Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

Re: [kbuild-all] [PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
- From: Fengguang Wu <lkp@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libmnl] callback: mark cb_ctl_array 'const' in mnl_cb_run2()
- From: Guillaume Nault <g.nault@xxxxxxxxxxxx>
[PATCH v2] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: Christophe Leroy <christophe.leroy@xxxxxx>
Re: [PATCH nf-next] ipvs: use nf_ct_kill helper
- From: Julian Anastasov <ja@xxxxxx>
Re: [PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH nf-next] netfilter: use_nf_conn_expires helper in more places
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] ipvs: use nf_ct_kill helper
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH -stable 4.1.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 1116/1285] Replace numeric parameter like 0444 with macro
- From: Jarod Wilson <jarod@xxxxxxxxxx>
Re: [PATCH 1115/1285] Replace numeric parameter like 0444 with macro
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH -stable 4.1.y] netfilter: x_tables: speed up jump target validation
- From: "Levin, Alexander" <alexander.levin@xxxxxxxxxxx>
Re: [PATCH 1116/1285] Replace numeric parameter like 0444 with macro
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH 1115/1285] Replace numeric parameter like 0444 with macro
- From: Pavel Machek <pavel@xxxxxx>
[PATCH iptables] xtables-compat: fix comments listing
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH 1115/1285] Replace numeric parameter like 0444 with macro
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH 1100/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1120/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1129/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1118/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1123/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1119/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1121/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1128/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1122/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1125/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1117/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1116/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1127/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1124/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1130/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1126/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1115/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[PATCH 1099/1285] Replace numeric parameter like 0444 with macro
- From: Baole Ni <baolex.ni@xxxxxxxxx>
[stable, xtables] fix validation of jumps
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -stable 3.12.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -stable 4.4.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -stable 3.14.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -stable 3.18.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -stable 4.1.y] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 0/7] add payload set support for sub-byte sizes
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_rbtree: ignore inactive matching element with no descendants
- From: "Anders K. Pedersen" <akp@xxxxxx>
Re: [nft PATCH 3/7] evaluate: add support to set IPv6 non-byte header fields
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] parser: compact list of rhs keyword expressions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC nft] meta: deprecate unqualified meta statements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH RESEND nf] netfilter: avoid a race between nf_register_hook() and cleanup_net()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] manpages: do not adjust reject-with type footnote indentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] iptables-translate: add in/out ifname wildcard match translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl] src: don't set data_len to zero when returning pointers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nft_rbtree: ignore inactive matching element with no descendants
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 0/7] add payload set support for sub-byte sizes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 4/7] netlink: decode payload statment
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 3/7] evaluate: add support to set IPv6 non-byte header fields
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 3/3] netfilter: nat: don't assign a null snat rule to bridged traffic if no matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/3] netfilter: nat: snat created in route process just apply to routed traffic
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 1/3] netfilter: nat: update hash bucket if nat changed after ct confirmed
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 3/3] netfilter: nat: don't assign a null snat rule to bridged traffic if no matching
- From: fxp2001640163@xxxxxxxxx
[PATCH 2/3] netfilter: nat: snat created in route process just apply to routed traffic
- From: fxp2001640163@xxxxxxxxx
[PATCH 1/3] netfilter: nat: update hash bucket if nat changed after ct confirmed
- From: fxp2001640163@xxxxxxxxx
Re: [PATCH RESEND nf] netfilter: avoid a race between nf_register_hook() and cleanup_net()
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf-next] netfilter: nf_dup4: remove redundant checksum recalculation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_dup4: remove redundant checksum recalculation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_dup4: remove redundant checksum recalculation
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next V2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH iptables] iptables-translate: add in/out ifname wildcard match translation to nft
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH RESEND nf] netfilter: avoid a race between nf_register_hook() and cleanup_net()
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: NFQUEUE panic bug
- From: Florian Westphal <fw@xxxxxxxxx>
NFQUEUE panic bug
- From: Daniel Collins <daniel.collins@xxxxxxxxxxxxxx>
[PATCH v4] doc: Complete documentation of statements
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PATCH v2] netfilter: nft_nth: match every n packets
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2] netfilter: nft_nth: match every n packets
- From: Laura Garcia <nevola@xxxxxxxxx>
Re: [PATCH v2] netfilter: nft_nth: match every n packets
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnftnl v2] expr: nth: match every n packets
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH v2] netfilter: nft_nth: match every n packets
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
[PATCH nft] parser: compact list of rhs keyword expressions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH iptables v2 2/2] xtables-translate: fix issue with quotes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 1/2] include: xtables: fix struct definitions grepability
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] parser_bison: keep map flag around when flags are specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC nft] meta: deprecate unqualified meta statements
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[RFC nft] meta: deprecate unqualified meta statements
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 2/7] payload: print base and raw values for unknown payloads
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 7/7] tests: ip payload set support for ecn and dscp
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 0/7] add payload set support for sub-byte sizes
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 6/7] netlink: make checksum fixup work with odd-sized header fields
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 4/7] netlink: decode payload statment
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 1/7] netlink: add __binop_adjust helper
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 5/7] tests: ip6 dscp, flowlabel and ecn test cases
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH 3/7] evaluate: add support to set IPv6 non-byte header fields
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nft_rbtree_lookup: BUG: unable to handle kernel NULL pointer dereference
- From: "Anders K. Pedersen" <akp@xxxxxx>
[PATCH iptables v2 2/2] xtables-translate: fix issue with quotes
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH iptables 1/2] include: xtables: fix struct definitions grepability
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH iptables 2/2] xtables-translate: fix issue with quotes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 2/2] xtables-translate: fix issue with quotes
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH] netfilter: nft_nth: match every n packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft_rbtree_lookup: BUG: unable to handle kernel NULL pointer dereference
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnftnl] expr: nth: match every n packets
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PATCH] netfilter: nft_nth: match every n packets
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
Re: [PATCH] manpages: do not adjust reject-with type footnote indentation
- From: Sami Kerola <kerolasa@xxxxxx>
[PATCH] manpages: do not adjust reject-with type footnote indentation
- From: Sami Kerola <kerolasa@xxxxxx>
nft_rbtree_lookup: BUG: unable to handle kernel NULL pointer dereference
- From: "Anders K. Pedersen" <akp@xxxxxx>
[NetDev] [ANNOUNCE] Netdev 1.2 updates (Tokyo, Japan, October 5-7)
- From: Hajime Tazaki <thehajime@xxxxxxxxx>
Re: [PATCH iptables 2/2] xtables-translate: fix issue with quotes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: physdev: add missed blank
- From: Hangbin Liu <liuhangbin@xxxxxxxxx>
Re: [PATCH 00/25] Netfilter/IPVS updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: s/MFT_REG32_01/NFT_REG32_01
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC] l2tp for nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[RFC] l2tp for nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ISSUE] nftables: !=range doesn't really work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] xt: use struct xt_xlate_{mt,tg}_params
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables] src: introduce struct xt_xlate_{mt,tg}_params
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ISSUE] nftables: !=range doesn't really work
- From: Xin Long <lucien.xin@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_ct_h323: do not re-activate already expired timer
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH 1/1] netfilter: Only need first 4 bytes to get l4proto ports
- From: fgao@xxxxxxxxxxxxxxxxx
Re: [PATCH iptables 1/2] xtables-translate: add new field to identify the caller
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] extensions: libxt_connlabel: add unit test
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/25] netfilter: conntrack: protect early_drop by rcu read lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/25] netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/25] netfilter: x_tables: speed up jump target validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/25] netfilter: conntrack: simplify early_drop
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/25] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/25] netfilter: move nat hlist_head to nf_conn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/25] netfilter: nft_log: fix snaplen does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/25] netfilter: nf_tables: allow to filter out rules by table and chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/25] netfilter: nft_ct: make byte/packet expr more friendly
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/25] netfilter: conntrack: support a fixed size of 128 distinct labels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/25] netfilter: constify arg to is_dying/confirmed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/25] netfilter: connlabels: move set helper to xt_connlabel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/25] netfilter: h323: Use mod_timer instead of set_expect_timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/25] netfilter: nft_log: fix possible memory leak if log expr init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/25] netfilter: nft_compat: fix crash when related match/target module is removed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/25] netfilter: nft_compat: put back match/target module if init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/25] netfilter: nft_log: check the validity of log level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/25] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/25] netfilter: nf_tables: get rid of possible_net_t from set and basechain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/25] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/25] netfilter: nat: convert nat bysrc hash to rhashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/25] netfilter: nf_ct_helper: unlink helper again when hash resize happen
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/25] netfilter: cttimeout: unlink timeout obj again when hash resize happen
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/25] ipvs: count pre-established TCP states as active
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/25] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/25] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/25] netfilter: nft_compat: fix crash when related match/target module is removed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/25] netfilter: nft_compat: put back match/target module if init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/25] netfilter: connlabels: move set helper to xt_connlabel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/25] netfilter: h323: Use mod_timer instead of set_expect_timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/25] netfilter: nf_tables: allow to filter out rules by table and chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/25] netfilter: conntrack: support a fixed size of 128 distinct labels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/25] netfilter: nft_log: check the validity of log level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/25] netfilter: nft_log: fix snaplen does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/25] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/25] netfilter: nft_log: fix possible memory leak if log expr init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/25] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/25] netfilter: x_tables: speed up jump target validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/25] netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/25] netfilter: conntrack: protect early_drop by rcu read lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/25] netfilter: nf_tables: get rid of possible_net_t from set and basechain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/25] netfilter: constify arg to is_dying/confirmed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/25] netfilter: nft_ct: make byte/packet expr more friendly
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/25] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/25] netfilter: nat: convert nat bysrc hash to rhashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/25] netfilter: move nat hlist_head to nf_conn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/25] netfilter: conntrack: simplify early_drop
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/25] netfilter: nf_ct_helper: unlink helper again when hash resize happen
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/25] netfilter: cttimeout: unlink timeout obj again when hash resize happen
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/25] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/25] ipvs: count pre-established TCP states as active
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/25] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nft_compat: fix crash when related match/target module is removed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: nft_compat: put back match/target module if init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: tcp/udp: Only get 4 bytes to get tcp/udp ports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: h323: Use mod_timer instead of set_expect_timeout
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] netfilter: connlabels: move set helper to xt_connlabel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/2] netfilter: conntrack: support a fixed size of 128 distinct labels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 2/2] xtables-translate: fix issue with quotes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: nft_compat: fix crash when related match/target module is removed
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 1/2] netfilter: nft_compat: put back match/target module if init fail
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH iptables] extensions: libxt_connlabel: add unit test
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH 1/1] netfilter: tcp/udp: Only get 4 bytes to get tcp/udp ports
- From: fgao@xxxxxxxxxxxxxxxxx
[PATCH iptables 2/2] xtables-translate: fix issue with quotes
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH iptables 1/2] xtables-translate: add new field to identify the caller
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH 2/2] netfilter: connlabels: move set helper to xt_connlabel
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 1/1] netfilter: udp: Remove a bit misleading comment in udp_pkt_to_tuple
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] netfilter: connlabels: move set helper to xt_connlabel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] examples: selective rule dumping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] examples: selective rule dumping
- From: jalvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH 1/1] netfilter: h323: Use mod_timer instead of set_expect_timeout
- From: fgao@xxxxxxxxxxxxxxxxx
[PATCH libnftnl] expr: lookup: print flags only if they are available
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Use IS_ERR_OR_NULL instead of IS_ERR and NULl check to simplify the codes in ip_vs_genl_dump_dests and resolve_normal_ct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 iptables] connlabel: clarify default config path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH lnf_conntrack] conntrack: labels: add function to fetch default config file location
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Use IS_ERR_OR_NULL instead of IS_ERR and NULl check to simplify the codes in ip_vs_genl_dump_dests and resolve_normal_ct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Use IS_ERR_OR_NULL instead of IS_ERR and NULl check to simplify the codes in ip_vs_genl_dump_dests and resolve_normal_ct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] Fix test building on musl libc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] examples: selective rule dumping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] examples: selective rule dumping
- From: Josue Alvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH 1/1] netfilter: Use IS_ERR_OR_NULL instead of IS_ERR and NULl check to simplify the codes in ip_vs_genl_dump_dests and resolve_normal_ct
- From: fgao@xxxxxxxxxxxxxxxxx
Re: [PATCH libnftnl] examples: selective rule dumping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/2] netfilter: connlabels: move set helper to xt_connlabel
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/2] netfilter: conntrack: support a fixed size of 128 distinct labels
- From: Florian Westphal <fw@xxxxxxxxx>
netfilter: connlabels: get rid of variable-size support
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/1] netfilter: udp: Remove a bit misleading comment in udp_pkt_to_tuple
- From: fgao@xxxxxxxxxxxxxxxxx
Re: [PATCH 1/1] netfilter: udp: Only get 8 bytes header in udp_pkt_to_tuple to keep consistent with tcp_pkt_to_tuple and comments
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 1/1] netfilter: udp: Only get 8 bytes header in udp_pkt_to_tuple to keep consistent with tcp_pkt_to_tuple and comments
- From: fgao@xxxxxxxxxxxxxxxxx
Re: [PATCH libnftnl] examples: selective rule dumping
- From: jalvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH] Fix test building on musl libc
- From: Kylie McClain <somasissounds@xxxxxxxxx>
[PATCH limnl] Fix test building on musl libc
- From: Kylie McClain <somasissounds@xxxxxxxxx>
[PATCH] Fix test building on musl libc
- From: Kylie McClain <somasissounds@xxxxxxxxx>
Re: [PATCH nft] ct: use nftables sysconf location for connlabel configuration
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH v2 iptables] connlabel: clarify default config path
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH lnf_conntrack] conntrack: labels: add function to fetch default config file location
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnftnl] examples: selective rule dumping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] extensions: libxt_NFLOG: add unit test to cover nflog-size with zero
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,v2] netfilter: nf_tables: allow to filter out rules by table and chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] connlabel: clarify default config path
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH iptables] connlabel: clarify default config path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] ct: use nftables sysconf location for connlabel configuration
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain
- From: jalvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH libnftnl] examples: selective rule dumping
- From: jalvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH iptables] extensions: libxt_NFLOG: add unit test to cover nflog-size with zero
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nft] ct: use nftables sysconf location for connlabel configuration
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain
- From: jalvarez <jalvarez@xxxxxxxxxxxxxxxxxxxx>
[PATCH iptables] connlabel: clarify default config path
- From: Florian Westphal <fw@xxxxxxxxx>
答复: 答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: 高峰 <fgao@xxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
Re: 答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: 答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: 高峰 <fgao@xxxxxxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: "Liping Zhang" <zlpnobody@xxxxxxx>
Re: [PATCH iptables 1/2] extensions: libxt_NFLOG: display nflog-size even if it is zero
- From: "Liping Zhang" <zlpnobody@xxxxxxx>
Re: nft synproxy integration
- From: Alexander Meinhardt <alexander.meinhardt@xxxxxxxxx>
Re: [PATCH iptables 2/2] extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 1/2] extensions: libxt_NFLOG: display nflog-size even if it is zero
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/3] netfilter: nft_log: check the validity of log level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nft_log: fix possible memory leak if log expr init fail
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 nf] netfilter: x_tables: speed up jump target validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH stable-4.1 v2] netfilter: x_tables: fix stable backport
- From: Michal Kubecek <mkubecek@xxxxxxx>
[PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH stable-4.1] netfilter: x_tables: fix stable backport
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCH nft 1/3] meta: add random expression key
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
[ANNOUNCE] Suspending Patrick McHardy as coreteam member
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/3] meta: add random expression key
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables 2/2] extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH iptables 1/2] extensions: libxt_NFLOG: display nflog-size even if it is zero
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 0/3] netfilter: fix some small bugs related to nft_log
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 2/3] netfilter: nft_log: check the validity of log level
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 1/3] netfilter: nft_log: fix possible memory leak if log expr init fail
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH 1/1] netfilter: Add helper array register/unregister functions
- From: fgao@xxxxxxxxxxxxxxxxx
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] extensions: libxt_connlabel: fix crash when connlabel.conf is empty
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH iptables] extensions: libxt_connlabel: fix crash when connlabel.conf is empty
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: [PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH V2 iptables] extensions: libxt_connlabel: Add translation to nft
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: [PATCH iptables] extensions: libxt_connlabel: Add translation to nft
- From: "Liping Zhang" <zlpnobody@xxxxxxx>
Re: [PATCH nf] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH iptables] extensions: libxt_connlabel: Add translation to nft
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH iptables] extensions: libxt_connlabel: Add translation to nft
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: [PATCH v3 nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2 3/3] netfilter: replace list_head with single linked list
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v3 nf] netfilter: x_tables: speed up jump target validation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Aaron Conole <aconole@xxxxxxxxxx>
Re: [PATCH v2 3/3] netfilter: replace list_head with single linked list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 2/3] netfilter: call nf_hook_state_init with rcu_read_lock held
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v2 2/3] netfilter: call nf_hook_state_init with rcu_read_lock held
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3 nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2 nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/2 nft] tests: shell: make sure split table definition works via nft -f
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2 nft] parser_bison: fix typo in symbol redefinition error reporting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v5 3/3] src: add xt compat support
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH nft v5 3/3] src: add xt compat support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v5 1/3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v5 2/3] src: expose delinearize/linearize structures and stmt_error()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2 nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
- From: "Liping Zhang" <zlpnobody@xxxxxxx>
Re: nftables: Dynamically updating sets gives syntax error
- From: "Anders K. Pedersen" <akp@xxxxxx>
Re: [PATCH nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: x_tables: speed up jump target validation
- From: Jeff Wu <wujiafu@xxxxxxxxx>
Re: [PATCH nf] netfilter: x_tables: speed up jump target validation
- From: Jeff Wu <wujiafu@xxxxxxxxx>
[PATCH nft v5 1/3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH nft v5 2/3] src: expose delinearize/linearize structures and stmt_error()
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH nft v5 3/3] src: add xt compat support
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
Re: [PATCH 0/6] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH nf] netfilter: x_tables: speed up jump target validation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 4/6] ipvs: fix bind to link-local mcast IPv6 address in backup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/6] netfilter: nft_meta: set skb->nf_trace appropriately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/6] netfilter: nft_ct: fix expiration getter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/6] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/6] netfilter: conntrack: skip clash resolution if nat is in place
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/6] netfilter: conntrack: avoid integer overflow when resizing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/6] netfilter: nf_tables: fix memory leak if expr init fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v2 2/3] netfilter: call nf_hook_state_init with rcu_read_lock held
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH v2 3/3] netfilter: replace list_head with single linked list
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH nf-next v2 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH nf-next v2 0/3] Compact netfilter hooks list
- From: Aaron Conole <aconole@xxxxxxxxxx>
Re: nftables: Dynamically updating sets gives syntax error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] netlink_linearize: skip NFTNL_EXPR_DYNSET_TIMEOUT attribute if timeout is unset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] parser_bison: restore parsing of dynamic set element updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: protect early_drop by rcu read lock
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: conntrack: protect early_drop by rcu read lock
- From: Florian Westphal <fw@xxxxxxxxx>
iptables bypass via raw ethernet frames and other networking protocols
- From: ivan.vettese@xxxxxxxxxxxxxxx
[PATCH nf-next 1/2] netfilter: conntrack: protect early_drop by rcu read lock
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf-next 2/2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653
- From: Marc Dionne <marc.c.dionne@xxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: replace list_head with single linked list
- From: Aaron Conole <aconole@xxxxxxxxxx>
Re: [PATCH v3, libnftnl] Fix nftnl_*_get to set data_len
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3, libnftnl] Fix nftnl_*_get to set data_len
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH v2, libnftnl] Fix nftnl_*_get to set data_len
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2, libnftnl] Fix nftnl_*_get to set data_len
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH 2/2] netfilter: add missing macro
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] fix off-by-one in DecodeQ931
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: replace list_head with single linked list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next] netfilter: conntrack: simplify early_drop
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/2] netfilter: move nat hlist_head to nf_conn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nft_ct: make byte/packet expr more friendly
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V2,nf 0/3] netfilter: conntrack: fix race condition associated with hash resize
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/6] netfilter: nat: convert nat bysrc hash to rhashtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [GIT PULL nf] Second Round of IPVS Fixes for v4.7
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [GIT PULL nf-next] IPVS Updates for v4.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653
- From: Marc Dionne <marc.c.dionne@xxxxxxxxx>
[PATCH] fix off-by-one in DecodeQ931
- From: Toby DiPasquale <toby@xxxxxxxx>
Re: [PATCH iptables] xtables-translate: fix multiple spaces issue
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v4 2/3] src: expose delinearize/linearize structures and stmt_error()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft v4 3/3] src: add xt compat support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables] xtables-translate: fix multiple spaces issue
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH nft v4 3/3] src: add xt compat support
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH nft v4 2/3] src: expose delinearize/linearize structures and stmt_error()
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[PATCH nft v4 1/3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: replace list_head with single linked list
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v2 1/2] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
Re: [PATCH 2/2] netfilter: add missing macro
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH v2 1/2] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
RE: [PATCH v2 1/2] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
- From: David Laight <David.Laight@xxxxxxxxxx>
[PATCH 2/2] netfilter: add missing macro
- From: Eric Engestrom <eric.engestrom@xxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_ct: fix expiration getter
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: get rid of possible_net_t from set and basechain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nft_ct: fix expiration getter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: get rid of possible_net_t from set and basechain
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf] netfilter: nft_ct: fix expiration getter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: get rid of possible_net_t from set and basechain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: constify arg to is_dying/confirmed
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC 5/7] net: Add allocation flag to rtnl_unicast()
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Re: [RFC 5/7] net: Add allocation flag to rtnl_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
Re: [RFC 5/7] net: Add allocation flag to rtnl_unicast()
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
[PATCH v2 2/2] libxt_hashlimit: Create revision 2 of xt_hashlimit to support higher pps rates
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH v2 1/2] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH v2 2/2] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH v2 1/2] netfilter: Prepare xt_hashlimit.c for revision 2
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH nf-next] ipvs: count pre-established TCP states as active
- From: Simon Horman <horms@xxxxxxxxxxxx>
[GIT PULL nf-next] IPVS Updates for v4.8
- From: Simon Horman <horms@xxxxxxxxxxxx>
[GIT PULL nf] Second Round of IPVS Fixes for v4.7
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf] ipvs: fix bind to link-local mcast IPv6 address in backup
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
Re: [PATCH 01/26] bridge: netfilter: checkpatch data type fixes
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
Re: [PATCH 03/26] netfilter: x_tables: fix possible ZERO_SIZE_PTR pointer dereferencing error.
- From: Sergei Shtylyov <sergei.shtylyov@xxxxxxxxxxxxxxxxxx>
Re: [PATCH 00/26] Netfilter updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
RE: [PATCH 06/26] netfilter: conntrack: align nf_conn on cacheline boundary
- From: David Laight <David.Laight@xxxxxxxxxx>
Re: [PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/2 libnfntl] Fix nftnl_*_set_str
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 06/26] netfilter: conntrack: align nf_conn on cacheline boundary
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 06/26] netfilter: conntrack: align nf_conn on cacheline boundary
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/26] netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/26] netfilter: nf_log: Remove NULL check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/26] netfilter: make comparision helpers stub functions in ZONES=n case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/26] netfilter: move zone info into struct nf_conn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/26] netfilter: Allow xt_owner in any user namespace
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/26] netfilter: nf_tables: add generation mask to tables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/26] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/26] netfilter: nf_tables: add generic macros to check for generation mask
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/26] netfilter: nf_tables: add generation mask to sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/26] netfilter: nf_tables: add generation mask to chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/26] netfilter: nft_rbtree: check for next generation when deactivating elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/26] netfilter: x_tables: simplify ip{6}table_mangle_hook()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/26] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/26] etherdevice.h & bridge: netfilter: Add and use ether_addr_equal_masked
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/26] netfilter: Remove references to obsolete CONFIG_IP_ROUTE_FWMARK
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/26] netfilter: nf_tables: get rid of NFT_BASECHAIN_DISABLED
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 26/26] netfilter: nf_log: fix error on write NONE to logger choice sysctl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/26] netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/26] netfilter: conntrack: allow increasing bucket size via sysctl too
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/26] netfilter: nft_hash: support deletion of inactive elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/26] netfilter: xt_NFLOG: nflog-range does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/26] netfilter: xt_TRACE: add explicitly nf_logger_find_get call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/26] netfilter: x_tables: fix possible ZERO_SIZE_PTR pointer dereferencing error.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/26] netfilter: helper: avoid extra expectation iterations on unregister
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/26] bridge: netfilter: checkpatch data type fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/26] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: nft_ct: fix expiration getter
- From: Florian Westphal <fw@xxxxxxxxx>
[ANNOUNCE] Netdev 1.2 Registration open
- From: Hajime Tazaki <thehajime@xxxxxxxxx>
Re: [PATCH] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] netfilter: nf_log: fix error on write NONE to logger choice sysctl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: DoS attack mitigation in netfilter
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
DoS attack mitigation in netfilter
- From: Vikas <vikas.c.kumar@xxxxxxxxxx>
Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()
- From: David Miller <davem@xxxxxxxxxxxxx>
[RFC 3/7] netlink: Add allocation flag to nlmsg_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 4/7] infiniband: Add allocation flag to ibnl_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 7/7] genetlink: Add allocation flag to genlmsg_reply()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 6/7] genetlink: Add allocation flag to genlmsg_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 5/7] net: Add allocation flag to rtnl_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 2/7] netfilter: Add allocation flag to nfnetlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 1/7] netlink: Add allocation flag to netlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
[RFC 0/7] netlink: Add allocation flag to netlink_unicast()
- From: Masashi Honma <masashi.honma@xxxxxxxxx>
Re: [PATCH 2/3] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
Re: [PATCH] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH 1/2 libnfntl] Fix nftnl_*_set_str
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nft_ct: make byte/packet expr more friendly
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: nft_ct: make byte/packet expr more friendly
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: [nft PATCH 3/3 v3] src: add xt compat support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: physdev: physdev-is-out should not work with OUTPUT chain
- From: Hangbin Liu <liuhangbin@xxxxxxxxx>
Re: [PATCH libnftnl] Fix string length calculations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/6] netfilter: nat: convert nat bysrc hash to rhashtable
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 1/2] netfilter: move nat hlist_head to nf_conn
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 0/2] netfilter: nat: simplify & convert bysrc hash to rhashtable
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] fix off-by-one in DecodeQ931
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/3] netlink_delinearize, meta: show meta prandom <= value as probability mnemonic
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 2/3] meta: add short-hand mnemonic for probalistic matching
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/3] meta: add random expression key
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 1/3] meta: add random and probability match
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
Re: [PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: Christophe Leroy <christophe.leroy@xxxxxx>
Re: [PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
Re: libxtables backward compatibility
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: libxtables backward compatibility
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: libxtables backward compatibility
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: libxtables backward compatibility
- From: Jan Engelhardt <jengelh@xxxxxxx>
libxtables backward compatibility
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
[PATCH] fix off-by-one in DecodeQ931
- From: Toby DiPasquale <toby@xxxxxxxx>
[PATCH -next] netfilter: conntrack: simplify early_drop
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnftnl] Fix string length calculations
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH v5] xtables: Add an interval option for xtables lock wait
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: Replace gethostbyname() with getaddrinfo()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1 rev. 1] nft: configure.ac: Replace magic dblatex dep.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: check result of malloc when creating queue
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnetfilter_queue] src: check result of malloc when creating queue
- From: lists@xxxxxxxxxxxx
[PATCH V2,nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH V2,nf 3/3] netfilter: nf_ct_helper: unlink helper again when hash resize happen
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH V2,nf 2/3] netfilter: cttimeout: unlink timeout obj again when hash resize happen
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH V2,nf 0/3] netfilter: conntrack: fix race condition associated with hash resize
- From: Liping Zhang <zlpnobody@xxxxxxx>
Re: [PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: "Liping Zhang" <zlpnobody@xxxxxxx>
Re: [PATCH 1/1] nft: configure.ac: Replace magic dblatex dep.
- From: Nick Vinson <nvinson234@xxxxxxxxx>
Re: [PATCH 1/1 rev. 1] nft: configure.ac: Replace magic dblatex dep.
- From: Nick Vinson <nvinson234@xxxxxxxxx>
[PATCH 1/1 rev. 1] nft: configure.ac: Replace magic dblatex dep.
- From: Nicholas Vinson <nvinson234@xxxxxxxxx>
Re: [PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nftables: Dynamically updating sets gives syntax error
- From: "Anders K. Pedersen" <akp@xxxxxx>
[PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf 3/3] netfilter: nf_ct_helper: unlink helper again when hash resize happen
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf 0/3] netfilter: conntrack: fix race condition associated with hash resize
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH nf 2/3] netfilter: cttimeout: unlink timeout obj again when hash resize happen
- From: Liping Zhang <zlpnobody@xxxxxxx>
[ANNOUNCE] libmnl 1.0.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] Fix string length calculations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH v5] xtables: Add an interval option for xtables lock wait
- From: subashab@xxxxxxxxxxxxxx
Re: [PATCH libnftnl] set: Fix nftnl_set_set_str
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH libnftnl] Fix string length calculations
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH libnfntl v2] set: Fix nftnl_set_set_str
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH libmnl] Move declaration of visibility attributes before definition.
- From: Peter Foley <pefoley2@xxxxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] extensions: added AR substitution
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3] netfilter/nflog: nflog-range does not truncate packets (userspace)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/2 libnftnl] set: Add new attribute into 'set' to store user data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2 libnftnl] tests: Check set user data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] set: Fix nftnl_set_set_str
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] extensions: libipt_realm: fix order of mask and id when do nft translation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] nft: configure.ac: Replace magic dblatex dep.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2] netfilter: nf_log: fix error on write NONE to logger choice sysctl
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
Re: [PATCH libmnl] Move declaration of visibility attributes before definition.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libmnl] src: cleanup function definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_log: fix error on write NONE to logger choice sysctl
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
Re: [PATCH v5] xtables: Add an interval option for xtables lock wait
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: Christophe Leroy <christophe.leroy@xxxxxx>
[PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
- From: chleroy <chleroy@ce692ce0-f8e3-4c9c-b4d7-dcccc219094e.localdomain>
[PATCH nf-next 3/3] netfilter: replace list_head with single linked list
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH nf-next 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH nf-next 2/3] netfilter: call nf_hook_state_init with rcu_read_lock held
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH nf-next 0/3] Compact netfilter hooks list
- From: Aaron Conole <aconole@xxxxxxxxxx>
Re: [PATCH] netfilter: Remove references to obsolete CONFIG_IP_ROUTE_FWMARK
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: Remove references to obsolete CONFIG_IP_ROUTE_FWMARK
- From: Moritz Sichert <moritz+linux@xxxxxxxxxx>
Re: [PATCH] etherdevice.h & bridge: netfilter: Add and use ether_addr_equal_masked
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] Statement of netfilter project on GPL enforcement
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Roberto García <rodanber@xxxxxxxxx>
[PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: rodanber@xxxxxxxxx
[nft PATCH 3/3 v3] src: add xt compat support
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[nft PATCH 2/3 v3] src: expose delinearize/linearize structures and stmt_error()
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
[nft PATCH 1/3 v3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH net v2] openvswitch: fix conntrack netlink event delivery
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [ovs-dev] [PATCH net v2] openvswitch: fix conntrack netlink event delivery
- From: Joe Stringer <joe@xxxxxxx>
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: rodanber@xxxxxxxxx
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Roberto García <rodanber@xxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Advice requested: de-masquerading from a qdisc?
- From: Kevin Darbyshire-Bryant <kevin@xxxxxxxxxxxxxxxxxxxxxxx>
[PATCH] iptables: extensions: libxt_ecn: Add translation to nft
- From: rodanber@xxxxxxxxx
[PATCH net v2] openvswitch: fix conntrack netlink event delivery
- From: Samuel Gauthier <samuel.gauthier@xxxxxxxxx>
Re: [ovs-dev] [PATCH net] openvswitch: fix conntrack netlink event delivery
- From: Joe Stringer <joe@xxxxxxx>
Re: [PATCH] etherdevice.h & bridge: netfilter: Add and use ether_addr_equal_masked
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH net] openvswitch: fix conntrack netlink event delivery
- From: Samuel Gauthier <samuel.gauthier@xxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 2/2 libnftnl] tests: Check set user data
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH 1/2 libnftnl] set: Add new attribute into 'set' to store user data
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH libnftnl] set: Fix nftnl_set_set_str
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH libnftnl] set: Fix nftnl_set_set_str
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
[PATCH iptables] extensions: libipt_realm: fix order of mask and id when do nft translation
- From: Liping Zhang <zlpnobody@xxxxxxx>
[PATCH 1/1] nft: configure.ac: Replace magic dblatex dep.
- From: Nicholas Vinson <nvinson234@xxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v3] netfilter/nflog: nflog-range does not truncate packets (userspace)
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH] netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
- From: Joe Perches <joe@xxxxxxxxxxx>
[PATCH 1/1] extensions: added AR substitution
- From: Jordan Yelloz <jordan@xxxxxxxxx>
[PATCH] etherdevice.h & bridge: netfilter: Add and use ether_addr_equal_masked
- From: Joe Perches <joe@xxxxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH nf-next] netfilter: x_tables: simplify ip{6}table_mangle_hook()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH v2] expr: lookup: give support for inverted matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] bridge: netfilter: spanning tree: Add masked_ether_addr_equal and neatening
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] bridge: netfilter: spanning tree: Add masked_ether_addr_equal and neatening
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH v2] expr: lookup: give support for inverted matching
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[libnftnl PATCH v2] expr: lookup: give support for inverted matching
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: xt_cpu: no need to check the validity of invert flag
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
[PATCH v5] xtables: Add an interval option for xtables lock wait
- From: Subash Abhinov Kasiviswanathan <subashab@xxxxxxxxxxxxxx>
Re: [PATCH v4] xtables: Add an interval option for xtables lock wait
- From: subashab@xxxxxxxxxxxxxx
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Neutron Soutmun <neo.neutron@xxxxxxxxx>
Re: [PATCH] bridge: netfilter: spanning tree: Add masked_ether_addr_equal and neatening
- From: Joe Perches <joe@xxxxxxxxxxx>
Re: [PATCH v4] xtables: Add an interval option for xtables lock wait
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tests: shell: run-tests.sh: use src/nft binary by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH v2] expr: lookup: give support for inverted matching
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 2/2] netfilter/nflog: nflog-range does not truncate packets (userspace)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next v3] netfilter: conntrack: allow increasing bucket size via sysctl too
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v5] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_log: Remove NULL check
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: move zone info into struct nf_conn
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: make comparision helpers stub functions in ZONES=n case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: conntrack: align nf_conn on cacheline boundary
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH V3] net: Allow xt_owner in any user namespace
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] bridge: netfilter: spanning tree: Add masked_ether_addr_equal and neatening
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 1/2] netfilter/nflog: nflog-range does not truncate packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 4/4] netfilter: nft_meta: add explicitly nf_logger_find_get call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/4] netfilter: xt_TRACE: add explicitly nf_logger_find_get call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] tests: shell: run-tests.sh: use src/nft binary by default
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: get rid of NFT_BASECHAIN_DISABLED
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Neutron Soutmun <neo.neutron@xxxxxxxxx>
Re: [PATCH nf-next 1/4] netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/4] netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/3] netfilter: Create revision 2 of xt_hashlimit to support higher pps rates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: xt_cpu: no need to check the validity of invert flag
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nft_meta: set skb->nf_trace appropriately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix memory leak if expr init fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft shell tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft shell tests
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
nft shell tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 1/3] libxt_hashlimit: Prepare libxt_hashlimit.c for revision 2
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables 3/3] libxt_hashlimit: iptables-restore does not work as expected with xt_hashlimit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nf-next PATCH v5] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[PATCH] ipset: Backports for the nla_put_net64() API changes
- From: Neutron Soutmun <neo.neutron@xxxxxxxxx>
Re: [PATCH v2] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Implicit flow tables can't be listed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v4] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH v4] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [nf-next PATCH v4] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH iptables] configure: Fix assignment statement
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v4 net] ipvs: fix bind to link-local mcast IPv6 address in backup
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: [RFC nf-next 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Aaron Conole <aconole@xxxxxxxxxx>
[RFC nf-next 3/3] netfilter: replace list_head with single linked list
- From: Aaron Conole <aconole@xxxxxxxxxx>
[RFC nf-next 2/3] netfilter: call nf_hook_state_init with rcu_read_lock held
- From: Aaron Conole <aconole@xxxxxxxxxx>
[RFC nf-next 1/3] netfilter: bridge: add and use br_nf_hook_thresh
- From: Aaron Conole <aconole@xxxxxxxxxx>
[RFC nf-next 0/3] Compact netfilter hooks list
- From: Aaron Conole <aconole@xxxxxxxxxx>
[PATCH iptables] configure: Fix assignment statement
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [nf-next PATCH v4] netfilter: nf_tables: add support for inverted logic in nft_lookup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft: Add support for inverted bitwise value list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] iptables-compat: use nft built-in comments support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCHv2] extensions: libxt_conntrack: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] libxt_iprange: remove extra space in translation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_CONNMARK: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl, v2] fix some error checking in parser functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl, v2] fix some error checking in parser functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft: Add support for inverted bitwise value list
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH iptables] iptables-compat: use nft built-in comments support
- From: "Pablo M. Bermudo Garay" <pablombg@xxxxxxxxx>
Re: [PATCH] nft: Add support for inverted bitwise value list
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH iptables] configure: Fix logic to show connlabel support
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PATCH iptables] configure: Fix logic to show connlabel support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] tests: shell: cover transactions via nft -f using flat syntax
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nft: Add support for inverted bitwise value list
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] nft: Add support for inverted bitwise value list
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
Re: [PATCH nft] tests: shell: cover transactions via nft -f using flat syntax
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[PATCH iptables] configure: Fix logic to show connlabel support
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PATCH conntrack-tools] configure: Remove flex check warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] configure: Remove flex check warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf_tables PATCH] netfilter: nf_tables: invert chain deletion abort path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: rodanber@xxxxxxxxx
Re: Implicit flow tables can't be listed
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Implicit flow tables can't be listed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] tests: shell: cover transactions via nft -f using flat syntax
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/6] netfilter: nf_tables: add generation mask to tables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: Roberto García Calero <rodanber@xxxxxxxxx>
[PATCH -next v3] netfilter: conntrack: allow increasing bucket size via sysctl too
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 6/6] netfilter: nft_hash: support deletion of inactive elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 5/6] netfilter: nft_rbtree: check for next generation when deactivating elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 4/6] netfilter: nf_tables: add generation mask to sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/6] netfilter: nf_tables: add generation mask to chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/6] netfilter: nf_tables: add generation mask to tables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/6] netfilter: nf_tables: add generic macros to check for generation mask
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] segtree: don't check for overlaps if set definition is empty
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next v2] netfilter: conntrack: allow increasing bucket size via sysctl too
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: Florian Westphal <fw@xxxxxxxxx>
[ANNOUNCE] Suricata meets Netfilter Conference on 27th June in Amsterdam, Netherlands
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [stable] netfilter fixes for CVE-2016-3134
- From: Willy Tarreau <w@xxxxxx>
Re: [stable] netfilter fixes for CVE-2016-3134
- From: Greg KH <greg@xxxxxxxxx>
[stable] netfilter fixes for CVE-2016-3134
- From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
[PATCH] iptables: extensions: libxt_MARK: Fix translation of --set-xmark option
- From: rodanber@xxxxxxxxx
[PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft
- From: rodanber@xxxxxxxxx
Re: [PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
[PATCH v2 2/2] netfilter/nflog: nflog-range does not truncate packets (userspace)
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH v2 1/2] netfilter/nflog: nflog-range does not truncate packets
- From: Vishwanath Pai <vpai@xxxxxxxxxx>
[PATCH -next v2] netfilter: conntrack: allow increasing bucket size via sysctl too
- From: Florian Westphal <fw@xxxxxxxxx>
Linux Module based on netfilter hooks
- From: Salis Joshi <salis.joshi@xxxxxxxxx>
Re: [PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Liping Zhang <zlpnobody@xxxxxxxxx>
[PATCH iptables] configure: Remove flex check warning
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
[PATCH conntrack-tools] configure: Remove flex check warning
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
[PATCHv2] extensions: libxt_conntrack: Add translation to nft
- From: Laura Garcia Liebana <nevola@xxxxxxxxx>
[PACTH nf-next] netfilter: nf_reject_ipv4: don't send tcp RST if the packet is non-TCP
- From: Liping Zhang <zlpnobody@xxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]