Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH nft 3/6] netlink: handle concatenations on set elements mappings, (continued)
- [PATCH nft 3/6] netlink: handle concatenations on set elements mappings, Florian Westphal
- [PATCH nft 4/6] evaluate: add two new helpers, Florian Westphal
- [PATCH nft 5/6] src: allow nat maps containing both ip(6) address and port, Florian Westphal
- [PATCH nft 6/6] tests: nat: add and use maps with both address and service, Florian Westphal
  - Re: [PATCH nft 6/6] tests: nat: add and use maps with both address and service, Pablo Neira Ayuso
- Re: [PATCH nft 0/6] allow s/dnat to map to both addr and port, Pablo Neira Ayuso
  - Re: [PATCH nft 0/6] allow s/dnat to map to both addr and port, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: add nfq_get_skbinfo(), Florian Westphal
- Re: [PATCH libnetfilter_queue] src: add nfq_get_skbinfo(), Duncan Roe
  - Re: [PATCH libnetfilter_queue] src: add nfq_get_skbinfo(), Florian Westphal
    - Re: [PATCH libnetfilter_queue] src: add nfq_get_skbinfo(), Duncan Roe
[PATCH nf-next 0/5] nft_set_pipapo: Performance improvements: Season 1, Stefano Brivio
- [PATCH nf-next 1/5] nft_set_pipapo: Generalise group size for buckets, Stefano Brivio
- [PATCH nf-next 2/5] nft_set_pipapo: Add support for 8-bit lookup groups and dynamic switch, Stefano Brivio
- [PATCH nf-next 4/5] nft_set_pipapo: Prepare for vectorised implementation: helpers, Stefano Brivio
- [PATCH nf-next 3/5] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
  - Re: [PATCH nf-next 3/5] nft_set_pipapo: Prepare for vectorised implementation: alignment, Florian Westphal
    - Re: [PATCH nf-next 3/5] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
      - Re: [PATCH nf-next 3/5] nft_set_pipapo: Prepare for vectorised implementation: alignment, Florian Westphal
    - Re: [PATCH nf-next 3/5] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
- [PATCH nf-next 5/5] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
  - Re: [PATCH nf-next 5/5] nft_set_pipapo: Introduce AVX2-based lookup implementation, Florian Westphal
[PATCH 1/2] netfilter: Pass lockdep expression to __instance_lookup traversal, Amol Grover
- [PATCH 2/2] netfilter: Pass lockdep expression to instance_lookup traversal, Amol Grover
[PATCH nft] expression: use common code for expr_ops/expr_ops_by_type, Florian Westphal
[ANNOUNCE] ipset 7.6 released, Jozsef Kadlecsik
KMSAN: uninit-value in nf_flow_table_offload_setup, syzbot
[iptables PATCH] iptables-test.py: Fix --host mode, Phil Sutter
[iptables PATCH 1/3] xtables: Align effect of -4/-6 options with legacy, Phil Sutter
- [iptables PATCH 2/3] xtables: Drop -4 and -6 support from xtables-{save,restore}, Phil Sutter
- [iptables PATCH 3/3] xtables: Review nft_init(), Phil Sutter
- Re: [iptables PATCH 1/3] xtables: Align effect of -4/-6 options with legacy, Pablo Neira Ayuso
[PATCH] ulogd: printpkt: always print IPv6 protocol, Andreas Jaggi
- Re: [PATCH] ulogd: printpkt: always print IPv6 protocol, Pablo Neira Ayuso
[PATCH nf] selftests: nft_concat_range: Move option for 'list ruleset' before command, Stefano Brivio
- Re: [PATCH nf] selftests: nft_concat_range: Move option for 'list ruleset' before command, Pablo Neira Ayuso
[PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
- [PATCH nf 1/2] nft_set_pipapo: Actually fetch key data in nft_pipapo_remove(), Stefano Brivio
- [PATCH nf 2/2] selftests: nft_concat_range: Add test for reported add/flush/add issue, Stefano Brivio
- Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Phil Sutter
  - Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
    - Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Phil Sutter
      - Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Phil Sutter
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Stefano Brivio
        
        Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
- Re: [PATCH nf 0/2] nft_set_pipapo: Fix crash due to dangling entries in mapping table, Pablo Neira Ayuso
[PATCH 1/2] parser_json: fix parsing prefix inside concat, Eric Garver
- [PATCH 2/2] tests: shell: json parsing prefix inside concat, Eric Garver
- Re: [PATCH 1/2] parser_json: fix parsing prefix inside concat, Eric Garver
[PATCH][next] netfilter: Replace zero-length array with flexible-array member, Gustavo A. R. Silva
- Re: [PATCH][next] netfilter: Replace zero-length array with flexible-array member, Pablo Neira Ayuso
  - Re: [PATCH][next] netfilter: Replace zero-length array with flexible-array member, Gustavo A. R. Silva
[PATCH][nf-next] netfilter: cleanup unused macro, Li RongQing
- Re: [PATCH][nf-next] netfilter: cleanup unused macro, Pablo Neira Ayuso
[PATCH nft 2/2,v2] mnl: do not use expr->identifier to fetch device name, Pablo Neira Ayuso
[PATCH nft 1/2] parser_bison: memleak in device parser, Pablo Neira Ayuso
- [PATCH nft 2/2] mnl: do not use expr->identifier to fetch device name, Pablo Neira Ayuso
[PATCH nft 1/3] mnl: extended error support for create command, Pablo Neira Ayuso
- [PATCH nft 2/3] src: improve error reporting when setting policy on non-base chain, Pablo Neira Ayuso
- [PATCH nft 3/3] src: improve error reporting when remove rules, Pablo Neira Ayuso
[libnftnl PATCH] src: Fix for reading garbage in nftnl_chain getters, Phil Sutter
[PATCH] netfilter: ipt_CLUSTERIP: Pass lockdep expression to RCU lists, Amol Grover
- Re: [PATCH] netfilter: ipt_CLUSTERIP: Pass lockdep expression to RCU lists, Pablo Neira Ayuso
[PATCH libnftnl] src: add nftnl_*_{get,set}_array(), Pablo Neira Ayuso
- Re: [PATCH libnftnl] src: add nftnl_*_{get,set}_array(), Phil Sutter
[PATCH nft] src: combine extended netlink error reporting with mispelling support, Pablo Neira Ayuso
[PATCH nf-next v2 0/2] netfilter: nf_tables: make sets built-in, Florian Westphal
- [PATCH nf-next v2 1/2] netfilter: nf_tables: make sets built-in, Florian Westphal
- [PATCH nf-next v2 2/2] netfilter: nf_tables: make all set structs const, Florian Westphal
- Re: [PATCH nf-next v2 0/2] netfilter: nf_tables: make sets built-in, Pablo Neira Ayuso
[PATCH nft] src: initial extended netlink error reporting, Pablo Neira Ayuso
[PATCH][next] netfilter: ebtables: Replace zero-length array with flexible-array member, Gustavo A. R. Silva
Strange nf_conntrack_tcp_timeout_established behavior, FUSTE Emmanuel
- Re: Strange nf_conntrack_tcp_timeout_established behavior, FUSTE Emmanuel
[iptables PATCH] nft: Drop pointless assignment, Phil Sutter
- Re: [iptables PATCH] nft: Drop pointless assignment, Pablo Neira Ayuso
[PATCH nf-next 0/2] netfilter: nf_tables: make sets built-in, Florian Westphal
- [PATCH nf-next 1/2] netfilter: nf_tables: make sets built-in, Florian Westphal
- [PATCH nf-next 2/2] netfilter: nf_tables: make all set structs const, Florian Westphal
  - Re: [PATCH nf-next 2/2] netfilter: nf_tables: make all set structs const, Stefano Brivio
    - Re: [PATCH nf-next 2/2] netfilter: nf_tables: make all set structs const, Florian Westphal
[PATCH] netfilter: ipset: Pass lockdep expression to RCU lists, Amol Grover
- Re: [PATCH] netfilter: ipset: Pass lockdep expression to RCU lists, Amol Grover
- Re: [PATCH] netfilter: ipset: Pass lockdep expression to RCU lists, Pablo Neira Ayuso
0x14: Schedule out!, Jamal Hadi Salim
[PATCH AUTOSEL 5.5 126/542] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup, Sasha Levin
[PATCH AUTOSEL 5.5 125/542] netfilter: flowtable: Fix missing flush hardware on table free, Sasha Levin
[PATCH AUTOSEL 5.5 220/542] netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy, Sasha Levin
[PATCH AUTOSEL 5.5 386/542] netfilter: flowtable: restrict flow dissector match on meta ingress device, Sasha Levin
[PATCH AUTOSEL 5.4 193/459] netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy, Sasha Levin
[libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
- Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
  - Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
    - Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
      - Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Phil Sutter
        
        Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len, Pablo Neira Ayuso
[PATCH nf-next 0/2] Two non-functional fixes for nft_set_pipapo, Stefano Brivio
- [PATCH nf-next 1/2] netfilter: nft_set_pipapo: Fix mapping table example in comments, Stefano Brivio
- [PATCH nf-next 2/2] netfilter: nft_set_pipapo: Don't abuse unlikely() in pipapo_refill(), Stefano Brivio
- Re: [PATCH nf-next 0/2] Two non-functional fixes for nft_set_pipapo, Pablo Neira Ayuso
- Re: [PATCH nf-next 0/2] Two non-functional fixes for nft_set_pipapo, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 100/252] netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy, Sasha Levin
[PATCH nft v5] tests: Introduce test for set with concatenated ranges, Stefano Brivio
- Re: [PATCH nft v5] tests: Introduce test for set with concatenated ranges, Phil Sutter
- Re: [PATCH nft v5] tests: Introduce test for set with concatenated ranges, Pablo Neira Ayuso
[iptables PATCH] ebtables: among: Support mixed MAC and MAC/IP entries, Phil Sutter
- Re: [iptables PATCH] ebtables: among: Support mixed MAC and MAC/IP entries, Pablo Neira Ayuso
  - Re: [iptables PATCH] ebtables: among: Support mixed MAC and MAC/IP entries, Phil Sutter
Thank you for your fundamental work!, Max Mehl
Proposing to add a structure to UserData, sbezverk
- Re: Proposing to add a structure to UserData, Florian Westphal
  - Re: Proposing to add a structure to UserData, sbezverk
    - Re: Proposing to add a structure to UserData, Phil Sutter
[iptables PATCH] xtables-translate: Fix for iface++, Phil Sutter
- Re: [iptables PATCH] xtables-translate: Fix for iface++, Pablo Neira Ayuso
  - Re: [iptables PATCH] xtables-translate: Fix for iface++, Phil Sutter
[PATCH nft] scanner: use list_is_first() from scanner_pop_indesc(), Pablo Neira Ayuso
[PATCH nft] src: maps: update data expression dtype based on set, Florian Westphal
- Re: [PATCH nft] src: maps: update data expression dtype based on set, Pablo Neira Ayuso
[PATCH nft] tests: shell: validate error reporting with include and glob, Pablo Neira Ayuso
[Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Cong Wang
- Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Pablo Neira Ayuso
  - Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Cong Wang
    - Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Pablo Neira Ayuso
      - Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Cong Wang
        
        Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Pablo Neira Ayuso
        
        Re: [Patch nf] netfilter: xt_hashlimit: unregister proc file before releasing mutex, Pablo Neira Ayuso
[iptables PATCH] tests: shell: Fix skip checks with --host mode, Phil Sutter
[PATCH nft 0/4] glob and maximum number of includes, Pablo Neira Ayuso
- [PATCH nft 1/4] scanner: call scanner_push_file() after scanner_push_file(), Pablo Neira Ayuso
- [PATCH nft 2/4] scanner: add indesc_file_alloc() helper function, Pablo Neira Ayuso
- [PATCH nft 3/4] scanner: call scanner_push_indesc() after scanner_push_file(), Pablo Neira Ayuso
- [PATCH nft 4/4] scanner: multi-level input file stack for glob, Pablo Neira Ayuso
- Re: [PATCH nft 0/4] glob and maximum number of includes, Pablo Neira Ayuso
[PATCH v4 net 0/5] icmp: account for NAT when sending icmps from ndo layer, Jason A. Donenfeld
- Re: [PATCH v4 net 0/5] icmp: account for NAT when sending icmps from ndo layer, David Miller
[iptables PATCH] xtables-restore: fix for --noflush and empty lines, Phil Sutter
- Re: [iptables PATCH] xtables-restore: fix for --noflush and empty lines, Arturo Borrero Gonzalez
[PATCH v3 net 0/9] icmp: account for NAT when sending icmps from ndo layer, Jason A. Donenfeld
WARNING: proc registration bug in hashlimit_mt_check_common, syzbot
- Re: WARNING: proc registration bug in hashlimit_mt_check_common, Cong Wang
[PATCH v2 net 0/5] icmp: account for NAT when sending icmps from ndo layer, Jason A. Donenfeld
[iptables PATCH v2] xtables-translate: Fix for interface name corner-cases, Phil Sutter
- Re: [iptables PATCH v2] xtables-translate: Fix for interface name corner-cases, Pablo Neira Ayuso
[nft PATCH v2 1/2] doc: nft.8: Mention wildcard interface matching, Phil Sutter
- [nft PATCH v2 2/2] scanner: Extend asteriskstring definition, Phil Sutter
  - Re: [nft PATCH v2 2/2] scanner: Extend asteriskstring definition, Pablo Neira Ayuso
- Re: [nft PATCH v2 1/2] doc: nft.8: Mention wildcard interface matching, Pablo Neira Ayuso
[PATCH nft include v2 0/7] Improve include behaviour, Laurent Fasnacht
- [PATCH nft include v2 2/7] scanner: move the file descriptor to be in the input_descriptor structure, Laurent Fasnacht
  - Re: [PATCH nft include v2 2/7] scanner: move the file descriptor to be in the input_descriptor structure, Pablo Neira Ayuso
- [PATCH nft include v2 1/7] tests: shell: add test for glob includes, Laurent Fasnacht
  - Re: [PATCH nft include v2 1/7] tests: shell: add test for glob includes, Pablo Neira Ayuso
- [PATCH nft include v2 3/7] scanner: move indesc list append in scanner_push_indesc, Laurent Fasnacht
  - Re: [PATCH nft include v2 3/7] scanner: move indesc list append in scanner_push_indesc, Pablo Neira Ayuso
- [PATCH nft include v2 4/7] scanner: remove parser_state->indescs static array, Laurent Fasnacht
  - Re: [PATCH nft include v2 4/7] scanner: remove parser_state->indescs static array, Pablo Neira Ayuso
    - Re: [PATCH nft include v2 4/7] scanner: remove parser_state->indescs static array, Laurent Fasnacht
  - Re: [PATCH nft include v2 4/7] scanner: remove parser_state->indescs static array, Pablo Neira Ayuso
- [PATCH nft include v2 6/7] scanner: fix indesc_list stack to be in the correct order, Laurent Fasnacht
  - Re: [PATCH nft include v2 6/7] scanner: fix indesc_list stack to be in the correct order, Pablo Neira Ayuso
    - Re: [PATCH nft include v2 6/7] scanner: fix indesc_list stack to be in the correct order, Laurent Fasnacht
- [PATCH nft include v2 5/7] scanner: correctly compute include depth, Laurent Fasnacht
- [PATCH nft include v2 7/7] scanner: remove parser_state->indesc_idx, Laurent Fasnacht
  - Re: [PATCH nft include v2 7/7] scanner: remove parser_state->indesc_idx, Pablo Neira Ayuso
    - Re: [PATCH nft include v2 7/7] scanner: remove parser_state->indesc_idx, Laurent Fasnacht
[PATCH next] nf_tables: make the symbol 'nft_pipapo_get' static, Chen Wandun
- Re: [PATCH next] nf_tables: make the symbol 'nft_pipapo_get' static, Stefano Brivio
[PATCHv2 nf-next] netfilter: nft_tunnel: add support for geneve opts, Xin Long
- Re: [PATCHv2 nf-next] netfilter: nft_tunnel: add support for geneve opts, Pablo Neira Ayuso
[PATCH net 1/5] icmp: introduce helper for NAT'd source address in ndo context, Jason A. Donenfeld
- [PATCH net 2/5] gtp: use icmp_ndo_send helper, Jason A. Donenfeld
- [PATCH net 3/5] sunvnet: use icmp_ndo_send helper, Jason A. Donenfeld
  - Re: [PATCH net 3/5] sunvnet: use icmp_ndo_send helper, David Miller
    - Re: [PATCH net 3/5] sunvnet: use icmp_ndo_send helper, Jason A. Donenfeld
- [PATCH net 4/5] wireguard: use icmp_ndo_send helper, Jason A. Donenfeld
- [PATCH net 5/5] xfrm: interface: use icmp_ndo_send helper, Jason A. Donenfeld
- Re: [PATCH net 1/5] icmp: introduce helper for NAT'd source address in ndo context, Florian Westphal
  - Re: [PATCH net 1/5] icmp: introduce helper for NAT'd source address in ndo context, Jason A. Donenfeld
[PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Duncan Roe
- Re: [PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Florian Westphal
    - Re: [PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Pablo Neira Ayuso
      - Re: [PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Florian Westphal
        
        Re: [PATCH libnetfilter_queue] build: doc: "make" builds & installs a full set of man pages, Pablo Neira Ayuso
[PATCH nft] src: compute mnemonic port name much easier, Jan Engelhardt
- Re: [PATCH nft] src: compute mnemonic port name much easier, Pablo Neira Ayuso
[nft PATCH] doc: nft.8: Describe element commands in their own section, Phil Sutter
- Re: [nft PATCH] doc: nft.8: Describe element commands in their own section, Pablo Neira Ayuso
[iptables PATCH] xtables-translate: Fix for interface name corner-cases, Phil Sutter
- Re: [iptables PATCH] xtables-translate: Fix for interface name corner-cases, Pablo Neira Ayuso
[nft PATCH 1/2] doc: nft.8: Mention wildcard interface matching, Phil Sutter
- [nft PATCH 2/2] scanner: Extend asteriskstring definition, Phil Sutter
  - Re: [nft PATCH 2/2] scanner: Extend asteriskstring definition, Pablo Neira Ayuso
    - Re: [nft PATCH 2/2] scanner: Extend asteriskstring definition, Phil Sutter
      - Re: [nft PATCH 2/2] scanner: Extend asteriskstring definition, Pablo Neira Ayuso
        
        Re: [nft PATCH 2/2] scanner: Extend asteriskstring definition, Phil Sutter
How to continue to use Maxmind geoip csv in xtables-addons 3.8+, jean-christophe manciot
- Re: How to continue to use Maxmind geoip csv in xtables-addons 3.8+, Jan Engelhardt
[PATCH] [nf-next,v4] netfilter: xtables: Add snapshot of hardidletimer target, Manoj Basapathi
- Re: [PATCH] [nf-next,v4] netfilter: xtables: Add snapshot of hardidletimer target, Pablo Neira Ayuso
Xtalbes -> Xtables ?, Franta Hanzlík
- Re: Xtalbes -> Xtables ?, Jan Engelhardt
[nft PATCH 0/4] Extend testsuites to run against installed binaries, Phil Sutter
- [nft PATCH 1/4] tests: json_echo: Fix for Python3, Phil Sutter
- [nft PATCH 4/4] tests: py: Support testing host binaries, Phil Sutter
- [nft PATCH 2/4] tests: json_echo: Support testing host binaries, Phil Sutter
- [nft PATCH 3/4] tests: monitor: Support testing host's nft binary, Phil Sutter
- Re: [nft PATCH 0/4] Extend testsuites to run against installed binaries, Pablo Neira Ayuso
masquerade, Serguei Bezverkhi (sbezverk)
- Re: masquerade, Florian Westphal
[PATCH nft 0/3] scanner: improving include handling, Laurent Fasnacht
- [PATCH nft 1/3] scanner: move the file descriptor to be in the input_descriptor structure, Laurent Fasnacht
  - Re: [PATCH nft 1/3] scanner: move the file descriptor to be in the input_descriptor structure, Pablo Neira Ayuso
- [PATCH nft 2/3] scanner: correctly compute include depth, Laurent Fasnacht
  - Re: [PATCH nft 2/3] scanner: correctly compute include depth, Pablo Neira Ayuso
- [PATCH nft 3/3] scanner: remove indescs and indescs_idx attributes from the parser, and directly use indesc_list, Laurent Fasnacht
  - Re: [PATCH nft 3/3] scanner: remove indescs and indescs_idx attributes from the parser, and directly use indesc_list, Pablo Neira Ayuso
- Re: [PATCH nft 0/3] scanner: improving include handling, Pablo Neira Ayuso
[PATCH] [nf-next v3] netfilter: xtables: Add snapshot of hardidletimer target, Manoj Basapathi
- Re: [PATCH] [nf-next v3] netfilter: xtables: Add snapshot of hardidletimer target, kbuild test robot
- Re: [PATCH] [nf-next v3] netfilter: xtables: Add snapshot of hardidletimer target, Florian Westphal
- Re: [PATCH] [nf-next v3] netfilter: xtables: Add snapshot of hardidletimer target, kbuild test robot
[PATCH iptables] extensions: time: add translation and tests, Jose M. Guisado Gomez
- Re: [PATCH iptables] extensions: time: add translation and tests, Florian Westphal
[PATCH nft] tests: shell: add test for glob includes, Laurent Fasnacht
[PATCH libnetfilter_queue 0/1] src: Add nfq_hdr_put to library, Duncan Roe
- [PATCH libnetfilter_queue 1/1] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it., Duncan Roe
  - Re: [PATCH libnetfilter_queue 1/1] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it., Pablo Neira Ayuso
    - [PATCH libnetfilter_queue v2] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it., Duncan Roe
      - [PATCH libnetfilter_queue v3] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it., Duncan Roe
        
        Re: [PATCH libnetfilter_queue v3] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it., Pablo Neira Ayuso
[PATCH nf 0/4] netfilter: conntrack: allow insertion of clashing entries, Florian Westphal
- [PATCH nf 2/4] netfilter: conntrack: place confirm-bit setting in a helper, Florian Westphal
- [PATCH nf 3/4] netfilter: conntrack: split resolve_clash function, Florian Westphal
- [PATCH nf 4/4] netfilter: conntrack: allow insertion of clashing entries, Florian Westphal
- [PATCH nf 1/4] netfilter: conntrack: remove two args from resolve_clash, Florian Westphal
- Re: [PATCH nf 0/4] netfilter: conntrack: allow insertion of clashing entries, Pablo Neira Ayuso
  - Re: [PATCH nf 0/4] netfilter: conntrack: allow insertion of clashing entries, Florian Westphal
invalid read in, dyslexicatheist
- Re: invalid read in, Phil Sutter
  - Re: invalid read in, dyslexicatheist
    - Re: invalid read in, Phil Sutter
      - Re: invalid read in, dyslexicatheist
[PATCH nf] netfilter: flowtable: always init block_offload struct, Florian Westphal
- Re: [PATCH nf] netfilter: flowtable: always init block_offload struct, Pablo Neira Ayuso
[PATCH nft v4 0/6] Remaining bitwise-shift-related changes, Jeremy Sowden
- [PATCH nft v4 1/6] parser: add parenthesized statement expressions., Jeremy Sowden
- [PATCH nft v4 2/6] evaluate: correct variable name., Jeremy Sowden
- [PATCH nft v4 5/6] tests: py: add missing JSON output., Jeremy Sowden
- [PATCH nft v4 4/6] tests: shell: add bit-shift tests., Jeremy Sowden
- [PATCH nft v4 3/6] evaluate: change shift byte-order to host-endian., Jeremy Sowden
- [PATCH nft v4 6/6] tests: py: add bit-shift tests., Jeremy Sowden
- Re: [PATCH nft v4 0/6] Remaining bitwise-shift-related changes, Pablo Neira Ayuso
[Patch nf v2 0/3] netfilter: xt_hashlimit: a few improvements, Cong Wang
- [Patch nf v2 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Cong Wang
  - Re: [Patch nf v2 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Florian Westphal
    - Re: [Patch nf v2 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Cong Wang
      - Re: [Patch nf v2 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Florian Westphal
  - Re: [Patch nf v2 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Pablo Neira Ayuso
- [Patch nf v2 2/3] xt_hashlimit: reduce hashlimit_mutex scope for htable_put(), Cong Wang
  - Re: [Patch nf v2 2/3] xt_hashlimit: reduce hashlimit_mutex scope for htable_put(), Pablo Neira Ayuso
- [Patch nf v2 3/3] xt_hashlimit: limit the max size of hashtable, Cong Wang
  - Re: [Patch nf v2 3/3] xt_hashlimit: limit the max size of hashtable, Florian Westphal
  - Re: [Patch nf v2 3/3] xt_hashlimit: limit the max size of hashtable, Pablo Neira Ayuso
NFT - delete rules per interface, Daniel
- Re: NFT - delete rules per interface, Florian Westphal
  - Re: NFT - delete rules per interface, Daniel
Ipset combined entry type like hash:ip,port,ip,port, Adam Kalisz
[Patch nf 0/3] netfilter: xt_hashlimit: a few improvements, Cong Wang
- [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Cong Wang
  - Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Florian Westphal
    - Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Cong Wang
      - Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Florian Westphal
        
        Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Cong Wang
        
        Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Florian Westphal
        
        Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Cong Wang
        
        Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable, Florian Westphal
- [Patch nf 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Cong Wang
  - Re: [Patch nf 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Florian Westphal
    - Re: [Patch nf 1/3] xt_hashlimit: avoid OOM for user-controlled vmalloc, Cong Wang
- [Patch nf 2/3] xt_hashlimit: reduce hashlimit_mutex scope for htable_put(), Cong Wang
  - Re: [Patch nf 2/3] xt_hashlimit: reduce hashlimit_mutex scope for htable_put(), Florian Westphal
[MAINTENANCE] migrating git.netfilter.org, Pablo Neira Ayuso
- Re: [MAINTENANCE] migrating git.netfilter.org, José M. Guisado
  - Re: [MAINTENANCE] migrating git.netfilter.org, Florian Westphal
  - Re: [MAINTENANCE] migrating git.netfilter.org, Pablo Neira Ayuso
Re: [PATCH net] netfilter: nf_flowtable: fix documentation, Matteo Croce
Proxy load balancer rules, Serguei Bezverkhi (sbezverk)
- Re: Proxy load balancer rules, Phil Sutter
  - Re: Proxy load balancer rules, Florian Westphal
    - Re: Proxy load balancer rules, Phil Sutter
[PATCH nf-next] netfilter: flowtable: Use nf_flow_offload_tuple for stats as well, Paul Blakey
- Re: [PATCH nf-next] netfilter: flowtable: Use nf_flow_offload_tuple for stats as well, Pablo Neira Ayuso
[PATCH 0/3] Various fixes for flowtable hardware offload, Paul Blakey
- [PATCH 1/3] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup, Paul Blakey
- [PATCH 3/3] netfilter: flowtable: Fix setting forgotten NF_FLOW_HW_DEAD flag, Paul Blakey
- [PATCH 2/3] netfilter: flowtable: Fix missing flush hardware on table free, Paul Blakey
- Re: [PATCH 0/3] Various fixes for flowtable hardware offload, Pablo Neira Ayuso
[PATCH nf-next] netfilter: xtables: Add snapshot of hardidletimer target, Subash Abhinov Kasiviswanathan
- Re: [PATCH nf-next] netfilter: xtables: Add snapshot of hardidletimer target, Florian Westphal
[PATCH nft v4 0/4] Introduce support for concatenated ranges, Stefano Brivio
- [PATCH nft v4 1/4] include: resync nf_tables.h cache copy, Stefano Brivio
  - Re: [PATCH nft v4 1/4] include: resync nf_tables.h cache copy, Pablo Neira Ayuso
- [PATCH nft v4 2/4] src: Add support for NFTNL_SET_DESC_CONCAT, Stefano Brivio
  - Re: [PATCH nft v4 2/4] src: Add support for NFTNL_SET_DESC_CONCAT, Pablo Neira Ayuso
- [PATCH nft v4 3/4] src: Add support for concatenated set ranges, Stefano Brivio
  - Re: [PATCH nft v4 3/4] src: Add support for concatenated set ranges, Pablo Neira Ayuso
    - Re: [PATCH nft v4 3/4] src: Add support for concatenated set ranges, Stefano Brivio
  - Re: [PATCH nft v4 3/4] src: Add support for concatenated set ranges, Pablo Neira Ayuso
    - Re: [PATCH nft v4 3/4] src: Add support for concatenated set ranges, Stefano Brivio
- [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Stefano Brivio
  - Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Phil Sutter
  - Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Pablo Neira Ayuso
    - Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Stefano Brivio
      - Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Phil Sutter
      - Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Florian Westphal
        
        Re: [PATCH nft v4 4/4] tests: Introduce test for set with concatenated ranges, Stefano Brivio
[PATCH libnftnl v4 0/3] Attributes for concatenated ranges, Stefano Brivio
- [PATCH libnftnl v4 2/3] set: Add support for NFTA_SET_DESC_CONCAT attributes, Stefano Brivio
- [PATCH libnftnl v4 1/3] include: resync nf_tables.h cache copy, Stefano Brivio
- [PATCH libnftnl v4 3/3] set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END, Stefano Brivio
- Re: [PATCH libnftnl v4 0/3] Attributes for concatenated ranges, Pablo Neira Ayuso
[PATCH v2] Documentation: changes.rst: update several outdated project URLs, Randy Dunlap
- Re: [PATCH v2] Documentation: changes.rst: update several outdated project URLs, Jonathan Corbet
use of netfilter-announce list, Thomas Jarosch
[PATCH nf-next V2] netfilter: ctnetlink: add kernel side filtering for dump, Romain Bellan
- Re: [PATCH nf-next V2] netfilter: ctnetlink: add kernel side filtering for dump, Florent Fourcot
- Re: [PATCH nf-next V2] netfilter: ctnetlink: add kernel side filtering for dump, Pablo Neira Ayuso
[PATCH libnftnl 1/2] Adding NFCT_FILTER_DUMP_TUPLE in filter_dump_attr, using kernel CTA_FILTER API, Romain Bellan
- [PATCH libnftnl 2/2] utils: add NFCT_FILTER_DUMP_TUPLE example, Romain Bellan
[PATCH] netfilter: Use kvcalloc, Joe Perches
- Re: [PATCH] netfilter: Use kvcalloc, Pablo Neira Ayuso
Re: [netfilter-core] INFO: rcu detected stall in hash_ip4_gc, Kadlecsik József
- <Possible follow-ups>
- Re: [netfilter-core] INFO: rcu detected stall in hash_ip4_gc, Kadlecsik József
INFO: rcu detected stall in hash_ip4_gc, syzbot
general protection fault in ip_set_comment_free, syzbot
[PATCH 1/1] netfilter: ipset: fix suspicious RCU usage in find_set_and_id, Kadlecsik József
- Re: [PATCH 1/1] netfilter: ipset: fix suspicious RCU usage in find_set_and_id, Pablo Neira Ayuso
INFO: rcu detected stall in ip_set_udel, syzbot
- Re: INFO: rcu detected stall in ip_set_udel, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy, syzbot
INFO: rcu detected stall in ip_set_uadd, syzbot
[PATCH AUTOSEL 5.4 060/107] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct, Sasha Levin
[PATCH AUTOSEL 5.4 059/107] netfilter: fix a use-after-free in mtype_destroy(), Sasha Levin
[PATCH AUTOSEL 5.4 090/107] netfilter: nf_tables: store transaction list locally while requesting module, Sasha Levin
[PATCH AUTOSEL 5.4 092/107] netfilter: nft_tunnel: ERSPAN_VERSION must not be null, Sasha Levin
[PATCH AUTOSEL 5.4 094/107] netfilter: nf_tables: fix flowtable list del corruption, Sasha Levin
[PATCH AUTOSEL 5.4 091/107] netfilter: nft_tunnel: fix null-attribute check, Sasha Levin
[PATCH AUTOSEL 5.4 093/107] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits, Sasha Levin
[PATCH AUTOSEL 5.4 095/107] netfilter: nat: fix ICMP header corruption on ICMP errors, Sasha Levin
[PATCH AUTOSEL 4.19 29/56] netfilter: fix a use-after-free in mtype_destroy(), Sasha Levin
[PATCH AUTOSEL 4.19 30/56] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct, Sasha Levin
[PATCH AUTOSEL 4.19 48/56] netfilter: nf_tables: store transaction list locally while requesting module, Sasha Levin
[PATCH AUTOSEL 4.19 49/56] netfilter: nft_tunnel: fix null-attribute check, Sasha Levin
[PATCH AUTOSEL 4.19 52/56] netfilter: nf_tables: fix flowtable list del corruption, Sasha Levin
[PATCH AUTOSEL 4.19 51/56] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits, Sasha Levin
[PATCH AUTOSEL 4.14 14/32] netfilter: fix a use-after-free in mtype_destroy(), Sasha Levin
[PATCH AUTOSEL 4.14 15/32] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct, Sasha Levin
[PATCH AUTOSEL 4.9 11/18] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct, Sasha Levin
[PATCH AUTOSEL 4.9 10/18] netfilter: fix a use-after-free in mtype_destroy(), Sasha Levin
[PATCH AUTOSEL 4.4 5/9] netfilter: fix a use-after-free in mtype_destroy(), Sasha Levin
[PATCH AUTOSEL 4.19 50/56] netfilter: nft_tunnel: ERSPAN_VERSION must not be null, Sasha Levin
KASAN: slab-out-of-bounds Read in bitmap_port_destroy, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_destroy, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_destroy, syzbot
- <Possible follow-ups>
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_destroy, Dan Carpenter
[PATCH] Documentation: changes.rst: update several outdated project URLs, Randy Dunlap
- Re: [PATCH] Documentation: changes.rst: update several outdated project URLs, Darrick J. Wong
  - Re: [PATCH] Documentation: changes.rst: update several outdated project URLs, Randy Dunlap
- Re: [PATCH] Documentation: changes.rst: update several outdated project URLs, Theodore Y. Ts'o
  - Re: [PATCH] Documentation: changes.rst: update several outdated project URLs, Randy Dunlap
    - Re: [PATCH] Documentation: changes.rst: update several outdated project URLs, Theodore Y. Ts'o
[nft PATCH 0/4] Covscan-induced review of ei_insert(), Phil Sutter
- [nft PATCH 2/4] segtree: Drop dead code in ei_insert(), Phil Sutter
  - Re: [nft PATCH 2/4] segtree: Drop dead code in ei_insert(), Pablo Neira Ayuso
- [nft PATCH 3/4] segtree: Simplify overlap case in ei_insert(), Phil Sutter
  - Re: [nft PATCH 3/4] segtree: Simplify overlap case in ei_insert(), Pablo Neira Ayuso
- [nft PATCH 1/4] segtree: Drop needless insertion in ei_insert(), Phil Sutter
  - Re: [nft PATCH 1/4] segtree: Drop needless insertion in ei_insert(), Pablo Neira Ayuso
- [nft PATCH 4/4] segtree: Refactor ei_insert(), Phil Sutter
  - Re: [nft PATCH 4/4] segtree: Refactor ei_insert(), Pablo Neira Ayuso
    - Re: [nft PATCH 4/4] segtree: Refactor ei_insert(), Phil Sutter
      - Re: [nft PATCH 4/4] segtree: Refactor ei_insert(), Pablo Neira Ayuso
        
        Re: [nft PATCH 4/4] segtree: Refactor ei_insert(), Phil Sutter
[PATCH nf,v3] netfilter: nf_tables: autoload modules from the abort path, Pablo Neira Ayuso
[PATCH 4/4] xt_mttg_seq_next should increase position index, Vasily Averin
[PATCH 3/4] recent_seq_next should increase position index, Vasily Averin
[PATCH 2/4] synproxy_cpu_seq_next should increase position index, Vasily Averin
[PATCH 0/4] netfilter: seq_file .next functions should increase position index, Vasily Averin
- [PATCH v2 0/4] netfilter: seq_file .next functions should increase position index, Vasily Averin
  - Re: [PATCH v2 0/4] netfilter: seq_file .next functions should increase position index, Pablo Neira Ayuso
- [PATCH v2 1/4] ct_cpu_seq_next should increase position index, Vasily Averin
- [PATCH v2 2/4] synproxy_cpu_seq_next should increase position index, Vasily Averin
- [PATCH v2 3/4] recent_seq_next should increase position index, Vasily Averin
- [PATCH v2 4/4] xt_mttg_seq_next should increase position index, Vasily Averin
[PATCH 1/4] ct_cpu_seq_next should increase position index, Vasily Averin
[PATCH nf] Revert "netfilter: unlock xt_table earlier in __do_replace", Sean Tranchetti
- Re: [PATCH nf] Revert "netfilter: unlock xt_table earlier in __do_replace", Florian Westphal
  - Re: [PATCH nf] Revert "netfilter: unlock xt_table earlier in __do_replace", stranche
  - Re: [PATCH nf] Revert "netfilter: unlock xt_table earlier in __do_replace", Xin Long
[PATCH] ipvs: fix spelling mistake "to" -> "too", Colin King
[PATCH nft 1/2] tests: shell: set lookup and set update, Pablo Neira Ayuso
- [PATCH nft 2/2] tests: shell: update list of rmmod modules, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: autoload modules from the abort path, Pablo Neira Ayuso
- Re: [PATCH nf,v2] netfilter: nf_tables: autoload modules from the abort path, Florian Westphal
  - Re: [PATCH nf,v2] netfilter: nf_tables: autoload modules from the abort path, Pablo Neira Ayuso
    - Re: [PATCH nf,v2] netfilter: nf_tables: autoload modules from the abort path, Pablo Neira Ayuso
    - Re: [PATCH nf,v2] netfilter: nf_tables: autoload modules from the abort path, Florian Westphal
[PATCH nf] netfilter: nf_tables: autoload modules from the abort path, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: add __nft_chain_type_get(), Pablo Neira Ayuso
[PATCH nf-next v4 0/9] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next v4 1/9] netfilter: nf_tables: add nft_setelem_parse_key(), Stefano Brivio
- [PATCH nf-next v4 2/9] netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute, Stefano Brivio
- [PATCH nf-next v4 3/9] netfilter: nf_tables: Support for sets with multiple ranged fields, Stefano Brivio
- [PATCH nf-next v4 4/9] bitmap: Introduce bitmap_cut(): cut bits and shift remaining, Stefano Brivio
- [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
  - Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Pablo Neira Ayuso
    - Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
      - Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Pablo Neira Ayuso
        
        Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
        
        Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Pablo Neira Ayuso
        
        Re: [PATCH nf-next v4 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next v4 7/9] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
- [PATCH nf-next v4 6/9] selftests: netfilter: Introduce tests for sets with range concatenation, Stefano Brivio
- [PATCH nf-next v4 8/9] nft_set_pipapo: Prepare for vectorised implementation: helpers, Stefano Brivio
- [PATCH nf-next v4 9/9] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
  - Re: [PATCH nf-next v4 9/9] nft_set_pipapo: Introduce AVX2-based lookup implementation, kbuild test robot
- Re: [PATCH nf-next v4 0/9] nftables: Set implementation for arbitrary concatenation of ranges, Pablo Neira Ayuso
- Re: [PATCH nf-next v4 0/9] nftables: Set implementation for arbitrary concatenation of ranges, Phil Sutter
  - Re: [PATCH nf-next v4 0/9] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
WARNING: suspicious RCU usage in find_set_and_id, syzbot
general protection fault in __nf_tables_chain_type_lookup, syzbot
Update on UAF in ip6_do_table on 4.19.X kernel, stranche
[nft PATCH 0/4] Fixes for a recent covscan run, Phil Sutter
- [nft PATCH 2/4] netlink: Fix leaks in netlink_parse_cmp(), Phil Sutter
  - Re: [nft PATCH 2/4] netlink: Fix leaks in netlink_parse_cmp(), Pablo Neira Ayuso
- [nft PATCH 4/4] netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt(), Phil Sutter
  - Re: [nft PATCH 4/4] netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt(), Pablo Neira Ayuso
- [nft PATCH 1/4] netlink: Fix leak in unterminated string deserializer, Phil Sutter
  - Re: [nft PATCH 1/4] netlink: Fix leak in unterminated string deserializer, Pablo Neira Ayuso
- [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert(), Phil Sutter
  - Re: [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert(), Pablo Neira Ayuso
    - Re: [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert(), Phil Sutter
      - Re: [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert(), Phil Sutter
[iptables PATCH] .gitignore: add nano/vim swap file, Arturo Borrero Gonzalez
KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc, syzbot
KASAN: use-after-free Read in __nf_tables_abort, syzbot
- Re: KASAN: use-after-free Read in __nf_tables_abort, Dan Carpenter
- Re: KASAN: use-after-free Read in __nf_tables_abort, syzbot
- Re: KASAN: use-after-free Read in __nf_tables_abort, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup, syzbot
KASAN: slab-out-of-bounds Write in bitmap_ip_del, syzbot
- Re: KASAN: slab-out-of-bounds Write in bitmap_ip_del, syzbot
- Re: KASAN: slab-out-of-bounds Write in bitmap_ip_del, syzbot
load balancing between two chains, sbezverk
- Re: load balancing between two chains, Phil Sutter
  - Re: load balancing between two chains, sbezverk
    - Re: load balancing between two chains, Florian Westphal
      - Re: load balancing between two chains, sbezverk
        
        Re: load balancing between two chains, Florian Westphal
        
        Re: load balancing between two chains, sbezverk
        
        Re: load balancing between two chains, Florian Westphal
        
        Re: load balancing between two chains, sbezverk
        
        Re: load balancing between two chains, Florian Westphal
        
        Re: load balancing between two chains, sbezverk
        
        Re: load balancing between two chains, sbezverk
        
        Re: load balancing between two chains, Florian Westphal
KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup, syzbot
- Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup, syzbot
- Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup, syzbot
  - Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup, Christian Brauner
    - Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup, Dan Carpenter
- Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup, syzbot
KASAN: use-after-free Read in bitmap_ip_destroy, syzbot
- Re: KASAN: use-after-free Read in bitmap_ip_destroy, syzbot
- Re: KASAN: use-after-free Read in bitmap_ip_destroy, syzbot
  - Re: KASAN: use-after-free Read in bitmap_ip_destroy, Jozsef Kadlecsik
[PATCH nft v3 0/9] bitwise shift support, Jeremy Sowden
- [PATCH nft v3 1/9] Update gitignore., Jeremy Sowden
- [PATCH nft v3 2/9] src: white-space fixes., Jeremy Sowden
- [PATCH nft v3 4/9] netlink_delinearize: remove commented out pr_debug statement., Jeremy Sowden
- [PATCH nft v3 6/9] evaluate: change shift byte-order to host-endian., Jeremy Sowden
- [PATCH nft v3 8/9] netlink: add support for handling shift expressions., Jeremy Sowden
- [PATCH nft v3 7/9] include: update nf_tables.h., Jeremy Sowden
- [PATCH nft v3 5/9] parser: add parenthesized statement expressions., Jeremy Sowden
- [PATCH nft v3 9/9] tests: shell: add bit-shift tests., Jeremy Sowden
  - Re: [PATCH nft v3 9/9] tests: shell: add bit-shift tests., Pablo Neira Ayuso
    - Re: [PATCH nft v3 9/9] tests: shell: add bit-shift tests., Jeremy Sowden
- [PATCH nft v3 3/9] netlink_delinearize: fix typo., Jeremy Sowden
- Re: [PATCH nft v3 0/9] bitwise shift support, Pablo Neira Ayuso
  - Re: [PATCH nft v3 0/9] bitwise shift support, Jeremy Sowden
    - Re: [PATCH nft v3 0/9] bitwise shift support, Jeremy Sowden
[PATCH 1/1] netfilter: ipset: use bitmap infrastructure completely, Kadlecsik József
- Re: [PATCH 1/1] netfilter: ipset: use bitmap infrastructure completely, Pablo Neira Ayuso
[PATCH nft] evaluate: don't eval unary arguments., Jeremy Sowden
- Re: [PATCH nft] evaluate: don't eval unary arguments., Pablo Neira Ayuso
  - Re: [PATCH nft] evaluate: don't eval unary arguments., Jeremy Sowden
    - Re: [PATCH nft] evaluate: don't eval unary arguments., Pablo Neira Ayuso
      - Re: [PATCH nft] evaluate: don't eval unary arguments., Jeremy Sowden
      - Re: [PATCH nft] evaluate: don't eval unary arguments., Jeremy Sowden
        
        Re: [PATCH nft] evaluate: don't eval unary arguments., Pablo Neira Ayuso
        
        Re: [PATCH nft] evaluate: don't eval unary arguments., Florian Westphal
        
        Re: [PATCH nft] evaluate: don't eval unary arguments., Pablo Neira Ayuso
        
        Re: [PATCH nft] evaluate: don't eval unary arguments., Florian Westphal
        
        Re: [PATCH nft] evaluate: don't eval unary arguments., Jeremy Sowden
general protection fault in nf_flow_table_offload_setup, syzbot
- Re: general protection fault in nf_flow_table_offload_setup, syzbot
- Re: general protection fault in nf_flow_table_offload_setup, syzbot
  - Re: general protection fault in nf_flow_table_offload_setup, Florian Westphal
[PATCH libnftnl v3 0/2] Attributes for concatenated ranges, Stefano Brivio
- [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes, Stefano Brivio
  - Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes, Pablo Neira Ayuso
    - Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes, Stefano Brivio
      - Re: [PATCH libnftnl v3 1/2] set: Add support for NFTA_SET_DESC_CONCAT attributes, Pablo Neira Ayuso
- [PATCH libnftnl v3 2/2] set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END, Stefano Brivio
[PATCH nft v3 0/3] Introduce support for concatenated ranges, Stefano Brivio
- [PATCH nft v3 1/3] src: Add support for NFTNL_SET_DESC_CONCAT, Stefano Brivio
- [PATCH nft v3 2/3] src: Add support for concatenated set ranges, Stefano Brivio
- [PATCH nft v3 3/3] tests: Introduce test for set with concatenated ranges, Stefano Brivio
[PATCH nf-next v3 0/9] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next v3 1/9] netfilter: nf_tables: add nft_setelem_parse_key(), Stefano Brivio
- [PATCH nf-next v3 2/9] netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute, Stefano Brivio
- [PATCH nf-next v3 3/9] netfilter: nf_tables: Support for sets with multiple ranged fields, Stefano Brivio
- [PATCH nf-next v3 4/9] bitmap: Introduce bitmap_cut(): cut bits and shift remaining, Stefano Brivio
- [PATCH nf-next v3 6/9] selftests: netfilter: Introduce tests for sets with range concatenation, Stefano Brivio
- [PATCH nf-next v3 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
  - Re: [PATCH nf-next v3 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, kbuild test robot
    - Re: [PATCH nf-next v3 5/9] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next v3 7/9] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
- [PATCH nf-next v3 8/9] nft_set_pipapo: Prepare for vectorised implementation: helpers, Stefano Brivio
- [PATCH nf-next v3 9/9] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
KASAN: use-after-free Read in bitmap_ip_ext_cleanup, syzbot
- Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup, syzbot
- Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup, syzbot
[PATCH nft] include: nf_tables: correct bitwise header comment., Jeremy Sowden
KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup, syzbot
[PATCH nf v2] netfilter: nf_tables_offload: fix check the chain offload flag, wenxu
- Re: [PATCH nf v2] netfilter: nf_tables_offload: fix check the chain offload flag, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables_offload: fix check the chain offload flag, wenxu
KASAN: slab-out-of-bounds Read in bitmap_ip_add, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ip_add, syzbot
  - Re: KASAN: slab-out-of-bounds Read in bitmap_ip_add, Linus Torvalds
    - Re: KASAN: slab-out-of-bounds Read in bitmap_ip_add, Cong Wang
      - Re: KASAN: slab-out-of-bounds Read in bitmap_ip_add, Linus Torvalds
- Re: KASAN: slab-out-of-bounds Read in bitmap_ip_add, syzbot
[PATCH nft v2 0/9] bitwise shift support, Jeremy Sowden
- [PATCH nft v2 3/9] netlink_delinearize: fix typo., Jeremy Sowden
- [PATCH nft v2 4/9] netlink_delinearize: remove commented out pr_debug statement., Jeremy Sowden
- [PATCH nft v2 6/9] evaluate: change shift byte-order to host-endian., Jeremy Sowden
- [PATCH nft v2 9/9] tests: shell: add bit-shift tests., Jeremy Sowden
- [PATCH nft v2 1/9] Update gitignore., Jeremy Sowden
- [PATCH nft v2 8/9] netlink: add support for handling shift expressions., Jeremy Sowden
- [PATCH nft v2 7/9] include: update nf_tables.h., Jeremy Sowden
- [PATCH nft v2 5/9] parser: add parenthesized statement expressions., Jeremy Sowden
- [PATCH nft v2 2/9] src: white-space fixes., Jeremy Sowden
- Re: [PATCH nft v2 0/9] bitwise shift support, Jeremy Sowden
[Patch nf] netfilter: nft_osf: NFTA_OSF_DREG must not be null, Cong Wang
- Re: [Patch nf] netfilter: nft_osf: NFTA_OSF_DREG must not be null, Pablo Neira Ayuso
  - Re: [Patch nf] netfilter: nft_osf: NFTA_OSF_DREG must not be null, Cong Wang
KASAN: slab-out-of-bounds Read in bitmap_port_gc, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_port_gc, syzbot
KASAN: use-after-free Read in bitmap_port_destroy, syzbot
- Re: KASAN: use-after-free Read in bitmap_port_destroy, Cong Wang
KASAN: slab-out-of-bounds Read in bitmap_ip_test, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ip_gc, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ip_gc, syzbot
[PATCH nf] netfilter: conntrack: sctp: use distinct states for new SCTP connections, Jiri Wiesner
- Re: [PATCH nf] netfilter: conntrack: sctp: use distinct states for new SCTP connections, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: conntrack: sctp: use distinct states for new SCTP connections, Jiri Wiesner
- Re: [PATCH nf] netfilter: conntrack: sctp: use distinct states for new SCTP connections, Pablo Neira Ayuso
BUG: corrupted list in __nf_tables_abort, syzbot
- Re: BUG: corrupted list in __nf_tables_abort, syzbot
- Re: BUG: corrupted list in __nf_tables_abort, syzbot
  - Re: BUG: corrupted list in __nf_tables_abort, Florian Westphal
general protection fault in nft_parse_register, syzbot
- [PATCH nf] netfilter: nft_osf: add missing check for DREG attribute, Florian Westphal
  - Re: [PATCH nf] netfilter: nft_osf: add missing check for DREG attribute, Fernando Fernández Mancera
  - Re: [PATCH nf] netfilter: nft_osf: add missing check for DREG attribute, Pablo Neira Ayuso
KASAN: slab-out-of-bounds Read in bitmap_port_add, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ipmac_list, syzbot
- Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_list, syzbot
KASAN: slab-out-of-bounds Read in bitmap_ip_list, syzbot
KASAN: slab-out-of-bounds Read in bitmap_port_list, syzbot
WARNING in nf_tables_table_destroy, syzbot
- Re: WARNING in nf_tables_table_destroy, syzbot
- Re: WARNING in nf_tables_table_destroy, syzbot
  - Re: WARNING in nf_tables_table_destroy, Florian Westphal
[PATCH libnftnl v2 0/6] bitwise shift support, Jeremy Sowden
- [PATCH libnftnl v2 1/6] Update gitignore., Jeremy Sowden
- [PATCH libnftnl v2 3/6] bitwise: add helper to print boolean expressions., Jeremy Sowden
- [PATCH libnftnl v2 2/6] bitwise: fix some incorrect indentation., Jeremy Sowden
- [PATCH libnftnl v2 4/6] include: update nf_tables.h., Jeremy Sowden
- [PATCH libnftnl v2 5/6] bitwise: add support for new netlink attributes., Jeremy Sowden
- [PATCH libnftnl v2 6/6] bitwise: add support for left- and right-shifts., Jeremy Sowden
- Re: [PATCH libnftnl v2 0/6] bitwise shift support, Jeremy Sowden
- Re: [PATCH libnftnl v2 0/6] bitwise shift support, Pablo Neira Ayuso
[PATCH 0/9] Netfilter updates for net, Pablo Neira Ayuso
- [PATCH 1/9] netfilter: fix a use-after-free in mtype_destroy(), Pablo Neira Ayuso
- [PATCH 7/9] netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks(), Pablo Neira Ayuso
- [PATCH 9/9] netfilter: nat: fix ICMP header corruption on ICMP errors, Pablo Neira Ayuso
- [PATCH 8/9] netfilter: nf_tables: fix flowtable list del corruption, Pablo Neira Ayuso
- [PATCH 6/9] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits, Pablo Neira Ayuso
- [PATCH 4/9] netfilter: nft_tunnel: fix null-attribute check, Pablo Neira Ayuso
- [PATCH 5/9] netfilter: nft_tunnel: ERSPAN_VERSION must not be null, Pablo Neira Ayuso
- [PATCH 3/9] netfilter: nf_tables: store transaction list locally while requesting module, Pablo Neira Ayuso
- [PATCH 2/9] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct, Pablo Neira Ayuso
- Re: [PATCH 0/9] Netfilter updates for net, David Miller
[PATCH AUTOSEL 5.4 148/205] netfilter: nf_tables_offload: release flow_rule on error from commit path, Sasha Levin
[PATCH AUTOSEL 4.19 032/671] netfilter: nft_osf: usage from output path is not valid, Sasha Levin
[PATCH AUTOSEL 4.19 037/671] netfilter: nf_flow_table: do not remove offload when other netns's interface is down, Sasha Levin
[PATCH AUTOSEL 4.19 225/671] netfilter: nft_set_hash: fix lookups with fixed size hash on big endian, Sasha Levin
[PATCH AUTOSEL 4.19 226/671] netfilter: nft_set_hash: bogus element self comparison from deactivation path, Sasha Levin
[PATCH AUTOSEL 4.19 320/671] netfilter: nft_flow_offload: add entry to flowtable after confirmation, Sasha Levin
[PATCH AUTOSEL 4.19 349/671] netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule, Sasha Levin
[PATCH AUTOSEL 4.19 355/671] netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value, Sasha Levin
[PATCH AUTOSEL 4.19 524/671] netfilter: ctnetlink: honor IPS_OFFLOAD flag, Sasha Levin
[PATCH AUTOSEL 4.14 126/371] netfilter: nft_set_hash: fix lookups with fixed size hash on big endian, Sasha Levin
[PATCH AUTOSEL 4.14 197/371] netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule, Sasha Levin
[PATCH AUTOSEL 4.9 137/251] netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule, Sasha Levin
[PATCH AUTOSEL 4.4 089/174] netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule, Sasha Levin
[PATCH nf-next,v3 8/9] netfilter: flowtable: add nf_flow_offload_tuple() helper, Pablo Neira Ayuso
- [PATCH nf-next,v3 9/9] netfilter: flowtable: add nf_flow_table_offload_cmd(), Pablo Neira Ayuso
[PATCH nf] netfilter: nft_tunnel: ERSPAN_VERSION must not be null, Florian Westphal
- Re: [PATCH nf] netfilter: nft_tunnel: ERSPAN_VERSION must not be null, Pablo Neira Ayuso
memory leak in nf_tables_parse_netdev_hooks, syzbot
- [PATCH] netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks(), Dan Carpenter
  - Re: [PATCH] netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks(), Florian Westphal
  - Re: [PATCH] netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks(), Pablo Neira Ayuso
[PATCH] Fixed some man pages typos ('This modules' -> 'This module'), aa . santos

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]