Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [nft PATCH] tests: py: Document JSON mode in README,
Phil Sutter
- [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF,
Daniel Xu
- [PATCH -stable,5.10 0/3] stable fixes for 5.10,
Pablo Neira Ayuso
- [PATCH net-next 0/8] Netfilter/IPVS updates for net-next,
Pablo Neira Ayuso
- Re: Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE,
Pablo Neira Ayuso
- [PATCH nf 1/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails,
Pablo Neira Ayuso
- Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?,
Jason Vas Dias
- [ulogd2 PATCH] Makefile: Create LZMA-compressed dist-files,
Phil Sutter
- [PATCH net] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.,
Gavrilov Ilia
- [PATCH net-next] linux/netfilter.h: fix kernel-doc warnings,
Randy Dunlap
- Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later,
Bagas Sanjaya
Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later, Linux regression tracking #update (Thorsten Leemhuis)
[nft PATCH 0/4] cli: Make valgrind (kind of) happy,
Phil Sutter
ipset hash:net:port:net,
Марк Коренберг
[PATCH nf-next] netfilter: nf_tables: limit allowed range via nla_policy, Florian Westphal
vs conntrack changes TCP ports mid-stream,
Sven Bartscher
[PATCH nf v2] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one,
Florian Westphal
[PATCH nf] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one,
Florian Westphal
[PATCH net,v3 00/14] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[PATCH 09/11] sysctl: Remove the end element in sysctl table arrays,
Joel Granados
[PATCH 06/11] sysctl: Add size to register_net_sysctl function,
Joel Granados
[PATCH] netfilter: Don't parse CTCP message if shorter than minimum length,
Sohom
[PATCH nf,v3 01/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
[PATCH nft] src: avoid IPPROTO_MAX for array definitions,
Florian Westphal
[PATCH nf-next v2] lib/ts_bm: add helper to reduce indentation and improve readability, Jeremy Sowden
[lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check,
Igor Artemiev
[nft PATCH] cli: Make valgrind happy,
Phil Sutter
[PATCH nft] json: add inner payload support, Pablo Neira Ayuso
CFS for Netdev 0x17 open!, Jamal Hadi Salim
[PATCH nft] src: add json support for last statement, Pablo Neira Ayuso
[PATCH net 00/14,v2] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- Re: [PATCH net 00/14,v2] Netfilter/IPVS fixes for net, Pablo Neira Ayuso
[PATCH nft 0/6] Misc parser fixes,
Florian Westphal
[PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability,
Jeremy Sowden
[PATCH nf v2] lib/ts_bm: reset initial match offset for every block of text,
Jeremy Sowden
[PATCH net 00/14] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[iptables PATCH] iptables: Fix handling of non-existent chains,
Jacek Tomasiak
[iptables PATCH] iptables: Fix setting of ipv6 counters,
Jacek Tomasiak
[PATCH nft] cache: include set elements in "nft set list",
Florian Westphal
Re: nft list sets changed behavior,
Florian Westphal
[nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload,
Phil Sutter
[PATCH nf,v4 01/10] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v4 05/10] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH nf,v4 02/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v4 08/10] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v4 07/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v4 06/10] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v4 04/10] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH nf,v4 10/10] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v4 03/10] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH nf,v4 09/10] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
[PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free,
Florent Revest
[nft PATCH 0/3] Implement 'reset {set,map,element}' commands,
Phil Sutter
[nf-next PATCH] netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET, Phil Sutter
[PATCH nf] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
[conntrack-tools PATCH] conntrack: Don't override mark in non-list mode,
Jacek Tomasiak
[PATCH nf,v3 01/10] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v3 04/10] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v3 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v3 03/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v3 06/10] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 10/10] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH nf,v3 05/10] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 09/10] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH nf,v3 02/10] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 08/10] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
[PATCH nft] tests: shell: bogus EBUSY errors in transactions, Pablo Neira Ayuso
[PATCH] netfilter: ipset: Replace strlcpy with strscpy,
Azeem Shaikh
[PATCH xtables-addons] xt_ipp2p: change text-search algo to KMP,
Jeremy Sowden
[PATCH nf,v2 1/7] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v2 5/7] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v2 4/7] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v2 3/7] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v2 2/7] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v2 7/7] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v2 6/7] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
[PATCH nft] tests: shell: add test case for chain-in-use-splat, Florian Westphal
[PATCH nft] tests: shell: fix spurious errors in terse listing in json, Pablo Neira Ayuso
[PATCH nf 1/6] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
[PATCH iptables] man: string: document BM false negatives,
Jeremy Sowden
[PATCH nf] lib/ts_bm: reset initial match offset for every block of text,
Jeremy Sowden
[PATCH v2] ipvs: align inner_mac_header for encapsulation,
Terin Stock
[PATCH net 1/1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple,
Paul Blakey
[PATCH nf 1/3] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
[PATCH iptables] nft: use payload matching for layer 4 protocol,
Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE,
Pablo Neira Ayuso
[PATCH nf] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nf_tables: integrate pipapo into commit protocol,
Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: integrate pipapo into commit protocol,
Pablo Neira Ayuso
xtables-addons passes through an IP from RU, Oláh Ambrus Sándor
[PATCH nf-next v2] netfilter: snat: evict closing tcp entries on reply tuple collision, Florian Westphal
[PATCH nf] netfilter: nf_tables: out-of-bound check in chain blob, Pablo Neira Ayuso
[PATCH nf-next,v2 0/7] nf_tables combo match,
Pablo Neira Ayuso
- [PATCH nf-next,v2 4/7] netfilter: nf_tables: add payload + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 2/7] netfilter: nf_tables: remove fast bitwise and fast cmp16, Pablo Neira Ayuso
- [PATCH nf-next,v2 7/7] netfilter: nf_tables: skip comment match when building blob, Pablo Neira Ayuso
- [PATCH nf-next,v2 3/7] netfilter: nf_tables: track register store and load operations, Pablo Neira Ayuso
- [PATCH nf-next,v2 6/7] netfilter: nf_tables: add payload + bitwise + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 5/7] netfilter: nf_tables: add meta + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 1/7] netfilter: nf_tables: remove expression reduce infrastructure, Pablo Neira Ayuso
[PATCH nf-next] netfilter: snat: evict closing tcp entries on reply tuple collision,
Florian Westphal
[PATCH nf-next] netfilter: nf_tables: permit update of set size, Florian Westphal
[PATCH nf-next] netfilter: ipset: remove rcu_read_lock_bh pair from ip_set_test, Florian Westphal
[PATCH nf-next] nft_payload: rebuild vlan header when needed, Pablo Neira Ayuso
[PATCH xtables-addons v2 0/7] xt_ipp2p: support for non-linear packets,
Jeremy Sowden
[PATCH xtables-addons 0/8] xt_ipp2p: support for non-linear packets,
Jeremy Sowden
[PATCH] add some test cases to improve code coverage, tongxiaoge1001
[PATCH] define "i" only if attr is NFTNL_CHAIN_DEVICES. When attr isn't NFTNL_CHAIN_DEVICES, "i" is useless., tongxiaoge1001
[PATCH iptables] nft: check for source and destination address in first place,
Pablo Neira Ayuso
[PATCH] Add test cases to improve code coverage, tongxiaoge1001
[PATCH] fix typo,
tongxiaoge1001
nftables: Writers starve readers,
Phil Sutter
[libnftnl PATCH] set: Do not leave free'd expr_list elements in place,
Phil Sutter
String matcher "algo bm" broken in OUTPUT since 5.3.x,
ValdikSS
xtables-addons: ipp2p does not block TCP traffic with nonlinear skb,
ValdikSS
[iptables PATCH] xshared: fix memory leak in should_load_proto,
Christian Marangi
[PATCH 4.14 70/86] netfilter: nf_tables: fix register ordering, Greg Kroah-Hartman
[PATCH 4.14 69/86] netfilter: nf_tables: do not allow SET_ID to refer to another table, Greg Kroah-Hartman
[PATCH 4.14 68/86] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Greg Kroah-Hartman
[PATCH 4.14 67/86] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Greg Kroah-Hartman
[PATCH 4.14 66/86] netfilter: nf_tables: stricter validation of element data, Greg Kroah-Hartman
[PATCH 4.14 65/86] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Greg Kroah-Hartman
[PATCH 4.14 64/86] netfilter: nf_tables: add nft_setelem_parse_key(), Greg Kroah-Hartman
[PATCH 4.14 63/86] netfilter: nf_tables: validate registers coming from userspace., Greg Kroah-Hartman
[PATCH 4.14 62/86] netfilter: nftables: statify nft_parse_register(), Greg Kroah-Hartman
[PATCH 4.14 61/86] netfilter: nftables: add nft_parse_register_store() and use it, Greg Kroah-Hartman
[PATCH 4.14 60/86] netfilter: nftables: add nft_parse_register_load() and use it, Greg Kroah-Hartman
[PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH libnftnl v3 0/5] bitwise: support for boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH nf-next v4 0/2] netfilter: bitwise: support boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH nft] tests: extend tests for destroy command,
Fernando Fernandez Mancera
[PATCH -stable,4.14 00/11] more stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.14 03/11] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.14 02/11] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.14 04/11] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.14 05/11] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.14 08/11] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Pablo Neira Ayuso
- [PATCH -stable,4.14 01/11] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.14 06/11] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.14 07/11] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.14 11/11] netfilter: nf_tables: fix register ordering, Pablo Neira Ayuso
- [PATCH -stable,4.14 10/11] netfilter: nf_tables: do not allow SET_ID to refer to another table, Pablo Neira Ayuso
- [PATCH -stable,4.14 09/11] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- Re: [PATCH -stable,4.14 00/11] more stable fixes for 4.14, Greg KH
[PATCH AUTOSEL 4.14 17/20] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.4 24/27] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 4.19 24/27] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.10 27/31] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 6.3 56/67] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.15 36/43] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 6.1 46/57] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH nf-next,v1 0/6] nf_tables combo match,
Pablo Neira Ayuso
- [PATCH nf-next,v1 4/6] netfilter: nf_tables: add meta combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 3/6] netfilter: nf_tables: add payload combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 5/6] netfilter: nf_tables: add payload bitwise combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 6/6] netfilter: nf_tables: skip comment match when building blob, Pablo Neira Ayuso
- [PATCH nf-next,v1 2/6] netfilter: nf_tables: remove fast bitwise and cmp operations, Pablo Neira Ayuso
- [PATCH nf-next,v1 1/6] netfilter: nf_tables: remove expression reduce infrastructure, Pablo Neira Ayuso
- Re: [PATCH nf-next,v1 0/6] nf_tables combo match, Florian Westphal
[PATCH nf] netfilter: bitwise: fix register tracking, Jeremy Sowden
[PATCH net] netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_basechain_hook(), Gavrilov Ilia
nftables; key update with symbolic values/immediates,
Florian Westphal
Re: New Linux kernel NetFilter flaw gives attackers root privileges, Bagas Sanjaya
[PATCH 4.14] netfilter: nf_tables: fix register ordering,
Andrew Paniakin
[PATCH] netfilter: nf_tables: fix register ordering,
Andrew Paniakin
[libmnl, PATCH 1/1] examples: update .gitignore files,
Dario Binacchi
[libmnl, PATCH 1/1] include: cache copy of can.h and can/netlink.h, Dario Binacchi
[PATCH 4.14 0/1] netfilter: Fix EBUSY when removing objref,
Thadeu Lima de Souza Cascardo
[PATCH v1 nf] netfilter: ipset: Add schedule point in call_ad().,
Kuniyuki Iwashima
[PATCH nft] evaluate: set NFT_SET_EVAL flag if dynamic set already exists,
Pablo Neira Ayuso
[PATCH conntrack,v2] conntrack: do not silence EEXIST error, use NLM_F_EXCL, Pablo Neira Ayuso
[PATCH conntrack 1/2] conntrack: do not ignore errors coming from the kernel,
Pablo Neira Ayuso
[PATCH net-next] ipvs: dynamically limit the connection hash table,
Julian Anastasov
[PATCH v3] ipvs: increase ip_vs_conn_tab_bits range for 64BIT,
Abhijeet Rastogi
Re: How to configure "full cone" NAT using iptables, imnozi
[PATCH nft] mnl: support bpf id decode in nft list hooks, Florian Westphal
[PATCH -stable,4.14 0/8] more stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.14 1/8] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.14 2/8] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.14 7/8] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- [PATCH -stable,4.14 5/8] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.14 3/8] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.14 8/8] netfilter: nf_tables: do not allow SET_ID to refer to another table, Pablo Neira Ayuso
- [PATCH -stable,4.14 4/8] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.14 6/8] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Pablo Neira Ayuso
- Re: [PATCH -stable,4.14 0/8] more stable fixes for 4.14, Sasha Levin
[PATCH -stable,4.19 0/9] stable fixes for 4.19,
Pablo Neira Ayuso
- [PATCH -stable,4.19 4/9] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.19 1/9] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.19 2/9] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.19 3/9] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.19 5/9] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.19 9/9] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- [PATCH -stable,4.19 7/9] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.19 6/9] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.19 8/9] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag, Pablo Neira Ayuso
[PATCH -stable,5.4 0/9] stable fixes for 5.4,
Pablo Neira Ayuso
- [PATCH -stable,5.4 1/9] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,5.4 3/9] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,5.4 4/9] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,5.4 6/9] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,5.4 7/9] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,5.4 5/9] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,5.4 2/9] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,5.4 8/9] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag, Pablo Neira Ayuso
- [PATCH -stable,5.4 9/9] netfilter: nf_tables: hold mutex on netns pre_exit path, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: disable delset and delsetelem on anonymous sets, Florian Westphal
Patch for -stable, 6.3.x,
Pablo Neira Ayuso
Re: ct state vmap no longer works on 6.3 kernel, Duncan Roe
[PATCH v11 00/12] Network support for Landlock,
Konstantin Meskhidze
- [PATCH v11 01/12] landlock: Make ruleset's access masks more generic, Konstantin Meskhidze
- [PATCH v11 02/12] landlock: Allow filesystem layout changes for domains without such rule type, Konstantin Meskhidze
- [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule, Konstantin Meskhidze
- [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions, Konstantin Meskhidze
- [PATCH v11 05/12] landlock: Move and rename layer helpers, Konstantin Meskhidze
- [PATCH v11 09/12] selftests/landlock: Share enforce_ruleset(), Konstantin Meskhidze
- [PATCH v11 07/12] landlock: Refactor landlock_add_rule() syscall, Konstantin Meskhidze
- [PATCH v11 06/12] landlock: Refactor layer helpers, Konstantin Meskhidze
- [PATCH v11 12/12] landlock: Document Landlock's network support, Konstantin Meskhidze
- [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network, Konstantin Meskhidze
- [PATCH v11 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze
- [PATCH v11 11/12] samples/landlock: Add network demo, Konstantin Meskhidze
- Re: [PATCH v11 00/12] Network support for Landlock, Mickaël Salaün
[PATCH v2] ipvs: increase ip_vs_conn_tab_bits range for 64BIT,
Abhijeet Rastogi
[PATCH] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT,
Tom Rix
[PATCH nf-next] netfilter: nf_tables: relax set/map validation checks, Florian Westphal
[PATCH nf-next] netfilter: nf_tables: always increment set element count, Florian Westphal
[PATCH nf] netfilter: nft_set_rbtree: fix null deref on element insertion, Florian Westphal
[PATCH AUTOSEL 5.15 4/5] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 4.19 2/2] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 5.4 2/2] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 5.10 3/3] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 6.1 7/9] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 6.2 08/10] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH AUTOSEL 6.3 09/11] netfilter: nf_tables: deactivate anonymous set from preparation phase, Sasha Levin
[PATCH netfilter -stable,4.14 0/6] stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.14 1/6] netfilter: nf_tables: split set destruction in deactivate and destroy phase, Pablo Neira Ayuso
- [PATCH -stable,4.14 4/6] netfilter: nf_tables: use-after-free in failing rule with bound set, Pablo Neira Ayuso
- [PATCH -stable,4.14 6/6] netfilter: nf_tables: deactivate anonymous set from preparation phase, Pablo Neira Ayuso
- [PATCH -stable,4.14 2/6] netfilter: nf_tables: unbind set in rule from commit path, Pablo Neira Ayuso
- [PATCH -stable,4.14 3/6] netfilter: nft_hash: fix nft_hash_deactivate, Pablo Neira Ayuso
- [PATCH -stable,4.14 5/6] netfilter: nf_tables: bogus EBUSY when deleting set after flush, Pablo Neira Ayuso
- Re: [PATCH netfilter -stable,4.14 0/6] stable fixes for 4.14, Sasha Levin
- Re: [PATCH netfilter -stable,4.14 0/6] stable fixes for 4.14, luwei (O)
[PATCH nf] netfilter: nf_tables: fix nft_trans type confusion, Florian Westphal
[PATCH nf-next,v2 1/3] netfilter: flowtable: simplify route logic,
Pablo Neira Ayuso
[PATCH RESEND 0/4] Fix oops about sleeping in led_trigger_blink(),
Hans de Goede
Anouncement: Netdevconf 0x17, Jamal Hadi Salim
[PATCH net 0/7] Netfilter updates for net,
Pablo Neira Ayuso
[PATCH nf-next 1/3] netfilter: flowtable: simplify route logic,
Pablo Neira Ayuso
[PATCH nf-next v4] netfilter: nft_exthdr: add boolean DCCP option matching, Jeremy Sowden
[PATCH nft 1/2] datatype: misspell support with symbol table parser for error reporting,
Pablo Neira Ayuso
[PATCH nf] testing: selftests: nft_flowtable.sh: check ingress/egress chain too,
Florian Westphal
[PATCH net-next] netfilter: Reorder fields in 'struct nf_conntrack_expect',
Christophe JAILLET
[PATCH nft 1/3] evaluate: allow stateful statements with anonymous verdict maps,
Pablo Neira Ayuso
[PATCH 0/2] netfilter: nfnetlink_log & nfnetlink_queue: enable cgroup id socket info,
Patryk Sondej
[PATCH net-next] netfilter: nft_set_pipapo: Use struct_size(), Christophe JAILLET
[PATCH v2 net-next] netfilter: nft_set_pipapo: Use struct_size(),
Christophe JAILLET
[iptables PATCH 0/4] Implement a best-effort forward compat solution,
Phil Sutter
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
