Linux TCP/IP Netfilter Devel

• Thread Index

• [PATCH] netfilter: conntrack: fix calculation of next bucket number in early_drop
  • From: Vasily Khoruzhick <vasilykh@xxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 03/10] audit: log container info of syscalls
  • From: Richard Guy Briggs <rgb@xxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 03/10] audit: log container info of syscalls
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [nft PATCH] json: Work around segfault when encountering xt stmt
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: bridge: define INT_MIN & INT_MAX in userspace
  • From: Máté Eckl <ecklm94@xxxxxxxxx>
• [nft PATCH] json: Work around segfault when encountering xt stmt
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH 2/3] json: Fix osf ttl support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [nft PATCH] mnl: Improve error checking in mnl_nft_event_listener()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] mnl: Improve error checking in mnl_nft_event_listener()
  • From: Phil Sutter <phil@xxxxxx>
• [RFC] [PATCH] netfilter: Fix kmemleak false positive reports
  • From: <zhe.he@xxxxxxxxxxxxx>
• [PATCH libnftnl] src: remove nftnl_rule_cmp() and nftnl_expr_cmp()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] netlink: remove netlink_batch_send()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] mnl: remove alloc_nftnl_flowtable()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] mnl: Improve error checking in mnl_nft_event_listener()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] mnl: Improve error checking in mnl_nft_event_listener()
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft,v2] src: Revert --literal, add -S/--services
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 03/10] audit: log container info of syscalls
  • From: Richard Guy Briggs <rgb@xxxxxxxxxx>
• Re: iptables-1.8.1: cannot build without libnftnl
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] src: Revert --literal, add --service
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: bridge: define INT_MIN & INT_MAX in userspace
  • From: Jiri Slaby <jslaby@xxxxxxx>
• [PATCH iptables] old patch from Debian for iptables-apply
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• Re: [nft PATCH 0/3] Fix JSON API after recent other changes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] evaluate: Convert ranges of N-N to N
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 0/3] Fix JSON API after recent other changes
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/3] include: Fix comment for struct eval_ctx
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 3/3] json: Fix for recent changes to context structs
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 2/3] json: Fix osf ttl support
  • From: Phil Sutter <phil@xxxxxx>
• stable regression: revert request for netfilter ipv6 defrag bug
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: iptables-1.8.1: cannot build without libnftnl
  • From: Florian Westphal <fw@xxxxxxxxx>
• iptables-1.8.1: cannot build without libnftnl
  • From: Lars Wendler <polynomial-c@xxxxxxxxxx>
• [PATCH nf-next] netfilter: remove unused headers.
  • From: Weongyo Jeong <weongyo.linux@xxxxxxxxx>
• Re: [PATCH nf] netfilter: ipv6: fix oops when defragmenting locally generated fragments
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf] netfilter: ipv6: fix oops when defragmenting locally generated fragments
  • From: Maciej Żenczykowski <maze@xxxxxxxxxx>
• [PATCH nft 2/3] mnl: remove alloc_nftnl_obj()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] mnl: use either name or handle to refer to objects
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/3] src: move socket open and reopen to mnl.c
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/2 nft v3] doc: osf: add ttl option to man page
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft v3] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] xtables: Fix for spurious errors from iptables-translate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] tests: shell: Extend get element test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft v3] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [iptables PATCH] xtables: Fix for spurious errors from iptables-translate
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf] netfilter: ipv6: fix oops when defragmenting locally generated fragments
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• [PATCH nf] netfilter: ipv6: fix oops when defragmenting locally generated fragments
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH] tests: shell: Extend get element test
  • From: Phil Sutter <phil@xxxxxx>
• [ANNOUNCE] iptables 1.8.1 release
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH] tests: shell: Extend get element test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 nft v3 preview] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
  • From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
• Re: [PATCH 0/8] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [nft PATCH] tests: shell: Extend get element test
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH 2/2 nft v3] doc: osf: add ttl option to man page
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH 1/2 nft v3 preview] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH iptables] configure: bump versions for 1.8.1 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/8] netfilter: nft_set_rbtree: allow loose matching of closing element in interval
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/8] netfilter: xt_TEE: fix wrong interface selection
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/8] netfilter: nft_compat: do not dump private area
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/8] netfilter: xt_TEE: add missing code to get interface index in checkentry.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 8/8] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/8] netfilter: xt_nat: fix DNAT target for shifted portmap ranges
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 7/8] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/8] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/8] netfilter: nft_osf: usage from output path is not valid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nft_osf: check if attribute is present
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] tests: shell: Extend get element test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH nft 2/3] src: pass struct nft_ctx through struct netlink_ctx
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/3] src: pass struct nft_ctx through struct eval_ctx
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] netlink: reset mnl_socket field in struct nft_ctx on EINTR
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables] configure: bump versions for 1.8.1 release
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [nft PATCH] tests: shell: Extend get element test
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH 00/10] Netfilter updates for net-next
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: xt_IDLETIMER: add sysfs filename checking routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [nft PATCH] make cache persistent if local entries were added
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH] make cache persistent if local entries were added
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] make cache persistent if local entries were added
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/10] netfilter: nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/10] netfilter: cttimeout: remove set but not used variable 'l3num'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 05/10] netfilter: xt_osf: simplify xt_osf_match_packet()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/10] netfilter: nf_flow_table: remove unnecessary parameter of nf_flow_table_cleanup()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/10] netfilter: remove two unused variables.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/10] Revert "netfilter: xt_quota: fix the behavior of xt_quota module"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/10] netfilter: nfnetlink_log: remove empty nfnetlink_log.h header file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/10] netfilter: nf_nat_snmp_basic: add missing helper alias name
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/10] netfilter: nft_xfrm: use state family, not hook one
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/10] netfilter: Replace spin_is_locked() with lockdep
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/10] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 09/10] audit: NETFILTER_PKT: record each container ID associated with a netNS
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 08/10] audit: add support for containerid to network namespaces
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 06/10] audit: add containerid support for tty_audit
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 05/10] audit: add support for non-syscall auxiliary records
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 04/10] audit: add containerid support for ptrace and signals
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 03/10] audit: log container info of syscalls
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 02/10] audit: add container id
  • From: Richard Guy Briggs <rgb@xxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 02/10] audit: add container id
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH ghak90 (was ghak32) V4 02/10] audit: add container id
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH libnftnl 4/4] src: Use memcpy() to handle potentially unaligned data
  • From: Matt Turner <mattst88@xxxxxxxxx>
• Re: [PATCH iptables] libxtables: expose new etherdb lookup function through libxtables API
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] libxtables: prefix exported new functions for etherdb lookups
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH libnftnl 4/4] src: Use memcpy() to handle potentially unaligned data
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: remove unused udp.h header.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: remove two unused variables.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nfnetlink_log: remove empty nfnetlink_log.h header file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf v2] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_flow_table: remove unnecessary parameter of nf_flow_table_cleanup()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables] libxtables: expose new etherdb lookup function through libxtables API
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables] libxtables: prefix exported new functions for etherdb lookups
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] Revert "netfilter: xt_quota: fix the behavior of xt_quota module"
  • From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
• [PATCH nf-next] Revert "netfilter: xt_quota: fix the behavior of xt_quota module"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables,v2] iptables-test: add -N option to exercise netns removal path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH libnftnl 4/4] src: Use memcpy() to handle potentially unaligned data
  • From: Matt Turner <mattst88@xxxxxxxxx>
• [PATCH iptables] iptables-test: add -N option to exercise netns removal path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft v2] doc: Document ct timeout support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft v2] doc: Document ct timeout support
  • From: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
• Re: [PATCH libnftnl 4/4] src: Use memcpy() to handle potentially unaligned data
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 3/4] tests: Remove test-script.sh
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 2/4] tests: Run regression tests from make check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 1/4] tests: Execute nft-flowtable-test in test-script.sh
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: xt_RATEEST: remove netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH] netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
  • From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
• [PATCH nf-next] netfilter: nfnetlink_log: remove empty nfnetlink_log.h header file
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: netfilter request for -stable 4.9.x inclusion
  • From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: fix cloned skb __nf_conntrack_confirm race
  • From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
• Re: [PATCH] netfilter: add grev6 conntrack support
  • From: Alin Năstac <alin.nastac@xxxxxxxxx>
• Re: [PATCH] netfilter: add grev6 conntrack support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: conntrack: fix cloned skb __nf_conntrack_confirm race
  • From: chiehminw <chiehmin18@xxxxxxxxx>
• [PATCH] netfilter: add grev6 conntrack support
  • From: Alin Nastac <alin.nastac@xxxxxxxxx>
• Re: iptables (nf_tables) error when negating an interface and using protocol port - works fine with classic iptables
  • From: Pedretti Fabio <pedretti.fabio@xxxxxxxxx>
• [PATCH] netfilter: conntrack: fix cloned skb __nf_conntrack_confirm race
  • From: Chieh-Min Wang <chiehmin18@xxxxxxxxx>
• [PATCH libnftnl 4/4] src: Use memcpy() to handle potentially unaligned data
  • From: Matt Turner <mattst88@xxxxxxxxx>
• [PATCH libnftnl 3/4] tests: Remove test-script.sh
  • From: Matt Turner <mattst88@xxxxxxxxx>
• [PATCH libnftnl 2/4] tests: Run regression tests from make check
  • From: Matt Turner <mattst88@xxxxxxxxx>
• [PATCH libnftnl 1/4] tests: Execute nft-flowtable-test in test-script.sh
  • From: Matt Turner <mattst88@xxxxxxxxx>
• netfilter request for -stable 4.9.x inclusion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: remove unused udp.h header.
  • From: Weongyo Jeong <weongyo.linux@xxxxxxxxx>
• [PATCH nf-next] netfilter: remove two unused variables.
  • From: Weongyo Jeong <weongyo.linux@xxxxxxxxx>
• [PATCH nf-next] netfilter: x_tables: add missing comments
  • From: Hyejeong Jang <hyejeong831@xxxxxxxxx>
• [PATCH nft,v2] evaluate: bogus bail out with raw expression from dynamic sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: bogus bail out with raw expression from dynamic sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_flow_offload: remove secpath check
  • From: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH nft] src: remove opts field from struct xt_stmt
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] src: remove opts field from struct xt_stmt
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_quota: simplify quota logic, account for consumed bytes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: fix DNAT target for shifted portmap ranges
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net] netfilter: fix DNAT target for shifted portmap ranges
  • From: Paolo Abeni <pabeni@xxxxxxxxxx>
• Re: [PATCH net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: linux-next: build failure after merge of the netfilter-next tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next:master 1/7] net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared; did you mean 'IPT_ECN_OP_MATCH_ECE'?
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: David Miller <davem@xxxxxxxxxxxxx>
• linux-next: build failure after merge of the netfilter-next tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [PATCH libnftables] src: remove json support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftables] src: remove json support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH libnftables] src: remove json support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_nat_snmp_basic: add missing helper alias name
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftables] src: remove json support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] nftables: add support for setting secmark
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] json: Fix memleak in dup_stmt_json()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_json: Fix for ineffective family value checks
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] libnftables: Fix memleak in nft_parse_bison_filename()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] Fix memleak in netlink_parse_fwd() error path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 0/8] monitor: Use libnftables for JSON output
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftables] src: remove json support
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH libnftnl] expr: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: xfrm: use state family, not hook one
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v4] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: cttimeout: remove set but not used variable 'l3num'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftables] src: remove json support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] xtables: Remove target_maxnamelen field
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf v2 3/3] netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put()
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf v2 2/3] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf v2 1/3] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf v2 0/3] netfilter: ipt_CLUSTERIP: fix bugs in ipt_CLUSTERIP
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
• Re: [PATCH] netfilter: x_tables: fix missing unlock if table init fails
  • From: Omar Sandoval <osandov@xxxxxxxxxxx>
• [PATCH] netfilter: x_tables: fix missing unlock if table init fails
  • From: Omar Sandoval <osandov@xxxxxxxxxxx>
• [nft PATCH] xt: Fix for covscan warning in xt_stmt_xlate()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] json: Fix memleak in dup_stmt_json()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] parser_json: Fix for ineffective family value checks
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] libnftables: Fix memleak in nft_parse_bison_filename()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] Fix memleak in netlink_parse_fwd() error path
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf-next] netfilter: nft_flow_offload: remove secpath check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf v2] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_flow_table: remove unnecessary parameter of nf_flow_table_cleanup()
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [nft PATCH 7/8] monitor: Use libnftables JSON output
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 4/8] monitor: Drop fake XML support
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 0/8] monitor: Use libnftables for JSON output
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/8] tests/py: Add missing JSON bits for inet/meta.t
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 6/8] monitor: Fix printing of ct objects
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 2/8] json: Drop unused symbolic_constant_json() stub
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 8/8] tests: monitor: Test JSON output as well
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 5/8] monitor: Drop 'update table' and 'update chain' cases
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 3/8] json: Add ct timeout support
  • From: Phil Sutter <phil@xxxxxx>
• Re: spinlock'ing of "struct nf_conn"->custom_buffer_ptr within xt_match.match callback
  • From: Florian Westphal <fw@xxxxxxxxx>
• spinlock'ing of "struct nf_conn"->custom_buffer_ptr within xt_match.match callback
  • From: Oleh Danilovskyi <oleh.danilovskyi@xxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: xt_TEE: add missing code to get interface index in checkentry.
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [iptables PATCH] xtables: Remove target_maxnamelen field
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [PATCH nf-next v4] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: xt_TEE: fix wrong interface selection
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: xt_TEE: add missing code to get interface index in checkentry.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: nft_compat: do not dump private area
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_osf: simplify xt_osf_match_packet()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: xt_TEE: add missing code to get interface index in checkentry.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: set proper error cause on existing elements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: xfrm: use state family, not hook one
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] segtree: incorrect handling of last element in get_set_decompose()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/3] mnl: remove alloc_nftnl_set()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] src: remove netlink_flush_chain()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/3] src: remove netlink_flush_table()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 06/31] netfilter: nf_tables: add xfrm expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] mnl: remove alloc_nftnl_rule()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 06/31] netfilter: nf_tables: add xfrm expression
  • From: Eyal Birger <eyal.birger@xxxxxxxxx>
• Re: [iptables] extensions: Add tests and description for xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables] extensions: Add tests and description for xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next v4] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH nf] netfilter: nft_osf: output hook is not valid anymore
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH net-next] netfilter: cttimeout: remove set but not used variable 'l3num'
  • From: YueHaibing <yuehaibing@xxxxxxxxxx>
• Re: [iptables] extensions: Add tests and description for xt_quota module
  • From: Maciej Żenczykowski <maze@xxxxxxxxxx>
• [iptables] extensions: Add tests and description for xt_quota module
  • From: Chenbo Feng <chenbofeng.kernel@xxxxxxxxx>
• [PATCH net-next 2/3] net: act_tunnel_key: support for tunnel type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/3] ip_tunnel: add type field to struct ip_tunnel_info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/3] netfilter: nft_tunnel: support for tunnel type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_compat: do not dump private area
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables] extensions: cgroup: fix option parsing for v2
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [PATCH 07/11] UAPI: netfilter: Fix symbol collision issues [ver #2]
  • From: David Howells <dhowells@xxxxxxxxxx>
• Re: iptables (nf_tables) error when negating an interface and using protocol port - works fine with classic iptables
  • From: Florian Westphal <fw@xxxxxxxxx>
• iptables (nf_tables) error when negating an interface and using protocol port - works fine with classic iptables
  • From: Pedretti Fabio <pedretti.fabio@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [PATCH 00/31] Netfilter updates for net-next
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] extensions: libxt_quota: Allow setting the remaining quota
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/31] netfilter: nf_tables: rt: allow checking if dst has xfrm attached
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 05/31] netfilter: remove obsolete need_conntrack stub
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/31] netfilter: ctnetlink: Support L3 protocol-filter on flush
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/31] netfilter: nf_tables: warn when expr implements only one of activate/deactivate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/31] netfilter: xt_cgroup: shrink size of v2 path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/31] netfilter: xtables: avoid BUG_ON
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 12/31] netfilter: cttimeout: remove superfluous check on layer 4 netlink functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 13/31] netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/31] netfilter: nf_tables: avoid BUG_ON usage
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/31] netfilter: nf_tables: asynchronous release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 15/31] netfilter: conntrack: remove the l4proto->new() function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 11/31] netfilter: nf_nat_ipv4: remove obsolete EXPORT_SYMBOL
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 18/31] netfilter: conntrack: remove error callback and handle icmp from core
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 17/31] netfilter: conntrack: avoid using ->error callback if possible
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 14/31] netfilter: conntrack: pass nf_hook_state to packet and error handlers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 22/31] netfilter: nat: remove duplicate skb_is_nonlinear() in __nf_nat_mangle_tcp_packet()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 23/31] netfilter: nf_tables: use rhashtable_walk_enter instead of rhashtable_walk_init
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 21/31] netfilter: conntrack: clamp l4proto array size at largers supported protocol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 19/31] netfilter: conntrack: remove unused proto arg from netns init functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 24/31] netfilter: ctnetlink: must check mark attributes vs NULL
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 20/31] netfilter: conntrack: remove l3->l4 mapping information
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 29/31] netfilter: nf_tables: use rhashtable_lookup() instead of rhashtable_lookup_fast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 27/31] netfilter: nf_tables: add requirements for connsecmark support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 31/31] netfilter: xt_quota: Don't use aligned attribute in sizeof
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 30/31] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 28/31] netfilter: nf_flow_table: remove unnecessary nat flag check code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 25/31] netfilter: masquerade: don't flush all conntracks if only one address deleted on device
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 26/31] netfilter: nf_tables: add SECMARK support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 16/31] netfilter: conntrack: deconstify packet callback skb pointer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/31] netfilter: nf_tables: add xfrm expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/31] netfilter: nf_tables: split set destruction in deactivate and destroy phase
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/31] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_quota: Don't use aligned attribute in sizeof
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] nftables: add support for setting secmark
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v3] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH] netfilter: xt_quota: Don't use aligned attribute in sizeof
  • From: Nathan Chancellor <natechancellor@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_nat_snmp_basic: add missing helper alias name
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 2/2] netfilter: xt_TEE: add missing code to get interface index in checkentry.
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 1/2] netfilter: xt_TEE: fix wrong interface selection
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 0/2] netfilter: xt_TEE: fix bugs in xt_TEE
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 2/2] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 1/2] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf 0/2] netfilter: ipt_CLUSTERIP: fix bugs in ipt_CLUSTERIP
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [PATCH] openvswitch: load NAT helper
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Jakub Kicinski <jakub.kicinski@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v3] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH nf-next v3] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RFC,net-next 1/3] ip_tunnel: add type field to struct ip_tunnel_info
  • From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
• [PATCH nf-next v3] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH RFC,net-next 1/3] ip_tunnel: add type field to struct ip_tunnel_info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH RFC,net-next 1/3] ip_tunnel: add type field to struct ip_tunnel_info
  • From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH RFC,net-next 3/3] netfilter: nft_tunnel: support for tunnel type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH RFC,net-next 2/3] net: act_tunnel_key: support for tunnel type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH RFC,net-next 0/3] ip_tunnel: specify tunnel type via template
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH RFC,net-next 1/3] ip_tunnel: add type field to struct ip_tunnel_info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft 4/4] mnl: remove alloc_nftnl_chain()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/4] src: get rid of netlink_genid_get()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/4] netlink: remove markup json parsing code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 0/4] assorted updates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/4] mnl: remove alloc_nftnl_table()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: stop iteration on existing elements in case closing range is found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] rule: fix memleak in do_get_setelems()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] tests: shell: Test 'get element' command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: memleak in get_set_decompose()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: disantangle get_set_interval_end()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Maciej Żenczykowski <maze@xxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 14/16] netfilter: Replace spin_is_locked() with lockdep
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• [PATCH 14/16] netfilter: Replace spin_is_locked() with lockdep
  • From: Lance Roy <ldr709@xxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Chenbo Feng <fengc@xxxxxxxxxx>
• Re: [PATCH nft] doc: Document ct timeout support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Chenbo Feng <fengc@xxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Maciej Żenczykowski <maze@xxxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
• Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] Revert "openvswitch: Fix template leak in error cases."
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH net-next] netfilter: xt_quota: fix the behavior of xt_quota module
  • From: Chenbo Feng <chenbofeng.kernel@xxxxxxxxx>
• [PATCH iptables] extensions: libxt_quota: Allow setting the remaining quota
  • From: Chenbo Feng <chenbofeng.kernel@xxxxxxxxx>
• [PATCH net-next iptables] Rework the xt_quota module
  • From: Chenbo Feng <chenbofeng.kernel@xxxxxxxxx>
• Re: [PATCH] Revert "openvswitch: Fix template leak in error cases."
  • From: Joe Stringer <joe@xxxxxxx>
• Re: [PATCH 0/6] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH 4/6] netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/6] netfilter: avoid erronous array bounds warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/6] netfilter: xt_socket: check sk before checking for netns.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/6] netfilter: conntrack: get rid of double sizeof
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/6] netfilter: nft_osf: use enum nft_data_types for nft_validate_register_store
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/6] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/6] netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: __nf_register_net_hook jump label splat
  • From: Borislav Petkov <bp@xxxxxxxxx>
• Re: [PATCH] netfilter: ipset: export indexes via netlink
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf] netfilter: nft_set_rbtree: allow loose matching of closing intervals
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] segtree: bogus range via get set element on existing elements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: ipset: export indexes via netlink
  • From: Florent Fourcot <florent.fourcot@xxxxxxxxxx>
• Re: __nf_register_net_hook jump label splat
  • From: Borislav Petkov <bp@xxxxxxxxx>
• Re: __nf_register_net_hook jump label splat
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft] include: add missing xfrm.h to Makefile.am
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] include: add missing xfrm.h to Makefile.am
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH 2/2 nft] doc: osf: add ttl option to man page
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• __nf_register_net_hook jump label splat
  • From: Borislav Petkov <bp@xxxxxxxxx>
• [PATCH nf-next v2] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH libnftnl] expr: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH 2/2 nft] doc: osf: add ttl option to man page
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH 1/2 nft v2] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH] Revert "openvswitch: Fix template leak in error cases."
  • From: Flavio Leitner <fbl@xxxxxxxxxx>
• [PATCH] openvswitch: load NAT helper
  • From: Flavio Leitner <fbl@xxxxxxxxxx>
• [nft PATCH] tests: shell: Test 'get element' command
  • From: Phil Sutter <phil@xxxxxx>
• Re: [netfilter-core] [PATCH 07/11] UAPI: netfilter: Fix symbol collision issues [ver #2]
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: avoid erronous array bounds warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: masquerade: don't flush all conntracks if only one address deleted on device
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: use rhashtable_lookup() instead of rhashtable_lookup_fast()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_flow_table: remove unnecessary nat flag check code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 1/2] netfilter: nf_tables: add SECMARK support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] Conntrack l4 protocol helper for GRE has no GRE/IPv6 support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: check if the socket netns is correct.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: check if the socket netns is correct.
  • From: Guenter Roeck <linux@xxxxxxxxxxxx>
• Re: [PATCH] netfilter: check if the socket netns is correct.
  • From: Flavio Leitner <fbl@xxxxxxxxxx>
• Re: [PATCH] netfilter: check if the socket netns is correct.
  • From: Guenter Roeck <linux@xxxxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: nft: Dubious code in get_set_decompose() of src/segtree.c
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft: Dubious code in get_set_decompose() of src/segtree.c
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Contribution of a GRE Module
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH 0/5] Fix and improve for 0021prio_0 in tests/shell
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: bpfilter breaks IPT_SO_GET_INFO
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [libnftnl PATCH] expr: xfrm: Fix for unused variable warning
  • From: Máté Eckl <ecklm94@xxxxxxxxx>
• Re: [libnftnl PATCH] expr: xfrm: Fix for unused variable warning
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [libnftnl PATCH] expr: xfrm: Fix for unused variable warning
  • From: Phil Sutter <phil@xxxxxx>
• nft: Dubious code in get_set_decompose() of src/segtree.c
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 2/5] tests: shell: Fix indenting in 0021prio_0
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/5] parser_bison: Fix for chain prio name 'out'
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 5/5] tests: shell: Improve performance of 0021prio_0
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 4/5] tests: shell: Improve gen_chains() in 0021prio_0
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 3/5] tests: shell: Drop one-time use variables in 0021prio_0
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 0/5] Fix and improve for 0021prio_0 in tests/shell
  • From: Phil Sutter <phil@xxxxxx>
• Contribution of a GRE Module
  • From: Alexandre Connat <alc@xxxxxxx>
• Re: [libnftnl PATCH] expr: xfrm: Fix for unused variable warning
  • From: Florian Westphal <fw@xxxxxxxxx>
• [libnftnl PATCH] expr: xfrm: Fix for unused variable warning
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/6] libxtables: Check extension real_name length
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 6/6] nft-shared: Use xtables_calloc()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/6] libiptc: NULL-terminate errorname
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 0/6] Follow-up to covscan fixes
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 5/6] arptables: Use the shared nft_ipv46_parse_target()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 4/6] Combine parse_target() and command_jump() implementations
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 3/6] Combine command_match() implementations
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf] netfilter: avoid erronous array bounds warning
  • From: David Ahern <dsahern@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: use rhashtable_lookup() instead of rhashtable_lookup_fast()
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_flow_table: remove unnecessary nat flag check code
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf] netfilter: avoid erronous array bounds warning
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH 20/28] Sanitize calls to strcpy()
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH 20/28] Sanitize calls to strcpy()
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH 20/28] Sanitize calls to strcpy()
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: kbuild test robot <lkp@xxxxxxxxx>
• [PATCH v3 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH v3 1/2] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH v2 1/2] netfilter: nf_tables: add SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2 1/2] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH v2 1/2] netfilter: nf_tables: add SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 1/2] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 2/2] netfilter: nf_tables: add requirements for connsecmark support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ctnetlink: must check mark attributes vs NULL
  • From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
• Re: change netfilter packet flow
  • From: Máté Eckl <ecklm94@xxxxxxxxx>
• change netfilter packet flow
  • From: "morteza1131@xxxxxxxxx" <morteza1131@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ctnetlink: must check mark attributes vs NULL
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] doc: Re-work RULES:add/insert/replace to read better.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] doc: Re-work RULES:add/insert/replace to read better.
  • From: Phil Sutter <phil@xxxxxx>
• How to contribute to netfilter.org/documentation?
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH net-next 0/3] net: wean netfilter from fib_nh
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH] doc: Re-work RULES:add/insert/replace to read better.
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: ctnetlink: must check mark attributes vs NULL
  • From: Florian Westphal <fw@xxxxxxxxx>
• general protection fault in ctnetlink_alloc_filter
  • From: syzbot <syzbot+e45eda8eda6e93a03959@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net-next 0/3] net: wean netfilter from fib_nh
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH net-next 0/3] net: wean netfilter from fib_nh
  • From: dsahern@xxxxxxxxxx
• [PATCH net-next 2/3] netfilter: rpfilter: Convert rpfilter_lookup_reverse to new dev helper
  • From: dsahern@xxxxxxxxxx
• [PATCH net-next 3/3] netfilter: nft_fib: Convert nft_fib4_eval to new dev helper
  • From: dsahern@xxxxxxxxxx
• [PATCH net-next 1/3] net/ipv4: Move device validation to helper
  • From: dsahern@xxxxxxxxxx
• Re: [PATCH nf-next] netfilter: nat: remove duplicate skb_is_nonlinear() in __nf_nat_mangle_tcp_packet()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: use rhashtable_walk_enter instead of rhashtable_walk_init
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_osf: use enum nft_data_types for nft_validate_register_store
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: conntrack: get rid of double sizeof
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl v2] obj: ct_timeout: fix error in building tests
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: netfilter: conntrack: remove indirect err call from l4proto trackers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] nftables: add support for setting secmark
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH] libnftnl: add support for new secmark object
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH] netfilter: nf_tables: add SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [iptables PATCH 0/3] Merge legacy save and restore implementations
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/3] ip6tables-restore: Merge into iptables-restore.c
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/3] libiptc: Extend struct xtc_ops
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 3/3] ip6tables-save: Merge into iptables-save.c
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 27/28] xtables: Drop pointless check
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 08/28] libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 12/28] libiptc: Simplify alloc_handle() function signature
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 05/28] ip{,6}tables-restore: Fix for uninitialized array 'curtable'
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 25/28] xtables: Don't read garbage in nft_ipv4_parse_payload()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 09/28] libxt_conntrack: Avoid potential buffer overrun
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 26/28] arptables: Fix incorrect strcmp() in nft_arp_rule_find()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 20/28] Sanitize calls to strcpy()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 00/28] Another round of covscan fixes
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 07/28] libxt_LED: Avoid string overrun while parsing led-trigger-id
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 21/28] nft-arp: Drop ineffective conditional
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 01/28] nfnl_osf: Drop pointless check in xt_osf_strchr()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 18/28] Share print_ipv{4,6}_addr() from xtables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 16/28] iptables-apply: Quote strings passed to echo
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 03/28] libxtables: Integrate getethertype.c from xtables core
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 13/28] libxtables: Avoid calling memcpy() with NULL source
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 06/28] xtables: Remove unused variable in nft_is_table_compatible()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 23/28] Fix a few cases of pointless assignments
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 10/28] libxt_ipvs: Avoid potential buffer overrun
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 04/28] Mark fall through cases in switch() statements
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 15/28] nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 24/28] libxtables: Use posix_spawn() instead of vfork()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 17/28] iptables-apply: Replace signal numbers by names
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 28/28] iptables: Gitignore xtables-{legacy,nft}-multi scripts
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 14/28] libxtables: Don't read garbage in xtables_strtoui()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 02/28] xtables: Fix for wrong assert() in __nft_table_flush()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 22/28] extensions: libebt_ip{,6}: Drop pointless error checking
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 11/28] libxt_time: Drop initialization of variable 'year'
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 19/28] iptables: Use print_ifaces() from xtables
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH] netfilter: conntrack: get rid of double sizeof
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH] netfilter: conntrack: get rid of double sizeof
  • From: zhong jiang <zhongjiang@xxxxxxxxxx>
• Re: bpfilter breaks IPT_SO_GET_INFO
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: bpfilter breaks IPT_SO_GET_INFO
  • From: Michal Kubecek <mkubecek@xxxxxxx>
• [PATCH libnftnl v2] obj: ct_timeout: fix error in building tests
  • From: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Announcing Netdev 0x13 conference
  • From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
• Re: SECMARK support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: [PATCH nf-next] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH] netfilter: nft_osf: use enum nft_data_types for nft_validate_register_store
  • From: Stefan Agner <stefan@xxxxxxxx>
• Re: SECMARK support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 4.14 095/126] inet: frags: Convert timers to use timer_setup()
  • From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
• Re: [iptables PATCH] libxt_string: Fix array out of bounds check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] nft_osf: Add ttl option support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH nft 4/5] src: rename meta secpath to meta ipsec
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 3/5] src: rt: add support to check if route will perform ipsec transformation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 2/5] expr: add xfrm support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 1/5] expr: rt: ipsec match support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] nft.8: Update meta pkt_type value description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] doc: Review man page building in Makefile.am
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH] xtables-save: Ignore uninteresting tables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net] netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
  • From: dsahern@xxxxxxxxxx
• [iptables PATCH] libxt_string: Fix array out of bounds check
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf-next] netfilter: nf_nat_ipv4: remove obsolete EXPORT_SYMBOL
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: remove obsolete need_conntrack stub
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xtables: avoid BUG_ON
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: avoid BUG_ON usage
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next v2 7/8] netfilter: conntrack: remove l3->l4 mapping information
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] conntrack: Support L3 protocol-filter on flush
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: add xfrm expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: remove obsolete need_conntrack stub
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/3] netfilter: nf_tables: remove last synchronize_rcu from config path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: rt: allow checking if dst has xfrm attached
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH nft] src: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH libnftnl] expr: osf: add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• [PATCH nf-next] nft_osf: Add ttl option support
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• SECMARK support
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• KMSAN: uninit-value in strlcpy (2)
  • From: syzbot <syzbot+c86cf7903306a6c201ba@xxxxxxxxxxxxxxxxxxxxxxxxx>
• KMSAN: uninit-value in do_ip_vs_set_ctl
  • From: syzbot <syzbot+23b5f9e7caf61d9a3898@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [nft PATCH] Review numeric/literal options and related docs
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] doc: Review man page building in Makefile.am
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] nft.8: Update meta pkt_type value description
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
  • From: kbuild test robot <lkp@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: use rhashtable_walk_enter instead of rhashtable_walk_init
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH v3 04/30] inet: frags: Convert timers to use timer_setup()
  • From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
• Re: [iptables PATCH 0/5] Fix for bugs indicated by covscan
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH 0/4] Apply some recent changes to JSON output
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] Conntrack l4 protocol helper for GRE has no GRE/IPv6 support
  • From: Ignatius Cheng <ignatich1212@xxxxxxxxx>
• [PATCH v2 04/30] inet: frags: Convert timers to use timer_setup()
  • From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nat: remove duplicate skb_is_nonlinear() in __nf_nat_mangle_tcp_packet()
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• [PATCH nf-next 8/8] netfilter: conntrack: clamp l4proto array size at largers supported protocol
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 6/8] netfilter: conntrack: remove unused proto arg from netns init functions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 5/8] netfilter: conntrack: remove error callback and handle icmp from core
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 4/8] netfilter: conntrack: avoid using ->error callback if possible
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/8] netfilter: conntrack: deconstify packet callback skb pointer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/8] netfilter: conntrack: remove the l4proto->new() function
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/8] netfilter: conntrack: pass nf_hook_state to packet and error handlers
  • From: Florian Westphal <fw@xxxxxxxxx>
• netfilter: conntrack: remove indirect err call from l4proto trackers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 00/12] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH 04/29] inet: frags: Convert timers to use timer_setup()
  • From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
• [nft PATCH 4/4] tests/py: Fix JSON for icmp*.t
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 2/4] json: Make inet_service_type_json() respect literal level
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/4] json: Fix datatype_json() for literal level
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 0/4] Apply some recent changes to JSON output
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 3/4] json: Print range expressions numerically
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf-next] netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6}
  • From: Taehee Yoo <ap420073@xxxxxxxxx>
• Re: [nft PATCH 1/2] tests/py: Check differing rule output for sanity
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH 1/2] tests/py: Check differing rule output for sanity
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: cttimeout: remove superfluous check on layer 4 netlink functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/12] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/12] netfilter: xt_checksum: ignore gso skbs
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 05/12] netfilter: nf_tables: rework ct timeout set support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/12] netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 12/12] netfilter: xt_hashlimit: use s->file instead of s->private
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/12] netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 11/12] netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/12] netfilter: conntrack: reset tcp maxwin on re-register
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/12] netfilter: kconfig: nat related expression depend on nftables core
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/12] netfilter: nf_tables: release chain in flushing set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/12] netfilter: conntrack: place 'new' timeout in first location too
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/12] netfilter: xt_cluster: add dependency on conntrack module
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/12] netfilter: conntrack: remove duplicated include from nf_conntrack_proto_udp.c
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [Patch nf] xt_hashlimit: use s->file instead of s->private
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 nf] netfilter: conntrack: reset tcp maxwin on re-register
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [iptables PATCH 3/5] ebtables: Fix for potential array boundary overstep
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 4/5] libxt_string: Avoid potential array out of bounds access
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 0/5] Fix for bugs indicated by covscan
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/5] libiptc: Avoid side-effect in memset() calls
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/5] libxtables: Fix potential array overrun in xtables_option_parse()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 5/5] extensions: REJECT: Merge reject tables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH] xtables-save: Ignore uninteresting tables
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH 07/11] UAPI: netfilter: Fix symbol collision issues [ver #2]
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [nft PATCH] src: Fix literal check for inet_service type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH] src: Fix literal check for inet_service type
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH] xtables: Accept --wait in iptables-nft-restore
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] xtables-restore: Fix flushing referenced custom chains
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] xtables: Don't check all rules for being compatible
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH] json: Fix compile error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] json: Fix compile error
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH] xtables: Don't check all rules for being compatible
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf-next] netfilter: nf_nat_ipv4: remove obsolete EXPORT_SYMBOL
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH] netfilter: masquerade: don't flush all conntracks if only one address deleted on device
  • From: Tan Hu <tan.hu@xxxxxxxxxx>
• [iptables PATCH v2] xtables-restore: Fix flushing referenced custom chains
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH] xtables-restore: Fix flushing referenced custom chains
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH 07/11] UAPI: netfilter: Fix symbol collision issues [ver #2]
  • From: David Howells <dhowells@xxxxxxxxxx>
• [RFC] UAPI: Check headers by compiling all together as C++
  • From: David Howells <dhowells@xxxxxxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: Yann Droneaud <ydroneaud@xxxxxxxxxx>
• Re: [Patch nf] xt_hashlimit: use s->file instead of s->private
  • From: Sami Farin <hvtaifwkbgefbaei@xxxxxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• Re: [Patch nf] xt_hashlimit: use s->file instead of s->private
  • From: Christoph Hellwig <hch@xxxxxx>
• [Patch nf] xt_hashlimit: use s->file instead of s->private
  • From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: Yann Droneaud <ydroneaud@xxxxxxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: David Howells <dhowells@xxxxxxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
• [iptables PATCH] xtables: Accept --wait in iptables-nft-restore
  • From: Phil Sutter <phil@xxxxxx>
• Re: [RFC] UAPI: Check headers by compiling all together as C++
  • From: Greg KH <greg@xxxxxxxxx>
• [PATCH 06/11] UAPI: netfilter: Fix symbol collision issues
  • From: David Howells <dhowells@xxxxxxxxxx>
• [RFC] UAPI: Check headers by compiling all together as C++
  • From: David Howells <dhowells@xxxxxxxxxx>
• [PATCH nft 5/5] src: add ipsec (xfrm) expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 4/5] src: rename meta secpath to meta ipsec
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl 1/5] expr: rt: ipsec match support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 3/5] src: rt: add support to check if route will perform ipsec transformation
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl 2/5] expr: add xfrm support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl,nft] ipsec matching support
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft 3/4] src: tproxy: relax family restrictions
  • From: Máté Eckl <ecklm94@xxxxxxxxx>
• [PATCH nft] doc: Document ct timeout support
  • From: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
• [PATCH] obj: ct_timeout: fix error in building tests
  • From: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
• [PATCH iptables] extensions: add cgroup revision 2
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_cgroup: shrink size of v2 path
  • From: Tejun Heo <tj@xxxxxxxxxx>
• [PATCH nf-next] netfilter: xtables: avoid BUG_ON
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: avoid BUG_ON usage
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] proto: fix icmp/icmpv6 code datatype
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_cgroup: shrink size of v2 path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 1/2] tests/py: Check differing rule output for sanity
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH ipset v3] Validate string type attributes in attr2data()
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• [PATCH] conntrack: Support L3 protocol-filter on flush
  • From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: add xfrm expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] tests: fix json output for osf, socket and tproxy expressions
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH 1/2] tests/py: Check differing rule output for sanity
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 2/2] tests/py: Make nft-test.py a little more robust
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>