Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release), (continued)
- [ANNOUNCE] libnftnl 1.2.3 release, Pablo Neira Ayuso
- [PATCH 1/3] netfilter: nf_tables: do not allow SET_ID to refer to another table,
Thadeu Lima de Souza Cascardo
- [PATCH nf] netfilter: nf_tables: fix null deref due to zeroed list head,
Florian Westphal
- [PATCH] netfilter: nf_tables: possible module reference underflow in error path,
Pablo Neira Ayuso
- [PATCH nf 0/4] netfilter: conntrack: remove 64kb max size assumptions,
Florian Westphal
- [PATCH nf] netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag, Pablo Neira Ayuso
- [PATCH] netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access, Pablo Neira Ayuso
- [PATCH nf,v4] netfilter: nf_tables: validate variable length element extension,
Pablo Neira Ayuso
- [PATCH] tests/py: disable arp family for queue statement, Pablo Neira Ayuso
- [PATCH nftables] meta: don't use non-POSIX formats in strptime(),
Jo-Philipp Wich
- [PATCH libmnl v3 1/2] libmnl: update attribute function comments to use \return,
Jacob Keller
- [PATCH nf,v2 1/2] netfilter: nf_tables: upfront validation of data via nft_data_init(),
Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: upfront validation of data via nft_data_init(), Pablo Neira Ayuso
- [PATCH nf,v3] netfilter: nf_tables: validate variable length element extension, Pablo Neira Ayuso
- [net] 2638eb8b50: WARNING:suspicious_RCU_usage, kernel test robot
- [RESEND (v2) PATCH] netfilter: Fix a typo in a comment,
Christophe JAILLET
- [RESEND PATCH] netfilter: Fix a typo in a comment, Christophe JAILLET
- [PATCH libmnl v2 1/2] libmnl: update attribute function comments to use \return,
Jacob Keller
- [PATCH nf] netfilter: nfnetlink: re-enable conntrack expectation events,
Florian Westphal
- [PATCH libnetfilter_queue] build: doc: Update build_man.sh to find bash in PATH, Duncan Roe
- [PATCH nf,v2] netfilter: nf_tables: validate variable length element extension, Pablo Neira Ayuso
- [PATCH libmnl] libmnl: add support for signed types,
Jacob Keller
- [PATCH nf] netfilter: flowtable: fix incorrect Kconfig dependencies, Pablo Neira Ayuso
- [PATCH libmnl 0/6] Doxygen Build Improvements,
Jeremy Sowden
- [syzbot] general protection fault in br_nf_pre_routing_finish (2), syzbot
- [PATCH iptables] tests: add ebtables among testcase, Florian Westphal
- [PATCH iptables] nft: fix ebtables among match when mac+ip addresses are used, Florian Westphal
- [PATCH nft,v3] parser_json: fix device parsing in netdev family, Pablo Neira Ayuso
- [PATCH nft,v2] parser_json: fix device parsing in netdev family, Pablo Neira Ayuso
- [PATCH nf-next v2] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction, wenxu
- iptables v1.6.2 EOS date,
Nicolas MAFFRE
- [PATCH AUTOSEL 4.19 3/4] netfilter: nf_tables: add rescheduling points during loop detection walks, Sasha Levin
- [PATCH AUTOSEL 5.4 5/6] netfilter: nf_tables: add rescheduling points during loop detection walks, Sasha Levin
- [PATCH AUTOSEL 5.10 6/7] netfilter: nf_tables: add rescheduling points during loop detection walks, Sasha Levin
- [PATCH AUTOSEL 5.15 7/8] netfilter: nf_tables: add rescheduling points during loop detection walks, Sasha Levin
- [PATCH AUTOSEL 5.18 09/10] netfilter: nft_queue: only allow supported familes and hooks, Sasha Levin
- [PATCH AUTOSEL 5.18 08/10] netfilter: nf_tables: add rescheduling points during loop detection walks, Sasha Levin
- [PATCH libmnl] build: doc: refer to bash as bash, not /bin/bash,
Mark Mentovai
- [PATCH nf 0/2] netfilter: nf_tables: fix nf_trace related crash,
Florian Westphal
- [PATCH nft] parser_json: fix device parsing in netdev family, Pablo Neira Ayuso
- [PATCH nft v2 0/8] really handle stacked l2 headers,
Florian Westphal
- [PATCH nft v2 1/8] netlink_delinearize: allow postprocessing on concatenated elements, Florian Westphal
- [PATCH nft v2 2/8] netlink_delinearize: postprocess binary ands in concatenations, Florian Westphal
- [PATCH nft v2 3/8] proto: track full stack of seen l2 protocols, not just cumulative offset, Florian Westphal
- [PATCH nft v2 4/8] debug: dump the l2 protocol stack, Florian Westphal
- [PATCH nft v2 5/8] tests: add a test case for ether and vlan listing, Florian Westphal
- [PATCH nft v2 6/8] netlink_delinearize: also postprocess OP_AND in set element context, Florian Westphal
- [PATCH nft v2 7/8] evaluate: search stacked header list for matching payload dep, Florian Westphal
- [PATCH nft v2 8/8] src: allow anon set concatenation with ether and vlan, Florian Westphal
- Re: [PATCH nft v2 0/8] really handle stacked l2 headers, Pablo Neira Ayuso
- [PATCH] ebtables: add "allstatic" build target, Justin Swartz
- [RFC] Remove DECNET support from kernel,
Stephen Hemminger
- [PATCH libnftnl RFC 1/3] src: add string API support,
Pablo Neira Ayuso
- [PATCH RFC 1/3] src: add string API support, Pablo Neira Ayuso
- [PATCH RFC 0/3] nf_tables string match support,
Pablo Neira Ayuso
- [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output,
Phil Sutter
- [PATCH nft 0/7] really handle stacked l2 headers,
Florian Westphal
- [PATCH v2 nf] netfilter: nft_queue: only allow supported familes and hooks, Florian Westphal
- [PATCH nf] netfilter: nf_tables: add rescheduling points during loop detection walks,
Florian Westphal
- [PATCH nf] netfilter: nft_queue: only allow supported families,
Florian Westphal
- [PATCH nf] netfilter: nf_queue: do not allow packet truncation below transport header offset,
Florian Westphal
- [PATCH nf-next] netfilter: nf_flow_table: delay teardown the offload flow until fin packet recv from both direction,
wenxu
[PATCH bpf-next] net: netfilter: Remove ifdefs for code shared by BPF and ctnetlink,
Kumar Kartikeya Dwivedi
A probable bug in nftables doc, Eve Adam
iptables 1.8.8 misses -j CT calls,
Jan Engelhardt
[PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status,
Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 04/13] bpf: Add support for forcing kfunc args to be trusted, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 09/13] net: netfilter: Add kfuncs to set and change CT status, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 03/13] bpf: Switch to new kfunc flags infrastructure, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 01/13] bpf: Introduce 8-byte BTF set, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 07/13] net: netfilter: Add kfuncs to allocate and insert CT, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 06/13] net: netfilter: Deduplicate code in bpf_{xdp,skb}_ct_lookup, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 05/13] bpf: Add documentation for kfuncs, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 02/13] tools/resolve_btfids: Add support for 8-byte BTF sets, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 08/13] net: netfilter: Add kfuncs to set and change CT timeout, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 10/13] selftests/bpf: Add verifier tests for trusted kfunc args, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 11/13] selftests/bpf: Add tests for new nf_conntrack kfuncs, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 13/13] selftests/bpf: Fix test_verifier failed test in unprivileged mode, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v7 12/13] selftests/bpf: Add negative tests for new nf_conntrack kfuncs, Kumar Kartikeya Dwivedi
- Re: [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status, Zvi Effron
- Re: [PATCH bpf-next v7 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status, patchwork-bot+netdevbpf
[PATCH nf-next 00/18] Netfilter/IPVS updates for net-next,
Pablo Neira Ayuso
- [PATCH nf-next 01/18] netfilter: conntrack: use fallthrough to cleanup, Pablo Neira Ayuso
- [PATCH nf-next 04/18] netfilter: nf_flow_table: count pending offload workqueue tasks, Pablo Neira Ayuso
- [PATCH nf-next 06/18] netfilter: nf_conntrack: use rcu accessors where needed, Pablo Neira Ayuso
- [PATCH nf-next 05/18] netfilter: nf_conntrack: add missing __rcu annotations, Pablo Neira Ayuso
- [PATCH nf-next 08/18] netfilter: nft_set_bitmap: Fix spelling mistake, Pablo Neira Ayuso
- [PATCH nf-next 02/18] netfilter: conntrack: use correct format characters, Pablo Neira Ayuso
- [PATCH nf-next 07/18] netfilter: h323: merge nat hook pointers into one, Pablo Neira Ayuso
- [PATCH nf-next 03/18] net/sched: act_ct: set 'net' pointer when creating new nf_flow_table, Pablo Neira Ayuso
- [PATCH nf-next 10/18] netfilter: x_tables: use correct integer types, Pablo Neira Ayuso
- [PATCH nf-next 09/18] netfilter: nfnetlink: add missing __be16 cast, Pablo Neira Ayuso
- [PATCH nf-next 11/18] netfilter: nf_tables: use the correct get/put helpers, Pablo Neira Ayuso
- [PATCH nf-next 12/18] netfilter: nf_tables: add and use BE register load-store helpers, Pablo Neira Ayuso
- [PATCH nf-next 18/18] netfilter: xt_TPROXY: remove pr_debug invocations, Pablo Neira Ayuso
- [PATCH nf-next 15/18] netfilter: nf_nat: in nf_nat_initialized(), use const struct nf_conn *, Pablo Neira Ayuso
- [PATCH nf-next 14/18] netfilter: nf_tables: move nft_cmp_fast_mask to where its used, Pablo Neira Ayuso
- [PATCH nf-next 16/18] netfilter: ipvs: Use the bitmap API to allocate bitmaps, Pablo Neira Ayuso
- [PATCH nf-next 13/18] netfilter: nf_tables: use correct integer types, Pablo Neira Ayuso
- [PATCH nf-next 17/18] netfilter: flowtable: prefer refcount_inc, Pablo Neira Ayuso
[PATCH nf-next 0/3] netfilter: conntrack: ignore overly delayed tcp packets,
Florian Westphal
[iptables PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode,
Erik Skultety
[PATCH v2] net-next: improve handling of ICMP_EXT_ECHO icmp type,
Mathias Lark
[PATCH bpf-next v6 00/13] New nf_conntrack kfuncs for insertion, changing timeout, status,
Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 01/13] bpf: Introduce BTF ID flags and 8-byte BTF set, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 02/13] tools/resolve_btfids: Add support for resolving kfunc flags, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 08/13] net: netfilter: Add kfuncs to set and change CT timeout, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 10/13] selftests/bpf: Add verifier tests for trusted kfunc args, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 09/13] net: netfilter: Add kfuncs to set and change CT status, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 06/13] net: netfilter: Deduplicate code in bpf_{xdp,skb}_ct_lookup, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 12/13] selftests/bpf: Add negative tests for new nf_conntrack kfuncs, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 04/13] bpf: Add support for forcing kfunc args to be trusted, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 07/13] net: netfilter: Add kfuncs to allocate and insert CT, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 13/13] selftests/bpf: Fix test_verifier failed test in unprivileged mode, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 11/13] selftests/bpf: Add tests for new nf_conntrack kfuncs, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 05/13] bpf: Add documentation for kfuncs, Kumar Kartikeya Dwivedi
- [PATCH bpf-next v6 03/13] bpf: Switch to new kfunc flags infrastructure, Kumar Kartikeya Dwivedi
[PATCH nft 2/2,v4] cache: validate handle string length, Pablo Neira Ayuso
[PATCH nft] cache: report an error message if cache initialization fails, Pablo Neira Ayuso
[PATCH nft 2/2,v3] cache: validate handle string length, Pablo Neira Ayuso
[PATCH nft 1/2] cache: prepare nft_cache_evaluate() to return error,
Pablo Neira Ayuso
[PATCH nft] parser_bison: bail out on too long names,
Pablo Neira Ayuso
[PATCH net-next] improve handling of ICMP_EXT_ECHO icmp type,
Mathias Lark
[IPTABLES][PATCHv3] xt_sctp: support a couple of new chunk types,
Yuxuan Luo
[IPTABLES][PATCHv2] xt_sctp: support a couple of new chunk types, Yuxuan Luo
[PATCH v2] src: proto: support DF, LE PHB, VA for DSCP,
Oleksandr Natalenko
FTBS on Debian Bullseye with xtables-addons-dkms 3.13-1 and kernel 5.10.0-16-amd64,
Lupe Christoph
[PATCH nf,v3] netfilter: nf_tables: replace BUG_ON by element length check, Pablo Neira Ayuso
libnftnl broken examples,
Serg
[PATCH conntrack-tools 1/3] conntrack: update manpage with new -A command,
Pablo Neira Ayuso
[PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails,
Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: release key_end if element deletion fails, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: validate variable length element extension, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: release key if get element fails, Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: prefer refcount_inc,
Florian Westphal
[PATCH] netfilter: xt_TPROXY: fix clang -Wformat warnings:,
Justin Stitt
[PATCH] Extends py/nftables.py,
Peter Collinson
[PATCH nft] rule: crash when uncollapsing command with unexisting table or set, Pablo Neira Ayuso
[linux-next:master] BUILD REGRESSION 088b9c375534d905a4d337c78db3b3bfbb52c4a0,
kernel test robot
[PATCH nft] scanner: allow prefix in ip6 scope, Florian Westphal
[PATCH AUTOSEL 4.14 3/8] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH AUTOSEL 4.19 3/8] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH AUTOSEL 5.4 3/9] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH AUTOSEL 5.10 03/11] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH AUTOSEL 5.15 07/18] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH AUTOSEL 5.18 08/22] netfilter: nf_tables: avoid skb access on nf_stolen, Sasha Levin
[PATCH AUTOSEL 5.18 09/22] netfilter: br_netfilter: do not skip all hooks with 0 priority, Sasha Levin
[PATCH nft] cache: release pending rules when chain binding lookup fails, Pablo Neira Ayuso
[linux-next:master] BUILD REGRESSION 2a2aa3f05338270aecbe2492fda910d6c17e0102, kernel test robot
[PATCH nf] netfilter: nf_tables: replace BUG_ON by element length check, Pablo Neira Ayuso
[PATCH] netfilter: nf_log: incorrect offset to network header, Pablo Neira Ayuso
[linux-next:master] BUILD REGRESSION b6f1f2fa2bddd69ff46a190b8120bd440fd50563, kernel test robot
[PATCH] netfilter: ipvs: Use the bitmap API to allocate bitmaps,
Christophe JAILLET
[BUG] ARP packet "parsing" broken in output hook of arp and netdev family table, Tom Yan
Re: [PATCH v1] netfilter: nf_tables: fix nft_set_elem_init heap buffer overflow,
Pablo Neira Ayuso
[PATCH] netfilter: nf_tables: stricter validation of element data,
Pablo Neira Ayuso
[linux-next:master] BUILD REGRESSION c4185b16aba73929aa76f0d030efbe79ae867808, kernel test robot
[vs] Netfilter vulnerability disclosure, Hugues ANGUELKOV
[Regression] stress-ng udp-flood causes kernel panic on Ampere Altra,
Kajetan Puchalski
[linux-next:master] BUILD REGRESSION 6cc11d2a1759275b856e464265823d94aabd5eaf,
kernel test robot
[iptables PATCH] libxtables: Fix unsupported extension warning corner case,
Phil Sutter
[PATCH 0/6] netfilter: ipset: Add support for new bitmask parameter,
Vishwanath Pai
[PATCH] netfilter: ipset: ipset list may return wrong member count on bitmap types,
Vishwanath Pai
[PATCH] xt_sctp: support a couple of new chunk types,
Yuxuan Luo
[PATCH] netfilter: in nf_nat_initialized(), use const struct nf_conn *,
James Yonan
[PATCH v2 0/3] conntrack: -A command implementation,
Mikhail Sennikovsky
[PATCH libmnl] nlmsg: Only print ECMA-48 colour sequences to terminals, Pablo Neira Ayuso
[PATCH nft] evaluate: report missing interval flag when using prefix/range in concatenation, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_set_pipapo: release elements in clone from abort path,
Pablo Neira Ayuso
[PATCH v37 19/33] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v37 15/33] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v37 16/33] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v37 09/33] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[PATCH v37 08/33] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH nftables] Allow resetting the include search path,
Daniel Gröber
[PATCH][next] treewide: uapi: Replace zero-length arrays with flexible-array members,
Gustavo A. R. Silva
[PATCH nf-next] flow_table: do not try to add already offloaded entries,
Marcelo Ricardo Leitner
[PATCH nft] segtree: fix map listing with interface wildcard, Pablo Neira Ayuso
[nft PATCH] evaluate: fix segfault when adding elements to invalid set,
Peter Tirsek
[PATCH] ebtables: extend the 'static' build target fix.,
Justin Swartz
[PATCH v2 0/3] conntrack: fixes for handling unknown protocols,
Mikhail Sennikovsky
[PATCH nft 0/3] parser: fix scope closing with > 1 nested scope,
Florian Westphal
[PATCH bpf-next v5 0/8] New nf_conntrack kfuncs for insertion, changing timeout, status,
Kumar Kartikeya Dwivedi
[PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set,
Pablo Neira Ayuso
[PATCH 0/6] conntrack: fixes for handling unknown protocols,
Mikhail Sennikovsky
[nft PATCH v2] Revert "scanner: remove saddr/daddr from initial state",
Phil Sutter
[nft PATCH] doc: Document limitations of ipsec expression with xfrm_interface, Phil Sutter
[nft PATCH 0/2] Fix for failing 'counter ipsec ...' rule,
Phil Sutter
[PATCH nf-next 0/6] netfilter: sparse fixups,
Florian Westphal
[PATCH] netfilter: xt_esp: add support for ESP match in NAT Traversal,
Wei Han
[PATCH] netfilter: Fix spelling mistake,
Zhang Jiaming
[PATCH] xtables-monitor: add missing spaces in printed str,
Anton Luka Šijanec
[PATCH nf] netfilter: nf_tables: avoid skb access on nf_stolen,
Florian Westphal
[PATCH nf] netfilter: nft_dynset: restore set element counter when failing to update,
Pablo Neira Ayuso
[PATCH nf-next v2 0/3] netfilter: conntrack sparse annotations,
Florian Westphal
[PATCH 0/3] conntrack: -A command implementation,
Mikhail Sennikovsky
[PATCH nf] netfilter: br_netfilter: do not skip all hooks with 0 priority,
Florian Westphal
large number of sparse warnings in nf_flow_table_offload, Florian Westphal
[PATCH nf-next 0/3] netfilter: conntrack sparse annotations,
Florian Westphal
[PATCH v6 00/17] Network support for Landlock,
Konstantin Meskhidze
- [PATCH v6 02/17] landlock: refactors landlock_find/insert_rule, Konstantin Meskhidze
- [PATCH v6 05/17] landlock: refactors helper functions, Konstantin Meskhidze
- [PATCH v6 09/17] landlock: implements TCP network hooks, Konstantin Meskhidze
- [PATCH v6 01/17] landlock: renames access mask, Konstantin Meskhidze
- [PATCH v6 06/17] landlock: refactors landlock_add_rule syscall, Konstantin Meskhidze
- [PATCH v6 03/17] landlock: refactors merge and inherit functions, Konstantin Meskhidze
- [PATCH v6 07/17] landlock: user space API network support, Konstantin Meskhidze
- [PATCH v6 04/17] landlock: moves helper functions, Konstantin Meskhidze
- [PATCH v6 10/17] seltests/landlock: moves helper function, Konstantin Meskhidze
- [PATCH v6 13/17] seltests/landlock: adds AF_UNSPEC family test, Konstantin Meskhidze
- [PATCH v6 08/17] landlock: adds support network rules, Konstantin Meskhidze
- [PATCH v6 14/17] seltests/landlock: adds rules overlapping test, Konstantin Meskhidze
- [PATCH v6 12/17] seltests/landlock: adds tests for connect() hooks, Konstantin Meskhidze
- [PATCH v6 11/17] seltests/landlock: adds tests for bind() hooks, Konstantin Meskhidze
- [PATCH v6 15/17] seltests/landlock: adds ruleset expanding test, Konstantin Meskhidze
- [PATCH v6 16/17] seltests/landlock: adds invalid input data test, Konstantin Meskhidze
- [PATCH v6 17/17] samples/landlock: adds network demo, Konstantin Meskhidze
- Re: [PATCH v6 00/17] Network support for Landlock, Mickaël Salaün
[PATCH] src: proto: support DF, LE, VA for DSCP,
Oleksandr Natalenko
[PATCH nf 0/2] netfilter: fix two nf_dup bugs with egress hook,
Florian Westphal
[PATCH nft,v2 1/2] rule: collapse set element commands,
Pablo Neira Ayuso
[PATCH nft 00/18] fixes and improvements for -o/--optimize,
Pablo Neira Ayuso
- [PATCH nft 01/18] optimize: do not compare relational expression rhs when collecting statements, Pablo Neira Ayuso
- [PATCH nft 06/18] optimize: fix verdict map merging, Pablo Neira Ayuso
- [PATCH nft 02/18] optimize: do not merge rules with set reference in rhs, Pablo Neira Ayuso
- [PATCH nft 04/18] optimize: remove comment after merging, Pablo Neira Ayuso
- [PATCH nft 09/18] optimize: add fib expression support, Pablo Neira Ayuso
- [PATCH nft 08/18] optimize: add xfrm expression support, Pablo Neira Ayuso
- [PATCH nft 03/18] optimize: do not print stateful information, Pablo Neira Ayuso
- [PATCH nft 05/18] optimize: fix reject statement, Pablo Neira Ayuso
- [PATCH nft 11/18] optimize: add numgen expression support, Pablo Neira Ayuso
- [PATCH nft 16/18] optimize: assume verdict is same when rules have no verdict, Pablo Neira Ayuso
- [PATCH nft 13/18] optimize: add unsupported statement, Pablo Neira Ayuso
- [PATCH nft 14/18] tests: shell: run -c -o on ruleset, Pablo Neira Ayuso
- [PATCH nft 17/18] optimize: limit statement is not supported yet, Pablo Neira Ayuso
- [PATCH nft 12/18] optimize: add hash expression support, Pablo Neira Ayuso
- [PATCH nft 15/18] optimize: only merge OP_IMPLICIT and OP_EQ relational, Pablo Neira Ayuso
- [PATCH nft 10/18] optimize: add binop expression support, Pablo Neira Ayuso
- [PATCH nft 07/18] optimize: add osf expression support, Pablo Neira Ayuso
- [PATCH nft 18/18] libnftables: release top level scope, Pablo Neira Ayuso
- Re: [PATCH nft 00/18] fixes and improvements for -o/--optimize, Pablo Neira Ayuso
Re: Support for String Match Blocking in NFTables,
Duncan Roe
[PATCH] netfilter: add nf_log.h,
Markus Mayer
Re: [PATCH] selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh,
Pablo Neira Ayuso
[PATCH nft] tests: shell: large set overlap and automerge,
Pablo Neira Ayuso
[PATCH nft 1/2] intervals: do not empty cache for maps,
Pablo Neira Ayuso
[nft PATCH] intervals: Do not sort cached set elements over and over again,
Phil Sutter
[PATCH v2] build: fix clang+glibc snprintf substitution error,
Nicholas Vinson
[PATCH net-next v4 0/2] Conntrack offload debuggability improvements,
Vlad Buslov
[iptables PATCH v2] nft: Exit if nftnl_alloc_expr fails, Phil Sutter
[PATCH] build: fix clang+glibc snprintf substitution error,
Nicholas Vinson
[iptables PATCH] nft: Exit if nftnl_alloc_expr fails,
Phil Sutter
[PATCH nf] nft_set_rbtree: Switch to node list walk for overlap detection,
Stefano Brivio
[PATCH conntrack-tools 1/2] conntrack: pass command object to nfct_mnl_request(),
Pablo Neira Ayuso
[PATCH nft] tests: shell: runtime set element automerge, Pablo Neira Ayuso
[PATCH nft 1/2] rule: collapse set element commands,
Pablo Neira Ayuso
[iptables PATCH 0/2] Review xtables.h vs. xshared.h,
Phil Sutter
[PATCH nft] Revert "scanner: flags: move to own scope", Florian Westphal
[PATCH v36 19/33] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v36 16/33] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v36 15/33] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v36 09/33] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[PATCH v36 08/33] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH 00/12] Clang -Wformat warning fixes,
Bill Wendling
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]