Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH nft,v2] doc: fix sinopsis of named counter, quota and ct {helper,timeout,expect}, Pablo Neira Ayuso
- Re: [PATCH nft,v2] doc: fix sinopsis of named counter, quota and ct {helper,timeout,expect}, Jeremy Sowden
  - Re: [PATCH nft,v2] doc: fix sinopsis of named counter, quota and ct {helper,timeout,expect}, Pablo Neira Ayuso
[PATCH nft] doc: fix sinopsis of named counter, quota and ct {helper,timeout,expect}, Pablo Neira Ayuso
list vmap counter errot, Martin Zatloukal
- Re: list vmap counter errot, Pablo Neira Ayuso
  - Message not available
    - Message not available
      - Message not available
        
        Re: list vmap counter errot, Pablo Neira Ayuso
[PATCH net v4] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Cole Dishington
- Re: [PATCH net v4] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Florian Westphal
  - Re: [PATCH net v4] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Cole Dishington
    - Re: [PATCH net v4] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Florian Westphal
[PATCH libnetfilter_log] src: doc: revise doxygen for all other modules, Duncan Roe
- Re: [PATCH libnetfilter_log] src: doc: revise doxygen for all other modules, Duncan Roe
[PATCH libnetfilter_log v3] src: doc: revise doxygen for module "Netlink message helper functions", Duncan Roe
- Re: [PATCH libnetfilter_log v3] src: doc: revise doxygen for module "Netlink message helper functions", Pablo Neira Ayuso
[iptables PATCH] ebtables: Avoid dropping policy when flushing, Phil Sutter
- Re: [iptables PATCH] ebtables: Avoid dropping policy when flushing, Phil Sutter
[PATCH nf 0/2] netfilter: nf_nat_masquerade: don't block rtnl lock, Florian Westphal
- [PATCH nf 1/2] netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic, Florian Westphal
- [PATCH nf 2/2] netfilter: nf_nat_masquerade: defer conntrack walk to work queue, Florian Westphal
- Re: [PATCH nf 0/2] netfilter: nf_nat_masquerade: don't block rtnl lock, Pablo Neira Ayuso
[PATCH net v3] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Cole Dishington
- Re: [PATCH net v3] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Florian Westphal
[PATCH nft] src: revert hashtable for expression handlers, Pablo Neira Ayuso
Python bindings crash when more than one Nftables is instantiated, Eugene Crosser
- Re: Python bindings crash when more than one Nftables is instantiated, Pablo Neira Ayuso
[xtables-addons] xt_ipp2p: add ipv6 module alias, Jeremy Sowden
- Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, Jan Engelhardt
- Message not available
  - Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, Jeremy Sowden
    - Message not available
      - Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, Jan Engelhardt
        
        Message not available
        
        Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, Jeremy Sowden
        
        Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, kaskada
        
        Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, kaskada
        
        Re: [xtables-addons] xt_ipp2p: add ipv6 module alias, Jeremy Sowden
[xtables-addons] xt_ipp2p: fix compatibility with pre-5.1 kernels, Jeremy Sowden
- Message not available
  - Re: [xtables-addons] xt_ipp2p: fix compatibility with pre-5.1 kernels, Jeremy Sowden
- Re: [xtables-addons] xt_ipp2p: fix compatibility with pre-5.1 kernels, Jan Engelhardt
[PATCH nf] netfilter: nf_tables: Fix oversized kvmalloc() calls, Pablo Neira Ayuso
[syzbot] WARNING: kmalloc bug in hash_ipportip_create, syzbot
[xtables-addons 0/4] IPv6 support for xt_ipp2p, Jeremy Sowden
- [xtables-addons 2/4] xt_ipp2p: move the protocol-specific code out into separate functions, Jeremy Sowden
- [xtables-addons 4/4] xt_ipp2p: add ipv6 support, Jeremy Sowden
- [xtables-addons 3/4] xt_ipp2p: move result printing code into separate functions, Jeremy Sowden
- [xtables-addons 1/4] xt_ipp2p: don't search haystack if it's empty, Jeremy Sowden
- Message not available
  - Re: [xtables-addons 0/4] IPv6 support for xt_ipp2p, Jeremy Sowden
- Re: [xtables-addons 0/4] IPv6 support for xt_ipp2p, Jan Engelhardt
Re: [syzbot] WARNING in __percpu_ref_exit (2), syzbot
- Re: [syzbot] WARNING in __percpu_ref_exit (2), Dmitry Vyukov
  - Re: [syzbot] WARNING in __percpu_ref_exit (2), Pavel Begunkov
    - Re: [syzbot] WARNING in __percpu_ref_exit (2), syzbot
      - Re: [syzbot] WARNING in __percpu_ref_exit (2), Dmitry Vyukov
[syzbot] KASAN: use-after-free Read in nft_table_lookup (2), syzbot
- [PATCH nf] netfilter: nf_tables: unlink table before deleting it, Florian Westphal
  - Re: [PATCH nf] netfilter: nf_tables: unlink table before deleting it, Pablo Neira Ayuso
[PATCH libnetfilter_log] src: make nflog_open_nfnl() static, Duncan Roe
- Re: [PATCH libnetfilter_log] src: make nflog_open_nfnl() static, Pablo Neira Ayuso
[PATCH nf] netfilter: ip6_tables: zero-initialize fragment offset, Jeremy Sowden
- Re: [PATCH nf] netfilter: ip6_tables: zero-initialize fragment offset, Florian Westphal
  - Re: [PATCH nf] netfilter: ip6_tables: zero-initialize fragment offset, Jeremy Sowden
- Re: [PATCH nf] netfilter: ip6_tables: zero-initialize fragment offset, Pablo Neira Ayuso
module ipp2p (xtables) for ip6tables? No such file or directory..., kaskada
- Re: module ipp2p (xtables) for ip6tables? No such file or directory..., Jeremy Sowden
[PATCH nf] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20, Andrea Claudi
- Re: [PATCH nf] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20, Julian Anastasov
- Re: [PATCH nf] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20, Simon Horman
- Re: [PATCH nf] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20, Pablo Neira Ayuso
[PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length, Topi Miettinen
- Re: [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length, Florian Westphal
[PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y, Florian Westphal
- [PATCH 5.10.y 1/3] netfilter: nftables: avoid potential overflows on 32bit arches, Florian Westphal
- [PATCH 5.10.y 3/3] netfilter: nftables: clone set element expression template, Florian Westphal
- [PATCH 5.10.y 2/3] netfilter: nf_tables: initialize set before expression setup, Florian Westphal
- Re: [PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y, Greg KH
  - Re: [PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y, Salvatore Bonaccorso
    - Re: [PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y, Florian Westphal
[PATCH AUTOSEL 5.10 124/176] net: Fix offloading indirect devices dependency on qdisc order creation, Sasha Levin
[PATCH AUTOSEL 5.13 156/219] net: Fix offloading indirect devices dependency on qdisc order creation, Sasha Levin
[PATCH AUTOSEL 5.13 082/219] netfilter: nft_compat: use nfnetlink_unicast(), Sasha Levin
[PATCH AUTOSEL 5.14 176/252] net: Fix offloading indirect devices dependency on qdisc order creation, Sasha Levin
[PATCH AUTOSEL 5.14 096/252] netfilter: nft_compat: use nfnetlink_unicast(), Sasha Levin
[syzbot] WARNING: kmalloc bug in hash_ipport_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_ipport_create, syzbot
[PATCH nf 0/5] netfilter: conntrack: make zone id part of conntrack hash, Florian Westphal
- [PATCH nf 1/5] netfilter: conntrack: make connection tracking table less predictable, Florian Westphal
- [PATCH nf 1/5] netfilter: conntrack: make max chain length random, Florian Westphal
- [PATCH nf 2/5] netfilter: conntrack: include zone id in tuple hash again, Florian Westphal
- [PATCH nf 3/5] netfilter: nat: include zone id in nat table hash again, Florian Westphal
- [PATCH nf 4/5] selftests: netfilter: add selftest for directional zone support, Florian Westphal
- [PATCH nf 5/5] selftests: netfilter: add zone stress test with colliding tuples, Florian Westphal
- Re: [PATCH nf 0/5] netfilter: conntrack: make zone id part of conntrack hash, Pablo Neira Ayuso
[PATCH libnetfilter_log] utils: nfulnl_test: Print meaningful error messages, Duncan Roe
- Re: [PATCH libnetfilter_log] utils: nfulnl_test: Print meaningful error messages, Pablo Neira Ayuso
[PATCH libnetfilter_log v2] src: doc: revise doxygen for module "Netlink message helper functions", Duncan Roe
[PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Cole Dishington
- Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, kernel test robot
- Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Florian Westphal
  - Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Jan Engelhardt
    - Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Duncan Roe
      - Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Jan Engelhardt
- Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, kernel test robot
[PATCH nft] doc: nfnetlink_log allows one single process through unicast, Pablo Neira Ayuso
[PATCH nft] netlink: rework range_expr_to_prefix(), Pablo Neira Ayuso
[iptables PATCH 1/7] tests: iptables-test: Fix missing chain case, Phil Sutter
- [iptables PATCH 2/7] tests: xlate-test: Don't skip any input after the first empty line, Phil Sutter
- [iptables PATCH 4/7] tests: iptables-test: Print errors to stderr, Phil Sutter
- [iptables PATCH 5/7] tests: xlate-test: Exit non-zero on error, Phil Sutter
- [iptables PATCH 6/7] tests: iptables-test: Exit non-zero on error, Phil Sutter
- [iptables PATCH 7/7] tests: shell: Return non-zero on error, Phil Sutter
- [iptables PATCH 3/7] tests: xlate-test: Print errors to stderr, Phil Sutter
[PATCH 1/1] netfilter: ipset: Fix oversized kvmalloc() calls, Jozsef Kadlecsik
- Re: [PATCH 1/1] netfilter: ipset: Fix oversized kvmalloc() calls, Pablo Neira Ayuso
[PATCH nft] doc: refer to ulogd manpage, Pablo Neira Ayuso
[PATCH nft] doc: Missing NFT_CTX_OUTPUT_NUMERIC_SYMBOL in libnftables documentation, Pablo Neira Ayuso
[PATCH nft] meta: skip -T for hour and date format, Pablo Neira Ayuso
[PATCH libnetfilter_log] src: consistently use `gh` in code, code snippets and examples, Duncan Roe
- Re: [PATCH libnetfilter_log] src: consistently use `gh` in code, code snippets and examples, Pablo Neira Ayuso
[PATCH nftables] doc: libnflog handles `log group`, not libnfq, Duncan Roe
- Re: [PATCH nftables] doc: libnflog handles `log group`, not libnfq, Pablo Neira Ayuso
[PATCH nft] src: Check range bounds before converting to prefix, Xiao Liang
- Re: [PATCH nft] src: Check range bounds before converting to prefix, Pablo Neira Ayuso
  - Re: [PATCH nft] src: Check range bounds before converting to prefix, Xiao Liang
- Re: [PATCH nft] src: Check range bounds before converting to prefix, Pablo Neira Ayuso
[net-next v4] extensions: masquerade: Add RFC-7597 section 5.1 PSID support, Cole Dishington
[syzbot] WARNING: kmalloc bug in hash_mac_create, syzbot
[PATCH libnetfilter_log] src: doc: revise doxygen for module "Netlink message helper functions", Duncan Roe
- Re: [PATCH libnetfilter_log] src: doc: revise doxygen for module "Netlink message helper functions", Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_log] src: doc: revise doxygen for module "Netlink message helper functions", Duncan Roe
[syzbot] WARNING: kmalloc bug in hash_ipportnet_create, syzbot
[syzbot] WARNING: kmalloc bug in hash_netport_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_netport_create, Eric Dumazet
- Re: [syzbot] WARNING: kmalloc bug in hash_netport_create, syzbot
[syzbot] WARNING: kmalloc bug in hash_ipmark_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_ipmark_create, Eric Dumazet
[syzbot] WARNING: kmalloc bug in hash_ipmac_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_ipmac_create, Eric Dumazet
[syzbot] WARNING: kmalloc bug in hash_net_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_net_create, Eric Dumazet
  - Re: [syzbot] WARNING: kmalloc bug in hash_net_create, Jozsef Kadlecsik
- Re: [syzbot] WARNING: kmalloc bug in hash_net_create, syzbot
[syzbot] WARNING: kmalloc bug in nf_tables_newset, syzbot
- Re: [syzbot] WARNING: kmalloc bug in nf_tables_newset, Eric Dumazet
- Re: [syzbot] WARNING: kmalloc bug in nf_tables_newset, syzbot
[syzbot] WARNING: kmalloc bug in hash_ip_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_ip_create, Eric Dumazet
- Re: [syzbot] WARNING: kmalloc bug in hash_ip_create, syzbot
- Re: [syzbot] WARNING: kmalloc bug in hash_ip_create, Jozsef Kadlecsik
[PATCH nf] netfilter: socket: icmp6: fix use-after-scope, Benjamin Hesmans
- Re: [PATCH nf] netfilter: socket: icmp6: fix use-after-scope, Florian Westphal
- Re: [PATCH nf] netfilter: socket: icmp6: fix use-after-scope, Pablo Neira Ayuso
[PATCH nft] include: add NFT_CTX_OUTPUT_NUMERIC_TIME to NFT_CTX_OUTPUT_NUMERIC_ALL, Pablo Neira Ayuso
[PATCH nft] datatype: time_print() ignores -T, Pablo Neira Ayuso
[PATCH libnetfilter_queue] build: doc: Fix rendering of verbatim '\n"' in man pages, Duncan Roe
- <Possible follow-ups>
- [PATCH libnetfilter_queue] build: doc: Fix rendering of verbatim '\n"' in man pages, Duncan Roe
  - Re: [PATCH libnetfilter_queue] build: doc: Fix rendering of verbatim '\n"' in man pages, Pablo Neira Ayuso
[PATCH iptables] Fix a few doc typos, Štěpán Němec
- Re: [PATCH iptables] Fix a few doc typos, Phil Sutter
[PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Štěpán Němec
- Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Phil Sutter
  - Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Štěpán Němec
    - Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Phil Sutter
      - Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Štěpán Němec
        
        Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Phil Sutter
        
        Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Štěpán Němec
        
        Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Phil Sutter
        
        Re: [PATCH iptables] iptables-test.py: print with color escapes only when stdout isatty, Štěpán Němec
[PATCH libnetfilter_log 0/1] build: doc: `make` generates requested documentation, Duncan Roe
- [PATCH libnetfilter_log 1/1] build: doc: `make` generates requested documentation, Duncan Roe
[nft PATCH] parser_json: Fix error reporting for invalid syntax, Phil Sutter
[PATCH libnetfilter_log 0/1] src: doc: Eliminate doxygen warnings, Duncan Roe
- [PATCH libnetfilter_log 1/1] src: doc: Eliminate doxygen warnings, Duncan Roe
  - Re: [PATCH libnetfilter_log 1/1] src: doc: Eliminate doxygen warnings, Pablo Neira Ayuso
Netdevconf 0x15 videos, slides and papers up, Jamal Hadi Salim
[iptables PATCH 1/2] nft: Use xtables_malloc() in mnl_err_list_node_add(), Phil Sutter
- [iptables PATCH 2/2] nft: Use xtables_{m,c}alloc() everywhere, Phil Sutter
[PATCH libnetfilter_log 0/3] Miscellaneous cleanups, Duncan Roe
- [PATCH libnetfilter_log 1/3] src: whitespace: Remove trailing whitespace and inconsistent indents, Duncan Roe
- [PATCH libnetfilter_log 2/3] build: doc: reduce doxygen.cfg.in to non-default entries only, Duncan Roe
- [PATCH libnetfilter_log 3/3] build: doc: remove trailing whitespace from doxygen.cfg.in, Duncan Roe
- Re: [PATCH libnetfilter_log 0/3] Miscellaneous cleanups, Pablo Neira Ayuso
[PATCH nft 1/2] netlink_delinearize: incorrect meta protocol dependency kill again, Pablo Neira Ayuso
- [PATCH nft 2/2] rule: remove redundant meta protocol from the evaluation step, Pablo Neira Ayuso
[iptables PATCH] extensions: libxt_mac: Fix for missing space in listing, Phil Sutter
Patch for iptables v 1.8.7 mac extension, a.wojcik hyp.home.pl
- Re: Patch for iptables v 1.8.7 mac extension, Jan Engelhardt
[PATCH libnetfilter_queue] build: doc: Be sure to rerun doxygen after ./configure, Duncan Roe
- Re: [PATCH libnetfilter_queue] build: doc: Be sure to rerun doxygen after ./configure, Pablo Neira Ayuso
[PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jeremy Sowden
- [PATCH libnetfilter_log 2/6] build: remove references to non-existent man-pages., Jeremy Sowden
- [PATCH libnetfilter_log 1/6] Add doxygen directory to .gitignore., Jeremy Sowden
- [PATCH libnetfilter_log 3/6] doc: fix typo's in example., Jeremy Sowden
- [PATCH libnetfilter_log 6/6] libipulog: fill in missing packet fields., Jeremy Sowden
- [PATCH libnetfilter_log 5/6] libipulog: use correct index to find attribute in packet., Jeremy Sowden
- [PATCH libnetfilter_log 4/6] src: use calloc instead of malloc + memset., Jeremy Sowden
- Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jan Engelhardt
  - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jeremy Sowden
- Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Duncan Roe
    - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jeremy Sowden
      - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Duncan Roe
        
        Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jeremy Sowden
  - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Jeremy Sowden
    - Re: [PATCH libnetfilter_log 0/6] Implementation of some fields omitted by `ipulog_get_packet`., Pablo Neira Ayuso
[PATCH libnetfilter_queue v3 1/6] build: doc: Fix man pages, Duncan Roe
- [PATCH libnetfilter_queue v3 2/6] build: doc: Add a man page post-processor to build_man.sh, Duncan Roe
  - Re: [PATCH libnetfilter_queue v3 2/6] build: doc: Add a man page post-processor to build_man.sh, Pablo Neira Ayuso
- [PATCH libnetfilter_queue v3 3/6] build: doc: Avoid having to special-case `make distcheck`, Duncan Roe
  - Re: [PATCH libnetfilter_queue v3 3/6] build: doc: Avoid having to special-case `make distcheck`, Pablo Neira Ayuso
- [PATCH libnetfilter_queue v3 4/6] build: doc: fix `make distcleancheck`, Duncan Roe
  - Re: [PATCH libnetfilter_queue v3 4/6] build: doc: fix `make distcleancheck`, Pablo Neira Ayuso
- [PATCH libnetfilter_queue v3 5/6] build: doc: Allow to specify whether to produce man pages, html, neither or both, Duncan Roe
  - Re: [PATCH libnetfilter_queue v3 5/6] build: doc: Allow to specify whether to produce man pages, html, neither or both, Duncan Roe
- [PATCH libnetfilter_queue v3 6/6] build: doc: Eliminate warning from ./autogen.sh, Duncan Roe
  - [PATCH libnetfilter_queue v2] build: doc: Eliminate warning from ./autogen.sh, Duncan Roe
    - Re: [PATCH libnetfilter_queue v2] build: doc: Eliminate warning from ./autogen.sh, Pablo Neira Ayuso
- Verion info, Duncan Roe
- Re: [PATCH libnetfilter_queue v3 1/6] build: doc: Fix man pages, Pablo Neira Ayuso
libnetfilter_queue: automake portability warning, Jeremy Sowden
- Re: libnetfilter_queue: automake portability warning, Duncan Roe
- Re: libnetfilter_queue: automake portability warning, Jan Engelhardt
  - Re: libnetfilter_queue: automake portability warning, Duncan Roe
    - Re: libnetfilter_queue: automake portability warning, Pablo Neira Ayuso
      - Re: libnetfilter_queue: automake portability warning, Duncan Roe
[PATCH libnetfilter_log] build: remove broken code from autogen.sh., Jeremy Sowden
- Re: [PATCH libnetfilter_log] build: remove broken code from autogen.sh., Pablo Neira Ayuso
[PATCH nf 0/3] netfilter: conntrack: switch to siphash, Florian Westphal
- [PATCH nf 1/3] netfilter: conntrack: sanitize table size default settings, Florian Westphal
- [PATCH nf 2/3] netfilter: conntrack: switch to siphash, Florian Westphal
- [PATCH nf 3/3] netfilter: conntrack: refuse insertion if chain has grown too large, Florian Westphal
- [PATCH nf 3/3] netfilter: refuse insertion if chain has grown too large, Florian Westphal
- Re: [PATCH nf 0/3] netfilter: conntrack: switch to siphash, Pablo Neira Ayuso
[PATCH nft] netlink_delinearize: incorrect meta protocol dependency kill, Pablo Neira Ayuso
- Re: [PATCH nft] netlink_delinearize: incorrect meta protocol dependency kill, Florian Westphal
- Re: [PATCH nft] netlink_delinearize: incorrect meta protocol dependency kill, Phil Sutter
  - Re: [PATCH nft] netlink_delinearize: incorrect meta protocol dependency kill, Pablo Neira Ayuso
    - Re: [PATCH nft] netlink_delinearize: incorrect meta protocol dependency kill, Pablo Neira Ayuso
[Bug] Reverse translation skips "leading" meta protocol match, Tom Yan
- Re: [Bug] Reverse translation skips "leading" meta protocol match, Tom Yan
- Re: [Bug] Reverse translation skips "leading" meta protocol match, Pablo Neira Ayuso
[PATCH libnetfilter_queue v2 1/5] build: doc: Fix man pages, Duncan Roe
- [PATCH libnetfilter_queue v2 2/5] build: doc: Add a man page post-processor to build_man.sh, Duncan Roe
- [PATCH libnetfilter_queue v2 3/5] build: doc: Avoid having to special-case `make distcheck`, Duncan Roe
- [PATCH libnetfilter_queue v2 4/5] build: doc: fix `make distcleancheck`, Duncan Roe
- [PATCH libnetfilter_queue v2 5/5] build: doc: Allow to specify whether to produce man pages, html, neither or both, Duncan Roe
[PATCH nft] cache: provide a empty list for flowtables and objects when request fails, Pablo Neira Ayuso
[PATCH libnetfilter_queue] build: doc: Fix man pages, Duncan Roe
Request for a backport to Linux v5.4, Gianluca Anzolin
- Re: Request for a backport to Linux v5.4, Florian Westphal
  - Re: Request for a backport to Linux v5.4, Sasha Levin
[PATCH nft] cache: skip set element netlink dump for add/delete element command, Pablo Neira Ayuso
[PATCH] netfilter: x_tables: handle xt_register_template() returning an error value, Lukas Bulwahn
- Re: [PATCH] netfilter: x_tables: handle xt_register_template() returning an error value, Florian Westphal
- Re: [PATCH] netfilter: x_tables: handle xt_register_template() returning an error value, Pablo Neira Ayuso
Suspicious pattern for use of function xt_register_template(), Lukas Bulwahn
- Re: Suspicious pattern for use of function xt_register_template(), Florian Westphal
  - Re: Suspicious pattern for use of function xt_register_template(), Lukas Bulwahn
[PATCH 0/2] Reusing nfct handle for bulk ct loads, Mikhail Sennikovsky
- [PATCH 1/2] tests/conntrack: script for stress-testing ct load, Mikhail Sennikovsky
  - Re: [PATCH 1/2] tests/conntrack: script for stress-testing ct load, Pablo Neira Ayuso
- [PATCH 2/2] conntrack: use same nfct handle for all entries, Mikhail Sennikovsky
  - Re: [PATCH 2/2] conntrack: use same nfct handle for all entries, Pablo Neira Ayuso
Seemingly random crashes with CONFIG_HARDENED_USERCOPY=y on ppc64be, Stijn Tintel
[PATCH xtables-addons 0/8] xt_condition: per-net improvements, Jeremy Sowden
- [PATCH xtables-addons 1/8] build: bump minimum supported kernel version from 4.15 to 4.16., Jeremy Sowden
  - Re: [PATCH xtables-addons 1/8] build: bump minimum supported kernel version from 4.15 to 4.16., Jan Engelhardt
- [PATCH xtables-addons 2/8] xt_condition: use sizeof_field macro to size variable name., Jeremy Sowden
- [PATCH xtables-addons 5/8] xt_condition: remove `wmb` when adding new variable., Jeremy Sowden
- [PATCH xtables-addons 6/8] xt_condition: use `proc_net_condition` member of `struct condition_net`to signal that `condition_net_exit` has been called., Jeremy Sowden
- [PATCH xtables-addons 4/8] xt_condition: make mutex per-net., Jeremy Sowden
- [PATCH xtables-addons 8/8] xt_condition: simplify clean-up of variables., Jeremy Sowden
- [PATCH xtables-addons 7/8] xt_condition: don't delete variables in `condition_net_exit`., Jeremy Sowden
- [PATCH xtables-addons 3/8] xt_condition: use `xt_check_proc_name` to validate /proc file-name., Jeremy Sowden
- Re: [PATCH xtables-addons 0/8] xt_condition: per-net improvements, Jan Engelhardt
Old good cBPF and program size, alexandre.ferrieux
[PATCH libnetfilter_queue v4 1/4] build: doc: Fix NAME entry in man pages, Duncan Roe
- [PATCH libnetfilter_queue v4 2/4] build: doc: can choose what to build and install, Duncan Roe
  - Re: [PATCH libnetfilter_queue v4 2/4] build: doc: can choose what to build and install, Pablo Neira Ayuso
    - Re: [PATCH libnetfilter_queue v4 2/4] build: doc: can choose what to build and install, Duncan Roe
- [PATCH libnetfilter_queue v4 3/4] build: doc: VPATH builds work again, Duncan Roe
  - Re: [PATCH libnetfilter_queue v4 3/4] build: doc: VPATH builds work again, Pablo Neira Ayuso
    - Re: [PATCH libnetfilter_queue v4 3/4] build: doc: VPATH builds work again, Duncan Roe
      - Re: [PATCH libnetfilter_queue v4 3/4] build: doc: VPATH builds work again, Duncan Roe
      - Re: [PATCH libnetfilter_queue v4 3/4] build: doc: VPATH builds work again, Pablo Neira Ayuso
- [PATCH libnetfilter_queue v4 4/4] build: doc: split off shell script from within doxygen/Makefile.am, Duncan Roe
  - Re: [PATCH libnetfilter_queue v4 4/4] build: doc: split off shell script from within doxygen/Makefile.am, Pablo Neira Ayuso
    - Re: [PATCH libnetfilter_queue v4 4/4] build: doc: split off shell script from within doxygen/Makefile.am, Duncan Roe
      - Re: [PATCH libnetfilter_queue v4 4/4] build: doc: split off shell script from within doxygen/Makefile.am, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v4 4/4] build: doc: split off shell script from within doxygen/Makefile.am, Duncan Roe
[PATCH] Add DWARF object files to .gitignore., Jeremy Sowden
- Re: [PATCH] Add DWARF object files to .gitignore., Jeremy Sowden
- Re: [PATCH] Add DWARF object files to .gitignore., Jan Engelhardt
Re: [PATCH net-next v4] net: ipvs: add sysctl_run_estimation to support disable estimation, Julian Anastasov
- Re: [PATCH net-next v4] net: ipvs: add sysctl_run_estimation to support disable estimation, Simon Horman
  - Re: [PATCH net-next v4] net: ipvs: add sysctl_run_estimation to support disable estimation, Pablo Neira Ayuso
[PATCH libnetfilter_queue v3 1/3] build: doc: Fix NAME entry in man pages, Duncan Roe
- [PATCH libnetfilter_queue v3 2/3] build: doc: can choose what to build and install, Duncan Roe
- [PATCH libnetfilter_queue v3 3/3] build: doc: VPATH builds work again, Duncan Roe
- Re: [PATCH libnetfilter_queue v3 1/3] build: doc: Fix NAME entry in man pages, Jeremy Sowden
  - Re: [PATCH libnetfilter_queue v3 1/3] build: doc: Fix NAME entry in man pages, Duncan Roe
    - Re: [PATCH libnetfilter_queue v3 1/3] build: doc: Fix NAME entry in man pages, Duncan Roe
    - Re: [PATCH libnetfilter_queue v3 1/3] build: doc: Fix NAME entry in man pages, Jeremy Sowden
[PATCH] xtables-addons 3.18 condition - Improved network namespace support, Grzegorz Kuczyński
- Re: [PATCH] xtables-addons 3.18 condition - Improved network namespace support, Jan Engelhardt
  - Re: [PATCH] xtables-addons 3.18 condition - Improved network namespace support, Jeremy Sowden
- <Possible follow-ups>
- Re: [PATCH] xtables-addons 3.18 condition - Improved network namespace support, Grzegorz Kuczyński
  - Re: [PATCH] xtables-addons 3.18 condition - Improved network namespace support, Jeremy Sowden
[PATCH nftables] src: Optimize prefix match only if is big-endian, Xiao Liang
- Re: [PATCH nftables] src: Optimize prefix match only if is big-endian, Pablo Neira Ayuso
[PATCH nft,v3] src: queue: consolidate queue statement syntax, Pablo Neira Ayuso
[PATCH nft,v2] src: queue: consolidate queue statement syntax, Pablo Neira Ayuso
[PATCH nft] tests: shell: add nft-f/0022variables_0 dump file, Pablo Neira Ayuso
[PATCH nft] src: queue: consolidate queue statement syntax, Pablo Neira Ayuso
[PATCH nft] parser_bison: restore variable expression in queue statement, Pablo Neira Ayuso
[ANNOUNCE] nftables 1.0.0 release, Pablo Neira Ayuso
- Re: [ANNOUNCE] nftables 1.0.0 release, Amish
  - [PATCH nft] parser: permit symbolic defines for 'queue num' again, Florian Westphal
[PATCH nf-next] netfilter: ctnetlink: missing counters and timestamp in nfnetlink_{log,queue}, Pablo Neira Ayuso
[PATCH v2 40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn, Kees Cook
[PATCH v2 iptables] iptables-nft: allow removal of empty builtin chains, Florian Westphal
[PATCH v7 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, Ryoga Saito
- [PATCH v7 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Ryoga Saito
- [PATCH v7 2/2] netfilter: add netfilter hooks to SRv6 data plane, Ryoga Saito
- Re: [PATCH v7 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, Pablo Neira Ayuso
[PATCH v6 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, Ryoga Saito
- [PATCH v6 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Ryoga Saito
- [PATCH v6 2/2] netfilter: add netfilter hooks to SRv6 data plane, Ryoga Saito
  - Re: [PATCH v6 2/2] netfilter: add netfilter hooks to SRv6 data plane, Pablo Neira Ayuso
[PATCH AUTOSEL 5.4 3/5] netfilter: conntrack: collect all entries in one cycle, Sasha Levin
[PATCH AUTOSEL 4.19 3/4] netfilter: conntrack: collect all entries in one cycle, Sasha Levin
[PATCH AUTOSEL 5.10 5/9] netfilter: conntrack: collect all entries in one cycle, Sasha Levin
[PATCH AUTOSEL 5.13 07/12] netfilter: conntrack: collect all entries in one cycle, Sasha Levin
[PATCH AUTOSEL 5.13 06/12] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Sasha Levin
[PATCH nf-next 0/5] netfilter: ecache: simplify event registration, Florian Westphal
- [PATCH nf-next 1/5] netfilter: ecache: remove one indent level, Florian Westphal
- [PATCH nf-next 2/5] netfilter: ecache: remove another indent level, Florian Westphal
- [PATCH nf-next 3/5] netfilter: ecache: add common helper for nf_conntrack_eventmask_report, Florian Westphal
- [PATCH nf-next 4/5] netfilter: ecache: prepare for event notifier merge, Florian Westphal
- [PATCH nf-next 5/5] netfilter: ecache: remove nf_exp_event_notifier structure, Florian Westphal
- Re: [PATCH nf-next 0/5] netfilter: ecache: simplify event registration, Pablo Neira Ayuso
[PATCH nft] netlink_delinearize: skip flags / mask notation for singleton bitmask again, Pablo Neira Ayuso
[PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
- Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Jan Engelhardt
  - Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
    - Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Pablo Neira Ayuso
      - Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Pablo Neira Ayuso
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Pablo Neira Ayuso
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Phil Sutter
        
        Re: [PATCH iptabes-nft] iptables-nft: allow removal of empty builtin chains, Florian Westphal
[PATCH] libxt_ACCOUNT_cl: correct LDFLAGS variable name., Jeremy Sowden
- Re: [PATCH] libxt_ACCOUNT_cl: correct LDFLAGS variable name., Jan Engelhardt
nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
- Re: nfnetlink_queue -- why linear lookup ?, Florian Westphal
  - Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
    - Re: nfnetlink_queue -- why linear lookup ?, Florian Westphal
      - Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
        
        Re: nfnetlink_queue -- why linear lookup ?, Pablo Neira Ayuso
        
        Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
        
        Re: nfnetlink_queue -- why linear lookup ?, Pablo Neira Ayuso
        
        Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
        
        Re: nfnetlink_queue -- why linear lookup ?, Pablo Neira Ayuso
        
        Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
        
        Re: nfnetlink_queue -- why linear lookup ?, Florian Westphal
        
        Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
        
        Re: nfnetlink_queue -- why linear lookup ?, Pablo Neira Ayuso
        
        Re: nfnetlink_queue -- why linear lookup ?, Duncan Roe
        
        Re: nfnetlink_queue -- why linear lookup ?, Duncan Roe
        
        Re: nfnetlink_queue -- why linear lookup ?, Pablo Neira Ayuso
        
        Re: nfnetlink_queue -- why linear lookup ?, Florian Westphal
        
        Re: nfnetlink_queue -- why linear lookup ?, Duncan Roe
        
        Re: nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
[PATCH libnetfilter_queue v3 0/1] src: doc: Insert SYNOPSIS sections for man pages, Duncan Roe
- [PATCH libnetfilter_queue v3 1/1] src: doc: Insert SYNOPSIS sections for man pages, Duncan Roe
  - Re: [PATCH libnetfilter_queue v3 1/1] src: doc: Insert SYNOPSIS sections for man pages, Pablo Neira Ayuso
[PATCH nft] evaluate: expand variable containing set into multiple mappings, Pablo Neira Ayuso
[PATCH libnetfilter_queue v2 0/1] Insert SYNOPSIS sections for man pages, Duncan Roe
- [PATCH libnetfilter_queue v2 1/1] src: doc: Insert SYNOPSIS sections for man pages, Duncan Roe
[nft PATCH 1/3] tests: json_echo: Print errors to stderr, Phil Sutter
- [nft PATCH 2/3] tests: monitor: Print errors to stderr, Phil Sutter
- [nft PATCH 3/3] tests: monitor: Continue on error, Phil Sutter
[iptables PATCH] iptables-test: Make netns spawning more robust, Phil Sutter
[PATCH nft] evaluate: element key cannot in map cannot be a set, Pablo Neira Ayuso
[PATCH nft] tcpopt: bogus assertion on undefined options, Pablo Neira Ayuso
Netdevconf 0x15 slides and papers up, Jamal Hadi Salim
- <Possible follow-ups>
- Netdevconf 0x15 slides and papers up, Jamal Hadi Salim
[PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Pablo Neira Ayuso
- Re: [PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Duncan Roe
  - Re: [PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Pablo Neira Ayuso
    - Re: [PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Duncan Roe
      - Re: [PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue] include: deprecate libnetfilter_queue/linux_nfnetlink_queue.h, Duncan Roe
[nft PATCH] tests/py: Make netns spawning more robust, Phil Sutter
[PATCH] netfiler: protect nft_ct_pcpu_template_refcnt with mutex, Pavel Skripkin
- [PATCH v2] netfilter: protect nft_ct_pcpu_template_refcnt with mutex, Pavel Skripkin
  - Re: [PATCH v2] netfilter: protect nft_ct_pcpu_template_refcnt with mutex, Florian Westphal
  - Re: [PATCH v2] netfilter: protect nft_ct_pcpu_template_refcnt with mutex, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.15 released, Jozsef Kadlecsik
[PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
- Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
  - Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
    - Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
      - Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2] build: doc: Fix NAME entry in man pages, Duncan Roe
[PATCH 1/3] extensions: libtxt_NFLOG: use nft built-in logging instead of xt_NFLOG, Kyle Bowman
- [PATCH 2/3] extensions: libxt_NFLOG: dont truncate log prefix on print/save, Kyle Bowman
- [PATCH 3/3] extensions: libxf_NFLOG: remove `--nflog-range` Python unit-tests., Kyle Bowman
- Re: [PATCH 1/3] extensions: libtxt_NFLOG: use nft built-in logging instead of xt_NFLOG, Jeremy Sowden
  - Re: [PATCH 1/3] extensions: libtxt_NFLOG: use nft built-in logging instead of xt_NFLOG, Jeremy Sowden
[iptables PATCH] extensions: hashlimit: Fix tests with HZ=100, Phil Sutter
[syzbot] WARNING in destroy_conntrack, syzbot
- Re: [syzbot] WARNING in destroy_conntrack, Pavel Skripkin
[syzbot] KASAN: use-after-free Read in nf_tables_dump_sets, syzbot
- Re: [syzbot] KASAN: use-after-free Read in nf_tables_dump_sets, syzbot
- Re: [syzbot] KASAN: use-after-free Read in nf_tables_dump_sets, syzbot
  - Re: [syzbot] KASAN: use-after-free Read in nf_tables_dump_sets, Florian Westphal
[nft PATCH RFC] scanner: nat: Move to own scope, Phil Sutter
- Re: [nft PATCH RFC] scanner: nat: Move to own scope, Florian Westphal
  - Re: [nft PATCH RFC] scanner: nat: Move to own scope, Phil Sutter
    - Re: [nft PATCH RFC] scanner: nat: Move to own scope, Florian Westphal
      - Re: [nft PATCH RFC] scanner: nat: Move to own scope, Phil Sutter
[PATCH libnetfilter_queue] src: doc: Insert SYNOPSIS sections for man pages, Duncan Roe
[PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages, Duncan Roe
- <Possible follow-ups>
- [PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages, Duncan Roe
  - Re: [PATCH libnetfilter_queue] build: doc: Fix NAME entry in man pages, Duncan Roe
[PATCH v5 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, proelbtn
- [PATCH v5 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, proelbtn
- [PATCH v5 2/2] netfilter: add netfilter hooks to SRv6 data plane, proelbtn
  - Re: [PATCH v5 2/2] netfilter: add netfilter hooks to SRv6 data plane, Pablo Neira Ayuso
[PATCH libmnl] src: doc: Fix messed-up Netlink message batch diagram, Duncan Roe
- Re: [PATCH libmnl] src: doc: Fix messed-up Netlink message batch diagram, Pablo Neira Ayuso
[syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, syzbot
- Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, syzbot
- Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, Pavel Skripkin
  - Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, Florian Westphal
    - Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, Pavel Skripkin
      - Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, Florian Westphal
      - Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, syzbot
  - Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu, syzbot
[PATCH libnetfilter_queue v2] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Duncan Roe
- Re: [PATCH libnetfilter_queue v2] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Pablo Neira Ayuso
[PATCH libmnl] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Duncan Roe
- Re: [PATCH libmnl] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Pablo Neira Ayuso
[PATCH] netfilter: remove duplicate code, Kangmin Park
- Re: [PATCH] netfilter: remove duplicate code, Kangmin Park
  - Re: [PATCH] netfilter: remove duplicate code, Florian Westphal
[PATCH net 0/9,v2] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/9] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Pablo Neira Ayuso
- [PATCH net 2/9] netfilter: nf_conntrack_bridge: Fix memory leak when error, Pablo Neira Ayuso
- [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
- [PATCH net 4/9] netfilter: nfnetlink_hook: strip off module name from hookfn, Pablo Neira Ayuso
- [PATCH net 5/9] netfilter: nfnetlink_hook: missing chain family, Pablo Neira Ayuso
- [PATCH net 8/9] netfilter: conntrack: remove offload_pickup sysctl again, Pablo Neira Ayuso
- [PATCH net 6/9] netfilter: nfnetlink_hook: use the sequence number of the request message, Pablo Neira Ayuso
- [PATCH net 7/9] netfilter: nfnetlink_hook: Use same family as request message, Pablo Neira Ayuso
- [PATCH net 9/9] netfilter: nfnetlink_hook: translate inet ingress to netdev, Pablo Neira Ayuso
- Re: [PATCH net 0/9,v2] Netfilter fixes for net, Jakub Kicinski
[PATCH nf] netfilter: nfnetlink_hook: translate inet ingress to netdev, Pablo Neira Ayuso
[PATCH libnetfilter_queue] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Duncan Roe
- Re: [PATCH libnetfilter_queue] build: If doxygen is not available, be sure to report "doxygen: no" to ./configure, Duncan Roe
[PATCH libnetfilter_queue v2] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h, Duncan Roe
- Re: [PATCH libnetfilter_queue v2] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h, Duncan Roe
- Re: [PATCH libnetfilter_queue v2] src: Stop users from accidentally using legacy linux_nfnetlink_queue.h, Pablo Neira Ayuso
[PATCH nf-next v2] netfilter: nf_queue: move hookfn registration out of struct net, Florian Westphal
- Re: [PATCH nf-next v2] netfilter: nf_queue: move hookfn registration out of struct net, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_queue: move hookfn registration out of struct net, Florian Westphal
[syzbot] WARNING: proc registration bug in clusterip_tg_check (3), syzbot
- Re: [syzbot] WARNING: proc registration bug in clusterip_tg_check (3), syzbot
  - Re: [syzbot] WARNING: proc registration bug in clusterip_tg_check (3), Dmitry Vyukov
[PATCH iptables] ip6tables: masquerade: use fully-random so that nft can understand the rule, Pavel Tikhomirov
- Re: [PATCH iptables] ip6tables: masquerade: use fully-random so that nft can understand the rule, Florian Westphal
[PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again, Florian Westphal
- Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again, Marcelo Ricardo Leitner
  - Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again, Oz Shlomo
- Re: [PATCH v2 nf] netfilter: conntrack: remove offload_pickup sysctl again, Pablo Neira Ayuso
[PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again, Florian Westphal
- Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again, Oz Shlomo
  - Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again, Florian Westphal
    - Re: [PATCH nf] netfilter: conntrack: remove offload_pickup sysctl again, Oz Shlomo
[PATCH] netfilter: ipset: fix uninitialized variable bug, Dan Carpenter
- Re: [PATCH] netfilter: ipset: fix uninitialized variable bug, Jozsef Kadlecsik
[PATCH nf 1/2] netfilter: nfnetlink_hook: use the sequence number of the request message, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nfnetlink_hook: Use same family as request message, Pablo Neira Ayuso
[PATCH nft,v3] mnl: revisit hook listing, Pablo Neira Ayuso
[PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt(), Nathan Chancellor
- Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt(), Jozsef Kadlecsik
- Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt(), Pablo Neira Ayuso
[PATCH nf-next] x_tables: never register tables by default, Florian Westphal
- Re: [PATCH nf-next] x_tables: never register tables by default, Pablo Neira Ayuso
[iptables PATCH] tests/shell: Assert non-verbose mode is silent, Phil Sutter
[iptables PATCH] nft: Fix for non-verbose check command, Phil Sutter
[PATCH nft,v2] mnl: revisit hook listing, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nfnetlink_hook: strip off module name from hookfn, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nfnetlink_hook: missing chain family, Pablo Neira Ayuso
[PATCH nft] mnl: revisit hook listing, Pablo Neira Ayuso
[PATCH v4 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, proelbtn
- [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, proelbtn
  - Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, kernel test robot
  - Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Pablo Neira Ayuso
    - Re: [PATCH v4 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Ryoga Saito
- [PATCH v4 2/2] netfilter: add netfilter hooks to SRv6 data plane, proelbtn
[PATCH] conntrack-tools: support conntrack dump status filtering, Florian Westphal
- [PATCH lnf-conntrack 1/4] include: sync uapi header with nf-next, Florian Westphal
- [PATCH lnf-conntrack 2/4] src: add support for status dump filter, Florian Westphal
- [PATCH conntrack-tools 3/4] conntrack: enable kernel-based status filtering with -L -u STATUS, Florian Westphal
- [PATCH conntrack-tools 4/4] conntrack: add shorthand mnemonic for UNREPLIED, Florian Westphal
[PATCH nf-next 0/2] netfilter: ctnetlink: allow to filter dumps via ct->status, Florian Westphal
- [PATCH nf-next 1/2] netfilter: ctnetlink: add and use a helper for mark parsing, Florian Westphal
- [PATCH nf-next 2/2] netfilter: ctnetlink: allow to filter dump by status bits, Florian Westphal
- Re: [PATCH nf-next 0/2] netfilter: ctnetlink: allow to filter dumps via ct->status, Pablo Neira Ayuso
[iptables PATCH] ebtables: Dump atomic waste, Phil Sutter
- Re: [iptables PATCH] ebtables: Dump atomic waste, Pablo Neira Ayuso
  - Re: [iptables PATCH] ebtables: Dump atomic waste, Phil Sutter
    - Re: [iptables PATCH] ebtables: Dump atomic waste, Pablo Neira Ayuso
      - Re: [iptables PATCH] ebtables: Dump atomic waste, Pablo Neira Ayuso
        
        Re: [iptables PATCH] ebtables: Dump atomic waste, Pablo Neira Ayuso
        
        Re: [iptables PATCH] ebtables: Dump atomic waste, Phil Sutter
        
        Re: [iptables PATCH] ebtables: Dump atomic waste, Pablo Neira Ayuso
[PATCH v3 0/2] netfilter: add netfilter hooks to track SRv6-encapsulated flows, Ryoga Saito
- [PATCH v3 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Ryoga Saito
  - Re: [PATCH v3 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, kernel test robot
- [PATCH v3 2/2] netfilter: add netfilter hooks to SRv6 data plane, Ryoga Saito
[PATCH v2 0/2] net: add netfilter hooks to track SRv6-encapsulated flows, Ryoga Saito
- [PATCH v2 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, Ryoga Saito
  - Re: [PATCH v2 1/2] netfilter: add new sysctl toggle for lightweight tunnel netfilter hooks, kernel test robot
- [PATCH v2 2/2] netfilter: add netfilter hooks to SRv6 data plane, Ryoga Saito
[PATCH v3] netfilter: nf_conntrack_bridge: Fix memory leak when error, Yajun Deng
- Re: [PATCH v3] netfilter: nf_conntrack_bridge: Fix memory leak when error, Pablo Neira Ayuso
[PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error, Yajun Deng
- Re: [PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error, Pablo Neira Ayuso
[iptables PATCH] doc: ebtables-nft.8: Adjust for missing atomic-options, Phil Sutter
- Re: [iptables PATCH] doc: ebtables-nft.8: Adjust for missing atomic-options, Pablo Neira Ayuso
[PATCH 0/1] ipset patch for the nf tree v2, Jozsef Kadlecsik
- [PATCH 1/1] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Jozsef Kadlecsik
  - Re: [PATCH 1/1] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.14 released, Jozsef Kadlecsik
[PATCH nft] tests: py: check more flag match transformations to compact syntax, Pablo Neira Ayuso
[PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Cole Dishington
- Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, kernel test robot
- Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, Florian Westphal
- Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, kernel test robot
- Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED, kernel test robot
[PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn, Pablo Neira Ayuso
- [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask, Pablo Neira Ayuso
- [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn, Pablo Neira Ayuso
[PATCH nft 1/2] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn, Pablo Neira Ayuso
- [PATCH nft 2/2] netlink_delinearize: skip flags / mask notation for singleton bitmask, Pablo Neira Ayuso
[PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Kyle Bowman
- Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Alex Forster
    - Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Pablo Neira Ayuso
      - Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Alex Forster
        
        Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Pablo Neira Ayuso
        
        Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Alex Forster
        
        Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Pablo Neira Ayuso
        
        Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Alex Forster
        
        Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Pablo Neira Ayuso
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Phil Sutter
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Kyle Bowman
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Kyle Bowman
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
        
        Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes, Jeremy Sowden
[PATCH nft 1/3] expression: missing != in flagcmp expression print function, Pablo Neira Ayuso
- [PATCH nft 3/3] evaluate: disallow negation with binary operation, Pablo Neira Ayuso
- [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Pablo Neira Ayuso
  - Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
    - Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Pablo Neira Ayuso
      - Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Pablo Neira Ayuso
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
      - Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Tom Yan
        
        Re: [PATCH nft 2/3] netlink_linearize: incorrect netlink bytecode with binary operation and flags, Pablo Neira Ayuso
[nft] Regarding `tcp flags` (and a potential bug), Tom Yan
- Re: [nft] Regarding `tcp flags` (and a potential bug), Tom Yan
  - Re: [nft] Regarding `tcp flags` (and a potential bug), Florian Westphal
  - Re: [nft] Regarding `tcp flags` (and a potential bug), Pablo Neira Ayuso
    - Re: [nft] Regarding `tcp flags` (and a potential bug), Tom Yan
      - Re: [nft] Regarding `tcp flags` (and a potential bug), Pablo Neira Ayuso
[ANNOUNCE] ipset 7.13 released, Jozsef Kadlecsik
- Re: [ANNOUNCE] ipset 7.13 released, Jan Engelhardt
  - Re: [ANNOUNCE] ipset 7.13 released, Jozsef Kadlecsik
  - Re: [ANNOUNCE] ipset 7.13 released, Jozsef Kadlecsik
[PATCH nf] netfilter: conntrack: collect all entries in one cycle, Florian Westphal
- Re: [PATCH nf] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
[PATCH nft] evaluate: error reporting for missing statements in set/map declaration, Pablo Neira Ayuso
[PATCH nft] src: promote 'reject with icmp CODE' syntax, Pablo Neira Ayuso
[PATCH nft] parser_bison: parse number as reject icmp code, Pablo Neira Ayuso
[nft PATCH] tests: shell: Fix bogus testsuite failure with 100Hz, Phil Sutter
- Re: [nft PATCH] tests: shell: Fix bogus testsuite failure with 100Hz, Florian Westphal
[PATCH nft] parser_bison: stateful statement support in map, Pablo Neira Ayuso
[PATCH] netfilter: nf_conntrack_bridge: Fix not free when error, Yajun Deng
- Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error, Pablo Neira Ayuso
- Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error, yajun . deng
  - Re: [PATCH] netfilter: nf_conntrack_bridge: Fix not free when error, Pablo Neira Ayuso
Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
- Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
  - Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
    - Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
      - Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
        
        Re: Nf_nat_h323 module not working with Panasonic VCs, Akshat Kakkar
- Re: Nf_nat_h323 module not working with Panasonic VCs, Jozsef Kadlecsik
[PATCH nft 1/2] src: fix nft_ctx_clear_include_paths in libnftables.map, Pablo Neira Ayuso
- [PATCH nft 2/2] src: expose nft_ctx_clear_vars as API, Pablo Neira Ayuso
[PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 3/6] netfilter: nft_last: avoid possible false sharing, Pablo Neira Ayuso
- [PATCH net 1/6] netfilter: nf_tables: fix audit memory leak in nf_tables_commit, Pablo Neira Ayuso
  - Re: [PATCH net 1/6] netfilter: nf_tables: fix audit memory leak in nf_tables_commit, patchwork-bot+netdevbpf
- [PATCH net 5/6] netfilter: nft_nat: allow to specify layer 4 protocol NAT only, Pablo Neira Ayuso
- [PATCH net 6/6] netfilter: nfnl_hook: fix unused variable warning, Pablo Neira Ayuso
- [PATCH net 2/6] netfilter: flowtable: avoid possible false sharing, Pablo Neira Ayuso
- [PATCH net 4/6] netfilter: conntrack: adjust stop timestamp to real expiry value, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/6] netfilter: conntrack: don't refresh sctp entries in closed state, Pablo Neira Ayuso
    - Re: [PATCH net 1/6] netfilter: conntrack: don't refresh sctp entries in closed state, patchwork-bot+netdevbpf
  - [PATCH nf-next] netfilter: nft_cmp: optimize comparison for up to 16-bytes, Pablo Neira Ayuso
    - Re: [PATCH nf-next] netfilter: nft_cmp: optimize comparison for up to 16-bytes, kernel test robot
  - [PATCH net 2/6] netfilter: nft_payload: don't allow th access for fragments, Pablo Neira Ayuso
  - [PATCH net 3/6] netfilter: conntrack: move synack init code to helper, Pablo Neira Ayuso
  - [PATCH net 6/6] netfilter: ctnetlink: disable helper autoassign, Pablo Neira Ayuso
  - [PATCH net 5/6] MAINTAINERS: netfilter: update git links, Pablo Neira Ayuso
  - [PATCH net 4/6] netfilter: conntrack: re-init state for retransmitted syn-ack, Pablo Neira Ayuso
- [PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/6] netfilter: xt_socket: fix a typo in socket_mt_destroy(), Pablo Neira Ayuso
  - [PATCH net 3/6] selftests: netfilter: fix exit value for nft_concat_range, Pablo Neira Ayuso
  - [PATCH net 1/6] selftests: netfilter: add synproxy test, Pablo Neira Ayuso
    - Re: [PATCH net 1/6] selftests: netfilter: add synproxy test, patchwork-bot+netdevbpf
  - [PATCH net 4/6] netfilter: nft_synproxy: unregister hooks on init error path, Pablo Neira Ayuso
  - [PATCH net 5/6] selftests: netfilter: synproxy test requires nf_conntrack, Pablo Neira Ayuso
  - [PATCH net 6/6] selftests: netfilter: disable rp_filter on router, Pablo Neira Ayuso
- [PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/6] lib/ts_bm: reset initial match offset for every block of text, Pablo Neira Ayuso
    - Re: [PATCH net 1/6] lib/ts_bm: reset initial match offset for every block of text, patchwork-bot+netdevbpf
  - [PATCH net 3/6] linux/netfilter.h: fix kernel-doc warnings, Pablo Neira Ayuso
  - [PATCH net 2/6] netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one, Pablo Neira Ayuso
  - [PATCH net 4/6] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value., Pablo Neira Ayuso
  - [PATCH net 6/6] netfilter: nf_tables: fix underflow in chain reference counter, Pablo Neira Ayuso
  - [PATCH net 5/6] netfilter: nf_tables: unbind non-anonymous set if rule construction fails, Pablo Neira Ayuso
- [PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/6] netfilter: conntrack: gre: don't set assured flag for clash entries, Pablo Neira Ayuso
  - [PATCH net 3/6] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free, Pablo Neira Ayuso
  - [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow, Pablo Neira Ayuso
    - Re: [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow, Paolo Abeni
    - Re: [PATCH net 1/6] netfilter: nf_tables: report use refcount overflow, patchwork-bot+netdevbpf
  - [PATCH net 4/6] netfilter: conntrack: don't fold port numbers into addresses before hashing, Pablo Neira Ayuso
  - [PATCH net 5/6] netfilter: nf_tables: do not ignore genmask when looking up chain by id, Pablo Neira Ayuso
  - [PATCH net 6/6] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval, Pablo Neira Ayuso
- [PATCH net 0/6] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 4/6] netfilter: nf_tables: bogus ENOENT when destroying element which does not exist, Pablo Neira Ayuso
  - [PATCH net 2/6] netfilter: nf_conntrack_bridge: initialize err to 0, Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]