Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- Re: [PATCH][next] treewide: uapi: Replace zero-length arrays with flexible-array members, (continued)
- [PATCH nf-next] flow_table: do not try to add already offloaded entries,
Marcelo Ricardo Leitner
- [PATCH nft] segtree: fix map listing with interface wildcard, Pablo Neira Ayuso
- [nft PATCH] evaluate: fix segfault when adding elements to invalid set,
Peter Tirsek
- [PATCH] ebtables: extend the 'static' build target fix.,
Justin Swartz
- [PATCH v2 0/3] conntrack: fixes for handling unknown protocols,
Mikhail Sennikovsky
- [PATCH nft 0/3] parser: fix scope closing with > 1 nested scope,
Florian Westphal
- [PATCH bpf-next v5 0/8] New nf_conntrack kfuncs for insertion, changing timeout, status,
Kumar Kartikeya Dwivedi
- [PATCH nft 1/2] intervals: fix crash when trying to remove element in empty set,
Pablo Neira Ayuso
- [PATCH 0/6] conntrack: fixes for handling unknown protocols,
Mikhail Sennikovsky
- [nft PATCH v2] Revert "scanner: remove saddr/daddr from initial state",
Phil Sutter
- [nft PATCH] doc: Document limitations of ipsec expression with xfrm_interface, Phil Sutter
- [nft PATCH 0/2] Fix for failing 'counter ipsec ...' rule,
Phil Sutter
- [PATCH nf-next 0/6] netfilter: sparse fixups,
Florian Westphal
- [PATCH] netfilter: xt_esp: add support for ESP match in NAT Traversal,
Wei Han
- [PATCH] netfilter: Fix spelling mistake,
Zhang Jiaming
- [PATCH] xtables-monitor: add missing spaces in printed str,
Anton Luka Šijanec
- [PATCH nf] netfilter: nf_tables: avoid skb access on nf_stolen,
Florian Westphal
- [PATCH nf] netfilter: nft_dynset: restore set element counter when failing to update,
Pablo Neira Ayuso
- [PATCH nf-next v2 0/3] netfilter: conntrack sparse annotations,
Florian Westphal
- [PATCH 0/3] conntrack: -A command implementation,
Mikhail Sennikovsky
- [PATCH nf] netfilter: br_netfilter: do not skip all hooks with 0 priority,
Florian Westphal
- large number of sparse warnings in nf_flow_table_offload, Florian Westphal
- [PATCH nf-next 0/3] netfilter: conntrack sparse annotations,
Florian Westphal
- [PATCH v6 00/17] Network support for Landlock,
Konstantin Meskhidze
- [PATCH v6 02/17] landlock: refactors landlock_find/insert_rule, Konstantin Meskhidze
- [PATCH v6 05/17] landlock: refactors helper functions, Konstantin Meskhidze
- [PATCH v6 09/17] landlock: implements TCP network hooks, Konstantin Meskhidze
- [PATCH v6 01/17] landlock: renames access mask, Konstantin Meskhidze
- [PATCH v6 06/17] landlock: refactors landlock_add_rule syscall, Konstantin Meskhidze
- [PATCH v6 03/17] landlock: refactors merge and inherit functions, Konstantin Meskhidze
- [PATCH v6 07/17] landlock: user space API network support, Konstantin Meskhidze
- [PATCH v6 04/17] landlock: moves helper functions, Konstantin Meskhidze
- [PATCH v6 10/17] seltests/landlock: moves helper function, Konstantin Meskhidze
- [PATCH v6 13/17] seltests/landlock: adds AF_UNSPEC family test, Konstantin Meskhidze
- [PATCH v6 08/17] landlock: adds support network rules, Konstantin Meskhidze
- [PATCH v6 14/17] seltests/landlock: adds rules overlapping test, Konstantin Meskhidze
- [PATCH v6 12/17] seltests/landlock: adds tests for connect() hooks, Konstantin Meskhidze
- [PATCH v6 11/17] seltests/landlock: adds tests for bind() hooks, Konstantin Meskhidze
- [PATCH v6 15/17] seltests/landlock: adds ruleset expanding test, Konstantin Meskhidze
- [PATCH v6 16/17] seltests/landlock: adds invalid input data test, Konstantin Meskhidze
- [PATCH v6 17/17] samples/landlock: adds network demo, Konstantin Meskhidze
- Re: [PATCH v6 00/17] Network support for Landlock, Mickaël Salaün
- [PATCH] src: proto: support DF, LE, VA for DSCP,
Oleksandr Natalenko
- [PATCH nf 0/2] netfilter: fix two nf_dup bugs with egress hook,
Florian Westphal
- [PATCH nft,v2 1/2] rule: collapse set element commands,
Pablo Neira Ayuso
- [PATCH nft 00/18] fixes and improvements for -o/--optimize,
Pablo Neira Ayuso
- [PATCH nft 01/18] optimize: do not compare relational expression rhs when collecting statements, Pablo Neira Ayuso
- [PATCH nft 06/18] optimize: fix verdict map merging, Pablo Neira Ayuso
- [PATCH nft 02/18] optimize: do not merge rules with set reference in rhs, Pablo Neira Ayuso
- [PATCH nft 04/18] optimize: remove comment after merging, Pablo Neira Ayuso
- [PATCH nft 09/18] optimize: add fib expression support, Pablo Neira Ayuso
- [PATCH nft 08/18] optimize: add xfrm expression support, Pablo Neira Ayuso
- [PATCH nft 03/18] optimize: do not print stateful information, Pablo Neira Ayuso
- [PATCH nft 05/18] optimize: fix reject statement, Pablo Neira Ayuso
- [PATCH nft 11/18] optimize: add numgen expression support, Pablo Neira Ayuso
- [PATCH nft 16/18] optimize: assume verdict is same when rules have no verdict, Pablo Neira Ayuso
- [PATCH nft 13/18] optimize: add unsupported statement, Pablo Neira Ayuso
- [PATCH nft 14/18] tests: shell: run -c -o on ruleset, Pablo Neira Ayuso
- [PATCH nft 17/18] optimize: limit statement is not supported yet, Pablo Neira Ayuso
- [PATCH nft 12/18] optimize: add hash expression support, Pablo Neira Ayuso
- [PATCH nft 15/18] optimize: only merge OP_IMPLICIT and OP_EQ relational, Pablo Neira Ayuso
- [PATCH nft 10/18] optimize: add binop expression support, Pablo Neira Ayuso
- [PATCH nft 07/18] optimize: add osf expression support, Pablo Neira Ayuso
- [PATCH nft 18/18] libnftables: release top level scope, Pablo Neira Ayuso
- Re: [PATCH nft 00/18] fixes and improvements for -o/--optimize, Pablo Neira Ayuso
- Re: Support for String Match Blocking in NFTables,
Duncan Roe
- [PATCH] netfilter: add nf_log.h,
Markus Mayer
- Re: [PATCH] selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh,
Pablo Neira Ayuso
- [PATCH nft] tests: shell: large set overlap and automerge,
Pablo Neira Ayuso
- [PATCH nft 1/2] intervals: do not empty cache for maps,
Pablo Neira Ayuso
- [nft PATCH] intervals: Do not sort cached set elements over and over again,
Phil Sutter
- [PATCH v2] build: fix clang+glibc snprintf substitution error,
Nicholas Vinson
- [PATCH net-next v4 0/2] Conntrack offload debuggability improvements,
Vlad Buslov
- [iptables PATCH v2] nft: Exit if nftnl_alloc_expr fails, Phil Sutter
- [PATCH] build: fix clang+glibc snprintf substitution error,
Nicholas Vinson
- [iptables PATCH] nft: Exit if nftnl_alloc_expr fails,
Phil Sutter
- [PATCH nf] nft_set_rbtree: Switch to node list walk for overlap detection,
Stefano Brivio
- [PATCH conntrack-tools 1/2] conntrack: pass command object to nfct_mnl_request(),
Pablo Neira Ayuso
- [PATCH nft] tests: shell: runtime set element automerge, Pablo Neira Ayuso
- [PATCH nft 1/2] rule: collapse set element commands,
Pablo Neira Ayuso
- [iptables PATCH 0/2] Review xtables.h vs. xshared.h,
Phil Sutter
- [PATCH nft] Revert "scanner: flags: move to own scope", Florian Westphal
- [PATCH v36 19/33] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v36 16/33] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v36 15/33] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v36 09/33] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v36 08/33] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
- [PATCH 00/12] Clang -Wformat warning fixes,
Bill Wendling
- [PATCH 01/12] x86/mce: use correct format characters, Bill Wendling
- [PATCH 02/12] x86/CPU/AMD: use correct format characters, Bill Wendling
- [PATCH 03/12] x86/e820: use correct format characters, Bill Wendling
- [PATCH 04/12] blk-cgroup: use correct format characters, Bill Wendling
- [PATCH 05/12] fs: quota: use correct format characters, Bill Wendling
- [PATCH 06/12] PNP: use correct format characters, Bill Wendling
- [PATCH 07/12] driver/char: use correct format characters, Bill Wendling
- [PATCH 08/12] cdrom: use correct format characters, Bill Wendling
- [PATCH 09/12] ALSA: seq: use correct format characters, Bill Wendling
- [PATCH 10/12] ALSA: seq: use correct format characters, Bill Wendling
- [PATCH 11/12] ALSA: control: use correct format characters, Bill Wendling
- [PATCH 12/12] netfilter: conntrack: use correct format characters, Bill Wendling
- Re: [PATCH 00/12] Clang -Wformat warning fixes, Andrew Morton
- [PATCH v2 0/1] Reusing modifier socket for bulk ct loads,
Mikhail Sennikovsky
- [iptables PATCH 1/2] iptables-legacy: Drop redundant include of xtables-multi.h,
Phil Sutter
- [iptables PATCH 0/9] Improve testsuites' code coverage,
Phil Sutter
- [iptables PATCH 5/9] extensions: libebt_standard.t: Test logical-{in,out} as well, Phil Sutter
- [iptables PATCH 8/9] extensions: string: Review parse_string() function, Phil Sutter
- [iptables PATCH 2/9] tests: shell: Add some more rules to 0002-verbose-output_0, Phil Sutter
- [iptables PATCH 9/9] extensions: string: Fix and enable tests, Phil Sutter
- [iptables PATCH 6/9] ebtables-restore: Deny --init-table, Phil Sutter
- [iptables PATCH 7/9] extensions: string: Do not print default --to value, Phil Sutter
- [iptables PATCH 3/9] tests: shell: Extend iptables-xml test a bit, Phil Sutter
- [iptables PATCH 4/9] tests: shell: Extend zero counters test a bit further, Phil Sutter
- [iptables PATCH 1/9] Makefile: Add --enable-profiling configure option, Phil Sutter
- Add action to "finally" accept packets?,
Nick
- [PATCH conntrack-tools] conntrackd: build: always add ports to sync message, Pablo Neira Ayuso
- Re: [PATCH v2] netfilter: conntrack: Fix clang -Wformat warning in print_tuple(), Nick Desaulniers
- [iptables PATCH v2] arptables: Support -x/--exact flag, Phil Sutter
- [iptables PATCH] arptables: Support -x/--exact flag, Phil Sutter
- CFS for Netdev 0x16 open!,
Jamal Hadi Salim
- [ANNOUNCE] nftables 1.0.4 release, Pablo Neira Ayuso
- [ANNOUNCE] libnftnl 1.2.2 release, Pablo Neira Ayuso
- [PATCH v4.9.y] netfilter: nf_tables: disallow non-stateful expression in sets earlier,
Ajay Kaher
- [PATCH v4.14.y] netfilter: nf_tables: disallow non-stateful expression in sets earlier, Ajay Kaher
- [PATCH nf,v3] netfilter: nf_tables: bail out early if hardware offload is not supported, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: bail out early if hardware offload is not supported, Pablo Neira Ayuso
- netfilter: xtables: Bring SPDX identifier back,
Thomas Gleixner
- [PATCH nf] netfilter: nf_tables: memleak flow rule from commit path, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: release new hooks on unsupported flowtable flags, Pablo Neira Ayuso
- [PATCH v4.19.y] netfilter: nf_tables: disallow non-stateful expression in sets earlier, Ajay Kaher
- [PATCH v5.4.y] netfilter: nf_tables: disallow non-stateful expression in sets earlier,
Ajay Kaher
- Expired Cert,
Scott Wisniewski
- [iptables PATCH] libxtables: Unexport init_extensions*() declarations,
Phil Sutter
- [PATCH 0/1] Reusing modifier socket for bulk ct loads,
Mikhail Sennikovsky
- [PATCH nf] netfilter: nf_tables: bail out early if hardware offload is not supported, Pablo Neira Ayuso
- [iptables PATCH] tests: shell: Check overhead in iptables-save and -restore, Phil Sutter
- Alternative SCTP l4 tracker?,
Sriram Yagnaraman
- rebasing libnftnl git, Pablo Neira Ayuso
- [PATCH nft] tests: shell: remove leftover modules on cleanup, Pablo Neira Ayuso
- [PATCH nf 1/3,v3] netfilter: nf_tables: delete flowtable hooks via transaction list,
Pablo Neira Ayuso
- [PATCH nft] evaluate: reset ctx->set after set interval evaluation, Pablo Neira Ayuso
- [PATCH nft] tests: shell: sets_with_ifnames release netns on exit, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path, Pablo Neira Ayuso
- [PATCH] Revert "Simplify static build extension loading",
Nick Hainke
- [nf PATCH] netfilter: nft_nat: Fix inet l4-only NAT,
Phil Sutter
- [PATCH nf] netfilter: nat: really support inet nat without l3 address,
Florian Westphal
- [PATCH nft] optimize: segfault when releasing unsupported statement, Pablo Neira Ayuso
- [ANNOUNCE] nftables 1.0.3 release, Pablo Neira Ayuso
- [PATCH nft] intervals: fix compilation --with-mini-gmp, Pablo Neira Ayuso
- [PATCH 3/2,v2] netfilter: nf_tables: delete flowtable hooks via transaction list, Pablo Neira Ayuso
- [PATCH nf,v2 1/2] netfilter: nf_tables: hold mutex on netns pre_exit path,
Pablo Neira Ayuso
- [PATCH nf 1/2] netfilter: nf_tables: double hook unregistration in netns path,
Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: sanitize nft_set_desc_concat_parse(), Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: sanitize nft_set_desc_concat_parse(), Pablo Neira Ayuso
- [PATCH v4 bpf-next 00/14] net: netfilter: add kfunc helper to update ct timeout,
Lorenzo Bianconi
- [PATCH v4 bpf-next 02/14] bpf: Print multiple type flags in verifier log, Lorenzo Bianconi
- [PATCH v4 bpf-next 01/14] bpf: Add support for forcing kfunc args to be referenced, Lorenzo Bianconi
- [PATCH v4 bpf-next 03/14] bpf: Support rdonly PTR_TO_BTF_ID for pointer to const return value, Lorenzo Bianconi
- [PATCH v4 bpf-next 13/14] selftests/bpf: add selftest for bpf_xdp_ct_add and bpf_ct_refresh_timeout kfunc, Lorenzo Bianconi
- [PATCH v4 bpf-next 06/14] bpf: Whitelist some fields in nf_conn for BPF_WRITE, Lorenzo Bianconi
- [PATCH v4 bpf-next 09/14] selftests/bpf: Add C tests for rdonly PTR_TO_BTF_ID, Lorenzo Bianconi
- [PATCH v4 bpf-next 12/14] net: netfilter: add kfunc helpers to alloc and insert a new ct entry, Lorenzo Bianconi
- [PATCH v4 bpf-next 08/14] selftests/bpf: Add verifier tests for forced kfunc ref args, Lorenzo Bianconi
- [PATCH v4 bpf-next 07/14] bpf: Define acquire-release pairs for kfuncs, Lorenzo Bianconi
- [PATCH v4 bpf-next 14/14] selftests/bpf: Add negative tests for bpf_nf, Lorenzo Bianconi
- [PATCH v4 bpf-next 11/14] net: netfilter: add kfunc helper to update ct timeout, Lorenzo Bianconi
- [PATCH v4 bpf-next 05/14] bpf: Support passing rdonly PTR_TO_BTF_ID to kfunc, Lorenzo Bianconi
- [PATCH v4 bpf-next 10/14] selftests/bpf: Add verifier tests for rdonly PTR_TO_BTF_ID, Lorenzo Bianconi
- [PATCH v4 bpf-next 04/14] bpf: Support storing rdonly PTR_TO_BTF_ID in BPF maps, Lorenzo Bianconi
- Re: [PATCH v4 bpf-next 00/14] net: netfilter: add kfunc helper to update ct timeout, Alexei Starovoitov
- [PATCH] nft: allow deletion of rule by full statement form,
Chander Govindarajan
- [PATCH nf,v2] netfilter: nf_tables: disallow non-stateful expression in sets earlier, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: disallow non-stateful expression in sets earlier,
Pablo Neira Ayuso
- [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable,
wenxu
- [PATCH nf-next 1/2] netfilter: flowtable: fix nft_flow_route miss FLOWI_FLAG_ANYSRC flag,
wenxu
- [PATCH nf-next] netfilter: flowtable: fix nft_flow_route use saddr for reverse route,
wenxu
- [iptables PATCH v2] build: Fix error during out of tree build,
Ben Brown
- [PATCH] nft: simplify chain lookup in do_list_chain,
Chander Govindarajan
- [PATCH nf-next v2] selftests: netfilter: flowtable vlan filtering bridge support,
wenxu
- [PATCH] netfilter: conntrack: use fallthrough to cleanup,
Jackie Liu
- [nf PATCH] netfilter: nft_limit: Clone packet limits' cost value,
Phil Sutter
- [PATCH] nft: update json output ordering to place rules after chains,
Chander Govindarajan
- [PATCH nft] netlink_delinearize: memleak when parsing concatenation data,
Pablo Neira Ayuso
- [iptables PATCH] build: Fix error during out of tree build,
Ben Brown
- [PATCH libnftnl 1/2] expr: fib: missing #include <assert.h>,
Pablo Neira Ayuso
- [PATCH nf] netfilter: use get_random_u32 instead of prandom,
Florian Westphal
- [PATCH nf-next] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH nft 1/3] parser_bison: fix error location for set elements,
Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: disable bh to update per-cpu rnd_state,
Pablo Neira Ayuso
- [iptables PATCH] Revert "fix build for missing ETH_ALEN definition",
Phil Sutter
- [PATCH nf] netfilter: nf_tables: disable expression reduction infra,
Pablo Neira Ayuso
- [PATCH] nft: support for dynamic register allocation, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: restrict expression reduction to first expression, Pablo Neira Ayuso
- [PATCH v3 bpf-next 0/5] net: netfilter: add kfunc helper to update ct timeout,
Lorenzo Bianconi
- [PATCH] netfilter: nf_tables: restrict expression reduction to first expression,
Pablo Neira Ayuso
- [syzbot] KASAN: slab-out-of-bounds Read in cttimeout_net_exit,
syzbot
- [PATCH nf-next] netfilter: conntrack: re-fetch conntrack after insertion,
Florian Westphal
- [PATCH nf-next] netfilter: nfnetlink: fix warn in nfnetlink_unbind,
Florian Westphal
- [syzbot] WARNING in nfnetlink_unbind, syzbot
- [syzbot] KASAN: use-after-free Read in nf_confirm,
syzbot
- [syzbot] UBSAN: array-index-out-of-bounds in nfnetlink_unbind, syzbot
- [nf-next PATCH v4 0/4] nf_tables: Export rule optimizer results to user space,
Phil Sutter
- [PATCH net-next v3 0/3] Conntrack offload debuggability improvements,
Vlad Buslov
- [PATCH v3] netfilter: nf_flowtable: move dst_check to packet path,
Ritaro Takenaka
- [PATCH nf,v2] netfilter: flowtable: fix TCP flow teardown,
Pablo Neira Ayuso
- [PATCH nf] netfilter: flowtable: fix TCP flow teardown,
Pablo Neira Ayuso
- [PATCH net-next v2 0/3] Conntrack offload debuggability improvements,
Vlad Buslov
- [PATCH conntrack-tools] conntrack: remove -o userspace,
Florian Westphal
- [PATCH v5 00/15] Network support for Landlock,
Konstantin Meskhidze
- [PATCH v5 01/15] landlock: access mask renaming, Konstantin Meskhidze
- [PATCH v5 06/15] landlock: user space API network support, Konstantin Meskhidze
- [PATCH v5 07/15] landlock: add support network rules, Konstantin Meskhidze
- [PATCH v5 04/15] landlock: helper functions refactoring, Konstantin Meskhidze
- [PATCH v5 03/15] landlock: merge and inherit function refactoring, Konstantin Meskhidze
- [PATCH v5 09/15] seltests/landlock: add tests for bind() hooks, Konstantin Meskhidze
- [PATCH v5 10/15] seltests/landlock: add tests for connect() hooks, Konstantin Meskhidze
- [PATCH v5 14/15] seltests/landlock: invalid user input data test, Konstantin Meskhidze
- [PATCH v5 02/15] landlock: landlock_find/insert_rule refactoring, Konstantin Meskhidze
- [PATCH v5 08/15] landlock: TCP network hooks implementation, Konstantin Meskhidze
- [PATCH v5 13/15] seltests/landlock: ruleset expanding test, Konstantin Meskhidze
- [PATCH v5 11/15] seltests/landlock: connect() with AF_UNSPEC tests, Konstantin Meskhidze
- [PATCH v5 15/15] samples/landlock: adds network demo, Konstantin Meskhidze
- [PATCH v5 12/15] seltests/landlock: rules overlapping test, Konstantin Meskhidze
- [PATCH v5 05/15] landlock: landlock_add_rule syscall refactoring, Konstantin Meskhidze
- Re: [PATCH v5 00/15] Network support for Landlock - UDP discussion, Mickaël Salaün
- [PATCH nf] netfilter: nft_numgen: disable preempt to access per-cpu data,
Pablo Neira Ayuso
- [PATCH libnftnl] expr: extend support for dynamic register allocation, Pablo Neira Ayuso
- [PATCH iptables 1/2] xtables: fix compilation with musl,
Nick Hainke
- [PATCH nft] netlink_delinearize: release last register on exit, Pablo Neira Ayuso
- [iptables PATCH] xshared: Fix build for -Werror=format-security, Phil Sutter
- [ANNOUNCE] iptables 1.8.8 release, Phil Sutter
- [PATCH nf] nft_set_rbtree: Move clauses for expired nodes, last active node as leaf,
Stefano Brivio
- [PATCH net v2] netfilter: nf_flow_table: fix teardown flow timeout,
Oz Shlomo
- [nf-next PATCH v3 0/4] nf_tables: Export rule optimizer results to user space,
Phil Sutter
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
