Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init(), (continued)
- Re: [Patch nf-next] nf_conntrack: fix error path in nf_conntrack_pernet_init(), Pablo Neira Ayuso
[PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn, Anders Roxell
- Re: [PATCH] netfilter: ipt_CLUSTERIP: fix warning unused variable cn, Pablo Neira Ayuso
general protection fault in nf_ct_gre_keymap_flush, syzbot
- Re: general protection fault in nf_ct_gre_keymap_flush, syzbot
- Re: general protection fault in nf_ct_gre_keymap_flush, syzbot
INFO: rcu detected stall in gc_worker, syzbot
[ebtables-legacy PATCH 1/2] ebtables: drop .spec file, Arturo Borrero Gonzalez
- [ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script, Arturo Borrero Gonzalez
  - Re: [ebtables-legacy PATCH 2/2] ebtables: drop sysvinit script, Pablo Neira Ayuso
- Re: [ebtables-legacy PATCH 1/2] ebtables: drop .spec file, Pablo Neira Ayuso
[iptables PATCH 0/3] xtables: Fix multiple issues in rule matching code, Phil Sutter
- [iptables PATCH 1/3] nft: Fix potential memleaks in nft_*_rule_find(), Phil Sutter
- [iptables PATCH 2/3] xtables: Fix for crash when comparing rules with standard target, Phil Sutter
- [iptables PATCH 3/3] xtables: Fix for false-positive rule matching, Phil Sutter
EINVAL from ebtables -b broute -F BROUTING, Francesco Ruggeri
- [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Florian Westphal
  - Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
  - Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Pablo Neira Ayuso
    - Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
      - Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Florian Westphal
      - Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Florian Westphal
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Florian Westphal
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Florian Westphal
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
        
        Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present, Francesco Ruggeri
[iptables PATCH 0/2] ebtables-nft output fixes, Phil Sutter
- [iptables PATCH 1/2] ebtables: Fix rule listing with counters, Phil Sutter
- [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently", Phil Sutter
  - Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently", Florian Westphal
    - Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently", Phil Sutter
      - Re: [iptables PATCH 2/2] Revert "ebtables: use extrapositioned negation consistently", Florian Westphal
[PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout, Florian Westphal
- [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds, Florian Westphal
  - Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds, Stephen Rothwell
    - Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds, Florian Westphal
      - Re: [PATCH nf-next 1/2] netfilter: conntrack: fix IPV6=n builds, Stephen Rothwell
- [PATCH nf-next 2/2] netfilter: conntrack: fix bogus port values for other l4 protocols, Florian Westphal
- Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout, Stephen Rothwell
- Re: [PATCH nf-next 0/2] netfilter: conntrack: fix indirect call removal fallout, Pablo Neira Ayuso
[PATCH nf-next v2] netfilter: nfnetlink_osf: add missing fmatch check, Fernando Fernandez Mancera
[PATCH libnftnl 2/2] Revert "expr: add map lookups for hash statements", Laura Garcia Liebana
[PATCH libnftnl 1/2] Revert "expr: add map lookups for numgen statements", Laura Garcia Liebana
[PATCH libnftnl 0/2] Revert map lookups for expressions, Laura Garcia Liebana
- Re: [PATCH libnftnl 0/2] Revert map lookups for expressions, Pablo Neira Ayuso
[PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Eli Cooper
- Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Alin Năstac
  - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Eli Cooper
    - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Florian Westphal
      - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Alin Năstac
        
        Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Pablo Neira Ayuso
        
        Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Alin Năstac
        
        Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Eli Cooper
        
        Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Alin Năstac
- Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, John Haxby
    - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, Pablo Neira Ayuso
      - Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address, John Haxby
[PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check, Fernando Fernandez Mancera
- Re: [PATCH nf-next] netfilter: nfnetlink_osf: add missing fmatch check, Pablo Neira Ayuso
[PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg, Luc Van Oostenryck
- Re: [PATCH] nft_counter: remove wrong __percpu of nft_counter_resest()'s arg, Pablo Neira Ayuso
[PATCH ipvs-next] ipvs: use indirect call wrappers, Matteo Croce
- Re: [PATCH ipvs-next] ipvs: use indirect call wrappers, Julian Anastasov
  - Re: [PATCH ipvs-next] ipvs: use indirect call wrappers, Simon Horman
- Re: [PATCH ipvs-next] ipvs: use indirect call wrappers, kbuild test robot
[PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums, Matteo Croce
- Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums, Julian Anastasov
  - Re: [PATCH ipvs-next] ipvs: avoid indirect calls when calculating checksums, Simon Horman
[PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations", Laura Garcia Liebana
- Re: [PATCH nf-next] Revert "netfilter: nft_hash: add map lookups for hashing operations", Pablo Neira Ayuso
Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount], Steffen Nurpmeso
- Re: 4.19.{12,[13],14}: RIP: 0010:nf_conncount_cache_free+0x26/0x2f [nf_conncount], Steffen Nurpmeso
stable fixes for nf_conncount 4.19.x, Pablo Neira Ayuso
- Re: stable fixes for nf_conncount 4.19.x, Greg Kroah-Hartman
  - Re: stable fixes for nf_conncount 4.19.x, Greg Kroah-Hartman
    - Re: stable fixes for nf_conncount 4.19.x, Reindl Harald
  - Re: stable fixes for nf_conncount 4.19.x, Pablo Neira Ayuso
Re: Deleting tables from included files causes a kernel BUG, Neal P. Murphy
- Re: Deleting tables from included files causes a kernel BUG, zrm
[PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple, Florian Westphal
- Re: [PATCH nf-next] netfilter: nat: un-export nf_nat_used_tuple, Pablo Neira Ayuso
[iptables PATCH] utils: Add a manpage for nfbpf_compile, Phil Sutter
- Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile, Willem de Bruijn
  - Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile, Phil Sutter
- Re: [iptables PATCH] utils: Add a manpage for nfbpf_compile, Pablo Neira Ayuso
[nft PATCH] src: Quote user-defined names, Phil Sutter
- Re: [nft PATCH] src: Quote user-defined names, Pablo Neira Ayuso
  - Re: [nft PATCH] src: Quote user-defined names, Phil Sutter
  - Re: [nft PATCH] src: Quote user-defined names, Pablo Neira Ayuso
    - Re: [nft PATCH] src: Quote user-defined names, Pablo Neira Ayuso
    - Re: [nft PATCH] src: Quote user-defined names, Phil Sutter
      - Re: [nft PATCH] src: Quote user-defined names, Phil Sutter
        
        Re: [nft PATCH] src: Quote user-defined names, Phil Sutter
- Re: [nft PATCH] src: Quote user-defined names, Florian Westphal
[PATCH nf-next,v2] netfilter: nf_conntrack: provide modparam to always register conntrack hooks, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_conntrack: provide modparam to always register conntrack hooks, Pablo Neira Ayuso
INFO: rcu detected stall in tipc_disc_timeout, syzbot
[PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, wenxu
- Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Pablo Neira Ayuso
  - Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, David Ahern
    - Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Pablo Neira Ayuso
  - Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Florian Westphal
    - Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Pablo Neira Ayuso
      - Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, wenxu
        
        Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Florian Westphal
[iptables PATCH 0/3] xtables: Fix for inserting rule at wrong position, Phil Sutter
- [iptables PATCH 2/3] xtables: Fix position of replaced rules in cache, Phil Sutter
  - Re: [iptables PATCH 2/3] xtables: Fix position of replaced rules in cache, Pablo Neira Ayuso
- [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position, Phil Sutter
  - Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position, Pablo Neira Ayuso
    - Re: [iptables PATCH 3/3] xtables: Fix for inserting rule at wrong position, Phil Sutter
- [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately, Phil Sutter
  - Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately, Pablo Neira Ayuso
    - Re: [iptables PATCH 1/3] nft: Add new builtin chains to cache immediately, Phil Sutter
[PATCH nf-next 0/16] conntrack: remove indirect calls from packet path, Florian Westphal
- [PATCH nf-next 01/16] netfilter: conntrack: handle builtin l4proto packet functions via direct calls, Florian Westphal
- [PATCH nf-next 02/16] netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls, Florian Westphal
- [PATCH nf-next 03/16] netfilter: conntrack: gre: convert rwlock to rcu, Florian Westphal
- [PATCH nf-next 04/16] netfilter: conntrack: gre: switch module to be built-in, Florian Westphal
- [PATCH nf-next 05/16] netfilter: conntrack: remove net_id, Florian Westphal
- [PATCH nf-next 06/16] netfilter: conntrack: remove pkt_to_tuple callback, Florian Westphal
- [PATCH nf-next 07/16] netfilter: conntrack: remove invert_tuple callback, Florian Westphal
- [PATCH nf-next 08/16] netfilter: conntrack: remove module owner field, Florian Westphal
- [PATCH nf-next 09/16] netfilter: conntrack: remove remaining l4proto indirect packet calls, Florian Westphal
- [PATCH nf-next 10/16] netfilter: conntrack: remove pernet l4 proto register interface, Florian Westphal
- [PATCH nf-next 13/16] netfilter: conntrack: remove sysctl registration helpers, Florian Westphal
- [PATCH nf-next 14/16] netfilter: conntrack: remove l4proto init and get_net callbacks, Florian Westphal
- [PATCH nf-next 12/16] netfilter: conntrack: unify sysctl handling, Florian Westphal
- [PATCH nf-next 15/16] netfilter: conntrack: remove l4proto destroy hook, Florian Westphal
- [PATCH nf-next 11/16] netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups, Florian Westphal
- [PATCH nf-next 16/16] netfilter: conntrack: remove nf_ct_l4proto_find_get, Florian Westphal
- Re: [PATCH nf-next 0/16] conntrack: remove indirect calls from packet path, Pablo Neira Ayuso
[libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute, Phil Sutter
- Re: [libnftnl PATCH] src: rule: Support NFTA_RULE_POSITION_ID attribute, Pablo Neira Ayuso
[PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, wenxu
- Re: [PATCH v2] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type, Florian Westphal
Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2, Michal Kubecek
- Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2, Florian Westphal
  - Re: [REGRESSION] 5.0-rc2: iptables -nvL consumes 100% of CPU and hogs memory with kernel 5.0-rc2, Martin Steigerwald
[PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type, wenxu
- Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type, Florian Westphal
  - Re: [PATCH] netfilter: nft_meta: Add NFT_META_L3MASTER meta type, wenxu
[PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule, Phil Sutter
- Re: [PATCH] netfilter: nf_tables: Support RULE_ID reference in new rule, Pablo Neira Ayuso
[libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at(), Phil Sutter
- Re: [libnftnl PATCH] src: chain: Fix nftnl_chain_rule_insert_at(), Pablo Neira Ayuso
[PATCH nf 0/3] netfilter: nft_compat: fix race conditions, Florian Westphal
- [PATCH nf 1/3] netfilter: nft_compat: use refcnt_t type for nft_xt reference count, Florian Westphal
- [PATCH nf 2/3] netfilter: nft_compat: make lists per netns, Florian Westphal
- [PATCH nf 3/3] netfilter: nft_compat: destroy function must not have side effects, Florian Westphal
- Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions, Taehee Yoo
- Re: [PATCH nf 0/3] netfilter: nft_compat: fix race conditions, Pablo Neira Ayuso
[PATCH] netfilter: fix checking method of conntrack helper, Henry Yen
- Re: [PATCH] netfilter: fix checking method of conntrack helper, John Crispin
[PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook, wenxu
- Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook, Pablo Neira Ayuso
  - Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook, Florian Westphal
    - Re: [PATCH v3] vrf: Fix conntrack-dnat conflict in vrf-device PREROUTING hook, Pablo Neira Ayuso
ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Martin Kratochvíl
- Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Jozsef Kadlecsik
  - Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Martin Kratochvíl
    - Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Jozsef Kadlecsik
      - Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Martin Kratochvíl
      - Message not available
        
        Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12, Jozsef Kadlecsik
[PATCH nf-next] netfilter: physdev: relax br_netfilter dependency, Florian Westphal
- Re: [PATCH nf-next] netfilter: physdev: relax br_netfilter dependency, Pablo Neira Ayuso
[PATCH v3] netfilter: nft_flow_offload: fix interaction with vrf slave device, wenxu
[PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init, Taehee Yoo
- Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init, Florian Westphal
  - Re: [PATCH nf 2/2] netfilter: nft_compat: protect lists between select_ops and init, Taehee Yoo
[PATCH nf 1/2] netfilter: nft_compat: fix a race condition in match/target list, Taehee Yoo
[PATCH nf 0/2] netfilter: nft_compat: fix a race condition in nft_compat module, Taehee Yoo
[PATCH] netfilter: nat: Update comment of get_unique_tuple, YueHaibing
- Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple, YueHaibing
- Re: [PATCH] netfilter: nat: Update comment of get_unique_tuple, YueHaibing
[PATCH nft] payload: refine payload expr merging, Florian Westphal
- Re: [PATCH nft] payload: refine payload expr merging, Pablo Neira Ayuso
[PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct, wenxu
- Re: [PATCH v2] nft_flow_offload: Make flow offload work with vrf slave device correct, Pablo Neira Ayuso
[PATCH v2] netfilter: x_tables: add xt_tunnel match, wenxu
- Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match, Pablo Neira Ayuso
  - Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match, wenxu
- Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match, Pablo Neira Ayuso
  - Re: [PATCH v2] netfilter: x_tables: add xt_tunnel match, wenxu
IPtables v 1.8.2 patch, Nathan O.
- Re: IPtables v 1.8.2 patch, Pablo Neira Ayuso
  - Message not available
    - Re: IPtables v 1.8.2 patch, Pablo Neira Ayuso
[PATCH nft] src: fix netdev family device name parsing, Florian Westphal
- Re: [PATCH nft] src: fix netdev family device name parsing, Pablo Neira Ayuso
[PATCH nf-next] netfilter: conntrack: remove helper hook again, Florian Westphal
- Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again, Pablo Neira Ayuso
  - Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again, Pablo Neira Ayuso
- Re: [PATCH nf-next] netfilter: conntrack: remove helper hook again, Pablo Neira Ayuso
[PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr, wenxu
- Re: [PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr, Pablo Neira Ayuso
  - Re: [PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr, Pablo Neira Ayuso
[PATCH] netfilter: nf_tables: selective rule dump needs table to be specified, Pablo Neira Ayuso
[PATCH AUTOSEL 4.20 001/117] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets, Sasha Levin
- [PATCH AUTOSEL 4.20 086/117] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine, Sasha Levin
- [PATCH AUTOSEL 4.20 085/117] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine, Sasha Levin
- [PATCH AUTOSEL 4.20 084/117] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set, Sasha Levin
[PATCH AUTOSEL 4.19 01/97] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets, Sasha Levin
- [PATCH AUTOSEL 4.19 69/97] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine, Sasha Levin
- [PATCH AUTOSEL 4.19 70/97] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine, Sasha Levin
- [PATCH AUTOSEL 4.19 68/97] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set, Sasha Levin
[PATCH AUTOSEL 4.14 37/53] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set, Sasha Levin
[PATCH nf-next] netfilter: nf_tables: add direct calls for all builtin expressions, Florian Westphal
- Re: [PATCH nf-next] netfilter: nf_tables: add direct calls for all builtin expressions, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: nf_tables: prepare nft_object for lookups via hashtable, Florian Westphal
- [PATCH nf-next 2/2] netfilter: nf_tables: handle nft_object lookups via rhltable, Florian Westphal
  - Re: [PATCH nf-next 2/2] netfilter: nf_tables: handle nft_object lookups via rhltable, Pablo Neira Ayuso
- Re: [PATCH nf-next 1/2] netfilter: nf_tables: prepare nft_object for lookups via hashtable, Pablo Neira Ayuso
Re: [apparmor] Apparmor netfiter support?, John Johansen
Re: [nf-next] netfilter: Add support for inner IPv6 packet match, David R. Bild
[PATCH] [v2] netfilter: ipset: fix a missing check of nla_parse, Aditya Pakki
- Re: [PATCH] [v2] netfilter: ipset: fix a missing check of nla_parse, Kadlecsik József
[PATCH nft 0/4] tests: change test scripts to return 0, Florian Westphal
- [PATCH nft 1/4] tests: shell: add test case for leaking of stateful object refcount, Florian Westphal
- [PATCH nft 3/4] tests: shell: fix up redefine test case, Florian Westphal
- [PATCH nft 2/4] tests: shell: change all test scripts to return 0, Florian Westphal
- [PATCH nft 4/4] tests: shell: remove RETURNCODE_SEPARATOR, Florian Westphal
[PATCH nf] netfilter: nf_tables: fix leaking object reference count, Taehee Yoo
- Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count, Pablo Neira Ayuso
    - Re: [PATCH nf] netfilter: nf_tables: fix leaking object reference count, Taehee Yoo
Selfnet: Possible Bugs found in nftables, Jann Haber
- Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
  - Re: Selfnet: Possible Bugs found in nftables, Jann Haber
    - Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
      - Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
        
        Message not available
        
        Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
        
        Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
        
        Re: Selfnet: Possible Bugs found in nftables, Jann Haber
        
        Re: Selfnet: Possible Bugs found in nftables, Florian Westphal
[PATCH v2] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
- Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, William Kucharski
  - Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
- Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Kirill Tkhai
  - Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Kirill Tkhai
    - Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Michal Hocko
      - Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Kirill Tkhai
- Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Pablo Neira Ayuso
- Re: [PATCH v2] netfilter: account ebt_table_info to kmemcg, Pablo Neira Ayuso
Re: [PATCH net-next] vrf: Add VRF_F_BYPASS_RCV_NF flag to vrf device, David Ahern
- Re: [PATCH net-next] vrf: Add VRF_F_BYPASS_RCV_NF flag to vrf device, Florian Westphal
[PATCH nft] rule: fix object listing when no table is given, Florian Westphal
[PATCH v2] net: nf_tables: Fix speedup of selective rule dumps, Phil Sutter
Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting, Nivedita Singhvi
- Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting, Nivedita Singhvi
[iptables PATCH v4 0/5] Separate rule cache per chain et al., Phil Sutter
- [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found, Phil Sutter
  - Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found, Pablo Neira Ayuso
    - Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found, Phil Sutter
      - Re: [iptables PATCH v4 3/5] xtables: Set errno in nft_rule_check() if chain not found, Pablo Neira Ayuso
- [iptables PATCH v4 1/5] nft: Simplify nft_is_chain_compatible(), Phil Sutter
  - Re: [iptables PATCH v4 1/5] nft: Simplify nft_is_chain_compatible(), Pablo Neira Ayuso
- [iptables PATCH v4 2/5] nft: Simplify flush_chain_cache(), Phil Sutter
  - Re: [iptables PATCH v4 2/5] nft: Simplify flush_chain_cache(), Pablo Neira Ayuso
- [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Phil Sutter
  - Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Pablo Neira Ayuso
    - Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Phil Sutter
      - Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Pablo Neira Ayuso
        
        Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Florian Westphal
        
        Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Pablo Neira Ayuso
        
        Re: [iptables PATCH v4 5/5] xtables: Do not change ruleset while listing, Phil Sutter
- [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position, Phil Sutter
  - Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position, Pablo Neira Ayuso
    - Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position, Phil Sutter
      - Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position, Pablo Neira Ayuso
        
        Re: [iptables PATCH v4 4/5] xtables: Fix for inserting rule at wrong position, Phil Sutter
[PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Phil Sutter
- Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Florian Westphal
  - Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Phil Sutter
    - Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Pablo Neira Ayuso
      - Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Florian Westphal
        
        Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Pablo Neira Ayuso
- Re: [PATCH] net: nf_tables: Fix for endless loop when dumping ruleset, Pablo Neira Ayuso
[libnftnl PATCH] src: chain: Add missing nftnl_chain_rule_del(), Phil Sutter
- Re: [libnftnl PATCH] src: chain: Add missing nftnl_chain_rule_del(), Pablo Neira Ayuso
Re: [PATCH] nft_flow_offload: Fix the peer route get from wrong daddr, Pablo Neira Ayuso
- Re:Re: [PATCH] nft_flow_offload: Fix the peer route get from wrong daddr, wenxu
[PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct, wenxu
- Re: [PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct, wenxu
- Re: [PATCH] nft_flow_offload: Make flow offload work with vrf slave device correct, Pablo Neira Ayuso
[PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
- Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
  - Re: Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Kirill Tkhai
    - Re: Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
  - Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Florian Westphal
    - Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
      - Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Michal Hocko
        
        Re: [PATCH] netfilter: account ebt_table_info to kmemcg, Shakeel Butt
[PATCH nft 1/2] doc: refer to meta protocol in icmp and icmpv6, Pablo Neira Ayuso
- [PATCH nft 2/2] src: add igmp support, Pablo Neira Ayuso
[PATCH 1/2] ipset: remove useless memset() calls, Florent Fourcot
- [PATCH 2/2] ipset: merge uadd and udel functions, Florent Fourcot
- Re: [PATCH 1/2] ipset: remove useless memset() calls, Pablo Neira Ayuso
  - [PATCH v2 1/2] ipset: remove useless memset() calls, Florent Fourcot
    - [PATCH v2 2/2] ipset: merge uadd and udel functions, Florent Fourcot
      - Re: [PATCH v2 2/2] ipset: merge uadd and udel functions, Kadlecsik József
    - Re: [PATCH v2 1/2] ipset: remove useless memset() calls, Kadlecsik József
[PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management, Florian Westphal
- [PATCH nf 1/8] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS, Florian Westphal
- [PATCH nf 2/8] netfilter: nf_conncount: don't skip eviction when age is negative, Florian Westphal
- [PATCH nf 3/8] netfilter: nf_conncount: split gc in two phases, Florian Westphal
- [PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased, Florian Westphal
  - Re: [PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased, Shawn Bohrer
    - Re: [PATCH nf 4/8] netfilter: nf_conncount: restart search when nodes have been erased, Shawn Bohrer
- [PATCH nf 5/8] netfilter: nf_conncount: merge lookup and add functions, Florian Westphal
- [PATCH nf 6/8] netfilter: nf_conncount: move all list iterations under spinlock, Florian Westphal
- [PATCH nf 7/8] netfilter: nf_conncount: speculative garbage collection on empty lists, Florian Westphal
- [PATCH nf 8/8] netfilter: nf_conncount: fix argument order to find_next_bit, Florian Westphal
- Re: [PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management, Shawn Bohrer
- Re: [PATCH nf 0/8] netfilter: nf_conncount: rework locking and memory management, Pablo Neira Ayuso
[PATCH nft] src: remove deprecated code for export/import commands, Pablo Neira Ayuso
[PATCH AUTOSEL 4.19 21/97] netfilter: seqadj: re-load tcp header pointer after possible head reallocation, Sasha Levin
[PATCH AUTOSEL 4.19 20/97] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace(), Sasha Levin
[PATCH AUTOSEL 4.9 08/35] netfilter: seqadj: re-load tcp header pointer after possible head reallocation, Sasha Levin
[PATCH AUTOSEL 4.9 12/35] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel, Sasha Levin
[PATCH AUTOSEL 4.19 36/97] netfilter: nat: can't use dst_hold on noref dst, Sasha Levin
[PATCH AUTOSEL 4.19 35/97] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel, Sasha Levin
[PATCH AUTOSEL 4.19 37/97] netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node(), Sasha Levin
[PATCH AUTOSEL 4.14 12/59] netfilter: seqadj: re-load tcp header pointer after possible head reallocation, Sasha Levin
[PATCH AUTOSEL 4.14 23/59] netfilter: nat: can't use dst_hold on noref dst, Sasha Levin
[PATCH AUTOSEL 4.14 22/59] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel, Sasha Levin
[PATCH nf 1/3] netfilter: nf_conncount: remove workqueue garbage collector, Pablo Neira Ayuso
- [PATCH nf 2/3] netfilter: nf_conncount: double connection deletion from packet path, Pablo Neira Ayuso
  - Re: [PATCH nf 2/3] netfilter: nf_conncount: double connection deletion from packet path, Florian Westphal
- [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
  - Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Florian Westphal
  - Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Shawn Bohrer
    - Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
      - Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Shawn Bohrer
        
        Re: [PATCH nf 3/3] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
- Re: [PATCH nf 1/3] netfilter: nf_conncount: remove workqueue garbage collector, Florian Westphal
[PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
  - Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists, Shawn Bohrer
    - Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists, Pablo Neira Ayuso
    - Re: [PATCH nf] netfilter: nf_conncount: speculative garbage collection on empty lists, Florian Westphal
[PATCH] ipset: fix a missing check of nla_parse, Kangjie Lu
- Re: [PATCH] ipset: fix a missing check of nla_parse, Kirill Tkhai
  - Re: [PATCH] ipset: fix a missing check of nla_parse, Pablo Neira Ayuso
    - Re: [PATCH] ipset: fix a missing check of nla_parse, Kirill Tkhai
[PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Alin Nastac
- Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Pablo Neira Ayuso
  - Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Alin Năstac
    - Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Pablo Neira Ayuso
      - Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Alin Năstac
        
        Re: [PATCH v4] netfilter: nf_conntrack_sip: add sip_external_media logic, Pablo Neira Ayuso
[PATCH] include: Use char* for arithmetic over void*, William Woodruff
- Re: [PATCH] include: Use char* for arithmetic over void*, William Woodruff
[PATCH iptables] iptables-xml: fix symlink path, Joel Carlson
- Re: [PATCH iptables] iptables-xml: fix symlink path, Joel Carlson
  - Re: [PATCH iptables] iptables-xml: fix symlink path, Joel Carlson
[PATCH] netfilter: x_tables: add xt_tunnel match, wenxu
- Re: [PATCH] netfilter: x_tables: add xt_tunnel match, wenxu
- Re: [PATCH] netfilter: x_tables: add xt_tunnel match, Pablo Neira Ayuso
  - Re: [PATCH] netfilter: x_tables: add xt_tunnel match, wenxu
    - Re: [PATCH] netfilter: x_tables: add xt_tunnel match, wenxu
[PATCH] netfilter: fix a missing check of nla put failure, Kangjie Lu
- Re: [PATCH] netfilter: fix a missing check of nla put failure, Pablo Neira Ayuso
[PATCH 00/37] Netfilter updates for net-next, Pablo Neira Ayuso
- [PATCH 02/37] netfilter: ipset: Make invalid MAC address checks consistent, Pablo Neira Ayuso
- [PATCH 06/37] netfilter: nf_flow_table: simplify nf_flow_offload_gc_step(), Pablo Neira Ayuso
- [PATCH 04/37] netfilter: ctnetlink: always honor CTA_MARK_MASK, Pablo Neira Ayuso
- [PATCH 05/37] netfilter: nf_flow_table: make nf_flow_table_iterate() static, Pablo Neira Ayuso
- [PATCH 15/37] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support, Pablo Neira Ayuso
- [PATCH 16/37] netfilter: nat: un-export nf_nat_l4proto_unique_tuple, Pablo Neira Ayuso
- [PATCH 17/37] netfilter: nat: remove l4proto->unique_tuple, Pablo Neira Ayuso
- [PATCH 20/37] netfilter: nat: remove l4proto->nlattr_to_range, Pablo Neira Ayuso
- [PATCH 32/37] netfilter: conntrack: un-export seq_print_acct, Pablo Neira Ayuso
- [PATCH 33/37] netfilter: conntrack: add mnemonics for sysctl table, Pablo Neira Ayuso
- [PATCH 35/37] netfilter: conntrack: merge ecache and timestamp sysctl tables with main one, Pablo Neira Ayuso
- [PATCH 36/37] netfilter: conntrack: remove empty pernet fini stubs, Pablo Neira Ayuso
- [PATCH 37/37] netfilter: netns: shrink netns_ct struct, Pablo Neira Ayuso
- [PATCH 34/37] netfilter: conntrack: merge acct and helper sysctl table with main one, Pablo Neira Ayuso
- [PATCH 31/37] netfilter: conntrack: register sysctl table for gre, Pablo Neira Ayuso
- [PATCH 25/37] netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine, Pablo Neira Ayuso
- [PATCH 29/37] netfilter: conntrack: udp: only extend timeout to stream mode after 2s, Pablo Neira Ayuso
- [PATCH 30/37] netfilter: conntrack: udp: set stream timeout to 2 minutes, Pablo Neira Ayuso
- [PATCH 24/37] netfilter: nf_tables: Speed up selective rule dumps, Pablo Neira Ayuso
- [PATCH 22/37] netfilter: nat: remove nf_nat_l4proto struct, Pablo Neira Ayuso
- [PATCH 28/37] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set, Pablo Neira Ayuso
- [PATCH 21/37] netfilter: nat: remove l4proto->manip_pkt, Pablo Neira Ayuso
- [PATCH 27/37] netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put(), Pablo Neira Ayuso
- [PATCH 26/37] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine, Pablo Neira Ayuso
- [PATCH 14/37] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl(), Pablo Neira Ayuso
- [PATCH 19/37] netfilter: nat: remove l4proto->in_range, Pablo Neira Ayuso
- [PATCH 23/37] netfilter: nf_nat_sip: fix RTP/RTCP source port translations, Pablo Neira Ayuso
- [PATCH 18/37] netfilter: nat: fold in_range indirection into caller, Pablo Neira Ayuso
- [PATCH 07/37] netfilter: Replace call_rcu_bh(), rcu_barrier_bh(), and synchronize_rcu_bh(), Pablo Neira Ayuso
- [PATCH 13/37] netfilter: nat: limit port clash resolution attempts, Pablo Neira Ayuso
- [PATCH 12/37] netfilter: nat: remove unnecessary 'else if' branch, Pablo Neira Ayuso
- [PATCH 11/37] netfilter: ipset: replace a strncpy() with strscpy(), Pablo Neira Ayuso
- [PATCH 10/37] netfilter: ipset: fix ip_set_byindex function, Pablo Neira Ayuso
- [PATCH 03/37] netfilter: ipset: Introduction of new commands and protocol version 7, Pablo Neira Ayuso
- [PATCH 09/37] netfilter: nat: remove l4 protocol port rovers, Pablo Neira Ayuso
- [PATCH 08/37] netfilter: remove NFC_* cache bits, Pablo Neira Ayuso
- [PATCH 01/37] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets, Pablo Neira Ayuso
- Re: [PATCH 00/37] Netfilter updates for net-next, David Miller
[libnftnl PATCH 0/5] Covscan indicated fixes, Phil Sutter
- [libnftnl PATCH 1/5] src: object: Avoid obj_ops array overrun, Phil Sutter
  - Re: [libnftnl PATCH 1/5] src: object: Avoid obj_ops array overrun, Pablo Neira Ayuso
- [libnftnl PATCH 2/5] src: flowtable: Add missing break, Phil Sutter
  - Re: [libnftnl PATCH 2/5] src: flowtable: Add missing break, Pablo Neira Ayuso
- [libnftnl PATCH 5/5] src: flowtable: Fix for reading garbage, Phil Sutter
  - Re: [libnftnl PATCH 5/5] src: flowtable: Fix for reading garbage, Pablo Neira Ayuso
- [libnftnl PATCH 3/5] src: flowtable: Fix use after free in two spots, Phil Sutter
  - Re: [libnftnl PATCH 3/5] src: flowtable: Fix use after free in two spots, Pablo Neira Ayuso
- [libnftnl PATCH 4/5] src: flowtable: Fix memleak in nftnl_flowtable_parse_devs(), Phil Sutter
  - Re: [libnftnl PATCH 4/5] src: flowtable: Fix memleak in nftnl_flowtable_parse_devs(), Pablo Neira Ayuso
[iptables PATCH v3 00/21] Separate rule cache per chain et al., Phil Sutter
- [iptables PATCH v3 18/21] xtables: Optimize list rules command with given chain, Phil Sutter
- [iptables PATCH v3 10/21] nft: Move nft_rule_list_get() above nft_chain_list_get(), Phil Sutter
- [iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion, Phil Sutter
  - Re: [iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 16/21] xtables: Optimize user-defined chain deletion, Phil Sutter
- [iptables PATCH v3 04/21] nft: Review is_*_compatible() routines, Phil Sutter
  - Re: [iptables PATCH v3 04/21] nft: Review is_*_compatible() routines, Pablo Neira Ayuso
- [iptables PATCH v3 07/21] nft: Simplify per table chain cache update, Phil Sutter
- [iptables PATCH v3 11/21] xtables: Implement per chain rule cache, Phil Sutter
  - Re: [iptables PATCH v3 11/21] xtables: Implement per chain rule cache, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 11/21] xtables: Implement per chain rule cache, Phil Sutter
- [iptables PATCH v3 09/21] nft: Introduce fetch_chain_cache(), Phil Sutter
- [iptables PATCH v3 06/21] nft: Reduce indenting level in flush_chain_cache(), Phil Sutter
  - Re: [iptables PATCH v3 06/21] nft: Reduce indenting level in flush_chain_cache(), Pablo Neira Ayuso
- [iptables PATCH v3 03/21] xtables-restore: Review chain handling, Phil Sutter
  - Re: [iptables PATCH v3 03/21] xtables-restore: Review chain handling, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 03/21] xtables-restore: Review chain handling, Phil Sutter
- [iptables PATCH v3 20/21] xtables: Fix for inserting rule at wrong position, Phil Sutter
- [iptables PATCH v3 15/21] tests: Extend verbose output and return code tests, Phil Sutter
- [iptables PATCH v3 12/21] nft: Drop nft_chain_list_find(), Phil Sutter
- [iptables PATCH v3 17/21] xtables: Optimize list command with given chain, Phil Sutter
  - Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain, Phil Sutter
- [iptables PATCH v3 21/21] xtables: Do not change ruleset while listing, Phil Sutter
  - Re: [iptables PATCH v3 21/21] xtables: Do not change ruleset while listing, Pablo Neira Ayuso
    - Re: [iptables PATCH v3 21/21] xtables: Do not change ruleset while listing, Phil Sutter
- [iptables PATCH v3 05/21] nft: Reduce __nft_rule_del() signature, Phil Sutter
- [iptables PATCH v3 02/21] nft: Review unclear return points, Phil Sutter
- [iptables PATCH v3 19/21] nft: Make use of nftnl_rule_lookup_byindex(), Phil Sutter
- [iptables PATCH v3 13/21] xtables: Optimize flushing a specific chain, Phil Sutter
- [iptables PATCH v3 14/21] xtables: Optimize nft_chain_zero_counters(), Phil Sutter
- [iptables PATCH v3 08/21] nft: Simplify nft_rule_insert() a bit, Phil Sutter
- [iptables PATCH v3 01/21] nft: Simplify nftnl_rule_list_chain_save(), Phil Sutter
- Re: [iptables PATCH v3 00/21] Separate rule cache per chain et al., Pablo Neira Ayuso
[PATCH iptables] include: Use char* for arithmetic over void*, William Woodruff
- Re: [PATCH iptables] include: Use char* for arithmetic over void*, William Woodruff
nf_conncount_destroy bug in rb_erase(), Shawn Bohrer
- Re: nf_conncount_destroy bug in rb_erase(), Florian Westphal
  - [PATCH 0/3] nf_conncount bugfixes, Shawn Bohrer
    - [PATCH 1/3] nf_conncount: Set correct parent rbnode when inserting on exact match, Shawn Bohrer
    - [PATCH 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match, Shawn Bohrer
    - [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS, Shawn Bohrer
      - Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS, Florian Westphal
        
        Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS, Shawn Bohrer
        
        Re: [PATCH 3/3] nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS, Florian Westphal
    - Re: [PATCH 0/3] nf_conncount bugfixes, Florian Westphal
  - [PATCH v2 0/3] nf_conntrack bugfixes, Shawn Bohrer
    - [PATCH v2 1/3] nf_conncount: Set correct parent rbnode when inserting on exact match, Shawn Bohrer
    - [PATCH v2 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match, Shawn Bohrer
      - Re: [PATCH v2 2/3] nf_conncount: GC dead rbnodes when inserting a new node that is exact match, Shawn Bohrer
    - [PATCH v2 3/3] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS, Shawn Bohrer
      - Re: [PATCH v2 3/3] nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS, Florian Westphal
[PATCH nf-next 0/6] netfilter: conntrack: reduce sysctl management copypaste, Florian Westphal
- [PATCH nf-next 1/6] netfilter: conntrack: un-export seq_print_acct, Florian Westphal
- [PATCH nf-next 2/6] netfilter: conntrack: add mnemonics for sysctl table, Florian Westphal
- [PATCH nf-next 3/6] netfilter: conntrack: merge acct and helper sysctl table with main one, Florian Westphal
- [PATCH nf-next 4/6] netfilter: conntrack: merge ecache and timestamp sysctl tables with main one, Florian Westphal
- [PATCH nf-next 5/6] netfilter: conntrack: remove empty pernet fini stubs, Florian Westphal
- [PATCH nf-next 6/6] netfilter: netns: shrink netns_ct struct, Florian Westphal
- Re: [PATCH nf-next 0/6] netfilter: conntrack: reduce sysctl management copypaste, Pablo Neira Ayuso
[PATCH iptables] libxtables: work around unwanted kernel module load, Florian Westphal
- Re: [PATCH iptables] libxtables: work around unwanted kernel module load, Pablo Neira Ayuso
  - Re: [PATCH iptables] libxtables: work around unwanted kernel module load, Florian Westphal
    - Re: [PATCH iptables] libxtables: work around unwanted kernel module load, Pablo Neira Ayuso
      - Re: [PATCH iptables] libxtables: work around unwanted kernel module load, Florian Westphal
        
        Re: [PATCH iptables] libxtables: work around unwanted kernel module load, Pablo Neira Ayuso
[PATCH nf-next] netfilter: conntrack: register sysctl table for gre, Yafang Shao
- Re: [PATCH nf-next] netfilter: conntrack: register sysctl table for gre, Pablo Neira Ayuso
nftables Newcomers Tasks from Bugzilla, Karuna Grewal
- Re: nftables Newcomers Tasks from Bugzilla, Florian Westphal
  - Re: nftables Newcomers Tasks from Bugzilla, Florian Westphal
[iptables PATCH] extensions: TRACE: Point at xtables-monitor in documentation, Phil Sutter
[PATCH nf-next v2] netfilter: conntrack: udp: set stream timeout to 2 minutes, Florian Westphal
- Re: [PATCH nf-next v2] netfilter: conntrack: udp: set stream timeout to 2 minutes, Pablo Neira Ayuso
[nft PATCH v2] nft: Reject 'export vm json' command, Phil Sutter
- Re: [nft PATCH v2] nft: Reject 'export vm json' command, Pablo Neira Ayuso
[nft PATCH] nft: Reject 'export vm json' command, Phil Sutter
[PATCH 0/5] RFC: Add new ip/net,port,ip/net,port sets, Oliver Smith
- [PATCH 1/5] ipset: Support sets with 4 individual elements and an extra port, Oliver Smith
- [PATCH 5/5] lib/ipset.c: Fix a compilation failure when using --enable-debug, Oliver Smith
  - Re: [PATCH 5/5] lib/ipset.c: Fix a compilation failure when using --enable-debug, Jozsef Kadlecsik
- [PATCH 4/5] ipset: Implement net,port,net,port hash set., Oliver Smith
- [PATCH 3/5] ipset: Implement ip,port,net,port hash set., Oliver Smith
- [PATCH 2/5] ipset: Implement ip,port,ip,port hash set., Oliver Smith
  - Re: [PATCH 2/5] ipset: Implement ip,port,ip,port hash set., Akshat Kakkar
- Re: [PATCH 0/5] RFC: Add new ip/net,port,ip/net,port sets, Jozsef Kadlecsik
Proposal: Reduce void pointer arithmetic in favor of char pointers, William Woodruff
- Re: Proposal: Reduce void pointer arithmetic in favor of char pointers, Jan Engelhardt
  - Re: Proposal: Reduce void pointer arithmetic in favor of char pointers, William Woodruff
    - Re: Proposal: Reduce void pointer arithmetic in favor of char pointers, Jan Engelhardt
[iptables PATCH] xtables: Catch errors when zeroing rule rounters, Phil Sutter
- Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters, Pablo Neira Ayuso
  - Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters, Pablo Neira Ayuso
    - Re: [iptables PATCH] xtables: Catch errors when zeroing rule rounters, Phil Sutter
ebtables & arptables releases, Arturo Borrero Gonzalez
Re: general protection fault in watchdog, Dmitry Vyukov
- Re: general protection fault in watchdog, Michal Hocko
  - Re: general protection fault in watchdog, Dmitry Vyukov
[PATCH v2 nf-next] netfilter: nat: remove nf_nat_l4proto struct, Florian Westphal
- [PATCH v2 nf-next 1/8] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support, Florian Westphal
  - Re: [PATCH v2 nf-next 1/8] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support, Pablo Neira Ayuso
- [PATCH v2 nf-next 2/8] netfilter: nat: un-export nf_nat_l4proto_unique_tuple, Florian Westphal
- [PATCH v2 nf-next 3/8] netfilter: nat: remove l4proto->unique_tuple, Florian Westphal
- [PATCH v2 nf-next 4/8] netfilter: nat: fold in_range indirection into caller, Florian Westphal
- [PATCH v2 nf-next 5/8] netfilter: nat: remove l4proto->in_range, Florian Westphal
- [PATCH v2 nf-next 6/8] netfilter: nat: remove l4proto->nlattr_to_range, Florian Westphal
- [PATCH v2 nf-next 7/8] netfilter: nat: remove l4proto->manip_pkt, Florian Westphal
- [PATCH v2 nf-next 8/8] netfilter: nat: remove nf_nat_l4proto struct, Florian Westphal
[PATCH nf-next] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl(), Yafang Shao
- Re: [PATCH nf-next] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl(), Florian Westphal
- Re: [PATCH nf-next] netfilter: remove unused parameters in nf_ct_l4proto_[un]register_sysctl(), Pablo Neira Ayuso
[iptables PATCH v2 00/14] Separate rule cache per chain et al., Phil Sutter
- [iptables PATCH v2 06/14] xtables: Optimize flushing a specific chain, Phil Sutter
- [iptables PATCH v2 14/14] xtables: Do not change ruleset while listing, Phil Sutter
- [iptables PATCH v2 04/14] nft: Simplify nftnl_rule_list_chain_save(), Phil Sutter
- [iptables PATCH v2 12/14] xtables: Make use of nftnl_rule_lookup_byindex(), Phil Sutter
- [iptables PATCH v2 02/14] xtables-restore: Review chain handling, Phil Sutter
- [iptables PATCH v2 07/14] xtables: Optimize nft_chain_zero_counters(), Phil Sutter
- [iptables PATCH v2 08/14] tests: Extend verbose output and return code tests, Phil Sutter
- [iptables PATCH v2 11/14] xtables: Optimize nft_rule_list_save(), Phil Sutter
- [iptables PATCH v2 09/14] xtables: Optimize nft_chain_user_del(), Phil Sutter
- [iptables PATCH v2 05/14] xtables: Drop nft_chain_list_find(), Phil Sutter
- [iptables PATCH v2 10/14] xtables: Optimize nft_rule_list(), Phil Sutter
- [iptables PATCH v2 01/14] xtables: Review unclear return points, Phil Sutter
- [iptables PATCH v2 13/14] xtables: Fix for inserting rule at wrong position, Phil Sutter
- [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Phil Sutter
  - Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Pablo Neira Ayuso
    - Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Phil Sutter
      - Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Pablo Neira Ayuso
        
        Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Phil Sutter
        
        Re: [iptables PATCH v2 03/14] xtables: Implement per chain rule cache, Pablo Neira Ayuso
[PATCH v2] netfilter: nf_nat_sip: fix RTP/RTCP source port translations, Alin Nastac
- Re: [PATCH v2] netfilter: nf_nat_sip: fix RTP/RTCP source port translations, Pablo Neira Ayuso
netfilter: nat: remove nf_nat_l4proto struct, Florian Westphal
- [PATCH nf-next 1/8] netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support, Florian Westphal
- [PATCH nf-next 2/8] netfilter: nat: un-export nf_nat_l4proto_unique_tuple, Florian Westphal
- [PATCH nf-next 3/8] netfilter: nat: remove l4proto->unique_tuple, Florian Westphal
- [PATCH nf-next 4/8] netfilter: nat: fold in_range indirection into caller, Florian Westphal
- [PATCH nf-next 6/8] netfilter: nat: remove l4proto->nlattr_to_range, Florian Westphal
- [PATCH nf-next 7/8] netfilter: nat: remove l4proto->manip_pkt, Florian Westphal
- [PATCH nf-next 8/8] netfilter: nat: remove nf_nat_l4proto struct, Florian Westphal
- [PATCH nf-next 5/8] netfilter: nat: remove l4proto->in_range, Florian Westphal
[iptables PATCH] xtables: Speed up chain deletion in large rulesets, Phil Sutter
- Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets, Pablo Neira Ayuso
  - Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets, Phil Sutter
    - Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets, Phil Sutter
- Re: [iptables PATCH] xtables: Speed up chain deletion in large rulesets, Pablo Neira Ayuso
[PATCH] net: nf_tables: Speed up selective rule dumps, Phil Sutter
- Re: [PATCH] net: nf_tables: Speed up selective rule dumps, Pablo Neira Ayuso
[libnftnl PATCH] chain: Hash chain list by name, Phil Sutter
- Re: [libnftnl PATCH] chain: Hash chain list by name, Pablo Neira Ayuso
[ANNOUNCE] ipset 7.1 released, Jozsef Kadlecsik
- RE: [ANNOUNCE] ipset 7.1 released, eliezer
  - RE: [ANNOUNCE] ipset 7.1 released, Jozsef Kadlecsik
[iptables PATCH 00/14] Separate rule cache per chain et al., Phil Sutter
- [iptables PATCH 08/14] tests: Extend verbose output and return code tests, Phil Sutter
- [iptables PATCH 01/14] xtables: Review unclear return points, Phil Sutter
- [iptables PATCH 13/14] xtables: Fix for inserting rule at wrong position, Phil Sutter
- [iptables PATCH 09/14] xtables: Optimize nft_chain_user_del(), Phil Sutter
- [iptables PATCH 06/14] xtables: Optimize flushing a specific chain, Phil Sutter
- [iptables PATCH 07/14] xtables: Optimize nft_chain_zero_counters(), Phil Sutter
- [iptables PATCH 02/14] xtables-restore: Review chain handling, Phil Sutter
- [iptables PATCH 10/14] xtables: Optimize nft_rule_list(), Phil Sutter
- [iptables PATCH 14/14] xtables: Do not change ruleset while listing, Phil Sutter
- [iptables PATCH 11/14] xtables: Optimize nft_rule_list_save(), Phil Sutter
- [iptables PATCH 04/14] nft: Simplify nftnl_rule_list_chain_save(), Phil Sutter
- [iptables PATCH 03/14] xtables: Implement per chain rule cache, Phil Sutter
- [iptables PATCH 05/14] xtables: Drop nft_chain_list_find(), Phil Sutter
- [iptables PATCH 12/14] xtables: Make use of nftnl_rule_lookup_byindex(), Phil Sutter
[PATCH nf] netfilter: nat: can't use dst_hold on noref dst, Florian Westphal
- Re: [PATCH nf] netfilter: nat: can't use dst_hold on noref dst, Pablo Neira Ayuso
[PATCH v3 nf-next] netfilter: nat: limit port clash resolution attempts, Florian Westphal
- Re: [PATCH v3 nf-next] netfilter: nat: limit port clash resolution attempts, Pablo Neira Ayuso
[PATCH 0/5] ipset patches for nf-next, Jozsef Kadlecsik
- [PATCH 2/5] netfilter: ipset: Make invalid MAC address checks consistent, Jozsef Kadlecsik
- [PATCH 1/5] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets, Jozsef Kadlecsik
- [PATCH 4/5] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel, Jozsef Kadlecsik
  - Re: [PATCH 4/5] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel, Pablo Neira Ayuso
- [PATCH 3/5] netfilter: ipset: Introduction of new commands and protocol version 7, Jozsef Kadlecsik
- [PATCH 5/5] netfilter: ipset: replace a strncpy() with strscpy(), Jozsef Kadlecsik
- Re: [PATCH 0/5] ipset patches for nf-next, Pablo Neira Ayuso
  - Re: [PATCH 0/5] ipset patches for nf-next, Jozsef Kadlecsik
    - Re: [PATCH 0/5] ipset patches for nf-next, Pablo Neira Ayuso
[PATCH net-next v2] netfilter: ebtables: avoid resetting limit rule state, Linus Lüssing
- Re: [PATCH net-next v2] netfilter: ebtables: avoid resetting limit rule state, Pablo Neira Ayuso
[PATCH nf v2] netfilter: nat: limit port clash resolution attempts, Florian Westphal
- Re: [PATCH nf v2] netfilter: nat: limit port clash resolution attempts, Pablo Neira Ayuso
Another compilation error, Ansuel Smith
- Re: Another compilation error, Ansuel Smith
[PATCH nf] netfilter: nat: limit port clash resolution attempts, Florian Westphal
- Re: [PATCH nf] netfilter: nat: limit port clash resolution attempts, Xiaozhou Liu
  - Re: [PATCH nf] netfilter: nat: limit port clash resolution attempts, Florian Westphal
[PATCH nf] netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node(), Taehee Yoo
- Re: [PATCH nf] netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node(), Pablo Neira Ayuso
[PATCH RFC] src: support for arp ether and IP source and destination fields, Pablo Neira Ayuso
- Re: [PATCH RFC] src: support for arp ether and IP source and destination fields, Florian Westphal
  - Re: [PATCH RFC] src: support for arp ether and IP source and destination fields, Pablo Neira Ayuso
[libnftnl PATCH 0/2] chain: Support per chain rules list, Phil Sutter
- [libnftnl PATCH 1/2] chain: Support per chain rules list, Phil Sutter
- [libnftnl PATCH 2/2] chain: Add lookup functions for chain list and rules in chain, Phil Sutter
- Re: [libnftnl PATCH 0/2] chain: Support per chain rules list, Pablo Neira Ayuso
[PATCH v2 nf-next] netfilter: conntrack: udp: only extend timeout to stream mode after 2s, Florian Westphal
[PATCH nf-next] netfilter: conntrack: udp: only extend timeout after 2s, Florian Westphal
[PATCH nf-next] netfilter: conntrack: udp: reduce default timeouts, Florian Westphal
[PATCH nf-next] netfilter: nat: remove unnecessary 'else if' branch, Xiaozhou Liu
- Re: [PATCH nf-next] netfilter: nat: remove unnecessary 'else if' branch, Pablo Neira Ayuso
[PATCH nf] netfilter: seqadj: re-load tcp header pointer after possible head reallocation, Florian Westphal
- Re: [PATCH nf] netfilter: seqadj: re-load tcp header pointer after possible head reallocation, Pablo Neira Ayuso
[PATCH 1/5] netfilter: fix general protection fault when unregister sysctl table, Yafang Shao
- [PATCH 5/5] netfilter: fix error return value of nf_ct_l4proto_pernet_register_one(), Yafang Shao
- [PATCH 4/5] netfilter: fix missed NULL check in nf_conntrack_proto_pernet_init(), Yafang Shao
  - Re: [PATCH 4/5] netfilter: fix missed NULL check in nf_conntrack_proto_pernet_init(), Pablo Neira Ayuso
    - Re: [PATCH 4/5] netfilter: fix missed NULL check in nf_conntrack_proto_pernet_init(), Yafang Shao
- [PATCH 3/5] procfs: fix double drop_sysctl_table(), Yafang Shao
- [PATCH 2/5] netfilter: register sysctl table for gre, Yafang Shao
[PATCH AUTOSEL 4.19 018/123] netfilter: nf_conncount: fix list_del corruption in conn_free, Sasha Levin
[PATCH AUTOSEL 4.19 017/123] netfilter: nf_conncount: use spin_lock_bh instead of spin_lock, Sasha Levin
[PATCH AUTOSEL 4.19 019/123] netfilter: nf_conncount: fix unexpected permanent node of list., Sasha Levin
[PATCH AUTOSEL 4.19 023/123] netfilter: xt_RATEEST: remove netns exit routine, Sasha Levin
[PATCH AUTOSEL 4.19 024/123] netfilter: nf_tables: fix use-after-free when deleting compat expressions, Sasha Levin
[PATCH AUTOSEL 4.19 042/123] netfilter: xt_hashlimit: fix a possible memory leak in htable_create(), Sasha Levin
[PATCH AUTOSEL 4.19 075/123] netfilter: ipv6: Preserve link scope traffic original oif, Sasha Levin
[PATCH AUTOSEL 4.19 067/123] ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf, Sasha Levin
[PATCH AUTOSEL 4.19 078/123] netfilter: nat: fix double register in masquerade modules, Sasha Levin
[PATCH AUTOSEL 4.19 079/123] netfilter: nf_conncount: remove wrong condition check routine, Sasha Levin
[PATCH AUTOSEL 4.19 077/123] netfilter: add missing error handling code for register functions, Sasha Levin
[PATCH AUTOSEL 4.19 089/123] netfilter: nf_tables: deactivate expressions in rule replecement routine, Sasha Levin
[PATCH AUTOSEL 4.14 09/69] netfilter: nf_tables: fix use-after-free when deleting compat expressions, Sasha Levin
[PATCH AUTOSEL 4.14 17/69] netfilter: xt_hashlimit: fix a possible memory leak in htable_create(), Sasha Levin
[PATCH AUTOSEL 4.14 33/69] ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf, Sasha Levin
[PATCH AUTOSEL 4.14 40/69] netfilter: ipv6: Preserve link scope traffic original oif, Sasha Levin
[PATCH AUTOSEL 4.14 46/69] netfilter: nf_tables: deactivate expressions in rule replecement routine, Sasha Levin
[PATCH AUTOSEL 4.9 21/45] ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf, Sasha Levin
[PATCH AUTOSEL 4.19 020/123] netfilter: nf_tables: don't skip inactive chains during update, Sasha Levin
stable nftables kernel changes for port to 3.12 kernel, Pavel Melnik
- Re: stable nftables kernel changes for port to 3.12 kernel, Florian Westphal
  - Re: stable nftables kernel changes for port to 3.12 kernel, Pavel Melnik
    - Re: stable nftables kernel changes for port to 3.12 kernel, Pablo Neira Ayuso
[PATCH nft] parser: bail out on incorrect burst unit, Pablo Neira Ayuso
[iptables PATCH] extensions: libipt_realm: Document allowed realm values, Phil Sutter
- Re: [iptables PATCH] extensions: libipt_realm: Document allowed realm values, Pablo Neira Ayuso
[PATCH v3] netfilter: nf_conntrack_sip: add sip_external_media logic, Alin Nastac
[PATCH RESEND iptables] include: extend the headers conflict workaround to in6.h, Baruch Siach
- Re: [PATCH RESEND iptables] include: extend the headers conflict workaround to in6.h, Pablo Neira Ayuso

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]