Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [iptables PATCH 0/8] A bit of *tables-restore review fallout,
Phil Sutter
- [PATCH nft,v2] src: restore --echo with anonymous sets,
Pablo Neira Ayuso
- [PATCH nft] src: restore --echo with anonymous sets,
Pablo Neira Ayuso
- [PATCH nft 1/2] src: define flowtable device compound as a list,
Pablo Neira Ayuso
- [nft PATCH 0/4] A bunch of fixes for --echo option,
Phil Sutter
- [libnftnl PATCH] obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser,
Phil Sutter
- feature request, way to check specific IP/port/protocol/etc, Dmitri Seletski
- [PATCH nf-next 0/5] Hook multiple netdevices to basechain,
Pablo Neira Ayuso
- [PATCH nf-next 0/4] flowtable updates,
Pablo Neira Ayuso
- [PATCH] nfnetlink_cthelper: make userspace conntrack helpers with priv data work again, a_hungrig
- [libnftnl PATCH v2] set_elem: Validate nftnl_set_elem_set() parameters,
Phil Sutter
- [nft PATCH] mnl: Don't use nftnl_set_set(),
Phil Sutter
- [libnftnl PATCH 0/6] A series of covscan-indicated fixes,
Phil Sutter
- [PATCH nft] flowtable: fix memleak in exit path, Eric Jallot
- [PATCH nft] rule: fix flowtable memleaks, Pablo Neira Ayuso
- [PATCH v2 nf-next 0/2] netfilter: conntrack: free extension area immediately,
Florian Westphal
- [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets,
Phil Sutter
- [PATCH 0/6] [GIT PULL ipvs-next] IPVS updates for v5.5,
Simon Horman
- [PATCH net-next,v5 0/4] flow_offload: update mangle action representation,
Pablo Neira Ayuso
- [PATCH net-next,v4 0/4] flow_offload: update mangle action representation,
Pablo Neira Ayuso
- [PATCH net-next,v4 1/4] net: flow_offload: bitwise AND on mangle action value field, Pablo Neira Ayuso
- [PATCH net-next,v4 3/4] netfilter: nft_payload: packet mangling offload support, Pablo Neira Ayuso
- [PATCH net-next,v4 4/4] net: flow_offload: add flow_rule_print(), Pablo Neira Ayuso
- [PATCH net-next,v4 2/4] net: flow_offload: mangle action at byte level, Pablo Neira Ayuso
- Re: [PATCH net-next,v4 0/4] flow_offload: update mangle action representation, Pablo Neira Ayuso
- First Contribution,
UDAY MEWADA
- xtables-addons GEOIP not matching chain, Marco Sommella
- [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks,
Florian Westphal
- [PATCH libmnl] include: add MNL_SOCKET_DUMP_SIZE definition, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_flow_table: set timeout before insertion into hashes, Pablo Neira Ayuso
- [PATCH libnfnetlink 0/1] Minimally resurrect doxygen documentation,
Duncan Roe
- [PATCH nf-next] netfilter: ecache: document extension area access rules,
Florian Westphal
- [PATCH trivial] netfilter: nft_tproxy: Fix typo in IPv6 module description.,
Norman Rasmussen
- [PATCH nft] expression: extend 'nft describe' to allow listing data types,
Florian Westphal
- [PATCH nf] ipvs: don't ignore errors in case refcounting ip_vs module fails,
Davide Caratti
- [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list(),
Florian Westphal
- [PATCH] ipset: Copy the right MAC address in hash:ip,mac IPv6 sets,
Stefano Brivio
- [PATCH v6 0/3] selftests: netfilter: introduce test cases for ipvs,
Haishuang Yan
- [PATCH nft,v2] datatype: display description for header field < 8 bits, Pablo Neira Ayuso
- [PATCH nft] datatype: display description for header field < 8 bits, Pablo Neira Ayuso
- [PATCH AUTOSEL 4.19 18/26] netfilter: nft_connlimit: disable bh on garbage collection, Sasha Levin
- [PATCH net] netfilter: conntrack: avoid possible false sharing,
Eric Dumazet
- [PATCH nf-next] netfilter: add and use nf_hook_slow_list(),
Florian Westphal
- [PATCH v5 0/3] selftests: netfilter: introduce test cases for ipvs,
Haishuang Yan
- [PATCH nft] segtree: always close interval in non-anonymous sets, Pablo Neira Ayuso
- [libnftnl PATCH v2] set: Export nftnl_set_list_lookup_byname(),
Phil Sutter
- [PATCH nft] tests: shell: fix failed tests due to missing quotes,
Eric Jallot
- [iptables PATCH v3 00/11] Improve iptables-nft performance with large rulesets,
Phil Sutter
- [iptables PATCH v3 02/11] nft: Avoid nested cache fetching, Phil Sutter
- [iptables PATCH v3 05/11] nft-cache: Fetch only chains in nft_chain_list_get(), Phil Sutter
- [iptables PATCH v3 04/11] nft-cache: Introduce cache levels, Phil Sutter
- [iptables PATCH v3 08/11] nft-cache: Support partial rule cache per chain, Phil Sutter
- [iptables PATCH v3 10/11] nft: Support nft_is_table_compatible() per chain, Phil Sutter
- [iptables PATCH v3 07/11] nft-cache: Support partial cache per table, Phil Sutter
- [iptables PATCH v3 09/11] nft: Reduce cache overhead of nft_chain_builtin_init(), Phil Sutter
- [iptables PATCH v3 11/11] nft: Optimize flushing all chains of a table, Phil Sutter
- [iptables PATCH v3 01/11] nft: Pass nft_handle to flush_cache(), Phil Sutter
- [iptables PATCH v3 06/11] nft-cache: Cover for multiple fetcher invocation, Phil Sutter
- [iptables PATCH v3 03/11] nft: Extract cache routines into nft-cache.c, Phil Sutter
- [PATCH nft] src: obj: fix memleak in parser_bison.y,
Eric Jallot
- [PATCH] checksum: Fix TCP/UDP checksum computation on big endian arches,
Alin Nastac
- [PATCH libnetfilter_queue 0/5] clang and documentation updates,
Duncan Roe
- [PATCH] libmnl: doxygen: remove EXPORT_SYMBOL from the output,
Pablo Neira Ayuso
- [PATCH v4 0/3] selftests: netfilter: introduce test cases for ipvs,
Haishuang Yan
- [PATCH net-next] net, uapi: fix -Wpointer-arith warnings,
Alexey Dobriyan
- [PATCH nf-next 0/7] ipset: remove static inline functions,
Jeremy Sowden
- [PATCH tip/core/rcu 8/9] net/netfilter: Replace rcu_swap_protected() with rcu_replace(),
paulmck
- [PATCH nf] ipvs: more robust refcounting when sync thread starts,
Davide Caratti
- [PATCH] Fix a missing doxygen section trailer in nlmsg.c,
Duncan Roe
- [PATCH AUTOSEL 5.2 17/63] netfilter: nf_tables: allow lookups in dynamic sets, Sasha Levin
- [PATCH AUTOSEL 4.19 12/43] netfilter: nf_tables: allow lookups in dynamic sets, Sasha Levin
- [PATCH AUTOSEL 4.14 09/29] netfilter: nf_tables: allow lookups in dynamic sets, Sasha Levin
- [PATCH AUTOSEL 5.3 18/71] netfilter: nf_tables: allow lookups in dynamic sets, Sasha Levin
- [PATCH v3 0/3] selftests: netfilter: introduce test cases for ipvs,
Haishuang Yan
[PATCH] netfilter:get_next_corpse():No need to double check the *bucket,
wh_bin
[PATCH iptables] extensions: add libxt_SYNPROXY xlate method,
Jose M. Guisado Gomez
Re: [PATCH] ipvs: no need to update skb route entry for local destination packets.,
Julian Anastasov
[PATCH libnetfilter_queue] checksum: Fix UDP checksum calculation,
Pablo Neira Ayuso
[PATCH nf] netfilter: nft_connlimit: disable bh on garbage collection,
Pablo Neira Ayuso
[PATCH nft] src: obj: fix memleak in handle_free(),
Eric Jallot
[PATCH net] netfilter: drop bridge nf reset from nf_reset,
Florian Westphal
Please add Bridge NAT in nftables,
Ttttabcd
[iptables PATCH v2 00/12] Implement among match support,
Phil Sutter
- [iptables PATCH v2 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback, Phil Sutter
- [iptables PATCH v2 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback, Phil Sutter
- [iptables PATCH v2 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup(), Phil Sutter
- [iptables PATCH v2 07/12] nft: Fetch sets when updating rule cache, Phil Sutter
- [iptables PATCH v2 11/12] nft: Support parsing lookup expression, Phil Sutter
- [iptables PATCH v2 08/12] nft: Support NFT_COMPAT_SET_ADD, Phil Sutter
- [iptables PATCH v2 10/12] nft: Embed rule's table name in nft_xt_ctx, Phil Sutter
- [iptables PATCH v2 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback, Phil Sutter
- [iptables PATCH v2 01/12] nft: family_ops: Pass nft_handle to 'add' callback, Phil Sutter
- [iptables PATCH v2 05/12] nft: Keep nft_handle pointer in nft_xt_ctx, Phil Sutter
- [iptables PATCH v2 09/12] nft: Bore up nft_parse_payload(), Phil Sutter
- [iptables PATCH v2 12/12] nft: bridge: Rudimental among extension support, Phil Sutter
[iptables PATCH] iptables-test: Run tests in lexical order,
Phil Sutter
[PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling,
Duncan Roe
[libnftnl PATCH] set: Export nftnl_set_list_lookup_byname(),
Phil Sutter
[PATCH libnetfilter_queue] BUG: src: Fix UDP checksum calculation,
Duncan Roe
[PATCH nft,v2] libnftables: memleak when list of commands is empty,
Pablo Neira Ayuso
[PATCH nft] libnftables: memleak when no batch commands in list, Pablo Neira Ayuso
[PATCH v2 0/3] selftests: netfilter: introduce test cases for ipvs,
Haishuang Yan
[PATCH v2 0/2] ipvs: speedup ipvs netns dismantle,
Haishuang Yan
[PATCH] ipset: Add wildcard support to net,iface,
Kristian Evensen
[iptables PATCH v2 00/24] Improve iptables-nft performance with large rulesets,
Phil Sutter
- [iptables PATCH v2 13/24] nft: Reduce cache overhead of nft_chain_builtin_init(), Phil Sutter
- [iptables PATCH v2 15/24] nft: Optimize flushing all chains of a table, Phil Sutter
- [iptables PATCH v2 11/24] nft: Support nft_chain_list_get() per chain, Phil Sutter
- [iptables PATCH v2 17/24] xtables-restore: Carry in_table in struct nft_xt_restore_parse, Phil Sutter
- [iptables PATCH v2 22/24] xtables-restore: Remove some pointless linebreaks, Phil Sutter
- [iptables PATCH v2 24/24] xtables-restore: Improve performance of --noflush operation, Phil Sutter
- [iptables PATCH v2 08/24] nft: Fetch only chains in nft_chain_list_get(), Phil Sutter
- [iptables PATCH v2 05/24] nft: Make nftnl_table_list_get() fetch only tables, Phil Sutter
- [iptables PATCH v2 18/24] xtables-restore: Use xt_params->program_name, Phil Sutter
- [iptables PATCH v2 12/24] nft: Reduce cache overhead of adding a custom chain, Phil Sutter
- [iptables PATCH v2 14/24] nft: Support nft_is_table_compatible() per chain, Phil Sutter
- [iptables PATCH v2 07/24] nft: Support fetch_rule_cache() per chain, Phil Sutter
- [iptables PATCH v2 09/24] nft: Support fetch_chain_cache() per table, Phil Sutter
- [iptables PATCH v2 10/24] nft: Support fetch_chain_cache() per chain, Phil Sutter
- [iptables PATCH v2 01/24] xtables_error() does not return, Phil Sutter
- [iptables PATCH v2 04/24] nft: Fix for add and delete of same rule in single batch, Phil Sutter
- [iptables PATCH v2 23/24] xtables-restore: Allow lines without trailing newline character, Phil Sutter
- [iptables PATCH v2 16/24] xtables-restore: Introduce rule counter tokenizer function, Phil Sutter
- [iptables PATCH v2 02/24] tests/shell: Speed up ipt-restore/0004-restore-race_0, Phil Sutter
- [iptables PATCH v2 21/24] tests: shell: Add ipt-restore/0007-flush-noflush_0, Phil Sutter
- [iptables PATCH v2 03/24] tests: shell: Support running for legacy/nft only, Phil Sutter
- [iptables PATCH v2 06/24] xtables-restore: Minimize caching when flushing, Phil Sutter
- [iptables PATCH v2 20/24] xtables-restore: Introduce line parsing function, Phil Sutter
- [iptables PATCH v2 19/24] xtables-restore: Carry curtable in struct nft_xt_restore_parse, Phil Sutter
[PATCH libmnl] src: fix doxygen function documentation,
Fernando Fernandez Mancera
[PATCH nft] tests: shell: delete flowtable after flush chain, Pablo Neira Ayuso
[RFC] ipset: Add wildcard support to net,iface,
Kristian Evensen
[PATCH v2 nf] netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush,
Laura Garcia Liebana
[PATCH nf] netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush, Laura Garcia Liebana
[PATCH nftables v2 0/2] Add Linenoise support to the CLI.,
Jeremy Sowden
[PATCH v2] netfilter: use __u8 instead of uint8_t in uapi header,
Masahiro Yamada
[PATCH trivial 1/2] net: Fix Kconfig indentation,
Krzysztof Kozlowski
[PATCH nft,v2] mnl: do not cache sender buffer size, Pablo Neira Ayuso
[PATCH libnetfilter_queue] src: Enable clang build,
Duncan Roe
[PATCH] netfilter: use __u8 instead of uint8_t in uapi header,
Masahiro Yamada
[PATCH nftables 0/3] Add Linenoise support to the CLI.,
Jeremy Sowden
[PATCH 0/1] netfilter: bridge: build fix for 5.3,
Jeremy Sowden
[PATCH libmnl, v3] Enable doxygen to generate Function Documentation, Duncan Roe
[PATCH libmnl, v2] Enable doxygen to generate Function Documentation, Duncan Roe
[iptables PATCH] xtables-restore: Fix --table parameter check,
Phil Sutter
[PATCH nft] mnl: do not cache sender buffer size,
Pablo Neira Ayuso
[PATCH conntrack-tools,v2 1/2] conntrackd: Fix "Address Accept" filter case,
Pablo Neira Ayuso
[PATCH conntrack-tools 1/2] conntrackd: Fix "Address Accept" filter case,
Pablo Neira Ayuso
[iptables PATCH] nft: Fix add_bitwise_u16() on Big Endian,
Phil Sutter
[BUG] nft: "XT target TCPMSS not found" when TCPMSS clamp to PMTU rule is added for *both* ip and ip6, Timo Sigurdsson
netfilter.org HTTPS certificate expired today (Sept 19), Dan Williams
[PATCH nf] netfilter: nf_tables: allow lookups in dynamic sets,
Florian Westphal
Contributing to the Netfilter Project.,
Wambui Karuga
[PATCH nft] src: meter: avoid double-space in list ruleset output,
Florian Westphal
[PATCH ghak90 V7 00/21] audit: implement container identifier,
Richard Guy Briggs
- [PATCH ghak90 V7 01/21] audit: collect audit task parameters, Richard Guy Briggs
- [PATCH ghak90 V7 02/21] audit: add container id, Richard Guy Briggs
- [PATCH ghak90 V7 03/21] audit: read container ID of a process, Richard Guy Briggs
- [PATCH ghak90 V7 04/21] audit: convert to contid list to check for orch/engine ownership, Richard Guy Briggs
- [PATCH ghak90 V7 05/21] audit: log drop of contid on exit of last task, Richard Guy Briggs
- [PATCH ghak90 V7 06/21] audit: contid limit of 32k imposed to avoid DoS, Richard Guy Briggs
- [PATCH ghak90 V7 07/21] audit: log container info of syscalls, Richard Guy Briggs
- [PATCH ghak90 V7 08/21] audit: add contid support for signalling the audit daemon, Richard Guy Briggs
- [PATCH ghak90 V7 09/21] audit: add support for non-syscall auxiliary records, Richard Guy Briggs
- [PATCH ghak90 V7 10/21] audit: add containerid support for user records, Richard Guy Briggs
- [PATCH ghak90 V7 11/21] audit: add containerid filtering, Richard Guy Briggs
- [PATCH ghak90 V7 12/21] audit: add support for containerid to network namespaces, Richard Guy Briggs
- [PATCH ghak90 V7 13/21] audit: NETFILTER_PKT: record each container ID associated with a netNS, Richard Guy Briggs
- [PATCH ghak90 V7 14/21] audit: contid check descendancy and nesting, Richard Guy Briggs
- [PATCH ghak90 V7 15/21] sched: pull task_is_descendant into kernel/sched/core.c, Richard Guy Briggs
- [PATCH ghak90 V7 16/21] audit: add support for contid set/get by netlink, Richard Guy Briggs
- [PATCH ghak90 V7 17/21] audit: add support for loginuid/sessionid set/get by netlink, Richard Guy Briggs
- [PATCH ghak90 V7 18/21] audit: track container nesting, Richard Guy Briggs
- [PATCH ghak90 V7 19/21] audit: check cont depth, Richard Guy Briggs
- [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns, Richard Guy Briggs
- [PATCH ghak90 V7 21/21] audit: add proc interface for capcontid, Richard Guy Briggs
What is 'dynamic' set flag supposed to mean?,
Florian Westphal
icmp_hdr is wrong on CentOS 6 kernels (2.6.32-754.12.1), Olivia Nelson
[PATCH] extensions: fix iptables-{nft,translate} with conntrack EXPECTED,
Quentin Armitage
[iptables PATCH 00/14] Improve iptables-nft performance with large rulesets,
Phil Sutter
- [iptables PATCH 12/14] nft: Support fetching rules for a single chain only, Phil Sutter
- [iptables PATCH 01/14] tests/shell: Make ebtables-basic test more verbose, Phil Sutter
- [iptables PATCH 03/14] DEBUG: Print to stderr to not disturb iptables-save, Phil Sutter
- [iptables PATCH 13/14] nft: Optimize flushing all chains of a table, Phil Sutter
- [iptables PATCH 04/14] nft: Use nftnl_*_set_str() functions, Phil Sutter
- [iptables PATCH 06/14] nft: Fix for add and delete of same rule in single batch, Phil Sutter
- [iptables PATCH 02/14] tests/shell: Speed up ipt-restore/0004-restore-race_0, Phil Sutter
- [iptables PATCH 10/14] nft: Fetch rule cache only if needed, Phil Sutter
- [iptables PATCH 05/14] nft: Introduce nft_bridge_commit(), Phil Sutter
- [iptables PATCH 11/14] nft: Allow to fetch only a specific chain from kernel, Phil Sutter
- [iptables PATCH 09/14] nft: Rename have_cache into have_chain_cache, Phil Sutter
- [iptables PATCH 08/14] xtables-restore: Avoid cache population when flushing, Phil Sutter
- [iptables PATCH 14/14] nft: Reduce impact of nft_chain_builtin_init(), Phil Sutter
- [iptables PATCH 07/14] nft Increase mnl_talk() receive buffer size, Phil Sutter
[PATCH nf 1/2] netfilter: nf_tables: add NFT_CHAIN_POLICY_UNSET and use it,
Pablo Neira Ayuso
[PATCH nft v2] src: parser_json: fix crash while restoring secmark object, Eric Jallot
[PATCH nft] src: parser_json: fix crash while restoring secmark object,
Eric Jallot
[PATCH] nftables: don't crash in 'list ruleset' if policy is not set,
Sergei Trofimovich
[PATCH] netfilter: bridge: drop a broken include,
Adam Borowski
[nf-next:master 7/27] net/netfilter/nf_tables_offload.c:316 nft_flow_offload_chain() warn: always true condition '(policy != -1) => (0-255 != (-1))', kbuild test robot
[PATCH nft] json: tests: fix typo in ct expectation json test,
Fernando Fernandez Mancera
[iptables PATCH] iptables-test: Support testing host binaries,
Phil Sutter
[nft PATCH v2] parser_bison: Fix 'exists' keyword on Big Endian,
Phil Sutter
[nft PATCH] parser_bison: Fix 'exists' keyword on Big Endian,
Phil Sutter
[PATCH nft] json: fix type mismatch on "ct expect" json exporting,
Fernando Fernandez Mancera
[PATCH nf-next v3 00/18] Remove config option checks from netfilter headers.,
Jeremy Sowden
- [PATCH nf-next v3 07/18] netfilter: move inline function to a more appropriate header., Jeremy Sowden
- [PATCH nf-next v3 08/18] netfilter: move code between synproxy headers., Jeremy Sowden
- [PATCH nf-next v3 05/18] netfilter: update include directives., Jeremy Sowden
- [PATCH nf-next v3 04/18] netfilter: inline three headers., Jeremy Sowden
- [PATCH nf-next v3 03/18] netfilter: remove unused function declarations., Jeremy Sowden
- [PATCH nf-next v3 02/18] netfilter: fix coding-style errors., Jeremy Sowden
- [PATCH nf-next v3 09/18] netfilter: move struct definition function to a more appropriate header., Jeremy Sowden
- [PATCH nf-next v3 01/18] netfilter: fix include guards., Jeremy Sowden
- [PATCH nf-next v3 06/18] netfilter: remove nf_conntrack_icmpv6.h header., Jeremy Sowden
- [PATCH nf-next v3 18/18] netfilter: remove two unused functions from nf_conntrack_timestamp.h., Jeremy Sowden
- [PATCH nf-next v3 13/18] netfilter: update stub br_nf_pre_routing_ipv6 parameter to `void *priv`., Jeremy Sowden
- [PATCH nf-next v3 17/18] netfilter: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h., Jeremy Sowden
- [PATCH nf-next v3 16/18] netfilter: remove CONFIG_NETFILTER checks from headers., Jeremy Sowden
- [PATCH nf-next v3 15/18] netfilter: remove CONFIG_NF_CONNTRACK check from nf_conntrack_acct.h., Jeremy Sowden
- [PATCH nf-next v3 11/18] netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...)., Jeremy Sowden
- [PATCH nf-next v3 14/18] netfilter: move nf_conntrack code to linux/nf_conntrack_common.h., Jeremy Sowden
- [PATCH nf-next v3 10/18] netfilter: use consistent style when defining inline functions in nf_conntrack_ecache.h., Jeremy Sowden
- [PATCH nf-next v3 12/18] netfilter: wrap two inline functions in config checks., Jeremy Sowden
- Re: [PATCH nf-next v3 00/18] Remove config option checks from netfilter headers., Pablo Neira Ayuso
- Re: [PATCH nf-next v3 00/18] Remove config option checks from netfilter headers., Pablo Neira Ayuso
[PATCH nft v5] src: add synproxy stateful object support,
Fernando Fernandez Mancera
[PATCH nft v4] src: add synproxy stateful object support,
Fernando Fernandez Mancera
[PATCH nft] libnftables: use-after-free in exit path, Pablo Neira Ayuso
[PATCH nf-next v6 0/4] netfilter: nf_tables_offload: clean offload things when the device unregister,
wenxu
[PATCH ebtables-nft] ebtables: fix over-eager -o checks on custom chains,
Florian Westphal
[PATCH iptables] netfilter: hashlimit: prefer PRIu64 to avoid warnings on 32bit platforms,
Florian Westphal
iptables release,
Fabio Pedretti
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
