Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- Re: [PATCH nft] netlink_linearize: use div_round_up in byteorder length, (continued)
- [PATCH -stable,4.14 0/3] stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.19 00/10] stable fixes for 4.19,
Pablo Neira Ayuso
- [PATCH -stable,4.19 01/10] netfilter: nf_tables: fix nat hook table deletion, Pablo Neira Ayuso
- [PATCH -stable,4.19 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks, Pablo Neira Ayuso
- [PATCH -stable,4.19 03/10] netfilter: nftables: add helper function to set the base sequence number, Pablo Neira Ayuso
- [PATCH -stable,4.19 04/10] netfilter: add helper function to set up the nfnetlink header and use it, Pablo Neira Ayuso
- [PATCH -stable,4.19 06/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
- [PATCH -stable,4.19 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH -stable,4.19 08/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,4.19 10/10] netfilter: nf_tables: fix scheduling-while-atomic splat, Pablo Neira Ayuso
- [PATCH -stable,4.19 05/10] netfilter: nf_tables: use net_generic infra for transaction data, Pablo Neira Ayuso
- [PATCH -stable,4.19 09/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails, Pablo Neira Ayuso
- Re: [PATCH -stable,4.19 00/10] stable fixes for 4.19, Greg KH
- [PATCH -stable,5.4 00/10] stable fixes for 5.4,
Pablo Neira Ayuso
- [PATCH -stable,5.4 02/10] netfilter: nftables: add helper function to set the base sequence number, Pablo Neira Ayuso
- [PATCH -stable,5.4 01/10] netfilter: nf_tables: fix nat hook table deletion, Pablo Neira Ayuso
- [PATCH -stable,5.4 03/10] netfilter: add helper function to set up the nfnetlink header and use it, Pablo Neira Ayuso
- [PATCH -stable,5.4 05/10] netfilter: nf_tables: add rescheduling points during loop detection walks, Pablo Neira Ayuso
- [PATCH -stable,5.4 04/10] netfilter: nf_tables: use net_generic infra for transaction data, Pablo Neira Ayuso
- [PATCH -stable,5.4 06/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
- [PATCH -stable,5.4 09/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails, Pablo Neira Ayuso
- [PATCH -stable,5.4 08/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,5.4 10/10] netfilter: nf_tables: fix scheduling-while-atomic splat, Pablo Neira Ayuso
- [PATCH -stable,5.4 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- Re: [PATCH -stable,5.4 00/10] stable fixes for 5.4, Greg KH
- [PATCH -stable,5.10,v2 00/11] stable fixes for 5.10,
Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 03/11] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 04/11] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 01/11] netfilter: nf_tables: use net_generic infra for transaction data, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 02/11] netfilter: nf_tables: add rescheduling points during loop detection walks, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 06/11] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 05/11] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 07/11] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 08/11] netfilter: nftables: rename set element data activation/deactivation functions, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 10/11] netfilter: nf_tables: unbind non-anonymous set if rule construction fails, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 09/11] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH -stable,5.10,v2 11/11] netfilter: nf_tables: fix scheduling-while-atomic splat, Pablo Neira Ayuso
- Re: [PATCH -stable,5.10,v2 00/11] stable fixes for 5.10, Pablo Neira Ayuso
- [PATCH -stable,5.10 00/10] stable fixes for 5.10,
Pablo Neira Ayuso
- [PATCH -stable,5.10 03/10] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
- [PATCH -stable,5.10 04/10] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH -stable,5.10 02/10] netfilter: nf_tables: add rescheduling points during loop detection walks, Pablo Neira Ayuso
- [PATCH -stable,5.10 01/10] netfilter: nf_tables: use net_generic infra for transaction data, Pablo Neira Ayuso
- [PATCH -stable,5.10 05/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH -stable,5.10 07/10] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,5.10 06/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH -stable,5.10 08/10] netfilter: nftables: rename set element data activation/deactivation functions, Pablo Neira Ayuso
- [PATCH -stable,5.10 09/10] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH -stable,5.10 10/10] netfilter: nf_tables: unbind non-anonymous set if rule construction fails, Pablo Neira Ayuso
- [PATCH -stable,5.15 0/2] stable fixes for 5.15,
Pablo Neira Ayuso
- [PATCH] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval,
Thadeu Lima de Souza Cascardo
- [PATCH] netfilter: nf_tables: do not ignore genmask when looking up chain by id,
Thadeu Lima de Souza Cascardo
- [PATCH nf,v2] netfilter: nf_tables: report use refcount overflow, Pablo Neira Ayuso
- [PATCH nf] netfilter: conntrack: don't fold port numbers into addresses before hashing, Florian Westphal
- [PATCH nf v2] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free,
Florent Revest
- [PATCH nf] netfilter: nf_tables: report use refcount overflow, Pablo Neira Ayuso
- [PATCH nf] netfilter: conntrack: gre: don't set assured flag for clash entries,
Florian Westphal
- [PATCH nft] expression: define .clone for catchall set element,
Pablo Neira Ayuso
- [PATCH AUTOSEL 6.1 10/12] netfilter: nf_tables: disallow timeout for anonymous sets, Sasha Levin
- [PATCH AUTOSEL 5.15 4/5] netfilter: nf_tables: disallow timeout for anonymous sets, Sasha Levin
- [PATCH AUTOSEL 6.3 13/17] netfilter: nf_tables: disallow timeout for anonymous sets, Sasha Levin
- [PATCH AUTOSEL 6.3 14/17] netfilter: nf_tables: drop module reference after updating chain, Sasha Levin
- [nft PATCH] tests: py: Document JSON mode in README,
Phil Sutter
- [PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF,
Daniel Xu
- [PATCH -stable,5.10 0/3] stable fixes for 5.10,
Pablo Neira Ayuso
- [PATCH net-next 0/8] Netfilter/IPVS updates for net-next,
Pablo Neira Ayuso
- Re: Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE,
Pablo Neira Ayuso
- [PATCH nf 1/2] netfilter: nf_tables: unbind non-anonymous set if rule construction fails,
Pablo Neira Ayuso
- Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?,
Jason Vas Dias
- [ulogd2 PATCH] Makefile: Create LZMA-compressed dist-files,
Phil Sutter
- [PATCH net] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.,
Gavrilov Ilia
- [PATCH net-next] linux/netfilter.h: fix kernel-doc warnings,
Randy Dunlap
- Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later,
Bagas Sanjaya
Re: Fwd: High cpu usage caused by kernel process when upgraded to linux 5.19.17 or later, Linux regression tracking #update (Thorsten Leemhuis)
[nft PATCH 0/4] cli: Make valgrind (kind of) happy,
Phil Sutter
ipset hash:net:port:net,
Марк Коренберг
[PATCH nf-next] netfilter: nf_tables: limit allowed range via nla_policy, Florian Westphal
vs conntrack changes TCP ports mid-stream,
Sven Bartscher
[PATCH nf v2] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one,
Florian Westphal
[PATCH nf] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one,
Florian Westphal
[PATCH net,v3 00/14] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[PATCH 09/11] sysctl: Remove the end element in sysctl table arrays,
Joel Granados
[PATCH 06/11] sysctl: Add size to register_net_sysctl function,
Joel Granados
[PATCH] netfilter: Don't parse CTCP message if shorter than minimum length,
Sohom
[PATCH nf,v3 01/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
[PATCH nft] src: avoid IPPROTO_MAX for array definitions,
Florian Westphal
[PATCH nf-next v2] lib/ts_bm: add helper to reduce indentation and improve readability, Jeremy Sowden
[lvc-project] [PATCH] netfilter: ebtables: remove unnecessary NULL check,
Igor Artemiev
[nft PATCH] cli: Make valgrind happy,
Phil Sutter
[PATCH nft] json: add inner payload support, Pablo Neira Ayuso
CFS for Netdev 0x17 open!, Jamal Hadi Salim
[PATCH nft] src: add json support for last statement, Pablo Neira Ayuso
[PATCH net 00/14,v2] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- Re: [PATCH net 00/14,v2] Netfilter/IPVS fixes for net, Pablo Neira Ayuso
[PATCH nft 0/6] Misc parser fixes,
Florian Westphal
[PATCH nf-next] lib/ts_bm: add helper to reduce indentation and improve readability,
Jeremy Sowden
[PATCH nf v2] lib/ts_bm: reset initial match offset for every block of text,
Jeremy Sowden
[PATCH net 00/14] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH net 01/14] ipvs: align inner_mac_header for encapsulation, Pablo Neira Ayuso
- [PATCH net 02/14] netfilter: nf_tables: fix chain binding transaction logic, Pablo Neira Ayuso
- [PATCH net 03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH net 04/14] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH net 05/14] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH net 07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH net 06/14] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH net 09/14] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH net 08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH net 10/14] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH net 12/14] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
- [PATCH net 11/14] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH net 14/14] netfilter: nf_tables: Fix for deleting base chains with payload, Pablo Neira Ayuso
- [PATCH net 13/14] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[iptables PATCH] iptables: Fix handling of non-existent chains,
Jacek Tomasiak
[iptables PATCH] iptables: Fix setting of ipv6 counters,
Jacek Tomasiak
[PATCH nft] cache: include set elements in "nft set list",
Florian Westphal
Re: nft list sets changed behavior,
Florian Westphal
[nf PATCH] netfilter: nf_tables: Fix for deleting base chains with payload,
Phil Sutter
[PATCH nf,v4 01/10] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v4 05/10] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH nf,v4 02/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v4 08/10] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v4 07/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v4 06/10] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v4 04/10] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH nf,v4 10/10] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v4 03/10] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH nf,v4 09/10] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
[PATCH nf] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free,
Florent Revest
[nft PATCH 0/3] Implement 'reset {set,map,element}' commands,
Phil Sutter
[nf-next PATCH] netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET, Phil Sutter
[PATCH nf] netfilter: nfnetlink_osf: fix module autoload, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: drop module reference after updating chain, Pablo Neira Ayuso
[conntrack-tools PATCH] conntrack: Don't override mark in non-list mode,
Jacek Tomasiak
[PATCH nf,v3 01/10] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v3 04/10] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v3 07/10] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v3 03/10] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v3 06/10] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 10/10] netfilter: nf_tables: fix underflow in object reference counter, Pablo Neira Ayuso
- [PATCH nf,v3 05/10] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 09/10] netfilter: nft_set_pipapo: .walk does not deal with generations, Pablo Neira Ayuso
- [PATCH nf,v3 02/10] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v3 08/10] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
[PATCH nft] tests: shell: bogus EBUSY errors in transactions, Pablo Neira Ayuso
[PATCH] netfilter: ipset: Replace strlcpy with strscpy,
Azeem Shaikh
[PATCH xtables-addons] xt_ipp2p: change text-search algo to KMP,
Jeremy Sowden
[PATCH nf,v2 1/7] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
- [PATCH nf,v2 5/7] netfilter: nf_tables: disallow updates of anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v2 4/7] netfilter: nf_tables: reject unbound chain set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v2 3/7] netfilter: nf_tables: reject unbound anonymous set before commit phase, Pablo Neira Ayuso
- [PATCH nf,v2 2/7] netfilter: nf_tables: disallow element updates of bound anonymous sets, Pablo Neira Ayuso
- [PATCH nf,v2 7/7] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain, Pablo Neira Ayuso
- [PATCH nf,v2 6/7] netfilter: nf_tables: disallow timeout for anonymous sets, Pablo Neira Ayuso
[PATCH nft] tests: shell: add test case for chain-in-use-splat, Florian Westphal
[PATCH nft] tests: shell: fix spurious errors in terse listing in json, Pablo Neira Ayuso
[PATCH nf 1/6] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
[PATCH iptables] man: string: document BM false negatives,
Jeremy Sowden
[PATCH nf] lib/ts_bm: reset initial match offset for every block of text,
Jeremy Sowden
[PATCH v2] ipvs: align inner_mac_header for encapsulation,
Terin Stock
[PATCH net 1/1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple,
Paul Blakey
[PATCH nf 1/3] netfilter: nf_tables: fix chain binding transaction logic,
Pablo Neira Ayuso
[PATCH iptables] nft: use payload matching for layer 4 protocol,
Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE,
Pablo Neira Ayuso
[PATCH nf] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nf_tables: integrate pipapo into commit protocol,
Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: integrate pipapo into commit protocol,
Pablo Neira Ayuso
xtables-addons passes through an IP from RU, Oláh Ambrus Sándor
[PATCH nf-next v2] netfilter: snat: evict closing tcp entries on reply tuple collision, Florian Westphal
[PATCH nf] netfilter: nf_tables: out-of-bound check in chain blob, Pablo Neira Ayuso
[PATCH nf-next,v2 0/7] nf_tables combo match,
Pablo Neira Ayuso
- [PATCH nf-next,v2 4/7] netfilter: nf_tables: add payload + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 2/7] netfilter: nf_tables: remove fast bitwise and fast cmp16, Pablo Neira Ayuso
- [PATCH nf-next,v2 7/7] netfilter: nf_tables: skip comment match when building blob, Pablo Neira Ayuso
- [PATCH nf-next,v2 3/7] netfilter: nf_tables: track register store and load operations, Pablo Neira Ayuso
- [PATCH nf-next,v2 6/7] netfilter: nf_tables: add payload + bitwise + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 5/7] netfilter: nf_tables: add meta + cmp combo match, Pablo Neira Ayuso
- [PATCH nf-next,v2 1/7] netfilter: nf_tables: remove expression reduce infrastructure, Pablo Neira Ayuso
[PATCH nf-next] netfilter: snat: evict closing tcp entries on reply tuple collision,
Florian Westphal
[PATCH nf-next] netfilter: nf_tables: permit update of set size, Florian Westphal
[PATCH nf-next] netfilter: ipset: remove rcu_read_lock_bh pair from ip_set_test, Florian Westphal
[PATCH nf-next] nft_payload: rebuild vlan header when needed, Pablo Neira Ayuso
[PATCH xtables-addons v2 0/7] xt_ipp2p: support for non-linear packets,
Jeremy Sowden
[PATCH xtables-addons 0/8] xt_ipp2p: support for non-linear packets,
Jeremy Sowden
[PATCH] add some test cases to improve code coverage, tongxiaoge1001
[PATCH] define "i" only if attr is NFTNL_CHAIN_DEVICES. When attr isn't NFTNL_CHAIN_DEVICES, "i" is useless., tongxiaoge1001
[PATCH iptables] nft: check for source and destination address in first place,
Pablo Neira Ayuso
[PATCH] Add test cases to improve code coverage, tongxiaoge1001
[PATCH] fix typo,
tongxiaoge1001
nftables: Writers starve readers,
Phil Sutter
[libnftnl PATCH] set: Do not leave free'd expr_list elements in place,
Phil Sutter
String matcher "algo bm" broken in OUTPUT since 5.3.x,
ValdikSS
xtables-addons: ipp2p does not block TCP traffic with nonlinear skb,
ValdikSS
[iptables PATCH] xshared: fix memory leak in should_load_proto,
Christian Marangi
[PATCH 4.14 70/86] netfilter: nf_tables: fix register ordering, Greg Kroah-Hartman
[PATCH 4.14 69/86] netfilter: nf_tables: do not allow SET_ID to refer to another table, Greg Kroah-Hartman
[PATCH 4.14 68/86] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Greg Kroah-Hartman
[PATCH 4.14 67/86] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Greg Kroah-Hartman
[PATCH 4.14 66/86] netfilter: nf_tables: stricter validation of element data, Greg Kroah-Hartman
[PATCH 4.14 65/86] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Greg Kroah-Hartman
[PATCH 4.14 64/86] netfilter: nf_tables: add nft_setelem_parse_key(), Greg Kroah-Hartman
[PATCH 4.14 63/86] netfilter: nf_tables: validate registers coming from userspace., Greg Kroah-Hartman
[PATCH 4.14 62/86] netfilter: nftables: statify nft_parse_register(), Greg Kroah-Hartman
[PATCH 4.14 61/86] netfilter: nftables: add nft_parse_register_store() and use it, Greg Kroah-Hartman
[PATCH 4.14 60/86] netfilter: nftables: add nft_parse_register_load() and use it, Greg Kroah-Hartman
[PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH libnftnl v3 0/5] bitwise: support for boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH nf-next v4 0/2] netfilter: bitwise: support boolean operations with variable RHS operands,
Jeremy Sowden
[PATCH nft] tests: extend tests for destroy command,
Fernando Fernandez Mancera
[PATCH -stable,4.14 00/11] more stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.14 03/11] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.14 02/11] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.14 04/11] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.14 05/11] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.14 08/11] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Pablo Neira Ayuso
- [PATCH -stable,4.14 01/11] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.14 06/11] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.14 07/11] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.14 11/11] netfilter: nf_tables: fix register ordering, Pablo Neira Ayuso
- [PATCH -stable,4.14 10/11] netfilter: nf_tables: do not allow SET_ID to refer to another table, Pablo Neira Ayuso
- [PATCH -stable,4.14 09/11] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- Re: [PATCH -stable,4.14 00/11] more stable fixes for 4.14, Greg KH
[PATCH AUTOSEL 4.14 17/20] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.4 24/27] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 4.19 24/27] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.10 27/31] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 6.3 56/67] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 5.15 36/43] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH AUTOSEL 6.1 46/57] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Sasha Levin
[PATCH nf-next,v1 0/6] nf_tables combo match,
Pablo Neira Ayuso
- [PATCH nf-next,v1 4/6] netfilter: nf_tables: add meta combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 3/6] netfilter: nf_tables: add payload combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 5/6] netfilter: nf_tables: add payload bitwise combo match, Pablo Neira Ayuso
- [PATCH nf-next,v1 6/6] netfilter: nf_tables: skip comment match when building blob, Pablo Neira Ayuso
- [PATCH nf-next,v1 2/6] netfilter: nf_tables: remove fast bitwise and cmp operations, Pablo Neira Ayuso
- [PATCH nf-next,v1 1/6] netfilter: nf_tables: remove expression reduce infrastructure, Pablo Neira Ayuso
- Re: [PATCH nf-next,v1 0/6] nf_tables combo match, Florian Westphal
[PATCH nf] netfilter: bitwise: fix register tracking, Jeremy Sowden
[PATCH net] netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_basechain_hook(), Gavrilov Ilia
nftables; key update with symbolic values/immediates,
Florian Westphal
Re: New Linux kernel NetFilter flaw gives attackers root privileges, Bagas Sanjaya
[PATCH 4.14] netfilter: nf_tables: fix register ordering,
Andrew Paniakin
[PATCH] netfilter: nf_tables: fix register ordering,
Andrew Paniakin
[libmnl, PATCH 1/1] examples: update .gitignore files,
Dario Binacchi
[libmnl, PATCH 1/1] include: cache copy of can.h and can/netlink.h, Dario Binacchi
[PATCH 4.14 0/1] netfilter: Fix EBUSY when removing objref,
Thadeu Lima de Souza Cascardo
[PATCH v1 nf] netfilter: ipset: Add schedule point in call_ad().,
Kuniyuki Iwashima
[PATCH nft] evaluate: set NFT_SET_EVAL flag if dynamic set already exists,
Pablo Neira Ayuso
[PATCH conntrack,v2] conntrack: do not silence EEXIST error, use NLM_F_EXCL, Pablo Neira Ayuso
[PATCH conntrack 1/2] conntrack: do not ignore errors coming from the kernel,
Pablo Neira Ayuso
[PATCH net-next] ipvs: dynamically limit the connection hash table,
Julian Anastasov
[PATCH v3] ipvs: increase ip_vs_conn_tab_bits range for 64BIT,
Abhijeet Rastogi
Re: How to configure "full cone" NAT using iptables, imnozi
[PATCH nft] mnl: support bpf id decode in nft list hooks, Florian Westphal
[PATCH -stable,4.14 0/8] more stable fixes for 4.14,
Pablo Neira Ayuso
- [PATCH -stable,4.14 1/8] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.14 2/8] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.14 7/8] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- [PATCH -stable,4.14 5/8] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.14 3/8] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.14 8/8] netfilter: nf_tables: do not allow SET_ID to refer to another table, Pablo Neira Ayuso
- [PATCH -stable,4.14 4/8] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.14 6/8] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL, Pablo Neira Ayuso
- Re: [PATCH -stable,4.14 0/8] more stable fixes for 4.14, Sasha Levin
[PATCH -stable,4.19 0/9] stable fixes for 4.19,
Pablo Neira Ayuso
- [PATCH -stable,4.19 4/9] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,4.19 1/9] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.19 2/9] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,4.19 3/9] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,4.19 5/9] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,4.19 9/9] netfilter: nf_tables: do not allow RULE_ID to refer to another chain, Pablo Neira Ayuso
- [PATCH -stable,4.19 7/9] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,4.19 6/9] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,4.19 8/9] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag, Pablo Neira Ayuso
[PATCH -stable,5.4 0/9] stable fixes for 5.4,
Pablo Neira Ayuso
- [PATCH -stable,5.4 1/9] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH -stable,5.4 3/9] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH -stable,5.4 4/9] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH -stable,5.4 6/9] netfilter: nf_tables: allow up to 64 bytes in the set element data area, Pablo Neira Ayuso
- [PATCH -stable,5.4 7/9] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
- [PATCH -stable,5.4 5/9] netfilter: nf_tables: add nft_setelem_parse_key(), Pablo Neira Ayuso
- [PATCH -stable,5.4 2/9] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH -stable,5.4 8/9] netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag, Pablo Neira Ayuso
- [PATCH -stable,5.4 9/9] netfilter: nf_tables: hold mutex on netns pre_exit path, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: disable delset and delsetelem on anonymous sets, Florian Westphal
Patch for -stable, 6.3.x,
Pablo Neira Ayuso
Re: ct state vmap no longer works on 6.3 kernel, Duncan Roe
[PATCH v11 00/12] Network support for Landlock,
Konstantin Meskhidze
- [PATCH v11 01/12] landlock: Make ruleset's access masks more generic, Konstantin Meskhidze
- [PATCH v11 02/12] landlock: Allow filesystem layout changes for domains without such rule type, Konstantin Meskhidze
- [PATCH v11 03/12] landlock: Refactor landlock_find_rule/insert_rule, Konstantin Meskhidze
- [PATCH v11 04/12] landlock: Refactor merge/inherit_ruleset functions, Konstantin Meskhidze
- [PATCH v11 05/12] landlock: Move and rename layer helpers, Konstantin Meskhidze
- [PATCH v11 09/12] selftests/landlock: Share enforce_ruleset(), Konstantin Meskhidze
- [PATCH v11 07/12] landlock: Refactor landlock_add_rule() syscall, Konstantin Meskhidze
- [PATCH v11 06/12] landlock: Refactor layer helpers, Konstantin Meskhidze
- [PATCH v11 12/12] landlock: Document Landlock's network support, Konstantin Meskhidze
- [PATCH v11 10/12] selftests/landlock: Add 11 new test suites dedicated to network, Konstantin Meskhidze
- [PATCH v11 08/12] landlock: Add network rules and TCP hooks support, Konstantin Meskhidze
- [PATCH v11 11/12] samples/landlock: Add network demo, Konstantin Meskhidze
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
