Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: [netfilter-core] [PATCH nft v4] src: Support netdev egress hook, (continued)
[conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 2/3] tests: introduce some basic testcases for the new conntrack-tools testing framework, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 3/3] tests: introduce replicating scenario and simple icmp test case, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Pablo Neira Ayuso
  - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
    - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Pablo Neira Ayuso
      - Re: [conntrack-tools PATCH 1/3] tests: introduce new python-based framework for running tests, Arturo Borrero Gonzalez
Re: KASAN: use-after-free Read in dump_schedule, syzbot
- Re: KASAN: use-after-free Read in dump_schedule, Dmitry Vyukov
[PATCH nf-next v4 0/5] Netfilter egress hook, Lukas Wunner
- [PATCH nf-next v4 2/5] netfilter: Rename ingress hook include file, Lukas Wunner
- [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Daniel Borkmann
    - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Lukas Wunner
      - Re: [PATCH nf-next v4 4/5] netfilter: Introduce egress hook, Daniel Borkmann
- [PATCH nf-next v4 3/5] netfilter: Generalize ingress hook include file, Lukas Wunner
- [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
  - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Eric Dumazet
    - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
      - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Jakub Kicinski
        
        Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Dan Carpenter
        
        Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
  - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Jakub Kicinski
    - Re: [PATCH nf-next v4 1/5] net: sched: Micro-optimize egress handling, Lukas Wunner
- [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
    - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
      - Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
        
        Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Lukas Wunner
        
        Re: [PATCH nf-next v4 5/5] af_packet: Introduce egress hook, Willem de Bruijn
[PATCH nft] json: icmp: move expected parts to json.output, Florian Westphal
[PATCH nft] evaluate: disallow ct original {s,d}ddr from concatenations, Pablo Neira Ayuso
[PATCH nft] exthdr: remove tcp dependency for tcp option matching, Florian Westphal
- Re: [PATCH nft] exthdr: remove tcp dependency for tcp option matching, Pablo Neira Ayuso
[PATCH nft 0/4] json test case fixups, Florian Westphal
- [PATCH 4/4] json: icmp: refresh json output, Florian Westphal
  - Re: [PATCH 4/4] json: icmp: refresh json output, Phil Sutter
- [PATCH 3/4] json: ct: add missing rule, Florian Westphal
  - Re: [PATCH 3/4] json: ct: add missing rule, Phil Sutter
- [PATCH 2/4] json: limit: set default burst to 5, Florian Westphal
  - Re: [PATCH 2/4] json: limit: set default burst to 5, Phil Sutter
    - Re: [PATCH 2/4] json: limit: set default burst to 5, Pablo Neira Ayuso
      - Re: [PATCH 2/4] json: limit: set default burst to 5, Pablo Neira Ayuso
        
        Re: [PATCH 2/4] json: limit: set default burst to 5, Phil Sutter
- [PATCH 1/4] json: fix icmpv6.t test cases, Florian Westphal
  - Re: [PATCH 1/4] json: fix icmpv6.t test cases, Phil Sutter
[PATCH nf-next v2] netfilter: ctnetlink: remove get_ct indirection, Florian Westphal
- Re: [PATCH nf-next v2] netfilter: ctnetlink: remove get_ct indirection, Pablo Neira Ayuso
[conntrack-tools PATCH] conntrackd: introduce yes & no config values, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] conntrackd: introduce yes & no config values, Pablo Neira Ayuso
[PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, Florian Westphal
- Re: [PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, kernel test robot
- Re: [PATCH nf-next] netfilter: ctnetlink: remove get_ct indirection, kernel test robot
[PATCH] ipset: fix print format warning, Neutron Soutmun
- Re: [PATCH] ipset: fix print format warning, Jozsef Kadlecsik
[PATCH nf] netfilter: nft_dynset: dump expressions when set definition contains no expressions, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_dynset: add timeout extension to template, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_dynset: honor stateful expressions in set definition, Pablo Neira Ayuso
[ANNOUNCE] iptables 1.8.7 release, Phil Sutter
[ANNOUNCE] nftables 0.9.8 release, Pablo Neira Ayuso
[iptables PATCH] tests/shell: Fix nft-only/0009-needless-bitwise_0, Phil Sutter
[ANNOUNCE] libnftnl 1.1.9 release, Pablo Neira Ayuso
[PATCH nft] evaluate: disallow ct original {s,d}ddr from maps, Pablo Neira Ayuso
[PATCH conntrack-tools 0/3] preparing support for command batch, Pablo Neira Ayuso
- [PATCH conntrack-tools 3/3] conntrack: add do_command_ct(), Pablo Neira Ayuso
- [PATCH conntrack-tools 2/3] conntrack: add struct ct_tmpl, Pablo Neira Ayuso
- [PATCH conntrack-tools 1/3] conntrack: add struct ct_cmd, Pablo Neira Ayuso
KMSAN: uninit-value in nf_conntrack_udplite_packet (2), syzbot
[PATCH libnetfilter_queue] src: fix header handling in nfq_ip6_set_transport_header, Etan Kissling
[PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
- Re: [PATCH libnetfilter_queue] src: fix IPv6 header handling, Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
- <Possible follow-ups>
- [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
  - [PATCH libnetfilter_queue] src: fix IPv6 header handling, Etan Kissling
[PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Etan Kissling
- [PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Etan Kissling
- Re: [PATCH libnetfilter_queue] src: add pkt_buff function for ICMP, Pablo Neira Ayuso
[PATCH ghak90 v11 00/11] audit: implement container identifier, Richard Guy Briggs
- [PATCH ghak90 v11 01/11] audit: collect audit task parameters, Richard Guy Briggs
- [PATCH ghak90 v11 02/11] audit: add container id, Richard Guy Briggs
- [PATCH ghak90 v11 03/11] audit: log container info of syscalls, Richard Guy Briggs
- [PATCH ghak90 v11 04/11] audit: add contid support for signalling the audit daemon, Richard Guy Briggs
- [PATCH ghak90 v11 05/11] audit: add support for non-syscall auxiliary records, Richard Guy Briggs
- [PATCH ghak90 v11 06/11] audit: add containerid support for user records, Richard Guy Briggs
- [PATCH ghak90 v11 07/11] audit: add containerid filtering, Richard Guy Briggs
- [PATCH ghak90 v11 09/11] audit: contid check descendancy and nesting, Richard Guy Briggs
- [PATCH ghak90 v11 10/11] audit: track container nesting, Richard Guy Briggs
- [PATCH ghak90 v11 11/11] audit: add capcontid to set contid outside init_user_ns, Richard Guy Briggs
- [PATCH ghak90 v11 08/11] audit: add support for containerid to network namespaces, Richard Guy Briggs
[PATCH AUTOSEL 5.10 08/51] netfilter: ipset: fixes possible oops in mtype_resize, Sasha Levin
[PATCH AUTOSEL 5.4 05/28] netfilter: ipset: fixes possible oops in mtype_resize, Sasha Levin
[PATCH] netfilter: Fix memleak in nf_nat_init, Dinghao Liu
- Re: [PATCH] netfilter: Fix memleak in nf_nat_init, Florian Westphal
- Re: [PATCH] netfilter: Fix memleak in nf_nat_init, Pablo Neira Ayuso
[PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Jesper Dangaard Brouer
- Re: [PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Florian Westphal
- Re: [PATCH net] netfilter: conntrack: fix reading nf_conntrack_buckets, Pablo Neira Ayuso
[PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Jan-Philipp Litza
- Re: [PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: Reverse nft_set_lookup_byid list traversal, Jan-Philipp Litza
Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Julian Anastasov
- Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Simon Horman
  - Re: [PATCH v6] ipvs: add weighted random twos choice algorithm, Pablo Neira Ayuso
[PATCH nft] segtree: honor set element expiration, Pablo Neira Ayuso
[PATCH nft 0/2] libedit support followup, Pablo Neira Ayuso
- [PATCH nft 2/2] main: fix typo in cli definition, Pablo Neira Ayuso
- [PATCH nft 1/2] cli: use plain readline() interface with libedit, Pablo Neira Ayuso
[PATCH nft 0/2] follow up work on the libedit support, Pablo Neira Ayuso
- [PATCH nft 1/2] cli: use plain readline() interface, Pablo Neira Ayuso
- [PATCH nft 2/2] main: fix typo in cli definition, Pablo Neira Ayuso
[PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Florian Westphal
- [PATCH net 2/3] net: fix pmtu check in nopmtudisc mode, Florian Westphal
- [PATCH net 1/3] selftests: netfilter: add selftest for ipip pmtu discovery with enabled connection tracking, Florian Westphal
- [PATCH net 3/3] net: ip: always refragment ip defragmented packets, Florian Westphal
  - Re: [PATCH net 3/3] net: ip: always refragment ip defragmented packets, Christian Perle
- Re: [PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] net: fix netfilter defrag/ip tunnel pmtu blackhole, Jakub Kicinski
[PATCH nft] cli: add libedit support, Pablo Neira Ayuso
[PATCH nft] src: set on flags to request multi-statement support, Pablo Neira Ayuso
Potential licensing issue with libreadline, Arturo Borrero Gonzalez
- Re: Potential licensing issue with libreadline, Pablo Neira Ayuso
[PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 1/3] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Pablo Neira Ayuso
- [PATCH net 2/3] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature, Pablo Neira Ayuso
- [PATCH net 3/3] netfilter: nftables: add set expression flags, Pablo Neira Ayuso
- Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- <Possible follow-ups>
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: conntrack: fix reading nf_conntrack_buckets, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_nat: Fix memleak in nf_nat_init, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: Pass family parameter "-f" to conntrack tool, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_dynset: honor stateful expressions in set definition, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nft_dynset: honor stateful expressions in set definition, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nft_dynset: add timeout extension to template, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_dynset: dump expressions when set definition contains no expressions, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: initialize set before expression setup, patchwork-bot+netdevbpf
  - [PATCH net 2/3] selftests: netfilter: add fib test case, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy(), Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy(), patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: ctnetlink: remove expired entries first, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: fix regression in looped (broad|multi)cast's MAC handling, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] Revert "netfilter: nat: force port remap to prevent shadowing well-known ports", Pablo Neira Ayuso
    - Re: [PATCH net 1/3] Revert "netfilter: nat: force port remap to prevent shadowing well-known ports", patchwork-bot+netdevbpf
  - [PATCH net 2/3] Revert "netfilter: conntrack: tag conntracks picked up in local out hook", Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: disable register tracking, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
    - Re: [PATCH net 0/3] Netfilter fixes for net, Florian Westphal
      - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: initialize registers in nft_do_chain(), Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: validate registers coming from userspace., Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: flowtable: Fix QinQ and pppoe support for inet table, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: flowtable: Fix QinQ and pppoe support for inet table, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: egress: Report interface as outgoing, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: egress: Report interface as outgoing, patchwork-bot+netdevbpf
  - [PATCH net 3/3] memcg: enable accounting for nft objects, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, patchwork-bot+netdevbpf
      - Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Neal Cardwell
        
        Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only, Jakub Kicinski
  - [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: br_netfilter: do not skip all hooks with 0 priority, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_dynset: restore set element counter when failing to update, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: avoid skb access on nf_stolen, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: replace BUG_ON by element length check, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: conntrack: fix crash due to confirmed bit load reordering, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: conntrack: fix crash due to confirmed bit load reordering, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nf_log: incorrect offset to network header, Pablo Neira Ayuso
- [PATCH net 0/3] netfilter fixes for net, Florian Westphal
  - [PATCH net 1/3] selftests: netfilter: Test reverse path filtering, Florian Westphal
    - Re: [PATCH net 1/3] selftests: netfilter: Test reverse path filtering, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: rpfilter/fib: Populate flowic_l3mdev field, Florian Westphal
  - [PATCH net 3/3] selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1, Florian Westphal
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: Cleanup nft_net->module_list from nf_tables_exit_net(), Pablo Neira Ayuso
  - [PATCH net 3/3] selftests: netfilter: Fix and review rpath.sh, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg(), Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg(), patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: ipset: regression in ip_set_hash_ip.c, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: ipset: regression in ip_set_hash_ip.c, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: flowtable_offload: add missing locking, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function., Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: fix transaction test script timeout handling, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: fix transaction test script timeout handling, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function., Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nft_last: copy content when cloning expression, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nft_quota: copy content when cloning expression, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: nft_nat: ensuring the listening side is up before starting the client, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] selftests: nft_nat: ensuring the listening side is up before starting the client, patchwork-bot+netdevbpf
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: ctnetlink: revert to dumping mark regardless of event type, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: ctnetlink: revert to dumping mark regardless of event type, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: conntrack: adopt safer max chain length, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: tproxy: fix deadlock due to missing BH disable, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Paolo Abeni
    - Re: [PATCH net 0/3] Netfilter fixes for net, Jakub Kicinski
      - Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: deactivate anonymous set from preparation phase, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with missing attributes, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: hit ENOENT on unexisting chain/flowtable update with missing attributes, patchwork-bot+netdevbpf
  - [PATCH net 2/3] selftests: netfilter: fix libmnl pkg-config usage, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Florian Westphal
  - [PATCH net 1/3] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, Florian Westphal
    - Re: [PATCH net 1/3] netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nf_tables: fix nft_trans type confusion, Florian Westphal
  - [PATCH net 3/3] netfilter: nft_set_rbtree: fix null deref on element insertion, Florian Westphal
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, Simon Horman
    - Re: [PATCH net 1/3] netfilter: nf_tables: integrate pipapo into commit protocol, patchwork-bot+netdevbpf
- [PATCH net 0/3] netfilter fixes for net, Florian Westphal
  - [PATCH net 1/3] netfilter: nft_set_rbtree: fix overlap expiration walk, Florian Westphal
    - Re: [PATCH net 1/3] netfilter: nft_set_rbtree: fix overlap expiration walk, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR, Florian Westphal
  - [PATCH net 3/3] netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID, Florian Westphal
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_set_pipapo: fix missing : in kdoc, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nft_set_pipapo: fix missing : in kdoc, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: nf_tables: fix bidirectional offload regression, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nat: restore default DNAT behavior, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), patchwork-bot+netdevbpf
  - [PATCH net 3/3] selftests: netfilter: add bridge conntrack + multicast test case, Pablo Neira Ayuso
    - Re: [PATCH net 3/3] selftests: netfilter: add bridge conntrack + multicast test case, Paolo Abeni
  - [PATCH net 2/3] netfilter: bridge: confirm multicast packets before passing them up the stack, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: do not compare internal table flags on updates, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: nf_tables: Fix a memory leak in nf_tables_updchain, Pablo Neira Ayuso
    - Re: [PATCH net 3/3] netfilter: nf_tables: Fix a memory leak in nf_tables_updchain, Paolo Abeni
      - Re: [PATCH net 3/3] netfilter: nf_tables: Fix a memory leak in nf_tables_updchain, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_set_pipapo: release elements in clone only from destroy path, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nf_tables: missing iterator type in lookup walk, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nf_tables: missing iterator type in lookup walk, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: nf_tables: fix memleak in map from abort path, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nf_tables: restore set elements when delete set fails, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_inner: validate mandatory meta and payload, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: nft_inner: validate mandatory meta and payload, patchwork-bot+netdevbpf
  - [PATCH net 2/3] netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: Use flowlabel flow key when re-routing mangled packets, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: nft_counter: Disable BH in nft_counter_offload_stats()., Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: nft_counter: Synchronize nft_counter_reset() against reader., Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: flowtable: validate vlan header, Pablo Neira Ayuso
    - Re: [PATCH net 3/3] netfilter: flowtable: validate vlan header, Eric Dumazet
      - Re: [PATCH net 3/3] netfilter: flowtable: validate vlan header, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: fib: check correct rtable in vrf setups, Pablo Neira Ayuso
  - [PATCH net 1/3] netfilter: xtables: avoid NFPROTO_UNSPEC where needed, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] netfilter: xtables: avoid NFPROTO_UNSPEC where needed, patchwork-bot+netdevbpf
  - [PATCH net 3/3] selftests: netfilter: conntrack_vrf.sh: add fib test case, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: Add missing gitignore file, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] selftests: netfilter: Add missing gitignore file, patchwork-bot+netdevbpf
  - [PATCH net 2/3] selftests: netfilter: Fix missing return values in conntrack_dump_flush, Pablo Neira Ayuso
  - [PATCH net 3/3] netfilter: ipset: add missing range check in bitmap_ip_uadt, Pablo Neira Ayuso
  - Re: [PATCH net 0/3] Netfilter fixes for net, Paolo Abeni
    - Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
      - Re: [PATCH net 0/3] Netfilter fixes for net, Paolo Abeni
        
        Re: [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/3] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/3] netfilter: IDLETIMER: Fix for possible ABBA deadlock, Pablo Neira Ayuso
  - [PATCH net 1/3] selftests: netfilter: Stabilize rpath.sh, Pablo Neira Ayuso
    - Re: [PATCH net 1/3] selftests: netfilter: Stabilize rpath.sh, patchwork-bot+netdevbpf
  - [PATCH net 3/3] netfilter: nf_tables: do not defer rule destruction via call_rcu, Pablo Neira Ayuso
[PATCH libnetfilter_conntrack] examples: check return value of nfct_nlmsg_build(), Eyal Birger
- Re: [PATCH libnetfilter_conntrack] examples: check return value of nfct_nlmsg_build(), Pablo Neira Ayuso
WARNING: suspicious RCU usage in xt_obj_to_user, syzbot
Announcing Netdev 0x15, Jamal Hadi Salim
[PATCH nf 1/2] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nftables: add set expression flags, Pablo Neira Ayuso
stack corruption with EBT_ENTRY_ITERATE, sharathv
[PATCH conntrack-tools] conntrackd: add ip netns test script, Pablo Neira Ayuso
- Re: [PATCH conntrack-tools] conntrackd: add ip netns test script, Arturo Borrero Gonzalez
  - Re: [PATCH conntrack-tools] conntrackd: add ip netns test script, Pablo Neira Ayuso
kernel BUG at lib/string.c:LINE! (6), syzbot
- Re: kernel BUG at lib/string.c:LINE! (6), Linus Torvalds
  - Re: kernel BUG at lib/string.c:LINE! (6), Florian Westphal
    - Re: kernel BUG at lib/string.c:LINE! (6), Dmitry Vyukov
- [PATCH nf] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Florian Westphal
  - Re: [PATCH nf] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Linus Torvalds
    - Re: [PATCH nf] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Florian Westphal
  - Re: [PATCH nf] netfilter: xt_RATEEST: reject non-null terminated string from userspace, Pablo Neira Ayuso
[PATCH ghak90 v10 00/11] audit: implement container identifier, Richard Guy Briggs
- [PATCH ghak90 v10 01/11] audit: collect audit task parameters, Richard Guy Briggs
  - Re: [PATCH ghak90 v10 01/11] audit: collect audit task parameters, Paul Moore
    - Re: [PATCH ghak90 v10 01/11] audit: collect audit task parameters, Richard Guy Briggs
- [PATCH ghak90 v10 02/11] audit: add container id, Richard Guy Briggs
- [PATCH ghak90 v10 03/11] audit: log container info of syscalls, Richard Guy Briggs
- [PATCH ghak90 v10 04/11] audit: add contid support for signalling the audit daemon, Richard Guy Briggs
- [PATCH ghak90 v10 06/11] audit: add containerid support for user records, Richard Guy Briggs
- [PATCH ghak90 v10 05/11] audit: add support for non-syscall auxiliary records, Richard Guy Briggs
- [PATCH ghak90 v10 07/11] audit: add containerid filtering, Richard Guy Briggs
- [PATCH ghak90 v10 08/11] audit: add support for containerid to network namespaces, Richard Guy Briggs
- [PATCH ghak90 v10 09/11] audit: contid check descendancy and nesting, Richard Guy Briggs
- [PATCH ghak90 v10 10/11] audit: track container nesting, Richard Guy Briggs
- [PATCH ghak90 v10 11/11] audit: add capcontid to set contid outside init_user_ns, Richard Guy Briggs
[ANNOUNCE] ipset 7.10 released, Jozsef Kadlecsik
Re: INFO: rcu detected stall in tipc_release, syzbot
- Re: INFO: rcu detected stall in tipc_release, Dmitry Vyukov
[PATCH nft] tests: shell: set element multistatement support, Pablo Neira Ayuso
[PATCH nft 1/2,v2] src: add support for multi-statement in dynamic sets and maps, Pablo Neira Ayuso
- [PATCH nft 2/2] src: add set element multi-statement support, Pablo Neira Ayuso
[PATCH nft,v2] src: disallow burst 0 in ratelimits, Pablo Neira Ayuso
[PATCH 1/3 libnftnl,v2] src: add NFTNL_SET_ELEM_EXPRESSIONS, Pablo Neira Ayuso
- [PATCH 2/3 libnftnl,v2] src: add NFTNL_SET_EXPRESSIONS, Pablo Neira Ayuso
- [PATCH 3/3 libnftnl,v2] src: add NFTNL_EXPR_DYNSET_EXPRESSIONS, Pablo Neira Ayuso
[PATCH v2] netfilter: ipset: fix shift-out-of-bounds in htable_bits(), Vasily Averin
- Re: [PATCH v2] netfilter: ipset: fix shift-out-of-bounds in htable_bits(), Jozsef Kadlecsik
- Re: [PATCH v2] netfilter: ipset: fix shift-out-of-bounds in htable_bits(), Pablo Neira Ayuso
[PATCH nf] parser_bison: disallow burst 0 in ratelimits, Pablo Neira Ayuso
[PATCH nft 0/2] multi-statement support for set elements, Pablo Neira Ayuso
- [PATCH nft 1/2] src: add support for multi-statement in dynamic sets and maps, Pablo Neira Ayuso
- [PATCH nft 2/2] src: add set element multi-statement support, Pablo Neira Ayuso
[PATCH] netfilter: ipset: fixes possible oops in mtype_resize, Vasily Averin
- Re: [PATCH] netfilter: ipset: fixes possible oops in mtype_resize, Jozsef Kadlecsik
- Re: [PATCH] netfilter: ipset: fixes possible oops in mtype_resize, Pablo Neira Ayuso
[PATCH nf] netfilter: x_tables: Update remaining dereference to RCU, Subash Abhinov Kasiviswanathan
- Re: [PATCH nf] netfilter: x_tables: Update remaining dereference to RCU, Florian Westphal
- Re: [PATCH nf] netfilter: x_tables: Update remaining dereference to RCU, Pablo Neira Ayuso
[PATCH conntrack-tools] conntrack: pretty-print the portid, Florian Westphal
UBSAN: shift-out-of-bounds in hash_ipmark_create, syzbot
WARNING: suspicious RCU usage in nf_ct_iterate_cleanup, syzbot
[nft PATCH] tests: py: Fix for changed concatenated ranges output, Phil Sutter
[PATCH][next] netfilter: nftables: fix incorrect increment of loop counter, Colin King
- Re: [PATCH][next] netfilter: nftables: fix incorrect increment of loop counter, Pablo Neira Ayuso
  - Re: [PATCH][next] netfilter: nftables: fix incorrect increment of loop counter, Pablo Neira Ayuso
- Re: [PATCH][next] netfilter: nftables: fix incorrect increment of loop counter, Pablo Neira Ayuso
[libnftnl PATCH 1/2] set_elem: Use nftnl_data_reg_snprintf(), Phil Sutter
- [libnftnl PATCH 2/2] set_elem: Include key_end data reg in print output, Phil Sutter
- Re: [libnftnl PATCH 1/2] set_elem: Use nftnl_data_reg_snprintf(), Pablo Neira Ayuso
  - Re: [libnftnl PATCH 1/2] set_elem: Use nftnl_data_reg_snprintf(), Phil Sutter
[PATCH nft] json: don't leave dangling pointers on hlist, Florian Westphal
UBSAN: shift-out-of-bounds in hash_mac_create, syzbot
[PATCH net-next 00/10] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 04/10] netfilter: nfnl_acct: remove data from struct net, Pablo Neira Ayuso
- [PATCH net-next 09/10] netfilter: nftables: generalize set extension to support for several expressions, Pablo Neira Ayuso
- [PATCH net-next 06/10] netfilter: ctnetlink: add timeout and protoinfo to destroy events, Pablo Neira Ayuso
- [PATCH net-next 10/10] netfilter: nftables: netlink support for several set element expressions, Pablo Neira Ayuso
- [PATCH net-next 07/10] netfilter: nftables: generalize set expressions support, Pablo Neira Ayuso
- [PATCH net-next 05/10] netfilter: use actual socket sk for REJECT action, Pablo Neira Ayuso
- [PATCH net-next 08/10] netfilter: nftables: move nft_expr before nft_set, Pablo Neira Ayuso
- [PATCH net-next 01/10] netfilter: nft_reject_bridge: fix build errors due to code movement, Pablo Neira Ayuso
- [PATCH net-next 03/10] netfilter: Remove unnecessary conversion to bool, Pablo Neira Ayuso
- [PATCH net-next 02/10] ipvs: replace atomic_add_return(), Pablo Neira Ayuso
- Re: [PATCH net-next 00/10] Netfilter/IPVS updates for net-next, Jakub Kicinski
[PATCH libnftnl 1/3] src: add NFTNL_SET_ELEM_EXPRESSIONS, Pablo Neira Ayuso
- [PATCH libnftnl 2/3] src: add NFTNL_SET_EXPRESSIONS, Pablo Neira Ayuso
- [PATCH libnftnl 3/3] src: add NFTNL_EXPR_DYNSET_EXPRESSIONS, Pablo Neira Ayuso
[PATCH nft] nft: trace: print packet unconditionally, Florian Westphal
- Re: [PATCH nft] nft: trace: print packet unconditionally, Florian Westphal
[PATCH xtables-nft 0/3] xt-monitor fixes, Florian Westphal
- [PATCH xtables-nft 1/3] xtables-monitor: fix rule printing, Florian Westphal
  - Re: [PATCH xtables-nft 1/3] xtables-monitor: fix rule printing, Phil Sutter
- [PATCH xtables-nft 2/3] xtables-monitor: fix packet family protocol, Florian Westphal
- [PATCH xtables-nft 3/3] xtables-monitor: print packet first, Florian Westphal
  - Re: [PATCH xtables-nft 3/3] xtables-monitor: print packet first, Phil Sutter
    - Re: [PATCH xtables-nft 3/3] xtables-monitor: print packet first, Florian Westphal
[PATCH nf-next,v4 1/4] netfilter: nftables: generalize set expressions support, Pablo Neira Ayuso
- [PATCH nf-next,v4 2/4] netfilter: nftables: move nft_expr before nft_set, Pablo Neira Ayuso
- [PATCH nf-next,v4 3/4] netfilter: nftables: generalize set extension to support for several expressions, Pablo Neira Ayuso
- [PATCH nf-next,v4 4/4] netfilter: nftables: netlink support for several set element expressions, Pablo Neira Ayuso
[PATCH nf-next,v3] netfilter: ctnetlink: add timeout and protoinfo to destroy events, Pablo Neira Ayuso
[PATCH nf-next,v3 1/4] netfilter: nftables: generalize set expressions support, Pablo Neira Ayuso
- [PATCH nf-next,v3 4/4] netfilter: nftables: netlink support for several set element expressions, Pablo Neira Ayuso
- [PATCH nf-next,v3 2/4] netfilter: nftables: move nft_expr before nft_set, Pablo Neira Ayuso
- [PATCH nf-next,v3 3/4] netfilter: nftables: generalize set extension to support for several expressions, Pablo Neira Ayuso
[PATCH nf-next v2 1/1] netfilter: ctnetlink: add timeout and protoinfo to destroy events, Florian Westphal
- Re: [PATCH nf-next v2 1/1] netfilter: ctnetlink: add timeout and protoinfo to destroy events, Pablo Neira Ayuso
[iptables PATCH v3 0/9] nft: Sorted chain listing et al., Phil Sutter
- [iptables PATCH v3 7/9] nft: cache: Sort custom chains by name, Phil Sutter
- [iptables PATCH v3 2/9] nft: cache: Introduce nft_cache_add_chain(), Phil Sutter
- [iptables PATCH v3 6/9] nft: Introduce a dedicated base chain array, Phil Sutter
- [iptables PATCH v3 8/9] tests: shell: Drop any dump sorting in place, Phil Sutter
- [iptables PATCH v3 4/9] nft: cache: Move nft_chain_find() over, Phil Sutter
- [iptables PATCH v3 3/9] nft: Implement nft_chain_foreach(), Phil Sutter
- [iptables PATCH v3 5/9] nft: Introduce struct nft_chain, Phil Sutter
- [iptables PATCH v3 1/9] nft: Fix selective chain compatibility checks, Phil Sutter
- [iptables PATCH v3 9/9] nft: Avoid pointless table/chain creation, Phil Sutter
- Re: [iptables PATCH v3 0/9] nft: Sorted chain listing et al., Phil Sutter
[PATCH nf-next] netfilter: ctnetlink: always include remaining timeout, Florian Westphal
- Re: [PATCH nf-next] netfilter: ctnetlink: always include remaining timeout, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: ctnetlink: always include remaining timeout, Florian Westphal
[PATCH nft 0/10] nft: add automatic icmp/icmpv6 dependencies, Florian Westphal
- [PATCH nft 01/10] exthdr: remove unused proto_key member from struct, Florian Westphal
- [PATCH nft 03/10] src: add auto-dependencies for ipv4 icmp, Florian Westphal
- [PATCH nft 04/10] tests: fix exepcted payload of icmp expressions, Florian Westphal
- [PATCH nft 05/10] src: add auto-dependencies for ipv6 icmp6, Florian Westphal
- [PATCH nft 07/10] payload: auto-remove simple icmp/icmpv6 dependency expressions, Florian Westphal
- [PATCH nft 02/10] proto: reduce size of proto_desc structure, Florian Westphal
- [PATCH nft 06/10] tests: fix exepcted payload of icmpv6 expressions, Florian Westphal
- [PATCH nft 08/10] tests: icmp, icmpv6: avoid remaining warnings, Florian Westphal
- [PATCH nft 10/10] tests: icmp, icmpv6: check we don't add second dependency, Florian Westphal
- [PATCH nft 09/10] tests: ip: add one test case to cover both id and sequence, Florian Westphal
- Re: [PATCH nft 0/10] nft: add automatic icmp/icmpv6 dependencies, Phil Sutter
[PATCH 5/5 nf-next,v2] netfilter: nftables: netlink support for several set element expressions, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_ct: Remove confirmation check for NFT_CT_ID, Brett Mastbergen
- Re: [PATCH nf] netfilter: nft_ct: Remove confirmation check for NFT_CT_ID, Florian Westphal
- Re: [PATCH nf] netfilter: nft_ct: Remove confirmation check for NFT_CT_ID, Pablo Neira Ayuso
[PATCH net] net: sched: incorrect Kconfig dependencies on Netfilter modules, Pablo Neira Ayuso
- Re: [PATCH net] net: sched: incorrect Kconfig dependencies on Netfilter modules, Jakub Kicinski
[PATCH nf,v4] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nf,v4] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
[PATCH nft] tests: shell: timeouts later than 23 days, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH nft] tests: shell: timeouts later than 23 days, Pablo Neira Ayuso
[PATCH nf,v3] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
[PATCH nf] netfilter: nftables: comment indirect serialization of commit_mutex with rtnl_mutex, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nftables: comment indirect serialization of commit_mutex with rtnl_mutex, Vladimir Oltean
[PATCH nf] netfilter: nft_dynset: fix timeouts layer than 23 days, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nft_dynset: fix timeouts layer than 23 days, kernel test robot
[PATCH nf] netfilter: nftables: fix incorrect element timeout, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nftables: fix incorrect element timeout, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nftables: fix incorrect element timeout, kernel test robot
[PATCH nft] parser_bison: double close_scope() call for implicit chains, Pablo Neira Ayuso
[PATCH] Remove IP_NF_IPTABLES dependency for NET_ACT_CONNMARK, Andreas Sundstrom
- Re: [PATCH] Remove IP_NF_IPTABLES dependency for NET_ACT_CONNMARK, Pablo Neira Ayuso
  - Re: [PATCH] Remove IP_NF_IPTABLES dependency for NET_ACT_CONNMARK, Andreas Sundstrom
    - Re: [PATCH] Remove IP_NF_IPTABLES dependency for NET_ACT_CONNMARK, Pablo Neira Ayuso
[PATCH nf-next 0/5] support for several expression in set elements, Pablo Neira Ayuso
- [PATCH nf-next 1/5] netfilter: nftables: generalize set expressions support, Pablo Neira Ayuso
- [PATCH nf-next 4/5] netfilter: nftables: add nft_expr_parse() helper function, Pablo Neira Ayuso
- [PATCH nf-next 2/5] netfilter: nftables: move nft_expr before nft_set, Pablo Neira Ayuso
- [PATCH nf-next 5/5] netfilter: nftables: netlink support for several set element expressions, Pablo Neira Ayuso
  - Re: [PATCH nf-next 5/5] netfilter: nftables: netlink support for several set element expressions, Florian Westphal
- [PATCH nf-next 3/5] netfilter: nftables: generalize set extension to support for several expressions, Pablo Neira Ayuso
[PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Phil Sutter
- Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Nicolas Dichtel
  - Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Phil Sutter
    - Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Nicolas Dichtel
- Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Eyal Birger
  - Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Phil Sutter
    - Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Eyal Birger
      - Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Nicolas Dichtel
        
        Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Eyal Birger
        
        Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Nicolas Dichtel
        
        Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter, Phil Sutter
[PATCH] xfrm: interface: Don't hide plain packets from netfilter, Phil Sutter
- Re: [PATCH] xfrm: interface: Don't hide plain packets from netfilter, Steffen Klassert
[PATCH nftables 1/2] monitor: add assignment check for json_echo, Jose M. Guisado Gomez
- [PATCH nftables 2/2] monitor: fix formatting of if statements, Jose M. Guisado Gomez
  - Re: [PATCH nftables 2/2] monitor: fix formatting of if statements, Pablo Neira Ayuso
- Re: [PATCH nftables 1/2] monitor: add assignment check for json_echo, Pablo Neira Ayuso
[iptables PATCH] tests/shell: Test for fixed extension registration, Phil Sutter
[conntrack-tools PATCH v2 1/2] .gitignore: add nano swap file, Arturo Borrero Gonzalez
- [conntrack-tools PATCH v2 2/2] conntrackd: external_inject: report inject issues as warning, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH v2 2/2] conntrackd: external_inject: report inject issues as warning, Pablo Neira Ayuso
- Re: [conntrack-tools PATCH v2 1/2] .gitignore: add nano swap file, Pablo Neira Ayuso
[conntrack-tools PATCH 1/2] .gitignore: add nano swap file, Arturo Borrero Gonzalez
- [conntrack-tools PATCH 2/2] conntrackd: external_inject: report inject issues as warning, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH 2/2] conntrackd: external_inject: report inject issues as warning, Jeremy Sowden
[PATCH nft] src: report EPERM for non-root users, Pablo Neira Ayuso
- Re: [PATCH nft] src: report EPERM for non-root users, Arturo Borrero Gonzalez
[PATCH nft] mnl: reply netlink error message might be larger than MNL_SOCKET_BUFFER_SIZE, Pablo Neira Ayuso
[iptables PATCH v3] extensions: dccp: Fix for DCCP type 'INVALID', Phil Sutter
[nft PATCH] json: Fix seqnum_to_json() functionality, Phil Sutter
- Re: [nft PATCH] json: Fix seqnum_to_json() functionality, Pablo Neira Ayuso
[nft PATCH] doc: Document 'dccp type' match, Phil Sutter
[iptables PATCH v2] extensions: dccp: Fix for DCCP type 'INVALID', Phil Sutter
[PATCH nft] parser_bison: allow to restore limit from dynamic set, Pablo Neira Ayuso
[iptables PATCH] extensions: dccp: Fix translation of --dccp-type, Phil Sutter
System crash on Ubuntu 18, in netlink code when using iptables / netfilter, Yuri Lipnesh
- Re: System crash on Ubuntu 18, in netlink code when using iptables / netfilter, Florian Westphal
  - Re: System crash on Ubuntu 18, in netlink code when using iptables / netfilter, Yuri Lipnesh
    - Re: System crash in netfilter 5.10.25, Yuri Lipnesh
      - Re: System crash in netfilter 5.10.25, Florian Westphal
[PATCH libnetfilter_conntrack 1/2] build: use the right automake variables, Jan Engelhardt
- [PATCH libnetfilter_conntrack 2/2] Update .gitignore, Jan Engelhardt
- Re: [PATCH libnetfilter_conntrack 1/2] build: use the right automake variables, Pablo Neira Ayuso
[PATCH libnetfilter_queue 1/2] build: choose right automake variables, Jan Engelhardt
- [PATCH libnetfilter_queue 2/2] Update .gitignore, Jan Engelhardt
- Re: [PATCH libnetfilter_queue 1/2] build: choose right automake variables, Pablo Neira Ayuso
[PATCH libnetfilter_log] build: choose right automake variables, Jan Engelhardt
- Re: [PATCH libnetfilter_log] build: choose right automake variables, Pablo Neira Ayuso
[PATCH libnetfilter_log 0/2] build: a couple of `-lnfnetlink` fixes., Jeremy Sowden
- [PATCH libnetfilter_log 1/2] build: remove duplicate `-lnfnetlink` from LDFLAGS., Jeremy Sowden
- [PATCH libnetfilter_log 2/2] build: link libnetfilter_log_libipulog.so explicitly to libnfnetlink.so., Jeremy Sowden
- Re: [PATCH libnetfilter_log 0/2] build: a couple of `-lnfnetlink` fixes., Florian Westphal
WARNING: suspicious RCU usage in get_counters, syzbot
[FYI] summary of Netfilter workshop 2020 virtual, Arturo Borrero Gonzalez
[PATCH] netfilter: remove trailing semicolon in macro definition, trix
[PATCH libftnl,RFC] src: add infrastructure to infer byteorder from keys, Pablo Neira Ayuso
- Re: [PATCH libftnl,RFC] src: add infrastructure to infer byteorder from keys, Phil Sutter
  - Re: [PATCH libftnl,RFC] src: add infrastructure to infer byteorder from keys, Pablo Neira Ayuso
    - Re: [PATCH libftnl,RFC] src: add infrastructure to infer byteorder from keys, Pablo Neira Ayuso
[HEADS UP] Rebasing nf tree, Pablo Neira Ayuso
[PATCH nf v2] netfilter: x_tables: Switch synchronization to RCU, Subash Abhinov Kasiviswanathan
- Re: [PATCH nf v2] netfilter: x_tables: Switch synchronization to RCU, Pablo Neira Ayuso
XFRM interface and NF_INET_LOCAL_OUT hook, Phil Sutter
- Re: XFRM interface and NF_INET_LOCAL_OUT hook, Steffen Klassert
  - Re: XFRM interface and NF_INET_LOCAL_OUT hook, Phil Sutter
    - Re: XFRM interface and NF_INET_LOCAL_OUT hook, Steffen Klassert
      - Re: XFRM interface and NF_INET_LOCAL_OUT hook, Phil Sutter
        
        Re: XFRM interface and NF_INET_LOCAL_OUT hook, Steffen Klassert
        
        Re: XFRM interface and NF_INET_LOCAL_OUT hook, Phil Sutter
        
        Re: XFRM interface and NF_INET_LOCAL_OUT hook, Nicolas Dichtel
[PATCH net v3] ipvs: fix possible memory leak in ip_vs_control_net_init, Wang Hai
- Re: [PATCH net v3] ipvs: fix possible memory leak in ip_vs_control_net_init, Julian Anastasov
  - Re: [PATCH net v3] ipvs: fix possible memory leak in ip_vs_control_net_init, Pablo Neira Ayuso
[PATCH net-next] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal, Antoine Tenart
- Re: [PATCH net-next] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal, Florian Westphal
  - Re: [PATCH net-next] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal, Jakub Kicinski
    - Re: [PATCH net-next] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal, Florian Westphal
      - Re: [PATCH net-next] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal, Jakub Kicinski
[PATCH nf] netfilter: x_tables: Switch synchronization to RCU, Subash Abhinov Kasiviswanathan
- Re: [PATCH nf] netfilter: x_tables: Switch synchronization to RCU, Florian Westphal
  - Re: [PATCH nf] netfilter: x_tables: Switch synchronization to RCU, subashab
    - Re: [PATCH nf] netfilter: x_tables: Switch synchronization to RCU, subashab
- Re: [PATCH nf] netfilter: x_tables: Switch synchronization to RCU, kernel test robot
- Re: [PATCH nf] netfilter: x_tables: Switch synchronization to RCU, kernel test robot
[PATCH xtables-addons 0/4] geoip: script fixes, Jeremy Sowden
- [PATCH xtables-addons 2/4] geoip: fix man-page typo'., Jeremy Sowden
  - Re: [PATCH xtables-addons 2/4] geoip: fix man-page typo'., Jan Engelhardt
- [PATCH xtables-addons 1/4] geoip: remove superfluous xt_geoip_fetch_maxmind script., Jeremy Sowden
- [PATCH xtables-addons 3/4] geoip: add man-pages for MaxMind scripts., Jeremy Sowden
- [PATCH xtables-addons 4/4] geoip: use correct download URL for MaxMind DB's., Jeremy Sowden
- Re: [PATCH xtables-addons 0/4] geoip: script fixes, Jan Engelhardt
  - Re: [PATCH xtables-addons 0/4] geoip: script fixes, Jeremy Sowden
    - Re: [PATCH xtables-addons 0/4] geoip: script fixes, Jan Engelhardt
[RFC] MAINTAINERS tag for cleanup robot, trix
- Re: [RFC] MAINTAINERS tag for cleanup robot, Joe Perches
  - Re: [RFC] MAINTAINERS tag for cleanup robot, Tom Rix
    - Re: [RFC] MAINTAINERS tag for cleanup robot, Joe Perches
      - Re: [RFC] MAINTAINERS tag for cleanup robot, Tom Rix
- Re: [RFC] MAINTAINERS tag for cleanup robot, James Bottomley
  - Re: [RFC] MAINTAINERS tag for cleanup robot, Joe Perches
  - Re: [RFC] MAINTAINERS tag for cleanup robot, Jani Nikula
    - Re: [RFC] MAINTAINERS tag for cleanup robot, Lukas Bulwahn
- Re: [RFC] MAINTAINERS tag for cleanup robot, Matthew Wilcox
  - Re: [RFC] MAINTAINERS tag for cleanup robot, Tom Rix
    - Re: [RFC] MAINTAINERS tag for cleanup robot, Matthew Wilcox
      - Re: [RFC] MAINTAINERS tag for cleanup robot, Tom Rix
        
        Re: [RFC] MAINTAINERS tag for cleanup robot, James Bottomley
        
        Re: [RFC] MAINTAINERS tag for cleanup robot, Joe Perches
        
        Re: [RFC] MAINTAINERS tag for cleanup robot, Finn Thain
        
        Re: [RFC] MAINTAINERS tag for cleanup robot, Joe Perches
[PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 2/4] netfilter: nftables_offload: build mask based from the matching bytes, Pablo Neira Ayuso
- [PATCH net 1/4] netfilter: nftables_offload: set address type in control dissector, Pablo Neira Ayuso
  - Re: [PATCH net 1/4] netfilter: nftables_offload: set address type in control dissector, Jakub Kicinski
    - Re: [PATCH net 1/4] netfilter: nftables_offload: set address type in control dissector, Pablo Neira Ayuso
- [PATCH net 4/4] netfilter: nf_tables: avoid false-postive lockdep splat, Pablo Neira Ayuso
- [PATCH net 3/4] netfilter: ipset: prevent uninit-value in hash_ip6_add, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: x_tables: Switch synchronization to RCU, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nftables: comment indirect serialization of commit_mutex with rtnl_mutex, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: nft_ct: Remove confirmation check for NFT_CT_ID, Pablo Neira Ayuso
  - Re: [PATCH net 0/4] Netfilter fixes for net, David Miller
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: ipset: fix shift-out-of-bounds in htable_bits(), Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: nftables: fix incorrect increment of loop counter, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: nftables: fix incorrect increment of loop counter, patchwork-bot+netdevbpf
  - [PATCH net 3/4] netfilter: ipset: fixes possible oops in mtype_resize, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: x_tables: Update remaining dereference to RCU, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nftables: fix possible UAF over chains from packet path in netns, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: flowtable: fix tcp and udp header checksum update, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, patchwork-bot+netdevbpf
    - Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
      - Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Jozsef Kadlecsik
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Jozsef Kadlecsik
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Reindl Harald
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Jozsef Kadlecsik
        
        Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry, Jozsef Kadlecsik
  - [PATCH net 2/4] selftests: netfilter: fix current year, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 2/4] selftests: netfilter: switch to socat for tests using -q option, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check(), Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check(), patchwork-bot+netdevbpf
  - [PATCH net 3/4] netfilter: nft_payload: do not update layer 4 checksum when mangling fragments, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: Update ip6_route_me_harder to consider L3 domain, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: flowtable: Remove the empty file, Pablo Neira Ayuso
  - [PATCH net 1/4] ipvs: correctly print the memory size of ip_vs_conn_tab, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] ipvs: correctly print the memory size of ip_vs_conn_tab, patchwork-bot+netdevbpf
  - [PATCH net 2/4] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: nfnetlink: fix warn in nfnetlink_unbind, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: nfnetlink: fix warn in nfnetlink_unbind, patchwork-bot+netdevbpf
  - [PATCH net 4/4] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: conntrack: re-fetch conntrack after insertion, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one, patchwork-bot+netdevbpf
  - [PATCH net 2/4] netfilter: flowtable_offload: fix using __this_cpu_add in preemptible, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: conntrack: fix using __this_cpu_add in preemptible, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE, patchwork-bot+netdevbpf
  - [PATCH net 4/4] netfilter: conntrack: unify established states for SCTP paths, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: conntrack: fix bug in for_each_sctp_chunk, Pablo Neira Ayuso
  - [PATCH net 3/4] Revert "netfilter: conntrack: add sctp DATA_SENT state", Pablo Neira Ayuso
  - Re: [PATCH net 0/4] Netfilter fixes for net: manual merge, Matthieu Baerts
    - RE: [PATCH net 0/4] Netfilter fixes for net: manual merge, Sriram Yagnaraman
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers, patchwork-bot+netdevbpf
  - [PATCH net 2/4] netfilter: nft_masq: correct length for loading protocol registers, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nft_redir: correct length for loading protocol registers, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs`, Pablo Neira Ayuso
  - Re: [PATCH net 0/4] Netfilter fixes for net, Jeremy Sowden
    - Re: [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: nf_tables: reject destroy command to remove basechain hooks, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: nf_tables: reject destroy command to remove basechain hooks, patchwork-bot+netdevbpf
  - [PATCH net 3/4] netfilter: nf_tables: skip netdev hook unregistration if table is dormant, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: nf_tables: reject table flag and netdev basechain updates, Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: arptables: Select NETFILTER_FAMILY_ARP when building arp_tables.c, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED, Pablo Neira Ayuso
    - Re: [PATCH net 1/4] netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED, patchwork-bot+netdevbpf
  - [PATCH net 2/4] selftests: netfilter: Fix nft_audit.sh for newer nft binaries, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nf_tables: prevent nf_skb_duplicated corruption, Pablo Neira Ayuso
  - [PATCH net 4/4] selftests: netfilter: Add missing return value, Pablo Neira Ayuso
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 1/4] selftests: netfilter: remove unused parameter, Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: Fix use-after-free in get_info(), Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: nft_payload: sanitize offset and length before calling skb_checksum(), Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6(), Pablo Neira Ayuso
  - Re: [PATCH net 0/4] Netfilter fixes for net, patchwork-bot+netdevbpf
- [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 3/4] netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level, Pablo Neira Ayuso
  - [PATCH net 1/4] ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init(), Pablo Neira Ayuso
  - [PATCH net 2/4] netfilter: x_tables: fix LED ID check in led_tg_check(), Pablo Neira Ayuso
  - [PATCH net 4/4] netfilter: nft_inner: incorrect percpu area handling under softirq, Pablo Neira Ayuso
  - Re: [PATCH net 0/4] Netfilter fixes for net, Pablo Neira Ayuso
[PATCH] netfilter: use actual socket sk for REJECT action, Jan Engelhardt
- Re: [PATCH] netfilter: use actual socket sk for REJECT action, Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]