Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, (continued)
- Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, Pablo Neira Ayuso
  - Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, Marc Aurèle La France
[RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
- Re: [RFC PATCH] doc: use symbolic names for chain priorities, Frank Myhr
  - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
    - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Frank Myhr
      - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
[PATCH 0/3] Minor documentation improvements, Simon Ruderich
- [PATCH 1/3] doc: add * to include example to actually include files, Simon Ruderich
- [PATCH 3/3] doc: move drop rule on a separate line in blackhole example, Simon Ruderich
- [PATCH 2/3] doc: remove duplicate tables in synproxy example, Simon Ruderich
- Re: [PATCH 0/3] Minor documentation improvements, Pablo Neira Ayuso
[PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 7/9] netfilter: nftables: disallow updates on table ownership, Pablo Neira Ayuso
- [PATCH net 1/9] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Pablo Neira Ayuso
  - Re: [PATCH net 1/9] uapi: nfnetlink_cthelper.h: fix userspace compilation error, patchwork-bot+netdevbpf
- [PATCH net 6/9] netfilter: x_tables: gpf inside xt_find_revision(), Pablo Neira Ayuso
- [PATCH net 9/9] netfilter: nftables: bogus check for netlink portID with table owner, Pablo Neira Ayuso
- [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Pablo Neira Ayuso
  - Re: [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Mika Penttilä
    - Re: [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Mika Penttilä
- [PATCH net 5/9] selftests: netfilter: test nat port clash resolution interaction with tcp early demux, Pablo Neira Ayuso
- [PATCH net 2/9] netfilter: conntrack: Remove a double space in a log message, Pablo Neira Ayuso
- [PATCH net 8/9] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
- [PATCH net 4/9] netfilter: conntrack: avoid misleading 'invalid' in log message, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 4/9] netfilter: ctnetlink: fix dump of the expect mask attribute, Pablo Neira Ayuso
  - [PATCH net 2/9] Revert "netfilter: x_tables: Switch synchronization to RCU", Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: conntrack: Fix gre tunneling over ipv6, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: x_tables: Use correct memory barriers., Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags, Pablo Neira Ayuso
  - [PATCH net 1/9] Revert "netfilter: x_tables: Update remaining dereference to RCU", Pablo Neira Ayuso
  - [PATCH net 9/9] netfilter: nftables: skip hook overlap logic if flowtable is stale, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: flowtable: Make sure GC works periodically in idle system, Pablo Neira Ayuso
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/9] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Pablo Neira Ayuso
  - [PATCH net 2/9] netfilter: nf_conntrack_bridge: Fix memory leak when error, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
    - Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Jakub Kicinski
      - Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
        
        Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Jakub Kicinski
  - [PATCH net 4/9] netfilter: nfnetlink_hook: strip off module name from hookfn, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nfnetlink_hook: use the sequence number of the request message, Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: nfnetlink_hook: missing chain family, Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: nfnetlink_hook: Use same family as request message, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: conntrack: remove offload_pickup sysctl again, Pablo Neira Ayuso
  - [PATCH net 9/9] netfilter: nfnetlink_hook: translate inet ingress to netdev, Pablo Neira Ayuso
- [PATCH net 0/9] netfilter fixes for net, Florian Westphal
  - [PATCH net 2/9] netfilter: nf_tables: fix kdoc warnings after gc rework, Florian Westphal
  - [PATCH net 6/9] ipvs: fix racy memcpy in proc_do_sync_threshold, Florian Westphal
  - [PATCH net 3/9] netfilter: nf_tables: deactivate catchall elements in next generation, Florian Westphal
  - [PATCH net 1/9] netfilter: nf_tables: fix false-positive lockdep splat, Florian Westphal
    - Re: [PATCH net 1/9] netfilter: nf_tables: fix false-positive lockdep splat, patchwork-bot+netdevbpf
  - [PATCH net 7/9] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Florian Westphal
  - [PATCH net 4/9] netfilter: nf_tables: don't fail inserts if duplicate has expired, Florian Westphal
  - [PATCH net 5/9] netfilter: set default timeout to 3 secs for sctp shutdown send and recv state, Florian Westphal
  - [PATCH net 8/9] netfilter: nf_tables: GC transaction race with netns dismantle, Florian Westphal
  - [PATCH net 9/9] netfilter: nft_dynset: disallow object maps, Florian Westphal
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/9] netfilter: nf_tables: disallow rule removal from chain binding, Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC, Pablo Neira Ayuso
  - [PATCH net 2/9] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Pablo Neira Ayuso
  - [PATCH net 4/9] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nf_tables: disallow element removal on anonymous sets, Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: conntrack: fix extension size table, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: nf_tables: Fix entries val in rule reset audit log, Pablo Neira Ayuso
  - [PATCH net 9/9] selftests: netfilter: Test nf_tables audit logging, Pablo Neira Ayuso
[PATCH nft] expression: memleak in verdict_expr_parse_udata(), Pablo Neira Ayuso
Kernel Error FLOW OFFLOAD on nftables, Максим
- Re: Kernel Error FLOW OFFLOAD on nftables, Frank Myhr
[PATCH RESEND][next] netfilter: Fix fall-through warnings for Clang, Gustavo A. R. Silva
- Re: [PATCH RESEND][next] netfilter: Fix fall-through warnings for Clang, Pablo Neira Ayuso
[PATCH nft,v2] mnl: remove nft_mnl_socket_reopen(), Pablo Neira Ayuso
[PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Ludovic Senecaux
- Re: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Florian Westphal
- Re: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Pablo Neira Ayuso
[PATCH nf 1/2,v2] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: bogus check for netlink portID with table owner, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
[PATCH 0/3] Don't use RCU for x_tables synchronization, Mark Tomlinson
- [PATCH 1/3] Revert "netfilter: x_tables: Update remaining dereference to RCU", Mark Tomlinson
  - Re: [PATCH 1/3] Revert "netfilter: x_tables: Update remaining dereference to RCU", Florian Westphal
- [PATCH 2/3] Revert "netfilter: x_tables: Switch synchronization to RCU", Mark Tomlinson
  - Re: [PATCH 2/3] Revert "netfilter: x_tables: Switch synchronization to RCU", Florian Westphal
- [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Mark Tomlinson
  - Re: [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Florian Westphal
    - Re: [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Mark Tomlinson
[PATCH nft 1/3] parser: squash duplicated spec/specid rules, Florian Westphal
- [PATCH nft 2/3] parser: compact map RHS type, Florian Westphal
  - Re: [PATCH nft 2/3] parser: compact map RHS type, Pablo Neira Ayuso
- [PATCH nft 3/3] parser: compact ct obj list types, Florian Westphal
[PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
- Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
    - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
      - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
- Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
[PATCH] netfilter: Fix GRE over IPv6 with conntrack module, linuxludo
- Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, linuxludo
    - Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
      - RE: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Ludovic Sénécaux
        
        Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
- Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
[iptables PATCH 1/2] xtables-translate: Fix translation of odd netmasks, Phil Sutter
- [iptables PATCH 2/2] libxtables: Simplify xtables_ipmask_to_cidr() a bit, Phil Sutter
[nf:master 7/7] net/netfilter/nf_tables_api.c:920:15: warning: converting the enum constant to a boolean, kernel test robot
- Re: [nf:master 7/7] net/netfilter/nf_tables_api.c:920:15: warning: converting the enum constant to a boolean, Pablo Neira Ayuso
[PATCH nft] mnl: remove nft_mnl_socket_reopen(), Pablo Neira Ayuso
- [PATCH nft] cache: memleak list of chain, Pablo Neira Ayuso
[PATCH nft] table: support for the table owner flag, Pablo Neira Ayuso
[PATCH libnftnl] table: add table owner support, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: disallow updates on table ownership, Pablo Neira Ayuso
[PATCH] netfilter: gpf inside xt_find_revision(), Vasily Averin
- Re: [PATCH] netfilter: gpf inside xt_find_revision(), Florian Westphal
  - Re: [PATCH] netfilter: gpf inside xt_find_revision(), Pablo Neira Ayuso
[PATCH nf 0/3] netfilter: nat: fix ancient dnat+edemux bug, Florian Westphal
- [PATCH nf 1/3] netfilter: nf_nat: undo erroneous tcp edemux lookup, Florian Westphal
- [PATCH nf 2/3] netfilter: conntrack: avoid misleading 'invalid' in log message, Florian Westphal
- [PATCH nf 3/3] selftests: netfilter: test nat port clash resolution interaction with tcp early demux, Florian Westphal
- Re: [PATCH nf 0/3] netfilter: nat: fix ancient dnat+edemux bug, Pablo Neira Ayuso
[PATCH iptables-nft] iptables-nft: fix -Z option, Florian Westphal
- Re: [PATCH iptables-nft] iptables-nft: fix -Z option, Phil Sutter
[PATCH] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Dmitry V. Levin
- Re: [PATCH] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Pablo Neira Ayuso
[PATCH nft] table: rework flags printing, Pablo Neira Ayuso
increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
- Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Jozsef Kadlecsik
  - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
    - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Jozsef Kadlecsik
      - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
[PATCH nft] src: allow use of 'verdict' in typeof definitions, Florian Westphal
[nft PATCH 1/2] main: fix nft --help output fallout from 719e4427, Štěpán Němec
- [nft PATCH 2/2] doc: nft: fix some typos and formatting issues, Štěpán Němec
  - Re: [nft PATCH 2/2] doc: nft: fix some typos and formatting issues, Pablo Neira Ayuso
- Re: [nft PATCH 1/2] main: fix nft --help output fallout from 719e4427, Pablo Neira Ayuso
[PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, andy
- Re: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, Jan Engelhardt
- <Possible follow-ups>
- RE: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, andy
  - RE: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, Jan Engelhardt
[PATCH] netfilter: Remove a double space in a log message, Klemen Košir
- Re: [PATCH] netfilter: Remove a double space in a log message, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.11 released, Jozsef Kadlecsik
[iptables PATCH] nft: Fix bitwise expression avoidance detection, Phil Sutter
[PATCH nft] json: init parser state for every new buffer/file, Eric Garver
- Re: [PATCH nft] json: init parser state for every new buffer/file, Phil Sutter
[ebtables PATCH] Open the lockfile with O_CLOEXEC, Ondrej Mosnacek
- Re: [ebtables PATCH] Open the lockfile with O_CLOEXEC, Pablo Neira Ayuso
[libnftnl PATCH 2/2] Avoid out of bounds read from data, Maya Rashish
- Re: [libnftnl PATCH 2/2] Avoid out of bounds read from data, Pablo Neira Ayuso
  - [libnftnl PATCH 2/2 v2] Avoid out of bounds read from data, Maya Rashish
    - Re: [libnftnl PATCH 2/2 v2] Avoid out of bounds read from data, Pablo Neira Ayuso
[libnftnl PATCH 1/2] Avoid out of bound reads in tests., Maya Rashish
- Re: [libnftnl PATCH 1/2] Avoid out of bound reads in tests., Pablo Neira Ayuso
  - Re: [libnftnl PATCH 1/2] Avoid out of bound reads in tests., Maya Rashish
[PATCH net-next 0/3] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 1/3] netfilter: nftables: add helper function to release one table, Pablo Neira Ayuso
  - Re: [PATCH net-next 1/3] netfilter: nftables: add helper function to release one table, patchwork-bot+netdevbpf
- [PATCH net-next 3/3] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
- [PATCH net-next 2/3] netfilter: nftables: add helper function to release hooks of one single table, Pablo Neira Ayuso
[nft PATCH] monitor: Don't print newgen message with JSON output, Phil Sutter
[iptables PATCH] include: Drop libipulog.h, Phil Sutter
- Re: [iptables PATCH] include: Drop libipulog.h, Pablo Neira Ayuso
traffic shaping with tc on Linux 5.4.x, Lars Noodén
[PATCH nf-next,v3 1/3] netfilter: nftables: allow to release one table, Pablo Neira Ayuso
- [PATCH nf-next,v3 2/3] netfilter: nftables: allow to release hooks of one single table, Pablo Neira Ayuso
- [PATCH nf-next,v3 3/3] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
Question about using NFT_GOTO in kernel module, Bob @ gmail
[PATCH libnetfilter_queue v3] src: fix IPv6 header handling, Etan Kissling
- Re: [PATCH libnetfilter_queue v3] src: fix IPv6 header handling, Pablo Neira Ayuso
[PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/2] netfilter: conntrack: skip identical origin tuple in same zone only, Pablo Neira Ayuso
  - Re: [PATCH net 1/2] netfilter: conntrack: skip identical origin tuple in same zone only, patchwork-bot+netdevbpf
- [PATCH net 2/2] netfilter: nftables: relax check for stateful expressions in set definition, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables: memcg accounting for dynamically allocated objects, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: nft_parse_register can return a negative value, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: disallow non-stateful expression in sets earlier, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: disallow non-stateful expression in sets earlier, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_limit: Clone packet limits' cost value, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nft_set_pipapo: release elements in clone from abort path, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: stricter validation of element data, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces., Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces., patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: do not set up extensions for end interval, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: conntrack: Fix data-races around ct mark, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: conntrack: Fix data-races around ct mark, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_set_rbtree: skip elements in transaction from garbage collection, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression, patchwork-bot+netdevbpf
  - [PATCH net 2/2] Revert "netfilter: conntrack: fix bug in for_each_sctp_chunk", Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert(), Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: conntrack: fix wrong ct->timeout value, Pablo Neira Ayuso
  - Re: [PATCH net 0/2] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: conntrack: fix wrong ct->timeout value, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert(), Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert(), patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: flowtable: GC pushes back packets to classic path, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: flowtable: GC pushes back packets to classic path, patchwork-bot+netdevbpf
  - [PATCH net 2/2] net/sched: act_ct: additional checks for outdated flows, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: skip set commit for deleted/destroyed sets, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: skip set commit for deleted/destroyed sets, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: set transport offset from mac header for netdev/egress, patchwork-bot+netdevbpf
  - Re: [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
    - Re: [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_nat: fix action not being set for all ct states, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_nat: fix action not being set for all ct states, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_immediate: drop chain reference counter on error, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Pablo Neira Ayuso
    - Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Linus Torvalds
      - Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Pablo Neira Ayuso
        
        Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Paolo Abeni
        
        Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Pablo Neira Ayuso
        
        Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Paolo Abeni
        
        Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Pablo Neira Ayuso
        
        Re: [PATCH net 2/2] netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nfnetlink_queue: drop bogus WARN_ON, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nfnetlink_queue: drop bogus WARN_ON, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()., Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()., patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init()., Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_socket: fix sk refcount leaks, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces, Pablo Neira Ayuso
[PATCH libnetfilter_queue v2] src: fix IPv6 header handling, Etan Kissling
[PATCH] evaluate: incorrect usage of stmt_binary_error() in reject, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nftables: relax check for stateful expressions in set definition, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nftables: relax check for stateful expressions in set definition, Pablo Neira Ayuso
Re: Unable to create a chain called "trace", Florian Westphal
- Re: Unable to create a chain called "trace", Phil Sutter
  - Re: Unable to create a chain called "trace", Florian Westphal
    - Re: Unable to create a chain called "trace", Phil Sutter
      - Re: Unable to create a chain called "trace", Florian Westphal
        
        Re: Unable to create a chain called "trace", Phil Sutter
        
        Re: Unable to create a chain called "trace", Florian Westphal
        
        Re: Unable to create a chain called "trace", Pablo Neira Ayuso
        
        Re: Unable to create a chain called "trace", Phil Sutter
        
        Re: Unable to create a chain called "trace", Pablo Neira Ayuso
        
        Re: Unable to create a chain called "trace", Phil Sutter
        
        Re: Unable to create a chain called "trace", Balazs Scheidler
        
        Re: Unable to create a chain called "trace", Phil Sutter
        
        Re: Unable to create a chain called "trace", Florian Westphal
  - Re: Unable to create a chain called "trace", Florian Westphal
    - Re: Unable to create a chain called "trace", Phil Sutter
[PATCH nft] trace: do not remove icmp type from packet dump, Florian Westphal
[PATCH nf] netfilter: nftables: relax check for stateful expressions in set definition, Pablo Neira Ayuso
[PATCH net-next 0/7] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 7/7] netfilter: nftables: remove redundant assignment of variable err, Pablo Neira Ayuso
- [PATCH net-next 2/7] ipvs: add weighted random twos choice algorithm, Pablo Neira Ayuso
- [PATCH net-next 1/7] netfilter: ctnetlink: remove get_ct indirection, Pablo Neira Ayuso
  - Re: [PATCH net-next 1/7] netfilter: ctnetlink: remove get_ct indirection, patchwork-bot+netdevbpf
- [PATCH net-next 3/7] netfilter: flowtable: add hash offset field to tuple, Pablo Neira Ayuso
- [PATCH net-next 6/7] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH net-next 5/7] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
- [PATCH net-next 4/7] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
[PATCH nf] netfilter: conntrack: skip identical origin tuple in same zone only, Florian Westphal
- Re: [PATCH nf] netfilter: conntrack: skip identical origin tuple in same zone only, Pablo Neira Ayuso
[RFC conntrack-tools PATCH] conntrack-tools: introduce conntrackdctl, Arturo Borrero Gonzalez
- Re: [RFC conntrack-tools PATCH] conntrack-tools: introduce conntrackdctl, Pablo Neira Ayuso
  - Re: [RFC conntrack-tools PATCH] conntrack-tools: introduce conntrackdctl, Pablo Neira Ayuso
[PATCH nft,v2] src: add negation match on singleton bitmask value, Pablo Neira Ayuso
[nft PATCH 1/2] tests/py: Write dissenting payload into the right file, Phil Sutter
- [nft PATCH 2/2] tests/py: Add a test sanitizer and fix its findings, Phil Sutter
[PATCH nft 0/3] evaluate: fix crash on empty set restore, Florian Westphal
- [PATCH nft 1/3] testcases: move two dump files to correct location, Florian Westphal
  - [PATCH nft 2/3] tests: add empty dynamic set, Florian Westphal
  - [PATCH nft 3/3] evaluate: do not crash if dynamic set has no statements, Florian Westphal
[PATCH nft 0/3] nft: fix ct zone handling in sets and maps, Florian Westphal
- [PATCH nft 1/3] tests: extend dtype test case to cover expression with integer type, Florian Westphal
- [PATCH nft 2/3] evaluate: pick data element byte order, not dtype one, Florian Westphal
- [PATCH nft 1/3] extend_test, Florian Westphal
- [PATCH nft 3/3] evaluate: set evaluation context for set elements, Florian Westphal
- Re: [PATCH nft 0/3] nft: fix ct zone handling in sets and maps, Pablo Neira Ayuso
[PATCH net-next v2 0/4] Fix W=1 compilation warnings in net/* folder, Leon Romanovsky
- [PATCH net-next v2 1/4] ipv6: silence compilation warning for non-IPV6 builds, Leon Romanovsky
- [PATCH net-next v2 3/4] net/core: move gro function declarations to separate header, Leon Romanovsky
- [PATCH net-next v2 2/4] ipv6: move udp declarations to net/udp.h, Leon Romanovsky
- [PATCH net-next v2 4/4] netfilter: move handlers to net/ip_vs.h, Leon Romanovsky
- Re: [PATCH net-next v2 0/4] Fix W=1 compilation warnings in net/* folder, Jakub Kicinski
[PATCH net-next v1 0/4] Fix W=1 compilation warnings in net/* folder, Leon Romanovsky
- [PATCH net-next v1 1/4] ipv6: silence compilation warning for non-IPV6 builds, Leon Romanovsky
- [PATCH net-next v1 3/4] net/core: move gro function declarations to separate header, Leon Romanovsky
  - Re: [PATCH net-next v1 3/4] net/core: move gro function declarations to separate header, Leon Romanovsky
- [PATCH net-next v1 4/4] netfilter: move handlers to net/ip_vs.h, Leon Romanovsky
- [PATCH net-next v1 2/4] ipv6: move udp declarations to net/udp.h, Leon Romanovsky
[nft PATCH] json: Do not abbreviate reject statement object, Phil Sutter
[PATCH] netfilter: flowtable: fix tcp and udp header checksum update, sven . auhagen
- Re: [PATCH] netfilter: flowtable: fix tcp and udp header checksum update, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: fix possible UAF over chains from packet path in netns, Pablo Neira Ayuso
[PATCH net 0/4] Fix W=1 compilation warnings in net/* folder, Leon Romanovsky
- [PATCH net 2/4] ipv6: move udp declarations to net/udp.h, Leon Romanovsky
- [PATCH net 4/4] netfilter: move handlers to net/ip_vs.h, Leon Romanovsky
- [PATCH net 3/4] net/core: move ipv6 gro function declarations to net/ipv6, Leon Romanovsky
  - Re: [PATCH net 3/4] net/core: move ipv6 gro function declarations to net/ipv6, Eric Dumazet
    - Re: [PATCH net 3/4] net/core: move ipv6 gro function declarations to net/ipv6, Leon Romanovsky
- [PATCH net 1/4] ipv6: silence compilation warning for non-IPV6 builds, Leon Romanovsky
  - Re: [PATCH net 1/4] ipv6: silence compilation warning for non-IPV6 builds, Jakub Kicinski
    - Re: [PATCH net 1/4] ipv6: silence compilation warning for non-IPV6 builds, Leon Romanovsky
      - Re: [PATCH net 1/4] ipv6: silence compilation warning for non-IPV6 builds, Jakub Kicinski
- Re: [PATCH net 0/4] Fix W=1 compilation warnings in net/* folder, Eric Dumazet
  - Re: [PATCH net 0/4] Fix W=1 compilation warnings in net/* folder, Leon Romanovsky
    - Re: [PATCH net 0/4] Fix W=1 compilation warnings in net/* folder, Eric Dumazet
      - Re: [PATCH net 0/4] Fix W=1 compilation warnings in net/* folder, Leon Romanovsky
[PATCH nft 1/2] tests: add icmp/6 test where dependency should be left alone, Florian Westphal
- [PATCH nft 2/2] payload: check icmp dependency before removing previous icmp expression, Florian Westphal
  - Re: [PATCH nft 2/2] payload: check icmp dependency before removing previous icmp expression, Eric Garver
    - Re: [PATCH nft 2/2] payload: check icmp dependency before removing previous icmp expression, Michael Biebl
[PATCH nft] src: add negation match on singleton bitmask value, Pablo Neira Ayuso
[PATCH conntrack-tools] tests: conntrackd: move basic netns scenario setup to shell script, Pablo Neira Ayuso
- Re: [PATCH conntrack-tools] tests: conntrackd: move basic netns scenario setup to shell script, Arturo Borrero Gonzalez
[PATCH 1/1 nf] selftests: netfilter: fix current year, Fabian Frederick
[PATCH v3 0/8] conntrack: save output format, Mikhail Sennikovsky
- [PATCH v3 1/8] conntrack: reset optind in do_parse, Mikhail Sennikovsky
  - Re: [PATCH v3 1/8] conntrack: reset optind in do_parse, Pablo Neira Ayuso
    - Re: [PATCH v3 1/8] conntrack: reset optind in do_parse, Mikhail Sennikovsky
      - Re: [PATCH v3 1/8] conntrack: reset optind in do_parse, Pablo Neira Ayuso
- [PATCH v3 2/8] conntrack: move global options to struct ct_cmd, Mikhail Sennikovsky
- [PATCH v3 4/8] conntrack: introduce ct_cmd_list, Mikhail Sennikovsky
  - Re: [PATCH v3 4/8] conntrack: introduce ct_cmd_list, Pablo Neira Ayuso
    - Re: [PATCH v3 4/8] conntrack: introduce ct_cmd_list, Mikhail Sennikovsky
      - Re: [PATCH v3 4/8] conntrack: introduce ct_cmd_list, Pablo Neira Ayuso
- [PATCH v3 3/8] conntrack: per-command entries counters, Mikhail Sennikovsky
  - Re: [PATCH v3 3/8] conntrack: per-command entries counters, Pablo Neira Ayuso
    - Re: [PATCH v3 3/8] conntrack: per-command entries counters, Mikhail Sennikovsky
      - Re: [PATCH v3 3/8] conntrack: per-command entries counters, Pablo Neira Ayuso
        
        Re: [PATCH v3 3/8] conntrack: per-command entries counters, Mikhail Sennikovsky
- [PATCH v3 5/8] conntrack: accept commands from file, Mikhail Sennikovsky
- [PATCH v3 6/8] conntrack.8: man update for --load-file support, Mikhail Sennikovsky
- [PATCH v3 7/8] tests: saving and loading ct entries, save format, Mikhail Sennikovsky
- [PATCH v3 8/8] tests: conntrack -L/-D ip family filtering, Mikhail Sennikovsky
[PATCH] netfilter: Fix attempt to update deleted entry in xt_recent, Jozsef Kadlecsik
- Re: [PATCH] netfilter: Fix attempt to update deleted entry in xt_recent, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables: remove redundant assignment of variable err, Colin King
- Re: [PATCH] netfilter: nf_tables: remove redundant assignment of variable err, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: nf_tables: remove redundant assignment of variable err, Pablo Neira Ayuso
[iptables PATCH] ebtables: Exit gracefully on invalid table names, Phil Sutter
[PATCH] tests: monitor: use correct $nft value in EXIT trap, Štěpán Němec
- Re: [PATCH] tests: monitor: use correct $nft value in EXIT trap, Phil Sutter
  - Re: [PATCH] tests: monitor: use correct $nft value in EXIT trap, Štěpán Němec
https://bugzilla.kernel.org/show_bug.cgi?id=207773, Reindl Harald
- Re: https://bugzilla.kernel.org/show_bug.cgi?id=207773, Jozsef Kadlecsik
  - Re: https://bugzilla.kernel.org/show_bug.cgi?id=207773, Reindl Harald
    - Re: https://bugzilla.kernel.org/show_bug.cgi?id=207773, Jozsef Kadlecsik
  - Re: https://bugzilla.kernel.org/show_bug.cgi?id=207773, Jozsef Kadlecsik
    - Re: https://bugzilla.kernel.org/show_bug.cgi?id=207773, Reindl Harald
[PATCH v24 07/25] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH v24 08/25] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[nft PATCH] erec: Sanitize erec location indesc, Phil Sutter
- Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
  - Re: [nft PATCH] erec: Sanitize erec location indesc, Phil Sutter
    - Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
      - Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
      - Re: [nft PATCH] erec: Sanitize erec location indesc, Phil Sutter
        
        Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
        
        Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
        
        Re: [nft PATCH] erec: Sanitize erec location indesc, Pablo Neira Ayuso
        
        Re: [nft PATCH] erec: Sanitize erec location indesc, Phil Sutter
[nft PATCH] json: limit: Always include burst value, Phil Sutter
[PATCH nf-next] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nf-next] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: nftables: introduce table ownership, Florian Westphal
    - Re: [PATCH nf-next] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
      - Re: [PATCH nf-next] netfilter: nftables: introduce table ownership, Florian Westphal
[nft PATCH 1/2] reject: Fix for missing dependencies in netdev family, Phil Sutter
- [nft PATCH 2/2] reject: Unify inet, netdev and bridge delinearization, Phil Sutter
[PATCH v24 18/25] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v24 16/25] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v24 15/25] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH nft] src: evaluate: reset context maxlen value before prio evaluation, Florian Westphal
[PATCH nf-next 2/2,v2] netfilter: nftables: add nft_parse_register_store(), Pablo Neira Ayuso
[PATCH nf-next,v4 1/3] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH nf-next,v4 3/3] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
- [PATCH nf-next,v4 2/3] netfilter: nftables: add nft_parse_register_store() and use it, Pablo Neira Ayuso
[PATCH nf-next 3/2] netfilter: nftables: statify nft_parse_register(), Pablo Neira Ayuso
[PATCH nf-next 2/2,v3] netfilter: nftables: add nft_parse_register_store(), Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: nftables: add nft_parse_register_load() and use it, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: nftables: add nft_parse_register_store(), Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: add hash offset field to tuple, Pablo Neira Ayuso
[PATCH nft v4] src: Support netdev egress hook, Lukas Wunner
- Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Phil Sutter
  - Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Florian Westphal
    - Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Phil Sutter
      - Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Pablo Neira Ayuso
        
        Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Phil Sutter
        
        Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, Pablo Neira Ayuso
[conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 2/3] tests: introduce some basic testcases for the new conntrack-tools testing framework, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 3/3] tests: introduce replicating scenario and simple icmp test case, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Pablo Neira Ayuso
  - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
    - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Pablo Neira Ayuso
      - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
Re: KASAN: use-after-free Read in dump_schedule, syzbot
- Re: KASAN: use-after-free Read in dump_schedule, Dmitry Vyukov
[PATCH nf-next v4 0/5] Netfilter egress hook, Lukas Wunner
- [PATCH nf-next v4 2/5] netfilter: Rename ingress hook include file, Lukas Wunner
- [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Daniel Borkmann
    - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Lukas Wunner
      - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Daniel Borkmann
- [PATCH nf-next v4 3/5] netfilter: Generalize ingress hook include file, Lukas Wunner
- [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
  - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Eric Dumazet
    - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
      - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Jakub Kicinski
        
        Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Dan Carpenter
        
        Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
  - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Jakub Kicinski
    - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
- [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
    - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
      - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
        
        Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
        
        Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
[PATCH nft] json: icmp: move expected parts to json.output, Florian Westphal
[PATCH nft] evaluate: disallow ct original {s,d}ddr from concatenations, Pablo Neira Ayuso
[PATCH nft] exthdr: remove tcp dependency for tcp option matching, Florian Westphal
- Re: [PATCH nft] exthdr: remove tcp dependency for tcp option matching, Pablo Neira Ayuso
[PATCH nft 0/4] json test case fixups, Florian Westphal
- [PATCH 4/4] json: icmp: refresh json output, Florian Westphal
  - Re: [PATCH 4/4] json: icmp: refresh json output, Phil Sutter
- [PATCH 3/4] json: ct: add missing rule, Florian Westphal
  - Re: [PATCH 3/4] json: ct: add missing rule, Phil Sutter
- [PATCH 2/4] json: limit: set default burst to 5, Florian Westphal
  - Re: [PATCH 2/4] json: limit: set default burst to 5, Phil Sutter
    - Re: [PATCH 2/4] json: limit: set default burst to 5, Pablo Neira Ayuso
      - Re: [PATCH 2/4] json: limit: set default burst to 5, Pablo Neira Ayuso
        
        Re: [PATCH 2/4] json: limit: set default burst to 5, Phil Sutter
- [PATCH 1/4] json: fix icmpv6.t test cases, Florian Westphal
  - Re: [PATCH 1/4] json: fix icmpv6.t test cases, Phil Sutter
[PATCH nf-next v2] netfilter: ctnetlink: remove get_ct indirection, Florian Westphal
- Re: [PATCH nf-next v2] netfilter: ctnetlink: remove get_ct indirection, Pablo Neira Ayuso
[conntrack-tools PATCH] conntrackd: introduce yes & no config values, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] conntrackd: introduce yes & no config values, Pablo Neira Ayuso
[PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, Florian Westphal
- Re: [PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, kernel test robot
- Re: [PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, kernel test robot
[PATCH] ipset: fix print format warning, Neutron Soutmun
- Re: [PATCH] ipset: fix print format warning, Jozsef Kadlecsik
[PATCH nf] netfilter: nft_dynset: dump expressions when set definition contains no expressions, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_dynset: add timeout extension to template, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_dynset: honor stateful expressions in set definition, Pablo Neira Ayuso
[ANNOUNCE] iptables 1.8.7 release, Phil Sutter
[ANNOUNCE] nftables 0.9.8 release, Pablo Neira Ayuso
[iptables PATCH] tests/shell: Fix nft-only/0009-needless-bitwise_0, Phil Sutter
[ANNOUNCE] libnftnl 1.1.9 release, Pablo Neira Ayuso
[PATCH nft] evaluate: disallow ct original {s,d}ddr from maps, Pablo Neira Ayuso
[PATCH conntrack-tools 0/3] preparing support for command batch, Pablo Neira Ayuso
- [PATCH conntrack-tools 3/3] conntrack: add do_command_ct(), Pablo Neira Ayuso
- [PATCH conntrack-tools 2/3] conntrack: add struct ct_tmpl, Pablo Neira Ayuso
- [PATCH conntrack-tools 1/3] conntrack: add struct ct_cmd, Pablo Neira Ayuso
KMSAN: uninit-value in nf_conntrack_udplite_packet (2), syzbot
[PATCH libnetfilter_queue] src: fix header handling in nfq_ip6_set_transport_header, Etan Kissling
[PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
- Re: [PATCH libnetfilter_queue] src: fix IPv6 header handling, Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
- <Possible follow-ups>
- [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
  - [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
[PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Etan Kissling
- [PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Etan Kissling
- Re: [PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Pablo Neira Ayuso
[PATCH ghak90 v11 00/11] audit: implement container identifier, Richard Guy Briggs
- [PATCH ghak90 v11 01/11] audit: collect audit task parameters, Richard Guy Briggs
- [PATCH ghak90 v11 02/11] audit: add container id, Richard Guy Briggs
- [PATCH ghak90 v11 03/11] audit: log container info of syscalls, Richard Guy Briggs
- [PATCH ghak90 v11 04/11] audit: add contid support for signalling the audit daemon, Richard Guy Briggs
- [PATCH ghak90 v11 05/11] audit: add support for non-syscall auxiliary records, Richard Guy Briggs
- [PATCH ghak90 v11 06/11] audit: add containerid support for user records, Richard Guy Briggs
- [PATCH ghak90 v11 07/11] audit: add containerid filtering, Richard Guy Briggs
- [PATCH ghak90 v11 09/11] audit: contid check descendancy and nesting, Richard Guy Briggs
- [PATCH ghak90 v11 10/11] audit: track container nesting, Richard Guy Briggs
- [PATCH ghak90 v11 11/11] audit: add capcontid to set contid outside init_user_ns, Richard Guy Briggs
- [PATCH ghak90 v11 08/11] audit: add support for containerid to network namespaces, Richard Guy Briggs
[PATCH AUTOSEL 5.10 08/51] netfilter: ipset: fixes possible oops in mtype_resize, Sasha Levin
[PATCH AUTOSEL 5.4 05/28] netfilter: ipset: fixes possible oops in mtype_resize, Sasha Levin
[PATCH] netfilter: Fix memleak in nf_nat_init, Dinghao Liu
- Re: [PATCH] netfilter: Fix memleak in nf_nat_init, Florian Westphal
- Re: [PATCH] netfilter: Fix memleak in nf_nat_init, Pablo Neira Ayuso
[PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Jesper Dangaard Brouer
- Re: [PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Florian Westphal
- Re: [PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Pablo Neira Ayuso
[PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Jan-Philipp Litza
- Re: [PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Jan-Philipp Litza
Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Julian Anastasov
- Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Simon Horman
  - Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Pablo Neira Ayuso
[PATCH nft] segtree: honor set element expiration, Pablo Neira Ayuso
[PATCH nft 0/2] libedit support followup, Pablo Neira Ayuso
- [PATCH nft 2/2] main: fix typo in cli definition, Pablo Neira Ayuso
- [PATCH nft 1/2] cli: use plain readline() interface with libedit, Pablo Neira Ayuso
[PATCH nft 0/2] follow up work on the libedit support, Pablo Neira Ayuso
- [PATCH nft 1/2] cli: use plain readline() interface, Pablo Neira Ayuso
- [PATCH nft 2/2] main: fix typo in cli definition, Pablo Neira Ayuso
[PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Florian Westphal
- [PATCH net 2/3] net: fix pmtu check in nopmtudisc mode, Florian Westphal
- [PATCH net 1/3] selftests: netfilter: add selftest for ipip pmtu discovery with enabled connection tracking, Florian Westphal
- [PATCH net 3/3] net: ip: always refragment ip defragmented packets, Florian Westphal
  - Re: [PATCH net 3/3] net: ip: always refragment ip defragmented packets, Christian Perle
- Re: [PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Jakub Kicinski
[PATCH nft] cli: add libedit support, Pablo Neira Ayuso
[PATCH nft] src: set on flags to request multi-statement support, Pablo Neira Ayuso
Potential licensing issue with libreadline, Arturo Borrero Gonzalez
- Re: Potential licensing issue with libreadline, Pablo Neira Ayuso
[PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/3] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Pablo Neira Ayuso
- [PATCH net 2/3] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature, Pablo Neira Ayuso
- [PATCH net 3/3] netfilter: nftables: add set expression flags, Pablo Neira Ayuso
- Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- <Possible follow-ups>
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: conntrack: fix reading nf_conntrack_buckets, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_nat: Fix memleak in nf_nat_init, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: Pass family parameter "-f" to conntrack tool, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_dynset: honor stateful expressions in set definition, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nft_dynset: honor stateful expressions in set definition, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nft_dynset: add timeout extension to template, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_dynset: dump expressions when set definition contains no expressions, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup, patchwork-bot+netdevbpf
  - [PATCH net 2/3] selftests: netfilter: add fib test case, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy(), Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy(), patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: ctnetlink: remove expired entries first, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: fix regression in looped (broad|multi)cast's MAC handling, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] Revert "netfilter: nat: force port remap to prevent shadowing well-known ports", Pablo Neira Ayuso
    - Re: [PATCH net 1/3] Revert "netfilter: nat: force port remap to prevent shadowing well-known ports", patchwork-bot+netdevbpf
  - [PATCH net 2/3] Revert "netfilter: conntrack: tag conntracks picked up in local out hook", Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: disable register tracking, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
    - Re: [PATCH net 0/3] Netfilter fixes for net, Florian Westphal
      - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: initialize registers in nft_do_chain(), Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: flowtable: Fix QinQ and pppoe support for inet table, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: flowtable: Fix QinQ and pppoe support for inet table, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: egress: Report interface as outgoing, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: egress: Report interface as outgoing, patchwork-bot+netdevbpf
  - [PATCH net 3/3] memcg: enable accounting for nft objects, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, patchwork-bot+netdevbpf
      - Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Neal Cardwell
        
        Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Jakub Kicinski
  - [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: br_netfilter: do not skip all hooks with 0 priority, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_dynset: restore set element counter when failing to update, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: avoid skb access on nf_stolen, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: replace BUG_ON by element length check, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: conntrack: fix crash due to confirmed bit load reordering, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: conntrack: fix crash due to confirmed bit load reordering, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nf_log: incorrect offset to network header, Pablo Neira Ayuso
- [PATCH net 0/3] netfilter fixes for net, Florian Westphal
  - [PATCH net 1/3] selftests: netfilter: Test reverse path filtering, Florian Westphal
    - Re: [PATCH net 1/3] selftests: netfilter: Test reverse path filtering, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: rpfilter/fib: Populate flowic_l3mdev field, Florian Westphal
  - [PATCH net 3/3] selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1, Florian Westphal
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: Cleanup nft_net->module_list from nf_tables_exit_net(), Pablo Neira Ayuso
  - [PATCH net 3/3] selftests: netfilter: Fix and review rpath.sh, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg(), Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg(), patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: ipset: regression in ip_set_hash_ip.c, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: ipset: regression in ip_set_hash_ip.c, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: flowtable_offload: add missing locking, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function., Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: fix transaction test script timeout handling, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: fix transaction test script timeout handling, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function., Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nft_last: copy content when cloning expression, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_quota: copy content when cloning expression, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: nft_nat: ensuring the listening side is up before starting the client, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] selftests: nft_nat: ensuring the listening side is up before starting the client, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: ctnetlink: revert to dumping mark regardless of event type, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: ctnetlink: revert to dumping mark regardless of event type, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: conntrack: adopt safer max chain length, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: tproxy: fix deadlock due to missing BH disable, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Paolo Abeni
    - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
      - Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: deactivate anonymous set from preparation phase, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with missing attributes, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with missing attributes, patchwork-bot+netdevbpf
  - [PATCH net 2/3] selftests: netfilter: fix libmnl pkg-config usage, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Florian Westphal
  - [PATCH net 1/3] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Florian Westphal
    - Re: [PATCH net 1/3] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nf_tables: fix nft_trans type confusion, Florian Westphal
  - [PATCH net 3/3] netfilter: nft_set_rbtree: fix null deref on element insertion, Florian Westphal
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, Simon Horman
    - Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, patchwork-bot+netdevbpf
- [PATCH net 0/3] netfilter fixes for net, Florian Westphal

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]