Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH nf-next 3/5] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv, (continued)
- [PATCH nf-next 3/5] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv, Pablo Neira Ayuso
- Re: [PATCH nf-next 0/5] nf_tables set updates, Pablo Neira Ayuso
[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
- [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions, Duncan Roe
  - Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions, Pablo Neira Ayuso
    - Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions, Duncan Roe
- <Possible follow-ups>
- [PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
  - [PATCH libnetfilter_queue 1/1] src: Add nfq_nlmsg_put2() - header flags include NLM_F_ACK, Duncan Roe
    - Re: [PATCH libnetfilter_queue 1/1] src: Add nfq_nlmsg_put2() - header flags include NLM_F_ACK, Pablo Neira Ayuso
      - [PATCH libnetfilter_queue v2 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v2 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Pablo Neira Ayuso
        
        [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v3 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v4 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v4 1/1] src: Add nfq_nlmsg_put2() - user specifies header flags, Pablo Neira Ayuso
- [PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
  - [PATCH libnetfilter_queue 1/1] Remove libnfnetlink from the build, Duncan Roe
- [PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
  - [PATCH libnetfilter_queue 1/1] Convert nfq_open(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
  - [PATCH libnetfilter_queue 1/1] Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
[PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Thomas Haller
- [PATCH nft 2/3] tests/shell: cover long interface name in "0042chain_variable_0" test, Thomas Haller
- [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc(), Thomas Haller
  - Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc(), Pablo Neira Ayuso
    - Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc(), Pablo Neira Ayuso
      - Re: [PATCH nft 3/3] parser_bison: fix length check for ifname in ifname_expr_alloc(), Thomas Haller
- Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Pablo Neira Ayuso
  - Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Thomas Haller
    - Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Pablo Neira Ayuso
      - Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Florian Westphal
        
        Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Pablo Neira Ayuso
        
        Re: [PATCH nft 1/3] tests/shell: add "bogons/nft-f/zero_length_devicename2_assert", Phil Sutter
[PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test, Thomas Haller
- [PATCH nft 2/2] tools: reject unexpected files in "tests/shell/testcases/" with "check-tree.sh", Thomas Haller
- Re: [PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test, Pablo Neira Ayuso
[PATCH nft 1/1] tests/shell: test for maximum length of "comment" in "comments_objects_0", Thomas Haller
[PATCH nft] tests/shell: add missing "elem_opts_compat_0.nodump" file, Thomas Haller
- Re: [PATCH nft] tests/shell: add missing "elem_opts_compat_0.nodump" file, Pablo Neira Ayuso
[PATCH netfilter] Fix hw flow offload from nftables, Donald Hunter
- Re: [PATCH netfilter] Fix hw flow offload from nftables, Pablo Neira Ayuso
Re: KASAN: vmalloc-out-of-bounds in ipt_do_table, Pablo Neira Ayuso
- Re: KASAN: vmalloc-out-of-bounds in ipt_do_table, Kaustubh Pandey
[PATCH libnetfilter_queue] include: all: remove trailing spaces, Duncan Roe
Netfilter queue is unable to mangle fragmented UDP6: bug?, Duncan Roe
- Re: Netfilter queue is unable to mangle fragmented UDP6: bug?, Florian Westphal
  - Re: Netfilter queue is unable to mangle fragmented UDP6: bug?, Duncan Roe
    - Re: Netfilter queue is unable to mangle fragmented UDP6: bug?, Florian Westphal
[PATCH libnetfilter_queue v2 0/1] New example program nfq6, Duncan Roe
- [PATCH libnetfilter_queue v2 1/1] examples: add an example which uses more functions, Duncan Roe
[PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules, Lukas Wunner
- Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules, Richard Fontana
  - Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules, Lukas Wunner
    - Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules, J Lovejoy
- Re: [PATCH] treewide: Add SPDX identifier to IETF ASN.1 modules, Herbert Xu
[nf-next PATCH 0/6] Refactor nft_obj_filter into nft_obj_dump_ctx, Phil Sutter
- [nf-next PATCH 6/6] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx, Phil Sutter
- [nf-next PATCH 5/6] netfilter: nf_tables: nft_obj_filter fits into cb->ctx, Phil Sutter
- [nf-next PATCH 4/6] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx, Phil Sutter
- [nf-next PATCH 3/6] netfilter: nf_tables: A better name for nft_obj_filter, Phil Sutter
- [nf-next PATCH 2/6] netfilter: nf_tables: Unconditionally allocate nft_obj_filter, Phil Sutter
- [nf-next PATCH 1/6] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj, Phil Sutter
  - Re: [nf-next PATCH 1/6] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj, Pablo Neira Ayuso
[PATCH nf-next] netfilter: conntrack: switch connlabels to atomic_t, Florian Westphal
- Re: [PATCH nf-next] netfilter: conntrack: switch connlabels to atomic_t, Pablo Neira Ayuso
[PATCH nf-next] br_netfilter: use single forward hook for ip and arp, Florian Westphal
- Re: [PATCH nf-next] br_netfilter: use single forward hook for ip and arp, Pablo Neira Ayuso
[PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
- Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Lorenzo Bianconi
  - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
- Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
  - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
- Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Toke Høiland-Jørgensen
  - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
    - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Toke Høiland-Jørgensen
      - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
  - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Florian Westphal
    - Re: [PATCH RFC] netfilter: nf_tables: add flowtable map for xdp offload, Toke Høiland-Jørgensen
[PATCH 0/1] ipset patch to fix race condition between swap/destroy and add/del/test, Jozsef Kadlecsik
- [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test, Jozsef Kadlecsik
  - Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test, Linkui Xiao
    - Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test, Jozsef Kadlecsik
      - Re: [PATCH 1/1] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test, Linkui Xiao
[PATCH v5 05/12] x86/bugs: Rename RETPOLINE to MITIGATION_RETPOLINE, Breno Leitao
[nft PATCH v2] parser_bison: Fix for broken compatibility with older dumps, Phil Sutter
- Re: [nft PATCH v2] parser_bison: Fix for broken compatibility with older dumps, Phil Sutter
[nft PATCH] parser_bison: Fix for broken compatibility with older dumps, Phil Sutter
[PATCH nf-next,RFC 0/8] nf_tables set updates, Pablo Neira Ayuso
- [PATCH nf-next,RFC 1/8] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush, Pablo Neira Ayuso
- [PATCH nf-next,RFC 2/8] netfilter: nf_tables: set backend .flush always succeeds, Pablo Neira Ayuso
- [PATCH nf-next,RFC 7/8] netfilter: nf_tables: add timeout extension to elements to prepare for updates, Pablo Neira Ayuso
- [PATCH nf-next,RFC 6/8] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 6/8] netfilter: nf_tables: use timestamp to check for set element timeout, Florian Westphal
- [PATCH nf-next,RFC 5/8] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST, Pablo Neira Ayuso
- [PATCH nf-next,RFC 8/8] netfilter: nf_tables: set element timeout update support, Pablo Neira Ayuso
- [PATCH nf-next,RFC 3/8] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 3/8] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv, Florian Westphal
- [PATCH nf-next,RFC 4/8] netfilter: nf_tables: shrink memory consumption of set elements, Pablo Neira Ayuso
[nf-next PATCH v4 0/3] Introduce locking for rule reset requests, Phil Sutter
- [nf-next PATCH v4 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Phil Sutter
  - Re: [nf-next PATCH v4 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Pablo Neira Ayuso
- [nf-next PATCH v4 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
- [nf-next PATCH v4 2/3] netfilter: nf_tables: Introduce nf_tables_getrule_single(), Phil Sutter
[PATCH nft v2 0/7] no recursive make, Thomas Haller
- [PATCH nft v2 1/7] gitignore: ignore ".dirstamp" files, Thomas Haller
- [PATCH nft v2 2/7] build: no recursive-make for "include/**/Makefile.am", Thomas Haller
- [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Thomas Haller
  - Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Pablo Neira Ayuso
    - Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Pablo Neira Ayuso
      - Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Thomas Haller
        
        Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Pablo Neira Ayuso
        
        Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Thomas Haller
        
        Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Sam James
        
        Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Pablo Neira Ayuso
        
        Re: [PATCH nft v2 4/7] build: no recursive make for "files/**/Makefile.am", Pablo Neira Ayuso
- [PATCH nft v2 3/7] build: no recursive make for "py/Makefile.am", Thomas Haller
- [PATCH nft v2 5/7] build: no recursive make for "src/Makefile.am", Thomas Haller
- [PATCH nft v2 7/7] build: no recursive make for "doc/Makefile.am", Thomas Haller
- [PATCH nft v2 6/7] build: no recursive make for "examples/Makefile.am", Thomas Haller
- Re: [PATCH nft v2 0/7] no recursive make, Florian Westphal
[ANNOUNCE] nftables 1.0.9 release, Pablo Neira Ayuso
[nf-next PATCH v3 0/3] Introduce locking for rule reset requests, Phil Sutter
- [nf-next PATCH v3 2/3] netfilter: nf_tables: Introduce nf_tables_getrule_single(), Phil Sutter
- [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
  - Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
    - Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Florian Westphal
      - Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
    - Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
      - Re: [nf-next PATCH v3 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
- [nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Phil Sutter
  - Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Florian Westphal
    - Re: [nf-next PATCH v3 1/3] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Phil Sutter
[PATCH nf-next,RFC 2/2] netfilter: nf_tables: set element timeout update support, Pablo Neira Ayuso
[PATCH nf-next,RFC 1/2] netfilter: nf_tables: add timeout extension to elements to prepare for updates, Pablo Neira Ayuso
[PATCH net 0/4] netfilter: updates for net, Florian Westphal
- [PATCH net 1/4] netfilter: nf_tables: audit log object reset once per table, Florian Westphal
  - Re: [PATCH net 1/4] netfilter: nf_tables: audit log object reset once per table, patchwork-bot+netdevbpf
- [PATCH net 3/4] netfilter: nft_set_rbtree: .deactivate fails if element has expired, Florian Westphal
- [PATCH net 4/4] netfilter: nf_tables: revert do not remove elements if set backend implements .abort, Florian Westphal
- [PATCH net 2/4] selftests: netfilter: Run nft_audit.sh in its own netns, Florian Westphal
[PATCH nf] Revert "netfilter: nf_tables: do not remove elements if set backend implements .abort", Pablo Neira Ayuso
Re: [nftables/nft] nft equivalent of "ipset test", imnozi
- Re: [nftables/nft] nft equivalent of "ipset test", Pablo Neira Ayuso
  - Re: [nftables/nft] nft equivalent of "ipset test", U.Mutlu
    - Re: [nftables/nft] nft equivalent of "ipset test", Pablo Neira Ayuso
      - Re: [nftables/nft] nft equivalent of "ipset test", U.Mutlu
        
        Re: [nftables/nft] nft equivalent of "ipset test", Pablo Neira Ayuso
        
        Re: [nftables/nft] nft equivalent of "ipset test", U.Mutlu
        
        Re: [nftables/nft] nft equivalent of "ipset test", Phil Sutter
    - Re: [nftables/nft] nft equivalent of "ipset test", Kerin Millar
[PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL), Thomas Haller
- Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL), Pablo Neira Ayuso
  - Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL), Thomas Haller
    - Re: [PATCH nft 1/1] tests/shell: add NFT_TEST_FAIL_ON_SKIP_EXCEPT for allow-list of skipped tests (XFAIL), Florian Westphal
[syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6), syzbot
[PATCH nft] evaluate: validate maximum log statement prefix length, Pablo Neira Ayuso
[PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del, xiaolinkui
- Re: [PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: ipset: fix race condition in ipset swap, destroy and test/add/del, Jozsef Kadlecsik
[PATCH nf] netfilter: nft_set_rbtree: .deactivate fails if element has expired, Pablo Neira Ayuso
[net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to', Phil Sutter
- Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to', Florian Westphal
  - Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to', Pablo Neira Ayuso
- Re: [net-next PATCH v2] net: skb_find_text: Ignore patterns extending past 'to', patchwork-bot+netdevbpf
[PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version, Thomas Haller
- [PATCH nft v2 1/3] tests/shell: add "tests/shell/helpers/eval-exit-code", Thomas Haller
- [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Thomas Haller
  - Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Pablo Neira Ayuso
    - Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Thomas Haller
      - Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Pablo Neira Ayuso
        
        Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Thomas Haller
        
        Re: [PATCH nft v2 2/3] tests/shell: skip "table_onoff" test on older kernels, Pablo Neira Ayuso
- [PATCH nft v2 3/3] tests/shell: skip "vlan_8021ad_tag" test on older kernels, Thomas Haller
- Re: [PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version, Florian Westphal
- Re: [PATCH nft v2 0/3] add "eval-exit-code" and skip tests based on kernel version, Florian Westphal
0x17: Schedule is now up, Jamal Hadi Salim
[PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping, xiaolinkui
- [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test, xiaolinkui
  - Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test, Jozsef Kadlecsik
    - Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test, Linkui Xiao
      - Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test, Jozsef Kadlecsik
        
        Re: [PATCH 2/2] netfilter: ipset: fix race condition in ipset swap, destroy and test, Linkui Xiao
- Re: [PATCH 1/2] netfilter: ipset: rename ref_netlink to ref_swapping, Jozsef Kadlecsik
[PATCH nft 1/2] tests/shell: use bash instead of /bin/sh for tests, Thomas Haller
- [PATCH nft 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`, Thomas Haller
  - [PATCH nft v2 2/2] tests/shell: honor NFT_TEST_VERBOSE_TEST variable to debug tests via `bash -x`, Thomas Haller
[PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Thomas Haller
- [PATCH nft 3/3] tests/shell: add missing "vlan_8021ad_tag.nodump" file, Thomas Haller
- [PATCH nft 2/3] tests/shell: skip "vlan_8021ad_tag" test instead of failing, Thomas Haller
- Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Florian Westphal
  - Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Thomas Haller
    - Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Thomas Haller
    - Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Florian Westphal
      - Re: [PATCH nft 1/3] tests/shell: skip "table_onoff" test if kernel patch is missing, Thomas Haller
[PATCH libnetfilter_queue 0/1] New example program nfq6, Duncan Roe
- [PATCH libnetfilter_queue] examples: add an example which uses more functions, Duncan Roe
[PATCH v13 00/12] Network support for Landlock, Konstantin Meskhidze
- [PATCH v13 01/12] landlock: Make ruleset's access masks more generic, Konstantin Meskhidze
  - Re: [PATCH v13 01/12] landlock: Make ruleset's access masks more generic, Mickaël Salaün
    - Re: [PATCH v13 01/12] landlock: Make ruleset's access masks more generic, Konstantin Meskhidze (A)
- [PATCH v13 03/12] landlock: Refactor landlock_find_rule/insert_rule, Konstantin Meskhidze
- [PATCH v13 02/12] landlock: Allow FS topology changes for domains without such rule type, Konstantin Meskhidze
- [PATCH v13 04/12] landlock: Refactor merge/inherit_ruleset functions, Konstantin Meskhidze
- [PATCH v13 05/12] landlock: Move and rename layer helpers, Konstantin Meskhidze
- [PATCH v13 06/12] landlock: Refactor layer helpers, Konstantin Meskhidze
- [PATCH v13 09/12] selftests/landlock: Share enforce_ruleset(), Konstantin Meskhidze
- [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze
  - Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
    - Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
      - Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
  - Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Mickaël Salaün
    - Re: [PATCH v13 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze (A)
- [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall, Konstantin Meskhidze
  - Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall, Mickaël Salaün
    - Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall, Konstantin Meskhidze (A)
  - Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall, Mickaël Salaün
    - Re: [PATCH v13 07/12] landlock: Refactor landlock_add_rule() syscall, Konstantin Meskhidze (A)
- [PATCH v13 11/12] samples/landlock: Add network demo, Konstantin Meskhidze
  - Re: [PATCH v13 11/12] samples/landlock: Add network demo, Mickaël Salaün
    - Re: [PATCH v13 11/12] samples/landlock: Add network demo, Konstantin Meskhidze (A)
- [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Konstantin Meskhidze
  - Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Mickaël Salaün
    - Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Konstantin Meskhidze (A)
      - Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Mickaël Salaün
        
        Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Konstantin Meskhidze (A)
        
        Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Mickaël Salaün
        
        Re: [PATCH v13 10/12] selftests/landlock: Add 7 new test variants dedicated to network, Konstantin Meskhidze (A)
- [PATCH v13 12/12] landlock: Document Landlock's network support, Konstantin Meskhidze
  - Re: [PATCH v13 12/12] landlock: Document Landlock's network support, Mickaël Salaün
    - Re: [PATCH v13 12/12] landlock: Document Landlock's network support, Konstantin Meskhidze (A)
[nf PATCH] selftests: netfilter: Run nft_audit.sh in its own netns, Phil Sutter
[net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to', Phil Sutter
- Re: [net-next PATCH] net: skb_find_text: Ignore patterns extending past 'to', Florian Westphal
[PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements, Pablo Neira Ayuso
- Re: [PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements, Florian Westphal
  - Re: [PATCH nf-next,RFC] netfilter: nf_tables: shrink memory consumption of set elements, Pablo Neira Ayuso
[PATCH nf-next 0/3] netfilter: nf_tables: remove rbtree async garbage collection, Florian Westphal
- [PATCH nf-next 1/3] netfilter: nf_tables: de-constify set commit ops function argument, Florian Westphal
- [PATCH nf-next 2/3] netfilter: nft_set_rbtree: rename gc deactivate+erase function, Florian Westphal
  - Re: [PATCH nf-next 2/3] netfilter: nft_set_rbtree: rename gc deactivate+erase function, Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: nft_set_rbtree: prefer sync gc to async worker, Florian Westphal
  - Re: [PATCH nf-next 3/3] netfilter: nft_set_rbtree: prefer sync gc to async worker, Pablo Neira Ayuso
[PATCH nft] evaluate: suggest != in negation error message, Florian Westphal
- Re: [PATCH nft] evaluate: suggest != in negation error message, Pablo Neira Ayuso
[PATCH conntrack,v6] conntrack: ct label update requires proper ruleset, Pablo Neira Ayuso
[PATCH conntrack,v4] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
[iptables PATCH] extensions: string: Clarify description of --to, Phil Sutter
- Re: [iptables PATCH] extensions: string: Clarify description of --to, Phil Sutter
- Re: [iptables PATCH] extensions: string: Clarify description of --to, Pablo Neira Ayuso
  - Re: [iptables PATCH] extensions: string: Clarify description of --to, Pablo Neira Ayuso
    - Re: [iptables PATCH] extensions: string: Clarify description of --to, Phil Sutter
      - Re: [iptables PATCH] extensions: string: Clarify description of --to, Pablo Neira Ayuso
[iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer, Phil Sutter
- Re: [iptables PATCH] libiptc: Fix for another segfault due to chain index NULL pointer, Phil Sutter
[nf PATCH v2] netfilter: nf_tables: audit log object reset once per table, Phil Sutter
[PATCH conntrack,v3] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
[PATCH conntrack] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH conntrack] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
  - Re: [PATCH conntrack] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
    - Re: [PATCH conntrack] conntrack: label update requires a previous label in place, Florian Westphal
      - Re: [PATCH conntrack] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
        
        Re: [PATCH conntrack] conntrack: label update requires a previous label in place, Florian Westphal
        
        Re: [PATCH conntrack] conntrack: label update requires a previous label in place, Pablo Neira Ayuso
[PATCH nf-next 0/6] netfilter: more accurate drop statistics, Florian Westphal
- [PATCH nf-next 4/6] netfilter: nf_nat: mask out non-verdict bits when checking return value, Florian Westphal
- [PATCH nf-next 3/6] netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts, Florian Westphal
- [PATCH nf-next 5/6] netfilter: make nftables drops visible in net dropmonitor, Florian Westphal
- [PATCH nf-next 6/6] netfilter: bridge: convert br_netfilter to NF_DROP_REASON, Florian Westphal
- [PATCH nf-next 1/6] netfilter: xt_mangle: only check verdict part of return value, Florian Westphal
- [PATCH nf-next 2/6] netfilter: nf_tables: mask out non-verdict bits when checking return value, Florian Westphal
[PATCH nft,v2] doc: remove references to timeout in reset command, Pablo Neira Ayuso
- Re: [PATCH nft,v2] doc: remove references to timeout in reset command, Phil Sutter
[PATCH net-next 0/8] netfilter updates for next, Florian Westphal
- [PATCH net-next 2/8] netfilter: nf_tables: Drop pointless memset when dumping rules, Florian Westphal
- [PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx, Florian Westphal
  - Re: [PATCH net-next 1/8] netfilter: nf_tables: Always allocate nft_rule_dump_ctx, patchwork-bot+netdevbpf
- [PATCH net-next 3/8] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx, Florian Westphal
- [PATCH net-next 4/8] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx, Florian Westphal
- [PATCH net-next 5/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Florian Westphal
- [PATCH net-next 8/8] netfilter: cleanup struct nft_table, Florian Westphal
- [PATCH net-next 7/8] netfilter: conntrack: prefer tcp_error_log to pr_debug, Florian Westphal
- [PATCH net-next 6/8] netfilter: conntrack: simplify nf_conntrack_alter_reply, Florian Westphal
[PATCH nft] doc: remove references to timeout in reset command, Pablo Neira Ayuso
- Re: [PATCH nft] doc: remove references to timeout in reset command, Phil Sutter
  - Re: [PATCH nft] doc: remove references to timeout in reset command, Florian Westphal
    - Re: [PATCH nft] doc: remove references to timeout in reset command, Phil Sutter
      - Re: [PATCH nft] doc: remove references to timeout in reset command, Pablo Neira Ayuso
[ANNOUNCE] iptables 1.8.10 release, Phil Sutter
[RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
- Re: [RFC] nftables 1.0.6 -stable backports, Florian Westphal
- Re: [RFC] nftables 1.0.6 -stable backports, Arturo Borrero Gonzalez
  - Re: [RFC] nftables 1.0.6 -stable backports, Florian Westphal
    - Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
      - Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Jan Engelhardt
        
        Re: [RFC] nftables 1.0.6 -stable backports, Arturo Borrero Gonzalez
  - Re: [RFC] nftables 1.0.6 -stable backports, Jeremy Sowden
- [RFC] nftables 0.9.8 -stable backports, Pablo Neira Ayuso
  - Re: [RFC] nftables 0.9.8 -stable backports, Jeremy Sowden
  - Re: [RFC] nftables 0.9.8 -stable backports, Pablo Neira Ayuso
    - Re: [RFC] nftables 0.9.8 -stable backports, Jeremy Sowden
      - Re: [RFC] nftables 0.9.8 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 0.9.8 -stable backports, Jeremy Sowden
        
        Re: [RFC] nftables 0.9.8 -stable backports, Pablo Neira Ayuso
  - Re: [RFC] nftables 0.9.8 -stable backports, Jeremy Sowden
    - Re: [RFC] nftables 0.9.8 -stable backports, Jeremy Sowden
- Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
  - Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
    - Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
      - Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
        
        Re: [RFC] nftables 1.0.6 -stable backports, Phil Sutter
        
        Re: [RFC] nftables 1.0.6 -stable backports, Pablo Neira Ayuso
[PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init(), Xingyuan Mo
- [PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse(), Xingyuan Mo
- <Possible follow-ups>
- [PATCH nf 1/2] nf_tables: fix NULL pointer dereference in nft_inner_init(), Xingyuan Mo
  - [PATCH nf 2/2] nf_tables: fix NULL pointer dereference in nft_expr_inner_parse(), Xingyuan Mo
[PATCH nf] netfilter: nft_payload: fix wrong mac header matching, Florian Westphal
[PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: Fix IPv6 Fragment Header processing, Pablo Neira Ayuso
iptales-restore cmd crash, wenli xie
[PATCH] netfilter: remove inaccurate code comments from struct nft_table, George Guo
- Re: [PATCH] netfilter: remove inaccurate code comments from struct nft_table, Florian Westphal
  - [PATCH v2] netfilter: cleanup struct nft_table, George Guo
    - Re: [PATCH v2] netfilter: cleanup struct nft_table, Simon Horman
[nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh", Thomas Haller
- [nft PATCH 3/3] tests/shell: add "-S|--setup-host" option to set sysctl for rootless tests, Thomas Haller
- [nft PATCH 2/3] tests/shell: preserve result directory with NFT_TEST_FAIL_ON_SKIP, Thomas Haller
- Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh", Pablo Neira Ayuso
  - Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh", Thomas Haller
- Re: [nft PATCH 1/3] tests/shell: mount all of "/var/run" in "test-wrapper.sh", Pablo Neira Ayuso
[PATCH nf-next] netfilter: conntrack: prefer tcp_error_log to pr_debug, Florian Westphal
[PATCH nf-next] netfilter: conntrack: simplify nf_conntrack_alter_reply, Florian Westphal
[PATCH] netfilter: ipset: wait for xt_recseq on all cpus, xiaolinkui
- Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus, Florian Westphal
  - Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus, Jozsef Kadlecsik
- Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus, kernel test robot
  - Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus, Jozsef Kadlecsik
- Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus, kernel test robot
[PATCH nf] netfilter: nf_tables: work around newrule after chain binding, Florian Westphal
[PATCH nf] netfilter: nfnetlink_log: silence bogus compiler warning, Florian Westphal
[PATCH net 0/6] netfilter patches for net, Florian Westphal
- [PATCH net 5/6] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Florian Westphal
- [PATCH net 6/6] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure, Florian Westphal
- [PATCH net 4/6] selftests: netfilter: Extend nft_audit.sh, Florian Westphal
- [PATCH net 3/6] selftests: netfilter: test for sctp collision processing in nf_conntrack, Florian Westphal
- [PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access, Florian Westphal
  - Re: [PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access, patchwork-bot+netdevbpf
- [PATCH net 2/6] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Florian Westphal
[PATCH nf] netfilter: nf_tables: do not remove elements if set backend implements .abort, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by, Kees Cook
- Re: [PATCH] netfilter: nf_tables: Annotate struct nft_pipapo_match with __counted_by, Gustavo A. R. Silva
[PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest, Xin Long
- [PATCHv2 nf 1/2] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
- [PATCHv2 nf 2/2] selftests: netfilter: test for sctp collision processing in nf_conntrack, Xin Long
- Re: [PATCHv2 nf 0/2] netfilter: handle the sctp collision properly and add selftest, Simon Horman
[PATCH nf,v2] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Florian Westphal
- Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
  - Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
    - Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
      - Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
        
        Re: [PATCH nf] netfilter: nf_tables: do not refresh timeout when resetting element, Phil Sutter
[PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
- Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
  - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Florian Westphal
    - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
      - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Florian Westphal
- Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Simon Horman
- Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Simon Horman
  - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
    - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Florian Westphal
      - Re: [PATCH nf] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp, Xin Long
[nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback, Phil Sutter
- [nf-next PATCH 4/5] netfilter: nf_tables: Carry s_idx in nft_rule_dump_ctx, Phil Sutter
- [nf-next PATCH 1/5] netfilter: nf_tables: Always allocate nft_rule_dump_ctx, Phil Sutter
- [nf-next PATCH 2/5] netfilter: nf_tables: Drop pointless memset when dumping rules, Phil Sutter
- [nf-next PATCH 3/5] netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx, Phil Sutter
- [nf-next PATCH 5/5] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Phil Sutter
- Re: [nf-next PATCH 0/5] nf_tables: nft_rule_dump_ctx fits into netlink_callback, Florian Westphal
[nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds(), Phil Sutter
- Re: [nft PATCH] tests: shell: sets/reset_command_0: Fix drop_seconds(), Phil Sutter
[PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nft_set_rbtree: remove async GC, Pablo Neira Ayuso
- Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
  - Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Florian Westphal
    - Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
      - Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Florian Westphal
        
        Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
        
        Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Florian Westphal
        
        Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
        
        update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Florian Westphal
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Florian Westphal
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Florian Westphal
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Florian Westphal
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
        
        Re: update element timeout support [was Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit], Pablo Neira Ayuso
- Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Florian Westphal
  - Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
  - Re: [PATCH nf 1/2] netfilter: nft_set_rbtree: move sync GC from insert path to set->ops->commit, Pablo Neira Ayuso
[ANNOUNCE] conntrack-tools 1.4.8 release, Pablo Neira Ayuso
[PATCH nft] rule: never merge across non-expr statements, Florian Westphal
[PATCH libnetfilter_conntrack] src: reverse calloc() invocation, Pablo Neira Ayuso
[PATCH nft] tests: shell: add vlan match test case, Florian Westphal
[PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access, Florian Westphal
- Re: [PATCH nf] netfilter: nft_payload: rebuild vlan header on h_proto access, Pablo Neira Ayuso
[PATCH libnetfilter_queue v3] make the HTML main page available as `man 7 libnetfilter_queue`, Duncan Roe
[nf PATCH v2 0/8] Introduce locking for reset requests, Phil Sutter
- [nf PATCH v2 5/8] netfilter: nf_tables: Introduce nf_tables_getobj_single, Phil Sutter
- [nf PATCH v2 4/8] netfilter: nf_tables: Introduce struct nft_obj_dump_ctx, Phil Sutter
- [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Phil Sutter
  - Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Pablo Neira Ayuso
    - Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Phil Sutter
  - Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Florian Westphal
    - Re: [nf PATCH v2 1/8] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Phil Sutter
- [nf PATCH v2 6/8] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests, Phil Sutter
- [nf PATCH v2 2/8] netfilter: nf_tables: Introduce nf_tables_getrule_single(), Phil Sutter
- [nf PATCH v2 3/8] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
- [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Phil Sutter
  - Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Pablo Neira Ayuso
    - Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Phil Sutter
      - Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Pablo Neira Ayuso
        
        Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Phil Sutter
        
        Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Pablo Neira Ayuso
        
        Re: [nf PATCH v2 7/8] netfilter: nf_tables: Pass reset bit in nft_set_dump_ctx, Phil Sutter
- [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
  - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
    - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Pablo Neira Ayuso
      - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Pablo Neira Ayuso
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Jozsef Kadlecsik
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Florian Westphal
        
        Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Jozsef Kadlecsik
    - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
  - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Pablo Neira Ayuso
    - Re: [nf PATCH v2 8/8] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
[nft PATCH] tests: shell: Fix for failing nft-f/sample-ruleset, Phil Sutter
[PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure, Florian Westphal
- Re: [PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure, Florian Westphal
[PATCH nft 0/5] more various cleanups related to struct datatype, Thomas Haller
- [PATCH nft 5/5] datatype: use xmalloc() for allocating datatype in datatype_clone(), Thomas Haller
  - Re: [PATCH nft 5/5] datatype: use xmalloc() for allocating datatype in datatype_clone(), Pablo Neira Ayuso
- [PATCH nft 2/5] datatype: don't clone static name/desc strings for datatype, Thomas Haller
- [PATCH nft 3/5] datatype: don't clone datatype in set_datatype_alloc() if byteorder already matches, Thomas Haller
- [PATCH nft 4/5] datatype: extend set_datatype_alloc() to change size, Thomas Haller
- [PATCH nft 1/5] datatype: make "flags" field of datatype struct simple booleans, Thomas Haller
  - Re: [PATCH nft 1/5] datatype: make "flags" field of datatype struct simple booleans, Pablo Neira Ayuso
[PATCH nft 1/1] include: include <string.h> in <nft.h>, Thomas Haller
- Re: [PATCH nft 1/1] include: include <string.h> in <nft.h>, Pablo Neira Ayuso
[PATCH v3 0/2] Prevent potential write out of bounds, joao
- [PATCH v3 2/2] Make num_actions unsigned, joao
  - Re: [PATCH v3 2/2] Make num_actions unsigned, Pablo Neira Ayuso
    - Re: [PATCH v3 2/2] Make num_actions unsigned, Joao Moreira
      - Re: [PATCH v3 2/2] Make num_actions unsigned, Pablo Neira Ayuso
- [PATCH v3 1/2] Make loop indexes unsigned, joao
  - Re: [PATCH v3 1/2] Make loop indexes unsigned, Pablo Neira Ayuso
    - Re: [PATCH v3 1/2] Make loop indexes unsigned, Joao Moreira
      - Re: [PATCH v3 1/2] Make loop indexes unsigned, Pablo Neira Ayuso
[PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
- Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Phil Sutter
  - Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
    - Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Phil Sutter
      - Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
        
        Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Phil Sutter
        
        Re: [PATCH nft,v3] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
[PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10, Pablo Neira Ayuso
- [PATCH -stable,5.10 2/2] netfilter: nf_tables: double hook unregistration in netns path, Pablo Neira Ayuso
- [PATCH -stable,5.10 1/2] netfilter: nf_tables: unregister flowtable hooks on netns exit, Pablo Neira Ayuso
- Re: [PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10, Sasha Levin
[PATCH nft,v2] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
[PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
- Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Phil Sutter
  - Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
    - Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
      - Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Florian Westphal
        
        Re: [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nft] tests: shell: fix spurious errors in sets/0036add_set_element_expiration_0, Pablo Neira Ayuso
[PATCH] netfilter: ipset: add ip_set lock to ip_set_test, xiaolinkui
- Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test, Simon Horman
  - Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test, Jozsef Kadlecsik
    - Re: [PATCH] netfilter: ipset: add ip_set lock to ip_set_test, xiaolinkui
[PATCH nft 0/3] Two fixes to avoid "-Wstrict-overflow" warnings, Thomas Haller
- [PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise(), Thomas Haller
  - Re: [PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise(), Thomas Haller
    - Re: [PATCH nft 3/3] netlink_linearize: avoid strict-overflow warning in netlink_gen_bitwise(), Pablo Neira Ayuso
- [PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper, Thomas Haller
  - Re: [PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper, Thomas Haller
    - Re: [PATCH nft 1/3] nft: add NFT_ARRAY_SIZE() helper, Pablo Neira Ayuso
- [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Thomas Haller
  - Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Pablo Neira Ayuso
    - Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Thomas Haller
      - Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Pablo Neira Ayuso
        
        Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Thomas Haller
        
        Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Pablo Neira Ayuso
        
        Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Thomas Haller
        
        Re: [PATCH nft 2/3] nfnl_osf: rework nf_osf_parse_opt() and avoid "-Wstrict-overflow" warning, Pablo Neira Ayuso
[PATCH nft v2 1/1] mergesort: avoid cloning value in expr_msort_cmp(), Thomas Haller
- Re: [PATCH nft v2 1/1] mergesort: avoid cloning value in expr_msort_cmp(), Pablo Neira Ayuso
[PATCH nft] mergesort: avoid cloning value in expr_msort_cmp(), Thomas Haller
- Re: [PATCH nft] mergesort: avoid cloning value in expr_msort_cmp(), Pablo Neira Ayuso
  - Re: [PATCH nft] mergesort: avoid cloning value in expr_msort_cmp(), Thomas Haller
[PATCH] netfilter: Clean up errors in nf_conntrack_h323_asn1.h, chenguohua
- Re: [PATCH] netfilter: Clean up errors in nf_conntrack_h323_asn1.h, Florian Westphal
[PATCH libnetfilter_queue] Fix typo in examples/nf-queue.c from patch 9a8e4c3, Duncan Roe
- Re: [PATCH libnetfilter_queue] Fix typo in examples/nf-queue.c from patch 9a8e4c3, Pablo Neira Ayuso
[PATCH v2 0/2] Prevent potential write out of bounds, joao
- [PATCH v2 1/2] Make loop indexes unsigned, joao
- [PATCH v2 2/2] Make num_actions unsigned, joao
  - RE: [PATCH v2 2/2] Make num_actions unsigned, David Laight
- Re: [PATCH v2 0/2] Prevent potential write out of bounds, Pablo Neira Ayuso
  - Re: [PATCH v2 0/2] Prevent potential write out of bounds, Pablo Neira Ayuso
[PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks, Jordan Rife
- [PATCH net v6 1/3] net: replace calls to sock->ops->connect() with kernel_connect(), Jordan Rife
- [PATCH net v6 2/3] net: prevent rewrite of msg_name and msg_namelen in sock_sendmsg(), Jordan Rife
- [PATCH net v6 3/3] net: prevent address rewrite in kernel_bind(), Jordan Rife
- Re: [PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks, patchwork-bot+netdevbpf
[nft PATCH] tests: shell: features: Fix table owner flag check, Phil Sutter
- Re: [nft PATCH] tests: shell: features: Fix table owner flag check, Phil Sutter
[PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
- Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Phil Sutter
  - Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
    - Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Phil Sutter
      - Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
        
        Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Phil Sutter
        
        Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Phil Sutter
        
        Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
        
        Re: [PATCH nft 3/3,v2] netlink_linearize: skip set element expression in map statement key, Phil Sutter
[PATCH nft 1/3] tests: py: add map support, Pablo Neira Ayuso
- [PATCH nft 2/3] json: expose dynamic flag, Pablo Neira Ayuso
  - Re: [PATCH nft 2/3] json: expose dynamic flag, Phil Sutter
- [PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
  - Re: [PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key, Phil Sutter
    - Re: [PATCH nft 3/3] netlink_linearize: skip set element expression in map statement key, Pablo Neira Ayuso
[PATCH conntrack-tools] conntrackd: consolidate check for maximum number of channels, Pablo Neira Ayuso
Re: [syzbot] [netfilter?] INFO: rcu detected stall in gc_worker (3), syzbot
- <Possible follow-ups>
- Re: [syzbot] [netfilter?] INFO: rcu detected stall in gc_worker (3), syzbot
[nf PATCH 0/3] Review nf_tables audit logging, Phil Sutter
- [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Phil Sutter
  - Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Pablo Neira Ayuso
    - Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Phil Sutter
      - Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Pablo Neira Ayuso
  - Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Richard Guy Briggs
  - Re: [nf PATCH 2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs, Paul Moore
- [nf PATCH 1/3] selftests: netfilter: Extend nft_audit.sh, Phil Sutter
- [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table, Phil Sutter
  - Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table, Richard Guy Briggs
  - Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table, Paul Moore
  - Re: [nf PATCH 3/3] netfilter: nf_tables: Audit log object reset once per table, Florian Westphal
- Re: [nf PATCH 0/3] Review nf_tables audit logging, Paul Moore
[nf PATCH 0/5] Introduce locking for reset requests, Phil Sutter
- [nf PATCH 3/5] netfilter: nf_tables: Introduce struct nft_obj_dump_ctx, Phil Sutter
- [nf PATCH 5/5] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Phil Sutter
  - Re: [nf PATCH 5/5] netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests, Pablo Neira Ayuso
- [nf PATCH 4/5] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests, Phil Sutter
- [nf PATCH 1/5] netfilter: nf_tables: Don't allocate nft_rule_dump_ctx, Phil Sutter
- [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
  - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Florian Westphal
    - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
      - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Florian Westphal
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Florian Westphal
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Florian Westphal
        
        Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
    - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
  - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
    - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Phil Sutter
      - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
  - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
    - Re: [nf PATCH 2/5] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
[PATCH -stable,5.10 00/17] Netfilter stable fixes for 5.10, Pablo Neira Ayuso
- [PATCH -stable,5.10 03/17] netfilter: nf_tables: GC transaction API to avoid race with control plane, Pablo Neira Ayuso
- [PATCH -stable,5.10 02/17] netfilter: nf_tables: don't skip expired elements during walk, Pablo Neira Ayuso
- [PATCH -stable,5.10 01/17] netfilter: nf_tables: integrate pipapo into commit protocol, Pablo Neira Ayuso
- [PATCH -stable,5.10 11/17] netfilter: nf_tables: use correct lock to protect gc_list, Pablo Neira Ayuso
- [PATCH -stable,5.10 10/17] netfilter: nf_tables: GC transaction race with abort path, Pablo Neira Ayuso
- [PATCH -stable,5.10 09/17] netfilter: nf_tables: GC transaction race with netns dismantle, Pablo Neira Ayuso
- [PATCH -stable,5.10 05/17] netfilter: nft_set_hash: mark set element as dead when deleting from packet path, Pablo Neira Ayuso
- [PATCH -stable,5.10 06/17] netfilter: nf_tables: remove busy mark and gc batch API, Pablo Neira Ayuso
- [PATCH -stable,5.10 04/17] netfilter: nf_tables: adapt set backend to use GC transaction API, Pablo Neira Ayuso
- [PATCH -stable,5.10 08/17] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Pablo Neira Ayuso
- [PATCH -stable,5.10 07/17] netfilter: nf_tables: don't fail inserts if duplicate has expired, Pablo Neira Ayuso
- [PATCH -stable,5.10 12/17] netfilter: nf_tables: defer gc run if previous batch is still pending, Pablo Neira Ayuso
- [PATCH -stable,5.10 14/17] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Pablo Neira Ayuso
- [PATCH -stable,5.10 15/17] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails, Pablo Neira Ayuso
- [PATCH -stable,5.10 17/17] netfilter: nf_tables: fix memleak when more than 255 elements expired, Pablo Neira Ayuso
- [PATCH -stable,5.10 16/17] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Pablo Neira Ayuso
- [PATCH -stable,5.10 13/17] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction, Pablo Neira Ayuso
[PATCH -stable,5.15 00/17] Netfilter stable fixes for 5.15, Pablo Neira Ayuso
- [PATCH -stable,5.15 03/17] netfilter: nf_tables: adapt set backend to use GC transaction API, Pablo Neira Ayuso
- [PATCH -stable,5.15 12/17] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction, Pablo Neira Ayuso
- [PATCH -stable,5.15 09/17] netfilter: nf_tables: GC transaction race with abort path, Pablo Neira Ayuso
- [PATCH -stable,5.15 15/17] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails, Pablo Neira Ayuso
- [PATCH -stable,5.15 11/17] netfilter: nf_tables: defer gc run if previous batch is still pending, Pablo Neira Ayuso
- [PATCH -stable,5.15 06/17] netfilter: nf_tables: don't fail inserts if duplicate has expired, Pablo Neira Ayuso
- [PATCH -stable,5.15 13/17] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Pablo Neira Ayuso
- [PATCH -stable,5.15 01/17] netfilter: nf_tables: don't skip expired elements during walk, Pablo Neira Ayuso
- [PATCH -stable,5.15 04/17] netfilter: nft_set_hash: mark set element as dead when deleting from packet path, Pablo Neira Ayuso
- [PATCH -stable,5.15 16/17] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Pablo Neira Ayuso
- [PATCH -stable,5.15 07/17] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Pablo Neira Ayuso
- [PATCH -stable,5.15 02/17] netfilter: nf_tables: GC transaction API to avoid race with control plane, Pablo Neira Ayuso
- [PATCH -stable,5.15 10/17] netfilter: nf_tables: use correct lock to protect gc_list, Pablo Neira Ayuso
- [PATCH -stable,5.15 14/17] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC, Pablo Neira Ayuso
- [PATCH -stable,5.15 08/17] netfilter: nf_tables: GC transaction race with netns dismantle, Pablo Neira Ayuso
- [PATCH -stable,5.15 05/17] netfilter: nf_tables: remove busy mark and gc batch API, Pablo Neira Ayuso
- [PATCH -stable,5.15 17/17] netfilter: nf_tables: fix memleak when more than 255 elements expired, Pablo Neira Ayuso
[PATCH -stable,6.1 00/17] Netfilter stable fixes for 6.1, Pablo Neira Ayuso
- [-stable,6.1 01/17] netfilter: nf_tables: don't skip expired elements during walk, Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]