Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[PATCH v3 nf-next 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
netfilter: nat: merge ipv4 and ipv6 nat modules
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 0/2] Follow-up on arptables output changes
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 1/2] arptables-nft: Set h-type/h-length masks by default, too
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] extensions: Fix arptables extension tests
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/2] Follow-up on arptables output changes
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v2 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 11/11] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 10/11] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 09/11] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 00/11] netfilter: nat: remove module dependency on
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 3/7] arptables-nft: Fix CLASSIFY target printing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 4/7] arptables-nft: Remove space between *cnt= and value
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 5/7] arptables-nft-save: Fix position of -j option
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/7] arptables-nft: Fix MARK target parsing and printing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/7] arptables-nft: Fix listing rules without target
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 7/7] tests: shell: Add arptables-nft verbose output test
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 6/7] arptables-nft: Don't print default h-len/h-type values
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next 11/11] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 10/11] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 09/11] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 00/11] netfilter: nat: merge ipv4 and ipv6 nat modules
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_nat: skip nat clash resolution for same-origin entries
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] selftests: netfilter: add simple masq/redirect test cases
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Phil Sutter <phil@xxxxxx>
Re: Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [B.A.T.M.A.N.] "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] selftests/netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: nft_tunnel: Add NFTA_TUNNEL_MODE options
- From: wenxu@xxxxxxxxx
[PATCH] selftests/netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
Re: [PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Re: [PATCH 00/33] Netfilter/IPVS updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 02/33] netfilter: nf_tables: handle nft_object lookups via rhltable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/33] netfilter: nf_tables: add direct calls for all builtin expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/33] netfilter: physdev: relax br_netfilter dependency
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/33] netfilter: conntrack: gre: convert rwlock to rcu
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/33] netfilter: conntrack: remove net_id
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/33] netfilter: nf_tables: prepare nft_object for lookups via hashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/33] netfilter: conntrack: remove invert_tuple callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/33] netfilter: conntrack: gre: switch module to be built-in
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/33] netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/33] netfilter: conntrack: remove module owner field
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/33] netfilter: conntrack: handle builtin l4proto packet functions via direct calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/33] netfilter: conntrack: remove pernet l4 proto register interface
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/33] netfilter: conntrack: remove l4proto destroy hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/33] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/33] netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/33] netfilter: conntrack: unify sysctl handling
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/33] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 28/33] netfilter: conntrack: fix bogus port values for other l4 protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/33] netfilter: conntrack: remove nf_ct_l4proto_find_get
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/33] netfilter: conntrack: remove l4proto init and get_net callbacks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 26/33] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 30/33] ipvs: use indirect call wrappers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 29/33] ipvs: avoid indirect calls when calculating checksums
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 32/33] netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 33/33] netfilter: ipv4: remove useless export_symbol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 27/33] netfilter: conntrack: fix IPV6=n builds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 31/33] netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/33] netfilter: nat: un-export nf_nat_used_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/33] netfilter: conntrack: remove sysctl registration helpers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/33] netfilter: conntrack: remove remaining l4proto indirect packet calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/33] netfilter: conntrack: remove pkt_to_tuple callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/33] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/33] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/7] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 4/7] ipvs: Fix signed integer overflow when setsockopt timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/7] netfilter: nft_compat: make lists per netns
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/7] netfilter: nft_compat: destroy function must not have side effects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/7] netfilter: nfnetlink_osf: add missing fmatch check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/7] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/7] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: [PATCH nft] include: add cplusplus guards for extern
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: ipv4: remove useless export_symbol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v2 0/2] fix glitch in IPVS /proc handlers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl 0/2] Revert map lookups for expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ebtables-legacy PATCH 1/2] ebtables: drop .spec file
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] include: add cplusplus guards for extern
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] conntrackd.conf.8: fix state filter example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: wenxu <wenxu@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
"Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
[PATCH nf-next] netfilter: ipv4: remove useless export_symbol
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [RFC nft] evaluate: kill anon sets with one element
- From: Phil Sutter <phil@xxxxxx>
[conntrack-tools PATCH] conntrackd.conf.8: fix state filter example
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Historical keynote by Rusty Russell at linux.conf.au 2019
- From: Harald Welte <laforge@xxxxxxxxxxxxx>
[RFC nft] evaluate: kill anon sets with one element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Userspace Queue Payloads
- From: Muneyuki KAWATANI <kawatani.muneyuki@xxxxxxxxxxxxx>
Re: general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount]
- From: Steffen Nurpmeso <steffen@xxxxxxxxxx>
Userspace Queue Payloads
- From: dave madden <netfilter@xxxxxxxxxxxx>
[PATCH nft] meta: add iifkind and oifkind support
- From: wenxu@xxxxxxxxx
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH] ipvs: Fix signed integer overflow when setsockopt timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Re: general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Anders Roxell <anders.roxell@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
INFO: rcu detected stall in gc_worker
- From: syzbot <syzbot+655174276c47216abab5@xxxxxxxxxxxxxxxxxxxxxxxxx>
[ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
[ebtables-legacy PATCH 1/2] ebtables: drop .spec file
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
[iptables PATCH 3/3] xtables: Fix for false-positive rule matching
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/3] xtables: Fix for crash when comparing rules with standard target
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/3] nft: Fix potential memleaks in nft_*_rule_find()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/3] xtables: Fix multiple issues in rule matching code
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Eli Cooper <elicooper@xxxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
EINVAL from ebtables -b broute -F BROUTING
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 0/2] ebtables-nft output fixes
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/2] ebtables: Fix rule listing with counters
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
[PATCH nf-next 2/2] netfilter: conntrack: fix bogus port values for other l4 protocols
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2] netfilter: nfnetlink_osf: add missing fmatch check
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH libnftnl 2/2] Revert "expr: add map lookups for hash statements"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH libnftnl 1/2] Revert "expr: add map lookups for numgen statements"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH libnftnl 0/2] Revert map lookups for expressions
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Eli Cooper <elicooper@xxxxxxx>
linux-next: build failure after merge of the netfilter-next tree
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Julian Anastasov <ja@xxxxxx>
Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Julian Anastasov <ja@xxxxxx>
[PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx>
[PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Matteo Croce <mcroce@xxxxxxxxxx>
[PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Matteo Croce <mcroce@xxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: David Ahern <dsahern@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add direct calls for all builtin expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: physdev: relax br_netfilter dependency
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/16] conntrack: remove indirect calls from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: nf_tables: prepare nft_object for lookups via hashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nf_tables: handle nft_object lookups via rhltable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount]
- From: Steffen Nurpmeso <steffen@xxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Phil Sutter <phil@xxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/3] xtables: Fix position of replaced rules in cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
stable fixes for nf_conncount 4.19.x
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
Re: Deleting tables from included files causes a kernel BUG
- From: zrm <zrm@xxxxxxxxxxxxxxx>
Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: Deleting tables from included files causes a kernel BUG
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
[PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] src: Quote user-defined names
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next,v2] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
INFO: rcu detected stall in tipc_disc_timeout
- From: syzbot <syzbot+9f5271e1f46f2954d29c@xxxxxxxxxxxxxxxxxxxxxxxxx>
[PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu@xxxxxxxxx
[iptables PATCH 0/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/3] xtables: Fix position of replaced rules in cache
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH 0/7] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH nf-next 16/16] netfilter: conntrack: remove nf_ct_l4proto_find_get
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 11/16] netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 15/16] netfilter: conntrack: remove l4proto destroy hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 12/16] netfilter: conntrack: unify sysctl handling
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 14/16] netfilter: conntrack: remove l4proto init and get_net callbacks
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 13/16] netfilter: conntrack: remove sysctl registration helpers
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 10/16] netfilter: conntrack: remove pernet l4 proto register interface
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 09/16] netfilter: conntrack: remove remaining l4proto indirect packet calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 08/16] netfilter: conntrack: remove module owner field
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 07/16] netfilter: conntrack: remove invert_tuple callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 06/16] netfilter: conntrack: remove pkt_to_tuple callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 05/16] netfilter: conntrack: remove net_id
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 04/16] netfilter: conntrack: gre: switch module to be built-in
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 03/16] netfilter: conntrack: gre: convert rwlock to rcu
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 02/16] netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 01/16] netfilter: conntrack: handle builtin l4proto packet functions via direct calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/16] conntrack: remove indirect calls from packet path
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu@xxxxxxxxx
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Martin Steigerwald <martin@xxxxxxxxxxxx>
Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: wenxu@xxxxxxxxx
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: chain: Add missing nftnl_chain_rule_del()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/7] netfilter: nf_tables: fix leaking object reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/7] netfilter: nft_flow_offload: Fix reverse route lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/7] netfilter: ebtables: account ebt_table_info to kmemcg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/7] netfilter: nf_tables: selective rule dump needs table to be specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/7] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/7] netfilter: nft_flow_offload: fix checking method of conntrack helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nf_tables: Fix for endless loop when dumping ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf 3/3] netfilter: nft_compat: destroy function must not have side effects
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 2/3] netfilter: nft_compat: make lists per netns
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/3] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: fix checking method of conntrack helper
- From: John Crispin <john@xxxxxxxxxxx>
[PATCH] netfilter: fix checking method of conntrack helper
- From: Henry Yen <henry.yen@xxxxxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: wenxu@xxxxxxxxx
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
[PATCH nf-next] netfilter: physdev: relax br_netfilter dependency
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH v3] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: wenxu@xxxxxxxxx
Re: IPtables v 1.8.2 patch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPtables v 1.8.2 patch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] payload: refine payload expr merging
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_compat: fix a race condition in match/target list
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH nf 0/2] netfilter: nft_compat: fix a race condition in nft_compat module
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
[PATCH nft] payload: refine payload expr merging
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [PATCH] ipset: fix a missing check of nla_parse
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
[PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: wenxu@xxxxxxxxx
[PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu@xxxxxxxxx
IPtables v 1.8.2 patch
- From: "Nathan O." <ndowens04@xxxxxxxxx>
Re: [PATCH] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: fix a missing check of nla_parse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] src: fix netdev family device name parsing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] src: fix netdev family device name parsing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Jann Haber <jann.haber@xxxxxxxxxx>
Re: [PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: x_tables: add xt_tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 2/5] nft: Simplify flush_chain_cache()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 1/5] nft: Simplify nft_is_chain_compatible()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: remove helper hook again
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: [PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr
- From: wenxu@xxxxxxxxx
Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: selective rule dump needs table to be specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_nat: return the same reply tuple for matching CTs
- From: Johannes Würbach <johannes.wuerbach@xxxxxxxxxxxxxx>
[PATCH AUTOSEL 4.20 001/117] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 084/117] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 085/117] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 086/117] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH] [v2] netfilter: ipset: fix a missing check of nla_parse
- From: Kadlecsik József <kadlecsik.jozsef@xxxxxxxxxxxxx>
[PATCH AUTOSEL 4.19 01/97] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH v2 2/2] ipset: merge uadd and udel functions
- From: Kadlecsik József <kadlecsik.jozsef@xxxxxxxxxxxxx>
[PATCH AUTOSEL 4.19 68/97] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 70/97] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 69/97] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH v2 1/2] ipset: remove useless memset() calls
- From: Kadlecsik József <kadlecsik.jozsef@xxxxxxxxxxxxx>
[PATCH AUTOSEL 4.14 37/53] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: add direct calls for all builtin expressions
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/2] netfilter: nf_tables: handle nft_object lookups via rhltable
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nf_tables: prepare nft_object for lookups via hashtable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [apparmor] Apparmor netfiter support?
- From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [nf-next] netfilter: Add support for inner IPv6 packet match
- From: "David R. Bild" <david.bild@xxxxxxxxxx>
[PATCH] [v2] netfilter: ipset: fix a missing check of nla_parse
- From: Aditya Pakki <pakki001@xxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters
- From: Guenter Roeck <linux@xxxxxxxxxxxx>
[PATCH nft 4/4] tests: shell: remove RETURNCODE_SEPARATOR
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 2/4] tests: shell: change all test scripts to return 0
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 3/4] tests: shell: fix up redefine test case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/4] tests: shell: add test case for leaking of stateful object refcount
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 0/4] tests: change test scripts to return 0
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: fix leaking object reference count
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters
- From: Guenter Roeck <linux@xxxxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 00/10] audit: implement container identifier
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 00/10] audit: implement container identifier
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 05/10] audit: add support for non-syscall auxiliary records
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 00/10] audit: implement container identifier
- From: Guenter Roeck <linux@xxxxxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Jann Haber <jann.haber@xxxxxxxxxx>
Re: nftables Newcomers Tasks from Bugzilla
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 00/10] audit: implement container identifier
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: Selfnet: Possible Bugs found in nftables
- From: Florian Westphal <fw@xxxxxxxxx>
Selfnet: Possible Bugs found in nftables
- From: Jann Haber <jann.haber@xxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 00/10] audit: implement container identifier
- From: Guenter Roeck <linux@xxxxxxxxxxxx>
Re: nftables Newcomers Tasks from Bugzilla
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: William Kucharski <william.kucharski@xxxxxxxxxx>
[PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH net-next] vrf: Add VRF_F_BYPASS_RCV_NF flag to vrf device
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next] vrf: Add VRF_F_BYPASS_RCV_NF flag to vrf device
- From: David Ahern <dsahern@xxxxxxxxx>
[PATCH nft] rule: fix object listing when no table is given
- From: Florian Westphal <fw@xxxxxxxxx>
Re:Re: [PATCH] nft_flow_offload: Fix the peer route get from wrong daddr
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
[PATCH v2] net: nf_tables: Fix speedup of selective rule dumps
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting
- From: Nivedita Singhvi <nivedita.singhvi@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting
- From: Nivedita Singhvi <nivedita.singhvi@xxxxxxxxxxxxx>
Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v4 0/5] Separate rule cache per chain et al.
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v4 2/5] nft: Simplify flush_chain_cache()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v4 1/5] nft: Simplify nft_is_chain_compatible()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Phil Sutter <phil@xxxxxx>
[PATCH] net: nf_tables: Fix for endless loop when dumping ruleset
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] src: chain: Add missing nftnl_chain_rule_del()
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 21/21] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 11/21] xtables: Implement per chain rule cache
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH 0/9] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
[PATCH v2 1/2] ipset: remove useless memset() calls
- From: Florent Fourcot <florent.fourcot@xxxxxxxxxx>
[PATCH v2 2/2] ipset: merge uadd and udel functions
- From: Florent Fourcot <florent.fourcot@xxxxxxxxxx>
[PATCH 3/9] netfilter: nf_conncount: don't skip eviction when age is negative
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/9] netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/9] netfilter: nf_tables: fix a missing check of nla_put_failure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 8/9] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/9] netfilter: nf_conncount: restart search when nodes have been erased
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/9] netfilter: nf_conncount: merge lookup and add functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 9/9] netfilter: nf_conncount: fix argument order to find_next_bit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/9] netfilter: nf_conncount: move all list iterations under spinlock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/9] netfilter: nf_conncount: split gc in two phases
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/9] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft_flow_offload: Fix the peer route get from wrong daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: wenxu@xxxxxxxxx
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
[PATCH] netfilter: account ebt_table_info to kmemcg
- From: Shakeel Butt <shakeelb@xxxxxxxxxx>
Re: [PATCH] netfilter: fix a missing check of nla put failure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/2] ipset: remove useless memset() calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] libxtables: work around unwanted kernel module load
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] libxtables: work around unwanted kernel module load
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH iptables] libxtables: work around unwanted kernel module load
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] src: add igmp support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] doc: refer to meta protocol in icmp and icmpv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/2] ipset: merge uadd and udel functions
- From: Florent Fourcot <florent.fourcot@xxxxxxxxxx>
[PATCH 1/2] ipset: remove useless memset() calls
- From: Florent Fourcot <florent.fourcot@xxxxxxxxxx>
Re: [PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [iptables PATCH v3 03/21] xtables-restore: Review chain handling
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf 8/8] netfilter: nf_conncount: fix argument order to find_next_bit
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 7/8] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 6/8] netfilter: nf_conncount: move all list iterations under spinlock
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 5/8] netfilter: nf_conncount: merge lookup and add functions
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 3/8] netfilter: nf_conncount: split gc in two phases
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 2/8] netfilter: nf_conncount: don't skip eviction when age is negative
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/8] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 09/10] audit: NETFILTER_PKT: record each container ID associated with a netNS
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH nft] src: remove deprecated code for export/import commands
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 21/21] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 11/21] xtables: Implement per chain rule cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 06/21] nft: Reduce indenting level in flush_chain_cache()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 04/21] nft: Review is_*_compatible() routines
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 03/21] xtables-restore: Review chain handling
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 00/21] Separate rule cache per chain et al.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 (was ghak32) V4 09/10] audit: NETFILTER_PKT: record each container ID associated with a netNS
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 21/97] netfilter: seqadj: re-load tcp header pointer after possible head reallocation
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 20/97] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace()
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.9 08/35] netfilter: seqadj: re-load tcp header pointer after possible head reallocation
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.9 12/35] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 36/97] netfilter: nat: can't use dst_hold on noref dst
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 35/97] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 37/97] netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node()
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 12/59] netfilter: seqadj: re-load tcp header pointer after possible head reallocation
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 23/59] netfilter: nat: can't use dst_hold on noref dst
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 22/59] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 2/3] netfilter: nf_conncount: double connection deletion from packet path
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/3] netfilter: nf_conncount: remove workqueue garbage collector
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/3] netfilter: nf_conncount: double connection deletion from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 1/3] netfilter: nf_conncount: remove workqueue garbage collector
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH v2 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: fix a missing check of nla_parse
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
[PATCH] ipset: fix a missing check of nla_parse
- From: Kangjie Lu <kjlu@xxxxxxx>
Re: [PATCH 2/5] ipset: Implement ip,port,ip,port hash set.
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
[PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Alin Nastac <alin.nastac@xxxxxxxxx>
Re: [PATCH v2 3/3] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v2 3/3] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH v2 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH v2 1/3] nf_conncount: Set correct parent rbnode when inserting on exact match
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH v2 0/3] nf_conntrack bugfixes
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
Re: [PATCH 0/3] nf_conncount bugfixes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH 1/3] nf_conncount: Set correct parent rbnode when inserting on exact match
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH 0/3] nf_conncount bugfixes
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH] include: Use char* for arithmetic over void*
- From: William Woodruff <william@xxxxxxxxxxxxx>
Re: [PATCH iptables] iptables-xml: fix symlink path
- From: Joel Carlson <joelsoncarl@xxxxxxxxx>
Re: [PATCH iptables] iptables-xml: fix symlink path
- From: Joel Carlson <joelsoncarl@xxxxxxxxx>
Re: nf_conncount_destroy bug in rb_erase()
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH iptables] iptables-xml: fix symlink path
- From: Joel Carlson <joelsoncarl@xxxxxxxxx>
Re: [PATCH iptables] libxtables: work around unwanted kernel module load
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] libxtables: work around unwanted kernel module load
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 5/5] src: flowtable: Fix for reading garbage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 4/5] src: flowtable: Fix memleak in nftnl_flowtable_parse_devs()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 3/5] src: flowtable: Fix use after free in two spots
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 2/5] src: flowtable: Add missing break
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 1/5] src: object: Avoid obj_ops array overrun
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: x_tables: add xt_tunnel match
- From: wenxu@xxxxxxxxx
[PATCH] netfilter: fix a missing check of nla put failure
- From: Kangjie Lu <kjlu@xxxxxxx>
Re: [PATCH 00/37] Netfilter updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [nft PATCH v2] nft: Reject 'export vm json' command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: register sysctl table for gre
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: conntrack: udp: set stream timeout to 2 minutes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/6] netfilter: conntrack: reduce sysctl management copypaste
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/37] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/37] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/37] netfilter: remove NFC_* cache bits
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/37] netfilter: nat: remove l4 protocol port rovers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/37] netfilter: ipset: Introduction of new commands and protocol version 7
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/37] netfilter: ipset: fix ip_set_byindex function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/37] netfilter: ipset: replace a strncpy() with strscpy()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/37] netfilter: nat: remove unnecessary 'else if' branch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/37] netfilter: nat: limit port clash resolution attempts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/37] netfilter: Replace call_rcu_bh(), rcu_barrier_bh(), and synchronize_rcu_bh()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/37] netfilter: nat: fold in_range indirection into caller
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/37] netfilter: nf_nat_sip: fix RTP/RTCP source port translations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/37] netfilter: nat: remove l4proto->in_range
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/37] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 26/37] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 27/37] netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/37] netfilter: nat: remove l4proto->manip_pkt
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 28/37] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/37] netfilter: nat: remove nf_nat_l4proto struct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/37] netfilter: nf_tables: Speed up selective rule dumps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 30/37] netfilter: conntrack: udp: set stream timeout to 2 minutes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 29/37] netfilter: conntrack: udp: only extend timeout to stream mode after 2s
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/37] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 31/37] netfilter: conntrack: register sysctl table for gre
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 34/37] netfilter: conntrack: merge acct and helper sysctl table with main one
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 37/37] netfilter: netns: shrink netns_ct struct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 36/37] netfilter: conntrack: remove empty pernet fini stubs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 35/37] netfilter: conntrack: merge ecache and timestamp sysctl tables with main one
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 33/37] netfilter: conntrack: add mnemonics for sysctl table
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 32/37] netfilter: conntrack: un-export seq_print_acct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/37] netfilter: nat: remove l4proto->nlattr_to_range
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/37] netfilter: nat: remove l4proto->unique_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/37] netfilter: nat: un-export nf_nat_l4proto_unique_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/37] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/37] netfilter: nf_flow_table: make nf_flow_table_iterate() static
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/37] netfilter: ctnetlink: always honor CTA_MARK_MASK
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/37] netfilter: nf_flow_table: simplify nf_flow_offload_gc_step()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/37] netfilter: ipset: Make invalid MAC address checks consistent
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[libnftnl PATCH 0/5] Covscan indicated fixes
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 4/5] src: flowtable: Fix memleak in nftnl_flowtable_parse_devs()
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 3/5] src: flowtable: Fix use after free in two spots
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 5/5] src: flowtable: Fix for reading garbage
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 2/5] src: flowtable: Add missing break
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 1/5] src: object: Avoid obj_ops array overrun
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 01/21] nft: Simplify nftnl_rule_list_chain_save()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 08/21] nft: Simplify nft_rule_insert() a bit
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 14/21] xtables: Optimize nft_chain_zero_counters()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 13/21] xtables: Optimize flushing a specific chain
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 19/21] nft: Make use of nftnl_rule_lookup_byindex()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 02/21] nft: Review unclear return points
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 05/21] nft: Reduce __nft_rule_del() signature
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 21/21] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 17/21] xtables: Optimize list command with given chain
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 12/21] nft: Drop nft_chain_list_find()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 15/21] tests: Extend verbose output and return code tests
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 20/21] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 03/21] xtables-restore: Review chain handling
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 06/21] nft: Reduce indenting level in flush_chain_cache()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 09/21] nft: Introduce fetch_chain_cache()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 11/21] xtables: Implement per chain rule cache
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 00/21] Separate rule cache per chain et al.
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 07/21] nft: Simplify per table chain cache update
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 04/21] nft: Review is_*_compatible() routines
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 10/21] nft: Move nft_rule_list_get() above nft_chain_list_get()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 18/21] xtables: Optimize list rules command with given chain
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH iptables] include: Use char* for arithmetic over void*
- From: William Woodruff <william@xxxxxxxxxxxxx>
[PATCH iptables] include: Use char* for arithmetic over void*
- From: William Woodruff <william@xxxxxxxxxxxxx>
nf_conncount_destroy bug in rb_erase()
- From: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
[PATCH nf-next 6/6] netfilter: netns: shrink netns_ct struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 5/6] netfilter: conntrack: remove empty pernet fini stubs
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 4/6] netfilter: conntrack: merge ecache and timestamp sysctl tables with main one
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 3/6] netfilter: conntrack: merge acct and helper sysctl table with main one
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 2/6] netfilter: conntrack: add mnemonics for sysctl table
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/6] netfilter: conntrack: un-export seq_print_acct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/6] netfilter: conntrack: reduce sysctl management copypaste
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH iptables] libxtables: work around unwanted kernel module load
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: conntrack: register sysctl table for gre
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
Re: [PATCH 5/5] lib/ipset.c: Fix a compilation failure when using --enable-debug
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH 0/5] RFC: Add new ip/net,port,ip/net,port sets
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
nftables Newcomers Tasks from Bugzilla
- From: Karuna Grewal <karunagrewal98@xxxxxxxxx>
[iptables PATCH] extensions: TRACE: Point at xtables-monitor in documentation
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] net: nf_tables: Speed up selective rule dumps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v2] netfilter: conntrack: udp: set stream timeout to 2 minutes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] netfilter: nf_nat_sip: fix RTP/RTCP source port translations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 nf-next 1/8] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nat: remove unnecessary 'else if' branch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 nf-next] netfilter: nat: limit port clash resolution attempts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache
- From: Phil Sutter <phil@xxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]