Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: Unused macro, (continued)
[PATCH nf-next v2 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- [PATCH nf-next v2 2/2] netfilter: flowtable: add vlan pop action offload support, wenxu
  - Re: [PATCH nf-next v2 2/2] netfilter: flowtable: add vlan pop action offload support, Pablo Neira Ayuso
- Re: [PATCH nf-next v2 1/2] netfilter: flowtable: add vlan match offload support, Pablo Neira Ayuso
[syzbot] WARNING: suspicious RCU usage in find_inlist_lock, syzbot
- Re: [syzbot] WARNING: suspicious RCU usage in find_inlist_lock, Dmitry Vyukov
[PATCH iptables] fix build for missing ETH_ALEN definition, Maciej Żenczykowski
[PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Maciej Żenczykowski
- Re: [PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Florian Westphal
  - Re: [PATCH netfilter] netfilter: xt_IDLETIMER: fix idletimer_tg_helper non-kosher casts, Maciej Żenczykowski
[PATCH nft 1/2] cache: add hashtable cache for sets, Pablo Neira Ayuso
- [PATCH nft 2/2] cache: bail out if chain list cannot be fetched from kernel, Pablo Neira Ayuso
[PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Dan Carpenter
- Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Paul Moore
  - Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Pablo Neira Ayuso
    - Re: [PATCH] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect(), Richard Guy Briggs
[PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
- Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, kernel test robot
- Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
    - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, wenxu
      - Re: [PATCH nf] netfilter: nft_payload: fix vlan_tpid get from h_vlan_proto, Pablo Neira Ayuso
[PATCH nft] cache: check for NULL chain in cache_init(), Pablo Neira Ayuso
[PATCH nft 1/4] cache: rename chain_htable to cache_chain_ht, Pablo Neira Ayuso
- [PATCH nft 2/4,v2] src: split chain list in table, Pablo Neira Ayuso
- [PATCH nft 3/4] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
- [PATCH nft 4/4] cache: statify chain_cache_dump(), Pablo Neira Ayuso
[iptables PATCH v5 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v5 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- Re: [iptables PATCH v5 1/2] extensions: libxt_conntrack: print xlate state as set, Florian Westphal
[iptables PATCH v5 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v5 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v5 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
- Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Florian Westphal
  - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Pablo Neira Ayuso
  - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Phil Sutter
    - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Pablo Neira Ayuso
    - Re: [iptables PATCH] nft: Increase BATCH_PAGE_SIZE to support huge rulesets, Florian Westphal
[PATCH nft 0/4] Add support for 8021.AD frame matching, Florian Westphal
- [PATCH nft 2/4] proto: add 8021ad as mnemonic for IEEE 802.1AD (0x88a8) ether type, Florian Westphal
- [PATCH nft 1/4] src: vlan: allow matching vlan id insider 802.1ad frame, Florian Westphal
- [PATCH nft 4/4] tests: add 8021.AD vlan test cases, Florian Westphal
- [PATCH nft 3/4] payload: be careful on vlan dependency removal, Florian Westphal
- [PATCH nft 5/4] proto: replace vlan ether type with 8021q, Florian Westphal
[PATCH nft] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nft] evaluate: use chain hashtable for lookups, Pablo Neira Ayuso
[PATCH nf-next v2 00/11] netfilter: reduce struct net size, Florian Westphal
- [PATCH nf-next v2 04/11] netfilter: nf_defrag_ipv6: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 08/11] netfilter: x_tables: move known table lists to net_generic infra, Florian Westphal
- [PATCH nf-next v2 03/11] netfilter: cttimeout: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 10/11] netfilter: conntrack: move ecache dwork to net_generic infra, Florian Westphal
- [PATCH nf-next v2 02/11] netfilter: nfnetlink: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 01/11] netfilter: nfnetlink: add and use nfnetlink_broadcast, Florian Westphal
- [PATCH nf-next v2 06/11] netfilter: ebtables: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 09/11] netfilter: conntrack: move sysctl pointer to net_generic infra, Florian Westphal
- [PATCH nf-next v2 05/11] netfilter: nf_defrag_ipv4: use net_generic infra, Florian Westphal
- [PATCH nf-next v2 11/11] net: remove obsolete members from struct net, Florian Westphal
- [PATCH nf-next v2 07/11] netfilter: nf_tables: use net_generic infra for transaction data, Florian Westphal
- Re: [PATCH nf-next v2 00/11] netfilter: reduce struct net size, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- [PATCH nf-next 2/2] netfilter: flowtable: add vlan pop action offload support, wenxu
- Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, wenxu
- Re: [PATCH nf-next 1/2] netfilter: flowtable: add vlan match offload support, kernel test robot
[PATCH 0/2] Two fixes related to '--concurrent'., Firo Yang
- [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
  - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
    - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
      - Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
      - Message not available
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Simon Lees
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
        
        Message not available
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Simon Lees
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Pablo Neira Ayuso
        
        Re: [PATCH 1/2] ebtables: processing '--concurrent' beofore other arguments, Firo Yang
- [PATCH 2/2] libebtc: Fix an issue that '--concurrent' doesn't work with NFS, Firo Yang
[PATCH nf-next] netfilter: nftables: remove documentation on static functions, Pablo Neira Ayuso
nf-next rebase..., Pablo Neira Ayuso
[PATCH nf-next 00/11] netfilter: reduce struct net size, Florian Westphal
- [PATCH nf-next 03/11] netfilter: cttimeout: use net_generic infra, Florian Westphal
- [PATCH nf-next 01/11] netfilter: nfnetlink: add and use nfnetlink_broadcast, Florian Westphal
- [PATCH nf-next 06/11] netfilter: ebtables: use net_generic infra, Florian Westphal
- [PATCH nf-next 02/11] netfilter: nfnetlink: use net_generic infra, Florian Westphal
- [PATCH nf-next 05/11] netfilter: nf_defrag_ipv4: use net_generic infra, Florian Westphal
- [PATCH nf-next 04/11] netfilter: nf_defrag_ipv6: use net_generic infra, Florian Westphal
- [PATCH nf-next 08/11] netfilter: x_tables: move known table lists to net_generic infra, Florian Westphal
- [PATCH nf-next 07/11] netfilter: nf_tables: use net_generic infra for transaction data, Florian Westphal
  - Re: [PATCH nf-next 07/11] netfilter: nf_tables: use net_generic infra for transaction data, kernel test robot
- [PATCH nf-next 09/11] netfilter: conntrack: move sysctl pointer to net_generic infra, Florian Westphal
- [PATCH nf-next 10/11] netfilter: conntrack: move ecache dwork to net_generic infra, Florian Westphal
- [PATCH nf-next 11/11] net: remove obsolete members from struct net, Florian Westphal
[PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Colin King
- Re: [PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Florian Westphal
- Re: [PATCH][next] netfilter: nf_log_bridge: Fix missing assignment of ret on a call to nf_log_register, Pablo Neira Ayuso
[PATCH nft 1/2] mnl: do not set flowtable flags twice, Pablo Neira Ayuso
- [PATCH nft 2/2] parser_bison: simplify flowtable offload flag parser, Pablo Neira Ayuso
[iptables PATCH v4 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v4 PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- [iptables PATCH v5 PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
[iptables PATCH v3 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v3 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
- Re: [iptables PATCH v3 1/2] extensions: libxt_conntrack: print xlate state as set, Florian Westphal
iptables-nft fails to restore huge rulesets, Phil Sutter
- Re: iptables-nft fails to restore huge rulesets, Florian Westphal
  - Re: iptables-nft fails to restore huge rulesets, Phil Sutter
    - Re: iptables-nft fails to restore huge rulesets, Pablo Neira Ayuso
      - Re: iptables-nft fails to restore huge rulesets, Phil Sutter
        
        Re: iptables-nft fails to restore huge rulesets, Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: fix set software outdev on top of the net_device_path_stack, wenxu
[PATCH] tcp: Reset tcp connections in SYN-SENT state, Manoj Basapathi
[PATCH nf] netfilter: conntrack: do not print icmpv6 as unknown via /proc, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: nftables: add helper function to set the base sequence number, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: add helper function to set up the nfnetlink header and use it, Pablo Neira Ayuso
[PATCH] files: move example files away from /etc, Jan Engelhardt
- Re: [PATCH] files: move example files away from /etc, Pablo Neira Ayuso
[PATCH] netfilter: flowtable: fix NAT IPv6 offload mangling, Pablo Neira Ayuso
[iptables PATCH v2 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
  - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
    - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
      - Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Florian Westphal
        
        Re: [iptables PATCH v2 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[iptables PATCH 1/2] extensions: libxt_conntrack: print xlate state as set, Alexander Mikhalitsyn
- [iptables PATCH 2/2] extensions: libxt_conntrack: print xlate status as set, Alexander Mikhalitsyn
[PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Florian Westphal
- Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Julian Anastasov
  - Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Simon Horman
- Re: [PATCH nf-next] netfilter: ipvs: do not printk on netns creation, Pablo Neira Ayuso
[PATCH AUTOSEL 5.4 12/19] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH AUTOSEL 5.10 17/33] netfilter: nftables: skip hook overlap logic if flowtable is stale, Sasha Levin
[PATCH AUTOSEL 5.10 16/33] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH AUTOSEL 5.11 20/38] netfilter: nftables: skip hook overlap logic if flowtable is stale, Sasha Levin
[PATCH AUTOSEL 5.11 19/38] netfilter: conntrack: Fix gre tunneling over ipv6, Sasha Levin
[PATCH -next] netfilter: nftables: remove unnecessary spin_lock_init(), Yang Yingliang
- Re: [PATCH -next] netfilter: nftables: remove unnecessary spin_lock_init(), Pablo Neira Ayuso
[PATCH nf-next] netfilter: flowtable: dst_check() from garbage collector path, Pablo Neira Ayuso
Re: [PATCH 08/19] netfilter: ipvs: A spello fix, Simon Horman
Re: [PATCH] netfilter: ipvs: A spello fix, Simon Horman
[PATCH] netfilter: ipset: Remove duplicate declaration, Wan Jiabing
- Re: [PATCH] netfilter: ipset: Remove duplicate declaration, Jozsef Kadlecsik
  - Re: [PATCH] netfilter: ipset: Remove duplicate declaration, Pablo Neira Ayuso
[PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Paul Moore
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
    - Re: [PATCH v5] audit: log nftables configuration change events once per table, Paul Moore
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
    - Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v5] audit: log nftables configuration change events once per table, Phil Sutter
  - Re: [PATCH v5] audit: log nftables configuration change events once per table, Richard Guy Briggs
[iptables PATCH] nft: cache: Sort chains on demand only, Phil Sutter
[PATCH net-next] docs: nf_flowtable: fix compilation and warnings, Pablo Neira Ayuso
- Re: [PATCH net-next] docs: nf_flowtable: fix compilation and warnings, Stephen Rothwell
- Re: [PATCH net-next] docs: nf_flowtable: fix compilation and warnings, patchwork-bot+netdevbpf
[PATCH 0/8] netfilter: merge nf_log_proto modules, Florian Westphal
- [PATCH 3/8] netfilter: nf_log_ipv6: merge with nf_log_syslog, Florian Westphal
- [PATCH 2/8] netfilter: nf_log_arp: merge with nf_log_syslog, Florian Westphal
- [PATCH 1/8] netfilter: nf_log_ipv4: rename to nf_log_syslog, Florian Westphal
- [PATCH 4/8] netfilter: nf_log_netdev: merge with nf_log_syslog, Florian Westphal
- [PATCH 6/8] netfilter: nf_log_common: merge with nf_log_syslog, Florian Westphal
- [PATCH 5/8] netfilter: nf_log_bridge: merge with nf_log_syslog, Florian Westphal
- [PATCH 7/8] netfilter: nf_log: add module softdeps, Florian Westphal
- [PATCH 8/8] netfilter: nft_log: perform module load from nf_tables, Florian Westphal
- Re: [PATCH 0/8] netfilter: merge nf_log_proto modules, Phil Sutter
- Re: [PATCH 0/8] netfilter: merge nf_log_proto modules, Pablo Neira Ayuso
[PATCH nft] parser: fix scope closure of COUNTER token, Florian Westphal
[PATCH v4] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v4] audit: log nftables configuration change events once per table, kernel test robot
[PATCH] src: add datatype->describe(), Pablo Neira Ayuso
[PATCH net-next,v2 00/24] netfilter: flowtable enhancements, Pablo Neira Ayuso
- [PATCH net-next,v2 02/24] net: 8021q: resolve forwarding path for vlan devices, Pablo Neira Ayuso
- [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
  - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, DENG Qingfang
    - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
      - Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, DENG Qingfang
        
        Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
- [PATCH net-next,v2 05/24] net: ppp: resolve forwarding path for bridge pppoe devices, Pablo Neira Ayuso
- [PATCH net-next,v2 03/24] net: bridge: resolve forwarding path for bridge devices, Pablo Neira Ayuso
- [PATCH net-next,v2 04/24] net: bridge: resolve forwarding path for VLAN tag actions in bridge devices, Pablo Neira Ayuso
- [PATCH net-next,v2 11/24] netfilter: flowtable: add bridge vlan filtering support, Pablo Neira Ayuso
- [PATCH net-next,v2 06/24] net: dsa: resolve forwarding path for dsa slave ports, Pablo Neira Ayuso
- [PATCH net-next,v2 09/24] netfilter: flowtable: use dev_fill_forward_path() to obtain egress device, Pablo Neira Ayuso
- [PATCH net-next,v2 07/24] netfilter: flowtable: add xmit path types, Pablo Neira Ayuso
- [PATCH net-next,v2 10/24] netfilter: flowtable: add vlan support, Pablo Neira Ayuso
- [PATCH net-next,v2 08/24] netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device, Pablo Neira Ayuso
- [PATCH net-next,v2 18/24] net: flow_offload: add FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next,v2 19/24] netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next,v2 14/24] selftests: netfilter: flowtable bridge and vlan support, Pablo Neira Ayuso
- [PATCH net-next,v2 16/24] netfilter: nft_flow_offload: use direct xmit if hardware offload is enabled, Pablo Neira Ayuso
- [PATCH net-next,v2 17/24] netfilter: flowtable: bridge vlan hardware offload and switchdev, Pablo Neira Ayuso
- [PATCH net-next,v2 12/24] netfilter: flowtable: add pppoe support, Pablo Neira Ayuso
- [PATCH net-next,v2 13/24] netfilter: flowtable: add dsa support, Pablo Neira Ayuso
- [PATCH net-next,v2 15/24] netfilter: flowtable: add offload support for xmit path types, Pablo Neira Ayuso
- [PATCH net-next,v2 22/24] net: ethernet: mtk_eth_soc: add support for initializing the PPE, Pablo Neira Ayuso
- [PATCH net-next,v2 21/24] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Pablo Neira Ayuso
- [PATCH net-next,v2 20/24] dsa: slave: add support for TC_SETUP_FT, Pablo Neira Ayuso
- [PATCH net-next,v2 24/24] docs: nf_flowtable: update documentation with enhancements, Pablo Neira Ayuso
- [PATCH net-next,v2 23/24] net: ethernet: mtk_eth_soc: add flow offloading support, Pablo Neira Ayuso
- Re: [PATCH net-next,v2 00/24] netfilter: flowtable enhancements, patchwork-bot+netdevbpf
[PATCH v3] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v3] audit: log nftables configuration change events once per table, Florian Westphal
- Re: [PATCH v3] audit: log nftables configuration change events once per table, Paul Moore
  - Re: [PATCH v3] audit: log nftables configuration change events once per table, Richard Guy Briggs
[PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 01/10] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
  - Re: [PATCH net-next 01/10] netfilter: flowtable: separate replace, destroy and stats to different workqueues, patchwork-bot+netdevbpf
- [PATCH net-next 02/10] netfilter: Fix fall-through warnings for Clang, Pablo Neira Ayuso
- [PATCH net-next 03/10] netfilter: conntrack: Remove unused variable declaration, Pablo Neira Ayuso
- [PATCH net-next 06/10] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
- [PATCH net-next 05/10] netfilter: flowtable: move skb_try_make_writable() before NAT in IPv4, Pablo Neira Ayuso
- [PATCH net-next 08/10] netfilter: flowtable: call dst_check() to fall back to classic forwarding, Pablo Neira Ayuso
- [PATCH net-next 09/10] netfilter: flowtable: refresh timeout after dst and writable checks, Pablo Neira Ayuso
- [PATCH net-next 07/10] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH net-next 04/10] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH net-next 10/10] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast(), Pablo Neira Ayuso
    - Re: [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast(), patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: flowtable: remove nf_ct_l4proto_find() call, Pablo Neira Ayuso
  - [PATCH net-next 03/10] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required, Pablo Neira Ayuso
  - [PATCH net-next 04/10] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning, Pablo Neira Ayuso
  - [PATCH net-next 05/10] netfilter: remove xt pernet data, Pablo Neira Ayuso
  - [PATCH net-next 07/10] netfilter: ctnetlink: add and use a helper for mark parsing, Pablo Neira Ayuso
  - [PATCH net-next 06/10] netfilter: ebtables: do not hook tables by default, Pablo Neira Ayuso
  - [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Pablo Neira Ayuso
    - Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling257
      - Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, Florian Westphal
        
        Re: [PATCH net-next 09/10] netfilter: x_tables: never register tables by default, youling 257
  - [PATCH net-next 08/10] netfilter: ctnetlink: allow to filter dump by status bits, Pablo Neira Ayuso
  - [PATCH net-next 10/10] netfilter: nf_queue: move hookfn registration out of struct net, Pablo Neira Ayuso
- [PATCH net-next 00/10] Netfilter updates for net-next, Pablo Neira Ayuso
  - [PATCH net-next 01/10] netfilter: nft_payload: move struct nft_payload_set definition where it belongs, Pablo Neira Ayuso
    - Re: [PATCH net-next 01/10] netfilter: nft_payload: move struct nft_payload_set definition where it belongs, patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: nf_tables: reduce nft_pktinfo by 8 bytes, Pablo Neira Ayuso
  - [PATCH net-next 03/10] netfilter: nft_objref: make it builtin, Pablo Neira Ayuso
  - [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset, Pablo Neira Ayuso
    - Re: [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset, Jakub Kicinski
  - [PATCH net-next 05/10] netfilter: nft_payload: access ipip payload for inner offset, Pablo Neira Ayuso
  - [PATCH net-next 06/10] netfilter: nft_inner: support for inner tunnel header matching, Pablo Neira Ayuso
  - [PATCH net-next 08/10] netfilter: nft_meta: add inner match support, Pablo Neira Ayuso
  - [PATCH net-next 07/10] netfilter: nft_inner: add percpu inner context, Pablo Neira Ayuso
  - [PATCH net-next 09/10] netfilter: nft_inner: add geneve support, Pablo Neira Ayuso
  - [PATCH net-next 10/10] netfilter: nft_inner: set tunnel offset to GRE header offset, Pablo Neira Ayuso
- [PATCH net-next 00/10] netfilter updates for net-next, Florian Westphal
  - [PATCH net-next 01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt(), Florian Westphal
    - Re: [PATCH net-next 01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt(), patchwork-bot+netdevbpf
  - [PATCH net-next 02/10] netfilter: ebtables: replace zero-length array members, Florian Westphal
  - [PATCH net-next 09/10] netfilter: xtables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 07/10] netfilter: nft_meta: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 04/10] netfilter: nf_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 08/10] netfilter: x_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 03/10] netfilter: ipset: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 05/10] netfilter: nf_tables: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 06/10] netfilter: nft_osf: refactor deprecated strncpy, Florian Westphal
  - [PATCH net-next 10/10] netfilter: nf_tables: allow loop termination for pending fatal signal, Florian Westphal
[PATCH v2] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH v2] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
  - Re: [PATCH v2] audit: log nftables configuration change events once per table, Richard Guy Briggs
Associate extra information to conntrack entries, Major Dávid
[PATCH] nftables: add flags offload to flowtable, Frank Wunderlich
- Re: [PATCH] nftables: add flags offload to flowtable, Pablo Neira Ayuso
[PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH] audit: log nftables configuration change events once per table, Pablo Neira Ayuso
- Re: [PATCH] audit: log nftables configuration change events once per table, Phil Sutter
  - Re: [PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
    - Re: [PATCH] audit: log nftables configuration change events once per table, Phil Sutter
      - Re: [PATCH] audit: log nftables configuration change events once per table, Richard Guy Briggs
- Re: [PATCH] audit: log nftables configuration change events once per table, kernel test robot
Bug when updating ICMP flows using conntrack tools, Luuk Paulussen
- Re: Bug when updating ICMP flows using conntrack tools, Florian Westphal
  - [PATCH libnetfilter_conntrack] conntrack: Don't use ICMP attrs in decision to build repl tuple, Luuk Paulussen
    - Re: [PATCH libnetfilter_conntrack] conntrack: Don't use ICMP attrs in decision to build repl tuple, Pablo Neira Ayuso
[nf-next,v2] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
[PATCH nft] tests: shell: flowtable add after delete in batch, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nftables: missing transaction object on flowtable deletion, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: skip hook overlap logic if flowtable is stale, Pablo Neira Ayuso
- Re: [PATCH nf 1/2] netfilter: nftables: missing transaction object on flowtable deletion, Pablo Neira Ayuso
[PATCH nf-next,v2 1/6] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH nf-next,v2 6/6] netfilter: flowtable: refresh timeout after dst and writable checks, Pablo Neira Ayuso
- [PATCH nf-next,v2 2/6] netfilter: flowtable: move skb_try_make_writable() before NAT in IPv4, Pablo Neira Ayuso
- [PATCH nf-next,v2 3/6] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
- [PATCH nf-next,v2 4/6] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH nf-next,v2 5/6] netfilter: flowtable: call dst_check() to fall back to classic forwarding, Pablo Neira Ayuso
[PATCH nf] netfilter: flowtable: Make sure GC works periodically in idle system, Simon Horman
- Re: [PATCH nf] netfilter: flowtable: Make sure GC works periodically in idle system, Pablo Neira Ayuso
Ethernet Frame capture with nfqueue, ilker
[PATCH 2/2,v2] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
[PATCH nf-next 1/3] netfilter: flowtable: consolidate skb_try_make_writable() call, Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: flowtable: fast NAT functions never fail, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
[syzbot] KMSAN: uninit-value in iptable_mangle_hook (5), syzbot
[PATCH nft] segtree: release single element already contained in an interval, Pablo Neira Ayuso
[PATCH nft 0/6] arbirary table/chain names, Florian Westphal
- [PATCH nft 3/6] scanner: log: move to own scope, Florian Westphal
- [PATCH nft 2/6] scanner: counter: move to own scope, Florian Westphal
- [PATCH nft 4/6] scanner: support arbitary table names, Florian Westphal
- [PATCH nft 1/6] scanner: add support for scope nesting, Florian Westphal
- [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
  - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Phil Sutter
    - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
      - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Phil Sutter
  - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
    - Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case, Florian Westphal
- [PATCH nft 5/6] scanner: support arbitrary chain names, Florian Westphal
CFS for Netdev 0x15 open!, Jamal Hadi Salim
[PATCH conntrack 1/6] conntrack: pass command object to callbacks, Pablo Neira Ayuso
- [PATCH conntrack 2/6] conntrack: pass ct_cmd to nfct_filter_init(), Pablo Neira Ayuso
- [PATCH conntrack 3/6] conntrack: pass cmd to nfct_filter(), Pablo Neira Ayuso
- [PATCH conntrack 6/6] conntrack: add function to print command stats, Pablo Neira Ayuso
- [PATCH conntrack 5/6] conntrack: move options flag to ct_cmd object, Pablo Neira Ayuso
- [PATCH conntrack 4/6] conntrack: pass cmd to filter nat, mark and network functions, Pablo Neira Ayuso
[PATCH nf] netfilter: ctnetlink: fix dump of the expect mask attribute, Florian Westphal
- Re: [PATCH nf] netfilter: ctnetlink: fix dump of the expect mask attribute, Pablo Neira Ayuso
[PATCH nft 00/12] move more keywords away from initial scope, Florian Westphal
- [PATCH nft 02/12] scanner: ip: move to own scope, Florian Westphal
- [PATCH nft 01/12] scanner: ct: move to own scope, Florian Westphal
- [PATCH nft 05/12] scanner: add ether scope, Florian Westphal
- [PATCH nft 03/12] scanner: ip6: move to own scope, Florian Westphal
- [PATCH nft 04/12] scanner: add fib scope, Florian Westphal
- [PATCH nft 07/12] scanner: remove saddr/daddr from initial state, Florian Westphal
- [PATCH nft 08/12] scanner: vlan: move to own scope, Florian Westphal
- [PATCH nft 06/12] scanner: arp: move to own scope, Florian Westphal
- [PATCH nft 09/12] scanner: limit: move to own scope, Florian Westphal
- [PATCH nft 10/12] scanner: quota: move to own scope, Florian Westphal
- [PATCH nft 11/12] scanner: move until,over,used keywords away from init state, Florian Westphal
- [PATCH nft 12/12] scanner: secmark: move to own scope, Florian Westphal
[PATCH nft] src: move remaining cache in rule.c function to cache.c, Pablo Neira Ayuso
[PATCH net-next] netfilter: conntrack: Remove unused variable declaration, YueHaibing
- Re: [PATCH net-next] netfilter: conntrack: Remove unused variable declaration, Pablo Neira Ayuso
[PATCH net-next 00/23] netfilter: flowtable enhancements, Pablo Neira Ayuso
- [PATCH net-next 01/23] net: resolve forwarding path from virtual netdevice and HW destination address, Pablo Neira Ayuso
- [PATCH net-next 02/23] net: 8021q: resolve forwarding path for vlan devices, Pablo Neira Ayuso
- [PATCH net-next 04/23] net: bridge: resolve forwarding path for VLAN tag actions in bridge devices, Pablo Neira Ayuso
- [PATCH net-next 03/23] net: bridge: resolve forwarding path for bridge devices, Pablo Neira Ayuso
- [PATCH net-next 06/23] net: dsa: resolve forwarding path for dsa slave ports, Pablo Neira Ayuso
- [PATCH net-next 05/23] net: ppp: resolve forwarding path for bridge pppoe devices, Pablo Neira Ayuso
- [PATCH net-next 08/23] netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device, Pablo Neira Ayuso
- [PATCH net-next 07/23] netfilter: flowtable: add xmit path types, Pablo Neira Ayuso
- [PATCH net-next 09/23] netfilter: flowtable: use dev_fill_forward_path() to obtain egress device, Pablo Neira Ayuso
- [PATCH net-next 11/23] netfilter: flowtable: add bridge vlan filtering support, Pablo Neira Ayuso
- [PATCH net-next 12/23] netfilter: flowtable: add pppoe support, Pablo Neira Ayuso
- [PATCH net-next 13/23] netfilter: flowtable: add dsa support, Pablo Neira Ayuso
- [PATCH net-next 10/23] netfilter: flowtable: add vlan support, Pablo Neira Ayuso
- [PATCH net-next 15/23] netfilter: flowtable: add offload support for xmit path types, Pablo Neira Ayuso
- [PATCH net-next 14/23] selftests: netfilter: flowtable bridge and vlan support, Pablo Neira Ayuso
- [PATCH net-next 16/23] netfilter: nft_flow_offload: use direct xmit if hardware offload is enabled, Pablo Neira Ayuso
- [PATCH net-next 17/23] netfilter: flowtable: bridge vlan hardware offload and switchdev, Pablo Neira Ayuso
- [PATCH net-next 18/23] net: flow_offload: add FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next 19/23] netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH, Pablo Neira Ayuso
- [PATCH net-next 21/23] net: ethernet: mtk_eth_soc: add support for initializing the PPE, Pablo Neira Ayuso
- [PATCH net-next 20/23] dsa: slave: add support for TC_SETUP_FT, Pablo Neira Ayuso
- [PATCH net-next 22/23] net: ethernet: mtk_eth_soc: add flow offloading support, Pablo Neira Ayuso
- [PATCH net-next 23/23] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Pablo Neira Ayuso
  - Re: [PATCH net-next 23/23] net: ethernet: mtk_eth_soc: fix parsing packets in GDM, Felix Fietkau
- Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, Jakub Kicinski
  - Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, Pablo Neira Ayuso
    - Re: [PATCH net-next 00/23] netfilter: flowtable enhancements, David Miller
[conntrack-tools PATCH 1/2] tests: conntrackd: add testcase for missing hashtable buckets and max entries, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 2/2] tests: conntrackd: silence sysctl, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH 2/2] tests: conntrackd: silence sysctl, Pablo Neira Ayuso
- Re: [conntrack-tools PATCH 1/2] tests: conntrackd: add testcase for missing hashtable buckets and max entries, Pablo Neira Ayuso
[PATCH RFC nf-next 0/2] ct helper object name matching, Pablo Neira Ayuso
- [PATCH nf-next 1/2] netfilter: nftables: rename NFT_CT_HELPER to NFT_CT_HELPER_TYPE, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: nftables: add NFT_CT_HELPER_OBJNAME, Pablo Neira Ayuso
- Re: [PATCH RFC nf-next 0/2] ct helper object name matching, Florian Westphal
  - Re: [PATCH RFC nf-next 0/2] ct helper object name matching, Pablo Neira Ayuso
[libnftnl PATCH 00/10] Kill non-default output leftovers, Phil Sutter
- [libnftnl PATCH 01/10] expr: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 05/10] expr: Check output type once and for all, Phil Sutter
- [libnftnl PATCH 06/10] expr/data_reg: Drop output_format parameter, Phil Sutter
- [libnftnl PATCH 09/10] Get rid of single option switch statements, Phil Sutter
- [libnftnl PATCH 08/10] Drop pointless local variable in snprintf callbacks, Phil Sutter
- [libnftnl PATCH 07/10] obj: Drop type parameter from snprintf callback, Phil Sutter
- [libnftnl PATCH 10/10] ruleset: Eliminate tag and separator helpers, Phil Sutter
- [libnftnl PATCH 02/10] obj/ct_expect: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 03/10] obj/ct_timeout: Fix snprintf buffer length updates, Phil Sutter
- [libnftnl PATCH 04/10] object: Fix for wrong parameter passed to snprintf callback, Phil Sutter
[PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pavel Tikhomirov
- Re: [PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pavel Tikhomirov
- Re: [PATCH nft] nftables: xt: fix misprint in nft_xt_compatible_revision, Pablo Neira Ayuso
[PATCH v25 18/25] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
[PATCH v25 16/25] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v25 15/25] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v25 08/25] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
[PATCH v25 07/25] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
[PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
- Re: [PATCH] doc: use symbolic names for chain priorities, Pablo Neira Ayuso
[PATCH] net: bridge: fix error return code of do_update_counters(), Jia-Ju Bai
- Re: [PATCH] net: bridge: fix error return code of do_update_counters(), Florian Westphal
  - Re: [PATCH] net: bridge: fix error return code of do_update_counters(), Jia-Ju Bai
[HEADS UP] bugzilla.netfilter.org is under maintainance, Pablo Neira Ayuso
- Re: [HEADS UP] bugzilla.netfilter.org is under maintainance, Pablo Neira Ayuso
xtables-addons-3.17 fail build on armv7 with musl libc, Milan P. Stanić
- Re: xtables-addons-3.17 fail build on armv7 with musl libc, Jan Engelhardt
  - Re: xtables-addons-3.17 fail build on armv7 with musl libc, Milan P. Stanić
[PATCH nft 0/6] scanner rework part 1, Florian Westphal
- [PATCH nft 1/6] scanner: remove unused tokens, Florian Westphal
- [PATCH nft 3/6] scanner: queue: move to own scope, Florian Westphal
- [PATCH nft 4/6] scanner: ipsec: move to own scope, Florian Westphal
- [PATCH nft 2/6] scanner: introduce start condition stack, Florian Westphal
- [PATCH nft 5/6] scanner: rt: move to own scope, Florian Westphal
- [PATCH nft 6/6] scanner: socket: move to own scope, Florian Westphal
[PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Pablo Neira Ayuso
- Re: [PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Arturo Borrero Gonzalez
  - Re: [PATCH conntrack-tools] conntrackd: set default hashtable buckets and max entries if not specified, Pablo Neira Ayuso
[nft PATCH] tests/py: Fix for missing JSON equivalent in any/ct.t.json, Phil Sutter
[nft PATCH] mnl: Set NFTNL_SET_DATA_TYPE before dumping set elements, Phil Sutter
[libnftnl PATCH] set_elem: Fix printing of verdict map elements, Phil Sutter
[nft PATCH] tests/py: Adjust payloads for fixed nat statement dumps, Phil Sutter
[libnftnl PATCH] expr/{masq,nat}: Don't print unused regs, Phil Sutter
[libnftnl PATCH 0/5] A few cosmetic changes, Phil Sutter
- [libnftnl PATCH 4/5] rule: Avoid printing trailing spaces, Phil Sutter
- [libnftnl PATCH 1/5] expr/socket: Kill dead code, Phil Sutter
- [libnftnl PATCH 3/5] expr/xfrm: Kill dead code, Phil Sutter
- [libnftnl PATCH 5/5] expr: data_reg: Reduce indenting level a bit, Phil Sutter
  - Re: [libnftnl PATCH 5/5] expr: data_reg: Reduce indenting level a bit, Phil Sutter
- [libnftnl PATCH 2/5] expr/tunnel: Kill dead code, Phil Sutter
[PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Marc Aurèle La France
- Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Marc Aurèle La France
    - Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Pablo Neira Ayuso
      - Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Marc Aurèle La France
        
        Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Marc Aurèle La France
        
        Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Pablo Neira Ayuso
        
        Re: [PATCH nf] netfilter REJECT: Fix destination MAC in RST packets, Marc Aurèle La France
[PATCH v2 0/3] Don't use RCU for x_tables synchronization, Mark Tomlinson
- [PATCH v2 1/3] Revert "netfilter: x_tables: Update remaining dereference to RCU", Mark Tomlinson
- [PATCH v2 2/3] Revert "netfilter: x_tables: Switch synchronization to RCU", Mark Tomlinson
- [PATCH v2 3/3] netfilter: x_tables: Use correct memory barriers., Mark Tomlinson
  - Re: [PATCH v2 3/3] netfilter: x_tables: Use correct memory barriers., Florian Westphal
- Re: [PATCH v2 0/3] Don't use RCU for x_tables synchronization, Tyler Hicks
- Re: [PATCH v2 0/3] Don't use RCU for x_tables synchronization, Pablo Neira Ayuso
{PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, Marc Aurèle La France
- Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, Pablo Neira Ayuso
  - Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains, Marc Aurèle La France
[RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
- Re: [RFC PATCH] doc: use symbolic names for chain priorities, Frank Myhr
  - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
    - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Frank Myhr
      - Re: [RFC PATCH] doc: use symbolic names for chain priorities, Simon Ruderich
[PATCH 0/3] Minor documentation improvements, Simon Ruderich
- [PATCH 1/3] doc: add * to include example to actually include files, Simon Ruderich
- [PATCH 3/3] doc: move drop rule on a separate line in blackhole example, Simon Ruderich
- [PATCH 2/3] doc: remove duplicate tables in synproxy example, Simon Ruderich
- Re: [PATCH 0/3] Minor documentation improvements, Pablo Neira Ayuso
[PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 7/9] netfilter: nftables: disallow updates on table ownership, Pablo Neira Ayuso
- [PATCH net 1/9] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Pablo Neira Ayuso
  - Re: [PATCH net 1/9] uapi: nfnetlink_cthelper.h: fix userspace compilation error, patchwork-bot+netdevbpf
- [PATCH net 6/9] netfilter: x_tables: gpf inside xt_find_revision(), Pablo Neira Ayuso
- [PATCH net 9/9] netfilter: nftables: bogus check for netlink portID with table owner, Pablo Neira Ayuso
- [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Pablo Neira Ayuso
  - Re: [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Mika Penttilä
    - Re: [PATCH net 3/9] netfilter: nf_nat: undo erroneous tcp edemux lookup, Mika Penttilä
- [PATCH net 5/9] selftests: netfilter: test nat port clash resolution interaction with tcp early demux, Pablo Neira Ayuso
- [PATCH net 2/9] netfilter: conntrack: Remove a double space in a log message, Pablo Neira Ayuso
- [PATCH net 8/9] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
- [PATCH net 4/9] netfilter: conntrack: avoid misleading 'invalid' in log message, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 4/9] netfilter: ctnetlink: fix dump of the expect mask attribute, Pablo Neira Ayuso
  - [PATCH net 2/9] Revert "netfilter: x_tables: Switch synchronization to RCU", Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: conntrack: Fix gre tunneling over ipv6, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: x_tables: Use correct memory barriers., Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: nftables: allow to update flowtable flags, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags, Pablo Neira Ayuso
  - [PATCH net 1/9] Revert "netfilter: x_tables: Update remaining dereference to RCU", Pablo Neira Ayuso
  - [PATCH net 9/9] netfilter: nftables: skip hook overlap logic if flowtable is stale, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: flowtable: Make sure GC works periodically in idle system, Pablo Neira Ayuso
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/9] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete, Pablo Neira Ayuso
  - [PATCH net 2/9] netfilter: nf_conntrack_bridge: Fix memory leak when error, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
    - Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Jakub Kicinski
      - Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Pablo Neira Ayuso
        
        Re: [PATCH net 3/9] netfilter: conntrack: collect all entries in one cycle, Jakub Kicinski
  - [PATCH net 4/9] netfilter: nfnetlink_hook: strip off module name from hookfn, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nfnetlink_hook: use the sequence number of the request message, Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: nfnetlink_hook: missing chain family, Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: nfnetlink_hook: Use same family as request message, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: conntrack: remove offload_pickup sysctl again, Pablo Neira Ayuso
  - [PATCH net 9/9] netfilter: nfnetlink_hook: translate inet ingress to netdev, Pablo Neira Ayuso
- [PATCH net 0/9] netfilter fixes for net, Florian Westphal
  - [PATCH net 2/9] netfilter: nf_tables: fix kdoc warnings after gc rework, Florian Westphal
  - [PATCH net 6/9] ipvs: fix racy memcpy in proc_do_sync_threshold, Florian Westphal
  - [PATCH net 3/9] netfilter: nf_tables: deactivate catchall elements in next generation, Florian Westphal
  - [PATCH net 1/9] netfilter: nf_tables: fix false-positive lockdep splat, Florian Westphal
    - Re: [PATCH net 1/9] netfilter: nf_tables: fix false-positive lockdep splat, patchwork-bot+netdevbpf
  - [PATCH net 7/9] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Florian Westphal
  - [PATCH net 4/9] netfilter: nf_tables: don't fail inserts if duplicate has expired, Florian Westphal
  - [PATCH net 5/9] netfilter: set default timeout to 3 secs for sctp shutdown send and recv state, Florian Westphal
  - [PATCH net 8/9] netfilter: nf_tables: GC transaction race with netns dismantle, Florian Westphal
  - [PATCH net 9/9] netfilter: nft_dynset: disallow object maps, Florian Westphal
- [PATCH net 0/9] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/9] netfilter: nf_tables: disallow rule removal from chain binding, Pablo Neira Ayuso
  - [PATCH net 5/9] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Pablo Neira Ayuso
  - [PATCH net 3/9] netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC, Pablo Neira Ayuso
  - [PATCH net 2/9] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Pablo Neira Ayuso
  - [PATCH net 4/9] netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails, Pablo Neira Ayuso
  - [PATCH net 6/9] netfilter: nf_tables: disallow element removal on anonymous sets, Pablo Neira Ayuso
  - [PATCH net 7/9] netfilter: conntrack: fix extension size table, Pablo Neira Ayuso
  - [PATCH net 8/9] netfilter: nf_tables: Fix entries val in rule reset audit log, Pablo Neira Ayuso
  - [PATCH net 9/9] selftests: netfilter: Test nf_tables audit logging, Pablo Neira Ayuso
[PATCH nft] expression: memleak in verdict_expr_parse_udata(), Pablo Neira Ayuso
Kernel Error FLOW OFFLOAD on nftables, Максим
- Re: Kernel Error FLOW OFFLOAD on nftables, Frank Myhr
[PATCH RESEND][next] netfilter: Fix fall-through warnings for Clang, Gustavo A. R. Silva
- Re: [PATCH RESEND][next] netfilter: Fix fall-through warnings for Clang, Pablo Neira Ayuso
[PATCH nft,v2] mnl: remove nft_mnl_socket_reopen(), Pablo Neira Ayuso
[PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Ludovic Senecaux
- Re: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Florian Westphal
- Re: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6, Pablo Neira Ayuso
[PATCH nf 1/2,v2] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: bogus check for netlink portID with table owner, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: fix possible double hook unregistration with table owner, Pablo Neira Ayuso
[PATCH 0/3] Don't use RCU for x_tables synchronization, Mark Tomlinson
- [PATCH 1/3] Revert "netfilter: x_tables: Update remaining dereference to RCU", Mark Tomlinson
  - Re: [PATCH 1/3] Revert "netfilter: x_tables: Update remaining dereference to RCU", Florian Westphal
- [PATCH 2/3] Revert "netfilter: x_tables: Switch synchronization to RCU", Mark Tomlinson
  - Re: [PATCH 2/3] Revert "netfilter: x_tables: Switch synchronization to RCU", Florian Westphal
- [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Mark Tomlinson
  - Re: [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Florian Westphal
    - Re: [PATCH 3/3] netfilter: x_tables: Use correct memory barriers., Mark Tomlinson
[PATCH nft 1/3] parser: squash duplicated spec/specid rules, Florian Westphal
- [PATCH nft 2/3] parser: compact map RHS type, Florian Westphal
  - Re: [PATCH nft 2/3] parser: compact map RHS type, Pablo Neira Ayuso
- [PATCH nft 3/3] parser: compact ct obj list types, Florian Westphal
[PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
- Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
    - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
      - Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Oz Shlomo
        
        Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Marcelo Ricardo Leitner
- Re: [PATCH nf-next] netfilter: flowtable: separate replace, destroy and stats to different workqueues, Pablo Neira Ayuso
[PATCH] netfilter: Fix GRE over IPv6 with conntrack module, linuxludo
- Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, linuxludo
    - Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
      - RE: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Ludovic Sénécaux
        
        Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
- Re: [PATCH] netfilter: Fix GRE over IPv6 with conntrack module, Florian Westphal
[iptables PATCH 1/2] xtables-translate: Fix translation of odd netmasks, Phil Sutter
- [iptables PATCH 2/2] libxtables: Simplify xtables_ipmask_to_cidr() a bit, Phil Sutter
[nf:master 7/7] net/netfilter/nf_tables_api.c:920:15: warning: converting the enum constant to a boolean, kernel test robot
- Re: [nf:master 7/7] net/netfilter/nf_tables_api.c:920:15: warning: converting the enum constant to a boolean, Pablo Neira Ayuso
[PATCH nft] mnl: remove nft_mnl_socket_reopen(), Pablo Neira Ayuso
- [PATCH nft] cache: memleak list of chain, Pablo Neira Ayuso
[PATCH nft] table: support for the table owner flag, Pablo Neira Ayuso
[PATCH libnftnl] table: add table owner support, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: disallow updates on table ownership, Pablo Neira Ayuso
[PATCH] netfilter: gpf inside xt_find_revision(), Vasily Averin
- Re: [PATCH] netfilter: gpf inside xt_find_revision(), Florian Westphal
  - Re: [PATCH] netfilter: gpf inside xt_find_revision(), Pablo Neira Ayuso
[PATCH nf 0/3] netfilter: nat: fix ancient dnat+edemux bug, Florian Westphal
- [PATCH nf 1/3] netfilter: nf_nat: undo erroneous tcp edemux lookup, Florian Westphal
- [PATCH nf 2/3] netfilter: conntrack: avoid misleading 'invalid' in log message, Florian Westphal
- [PATCH nf 3/3] selftests: netfilter: test nat port clash resolution interaction with tcp early demux, Florian Westphal
- Re: [PATCH nf 0/3] netfilter: nat: fix ancient dnat+edemux bug, Pablo Neira Ayuso
[PATCH iptables-nft] iptables-nft: fix -Z option, Florian Westphal
- Re: [PATCH iptables-nft] iptables-nft: fix -Z option, Phil Sutter
[PATCH] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Dmitry V. Levin
- Re: [PATCH] uapi: nfnetlink_cthelper.h: fix userspace compilation error, Pablo Neira Ayuso
[PATCH nft] table: rework flags printing, Pablo Neira Ayuso
increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
- Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Jozsef Kadlecsik
  - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
    - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Jozsef Kadlecsik
      - Re: increasing ip_list_tot in net/netfilter/xt_recent.c for a non-modular kernel, Toralf Förster
[PATCH nft] src: allow use of 'verdict' in typeof definitions, Florian Westphal
[nft PATCH 1/2] main: fix nft --help output fallout from 719e4427, Štěpán Němec
- [nft PATCH 2/2] doc: nft: fix some typos and formatting issues, Štěpán Němec
  - Re: [nft PATCH 2/2] doc: nft: fix some typos and formatting issues, Pablo Neira Ayuso
- Re: [nft PATCH 1/2] main: fix nft --help output fallout from 719e4427, Pablo Neira Ayuso
[PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, andy
- Re: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, Jan Engelhardt
- <Possible follow-ups>
- RE: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, andy
  - RE: [PATCH] xtables-addons 3.15 doesn't compile on 32-bit x86, Jan Engelhardt
[PATCH] netfilter: Remove a double space in a log message, Klemen Košir
- Re: [PATCH] netfilter: Remove a double space in a log message, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.11 released, Jozsef Kadlecsik
[iptables PATCH] nft: Fix bitwise expression avoidance detection, Phil Sutter
[PATCH nft] json: init parser state for every new buffer/file, Eric Garver
- Re: [PATCH nft] json: init parser state for every new buffer/file, Phil Sutter
[ebtables PATCH] Open the lockfile with O_CLOEXEC, Ondrej Mosnacek
- Re: [ebtables PATCH] Open the lockfile with O_CLOEXEC, Pablo Neira Ayuso
[libnftnl PATCH 2/2] Avoid out of bounds read from data, Maya Rashish
- Re: [libnftnl PATCH 2/2] Avoid out of bounds read from data, Pablo Neira Ayuso
  - [libnftnl PATCH 2/2 v2] Avoid out of bounds read from data, Maya Rashish
    - Re: [libnftnl PATCH 2/2 v2] Avoid out of bounds read from data, Pablo Neira Ayuso
[libnftnl PATCH 1/2] Avoid out of bound reads in tests., Maya Rashish
- Re: [libnftnl PATCH 1/2] Avoid out of bound reads in tests., Pablo Neira Ayuso
  - Re: [libnftnl PATCH 1/2] Avoid out of bound reads in tests., Maya Rashish
[PATCH net-next 0/3] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 1/3] netfilter: nftables: add helper function to release one table, Pablo Neira Ayuso
  - Re: [PATCH net-next 1/3] netfilter: nftables: add helper function to release one table, patchwork-bot+netdevbpf
- [PATCH net-next 3/3] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
- [PATCH net-next 2/3] netfilter: nftables: add helper function to release hooks of one single table, Pablo Neira Ayuso
[nft PATCH] monitor: Don't print newgen message with JSON output, Phil Sutter
[iptables PATCH] include: Drop libipulog.h, Phil Sutter
- Re: [iptables PATCH] include: Drop libipulog.h, Pablo Neira Ayuso
traffic shaping with tc on Linux 5.4.x, Lars Noodén
[PATCH nf-next,v3 1/3] netfilter: nftables: allow to release one table, Pablo Neira Ayuso
- [PATCH nf-next,v3 2/3] netfilter: nftables: allow to release hooks of one single table, Pablo Neira Ayuso
- [PATCH nf-next,v3 3/3] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nftables: introduce table ownership, Pablo Neira Ayuso
Question about using NFT_GOTO in kernel module, Bob @ gmail
[PATCH libnetfilter_queue v3] src: fix IPv6 header handling, Etan Kissling
- Re: [PATCH libnetfilter_queue v3] src: fix IPv6 header handling, Pablo Neira Ayuso
[PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/2] netfilter: conntrack: skip identical origin tuple in same zone only, Pablo Neira Ayuso
  - Re: [PATCH net 1/2] netfilter: conntrack: skip identical origin tuple in same zone only, patchwork-bot+netdevbpf
- [PATCH net 2/2] netfilter: nftables: relax check for stateful expressions in set definition, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed conntrack, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: bitwise: fix reduce comparisons, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables: memcg accounting for dynamically allocated objects, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: nft_parse_register can return a negative value, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_socket: make cgroup match work in input too, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: disallow non-stateful expression in sets earlier, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: disallow non-stateful expression in sets earlier, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_limit: Clone packet limits' cost value, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nft_set_pipapo: release elements in clone from abort path, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nf_tables: stricter validation of element data, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nf_tables: stricter validation of element data, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces., Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces., patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/2] netfilter: nf_tables: do not set up extensions for end interval, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: conntrack: Fix data-races around ct mark, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: conntrack: Fix data-races around ct mark, patchwork-bot+netdevbpf
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, patchwork-bot+netdevbpf
  - [PATCH net 2/2] netfilter: nft_set_rbtree: skip elements in transaction from garbage collection, Pablo Neira Ayuso
- [PATCH net 0/2] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression, Pablo Neira Ayuso
    - Re: [PATCH net 1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression, patchwork-bot+netdevbpf
  - [PATCH net 2/2] Revert "netfilter: conntrack: fix bug in for_each_sctp_chunk", Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]