Linux TCP/IP Netfilter Devel

• Thread Index

• Re: linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next v3 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v4 2/2] nf_set_hooks_head: accommodate different kconfig
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v4 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v4 0/2] fixes for recent nf_compact hooks
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH nf-next v3 1/2] netfilter: Fix potential null pointer dereference
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next v3 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH nf-next v3 1/2] netfilter: Fix potential null pointer dereference
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 2/2] nf_set_hooks_head: accommodate different kconfig
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 0/2] fixes for recent nf_compact hooks
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH v2] netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit division
  • From: Maciej Żenczykowski <maze@xxxxxxxxxx>
• Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [ANNOUNCE] Netdev 1.2 updates (27th September, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH v2] netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit division
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• [PATCH nf-next v2 2/2] nf_set_hooks_head: acommodate different kconfig
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v2 0/2] fixes for recent nf_compact hooks
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH] Fix link error in 32bit arch because of 64bit division
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH nf] netfilter: nft_limit: fix divded by zero panic
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH] Fix link error in 32bit arch because of 64bit division
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: linux-next: Tree for Sep 27
  • From: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>
• [PATCH] Fix link error in 32bit arch because of 64bit division
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Vishwanath Pai <pai.vishwain@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH v4 2/2] libxt_hashlimit: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• [PATCH v4 1/2] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• Re: [PATCH nf-next 2/2] nf_set_hooks_head: acommodate different kconfig
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH nf-next 2/2] nf_set_hooks_head: acommodate different kconfig
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: Fix potential null pointer dereference
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next 2/2] nf_set_hooks_head: acommodate different kconfig
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next 0/2] fixes for recent nf_compact hooks
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf-next] netfilter: xt_multiport: Use switch case instead of multiple condition checks
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [nft] Problems with flushing all elements from a set
  • From: "Anders K. Pedersen | Cohaesio" <akp@xxxxxxxxxxxx>
• Re: [PATCH 00/53] Netfilter updates for net-next
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [nf-next:master 43/54] net/netfilter/core.c:96: error: type defaults to 'int' in declaration of '__val'
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [PATCH 05/53] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/53] netfilter: nft_quota: introduce nft_overquota()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/53] netfilter: nf_ct_sip: allow tab character in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/53] netfilter: nf_ct_sip: correct allowed characters in Call-ID SIP header
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/53] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 11/53] netfilter: nft_queue: check the validation of queues_total and queuenum
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 12/53] netfilter: nf_conntrack: remove unused ctl_table_path member in nf_conntrack_l3proto
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/53] netfilter: nf_ct_sip: correct parsing of continuation lines in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 14/53] netfilter: nft_dynset: allow to invert match criteria
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 13/53] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 15/53] netfilter: nf_tables: ensure proper initialization of nft_pktinfo fields
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 17/53] netfilter: introduce nft_set_pktinfo_{ipv4, ipv6}_validate()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 16/53] netfilter: nf_tables_ipv6: setup pktinfo transport field on failure to parse
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 21/53] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 26/53] netfilter: nft_hash: fix hash overflow validation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 25/53] netfilter: nft_numgen: fix race between num generate and store it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 20/53] netfilter: nf_conntrack: simplify __nf_ct_try_assign_helper() return logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 23/53] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 28/53] netfilter: nf_tables: validate maximum value of u32 netlink attributes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 31/53] netfilter: nf_tables: improve nft payload fast eval
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 29/53] netfilter: nft_queue: add _SREG_QNUM attr to select the queue number
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 30/53] netfilter: nf_queue: improve queue range support for bridge family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 32/53] netfilter: nf_tables: check tprot_set first when we use xt.thoff
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 33/53] netfilter: Enhance the codes used to get random once
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 27/53] netfilter: nft_numgen: add number generation offset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 36/53] netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 34/53] netfilter: xt_helper: Use sizeof(variable) instead of literal number
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 35/53] netfilter: nft_lookup: remove superfluous element found check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 37/53] netfilter: bridge: add and use br_nf_hook_thresh
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 38/53] netfilter: call nf_hook_state_init with rcu_read_lock held
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 45/53] netfilter: nft_ct: unnecessary to require dir when use ct l3proto/protocol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 44/53] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 41/53] netfilter: Only allow sane values in nf_register_net_hook
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 42/53] netfilter: nf_queue: whitespace cleanup
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 43/53] netfilter: replace list_head with single linked list
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 46/53] netfilter: nft_ct: report error if mark and dir specified simultaneously
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 53/53] netfilter: nf_log: get rid of XT_LOG_* macros
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 48/53] netfilter: xt_hashlimit: Create revision 2 to support higher pps rates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 50/53] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 51/53] netfilter: nf_tables: add range expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 52/53] netfilter: nft_log: complete NFTA_LOG_FLAGS attr support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 40/53] netfilter: Remove explicit rcu_read_lock in nf_hook_slow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 47/53] netfilter: xt_hashlimit: Prepare for revision 2
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 49/53] netfilter: evict stale entries when user reads /proc/net/nf_conntrack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 39/53] netfilter: call nf_hook_ingress with rcu_read_lock
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 22/53] netfilter: Add the missed return value check of nft_register_chain_type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 24/53] netfilter: conntrack: remove packet hotpath stats
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 19/53] netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 18/53] netfilter: nf_tables_bridge: use nft_set_pktinfo_ipv{4, 6}_validate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/53] netfilter: nft_quota: fix overquota logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/53] netfilter: nft_numgen: rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/53] netfilter: ftp: Remove the useless code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/53] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/53] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nf-next:master 43/54] net/netfilter/core.c:96:30: error: 'struct net_device' has no member named 'nf_hooks_ingress'
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• Re: [PATCH nf-next 2/2] netfilter: nf_log: get rid of XT_LOG_* macros
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 1/2] netfilter: nft_log: complete NFTA_LOG_FLAGS attr support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: evict stale entries when user reads /proc/net/nf_conntrack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 2/2] netfilter: nft_ct: report error if mark and dir specified simultaneously
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 1/2] netfilter: nft_ct: unnecessary to require dir when use ct l3proto/protocol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf v5] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next v3 0/7] Compact netfilter hooks list
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/3] doc: add description about log flags
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft 3/3] tests: py: add some testcases for log flags
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft 1/3] src: add log flags syntax support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft 0/3] src: add nft log flags support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 3/3] expr: log: complete log flags support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 2/3] expr: log: do not print prefix if it is not set
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 0/3] expr: complete log flags support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next 2/2] netfilter: nf_log: get rid of XT_LOG_* macros
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next 1/2] netfilter: nft_log: complete NFTA_LOG_FLAGS attr support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next 0/2] netfilter: complete nft log flags support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: don't permit unprivileged writes to global state via sysctls
  • From: Jann Horn <jann@xxxxxxxxx>
• Re: [PATCH 1/1 linux-next] netfilter: conntrack: fix kmemleak false positive
  • From: Fabian Frederick <fabf@xxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: add range expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• [PATCH] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: KOVACS Krisztian <hidden@xxxxxxxxxxx>
• Re: [libnftnl PATCH] libnftnl: remove libmxml support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] src: display offset only if present in hash and numgen expressions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1 linux-next] netfilter: conntrack: fix kmemleak false positive
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: evict stale entries when user reads /proc/net/nf_conntrack
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH 1/1 linux-next] netfilter: conntrack: fix kmemleak false positive
  • From: Fabian Frederick <fabf@xxxxxxxxx>
• Re: [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• [PATCH v3 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• [PATCH v3 1/2] netfilter: Prepare xt_hashlimit.c for revision 2
  • From: Vishwanath Pai <vpai@xxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: xt_helper: Use sizeof(variable) instead of literal number
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: Enhance the codes used to get random once
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] tests: py: fix numgen case failed due to changes in libnftnl
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_tables: check tprot_set first when we use xt.thoff
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_queue: improve queue range support for bridge family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] tests: py: add more test cases for queue expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next V2] netfilter: nft_queue: add _SREG_QNUM attr to select the queue number
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [libnftnl PATCH] libnftnl: remove libmxml support
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [PATCH v3 libnftnl] expr: numgen: add number generation offset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] src: support ct l3proto/protocol without direction syntax
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH v3] netfilter: nft_numgen: add number generation offset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: nft_ct: unnecessary to require dir when use ct l3proto/protocol
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next 2/2] netfilter: nft_ct: report error if mark and dir specified simultaneously
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH conntrack-tools] Link nfct and helper modules with `-z lazy`
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_meta: support for nexthop and nexthop6
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf v5] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf v4] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf v3] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf v3] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf v3] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 1/1 linux-next] netfilter: conntrack: fix kmemleak false positive
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 1/1 linux-next] netfilter: conntrack: fix kmemleak false positive
  • From: Fabian Frederick <fabf@xxxxxxxxx>
• Re: [PATCH] netfilter: replace list_head with single linked list
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 2/7] netfilter: call nf_hook_state_init with rcu_read_lock held
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 6/7] nf_queue_handler: whitespace cleanup
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 4/7] nf_hook_slow: Remove explicit rcu_read_lock
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 1/7] netfilter: bridge: add and use br_nf_hook_thresh
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH] netfilter: replace list_head with single linked list
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 5/7] nf_register_net_hook: Only allow sane values
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 3/7] netfilter: call nf_hook_ingress with rcu_read_lock
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• [PATCH nf-next v3 0/7] Compact netfilter hooks list
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• libnftnl XML parsing seems broken with libmxml 2.10
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_meta: support for nexthop and nexthop6
  • From: "Anders K. Pedersen | Cohaesio" <akp@xxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nft_lookup: remove superfluous element found check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_meta: support for nexthop and nexthop6
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Why ctinfo is IP_CT_RELATED_REPLY when reject with TCP RST
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH] netfilter: xt_socket: fix transparent match for IPv6 request sockets
  • From: KOVACS Krisztian <hidden@xxxxxxxxxxx>
• Re: rate limit not working ?
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• Re: Seeking help for implementing CT HELPER in nftables
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• Re: rate limit not working ?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_helper: Use sizeof(variable) instead of literal number
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH] netfilter: fix namespace handling in nf_log_proc_dostring
  • From: Jann Horn <jann@xxxxxxxxx>
• [nft] Problems with flushing all elements from a set
  • From: "Anders K. Pedersen | Cohaesio" <akp@xxxxxxxxxxxx>
• [PATCH nf-next] netfilter: Enhance the codes used to get random once
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [netfilter-core] [lkp] [netfilter] 68263ddb47: WARNING: CPU: 0 PID: 1225 at net/netfilter/nf_conntrack_seqadj.c:232 nf_ct_seq_offset+0x7a/0x9a
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: check tprot_set first when we use xt.thoff
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [netfilter-core] [lkp] [netfilter] 68263ddb47: WARNING: CPU: 0 PID: 1225 at net/netfilter/nf_conntrack_seqadj.c:232 nf_ct_seq_offset+0x7a/0x9a
  • From: Florian Westphal <fw@xxxxxxxxx>
• rate limit not working ?
  • From: Christophe Leroy <christophe.leroy@xxxxxx>
• [lkp] [netfilter] 68263ddb47: WARNING: CPU: 0 PID: 1225 at net/netfilter/nf_conntrack_seqadj.c:232 nf_ct_seq_offset+0x7a/0x9a
  • From: kernel test robot <xiaolong.ye@xxxxxxxxx>
• [PATCH nft] tests: py: fix numgen case failed due to changes in libnftnl
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: improve nft payload fast eval
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nf_queue: improve queue range support for bridge family
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] tests: py: add more test cases for queue expr
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl V2] expr: queue: add NFTA_QUEUE_SREG_QNUM attr support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next V2] netfilter: nft_queue: add _SREG_QNUM attr to select the queue number
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nf_tables: Ensure u8 attributes are loaded from u32 within the bounds
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH nft] meta: support for nexthop and nexthop6
  • From: "Anders K. Pedersen | Cohaesio" <akp@xxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_meta: support for nexthop and nexthop6
  • From: "Anders K. Pedersen | Cohaesio" <akp@xxxxxxxxxxxx>
• Re: [PATCH 0/4] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• [ANNOUNCE] netdev 1.2 tokyo weekly update (13th September, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH v3 libnftnl] expr: numgen: add number generation offset
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v3] netfilter: nft_numgen: add number generation offset
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/4] netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/4] netfilter: nft_chain_route: re-route before skb is queued to userspace
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/4] netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/4] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/4] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: fix hash overflow validation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v8 nf] netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: nft_hash: fix hash overflow validation
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH v8 nf] netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• linux-next: manual merge of the netfilter-next tree with the net tree
  • From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: conntrack: remove packet hotpath stats
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 2/3] tests: queue: add missing NFTNL_EXPR_QUEUE_FLAGS compare test
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl 1/3] expr: queue: remove redundant NFTNL_EXPR_QUEUE_NUM set in json parse
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft V2] src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_numgen: fix race between num generate and store it
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 1/2 nf-next] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v4 2/2 nf-next] netfilter: Add the missed return value check of nft_register_chain_type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v4 2/2 nf-next] netfilter: Add the missed return value check of nft_register_chain_type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v7 nf] netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nft_numgen: fix race between num generate and store it
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft V2] src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [RFC] nftables: reverse path filtering for nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH nft] src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nft] src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH nft] tests: py: replace "eth0" with "lo" in dup expr tests
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: conntrack: remove packet hotpath stats
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH conntrack-tools] Link nfct and helper modules with `-z lazy`
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH libnftnl 3/3] expr: queue: add sreg_from and sreg_to support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 2/3] tests: queue: add missing NFTNL_EXPR_QUEUE_FLAGS compare test
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 1/3] expr: queue: remove redundant NFTNL_EXPR_QUEUE_NUM set in json parse
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH libnftnl 0/3] expr: queue: add sreg_from and sreg_to support
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nft_queue: add _SREG_FROM and _SRGE_TO to select the queue numbers
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft] src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [RFC] nftables: reverse path filtering for nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] tests: py: replace "eth0" with "lo" in dup expr tests
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: check the validation of queues_total and queuenum
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH v4 2/2 nf-next] netfilter: Add the missed return value check of nft_register_chain_type
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v3 2/2 nf-next] netfilter: Add the missed return value check of nft_register_chain_type
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3 1/2 nf-next] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v3 2/2 nf-next] netfilter: Add the missed return value check of nft_register_chain_type
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v7 nf] netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v2 nf-next] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_conntrack: remove unused ctl_table_path member in nf_conntrack_l3proto
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_queue: check the validation of queues_total and queuenum
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v6 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 3/3] payload: remove byteorder conversion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/3] tests: catch ordering issue w. ether set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 1/3] datatype: ll: use big endian byte ordering
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/3] payload: remove byteorder conversion
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/3] tests: catch ordering issue w. ether set
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/3] datatype: ll: use big endian byte ordering
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/3] fix ether address formatting
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_conntrack: simplify __nf_ct_try_assign_helper() return logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 4/5] netfilter: nf_tables_bridge: use nft_set_pktinfo_ipv{4,6}_validate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 5/5] netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/5] netfilter: nf_tables: ensure proper initialization of nft_pktinfo fields
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 3/5] netfilter: introduce nft_set_pktinfo_{ipv4,ipv6}_validate()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/5] netfilter: nf_tables_ipv6: setup pktinfo transport field on failure to parse
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 1/2] doc: update meta expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH conntrack-tools] conntrackd: cthelper: Add new mdns helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] doc: payload and conntrack statement
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/2] doc: update meta expression
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 2/2 nft] doc: nft: document log, reject, counter, meta, limit, nat and queue statements
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/2 nft] doc: nft: add my copyright statement to the manpage
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Network namespace and neighboring subsystem problem
  • From: Tugrul Erdogan <h.tugrul.erdogan@xxxxxxxxx>
• [PATCH v2 nf-next] netfilter: Add the missed return value check of register_netdevice_notifier
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: xt_TEE: Add the missed return value check in tee_tg_check
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_TEE: Add the missed return value check in tee_tg_check
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: numgen: add increment counter offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2] netfilter: nft_numgen: add increment counter offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v6 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v3 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2] netfilter: nft_dynset: allow to invert match criteria
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft] Using variable sized data types in concat expressions
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_chain_route: re-route before skb is queued to userspace
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2] netfilter: nft_numgen: rename until attribute by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 2/2 nf-next] netfilter: ftp: Remove the useless codes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 1/2 nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 net-next 2/2] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 net-next 1/2] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/2] netfilter: correct allowed characters in Call-ID SIP header
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 00/29] Netfilter updates for net-next
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Will Deacon <will.deacon@xxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf-next] netfilter: nft_queue: check the validation of queues_total and queuenum
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf-next] netfilter: nf_conntrack: remove unused ctl_table_path member in nf_conntrack_l3proto
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nft_chain_route: re-route before skb is queued to userspace
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Phil Sutter <phil@xxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 3/3] tests: py: any: Remove duplicate tests
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [NetDev] [ANNOUNCE] Netdev 1.2 weekly updates (6th September, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH v2] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] ERROR: "__invalid_xchg_size" [net/netfilter/nft_counter.ko] undefined!
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] net/netfilter/nft_counter.c:67:16: note: in expansion of macro 'xchg'
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [nf-next:nexpr-wip 38/41] net/netfilter/nft_counter.c:72:21: error: call to '__xchg_wrong_size' declared with attribute error: Bad argument size for xchg
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• Re: [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH v3 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/3] tests: py: any: Make tests more generic by using other interfaces
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• [PATCH 1/3] tests: py: nft-tests.py: Add function for loading and removing kernel modules
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• [PATCH 3/3] tests: py: any: Remove duplicate tests
  • From: Manuel Johannes Messner <manuel.johannes.messner@xxxxxxxxxxxxxxxx>
• Re: [PATCH 02/29] netfilter: physdev: add missed blank
  • From: Joe Perches <joe@xxxxxxxxxxx>
• Re: [PATCH 2/3] conntrackd: cthelper: ftp: Fix debug print
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/3] conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v3] xtables-translate-restore: do not escape quotes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 3/4] stmt_evaluate_reset: Have a generic fix for missing network context
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH v2 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/2 nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH 2/2 nf] netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [conntrack-tools PATCH 4/4 v2] doc/manual/conntrack-tools: include some bits about init systems
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 3/4] conntrackd.8: add reference to systemd
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 2/4] conntrackd.8: refresh file
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [conntrack-tools PATCH 1/4] src/main: refresh help message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 06/29] netfilter: nf_tables: rename set implementations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 02/29] netfilter: physdev: add missed blank
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 04/29] netfilter: use_nf_conn_expires helper in more places
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 10/29] netfilter: nf_conntrack: restore nf_conntrack_htable_size as exported symbol
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 08/29] netfilter: remove ip_conntrack* sysctl compat code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 11/29] netfilter: nf_tables: add quota expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 12/29] netfilter: nf_tables: add number generator expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 13/29] netfilter: fix spelling mistake: "delimitter" -> "delimiter"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 15/29] netfilter: nf_tables: typo in trace attribute definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 16/29] netfilter: nf_tables: introduce nft_chain_parse_hook()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 18/29] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 19/29] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 14/29] netfilter: nft_hash: fix non static symbol warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 21/29] netfilter: restart search if moved to other chain
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 17/29] netfilter: nf_tables: reject hook configuration updates on existing chains
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 23/29] netfilter: conntrack: get rid of conntrack timer
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 22/29] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 29/29] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 27/29] netfilter: remove __nf_ct_kill_acct helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 28/29] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 20/29] netfilter: nf_tables: Use nla_put_be32() to dump immediate parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 24/29] netfilter: evict stale entries on netlink dumps
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 25/29] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 26/29] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 09/29] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 07/29] netfilter: nf_tables: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 05/29] ipvs: use nf_ct_kill helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 01/29] netfilter: conntrack: Only need first 4 bytes to get l4proto ports
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 03/29] netfilter: nf_dup4: remove redundant checksum recalculation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 00/29] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] expr: hash: Add offset to hash value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] netfilter: nft_hash: Add hash offset value
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [conntrack-tools PATCH 4/4 v2] doc/manual/conntrack-tools: include some bits about init systems
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [PATCH conntrack-tools] conntrackd: cthelper: Add new mdns helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH v3 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nft_quota: introduce nft_overquota()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: nft_quota: fix overquota logic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 libnftnl] expr: numgen: Rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH v2] netfilter: nft_numgen: rename until attribute by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH libnftnl] trace: use get_u32 to parse NFPROTO and POLICY attribute
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] trace: use get_u32 to parse NFPROTO and POLICY attribute
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf] netfilter: nf_tables_trace: fix endiness when dump chain policy
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables] extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] include: resync nf_tables.h cache copy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nfqueue & bridge netfilter considered broken
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: nft_numgen: add counter offset value and rename until by modulus
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nfqueue & bridge netfilter considered broken
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] expr: numgen: add counter offset value and rename until by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• [PATCH] netfilter: nft_numgen: add counter offset value and rename until by modulus
  • From: Laura Garcia Liebana <nevola@xxxxxxxxx>
• Re: [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 2/2 nf-next] netfilter: seqadj: print the warning log when fail to add seqadj extension
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Boqun Feng <boqun.feng@xxxxxxxxx>
• [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: Gao Feng <fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• [PATCH 1/2 nf] netfilter: seqadj: Fix some possible panics of seqadj when mem is exhausted
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH 2/2 nf-next] netfilter: seqadj: print the warning log when fail to add seqadj extension
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
• Re: [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Will Deacon <will.deacon@xxxxxxx>
• [PATCH 8/7] net/netfilter/nf_conntrack_core: Remove another memory barrier
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 6/7] net/netfilter/nf_conntrack_core: Remove barriers after spin_unlock_wait
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH 5/7] net/netfilter/nf_conntrack_core: Fix memory barriers.
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• Re: [RFC 1/9] ipv6: implement dataplane support for rthdr type 4 (Segment Routing Header)
  • From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v2 2/2 nf-next] netfilter: ftp: Remove the useless codes
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v2 1/2 nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [RFC 3/3] conntrackd: cthelper: ssdp: Track UPnP eventing
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 2/3] conntrackd: cthelper: ftp: Fix debug print
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH 1/3] conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf-next] netfilter: ftp: Remove the useless dlen==0 condition check in find_pattern
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nft] evaluate: display expression, statement and command name on debug
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 5/5] net/netfilter/nf_conntrack_core: update memory barriers.
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH 5/5] net/netfilter/nf_conntrack_core: update memory barriers.
  • From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
• [PATCH iptables v3] xtables-translate-restore: do not escape quotes
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• Re: [PATCH 0/7] Netfilter fixes for net
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [conntrack-tools PATCH 4/4] doc/manual/conntrack-tools: include some bits about init systems
  • From: Rami Rosen <roszenrami@xxxxxxxxx>
• [nf-next:master 8/29] ERROR: "nf_conntrack_htable_size" [net/ipv4/netfilter/nf_conntrack_ipv4.ko] undefined!
  • From: kbuild test robot <fengguang.wu@xxxxxxxxx>
• [PATCH libnftnl] set: fix incorrect maximum set description attribute
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 4/4] evaluate: Avoid undefined behaviour in concat_subtype_id()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 0/4] A round of covscan indicated fixes
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 3/4] stmt_evaluate_reset: Have a generic fix for missing network context
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2 1/4] evaluate: Fix datalen checks in expr_evaluate_string()
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables v3 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/2] netfilter: allow tab character in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH 2/2] netfilter: correct allowed characters in Call-ID SIP header
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH 1/2] netfilter: correct parsing of continuation lines in SIP headers
  • From: Marco Angaroni <marcoangaroni@xxxxxxxxx>
• [PATCH libnftnl] expr: numgen: add missing nftnl_expr_ng_cmp()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [conntrack-tools PATCH 4/4] doc/manual/conntrack-tools: include some bits about init systems
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 3/4] conntrackd.8: add reference to systemd
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 2/4] conntrackd.8: refresh file
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [conntrack-tools PATCH 1/4] src/main: refresh help message
  • From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
• [PATCH 0/7] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 7/7] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 4/7] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/7] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 3/7] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 6/7] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 5/7] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/7] netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] meta: fix memory leak in tc classid parser
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: py: adapt netlink bytecode output of numgen and hash
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 1/3] expr: numgen: use switch to handle numgen types from snprintf
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 3/3] expr: hash: missing trailing space and modulus in hexadecimal in snprintf
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl 2/3] expr: numgen: add missing trailing whitespace
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 3/3] extensions: libip[6]t_REDIRECT: use new nft syntax when do xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 1/3] extensions: libipt_DNAT/SNAT: fix "OOM" when do translation to nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: netfilter: get rid of per-object conntrack timers
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [NetDev] [ANNOUNCE] Netdev 1.2 weekly updates (30th August, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• [PATCH nft 7/8] parser_bison: add variable_expr rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 8/8] parser_bison: allow variable references in set elements definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 6/8] evaluate: validate maximum hash and numgen value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 4/8] src: add hash expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 5/8] evaluate: add expr_evaluate_integer()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/8] src: add numgen expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/8] src: add quota statement
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/8] tests: py: adapt this to new add element command semantics
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: allow variable references in set elements definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v2 nf] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf-next] netfilter: log_arp: Use ARPHRD_ETHER instead of literal '1'
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH nf] netfilter: nf_tables_netdev: remove redundant ip_hdr assignment
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 3/3] extensions: libip[6]t_REDIRECT: use new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 2/3] extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH iptables 1/3] extensions: libipt_DNAT/SNAT: fix "OOM" when do translation to nft
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft] meta: fix memory leak in tc classid parser
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH iptables v3 1/2] xtables-compat: check if nft ruleset is compatible
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH RESEND nf] netfilter: avoid a race between nf_register_hook() and cleanup_net()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables v3 2/2] xtables-compat: add rule cache
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v3 1/2] xtables-compat: check if nft ruleset is compatible
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: Use nla_put_be32() to dump immediate parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Liping Zhang <zlpnobody@xxxxxxxxx>
• Re: [PATCH v3 nf-next 5/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v3 nf-next 6/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v3 net-next 2/2] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v3 net-next 1/2] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH libnftnl] expr: imm: Fix immediate verdict comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH nf-next,v2 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next,v2 2/2] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v3 nf-next 7/7] netfilter: remove __nf_ct_kill_acct helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 6/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 4/7] netfilter: evict stale entries on netlink dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 5/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 3/7] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 2/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nf-next 1/7] netfilter: restart search if moved to other chain
  • From: Florian Westphal <fw@xxxxxxxxx>
• netfilter: get rid of per-object conntrack timers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v4] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 3/3] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 2/3] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf 1/3] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 3/7] netfilter: evict stale entries on netlink dumps
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 2/7] netfilter: conntrack: get rid of conntrack timer
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• Re: [PATCH v2 nf-next 1/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [ANNOUNCE] Netdev 1.2 weekly updates (24th August, 2016)
  • From: Hajime Tazaki <thehajime@xxxxxxxxx>
• Re: [PATCH libnftnl] expr: data_reg: Fix DATA_CHAIN comparison
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/4] src: add create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/4] src: create element command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/4] tests: shell: cover add and create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 4/4] tests: shell: cover add and create set command
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] rhashtable: add rhashtable_lookup_get_insert_key()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 7/7] netfilter: restart search if moved to other chain
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH libnftnl] expr: data_reg: Fix DATA_CHAIN comparison
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• [PATCH nf-next 7/7] netfilter: restart search if moved to other chain
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 6/7] netfilter: remove __nf_ct_kill_acct helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 5/7] netfilter: conntrack: resched gc again if eviction rate is high
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 3/7] netfilter: evict stale entries on netlink dumps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 2/7] netfilter: conntrack: get rid of conntrack timer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nf-next 1/7] netfilter: don't rely on DYING bit to detect when destroy event was sent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next v2 0/7] netfilter: get rid of per-object conntrack timers
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v2 iptables] iptables-restore: add missing arguments to usage message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 1/2 nf-next] netfilter: nf_tables: introduce nft_chain_parse_hook()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 2/2 nf-next] netfilter: nf_tables: reject hook configuration updates on existing chains
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: explicit indication on export ruleset
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] dynset prefix support
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v2 iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-translate-restore: do not escape quotes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf] netfilter: ebtables: put module reference when an incorrect extension is found
  • From: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
• [PATCH nft] Simplify parser rule_spec tree
  • From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
• Re: Snooping expected connections in a user CT helper
  • From: Kevin Cernekee <cernekee@xxxxxxxxxxxx>
• [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Re: [PATCH v2 1/2 net-next] netfilter: gre: Use consistent GRE_* macros instead of ones defined by netfilter.
  • From: Feng Gao <gfree.wind@xxxxxxxxx>
• [PATCH v2 2/2 net-next] netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
  • From: fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• [PATCH iptables] iptables-restore: add missing arguments to usage message
  • From: Brian Haley <brian.haley@xxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] tests: shell: add testcase for reject expr
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft] parser_bison: keep snat/dnat existing syntax unchanged
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 2/4 V6 nft] Implement deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/4 V6 nft] Simplify parser rule_spec tree
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 1/2] ct: allow numeric conntrack labels
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nft 2/2] ct: display bit number instead of raw value
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: add testcase for reject expr
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nft] parser_bison: keep snat/dnat existing syntax unchanged
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: kbuild test robot <lkp@xxxxxxxxx>
• [PATCH iptables v2 2/2] xtables-compat: add rule cache
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v2 1/2] xtables-compat: check if nft ruleset is compatible
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH nf] netfilter: nft_meta: improve the validity check of pkttype set expr
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 3/3] netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 2/3] netfilter: cttimeout: put back l4proto when replacing timeout policy
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [PATCH nf 1/3] netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
  • From: Liping Zhang <zlpnobody@xxxxxxx>
• [ANNOUNCE] nfacct 1.0.2 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnetfilter_acct 1.0.3 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] conntrack-tools 1.4.4 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnetfilter_conntrack 1.0.6 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH iptables v2 2/2] xtables-translate-restore: do not escape quotes
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH iptables v2 1/2] xtables-translate: add escape_quotes option to comment_xlate
  • From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
• [PATCH nft 1/2] ct: allow numeric conntrack labels
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/2] ct: display bit number instead of raw value
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables 2/3] xtables-compat: check if nft ruleset is compatible
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables 1/3] xtables-compat: remove useless functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH -next] netfilter: nft_hash: fix non static symbol warning
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] netfilter: fix spelling mistake: "delimitter" -> "delimiter"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] netfilter: nf_tables: typo in trace attribute definition
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v5] netfilter: nft_numgen: add number generator expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct instead of the structures defined in netfilter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nft_dynset: allow to invert match criteria
  • From: kbuild test robot <lkp@xxxxxxxxx>
• Re: [PATCH v3] netfilter: nf_tables: Ensure init attributes are within the bounds
  • From: Laura Garcia <nevola@xxxxxxxxx>