Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [PATCH] ipvs: avoid drop first packet by reusing conntrack, (continued)
- clean up kernel_{read,write} & friends v4,
Christoph Hellwig
- [PATCH 06/13] fs: implement kernel_write using __kernel_write, Christoph Hellwig
- [PATCH 11/13] fs: implement kernel_read using __kernel_read, Christoph Hellwig
- [PATCH 13/13] fs: don't change the address limit for ->read_iter in __kernel_read, Christoph Hellwig
- [PATCH 12/13] fs: remove __vfs_read, Christoph Hellwig
- [PATCH 10/13] integrity/ima: switch to using __kernel_read, Christoph Hellwig
- [PATCH 09/13] fs: add a __kernel_read helper, Christoph Hellwig
- [PATCH 07/13] fs: remove __vfs_write, Christoph Hellwig
- [PATCH 08/13] fs: don't change the address limit for ->write_iter in __kernel_write, Christoph Hellwig
- [PATCH 05/13] fs: check FMODE_WRITE in __kernel_write, Christoph Hellwig
- [PATCH 04/13] fs: unexport __kernel_write, Christoph Hellwig
- [PATCH 03/13] bpfilter: switch to kernel_write, Christoph Hellwig
- [PATCH 02/13] autofs: switch to kernel_write, Christoph Hellwig
- [PATCH 01/13] cachefiles: switch to kernel_write, Christoph Hellwig
- [PATCH nf-next] nft_set_pipapo: Drop useless assignment of scratch map index on insert,
Stefano Brivio
- [PATCH nft] tests: Run in separate network namespace, don't break connectivity,
Stefano Brivio
- [PATCH nft] tests: shell: Drop redefinition of DIFF variable,
Stefano Brivio
- [PATCH nft] tests: shell: Allow wrappers to be passed as nft command,
Stefano Brivio
- Good idea to rename files in include/uapi/ ?,
Alexander A. Klimov
- Vim Syntax for NFTABLES -- Beta, SBCGlobal.Net
- [PATCH nf,v2] netfilter: nf_tables: hook list memleak in flowtable deletion, Pablo Neira Ayuso
- [ANNOUNCE] libnetfilter_queue 1.0.5 release,
Florian Westphal
- [PATCH] ipvs: avoid drop first packet to reuse conntrack,
YangYuxi
- [PATCH nf] netfilter: ctnetlink: memleak in filter initialization error path,
Pablo Neira Ayuso
- [PATCH -next] netfilter: ctnetlink: Fix memleak in ctnetlink_alloc_filter, Zheng Bin
- [PATCH] netfiler: ipset: fix unaligned atomic access,
Russell King
- memory leak in ctnetlink_del_conntrack, syzbot
- memory leak in nf_tables_parse_netdev_hooks (3),
syzbot
- memory leak in ctnetlink_start,
syzbot
- [PATCH] net: flow_offload: remove indirect flow_block declarations leftover,
Pablo Neira Ayuso
- [iptables PATCH] build: Fix for failing 'make uninstall',
Phil Sutter
- [PATCH v4.10] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6,
Vasily Averin
- [PATCH AUTOSEL 5.7 124/274] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH AUTOSEL 5.4 082/175] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH AUTOSEL 4.19 043/106] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH AUTOSEL 4.14 34/72] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH AUTOSEL 4.9 23/50] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH AUTOSEL 4.4 17/37] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported, Sasha Levin
- [PATCH libnetfilter_queue] configure: disable doxygen by default,
Pablo Neira Ayuso
- nf_defrag_ipv6 / ip6_udp_tunnel on pure ipv4 setups, Reindl Harald
- [PATCH nf-next 2/2] netfilter: nft: add support of reject verdict from ingress,
Laura Garcia Liebana
- [PATCH nf-next 1/2] netfilter: nft: refactor reject verdict source code, Laura Garcia Liebana
- Extensions for ICMP[6] with sport, dport,
Rick van Rein
- [PATCH nf] nft_set_pipapo: Disable preemption before getting per-CPU pointer,
Stefano Brivio
- [PATCH v2 08/18] netfilter: conntrack: Use sequence counter with associated spinlock, Ahmed S. Darwish
- [PATCH v2 09/18] netfilter: nft_set_rbtree: Use sequence counter with associated rwlock, Ahmed S. Darwish
- [PATCH nftables] src/main.c: fix build with gcc <= 4.8,
Fabrice Fontaine
- [PATCH nft] cmd: add misspelling suggestions for rule commands, Pablo Neira Ayuso
- [PATCH nft 1/2] segtree: fix asan runtime error,
Pablo Neira Ayuso
- [PATCH nft] evaluate: remove superfluous check in set_evaluate(),
Pablo Neira Ayuso
- [PATCH nft,v2] evaluate: missing datatype definition in implicit_set_declaration(),
Pablo Neira Ayuso
- [PATCH nft] evaluate: missing datatype definition in implicit_set_declaration(), Pablo Neira Ayuso
- Expressive limitation: (daddr,dport) <--> (daddr',dport'),
Rick van Rein
- [PATCH lnf-queue] configure: add --with/without-doxygen switch, Florian Westphal
- [ANNOUNCE] nftables 0.9.5 release, Pablo Neira Ayuso
- [PATCH libnetfilter_queue 0/1] URGENT: libnetfilter_queue-1.0.4 fails to build,
Duncan Roe
- [ANNOUNCE] libnftnl 1.1.7 release, Pablo Neira Ayuso
- [ANNOUNCE] libnetfilter_queue 1.0.4 release, Florian Westphal
- [PATCH ghak124 v3] audit: log nftables configuration change events,
Richard Guy Briggs
- [(RFC) PATCH ] NULL pointer dereference on rmmod iptable_mangle.,
David Wilder
- [PATCH] build: resolve iptables-apply not getting installed,
Jan Engelhardt
- [PATCH] doc: document danger of applying REJECT to INVALID CTs,
Jan Engelhardt
- [ANNOUNCE] iptables 1.8.5 release, Phil Sutter
- [MAINTENANCE] Shutting down FTP services at netfilter.org,
Pablo Neira Ayuso
- [iptables PATCH] build: bump dependency on libnftnl, Phil Sutter
- [PATCH RFC libnetfilter_queue 0/1] Avoid packet copy in nfq_nlmsg_verdict_put_pkt,
Duncan Roe
- [PATCH nft] tests: 0044interval_overlap_0: Repeat insertion tests with timeout,
Stefano Brivio
- [PATCH nf] nft_set_rbtree: Don't account for expired elements on insertion,
Stefano Brivio
- [PATCH 1/1 v2] netfilter: Restore the CT mark in Flow Offload,
Sven Auhagen
- [PATCH v3 nf-next] netfilter: introduce support for reject at prerouting stage,
Laura Garcia Liebana
- Re: [PATCH] checkpatch/coding-style: Allow 100 column lines, Markus Elfring
- [iptables PATCH] include: Avoid undefined left-shift in xt_sctp.h,
Phil Sutter
- [iptables PATCH] tests: shell: Fix syntax in ipt-restore/0010-noflush-new-chain_0, Phil Sutter
- [PATCH v2 nf-next] netfilter: introduce support for reject at prerouting stage,
Laura Garcia Liebana
- [PATCH ghak124 v2] audit: log nftables configuration change events,
Richard Guy Briggs
- [PATCH net-next 0/8] the indirect flow_block infrastructure, revisited,
Pablo Neira Ayuso
- [PATCH net-next 5/8] mlx5: update indirect block support, Pablo Neira Ayuso
- [PATCH net-next 8/8] net: remove indirect block netdev event registration, Pablo Neira Ayuso
- [PATCH net-next 7/8] bnxt_tc: update indirect block support, Pablo Neira Ayuso
- [PATCH net-next 4/8] net: use flow_indr_dev_setup_offload(), Pablo Neira Ayuso
- [PATCH net-next 6/8] nfp: update indirect block support, Pablo Neira Ayuso
- [PATCH net-next 1/8] netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup(), Pablo Neira Ayuso
- [PATCH net-next 3/8] net: cls_api: add tcf_block_offload_init(), Pablo Neira Ayuso
- [PATCH net-next 2/8] net: flow_offload: consolidate indirect flow_block infrastructure, Pablo Neira Ayuso
- Re: [PATCH net-next 0/8] the indirect flow_block infrastructure, revisited, David Miller
- [PATCH nf-next] netfilter: introduce support for reject at prerouting stage,
Laura Garcia Liebana
- [PATCH nft v2 0/2] Fix evaluation of anonymous sets with concatenated ranges,
Stefano Brivio
- [PATCH ghak124 v1] audit: log nftables configuration change events,
Richard Guy Briggs
- [PATCH nf] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_conntrack: comparison of unsigned in cthelper confirmation, Pablo Neira Ayuso
- [PATCH] netfilter: nfnetlink_cthelper: protocol offset signess in IPv6, Pablo Neira Ayuso
- [PATCH net] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update,
Nathan Chancellor
- re: netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks, Colin Ian King
- [PATCH][next] netfilter: conntrack: fix an unsigned int comparison to less than zero, Colin King
- [PATCH 1/1] geoip: add quiet flag to xt_geoip_build,
Philip Prindeville
- [PATCH libnftnl] flowtable: relax logic to build NFTA_FLOWTABLE_HOOK, Pablo Neira Ayuso
- [PATCH nf-next] netfilter: nf_tables: skip flowtable hooknum and priority on device updates, Pablo Neira Ayuso
- [PATCH nf,v2 1/2] netfilter: conntrack: make conntrack userspace helpers work again,
Pablo Neira Ayuso
- How to test the kernel netfilter logic?,
Konstantin Khorenko
- [PATCH nf 0/2] restore userspace helper support,
Pablo Neira Ayuso
- [PATCH nft 0/2] Fix evaluation of anonymous sets with concatenated ranges,
Stefano Brivio
- [PATCH nft] tests: py: Actually use all available hooks in bridge/chains.t,
Stefano Brivio
- [PATCH nft] build: Fix doc build, restore A2X assignment for doc/Makefile,
Stefano Brivio
- [PATCH nft] tests: shell: Avoid breaking basic connectivity when run,
Stefano Brivio
- [PATCH 1/1] Remove flow offload when ct is removed from userspace, Sven Auhagen
- [PATCH 1/1] Restore the CT mark in Flow Offload,
Sven Auhagen
- WARNING: proc registration bug in clusterip_tg_check (2), syzbot
- ipset make modules_install fails to honor INSTALL_MOD_PATH,
Oskar Berggren
- [PATCH ghak25 v6a] audit: add subj creds to NETFILTER_CFG record to cover async unregister,
Richard Guy Briggs
- [PATCH nft 1/4] mnl: add function to convert flowtable device list to array,
Pablo Neira Ayuso
- [PATCH v4 net-next] net: flow_offload: simplify hw stats check handling,
Edward Cree
- [PATCH nf-next 0/7] dynamic device updates for flowtables,
Pablo Neira Ayuso
- [PATCH v3 net-next] net: flow_offload: simplify hw stats check handling,
Edward Cree
- [PATCH ghak25 v6] audit: add subj creds to NETFILTER_CFG record to cover async unregister,
Richard Guy Briggs
- [iptables PATCH] doc: libxt_MARK: OUTPUT chain is fine, too,
Phil Sutter
- [PATCH v1 16/25] netfilter: nft_set_rbtree: Use sequence counter with associated rwlock, Ahmed S. Darwish
- [PATCH v1 15/25] netfilter: conntrack: Use sequence counter with associated spinlock, Ahmed S. Darwish
- [PATCH net-next v2] net: flow_offload: simplify hw stats check handling,
Edward Cree
- [PATCH ghak25 v5] audit: add subj creds to NETFILTER_CFG record to cover async unregister,
Richard Guy Briggs
- kernel BUG at lib/list_debug.c:45!,
Reindl Harald
- [PATCH v2 nf] netfilter: make conntrack userspace helpers work again,
Florian Westphal
- [PATCH nft] build: fix tentative generation of nft.8 after disabled doc,
Laura Garcia Liebana
- [iptables PATCH v2 0/2] Critical: Unbreak nfnl_osf tool,
Phil Sutter
- KMSAN: uninit-value in nf_ip6_checksum, syzbot
- [PATCH] netfilter/ipvs: expire no destination UDP connections when expire_nodest_conn=1,
Andrew Sy Kim
- [PATCH nf] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code, Pablo Neira Ayuso
- [net PATCH] netfilter: ipset: Fix subcounter update skip,
Phil Sutter
- [PATCH 0/8 net] the indirect flow_block offload, revisited,
Pablo Neira Ayuso
- [PATCH 2/8 net] net: flow_offload: consolidate indirect flow_block infrastructure, Pablo Neira Ayuso
- [PATCH 1/8 net] netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup(), Pablo Neira Ayuso
- [PATCH 3/8 net] net: cls_api: add tcf_block_offload_init(), Pablo Neira Ayuso
- [PATCH 7/8 net] bnxt_tc: update indirect block support, Pablo Neira Ayuso
- [PATCH 6/8 net] nfp: update indirect block support, Pablo Neira Ayuso
- [PATCH 5/8 net] mlx5: update indirect block support, Pablo Neira Ayuso
- [PATCH 8/8 net] net: remove indirect block netdev event registration, Pablo Neira Ayuso
- [PATCH 4/8 net] net: use flow_indr_dev_setup_offload(), Pablo Neira Ayuso
- Re: [PATCH 0/8 net] the indirect flow_block offload, revisited, Edward Cree
- KMSAN: uninit-value in hash_ip6_test, syzbot
- netfilter: does the API break or something else ?,
Xiubo Li
- [nft PATCH] JSON: Improve performance of json_events_cb(),
Phil Sutter
- clean up kernel_{read,write} & friends v2,
Christoph Hellwig
- [PATCH 02/14] autofs: switch to kernel_write, Christoph Hellwig
- [PATCH 03/14] bpfilter: switch to kernel_write, Christoph Hellwig
- [PATCH 06/14] fs: remove the call_{read,write}_iter functions, Christoph Hellwig
- [PATCH 14/14] fs: don't change the address limit for ->read_iter in __kernel_read, Christoph Hellwig
- [PATCH 07/14] fs: implement kernel_write using __kernel_write, Christoph Hellwig
- [PATCH 09/14] fs: don't change the address limit for ->write_iter in __kernel_write, Christoph Hellwig
- [PATCH 10/14] fs: add a __kernel_read helper, Christoph Hellwig
- [PATCH 12/14] fs: implement kernel_read using __kernel_read, Christoph Hellwig
- [PATCH 13/14] fs: remove __vfs_read, Christoph Hellwig
- [PATCH 11/14] integrity/ima: switch to using __kernel_read, Christoph Hellwig
- [PATCH 08/14] fs: remove __vfs_write, Christoph Hellwig
- [PATCH 04/14] fs: unexport __kernel_write, Christoph Hellwig
- [PATCH 05/14] fs: check FMODE_WRITE in __kernel_write, Christoph Hellwig
- [PATCH 01/14] cachefiles: switch to kernel_write, Christoph Hellwig
- Re: [PATCH 01/14] cachefiles: switch to kernel_write, David Howells
- Message not available
- Re: clean up kernel_{read,write} & friends v2, Christoph Hellwig
- <Possible follow-ups>
- clean up kernel_{read,write} & friends v2, Christoph Hellwig
- [PATCH 10/14] fs: add a __kernel_read helper, Christoph Hellwig
- [PATCH 13/14] fs: remove __vfs_read, Christoph Hellwig
- [PATCH 12/14] fs: implement kernel_read using __kernel_read, Christoph Hellwig
- [PATCH 14/14] fs: don't change the address limit for ->read_iter in __kernel_read, Christoph Hellwig
- [PATCH 09/14] fs: don't change the address limit for ->write_iter in __kernel_write, Christoph Hellwig
- [PATCH 11/14] integrity/ima: switch to using __kernel_read, Christoph Hellwig
- [PATCH 08/14] fs: remove __vfs_write, Christoph Hellwig
- [PATCH 07/14] fs: implement kernel_write using __kernel_write, Christoph Hellwig
- [PATCH 06/14] fs: remove the call_{read,write}_iter functions, Christoph Hellwig
- [PATCH 05/14] fs: check FMODE_WRITE in __kernel_write, Christoph Hellwig
- [PATCH 04/14] fs: unexport __kernel_write, Christoph Hellwig
- [PATCH 03/14] bpfilter: switch to kernel_write, Christoph Hellwig
- [PATCH 02/14] autofs: switch to kernel_write, Christoph Hellwig
- [PATCH 01/14] cachefiles: switch to kernel_write, Christoph Hellwig
- Re: clean up kernel_{read,write} & friends v2, Linus Torvalds
- Re: clean up kernel_{read,write} & friends v2, David Howells
[iptables PATCH 0/3] Fix SECMARK target comparison,
Phil Sutter
[iptables PATCH] xtables-restore: Fix verbose mode table flushing, Phil Sutter
[PATCH v1 1/1] xtables-addons: geoip: update scripts for DBIP names, etc.,
Philip Prindeville
[PATCH] libiptc.c: pragma disable a gcc compiler warning,
Maciej Żenczykowski
[PATCH] libip6t_srh.t: switch to lowercase, add /128 suffix, require success,
Maciej Żenczykowski
Correct usage of nf_ct_get, b38911 Zxc
KMSAN: uninit-value in hash_net6_del, syzbot
WARNING in cgroup_finalize_control,
syzbot
[iptables PATCH 1/2] nft: Merge nft_*_rule_find() functions,
Phil Sutter
[iptables PATCH] iptables-test: Don't choke on empty lines, Phil Sutter
[nf PATCH v2] netfilter: nft_set_rbtree: Add missing expired checks,
Phil Sutter
[PATCH nf] netfilter: flowtable: set NF_FLOW_TEARDOWN flag on entry expiration,
Pablo Neira Ayuso
[PATCH libnetfilter_queue 0/1] pktb_alloc2(),
Duncan Roe
[PATCH nf] netfilter: conntrack: fix infinite loop on rmmod,
Florian Westphal
[PATCH net] netfilter: nf_flow_table_offload: Remove WQ_MEM_RECLAIM from workqueue,
Roi Dayan
[PATCH v2] do not typedef socklen_t on Android,
Maciej Żenczykowski
[iptables PATCH 0/2] Critical: Unbreak nfnl_osf tool,
Phil Sutter
[PATCH nft,v2] mnl: fix error rule reporting with missing table/chain and anonymous sets, Pablo Neira Ayuso
[PATCH libnetfilter_queue 1/2] pktbuff: add __pktb_setup(),
Pablo Neira Ayuso
[PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets,
Maciej Żenczykowski
[PATCH nft 1/3] src: rename CMD_OBJ_SETELEM to CMD_OBJ_ELEMENTS,
Pablo Neira Ayuso
ETA of libnetfilter_queue-1.0.4?, Phil Sutter
[RFC PATCH net] net: flow_offload: simplify hw stats check handling,
Edward Cree
[PATCH nft] mnl: fix error rule reporting with missing table/chain and anonymous sets,
Pablo Neira Ayuso
nft: crash parsing cmd line,
Jan Engelhardt
[PATCH nft] evaluate: fix memleak in stmt_evaluate_reject_icmp(), Pablo Neira Ayuso
[PATCH nft] src: fix netlink_get_setelem() memleaks, Pablo Neira Ayuso
[PATCH net,v4] net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE,
Pablo Neira Ayuso
[iptables PATCH 00/15] cache evaluation phase bonus material,
Phil Sutter
- [iptables PATCH 12/15] nft: Use clear_cs() instead of open coding, Phil Sutter
- [iptables PATCH 11/15] libxtables: Introduce xtables_fini(), Phil Sutter
- [iptables PATCH 04/15] nft: Call nft_release_cache() in nft_fini(), Phil Sutter
- [iptables PATCH 02/15] nft: Add missing clear_cs() calls, Phil Sutter
- [iptables PATCH 08/15] nft: Fix leaks in ebt_add_policy_rule(), Phil Sutter
- [iptables PATCH 10/15] ebtables: Free statically loaded extensions again, Phil Sutter
- [iptables PATCH 01/15] nft: Free rule pointer in nft_cmd_free(), Phil Sutter
- [iptables PATCH 03/15] nft: Avoid use-after-free when rebuilding cache, Phil Sutter
- [iptables PATCH 13/15] arptables: Fix leak in nft_arp_print_rule(), Phil Sutter
- [iptables PATCH 09/15] nft: Fix leak when deleting rules, Phil Sutter
- [iptables PATCH 14/15] nft: Fix leak when replacing a rule, Phil Sutter
- [iptables PATCH 07/15] nft: Clear all lists in nft_fini(), Phil Sutter
- [iptables PATCH 15/15] nft: Don't exit early after printing help texts, Phil Sutter
- [iptables PATCH 05/15] tests: shell: Implement --valgrind mode, Phil Sutter
- [iptables PATCH 06/15] nft: cache: Re-establish cache consistency check, Phil Sutter
[PATCH net,v3] net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE,
Pablo Neira Ayuso
iptables 1.8.5 ETA ?,
Etienne Champetier
[PATCH net] netfilter: flowtable: Fix expired flow not being deleted from software,
Paul Blakey
[PATCH net] netfilter: flowtable: Add pending bit for offload work,
Paul Blakey
[nf PATCH] netfilter: nft_set_rbtree: Add missing expired checks,
Phil Sutter
[PATCH net] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code,
Dan Carpenter
[PATCH 0/3] Avoid gretap fragmentation with nftables on bridge,
Michael Braun
[PATCH] netfilter: fix make target xt_TCPMSS.o error.,
Huang Qijun
[PATCH libnftnl] expr: dynset: release stateful expression from .free path, Pablo Neira Ayuso
[PATCH nft 1/3] parser_bison: release extended priority string after parsing,
Pablo Neira Ayuso
[PATCH libnftnl] expr: objref: add nftnl_expr_objref_free() to release object name, Pablo Neira Ayuso
[PATCH nft 1/2] src: add rule_stmt_insert_at() and use it,
Pablo Neira Ayuso
[PATCH net,v2] net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE,
Pablo Neira Ayuso
stable-rc 4.19: NETDEV WATCHDOG: eth0 (asix): transmit queue 0 timed out - net/sched/sch_generic.c:466 dev_watchdog,
Naresh Kamboju
[RFC] netlink: do not alter set element width, Michael Braun
[PATCH net] net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE,
Pablo Neira Ayuso
[PATCH] rule: fix out of memory write if num_stmts is too low,
Michael Braun
[PATCH nf-next v6] netfilter: ctnetlink: add kernel side filtering for dump,
Romain Bellan
[PATCH] main: fix get_optstring truncating output,
Michael Braun
[PATCH] tests: dump generated use new nft tool,
Michael Braun
[RFC] concat with dynamically sized fields like vlan id,
Michael Braun
[PATCH 1/3] main: fix ASAN -fsanizize=address error,
Michael Braun
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
