Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH nf-next v2 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Stefano Brivio
  - Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Pablo Neira Ayuso
    - Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Stefano Brivio
      - Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Pablo Neira Ayuso
        
        Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Stefano Brivio
        
        Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Pablo Neira Ayuso
        
        Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Stefano Brivio
        
        Re: [PATCH nf-next v2 1/8] netfilter: nf_tables: Support for subkeys, set with multiple ranged fields, Pablo Neira Ayuso
- [PATCH nf-next v2 2/8] bitmap: Introduce bitmap_cut(): cut bits and shift remaining, Stefano Brivio
- [PATCH nf-next v2 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
  - Re: [PATCH nf-next v2 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Pablo Neira Ayuso
    - Re: [PATCH nf-next v2 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
      - Re: [PATCH nf-next v2 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Pablo Neira Ayuso
- [PATCH nf-next v2 5/8] nft_set_pipapo: Provide unrolled lookup loops for common field sizes, Stefano Brivio
- [PATCH nf-next v2 4/8] selftests: netfilter: Introduce tests for sets with range concatenation, Stefano Brivio
- [PATCH nf-next v2 6/8] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
- [PATCH nf-next v2 7/8] nft_set_pipapo: Prepare for vectorised implementation: helpers, Stefano Brivio
- [PATCH nf-next v2 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
  - Re: [PATCH nf-next v2 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, kbuild test robot
- Re: [PATCH nf-next v2 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Pablo Neira Ayuso
  - Re: [PATCH nf-next v2 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
    - Re: [PATCH nf-next v2 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Pablo Neira Ayuso
      - Re: [PATCH nf-next v2 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
[PATCH AUTOSEL 4.19 088/219] netfilter: nf_nat_sip: fix RTP/RTCP source port translations, Sasha Levin
[PATCH AUTOSEL 4.19 158/219] netfilter: nf_tables: fix a missing check of nla_put_failure, Sasha Levin
[iptables PATCH v4 00/12] Implement among match support, Phil Sutter
- [iptables PATCH v4 07/12] nft: Introduce NFT_CL_SETS cache level, Phil Sutter
- [iptables PATCH v4 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup(), Phil Sutter
- [iptables PATCH v4 10/12] nft: Embed rule's table name in nft_xt_ctx, Phil Sutter
- [iptables PATCH v4 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Phil Sutter
- [iptables PATCH v4 11/12] nft: Support parsing lookup expression, Phil Sutter
- [iptables PATCH v4 09/12] nft: Bore up nft_parse_payload(), Phil Sutter
- [iptables PATCH v4 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Phil Sutter
- [iptables PATCH v4 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback, Phil Sutter
- [iptables PATCH v4 05/12] nft: Keep nft_handle pointer in nft_xt_ctx, Phil Sutter
- [iptables PATCH v4 08/12] nft: Support NFT_COMPAT_SET_ADD, Phil Sutter
- [iptables PATCH v4 12/12] nft: bridge: Rudimental among extension support, Phil Sutter
- [iptables PATCH v4 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Phil Sutter
- Re: [iptables PATCH v4 00/12] Implement among match support, Pablo Neira Ayuso
[PATCH libnftnl v2] set: Add support for NFTA_SET_SUBKEY attributes, Stefano Brivio
- Re: [PATCH libnftnl v2] set: Add support for NFTA_SET_SUBKEY attributes, Phil Sutter
[PATCH nft v2 0/3] Introduce support for concatenated ranges, Stefano Brivio
- [PATCH nft v2 1/3] src: Add support for and export NFT_SET_SUBKEY attributes, Stefano Brivio
  - Re: [PATCH nft v2 1/3] src: Add support for and export NFT_SET_SUBKEY attributes, Phil Sutter
- [PATCH nft v2 2/3] src: Add support for concatenated set ranges, Stefano Brivio
  - Re: [PATCH nft v2 2/3] src: Add support for concatenated set ranges, Phil Sutter
- [PATCH nft v2 3/3] tests: Introduce test for set with concatenated ranges, Stefano Brivio
  - Re: [PATCH nft v2 3/3] tests: Introduce test for set with concatenated ranges, Phil Sutter
[PATCH] net: Fix Kconfig indentation, continued, Krzysztof Kozlowski
- Re: [PATCH] net: Fix Kconfig indentation, continued, David Miller
[PATCH nft] mnl: Fix -Wimplicit-function-declaration warnings, Michal Rostecki
- Re: [PATCH nft] mnl: Fix -Wimplicit-function-declaration warnings, Phil Sutter
- Re: [PATCH nft] mnl: Fix -Wimplicit-function-declaration warnings, Pablo Neira Ayuso
[libnftnl PATCH] utils: Define __visible even if not supported by compiler, Phil Sutter
- Re: [libnftnl PATCH] utils: Define __visible even if not supported by compiler, Pablo Neira Ayuso
[arptables PATCH 0/3] Some minor fixes, Phil Sutter
- [arptables PATCH 2/3] Eliminate compiler warning about size passed to strncmp(), Phil Sutter
  - Re: [arptables PATCH 2/3] Eliminate compiler warning about size passed to strncmp(), Pablo Neira Ayuso
- [arptables PATCH 3/3] libarptc: Simplify alloc_handle by using calloc(), Phil Sutter
  - Re: [arptables PATCH 3/3] libarptc: Simplify alloc_handle by using calloc(), Pablo Neira Ayuso
- [arptables PATCH 1/3] Add .gitignore, Phil Sutter
  - Re: [arptables PATCH 1/3] Add .gitignore, Pablo Neira Ayuso
[nft PATCH] segtree: Fix add and delete of element in same batch, Phil Sutter
- Re: [nft PATCH] segtree: Fix add and delete of element in same batch, Pablo Neira Ayuso
[PATCH nf-next v2 0/4] netfilter: nf_flow_table_offload: support tunnel offload, wenxu
- [PATCH nf-next v2 1/4] netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup to support indir setup, wenxu
  - Re: [PATCH nf-next v2 1/4] netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup to support indir setup, wenxu
- [PATCH nf-next v2 4/4] netfilter: nf_flow_table_offload: add tunnel encap/decap action offload support, wenxu
  - Re: [PATCH nf-next v2 4/4] netfilter: nf_flow_table_offload: add tunnel encap/decap action offload support, wenxu
- [PATCH nf-next v2 2/4] netfilter: nf_flow_table_offload: add indr block setup support, wenxu
  - Re: [PATCH nf-next v2 2/4] netfilter: nf_flow_table_offload: add indr block setup support, wenxu
- [PATCH nf-next v2 3/4] netfilter: nf_flow_table_offload: add tunnel match offload support, wenxu
  - Re: [PATCH nf-next v2 3/4] netfilter: nf_flow_table_offload: add tunnel match offload support, wenxu
  - Re: [PATCH nf-next v2 3/4] netfilter: nf_flow_table_offload: add tunnel match offload support, kbuild test robot
- Re: [PATCH nf-next v2 0/4] netfilter: nf_flow_table_offload: support tunnel offload, wenxu
[RFC 1/4] statement: make secmark statements idempotent, Christian Göttsche
- [RFC 2/4] src: add ability to set/get secmarks to/from connection, Christian Göttsche
  - Re: [RFC 2/4] src: add ability to set/get secmarks to/from connection, Pablo Neira Ayuso
    - Re: [RFC 2/4] src: add ability to set/get secmarks to/from connection, Pablo Neira Ayuso
- [RFC 3/4] files: add example secmark config, Christian Göttsche
  - Re: [RFC 3/4] files: add example secmark config, Pablo Neira Ayuso
- [RFC 4/4] src: add ability to reset secmarks, Christian Göttsche
  - Re: [RFC 4/4] src: add ability to reset secmarks, Pablo Neira Ayuso
- Re: [RFC 1/4] statement: make secmark statements idempotent, Pablo Neira Ayuso
[PATCH nf-next 0/7] nf_tables encapsulation/decapsulation support, Pablo Neira Ayuso
- [PATCH nf-next 1/7] netfilter: nft_objref: rename NFTA_OBJREF_IMM_TYPE to NFTA_OBJREF_TYPE, Pablo Neira Ayuso
- [PATCH nf-next 2/7] netfilter: nft_objref: validate map object type, Pablo Neira Ayuso
- [PATCH nf-next 3/7] netfilter: nft_objref: add nft_obj_ref structure and use it, Pablo Neira Ayuso
- [PATCH nf-next 4/7] netfilter: nf_tables: pass nft_object_ref to object evaluation function, Pablo Neira Ayuso
- [PATCH nf-next 5/7] netfilter: nft_objref: add support for operation on objects, Pablo Neira Ayuso
- [PATCH nf-next 6/7] netfilter: nf_tables: add decapsulation support, Pablo Neira Ayuso
- [PATCH nf-next 7/7] netfilter: nf_tables: add encapsulation support, Pablo Neira Ayuso
[PATCH nf-next] netfilter: Document ingress hook, Lukas Wunner
- Re: [PATCH nf-next] netfilter: Document ingress hook, Pablo Neira Ayuso
[PATCH nf-next] netfilter: Clean up unnecessary #ifdef, Lukas Wunner
- Re: [PATCH nf-next] netfilter: Clean up unnecessary #ifdef, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_flow_table_offload: Fix block_cb tc_setup_type as TC_SETUP_CLSFLOWER, wenxu
- Re: [nf-next] netfilter: nf_flow_table_offload: Fix block_cb tc_setup_type as TC_SETUP_CLSFLOWER, Paul Blakey
- Re: [PATCH nf-next] netfilter: nf_flow_table_offload: Fix block_cb tc_setup_type as TC_SETUP_CLSFLOWER, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_flow_table_offload: Fix setup block as TC_SETUP_FT cmd, wenxu
- Re: [nf-next] netfilter: nf_flow_table_offload: Fix setup block as TC_SETUP_FT cmd, Paul Blakey
- Re: [PATCH nf-next] netfilter: nf_flow_table_offload: Fix setup block as TC_SETUP_FT cmd, Pablo Neira Ayuso
[PATCH net-next 0/4] nf_tables_offload: vlan matching support, Pablo Neira Ayuso
- [PATCH net-next 2/4] netfilter: nf_tables_offload: allow ethernet interface type only, Pablo Neira Ayuso
- [PATCH net-next 4/4] netfilter: nft_payload: add C-VLAN offload support, Pablo Neira Ayuso
- [PATCH net-next 3/4] netfilter: nft_payload: add VLAN offload support, Pablo Neira Ayuso
- [PATCH net-next 1/4] netfilter: nf_tables: constify nft_reg_load{8,16,64}(), Pablo Neira Ayuso
- Re: [PATCH net-next 0/4] nf_tables_offload: vlan matching support, David Miller
Choosing best API-way to full dump/restore nftables, Alexander Mikhalitsyn
- Re: Choosing best API-way to full dump/restore nftables, Pablo Neira Ayuso
Mysql has problem with synproxy, İbrahim Ercan
- Re: Mysql has problem with synproxy, Florian Westphal
[PATCH libnftnl] set: Add support for NFTA_SET_SUBKEY attributes, Stefano Brivio
- Re: [PATCH libnftnl] set: Add support for NFTA_SET_SUBKEY attributes, Phil Sutter
  - Re: [PATCH libnftnl] set: Add support for NFTA_SET_SUBKEY attributes, Stefano Brivio
    - Re: [PATCH libnftnl] set: Add support for NFTA_SET_SUBKEY attributes, Stefano Brivio
      - Re: [PATCH libnftnl] set: Add support for NFTA_SET_SUBKEY attributes, Phil Sutter
[PATCH nft 0/3] Introduce support for concatenated ranges, Stefano Brivio
- [PATCH nft 1/3] src: Add support for and export NFT_SET_SUBKEY attributes, Stefano Brivio
- [PATCH nft 2/3] src: Add support for concatenated set ranges, Stefano Brivio
  - Re: [PATCH nft 2/3] src: Add support for concatenated set ranges, Phil Sutter
    - Re: [PATCH nft 2/3] src: Add support for concatenated set ranges, Stefano Brivio
      - Re: [PATCH nft 2/3] src: Add support for concatenated set ranges, Phil Sutter
        
        Re: [PATCH nft 2/3] src: Add support for concatenated set ranges, Stefano Brivio
        
        Re: [PATCH nft 2/3] src: Add support for concatenated set ranges, Phil Sutter
- [PATCH nft 3/3] tests: Introduce test for set with concatenated ranges, Stefano Brivio
[PATCH nf-next 0/8] nftables: Set implementation for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next 1/8] nf_tables: Support for subkeys, set with multiple ranged fields, Stefano Brivio
- [PATCH nf-next 2/8] bitmap: Introduce bitmap_cut(): cut bits and shift remaining, Stefano Brivio
- [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
  - Re: [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Florian Westphal
    - Re: [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
      - Re: [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Florian Westphal
        
        Re: [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
        
        Re: [PATCH nf-next 3/8] nf_tables: Add set type for arbitrary concatenation of ranges, Stefano Brivio
- [PATCH nf-next 4/8] selftests: netfilter: Introduce tests for sets with range concatenation, Stefano Brivio
- [PATCH nf-next 5/8] nft_set_pipapo: Provide unrolled lookup loops for common field sizes, Stefano Brivio
- [PATCH nf-next 6/8] nft_set_pipapo: Prepare for vectorised implementation: alignment, Stefano Brivio
- [PATCH nf-next 7/8] nft_set_pipapo: Prepare for vectorised implementation: helpers, Stefano Brivio
- [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
  - Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Florian Westphal
    - Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Phil Sutter
      - Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Stefano Brivio
        
        Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Pablo Neira Ayuso
        
        Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Florian Westphal
        
        Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Pablo Neira Ayuso
        
        Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Pablo Neira Ayuso
    - Re: [PATCH nf-next 8/8] nft_set_pipapo: Introduce AVX2-based lookup implementation, Pablo Neira Ayuso
[PATCH nft] tests: shell: set reference from variable definition, Pablo Neira Ayuso
- Re: [PATCH nft] tests: shell: set reference from variable definition, Phil Sutter
[PATCH nft,v2] parser_bison: Avoid set references in odd places, Pablo Neira Ayuso
- Re: [PATCH nft,v2] parser_bison: Avoid set references in odd places, Phil Sutter
[PATCH libnetfilter_queue 1/2] src: doc: Major re-work of user packet buffer documentation, Duncan Roe
- [PATCH libnetfilter_queue 2/2] Minor tweak to pktb_len function description, Duncan Roe
  - Re: [PATCH libnetfilter_queue 2/2] Minor tweak to pktb_len function description, Pablo Neira Ayuso
- Re: [PATCH libnetfilter_queue 1/2] src: doc: Major re-work of user packet buffer documentation, Duncan Roe
- Re: [PATCH libnetfilter_queue 1/2] src: doc: Major re-work of user packet buffer documentation, Pablo Neira Ayuso
[nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Phil Sutter
- Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Ander Juaristi
- Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Pablo Neira Ayuso
  - Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Phil Sutter
  - Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Ander Juaristi
    - Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Pablo Neira Ayuso
      - Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Phil Sutter
        
        Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Pablo Neira Ayuso
        
        Re: [nft PATCH] tests/py: Set a fixed timezone in nft-test.py, Phil Sutter
[nft PATCH] parser_bison: Avoid set references in odd places, Phil Sutter
[PATCH nf-next v2 0/4] netfilter: nft_tunnel: support tunnel match expr offload, wenxu
- [PATCH nf-next v2 3/4] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match, wenxu
- [PATCH nf-next v2 1/4] netfilter: nft_tunnel: add nft_tunnel_mode_match function, wenxu
- [PATCH nf-next v2 2/4] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match, wenxu
- [PATCH nf-next v2 4/4] netfilter: nft_tunnel: add nft_tunnel_get_offload support, wenxu
- Re: [PATCH nf-next v2 0/4] netfilter: nft_tunnel: support tunnel match expr offload, Pablo Neira Ayuso
  - Re: [PATCH nf-next v2 0/4] netfilter: nft_tunnel: support tunnel match expr offload, wenxu
[PATCH libnetfilter_queue] src: Fix IPv4 checksum calculation in AF_BRIDGE packet buffer, Duncan Roe
- [PATCH libnetfilter_queue v2] src: Fix IPv4 checksum calculation in AF_BRIDGE packet buffer, Duncan Roe
  - Re: [PATCH libnetfilter_queue v2] src: Fix IPv4 checksum calculation in AF_BRIDGE packet buffer, Pablo Neira Ayuso
[PATCH libnftnl] flowtable: remove NFTA_FLOWTABLE_SIZE, Pablo Neira Ayuso
- Re: [PATCH libnftnl] flowtable: remove NFTA_FLOWTABLE_SIZE, Eric Garver
  - Re: [PATCH libnftnl] flowtable: remove NFTA_FLOWTABLE_SIZE, Pablo Neira Ayuso
[nft PATCH] scanner: Introduce numberstring, Phil Sutter
- Re: [nft PATCH] scanner: Introduce numberstring, Pablo Neira Ayuso
libnftnl: NFTA_FLOWTABLE_SIZE missing from kernel uapi headers, Eric Garver
- Re: libnftnl: NFTA_FLOWTABLE_SIZE missing from kernel uapi headers, Pablo Neira Ayuso
[PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match, wenxu
- [PATCH nf-next 3/4] netfilter: nf_flow_table_offload: add tunnel match offload support, wenxu
- [PATCH nf-next 1/4] netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup to support indir setup, wenxu
- [PATCH nf-next 4/4] netfilter: nf_flow_table_offload: add tunnel encap/decap action offload support, wenxu
- [PATCH nf-next 2/4] netfilter: nf_flow_table_offload: add indr block setup support, wenxu
- Re: [PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match, Pablo Neira Ayuso
  - Re: [PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match, wenxu
    - Re: [PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match, Pablo Neira Ayuso
      - Re: [PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match, wenxu
[PATCH nf] netfilter: ctnetlink: netns exit must wait for callbacks, Florian Westphal
- Re: [PATCH nf] netfilter: ctnetlink: netns exit must wait for callbacks, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, Pablo Neira Ayuso
    - Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, wenxu
  - Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, wenxu
    - Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: add nft_unregister_flowtable_hook(), Pablo Neira Ayuso
[iptables PATCH 0/2] Restore rule counter zeroing, Phil Sutter
- [iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache, Phil Sutter
  - Re: [iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache, Florian Westphal
    - Re: [iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache, Pablo Neira Ayuso
- [iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT, Phil Sutter
  - Re: [iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT, Florian Westphal
    - Re: [iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT, Pablo Neira Ayuso
[net-next 1/1] netfilter: nf_tables_offload: Fix dangling extack pointer, Saeed Mahameed
- Re: [net-next 1/1] netfilter: nf_tables_offload: Fix dangling extack pointer, Pablo Neira Ayuso
[nft PATCH] cache: Reduce caching for get command, Phil Sutter
- Re: [nft PATCH] cache: Reduce caching for get command, Pablo Neira Ayuso
[nft PATCH] segtree: Fix get element for little endian ranges, Phil Sutter
- Re: [nft PATCH] segtree: Fix get element for little endian ranges, Pablo Neira Ayuso
[PATCH nf-next 1/3] netfilter: nf_tables_offload: remove reference to flow rule from deletion path, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: nf_tables_offload: release flow_rule on error from commit path, Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: nf_tables_offload: undo updates if transaction fails, Pablo Neira Ayuso
Re: ipset bitmap:port question, İbrahim Ercan
- Re: ipset bitmap:port question, Kadlecsik József
[PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE, Pablo Neira Ayuso
  - Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE, Pablo Neira Ayuso
libnetfilter_queue git pull has stopped working, Duncan Roe
[PATCH nf-next 1/2] netfilter: nf_flow_table_offload: add flow_action_entry_next() and use it, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: nf_flow_table_offload: add IPv6 support, Pablo Neira Ayuso
[PATCH][v2] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li RongQing
- Re: [PATCH][v2] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Pablo Neira Ayuso
  - 答复: [PATCH][v2] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li,Rongqing
[PATCH net-next 0/4] netfilter: flow_table_offload something fixes, wenxu
- [PATCH net-next 2/4] netfilter: flow_table_core: remove unnecessary parameter in flow_offload_fill_dir, wenxu
- [PATCH net-next 1/4] netfilter: flow_table_offload: Fix check ndo_setup_tc when setup_block, wenxu
- [PATCH net-next 4/4] netfilter: nf_tables_api: Fix UNBIND setup in the nft_flowtable_event, wenxu
- [PATCH net-next 3/4] netfilter: nf_tables: Fix check the err for FLOW_BLOCK_BIND setup call, wenxu
  - Re: [PATCH net-next 3/4] netfilter: nf_tables: Fix check the err for FLOW_BLOCK_BIND setup call, Pablo Neira Ayuso
- Re: [PATCH net-next 0/4] netfilter: flow_table_offload something fixes, Pablo Neira Ayuso
- Re: [PATCH net-next 0/4] netfilter: flow_table_offload something fixes, David Miller
[PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event, wenxu
- Re: [PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event, wenxu
- Re: [PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 195/209] netfilter: nft_compat: do not dump private area, Sasha Levin
[PATCH AUTOSEL 4.14 105/115] netfilter: nft_compat: do not dump private area, Sasha Levin
[nft PATCH] segtree: Check ranges when deleting elements, Phil Sutter
- Re: [nft PATCH] segtree: Check ranges when deleting elements, Pablo Neira Ayuso
- Re: [nft PATCH] segtree: Check ranges when deleting elements, Phil Sutter
[nft PATCH] meta: Rewrite hour_type_print(), Phil Sutter
- Re: [nft PATCH] meta: Rewrite hour_type_print(), Pablo Neira Ayuso
[nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING, Phil Sutter
- Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING, Pablo Neira Ayuso
  - Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING, Phil Sutter
- Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING, Pablo Neira Ayuso
[PATCH mlx5-next 0/7] netfilter flowtable hardware offload support, Pablo Neira Ayuso
- [PATCH mlx5-next 2/7] net/mlx5: Rename FDB_* tc related defines to FDB_TC_* defines, Pablo Neira Ayuso
- [PATCH mlx5-next 5/7] net/mlx5: Refactor creating fast path prio chains, Pablo Neira Ayuso
- [PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules, Pablo Neira Ayuso
  - Re: [PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules, Saeed Mahameed
    - Re: [PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules, Pablo Neira Ayuso
- [PATCH mlx5-next 3/7] net/mlx5: Define fdb tc levels per prio, Pablo Neira Ayuso
- [PATCH mlx5-next 6/7] net/mlx5: Add new chain for netfilter flow table offload, Pablo Neira Ayuso
- [PATCH mlx5-next 4/7] net/mlx5: Accumulate levels for chains prio namespaces, Pablo Neira Ayuso
- [PATCH mlx5-next 1/7] net/mlx5: Simplify fdb chain and prio eswitch defines, Pablo Neira Ayuso
- Re: [PATCH mlx5-next 0/7] netfilter flowtable hardware offload support, Saeed Mahameed
[PATCH net-next 0/6] netfilter flowtable hardware offload, Pablo Neira Ayuso
- [PATCH net-next 2/6] netfilter: nf_flow_table: remove union from flow_offload structure, Pablo Neira Ayuso
- [PATCH net-next 3/6] netfilter: nf_flowtable: remove flow_offload_entry structure, Pablo Neira Ayuso
- [PATCH net-next 1/6] netfilter: nf_flow_table: move conntrack object to struct flow_offload, Pablo Neira Ayuso
- [PATCH net-next 4/6] netfilter: nf_flow_table: detach routing information from flow description, Pablo Neira Ayuso
- [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, Pablo Neira Ayuso
  - Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, kbuild test robot
  - Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, Edward Cree
    - Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, Paul Blakey
      - Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support, Pablo Neira Ayuso
- [PATCH net-next 5/6] netfilter: nf_tables: add flowtable offload control plane, Pablo Neira Ayuso
- Re: [PATCH net-next 0/6] netfilter flowtable hardware offload, David Miller
UAF in ip6_do_table on 4.19 kernel, stranche
- Re: UAF in ip6_do_table on 4.19 kernel, Eric Dumazet
[conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Phil Sutter
- Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Arturo Borrero Gonzalez
  - Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc, Pablo Neira Ayuso
[conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Phil Sutter
- Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@, Pablo Neira Ayuso
[PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Manoj Basapathi
- Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Arturo Borrero Gonzalez
- Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, Florian Westphal
  - Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, manojbm
  - Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target, manojbm
[PATCH libnetfilter_queue 0/2] Miscellaneous fixes, Duncan Roe
- [PATCH libnetfilter_queue 2/2] src: Make sure pktb_alloc() works for AF_INET6 since we document that it does, Duncan Roe
- [PATCH libnetfilter_queue 1/2] src: pktb_trim() was not updating tail after updating len, Duncan Roe
- Re: [PATCH libnetfilter_queue 0/2] Miscellaneous fixes, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 183/191] netfilter: masquerade: don't flush all conntracks if only one address deleted on device, Sasha Levin
[PATCH AUTOSEL 4.14 105/109] netfilter: masquerade: don't flush all conntracks if only one address deleted on device, Sasha Levin
[PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li RongQing
- Re: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Pablo Neira Ayuso
  - 答复: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets, Li,Rongqing
[PATCH 00/16] drivers: y2038 updates, Arnd Bergmann
- [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Arnd Bergmann
  - Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Phil Sutter
  - Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic, Pablo Neira Ayuso
[PATCH 0/8] y2038: bug fixes from y2038 work, Arnd Bergmann
- [PATCH 5/8] netfilter: xt_time: use time64_t, Arnd Bergmann
  - Re: [PATCH 5/8] netfilter: xt_time: use time64_t, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 203/205] netfilter: nf_tables: avoid BUG_ON usage, Sasha Levin
KCSAN: data-race in pcpu_alloc / pcpu_free_area (2), syzbot
[nft PATCH 1/2] files: Drop shebangs from config files, Phil Sutter
- [nft PATCH 2/2] files: Install sample scripts from files/examples, Phil Sutter
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Pablo Neira Ayuso
    - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Phil Sutter
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Arturo Borrero Gonzalez
  - Re: [nft PATCH 2/2] files: Install sample scripts from files/examples, Pablo Neira Ayuso
- Re: [nft PATCH 1/2] files: Drop shebangs from config files, Arturo Borrero Gonzalez
  - Re: [nft PATCH 1/2] files: Drop shebangs from config files, Phil Sutter
    - Re: [nft PATCH 1/2] files: Drop shebangs from config files, Arturo Borrero Gonzalez
- Re: [nft PATCH 1/2] files: Drop shebangs from config files, Pablo Neira Ayuso
[PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378), Jan-Martin Raemer
- Re: [PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378), Pablo Neira Ayuso
[PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
- [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
  - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
    - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
      - Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Daniel Borkmann
        
        Re: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Florian Westphal
        
        [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
        
        [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
        
        Re: [PATCH v4] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Pablo Neira Ayuso
        
        RE: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
- RE: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16()., Praveen Chaudhary
ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
- Re: ipv6 forward rule after prerouting - Howto, Phil Sutter
  - Re: ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
  - Re: ipv6 forward rule after prerouting - Howto, Daniel Huhardeaux
[PATCH] src: add `set_is_meter` helper., Jeremy Sowden
- [PATCH nft] src: add `set_is_meter` helper., Jeremy Sowden
- Re: [PATCH] src: add `set_is_meter` helper., Florian Westphal
[nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
- Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
  - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
    - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
      - Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Pablo Neira Ayuso
        
        Re: [nft PATCH] doc: Drop incorrect requirement for nft configs, Phil Sutter
[PATCH nft] src: flowtable: add support for delete command by handle, Eric Jallot
- Re: [PATCH nft] src: flowtable: add support for delete command by handle, Pablo Neira Ayuso
[PATCH libnftnl] flowtable: add support for handle attribute, Eric Jallot
- Re: [PATCH libnftnl] flowtable: add support for handle attribute, Pablo Neira Ayuso
[PATCH nf 1/2] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update, Pablo Neira Ayuso
- [PATCH nf 2/2] netfilter: nf_tables_offload: skip EBUSY on chain update, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_payload: add C-VLAN support, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c, Pablo Neira Ayuso
ebtables dnat rule gets system frozen, Tom Yan
- Re: ebtables dnat rule gets system frozen, Florian Westphal
- [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains, Florian Westphal
  - Re: [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c, Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c, Pablo Neira Ayuso
[PATCH nft] tests: add stateful object update operation test, Fernando Fernandez Mancera
[PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error, Fernando Fernandez Mancera
- Re: [PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error, Pablo Neira Ayuso
[PATCH nf-next,v2] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
- Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup(), kbuild test robot
[PATCH libnetfilter_queue 0/2] src: doc: Main Page updates, Duncan Roe
- [PATCH libnetfilter_queue 1/2] src: whitespace: Eliminate useless spaces before tabs, Duncan Roe
- [PATCH libnetfilter_queue 2/2] src: doc: Update the Main Page to be nft-focussed, Duncan Roe
- Re: [PATCH libnetfilter_queue 0/2] src: doc: Main Page updates, Pablo Neira Ayuso
"Sets" element cannot update "struct proto_ctx", Ttttabcd
[PATCH net-next 0/2] icmp: move duplicate code in helper functions, Matteo Croce
- [PATCH net-next 1/2] icmp: add helpers to recognize ICMP error packets, Matteo Croce
- [PATCH net-next 2/2] icmp: remove duplicate code, Matteo Croce
- Re: [PATCH net-next 0/2] icmp: move duplicate code in helper functions, David Miller
[PATCH 0/1] ipset patches for nf-next, Jozsef Kadlecsik
- [PATCH 1/1] netfilter: ipset: Add wildcard support to net,iface, Jozsef Kadlecsik
- Re: [PATCH 0/1] ipset patches for nf-next, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.4 released, Kadlecsik József
Nat redirect using map, Daniel Huhardeaux
- Re: Nat redirect using map, Florian Westphal
  - Re: Nat redirect using map, Daniel Huhardeaux
[nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
- Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Pablo Neira Ayuso
  - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
    - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
      - Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Pablo Neira Ayuso
        
        Re: [nft PATCH] evaluate: Reject set references in mapping LHS, Phil Sutter
[PATCH nf-next 0/2] Revisit vlan support, Pablo Neira Ayuso
- [PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling, Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling, Florian Westphal
- [PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr(), Pablo Neira Ayuso
  - Re: [PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr(), Florian Westphal
[PATCH nft,RFC] src: Support netdev egress hook, Lukas Wunner
[PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
- [PATCH nf-next,RFC 1/5] netfilter: Clean up unnecessary #ifdef, Lukas Wunner
- [PATCH nf-next,RFC 2/5] netfilter: Document ingress hook, Lukas Wunner
- [PATCH nf-next,RFC 4/5] netfilter: Generalize ingress hook, Lukas Wunner
- [PATCH nf-next,RFC 3/5] netfilter: Rename ingress hook include file, Lukas Wunner
- [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Lukas Wunner
  - Re: [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Daniel Borkmann
    - Re: [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook, Lukas Wunner
- Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
  - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Lukas Wunner
    - Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook, Pablo Neira Ayuso
[tip: core/rcu] net/netfilter: Replace rcu_swap_protected() with rcu_replace_pointer(), tip-bot2 for Paul E. McKenney
nft: secmark output not understood by parser, Phil Sutter
[PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Lukas Wunner
- Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Lukas Wunner
  - Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit, Pablo Neira Ayuso
[libnftnl PATCH 1/1] flowtable: Fix symbol export for clang, Marvin Schmidt
- Re: [libnftnl PATCH 1/1] flowtable: Fix symbol export for clang, Pablo Neira Ayuso
[nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
- Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Pablo Neira Ayuso
  - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
- <Possible follow-ups>
- [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
  - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
    - Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx, Pablo Neira Ayuso
[nft PATCH] libnftables: Store top_scope in struct nft_ctx, Phil Sutter
[PATCH nft] doc: fix missing family in plural forms list command., Eric Jallot
- Re: [PATCH nft] doc: fix missing family in plural forms list command., Pablo Neira Ayuso
[libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Phil Sutter
- [libnftnl PATCH 2/2] Deprecate untyped data setters, Phil Sutter
  - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Pablo Neira Ayuso
    - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Phil Sutter
      - Re: [libnftnl PATCH 2/2] Deprecate untyped data setters, Pablo Neira Ayuso
- Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Phil Sutter
- Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data(), Pablo Neira Ayuso
[iptables PATCH v3 00/12] Implement among match support, Phil Sutter
- [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Phil Sutter
  - Re: [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Pablo Neira Ayuso
- [iptables PATCH v3 12/12] nft: bridge: Rudimental among extension support, Phil Sutter
- [iptables PATCH v3 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup(), Phil Sutter
- [iptables PATCH v3 05/12] nft: Keep nft_handle pointer in nft_xt_ctx, Phil Sutter
- [iptables PATCH v3 10/12] nft: Embed rule's table name in nft_xt_ctx, Phil Sutter
- [iptables PATCH v3 09/12] nft: Bore up nft_parse_payload(), Phil Sutter
- [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Phil Sutter
  - Re: [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Pablo Neira Ayuso
- [iptables PATCH v3 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback, Phil Sutter
- [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Phil Sutter
  - Re: [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Pablo Neira Ayuso
- [iptables PATCH v3 08/12] nft: Support NFT_COMPAT_SET_ADD, Phil Sutter
- [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Phil Sutter
  - Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level, Phil Sutter
- [iptables PATCH v3 11/12] nft: Support parsing lookup expression, Phil Sutter
- Re: [iptables PATCH v3 00/12] Implement among match support, Pablo Neira Ayuso
  - Re: [iptables PATCH v3 00/12] Implement among match support, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 00/12] Implement among match support, Phil Sutter
[PATCH nft] src: flowtable: add support for named flowtable listing, Eric Jallot
- Re: [PATCH nft] src: flowtable: add support for named flowtable listing, Pablo Neira Ayuso
Rearranging expressions in the rule, Serguei Bezverkhi (sbezverk)
[conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default, Arturo Borrero Gonzalez
- Re: [conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default, Pablo Neira Ayuso
Documentation question, Duncan Roe
- Re: Documentation question, Pablo Neira Ayuso
  - Re: Documentation question, Duncan Roe
    - Re: Documentation question, Pablo Neira Ayuso
- <Possible follow-ups>
- Documentation question, Duncan Roe
  - Re: Documentation question, Florian Westphal
    - Re: Documentation question, Duncan Roe
- Documentation question, Duncan Roe
  - Re: Documentation question, Pablo Neira Ayuso
    - Re: Documentation question, Duncan Roe
      - Re: Documentation question, Duncan Roe
    - [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one, Duncan Roe
      - Re: [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one, Pablo Neira Ayuso
- Documentation question, Duncan Roe
  - Re: Documentation question, Pablo Neira Ayuso
    - Re: Documentation question, Duncan Roe
      - Re: Documentation question, Pablo Neira Ayuso
        
        [PATCH libnetfilter_queue] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Pablo Neira Ayuso
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
        
        Re: [PATCH libnetfilter_queue v2] src: examples: Use libnetfilter_queue cached linux headers throughout, Duncan Roe
Re: Conntrack offload questions, Pablo Neira Ayuso
ipset make modules_install always fail unless module already loaded?, Oskar Berggren
- Re: ipset make modules_install always fail unless module already loaded?, Kadlecsik József
[PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
- [PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
  - Re: [PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Pablo Neira Ayuso
    - RE: [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet., Praveen Chaudhary
[nft PATCH] tests/py: Fix test script for Python3 tempfile, Phil Sutter
- Re: [nft PATCH] tests/py: Fix test script for Python3 tempfile, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, Edward Cree
- Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only, wenxu
libnftnl: Attribute and data length validation for objects, Phil Sutter
general protection fault in ip6_sublist_rcv, syzbot
- [PATCH net-next] inet: do not call sublist_rcv on empty list, Florian Westphal
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, Leon Romanovsky
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, Nikolay Aleksandrov
  - Re: [PATCH net-next] inet: do not call sublist_rcv on empty list, David Miller
[nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
- <Possible follow-ups>
- [nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
  - Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters, Pablo Neira Ayuso
    - Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters, Phil Sutter
[iptables PATCH v2 00/10] Reduce code size around arptables-nft, Phil Sutter
- [iptables PATCH v2 04/10] Merge CMD_* defines, Phil Sutter
- [iptables PATCH v2 10/10] nft-arp: Use xtables_print_mac_and_mask(), Phil Sutter
- [iptables PATCH v2 01/10] ip6tables, xtables-arp: Drop unused struct pprot, Phil Sutter
- [iptables PATCH v2 09/10] xtables-arp: Use xtables_parse_interface(), Phil Sutter
- [iptables PATCH v2 07/10] xtables-arp: Integrate OPT_* defines into xshared.h, Phil Sutter
- [iptables PATCH v2 03/10] xshared: Share a common implementation of parse_rulenumber(), Phil Sutter
- [iptables PATCH v2 02/10] xshared: Share a common add_command() implementation, Phil Sutter
- [iptables PATCH v2 08/10] xtables-arp: Drop some unused variables, Phil Sutter
- [iptables PATCH v2 06/10] Replace TRUE/FALSE with true/false, Phil Sutter
- [iptables PATCH v2 05/10] xtables-arp: Drop generic_opt_check(), Phil Sutter
- Re: [iptables PATCH v2 00/10] Reduce code size around arptables-nft, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_meta: offload support for interface index, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables_offload: check for register data length mismatches, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables_offload: check for register data length mismatches, Pablo Neira Ayuso
[iptables PATCH 00/10] Reduce code size around arptables-nft, Phil Sutter
- [iptables PATCH 09/10] xtables-arp: Use xtables_parse_interface(), Phil Sutter
- [iptables PATCH 05/10] xtables-arp: Drop generic_opt_check(), Phil Sutter
- [iptables PATCH 01/10] ip6tables, xtables-arp: Drop unused struct pprot, Phil Sutter
- [iptables PATCH 03/10] xshared: Share a common implementation of parse_rulenumber(), Phil Sutter
- [iptables PATCH 02/10] xshared: Share a common add_command() implementation, Phil Sutter
- [iptables PATCH 08/10] xtables-arp: Drop some unused variables, Phil Sutter
- [iptables PATCH 10/10] nft-arp: Use xtables_print_mac_and_mask(), Phil Sutter
- [iptables PATCH 07/10] xtables-arp: Integrate OPT_* defines into xshared.h, Phil Sutter
- [iptables PATCH 06/10] Replace TRUE/FALSE with true/false, Phil Sutter
- [iptables PATCH 04/10] Merge CMD_* defines, Phil Sutter
- Re: [iptables PATCH 00/10] Reduce code size around arptables-nft, Pablo Neira Ayuso
  - Re: [iptables PATCH 00/10] Reduce code size around arptables-nft, Phil Sutter
[PATCH nf] netfilter: nft_cmp: check for register data length mismatches, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Duncan Roe
- Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Duncan Roe
  - Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt(), Florian Westphal
[PATCH AUTOSEL 5.3 49/99] netfilter: conntrack: avoid possible false sharing, Sasha Levin
[PATCH 00/31] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH 01/31] netfilter: ipset: add a coding-style fix to ip_set_ext_destroy., Pablo Neira Ayuso
- [PATCH 05/31] netfilter: ipset: make ip_set_put_flags extern., Pablo Neira Ayuso
- [PATCH 03/31] netfilter: ipset: move ip_set_comment functions from ip_set.h to ip_set_core.c., Pablo Neira Ayuso
- [PATCH 07/31] netfilter: ipset: move ip_set_get_ip_port() to ip_set_bitmap_port.c., Pablo Neira Ayuso
- [PATCH 09/31] ipvs: batch __ip_vs_cleanup, Pablo Neira Ayuso
- [PATCH 13/31] selftests: netfilter: add ipvs tunnel test case, Pablo Neira Ayuso
- [PATCH 14/31] netfilter: ecache: document extension area access rules, Pablo Neira Ayuso
- [PATCH 15/31] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks, Pablo Neira Ayuso
- [PATCH 26/31] netfilter: nf_tables_offload: remove rules on unregistered device only, Pablo Neira Ayuso
- [PATCH 28/31] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Pablo Neira Ayuso
- [PATCH 18/31] netfilter: nft_tproxy: Fix typo in IPv6 module description., Pablo Neira Ayuso
- [PATCH 17/31] netfilter: add and use nf_hook_slow_list(), Pablo Neira Ayuso
- [PATCH 31/31] netfilter: nf_tables_offload: unbind if multi-device binding fails, Pablo Neira Ayuso
- [PATCH 30/31] netfilter: nf_tables_offload: add nft_flow_block_offload_init(), Pablo Neira Ayuso
- [PATCH 29/31] netfilter: nf_tables_offload: add nft_chain_offload_cmd(), Pablo Neira Ayuso
- [PATCH 27/31] netfilter: nf_tables: support for multiple devices per netdev hook, Pablo Neira Ayuso
- [PATCH 24/31] netfilter: nf_tables_offload: Pass callback list to nft_setup_cb_call(), Pablo Neira Ayuso
- [PATCH 20/31] netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables, Pablo Neira Ayuso
- [PATCH 25/31] netfilter: nf_tables_offload: add nft_flow_cls_offload_setup(), Pablo Neira Ayuso
- [PATCH 23/31] netfilter: nf_tables_offload: add nft_flow_block_chain(), Pablo Neira Ayuso
- [PATCH 22/31] netfilter: nf_tables: increase maximum devices number per flowtable, Pablo Neira Ayuso
- [PATCH 21/31] netfilter: nf_tables: allow netdevice to be used only once per flowtable, Pablo Neira Ayuso
- [PATCH 19/31] netfilter: nf_flow_table: move priority to struct nf_flowtable, Pablo Neira Ayuso
- [PATCH 16/31] netfilter: conntrack: free extension area immediately, Pablo Neira Ayuso
- [PATCH 11/31] selftests: netfilter: add ipvs test script, Pablo Neira Ayuso
- [PATCH 12/31] selftests: netfilter: add ipvs nat test case, Pablo Neira Ayuso
- [PATCH 10/31] ipvs: batch __ip_vs_dev_cleanup, Pablo Neira Ayuso
- [PATCH 08/31] ipvs: no need to update skb route entry for local destination packets., Pablo Neira Ayuso
- [PATCH 04/31] netfilter: ipset: move functions to ip_set_core.c., Pablo Neira Ayuso
- [PATCH 02/31] netfilter: ipset: remove inline from static functions in .c files., Pablo Neira Ayuso
- [PATCH 06/31] netfilter: ipset: move function to ip_set_bitmap_ip.c., Pablo Neira Ayuso
- Re: [PATCH 00/31] Netfilter/IPVS updates for net-next, David Miller
[PATCH nft] mnl: remove artifical cap on 8 devices per flowtable, Pablo Neira Ayuso
[PATCH nft,v3] src: add multidevice support for netdev chain, Pablo Neira Ayuso
[PATCH nft,v2] src: add multidevice support for netdev chain, Pablo Neira Ayuso
- Re: [PATCH nft,v2] src: add multidevice support for netdev chain, Pablo Neira Ayuso
[PATCH libnftnl,v2] chain: multi-device support, Pablo Neira Ayuso
[PATCH libnftnl,v2] flowtable: device array dynamic allocation, Pablo Neira Ayuso
[iptables PATCH] xtables-arp: Use xtables_ipparse_multiple(), Phil Sutter
- Re: [iptables PATCH] xtables-arp: Use xtables_ipparse_multiple(), Florian Westphal
[PATCH AUTOSEL 5.3 11/33] netfilter: conntrack: avoid possible false sharing, Sasha Levin
[PATCH AUTOSEL 5.3 16/33] netfilter: connlabels: prefer static lock initialiser, Sasha Levin
[GIT PULL] IPVS fixes for v5.4, Simon Horman
- [PATCH 1/2] ipvs: don't ignore errors in case refcounting ip_vs module fails, Simon Horman
- [PATCH 2/2] ipvs: move old_secure_tcp into struct netns_ipvs, Simon Horman
- Re: [GIT PULL] IPVS fixes for v5.4, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, wenxu
    - Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload, Pablo Neira Ayuso
[iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
- [iptables PATCH v3 1/7] xtables-restore: Integrate restore callbacks into struct nft_xt_restore_parse, Phil Sutter
- [iptables PATCH v3 5/7] xtables-restore: Allow lines without trailing newline character, Phil Sutter
- [iptables PATCH v3 4/7] xtables-restore: Remove some pointless linebreaks, Phil Sutter
- [iptables PATCH v3 2/7] xtables-restore: Introduce struct nft_xt_restore_state, Phil Sutter
- [iptables PATCH v3 6/7] xtables-restore: Improve performance of --noflush operation, Phil Sutter
- [iptables PATCH v3 7/7] tests: shell: Add ipt-restore/0007-flush-noflush_0, Phil Sutter
- [iptables PATCH v3 3/7] xtables-restore: Introduce line parsing function, Phil Sutter
- Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Pablo Neira Ayuso
  - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
    - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Pablo Neira Ayuso
      - Re: [iptables PATCH v3 0/7] Improve xtables-restore performance, Phil Sutter
[PATCH trivial] net: Fix various misspellings of "connect", Geert Uytterhoeven
- Re: [PATCH trivial] net: Fix various misspellings of "connect", Kalle Valo
- Re: [PATCH trivial] net: Fix various misspellings of "connect", Simon Horman
- Re: [PATCH trivial] net: Fix various misspellings of "connect", David Miller
[PATCH nf-next 0/5] netfilter: nft_tunnel: support tunnel match expr offload, wenxu
- [PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function, wenxu
  - Re: [PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function, Pablo Neira Ayuso
- [PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match, wenxu
  - Re: [PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match, Pablo Neira Ayuso
- [PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate, wenxu
  - Re: [PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate, Pablo Neira Ayuso
- [PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match, wenxu
  - Re: [PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match, kbuild test robot
- [PATCH nf-next 5/5] netfilter: nft_tunnel: add nft_tunnel_get_offload support, wenxu
[PATCH nf-next 1/3] netfilter: nf_tables_offload: add nft_chain_offload_cmd(), Pablo Neira Ayuso
- [PATCH nf-next 3/3] netfilter: nf_tables_offload: unbind if multi-device binding fails, Pablo Neira Ayuso
- [PATCH nf-next 2/3] netfilter: nf_tables_offload: add nft_flow_block_offload_init(), Pablo Neira Ayuso
[PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw, wenxu
- Re: [PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed, wenxu
- Re: [PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed, Pablo Neira Ayuso
[nft PATCH] Revert "main: Fix for misleading error with negative chain priority", Phil Sutter
[PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, xiangxia . m . yue
- Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Florian Westphal
  - Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Tonghao Zhang
    - Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone, Florian Westphal
[PATCH nft 0/4] Output Flag Fixes, Jeremy Sowden
- [PATCH nft 2/4] py: add missing output flags., Jeremy Sowden
  - Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
    - Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
      - Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
        
        Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
        
        Re: [PATCH nft 2/4] py: add missing output flags., Pablo Neira Ayuso
  - Re: [PATCH nft 2/4] py: add missing output flags., Phil Sutter
- [PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option., Jeremy Sowden
  - Re: [PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option., Pablo Neira Ayuso
- [PATCH nft 4/4] main: remove duplicate output flag assignment., Jeremy Sowden
  - Re: [PATCH nft 4/4] main: remove duplicate output flag assignment., Pablo Neira Ayuso
- [PATCH nft 1/4] doc: add missing output flag documentation., Jeremy Sowden
  - Re: [PATCH nft 1/4] doc: add missing output flag documentation., Pablo Neira Ayuso
[PATCH tip/core/rcu 08/10] net/netfilter: Replace rcu_swap_protected() with rcu_replace(), paulmck
[PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Florian Westphal
- Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks, Florian Westphal
nftables: secmark support, Christian Göttsche
- Re: nftables: secmark support, Pablo Neira Ayuso
  - Re: nftables: secmark support, Christian Göttsche
    - Re: nftables: secmark support, Christian Göttsche
      - Re: nftables: secmark support, Pablo Neira Ayuso
        
        Re: nftables: secmark support, Pablo Neira Ayuso
        
        Re: nftables: secmark support, Christian Göttsche
        
        Re: nftables: secmark support, Pablo Neira Ayuso
[PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, Pablo Neira Ayuso
- [PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support, Pablo Neira Ayuso
  - Re: [PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support, wenxu
- [PATCH nf-next,RFC 1/2] netfilter: nf_tables: add decapsulation support, Pablo Neira Ayuso
- Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
  - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, Pablo Neira Ayuso
    - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
    - Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support, wenxu
KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
- Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
- Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, syzbot
  - Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events, Florian Westphal
How to implement transparent proxy in bridge through nftables, Ttttabcd
- Re: How to implement transparent proxy in bridge through nftables, Florian Westphal
  - Re: How to implement transparent proxy in bridge through nftables, Ttttabcd

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]