Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[iptables PATCH 3/3] extensions: Add testcase for libxt_ipvs
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/3] extensions: Fix ipvs vproto option printing
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next] netfilter: conntrack: tcp: only close if RST matches exact sequence
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: avoid same-timeout update
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: avoid same-timeout update
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next] netfilter: conntrack: avoid same-timeout update
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH] extensions: AUDIT: Document ineffective --type option
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] arptables: Print space before comma and counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack-tools 3/3] conntrack: add -o userspace option to tag user-triggered events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack-tools 2/3] conntrack: use libmnl for conntrack events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrack-tools 1/3] conntrack: extend nfct_mnl_socket_open() to use it to handle events
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
update on netdev 0x13 conference
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
[iptables PATCH] doc: Install ip{6,}tables-translate.8 manpages
- From: Phil Sutter <phil@xxxxxx>
[ANNOUNCE] 15th Netfilter Workshop in Malaga, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] ipset: fix spelling error in libipset.3 manpage
- From: Neutron Soutmun <neo.neutron@xxxxxxxxx>
[iptables PATCH 2/5] tests/shell: Support testing host binaries
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/5] xlate-test: Support testing host binaries
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/5] Make testsuites a bit more versatile
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 4/5] xlate-test: Add and use a connlabel.conf for testing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next v4 9/9] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 8/9] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 7/9] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 6/9] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 5/9] netfilter: nat: remove l3 manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 3/9] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 4/9] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 2/9] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v4 1/9] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v4 nf-next 0/9] netfilter: nat: merge ipv4 and ipv6 nat modules
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 0/2] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH nf] netfilter: ebtables: remove BUGPRINT messages
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 2/2] ipvs: fix warning on unused variable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2] netfilter: nf_tables: fix flush after rule deletion in the same batch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/2] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 00/11] Netfilter/IPVS updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Florian Tham <tham@xxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Florian Tham <tham@xxxxxxxxx>
Network interface switch features
- From: hh h <jupiter.hce@xxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Florian Tham <tham@xxxxxxxxx>
[PATCH v2] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Florian Tham <tham@xxxxxxxxx>
Re: INFO: rcu detected stall in netlink_sendmsg
- From: syzbot <syzbot+a910a514846e27f15348@xxxxxxxxxxxxxxxxxxxxxxxxx>
[PATCH 03/11] netfilter: nat: remove module dependency on ipv6 core
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/11] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/11] netfilter: ipt_CLUSTERIP: make symbol 'cip_netdev_notifier' static
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/11] netfilter: xt_recent: Use struct_size() in kvzalloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/11] netfilter: nft_tunnel: Add NFTA_TUNNEL_MODE options
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/11] netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/11] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/11] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/11] netfilter: conntrack: fix indentation issue
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/11] ipvs: Use struct_size() helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/11] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] ipvs: change some data types from int to bool
- From: Julian Anastasov <ja@xxxxxx>
Re: [PATCH] netfilter/ipvs: Fix unused variable warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter/ipvs: Fix unused variable warning
- From: Borislav Petkov <bp@xxxxxxxxx>
[PATCH nf-next] ipvs: change some data types from int to bool
- From: Andrea Claudi <aclaudi@xxxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] netfilter: ipt_CLUSTERIP: make symbol 'cip_netdev_notifier' static
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] ipvs: fix warning on unused variable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next] netfilter: ipt_CLUSTERIP: make symbol 'cip_netdev_notifier' static
- From: Wei Yongjun <weiyongjun1@xxxxxxxxxx>
Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] ipvs: fix warning on unused variable
- From: Andrea Claudi <aclaudi@xxxxxxxxxx>
Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[iptables PATCH] arptables: Print space before comma and counters
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: fix flush after rule deletion in the same batch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] tests: shell: flush after rule deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: RFC: nftables does not allow to delete a rule twice
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ebtables PATCH] Print IPv6 prefixes in CIDR notation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Phil Sutter <phil@xxxxxx>
Re: [ebtables PATCH] Print IPv6 prefixes in CIDR notation
- From: Phil Sutter <phil@xxxxxx>
RFC: nftables does not allow to delete a rule twice
- From: Phil Sutter <phil@xxxxxx>
Re: [ebtables PATCH] Print IPv6 prefixes in CIDR notation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_conntrack_amanda: add support for STATE streams
- From: Florian Tham <tham@xxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Englobe interfaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/3] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [iptables PATCH 0/5] Align iptables-nft error messages with legacy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/3] netfilter: nft_compat: use-after-free when deleting targets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/3] ipvs: fix dependency on nf_defrag_ipv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/3] netfilter: compat: initialize all fields in xt_init
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/3] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] Fix for implicit-fallthrough warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] Fix for implicit-fallthrough warnings
- From: Phil Sutter <phil@xxxxxx>
Re: [conntrack-tools PATCH v2] Support compiling against libtirpc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] Fix for implicit-fallthrough warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] nfct: Drop dead code in nfct_timeout_parse_params()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2 nf] netfilter: nft_compat: use-after-free when deleting targets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/2 nf-next] netfilter: nft_compat: use .release_ops and remove list of extension
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[iptables PATCH 3/5] xtables: Fix error messages in commands with rule number
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/5] Align iptables-nft error messages with legacy
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 4/5] xtables: Fix error message for chain renaming
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 5/5] tests: Extend return codes check by error messages
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/5] xtables: Fix error message when zeroing a non-existent chain
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/5] xtables: Move new chain check to where it belongs
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v3] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Nastac <alin.nastac@xxxxxxxxx>
linux-next: build failure after merge of the netfilter-next tree
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
[PATCH AUTOSEL 4.20 038/105] netfilter: nf_tables: fix leaking object reference count
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 043/105] netfilter: nft_flow_offload: Fix reverse route lookup
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 049/105] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.20 065/105] netfilter: nft_flow_offload: fix checking method of conntrack helper
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 32/83] netfilter: nf_tables: fix leaking object reference count
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 37/83] netfilter: nft_flow_offload: Fix reverse route lookup
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 41/83] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: Sasha Levin <sashal@xxxxxxxxxx>
[nf-next:master 9/9] ipt_REJECT.c:(.text+0x120): multiple definition of `nf_reject_verify_csum'; net/ipv4/netfilter/nf_reject_ipv4.o:nf_reject_ipv4.c:(.text+0x470): first defined here
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH AUTOSEL 4.19 56/83] netfilter: nft_flow_offload: fix checking method of conntrack helper
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 17/34] netfilter: nf_tables: fix leaking object reference count
- From: Sasha Levin <sashal@xxxxxxxxxx>
[nf-next:master 9/9] include/net/netfilter/nf_reject.h:5: multiple definition of `nf_reject_verify_csum'; net/ipv4/netfilter/nf_reject_ipv4.o:include/net/netfilter/nf_reject.h:5: first defined here
- From: kbuild test robot <lkp@xxxxxxxxx>
conntrack --ignore-error proposal to fix delete races
- From: William Ahern <wahern@xxxxxxxxxx>
[conntrack-tools PATCH v2] Support compiling against libtirpc
- From: Phil Sutter <phil@xxxxxx>
Re: [conntrack-tools PATCH] Support compiling against libtirpc
- From: Phil Sutter <phil@xxxxxx>
Re: [conntrack-tools PATCH] Support compiling against libtirpc
- From: Jan Engelhardt <jengelh@xxxxxxx>
[conntrack-tools PATCH] Support compiling against libtirpc
- From: Phil Sutter <phil@xxxxxx>
[conntrack-tools PATCH] Fix for implicit-fallthrough warnings
- From: Phil Sutter <phil@xxxxxx>
[conntrack-tools PATCH] nfct: Drop dead code in nfct_timeout_parse_params()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next,RFC,v2] netfilter: nft_compat: add release_ops to struct nft_expr_ops and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ebtables PATCH] Print IPv6 prefixes in CIDR notation
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next,RFC,v2] netfilter: nft_compat: add release_ops to struct nft_expr_ops and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] conntrackd: helpers: dhcpv6: Fix potential array overrun
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Nastac <alin.nastac@xxxxxxxxx>
[conntrack-tools PATCH] conntrackd: helpers: dhcpv6: Fix potential array overrun
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH nf-next,RFC] netfilter: nft_compat: add release_ops to struct nft_expr_ops and use it
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next,RFC] netfilter: nft_compat: add release_ops to struct nft_expr_ops and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf v2] ipvs: fix dependency on nf_defrag_ipv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf v2] ipvs: fix dependency on nf_defrag_ipv6
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH nf-next,v2] netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: [PATCH net-next] ipvs: Use struct_size() helper
- From: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
[PATCH nf-next,v2] netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] netfilter: xt_recent: Use struct_size() in kvzalloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] ipvs: Use struct_size() helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: conntrack: fix indentation issue
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf v2] netfilter: compat: initialize all fields in xt_init
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v4 nf-next 02/02] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v4 nf-next 01/02] netfilter: nat: remove module dependency on ipv6 core
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nft_tunnel: Add NFTA_TUNNEL_MODE options
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf v2] ipvs: fix dependency on nf_defrag_ipv6
- From: Julian Anastasov <ja@xxxxxx>
Re: [PATCH 0/2] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 2/2] netfilter: nat: fix spurious connection timeouts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/2] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nat: fix spurious connection timeouts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Netfilter conntrack table query.
- From: satya phanisree <phanisree1998@xxxxxxxxx>
[PATCH nf v2] ipvs: fix dependency on nf_defrag_ipv6
- From: Andrea Claudi <aclaudi@xxxxxxxxxx>
Re: [PATCH nf] ipvs: fix dependency on nf_defrag_ipv6
- From: Andrea Claudi <aclaudi@xxxxxxxxxx>
Re: [PATCH nf v2] netfilter: compat: initialize all fields in xt_init
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf v2] netfilter: compat: initialize all fields in xt_init
- From: fruggeri@xxxxxxxxxx (Francesco Ruggeri)
Re: [PATCH nf] netfilter: compat: initialize all fields in xt_init
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] ipvs: fix dependency on nf_defrag_ipv6
- From: Julian Anastasov <ja@xxxxxx>
[PATCH nf] netfilter: compat: initialize all fields in xt_init
- From: fruggeri@xxxxxxxxxx (Francesco Ruggeri)
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [PATCH nft 4/5] src: expr: add expression etype
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [PATCH libnftnl,v3] udata: add NFTNL_UDATA_* definitions
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 4/5] src: expr: add expression etype
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 5/5] src: expr: remove expr_ops from struct expr
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 5/5] src: expr: remove expr_ops from struct expr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 4/5] src: expr: add expression etype
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/5] src: expr: add and use internal expr_ops helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/5] src: payload: export and use payload_expr_cmp
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/5] src: expr: add and use expr_name helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl,v3] udata: add NFTNL_UDATA_* definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] udata: add NFTNL_UDATA_* definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] udata: add NFTNL_UDATA_* definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Update pf.os with newer OS fingerprints
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] udata: add NFTNL_UDATA_* definitions
- From: Phil Sutter <phil@xxxxxx>
Re: Update pf.os with newer OS fingerprints
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH libnftnl] udata: add NFTNL_UDATA_* definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 3/3] ebtables-nft: Support user-defined chain policies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Update pf.os with newer OS fingerprints
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 5/5] src: expr: remove expr_ops from struct expr
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 4/5] src: expr: add expression etype
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 3/5] src: expr: add and use internal expr_ops helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 2/5] src: payload: export and use payload_expr_cmp
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/5] src: expr: add and use expr_name helper
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 0/5] src: expr: reduce size of struct expr
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nat: fix spurious connection timeouts
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 3/3] ebtables-nft: Support user-defined chain policies
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Florian Westphal <fw@xxxxxxxxx>
Update pf.os with newer OS fingerprints
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
Re: [PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: reject: skip csum verification for protocols that don't support it
- From: Alin Nastac <alin.nastac@xxxxxxxxx>
Re: [PATCH net-next] ipvs: Use struct_size() helper
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH net-next] netfilter: xt_recent: Use struct_size() in kvzalloc()
- From: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
[PATCH net-next] ipvs: Use struct_size() helper
- From: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
[iptables PATCH] xtables-save: Fix table not found error message
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 3/3] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 1/3] nft: Don't assume NFTNL_RULE_USERDATA holds a comment
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 2/3] nft: Introduce UDATA_TYPE_EBTABLES_POLICY
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] ipvs: fix dependency on nf_defrag_ipv6
- From: Andrea Claudi <aclaudi@xxxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 0/2] ebtables-nft: Support user-defined chain policies
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] ipv6: fix icmp6_send() route lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: conntrack: fix indentation issue
- From: Colin King <colin.king@xxxxxxxxxxxxx>
[PATCH] ipv6: fix icmp6_send() route lookup
- From: Alin Nastac <alin.nastac@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH] nft: Eliminate dead code in __nft_rule_list
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH 00/12 net-next,v7] add flow_rule infrastructure
- From: Florian Fainelli <f.fainelli@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [PATCH 00/12 net-next,v7] add flow_rule infrastructure
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [PATCH 0/6] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 3/6] netfilter: nf_nat: skip nat clash resolution for same-origin entries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/6] netfilter: nft_compat: don't use refcount_inc on newly allocated entry
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/6] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/6] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/6] selftests: netfilter: add simple masq/redirect test cases
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/6] selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/6] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: John Haxby <john.haxby@xxxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2] Revert "ebtables: use extrapositioned negation consistently"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: John Haxby <john.haxby@xxxxxxxxxx>
[iptables PATCH v2] Revert "ebtables: use extrapositioned negation consistently"
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/2] xshared: Explicitly pass target to command_jump()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] ebtables-nft: Support user-defined chain policies
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3] xtables: Fix for false-positive rule matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf v2] netfilter: nft_compat: don't use refcount_inc on newly allocated entry
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf v2] netfilter: nft_compat: don't use refcount_inc on newly allocated entry
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [BUG] refcount_t: underflow; use-after-free in Linux 5.0rc5
- From: Jordan Glover <Golden_Miller83@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH v3] xtables: Fix for false-positive rule matching
- From: Phil Sutter <phil@xxxxxx>
[nf:master 4/4] net//netfilter/nft_compat.c:852:28: warning: assignment from incompatible pointer type
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf:master 4/4] net//netfilter/nft_compat.c:852:28: error: assignment from incompatible pointer type
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH nft 2/2] netfilter: nft_compat: don't use refcount_inc on newly allocated entry
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_compat: fix build
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: ebtables RCU patch?
- From: Nikolay Nikolay <kolko.netfilter@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Eli Cooper <elicooper@xxxxxxx>
Re: ebtables RCU patch?
- From: Florian Westphal <fw@xxxxxxxxx>
ebtables RCU patch?
- From: Nikolay Nikolay <kolko.netfilter@xxxxxxxxx>
Re: [BUG] refcount_t: underflow; use-after-free in Linux 5.0rc5
- From: Florian Westphal <fw@xxxxxxxxx>
[BUG] refcount_t: underflow; use-after-free in Linux 5.0rc5
- From: Jordan Glover <Golden_Miller83@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] selftests: netfilter: add simple masq/redirect test cases
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_nat: skip nat clash resolution for same-origin entries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] selftests/netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 02/12 net-next,v7] net/mlx5e: support for two independent packet edit actions
- From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
Re: [PATCH 02/12 net-next,v7] net/mlx5e: support for two independent packet edit actions
- From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
Re: [PATCH v3 nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH 06/12 net-next,v7] drivers: net: use flow action infrastructure
- From: Jiri Pirko <jiri@xxxxxxxxxxx>
Re: [PATCH 01/12 net-next,v7] flow_offload: add flow_rule and flow_match structures and use them
- From: Jiri Pirko <jiri@xxxxxxxxxxx>
Re: [PATCH 02/12 net-next,v7] net/mlx5e: support for two independent packet edit actions
- From: Tonghao Zhang <xiangxia.m.yue@xxxxxxxxx>
Re: [iptables PATCH v2 2/2] xtables: Fix for false-positive rule matching
- From: Phil Sutter <phil@xxxxxx>
[PATCH 12/12 net-next,v7] qede: use ethtool_rx_flow_rule() to remove duplicated parser code
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/12 net-next,v7] flow_offload: add flow_rule and flow_match structures and use them
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/12 net-next,v7] qede: place ethtool_rx_flow_spec after code after TC flower codebase
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/12 net-next,v7] drivers: net: use flow action infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/12 net-next,v7] ethtool: add ethtool_rx_flow_spec to flow_rule structure translator
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/12 net-next,v7] dsa: bcm_sf2: use flow_rule infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/12 net-next,v7] flow_offload: add wake-up-on-lan and queue to flow_action
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/12 net-next,v7] cls_flower: don't expose TC actions to drivers anymore
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/12 net-next,v7] flow_offload: add statistics retrieval infrastructure and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/12 net-next,v7] cls_api: add translator to flow_action representation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/12 net-next,v7] flow_offload: add flow action infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/12 net-next,v7] net/mlx5e: support for two independent packet edit actions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/12 net-next,v7] add flow_rule infrastructure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: don't break when vmap lookup yields no result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: don't break when vmap lookup yields no result
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf,v4] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v4 nf-next 02/02] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v4 nf-next 01/02] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft] tests: shell: exercise abort path with anonymous set that is bound to rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v3] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2 2/2] xtables: Fix for false-positive rule matching
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH v2 0/2] xtables: Fix multiple issues in rule matching code
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 2/2] xtables: Fix for false-positive rule matching
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 1/2] xtables: Fix for crash when comparing rules with standard target
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf,v2] netfilter: nf_tables: unbind set in rule from commit path
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3 nf-next 11/11] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 10/11] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 09/11] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v3 nf-next 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
netfilter: nat: merge ipv4 and ipv6 nat modules
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 0/2] Follow-up on arptables output changes
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 1/2] arptables-nft: Set h-type/h-length masks by default, too
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] extensions: Fix arptables extension tests
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/2] Follow-up on arptables output changes
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v2 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 11/11] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 10/11] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 09/11] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2 00/11] netfilter: nat: remove module dependency on
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: unbind set in rule from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 3/7] arptables-nft: Fix CLASSIFY target printing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 4/7] arptables-nft: Remove space between *cnt= and value
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 5/7] arptables-nft-save: Fix position of -j option
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/7] arptables-nft: Fix MARK target parsing and printing
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/7] Align arptables-nft output with legacy
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/7] arptables-nft: Fix listing rules without target
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 7/7] tests: shell: Add arptables-nft verbose output test
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 6/7] arptables-nft: Don't print default h-len/h-type values
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next 11/11] netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 10/11] netfilter: nat: remove l3proto struct
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 09/11] netfilter: nat: remove csum_recalc hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 08/11] netfilter: nat: remove csum_update hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 07/11] netfilter: nat: remove manip_pkt hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 06/11] netfilter: nat: remove nf_nat_l4proto.h
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 05/11] netfilter: nat: merge nf_nat_ipv4,6 into nat core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 04/11] netfilter: nat: move nlattr parse and xfrm session decode to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 03/11] netfilter: nat: merge ipv4 and ipv6 masquerade functionality
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 02/11] netfilter: ipv6: avoid indirect calls for IPV6=y case
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 01/11] netfilter: nat: remove module dependency on ipv6 core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 00/11] netfilter: nat: merge ipv4 and ipv6 nat modules
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nf_nat: skip nat clash resolution for same-origin entries
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] selftests: netfilter: add simple masq/redirect test cases
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Phil Sutter <phil@xxxxxx>
Re: Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
Fwd: Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [B.A.T.M.A.N.] "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] selftests/netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] netfilter: nft_tunnel: Add NFTA_TUNNEL_MODE options
- From: wenxu@xxxxxxxxx
[PATCH] selftests/netfilter: fix config fragment CONFIG_NF_TABLES_INET
- From: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
Re: [PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Re: [PATCH 00/33] Netfilter/IPVS updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 02/33] netfilter: nf_tables: handle nft_object lookups via rhltable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/33] netfilter: nf_tables: add direct calls for all builtin expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/33] netfilter: physdev: relax br_netfilter dependency
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/33] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/33] netfilter: conntrack: gre: convert rwlock to rcu
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/33] netfilter: conntrack: remove net_id
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/33] netfilter: nf_tables: prepare nft_object for lookups via hashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/33] netfilter: conntrack: remove invert_tuple callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/33] netfilter: conntrack: gre: switch module to be built-in
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/33] netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/33] netfilter: conntrack: remove module owner field
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/33] netfilter: conntrack: handle builtin l4proto packet functions via direct calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/33] netfilter: conntrack: remove pernet l4 proto register interface
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/33] netfilter: conntrack: remove l4proto destroy hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/33] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/33] netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/33] netfilter: conntrack: unify sysctl handling
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/33] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 28/33] netfilter: conntrack: fix bogus port values for other l4 protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/33] netfilter: conntrack: remove nf_ct_l4proto_find_get
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/33] netfilter: conntrack: remove l4proto init and get_net callbacks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 26/33] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 30/33] ipvs: use indirect call wrappers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 29/33] ipvs: avoid indirect calls when calculating checksums
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 32/33] netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 33/33] netfilter: ipv4: remove useless export_symbol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 27/33] netfilter: conntrack: fix IPV6=n builds
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 31/33] netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/33] netfilter: nat: un-export nf_nat_used_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/33] netfilter: conntrack: remove sysctl registration helpers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/33] netfilter: conntrack: remove remaining l4proto indirect packet calls
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/33] netfilter: conntrack: remove pkt_to_tuple callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/33] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/33] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/7] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 4/7] ipvs: Fix signed integer overflow when setsockopt timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/7] netfilter: nft_compat: make lists per netns
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/7] netfilter: nft_compat: destroy function must not have side effects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/7] netfilter: nfnetlink_osf: add missing fmatch check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/7] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/7] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
Re: [PATCH nft] include: add cplusplus guards for extern
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: ipv4: remove useless export_symbol
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net v2 0/2] fix glitch in IPVS /proc handlers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl 0/2] Revert map lookups for expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ebtables-legacy PATCH 1/2] ebtables: drop .spec file
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] include: add cplusplus guards for extern
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] conntrackd.conf.8: fix state filter example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] meta: add iifkind and oifkind support
- From: wenxu <wenxu@xxxxxxxxx>
Re: "Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Florian Westphal <fw@xxxxxxxxx>
"Kernel bug detected [...] nf_ct_del_from_dying_or_unconfirmed_list"
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
[PATCH nf-next] netfilter: ipv4: remove useless export_symbol
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [RFC nft] evaluate: kill anon sets with one element
- From: Phil Sutter <phil@xxxxxx>
[conntrack-tools PATCH] conntrackd.conf.8: fix state filter example
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Historical keynote by Rusty Russell at linux.conf.au 2019
- From: Harald Welte <laforge@xxxxxxxxxxxxx>
[RFC nft] evaluate: kill anon sets with one element
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Userspace Queue Payloads
- From: Muneyuki KAWATANI <kawatani.muneyuki@xxxxxxxxxxxxx>
Re: general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount]
- From: Steffen Nurpmeso <steffen@xxxxxxxxxx>
Userspace Queue Payloads
- From: dave madden <netfilter@xxxxxxxxxxxx>
[PATCH nft] meta: add iifkind and oifkind support
- From: wenxu@xxxxxxxxx
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH] ipvs: Fix signed integer overflow when setsockopt timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Florian Westphal <fw@xxxxxxxxx>
[Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init()
- From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Re: general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn
- From: Anders Roxell <anders.roxell@xxxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
general protection fault in nf_ct_gre_keymap_flush
- From: syzbot <syzbot+fcee88b2d87f0539dfe9@xxxxxxxxxxxxxxxxxxxxxxxxx>
INFO: rcu detected stall in gc_worker
- From: syzbot <syzbot+655174276c47216abab5@xxxxxxxxxxxxxxxxxxxxxxxxx>
[ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
[ebtables-legacy PATCH 1/2] ebtables: drop .spec file
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
[iptables PATCH 3/3] xtables: Fix for false-positive rule matching
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/3] xtables: Fix for crash when comparing rules with standard target
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/3] nft: Fix potential memleaks in nft_*_rule_find()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/3] xtables: Fix multiple issues in rule matching code
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Eli Cooper <elicooper@xxxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
- From: Florian Westphal <fw@xxxxxxxxx>
EINVAL from ebtables -b broute -F BROUTING
- From: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 0/2] ebtables-nft output fixes
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently"
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/2] ebtables: Fix rule listing with counters
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Alin Năstac <alin.nastac@xxxxxxxxx>
[PATCH nf-next 2/2] netfilter: conntrack: fix bogus port values for other l4 protocols
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2] netfilter: nfnetlink_osf: add missing fmatch check
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH libnftnl 2/2] Revert "expr: add map lookups for hash statements"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH libnftnl 1/2] Revert "expr: add map lookups for numgen statements"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH libnftnl 0/2] Revert map lookups for expressions
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH] netfilter: ipv6: Don't preserve original oif for loopback address
- From: Eli Cooper <elicooper@xxxxxxx>
linux-next: build failure after merge of the netfilter-next tree
- From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Re: [PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Julian Anastasov <ja@xxxxxx>
Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Julian Anastasov <ja@xxxxxx>
[PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg
- From: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx>
[PATCH ipvs-next] ipvs: use indirect call wrappers
- From: Matteo Croce <mcroce@xxxxxxxxxx>
[PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums
- From: Matteo Croce <mcroce@xxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: David Ahern <dsahern@xxxxxxxxx>
Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add direct calls for all builtin expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: physdev: relax br_netfilter dependency
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/16] conntrack: remove indirect calls from packet path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: nf_tables: prepare nft_object for lookups via hashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nf_tables: handle nft_object lookups via rhltable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations"
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount]
- From: Steffen Nurpmeso <steffen@xxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Phil Sutter <phil@xxxxxx>
Re: stable fixes for nf_conncount 4.19.x
- From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/3] xtables: Fix position of replaced rules in cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
stable fixes for nf_conncount 4.19.x
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
Re: Deleting tables from included files causes a kernel BUG
- From: zrm <zrm@xxxxxxxxxxxxxxx>
Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: Deleting tables from included files causes a kernel BUG
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
[PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] utils: Add a manpage for nfbpf_compile
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] src: Quote user-defined names
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] src: Quote user-defined names
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next,v2] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_conntrack: provide modparam to always register conntrack hooks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
INFO: rcu detected stall in tipc_disc_timeout
- From: syzbot <syzbot+9f5271e1f46f2954d29c@xxxxxxxxxxxxxxxxxxxxxxxxx>
[PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu@xxxxxxxxx
[iptables PATCH 0/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/3] nft: Add new builtin chains to cache immediately
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/3] xtables: Fix position of replaced rules in cache
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH 0/7] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH nf-next 16/16] netfilter: conntrack: remove nf_ct_l4proto_find_get
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 11/16] netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 15/16] netfilter: conntrack: remove l4proto destroy hook
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 12/16] netfilter: conntrack: unify sysctl handling
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 14/16] netfilter: conntrack: remove l4proto init and get_net callbacks
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 13/16] netfilter: conntrack: remove sysctl registration helpers
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 10/16] netfilter: conntrack: remove pernet l4 proto register interface
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 09/16] netfilter: conntrack: remove remaining l4proto indirect packet calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 08/16] netfilter: conntrack: remove module owner field
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 07/16] netfilter: conntrack: remove invert_tuple callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 06/16] netfilter: conntrack: remove pkt_to_tuple callback
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 05/16] netfilter: conntrack: remove net_id
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 04/16] netfilter: conntrack: gre: switch module to be built-in
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 03/16] netfilter: conntrack: gre: convert rwlock to rcu
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 02/16] netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 01/16] netfilter: conntrack: handle builtin l4proto packet functions via direct calls
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/16] conntrack: remove indirect calls from packet path
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type
- From: wenxu@xxxxxxxxx
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Martin Steigerwald <martin@xxxxxxxxxxxx>
Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type
- From: wenxu@xxxxxxxxx
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] src: chain: Add missing nftnl_chain_rule_del()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/7] netfilter: nf_tables: fix leaking object reference count
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/7] netfilter: nft_flow_offload: Fix reverse route lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/7] netfilter: ebtables: account ebt_table_info to kmemcg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/7] netfilter: nf_tables: selective rule dump needs table to be specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/7] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/7] netfilter: nft_flow_offload: fix checking method of conntrack helper
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nf_tables: Fix for endless loop when dumping ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf 3/3] netfilter: nft_compat: destroy function must not have side effects
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 2/3] netfilter: nft_compat: make lists per netns
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 1/3] netfilter: nft_compat: use refcnt_t type for nft_xt reference count
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf 0/3] netfilter: nft_compat: fix race conditions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: fix checking method of conntrack helper
- From: John Crispin <john@xxxxxxxxxxx>
[PATCH] netfilter: fix checking method of conntrack helper
- From: Henry Yen <henry.yen@xxxxxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Taehee Yoo <ap420073@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook
- From: wenxu@xxxxxxxxx
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12
- From: Martin Kratochvíl <martin.kratochvil@xxxxxxxxx>
[PATCH nf-next] netfilter: physdev: relax br_netfilter dependency
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH v3] netfilter: nft_flow_offload: fix interaction with vrf slave device
- From: wenxu@xxxxxxxxx
Re: IPtables v 1.8.2 patch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPtables v 1.8.2 patch
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] payload: refine payload expr merging
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH nf 1/2] netfilter: nft_compat: fix a race condition in match/target list
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH nf 0/2] netfilter: nft_compat: fix a race condition in nft_compat module
- From: Taehee Yoo <ap420073@xxxxxxxxx>
[PATCH] netfilter: nat: Update comment of get_unique_tuple
- From: YueHaibing <yuehaibing@xxxxxxxxxx>
[PATCH nft] payload: refine payload expr merging
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Michal Hocko <mhocko@xxxxxxxxxx>
Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Re: [PATCH] ipset: fix a missing check of nla_parse
- From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
[PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct
- From: wenxu@xxxxxxxxx
[PATCH v2] netfilter: x_tables: add xt_tunnel match
- From: wenxu@xxxxxxxxx
IPtables v 1.8.2 patch
- From: "Nathan O." <ndowens04@xxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]