Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [nf-next PATCH v3 3/4] netfilter: nf_tables: Introduce expression flags, (continued)
- [PATCH v2 bpf-next 0/2] net: netfilter: add kfunc helper to update ct timeout,
Lorenzo Bianconi
- [PATCH nf-next] netfilter: conntrack: remove pr_debug callsites from tcp tracker,
Florian Westphal
- [nf-next PATCH v2 0/2] nf_tables: Export rule optimizer results to user space,
Phil Sutter
- [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space,
Phil Sutter
- Call netfilter okfn on stolen packets, Federico De Marchi
- [PATCH v2] netfilter: nf_flowtable: move dst_check to packet path,
Ritaro Takenaka
- [PATCH nf-next] netfilter: conntrack: do not disable bh during destruction,
Florian Westphal
- [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup,
Felix Fietkau
- [nf-next PATCH] nf_flow_table_offload: offload the PPPoE encap in the flowtable,
wenxu
- [PATCH net-next 00/17] Netfilter updates for net-next,
Pablo Neira Ayuso
- [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery, Pablo Neira Ayuso
- [PATCH net-next 05/17] netfilter: remove nf_ct_unconfirmed_destroy helper, Pablo Neira Ayuso
- [PATCH net-next 07/17] netfilter: cttimeout: decouple unlink and free on netns destruction, Pablo Neira Ayuso
- [PATCH net-next 04/17] netfilter: cttimeout: decouple unlink and free on netns destruction, Pablo Neira Ayuso
- [PATCH net-next 03/17] netfilter: conntrack: remove the percpu dying list, Pablo Neira Ayuso
- [PATCH net-next 02/17] netfilter: conntrack: include ecache dying list in dumps, Pablo Neira Ayuso
- [PATCH net-next 11/17] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*(), Pablo Neira Ayuso
- [PATCH net-next 09/17] netfilter: conntrack: remove unconfirmed list, Pablo Neira Ayuso
- [PATCH net-next 14/17] netfilter: conntrack: add nf_conntrack_events autodetect mode, Pablo Neira Ayuso
- [PATCH net-next 08/17] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy, Pablo Neira Ayuso
- [PATCH net-next 13/17] netfilter: conntrack: un-inline nf_ct_ecache_ext_add, Pablo Neira Ayuso
- [PATCH net-next 15/17] netfilter: prefer extension check to pointer check, Pablo Neira Ayuso
- [PATCH net-next 16/17] netfilter: flowtable: nft_flow_route use more data for reverse route, Pablo Neira Ayuso
- [PATCH net-next 06/17] netfilter: extensions: introduce extension genid count, Pablo Neira Ayuso
- [PATCH net-next 10/17] netfilter: conntrack: avoid unconditional local_bh_disable, Pablo Neira Ayuso
- [PATCH net-next 17/17] netfilter: conntrack: skip verification of zero UDP checksum, Pablo Neira Ayuso
- [PATCH net-next 12/17] netfilter: nfnetlink: allow to detect if ctnetlink listeners exist, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net-next 00/17] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 04/17] netfilter: cttimeout: decouple unlink and free on netns destruction, Pablo Neira Ayuso
- [PATCH net-next 02/17] netfilter: conntrack: include ecache dying list in dumps, Pablo Neira Ayuso
- [PATCH net-next 03/17] netfilter: conntrack: remove the percpu dying list, Pablo Neira Ayuso
- [PATCH net-next 05/17] netfilter: remove nf_ct_unconfirmed_destroy helper, Pablo Neira Ayuso
- [PATCH net-next 06/17] netfilter: extensions: introduce extension genid count, Pablo Neira Ayuso
- [PATCH net-next 01/17] netfilter: ecache: use dedicated list for event redelivery, Pablo Neira Ayuso
- [PATCH net-next 08/17] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy, Pablo Neira Ayuso
- [PATCH net-next 07/17] netfilter: cttimeout: decouple unlink and free on netns destruction, Pablo Neira Ayuso
- [PATCH net-next 10/17] netfilter: conntrack: avoid unconditional local_bh_disable, Pablo Neira Ayuso
- [PATCH net-next 11/17] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*(), Pablo Neira Ayuso
- [PATCH net-next 09/17] netfilter: conntrack: remove unconfirmed list, Pablo Neira Ayuso
- [PATCH net-next 13/17] netfilter: conntrack: un-inline nf_ct_ecache_ext_add, Pablo Neira Ayuso
- [PATCH net-next 15/17] netfilter: prefer extension check to pointer check, Pablo Neira Ayuso
- [PATCH net-next 16/17] netfilter: flowtable: nft_flow_route use more data for reverse route, Pablo Neira Ayuso
- [PATCH net-next 14/17] netfilter: conntrack: add nf_conntrack_events autodetect mode, Pablo Neira Ayuso
- [PATCH net-next 17/17] netfilter: conntrack: skip verification of zero UDP checksum, Pablo Neira Ayuso
- [PATCH net-next 12/17] netfilter: nfnetlink: allow to detect if ctnetlink listeners exist, Pablo Neira Ayuso
- [PATCH net-next 00/17] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 01/17] netfilter: nf_tables: skip transaction if update object is not implemented, Pablo Neira Ayuso
- [PATCH net-next 02/17] netfilter: nf_tables: remove NETDEV_CHANGENAME from netdev chain event handler, Pablo Neira Ayuso
- [PATCH net-next 03/17] netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery, Pablo Neira Ayuso
- [PATCH net-next 04/17] netfilter: conntrack: dccp: try not to drop skb in conntrack, Pablo Neira Ayuso
- [PATCH net-next 06/17] netfilter: conntrack: documentation: remove reference to non-existent sysctl, Pablo Neira Ayuso
- [PATCH net-next 08/17] netfilter: nft_set_pipapo: move prove_locking helper around, Pablo Neira Ayuso
- [PATCH net-next 07/17] netfilter: conntrack: remove flowtable early-drop test, Pablo Neira Ayuso
- [PATCH net-next 09/17] netfilter: nft_set_pipapo: make pipapo_clone helper return NULL, Pablo Neira Ayuso
- [PATCH net-next 10/17] netfilter: nft_set_pipapo: prepare destroy function for on-demand clone, Pablo Neira Ayuso
- [PATCH net-next 12/17] netfilter: nft_set_pipapo: merge deactivate helper into caller, Pablo Neira Ayuso
- [PATCH net-next 11/17] netfilter: nft_set_pipapo: prepare walk function for on-demand clone, Pablo Neira Ayuso
- [PATCH net-next 05/17] netfilter: use NF_DROP instead of -NF_DROP, Pablo Neira Ayuso
- [PATCH net-next 13/17] netfilter: nft_set_pipapo: prepare pipapo_get helper for on-demand clone, Pablo Neira Ayuso
- [PATCH net-next 17/17] netfilter: nf_tables: allow clone callbacks to sleep, Pablo Neira Ayuso
- [PATCH net-next 15/17] netfilter: nft_set_pipapo: remove dirty flag, Pablo Neira Ayuso
- [PATCH net-next 14/17] netfilter: nft_set_pipapo: move cloning of match info to insert/removal path, Pablo Neira Ayuso
- [PATCH net-next 16/17] selftests: netfilter: add packetdrill based conntrack tests, Pablo Neira Ayuso
- [PATCH net-next v2] net: ipvs: randomize starting destination of RR/WRR scheduler,
menglong8 . dong
- [PATCH net-next] net: ipvs: random start for RR scheduler,
menglong8 . dong
- [PATCH v2 nf 1/4] netfilter: flowtable: fix excessive hw offload attempts after failure,
Felix Fietkau
- [PATCH] nf_flowtable: teardown fix race condition,
Sven Auhagen
- [PATCH net] netfilter: nf_flow_table: fix teardown flow timeout,
Oz Shlomo
- Re: [PATCH 2/4] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices,
Pablo Neira Ayuso
- [PATCH nft] intervals: deletion should adjust range not yet in the kernel, Pablo Neira Ayuso
- [PATCH xtables-addons 1/2] doc: fix some typos in man-pages,
Jeremy Sowden
- [iptables PATCH 0/5] Restore libxtables ABI compatibility,
Phil Sutter
- [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release,
Phil Sutter
- [ANNOUNCE] libnetfilter_cthelper 1.0.1 release, Phil Sutter
- [iptables PATCH 0/4] Some misc fixes,
Phil Sutter
- [PATCH] netfilter: nf_conncount: reduce unnecessary GC,
William Tu
- [PATCH bpf-next] net: netfilter: add kfunc helper to update ct timeout,
Lorenzo Bianconi
- [PATCH nft 1/3] optimize: incorrect logic in verdict comparison,
Pablo Neira Ayuso
- [PATCH conntrack] conntrack: consolidate socket open call, Pablo Neira Ayuso
- [PATCH libnftnl,v3] src: add dynamic register allocation infrastructure,
Pablo Neira Ayuso
- [PATCH libnftnl,v2] src: add dynamic register allocation infrastructure, Pablo Neira Ayuso
- [PATCH iptables,v2] nft: support for dynamic register allocation, Pablo Neira Ayuso
- [PATCH libnftnl] src: add dynamic register allocation infrastructure,
Pablo Neira Ayuso
- [PATCH nft 0/3] nftables: add support for wildcard interfaces,
Florian Westphal
- [PATCH nf-next] selftests: netfilter: flowtable vlan filtering bridge support, wenxu
- Minor issue in iptables(8) man page,
Steve Brecher
- [PATCH v2 nf] netfilter: nft_socket: only do sk lookups when indev is available,
Florian Westphal
- [PATCH nf] netfilter: nft_socket: only do sk lookup when indev is available,
Florian Westphal
- [PATCH nf] netfilter: nft_socket: allow socket expression from prerouting and input only, Pablo Neira Ayuso
- [PATCH net] netfilter: conn: fix udp offload timeout sysctl,
Volodymyr Mytnyk
- [PATCH] nf_flowtable: nft_flow_route use more data for reverse route,
Sven Auhagen
- LPC 2022 Networking and BPF Track CFP,
Daniel Borkmann
- [PATCH nft] src: fix always-true assertions,
Florian Westphal
- [PATCH 1/1] configure: add an option to compile the examples,
Dario Binacchi
- [PATCH nf-next 0/4] netfilter: conntrack: avoid eache extension allocation,
Florian Westphal
- [PATCH nf] netfilter: nf_conntrack_tcp: re-init for syn packets only,
Florian Westphal
- [PATCH nf-next] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*(), Pablo Neira Ayuso
- [PATCH] nf_flowtable: ensure dst.dev is not blackhole,
Ritaro Takenaka
- [PATCH iptables 0/7] support for dynamic register allocation,
Pablo Neira Ayuso
- [PATCH] socket gid and socket uid, Topi Miettinen
- [PATCH] netfilter: nft_socket: socket expressions for GID & UID,
Topi Miettinen
- [PATCH v1] netfilter: Remove the empty file, clement wei
- [PATCH nf v2 0/2] netfilter: Fix/update mangled packet re-routing within VRF domains,
Martin Willi
- [PATCH v35 16/29] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v35 18/29] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v35 09/29] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v35 08/29] LSM: Use lsmblob in security_secctx_to_secid,
Casey Schaufler
- [PATCH nft] intervals: set on EXPR_F_KERNEL flag for new elements in set cache, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion,
Pablo Neira Ayuso
- [PATCH nft 0/2] allow base integer type in concatenation,
Florian Westphal
- [PATCH nft,v2 1/3] intervals: add elements with EXPR_F_KERNEL to purge list only,
Pablo Neira Ayuso
- [PATCH nft 1/2] intervals: add elements with EXPR_F_KERNEL to purge list only,
Pablo Neira Ayuso
- [nft PATCH] intervals: Simplify element sanity checks,
Phil Sutter
- [PATCH nft] intervals: remove check for EXPR_F_REMOVE in remove_element(), Pablo Neira Ayuso
- [PATCH nft] intervals: unset EXPR_F_KERNEL for adjusted elements, Pablo Neira Ayuso
- [PATCH nft,v6 0/8] revisit overlap/automerge codebase,
Pablo Neira Ayuso
- [PATCH nft,v6 1/8] src: add EXPR_F_KERNEL to identify expression in the kernel, Pablo Neira Ayuso
- [PATCH nft,v6 4/8] mnl: update mnl_nft_setelem_del() to allow for more reuse, Pablo Neira Ayuso
- [PATCH nft,v6 2/8] src: replace interval segment tree overlap and automerge, Pablo Neira Ayuso
- [PATCH nft,v6 6/8] evaluate: allow for zero length ranges, Pablo Neira Ayuso
- [PATCH nft,v6 5/8] intervals: add support to automerge with kernel elements, Pablo Neira Ayuso
- [PATCH nft,v6 8/8] src: restore interval sets work with string datatypes, Pablo Neira Ayuso
- [PATCH nft,v6 7/8] intervals: support to partial deletion with automerge, Pablo Neira Ayuso
- [PATCH nft,v6 3/8] src: remove rbtree datastructure, Pablo Neira Ayuso
- [PATCH nft,v5 7/7] intervals: support to partial deletion with automerge, Pablo Neira Ayuso
- [PATCH nft,v4 0/7] revisit overlap/automerge codebase,
Pablo Neira Ayuso
- [PATCH nft,v4 1/7] src: add EXPR_F_KERNEL to identify expression in the kernel, Pablo Neira Ayuso
- [PATCH nft,v4 3/7] src: remove rbtree datastructure, Pablo Neira Ayuso
- [PATCH nft,v4 4/7] mnl: update mnl_nft_setelem_del() to allow for more reuse, Pablo Neira Ayuso
- [PATCH nft,v4 6/7] evaluate: allow for zero length ranges, Pablo Neira Ayuso
- [PATCH nft,v4 5/7] intervals: add support to automerge with kernel elements, Pablo Neira Ayuso
- [PATCH nft,v4 2/7] src: replace interval segment tree overlap and automerge, Pablo Neira Ayuso
- [PATCH nft,v4 7/7] intervals: support to partial deletion with automerge, Pablo Neira Ayuso
- [PATCH nf,v2] ipvs: correctly print the memory size of ip_vs_conn_tab,
Pengcheng Yang
- [PATCH nf] netfilter: Update ip6_route_me_harder to consider L3 domain,
Martin Willi
- [PATCH nf] ipvs: correctly print the memory size of ip_vs_conn_tab,
Pengcheng Yang
- [PATCH nf] netfilter: nf_tables: nft_parse_register can return a negative value,
Antoine Tenart
- [PATCH nf-next v4 00/10] netfilter: conntrack: remove percpu lists,
Florian Westphal
- [PATCH nf-next v4 01/10] netfilter: ecache: use dedicated list for event redelivery, Florian Westphal
- [PATCH nf-next v4 02/10] netfilter: conntrack: include ecache dying list in dumps, Florian Westphal
- [PATCH nf-next v4 03/10] netfilter: conntrack: remove the percpu dying list, Florian Westphal
- [PATCH nf-next v4 04/10] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [PATCH nf-next v4 06/10] netfilter: extensions: introduce extension genid count, Florian Westphal
- [PATCH nf-next v4 05/10] netfilter: remove nf_ct_unconfirmed_destroy helper, Florian Westphal
- [PATCH nf-next v4 07/10] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [PATCH nf-next v4 08/10] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy, Florian Westphal
- [PATCH nf-next v4 09/10] netfilter: conntrack: remove unconfirmed list, Florian Westphal
- [PATCH nf-next v4 10/10] netfilter: conntrack: avoid unconditional local_bh_disable, Florian Westphal
- Re: [PATCH nf-next v4 00/10] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
- [PATCH net-next 00/11] Netfilter updates for net-next,
Pablo Neira Ayuso
- [PATCH net-next 01/11] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Pablo Neira Ayuso
- [PATCH net-next 04/11] netfilter: cttimeout: inc/dec module refcount per object, not per use refcount, Pablo Neira Ayuso
- [PATCH net-next 03/11] netfilter: conntrack: split inner loop of list dumping to own function, Pablo Neira Ayuso
- [PATCH net-next 07/11] netfilter: nf_log_syslog: Consolidate entry checks, Pablo Neira Ayuso
- [PATCH net-next 06/11] netfilter: nf_log_syslog: Don't ignore unknown protocols, Pablo Neira Ayuso
- [PATCH net-next 10/11] netfilter: nft_fib: reverse path filter for policy-based routing on iif, Pablo Neira Ayuso
- [PATCH net-next 08/11] netfilter: bitwise: replace hard-coded size with `sizeof` expression, Pablo Neira Ayuso
- [PATCH net-next 05/11] netfilter: nf_log_syslog: Merge MAC header dumpers, Pablo Neira Ayuso
- [PATCH net-next 02/11] netfilter: ecache: move to separate structure, Pablo Neira Ayuso
- [PATCH net-next 11/11] selftests: netfilter: add fib expression forward test case, Pablo Neira Ayuso
- [PATCH net-next 09/11] netfilter: bitwise: improve error goto labels, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net-next 00/11] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 01/11] netfilter: Use l3mdev flow key when re-routing mangled packets, Pablo Neira Ayuso
- [PATCH net-next 03/11] netfilter: conntrack: remove pr_debug callsites from tcp tracker, Pablo Neira Ayuso
- [PATCH net-next 04/11] netfilter: ctnetlink: fix up for "netfilter: conntrack: remove unconfirmed list", Pablo Neira Ayuso
- [PATCH net-next 02/11] netfilter: nf_conncount: reduce unnecessary GC, Pablo Neira Ayuso
- [PATCH net-next 05/11] net/sched: act_ct: set 'net' pointer when creating new nf_flow_table, Pablo Neira Ayuso
- [PATCH net-next 06/11] netfilter: nf_flow_table: count and limit hw offloaded entries, Pablo Neira Ayuso
- [PATCH net-next 08/11] netfilter: nfnetlink: fix warn in nfnetlink_unbind, Pablo Neira Ayuso
- [PATCH net-next 10/11] netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit, Pablo Neira Ayuso
- [PATCH net-next 07/11] netfilter: nf_flow_table: count pending offload workqueue tasks, Pablo Neira Ayuso
- [PATCH net-next 09/11] netfilter: conntrack: re-fetch conntrack after insertion, Pablo Neira Ayuso
- [PATCH net-next 11/11] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH net-next 00/11] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 02/11] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c, Pablo Neira Ayuso
- [PATCH net-next 04/11] netfilter: nf_tables: prefer nft_trans_elem_alloc helper, Pablo Neira Ayuso
- [PATCH net-next 03/11] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad, Pablo Neira Ayuso
- [PATCH net-next 01/11] netfilter: Make legacy configs user selectable, Pablo Neira Ayuso
- [PATCH net-next 06/11] netfilter: nf_tables: avoid false-positive lockdep splats with sets, Pablo Neira Ayuso
- [PATCH net-next 07/11] netfilter: nf_tables: avoid false-positive lockdep splats with flowtables, Pablo Neira Ayuso
- [PATCH net-next 08/11] netfilter: nf_tables: avoid false-positive lockdep splats in set walker, Pablo Neira Ayuso
- [PATCH net-next 05/11] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion, Pablo Neira Ayuso
- [PATCH net-next 10/11] netfilter: nf_tables: must hold rcu read lock while iterating expression type list, Pablo Neira Ayuso
- [PATCH net-next 09/11] netfilter: nf_tables: avoid false-positive lockdep splats with basechain hook, Pablo Neira Ayuso
- [PATCH net-next 11/11] netfilter: nf_tables: must hold rcu read lock while iterating object type list, Pablo Neira Ayuso
- Re: [PATCH net-next 00/11] Netfilter updates for net-next, Jakub Kicinski
- [RFC PATCH] datatype: accept abbrevs and ignore case on parsing symbolic constants,
Jo-Philipp Wich
- [libnetfilter_log PATCH] doc: correct non-native solecism,
Jeremy Sowden
- [PATCH nftables 0/9] nftables: add support for wildcard string as set keys,
Florian Westphal
- [PATCH nftables 1/9] evaluate: make byteorder conversion on string base type a no-op, Florian Westphal
- [PATCH nftables 2/9] evaluate: keep prefix expression length, Florian Westphal
- [PATCH nftables 3/9] segtree: split prefix and range creation to a helper function, Florian Westphal
- [PATCH nftables 4/9] evaluate: string prefix expression must retain original length, Florian Westphal
- [PATCH nftables 5/9] src: make interval sets work with string datatypes, Florian Westphal
- [PATCH nftables 6/9] segtree: add string "range" reversal support, Florian Westphal
- [PATCH nftables 7/9] tests: add testcases for interface names in sets, Florian Westphal
- [PATCH nftables 8/9] segtree: use correct byte order for 'element get', Florian Westphal
- [PATCH nftables 9/9] segtree: add support for get element with sets that contain ifnames, Florian Westphal
- Re: [PATCH nftables 0/9] nftables: add support for wildcard string as set keys, Pablo Neira Ayuso
- [nf-next PATCH v3 0/3] netfilter: bitwise: support boolean operations with variable RHS operands,
Jeremy Sowden
- [PATCH nft] tests: py: Add meta time tests without 'meta' keyword,
Martin Gignac
- [PATCH nf] netfilter: nft_socket: make cgroup match work in input too,
Florian Westphal
- [PATCH] doc: Document that kernel may accept unimplemented expressions,
Topi Miettinen
- [nft PATCH] tests: monitor: Hide temporary file names from error output, Phil Sutter
- [nft PATCH] tests: py: Don't colorize output if stderr is redirected,
Phil Sutter
- [PATCH nf-next RFC 1/2] netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*(),
Pablo Neira Ayuso
- [PATCH nft] tests: py: extend meta time coverage,
Pablo Neira Ayuso
- [PATCH nf-next v2 1/1] netfilter: conntrack: skip verification of zero UDP checksum,
Kevin Mitchell
- [PATCH v34 18/29] LSM: security_secid_to_secctx in netlink netfilter,
Casey Schaufler
- [PATCH v34 16/29] LSM: Use lsmcontext in security_secid_to_secctx,
Casey Schaufler
- [PATCH v34 15/29] LSM: Ensure the correct LSM context releaser,
Casey Schaufler
- [PATCH v34 09/29] LSM: Use lsmblob in security_secid_to_secctx,
Casey Schaufler
- [PATCH v34 08/29] LSM: Use lsmblob in security_secctx_to_secid,
Casey Schaufler
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections,
Florian Westphal
- [PATCH v2 0/1] UDP traceroute packets with no checksum,
Kevin Mitchell
- [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable,
wenx05124561
- [ANNOUNCE] libmnl 1.0.5 release, Phil Sutter
- [ANNOUNCE] libnfnetlink 1.0.2 release, Phil Sutter
- [PATCH] meta.c: fix compiler warning in date_type_parse(),
Lukas Straub
- [PATCH nft] meta time: use uint64_t instead of time_t,
Lukas Straub
- meta time broken,
Lukas Straub
- [nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields,
Jeremy Sowden
- [nft PATCH v4 02/32] include: add missing `#include`, Jeremy Sowden
- [nft PATCH v4 03/32] src: move `byteorder_names` array, Jeremy Sowden
- [nft PATCH v4 01/32] examples: add .gitignore file, Jeremy Sowden
- [nft PATCH v4 06/32] include: update nf_tables.h, Jeremy Sowden
- [nft PATCH v4 07/32] include: add new bitwise bit-length attribute to nf_tables.h, Jeremy Sowden
- [nft PATCH v4 04/32] datatype: support `NULL` symbol-tables when printing constants, Jeremy Sowden
- [nft PATCH v4 08/32] netlink: send bit-length of bitwise binops to kernel, Jeremy Sowden
- [nft PATCH v4 09/32] netlink_delinearize: add postprocessing for payload binops, Jeremy Sowden
- [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels, Jeremy Sowden
- [nft PATCH v4 24/32] netlink_delinearize: fix typo, Jeremy Sowden
- [nft PATCH v4 27/32] netlink: rename bitwise operation functions, Jeremy Sowden
- [nft PATCH v4 15/32] tests: shell: rename some test-cases, Jeremy Sowden
- [nft PATCH v4 16/32] tests: shell: add test-cases for ct and packet mark payload expressions, Jeremy Sowden
- [nft PATCH v4 21/32] evaluate: don't clobber binop lengths, Jeremy Sowden
- [nft PATCH v4 30/32] evaluate: allow binop expressions with variable right-hand operands, Jeremy Sowden
- [nft PATCH v4 29/32] parser_json: allow RHS ct, meta and payload expressions, Jeremy Sowden
- [nft PATCH v4 20/32] evaluate: prevent nested byte-order conversions, Jeremy Sowden
- [nft PATCH v4 17/32] tests: py: add test-cases for ct and packet mark payload expressions, Jeremy Sowden
- [nft PATCH v4 28/32] netlink: support (de)linearization of new bitwise boolean operations, Jeremy Sowden
- [nft PATCH v4 32/32] tests: py: add tests for binops with variable RHS operands, Jeremy Sowden
- [nft PATCH v4 12/32] payload: set byte-order when completing expression, Jeremy Sowden
- [nft PATCH v4 11/32] netlink_delinearize: correct length of right bitwise operand, Jeremy Sowden
- [nft PATCH v4 18/32] include: add new bitwise boolean attributes to nf_tables.h, Jeremy Sowden
- [nft PATCH v4 31/32] tests: shell: add tests for binops with variable RHS operands, Jeremy Sowden
- [nft PATCH v4 25/32] netlink_delinearize: refactor stmt_payload_binop_postprocess, Jeremy Sowden
- [nft PATCH v4 10/32] netlink_delinearize: correct type and byte-order of shifts, Jeremy Sowden
- [nft PATCH v4 23/32] evaluate: set eval context to leftmost bitwise operand, Jeremy Sowden
- [nft PATCH v4 26/32] netlink_delinearize: add support for processing variable payload statement arguments, Jeremy Sowden
- [nft PATCH v4 22/32] evaluate: insert byte-order conversions for expressions between 9 and 15 bits, Jeremy Sowden
- [nft PATCH v4 14/32] evaluate: relax type-checking for integer arguments in mark statements, Jeremy Sowden
- [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Jeremy Sowden
- [nft PATCH v4 19/32] evaluate: don't eval unary arguments, Jeremy Sowden
- Re: [nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields, Kevin 'ldir' Darbyshire-Bryant
- [libnftnl PATCH v2 0/9] bitwise: support for boolean operations with variable RHS operands,
Jeremy Sowden
- [libnftnl PATCH v2 1/9] include: update nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 2/9] include: add new bitwise bit-length attribute to nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 3/9] expr: bitwise: pass bit-length to and from the kernel, Jeremy Sowden
- [libnftnl PATCH v2 5/9] expr: bitwise: fix a couple of white-space mistakes, Jeremy Sowden
- [libnftnl PATCH v2 4/9] include: add new bitwise boolean attributes to nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 6/9] expr: bitwise: rename some boolean operation functions, Jeremy Sowden
- [libnftnl PATCH v2 9/9] tests: bitwise: add tests for new boolean operations, Jeremy Sowden
- [libnftnl PATCH v2 8/9] tests: bitwise: refactor shift tests, Jeremy Sowden
- [libnftnl PATCH v2 7/9] expr: bitwise: add support for kernel space AND, OR and XOR operations, Jeremy Sowden
- [nf-next PATCH v2 0/5] netfilter: bitwise: support boolean operations with variable RHS operands,
Jeremy Sowden
- [PATCH bpf-next] net: netfilter: reports ct direction in CT lookup helpers for XDP and TC-BPF,
Lorenzo Bianconi
- troubles caused by conntrack overlimit in init_netns,
Vasily Averin
- [no subject], Unknown
- [PATCH AUTOSEL 5.16 103/109] netfilter: conntrack: revisit gc autotuning, Sasha Levin
- [PATCH AUTOSEL 5.15 92/98] netfilter: conntrack: revisit gc autotuning, Sasha Levin
- [PATCH AUTOSEL 5.17 143/149] netfilter: conntrack: revisit gc autotuning, Sasha Levin
- Conntrack offload and ingress_ifindex, Edward Cree
- [PATCH nf-next,v2] netfilter: nft_fib: reverse path filter for policy-based routing on iif,
Pablo Neira Ayuso
- [PATCH nf-next] selftests: netfilter: add fib expression forward test case, Florian Westphal
- [iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT,
Phil Sutter
- [iptables PATCH v2 9/9] extensions: man: Document service name support in DNAT and REDIRECT, Phil Sutter
- [iptables PATCH v2 6/9] extensions: DNAT: Rename from libipt to libxt, Phil Sutter
- [iptables PATCH v2 7/9] extensions: Merge IPv4 and IPv6 DNAT targets, Phil Sutter
- [iptables PATCH v2 5/9] extensions: ipt_DNAT: Combine xlate functions also, Phil Sutter
- [iptables PATCH v2 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified", Phil Sutter
- [iptables PATCH v2 1/9] man: DNAT: Describe shifted port range feature, Phil Sutter
- [iptables PATCH v2 8/9] extensions: Merge REDIRECT into DNAT, Phil Sutter
- [iptables PATCH v2 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code, Phil Sutter
- [iptables PATCH v2 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers, Phil Sutter
- Re: [iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT, Pablo Neira Ayuso
- [PATCH nf-next] netfilter: nft_fib: reverse path filter for policy-based routing on iif,
Pablo Neira Ayuso
- [no subject], Unknown
- [iptables PATCH] xlate-test: Fix for empty source line on failure, Phil Sutter
- [iptables PATCH 0/9] extensions: Merge *_DNAT and *_REDIRECT,
Phil Sutter
- [PATCH nft] tests: py: add inet/vmap tests, Pablo Neira Ayuso
- [PATCH nft,v2 1/4] expression: typeof verdict needs verdict datatype,
Pablo Neira Ayuso
- [PATCH nft] expression: typeof verdict needs verdict datatype, Pablo Neira Ayuso
- [PATCH libnetfilter_queue v4] src: eliminate packet copy when constructing struct pktbuff,
Duncan Roe
- [PATCH] netfilter: bitwise: fix reduce comparison,
Jeremy Sowden
- [PATCH nft] src: allow to use typeof of raw expressions in set declaration, Pablo Neira Ayuso
- [PATCH libnetfilter_queue] examples: fix compiler warning,
Duncan Roe
- Support for loading firewall rules with cgroup(v2) expressions early,
Topi Miettinen
- [libnfnetlink PATCH 1/2] include: Silence gcc warning in linux_list.h,
Phil Sutter
- [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning,
Phil Sutter
- [conntrack-tools PATCH 0/8] Fixes for a recent Coverity tool run,
Phil Sutter
- [nf-next PATCH] netfilter: nf_log_syslog: Consolidate entry checks,
Phil Sutter
- [nf-next PATCH 1/2] netfilter: nf_log_syslog: Merge MAC header dumpers,
Phil Sutter
- [nf PATCH] netfilter: egress: Report interface as outgoing,
Phil Sutter
- [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists,
Florian Westphal
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
