnl" project doxygen-generated documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] doc: tproxy is non-terminal in nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: more ransomization for timeout parameter
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [syzbot] [virt?] [netfilter?] INFO: rcu detected stall in ip_list_rcv (6)
- From: syzbot <syzbot+45b67ef6e09a39a2cbcd@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH libnetfilter_queue] doc: Install libnetfilter_queue.7 man page
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Phil Sutter <phil@xxxxxx>
[PATCH net] netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH] extensions: TPROXY: Fix for translation being non-terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[iptables PATCH] extensions: TPROXY: Fix for translation being non-terminal
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nft_tproxy: make it terminal
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nfnetlink_queue: reroute reinjected packets from postrouting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[no subject]
- From: Unknown
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Florian Westphal <fw@xxxxxxxxx>
[no subject]
- From: Unknown
Re: [nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Florian Westphal <fw@xxxxxxxxx>
[nf-next PATCH v3 16/16] selftests: netfilter: Torture nftables netdev hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 15/16] netfilter: nf_tables: Add notications for hook changes
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 13/16] netfilter: nf_tables: Handle NETDEV_CHANGENAME events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 10/16] netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 08/16] netfilter: nf_tables: Introduce nft_hook_find_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 12/16] netfilter: nf_tables: flowtable: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 05/16] netfilter: nf_tables: Compare netdev hooks based on stored name
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 06/16] netfilter: nf_tables: Tolerate chains with no remaining hooks
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 03/16] netfilter: nf_tables: Store user-defined hook ifname
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 01/16] netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 07/16] netfilter: nf_tables: Introduce functions freeing nft_hook objects
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 09/16] netfilter: nf_tables: Introduce nft_register_flowtable_ops()
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 04/16] netfilter: nf_tables: Use stored ifname in netdev hook dumps
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 00/16] Dynamic hook interface binding
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 14/16] netfilter: nf_tables: Support wildcard netdev hook specs
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 02/16] netfilter: nf_tables: Flowtable hook's pf value never varies
- From: Phil Sutter <phil@xxxxxx>
[nf-next PATCH v3 11/16] netfilter: nf_tables: chain: Respect NETDEV_REGISTER events
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH] docs: tproxy: ipt: ignore non-transparent sockets
- From: 谢致邦 (XIE Zhibang) <Yeking@xxxxxxxxx>
[PATCH v3] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net] net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
Re: [PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next 5/5] netfilter: nf_tables: allocate element update information dynamically
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/5] netfilter: nf_tables: switch trans_elem to real flex array
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/5] netfilter: nf_tables: prepare for multiple elements in nft_trans_elem structure
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/5] netfilter: nf_tables: prefer nft_trans_elem_alloc helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/5] netfilter: nf_tables: add nft_trans_commit_list_add_elem helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/5] netfilter: nf_tables: reduce set element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] selftests: netfilter: tproxy tcp and udp tests
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH v2] selftests: netfilter: tproxy tcp and udp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
[PATCH nft] tests: py: fix up udp csum fixup output
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] ksleftest nfqueue race with dnat
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH] ksleftest nfqueue race with dnat
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [RFC PATCH v3 05/19] selftests/landlock: Test adding a rule for each unknown access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 04/19] selftests/landlock: Test adding a rule with each supported access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [RFC PATCH v3 03/19] selftests/landlock: Test basic socket restriction
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
[PATCH nf-next 3/3] selftests: netfilter: add reverse-clash resolution test case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/3] netfilter: conntrack: add clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/3] netfilter: conntrack: clash resolution for reverse collisions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH net-next v3 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad
- From: Justin Stitt <justinstitt@xxxxxxxxxx>
Re: [PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nft] tests: shell: add test case for timeout updates
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft] tests: shell: extend vmap test with updates
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next v2 1/1] netfilter: conntrack: Guard possible unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH] selftests: netfilter: nft_tproxy.sh: add tcp tests
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH nft 2/2] proto: use NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag to mangle UDP checksum
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] tests: shell: stabilize packetpath/payload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH nf-next v5 2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v5 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v5 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [RFC PATCH v3 01/19] landlock: Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[PATCH libmnl] doc: Address warnings emitted by doxygen 1.12.0
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH nf v2 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net-next 01/16] netfilter: ctnetlink: support CTA_FILTER for flush
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next v2 0/5] make use of the helper macro LIST_HEAD()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: David Ahern <dsahern@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH net v1 1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Xin Long <lucien.xin@xxxxxxxxx>
Re: [PATCH net-next 07/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 06/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [RFC PATCH v3 01/19] landlock: Support socket access-control
- From: "Günther Noack" <gnoack@xxxxxxxxxx>
Re: [PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 11/12] ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 10/12] netfilter: nf_dup4: Unmask upper DSCP bits in nf_dup_ipv4_route()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 09/12] netfilter: nft_flow_offload: Unmask upper DSCP bits in nft_flow_route()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 08/12] ipv4: netfilter: Unmask upper DSCP bits in ip_route_me_harder()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 04/12] ipv4: icmp: Unmask upper DSCP bits in icmp_reply()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 03/12] bpf: lwtunnel: Unmask upper DSCP bits in bpf_lwt_xmit_reroute()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 02/12] ipv4: ip_gre: Unmask upper DSCP bits in ipgre_open()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next 01/12] netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next v1] netlink: specs: nftables: allow decode of tailscale ruleset
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH net-next 16/16] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 15/16] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 14/16] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 13/16] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 12/16] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 11/16] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 10/16] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 09/16] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 05/16] netfilter: nf_tables: drop unused 3rd argument from validate callback ops
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 07/16] netfilter: nf_tables: Add missing Kernel doc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 08/16] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 04/16] netfilter: conntrack: Convert to use ERR_CAST()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 06/16] netfilter: nf_tables: Correct spelling in nf_tables.h
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 03/16] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 02/16] netfilter: nft_counter: Use u64_stats_t for statistic.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 01/16] netfilter: ctnetlink: support CTA_FILTER for flush
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 00/16] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net v1 1/1] netfilter: conntrack: Guard possoble unused functions
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
[PATCH net-next 12/12] sctp: Unmask upper DSCP bits in sctp_v4_get_dst()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 11/12] ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 10/12] netfilter: nf_dup4: Unmask upper DSCP bits in nf_dup_ipv4_route()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 09/12] netfilter: nft_flow_offload: Unmask upper DSCP bits in nft_flow_route()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 08/12] ipv4: netfilter: Unmask upper DSCP bits in ip_route_me_harder()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 07/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 06/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 05/12] ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 04/12] ipv4: icmp: Unmask upper DSCP bits in icmp_reply()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 03/12] bpf: lwtunnel: Unmask upper DSCP bits in bpf_lwt_xmit_reroute()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 02/12] ipv4: ip_gre: Unmask upper DSCP bits in ipgre_open()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 00/12] Unmask upper DSCP bits - part 4 (last)
- From: Ido Schimmel <idosch@xxxxxxxxxx>
[PATCH net-next 01/12] netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: kernel test robot <lkp@xxxxxxxxx>
Re: [PATCH] ext4: Fix error message when rejecting the default hash
- From: "Theodore Ts'o" <tytso@xxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: kernel test robot <lkp@xxxxxxxxx>
[PATCH nf 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_socket: fix sk refcount leaks
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v1 2/4] selftests/landlock: Implement per-syscall microbenchmarks
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH] netfilter: tproxy: Add RCU protection in nf_tproxy_laddr4
- From: Jiawei Ye <jiawei.ye@xxxxxxxxxxx>
[RFC PATCH v3 19/19] landlock: Document socket rule type support
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 18/19] samples/landlock: Support socket protocol restrictions
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 17/19] samples/landlock: Replace atoi() with strtoull() in populate_ruleset_net()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 16/19] selftests/landlock: Test that accept(2) is not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 15/19] selftests/landlock: Test SCTP peeloff restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 14/19] selftests/landlock: Test socketpair(2) restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 13/19] selftests/landlock: Test packet protocol alias
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 12/19] selftests/landlock: Test that kernel space sockets are not restricted
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 11/19] selftests/landlock: Test unsupported protocol restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 10/19] selftests/landlock: Test adding a rule with family and type outside the range
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 09/19] selftests/landlock: Test creating a ruleset with unknown access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 08/19] selftests/landlock: Test overlapped restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 07/19] selftests/landlock: Test adding a rule for empty access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 06/19] selftests/landlock: Test adding a rule for unhandled access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 05/19] selftests/landlock: Test adding a rule for each unknown access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 04/19] selftests/landlock: Test adding a rule with each supported access
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 03/19] selftests/landlock: Test basic socket restriction
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 02/19] landlock: Add hook on socket creation
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 01/19] landlock: Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v3 00/19] Support socket access-control
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next v2 0/5] make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 5/5] net/core: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 3/5] net/netfilter: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 1/5] net/ipv4: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v2 4/5] net/ipv6: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
[PATCH net-next v1] netlink: specs: nftables: allow decode of tailscale ruleset
- From: Donald Hunter <donald.hunter@xxxxxxxxx>
Re: [PATCH v2 net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] libnftables: Zero ctx->vars after freeing it
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
[nft PATCH] libnftables: Zero ctx->vars after freeing it
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
[PATCH nf-next,v3 9/9] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 7/9] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 6/9] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 4/9] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 2/9] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 3/9] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 5/9] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v3 1/9] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] libnftables: set variable array to NULL after release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx>
Re: [PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH nf-next,v2 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: Guillaume Nault <gnault@xxxxxxxxxx>
Re: [PATCH net-next v1] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v1] netfilter: conntrack: Convert to use ERR_CAST()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: drop unused 3rd argument from validate callback ops
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
- From: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
[PATCH nft,v2] src: support for timeout never in elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 2/9] netfilter: nf_tables: reject element expiration with no timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 1/9] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 3/9] netfilter: nf_tables: reject expiration higher than timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 4/9] netfilter: nf_tables: remove annotation to access set timeout while holding lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 5/9] netfilter: nft_dynset: annotate data-races around set timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 8/9] netfilter: nf_tables: zero timeout means element never times out
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 9/9] netfilter: nf_tables: set element timeout update support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 7/9] netfilter: nf_tables: consolidate timeout extension for elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2 6/9] netfilter: nf_tables: annotate data-races around element expiration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2 net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/1] asn: fix missing quiet checks in xt_asn_build
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: Ido Schimmel <idosch@xxxxxxxxxx>
Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching
- From: David Ahern <dsahern@xxxxxxxxxx>
Re: [PATCH nft] tests: shell: extend coverage for meta l4proto netdev/egress matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Request for comments
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Donald Hunter <donald.hunter@xxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH net-next] netlink: specs: nftables: allow decode of default firewalld ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] ipset: Fix implicit declaration of function basename
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Request for comments
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH] ksleftest nfqueue race with dnat
- From: Antonio Ojea <aojea@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] ipset: Fix implicit declaration of function basename
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v4 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: tproxy: Add missing Kernel doc to nf_tproxy.h
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nf_tables: Add missing Kernel doc to nf_tables.h
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH nf-next 0/2] netfilter: Add missing Kernel doc to headers
- From: Simon Horman <horms@xxxxxxxxxx>
Re: [PATCH v2 2/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Simon Horman <horms@xxxxxxxxxx>
[PATCH] ipset: Fix implicit declaration of function basename
- From: mpagano@xxxxxxxxxx
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next] selftests: netfilter: nft_queue.sh: fix spurious timeout on debug kernel
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnetfilter_conntrack v2] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
[PATCH libnetfilter_conntrack v1] conntrack: Add zone filtering for conntrack events
- From: Priyankar Jain <priyankar.jain@xxxxxxxxxxx>
Re: [PATCH net-next 2/5] net/tipc: make use of the helper macro LIST_HEAD()
- From: Hongbo Li <lihongbo22@xxxxxxxxxx>
Re: [PATCH net-next v2 0/6] replace deprecated strcpy with strscpy
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
Re: [PATCH net-next v2 0/6] replace deprecated strcpy with strscpy
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH nf-next v4 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
[PATCH v2 2/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
[PATCH v2 1/2] err.h: Add ERR_PTR_PCPU(), PTR_ERR_PCPU() and IS_ERR_PCPU() macros
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
[PATCH v2 0/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
- From: Uros Bizjak <ubizjak@xxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
Re: [PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Eric Garver <eric@xxxxxxxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Joshua Lant <joshualant@xxxxxxxxxxxxxx>
Re: [PATCH iptables 1/1] configure: Determine if musl is used for build
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft 4/5] cache: relax requirement for replace rule command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/5] cache: remove full cache requirement when echo flag is set on
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 5/5] cache: position does not require full cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/5] cache: clean up evaluate_cache_del()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/5] cache: assert filter when calling nft_cache_evaluate()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
- From: Breno Leitao <leitao@xxxxxxxxxx>
Re: [PATCH net 1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress
- From: patchwork-bot+netdevbpf@xxxxxxxxxx

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]