Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[PATCH 6/9] netfilter: xt_TEE: use IS_ENABLED(CONFIG_NF_DUP_IPV6)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next] netfilter: reduce sparse warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next] Revert "netfilter: xtables: compute exact size needed for jumpstack"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next] netfilter: nfnetlink: work around wrong endianess with old nft userspace
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH -next] netfilter: nfnetlink: work around wrong endianess with old nft userspace
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] ipset 6.26 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 0/1] ipset patch for nf
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 1/1] netfilter: ipset: Out of bound access in hash:net* types fixed
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [conntrackd] allowing DisableExternalCache in alarm mode
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nfnetlink_log: allow to attach conntrack
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[PATCH -next] netfilter: nfnetlink: work around wrong endianess with old nft userspace
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next] netfilter: reduce sparse warnings
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCHv6 net-next 00/10] OVS conntrack support
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: nftables batch abi broken ...
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nftables batch abi broken ...
- From: Florian Westphal <fw@xxxxxxxxx>
[conntrackd] allowing DisableExternalCache in alarm mode
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [GIT PULL nf-next] Second Round of IPVS Updates for v4.3
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH -next] Revert "netfilter: xtables: compute exact size needed for jumpstack"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCHv6 net-next 05/10] openvswitch: Add conntrack action
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
Re: [PATCH v2] iptables: update gitignore list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] libiptc: fix fortify errors in debug code
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] build: add finer module blacklisting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nfnetlink_log: allow to attach conntrack
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCHv6 net-next 05/10] openvswitch: Add conntrack action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [lnf-log PATCHv2 3/3] nlmsg: add printf function in conjunction with libmnl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log PATCHv2 2/3] utils: take a example from libmnl and use new functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log PATCHv2 1/3] introduce new functions independent from libnfnetlink
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] doc/debian.conntrackd.init.d: drop file
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] nfct: don't link against libnetfilter_conntrack
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] list: fix prefetch dummy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCHv6 net-next 00/10] OVS conntrack support
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 01/10] openvswitch: Serialize acts with original netlink len
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 02/10] openvswitch: Move MASKED* macros to datapath.h
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 05/10] openvswitch: Add conntrack action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 04/10] dst: Add __skb_dst_copy() variation
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [GIT PULL nf-next] Second Round of IPVS Updates for v4.3
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCHv6 net-next 07/10] netfilter: Always export nf_connlabels_replace()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 06/10] openvswitch: Allow matching on conntrack mark
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 03/10] ipv6: Export nf_ct_frag6_gather()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 09/10] openvswitch: Allow matching on conntrack label
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 08/10] netfilter: connlabels: Export setting connlabel length
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv6 net-next 10/10] openvswitch: Allow attaching helpers to ct action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [PATCH v2 nf-next] added missing icmpv6 codes in REJECT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[conntrack-tools PATCH] tcp: use MSG_NOSIGNAL in sendto() to avoid SIGPIPE
- From: Arturo Borrero Gonzalez <aborrero@xxxxxxx>
Re: How to set connmark on a socket descriptor from userspace?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Re: [PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
Re: [PATCHv5 net-next 09/10] openvswitch: Allow matching on conntrack label
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
Re: [PATCHv5 net-next 06/10] openvswitch: Allow matching on conntrack mark
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
Re: [PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [PATCHv5 net-next 05/10] openvswitch: Add conntrack action
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
Re: [PATCHv5 net-next 03/10] ipv6: Export nf_ct_frag6_gather()
- From: Pravin Shelar <pshelar@xxxxxxxxxx>
How to set connmark on a socket descriptor from userspace?
- From: David Hinkle <hinkle@xxxxxxxxxxxxxx>
Re: [PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action
- From: Thomas Graf <tgraf@xxxxxxx>
Re: WARNING at net/ipv4/netfilter/ip_tables.c:530
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCHv5 net-next 09/10] openvswitch: Allow matching on conntrack label
- From: Thomas Graf <tgraf@xxxxxxx>
Re: [PATCHv5 net-next 06/10] openvswitch: Allow matching on conntrack mark
- From: Thomas Graf <tgraf@xxxxxxx>
Re: [PATCHv5 net-next 05/10] openvswitch: Add conntrack action
- From: Thomas Graf <tgraf@xxxxxxx>
Re: [PATCHv5 net-next 04/10] dst: Add __skb_dst_copy() variation
- From: Thomas Graf <tgraf@xxxxxxx>
Re: [PATCHv5 net-next 01/10] openvswitch: Serialize acts with original netlink len
- From: Thomas Graf <tgraf@xxxxxxx>
WARNING at net/ipv4/netfilter/ip_tables.c:530
- From: Cong Wang <cwang@xxxxxxxxxxxxxxxx>
[PATCH conntrack-tools] conntrack: add zone direction support
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH libnetfilter_conntrack] conntrack: add zone attribute to tuple
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCHv5 net-next 00/10] OVS conntrack support
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 01/10] openvswitch: Serialize acts with original netlink len
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 04/10] dst: Add __skb_dst_copy() variation
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 02/10] openvswitch: Move MASKED* macros to datapath.h
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 03/10] ipv6: Export nf_ct_frag6_gather()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 09/10] openvswitch: Allow matching on conntrack label
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 06/10] openvswitch: Allow matching on conntrack mark
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 05/10] openvswitch: Add conntrack action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 07/10] netfilter: Always export nf_connlabels_replace()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCHv5 net-next 08/10] netfilter: connlabels: Export setting connlabel length
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: nfnetlink_log: allow to attach conntrack
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nfnetlink_queue: enable to specify nla type
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[PATCH nf-next 0/2] netfilter: nfnetlink_log attach conntrack
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[PATCH iptables v2] libxt_CT: add support for recently introduced zone options
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nft 0/12] add support for VLAN header filtering in bridge family
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 2/2 nf-next] netfilter: xt_TEE: use IS_ENABLED(CONFIG_NF_DUP_IPV6)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2 nf-next] netfilter: nf_dup: fix sparse warnings
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 net-next] netfilter: ipset: Fixing unnamed union init
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 net-next] netfilter: ipset: Fixing unnamed union init
- From: Akemi Yagi <amyagi@xxxxxxxxx>
Re: [PATCH v2 net-next] netfilter: ipset: Fixing unnamed union init
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH v2 net-next] netfilter: ipset: Fixing unnamed union init
- From: Elad Raz <eladr@xxxxxxxxxxxx>
[PATCH] netfilter: nf_ct_tcp: Remove the duplicated word in comment
- From: Feng Gao <gfree.wind@xxxxxxxxx>
[PATCH conntrack-tools] nfct: Update syntax to specify command before subsystem
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[GIT PULL nf-next] Second Round of IPVS Updates for v4.3
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH 1/4 nf-next] ipvs: Add ovf scheduler
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH 2/4 nf-next] ipvs: call rtnl_lock early
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH 4/4 nf-next] ipvs: add more mcast parameters for the sync daemon
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH 3/4 nf-next] ipvs: add sync_maxlen parameter for the sync daemon
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH net-next] netfilter: ipset: Fixing unnamed union init
- From: Elad Raz <eladr@xxxxxxxxxxxx>
[PATCH v2 iptables] added missing icmpv6 codes in REJECT
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
[PATCH v2 nf-next] added missing icmpv6 codes in REJECT
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: [PATCH nf-next] add missing icmpv6 codes (rfc4443) in REJECT
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] add missing icmpv6 codes (rfc4443) in REJECT
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
[PATCH iptables] add missing icmpv6 codes (rfc4443) in REJECT
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] nfct: don't link against libnetfilter_conntrack
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH 00/15] Netfilter updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 02/15] netfilter: xt_TEE: get rid of WITH_CONNTRACK definition
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/15] netfilter: nf_tables: add nft_dup expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/15] netfilter: nft_limit: convert to token-based limiting at nanosecond granularity
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/15] netfilter: nft_limit: rename to nft_limit_pkts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/15] netfilter: nft_limit: factor out shared code with per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
=?y?q?=5BPATCH=2003/15=5D=20netfilter=3A=20factor=20out=20packet=20duplication=20for=20IPv4/IPv6?=
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/15] netfilter: nft_limit: add burst parameter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/15] netfilter: nft_limit: constant token cost per packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/15] netfilter: nft_limit: add per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/15] netfilter: nfacct: per network namespace support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/15] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/15] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/15] netfilter: nf_conntrack: add direction support for zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/15] netfilter: nft_payload: work around vlan header stripping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/15] netfilter: nft_counter: convert it to use per-cpu counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/15] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[lnf-log PATCHv2 3/3] nlmsg: add printf function in conjunction with libmnl
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log PATCHv2 2/3] utils: take a example from libmnl and use new functions
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log PATCHv2 1/3] introduce new functions independent from libnfnetlink
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [PATCH 00/15] Netfilter updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Alan Bartlett <ajb@xxxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] nfct: don't link against libnetfilter_conntrack
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[conntrack-tools PATCH] nfct: don't link against libnetfilter_conntrack
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[conntrack-tools PATCH] nfct.8: reword some sentences
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[PATCH v2] iptables: update gitignore list
- From: Mike Frysinger <vapier@xxxxxxxxxx>
Re: [PATCH] iptables: update gitignore list
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[conntrack-tools PATCH] doc/debian.conntrackd.init.d: drop file
- From: Arturo Borrero Gonzalez <aborrero@xxxxxxx>
Re: [PATCH] iptables: update gitignore list
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
[conntrack-tools PATCH] list: fix prefetch dummy
- From: Arturo Borrero Gonzalez <aborrero@xxxxxxx>
[PATCH] iptables: update gitignore list
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[PATCH] libiptc: fix fortify errors in debug code
- From: Mike Frysinger <vapier@xxxxxxxxxx>
Re: [PATCH] build: use _DEFAULT_SOURCE for newer glibc
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[PATCH 1/1] added missing icmpv6 dest-unreach codes
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH] build: use _DEFAULT_SOURCE for newer glibc
- From: Jan Engelhardt <jengelh@xxxxxxx>
[lnf-log PATCH 2/2] utils: take a example from libmnl and use new functions
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log PATCH 1/2] introduce new functions independent from libnfnetlink
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [PATCH] netfilter: Remove the duplicated word "see" in the comment when set the IPS_ASSURED_BIT in tcp_packet
- From: Feng Gao <gfree.wind@xxxxxxxxx>
Re: [PATCH] netfilter: Remove the duplicated word "see" in the comment when set the IPS_ASSURED_BIT in tcp_packet
- From: Feng Gao <gfree.wind@xxxxxxxxx>
Re: [PATCH iptables] libxt_CT: add support for recently introduced zone options
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: Remove the duplicated word "see" in the comment when set the IPS_ASSURED_BIT in tcp_packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCHv4 nf-next] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/15] netfilter: nft_counter: convert it to use per-cpu counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/15] netfilter: xt_TEE: get rid of WITH_CONNTRACK definition
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/15] netfilter: nf_tables: add nft_dup expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
=?y?q?=5BPATCH=2003/15=5D=20netfilter=3A=20factor=20out=20packet=20duplication=20for=20IPv4/IPv6?=
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/15] netfilter: nft_limit: add burst parameter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/15] netfilter: nft_limit: rename to nft_limit_pkts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/15] netfilter: nft_limit: add per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/15] netfilter: nf_conntrack: add direction support for zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/15] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/15] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/15] netfilter: nft_payload: work around vlan header stripping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/15] netfilter: nfacct: per network namespace support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/15] netfilter: nft_limit: constant token cost per packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/15] netfilter: nft_limit: factor out shared code with per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/15] netfilter: nft_limit: convert to token-based limiting at nanosecond granularity
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/15] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next] nftables: nft_payload: work around vlan header stripping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 2/2] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: [PATCH] build: use _DEFAULT_SOURCE for newer glibc
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[lnf-log RFC PATCH v2 2/2] utils: take a example from libmnl and use new functions
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log RFC PATCH v2 1/2] introduce new functions independent from libnfnetlink
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [PATCH] build: use _DEFAULT_SOURCE for newer glibc
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v5 2/2] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] build: add finer module blacklisting
- From: Mike Frysinger <vapier@xxxxxxxxxx>
Re: [PATCH nf-next v5 1/2] netfilter: nf_conntrack: add direction support for zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] build: use _DEFAULT_SOURCE for newer glibc
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[PATCH conntrackd 8/8] conntrackd: missing break in expectation message parser function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 7/8] conntrackd: use strncpy to set up the cache name
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 6/8] conntrackd: simplify branch in tcp_accept()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 5/8] conntrackd: fix error handling in nfq_queue_cb()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 4/8] conntrackd: fix descriptor leak in do_local_request()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 3/8] conntrackd: fix leak in fork_process_new()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 2/8] conntrackd: NTA_MAX is also an invalid attribute
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 1/8] conntrackd: fix sanitization of expection attribute in the wire format
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH conntrackd 0/8] unsorted fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/2] tests: redirect: fix payload display
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log RFC PATCH 1/2] introduce new functions to use without nflog_handle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [lnf-log PATCH] build: fix typo
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] tests: redirect: fix payload display
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] tests: sets: don't include listing in payload tests
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl] expr: immediate: fix leak in expression destroy path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] src: fix memory leaks at nft_[object]_nlmsg_parse
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft] merged next-4.2 and lastest cache consolidation patches
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH -next] nftables: nft_payload: work around vlan header stripping
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnftnl 1/3] expr: add dup expression support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nftables: precondition validation fails on map construct
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH libnftnl 1/3] expr: add dup expression support
- From: Patrick McHardy <kaber@xxxxxxxxx>
[PATCH libnftnl 3/3] expr: limit: add per-byte limiting support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl 2/3] expr: limit: add burst attribute
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl 1/3] expr: add dup expression support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/12] payload: disable payload merge if offsets are not on byte boundary
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 05/12] src: netlink_linearize: handle sub-byte lengths
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 09/12] tests: add tests for ip version/hdrlength/tcp doff
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 08/12] netlink: cmp: shift rhs constant if lhs offset doesn't start on byte boundary
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 11/12] tests: vlan tests
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 12/13] vlan: make != tests work
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 10/12] nft: support listing expressions that use non-byte header fields
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 07/12] nft: fill in doff and fix ihl/version template entries
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 06/12] src: netlink: don't truncate set key lengths
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 03/12] nft: allow stacking vlan header on top of ethernet
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 01/12] tests: use the src/nft binary instead of $PATH one
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 02/12] tests: add 'awkward' prefix match expression
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nft 0/12] add support for VLAN header filtering in bridge family
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Patrick McHardy <kaber@xxxxxxxxx>
[PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
- From: Mike Frysinger <vapier@xxxxxxxxxx>
[PATCH nf-next v5 2/2] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v5 1/2] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v5 0/2] Netfilter zone directions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: ipset triggering kasan warnings.
- From: Dave Jones <davej@xxxxxxxxxxxxxxxxx>
Re: ipset triggering kasan warnings.
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
ipset triggering kasan warnings.
- From: Dave Jones <davej@xxxxxxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
nftables: precondition validation fails on map construct
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH v4 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v4 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: Remove the duplicated word "see" in the comment when set the IPS_ASSURED_BIT in tcp_packet
- From: Feng Gao <gfree.wind@xxxxxxxxx>
[PATCHv4 nf-next] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
Re: [PATCH v4 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCHv3 2/2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH v4 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2] netlink: don't call netlink_dump_*() from listing functions with --debug=netlink
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] evaluate: display error on unexisting chain when listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Akemi Yagi <amyagi@xxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH v4 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH 0/5] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/5] netfilter: SYNPROXY: fix sending window update to client
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/5] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/5] netfilter: conntrack: Use flags in nf_ct_tmpl_alloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/5] netfilter: nf_conntrack: checking for IS_ERR() instead of NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/5] netfilter: nf_conntrack: silence warning on falling back to vmalloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/5] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPv6 and private net with masquerading not working correctly
- From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Re: nft: parser problem, can use mark as datatype in sets and maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nft: parser problem, can use mark as datatype in sets and maps
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 14/14] src: get rid of EINTR handling for nft_netlink()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 13/14] src: use cache infrastructure for set element objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 11/14] src: add chain declarations to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 12/14] src: use cache infrastructure for rule objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 08/14] rule: add chain reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 10/14] evaluate: add cmd_evaluate_rename()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 09/14] src: use cache infrastructure for chain objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 07/14] src: early allocation of the set ID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 06/14] src: add set declaration to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 05/14] src: use cache infrastructure for set objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 02/14] src: add cmd_evaluate_list()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 04/14] src: add table declaration to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 03/14] rule: add reference counter to the table object
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 01/14] src: add cache infrastructure and use it for table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v5 00/14] cache consolidation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [IPTABLES] Module ipt_same
- From: Alex william <alex.william21@xxxxxxxxxxx>
Re: [IPTABLES] Module ipt_same
- From: Jan Engelhardt <jengelh@xxxxxxx>
[lnf-log RFC PATCH 2/2] utils: take a example from libmnl and use nflog_nlmsg_parse
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log RFC PATCH 1/2] introduce new functions to use without nflog_handle
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log RFC PATCH 0/2] introduce new functions to use without nflog_handle
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[lnf-log PATCH] build: fix typo
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCHv3 2/2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
[PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Phil Sutter <phil@xxxxxx>
[PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client
- From: Phil Sutter <phil@xxxxxx>
[PATCH iptables] libxt_CT: add support for recently introduced zone options
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH v4 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH v4 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH v4 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v4 0/3] Netfilter zone directions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: per network namespace nfacct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IP sets: Suggestion: additional value match
- From: Rudolf_AT <Rudolf_AT.nf@xxxxxx>
Re: [PATCH] netfilter: per network namespace nfacct
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH] netfilter: per network namespace nfacct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
- From: Phil Sutter <phil@xxxxxx>
[PATCH 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: per network namespace nfacct
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCHv3 2/2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: per network namespace nfacct
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 6/6] netfilter: nft_limit: add per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: per network namespace nfacct
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 6/6] netfilter: nft_limit: add per-byte limiting
- From: Patrick McHardy <kaber@xxxxxxxxx>
[PATCH nf-next 6/6] netfilter: nft_limit: add per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 5/6] netfilter: nft_limit: constant token cost per packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 4/6] netfilter: nft_limit: add burst parameter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/6] netfilter: nft_limit: convert to token-based limiting at nanosecond granularity
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/6] netfilter: nft_limit: factor out shared code with per-byte limiting
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/6] netfilter: nft_limit: rename to nft_limit_pkts
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl] src: fix memory leaks at nft_[object]_nlmsg_parse
- From: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
Re: [PATCH 00/18] Netfilter updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH net] netfilter: conntrack: Use flags in nf_ct_tmpl_alloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH net] netfilter: conntrack: Use flags in nf_ct_tmpl_alloc()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCH net] netfilter: conntrack: Use flags in nf_ct_tmpl_alloc()
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/3] netfilter: factor out packet duplication for IPv4/IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPv6 support for GRE helper(nf_conntrack_proto_gre)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nf_tables: add generation mask to set objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
IPv6 support for GRE helper(nf_conntrack_proto_gre)
- From: Aju L Francis <aju@xxxxxxxx>
Re: nfacct is not namespace aware
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nfacct is not namespace aware
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: [PATCH nf-next 2/3] netfilter: factor out packet duplication for IPv4/IPv6
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nf_tables: add generation mask to set objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
=?y?q?=5BPATCH=20nf-next=202/3=5D=20netfilter=3A=20factor=20out=20packet=20duplication=20for=20IPv4/IPv6?=
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nf_tables: add nft_dup expression
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/3] netfilter: xt_TEE: get rid of WITH_CONNTRACK definition
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/18] Netfilter updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/18] netfilter: Per network namespace netfilter hooks.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/18] netfilter: move tee_active to core
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/18] netfilter: xtables: compute exact size needed for jumpstack
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/18] netfilter: nftables: Only run the nftables chains in the proper netns
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/18] netfilter: xtables: don't save/restore jumpstack offset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/18] netfilter: add and use jump label for xt_tee
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/18] netfilter: xtables: remove __pure annotation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/18] netfilter: fix possible removal of wrong hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/18] netfilter: rename local nf_hook_list to hook_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/18] netfilter: nf_queue: fix nf_queue_nf_hook_drop()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/18] netfilter: bridge: reduce nf_bridge_info to 32 bytes again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/18] netfilter: nf_ct_sctp: minimal multihoming support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/18] netfilter: ip6t_REJECT: Remove debug messages from reject_tg6()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/18] netfilter: bridge: do not initialize statics to 0 or NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/18] netfilter: Fix memory leak in nf_register_net_hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/18] netfilter: Factor out the hook list selection from nf_register_hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/18] netfilter: Simply the tests for enabling and disabling the ingress queue hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/18] netfilter: kill nf_hooks_active
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: New multiple DSCP match by "-m dscp --dscp-multi value,value,..."
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: New multiple DSCP match by "-m dscp --dscp-multi value,value,..."
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nf_tables: add generation mask to set objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: New multiple DSCP match by "-m dscp --dscp-multi value,value,..."
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/3] netfilter: nf_tables: add generation mask to set objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Patrick McHardy <kaber@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: ip6t_REJECT: Remove debug messages from reject_tg6()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nf_tables: add generation mask to chain objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables: add generation mask to table objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nf_tables: add generation mask to set objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IP sets: Suggestion: additional value match
- From: Rudolf_AT <Rudolf_AT.nf@xxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Joe Stringer <joestringer@xxxxxxxxxx>
Re: [PATCH nf-next] netfilter: connlabels: Export setting connlabel length
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[PATCH nft] src: restore nft list tables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nft_counter: convert it to use per-cpu counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IP sets: Suggestion: additional value match
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Multiple DSCP match by "-m dscp --dscp-multi value,value,..."
- From: Kyeong Yoo <Kyeong.Yoo@xxxxxxxxxxxxxxxxxxx>
New multiple DSCP match by "-m dscp --dscp-multi value,value,..."
- From: Kyeong Yoo <Kyeong.Yoo@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: connlabels: Export setting connlabel length
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: connlabels: Export setting connlabel length
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[IPTABLES] Module ipt_same
- From: Alex william <alex.william21@xxxxxxxxxxx>
Re: [PATCH] netfilter: xtables: Add helper macro for xt_match boilerplate
- From: Vaishali Thakkar <vthakkar1994@xxxxxxxxx>
[PATCH nf-next] netfilter: ip6t_REJECT: Remove debug messages from reject_tg6()
- From: subashab@xxxxxxxxxxxxxx
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
IP sets: Suggestion: additional value match
- From: Rudolf_AT <Rudolf_AT.nf@xxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: xtables: Add helper macro for xt_match boilerplate
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPv4 IPv6 parallel dns lookup in combination with nfqueue is problematic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Re: [PATCH 1/2 nf] netfilter: bridge: do not initialize statics to 0 or NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: ip6t_REJECT: Log reject reason in reject_tg6()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: bridge: reduce nf_bridge_info to 32 bytes again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_ct_sctp: minimal multihoming support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: ip6t_REJECT: Log reject reason in reject_tg6()
- From: subashab@xxxxxxxxxxxxxx
[PATCHv3 2/2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
[PATCH 1/2 nf] netfilter: bridge: do not initialize statics to 0 or NULL
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
[patch -master] netfilter: xt_CT: checking for IS_ERR() instead of NULL
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
[PATCH] netfilter: xtables: Add helper macro for xt_match boilerplate
- From: Vaishali Thakkar <vthakkar1994@xxxxxxxxx>
Re: [PATCH 00/10] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
IPv4 IPv6 parallel dns lookup in combination with nfqueue is problematic
- From: Tarik Demirci <tarik@xxxxxxxxxxxxxxxx>
Re: [IPTABLES 0/2] iptables-compat fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: bridge: reduce nf_bridge_info to 32 bytes again
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_queue: fix deadlock in nf_queue_nf_hook_drop()
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf-next] netfilter: nf_queue: fix nf_queue_nf_hook_drop()
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH nf] netfilter: nf_conntrack: silence warning on falling back to vmalloc()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nf_conntrack: falling back to vmalloc.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_queue: fix deadlock in nf_queue_nf_hook_drop()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_queue: fix nf_queue_nf_hook_drop()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/10] netfilter: ctnetlink: put back references to master ct and expect objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/10] netfilter: IDLETIMER: fix lockdep warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/10] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/10] ipvs: fix ipv6 route unreach panic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/10] ipvs: fix crash if scheduler is changed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/10] ipvs: skb_orphan in case of forwarding
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/10] ipvs: call skb_sender_cpu_clear
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/10] ipvs: fix crash with sync protocol v0 and FTP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/10] netfilter: fix netns dependencies with conntrack templates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/10] netfilter: nf_conntrack: Support expectations in different zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/10] ipvs: do not use random local source address for tunnels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: rename local nf_hook_list to hook_list
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf-next 1/2] netfilter: fix possible removal of wrong hook
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf-next] netfilter: nf_queue: fix deadlock in nf_queue_nf_hook_drop()
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf] netfilter: Support expectations in different zones
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
heads up, rebasing nf (was Re: [PATCH nf] netfilter: nf_conntrack: silent warning when adding) extensions to templates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf 0/6] IPVS Fixes for v4.2
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH 0/5] netlink: mmap kernel panic and some issues
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH iptables] libxt_CT: add support for recently introduced zone options
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v3 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v3 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v3 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v3 0/3] Netfilter zone directions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
ip(6)tables-restore segfault + patch
- From: Felix Bolte <bolte.felix@xxxxxxxxx>
[PATCH nf] netfilter: Support expectations in different zones
- From: Joe Stringer <joestringer@xxxxxxxxxx>
[RFC PATCH 5/5] netlink: rx mmap: notify only when NL_MMAP_STATUS_VALID frame exists
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[RFC PATCH 4/5] netlink: mmap: update tx type check
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[RFC PATCH 3/5] netlink: mmap: fix status for not delivered skb
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[RFC PATCH 2/5] netlink: mmap: apply mmaped skb helper functions
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[RFC PATCH 1/5] netlink: mmap: introduce mmaped skb helper functions
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
[RFC PATCH 0/5] netlink: mmap kernel panic and some issues
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [PATCHv2 net-next] net: #ifdefify sk_classid member of struct sock
- From: David Miller <davem@xxxxxxxxxxxxx>
[IPTABLES 0/2] iptables-compat fixes
- From: Thomas Woerner <twoerner@xxxxxxxxxx>
[IPTABLES 2/2] iptables-compat: Increase rule number only for the selected table and chain
- From: Thomas Woerner <twoerner@xxxxxxxxxx>
[IPTABLES 1/2] iptables-compat: Allow to insert into rule_count+1 position
- From: Thomas Woerner <twoerner@xxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: [PATCHv2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] tests: validate generated netlink instructions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] Fix grammar error in manpage
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: fix possible removal of wrong hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: rename local nf_hook_list to hook_list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_queue: fix deadlock in nf_queue_nf_hook_drop()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] Fix grammar error in manpage
- From: Neutron Soutmun <neo.neutron@xxxxxxxxx>
[PATCH nf] netfilter: nf_conntrack: silent warning when adding extensions to templates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: Fix memory leak in nf_register_net_hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[netfilter] INFO: task kworker/u2:0:6 blocked for more than 120 seconds.
- From: Fengguang Wu <fengguang.wu@xxxxxxxxx>
[PATCHv2 net-next] net: #ifdefify sk_classid member of struct sock
- From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Re: [PATCH net-next] net: #ifdefify sk_classid member of struct sock
- From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Re: [PATCH net-next] net: #ifdefify sk_classid member of struct sock
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH net-next] net: #ifdefify sk_classid member of struct sock
- From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Re: [PATCHv2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
Re: nf_conntrack: falling back to vmalloc.
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nf_conntrack: falling back to vmalloc.
- From: Toralf Förster <toralf.foerster@xxxxxx>
[PATCH nf-next v2] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: nf_conntrack: falling back to vmalloc.
- From: Florian Westphal <fw@xxxxxxxxx>
nf_conntrack: falling back to vmalloc.
- From: Toralf Förster <toralf.foerster@xxxxxx>
[PATCH nft] tests: validate generated netlink instructions
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nft: meta l4proto range printing broken on 32bit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nft: meta l4proto range printing broken on 32bit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nft: meta l4proto range printing broken on 32bit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
[PATCH iptables] fix wrong headername in ipv6header for protocols
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Re: nft: meta l4proto range printing broken on 32bit
- From: Florian Westphal <fw@xxxxxxxxx>
nft: meta l4proto range printing broken on 32bit
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCHv2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next 0/6] Per network namespace netfilter chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 0/6] IPVS Fixes for v4.2
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 2/6] ipvs: do not use random local source address for tunnels
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 1/6] ipvs: fix ipv6 route unreach panic
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 4/6] ipvs: skb_orphan in case of forwarding
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 3/6] ipvs: fix crash if scheduler is changed
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 5/6] ipvs: fix crash with sync protocol v0 and FTP
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf 6/6] ipvs: call skb_sender_cpu_clear
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCHv2 nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Re: [PATCH -next 5/6] netfilter: Per network namespace netfilter hooks.
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf,v2] netfilter: fix netns dependencies with conntrack templates
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH -next 0/6] Per network namespace netfilter chains
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH -next 5/6] netfilter: Per network namespace netfilter hooks.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next v2 0/6] netfilter: xtables: improve jumpstack handling
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next 0/6] Per network namespace netfilter chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next v2 0/6] netfilter: xtables: improve jumpstack handling
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH nf-next] net-ipvs: Delete an unnecessary check before the function call "module_put"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH iptables] extensions: libxt_socket: update man pages and tests for --restore-skmark
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v2] netfilter: fix netns dependencies with conntrack templates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/2] build: resolve build error involving libnftnl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 2/2] extensions: restore matching any SPI id by default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [Q] iptables AH module api mismatch between -master and 1.4.7
- From: Cyrill Gorcunov <gorcunov@xxxxxxxxx>
Re: [Q] iptables AH module api mismatch between -master and 1.4.7
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 1/2] build: resolve build error involving libnftnl
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH 2/2] extensions: restore matching any SPI id by default
- From: Jan Engelhardt <jengelh@xxxxxxx>
iptables: AH/ESP init fix, and a build fix
- From: Jan Engelhardt <jengelh@xxxxxxx>
[Q] iptables AH module api mismatch between -master and 1.4.7
- From: Cyrill Gorcunov <gorcunov@xxxxxxxxx>
Re: [PATCH] netfilter: nf_nat: Fix possible null dereference
- From: subashab@xxxxxxxxxxxxxx
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Akemi Yagi <amyagi@xxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
[PATCH -next v2 6/6] netfilter: xtables: add upper limit on call chain depth
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next v2 2/6] netfilter: move tee_active to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next v2 3/6] netfilter: xtables: don't save/restore jumpstack offset
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next v2 1/6] netfilter: xtables: compute exact size needed for jumpstack
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next v2 0/6] netfilter: xtables: improve jumpstack handling
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 5/6] netfilter: xtables: remove __pure annotation
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 4/6] netfilter: add and use jump label for xt_tee
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming support
- From: Michal Kubecek <mkubecek@xxxxxxx>
Re: [PATCH nf RFC] netfilter: fix netns dependencies with conntrack templates
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Alan Bartlett <ajb@xxxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Cong Wang <cwang@xxxxxxxxxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Akemi Yagi <amyagi@xxxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH iptables] extensions: libxt_socket: update man pages and tests for --restore-skmark
- From: Harout Hedeshian <harouth@xxxxxxxxxxxxxx>
Re: [PATCH nf RFC] netfilter: fix netns dependencies with conntrack templates
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: nf_nat: Fix possible null dereference
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nf: IDLETIMER: fix lockdep warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] nf: IDLETIMER: fix lockdep warning
- From: Dmitry Torokhov <dtor@xxxxxxxxxx>
Re: [PATCH] nf: IDLETIMER: fix lockdep warning
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf RFC] netfilter: fix netns dependencies with conntrack templates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next v2 0/3] Netfilter zone directions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v2 2/3] netfilter: nf_conntrack: add direction support for zones
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v2 3/3] netfilter: nf_conntrack: add efficient mark to zone mapping
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH nf-next v2 1/3] netfilter: nf_conntrack: push zone object into functions
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH iptables] libxt_CT: add support for recently introduced zone options
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH -next 6/6] netfilter: nftables: Only run the nftables chains in the proper netns
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 5/6] netfilter: Per network namespace netfilter hooks.
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 4/6] netfilter: Factor out the hook list selection from nf_register_hook
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 3/6] netfilter: Simply the tests for enabling and disabling the ingress queue hook
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 2/6] netfilter: kill nf_hooks_active
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 1/6] netfilter: nf_queue: Don't recompute the hook_list head
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH -next 0/6] Per network namespace netfilter chains
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH nf-next] net-ipvs: Delete an unnecessary check before the function call "module_put"
- From: Simon Horman <horms@xxxxxxxxxxxx>
[GIT PULL nf-next] IPVS for v4.3
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH] nf: IDLETIMER: fix lockdep warning
- From: Dmitry Torokhov <dtor@xxxxxxxxxx>
Re: [PATCH] netfilter: nf_nat: Fix possible null dereference
- From: subashab@xxxxxxxxxxxxxx
Re: [PATCH] netfilter: nf_nat: Fix possible null dereference
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf] netfilter: ctnetlink: put back references to master ct and expect objects
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Re: [PATCH 0/7] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH COLO-Frame v7 00/34] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service (FT)
- From: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
Re: [PATCH] net-ipvs: Delete an unnecessary check before the function call "module_put"
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH] netfilter: nf_nat: Fix possible null dereference
- From: subashab@xxxxxxxxxxxxxx
Re: [PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Jan Engelhardt <jengelh@xxxxxxx>
[PATCH RFC -next 4/4] netfilter: xtables: add upper limit on call chain depth
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 3/4] netfilter: xtables: don't save/restore jumpstack offset
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 2/4] netfilter: move tee_active to core
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 1/4] xtables: compute exact size needed for jumpstack
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH -next 0/4] netfilter: xtables: improve jumpstack handling
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH 2/7] netfilter: bridge: fix CONFIG_NF_DEFRAG_IPV4/6 related warnings/errors
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/7] netfilter: bridge: don't leak skb in error paths
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/7] netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/7] MAINTAINER: add bridge netfilter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/7] netfilter: nf_queue: Don't recompute the hook_list head
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/7] netfilter: nfnetlink: keep going batch handling on missing modules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/7] netfilter: arptables: use percpu jumpstack
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/7] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/3 nft] configure: fix --enable-debug
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/3 nft] src: fix do_list_tables() with family filtering
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/3 nft] src: get rid of EINTR handling in nft_netlink()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
- From: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
[PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
- From: Julien Grall <julien.grall@xxxxxxxxxx>
Re: [PATCH lnf-ct] conntrack: fix stop timestamp assignment
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH lnf-ct] conntrack: fix stop timestamp assignment
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
[PATCH nf] MAINTAINER: add bridge netfilter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 16/16] src: consolidate set element cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 15/16] rule: consolidate rule cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 14/16] src: add chain declarations to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 13/16] evaluate: add cmd_evaluate_rename()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 12/16] src: consolidate chain cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 06/16] src: add set declaration to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 10/16] rule: fix use of intervals in set declarations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 11/16] rule: add chain reference counter
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 09/16] rule: use netlink_add_setelems() when creating literal sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 08/16] segtree: pass element expression as parameter to set_to_intervals()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 05/16] src: consolidate set cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 07/16] src: early allocation of the set ID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 04/16] src: add table declaration to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 01/16] src: consolidate table cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 00/16] cache consolidation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 03/16] rule: add reference counter to the table object
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v4 02/16] src: add cmd_evaluate_list()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/3] src: set chain->hookstr from delinearization
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/3] rule: missing family when listing of tables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 3/3] rule: add do_list_tables()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
RE: Kernel 4.1.0 broke the TARPIT & DELUGE targets in xtables-addons-2.6
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: [Q RFC nft] how to add bridge vlan header match support?
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Florian Westphal <fw@xxxxxxxxx>
[RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
Re: Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Guenter Roeck <linux@xxxxxxxxxxxx>
Linux 4.2 build error in net/netfilter/ipset/ip_set_hash_netnet.c
- From: Vinson Lee <vlee@xxxxxxxxxxxxxxxx>
[RFC PATCH v2] netfilter: nf_conntrack: fix endless loop on netns deletion
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
[PATCH v2] conntrack: made the protocol option value case insensitive
- From: pfeiffer.szilard@xxxxxxxxxx
Re: [PATCH] conntrack: made the protocol option value case insensitive
- From: Szilárd Pfeiffer <pfeiffer.szilard@xxxxxxxxxx>
Re: [PATCH nf] netfilter: arptables: use percpu jumpstack
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: bridge: don't leak skb in error paths
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 7/7] rule: fix use of intervals in set declarations
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 6/7] rule: use netlink_add_setelems() when creating literal sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 5/7] segtree: pass element expression as parameter to set_to_intervals()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 4/7] src: early allocation of the set ID
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 3/7] src: consolidate set cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 2/7] src: add table declaration to cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 1/7] src: consolidate table cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3 0/7] cache consolidation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrack: made the protocol option value case insensitive
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: arptables: use percpu jumpstack
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Re: [PATCH nf] netfilter: arptables: use percpu jumpstack
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[Q RFC nft] how to add bridge vlan header match support?
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH] net-ipvs: Delete an unnecessary check before the function call "module_put"
- From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: bridge: don't leak skb in error paths
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: arptables: use percpu jumpstack
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf] netfilter: arptables: use percpu jumpstack
- From: Jan Engelhardt <jengelh@xxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]