Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

[PATCH 5.10 340/352] netfilter: nf_tables: use timestamp to check for set element timeout, Greg Kroah-Hartman
[PATCH 5.10 339/352] netfilter: nf_tables: set element extended ACK reporting support, Greg Kroah-Hartman
[PATCH 5.4 253/259] netfilter: nf_tables: prefer nft_chain_validate, Greg Kroah-Hartman
[PATCH 5.4 252/259] netfilter: nf_tables: use timestamp to check for set element timeout, Greg Kroah-Hartman
[PATCH 5.4 251/259] netfilter: nf_tables: set element extended ACK reporting support, Greg Kroah-Hartman
[PATCH 5.15 470/484] netfilter: nf_tables: prefer nft_chain_validate, Greg Kroah-Hartman
[PATCH 5.15 469/484] netfilter: nf_tables: allow clone callbacks to sleep, Greg Kroah-Hartman
[PATCH 5.15 468/484] netfilter: nf_tables: bail out if stateful expression provides no .clone, Greg Kroah-Hartman
[PATCH 5.15 467/484] netfilter: nf_tables: use timestamp to check for set element timeout, Greg Kroah-Hartman
[PATCH 5.15 466/484] netfilter: nf_tables: set element extended ACK reporting support, Greg Kroah-Hartman
[PATCH 4.19 191/196] netfilter: nf_tables: prefer nft_chain_validate, Greg Kroah-Hartman
[PATCH 4.19 190/196] netfilter: nf_tables: use timestamp to check for set element timeout, Greg Kroah-Hartman
[PATCH 4.19 189/196] netfilter: nf_tables: set element extended ACK reporting support, Greg Kroah-Hartman
[PATCH nft] parser_bison: allow 0 burst in limit rate byte mode, Pablo Neira Ayuso
[PATCH nft 0/5] relax cache requirements, speed up incremental updates, Pablo Neira Ayuso
- [PATCH nft 3/5] cache: populate objecs on demand from error path, Pablo Neira Ayuso
- [PATCH nft 4/5] cache: populate flowtable on demand from error path, Pablo Neira Ayuso
- [PATCH nft 1/5] cache: rule by index requires full cache, Pablo Neira Ayuso
- [PATCH nft 2/5] cache: populate chains on demand from error path, Pablo Neira Ayuso
- [PATCH nft 5/5] cache: do not fetch set inconditionally on delete, Pablo Neira Ayuso
- Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Phil Sutter
  - Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Pablo Neira Ayuso
    - Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Phil Sutter
      - Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Pablo Neira Ayuso
- Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Eric Garver
  - Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates, Pablo Neira Ayuso
[PATCH nft] tests: shell: add a few tests for nft -i, Pablo Neira Ayuso
[PATCH] netfilter: nfnetlink: fix uninitialized local variable, icejl
- Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Pablo Neira Ayuso
- Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Breno Leitao
  - Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Pablo Neira Ayuso
    - Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Breno Leitao
      - Re: [PATCH] netfilter: nfnetlink: fix uninitialized local variable, Pablo Neira Ayuso
Please comment on my libnetfilter_queue build speedup patch, Duncan Roe
- Re: Please comment on my libnetfilter_queue build speedup patch, Florian Westphal
  - Re: Please comment on my libnetfilter_queue build speedup patch, Duncan Roe
[PATCH nft] cache: populate chains on demand from error path, Pablo Neira Ayuso
[PATCH net-next v2 0/3] Preparations for FIB rule DSCP selector, Ido Schimmel
- [PATCH net-next v2 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Ido Schimmel
- [PATCH net-next v2 1/3] ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family, Ido Schimmel
- [PATCH net-next v2 3/3] ipv4: Centralize TOS matching, Ido Schimmel
  - Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching, Guillaume Nault
  - Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching, David Ahern
    - Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching, Ido Schimmel
      - Re: [PATCH net-next v2 3/3] ipv4: Centralize TOS matching, Guillaume Nault
- Re: [PATCH net-next v2 0/3] Preparations for FIB rule DSCP selector, Guillaume Nault
- Re: [PATCH net-next v2 0/3] Preparations for FIB rule DSCP selector, patchwork-bot+netdevbpf
[PATCH nft,v2 1/2] datatype: reject rate in quota statement, Pablo Neira Ayuso
- [PATCH nft,v2 2/2] datatype: improve error reporting when time unit is not correct, Pablo Neira Ayuso
- Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Phil Sutter
  - Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Pablo Neira Ayuso
    - Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Phil Sutter
      - Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Phil Sutter
        
        Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Pablo Neira Ayuso
        
        Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Phil Sutter
        
        Re: [PATCH nft,v2 1/2] datatype: reject rate in quota statement, Pablo Neira Ayuso
[PATCH nft 1/2] datatype: replace strncmp() by strcmp() in unit parser, Pablo Neira Ayuso
- [PATCH nft 2/2] datatype: improve error reporting when time unit is not correct, Pablo Neira Ayuso
- Re: [PATCH nft 1/2] datatype: replace strncmp() by strcmp() in unit parser, Pablo Neira Ayuso
[PATCH] tests: shell: skip vlan mangling testcase if egress is not support, Pablo Neira Ayuso
[RFC PATCH v2 0/9] Support TCP listen access-control, Mikhail Ivanov
- [RFC PATCH v2 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
  - Re: [RFC PATCH v2 2/9] landlock: Support TCP listen access-control, Günther Noack
    - Re: [RFC PATCH v2 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
      - Re: [RFC PATCH v2 2/9] landlock: Support TCP listen access-control, Günther Noack
        
        Re: [RFC PATCH v2 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
- [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction, Mikhail Ivanov
  - Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction, Günther Noack
    - Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction, Mikhail Ivanov
      - Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction, Mickaël Salaün
        
        Re: [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction, Mikhail Ivanov
- [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
  - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Günther Noack
    - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
    - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Günther Noack
      - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
        
        Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mickaël Salaün
        
        Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
  - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Günther Noack
    - Re: [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
- [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check, Mikhail Ivanov
  - Re: [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check, Günther Noack
    - Re: [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check, Mikhail Ivanov
- [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket, Mikhail Ivanov
  - Re: [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket, Günther Noack
    - Re: [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket, Mikhail Ivanov
- [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction, Mikhail Ivanov
  - Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction, Günther Noack
    - Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction, Mikhail Ivanov
      - Re: [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction, Mikhail Ivanov
- [RFC PATCH v2 7/9] selftests/landlock: Test listen on ULP socket without clone method, Mikhail Ivanov
- [RFC PATCH v2 8/9] selftests/landlock: Test changing socket backlog with listen(2), Mikhail Ivanov
  - Re: [RFC PATCH v2 8/9] selftests/landlock: Test changing socket backlog with listen(2), Günther Noack
    - Re: [RFC PATCH v2 8/9] selftests/landlock: Test changing socket backlog with listen(2), Mikhail Ivanov
- [RFC PATCH v2 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN, Mikhail Ivanov
  - Re: [RFC PATCH v2 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN, Günther Noack
    - Re: [RFC PATCH v2 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN, Mikhail Ivanov
- Re: [RFC PATCH v2 0/9] Support TCP listen access-control, Günther Noack
  - Re: [RFC PATCH v2 0/9] Support TCP listen access-control, Günther Noack
    - Re: [RFC PATCH v2 0/9] Support TCP listen access-control, Mikhail Ivanov
[nft PATCH] tests: shell: Extend table persist flag test a bit, Phil Sutter
- Re: [nft PATCH] tests: shell: Extend table persist flag test a bit, Florian Westphal
- Re: [nft PATCH] tests: shell: Extend table persist flag test a bit, Phil Sutter
[Q] The usage of xt_recseq., Sebastian Andrzej Siewior
- Re: [netfilter-core] [Q] The usage of xt_recseq., Florian Westphal
  - Re: [netfilter-core] [Q] The usage of xt_recseq., Sebastian Andrzej Siewior
    - Re: [netfilter-core] [Q] The usage of xt_recseq., Florian Westphal
      - Re: [netfilter-core] [Q] The usage of xt_recseq., Sebastian Andrzej Siewior
        
        Re: [netfilter-core] [Q] The usage of xt_recseq., Florian Westphal
        
        Re: [netfilter-core] [Q] The usage of xt_recseq., Sebastian Andrzej Siewior
[PATCH nf] netfilter: flowtable: validate vlan header, Pablo Neira Ayuso
[PATCH 6.1 148/150] netfilter: nf_tables: prefer nft_chain_validate, Greg Kroah-Hartman
[PATCH 6.1 146/150] netfilter: nf_tables: bail out if stateful expression provides no .clone, Greg Kroah-Hartman
[PATCH 6.1 147/150] netfilter: nf_tables: allow clone callbacks to sleep, Greg Kroah-Hartman
[PATCH -stable,4.19.x 0/3] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 1/3] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 2/3] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 3/3] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,4.19.x 0/3] Netfilter fixes for -stable, Greg KH
[PATCH -stable,5.4.x 0/3] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,5.4.x 1/3] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH -stable,5.4.x 2/3] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH -stable,5.4.x 3/3] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,5.4.x 0/3] Netfilter fixes for -stable, Greg KH
[PATCH -stable,5.10.x 0/4] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,5.10.x 1/4] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH -stable,5.10.x 2/4] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH -stable,5.10.x 3/4] netfilter: nf_tables: allow clone callbacks to sleep, Pablo Neira Ayuso
- [PATCH -stable,5.10.x 4/4] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,5.10.x 0/4] Netfilter fixes for -stable, Greg KH
[PATCH -stable,5.15.x 0/5] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,5.15.x 2/5] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH -stable,5.15.x 1/5] netfilter: nf_tables: set element extended ACK reporting support, Pablo Neira Ayuso
- [PATCH -stable,5.15.x 3/5] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
- [PATCH -stable,5.15.x 4/5] netfilter: nf_tables: allow clone callbacks to sleep, Pablo Neira Ayuso
- [PATCH -stable,5.15.x 5/5] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,5.15.x 0/5] Netfilter fixes for -stable, Greg KH
[PATCH -stable,6.1.x 0/3] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,6.1.x 1/3] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
- [PATCH -stable,6.1.x 2/3] netfilter: nf_tables: allow clone callbacks to sleep, Pablo Neira Ayuso
- [PATCH -stable,6.1.x 3/3] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,6.1.x 0/3] Netfilter fixes for -stable, Greg KH
[PATCH -stable,6.6.x 0/1] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,6.6.x 1/1] netfilter: nf_tables: prefer nft_chain_validate, Pablo Neira Ayuso
- Re: [PATCH -stable,6.6.x 0/1] Netfilter fixes for -stable, Greg KH
[PATCH libnftnl] set: export nftnl_set_clone, chayleaf
- Re: [PATCH libnftnl] set: export nftnl_set_clone, Florian Westphal
[syzbot] [netfilter?] KMSAN: uninit-value in nf_flow_offload_inet_hook, syzbot
[nf PATCH v4 0/3] Add locking for NFT_MSG_GETOBJ_RESET requests, Phil Sutter
- [nf PATCH v4 3/3] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests, Phil Sutter
- [nf PATCH v4 1/3] netfilter: nf_tables: Audit log dump reset after the fact, Phil Sutter
- [nf PATCH v4 2/3] netfilter: nf_tables: Introduce nf_tables_getobj_single, Phil Sutter
- Re: [nf PATCH v4 0/3] Add locking for NFT_MSG_GETOBJ_RESET requests, Florian Westphal
[PATCH] netfilter: nfnetlink_log: remove unnecessary check in __build_packet_message(), Roman Smirnov
- Re: [PATCH] netfilter: nfnetlink_log: remove unnecessary check in __build_packet_message(), Sergey Shtylyov
- Re: [PATCH] netfilter: nfnetlink_log: remove unnecessary check in __build_packet_message(), Pablo Neira Ayuso
[PATCH nft] optimize: compare meta inner_desc pointers too, Florian Westphal
[PATCH nf 0/2] netfilter: disable support for queueing cloned conntrack entries, Florian Westphal
- [PATCH nf 1/2] netfilter: nf_queue: drop packets with cloned unconfirmed conntracks, Florian Westphal
- [PATCH nf 2/2] selftests: netfilter: add test for br_netfilter+conntrack+queue combination, Florian Westphal
  - Re: [PATCH nf 2/2] selftests: netfilter: add test for br_netfilter+conntrack+queue combination, Florian Westphal
- [PATCH nf v2 2/2] selftests: netfilter: add test for br_netfilter+conntrack+queue combination, Florian Westphal
iptables: compiling with kernel headers, josh lant
- Re: iptables: compiling with kernel headers, Florian Westphal
- Re: iptables: compiling with kernel headers, Phil Sutter
  - Re: iptables: compiling with kernel headers, Joshua Lant
    - Re: iptables: compiling with kernel headers, Phil Sutter
- Re: iptables: compiling with kernel headers, Jan Engelhardt
- <Possible follow-ups>
- Re: iptables: compiling with kernel headers, Joshua Lant
  - Re: iptables: compiling with kernel headers, Florian Westphal
[PATCH nft] src: add never expires marker for element timeout, Pablo Neira Ayuso
[PATCH nf-next 0/8] nf_tables: support for updating set element timeout, Pablo Neira Ayuso
- [PATCH nf-next 1/8] netfilter: nf_tables: elements with timeout less than HZ/10 never expire, Pablo Neira Ayuso
  - Re: [PATCH nf-next 1/8] netfilter: nf_tables: elements with timeout less than HZ/10 never expire, Phil Sutter
- [PATCH nf-next 3/8] netfilter: nf_tables: remove annotation to access set timeout while holding lock, Pablo Neira Ayuso
- [PATCH nf-next 2/8] netfilter: nf_tables: reject element expiration with no timeout, Pablo Neira Ayuso
  - Re: [PATCH nf-next 2/8] netfilter: nf_tables: reject element expiration with no timeout, Phil Sutter
- [PATCH nf-next 4/8] netfilter: nft_dynset: annotate data-races around set timeout, Pablo Neira Ayuso
- [PATCH nf-next 5/8] netfilter: nf_tables: annotate data-races around element expiration, Pablo Neira Ayuso
- [PATCH nf-next 8/8] netfilter: nf_tables: set element timeout update support, Pablo Neira Ayuso
- [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Pablo Neira Ayuso
  - Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, kernel test robot
  - Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Phil Sutter
    - Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Pablo Neira Ayuso
      - Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Phil Sutter
        
        Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Pablo Neira Ayuso
        
        Re: [PATCH nf-next 7/8] netfilter: nf_tables: add never expires marker to elements, Phil Sutter
- [PATCH nf-next 6/8] netfilter: nf_tables: consolidate timeout extension for elements, Pablo Neira Ayuso
Re: CVE-2024-39503: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type, Siddh Raman Pant
- Re: CVE-2024-39503: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type, Sasha Levin
[PATCH nf v1] netfilter: flowtable: initialise extack before use, Donald Hunter
- Re: [PATCH nf v1] netfilter: flowtable: initialise extack before use, Simon Horman
[PATCH nf v1] netfilter: nfnetlink: Initialise extack before use in ACKs, Donald Hunter
- Re: [PATCH nf v1] netfilter: nfnetlink: Initialise extack before use in ACKs, Simon Horman
  - Re: [PATCH nf v1] netfilter: nfnetlink: Initialise extack before use in ACKs, Donald Hunter
    - Re: [PATCH nf v1] netfilter: nfnetlink: Initialise extack before use in ACKs, Simon Horman
[PATCH] netfilter: allow ipv6 fragments to arrive on different devices, Tom Hughes
- Re: [PATCH] netfilter: allow ipv6 fragments to arrive on different devices, Florian Westphal
  - Re: [PATCH] netfilter: allow ipv6 fragments to arrive on different devices, Tom Hughes
- [PATCH v2] netfilter: allow ipv6 fragments to arrive on different devices, Tom Hughes
[PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain(), Uros Bizjak
- Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain(), Simon Horman
- Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain(), Pablo Neira Ayuso
  - Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain(), Uros Bizjak
    - Re: [PATCH] netfilter: nf_tables: Add __percpu annotation to *stats pointer in nf_tables_updchain(), Pablo Neira Ayuso
[syzbot] Monthly netfilter report (Aug 2024), syzbot
[iptables PATCH 0/8] nft: Implement forward compat for future binaries, Phil Sutter
- [iptables PATCH 2/8] ebtables: Introduce nft_bridge_init_cs(), Phil Sutter
- [iptables PATCH 1/8] ebtables: Zero freed pointers in ebt_cs_clean(), Phil Sutter
- [iptables PATCH 6/8] nft: __add_{match,target}() can't fail, Phil Sutter
- [iptables PATCH 3/8] nft: Reduce overhead in nft_rule_find(), Phil Sutter
- [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata, Phil Sutter
  - Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata, Pablo Neira Ayuso
    - Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata, Phil Sutter
  - Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata, Pablo Neira Ayuso
    - Re: [iptables RFC PATCH 8/8] nft: Support compat extensions in rule userdata, Phil Sutter
- [iptables PATCH 7/8] nft: Introduce UDATA_TYPE_COMPAT_EXT, Phil Sutter
- [iptables PATCH 5/8] nft: ruleparse: Introduce nft_parse_rule_expr(), Phil Sutter
- [iptables PATCH 4/8] nft: ruleparse: Drop 'iter' variable in nft_rule_to_iptables_command_state, Phil Sutter
- Re: [iptables PATCH 0/8] nft: Implement forward compat for future binaries, Phil Sutter
[PATCH nft v2 0/5] src: mnl: rework list hooks infra, Florian Westphal
- [PATCH nft v2 2/5] src: mnl: make family specification more strict when listing, Florian Westphal
- [PATCH nft v2 1/5] src: mnl: clean up hook listing code, Florian Westphal
- [PATCH nft v2 3/5] src: drop obsolete hook argument form hook dump functions, Florian Westphal
- [PATCH nft v2 4/5] src: add egress support for 'list hooks', Florian Westphal
- [PATCH nft v2 5/5] doc: add documentation about list hooks feature, Florian Westphal
- Re: [PATCH nft v2 0/5] src: mnl: rework list hooks infra, Pablo Neira Ayuso
[PATCH libmnl] README: Document the contribution process, Petr Machata
[PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Danielle Ratson
- Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Phil Sutter
  - RE: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Danielle Ratson
    - Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
      - Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Jakub Kicinski
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Petr Machata
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Pablo Neira Ayuso
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Petr Machata
        
        Re: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Petr Machata
        
        RE: [PATCH libmnl] src: attr: Add mnl_attr_get_uint() function, Danielle Ratson
[RFC PATCH v1 0/9] Support TCP listen access-control, Mikhail Ivanov
- [RFC PATCH v1 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP, Mikhail Ivanov
- [RFC PATCH v1 4/9] selftests/landlock: Test listening restriction, Mikhail Ivanov
- [RFC PATCH v1 1/9] landlock: Refactor current_check_access_socket() access right check, Mikhail Ivanov
- [RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket, Mikhail Ivanov
  - Re: [RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket, Mickaël Salaün
    - Re: [RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket, Mikhail Ivanov
- [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
  - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Günther Noack
    - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
      - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Günther Noack
        
        Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
  - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mickaël Salaün
    - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
      - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mickaël Salaün
        
        Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
        
        Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mickaël Salaün
        
        Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
  - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mickaël Salaün
    - Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control, Mikhail Ivanov
- [RFC PATCH v1 6/9] selftests/landlock: Test listening without explicit bind restriction, Mikhail Ivanov
- [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method, Mikhail Ivanov
  - Re: [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method, Mickaël Salaün
    - Re: [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method, Mikhail Ivanov
- [RFC PATCH v1 8/9] selftests/landlock: Test changing socket backlog with listen(2), Mikhail Ivanov
- [RFC PATCH v1 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN, Mikhail Ivanov
[iptables PATCH 00/14] Some fixes and trivial improvements, Phil Sutter
- [iptables PATCH 03/14] extensions: recent: Fix format string for unsigned values, Phil Sutter
- [iptables PATCH 01/14] nft: cache: Annotate faked base chains as such, Phil Sutter
- [iptables PATCH 14/14] ebtables: Omit all-wildcard interface specs from output, Phil Sutter
- [iptables PATCH 04/14] extensions: conntrack: Use the right callbacks, Phil Sutter
- [iptables PATCH 11/14] xshared: Move NULL pointer check into save_iface(), Phil Sutter
- [iptables PATCH 08/14] xshared: Do not omit all-wildcard interface spec when inverted, Phil Sutter
- [iptables PATCH 05/14] nft: cmd: Init struct nft_cmd::head early, Phil Sutter
- [iptables PATCH 12/14] libxtables: Debug: Slightly improve extension ordering debugging, Phil Sutter
- [iptables PATCH 09/14] extensions: conntrack: Reuse print_state() for old state match, Phil Sutter
- [iptables PATCH 13/14] arptables: Introduce print_iface(), Phil Sutter
- [iptables PATCH 10/14] xshared: Make save_iface() static, Phil Sutter
- [iptables PATCH 07/14] arptables: Fix conditional opcode/proto-type printing, Phil Sutter
- [iptables PATCH 06/14] nft: Add potentially missing init_cs calls, Phil Sutter
- [iptables PATCH 02/14] nft: Fix for zeroing existent builtin chains, Phil Sutter
- Re: [iptables PATCH 00/14] Some fixes and trivial improvements, Phil Sutter
[PATCH nft 0/4] list hooks refactoring, Florian Westphal
- [PATCH nft 1/4] doc: add documentation about list hooks feature, Florian Westphal
  - Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Pablo Neira Ayuso
    - Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Florian Westphal
      - Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Pablo Neira Ayuso
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Florian Westphal
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Pablo Neira Ayuso
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Florian Westphal
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Pablo Neira Ayuso
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Phil Sutter
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Pablo Neira Ayuso
        
        Re: [PATCH nft 1/4] doc: add documentation about list hooks feature, Florian Westphal
- [PATCH nft 2/4] src: remove decnet support, Florian Westphal
  - Re: [PATCH nft 2/4] src: remove decnet support, Florian Westphal
- [PATCH nft 3/4] src: mnl: clean up hook listing code, Florian Westphal
- [PATCH nft 4/4] src: add egress support for 'list hooks', Florian Westphal
[PATCH v1 nf 0/2] netfilter: iptables: Fix null-ptr-deref in ip6?table_nat_table_init()., Kuniyuki Iwashima
- [PATCH v1 nf 1/2] netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()., Kuniyuki Iwashima
- [PATCH v1 nf 2/2] netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init()., Kuniyuki Iwashima
- Re: [PATCH v1 nf 0/2] netfilter: iptables: Fix null-ptr-deref in ip6?table_nat_table_init()., Florian Westphal
- Re: [PATCH v1 nf 0/2] netfilter: iptables: Fix null-ptr-deref in ip6?table_nat_table_init()., Pablo Neira Ayuso
[RFC PATCH net-next 0/3] Preparations for FIB rule DSCP selector, Ido Schimmel
- [RFC PATCH net-next 1/3] ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family, Ido Schimmel
  - Re: [RFC PATCH net-next 1/3] ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family, Guillaume Nault
- [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Ido Schimmel
  - Re: [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Guillaume Nault
  - Re: [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Florian Westphal
    - Re: [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Guillaume Nault
  - Re: [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Florian Westphal
    - Re: [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup, Ido Schimmel
- [RFC PATCH net-next 3/3] ipv4: Centralize TOS matching, Ido Schimmel
  - Re: [RFC PATCH net-next 3/3] ipv4: Centralize TOS matching, Guillaume Nault
    - Re: [RFC PATCH net-next 3/3] ipv4: Centralize TOS matching, Ido Schimmel
      - Re: [RFC PATCH net-next 3/3] ipv4: Centralize TOS matching, Guillaume Nault
[GIT PULL] sysctl constification changes for v6.11-rc1, Joel Granados
- Re: [GIT PULL] sysctl constification changes for v6.11-rc1, Linus Torvalds
- Re: [GIT PULL] sysctl constification changes for v6.11-rc1, pr-tracker-bot
- Re: [GIT PULL] sysctl constification changes for v6.11-rc1, patchwork-bot+linux-riscv
- Re: [GIT PULL] sysctl constification changes for v6.11-rc1, patchwork-bot+linux-riscv
Re: Sets update, Pablo Neira Ayuso
nf_tables/set: Is dynamic + interval possible?, caskd
- Re: nf_tables/set: Is dynamic + interval possible?, Florian Westphal
Speedup patch ping, Duncan Roe
- Re: Speedup patch ping, Duncan Roe
[iptables PATCH] extensions: recent: New kernels support 999 hits, Phil Sutter
- Re: [iptables PATCH] extensions: recent: New kernels support 999 hits, Phil Sutter
[PATCH nf] netfilter: nft_set_pipapo_avx2: disable softinterrupts, Florian Westphal
- Re: [PATCH nf] netfilter: nft_set_pipapo_avx2: disable softinterrupts, Stefano Brivio
[PATCH nft] optimize: skip variables in nat statements, Pablo Neira Ayuso
[PATCH nf-next] netfilter: move nf_ct_netns_get out of nf_conncount_init, Xin Long
- Re: [PATCH nf-next] netfilter: move nf_ct_netns_get out of nf_conncount_init, Florian Westphal
- Re: [PATCH nf-next] netfilter: move nf_ct_netns_get out of nf_conncount_init, Pablo Neira Ayuso
[PATCH net 0/4] Netfilter/IPVS fixes for net, Pablo Neira Ayuso
- [PATCH net 1/4] netfilter: ctnetlink: use helper function to calculate expect ID, Pablo Neira Ayuso
  - Re: [PATCH net 1/4] netfilter: ctnetlink: use helper function to calculate expect ID, patchwork-bot+netdevbpf
- [PATCH net 2/4] netfilter: nf_set_pipapo: fix initial map fill, Pablo Neira Ayuso
- [PATCH net 4/4] ipvs: properly dereference pe in ip_vs_add_service, Pablo Neira Ayuso
- [PATCH net 3/4] selftests: netfilter: add test case for recent mismatch bug, Pablo Neira Ayuso
[iptables PATCH] nft: Fix for zeroing non-existent builtin chains, Phil Sutter
- Re: [iptables PATCH] nft: Fix for zeroing non-existent builtin chains, Phil Sutter
[ANNOUNCE] nftables 1.1.0 release, Pablo Neira Ayuso
Transparent SNAT bridge with physdev module, Matt Ayre
Are there Any Side Effects when net.netfilter.nf_conntrack_tcp_be_liberal is set to 1?, renmingshuai
[iptables PATCH 0/8] Fix xtables-monitor rule printing, partially RFC, Phil Sutter
- [iptables PATCH 2/8] xtables-monitor: Flush stdout after all lines of output, Phil Sutter
- [iptables PATCH 5/8] tests: shell: New xtables-monitor test, Phil Sutter
- [iptables PATCH 6/8] xtables-monitor: Fix for ebtables rule events, Phil Sutter
- [iptables PATCH 7/8] xtables-monitor: Ignore ebtables policy rules unless tracing, Phil Sutter
- [iptables PATCH 1/8] xtables-monitor: Proper re-init for rule's family, Phil Sutter
- [RFC iptables PATCH 8/8] xtables-monitor: Print commands instead of -4/-6/-0 flags, Phil Sutter
- [iptables PATCH 4/8] xtables-monitor: Support arptables chain events, Phil Sutter
- [iptables PATCH 3/8] xtables-monitor: Align builtin chain and table output, Phil Sutter
- Re: [iptables PATCH 0/8] Fix xtables-monitor rule printing, partially RFC, Phil Sutter
[PATCH nf] netfilter: ctnetlink: use helper function to calculate expect ID, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: do not remove elements if set backend implements .abort, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: nf_tables: do not remove elements if set backend implements .abort, Pablo Neira Ayuso
[PATCH net] net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE, Pablo Neira Ayuso
- Re: [PATCH net] net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE, Willem de Bruijn
- Re: [PATCH net] net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE, patchwork-bot+netdevbpf
[PATCH] conntrack: tcp: fix parsing of tuple-port-src and tuple-port-dst, Stephan Brunner
- Re: [PATCH] conntrack: tcp: fix parsing of tuple-port-src and tuple-port-dst, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.7 release, Phil Sutter
[PATCH nf] selftests: netfilter: add test case for recent mismatch bug, Florian Westphal
- Re: [PATCH nf] selftests: netfilter: add test case for recent mismatch bug, Stefano Brivio
[PATCH nf] netfilter: nf_set_pipapo: fix initial map fill, Florian Westphal
- Re: [PATCH nf] netfilter: nf_set_pipapo: fix initial map fill, Stefano Brivio
[PATCH] configure: Add option for building with musl, Joshua Lant
- Re: [PATCH] configure: Add option for building with musl, Duncan Roe
- <Possible follow-ups>
- Re: [PATCH] configure: Add option for building with musl, Joshua Lant
[PATCH ulogd2] README: update project homepage and mailing list addresses, Harald Welte
- Re: [PATCH ulogd2] README: update project homepage and mailing list addresses, Florian Westphal
[PATCH nf] netfilter: nf_tables: prefer nft_chain_validate, Florian Westphal
[PATCH nft 1/3] tests: add more ruleset validation test cases, Florian Westphal
- [PATCH nft 2/3] testcases: test jump to basechain is rejected, even if there is no loop, Florian Westphal
- [PATCH nft 3/3] tests: connect chains to hook point, Florian Westphal
[libnftnl PATCH 1/2] chain: Support unsetting NFTNL_CHAIN_USERDATA attribute, Phil Sutter
- [libnftnl PATCH 2/2] table: Support unsetting NFTNL_TABLE_USERDATA attribute, Phil Sutter
- Re: [libnftnl PATCH 1/2] chain: Support unsetting NFTNL_CHAIN_USERDATA attribute, Phil Sutter
[PATCH nft] libnftables: fix crash when freeing non-malloc'd address, Florian Westphal
- Re: [PATCH nft] libnftables: fix crash when freeing non-malloc'd address, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list, Florian Westphal
- Re: [PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list, Pablo Neira Ayuso
[PATCH nft 1/2] parser_json: use stdin buffer if available, Pablo Neira Ayuso
- [PATCH nft 2/2] libnftables: skip useable checks for /dev/stdin, Pablo Neira Ayuso
- Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Phil Sutter
  - Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Phil Sutter
    - Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Pablo Neira Ayuso
      - Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Phil Sutter
- <Possible follow-ups>
- [PATCH nft 1/2] parser_json: use stdin buffer if available, Pablo Neira Ayuso
  - [PATCH nft 2/2] libnftables: skip useable checks for /dev/stdin, Pablo Neira Ayuso
  - Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Phil Sutter
    - Re: [PATCH nft 1/2] parser_json: use stdin buffer if available, Pablo Neira Ayuso
[PATCH] xtables: Fix compilation error with musl-libc, Joshua Lant
- Re: [PATCH] xtables: Fix compilation error with musl-libc, Phil Sutter
- Re: [PATCH] xtables: Fix compilation error with musl-libc, Pablo Neira Ayuso
  - Re: [PATCH] xtables: Fix compilation error with musl-libc, Pablo Neira Ayuso
    - Re: [PATCH] xtables: Fix compilation error with musl-libc, Jeremy Sowden
- <Possible follow-ups>
- Re: [PATCH] xtables: Fix compilation error with musl-libc, Joshua Lant
[linux-next:master] [selftests] 742ad979f5: WARNING:at_net/netfilter/nfnetlink_queue.c:#nf_reinject[nfnetlink_queue], kernel test robot
- [PATCH nf] netfilter: nfnetlink_queue: drop bogus WARN_ON, Florian Westphal
[PATCH libnftnl] expr: use NFTA_* netlink attributes to build fields, not NFTNL_EXPR_*, Pablo Neira Ayuso
[PATCH nft] optimize: clone counter before insertion into set element, Pablo Neira Ayuso
iptables- accessing unallocated memory, josh lant
- Re: iptables- accessing unallocated memory, Phil Sutter
  - Re: iptables- accessing unallocated memory, josh lant
    - Re: iptables- accessing unallocated memory, Phil Sutter
[PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, yyxRoy
- Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, Florian Westphal
  - Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, Jozsef Kadlecsik
    - Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, Florian Westphal
      - Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, yyxRoy
        
        Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, Florian Westphal
        
        Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, yyxRoy
        
        Re: [PATCH] netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs, Jozsef Kadlecsik
[PATCH nft] parser_bison: recursive table declaration in deprecated meter statement, Pablo Neira Ayuso
[PATCH nft] parser_bison: remove deprecated flow statement, Pablo Neira Ayuso
[PATCH nft 0/4] unbreak element deletion in map with ranges, Pablo Neira Ayuso
- [PATCH nft 2/4] segtree: set on EXPR_F_KERNEL flag for catchall elements in the cache, Pablo Neira Ayuso
- [PATCH nft 1/4] evaluate: set on expr->len for catchall set elements, Pablo Neira Ayuso
- [PATCH nft 3/4] intervals: fix element deletions with maps, Pablo Neira Ayuso
- [PATCH nft 4/4] tests: shell: cover set element deletion in maps, Pablo Neira Ayuso
iptables: reverting 34f085b16073 ("Revert "xshared: Print protocol numbers if --numeric was given""), Jeremy Sowden
- Re: iptables: reverting 34f085b16073 ("Revert "xshared: Print protocol numbers if --numeric was given""), Phil Sutter
  - Re: iptables: reverting 34f085b16073 ("Revert "xshared: Print protocol numbers if --numeric was given""), Eric Garver
    - Re: iptables: reverting 34f085b16073 ("Revert "xshared: Print protocol numbers if --numeric was given""), Jeremy Sowden
[PATCH nf-next] selftests: netfilter: nft_queue.sh: sctp coverage, Florian Westphal
- Re: [PATCH nf-next] selftests: netfilter: nft_queue.sh: sctp coverage, Pablo Neira Ayuso
[syzbot] [netfilter?] KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work, syzbot
- [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
  - Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
    - Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
      - Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Hillf Danton
        
        Re: [PATCH nf] netfilter: nf_tables: unconditionally flush pending work before notifier, Florian Westphal
        
        Re: [syzbot] [netfilter?] KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work, syzbot
[PATCH] netfilter: remove unnecessary assignment in translate_table, Liu Jing
- Re: [PATCH] netfilter: remove unnecessary assignment in translate_table, Simon Horman
- Re: [PATCH] netfilter: remove unnecessary assignment in translate_table, Pablo Neira Ayuso
linux-next: duplicate patch in the ipvs-next tree, Stephen Rothwell
- Re: linux-next: duplicate patch in the ipvs-next tree, Simon Horman
[PATCH v6 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer, Lorenzo Bianconi
- [PATCH v6 bpf-next 1/3] netfilter: nf_tables: add flowtable map for xdp offload, Lorenzo Bianconi
- [PATCH v6 bpf-next 2/3] netfilter: add bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
- [PATCH v6 bpf-next 3/3] selftests/bpf: Add selftest for bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
- Re: [PATCH v6 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer, patchwork-bot+netdevbpf
[syzbot] [netfilter?] bpf test error: WARNING: suspicious RCU usage in corrupted, syzbot
[PATCH net-next 00/17] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH net-next 03/17] netfilter: nf_tables: compact chain+ft transaction objects, Pablo Neira Ayuso
- [PATCH net-next 04/17] netfilter: nf_tables: reduce trans->ctx.table references, Pablo Neira Ayuso
- [PATCH net-next 01/17] netfilter: nf_tables: make struct nft_trans first member of derived subtypes, Pablo Neira Ayuso
  - Re: [PATCH net-next 01/17] netfilter: nf_tables: make struct nft_trans first member of derived subtypes, patchwork-bot+netdevbpf
- [PATCH net-next 02/17] netfilter: nf_tables: move bind list_head into relevant subtypes, Pablo Neira Ayuso
- [PATCH net-next 06/17] netfilter: nf_tables: pass more specific nft_trans_chain where possible, Pablo Neira Ayuso
- [PATCH net-next 07/17] netfilter: nf_tables: avoid usage of embedded nft_ctx, Pablo Neira Ayuso
- [PATCH net-next 08/17] netfilter: nf_tables: store chain pointer in rule transaction, Pablo Neira Ayuso
- [PATCH net-next 09/17] netfilter: nf_tables: reduce trans->ctx.chain references, Pablo Neira Ayuso
- [PATCH net-next 12/17] ipvs: Avoid unnecessary calls to skb_is_gso_sctp, Pablo Neira Ayuso
- [PATCH net-next 13/17] netfilter: nf_conncount: fix wrong variable type, Pablo Neira Ayuso
- [PATCH net-next 14/17] netfilter: cttimeout: remove 'l3num' attr check, Pablo Neira Ayuso
- [PATCH net-next 05/17] netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx, Pablo Neira Ayuso
- [PATCH net-next 10/17] netfilter: nf_tables: pass nft_table to destroy function, Pablo Neira Ayuso
- [PATCH net-next 16/17] selftests: netfilter: nft_queue.sh: add test for disappearing listener, Pablo Neira Ayuso
- [PATCH net-next 17/17] netfilter: xt_recent: Lift restrictions on max hitcount value, Pablo Neira Ayuso
- [PATCH net-next 15/17] netfilter: nf_tables: rise cap on SELinux secmark context, Pablo Neira Ayuso
- [PATCH net-next 11/17] netfilter: nf_tables: do not store nft_ctx in transaction objects, Pablo Neira Ayuso
[PATCH libnetfilter_queue] build: Speed up build_man.sh, Duncan Roe
[RFC nf-next 0/4] nf_tables: remove explicit register zeroing, Florian Westphal
- [RFC nf-next 2/4] netfilter: nf_tables: allow loads only when register is initialized, Florian Westphal
  - Re: [RFC nf-next 2/4] netfilter: nf_tables: allow loads only when register is initialized, Pablo Neira Ayuso
    - Re: [RFC nf-next 2/4] netfilter: nf_tables: allow loads only when register is initialized, Florian Westphal
- [RFC nf-next 1/4] netfilter: nf_tables: pass context structure to nft_parse_register_load, Florian Westphal
- [RFC nf-next 3/4] netfilter: nf_tables: insert register zeroing instructions for dodgy chains, Florian Westphal
  - Re: [RFC nf-next 3/4] netfilter: nf_tables: insert register zeroing instructions for dodgy chains, Pablo Neira Ayuso
    - Re: [RFC nf-next 3/4] netfilter: nf_tables: insert register zeroing instructions for dodgy chains, Florian Westphal
      - Re: [RFC nf-next 3/4] netfilter: nf_tables: insert register zeroing instructions for dodgy chains, Pablo Neira Ayuso
- [RFC nf-next 4/4] netfilter: nf_tables: don't initialize registers in nft_do_chain(), Florian Westphal
[PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
- [PATCH nf-next 01/19] netfilter: nf_tables: make struct nft_trans first member of derived subtypes, Pablo Neira Ayuso
- [PATCH nf-next 03/19] netfilter: nf_tables: compact chain+ft transaction objects, Pablo Neira Ayuso
- [PATCH nf-next 02/19] netfilter: nf_tables: move bind list_head into relevant subtypes, Pablo Neira Ayuso
- [PATCH nf-next 04/19] netfilter: nf_tables: reduce trans->ctx.table references, Pablo Neira Ayuso
- [PATCH nf-next 05/19] netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx, Pablo Neira Ayuso
- [PATCH nf-next 06/19] netfilter: nf_tables: pass more specific nft_trans_chain where possible, Pablo Neira Ayuso
- [PATCH nf-next 07/19] netfilter: nf_tables: avoid usage of embedded nft_ctx, Pablo Neira Ayuso
- [PATCH nf-next 09/19] netfilter: nf_tables: reduce trans->ctx.chain references, Pablo Neira Ayuso
- [PATCH nf-next 08/19] netfilter: nf_tables: store chain pointer in rule transaction, Pablo Neira Ayuso
- [PATCH nf-next 10/19] netfilter: nf_tables: pass nft_table to destroy function, Pablo Neira Ayuso
- [PATCH nf-next 11/19] netfilter: nf_tables: do not store nft_ctx in transaction objects, Pablo Neira Ayuso
- [PATCH nf-next 12/19] ipvs: Avoid unnecessary calls to skb_is_gso_sctp, Pablo Neira Ayuso
- [PATCH nf-next 13/19] netfilter: nf_conncount: fix wrong variable type, Pablo Neira Ayuso
- [PATCH nf-next 14/19] netfilter: cttimeout: remove 'l3num' attr check, Pablo Neira Ayuso
- [PATCH nf-next 15/19] netfilter: nf_tables: rise cap on SELinux secmark context, Pablo Neira Ayuso
- [PATCH nf-next 16/19] netfilter: nfnetlink_queue: unbreak SCTP traffic, Pablo Neira Ayuso
- [PATCH nf-next 17/19] selftests: netfilter: nft_queue.sh: sctp coverage, Pablo Neira Ayuso
- [PATCH nf-next 18/19] selftests: netfilter: nft_queue.sh: add test for disappearing listener, Pablo Neira Ayuso
- [PATCH nf-next 19/19] netfilter: xt_recent: Lift restrictions on max hitcount value, Pablo Neira Ayuso
- Re: [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
  - Re: [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Jakub Kicinski
    - Re: [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Florian Westphal
    - Re: [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Pablo Neira Ayuso
    - Re: [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next, Florian Westphal
[ipset PATCH 0/3] Two fixes and fallout, Phil Sutter
- [ipset PATCH 2/3] lib: ipset: Avoid 'argv' array overstepping, Phil Sutter
- [ipset PATCH 3/3] tests: Reduce testsuite run-time, Phil Sutter
- [ipset PATCH 1/3] lib: data: Fix for global-buffer-overflow warning by ASAN, Phil Sutter
- Re: [ipset PATCH 0/3] Two fixes and fallout, Jozsef Kadlecsik
[PATCH net-next v2] ipvs: properly dereference pe in ip_vs_add_service, Chen Hanxiao
- Re: [PATCH net-next v2] ipvs: properly dereference pe in ip_vs_add_service, Julian Anastasov
- Re: [PATCH net-next v2] ipvs: properly dereference pe in ip_vs_add_service, Simon Horman
[PATCH nft] tests: shell: check for removing table via handle with incorrect family, Pablo Neira Ayuso
[PATCH -stable,4.19.x] netfilter: nf_tables: validate family when identifying table via handle, Pablo Neira Ayuso
- [PATCH -stable,5.4.x] netfilter: nf_tables: validate family when identifying table via handle, Pablo Neira Ayuso
- [PATCH -stable,5.10.x] netfilter: nf_tables: validate family when identifying table via handle, Pablo Neira Ayuso
- Re: [PATCH -stable,4.19.x] netfilter: nf_tables: validate family when identifying table via handle, Sasha Levin
[PATCH -stable,6.1.x] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- Re: [PATCH -stable,6.1.x] netfilter: nf_tables: use timestamp to check for set element timeout, Sasha Levin
[nf-next PATCH v2] netfilter: xt_recent: Lift restrictions on max hitcount value, Phil Sutter
[PATCH net-next] ipvs: properly dereference pe in ip_vs_add_service, Chen Hanxiao
- Re: [PATCH net-next] ipvs: properly dereference pe in ip_vs_add_service, Julian Anastasov
  - 回复: [PATCH net-next] ipvs: properly dereference pe in ip_vs_add_service, Hanxiao Chen (Fujitsu)
- Re: [PATCH net-next] ipvs: properly dereference pe in ip_vs_add_service, Ratheesh Kannoth
[syzbot] [lvs?] possible deadlock in start_sync_thread, syzbot
- Re: [syzbot] [lvs?] possible deadlock in start_sync_thread, syzbot
  - Re: [syzbot] [lvs?] possible deadlock in start_sync_thread, Pablo Neira Ayuso
    - Re: [syzbot] [lvs?] possible deadlock in start_sync_thread, D. Wythe
[PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
- Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Pablo Neira Ayuso
  - Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
    - Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
      - Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Pablo Neira Ayuso
        
        Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
        
        Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
        
        Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Pablo Neira Ayuso
        
        Re: [PROBLEM] make randconfig: net/netfilter/core.c:830: undefined reference to `netfilter_lwtunnel_fini', Mirsad Todorovac
Re: [PATCH] netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n, Pablo Neira Ayuso
[syzbot] [netfilter?] [usb?] INFO: rcu detected stall in NF_HOOK, syzbot
- Re: [syzbot] [netfilter?] [usb?] INFO: rcu detected stall in NF_HOOK, Alan Stern
[PATCH v9 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[no subject], Unknown
[PATCH] netfilter: ctnetlink: support CTA_FILTER for flush, Changliang Wu
- Re: [PATCH] netfilter: ctnetlink: support CTA_FILTER for flush, Changliang Wu
  - Re: [PATCH] netfilter: ctnetlink: support CTA_FILTER for flush, Pablo Neira Ayuso
    - Re: [PATCH] netfilter: ctnetlink: support CTA_FILTER for flush, Changliang Wu
[PATCH nf-next] selftests: netfilter: nft_queue.sh: add test for disappearing listener, Florian Westphal
[no subject], Unknown
[PATCH nft] src: add string preprocessor and use it for log prefix string, Pablo Neira Ayuso
[no subject], Unknown
[PATCH v8 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[syzbot] [netfilter?] net-next test error: WARNING: suspicious RCU usage in corrupted, syzbot
[PATCH nft] tests: py: drop redundant JSON outputs, Pablo Neira Ayuso
[PATCH v7 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[PATCH nft 0/2] nft include path updates, Pablo Neira Ayuso
- [PATCH nft 2/2] libnftables: search for default include path last, Pablo Neira Ayuso
- [PATCH nft 1/2] libnftables: add base directory of -f/--filename to include path, Pablo Neira Ayuso
[PATCH v5 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer, Lorenzo Bianconi
- [PATCH v5 bpf-next 1/3] netfilter: nf_tables: add flowtable map for xdp offload, Lorenzo Bianconi
  - Re: [PATCH v5 bpf-next 1/3] netfilter: nf_tables: add flowtable map for xdp offload, Daniel Borkmann
    - Re: [PATCH v5 bpf-next 1/3] netfilter: nf_tables: add flowtable map for xdp offload, Lorenzo Bianconi
- [PATCH v5 bpf-next 3/3] selftests/bpf: Add selftest for bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
  - Re: [PATCH v5 bpf-next 3/3] selftests/bpf: Add selftest for bpf_xdp_flow_lookup kfunc, Daniel Borkmann
    - Re: [PATCH v5 bpf-next 3/3] selftests/bpf: Add selftest for bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
      - Re: [PATCH v5 bpf-next 3/3] selftests/bpf: Add selftest for bpf_xdp_flow_lookup kfunc, Daniel Borkmann
- [PATCH v5 bpf-next 2/3] netfilter: add bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
  - Re: [PATCH v5 bpf-next 2/3] netfilter: add bpf_xdp_flow_lookup kfunc, Daniel Borkmann
    - Re: [PATCH v5 bpf-next 2/3] netfilter: add bpf_xdp_flow_lookup kfunc, Lorenzo Bianconi
- Re: [PATCH v5 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer, Lorenzo Bianconi
[nf-next PATCH v2 0/2] netfilter: xt_recent: Allow for larger hitcount values, Phil Sutter
- [nf-next PATCH v2 2/2] netfilter: xt_recent: Lift restrictions on max hitcount value, Phil Sutter
  - Re: [nf-next PATCH v2 2/2] netfilter: xt_recent: Lift restrictions on max hitcount value, Pablo Neira Ayuso
    - Re: [nf-next PATCH v2 2/2] netfilter: xt_recent: Lift restrictions on max hitcount value, Fabio Pedretti
- [nf-next PATCH v2 1/2] netfilter: xt_recent: Reduce size of struct recent_entry::nstamps, Phil Sutter
  - Re: [nf-next PATCH v2 1/2] netfilter: xt_recent: Reduce size of struct recent_entry::nstamps, Pablo Neira Ayuso
    - Re: [nf-next PATCH v2 1/2] netfilter: xt_recent: Reduce size of struct recent_entry::nstamps, Phil Sutter
      - Re: [nf-next PATCH v2 1/2] netfilter: xt_recent: Reduce size of struct recent_entry::nstamps, Pablo Neira Ayuso
        
        Re: [nf-next PATCH v2 1/2] netfilter: xt_recent: Reduce size of struct recent_entry::nstamps, Phil Sutter
[syzbot] [netfilter?] upstream test error: WARNING: suspicious RCU usage in _destroy_all_sets, syzbot
[syzbot] [netfilter?] net test error: WARNING: suspicious RCU usage in _destroy_all_sets, syzbot
[syzbot] [netfilter?] net-next test error: WARNING: suspicious RCU usage in _destroy_all_sets, syzbot
[linus:master] [netfilter] 4e7aaa6b82: WARNING:suspicious_RCU_usage, kernel test robot
[PATCH -stable,5.4] netfilter: nftables: exthdr: fix 4-byte stack OOB write, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH -stable,5.4] netfilter: nftables: exthdr: fix 4-byte stack OOB write, Pablo Neira Ayuso
  - Re: [PATCH -stable,5.4] netfilter: nftables: exthdr: fix 4-byte stack OOB write, Greg KH
[nf-next PATCH 0/2] netfilter: xt_recent: Allow for much larger hitcount values, Phil Sutter
- [nf-next PATCH 1/2] netfilter: xt_reent: Reduce size of struct recent_entry::nstamps, Phil Sutter
- [nf-next PATCH 2/2] netfilter: xt_recent: Largely lift restrictions on max hitcount value, Phil Sutter
  - Re: [nf-next PATCH 2/2] netfilter: xt_recent: Largely lift restrictions on max hitcount value, Florian Westphal
    - Re: [nf-next PATCH 2/2] netfilter: xt_recent: Largely lift restrictions on max hitcount value, Phil Sutter
  - Re: [nf-next PATCH 2/2] netfilter: xt_recent: Largely lift restrictions on max hitcount value, kernel test robot
[PATCH 4.19 179/213] netfilter: nf_tables: unregister flowtable hooks on netns exit, Greg Kroah-Hartman
[PATCH 4.19 188/213] netfilter: nft_dynset: relax superfluous check on set updates, Greg Kroah-Hartman
[PATCH 4.19 187/213] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature, Greg Kroah-Hartman
[PATCH 4.19 186/213] netfilter: nftables: exthdr: fix 4-byte stack OOB write, Greg Kroah-Hartman
[PATCH 4.19 185/213] netfilter: nft_dynset: fix timeouts later than 23 days, Greg Kroah-Hartman
[PATCH 4.19 184/213] netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19), Greg Kroah-Hartman
[PATCH 4.19 183/213] netfilter: nf_tables: disable toggling dormant table state more than once, Greg Kroah-Hartman
[PATCH 4.19 182/213] netfilter: nf_tables: fix table flag updates, Greg Kroah-Hartman
[PATCH 4.19 181/213] netfilter: nftables: update table flags from the commit phase, Greg Kroah-Hartman
[PATCH 4.19 198/213] netfilter: nf_tables: discard table flag update with pending basechain deletion, Greg Kroah-Hartman
[PATCH 4.19 197/213] netfilter: nf_tables: reject new basechain after table flag update, Greg Kroah-Hartman
[PATCH 4.19 196/213] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout, Greg Kroah-Hartman
[PATCH 4.19 195/213] netfilter: nf_tables: do not compare internal table flags on updates, Greg Kroah-Hartman
[PATCH 4.19 194/213] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Greg Kroah-Hartman
[PATCH 4.19 193/213] netfilter: nf_tables: set dormant flag on hook register failure, Greg Kroah-Hartman
[PATCH 4.19 192/213] netfilter: nft_set_rbtree: skip end interval element from gc, Greg Kroah-Hartman
[PATCH 4.19 191/213] netfilter: nf_tables: validate NFPROTO_* family, Greg Kroah-Hartman
[PATCH 4.19 190/213] netfilter: nf_tables: skip dead set elements in netlink dump, Greg Kroah-Hartman
[PATCH 4.19 189/213] netfilter: nf_tables: mark newset as dead on transaction abort, Greg Kroah-Hartman
[PATCH 4.19 180/213] netfilter: nf_tables: double hook unregistration in netns path, Greg Kroah-Hartman
[PATCH 4.19 178/213] netfilter: nf_tables: fix memleak when more than 255 elements expired, Greg Kroah-Hartman
[PATCH 4.19 177/213] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Greg Kroah-Hartman
[PATCH 4.19 176/213] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Greg Kroah-Hartman
[PATCH 4.19 175/213] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction, Greg Kroah-Hartman
[PATCH 4.19 173/213] netfilter: nf_tables: GC transaction race with abort path, Greg Kroah-Hartman
[PATCH 4.19 174/213] netfilter: nf_tables: defer gc run if previous batch is still pending, Greg Kroah-Hartman
[PATCH 4.19 172/213] netfilter: nf_tables: GC transaction race with netns dismantle, Greg Kroah-Hartman
[PATCH 4.19 171/213] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Greg Kroah-Hartman
[PATCH 4.19 170/213] netfilter: nf_tables: remove busy mark and gc batch API, Greg Kroah-Hartman
[PATCH 4.19 169/213] netfilter: nf_tables: adapt set backend to use GC transaction API, Greg Kroah-Hartman
[PATCH 4.19 168/213] netfilter: nf_tables: GC transaction API to avoid race with control plane, Greg Kroah-Hartman
[PATCH 4.19 167/213] netfilter: nf_tables: dont skip expired elements during walk, Greg Kroah-Hartman
[PATCH 4.19 166/213] netfilter: nft_set_rbtree: fix overlap expiration walk, Greg Kroah-Hartman
[PATCH 4.19 165/213] netfilter: nft_set_rbtree: fix null deref on element insertion, Greg Kroah-Hartman
[PATCH 4.19 164/213] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Greg Kroah-Hartman
- Re: [PATCH 4.19 164/213] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Ben Hutchings
  - Re: [PATCH 4.19 164/213] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Pablo Neira Ayuso
    - Re: [PATCH 4.19 164/213] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Pablo Neira Ayuso
      - Re: [PATCH 4.19 164/213] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Ben Hutchings
[PATCH 4.19 163/213] netfilter: nft_set_rbtree: Add missing expired checks, Greg Kroah-Hartman
[PATCH 4.19 162/213] netfilter: nft_set_rbtree: allow loose matching of closing element in interval, Greg Kroah-Hartman
[PATCH 4.19 161/213] netfilter: nf_tables: drop map element references from preparation phase, Greg Kroah-Hartman
[PATCH 4.19 160/213] netfilter: nftables: rename set element data activation/deactivation functions, Greg Kroah-Hartman
[PATCH 4.19 159/213] netfilter: nf_tables: pass context to nft_set_destroy(), Greg Kroah-Hartman
[no subject], Unknown
[PATCH -stable,4.19.x 00/40] Netfilter fixes for -stable, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 01/40] netfilter: nf_tables: pass context to nft_set_destroy(), Pablo Neira Ayuso
- [PATCH -stable,4.19.x 02/40] netfilter: nftables: rename set element data activation/deactivation functions, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 04/40] netfilter: nft_set_rbtree: allow loose matching of closing element in interval, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 03/40] netfilter: nf_tables: drop map element references from preparation phase, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 05/40] netfilter: nft_set_rbtree: Add missing expired checks, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 06/40] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 07/40] netfilter: nft_set_rbtree: fix null deref on element insertion, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 08/40] netfilter: nft_set_rbtree: fix overlap expiration walk, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 09/40] netfilter: nf_tables: don't skip expired elements during walk, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 11/40] netfilter: nf_tables: adapt set backend to use GC transaction API, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 12/40] netfilter: nf_tables: remove busy mark and gc batch API, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 13/40] netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 15/40] netfilter: nf_tables: GC transaction race with abort path, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 14/40] netfilter: nf_tables: GC transaction race with netns dismantle, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 17/40] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 16/40] netfilter: nf_tables: defer gc run if previous batch is still pending, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 10/40] netfilter: nf_tables: GC transaction API to avoid race with control plane, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 19/40] netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration, Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]