Linux TCP/IP Netfilter Devel

• Thread Index

• Re: [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 1/2] doc: update meta expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH conntrack-tools] conntrackd: cthelper: Add new mdns helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/2] doc: update meta expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 2/2 nft] doc: nft: document log, reject, counter, meta, limit, nat and queue statements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/2 nft] doc: nft: add my copyright statement to the manpage
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Network namespace and neighboring subsystem problem
  • From: Tugrul Erdogan <h.tugrul.erdogan@xxxxxxxxx>
• [PATCH v2 nf-next] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: xt_TEE: Add the missed return value check in tee_tg_check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_TEE: Add the missed return value check in tee_tg_check
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: numgen: add increment counter offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v6 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v3 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: nft_dynset: allow to invert match criteria
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft] Using variable sized data types in concat expressions
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_chain_route: re-route before skb is queued to userspace
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 2/2 nf-next] netfilter: ftp: Remove the useless codes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 1/2 nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 net-next 2/2] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 net-next 1/2] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/2] netfilter: correct allowed characters in Call-ID SIP header
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 00/29] Netfilter updates for net-next
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Will Deacon <will.deacon@xxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf-next] netfilter: nft_queue: check the validation of queues_total and queuenum
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nf_conntrack: remove unused ctl_table_path member in nf_conntrack_l3proto
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nft_chain_route: re-route before skb is queued to userspace
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Phil Sutter <phil@xxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 3/3] tests: py: any: Remove duplicate tests
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [NetDev] [ANNOUNCE] Netdev 1.2 weekly updates (6th September, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] ERROR: "__invalid_xchg_size" [net/netfilter/nft_counter.ko] undefined!
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] net/netfilter/nft_counter.c:67:16: note: in expansion of macro 'xchg'
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] net/netfilter/nft_counter.c:72:21: error: call to '__xchg_wrong_size' declared with attribute error: Bad argument size for xchg
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• Re: [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH v3 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/3] tests: py: any: Make tests more generic by using other interfaces
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• [PATCH 1/3] tests: py: nft-tests.py: Add function for loading and removing kernel modules
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• [PATCH 3/3] tests: py: any: Remove duplicate tests
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• Re: [PATCH 02/29] netfilter: physdev: add missed blank
  • From: Joe Perches <joe@xxxxxxxxxxx>
• Re: [PATCH 2/3] conntrackd: cthelper: ftp: Fix debug print
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3] conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v3] xtables-translate-restore: do not escape quotes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 3/4] stmt_evaluate_reset: Have a generic fix for missing network context
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/2 nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH 2/2 nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [conntrack-tools PATCH 4/4 v2] doc/manual/conntrack-tools: include some bits about init systems
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 3/4] conntrackd.8: add reference to systemd
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 2/4] conntrackd.8: refresh file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 1/4] src/main: refresh help message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/29] netfilter: nf_tables: rename set implementations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/29] netfilter: physdev: add missed blank
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/29] netfilter: use_nf_conn_expires helper in more places
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/29] netfilter: nf_conntrack: restore nf_conntrack_htable_size as exported symbol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/29] netfilter: remove ip_conntrack* sysctl compat code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 11/29] netfilter: nf_tables: add quota expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 12/29] netfilter: nf_tables: add number generator expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 13/29] netfilter: fix spelling mistake: "delimitter" -> "delimiter"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 15/29] netfilter: nf_tables: typo in trace attribute definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 16/29] netfilter: nf_tables: introduce nft_chain_parse_hook()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 18/29] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 19/29] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 14/29] netfilter: nft_hash: fix non static symbol warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 21/29] netfilter: restart search if moved to other chain
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 17/29] netfilter: nf_tables: reject hook configuration updates on existing chains
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 23/29] netfilter: conntrack: get rid of conntrack timer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 22/29] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 29/29] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 27/29] netfilter: remove __nf_ct_kill_acct helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 28/29] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 20/29] netfilter: nf_tables: Use nla_put_be32() to dump immediate parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 24/29] netfilter: evict stale entries on netlink dumps
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 25/29] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 26/29] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/29] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/29] netfilter: nf_tables: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 05/29] ipvs: use nf_ct_kill helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/29] netfilter: conntrack: Only need first 4 bytes to get l4proto ports
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/29] netfilter: nf_dup4: remove redundant checksum recalculation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/29] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] expr: hash: Add offset to hash value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [conntrack-tools PATCH 4/4 v2] doc/manual/conntrack-tools: include some bits about init systems
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [PATCH conntrack-tools] conntrackd: cthelper: Add new mdns helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH v3 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nft_quota: introduce nft_overquota()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: nft_quota: fix overquota logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2] netfilter: nft_numgen: rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH libnftnl] trace: use get_u32 to parse NFPROTO and POLICY attribute
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] trace: use get_u32 to parse NFPROTO and POLICY attribute
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables] extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] include: resync nf_tables.h cache copy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_numgen: add counter offset value and rename until by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] expr: numgen: add counter offset value and rename until by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] netfilter: nft_numgen: add counter offset value and rename until by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 2/2 nf-next] netfilter: seqadj: print the warning log when fail to add seqadj extension
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Boqun Feng <boqun.feng@xxxxxxxxx>
• [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH 2/2 nf-next] netfilter: seqadj: print the warning log when fail to add seqadj extension
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Will Deacon <will.deacon@xxxxxxx>
• [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 6/7] net/netfilter/nf_conntrack_core: Remove barriers after spin_unlock_wait
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 5/7] net/netfilter/nf_conntrack_core: Fix memory barriers.
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [RFC 1/9] ipv6: implement dataplane support for rthdr type 4 (Segment Routing Header)
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v2 2/2 nf-next] netfilter: ftp: Remove the useless codes
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v2 1/2 nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [RFC 3/3] conntrackd: cthelper: ssdp: Track UPnP eventing
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 2/3] conntrackd: cthelper: ftp: Fix debug print
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 1/3] conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nft] evaluate: display expression, statement and command name on debug
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 5/5] net/netfilter/nf_conntrack_core: update memory barriers.
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH 5/5] net/netfilter/nf_conntrack_core: update memory barriers.
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH iptables v3] xtables-translate-restore: do not escape quotes
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• Re: [PATCH 0/7] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [conntrack-tools PATCH 4/4] doc/manual/conntrack-tools: include some bits about init systems
  • From: Rami Rosen <roszenrami@xxxxxxxxx>
• [nf-next:master 8/29] ERROR: "nf_conntrack_htable_size" [net/ipv4/netfilter/nf_conntrack_ipv4.ko] undefined!
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [PATCH libnftnl] set: fix incorrect maximum set description attribute
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 0/4] A round of covscan indicated fixes
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 3/4] stmt_evaluate_reset: Have a generic fix for missing network context
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables v3 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH 2/2] netfilter: correct allowed characters in Call-ID SIP header
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH libnftnl] expr: numgen: add missing nftnl_expr_ng_cmp()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [conntrack-tools PATCH 4/4] doc/manual/conntrack-tools: include some bits about init systems
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 3/4] conntrackd.8: add reference to systemd
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 2/4] conntrackd.8: refresh file
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 1/4] src/main: refresh help message
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [PATCH 0/7] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 7/7] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/7] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/7] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/7] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/7] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/7] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/7] netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] meta: fix memory leak in tc classid parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: py: adapt netlink bytecode output of numgen and hash
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 1/3] expr: numgen: use switch to handle numgen types from snprintf
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 3/3] expr: hash: missing trailing space and modulus in hexadecimal in snprintf
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 2/3] expr: numgen: add missing trailing whitespace
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 3/3] extensions: libip[6]t_REDIRECT: use new nft syntax when do xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 1/3] extensions: libipt_DNAT/SNAT: fix "OOM" when do translation to nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: netfilter: get rid of per-object conntrack timers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [NetDev] [ANNOUNCE] Netdev 1.2 weekly updates (30th August, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH nft 7/8] parser_bison: add variable_expr rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 8/8] parser_bison: allow variable references in set elements definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 6/8] evaluate: validate maximum hash and numgen value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 4/8] src: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 5/8] evaluate: add expr_evaluate_integer()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/8] src: add numgen expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/8] src: add quota statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/8] tests: py: adapt this to new add element command semantics
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: allow variable references in set elements definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf-next] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 3/3] extensions: libip[6]t_REDIRECT: use new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 1/3] extensions: libipt_DNAT/SNAT: fix "OOM" when do translation to nft
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft] meta: fix memory leak in tc classid parser
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH iptables v3 1/2] xtables-compat: check if nft ruleset is compatible
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RESEND nf] netfilter: avoid a race between nf_register_hook() and cleanup_net()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables v3 2/2] xtables-compat: add rule cache
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v3 1/2] xtables-compat: check if nft ruleset is compatible
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: Use nla_put_be32() to dump immediate parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH v3 nf-next 5/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v3 nf-next 6/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3 net-next 2/2] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v3 net-next 1/2] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2 2/2] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v3 nf-next 7/7] netfilter: remove __nf_ct_kill_acct helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 6/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 4/7] netfilter: evict stale entries on netlink dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 5/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 3/7] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 2/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 1/7] netfilter: restart search if moved to other chain
  • From: Florian Westphal <fw@xxxxxxxxx>
• netfilter: get rid of per-object conntrack timers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v4] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 3/3] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/3] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/3] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 3/7] netfilter: evict stale entries on netlink dumps
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 2/7] netfilter: conntrack: get rid of conntrack timer
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 1/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [ANNOUNCE] Netdev 1.2 weekly updates (24th August, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• Re: [PATCH libnftnl] expr: data_reg: Fix DATA_CHAIN comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/4] src: add create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/4] src: create element command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/4] tests: shell: cover add and create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 4/4] tests: shell: cover add and create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 7/7] netfilter: restart search if moved to other chain
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH libnftnl] expr: data_reg: Fix DATA_CHAIN comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH nf-next 7/7] netfilter: restart search if moved to other chain
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 6/7] netfilter: remove __nf_ct_kill_acct helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 5/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 3/7] netfilter: evict stale entries on netlink dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 2/7] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 1/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 0/7] netfilter: get rid of per-object conntrack timers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2 iptables] iptables-restore: add missing arguments to usage message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/2 nf-next] netfilter: nf_tables: introduce nft_chain_parse_hook()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/2 nf-next] netfilter: nf_tables: reject hook configuration updates on existing chains
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: explicit indication on export ruleset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] dynset prefix support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v2 iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-translate-restore: do not escape quotes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
• [PATCH nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v2 2/2 net-next] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] tests: shell: add testcase for reject expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] parser_bison: keep snat/dnat existing syntax unchanged
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/4 V6 nft] Implement deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4 V6 nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 1/2] ct: allow numeric conntrack labels
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] ct: display bit number instead of raw value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: add testcase for reject expr
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft] parser_bison: keep snat/dnat existing syntax unchanged
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: kbuild test robot <lkp@xxxxxxxxx>
• [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v2 1/2] xtables-compat: check if nft ruleset is compatible
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 3/3] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 2/3] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 1/3] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [ANNOUNCE] nfacct 1.0.2 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnetfilter_acct 1.0.3 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] conntrack-tools 1.4.4 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnetfilter_conntrack 1.0.6 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables v2 2/2] xtables-translate-restore: do not escape quotes
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v2 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH nft 1/2] ct: allow numeric conntrack labels
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/2] ct: display bit number instead of raw value
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables 2/3] xtables-compat: check if nft ruleset is compatible
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 1/3] xtables-compat: remove useless functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH -next] netfilter: nft_hash: fix non static symbol warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: fix spelling mistake: "delimitter" -> "delimiter"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: nf_tables: typo in trace attribute definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v5] netfilter: nft_numgen: add number generator expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_dynset: allow to invert match criteria
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH 4/4 V6 nft] parser: Improve syntax errors
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/4 V6 nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/4 V6 nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH iptables 2/3] xtables-compat: check if nft ruleset is compatible
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [PATCH iptables 1/3] xtables-compat: remove useless functions
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables 3/3] xtables-compat: add rule cache
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables 2/3] xtables-compat: check if nft ruleset is compatible
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH nf] netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH -next] netfilter: nft_hash: fix non static symbol warning
  • From: Wei Yongjun <weiyj.lk@xxxxxxxxx>
• [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next 4/6] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next 4/6] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH nf-next 6/6] netfilter: remove __nf_ct_kill_acct helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 5/6] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 4/6] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/6] netfilter: evict stale entries on netlink dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/6] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/6] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/6] conntrack: get rid of per-object timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfacct: setting quotas does not seem to work.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v4] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH iptables 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH] netfilter: fix spelling mistake: "delimitter" -> "delimiter"
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nft_dynset: allow to invert match criteria
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] rule: Fix comparison between rules
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 0/6] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH libnftnl] rule: Fix comparison between rules
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 6/6] netfilter: cttimeout: fix use after free error when delete netns
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/6] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/6] netfilter: conntrack: do not dump other netns's conntrack entries via proc
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/6] netfilter: tproxy: properly refcount tcp listeners
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/6] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/6] netfilter: nfnetlink_acct: report overquota to the right netns
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/6] netfilter: nfnetlink_log: add "nf-logger-3-1" module alias name
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_conntrack: restore nf_conntrack_htable_size as exported symbol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: cttimeout: fix use after free error when delete netns
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH v5] netfilter: nft_numgen: add number generator expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: nfacct: setting quotas does not seem to work.
  • From: Josue Alvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
• [PATCH 3/3 v4 libnftnl] tests: Elimine static variable 'test_ok'
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/3 v4 libnftnl] tests: Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/3 v4 libnftnl] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH libnftnl] expr: hash: Add comparator to hash expression
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH libnftnl] expr: hash: Add comparator to hash expression
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [nf-next:master 8/9] ERROR: "nf_conntrack_htable_size" [net/netfilter/nfnetlink_cttimeout.ko] undefined!
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• linux-next: build failure after merge of the netfilter-next tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: add quota expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v4] netfilter: nft_numgen: add number generator expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: tproxy: properly refcount tcp listeners
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfacct: setting quotas does not seem to work.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/2] netfilter: nfnetlink_acct: report overquota to the right netns
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/2] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: kernel panic TPROXY , vanilla 4.7.1
  • From: Denys Fedoryshchenko <nuclearcat@xxxxxxxxxxxxxx>
• [PATCH net] netfilter: tproxy: properly refcount tcp listeners
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: kernel panic TPROXY , vanilla 4.7.1
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH v4] netfilter: nft_numgen: add number generator expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• ulogd plugin development question
  • From: Tommy Knowlton <tommy.knowlton@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nf_tables: Check for overflow of u8 fields from u32 netlink attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: kernel panic TPROXY , vanilla 4.7.1
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nfnetlink_log: add "nf-logger-3-1" module alias name
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH V3 nf-next] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: do not dump other netns's conntrack entries via proc
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_netdev: set nft_pktinfo field for non-IP traffic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables_netdev: set nft_pktinfo field for non-IP traffic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnetfilter_conntrack] src: Make the library compile under clang
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/3 v5 nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 3/4] proto_find_num: Avoid potential null pointer dereference
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 2/2] xtables-translate-restore: do not escape quotes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3 v5 libnftnl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3] netfilter: nft_numgen: add number generator expression
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v2 libnftnl] expr: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 06/10] scanner: remove range expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 08/10] src: simplify classid printing using %x instead of %04x
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 10/10] parser_bison: redirect to :port for consistency with nat/masq statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 09/10] src: meta priority support using tc classid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 05/10] scanner: allow strings starting by underscores and dots
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 07/10] src: rename datatype name from tc_handle to classid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 04/10] parser_bison: missing token string in QUOTED_ASTERISK and ASTERISK_STRING
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 03/10] src: support for RFC2732 IPv6 address format with brackets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 02/10] src: add 'to' for snat and dnat
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 01/10] src: quote user-defined strings when used from rule selectors
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 00/10 nft] syntax updates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• libipset developer documentation?
  • From: Peter Wu <peter@xxxxxxxxxxxxx>
• Re: [PATCH 2/2 nft] ct: release ct_label table on exit
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 1/2 nft] ct: add missing slash to connlabel path
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 2/2 nft] ct: release ct_label table on exit
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/2 nft] ct: add missing slash to connlabel path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/3 v5 nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/3 v5 nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/3 v5 libnftnl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH iptables 2/2] xtables-translate-restore: do not escape quotes
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• Re: [PATCH 2/3 v3 nft] tests: Use libnftnl comparators in all tests
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3 v4 libnftnl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: allow logging from non-init namespaces
  • From: Michal Kubecek <mkubecek@xxxxxxx>
• [PATCH 3/3 v3 nft] tests: Elimine static variable 'test_ok'
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/3 v3 nft] tests: Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/3 v3 nft] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/3 v4 nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/3 v4 nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/3 v4 libnftnl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [ANNOUNCE] Netdev 1.2 updates (16th August, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• Re: [PATCH nf] netfilter: conntrack: do not dump other netns's conntrack entries via proc
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: conntrack: do not dump other netns's conntrack entries via proc
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH 2/2 v2 libnftnl] test: Use libnftnl comparators in all tests
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/2 v2 libnftnl] test: Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/2 v2 libnftnl] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 2/2 libnfntl] expr: cmp: Use cmp2str() instead of directly access to array
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/2 libnfntl] expr: cmp: Use cmp2str() instead of directly access to array
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 2/2 libnftnl] expr: cmp: Use cmp2str() instead of directly access to array
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2 libnftnl] expr: Improve bound checking in stringification functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/2 libnftnl] expr: cmp: Use cmp2str() instead of directly access to array
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/2 libnftnl] expr: Improve bound checking in stringification functions
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnetfilter_conntrack] src: Make the library compile under clang
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• Re: [PATCH v3] netfilter: nft_numgen: add number generator expression
  • From: kbuild test robot <lkp@xxxxxxxxx>
• [PATCH v2] netfilter: nf_tables: Check for overflow of u8 fields from u32 netlink attributes
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: add number generation expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v3] netfilter: nft_numgen: add number generator expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH nf 1/2] netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 2/2] netfilter: nfnetlink_acct: report overquota to the right netns
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nfnetlink_log: add "nf-logger-3-1" module alias name
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH V3 nf-next] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next,v2] netfilter: remove ip_conntrack* sysctl compat code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/4, V2, libnftnl] tests: Fix wrong expression creation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: remove ip_conntrack* sysctl compat code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: remove ip_conntrack* sysctl compat code
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: add hash expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH 4/4, V2, libnftnl] tests: Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/4, V2, libnftnl] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/4, V2, libnftnl] tests: Fix wrong expression creation
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 2/2, libnftnl] Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 1/2, libnftnl] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [nft PATCH 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 3/4] proto_find_num: Avoid potential null pointer dereference
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 0/4] A round of covscan indicated fixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf-next V2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [libnftnl PATCH] utils: Don't return directly from SNPRINTF_BUFFER_SIZE
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [libnftnl PATCH] utils: Don't return directly from SNPRINTF_BUFFER_SIZE
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH 3/4, V3, nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next V2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: remove ip_conntrack* sysctl compat code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] ipvs: use nf_ct_kill helper
  • From: Simon Horman <horms@xxxxxxxxxxxx>
• Re: [PATCH nf-next V2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH netfilter] extensions/libxt_bpf.man: clarify BPF code generation with tcpdump
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v5] netfilter: nf_tables: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next V2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v2] ipvs: use nf_ct_kill helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_dup4: remove redundant checksum recalculation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: physdev: add missed blank
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: Only need first 4 bytes to get l4proto ports
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 0/7] A bunch of covscan detected fixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 2/7] ruleset: Prevent memleak in nftnl_ruleset_snprintf_*() functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] nf-next: x_tables: Replace kmalloc(s*n) with kmalloc_array(n,s)
  • From: Loganaden Velvindron <logan@xxxxxxxxxx>
• Re: [PATCH] nf-next: x_tables: Replace kmalloc(s*n) with kmalloc_array(n,s)
  • From: Loganaden Velvindron <logan@xxxxxxxxxx>
• Re: [libnftnl PATCH 0/7] A bunch of covscan detected fixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [libnftnl PATCH 2/7] ruleset: Prevent memleak in nftnl_ruleset_snprintf_*() functions
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH 2/4, libnfntl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 0/7] A bunch of covscan detected fixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 0/7] A bunch of covscan detected fixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/3, libnftnl] expr: Fix lookup builder
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3, libnftnl] tests: Add missing tests to test-script.sh
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 5/7] common: Avoid integer overflow in nftnl_batch_is_supported()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl PATCH 2/7] ruleset: Prevent memleak in nftnl_ruleset_snprintf_*() functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 0/5] Check u32 load in u8 attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [libnftnl PATCH 0/7] A bunch of covscan detected fixes
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 3/7] expr/ct: prevent array index overrun in ctkey2str()
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 7/7] ruleset: Initialize ctx.flags before calling nftnl_ruleset_ctx_set()
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 5/7] common: Avoid integer overflow in nftnl_batch_is_supported()
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 6/7] Avoid returning uninitialized data
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 1/7] set: prevent memleak in nftnl_jansson_parse_set_info()
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 4/7] expr/limit: Drop unreachable code in limit_to_type()
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 2/7] ruleset: Prevent memleak in nftnl_ruleset_snprintf_*() functions
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH 2/2, libnftnl] Use libnftnl comparators in all tests
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2, libnftnl] tests: Consolidate printing error utilities
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] nf-next: x_tables: Replace kmalloc(s*n) with kmalloc_array(n,s)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] expr: hash: Jenkins hash expression support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v5] netfilter: nf_tables: add hash expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• nfacct: setting quotas does not seem to work.
  • From: Josue Alvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
• [PATCH 2/2, libnftnl] Use libnftnl comparators in all tests
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/2, libnftnl] tests: Consolidate printing error utilities
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH v4] netfilter: nf_tables: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v4] netfilter: nf_tables: add hash expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH 0/9] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nfnetlink_queue: fix memory leak when attach expectation successfully
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4, V3, libnftnl] rule: Implement internal expression iterator
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/3, libnftnl] expr: Fix lookup builder
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3, libnftnl] tests: Add missing tests to test-script.sh
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nfnetlink_queue: reject verdict request from different portid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4, V3, libnftnl] rule: Implement internal expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/3, libnftnl] expr: Fix lookup builder
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/3, libnftnl] tests: Add missing tests to test-script.sh
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/3, libnftnl] tests: Fix tests for immediate and lookup expressions
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: Add size check on u8 nft_exthdr attributes
  • From: Laura Garcia <nevola@xxxxxxxxx>
• [PATCH] nf-next: x_tables: Replace kmalloc(s*n) with kmalloc_array(n,s)
  • From: Loganaden Velvindron <logan@xxxxxxxxxx>
• Re: [PATCH 1/4, V3, libnftnl] rule: Implement internal expression iterator
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/5] netfilter: nf_tables: Check u32 load in u8 nft_cmp attribute
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH 2/5] netfilter: nf_tables: Check u32 load in u8 nft_byteorder attribute
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] x_tables: Replace kmalloc(s*n) with kmalloc_array(n,s)
  • From: Loganaden Velvindron <logan@xxxxxxxxxx>
• [PATCH 4/5] netfilter: nf_tables: Check u32 load in u8 nft_immediate attribute
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH netfilter] extensions/libxt_bpf.man: clarify BPF code generation with tcpdump
  • From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
• [PATCH 1/5] netfilter: nf_tables: Check u32 load in u8 nft_bitwise attribute
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [ANNOUNCE] Netdev 1.2 updates
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH 1/9] netfilter: nf_ct_h323: do not re-activate already expired timer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/9] netfilter: nft_rbtree: ignore inactive matching element with no descendants
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/9] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/9] netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 7/9] netfilter: nfnetlink_queue: reject verdict request from different portid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/9] netfilter: nfnetlink_queue: fix memory leak when attach expectation successfully
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 8/9] netfilter: ctnetlink: reject new conntrack request with different l4proto
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/9] netfilter: nf_tables: s/MFT_REG32_01/NFT_REG32_01
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/9] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 9/9] netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nf_tables: add hash expression
  • From: Laura Garcia <nevola@xxxxxxxxx>
• [PATCH 4/4, V3, nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/4, V3, libnftnl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/4, V3, libnftnl] rule: Implement internal expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/4, V3, nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 5/5] netfilter: nf_tables: Check u32 load in u8 nft_nat attribute
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH, v2] Constify iterators
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/5] Check u32 load in u8 attributes
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH 2/4, V3, libnftnl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/9] netfilter: nfnetlink_queue: fix memory leak when attach expectation successfully
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 7/9] netfilter: nfnetlink_queue: reject verdict request from different portid
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/9] netfilter: nft_rbtree: ignore inactive matching element with no descendants
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/9] netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 8/9] netfilter: ctnetlink: reject new conntrack request with different l4proto
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/9] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 9/9] netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/9] netfilter: nf_tables: s/MFT_REG32_01/NFT_REG32_01
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/9] netfilter: nf_ct_h323: do not re-activate already expired timer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/9] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3] netfilter: nf_tables: add hash expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH nft] tests: tests to include files
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/3, libnftnl] tests: Fix tests for immediate and lookup expressions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: Add size check on u8 nft_exthdr attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: Add size check on u8 nft_exthdr attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: ctnetlink: reject new conntrack request with different l4proto
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nf_tables: add hash expression
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH] netfilter: nf_tables: Add size check on u8 nft_exthdr attributes
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2] netfilter: nf_tables: add hash expression
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• 4.7.0: RCU stall in nf_conntrack
  • From: Johannes Stezenbach <js@xxxxxxxxx>
• Drop pings to other VLAN interfaces
  • From: vDev <vijaypas@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_nth: match every n packets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: generate Jenkins Hash per source register
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_nth: match every n packets
  • From: Laura Garcia <nevola@xxxxxxxxx>
• [PATCH] netfilter: nf_tables: rename set implementations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] expr: hash: Jenkins hash expression support
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] netfilter: nft_hash: generate Jenkins Hash per source register
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH, v2] Constify iterators
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_nth: match every n packets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/3] scanner: don't fall back on current directory if include is not found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] scanner: don't break line on include error message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/3] scanner: honor absolute and relative paths via include file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] xtables-compat: fix comments listing
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] rule: Constify rule iterators
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• net-next is OPEN
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [PATCH] rule: Constify rule iterators
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 4/5, V2, nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 4/5, V2, nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/5, V2, libnftnl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/5, V2, libnftnl] rule: Add const modifier to rule field of expression iterator
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 5/5, V2, nft] Implement deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nfnetlink_queue: reject verdict request from different portid
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: ctnetlink: reject new conntrack request with different l4proto
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nfnetlink_queue: reject verdict request from different portid
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf] netfilter: nf_expect_proc: remove the redundant slash when policy name is empty
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nfnetlink_queue: fix memory leak when attach expectation successfully
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nf_expect_proc: remove the redundant slash when policy name is empty
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH 5/5, V2, nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 4/5, V2, nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/5, V2, libnftnl] rule: Implement internal expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/5, V2, libnftnl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/5, V2, libnftnl] rule: Add const modifier to rule field of expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 2/4, libnfntl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 1/4, libnftnl] rule: Implement internal expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH 2/4, libnfntl] Implement rule comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4, libnftnl] rule: Implement internal expression iterator
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/4, nft] Implement deleting rule by description
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 3/4, nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 2/4, libnfntl] Implement rule comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH 1/4, libnftnl] rule: Implement internal expression iterator
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH libmnl] callback: mark cb_ctl_array 'const' in mnl_cb_run2()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_ct_h323: do not re-activate already expired timer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>