Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH net-next 08/14] netfilter: ipv4: Convert ip_route_me_harder() to dscp_t., (continued)
- [PATCH net-next 00/14] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend, Pablo Neira Ayuso
    - Re: [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend, Simon Horman
      - Re: [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend, Pablo Neira Ayuso
  - [PATCH net-next 02/14] netfilter: br_netfilter: remove unused conditional and dead code, Pablo Neira Ayuso
    - Re: [PATCH net-next 02/14] netfilter: br_netfilter: remove unused conditional and dead code, Jakub Kicinski
  - [PATCH net-next 04/14] netfilter: nf_tables: Store user-defined hook ifname, Pablo Neira Ayuso
  - [PATCH net-next 03/14] netfilter: nf_tables: Flowtable hook's pf value never varies, Pablo Neira Ayuso
  - [PATCH net-next 08/14] netfilter: nf_tables: Simplify chain netdev notifier, Pablo Neira Ayuso
  - [PATCH net-next 06/14] netfilter: nf_tables: Compare netdev hooks based on stored name, Pablo Neira Ayuso
  - [PATCH net-next 09/14] netfilter: nft_flow_offload: clear tcp MAXACK flag before moving to slowpath, Pablo Neira Ayuso
  - [PATCH net-next 07/14] netfilter: nf_tables: Tolerate chains with no remaining hooks, Pablo Neira Ayuso
  - [PATCH net-next 10/14] netfilter: nft_flow_offload: update tcp state flags under lock, Pablo Neira Ayuso
  - [PATCH net-next 05/14] netfilter: nf_tables: Use stored ifname in netdev hook dumps, Pablo Neira Ayuso
  - [PATCH net-next 13/14] netfilter: flowtable: teardown flow if cached mtu is stale, Pablo Neira Ayuso
  - [PATCH net-next 14/14] netfilter: flowtable: add CLOSING state, Pablo Neira Ayuso
  - [PATCH net-next 11/14] netfilter: conntrack: remove skb argument from nf_ct_refresh, Pablo Neira Ayuso
  - [PATCH net-next 12/14] netfilter: conntrack: rework offload nf_conn timeout extension logic, Pablo Neira Ayuso
    - Re: [PATCH net-next 12/14] netfilter: conntrack: rework offload nf_conn timeout extension logic, Jakub Kicinski
[PATCH 3/3,v4] netfilter: nftables_offload: special ethertype handling for VLAN, Pablo Neira Ayuso
[PATCH v2 0/2] Two fixes related to '--concurrent', Firo Yang
- [PATCH v2 1/2] libebtc: Fix an issue that '--concurrent' doesn't work with NFS, Firo Yang
- [PATCH v2 2/2] ebtables: Spewing an error if --concurrent isn't first argument, Firo Yang
- Re: [PATCH v2 0/2] Two fixes related to '--concurrent', Pablo Neira Ayuso
[PATCH nf-next] netfilter: nftables: counter hardware offload support, Pablo Neira Ayuso
[PATCH nft 0/10] cache updates, Pablo Neira Ayuso
- [PATCH nft 01/10] cache: add hashtable cache for object, Pablo Neira Ayuso
- [PATCH nft 02/10] cache: add hashtable cache for flowtable, Pablo Neira Ayuso
- [PATCH nft 03/10] cache: add set_cache_del() and use it, Pablo Neira Ayuso
- [PATCH nft 04/10] evaluate: add set to the cache, Pablo Neira Ayuso
- [PATCH nft 05/10] evaluate: add flowtable to the cache, Pablo Neira Ayuso
- [PATCH nft 07/10] evaluate: add object to the cache, Pablo Neira Ayuso
- [PATCH nft 06/10] cache: missing table cache for several policy objects, Pablo Neira Ayuso
- [PATCH nft 08/10] cache: move struct nft_cache declaration to cache.h, Pablo Neira Ayuso
- [PATCH nft 09/10] cache: add hashtable cache for table, Pablo Neira Ayuso
- [PATCH nft 10/10] evaluate: remove table_lookup_global(), Pablo Neira Ayuso
[nft PATCH] mnl: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
[PATCH nf-next v2 0/2] netfilter: Dissect flow after packet mangling, Ido Schimmel
- [PATCH nf-next v2 1/2] netfilter: Dissect flow after packet mangling, Ido Schimmel
- [PATCH nf-next v2 2/2] selftests: fib_tests: Add test cases for interaction with mangling, Ido Schimmel
  - Re: [PATCH nf-next v2 2/2] selftests: fib_tests: Add test cases for interaction with mangling, David Ahern
- Re: [PATCH nf-next v2 0/2] netfilter: Dissect flow after packet mangling, Pablo Neira Ayuso
[PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Cole Dishington
- Re: [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Florian Westphal
  - [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Cole Dishington
    - Re: [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Florian Westphal
      - Re: [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Florian Westphal
        
        [PATCH v3] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Cole Dishington
        
        Re: [PATCH v3] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Florian Westphal
        
        Re: [PATCH v3] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Florian Westphal
  - Re: [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Jan Engelhardt
    - Re: [PATCH] netfilter: nf_conntrack: Add conntrack helper for ESP/IPsec, Cole Dishington
[PATCH nf-next,v3 1/3] netfilter: nft_payload: fix C-VLAN offload support, Pablo Neira Ayuso
- [PATCH nf-next,v3 3/3] netfilter: nftables_offload: special ethertype handling for VLAN, Pablo Neira Ayuso
- [PATCH nf-next,v3 2/3] netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector, Pablo Neira Ayuso
[PATCH nft] parser: allow to load stateful ct connlimit elements in sets, nevola
- Re: [PATCH nft] parser: allow to load stateful ct connlimit elements in sets, Pablo Neira Ayuso
[PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/7] netfilter: flowtable: fix NAT IPv6 offload mangling, Pablo Neira Ayuso
  - Re: [PATCH net 1/7] netfilter: flowtable: fix NAT IPv6 offload mangling, patchwork-bot+netdevbpf
- [PATCH net 2/7] netfilter: conntrack: do not print icmpv6 as unknown via /proc, Pablo Neira Ayuso
- [PATCH net 3/7] netfilter: nft_limit: avoid possible divide error in nft_limit_init, Pablo Neira Ayuso
- [PATCH net 4/7] netfilter: bridge: add pre_exit hooks for ebtable unregistration, Pablo Neira Ayuso
- [PATCH net 5/7] netfilter: arp_tables: add pre_exit hook for table unregister, Pablo Neira Ayuso
- [PATCH net 6/7] netfilter: x_tables: fix compat match/target pad out-of-bound write, Pablo Neira Ayuso
- [PATCH net 7/7] netfilter: nftables: clone set element expression template, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/7] netfilter: nfnetlink_queue: silence bogus compiler warning, Pablo Neira Ayuso
    - Re: [PATCH net 1/7] netfilter: nfnetlink_queue: silence bogus compiler warning, patchwork-bot+netdevbpf
  - [PATCH net 4/7] selftests: netfilter: Add correctness test for mac,net set type, Pablo Neira Ayuso
  - [PATCH net 2/7] vrf: don't run conntrack on vrf with !dflt qdisc, Pablo Neira Ayuso
  - [PATCH net 5/7] netfilter: nft_exthdr: break evaluation if setting TCP option fails, Pablo Neira Ayuso
  - [PATCH net 3/7] nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups, Pablo Neira Ayuso
  - [PATCH net 7/7] netfilter: conntrack: annotate data-races around ct->timeout, Pablo Neira Ayuso
  - [PATCH net 6/7] selftests: netfilter: switch zone stress to socat, Pablo Neira Ayuso
- [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/7] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices, Pablo Neira Ayuso
  - [PATCH net 4/7] netfilter: nft_flow_offload: fix offload with pppoe + vlan, Pablo Neira Ayuso
  - [PATCH net 7/7] netfilter: nf_tables: disable expression reduction infra, Pablo Neira Ayuso
  - [PATCH net 3/7] net: fix dev_fill_forward_path with pppoe + bridge, Pablo Neira Ayuso
  - [PATCH net 1/7] netfilter: flowtable: fix excessive hw offload attempts after failure, Pablo Neira Ayuso
    - Re: [PATCH net 1/7] netfilter: flowtable: fix excessive hw offload attempts after failure, patchwork-bot+netdevbpf
  - [PATCH net 5/7] netfilter: flowtable: fix TCP flow teardown, Pablo Neira Ayuso
  - [PATCH net 6/7] netfilter: flowtable: move dst_check to packet path, Pablo Neira Ayuso
- [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 7/7] netfilter: nf_tables: bail out early if hardware offload is not supported, Pablo Neira Ayuso
    - Re: [PATCH net 7/7] netfilter: nf_tables: bail out early if hardware offload is not supported, Jakub Kicinski
      - Re: [PATCH net 7/7] netfilter: nf_tables: bail out early if hardware offload is not supported, Pablo Neira Ayuso
  - [PATCH net 2/7] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path, Pablo Neira Ayuso
  - [PATCH net 4/7] netfilter: nf_tables: always initialize flowtable hook list in transaction, Pablo Neira Ayuso
  - [PATCH net 6/7] netfilter: nf_tables: memleak flow rule from commit path, Pablo Neira Ayuso
  - [PATCH net 1/7] netfilter: nat: really support inet nat without l3 address, Pablo Neira Ayuso
    - Re: [PATCH net 1/7] netfilter: nat: really support inet nat without l3 address, patchwork-bot+netdevbpf
  - [PATCH net 5/7] netfilter: nf_tables: release new hooks on unsupported flowtable flags, Pablo Neira Ayuso
  - [PATCH net 3/7] netfilter: nf_tables: delete flowtable hooks via transaction list, Pablo Neira Ayuso
- [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/7] netfilter: conntrack: fix ipv6 exthdr error check, Pablo Neira Ayuso
    - Re: [PATCH net 1/7] netfilter: conntrack: fix ipv6 exthdr error check, patchwork-bot+netdevbpf
  - [PATCH net 3/7] netfilter: nf_tables: add function to create set stateful expressions, Pablo Neira Ayuso
  - [PATCH net 4/7] netfilter: nf_tables: perform type checking for existing sets, Pablo Neira Ayuso
  - [PATCH net 2/7] netfilter: nf_tables: consolidate set description, Pablo Neira Ayuso
  - [PATCH net 5/7] netfilter: nf_tables: honor set timeout and garbage collection updates, Pablo Neira Ayuso
  - [PATCH net 6/7] netfilter: ipset: fix hash:net,port,net hang with /0 subnet, Pablo Neira Ayuso
  - [PATCH net 7/7] netfilter: ipset: Rework long task execution when adding/deleting entries, Pablo Neira Ayuso
- [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/7] netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get(), Pablo Neira Ayuso
  - [PATCH net 1/7] netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get(), Pablo Neira Ayuso
    - Re: [PATCH net 1/7] netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get(), patchwork-bot+netdevbpf
  - [PATCH net 4/7] netfilter: nft_set_pipapo: walk over current view on netlink dump, Pablo Neira Ayuso
  - [PATCH net 3/7] netfilter: br_netfilter: skip conntrack input hook for promisc packets, Pablo Neira Ayuso
  - [PATCH net 5/7] netfilter: nft_set_pipapo: do not free live element, Pablo Neira Ayuso
  - [PATCH net 6/7] netfilter: flowtable: validate pppoe header, Pablo Neira Ayuso
  - [PATCH net 7/7] netfilter: flowtable: incorrect pppoe tuple, Pablo Neira Ayuso
  - Re: [PATCH net 0/7] Netfilter fixes for net, Paolo Abeni
    - Re: [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
      - Re: [PATCH net 0/7] Netfilter fixes for net, Paolo Abeni
        
        Re: [PATCH net 0/7] Netfilter fixes for net, Pablo Neira Ayuso
[PATCH nf-next v2 0/5] netfilter: conntrack: shrink size of netns_ct, Florian Westphal
- [PATCH nf-next v2 1/5] netfilter: conntrack: move autoassign warning member to net_generic data, Florian Westphal
- [PATCH nf-next v2 2/5] netfilter: conntrack: move autoassign_helper sysctl to net_generic data, Florian Westphal
- [PATCH nf-next v2 3/5] netfilter: conntrack: move expect counter to net_generic data, Florian Westphal
- [PATCH nf-next v2 4/5] netfilter: conntrack: move ct counter to net_generic data, Florian Westphal
- [PATCH nf-next v2 5/5] netfilter: conntrack: convert sysctls to u8, Florian Westphal
- Re: [PATCH nf-next v2 0/5] netfilter: conntrack: shrink size of netns_ct, Pablo Neira Ayuso
[PATCH nf-next,v2 1/3] netfilter: nft_payload: fix C-VLAN offload support, Pablo Neira Ayuso
- [PATCH nf-next,v2 3/3] netfilter: nftables_offload: special ethertype handling for VLAN, Pablo Neira Ayuso
- [PATCH nf-next,v2 2/3] netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector, Pablo Neira Ayuso
  - Re: [PATCH nf-next,v2 2/3] netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector, kernel test robot
[PATCH nf-next 1/3] netfilter: nft_payload: fix C-VLAN offload support, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector, Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: nftables_offload: special ethertype handling for VLAN, Pablo Neira Ayuso
  - Re: [PATCH nf-next 3/3] netfilter: nftables_offload: special ethertype handling for VLAN, kernel test robot
linux-next: build failure after merge of the net-next tree, Stephen Rothwell
- Re: linux-next: build failure after merge of the net-next tree, Florian Westphal
- Re: linux-next: build failure after merge of the net-next tree, Pablo Neira Ayuso
[PATCH nf-next] netfilter: Dissect flow after packet mangling, Ido Schimmel
- Re: [PATCH nf-next] netfilter: Dissect flow after packet mangling, David Ahern
  - Re: [PATCH nf-next] netfilter: Dissect flow after packet mangling, Ido Schimmel
    - Re: [PATCH nf-next] netfilter: Dissect flow after packet mangling, Michal Soltys
      - Re: [PATCH nf-next] netfilter: Dissect flow after packet mangling, Ido Schimmel
        
        Re: [PATCH nf-next] netfilter: Dissect flow after packet mangling, Michal Soltys
[PATCH nf,v4] netfilter: nftables: clone set element expression template, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nftables: clone set element expression template, Pablo Neira Ayuso
[syzbot] WARNING in __nf_unregister_net_hook (4), syzbot
- Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Dmitry Vyukov
  - Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Florian Westphal
    - Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Pablo Neira Ayuso
      - Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Dmitry Vyukov
        
        Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Pablo Neira Ayuso
        
        Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Dmitry Vyukov
        
        Re: [syzbot] WARNING in __nf_unregister_net_hook (4), Pablo Neira Ayuso
- Re: [syzbot] WARNING in __nf_unregister_net_hook (4), syzbot
- [PATCH nf] netfilter: nftables: skip netdev events generated on netns removal, Florian Westphal
  - Re: [PATCH nf] netfilter: nftables: skip netdev events generated on netns removal, Pablo Neira Ayuso
[PATCH net] netfilter: nft_limit: avoid possible divide error in nft_limit_init, Eric Dumazet
- Re: [PATCH net] netfilter: nft_limit: avoid possible divide error in nft_limit_init, Pablo Neira Ayuso
[PATCH nf-next 0/5] netfilter: conntrack: shrink size of netns_ct, Florian Westphal
- [PATCH nf-next 1/5] netfilter: conntrack: move autoassign warning member to net_generic data, Florian Westphal
- [PATCH nf-next 2/5] netfilter: conntrack: move autoassign_helper sysctl to net_generic data, Florian Westphal
- [PATCH nf-next 3/5] netfilter: conntrack: move expect counter to net_generic data, Florian Westphal
- [PATCH nf-next 4/5] netfilter: conntrack: move ct counter to net_generic data, Florian Westphal
  - Re: [PATCH nf-next 4/5] netfilter: conntrack: move ct counter to net_generic data, kernel test robot
- [PATCH nf-next 5/5] netfilter: conntrack: convert sysctls to u8, Florian Westphal
[PATCH] net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta, wenxu
- Re: [PATCH] net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta, Pablo Neira Ayuso
- Re: [PATCH] net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta, Saeed Mahameed
[PATCH nf v2] netfilter: nft_payload: fix the h_vlan_encapsulated_proto flow_dissector vlaue, wenxu
- Re: [PATCH nf v2] netfilter: nft_payload: fix the h_vlan_encapsulated_proto flow_dissector vlaue, Pablo Neira Ayuso
  - Re: [PATCH nf v2] netfilter: nft_payload: fix the h_vlan_encapsulated_proto flow_dissector vlaue, Pablo Neira Ayuso
    - Re: [PATCH nf v2] netfilter: nft_payload: fix the h_vlan_encapsulated_proto flow_dissector vlaue, wenxu
[PATCH nf] netfilter: nftables: clone set element expression template, Pablo Neira Ayuso
[PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Ali Abdallah
- Re: [PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Florian Westphal
  - Re: [PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Ali Abdallah
    - Re: [PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Florian Westphal
      - Re: [PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Ali Abdallah
        
        Re: [PATCH] conntrack_tcp: Reset the max ACK flag on SYN in ignore state, Florian Westphal
[PATCH nf 0/2] arp,ebtables: add pre_exit hooks for arp/ebtable hook unregister, Florian Westphal
- [PATCH nf 1/2] netfilter: bridge: add pre_exit hooks for ebtable unregistration, Florian Westphal
- [PATCH nf 2/2] netfilter: arp_tables: netfilter: bridge: add pre_exit hook for table unregister, Florian Westphal
- Re: [PATCH nf 0/2] arp,ebtables: add pre_exit hooks for arp/ebtable hook unregister, Pablo Neira Ayuso
[PATCH nf] netfilter: x_tables: fix compat match/target pad out-of-bound write, Florian Westphal
- Re: [PATCH nf] netfilter: x_tables: fix compat match/target pad out-of-bound write, Pablo Neira Ayuso
[PATCH nft] evaluate: check if nat statement map specifies a transport header expr, Florian Westphal
LPC 2021 Networking and BPF Track CFP, Daniel Borkmann
- LPC 2021 Networking and BPF Track CFP (Reminder), Daniel Borkmann
  - LPC 2021 Networking and BPF Track CFP (2nd reminder), Daniel Borkmann
[PATCH net-next 00/28] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 01/28] netfilter: nf_log_ipv4: rename to nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 02/28] netfilter: nf_log_arp: merge with nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 03/28] netfilter: nf_log_ipv6: merge with nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 04/28] netfilter: nf_log_netdev: merge with nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 05/28] netfilter: nf_log_bridge: merge with nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 07/28] netfilter: nf_log: add module softdeps, Pablo Neira Ayuso
- [PATCH net-next 06/28] netfilter: nf_log_common: merge with nf_log_syslog, Pablo Neira Ayuso
- [PATCH net-next 12/28] netfilter: nftables: remove unnecessary spin_lock_init(), Pablo Neira Ayuso
- [PATCH net-next 08/28] netfilter: nft_log: perform module load from nf_tables, Pablo Neira Ayuso
- [PATCH net-next 10/28] netfilter: ipset: Remove duplicate declaration, Pablo Neira Ayuso
- [PATCH net-next 09/28] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
- [PATCH net-next 13/28] netfilter: nftables: add helper function to set the base sequence number, Pablo Neira Ayuso
- [PATCH net-next 16/28] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Pablo Neira Ayuso
- [PATCH net-next 20/28] netfilter: cttimeout: use net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 22/28] netfilter: nf_defrag_ipv4: use net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 18/28] netfilter: nfnetlink: add and use nfnetlink_broadcast, Pablo Neira Ayuso
- [PATCH net-next 17/28] netfilter: nftables: remove documentation on static functions, Pablo Neira Ayuso
- [PATCH net-next 15/28] netfilter: ipvs: do not printk on netns creation, Pablo Neira Ayuso
- [PATCH net-next 14/28] netfilter: add helper function to set up the nfnetlink header and use it, Pablo Neira Ayuso
- [PATCH net-next 11/28] netfilter: flowtable: dst_check() from garbage collector path, Pablo Neira Ayuso
- [PATCH net-next 23/28] netfilter: ebtables: use net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 19/28] netfilter: nfnetlink: use net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 24/28] netfilter: nf_tables: use net_generic infra for transaction data, Pablo Neira Ayuso
- [PATCH net-next 21/28] netfilter: nf_defrag_ipv6: use net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 25/28] netfilter: x_tables: move known table lists to net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 26/28] netfilter: conntrack: move sysctl pointer to net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 27/28] netfilter: conntrack: move ecache dwork to net_generic infra, Pablo Neira Ayuso
- [PATCH net-next 28/28] net: remove obsolete members from struct net, Pablo Neira Ayuso
[PATCH v4 0/5] conntrack: save output format, Mikhail Sennikovsky
- [PATCH v4 1/5] conntrack: introduce ct_cmd_list, Mikhail Sennikovsky
- [PATCH v4 2/5] conntrack: accept commands from file, Mikhail Sennikovsky
- [PATCH v4 3/5] conntrack.8: man update for --load-file support, Mikhail Sennikovsky
- [PATCH v4 4/5] tests: saving and loading ct entries, save format, Mikhail Sennikovsky
- [PATCH v4 5/5] tests: conntrack -L/-D ip family filtering, Mikhail Sennikovsky
- Re: [PATCH v4 0/5] conntrack: save output format, Pablo Neira Ayuso
[iptables PATCH v2] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
Unused macro, Alejandro Colomar (man-pages)
- Re: Unused macro, Florian Westphal
  - Re: Unused macro, Alejandro Colomar (man-pages)
    - Re: Unused macro, Pablo Neira Ayuso
      - Re: Unused macro, Alejandro Colomar (man-pages)
[PATCH nf-next v2 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- [PATCH nf-next v2 2/2] netfilter: flowtable: add vlan pop action offload support, wenxu
  - Re: [PATCH nf-next v2 2/2] netfilter: flowtable: add vlan pop action offload support, Pablo Neira Ayuso
- Re: [PATCH nf-next v2 1/2] netfilter: flowtable: add vlan match offload support, Pablo Neira Ayuso
[syzbot] WARNING: suspicious RCU usage in find_inlist_lock, syzbot
- Re: [syzbot] WARNING: suspicious RCU usage in find_inlist_lock, Dmitry Vyukov
[PATCH iptables] fix build for missing ETH_ALEN definition, Maciej Żenczykowski
[PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Maciej Żenczykowski
- Re: [PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Florian Westphal
  - Re: [PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Maciej Żenczykowski
[PATCH nft 1/2] cache: add hashtable cache for sets, Pablo Neira Ayuso
- [PATCH nft 2/2] cache: bail out if chain list cannot be fetched from kernel, Pablo Neira Ayuso
[PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Dan Carpenter
- Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Paul Moore
  - Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Pablo Neira Ayuso
    - Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Richard Guy Briggs
[PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
- Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, kernel test robot
- Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
    - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
      - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, Pablo Neira Ayuso
[PATCH nft] cache: check for NULL chain in cache_init(), Pablo Neira Ayuso
[PATCH nft 1/4] cache: rename chain_htable to cache_chain_ht, Pablo Neira Ayuso
- [PATCH nft 2/4,v2] src: split chain list in table, Pablo Neira Ayuso
- [PATCH nft 3/4] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
- [PATCH nft 4/4] cache: statify chain_cache_dump(), Pablo Neira Ayuso
[iptables PATCH v5 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- Re: [iptables PATCH v5 1/2] extensions: libxt_conntrack: print xlate state as set, Florian Westphal
[iptables PATCH v5 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v5 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v5 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
- Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Florian Westphal
  - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Pablo Neira Ayuso
  - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
    - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Pablo Neira Ayuso
    - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Florian Westphal
[PATCH nft 0/4] Add support for 8021.AD frame matching, Florian Westphal
- [PATCH nft 2/4] proto: add 8021ad as mnemonic for IEEE 802.1AD (0x88a8) ether type, Florian Westphal
- [PATCH nft 1/4] src: vlan: allow matching vlan id insider 802.1ad frame, Florian Westphal
- [PATCH nft 4/4] tests: add 8021.AD vlan test cases, Florian Westphal
- [PATCH nft 3/4] payload: be careful on vlan dependency removal, Florian Westphal
- [PATCH nft 5/4] proto: replace vlan ether type with 8021q, Florian Westphal
[PATCH nft] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nft] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
[PATCH nf-next v2 00/11] netfilter: reduce struct net size, Florian Westphal
- [PATCH nf-next v2 04/11] netfilter: nf_defrag_ipv6: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 08/11] netfilter: x_tables: move known table lists to net_generic infra, Florian Westphal
- [PATCH nf-next v2 03/11] netfilter: cttimeout: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 10/11] netfilter: conntrack: move ecache dwork to net_generic infra, Florian Westphal
- [PATCH nf-next v2 02/11] netfilter: nfnetlink: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 01/11] netfilter: nfnetlink: add and use nfnetlink_broadcast, Florian Westphal
- [PATCH nf-next v2 06/11] netfilter: ebtables: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 09/11] netfilter: conntrack: move sysctl pointer to net_generic infra, Florian Westphal
- [PATCH nf-next v2 05/11] netfilter: nf_defrag_ipv4: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 11/11] net: remove obsolete members from struct net, Florian Westphal
- [PATCH nf-next v2 07/11] netfilter: nf_tables: use net_generic infra for transaction data, Florian Westphal
- Re: [PATCH nf-next v2 00/11] netfilter: reduce struct net size, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- [PATCH nf-next 2/2] netfilter: flowtable: add vlan pop action offload support, wenxu
- Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, kernel test robot
[PATCH 0/2] Two fixes related to '--concurrent'., Firo Yang
- [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
  - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
    - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
      - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
      - Message not available
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Simon Lees
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
        
        Message not available
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Simon Lees
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
- [PATCH 2/2] libebtc: Fix an issue that '--concurrent' doesn't work with NFS, Firo Yang
[PATCH nf-next] netfilter: nftables: remove documentation on static functions, Pablo Neira Ayuso
nf-next rebase..., Pablo Neira Ayuso
[PATCH nf-next 00/11] netfilter: reduce struct net size, Florian Westphal
- [PATCH nf-next 03/11] netfilter: cttimeout: use net_generic infra, Florian Westphal
- [PATCH nf-next 01/11] netfilter: nfnetlink: add and use nfnetlink_broadcast, Florian Westphal
- [PATCH nf-next 06/11] netfilter: ebtables: use net_generic infra, Florian Westphal
- [PATCH nf-next 02/11] netfilter: nfnetlink: use net_generic infra, Florian Westphal
- [PATCH nf-next 05/11] netfilter: nf_defrag_ipv4: use net_generic infra, Florian Westphal
- [PATCH nf-next 04/11] netfilter: nf_defrag_ipv6: use net_generic infra, Florian Westphal
- [PATCH nf-next 08/11] netfilter: x_tables: move known table lists to net_generic infra, Florian Westphal
- [PATCH nf-next 07/11] netfilter: nf_tables: use net_generic infra for transaction data, Florian Westphal
  - Re: [PATCH nf-next 07/11] netfilter: nf_tables: use net_generic infra for transaction data, kernel test robot
- [PATCH nf-next 09/11] netfilter: conntrack: move sysctl pointer to net_generic infra, Florian Westphal
- [PATCH nf-next 10/11] netfilter: conntrack: move ecache dwork to net_generic infra, Florian Westphal
- [PATCH nf-next 11/11] net: remove obsolete members from struct net, Florian Westphal
[PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Colin King
- Re: [PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Florian Westphal
- Re: [PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Pablo Neira Ayuso
[PATCH nft 1/2] mnl: do not set flowtable flags twice, Pablo Neira Ayuso
- [PATCH nft 2/2] parser_bison: simplify flowtable offload flag parser, Pablo Neira Ayuso
[iptables PATCH v4 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v4 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- [iptables PATCH v5 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
[iptables PATCH v3 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- Re: [iptables PATCH v3 1/2] extensions: libxt_conntrack: print xlate state as set, Florian Westphal
iptables-nft fails to restore huge rulesets, Phil Sutter
- Re: iptables-nft fails to restore huge rulesets, Florian Westphal
  - Re: iptables-nft fails to restore huge rulesets, Phil Sutter
    - Re: iptables-nft fails to restore huge rulesets, Pablo Neira Ayuso
      - Re: iptables-nft fails to restore huge rulesets, Phil Sutter
        
        Re: iptables-nft fails to restore huge rulesets, Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: fix set software outdev on top of the net_device_path_stack, wenxu
[PATCH] tcp: Reset tcp connections in SYN-SENT state, Manoj Basapathi
[PATCH nf] netfilter: conntrack: do not print icmpv6 as unknown via /proc, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: nftables: add helper function to set the base sequence number, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: add helper function to set up the nfnetlink header and use it, Pablo Neira Ayuso
[PATCH] files: move example files away from /etc, Jan Engelhardt
- Re: [PATCH] files: move example files away from /etc, Pablo Neira Ayuso
[PATCH] netfilter: flowtable: fix NAT IPv6 offload mangling, Pablo Neira Ayuso
[iptables PATCH v2 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
      - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
        
        Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[iptables PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Florian Westphal
- Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Julian Anastasov
  - Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Simon Horman
- Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Pablo Neira Ayuso
[PATCH AUTOSEL 5.4 12/19] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH AUTOSEL 5.10 17/33] netfilter: nftables: skip hook overlap logic if flowtable is stale, Sasha Levin
[PATCH AUTOSEL 5.10 16/33] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH AUTOSEL 5.11 20/38] netfilter: nftables: skip hook overlap logic if flowtable is stale, Sasha Levin
[PATCH AUTOSEL 5.11 19/38] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH -next] netfilter: nftables: remove unnecessary spin_lock_init(), Yang Yingliang
- Re: [PATCH -next] netfilter: nftables: remove unnecessary spin_lock_init(), Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: dst_check() from garbage collector path, Pablo Neira Ayuso
Re: [PATCH 08/19] netfilter: ipvs: A spello fix, Simon Horman
Re: [PATCH] netfilter: ipvs: A spello fix, Simon Horman
[PATCH] netfilter: ipset: Remove duplicate declaration, Wan Jiabing
- Re: [PATCH] netfilter: ipset: Remove duplicate declaration, Jozsef Kadlecsik
  - Re: [PATCH] netfilter: ipset: Remove duplicate declaration, Pablo Neira Ayuso
[PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Paul Moore
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
    - Re: [PATCH v5] audit: log nftables configuration change events once per table, Paul Moore
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
    - Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Phil Sutter
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
[iptables PATCH] nft: cache: Sort chains on demand only, Phil Sutter
[PATCH net-next] docs: nf_flowtable: fix compilation and warnings, Pablo Neira Ayuso
- Re: [PATCH net-next] docs: nf_flowtable: fix compilation and warnings, Stephen Rothwell
- Re: [PATCH net-next] docs: nf_flowtable: fix compilation and warnings, patchwork-bot+netdevbpf
[PATCH 0/8] netfilter: merge nf_log_proto modules, Florian Westphal
- [PATCH 3/8] netfilter: nf_log_ipv6: merge with nf_log_syslog, Florian Westphal
- [PATCH 2/8] netfilter: nf_log_arp: merge with nf_log_syslog, Florian Westphal
- [PATCH 1/8] netfilter: nf_log_ipv4: rename to nf_log_syslog, Florian Westphal
- [PATCH 4/8] netfilter: nf_log_netdev: merge with nf_log_syslog, Florian Westphal
- [PATCH 6/8] netfilter: nf_log_common: merge with nf_log_syslog, Florian Westphal
- [PATCH 5/8] netfilter: nf_log_bridge: merge with nf_log_syslog, Florian Westphal
- [PATCH 7/8] netfilter: nf_log: add module softdeps, Florian Westphal
- [PATCH 8/8] netfilter: nft_log: perform module load from nf_tables, Florian Westphal
- Re: [PATCH 0/8] netfilter: merge nf_log_proto modules, Phil Sutter
- Re: [PATCH 0/8] netfilter: merge nf_log_proto modules, Pablo Neira Ayuso
[PATCH nft] parser: fix scope closure of COUNTER token, Florian Westphal
[PATCH v4] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v4] audit: log nftables configuration change events once per table, kernel test robot
[PATCH] src: add datatype->describe(), Pablo Neira Ayuso
[PATCH net-next,v2 00/24] netfilter: flowtable enhancements, Pablo Neira Ayuso
- [PATCH net-next,v2 02/24] net: 8021q: resolve forwarding path for vlan devices, Pablo Neira Ayuso
- [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
  - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, DENG Qingfang
    - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
      - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, DENG Qingfang
        
        Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
- [PATCH net-next,v2 05/24] net: ppp: resolve forwarding path for bridge pppoe devices, Pablo Neira Ayuso
- [PATCH net-next,v2 03/24] net: bridge: resolve forwarding path for bridge devices, Pablo Neira Ayuso
- [PATCH net-next,v2 04/24] net: bridge: resolve forwarding path for VLAN tag actions in bridge devices, Pablo Neira Ayuso
- [PATCH net-next,v2 11/24] netfilter: flowtable: add bridge vlan filtering support, Pablo Neira Ayuso
- [PATCH net-next,v2 06/24] net: dsa: resolve forwarding path for dsa slave ports, Pablo Neira Ayuso
- [PATCH net-next,v2 09/24] netfilter: flowtable: use dev_fill_forward_path() to obtain egress device, Pablo Neira Ayuso
- [PATCH net-next,v2 07/24] netfilter: flowtable: add xmit path types, Pablo Neira Ayuso
- [PATCH net-next,v2 10/24] netfilter: flowtable: add vlan support, Pablo Neira Ayuso
- [PATCH net-next,v2 08/24] netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device, Pablo Neira Ayuso
- [PATCH net-next,v2 18/24] net: flow_offload: add FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next,v2 19/24] netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next,v2 14/24] selftests: netfilter: flowtable bridge and vlan support, Pablo Neira Ayuso
- [PATCH net-next,v2 16/24] netfilter: nft_flow_offload: use direct xmit if hardware offload is enabled, Pablo Neira Ayuso
- [PATCH net-next,v2 17/24] netfilter: flowtable: bridge vlan hardware offload and switchdev, Pablo Neira Ayuso
- [PATCH net-next,v2 12/24] netfilter: flowtable: add pppoe support, Pablo Neira Ayuso
- [PATCH net-next,v2 13/24] netfilter: flowtable: add dsa support, Pablo Neira Ayuso
- [PATCH net-next,v2 15/24] netfilter: flowtable: add offload support for xmit path types, Pablo Neira Ayuso
- [PATCH net-next,v2 22/24] net: ethernet: mtk_eth_soc: add support for initializing the PPE, Pablo Neira Ayuso
- [PATCH net-next,v2 21/24] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Pablo Neira Ayuso
- [PATCH net-next,v2 20/24] dsa: slave: add support for TC_SETUP_FT, Pablo Neira Ayuso
- [PATCH net-next,v2 24/24] docs: nf_flowtable: update documentation with enhancements, Pablo Neira Ayuso
- [PATCH net-next,v2 23/24] net: ethernet: mtk_eth_soc: add flow offloading support, Pablo Neira Ayuso
- Re: [PATCH net-next,v2 00/24] netfilter: flowtable enhancements, patchwork-bot+netdevbpf
[PATCH v3] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v3] audit: log nftables configuration change events once per table, Florian Westphal
- Re: [PATCH v3] audit: log nftables configuration change events once per table, Paul Moore
  - Re: [PATCH v3] audit: log nftables configuration change events once per table, Richard Guy Briggs
[PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 01/10] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
  - Re: [PATCH net-next 01/10] netfilter: flowtable: separate replace, destroy and stats to different workqueues, patchwork-bot+netdevbpf
- [PATCH net-next 02/10] netfilter: Fix fall-through warnings for Clang, Pablo Neira Ayuso
- [PATCH net-next 03/10] netfilter: conntrack: Remove unused variable declaration, Pablo Neira Ayuso
- [PATCH net-next 06/10] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
- [PATCH net-next 05/10] netfilter: flowtable: move skb_try_make_writable() before NAT in IPv4, Pablo Neira Ayuso
- [PATCH net-next 08/10] netfilter: flowtable: call dst_check() to fall back to classic forwarding, Pablo Neira Ayuso
- [PATCH net-next 09/10] netfilter: flowtable: refresh timeout after dst and writable checks, Pablo Neira Ayuso
- [PATCH net-next 07/10] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH net-next 04/10] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH net-next 10/10] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast(), Pablo Neira Ayuso
    - Re: [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast(), patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: flowtable: remove nf_ct_l4proto_find() call, Pablo Neira Ayuso
  - [PATCH net-next 03/10] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required, Pablo Neira Ayuso
  - [PATCH net-next 04/10] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning, Pablo Neira Ayuso
  - [PATCH net-next 05/10] netfilter: remove xt pernet data, Pablo Neira Ayuso
  - [PATCH net-next 07/10] netfilter: ctnetlink: add and use a helper for mark parsing, Pablo Neira Ayuso
  - [PATCH net-next 06/10] netfilter: ebtables: do not hook tables by default, Pablo Neira Ayuso
  - [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Pablo Neira Ayuso
    - Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling257
      - Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
  - [PATCH net-next 08/10] netfilter: ctnetlink: allow to filter dump by status bits, Pablo Neira Ayuso
  - [PATCH net-next 10/10] netfilter: nf_queue: move hookfn registration out of struct net, Pablo Neira Ayuso
- [PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/10] netfilter: nft_payload: move struct nft_payload_set definition where it belongs, Pablo Neira Ayuso
    - Re: [PATCH net-next 01/10] netfilter: nft_payload: move struct nft_payload_set definition where it belongs, patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: nf_tables: reduce nft_pktinfo by 8 bytes, Pablo Neira Ayuso
  - [PATCH net-next 03/10] netfilter: nft_objref: make it builtin, Pablo Neira Ayuso
  - [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset, Pablo Neira Ayuso
    - Re: [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset, Jakub Kicinski
  - [PATCH net-next 05/10] netfilter: nft_payload: access ipip payload for inner offset, Pablo Neira Ayuso
  - [PATCH net-next 06/10] netfilter: nft_inner: support for inner tunnel header matching, Pablo Neira Ayuso
  - [PATCH net-next 08/10] netfilter: nft_meta: add inner match support, Pablo Neira Ayuso
  - [PATCH net-next 07/10] netfilter: nft_inner: add percpu inner context, Pablo Neira Ayuso
  - [PATCH net-next 09/10] netfilter: nft_inner: add geneve support, Pablo Neira Ayuso
  - [PATCH net-next 10/10] netfilter: nft_inner: set tunnel offset to GRE header offset, Pablo Neira Ayuso
- [PATCH net-next 00/10] netfilter updates for net-next, Florian Westphal
  - [PATCH net-next 01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt(), Florian Westphal
    - Re: [PATCH net-next 01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt(), patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: ebtables: replace zero-length array members, Florian Westphal
  - [PATCH net-next 09/10] netfilter: xtables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 07/10] netfilter: nft_meta: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 04/10] netfilter: nf_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 08/10] netfilter: x_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 03/10] netfilter: ipset: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 05/10] netfilter: nf_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 06/10] netfilter: nft_osf: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 10/10] netfilter: nf_tables: allow loop termination for pending fatal signal, Florian Westphal
[PATCH v2] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v2] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v2] audit: log nftables configuration change events once per table, Richard Guy Briggs
Associate extra information to conntrack entries, Major Dávid
[PATCH] nftables: add flags offload to flowtable, Frank Wunderlich
- Re: [PATCH] nftables: add flags offload to flowtable, Pablo Neira Ayuso
[PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
- Re: [PATCH] audit: log nftables configuration change events once per table, Phil Sutter
  - Re: [PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
    - Re: [PATCH] audit: log nftables configuration change events once per table, Phil Sutter
      - Re: [PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH] audit: log nftables configuration change events once per table, kernel test robot
Bug when updating ICMP flows using conntrack tools, Luuk Paulussen
- Re: Bug when updating ICMP flows using conntrack tools, Florian Westphal
  - [PATCH libnetfilter_conntrack] conntrack: Don't use ICMP attrs in decision to build repl tuple, Luuk Paulussen
    - Re: [PATCH libnetfilter_conntrack] conntrack: Don't use ICMP attrs in decision to build repl tuple, Pablo Neira Ayuso
[nf-next,v2] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
[PATCH nft] tests: shell: flowtable add after delete in batch, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nftables: missing transaction object on flowtable deletion, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: skip hook overlap logic if flowtable is stale, Pablo Neira Ayuso
- Re: [PATCH nf 1/2] netfilter: nftables: missing transaction object on flowtable deletion, Pablo Neira Ayuso
[PATCH nf-next,v2 1/6] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH nf-next,v2 6/6] netfilter: flowtable: refresh timeout after dst and writable checks, Pablo Neira Ayuso
- [PATCH nf-next,v2 2/6] netfilter: flowtable: move skb_try_make_writable() before NAT in IPv4, Pablo Neira Ayuso
- [PATCH nf-next,v2 3/6] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
- [PATCH nf-next,v2 4/6] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH nf-next,v2 5/6] netfilter: flowtable: call dst_check() to fall back to classic forwarding, Pablo Neira Ayuso
[PATCH nf] netfilter: flowtable: Make sure GC works periodically in idle system, Simon Horman
- Re: [PATCH nf] netfilter: flowtable: Make sure GC works periodically in idle system, Pablo Neira Ayuso
Ethernet Frame capture with nfqueue, ilker
[PATCH 2/2,v2] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
[PATCH nf-next 1/3] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
[syzbot] KMSAN: uninit-value in iptable_mangle_hook (5), syzbot
[PATCH nft] segtree: release single element already contained in an interval, Pablo Neira Ayuso
[PATCH nft 0/6] arbirary table/chain names, Florian Westphal
- [PATCH nft 3/6] scanner: log: move to own scope, Florian Westphal
- [PATCH nft 2/6] scanner: counter: move to own scope, Florian Westphal
- [PATCH nft 4/6] scanner: support arbitary table names, Florian Westphal
- [PATCH nft 1/6] scanner: add support for scope nesting, Florian Westphal
- [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
  - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Phil Sutter
    - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
      - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Phil Sutter
  - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
    - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
- [PATCH nft 5/6] scanner: support arbitrary chain names, Florian Westphal
CFS for Netdev 0x15 open!, Jamal Hadi Salim
[PATCH conntrack 1/6] conntrack: pass command object to callbacks, Pablo Neira Ayuso
- [PATCH conntrack 2/6] conntrack: pass ct_cmd to nfct_filter_init(), Pablo Neira Ayuso
- [PATCH conntrack 3/6] conntrack: pass cmd to nfct_filter(), Pablo Neira Ayuso
- [PATCH conntrack 6/6] conntrack: add function to print command stats, Pablo Neira Ayuso
- [PATCH conntrack 5/6] conntrack: move options flag to ct_cmd object, Pablo Neira Ayuso
- [PATCH conntrack 4/6] conntrack: pass cmd to filter nat, mark and network functions, Pablo Neira Ayuso
[PATCH nf] netfilter: ctnetlink: fix dump of the expect mask attribute, Florian Westphal
- Re: [PATCH nf] netfilter: ctnetlink: fix dump of the expect mask attribute, Pablo Neira Ayuso
[PATCH nft 00/12] move more keywords away from initial scope, Florian Westphal
- [PATCH nft 02/12] scanner: ip: move to own scope, Florian Westphal
- [PATCH nft 01/12] scanner: ct: move to own scope, Florian Westphal
- [PATCH nft 05/12] scanner: add ether scope, Florian Westphal
- [PATCH nft 03/12] scanner: ip6: move to own scope, Florian Westphal
- [PATCH nft 04/12] scanner: add fib scope, Florian Westphal
- [PATCH nft 07/12] scanner: remove saddr/daddr from initial state, Florian Westphal
- [PATCH nft 08/12] scanner: vlan: move to own scope, Florian Westphal
- [PATCH nft 06/12] scanner: arp: move to own scope, Florian Westphal
- [PATCH nft 09/12] scanner: limit: move to own scope, Florian Westphal
- [PATCH nft 10/12] scanner: quota: move to own scope, Florian Westphal
- [PATCH nft 11/12] scanner: move until,over,used keywords away from init state, Florian Westphal
- [PATCH nft 12/12] scanner: secmark: move to own scope, Florian Westphal
[PATCH nft] src: move remaining cache in rule.c function to cache.c, Pablo Neira Ayuso
[PATCH net-next] netfilter: conntrack: Remove unused variable declaration, YueHaibing
- Re: [PATCH net-next] netfilter: conntrack: Remove unused variable declaration, Pablo Neira Ayuso
[PATCH net-next 00/23] netfilter: flowtable enhancements, Pablo Neira Ayuso
- [PATCH net-next 01/23] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
- [PATCH net-next 02/23] net: 8021q: resolve forwarding path for vlan devices, Pablo Neira Ayuso
- [PATCH net-next 04/23] net: bridge: resolve forwarding path for VLAN tag actions in bridge devices, Pablo Neira Ayuso
- [PATCH net-next 03/23] net: bridge: resolve forwarding path for bridge devices, Pablo Neira Ayuso
- [PATCH net-next 06/23] net: dsa: resolve forwarding path for dsa slave ports, Pablo Neira Ayuso
- [PATCH net-next 05/23] net: ppp: resolve forwarding path for bridge pppoe devices, Pablo Neira Ayuso
- [PATCH net-next 08/23] netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device, Pablo Neira Ayuso
- [PATCH net-next 07/23] netfilter: flowtable: add xmit path types, Pablo Neira Ayuso
- [PATCH net-next 09/23] netfilter: flowtable: use dev_fill_forward_path() to obtain egress device, Pablo Neira Ayuso
- [PATCH net-next 11/23] netfilter: flowtable: add bridge vlan filtering support, Pablo Neira Ayuso
- [PATCH net-next 12/23] netfilter: flowtable: add pppoe support, Pablo Neira Ayuso
- [PATCH net-next 13/23] netfilter: flowtable: add dsa support, Pablo Neira Ayuso
- [PATCH net-next 10/23] netfilter: flowtable: add vlan support, Pablo Neira Ayuso
- [PATCH net-next 15/23] netfilter: flowtable: add offload support for xmit path types, Pablo Neira Ayuso
- [PATCH net-next 14/23] selftests: netfilter: flowtable bridge and vlan support, Pablo Neira Ayuso
- [PATCH net-next 16/23] netfilter: nft_flow_offload: use direct xmit if hardware offload is enabled, Pablo Neira Ayuso
- [PATCH net-next 17/23] netfilter: flowtable: bridge vlan hardware offload and switchdev, Pablo Neira Ayuso
- [PATCH net-next 18/23] net: flow_offload: add FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next 19/23] netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next 21/23] net: ethernet: mtk_eth_soc: add support for initializing the PPE, Pablo Neira Ayuso
- [PATCH net-next 20/23] dsa: slave: add support for TC_SETUP_FT, Pablo Neira Ayuso
- [PATCH net-next 22/23] net: ethernet: mtk_eth_soc: add flow offloading support, Pablo Neira Ayuso
- [PATCH net-next 23/23] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Pablo Neira Ayuso
  - Re: [PATCH net-next 23/23] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Felix Fietkau
- Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, Jakub Kicinski
  - Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, Pablo Neira Ayuso
    - Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, David Miller
[conntrack-tools PATCH 1/2] tests: conntrackd: add testcase for missing hashtable buckets and max entries, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 2/2] tests: conntrackd: silence sysctl, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH 2/2] tests: conntrackd: silence sysctl, Pablo Neira Ayuso
- Re: [conntrack-tools PATCH 1/2] tests: conntrackd: add testcase for missing hashtable buckets and max entries, Pablo Neira Ayuso
[PATCH RFC nf-next 0/2] ct helper object name matching, Pablo Neira Ayuso
- [PATCH nf-next 1/2] netfilter: nftables: rename NFT_CT_HELPER to NFT_CT_HELPER_TYPE, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: nftables: add NFT_CT_HELPER_OBJNAME, Pablo Neira Ayuso
- Re: [PATCH RFC nf-next 0/2] ct helper object name matching, Florian Westphal
  - Re: [PATCH RFC nf-next 0/2] ct helper object name matching, Pablo Neira Ayuso
[libnftnl PATCH 00/10] Kill non-default output leftovers, Phil Sutter
- [libnftnl PATCH 01/10] expr: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 05/10] expr: Check output type once and for all, Phil Sutter
- [libnftnl PATCH 06/10] expr/data_reg: Drop output_format parameter, Phil Sutter
- [libnftnl PATCH 09/10] Get rid of single option switch statements, Phil Sutter
- [libnftnl PATCH 08/10] Drop pointless local variable in snprintf callbacks, Phil Sutter
- [libnftnl PATCH 07/10] obj: Drop type parameter from snprintf callback, Phil Sutter
- [libnftnl PATCH 10/10] ruleset: Eliminate tag and separator helpers, Phil Sutter
- [libnftnl PATCH 02/10] obj/ct_expect: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 03/10] obj/ct_timeout: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 04/10] object: Fix for wrong parameter passed to snprintf callback, Phil Sutter
[PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pavel Tikhomirov
- Re: [PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pavel Tikhomirov
- Re: [PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pablo Neira Ayuso
[PATCH v25 18/25] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v25 16/25] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v25 15/25] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v25 08/25] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[PATCH v25 07/25] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
- Re: [PATCH] doc: use symbolic names for chain priorities, Pablo Neira Ayuso
[PATCH] net: bridge: fix error return code of do_update_counters(), Jia-Ju Bai
- Re: [PATCH] net: bridge: fix error return code of do_update_counters(), Florian Westphal
  - Re: [PATCH] net: bridge: fix error return code of do_update_counters(), Jia-Ju Bai
[HEADS UP] bugzilla.netfilter.org is under maintainance, Pablo Neira Ayuso
- Re: [HEADS UP] bugzilla.netfilter.org is under maintainance, Pablo Neira Ayuso
xtables-addons-3.17 fail build on armv7 with musl libc, Milan P. Stanić
- Re: xtables-addons-3.17 fail build on armv7 with musl libc, Jan Engelhardt
  - Re: xtables-addons-3.17 fail build on armv7 with musl libc, Milan P. Stanić
[PATCH nft 0/6] scanner rework part 1, Florian Westphal
- [PATCH nft 1/6] scanner: remove unused tokens, Florian Westphal
- [PATCH nft 3/6] scanner: queue: move to own scope, Florian Westphal
- [PATCH nft 4/6] scanner: ipsec: move to own scope, Florian Westphal
- [PATCH nft 2/6] scanner: introduce start condition stack, Florian Westphal
- [PATCH nft 5/6] scanner: rt: move to own scope, Florian Westphal
- [PATCH nft 6/6] scanner: socket: move to own scope, Florian Westphal
[PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Pablo Neira Ayuso
- Re: [PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Arturo Borrero Gonzalez
  - Re: [PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Pablo Neira Ayuso
[nft PATCH] tests/py: Fix for missing JSON equivalent in any/ct.t.json, Phil Sutter
[nft PATCH] mnl: Set NFTNL_SET_DATA_TYPE before dumping set elements, Phil Sutter
[libnftnl PATCH] set_elem: Fix printing of verdict map elements, Phil Sutter
[nft PATCH] tests/py: Adjust payloads for fixed nat statement dumps, Phil Sutter
[libnftnl PATCH] expr/{masq,nat}: Don't print unused regs, Phil Sutter
[libnftnl PATCH 0/5] A few cosmetic changes, Phil Sutter
- [libnftnl PATCH 4/5] rule: Avoid printing trailing spaces, Phil Sutter
- [libnftnl PATCH 1/5] expr/socket: Kill dead code, Phil Sutter
- [libnftnl PATCH 3/5] expr/xfrm: Kill dead code, Phil Sutter
- [libnftnl PATCH 5/5] expr: data_reg: Reduce indenting level a bit, Phil Sutter

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]