Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, (continued)
- Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, Jozsef Kadlecsik
  - Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, Florian Westphal
    - Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, Jozsef Kadlecsik
      - Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, Eric Dumazet
        
        Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections, Florian Westphal
[PATCH v2 0/1] UDP traceroute packets with no checksum, Kevin Mitchell
- [PATCH 1/1] netfilter: conntrack: skip verification of zero UDP checksum, Kevin Mitchell
- Re: [Bridge] [PATCH v2 0/1] UDP traceroute packets with no checksum, Linus Lüssing
[PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable, wenx05124561
- Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable, Pablo Neira Ayuso
  - Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable, wenxu
    - Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable, Pablo Neira Ayuso
      - Re: [PATCH nf-next] nf_flow_table_offload: offload the vlan encap in the flowtable, wenxu
[ANNOUNCE] libmnl 1.0.5 release, Phil Sutter
[ANNOUNCE] libnfnetlink 1.0.2 release, Phil Sutter
[PATCH] meta.c: fix compiler warning in date_type_parse(), Lukas Straub
- Re: [PATCH] meta.c: fix compiler warning in date_type_parse(), Pablo Neira Ayuso
[PATCH nft] meta time: use uint64_t instead of time_t, Lukas Straub
- Re: [PATCH nft] meta time: use uint64_t instead of time_t, Pablo Neira Ayuso
- Re: [PATCH nft] meta time: use uint64_t instead of time_t, Phil Sutter
meta time broken, Lukas Straub
- Re: meta time broken, Lukas Straub
  - Re: meta time broken, Phil Sutter
  - Re: meta time broken, Florian Westphal
    - Re: meta time broken, Lukas Straub
      - Re: meta time broken, Florian Westphal
[nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields, Jeremy Sowden
- [nft PATCH v4 02/32] include: add missing `#include`, Jeremy Sowden
- [nft PATCH v4 03/32] src: move `byteorder_names` array, Jeremy Sowden
- [nft PATCH v4 01/32] examples: add .gitignore file, Jeremy Sowden
  - Re: [nft PATCH v4 01/32] examples: add .gitignore file, Florian Westphal
- [nft PATCH v4 06/32] include: update nf_tables.h, Jeremy Sowden
- [nft PATCH v4 07/32] include: add new bitwise bit-length attribute to nf_tables.h, Jeremy Sowden
- [nft PATCH v4 04/32] datatype: support `NULL` symbol-tables when printing constants, Jeremy Sowden
- [nft PATCH v4 08/32] netlink: send bit-length of bitwise binops to kernel, Jeremy Sowden
  - Re: [nft PATCH v4 08/32] netlink: send bit-length of bitwise binops to kernel, Pablo Neira Ayuso
    - Re: [nft PATCH v4 08/32] netlink: send bit-length of bitwise binops to kernel, Jeremy Sowden
- [nft PATCH v4 09/32] netlink_delinearize: add postprocessing for payload binops, Jeremy Sowden
  - Re: [nft PATCH v4 09/32] netlink_delinearize: add postprocessing for payload binops, Pablo Neira Ayuso
    - Re: [nft PATCH v4 09/32] netlink_delinearize: add postprocessing for payload binops, Jeremy Sowden
- [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels, Jeremy Sowden
  - Re: [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels, Florian Westphal
    - Re: [nft PATCH v4 05/32] ct: support `NULL` symbol-tables when looking up labels, Jeremy Sowden
- [nft PATCH v4 24/32] netlink_delinearize: fix typo, Jeremy Sowden
- [nft PATCH v4 27/32] netlink: rename bitwise operation functions, Jeremy Sowden
- [nft PATCH v4 15/32] tests: shell: rename some test-cases, Jeremy Sowden
- [nft PATCH v4 16/32] tests: shell: add test-cases for ct and packet mark payload expressions, Jeremy Sowden
- [nft PATCH v4 21/32] evaluate: don't clobber binop lengths, Jeremy Sowden
- [nft PATCH v4 30/32] evaluate: allow binop expressions with variable right-hand operands, Jeremy Sowden
- [nft PATCH v4 29/32] parser_json: allow RHS ct, meta and payload expressions, Jeremy Sowden
- [nft PATCH v4 20/32] evaluate: prevent nested byte-order conversions, Jeremy Sowden
- [nft PATCH v4 17/32] tests: py: add test-cases for ct and packet mark payload expressions, Jeremy Sowden
- [nft PATCH v4 28/32] netlink: support (de)linearization of new bitwise boolean operations, Jeremy Sowden
- [nft PATCH v4 32/32] tests: py: add tests for binops with variable RHS operands, Jeremy Sowden
- [nft PATCH v4 12/32] payload: set byte-order when completing expression, Jeremy Sowden
- [nft PATCH v4 11/32] netlink_delinearize: correct length of right bitwise operand, Jeremy Sowden
  - Re: [nft PATCH v4 11/32] netlink_delinearize: correct length of right bitwise operand, Pablo Neira Ayuso
    - Re: [nft PATCH v4 11/32] netlink_delinearize: correct length of right bitwise operand, Jeremy Sowden
- [nft PATCH v4 18/32] include: add new bitwise boolean attributes to nf_tables.h, Jeremy Sowden
- [nft PATCH v4 31/32] tests: shell: add tests for binops with variable RHS operands, Jeremy Sowden
- [nft PATCH v4 25/32] netlink_delinearize: refactor stmt_payload_binop_postprocess, Jeremy Sowden
- [nft PATCH v4 10/32] netlink_delinearize: correct type and byte-order of shifts, Jeremy Sowden
  - Re: [nft PATCH v4 10/32] netlink_delinearize: correct type and byte-order of shifts, Pablo Neira Ayuso
    - Re: [nft PATCH v4 10/32] netlink_delinearize: correct type and byte-order of shifts, Jeremy Sowden
- [nft PATCH v4 23/32] evaluate: set eval context to leftmost bitwise operand, Jeremy Sowden
- [nft PATCH v4 26/32] netlink_delinearize: add support for processing variable payload statement arguments, Jeremy Sowden
- [nft PATCH v4 22/32] evaluate: insert byte-order conversions for expressions between 9 and 15 bits, Jeremy Sowden
- [nft PATCH v4 14/32] evaluate: relax type-checking for integer arguments in mark statements, Jeremy Sowden
  - Re: [nft PATCH v4 14/32] evaluate: relax type-checking for integer arguments in mark statements, Pablo Neira Ayuso
- [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Jeremy Sowden
  - Re: [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Pablo Neira Ayuso
    - Re: [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Jeremy Sowden
    - Re: [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Pablo Neira Ayuso
      - Re: [nft PATCH v4 13/32] evaluate: support shifts larger than the width of the left operand, Jeremy Sowden
- [nft PATCH v4 19/32] evaluate: don't eval unary arguments, Jeremy Sowden
- Re: [nft PATCH v4 00/32] Extend values assignable to packet marks and payload fields, Kevin 'ldir' Darbyshire-Bryant
[libnftnl PATCH v2 0/9] bitwise: support for boolean operations with variable RHS operands, Jeremy Sowden
- [libnftnl PATCH v2 1/9] include: update nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 2/9] include: add new bitwise bit-length attribute to nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 3/9] expr: bitwise: pass bit-length to and from the kernel, Jeremy Sowden
- [libnftnl PATCH v2 5/9] expr: bitwise: fix a couple of white-space mistakes, Jeremy Sowden
- [libnftnl PATCH v2 4/9] include: add new bitwise boolean attributes to nf_tables.h, Jeremy Sowden
- [libnftnl PATCH v2 6/9] expr: bitwise: rename some boolean operation functions, Jeremy Sowden
- [libnftnl PATCH v2 9/9] tests: bitwise: add tests for new boolean operations, Jeremy Sowden
- [libnftnl PATCH v2 8/9] tests: bitwise: refactor shift tests, Jeremy Sowden
- [libnftnl PATCH v2 7/9] expr: bitwise: add support for kernel space AND, OR and XOR operations, Jeremy Sowden
[nf-next PATCH v2 0/5] netfilter: bitwise: support boolean operations with variable RHS operands, Jeremy Sowden
- [nf-next PATCH v2 2/5] netfilter: bitwise: replace hard-coded size with `sizeof` expression, Jeremy Sowden
  - Re: [nf-next PATCH v2 2/5] netfilter: bitwise: replace hard-coded size with `sizeof` expression, Florian Westphal
- [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Jeremy Sowden
  - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Florian Westphal
    - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Jeremy Sowden
      - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Florian Westphal
        
        Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Jeremy Sowden
  - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Florian Westphal
    - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Jeremy Sowden
      - Re: [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions, Florian Westphal
- [nf-next PATCH v2 3/5] netfilter: bitwise: improve error goto labels, Jeremy Sowden
  - Re: [nf-next PATCH v2 3/5] netfilter: bitwise: improve error goto labels, Florian Westphal
- [nf-next PATCH v2 5/5] netfilter: bitwise: add support for doing AND, OR and XOR directly, Jeremy Sowden
- [nf-next PATCH v2 4/5] netfilter: bitwise: rename some boolean operation functions, Jeremy Sowden
[PATCH bpf-next] net: netfilter: reports ct direction in CT lookup helpers for XDP and TC-BPF, Lorenzo Bianconi
- Re: [PATCH bpf-next] net: netfilter: reports ct direction in CT lookup helpers for XDP and TC-BPF, patchwork-bot+netdevbpf
troubles caused by conntrack overlimit in init_netns, Vasily Averin
- Re: troubles caused by conntrack overlimit in init_netns, Florian Westphal
  - Re: troubles caused by conntrack overlimit in init_netns, Nikita Yushchenko
  - Re: troubles caused by conntrack overlimit in init_netns, Vasily Averin
- Re: troubles caused by conntrack overlimit in init_netns, Eric Dumazet
  - Re: troubles caused by conntrack overlimit in init_netns, Vasily Averin
    - Re: troubles caused by conntrack overlimit in init_netns, Eric Dumazet
      - Re: troubles caused by conntrack overlimit in init_netns, Vasily Averin
[no subject], Unknown
[PATCH AUTOSEL 5.16 103/109] netfilter: conntrack: revisit gc autotuning, Sasha Levin
[PATCH AUTOSEL 5.15 92/98] netfilter: conntrack: revisit gc autotuning, Sasha Levin
[PATCH AUTOSEL 5.17 143/149] netfilter: conntrack: revisit gc autotuning, Sasha Levin
Conntrack offload and ingress_ifindex, Edward Cree
[PATCH nf-next,v2] netfilter: nft_fib: reverse path filter for policy-based routing on iif, Pablo Neira Ayuso
- Re: [PATCH nf-next,v2] netfilter: nft_fib: reverse path filter for policy-based routing on iif, Pablo Neira Ayuso
[PATCH nf-next] selftests: netfilter: add fib expression forward test case, Florian Westphal
[iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT, Phil Sutter
- [iptables PATCH v2 9/9] extensions: man: Document service name support in DNAT and REDIRECT, Phil Sutter
- [iptables PATCH v2 6/9] extensions: DNAT: Rename from libipt to libxt, Phil Sutter
- [iptables PATCH v2 7/9] extensions: Merge IPv4 and IPv6 DNAT targets, Phil Sutter
- [iptables PATCH v2 5/9] extensions: ipt_DNAT: Combine xlate functions also, Phil Sutter
- [iptables PATCH v2 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified", Phil Sutter
- [iptables PATCH v2 1/9] man: DNAT: Describe shifted port range feature, Phil Sutter
- [iptables PATCH v2 8/9] extensions: Merge REDIRECT into DNAT, Phil Sutter
- [iptables PATCH v2 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code, Phil Sutter
- [iptables PATCH v2 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers, Phil Sutter
- Re: [iptables PATCH v2 0/9] extensions: Merge *_DNAT and *_REDIRECT, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_fib: reverse path filter for policy-based routing on iif, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nft_fib: reverse path filter for policy-based routing on iif, Florian Westphal
[no subject], Unknown
[iptables PATCH] xlate-test: Fix for empty source line on failure, Phil Sutter
[iptables PATCH 0/9] extensions: Merge *_DNAT and *_REDIRECT, Phil Sutter
- [iptables PATCH 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified", Phil Sutter
- [iptables PATCH 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers, Phil Sutter
- [iptables PATCH 8/9] extensions: Merge REDIRECT into DNAT, Phil Sutter
- [iptables PATCH 1/9] man: DNAT: Describe shifted port range feature, Phil Sutter
- [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots, Phil Sutter
  - Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots, Jan Engelhardt
    - Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots, Phil Sutter
      - Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots, Jan Engelhardt
        
        Re: [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots, Phil Sutter
- [iptables PATCH 5/9] extensions: ipt_DNAT: Combine xlate functions also, Phil Sutter
- [iptables PATCH 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code, Phil Sutter
- [iptables PATCH 7/9] extensions: Merge IPv4 and IPv6 DNAT targets, Phil Sutter
- [iptables PATCH 6/9] extensions: DNAT: Rename from libipt to libxt, Phil Sutter
[PATCH nft] tests: py: add inet/vmap tests, Pablo Neira Ayuso
[PATCH nft,v2 1/4] expression: typeof verdict needs verdict datatype, Pablo Neira Ayuso
- [PATCH nft,v2 3/4] src: allow to use integer type header fields via typeof set declaration, Pablo Neira Ayuso
- [PATCH nft,v2 4/4] optimize: Restore optimization for raw payload expressions, Pablo Neira Ayuso
- [PATCH nft,v2 2/4] src: allow to use typeof of raw expressions in set declaration, Pablo Neira Ayuso
[PATCH nft] expression: typeof verdict needs verdict datatype, Pablo Neira Ayuso
[PATCH libnetfilter_queue v4] src: eliminate packet copy when constructing struct pktbuff, Duncan Roe
- Re: [PATCH libnetfilter_queue v4] src: eliminate packet copy when constructing struct pktbuff, Duncan Roe
[PATCH] netfilter: bitwise: fix reduce comparison, Jeremy Sowden
- [nf PATCH v2] netfilter: bitwise: fix reduce comparisons, Jeremy Sowden
  - Re: [nf PATCH v2] netfilter: bitwise: fix reduce comparisons, Pablo Neira Ayuso
[PATCH nft] src: allow to use typeof of raw expressions in set declaration, Pablo Neira Ayuso
[PATCH libnetfilter_queue] examples: fix compiler warning, Duncan Roe
- Re: [PATCH libnetfilter_queue] examples: fix compiler warning, Florian Westphal
Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
- Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
  - Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
    - Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
      - Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
      - Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Pablo Neira Ayuso
        
        Re: Support for loading firewall rules with cgroup(v2) expressions early, Topi Miettinen
[libnfnetlink PATCH 1/2] include: Silence gcc warning in linux_list.h, Phil Sutter
- [libnfnetlink PATCH 2/2] libnfnetlink: Check getsockname() return code, Phil Sutter
  - Re: [libnfnetlink PATCH 2/2] libnfnetlink: Check getsockname() return code, Pablo Neira Ayuso
- Re: [libnfnetlink PATCH 1/2] include: Silence gcc warning in linux_list.h, Pablo Neira Ayuso
[libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning, Phil Sutter
- Re: [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning, Pablo Neira Ayuso
[conntrack-tools PATCH 0/8] Fixes for a recent Coverity tool run, Phil Sutter
- [conntrack-tools PATCH 6/8] Don't call exit() from signal handler, Phil Sutter
- [conntrack-tools PATCH 7/8] Drop pointless assignments, Phil Sutter
- [conntrack-tools PATCH 5/8] read_config_yy: Drop extra argument from dlog() call, Phil Sutter
- [conntrack-tools PATCH 4/8] helpers: ftp: Avoid ugly casts, Phil Sutter
- [conntrack-tools PATCH 1/8] hash: Flush tables when destroying, Phil Sutter
- [conntrack-tools PATCH 2/8] cache: Fix features array allocation, Phil Sutter
- [conntrack-tools PATCH 8/8] connntrack: Fix for memleak when parsing -j arg, Phil Sutter
- [conntrack-tools PATCH 3/8] Fix potential buffer overrun in snprintf() calls, Phil Sutter
- Re: [conntrack-tools PATCH 0/8] Fixes for a recent Coverity tool run, Pablo Neira Ayuso
[nf-next PATCH] netfilter: nf_log_syslog: Consolidate entry checks, Phil Sutter
- Re: [nf-next PATCH] netfilter: nf_log_syslog: Consolidate entry checks, Florian Westphal
- Re: [nf-next PATCH] netfilter: nf_log_syslog: Consolidate entry checks, Pablo Neira Ayuso
[nf-next PATCH 1/2] netfilter: nf_log_syslog: Merge MAC header dumpers, Phil Sutter
- [nf-next PATCH 2/2] netfilter: nf_log_syslog: Don't ignore unknown protocols, Phil Sutter
  - Re: [nf-next PATCH 2/2] netfilter: nf_log_syslog: Don't ignore unknown protocols, Florian Westphal
    - Re: [nf-next PATCH 2/2] netfilter: nf_log_syslog: Don't ignore unknown protocols, Phil Sutter
  - Re: [nf-next PATCH 2/2] netfilter: nf_log_syslog: Don't ignore unknown protocols, Pablo Neira Ayuso
- Re: [nf-next PATCH 1/2] netfilter: nf_log_syslog: Merge MAC header dumpers, Florian Westphal
- Re: [nf-next PATCH 1/2] netfilter: nf_log_syslog: Merge MAC header dumpers, Pablo Neira Ayuso
[nf PATCH] netfilter: egress: Report interface as outgoing, Phil Sutter
- Re: [nf PATCH] netfilter: egress: Report interface as outgoing, Florian Westphal
[PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Florian Westphal
- [PATCH nf-next v3 01/16] nfnetlink: handle already-released nl socket, Florian Westphal
- [PATCH nf-next v3 02/16] netfilter: ctnetlink: make ecache event cb global again, Florian Westphal
- [PATCH nf-next v3 03/16] netfilter: ecache: move to separate structure, Florian Westphal
- [PATCH nf-next v3 04/16] netfilter: ecache: use dedicated list for event redelivery, Florian Westphal
- [PATCH nf-next v3 06/16] netfilter: conntrack: include ecache dying list in dumps, Florian Westphal
- [PATCH nf-next v3 05/16] netfilter: conntrack: split inner loop of list dumping to own function, Florian Westphal
- [PATCH nf-next v3 08/16] netfilter: cttimeout: inc/dec module refcount per object, not per use refcount, Florian Westphal
- [PATCH nf-next v3 07/16] netfilter: conntrack: remove the percpu dying list, Florian Westphal
- [PATCH nf-next v3 09/16] netfilter: nfnetlink_cttimeout: use rcu protection in cttimeout_get_timeout, Florian Westphal
  - Re: [PATCH nf-next v3 09/16] netfilter: nfnetlink_cttimeout: use rcu protection in cttimeout_get_timeout, Pablo Neira Ayuso
- [PATCH nf-next v3 11/16] netfilter: remove nf_ct_unconfirmed_destroy helper, Florian Westphal
- [PATCH nf-next v3 10/16] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [PATCH nf-next v3 12/16] netfilter: extensions: introduce extension genid count, Florian Westphal
- [PATCH nf-next v3 13/16] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [PATCH nf-next v3 14/16] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy, Florian Westphal
- [PATCH nf-next v3 15/16] netfilter: conntrack: remove unconfirmed list, Florian Westphal
- [PATCH nf-next v3 16/16] netfilter: conntrack: avoid unconditional local_bh_disable, Florian Westphal
- Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
  - Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
    - Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
      - Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
      - Re: [PATCH nf-next v3 00/16] netfilter: conntrack: remove percpu lists, Pablo Neira Ayuso
[PATCH] netfilter: ipset: Fix duplicate included ip_set_hash_gen.h, Haowen Bai
- Re: [PATCH] netfilter: ipset: Fix duplicate included ip_set_hash_gen.h, Jakub Kicinski
- Re: [PATCH] netfilter: ipset: Fix duplicate included ip_set_hash_gen.h, kernel test robot
[PATCH 0/1] Reusing mnl socket for bulk ct loads, Mikhail Sennikovsky
- [PATCH 1/1] conntrack: use same mnl socket for bulk operations, Mikhail Sennikovsky
[PATCH v2] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Jakob Koschel
- Re: [PATCH v2] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Florian Westphal
- Re: [PATCH v2] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Pablo Neira Ayuso
bug report and future request, Martin Zaharinov
- Re: bug report and future request, Florian Westphal
  - Re: bug report and future request, Martin Zaharinov
    - Re: bug report and future request, Florian Westphal
      - Re: bug report and future request, Martin Zaharinov
        
        Re: bug report and future request, Martin Zaharinov
        
        Re: bug report and future request, Martin Zaharinov
        
        Re: bug report and future request, Pablo Neira Ayuso
        
        Re: bug report and future request, Martin Zaharinov
        
        Re: bug report and future request, Martin Zaharinov
        
        Re: bug report and future request, Martin Zaharinov
[PATCH nft] evaluate: copy field_count for anonymous object maps as well, Florian Westphal
[PATCH net-next 00/19] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 03/19] netfilter: nf_tables: do not reduce read-only expressions, Pablo Neira Ayuso
- [PATCH net-next 13/19] netfilter: nft_xfrm: track register operations, Pablo Neira Ayuso
- [PATCH net-next 07/19] netfilter: nft_meta: extend reduce support to bridge family, Pablo Neira Ayuso
- [PATCH net-next 05/19] netfilter: nft_ct: track register operations, Pablo Neira Ayuso
- [PATCH net-next 17/19] netfilter: nf_nat_h323: eliminate anonymous module_init & module_exit, Pablo Neira Ayuso
- [PATCH net-next 10/19] netfilter: nft_hash: track register operations, Pablo Neira Ayuso
- [PATCH net-next 12/19] netfilter: nft_socket: track register operations, Pablo Neira Ayuso
- [PATCH net-next 16/19] netfilter: nft_exthdr: add reduce support, Pablo Neira Ayuso
- [PATCH net-next 02/19] netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned(), Pablo Neira Ayuso
- [PATCH net-next 08/19] netfilter: nft_numgen: cancel register tracking, Pablo Neira Ayuso
- [PATCH net-next 06/19] netfilter: nft_lookup: only cancel tracking for clobbered dregs, Pablo Neira Ayuso
- [PATCH net-next 04/19] netfilter: nf_tables: cancel tracking for clobbered destination registers, Pablo Neira Ayuso
- [PATCH net-next 09/19] netfilter: nft_osf: track register operations, Pablo Neira Ayuso
- [PATCH net-next 11/19] netfilter: nft_immediate: cancel register tracking for data destination register, Pablo Neira Ayuso
- [PATCH net-next 01/19] netfilter: conntrack: revisit gc autotuning, Pablo Neira Ayuso
  - Re: [PATCH net-next 01/19] netfilter: conntrack: revisit gc autotuning, patchwork-bot+netdevbpf
- [PATCH net-next 14/19] netfilter: nft_tunnel: track register operations, Pablo Neira Ayuso
- [PATCH net-next 15/19] netfilter: nft_fib: add reduce support, Pablo Neira Ayuso
- [PATCH net-next 18/19] netfilter: flowtable: remove redundant field in flow_offload_work struct, Pablo Neira Ayuso
- [PATCH net-next 19/19] netfilter: flowtable: pass flowtable to nf_flow_table_iterate(), Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net-next 00/19] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function, Pablo Neira Ayuso
    - Re: [PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function, patchwork-bot+netdevbpf
  - [PATCH net-next 03/19] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule(), Pablo Neira Ayuso
  - [PATCH net-next 04/19] netfilter: nf_tables: Introduce nf_tables_getrule_single(), Pablo Neira Ayuso
  - [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker, Pablo Neira Ayuso
    - Re: [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker, Simon Horman
      - Re: [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker, Florian Westphal
  - [PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t, Pablo Neira Ayuso
  - [PATCH net-next 08/19] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj, Pablo Neira Ayuso
  - [PATCH net-next 09/19] netfilter: nf_tables: Unconditionally allocate nft_obj_filter, Pablo Neira Ayuso
  - [PATCH net-next 11/19] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx, Pablo Neira Ayuso
  - [PATCH net-next 05/19] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests, Pablo Neira Ayuso
  - [PATCH net-next 10/19] netfilter: nf_tables: A better name for nft_obj_filter, Pablo Neira Ayuso
  - [PATCH net-next 12/19] netfilter: nf_tables: nft_obj_filter fits into cb->ctx, Pablo Neira Ayuso
  - [PATCH net-next 06/19] br_netfilter: use single forward hook for ip and arp, Pablo Neira Ayuso
  - [PATCH net-next 13/19] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx, Pablo Neira Ayuso
  - [PATCH net-next 14/19] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush, Pablo Neira Ayuso
  - [PATCH net-next 15/19] netfilter: nf_tables: set backend .flush always succeeds, Pablo Neira Ayuso
  - [PATCH net-next 17/19] netfilter: nf_tables: shrink memory consumption of set elements, Pablo Neira Ayuso
  - [PATCH net-next 16/19] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv, Pablo Neira Ayuso
  - [PATCH net-next 19/19] netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx, Pablo Neira Ayuso
  - [PATCH net-next 18/19] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
    - Re: [PATCH nf-next] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
[PATCH] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Jakob Koschel
- Re: [PATCH] netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue(), Florian Westphal
[PATCH] ebtables: fix the 'static' build target, Robert Kolchmeyer
[PATCH nf-next] netfilter: nf_conntrack_tcp: skip tracking for offloaded packets, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_conntrack_tcp: skip tracking for offloaded packets, Florian Westphal
[PATCH nf-next 1/2] netfilter: flowtable: remove redundant field in flow_offload_work struct, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: flowtable: pass flowtable to nf_flow_table_iterate(), Pablo Neira Ayuso
[PATCH nf,v2 1/2] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
- [PATCH nf,v2 2/2] netfilter: nf_tables: initialize registers in nft_do_chain(), Pablo Neira Ayuso
  - Re: [PATCH nf,v2 2/2] netfilter: nf_tables: initialize registers in nft_do_chain(), Florian Westphal
- Re: [PATCH nf,v2 1/2] netfilter: nf_tables: validate registers coming from userspace., Florian Westphal
[PATCH nf 1/2] netfilter: nf_tables: registers should not go over NFT_REG32_NUM, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nf_tables: initialize registers in nft_do_chain(), Pablo Neira Ayuso
- Re: [PATCH nf 1/2] netfilter: nf_tables: registers should not go over NFT_REG32_NUM, Florian Westphal
  - Re: [PATCH nf 1/2] netfilter: nf_tables: registers should not go over NFT_REG32_NUM, Pablo Neira Ayuso
Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jakub Kicinski
- <Possible follow-ups>
- Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Thorsten Leemhuis
  - Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jozsef Kadlecsik
    - Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Thorsten Leemhuis
      - Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Thorsten Leemhuis
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jozsef Kadlecsik
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Thorsten Leemhuis
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jakub Kicinski
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jozsef Kadlecsik
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jakub Kicinski
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jozsef Kadlecsik
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, U'ren, Aaron
        
        Re: Intermittent performance regression related to ipset between 5.10 and 5.15, Jozsef Kadlecsik
[PATCH 0/9] treewide: eliminate anonymous module_init & module_exit, Randy Dunlap
- [PATCH 6/9] usb: gadget: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 6/9] usb: gadget: eliminate anonymous module_init & module_exit, Ira Weiny
    - Re: [PATCH 6/9] usb: gadget: eliminate anonymous module_init & module_exit, Randy Dunlap
- [PATCH 3/9] net: mlx5: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 3/9] net: mlx5: eliminate anonymous module_init & module_exit, Leon Romanovsky
- [PATCH 1/9] virtio_blk: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 1/9] virtio_blk: eliminate anonymous module_init & module_exit, Jason Wang
  - Re: [PATCH 1/9] virtio_blk: eliminate anonymous module_init & module_exit, Stefan Hajnoczi
  - Re: [PATCH 1/9] virtio_blk: eliminate anonymous module_init & module_exit, Michael S. Tsirkin
- [PATCH 2/9] virtio_console: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 2/9] virtio_console: eliminate anonymous module_init & module_exit, Amit Shah
    - Re: [PATCH 2/9] virtio_console: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 2/9] virtio_console: eliminate anonymous module_init & module_exit, Michael S. Tsirkin
- [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit, Jason Wang
  - Re: [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit, Stefan Hajnoczi
  - Re: [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit, Michael S. Tsirkin
  - Re: [PATCH 5/9] virtio-scsi: eliminate anonymous module_init & module_exit, Martin K. Petersen
- [PATCH 7/9] usb: usbip: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 7/9] usb: usbip: eliminate anonymous module_init & module_exit, Shuah Khan
- [PATCH 4/9] netfilter: h323: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 4/9] netfilter: h323: eliminate anonymous module_init & module_exit, Florian Westphal
  - Re: [PATCH 4/9] netfilter: h323: eliminate anonymous module_init & module_exit, Pablo Neira Ayuso
    - Re: [PATCH 4/9] netfilter: h323: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 4/9] netfilter: h323: eliminate anonymous module_init & module_exit, Pablo Neira Ayuso
- [PATCH 8/9] x86/crypto: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 8/9] x86/crypto: eliminate anonymous module_init & module_exit, Herbert Xu
- [PATCH 9/9] testmmiotrace: eliminate anonymous module_init & module_exit, Randy Dunlap
  - Re: [PATCH 9/9] testmmiotrace: eliminate anonymous module_init & module_exit, Steven Rostedt
- Re: [PATCH 0/9] treewide: eliminate anonymous module_init & module_exit, Ira Weiny
- Re: (subset) [PATCH 0/9] treewide: eliminate anonymous module_init & module_exit, Jens Axboe
[iptables PATCH 0/3] Speed up restoring huge rulesets, Phil Sutter
- [iptables PATCH 1/3] nft: Reject standard targets as chain names when restoring, Phil Sutter
  - Re: [iptables PATCH 1/3] nft: Reject standard targets as chain names when restoring, Florian Westphal
- [iptables PATCH 3/3] libxtables: Boost rule target checks by announcing chain names, Phil Sutter
  - Re: [iptables PATCH 3/3] libxtables: Boost rule target checks by announcing chain names, Florian Westphal
- [iptables PATCH 2/3] libxtables: Implement notargets hash table, Phil Sutter
  - Re: [iptables PATCH 2/3] libxtables: Implement notargets hash table, Florian Westphal
"Decoding" ipset error codes, Ian Pilcher
- Re: "Decoding" ipset error codes, Jozsef Kadlecsik
[PATCH nf] netfilter: flowtable: Fix QinQ and PPPoE support for inet table, Pablo Neira Ayuso
Feature Request: nft: support non-immediate second operand, Kevin 'ldir' Darbyshire-Bryant
- Re: Feature Request: nft: support non-immediate second operand, Jeremy Sowden
[iptables PATCH 0/5] Fixes for static builds, Phil Sutter
- [iptables PATCH 5/5] tests: shell: Fix 0004-return-codes_0 for static builds, Phil Sutter
- [iptables PATCH 4/5] nft: Review static extension loading, Phil Sutter
- [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric, Phil Sutter
- [iptables PATCH 2/5] Simplify static build extension loading, Phil Sutter
- [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds, Phil Sutter
  - Re: [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds, Etienne Champetier
    - Re: [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds, Phil Sutter
[RFC] conntrack event framework speedup, Florian Westphal
- Re: [RFC] conntrack event framework speedup, Pablo Neira Ayuso
  - Re: [RFC] conntrack event framework speedup, Florian Westphal
    - Re: [RFC] conntrack event framework speedup, Pablo Neira Ayuso
      - Re: [RFC] conntrack event framework speedup, Florian Westphal
        
        Re: [RFC] conntrack event framework speedup, Pablo Neira Ayuso
        
        Re: [RFC] conntrack event framework speedup, Florian Westphal
        
        Re: [RFC] conntrack event framework speedup, Pablo Neira Ayuso
[PATCH nf-next 0/6] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH nf-next 1/6] Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY", Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/6] Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY", patchwork-bot+netdevbpf
- [PATCH nf-next 4/6] act_ct: Support GRE offload, Pablo Neira Ayuso
- [PATCH nf-next 6/6] netfilter: bridge: clean up some inconsistent indenting, Pablo Neira Ayuso
- [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Pablo Neira Ayuso
  - Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Jakub Kicinski
    - Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Phil Sutter
      - Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Pablo Neira Ayuso
        
        Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Jakub Kicinski
    - Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Pablo Neira Ayuso
      - Re: [PATCH nf-next 2/6] netfilter: nf_tables: Reject tables of unsupported family, Jakub Kicinski
- [PATCH nf-next 3/6] netfilter: flowtable: Support GRE, Pablo Neira Ayuso
- [PATCH nf-next 5/6] net/mlx5: Support GRE conntrack offload, Pablo Neira Ayuso
[PATCH nf-next,v3 00/14] register tracking infrastructure follow up, Pablo Neira Ayuso
- [PATCH nf-next,v3 01/14] netfilter: nf_tables: do not reduce read-only expressions, Pablo Neira Ayuso
- [PATCH nf-next,v3 02/14] netfilter: nf_tables: cancel tracking for clobbered destination registers, Pablo Neira Ayuso
- [PATCH nf-next,v3 03/14] netfilter: nft_ct: track register operations, Pablo Neira Ayuso
- [PATCH nf-next,v3 04/14] netfilter: nft_lookup: only cancel tracking for clobbered dregs, Pablo Neira Ayuso
- [PATCH nf-next,v3 05/14] netfilter: nft_meta: extend reduce support to bridge family, Pablo Neira Ayuso
- [PATCH nf-next,v3 06/14] netfilter: nft_numgen: cancel register tracking, Pablo Neira Ayuso
- [PATCH nf-next,v3 13/14] netfilter: nft_fib: add reduce support, Pablo Neira Ayuso
- [PATCH nf-next,v3 09/14] netfilter: nft_immediate: cancel register tracking for data destination register, Pablo Neira Ayuso
- [PATCH nf-next,v3 14/14] netfilter: nft_exthdr: add reduce support, Pablo Neira Ayuso
- [PATCH nf-next,v3 11/14] netfilter: nft_xfrm: track register operations, Pablo Neira Ayuso
- [PATCH nf-next,v3 08/14] netfilter: nft_hash: track register operations, Pablo Neira Ayuso
- [PATCH nf-next,v3 12/14] netfilter: nft_tunnel: track register operations, Pablo Neira Ayuso
- [PATCH nf-next,v3 07/14] netfilter: nft_osf: track register operations, Pablo Neira Ayuso
- [PATCH nf-next,v3 10/14] netfilter: nft_socket: track register operations, Pablo Neira Ayuso
[PATCH nf-next 00/12,v2] register tracking infrastructure follow up, Pablo Neira Ayuso
- [PATCH nf-next 03/12,v2] netfilter: nft_ct: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 02/12,v2] netfilter: nf_tables: cancel tracking for clobbered destination registers, Pablo Neira Ayuso
  - Re: [PATCH nf-next 02/12,v2] netfilter: nf_tables: cancel tracking for clobbered destination registers, kernel test robot
- [PATCH nf-next 01/12,v2] netfilter: nf_tables: do not reduce read-only expressions, Pablo Neira Ayuso
  - Re: [PATCH nf-next 01/12,v2] netfilter: nf_tables: do not reduce read-only expressions, kernel test robot
- [PATCH nf-next 06/12,v2] netfilter: nft_numgen: cancel register tracking, Pablo Neira Ayuso
- [PATCH nf-next 10/12,v2] netfilter: nft_socket: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 05/12,v2] netfilter: nft_meta: extend reduce support to bridge family, Pablo Neira Ayuso
- [PATCH nf-next 04/12,v2] netfilter: nft_lookup: only cancel tracking for clobbered dregs, Pablo Neira Ayuso
- [PATCH nf-next 07/12,v2] netfilter: nft_osf: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 09/12,v2] netfilter: nft_immediate: cancel register tracking for data destination register, Pablo Neira Ayuso
- [PATCH nf-next 08/12,v2] netfilter: nft_hash: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 11/12,v2] netfilter: nft_xfrm: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 12/12,v2] netfilter: nft_tunnel: track register operations, Pablo Neira Ayuso
Xtables-addons URL issues, Pander
Xtables-addons geoip manual, Pander
[PATCH nf-next 0/9] register tracking infrastructure follow up, Pablo Neira Ayuso
- [PATCH nf-next 2/9] netfilter: nf_tables: cancel tracking for clobbered destination registers, Pablo Neira Ayuso
- [PATCH nf-next 1/9] netfilter: nf_tables: do not reduce read-only expressions, Pablo Neira Ayuso
- [PATCH nf-next 3/9] netfilter: nft_ct: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 4/9] netfilter: nft_lookup: only cancel tracking for clobbered dregs, Pablo Neira Ayuso
- [PATCH nf-next 5/9] netfilter: nft_meta: extend reduce support to bridge family, Pablo Neira Ayuso
- [PATCH nf-next 7/9] netfilter: nft_osf: track register operations, Pablo Neira Ayuso
- [PATCH nf-next 6/9] netfilter: nft_numgen: cancel register tracking, Pablo Neira Ayuso
- [PATCH nf-next 9/9] netfilter: nft_immediate: cancel register tracking for data destination register, Pablo Neira Ayuso
- [PATCH nf-next 8/9] netfilter: nft_hash: track register operations, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nf_tables: disable register tracking, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: do not reduce read-only expressions, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: disable register tracking, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_payload: only cancel tracking for clobbered dregs, Pablo Neira Ayuso
[PATCH nf-next,v5] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: disable register tracking, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: add stubs for readonly expressions, Florian Westphal
- Re: [PATCH nf-next] netfilter: nf_tables: add stubs for readonly expressions, kernel test robot
- Re: [PATCH nf-next] netfilter: nf_tables: add stubs for readonly expressions, kernel test robot
- Re: [PATCH nf-next] netfilter: nf_tables: add stubs for readonly expressions, kernel test robot
[PATCH nf-next] netfilter: nft_meta: extend reduce support to bridge family, Florian Westphal
[PATCH nf-next] netfilter: nft_lookup: only cancel tracking for clobbered dregs, Florian Westphal
[PATCH nf,v4] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH v33 18/29] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v33 16/29] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v33 15/29] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v33 09/29] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[PATCH v33 08/29] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH nf,v2] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nf_tables: cancel register tracking if .reduce is not defined, Pablo Neira Ayuso
[PATCH nf-next 0/4] netfilter: conntrack: ignore overly delayed tcp packets, Florian Westphal
- [PATCH nf-next 1/4] netfilter: conntrack: remove pr_debug callsites from tcp tracker, Florian Westphal
- [PATCH nf-next 3/4] netfilter: conntrack: ignore overly delayed tcp packets, Florian Westphal
- [PATCH nf-next 4/4] netfilter: conntrack: remove unneeded indent level, Florian Westphal
- [PATCH nf-next 2/4] netfilter: conntrack: prepare tcp_in_window for tristate return value, Florian Westphal
[PATCH AUTOSEL 5.16 18/27] netfilter: egress: silence egress hook lockdep splats, Sasha Levin
[RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
- [RFC PATCH v4 01/15] landlock: access mask renaming, Konstantin Meskhidze
  - Re: [RFC PATCH v4 01/15] landlock: access mask renaming, Mickaël Salaün
    - Re: [RFC PATCH v4 01/15] landlock: access mask renaming, Konstantin Meskhidze
- [RFC PATCH v4 07/15] landlock: user space API network support, Konstantin Meskhidze
  - Re: [RFC PATCH v4 07/15] landlock: user space API network support, Mickaël Salaün
    - Re: [RFC PATCH v4 07/15] landlock: user space API network support, Mickaël Salaün
      - Re: [RFC PATCH v4 07/15] landlock: user space API network support, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 07/15] landlock: user space API network support, Mickaël Salaün
        
        Re: [RFC PATCH v4 07/15] landlock: user space API network support, Konstantin Meskhidze
    - Re: [RFC PATCH v4 07/15] landlock: user space API network support, Konstantin Meskhidze
- [RFC PATCH v4 05/15] landlock: unmask_layers() function refactoring, Konstantin Meskhidze
- [RFC PATCH v4 04/15] landlock: merge and inherit function refactoring, Konstantin Meskhidze
- [RFC PATCH v4 06/15] landlock: landlock_add_rule syscall refactoring, Konstantin Meskhidze
  - Re: [RFC PATCH v4 06/15] landlock: landlock_add_rule syscall refactoring, Mickaël Salaün
    - Re: [RFC PATCH v4 06/15] landlock: landlock_add_rule syscall refactoring, Konstantin Meskhidze
- [RFC PATCH v4 09/15] landlock: TCP network hooks implementation, Konstantin Meskhidze
  - Re: [RFC PATCH v4 09/15] landlock: TCP network hooks implementation, Mickaël Salaün
    - Re: [RFC PATCH v4 09/15] landlock: TCP network hooks implementation, Konstantin Meskhidze
- [RFC PATCH v4 08/15] landlock: add support network rules, Konstantin Meskhidze
  - Re: [RFC PATCH v4 08/15] landlock: add support network rules, Mickaël Salaün
    - Re: [RFC PATCH v4 08/15] landlock: add support network rules, Konstantin Meskhidze
      - Re: [RFC PATCH v4 08/15] landlock: add support network rules, Mickaël Salaün
        
        Re: [RFC PATCH v4 08/15] landlock: add support network rules, Konstantin Meskhidze
- [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Konstantin Meskhidze
  - Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Mickaël Salaün
    - Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Konstantin Meskhidze
      - Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Mickaël Salaün
        
        Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Mickaël Salaün
        
        Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring (TCP port 0), Mickaël Salaün
        
        Re: [RFC PATCH v4 03/15] landlock: landlock_find/insert_rule refactoring (TCP port 0), Konstantin Meskhidze
- [RFC PATCH v4 02/15] landlock: filesystem access mask helpers, Konstantin Meskhidze
  - Re: [RFC PATCH v4 02/15] landlock: filesystem access mask helpers, Mickaël Salaün
    - Re: [RFC PATCH v4 02/15] landlock: filesystem access mask helpers, Konstantin Meskhidze
      - Re: [RFC PATCH v4 02/15] landlock: filesystem access mask helpers, Mickaël Salaün
        
        Re: [RFC PATCH v4 02/15] landlock: filesystem access mask helpers, Konstantin Meskhidze
- [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
  - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Mickaël Salaün
    - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
      - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Mickaël Salaün
        
        Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Mickaël Salaün
        
        Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
    - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Mickaël Salaün
      - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
  - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Mickaël Salaün
    - Re: [RFC PATCH v4 10/15] seltest/landlock: add tests for bind() hooks, Konstantin Meskhidze
- [RFC PATCH v4 11/15] seltest/landlock: add tests for connect() hooks, Konstantin Meskhidze
- [RFC PATCH v4 14/15] seltest/landlock: ruleset expanding test, Konstantin Meskhidze
- [RFC PATCH v4 13/15] seltest/landlock: rules overlapping test, Konstantin Meskhidze
- [RFC PATCH v4 12/15] seltest/landlock: connect() with AF_UNSPEC tests, Konstantin Meskhidze
- [RFC PATCH v4 15/15] seltest/landlock: invalid user input data test, Konstantin Meskhidze
- Re: [RFC PATCH v4 00/15] Landlock LSM, Mickaël Salaün
  - Re: [RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
    - Re: [RFC PATCH v4 00/15] Landlock LSM, Mickaël Salaün
      - Re: [RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
      - Re: [RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 00/15] Landlock LSM, Mickaël Salaün
        
        Re: [RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
        
        Re: [RFC PATCH v4 00/15] Landlock LSM, Mickaël Salaün
        
        Re: [RFC PATCH v4 00/15] Landlock LSM, Konstantin Meskhidze
Looking for info on ipset set type revisions, Ian Pilcher
- Re: Looking for info on ipset set type revisions, Jozsef Kadlecsik
[PATCH conntrack-tools] nfct: remove lazy binding, Pablo Neira Ayuso
- Re: [PATCH conntrack-tools] nfct: remove lazy binding, Phil Sutter
[PATCH nf] Revert "netfilter: nat: force port remap to prevent shadowing well-known ports", Florian Westphal
- [PATCH nf] Revert "netfilter: conntrack: tag conntracks picked up in local out hook", Florian Westphal
  - Re: [PATCH nf] Revert "netfilter: conntrack: tag conntracks picked up in local out hook", Florian Westphal
[PATCH] netfilter: bridge: clean up some inconsistent indenting, Jiapeng Chong
- Re: [PATCH] netfilter: bridge: clean up some inconsistent indenting, Florian Westphal
[PATCH] netfilter: conditionally use ct and ctinfo, trix
- Re: [PATCH] netfilter: conditionally use ct and ctinfo, Florian Westphal
  - Re: [PATCH] netfilter: conditionally use ct and ctinfo, Tom Rix
    - Re: [PATCH] netfilter: conditionally use ct and ctinfo, Florian Westphal
[PATCH bpf-next v4 7/8] bpf: Replace __diag_ignore with unified __diag_ignore_all, Kumar Kartikeya Dwivedi
nftables 1.0.2 building issues, Francesco Colista
- Re: nftables 1.0.2 building issues, Jan Engelhardt
[iptables RFC 0/2] Speed up restoring huge rulesets, Phil Sutter
- [iptables RFC 2/2] libxtables: Boost rule target checks by announcing chain names, Phil Sutter
  - Re: [iptables RFC 2/2] libxtables: Boost rule target checks by announcing chain names, Florian Westphal
    - Re: [iptables RFC 2/2] libxtables: Boost rule target checks by announcing chain names, Phil Sutter
- [iptables RFC 1/2] libxtables: Implement notargets hash table, Phil Sutter
  - Re: [iptables RFC 1/2] libxtables: Implement notargets hash table, Florian Westphal
    - Re: [iptables RFC 1/2] libxtables: Implement notargets hash table, Phil Sutter
[nft PATCH] misspell: Avoid segfault with anonymous chains, Phil Sutter
- Re: [nft PATCH] misspell: Avoid segfault with anonymous chains, Pablo Neira Ayuso
  - Re: [nft PATCH] misspell: Avoid segfault with anonymous chains, Phil Sutter
    - Re: [nft PATCH] misspell: Avoid segfault with anonymous chains, Pablo Neira Ayuso
[PATCH nft] evaluate: init cmd pointer for new on-stack context, Florian Westphal
- Re: [PATCH nft] evaluate: init cmd pointer for new on-stack context, Pablo Neira Ayuso
  - Re: [PATCH nft] evaluate: init cmd pointer for new on-stack context, Florian Westphal
  - Re: [PATCH nft] evaluate: init cmd pointer for new on-stack context, Phil Sutter
[PATCH nft] optimize: do not assume log prefix, Pablo Neira Ayuso
[PATCH bpf-next v3 7/8] bpf: Replace __diag_ignore with unified __diag_ignore_all, Kumar Kartikeya Dwivedi
[PATCH nft,v3 1/3] optimize: more robust statement merge with vmap, Pablo Neira Ayuso
- [PATCH nft,v3 2/3] optimize: incorrect assert() for unexpected expression type, Pablo Neira Ayuso
- [PATCH nft,v3 3/3] optimize: do not merge unsupported statement expressions, Pablo Neira Ayuso
[PATCH nft,v2] optimize: do not merge unsupported statement expressions, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nft_ct: track register operations, Pablo Neira Ayuso
[PATCH nft,v2 1/2] optimize: more robust statement merge with vmap, Pablo Neira Ayuso
- [PATCH nft,v2 2/2] optimize: incorrect assert() for unexpected expression type, Pablo Neira Ayuso
[PATCH nft] optimize: do not merge unsupported statement expressions, Pablo Neira Ayuso
[RFC v3 nf-next 00/15] netfilter: conntrack: remove percpu lists, Florian Westphal
- [RFC v3 nf-next 01/15] nfnetlink: handle already-released nl socket, Florian Westphal
- [RFC v3 nf-next 02/15] netfilter: ctnetlink: make ecache event cb global again, Florian Westphal
- [RFC v3 nf-next 03/15] netfilter: ecache: move to separate structure, Florian Westphal
- [RFC v3 nf-next 04/15] netfilter: ecache: use dedicated list for event redelivery, Florian Westphal
- [RFC v3 nf-next 05/15] netfilter: conntrack: split inner loop of list dumping to own function, Florian Westphal
- [RFC v3 nf-next 06/15] netfilter: conntrack: include ecache dying list in dumps, Florian Westphal
- [RFC v3 nf-next 07/15] netfilter: conntrack: remove the percpu dying list, Florian Westphal
- [RFC v3 nf-next 08/15] netfilter: cttimeout: inc/dec module refcount per object, not per use refcount, Florian Westphal
- [RFC v3 nf-next 09/15] netfilter: nfnetlink_cttimeout: use rcu protection in cttimeout_get_timeout, Florian Westphal
- [RFC v3 nf-next 10/15] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [RFC v3 nf-next 11/15] netfilter: remove nf_ct_unconfirmed_destroy helper, Florian Westphal
- [RFC v3 nf-next 12/15] netfilter: extensions: introduce extension genid count, Florian Westphal
- [RFC v3 nf-next 13/15] netfilter: cttimeout: decouple unlink and free on netns destruction, Florian Westphal
- [RFC v3 nf-next 14/15] netfilter: conntrack: remove __nf_ct_unconfirmed_destroy, Florian Westphal
- [RFC v3 nf-next 15/15] netfilter: conntrack: remove unconfirmed list, Florian Westphal
heads up, rebasing nf-next, Pablo Neira Ayuso
[PATCH nft 1/2] optimize: more robust statement merge with vmap, Pablo Neira Ayuso
- [PATCH nft 2/2] optimize: incorrect assert() for unexpected expression type, Pablo Neira Ayuso
[PATCH nft] optimize: fix vmap with anonymous sets, Pablo Neira Ayuso
[PATCH bpf-next v2 7/8] bpf: Replace __diag_ignore with unified __diag_ignore_all, Kumar Kartikeya Dwivedi
[nf-next PATCH] netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned(), Phil Sutter
- Re: [nf-next PATCH] netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned(), Pablo Neira Ayuso
  - Re: [nf-next PATCH] netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned(), Pablo Neira Ayuso
[PATCH] netfilter: nft_ct: spurious warning when assigning conntrack helpers, Phil Sutter
Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Pablo Neira Ayuso
- Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Shuah Khan
  - Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Shuah Khan
- Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Jan Engelhardt
  - Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Pablo Neira Ayuso
    - Re: [PATCH v2] selftests: netfilter: fix a build error on openSUSE, Jeremy Sowden
    - [PATCH nf] selftests: netfilter: fix libmnl pkg-config usage, Jeremy Sowden
      - Re: [PATCH nf] selftests: netfilter: fix libmnl pkg-config usage, Jan Engelhardt
[iptables PATCH 0/4] Speed up iptables-nft-save, Phil Sutter
- [iptables PATCH 1/4] nft: Simplify immediate parsing, Phil Sutter
  - Re: [iptables PATCH 1/4] nft: Simplify immediate parsing, Florian Westphal
- [iptables PATCH 3/4] xshared: Prefer xtables_chain_protos lookup over getprotoent, Phil Sutter
  - Re: [iptables PATCH 3/4] xshared: Prefer xtables_chain_protos lookup over getprotoent, Florian Westphal
    - Re: [iptables PATCH 3/4] xshared: Prefer xtables_chain_protos lookup over getprotoent, Phil Sutter
      - Message not available
        
        Re: [iptables PATCH 3/4] xshared: Prefer xtables_chain_protos lookup over getprotoent, Phil Sutter
- [iptables PATCH 2/4] nft: Speed up immediate parsing, Phil Sutter
- [iptables PATCH 4/4] nft: Don't pass command state opaque to family ops callbacks, Phil Sutter
  - Re: [iptables PATCH 4/4] nft: Don't pass command state opaque to family ops callbacks, Florian Westphal
[nft PATCH] scanner: Fix for ipportmap nat statements, Phil Sutter
[PATCH nft,v3 0/7] revisit overlap/automerge codebase, Pablo Neira Ayuso
- [PATCH nft,v3 1/7] src: add EXPR_F_KERNEL to identify expression in the kernel, Pablo Neira Ayuso
- [PATCH nft,v3 4/7] mnl: update mnl_nft_setelem_del() to allow for more reuse, Pablo Neira Ayuso
- [PATCH nft,v3 3/7] src: remove rbtree datastructure, Pablo Neira Ayuso
- [PATCH nft,v3 2/7] src: replace interval segment tree overlap and automerge, Pablo Neira Ayuso
- [PATCH nft,v3 5/7] intervals: add support to automerge with kernel elements, Pablo Neira Ayuso
- [PATCH nft,v3 7/7] intervals: support to partial deletion with automerge, Pablo Neira Ayuso
- [PATCH nft,v3 6/7] evaluate: allow for zero length ranges, Pablo Neira Ayuso
[PATCH] net/netfilter: use memset avoid infoleaks, cgel . zte
- Re: [PATCH] net/netfilter: use memset avoid infoleaks, Florian Westphal
[PATCH v2 nf 0/2] netfilter: nf_queue: be more careful with sk refcounts, Florian Westphal
- [PATCH v2 nf 1/2] netfilter: nf_queue: fix possible use-after-free, Florian Westphal
  - Re: [PATCH v2 nf 1/2] netfilter: nf_queue: fix possible use-after-free, Eric Dumazet
- [PATCH v2 nf 2/2] netfilter: nf_queue: handle socket prefetch, Florian Westphal
[PATCH ipset] Fix IPv6 sets nftables translation, Pablo Neira Ayuso
- Re: [PATCH ipset] Fix IPv6 sets nftables translation, Florian Eckert
[PATCH nf] netfilter: nf_queue: be more careful with sk refcounts, Florian Westphal
- Re: [PATCH nf] netfilter: nf_queue: be more careful with sk refcounts, Joe Stringer
  - Re: [PATCH nf] netfilter: nf_queue: be more careful with sk refcounts, Florian Westphal
    - Re: [PATCH nf] netfilter: nf_queue: be more careful with sk refcounts, Joe Stringer
      - Re: [PATCH nf] netfilter: nf_queue: be more careful with sk refcounts, Florian Westphal
[PATCH net v4 1/1] net/sched: act_ct: Fix flow table lookup failure with no originating ifindex, Paul Blakey
- Re: [PATCH net v4 1/1] net/sched: act_ct: Fix flow table lookup failure with no originating ifindex, Pablo Neira Ayuso
[PATCH net v3 1/1] net/sched: act_ct: Fix flow table lookup failure with no originating ifindex, Paul Blakey
- Re: [PATCH net v3 1/1] net/sched: act_ct: Fix flow table lookup failure with no originating ifindex, Paul Blakey
[PATCH RFC] memcg: Enable accounting for nft objects, Vasily Averin
- Re: [PATCH RFC] memcg: Enable accounting for nft objects, Florian Westphal
  - [PATCH v2] memcg: enable accounting for nft objects, Vasily Averin
    - Re: [PATCH v2] memcg: enable accounting for nft objects, Florian Westphal
    - Re: [PATCH v2] memcg: enable accounting for nft objects, Pablo Neira Ayuso
      - Re: [PATCH v2] memcg: enable accounting for nft objects, Vasily Averin
  - Re: [PATCH RFC] memcg: Enable accounting for nft objects, Vasily Averin
  - [PATCH v2 RESEND] memcg: enable accounting for nft objects, Vasily Averin
    - Re: [PATCH v2 RESEND] memcg: enable accounting for nft objects, Pablo Neira Ayuso
      - Re: [PATCH v2 RESEND] memcg: enable accounting for nft objects, Vasily Averin
        
        [PATCH nft] nft: memcg accounting for dynamically allocated objects, Vasily Averin
        
        Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects, Roman Gushchin
        
        Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects, Florian Westphal
        
        Re: [PATCH nft] nft: memcg accounting for dynamically allocated objects, Vasily Averin

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]