Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, (continued)
- [PATCH net-next 5/6] netfilter: nf_tables: add flowtable offload control plane, Pablo Neira Ayuso
- Re: [PATCH net-next 0/6] netfilter flowtable hardware offload, David Miller
UAF in ip6_do_table on 4.19 kernel, stranche
- Re: UAF in ip6_do_table on 4.19 kernel, Eric Dumazet
[conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Phil Sutter
- Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Pablo Neira Ayuso
[conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Phil Sutter
- Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Pablo Neira Ayuso
[PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Manoj Basapathi
- Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Arturo Borrero Gonzalez
- Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Florian Westphal
  - Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, manojbm
  - Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, manojbm
[PATCH libnetfilter_queue 0/2] Miscellaneous fixes, Duncan Roe
- [PATCH libnetfilter_queue 2/2] src: Make sure pktb_alloc() works for AF_INET6 since we document that it does, Duncan Roe
- [PATCH libnetfilter_queue 1/2] src: pktb_trim() was not updating tail after updating len, Duncan Roe
- Re: [PATCH libnetfilter_queue 0/2] Miscellaneous fixes, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 183/191] netfilter: masquerade: don't flush all conntracks if only one address deleted on device, Sasha Levin
[PATCH AUTOSEL 4.14 105/109] netfilter: masquerade: don't flush all conntracks if only one address deleted on device, Sasha Levin
[PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li RongQing
- Re: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Pablo Neira Ayuso
  - 答复: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li,Rongqing
[PATCH 00/16] drivers: y2038 updates, Arnd Bergmann
- [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Arnd Bergmann
  - Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Phil Sutter
  - Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Pablo Neira Ayuso
[PATCH 0/8] y2038: bug fixes from y2038 work, Arnd Bergmann
- [PATCH 5/8] netfilter: xt_time: use time64_t, Arnd Bergmann
  - Re: [PATCH 5/8] netfilter: xt_time: use time64_t, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 203/205] netfilter: nf_tables: avoid BUG_ON usage, Sasha Levin
KCSAN: data-race in pcpu_alloc / pcpu_free_area (2), syzbot
[nft PATCH 1/2] files: Drop shebangs from config files, Phil Sutter
- [nft PATCH 2/2] files: Install sample scripts from files/examples, Phil Sutter
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Pablo Neira Ayuso
    - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Phil Sutter
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Arturo Borrero Gonzalez
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Pablo Neira Ayuso
- Re: [nft PATCH 1/2] files: Drop shebangs from config files, Arturo Borrero Gonzalez
  - Re: [nft PATCH 1/2] files: Drop shebangs from config files, Phil Sutter
    - Re: [nft PATCH 1/2] files: Drop shebangs from config files, Arturo Borrero Gonzalez
- Re: [nft PATCH 1/2] files: Drop shebangs from config files, Pablo Neira Ayuso
[PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378), Jan-Martin Raemer
- Re: [PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378), Pablo Neira Ayuso
[PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
- [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
  - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
    - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
      - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
        
        [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
        
        [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
        
        Re: [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Pablo Neira Ayuso
        
        RE: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
- RE: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
- Re: ipv6 forward rule after prerouting - Howto, Phil Sutter
  - Re: ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
  - Re: ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
[PATCH] src: add `set_is_meter` helper., Jeremy Sowden
- [PATCH nft] src: add `set_is_meter` helper., Jeremy Sowden
- Re: [PATCH] src: add `set_is_meter` helper., Florian Westphal
[nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
- Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
  - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
    - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
      - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
        
        Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
[PATCH nft] src: flowtable: add support for delete command by handle, Eric Jallot
- Re: [PATCH nft] src: flowtable: add support for delete command by handle, Pablo Neira Ayuso
[PATCH libnftnl] flowtable: add support for handle attribute, Eric Jallot
- Re: [PATCH libnftnl] flowtable: add support for handle attribute, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nf_tables_offload: skip EBUSY on chain update, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_payload: add C-VLAN support, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c, Pablo Neira Ayuso
ebtables dnat rule gets system frozen, Tom Yan
- Re: ebtables dnat rule gets system frozen, Florian Westphal
- [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains, Florian Westphal
  - Re: [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c, Pablo Neira Ayuso
[PATCH nft] tests: add stateful object update operation test, Fernando Fernandez Mancera
[PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error, Fernando Fernandez Mancera
- Re: [PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
[PATCH libnetfilter_queue 0/2] src: doc: Main Page updates, Duncan Roe
- [PATCH libnetfilter_queue 1/2] src: whitespace: Eliminate useless spaces before tabs, Duncan Roe
- [PATCH libnetfilter_queue 2/2] src: doc: Update the Main Page to be nft-focussed, Duncan Roe
- Re: [PATCH libnetfilter_queue 0/2] src: doc: Main Page updates, Pablo Neira Ayuso
"Sets" element cannot update "struct proto_ctx", Ttttabcd
[PATCH net-next 0/2] icmp: move duplicate code in helper functions, Matteo Croce
- [PATCH net-next 1/2] icmp: add helpers to recognize ICMP error packets, Matteo Croce
- [PATCH net-next 2/2] icmp: remove duplicate code, Matteo Croce
- Re: [PATCH net-next 0/2] icmp: move duplicate code in helper functions, David Miller
[PATCH 0/1] ipset patches for nf-next, Jozsef Kadlecsik
- [PATCH 1/1] netfilter: ipset: Add wildcard support to net,iface, Jozsef Kadlecsik
- Re: [PATCH 0/1] ipset patches for nf-next, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.4 released, Kadlecsik József
Nat redirect using map, Daniel Huhardeaux
- Re: Nat redirect using map, Florian Westphal
  - Re: Nat redirect using map, Daniel Huhardeaux
[nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
- Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Pablo Neira Ayuso
  - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
    - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
      - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Pablo Neira Ayuso
        
        Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
[PATCH nf-next 0/2] Revisit vlan support, Pablo Neira Ayuso
- [PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling, Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling, Florian Westphal
- [PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr(), Pablo Neira Ayuso
  - Re: [PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr(), Florian Westphal
[PATCH nft,RFC] src: Support netdev egress hook, Lukas Wunner
[PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
- [PATCH nf-next,RFC 1/5] netfilter: Clean up unnecessary #ifdef, Lukas Wunner
- [PATCH nf-next,RFC 2/5] netfilter: Document ingress hook, Lukas Wunner
- [PATCH nf-next,RFC 4/5] netfilter: Generalize ingress hook, Lukas Wunner
- [PATCH nf-next,RFC 3/5] netfilter: Rename ingress hook include file, Lukas Wunner
- [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Daniel Borkmann
    - Re: [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Lukas Wunner
- Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
  - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
    - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Pablo Neira Ayuso
[tip: core/rcu] net/netfilter: Replace rcu_swap_protected() with rcu_replace_pointer(), tip-bot2 for Paul E. McKenney
nft: secmark output not understood by parser, Phil Sutter
[PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Lukas Wunner
- Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Lukas Wunner
  - Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Pablo Neira Ayuso
[libnftnl PATCH 1/1] flowtable: Fix symbol export for clang, Marvin Schmidt
- Re: [libnftnl PATCH 1/1] flowtable: Fix symbol export for clang, Pablo Neira Ayuso
[nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
- Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Pablo Neira Ayuso
  - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
- <Possible follow-ups>
- [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
  - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
    - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Pablo Neira Ayuso
[nft PATCH] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
[PATCH nft] doc: fix missing family in plural forms list command., Eric Jallot
- Re: [PATCH nft] doc: fix missing family in plural forms list command., Pablo Neira Ayuso
[libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Phil Sutter
- [libnftnl PATCH 2/2] Deprecate untyped data setters, Phil Sutter
  - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Pablo Neira Ayuso
    - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Phil Sutter
      - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Pablo Neira Ayuso
- Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Phil Sutter
- Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Pablo Neira Ayuso
[iptables PATCH v3 00/12] Implement among match support, Phil Sutter
- [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Phil Sutter
  - Re: [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Pablo Neira Ayuso
- [iptables PATCH v3 12/12] nft: bridge: Rudimental among extension support, Phil Sutter
- [iptables PATCH v3 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup(), Phil Sutter
- [iptables PATCH v3 05/12] nft: Keep nft_handle pointer in nft_xt_ctx, Phil Sutter
- [iptables PATCH v3 10/12] nft: Embed rule's table name in nft_xt_ctx, Phil Sutter
- [iptables PATCH v3 09/12] nft: Bore up nft_parse_payload(), Phil Sutter
- [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Phil Sutter
  - Re: [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Pablo Neira Ayuso
- [iptables PATCH v3 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback, Phil Sutter
- [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Phil Sutter
  - Re: [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Pablo Neira Ayuso
- [iptables PATCH v3 08/12] nft: Support NFT_COMPAT_SET_ADD, Phil Sutter
- [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Phil Sutter
  - Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Phil Sutter
- [iptables PATCH v3 11/12] nft: Support parsing lookup expression, Phil Sutter
- Re: [iptables PATCH v3 00/12] Implement among match support, Pablo Neira Ayuso
  - Re: [iptables PATCH v3 00/12] Implement among match support, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 00/12] Implement among match support, Phil Sutter
[PATCH nft] src: flowtable: add support for named flowtable listing, Eric Jallot
- Re: [PATCH nft] src: flowtable: add support for named flowtable listing, Pablo Neira Ayuso
Rearranging expressions in the rule, Serguei Bezverkhi (sbezverk)
[conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default, Pablo Neira Ayuso
Documentation question, Duncan Roe
- Re: Documentation question, Pablo Neira Ayuso
  - Re: Documentation question, Duncan Roe
    - Re: Documentation question, Pablo Neira Ayuso
- <Possible follow-ups>
- Documentation question, Duncan Roe
  - Re: Documentation question, Florian Westphal
    - Re: Documentation question, Duncan Roe
- Documentation question, Duncan Roe
  - Re: Documentation question, Pablo Neira Ayuso
    - Re: Documentation question, Duncan Roe
      - Re: Documentation question, Duncan Roe
    - [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one, Duncan Roe
      - Re: [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one, Pablo Neira Ayuso
- Documentation question, Duncan Roe
  - Re: Documentation question, Pablo Neira Ayuso
    - Re: Documentation question, Duncan Roe
      - Re: Documentation question, Pablo Neira Ayuso
        
        [PATCH libnetfilter_queue] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
Re: Conntrack offload questions, Pablo Neira Ayuso
ipset make modules_install always fail unless module already loaded?, Oskar Berggren
- Re: ipset make modules_install always fail unless module already loaded?, Kadlecsik József
[PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
- [PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
  - Re: [PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Pablo Neira Ayuso
    - RE: [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
[nft PATCH] tests/py: Fix test script for Python3 tempfile, Phil Sutter
- Re: [nft PATCH] tests/py: Fix test script for Python3 tempfile, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, Edward Cree
- Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, wenxu
libnftnl: Attribute and data length validation for objects, Phil Sutter
general protection fault in ip6_sublist_rcv, syzbot
- [PATCH net-next] inet: do not call sublist_rcv on empty list, Florian Westphal
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, Leon Romanovsky
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, Nikolay Aleksandrov
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, David Miller
[nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
- <Possible follow-ups>
- [nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
  - Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters, Pablo Neira Ayuso
    - Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
[iptables PATCH v2 00/10] Reduce code size around arptables-nft, Phil Sutter
- [iptables PATCH v2 04/10] Merge CMD_* defines, Phil Sutter
- [iptables PATCH v2 10/10] nft-arp: Use xtables_print_mac_and_mask(), Phil Sutter
- [iptables PATCH v2 01/10] ip6tables, xtables-arp: Drop unused struct pprot, Phil Sutter
- [iptables PATCH v2 09/10] xtables-arp: Use xtables_parse_interface(), Phil Sutter
- [iptables PATCH v2 07/10] xtables-arp: Integrate OPT_* defines into xshared.h, Phil Sutter
- [iptables PATCH v2 03/10] xshared: Share a common implementation of parse_rulenumber(), Phil Sutter
- [iptables PATCH v2 02/10] xshared: Share a common add_command() implementation, Phil Sutter
- [iptables PATCH v2 08/10] xtables-arp: Drop some unused variables, Phil Sutter
- [iptables PATCH v2 06/10] Replace TRUE/FALSE with true/false, Phil Sutter
- [iptables PATCH v2 05/10] xtables-arp: Drop generic_opt_check(), Phil Sutter
- Re: [iptables PATCH v2 00/10] Reduce code size around arptables-nft, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_meta: offload support for interface index, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables_offload: check for register data length mismatches, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables_offload: check for register data length mismatches, Pablo Neira Ayuso
[iptables PATCH 00/10] Reduce code size around arptables-nft, Phil Sutter
- [iptables PATCH 09/10] xtables-arp: Use xtables_parse_interface(), Phil Sutter
- [iptables PATCH 05/10] xtables-arp: Drop generic_opt_check(), Phil Sutter
- [iptables PATCH 01/10] ip6tables, xtables-arp: Drop unused struct pprot, Phil Sutter
- [iptables PATCH 03/10] xshared: Share a common implementation of parse_rulenumber(), Phil Sutter
- [iptables PATCH 02/10] xshared: Share a common add_command() implementation, Phil Sutter
- [iptables PATCH 08/10] xtables-arp: Drop some unused variables, Phil Sutter
- [iptables PATCH 10/10] nft-arp: Use xtables_print_mac_and_mask(), Phil Sutter
- [iptables PATCH 07/10] xtables-arp: Integrate OPT_* defines into xshared.h, Phil Sutter
- [iptables PATCH 06/10] Replace TRUE/FALSE with true/false, Phil Sutter
- [iptables PATCH 04/10] Merge CMD_* defines, Phil Sutter
- Re: [iptables PATCH 00/10] Reduce code size around arptables-nft, Pablo Neira Ayuso
  - Re: [iptables PATCH 00/10] Reduce code size around arptables-nft, Phil Sutter
[PATCH nf] netfilter: nft_cmp: check for register data length mismatches, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Duncan Roe
  - Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Florian Westphal
[PATCH AUTOSEL 5.3 49/99] netfilter: conntrack: avoid possible false sharing, Sasha Levin
[PATCH 00/31] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH 01/31] netfilter: ipset: add a coding-style fix to ip_set_ext_destroy., Pablo Neira Ayuso
- [PATCH 05/31] netfilter: ipset: make ip_set_put_flags extern., Pablo Neira Ayuso
- [PATCH 03/31] netfilter: ipset: move ip_set_comment functions from ip_set.h to ip_set_core.c., Pablo Neira Ayuso
- [PATCH 07/31] netfilter: ipset: move ip_set_get_ip_port() to ip_set_bitmap_port.c., Pablo Neira Ayuso
- [PATCH 09/31] ipvs: batch __ip_vs_cleanup, Pablo Neira Ayuso
- [PATCH 13/31] selftests: netfilter: add ipvs tunnel test case, Pablo Neira Ayuso
- [PATCH 14/31] netfilter: ecache: document extension area access rules, Pablo Neira Ayuso
- [PATCH 15/31] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Pablo Neira Ayuso
- [PATCH 26/31] netfilter: nf_tables_offload: remove rules on unregistered device only, Pablo Neira Ayuso
- [PATCH 28/31] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Pablo Neira Ayuso
- [PATCH 18/31] netfilter: nft_tproxy: Fix typo in IPv6 module description., Pablo Neira Ayuso
- [PATCH 17/31] netfilter: add and use nf_hook_slow_list(), Pablo Neira Ayuso
- [PATCH 31/31] netfilter: nf_tables_offload: unbind if multi-device binding fails, Pablo Neira Ayuso
- [PATCH 30/31] netfilter: nf_tables_offload: add nft_flow_block_offload_init(), Pablo Neira Ayuso
- [PATCH 29/31] netfilter: nf_tables_offload: add nft_chain_offload_cmd(), Pablo Neira Ayuso
- [PATCH 27/31] netfilter: nf_tables: support for multiple devices per netdev hook, Pablo Neira Ayuso
- [PATCH 24/31] netfilter: nf_tables_offload: Pass callback list to nft_setup_cb_call(), Pablo Neira Ayuso
- [PATCH 20/31] netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables, Pablo Neira Ayuso
- [PATCH 25/31] netfilter: nf_tables_offload: add nft_flow_cls_offload_setup(), Pablo Neira Ayuso
- [PATCH 23/31] netfilter: nf_tables_offload: add nft_flow_block_chain(), Pablo Neira Ayuso
- [PATCH 22/31] netfilter: nf_tables: increase maximum devices number per flowtable, Pablo Neira Ayuso
- [PATCH 21/31] netfilter: nf_tables: allow netdevice to be used only once per flowtable, Pablo Neira Ayuso
- [PATCH 19/31] netfilter: nf_flow_table: move priority to struct nf_flowtable, Pablo Neira Ayuso
- [PATCH 16/31] netfilter: conntrack: free extension area immediately, Pablo Neira Ayuso
- [PATCH 11/31] selftests: netfilter: add ipvs test script, Pablo Neira Ayuso
- [PATCH 12/31] selftests: netfilter: add ipvs nat test case, Pablo Neira Ayuso
- [PATCH 10/31] ipvs: batch __ip_vs_dev_cleanup, Pablo Neira Ayuso
- [PATCH 08/31] ipvs: no need to update skb route entry for local destination packets., Pablo Neira Ayuso
- [PATCH 04/31] netfilter: ipset: move functions to ip_set_core.c., Pablo Neira Ayuso
- [PATCH 02/31] netfilter: ipset: remove inline from static functions in .c files., Pablo Neira Ayuso
- [PATCH 06/31] netfilter: ipset: move function to ip_set_bitmap_ip.c., Pablo Neira Ayuso
- Re: [PATCH 00/31] Netfilter/IPVS updates for net-next, David Miller
[PATCH nft] mnl: remove artifical cap on 8 devices per flowtable, Pablo Neira Ayuso
[PATCH nft,v3] src: add multidevice support for netdev chain, Pablo Neira Ayuso
[PATCH nft,v2] src: add multidevice support for netdev chain, Pablo Neira Ayuso
- Re: [PATCH nft,v2] src: add multidevice support for netdev chain, Pablo Neira Ayuso
[PATCH libnftnl,v2] chain: multi-device support, Pablo Neira Ayuso
[PATCH libnftnl,v2] flowtable: device array dynamic allocation, Pablo Neira Ayuso
[iptables PATCH] xtables-arp: Use xtables_ipparse_multiple(), Phil Sutter
- Re: [iptables PATCH] xtables-arp: Use xtables_ipparse_multiple(), Florian Westphal
[PATCH AUTOSEL 5.3 11/33] netfilter: conntrack: avoid possible false sharing, Sasha Levin
[PATCH AUTOSEL 5.3 16/33] netfilter: connlabels: prefer static lock initialiser, Sasha Levin
[GIT PULL] IPVS fixes for v5.4, Simon Horman
- [PATCH 1/2] ipvs: don't ignore errors in case refcounting ip_vs module fails, Simon Horman
- [PATCH 2/2] ipvs: move old_secure_tcp into struct netns_ipvs, Simon Horman
- Re: [GIT PULL] IPVS fixes for v5.4, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, wenxu
    - Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, Pablo Neira Ayuso
[iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
- [iptables PATCH v3 1/7] xtables-restore: Integrate restore callbacks into struct nft_xt_restore_parse, Phil Sutter
- [iptables PATCH v3 5/7] xtables-restore: Allow lines without trailing newline character, Phil Sutter
- [iptables PATCH v3 4/7] xtables-restore: Remove some pointless linebreaks, Phil Sutter
- [iptables PATCH v3 2/7] xtables-restore: Introduce struct nft_xt_restore_state, Phil Sutter
- [iptables PATCH v3 6/7] xtables-restore: Improve performance of --noflush operation, Phil Sutter
- [iptables PATCH v3 7/7] tests: shell: Add ipt-restore/0007-flush-noflush_0, Phil Sutter
- [iptables PATCH v3 3/7] xtables-restore: Introduce line parsing function, Phil Sutter
- Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Pablo Neira Ayuso
  - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
    - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Pablo Neira Ayuso
      - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
[PATCH trivial] net: Fix various misspellings of "connect", Geert Uytterhoeven
- Re: [PATCH trivial] net: Fix various misspellings of "connect", Kalle Valo
- Re: [PATCH trivial] net: Fix various misspellings of "connect", Simon Horman
- Re: [PATCH trivial] net: Fix various misspellings of "connect", David Miller
[PATCH nf-next 0/5] netfilter: nft_tunnel: support tunnel match expr offload, wenxu
- [PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function, wenxu
  - Re: [PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function, Pablo Neira Ayuso
- [PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match, wenxu
  - Re: [PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match, Pablo Neira Ayuso
- [PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate, wenxu
  - Re: [PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate, Pablo Neira Ayuso
- [PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match, wenxu
  - Re: [PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match, kbuild test robot
- [PATCH nf-next 5/5] netfilter: nft_tunnel: add nft_tunnel_get_offload support, wenxu
[PATCH nf-next 1/3] netfilter: nf_tables_offload: add nft_chain_offload_cmd(), Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: nf_tables_offload: unbind if multi-device binding fails, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: nf_tables_offload: add nft_flow_block_offload_init(), Pablo Neira Ayuso
[PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw, wenxu
- Re: [PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed, Pablo Neira Ayuso
[nft PATCH] Revert "main: Fix for misleading error with negative chain priority", Phil Sutter
[PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, xiangxia . m . yue
- Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Florian Westphal
  - Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Tonghao Zhang
    - Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Florian Westphal
[PATCH nft 0/4] Output Flag Fixes, Jeremy Sowden
- [PATCH nft 2/4] py: add missing output flags., Jeremy Sowden
  - Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
    - Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
      - Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
        
        Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
        
        Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
  - Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
- [PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option., Jeremy Sowden
  - Re: [PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option., Pablo Neira Ayuso
- [PATCH nft 4/4] main: remove duplicate output flag assignment., Jeremy Sowden
  - Re: [PATCH nft 4/4] main: remove duplicate output flag assignment., Pablo Neira Ayuso
- [PATCH nft 1/4] doc: add missing output flag documentation., Jeremy Sowden
  - Re: [PATCH nft 1/4] doc: add missing output flag documentation., Pablo Neira Ayuso
[PATCH tip/core/rcu 08/10] net/netfilter: Replace rcu_swap_protected() with rcu_replace(), paulmck
[PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Florian Westphal
- Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Florian Westphal
nftables: secmark support, Christian Göttsche
- Re: nftables: secmark support, Pablo Neira Ayuso
  - Re: nftables: secmark support, Christian Göttsche
    - Re: nftables: secmark support, Christian Göttsche
      - Re: nftables: secmark support, Pablo Neira Ayuso
        
        Re: nftables: secmark support, Pablo Neira Ayuso
        
        Re: nftables: secmark support, Christian Göttsche
        
        Re: nftables: secmark support, Pablo Neira Ayuso
[PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, Pablo Neira Ayuso
- [PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support, wenxu
- [PATCH nf-next,RFC 1/2] netfilter: nf_tables: add decapsulation support, Pablo Neira Ayuso
- Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
  - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, Pablo Neira Ayuso
    - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
    - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
- Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
- Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
  - Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, Florian Westphal
How to implement transparent proxy in bridge through nftables, Ttttabcd
- Re: How to implement transparent proxy in bridge through nftables, Florian Westphal
  - Re: How to implement transparent proxy in bridge through nftables, Ttttabcd
    - Re: How to implement transparent proxy in bridge through nftables, Florian Westphal
[iptables PATCH] xtables-restore: Unbreak *tables-restore, Phil Sutter
- Re: [iptables PATCH] xtables-restore: Unbreak *tables-restore, Pablo Neira Ayuso
[PATCH nft v3 0/2] Add option to omit sets elements from listings., Jeremy Sowden
- [PATCH nft v3 2/2] src: add --terse to suppress output of set elements., Jeremy Sowden
- [PATCH nft v3 1/2] src: use `-T` as the short option for `--numeric-time`., Jeremy Sowden
- Re: [PATCH nft v3 0/2] Add option to omit sets elements from listings., Pablo Neira Ayuso
  - Re: [PATCH nft v3 0/2] Add option to omit sets elements from listings., Jeremy Sowden
[nft PATCH] main: Fix for misleading error with negative chain priority, Phil Sutter
- Re: [nft PATCH] main: Fix for misleading error with negative chain priority, Pablo Neira Ayuso
[PATCH nft v2] src: extend --stateless to suppress output of non-dynamic set elements., Jeremy Sowden
- Re: [PATCH nft v2] src: extend --stateless to suppress output of non-dynamic set elements., Pablo Neira Ayuso
[PATCH nft] main: misleading error reporting in chain definitions, Pablo Neira Ayuso
- Re: [PATCH nft] main: misleading error reporting in chain definitions, Phil Sutter
  - Re: [PATCH nft] main: misleading error reporting in chain definitions, Pablo Neira Ayuso
[nft PATCH] parser_json: Fix checking of parse_policy() return code, Phil Sutter
- Re: [nft PATCH] parser_json: Fix checking of parse_policy() return code, Pablo Neira Ayuso
[nft PATCH] tproxy: Add missing error checking when parsing from netlink, Phil Sutter
- Re: [nft PATCH] tproxy: Add missing error checking when parsing from netlink, Pablo Neira Ayuso
[iptables PATCH v2] xtables-restore: Fix --table parameter check, Phil Sutter
- Re: [iptables PATCH v2] xtables-restore: Fix --table parameter check, Florian Westphal
[PATCH nft] src: extend --stateless to suppress output of non-dynamic set elements., Jeremy Sowden
- Re: [PATCH nft] src: extend --stateless to suppress output of non-dynamic set elements., Jeremy Sowden
CFS for Netdev 0x14 open!, Jamal Hadi Salim
xtables-addons akmods Builds Failing on Linux Kernel 5.3.6 - Log Sample - xt_DHCPMAC.c, Matt Olson
- Re: xtables-addons akmods Builds Failing on Linux Kernel 5.3.6 - Log Sample - xt_DHCPMAC.c, Jeremy Sowden
[PATCH nf-next,v2 5/5] netfilter: nf_tables: support for multiple devices per netdev hook, Pablo Neira Ayuso
[PATCH nf v2] ipvs: don't ignore errors in case refcounting ip_vs module fails, Davide Caratti
- Re: [PATCH nf v2] ipvs: don't ignore errors in case refcounting ip_vs module fails, Julian Anastasov
[PATCH AUTOSEL 4.19 016/100] netfilter: ipset: Make invalid MAC address checks consistent, Sasha Levin
[iptables PATCH 1/2] iptables-xml: Use add_param_to_argv(), Phil Sutter
- [iptables PATCH 2/2] xshared: Introduce struct argv_store, Phil Sutter
  - Re: [iptables PATCH 2/2] xshared: Introduce struct argv_store, Pablo Neira Ayuso
- Re: [iptables PATCH 1/2] iptables-xml: Use add_param_to_argv(), Pablo Neira Ayuso
[iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Phil Sutter
- Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Pablo Neira Ayuso
  - Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Pablo Neira Ayuso
    - Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Phil Sutter
      - Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Pablo Neira Ayuso
        
        Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Phil Sutter
        
        Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Pablo Neira Ayuso
        
        Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Phil Sutter
        
        Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror(), Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables_offload: restore basechain deletion, Pablo Neira Ayuso
[PATCH nf-next v2] netfilter: nf_tables: add vlan support, wenxu
- Re: [PATCH nf-next v2] netfilter: nf_tables: add vlan support, Florian Westphal
[PATCH nf-next] netfilter: nf_tables: add vlan support, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables: add vlan support, Florian Westphal
  - Re: [PATCH nf-next] netfilter: nf_tables: add vlan support, wenxu
    - Re: [PATCH nf-next] netfilter: nf_tables: add vlan support, Florian Westphal
[PATCH nft] src: add multidevice support for netdev chain, Pablo Neira Ayuso
[PATCH libnftnl 1/2] flowtable: device array dynamic allocation, Pablo Neira Ayuso
- [PATCH libnftnl 2/2] chain: multi-device support, Pablo Neira Ayuso
[iptables PATCH 0/8] A bit of *tables-restore review fallout, Phil Sutter
- [iptables PATCH 2/8] xtables-restore: Use xt_params->program_name, Phil Sutter
  - Re: [iptables PATCH 2/8] xtables-restore: Use xt_params->program_name, Pablo Neira Ayuso
- [iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset, Phil Sutter
  - Re: [iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset, Pablo Neira Ayuso
    - Re: [iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset, Phil Sutter
- [iptables PATCH 7/8] xtables-restore: Drop local xtc_ops instance, Phil Sutter
  - Re: [iptables PATCH 7/8] xtables-restore: Drop local xtc_ops instance, Pablo Neira Ayuso
- [iptables PATCH 4/8] xtables-restore: Constify struct nft_xt_restore_cb, Phil Sutter
  - Re: [iptables PATCH 4/8] xtables-restore: Constify struct nft_xt_restore_cb, Pablo Neira Ayuso
- [iptables PATCH 5/8] iptables-restore: Constify struct iptables_restore_cb, Phil Sutter
  - Re: [iptables PATCH 5/8] iptables-restore: Constify struct iptables_restore_cb, Pablo Neira Ayuso
- [iptables PATCH 8/8] xtables-restore: Drop chain_list callback, Phil Sutter
  - Re: [iptables PATCH 8/8] xtables-restore: Drop chain_list callback, Pablo Neira Ayuso
- [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function, Phil Sutter
  - Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function, Pablo Neira Ayuso
    - Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function, Phil Sutter
      - Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function, Pablo Neira Ayuso
- [iptables PATCH 1/8] xtables-restore: Treat struct nft_xt_restore_parse as const, Phil Sutter
  - Re: [iptables PATCH 1/8] xtables-restore: Treat struct nft_xt_restore_parse as const, Pablo Neira Ayuso
[PATCH nft,v2] src: restore --echo with anonymous sets, Pablo Neira Ayuso
- Re: [PATCH nft,v2] src: restore --echo with anonymous sets, Phil Sutter
[PATCH nft] src: restore --echo with anonymous sets, Pablo Neira Ayuso
- Re: [PATCH nft] src: restore --echo with anonymous sets, Phil Sutter
[PATCH nft 1/2] src: define flowtable device compound as a list, Pablo Neira Ayuso
- [PATCH nft 2/2,v2] flowtable: fix memleak in exit path, Pablo Neira Ayuso
[nft PATCH 0/4] A bunch of fixes for --echo option, Phil Sutter
- [nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format, Phil Sutter
  - Re: [nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format, Florian Westphal
  - Re: [nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format, Pablo Neira Ayuso
- [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Phil Sutter
  - Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Florian Westphal
  - Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Pablo Neira Ayuso
    - Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Pablo Neira Ayuso
      - Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Phil Sutter
        
        Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Pablo Neira Ayuso
        
        Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Phil Sutter
        
        Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Pablo Neira Ayuso
        
        Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo", Phil Sutter
- [nft PATCH 1/4] monitor: Add missing newline to error message, Phil Sutter
  - Re: [nft PATCH 1/4] monitor: Add missing newline to error message, Florian Westphal
  - Re: [nft PATCH 1/4] monitor: Add missing newline to error message, Pablo Neira Ayuso
- [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Phil Sutter
  - Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Florian Westphal
  - Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Pablo Neira Ayuso
    - Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Phil Sutter
      - Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Pablo Neira Ayuso
  - Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing, Pablo Neira Ayuso
[libnftnl PATCH] obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser, Phil Sutter
- Re: [libnftnl PATCH] obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser, Pablo Neira Ayuso
feature request, way to check specific IP/port/protocol/etc, Dmitri Seletski
[PATCH nf-next 0/5] Hook multiple netdevices to basechain, Pablo Neira Ayuso
- [PATCH nf-next 1/5] netfilter: nf_tables_offload: add nft_flow_block_chain(), Pablo Neira Ayuso
- [PATCH nf-next 2/5] netfilter: nf_tables_offload: Pass callback list to nft_setup_cb_call(), Pablo Neira Ayuso
- [PATCH nf-next 3/5] netfilter: nf_tables_offload: add nft_flow_cls_offload_setup(), Pablo Neira Ayuso
- [PATCH nf-next 4/5] netfilter: nf_tables_offload: remove rules on unregistered device only, Pablo Neira Ayuso
- [PATCH nf-next 5/5] netfilter: nf_tables: support for multiple devices per netdev hook, Pablo Neira Ayuso
[PATCH nf-next 0/4] flowtable updates, Pablo Neira Ayuso
- [PATCH nf-next 1/4] netfilter: nf_flow_table: move priority to struct nf_flowtable, Pablo Neira Ayuso
- [PATCH nf-next 3/4] netfilter: nf_tables: allow only one netdev per flowtable, Pablo Neira Ayuso
- [PATCH nf-next 4/4] netfilter: nf_tables: increase maximum devices number per flowtable, Pablo Neira Ayuso
- [PATCH nf-next 2/4] netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables, Pablo Neira Ayuso
[PATCH] nfnetlink_cthelper: make userspace conntrack helpers with priv data work again, a_hungrig
[libnftnl PATCH v2] set_elem: Validate nftnl_set_elem_set() parameters, Phil Sutter
- Re: [libnftnl PATCH v2] set_elem: Validate nftnl_set_elem_set() parameters, Pablo Neira Ayuso
[nft PATCH] mnl: Don't use nftnl_set_set(), Phil Sutter
- Re: [nft PATCH] mnl: Don't use nftnl_set_set(), Pablo Neira Ayuso
[libnftnl PATCH 0/6] A series of covscan-indicated fixes, Phil Sutter
- [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Phil Sutter
  - Re: [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Pablo Neira Ayuso
    - Re: [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Phil Sutter
      - Re: [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Pablo Neira Ayuso
        
        Re: [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Phil Sutter
        
        Re: [libnftnl PATCH 3/6] set_elem: Validate nftnl_set_elem_set() parameters, Pablo Neira Ayuso
- [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Phil Sutter
  - Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Pablo Neira Ayuso
    - Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Phil Sutter
      - Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Pablo Neira Ayuso
        
        Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Phil Sutter
        
        Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Pablo Neira Ayuso
        
        Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Phil Sutter
        
        Re: [libnftnl PATCH 5/6] obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data(), Pablo Neira Ayuso
- [libnftnl PATCH 1/6] obj: ct_timeout: Check return code of mnl_attr_parse_nested(), Phil Sutter
  - Re: [libnftnl PATCH 1/6] obj: ct_timeout: Check return code of mnl_attr_parse_nested(), Pablo Neira Ayuso
- [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Phil Sutter
  - Re: [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Pablo Neira Ayuso
    - Re: [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Phil Sutter
      - Re: [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Pablo Neira Ayuso
        
        Re: [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Phil Sutter
        
        Re: [libnftnl PATCH 4/6] set: Don't bypass checks in nftnl_set_set_u{32,64}(), Pablo Neira Ayuso
- [libnftnl PATCH 2/6] set_elem: Fix return code of nftnl_set_elem_set(), Phil Sutter
  - Re: [libnftnl PATCH 2/6] set_elem: Fix return code of nftnl_set_elem_set(), Pablo Neira Ayuso
- [libnftnl PATCH 6/6] obj/tunnel: Fix for undefined behaviour, Phil Sutter
  - Re: [libnftnl PATCH 6/6] obj/tunnel: Fix for undefined behaviour, Pablo Neira Ayuso
[PATCH nft] flowtable: fix memleak in exit path, Eric Jallot
[PATCH nft] rule: fix flowtable memleaks, Pablo Neira Ayuso
[PATCH v2 nf-next 0/2] netfilter: conntrack: free extension area immediately, Florian Westphal
- [PATCH v2 nf-next 1/2] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Florian Westphal
- [PATCH nf-next 2/2] netfilter: conntrack: free extension area immediately, Florian Westphal
- Re: [PATCH v2 nf-next 0/2] netfilter: conntrack: free extension area immediately, Pablo Neira Ayuso
[iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Phil Sutter
- [iptables PATCH v4 4/8] nft-cache: Support partial cache per table, Phil Sutter
- [iptables PATCH v4 6/8] nft: Reduce cache overhead of nft_chain_builtin_init(), Phil Sutter
- [iptables PATCH v4 5/8] nft-cache: Support partial rule cache per chain, Phil Sutter
- [iptables PATCH v4 2/8] nft-cache: Fetch only chains in nft_chain_list_get(), Phil Sutter
- [iptables PATCH v4 3/8] nft-cache: Cover for multiple fetcher invocation, Phil Sutter
- [iptables PATCH v4 7/8] nft: Support nft_is_table_compatible() per chain, Phil Sutter
- [iptables PATCH v4 8/8] nft: Optimize flushing all chains of a table, Phil Sutter
- [iptables PATCH v4 1/8] nft-cache: Introduce cache levels, Phil Sutter
  - Re: [iptables PATCH v4 1/8] nft-cache: Introduce cache levels, Pablo Neira Ayuso
- Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Pablo Neira Ayuso
  - Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Pablo Neira Ayuso
    - Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Phil Sutter
      - Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Pablo Neira Ayuso
  - Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets, Phil Sutter
[PATCH 0/6] [GIT PULL ipvs-next] IPVS updates for v5.5, Simon Horman
- [PATCH 1/6] ipvs: no need to update skb route entry for local destination packets., Simon Horman
- [PATCH 4/6] selftests: netfilter: add ipvs test script, Simon Horman
- [PATCH 3/6] ipvs: batch __ip_vs_dev_cleanup, Simon Horman
- [PATCH 2/6] ipvs: batch __ip_vs_cleanup, Simon Horman
- [PATCH 5/6] selftests: netfilter: add ipvs nat test case, Simon Horman
- [PATCH 6/6] selftests: netfilter: add ipvs tunnel test case, Simon Horman
- Re: [PATCH 0/6] [GIT PULL ipvs-next] IPVS updates for v5.5, Pablo Neira Ayuso
[PATCH net-next,v5 0/4] flow_offload: update mangle action representation, Pablo Neira Ayuso
- [PATCH net-next,v5 1/4] net: flow_offload: flip mangle action mask, Pablo Neira Ayuso
  - Re: [PATCH net-next,v5 1/4] net: flow_offload: flip mangle action mask, Jiri Pirko
- [PATCH net-next,v5 2/4] net: flow_offload: bitwise AND on mangle action value field, Pablo Neira Ayuso
  - Re: [PATCH net-next,v5 2/4] net: flow_offload: bitwise AND on mangle action value field, Jiri Pirko
- [PATCH net-next,v5 4/4] netfilter: nft_payload: packet mangling offload support, Pablo Neira Ayuso
- [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
  - Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, kbuild test robot
  - [RFC PATCH] net: flow_offload: tc_proto_udp_hdr[] can be static, kbuild test robot
  - Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Jakub Kicinski
    - Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
      - Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
        
        Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Edward Cree
        
        Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, David Miller
      - Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Jakub Kicinski
        
        Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
        
        Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, Edward Cree
        
        Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level, David Miller
[PATCH net-next,v4 0/4] flow_offload: update mangle action representation, Pablo Neira Ayuso
- [PATCH net-next,v4 1/4] net: flow_offload: bitwise AND on mangle action value field, Pablo Neira Ayuso
- [PATCH net-next,v4 3/4] netfilter: nft_payload: packet mangling offload support, Pablo Neira Ayuso
- [PATCH net-next,v4 4/4] net: flow_offload: add flow_rule_print(), Pablo Neira Ayuso
- [PATCH net-next,v4 2/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
- Re: [PATCH net-next,v4 0/4] flow_offload: update mangle action representation, Pablo Neira Ayuso
First Contribution, UDAY MEWADA
- Re: First Contribution, Phil Sutter
- Re: First Contribution, Arturo Borrero Gonzalez
xtables-addons GEOIP not matching chain, Marco Sommella
[PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Florian Westphal
- Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, kbuild test robot
- Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, kbuild test robot
- Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, kbuild test robot
- Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Dan Carpenter
- Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Jeremy Sowden
  - Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Florian Westphal
    - Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Jeremy Sowden
[PATCH libmnl] include: add MNL_SOCKET_DUMP_SIZE definition, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_flow_table: set timeout before insertion into hashes, Pablo Neira Ayuso
[PATCH libnfnetlink 0/1] Minimally resurrect doxygen documentation, Duncan Roe
- [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
  - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Pablo Neira Ayuso
    - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
      - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Jeremy Sowden
      - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Pablo Neira Ayuso
    - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
      - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Pablo Neira Ayuso
        
        Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
        
        Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
        
        Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Pablo Neira Ayuso
    - Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation, Duncan Roe
      - [PATCH libnfnetlink v2 0/2] Minimally resurrect doxygen documentation, Duncan Roe
      - [PATCH libnfnetlink v2 1/2] Minimally resurrect doxygen documentation, Duncan Roe
      - [PATCH libnfnetlink v2 2/2] Make it clear that this library is deprecated, Duncan Roe
      - [PATCH libnfnetlink v3 2/2] Make it clear that this library is deprecated, Duncan Roe
        
        Re: [PATCH libnfnetlink v3 2/2] Make it clear that this library is deprecated, Pablo Neira Ayuso
      - [PATCH libnfnetlink v3 1/2] Minimally resurrect doxygen documentation, Duncan Roe
        
        Re: [PATCH libnfnetlink v3 1/2] Minimally resurrect doxygen documentation, Pablo Neira Ayuso
      - [PATCH libnfnetlink v3 0/2] Minimally resurrect doxygen documentation, Duncan Roe
- Re: [PATCH libnfnetlink 0/1] Minimally resurrect doxygen documentation, Duncan Roe
[PATCH nf-next] netfilter: ecache: document extension area access rules, Florian Westphal
- Re: [PATCH nf-next] netfilter: ecache: document extension area access rules, Pablo Neira Ayuso
[PATCH trivial] netfilter: nft_tproxy: Fix typo in IPv6 module description., Norman Rasmussen
- Re: [PATCH trivial] netfilter: nft_tproxy: Fix typo in IPv6 module description., Pablo Neira Ayuso
[PATCH nft] expression: extend 'nft describe' to allow listing data types, Florian Westphal
- Re: [PATCH nft] expression: extend 'nft describe' to allow listing data types, Pablo Neira Ayuso
[PATCH nf] ipvs: don't ignore errors in case refcounting ip_vs module fails, Davide Caratti
- Re: [PATCH nf] ipvs: don't ignore errors in case refcounting ip_vs module fails, Julian Anastasov
[PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Florian Westphal
- Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Edward Cree
  - Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Florian Westphal
    - Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Pablo Neira Ayuso
      - Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Edward Cree
- Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(), Pablo Neira Ayuso
[PATCH] ipset: Copy the right MAC address in hash:ip,mac IPv6 sets, Stefano Brivio
- Re: [PATCH] ipset: Copy the right MAC address in hash:ip,mac IPv6 sets, Kadlecsik József
[PATCH v6 0/3] selftests: netfilter: introduce test cases for ipvs, Haishuang Yan
- [PATCH v6 1/3] selftests: netfilter: add ipvs test script, Haishuang Yan
- [PATCH v6 2/3] selftests: netfilter: add ipvs nat test case, Haishuang Yan
- [PATCH v6 3/3] selftests: netfilter: add ipvs tunnel test case, Haishuang Yan
- Re: [PATCH v6 0/3] selftests: netfilter: introduce test cases for ipvs, Simon Horman
[PATCH nft,v2] datatype: display description for header field < 8 bits, Pablo Neira Ayuso
[PATCH nft] datatype: display description for header field < 8 bits, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 18/26] netfilter: nft_connlimit: disable bh on garbage collection, Sasha Levin
[PATCH net] netfilter: conntrack: avoid possible false sharing, Eric Dumazet
- Re: [PATCH net] netfilter: conntrack: avoid possible false sharing, Pablo Neira Ayuso
- Re: [PATCH net] netfilter: conntrack: avoid possible false sharing, Jakub Kicinski
  - Re: [PATCH net] netfilter: conntrack: avoid possible false sharing, Eric Dumazet
[PATCH nf-next] netfilter: add and use nf_hook_slow_list(), Florian Westphal
- Re: [PATCH nf-next] netfilter: add and use nf_hook_slow_list(), Edward Cree
  - Re: [PATCH nf-next] netfilter: add and use nf_hook_slow_list(), Florian Westphal
[PATCH v5 0/3] selftests: netfilter: introduce test cases for ipvs, Haishuang Yan
- [PATCH v5 2/3] selftests: netfilter: add ipvs nat test case, Haishuang Yan
- [PATCH v5 3/3] selftests: netfilter: add ipvs tunnel test case, Haishuang Yan
- [PATCH v5 1/3] selftests: netfilter: add ipvs test script, Haishuang Yan
  - Re: [PATCH v5 1/3] selftests: netfilter: add ipvs test script, Simon Horman
[PATCH nft] segtree: always close interval in non-anonymous sets, Pablo Neira Ayuso
[libnftnl PATCH v2] set: Export nftnl_set_list_lookup_byname(), Phil Sutter

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]