Linux TCP/IP Netfilter Devel

• Thread Index

• Re: [nft PATCH v2] evaluate: fix check for unknown in cmd_op_to_name
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH v2] evaluate: fix check for unknown in cmd_op_to_name
  • From: 谢致邦 (XIE Zhibang) <Yeking@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: use timestamp to check for set element timeout
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• 0x18: Dates And Location for upcoming conference
  • From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Matthieu Baerts <matttbe@xxxxxxxxxx>
• Re: [PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed
  • From: "Linux regression tracking (Thorsten Leemhuis)" <regressions@xxxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy
  • From: syzbot <syzbot+52bbc0ad036f6f0d4a25@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH] Makefile.am: don't silence -Wimplicit-function-declaration
  • From: Sam James <sam@xxxxxxxxxx>
• Re: [iptables PATCH v2 0/3] iptables-save: Avoid /etc/protocols lookups
  • From: Phil Sutter <phil@xxxxxx>
• Re: [syzbot] [netfilter?] WARNING: suspicious RCU usage in hash_netportnet6_destroy
  • From: syzbot <syzbot+bcd44ebc3cd2db18f26c@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [iptables PATCH 00/12] Range value related fixes/improvements
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH 0/7] A number of ASAN-identified fixes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Matthieu Baerts <matttbe@xxxxxxxxxx>
• [PATCH nf] netfilter: nfnetlink_queue: un-break NF_REPEAT
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: iptables: considers incomplete rule in -C and finds an erroneous match
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf-next] netfilter: xtables: fix up kconfig dependencies
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 3/3] netfilter: nft_set_pipapo: remove scratch_aligned pointer
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 2/3] netfilter: nft_set_pipapo: add helper to release pcpu scratch area
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf 0/3] netfilter: nft_set_pipapo: map_index must be per set
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [netfilter-core] [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Michal Kubecek <mkubecek@xxxxxxx>
• Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Michal Kubecek <mkubecek@xxxxxxx>
• [PATCH] evaluate: fix check for unknown in cmd_op_to_name
  • From: 谢致邦 (XIE Zhibang) <Yeking@xxxxxxxxx>
• [syzbot] [netfilter?] WARNING: suspicious RCU usage in hash_netportnet6_destroy
  • From: syzbot <syzbot+bcd44ebc3cd2db18f26c@xxxxxxxxxxxxxxxxxxxxxxxxx>
• [PATCH] ipvs: generic netlink multicast event group
  • From: Terin Stock <terin@xxxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_ct: reject direction for ct id
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Viktor Malik <vmalik@xxxxxxxxxx>
• Re: [PATCH net-next v2] net: ctnetlink: support filtering by zone
  • From: Felix Huettner <felix.huettner@mail.schwarz>
• [PATCH net] net: ctnetlink: fix filtering for zone 0
  • From: Felix Huettner <felix.huettner@mail.schwarz>
• [PATCH v5.4.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>
• [PATCH v4.19.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>
• libnetfilter_queue patch ping
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: kernel test robot <oliver.sang@xxxxxxxxx>
• Re: iptables: considers incomplete rule in -C and finds an erroneous match
  • From: Roman Mamedov <rm@xxxxxxxxxxx>
• iptables: considers incomplete rule in -C and finds an erroneous match
  • From: Roman Mamedov <rm@xxxxxxxxxxx>
• [PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Manu Bretelle <chantr4@xxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy
  • From: syzbot <syzbot+52bbc0ad036f6f0d4a25@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Manu Bretelle <chantr4@xxxxxxxxx>
• [iptables PATCH 08/12] extensions: esp: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 02/12] libxtables: xtoptions: Assert ranges are monotonic increasing
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 10/12] nft: Do not omit full ranges if inverted
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 00/12] Range value related fixes/improvements
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 04/12] extensions: ah: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 05/12] extensions: frag: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 03/12] libxtables: Reject negative port ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 01/12] extensions: *.t/*.txlate: Test range corner-cases
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 07/12] extensions: rt: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 06/12] extensions: mh: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 12/12] libxtables: xtoptions: Respect min/max values when completing ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 09/12] extensions: ipcomp: Save inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 11/12] extensions: tcp/udp: Save/xlate inverted full ranges
  • From: Phil Sutter <phil@xxxxxx>
• [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy
  • From: syzbot <syzbot+52bbc0ad036f6f0d4a25@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net-next v2] net: ctnetlink: support filtering by zone
  • From: Felix Huettner <felix.huettner@mail.schwarz>
• [PATCH nf] netfilter: nft_compat: reject unused compat flag
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_compat: restrict match/target protocol to u16
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_compat: narrow down revision to unsigned 8-bits
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_byteorder: length must be multiple of size
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next v2] net: ctnetlink: support filtering by zone
  • From: Ilya Maximets <i.maximets@xxxxxxx>
• Re: [PATCH net-next v2] net: ctnetlink: support filtering by zone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_set_pipapo: remove static in nft_pipapo_get()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH v5.10.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
  • From: Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>
• Re: [PATCH net 1/6] netfilter: conntrack: correct window scaling with retransmitted SYN
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [iptables PATCH 4/7] xtables-eb: Eliminate 'opts' define
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/7] nft: ruleparse: Add missing braces around ternary
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 5/7] xshared: Fix for memleak in option merging with ebtables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 0/7] A number of ASAN-identified fixes
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 7/7] ebtables: Fix for memleak with change counters command
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/7] tests: iptables-test: Increase non-fast mode strictness
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 6/7] xshared: Introduce xtables_clear_args()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 3/7] libxtables: Fix memleak of matches' udata
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH net 4/6] netfilter: ipset: fix performance regression in swap operation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/6] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/6] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/6] netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/6] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/6] netfilter: conntrack: correct window scaling with retransmitted SYN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/6] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [nft PATCH] json: Support sets' auto-merge option
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH] json: Support sets' auto-merge option
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] json: Support sets' auto-merge option
  • From: Phil Sutter <phil@xxxxxx>
• [ANNOUNCE] ipset 7.20 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 1/9] netfilter: uapi: Document NFT_TABLE_F_OWNER flag
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: linux-next: Tree for Jan 30 (netfilter, xtables)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH nf-next 0/9] netfilter updates for -next
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re: [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Benjamin Tissoires <bentiss@xxxxxxxxxx>
• Re: [PATCH nf-next 0/9] netfilter updates for -next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf-next 0/9] netfilter updates for -next
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: linux-next: Tree for Jan 30 (netfilter, xtables)
  • From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH nf] netfilter: nft_ct: bail out if helper is not found for NFPROTO_{IPV4,IPV6}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [RFC PATCH v2 1/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• [RFC PATCH v2 0/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• [PATCH nf-next] netfilter: nft_osf: simplify init path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 2/2] netfilter: nf_log: validate nf_logger_find_get()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_ct: bail out if helper is not found for NFPROTO_{IPV4,IPV6}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next 9/9] netfilter: ebtables: allow xtables-nft only builds
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 8/9] netfilter: xtables: allow xtables-nft only builds
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 7/9] netfilter: arptables: allow xtables-nft only builds
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 5/9] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create()
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 6/9] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 2/9] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/9] netfilter: uapi: Document NFT_TABLE_F_OWNER flag
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 4/9] netfilter: nf_tables: pass flags to set backend selection routine
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 3/9] netfilter: nf_tables: Implement table adoption support
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 0/9] netfilter updates for -next
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] datatype: display 0s time datatype
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH 0/1] ipset performance regression in swap fix
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH nf-next] netfilter: nf_conncount: Use KMEM_CACHE() instead of kmem_cache_create()
  • From: Markus Elfring <Markus.Elfring@xxxxxx>
• Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior
  • From: Florian Westphal <fw@xxxxxxxxx>
• [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• [RFC PATCH 0/1] netfilter: nat: restore default DNAT behavior
  • From: Kyle Swenson <kyle.swenson@xxxxxxxx>
• Re: [PATCH nf] netfilter: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
  • From: Xin Long <lucien.xin@xxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Phil Sutter <phil@xxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH net 1/6] netfilter: nf_tables: cleanup documentation
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [PATCH libnetfilter_conntrack 1/2] dump: support filtering by zone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [netfilter-core] [ANN] net-next is OPEN
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/6] netfilter: nf_tables: cleanup documentation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/6] netfilter: nf_tables: validate NFPROTO_* family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 5/6] netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 4/6] netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 3/6] netfilter: nft_limit: reject configurations that cause integer overflow
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/6] netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/6] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [ANN] net-next is OPEN
  • From: Matthieu Baerts <matttbe@xxxxxxxxxx>
• [PATCH nf,v3] netfilter: nf_tables: validate NFPROTO_* family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf,v2] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ANN] net-next is OPEN
  • From: Jakub Kicinski <kuba@xxxxxxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] iptables: Add missing error codes
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH nf-next] netfilter: arptables: allow arptables-nft only builds
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nf-next 2/2] netfilter: ebtables: add _LEGACY kconfig symbol
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next 1/2] netfilter: xtables: add _LEGACY kconfig symbol
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf-next] netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_expect_init
  • From: Kunwu Chan <chentao@xxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: "David Wang" <00107082@xxxxxxx>
• Re: [PATCH 64/82] netfilter: Refactor intentional wrap-around test
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] netfilter: nf_tables: Add a null pointer check in two functions
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [PATCH nf] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH iptables] extensions: libebt_stp: fix range checking
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] iptables: Add missing error codes
  • From: Jacek Tomasiak <jacek.tomasiak@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: arptables: allow arptables-nft only builds
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: netfilter: nf_tables: Add a null pointer check in two functions
  • From: Markus Elfring <Markus.Elfring@xxxxxx>
• Re: [PATCH] netfilter: nf_tables: Add a null pointer check in two functions
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH] netfilter: nf_tables: Add a null pointer check in two functions
  • From: Markus Elfring <Markus.Elfring@xxxxxx>
• Re: [iptables PATCH] iptables: Add missing error codes
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH] iptables: Add missing error codes
  • From: Jacek Tomasiak <jacek.tomasiak@xxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").
  • From: Yi Chen <yiche@xxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create()
  • From: Kunwu Chan <chentao@xxxxxxxxxx>
• [PATCH 64/82] netfilter: Refactor intentional wrap-around test
  • From: Kees Cook <keescook@xxxxxxxxxxxx>
• Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").
  • From: yiche@xxxxxxxxxx
• Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Kunwu Chan <chentao@xxxxxxxxxx>
• [PATCH] netfilter: conntrack: correct window scaling with retransmitted SYN
  • From: Ryan Schaefer <ryanschf@xxxxxxxxxx>
• Re: PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling
  • From: "Schaefer, Ryan" <ryanschf@xxxxxxxxxx>
• PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling
  • From: "Schaefer, Ryan" <ryanschf@xxxxxxxxxx>
• Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Simon Horman <horms@xxxxxxxxxx>
• [PATCH nft 2/2] evaluate: permit use of host-endian constant values in set lookup keys
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/2] fix host-endian constant values in set lookup keys
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/2] netlink_delinearize: move concat and value postprocessing to helpers
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nft_limit: reject configurations that cause integer overflow
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 01/13] netfilter: nf_tables: reject invalid set policy
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH net 13/13] ipvs: avoid stat macros calls from preemptible context
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 06/13] netfilter: nf_queue: remove excess nf_bridge variable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 12/13] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 08/13] netfilter: bridge: replace physindev with physinif in nf_bridge_info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 10/13] netfilter: nf_tables: do not allow mismatch field size and set key length
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 11/13] netfilter: nf_tables: skip dead set elements in netlink dump
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 07/13] netfilter: propagate net to nf_bridge_get_physindev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 09/13] netfilter: nf_tables: check if catch-all set element is active in next generation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 05/13] netfilter: nfnetlink_log: use proper helper for fetching physinif
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 04/13] netfilter: nft_limit: do not ignore unsupported flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 03/13] netfilter: nf_tables: bail out if stateful expression provides no .clone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 01/13] netfilter: nf_tables: reject invalid set policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 02/13] netfilter: nf_tables: validate .maxattr at expression registration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net,v2 00/13] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH nft] tests: py: remove huge-limit test cases
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Paolo Abeni <pabeni@xxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Kunwu Chan <chentao@xxxxxxxxxx>
• [syzbot] [netfilter?] WARNING in nf_hook_entry_head
  • From: syzbot <syzbot+ea8f0147cde55bfa62e9@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• [PATCH net 13/14] ipvs: avoid stat macros calls from preemptible context
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 14/14] netfilter: ipset: fix performance regression in swap operation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 11/14] netfilter: nf_tables: skip dead set elements in netlink dump
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 12/14] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 08/14] netfilter: bridge: replace physindev with physinif in nf_bridge_info
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 07/14] netfilter: propagate net to nf_bridge_get_physindev
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 10/14] netfilter: nf_tables: do not allow mismatch field size and set key length
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 09/14] netfilter: nf_tables: check if catch-all set element is active in next generation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 05/14] netfilter: nfnetlink_log: use proper helper for fetching physinif
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 06/14] netfilter: nf_queue: remove excess nf_bridge variable
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 04/14] netfilter: nft_limit: do not ignore unsupported flags
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 03/14] netfilter: nf_tables: bail out if stateful expression provides no .clone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 02/14] netfilter: nf_tables: validate .maxattr at expression registration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 01/14] netfilter: nf_tables: reject invalid set policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 00/14] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services
  • From: Julian Anastasov <ja@xxxxxx>
• Re: [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Denis Kirjanov <dkirjanov@xxxxxxx>
• [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches
  • From: Kunwu Chan <chentao@xxxxxxxxxx>
• [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• [PATCH 0/1] ipset performance regression in swap fix
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context
  • From: Simon Horman <horms@xxxxxxxxxx>
• [PATCH nft] evaluate: don't assert on net/transport header conflict
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context
  • From: Julian Anastasov <ja@xxxxxx>
• Re: Performance regression in ip_set_swap on 6.7.0
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re: netfilter ipv6 flow offloading seemingly causing hangs - how to debug?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net] net: ipvs: avoid stat macros calls from preemptible context
  • From: Fedor Pchelkin <pchelkin@xxxxxxxxx>
• Re: Performance regression in ip_set_swap on 6.7.0
  • From: Ale Crismani <ale.crismani@xxxxxxxxxxxxxx>
• [PATCH nft] rule: fix sym refcount assertion
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] evaluate: error out when store needs more than one 128bit register of align fixup
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: skip dead set elements in netlink dump
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: do not allow mismatch field size and set key length
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH v3 3/4] netfilter: propagate net to nf_bridge_get_physindev
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [PATCH v3 2/4] netfilter: nf_queue: remove excess nf_bridge variable
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [PATCH v3 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: Performance regression in ip_set_swap on 6.7.0
  • From: Ale Crismani <ale.crismani@xxxxxxxxxxxxxx>
• Re:Performance regression in ip_set_swap on 6.7.0
  • From: "David Wang" <00107082@xxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re:Performance regression in ip_set_swap on 6.7.0
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: check if catch-all set element is active in next generation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH libnftnl,v3] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] rule: do not crash if to-be-printed flowtable lacks priority
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 1/2] parser: reject raw payload expressions with 0 length
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft v3] src: do not merge a set with a erroneous one
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH libnftnl] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/2] evaluate: release mpz type in expr_evaluate_list() error path
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 0/2] memleak fixes for tests/shell/testcases/bogons/nft-f/
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/2] evaluate: release key expression in error path of implicit map with unknown datatype
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft,v2] evaluate: bail out if anonymous concat set defines a non concat expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft v2 2/2] evaluate: add missing range checks for dup,fwd and payload statements
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/2] evaluate: tproxy: move range error checks after arg evaluation
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/2] evaluate: add more checks for '... set 1-3'
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Re: [PATCH v14 10/12] selftests/landlock: Add network tests
  • From: Mickaël Salaün <mic@xxxxxxxxxxx>
• Re: [PATCH nft] evaluate: disable ct set with ranges
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: error out when expression has no datatype
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 4/4] netfilter: bridge: replace physindev with physinif in nf_bridge_info
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• [PATCH v3 3/4] netfilter: propagate net to nf_bridge_get_physindev
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• [PATCH v3 2/4] netfilter: nf_queue: remove excess nf_bridge variable
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• [PATCH v3 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• [PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• Re:Performance regression in ip_set_swap on 6.7.0
  • From: David Wang <00107082@xxxxxxx>
• Re: [PATCH nft] evaluate: disable ct set with ranges
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] evaluate: disable ct set with ranges
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] payload: only assert if l2 header base has no length
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re:Re: Performance regression in ip_set_swap on 6.1.69
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re:Re: Performance regression in ip_set_swap on 6.1.69
  • From: "David Wang" <00107082@xxxxxxx>
• Re: [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re: [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width"
  • From: Florian Westphal <fw@xxxxxxxxx>
• [iptables PATCH v2 0/3] iptables-save: Avoid /etc/protocols lookups
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH v2 1/3] Revert "xshared: Print protocol numbers if --numeric was given"
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH v2 2/3] libxtables: Add dccp and ipcomp to xtables_chain_protos
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH v2 3/3] iptables-save: Avoid /etc/protocols lookups
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH v2] ebtables: Default to extrapositioned negations
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width"
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 0/4] assorted fixes
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 3/4] evaluate: bail out if anonymous concat set defines a non concat expression
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 1/4] evaluate: skip anonymous set optimization for concatenations
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft 2/4] evaluate: do not fetch next expression on runaway number of concatenation components
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [PATCH nftables] doc: clarify reject is supported at prerouting stage
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [iptables PATCH 00/23] Guided option parser for ebtables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 1/2] Revert "xshared: Print protocol numbers if --numeric was given"
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 2/2] iptables-save: Avoid /etc/protocols lookups
  • From: Phil Sutter <phil@xxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: "David Wang" <00107082@xxxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: "David Wang" <00107082@xxxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: Performance regression in ip_set_swap on 6.1.69
  • From: David Wang <00107082@xxxxxxx>
• Re: [PATCH v2 nft 3/3] evaluate: don't assert if set->data is NULL
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft 3/3] evaluate: don't assert if set->data is NULL
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft 2/3] src: do not merge a set with a erroneous one
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft 1/3] intervals: allow low-level interval code to return errors
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft 0/3] set related parser fixes
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nftables] doc: clarify reject is supported at prerouting stage
  • From: Quan Tian <tianquan23@xxxxxxxxx>
• Re: [nf-next PATCH v2 0/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] doc: incorrect datatype description for icmpv6_type and icmpvx_code
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: bail out if stateful expression provides no .clone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: validate .maxattr at expression registration
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: extend coverage for netdevice removal
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Lorenz Bauer <lorenz.bauer@xxxxxxxxxxxxx>
• Re: GUI Frontend for iptables and nftables Linux firewalls
  • From: Josef Vybíhal <josef@xxxxxxxxxx>
• Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• [PATCH bpf-next v3 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH nft] tests: shell: prefer project nft to system-wide nft
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH bpf-next v2 0/3] Annotate kfuncs in .BTF_ids section
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH bpf-next v2 0/3] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: pass flags to set backend selection routine
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: reject invalid set policy
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Jiri Olsa <olsajiri@xxxxxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Brad Cowie <brad@xxxxxxxxx>
• Re: [PATCH net 1/2] netfilter: nf_nat: fix action not being set for all ct states
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH libnetfilter_queue] include: pktbuff.h needs stdbool.h
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF
  • From: Daniel Xu <dxu@xxxxxxxxx>
• [PATCH bpf-next 0/2] Annotate kfuncs in .BTF_ids section
  • From: Daniel Xu <dxu@xxxxxxxxx>
• Re: [PATCH libnftnl] object: define nftnl_obj_unset()
  • From: Nicholas Vinson <nvinson234@xxxxxxxxx>
• [PATCH net 2/2] netfilter: nft_immediate: drop chain reference counter on error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/2] netfilter: nf_nat: fix action not being set for all ct states
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [syzbot] Monthly netfilter report (Jan 2024)
  • From: syzbot <syzbot+listc06dd9c5e64ea358a383@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH libnftnl] object: define nftnl_obj_unset()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: feature request: list elements of table for scripting
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs
  • From: Phil Sutter <phil@xxxxxx>
• Re: feature request: list elements of table for scripting
  • From: Han Boetes <hboetes@xxxxxxxxx>
• Re: [PATCH libnftnl] object: define nftnl_obj_unset()
  • From: Nicholas Vinson <nvinson234@xxxxxxxxx>
• Re: feature request: list elements of table for scripting
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Aaron Conole <aconole@xxxxxxxxxx>
• Re: [libnftnl] chain: Removed non-defined functions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH 01/14] netfilter: cleanup enum nft_set_class
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH libnftnl] object: define nftnl_obj_unset()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nft_immediate: drop chain reference counter on error
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: feature request: list elements of table for scripting
  • From: Han Boetes <hboetes@xxxxxxxxx>
• [RFC nf-next v5 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v5 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v5 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: GUI Frontend for iptables and nftables Linux firewalls
  • From: Phil Sutter <phil@xxxxxx>
• Re: feature request: list elements of table for scripting
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH RFC libnetfilter_queue 1/1] utils/nfqnl_test runs without libnfnetlink
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH RFC libnetfilter_queue 0/1] libnfnetlink dependency elimination
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• feature request: list elements of table for scripting
  • From: Han Boetes <hboetes@xxxxxxxxx>
• Re: [RFC nf-next v4 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [RFC nf-next v4 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v4 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v4 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: Kprobe for nf_nat is broken in Latest Debian 6.1.66-1
  • From: P K <pkopensrc@xxxxxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Xin Long <lucien.xin@xxxxxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [libnftnl] chain: Removed non-defined functions
  • From: Nicholas Vinson <nvinson234@xxxxxxxxx>
• [PATCH 14/14] netfilter: cleanup struct nft_flowtable
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 13/14] netfilter: cleanup struct nft_object_ops
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 12/14] netfilter: cleanup struct nft_object
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 11/14] netfilter: cleanup struct nft_base_chain
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 10/14] netfilter: cleanup struct nft_chain
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 09/14] netfilter: cleanup struct nft_expr_ops
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 08/14] netfilter: cleanup struct nft_expr_type
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 07/14] netfilter: cleanup struct nft_set_ext_tmpl
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 06/14] netfilter: cleanup struct nft_set
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 05/14] netfilter: cleanup struct nft_set_ops
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 04/14] netfilter: cleanup struct nft_set_iter
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 03/14] netfilter: cleanup struct nft_ctx
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 02/14] netfilter: cleanup struct nft_set_elem
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• [PATCH 01/14] netfilter: cleanup enum nft_set_class
  • From: George Guo <dongtai.guo@xxxxxxxxx>
• Kprobe for nf_nat is broken in Latest Debian 6.1.66-1
  • From: P K <pkopensrc@xxxxxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Brad Cowie <brad@xxxxxxxxx>
• Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• [nft PATCH 2/2] datatype: Describe rt symbol tables
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH 1/2] datatype: Initialize rt_symbol_tables' base field
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH v2 nft] datatype: do not assert when value exceeds expected width
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net-next v2] net: ctnetlink: support filtering by zone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 7/8] netfilter: ctnetlink: support filtering by zone
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 8/8] netfilter: nf_tables: validate chain type update if available
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 6/8] netfilter: nf_tables: mark newset as dead on transaction abort
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 5/8] netfilter: flowtable: reorder nf_flowtable struct members
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 4/8] netfilter: nft_set_pipapo: prefer gfp_kernel allocation
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 3/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 2/8] netfilter: nf_tables: Introduce nft_set_dump_ctx_init()
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 1/8] netfilter: nf_tables: Pass const set to nft_get_set_elem
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net-next 0/8] Netfilter updates for net-next
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/2] netfilter: nf_tables: skip set commit for deleted/destroyed sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [PATCH net] netfilter: nf_nat: fix action not being set for all ct states
  • From: Brad Cowie <brad@xxxxxxxxx>
• [iptables PATCH v2] ebtables: Default to extrapositioned negations
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH] tests: iptables-test: Use difflib if dumps differ
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH] iptables-legacy: Fix for mandatory lock waiting
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2 1/3] netfilter: uapi: Document NFT_TABLE_F_OWNER flag
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2 3/3] netfilter: nf_tables: Implement table adoption support
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2 2/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH v2 0/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH] ebtables: Default to extrapositioned negations
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft v2] src: do not allow to chain more than 16 binops
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4
  • From: Phil Sutter <phil@xxxxxx>
• Re: [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*
  • From: Phil Sutter <phil@xxxxxx>
• Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• Re: [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• Re: [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• [iptables PATCH 17/23] extensions: libebt_802_3: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 06/23] extensions: libebt_*: Drop some needless init callbacks
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 00/23] Guided option parser for ebtables
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 19/23] extensions: libebt_arp: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 09/23] extensions: libebt_dnat: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 18/23] extensions: libebt_vlan: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 03/23] libxtables: xtoptions: Implement XTTYPE_ETHERMACMASK
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 21/23] extensions: libebt_pkttype: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 16/23] extensions: libebt_redirect: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 20/23] extensions: libxt_limit: Use guided option parser for NFPROTO_BRIDGE, too
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 15/23] extensions: libebt_snat: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 22/23] extensions: libebt_mark_m: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 01/23] libxtables: xtoptions: Prevent XTOPT_PUT with XTTYPE_HOSTMASK
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 08/23] extensions: libebt_arpreply: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 14/23] extensions: libebt_nflog: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 11/23] extensions: libebt_ip: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 13/23] extensions: libebt_mark: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 23/23] extensions: libxt_HMARK: Review HMARK_parse()
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 10/23] extensions: libebt_ip6: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 05/23] ebtables: Support for guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 12/23] extensions: libebt_log: Use guided option parser
  • From: Phil Sutter <phil@xxxxxx>
• [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 2/2] netfilter: nf_tables: skip set commit for deleted/destroyed sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 0/2] Netfilter fixes for net
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [iptables PATCH] tests: iptables-test: Use difflib if dumps differ
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] netlink: fix stack overflow due to erroneous rounding
  • From: Florian Westphal <fw@xxxxxxxxx>
• [RFC nf-next v3 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v3 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v3 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [PATCH nft] src: do not allow to chain more than 16 binops
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v14 10/12] selftests/landlock: Add network tests
  • From: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
• [PATCH nft] evaluate: don't crash if object map does not refer to a value
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v14 10/12] selftests/landlock: Add network tests
  • From: Mickaël Salaün <mic@xxxxxxxxxxx>
• netfilter ipv6 flow offloading seemingly causing hangs - how to debug?
  • From: Pierre Bourdon <delroth@xxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: skip set commit for deleted/destroyed sets
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] datatype: do not assert when value exceeds 255
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] parser_bison: error out on duplicated type/typeof/element keywords
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [iptables PATCH] iptables-legacy: Fix for mandatory lock waiting
  • From: Phil Sutter <phil@xxxxxx>
• Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [PATCH nft] intervals: BUG on prefix expressions without value
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v3 nft] support for afl++ (american fuzzy lop++) fuzzer
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH v14 10/12] selftests/landlock: Add network tests
  • From: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
• [iptables PATCH] iptables-legacy: Fix for mandatory lock waiting
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] tests: shell: add test to cover payload transport match and mangle
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update
  • From: Simon Horman <horms@xxxxxxxxxx>
• Re: PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Can netfilter-ebpf modify packets ？
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v2 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v2 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v2 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [RFC nf-next v1 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [netfilter-core] PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files
  • From: Phil Sutter <phil@xxxxxx>
• Re: PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files
  • From: Samuel Marks <samuelmarks@xxxxxxxxx>
• Re: [PATCH nft 0/3] src: make set-merging less zealous
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v39 18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v39 17/42] LSM: Use lsmcontext in security_secid_to_secctx
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH v39 16/42] LSM: Ensure the correct LSM context releaser
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [libnftnl PATCH 3/6] expr: Call expr_ops::set with legal types only
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 5/6] expr: Introduce struct expr_ops::attr_policy
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 2/6] expr: Repurpose struct expr_ops::max_attr field
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 4/6] include: Sync nf_log.h with kernel headers
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 1/6] tests: Fix objref test case
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 0/6] Attribute policies for expressions
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl PATCH 6/6] expr: Enforce attr_policy compliance in nftnl_expr_set()
  • From: Phil Sutter <phil@xxxxxx>
• [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs
  • From: Phil Sutter <phil@xxxxxx>
• Re: ulogd / JSON output / enhancement proposal
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH net-next 07/24] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage.
  • From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
• Re: [RFC nf-next v1 1/2] netfilter: bpf: support prog update
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables v2 0/6] Autoools silent-rules fixes
  • From: Phil Sutter <phil@xxxxxx>
• [nf-next PATCH] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] tcpopt: don't create exthdr expression without datatype
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] evaluate: fix stack overflow with huge priority string
  • From: Florian Westphal <fw@xxxxxxxxx>
• [RFC nf-next v1 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v1 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next v1 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [PATCH nf-next] netfilter: nf_tables: validate chain type update if available
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nf] netfilter: nf_tables: set transport offset from mac header for netdev/egress
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• ulogd / JSON output / enhancement proposal
  • From: Gérald Colangelo <gerald.colangelo@xxxxxxxxx>
• Bug in ulogd2 when destroying a stack that failed to start (with fix attached)
  • From: Gérald Colangelo <gerald.colangelo@xxxxxxxxx>
• [PATCH nft] evaluate: exthdr: statement arg must be not be a range
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH iptables v2 2/6] build: remove obsolete `AM_LIBTOOL_SILENT` variable
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 5/6] build: add an automake verbosity variable for `ln`
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 6/6] build: replace `echo -e` with `printf`
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 1/6] build: format `AM_CPPFLAGS` variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 4/6] build: use standard automake verbosity variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 3/6] build: remove unused `AM_VERBOSE_CXX*` variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables v2 0/6] Autoools silent-rules fixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [PATCH iptables 7/7] build: suppress man-page listing in silent rules
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• Re: [PATCH iptables 6/7] build: replace `echo -e` with `printf`
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH nft] netlink: don't crash if prefix for < byte is requested
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables 7/7] build: suppress man-page listing in silent rules
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [PATCH v2 nft] initial support for the afl++ (american fuzzy lop++) fuzzer
  • From: Thomas Haller <thaller@xxxxxxxxxx>
• [PATCH iptables 3/7] build: remove unused `AM_VERBOSE_CXX*` variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 4/7] build: use standard automake verbosity variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 6/7] build: replace `echo -e` with `printf`
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 5/7] build: add an automake verbosity variable for `ln`
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 7/7] build: suppress man-page listing in silent rules
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 0/7] Autoools silent-rules fixes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 1/7] build: format `AM_CPPFLAGS` variables
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH iptables 2/7] build: remove obsolete `AM_LIBTOOL_SILENT` variable
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH v2 nft] initial support for the afl++ (american fuzzy lop++) fuzzer
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [PATCH nft] evaluate: fix gmp assertion with too-large reject code
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Re: [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy
  • From: Phil Sutter <phil@xxxxxx>
• Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy
  • From: Florian Westphal <fw@xxxxxxxxx>
• [libnftnl RFC 1/2] expr: Repurpose struct expr_ops::max_attr field
  • From: Phil Sutter <phil@xxxxxx>
• [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft 3/3] evaluate: don't assert if set->data is NULL
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 2/3] src: do not merge a set with a erroneous one
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 1/3] intervals: BUG on prefix expressions without value
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft 0/3] src: make set-merging less zealous
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Thomas Haller <thaller@xxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] netlink: fix stack buffer overflow with sub-reg sized prefixes
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] meta: fix tc classid parsing out-of-bounds access
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Thomas Haller <thaller@xxxxxxxxxx>
• [PATCH nft] evaluate: error out when existing set has incompatible key
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] evaluate: stmt_nat: set reference must point to a map
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Phil Sutter <phil@xxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Eric Garver <eric@xxxxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• [RFC nf-next 2/2] selftests/bpf: Add netfilter link prog update test
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next 1/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• [RFC nf-next 0/2] netfilter: bpf: support prog update
  • From: "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• [PATCH nft] parser_bison: fix memory leaks on hookspec error processing
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] parser_bison: close chain scope before chain release
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Eric Garver <eric@xxxxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• [PATCH v2 nft] src: reject large raw payload and concat expressions
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCHv2 RFC net-next 09/14] ipvs: switch to per-net connection table
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 12/14] ipvs: use more keys for connection hashing
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 02/14] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 07/14] ipvs: add resizable hash tables
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 04/14] ipvs: use single svc table
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 06/14] ipvs: use more counters to avoid service lookups
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 11/14] ipvs: no_cport and dropentry counters can be per-net
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 03/14] ipvs: some service readers can use RCU
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 13/14] ipvs: add ip_vs_status info
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 05/14] ipvs: do not keep dest_dst after dest is removed
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 14/14] ipvs: add conn_lfactor and svc_lfactor sysctl vars
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 01/14] rculist_bl: add hlist_bl_for_each_entry_continue_rcu
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 10/14] ipvs: show the current conn_tab size to users
  • From: Julian Anastasov <ja@xxxxxx>
• [PATCHv2 RFC net-next 00/14] ipvs: per-net tables and optimizations
  • From: Julian Anastasov <ja@xxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] evaluate: error out if concat expression becomes too large
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnftnl] expr: fix buffer overflows in data value setters
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] parser_bison: reject large raw payload expressions
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH ulogd] log NAT events using IPFIX
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [PATCH libnftnl] object: getters take const struct
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH nft] parser_bison: ensure all timeout policy names are released
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [PATCH iptables] Fix spelling mistakes
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] parser_bison: make sure obj_free releases timeout policies
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] parser_bison: fix ct scope underflow if ct helper section is duplicated
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Should we keep the advice to increase queue max length?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Should we keep the advice to increase queue max length?
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH iptables] Fix spelling mistakes
  • From: Jeremy Sowden <jeremy@xxxxxxxxxx>
• [PATCH libnetfilter_queue 1/1] src: add nfq_socket_sendto() - send config request and check response
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue 0/1] src: add nfq_socket_sendto() - send config request and check response
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH ulogd] log NAT events using IPFIX
  • From: Tomasz Pala <gotar@xxxxxxxxxx>
• Sorry for previous message - please ignore
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• This didn't make it into patchwork
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnftnl] object: getters take const struct
  • From: corubba <corubba@xxxxxx>
• Re: [PATCH libnetfilter_queue 1/1] whitespace: replace spaces with tab in indent
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH libnetfilter_queue 1/1] whitespace: replace spaces with tab in indent
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH libnetfilter_queue 0/1] whitespace: replace spaces with tab in indent
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• [PATCH nft] evaluate: validate chain max length
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft] parser_bison: fix objref statement corruption
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH v2 nft] evaluate: fix bogus assertion failure with boolean datatype
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] parser_bison: fix objref statement corruption
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH nft] netlink: add and use nft_data_memcpy helper
  • From: Florian Westphal <fw@xxxxxxxxx>
• [PATCH 03/13] evaluate: fix bogus assertion failure with boolean datatype
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH nft] parser_bison: fix memleak in meta set error handling
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Is xt_owner's owner_mt() racy with sock_orphan()? [worse with new TYPESAFE_BY_RCU file lifetime?]
  • From: Phil Sutter <phil@xxxxxx>
• Re: [PATCH net 1/6] netfilter: bpf: fix bad registration on nf_defrag
  • From: patchwork-bot+netdevbpf@xxxxxxxxxx
• [PATCH nft 2/2 v2] tests/shell: have .json-nft dumps prettified to wrap lines
  • From: Thomas Haller <thaller@xxxxxxxxxx>
• Re: [PATCH] ipvs: add a stateless type of service and a stateless Maglev hashing scheduler
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: Is xt_owner's owner_mt() racy with sock_orphan()? [worse with new TYPESAFE_BY_RCU file lifetime?]
  • From: Jann Horn <jannh@xxxxxxxxxx>
• Re: Is xt_owner's owner_mt() racy with sock_orphan()? [worse with new TYPESAFE_BY_RCU file lifetime?]
  • From: Phil Sutter <phil@xxxxxx>
• [PATCH net 4/6] netfilter: nf_tables: bail out on mismatching dynset and set expressions
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH net 6/6] netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>