Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [PATCH nft 1/5] payload: use integer_type when initializing a raw expression, (continued)
- [PATCH nf 1/2] netfilter: nf_tables: return EBUSY if device already belongs to flowtable,
Pablo Neira Ayuso
- [PATCH v3 0/17] netfilter: nf_flow_table: refactoring, TCP state tracking, sending flows to slow path,
Felix Fietkau
- [PATCH v3 01/17] netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_*, Felix Fietkau
- [PATCH v3 02/17] netfilter: nf_flow_table: clean up flow_offload_alloc, Felix Fietkau
- [PATCH v3 08/17] netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table, Felix Fietkau
- [PATCH v3 04/17] netfilter: nf_flow_table: cache mtu in struct flow_offload_tuple, Felix Fietkau
- [PATCH v3 05/17] netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.c, Felix Fietkau
- [PATCH v3 17/17] netfilter: nf_flow_table: tear down TCP flows if RST or FIN was seen, Felix Fietkau
- [PATCH v3 12/17] netfilter: nf_flow_table: track flow tables in nf_flow_table directly, Felix Fietkau
- [PATCH v3 10/17] netfilter: nf_flow_table: move init code to nf_flow_table_core.c, Felix Fietkau
- [PATCH v3 15/17] netfilter: nf_flow_table: in flow_offload_lookup, skip entries being deleted, Felix Fietkau
- [PATCH v3 11/17] netfilter: nf_flow_table: fix priv pointer for netdev hook, Felix Fietkau
- [PATCH v3 16/17] netfilter: nf_flow_table: add support for sending flows back to the slow path, Felix Fietkau
- [PATCH v3 13/17] netfilter: nf_flow_table: make flow_offload_dead inline, Felix Fietkau
- [PATCH v3 06/17] netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table, Felix Fietkau
- [PATCH v3 07/17] netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu, Felix Fietkau
- [PATCH v3 09/17] netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable dependencies, Felix Fietkau
- [PATCH v3 14/17] netfilter: nf_flow_table: add a new flow state for tearing down offloading, Felix Fietkau
- [PATCH v3 03/17] ipv6: make ip6_dst_mtu_forward inline, Felix Fietkau
- Re: [PATCH v3 0/17] netfilter: nf_flow_table: refactoring, TCP state tracking, sending flows to slow path, Pablo Neira Ayuso
- Re: [PATCH v3 0/17] netfilter: nf_flow_table: refactoring, TCP state tracking, sending flows to slow path, Pablo Neira Ayuso
- [PATCH nft] src: allow to specify flowtable maximum size, Pablo Neira Ayuso
- [PATCH libnftnl] flowtable: allow to specify size, Pablo Neira Ayuso
- [PATCH nf-next] netfilter: nf_tables: set maximum flowtable size, Pablo Neira Ayuso
- [PATCH net] ipvs: remove IPS_NAT_MASK check to fix passive FTP,
Julian Anastasov
- [iptables PATCH] iptables: add xtables-compat.8 manpage,
Arturo Borrero Gonzalez
- [PATCH] src: Print error and exit for empty string,
Harsha Sharma
- [nft PATCH v3 2/3] examples: add ct helper examples,
Arturo Borrero Gonzalez
- [nft PATCH] meta: introduce datatype ifname_type,
Arturo Borrero Gonzalez
- [PATCH v2 0/6] netfilter: nf_flow_table: TCP state tracking and bumping of flows to slow path,
Felix Fietkau
- [PATCH 0/5] netfilter: nf_flow_table: TCP state tracking and bumping of flows to slow path,
Felix Fietkau
- [PATCH] xtables-compat-multi.c: Allow symlink of ebtables,
Duncan Roe
- [nft PATCH v2 1/3] nftables: rearrange files and examples,
Arturo Borrero Gonzalez
- [PATCH nf] netfilter: ipvs: flag ct as needing s/dnat in original direction,
Florian Westphal
- [PATCH nft] segtree: check for overlapping elements at insertion, Pablo Neira Ayuso
- [NFT PATCH 1/3] nftables: rearrange files and examples,
Arturo Borrero Gonzalez
- WARNING: ODEBUG bug in do_ipt_get_ctl,
syzbot
WARNING: ODEBUG bug in do_arpt_get_ctl,
syzbot
WARNING: ODEBUG bug in __queue_work,
syzbot
[PATCH 00/19] Netfilter fixes for net,
Pablo Neira Ayuso
- [PATCH 01/19] netfilter: x_tables: remove size check, Pablo Neira Ayuso
- [PATCH 19/19] netfilter: IDLETIMER: be syzkaller friendly, Pablo Neira Ayuso
- [PATCH 18/19] netfilter: xt_hashlimit: fix lock imbalance, Pablo Neira Ayuso
- [PATCH 16/19] netfilter: x_tables: fix missing timer initialization in xt_LED, Pablo Neira Ayuso
- [PATCH 17/19] netfilter: nat: cope with negative port range, Pablo Neira Ayuso
- [PATCH 14/19] netfilter: x_tables: use pr ratelimiting in all remaining spots, Pablo Neira Ayuso
- [PATCH 15/19] .gitignore: ignore ASN.1 auto generated files, Pablo Neira Ayuso
- [PATCH 13/19] netfilter: x_tables: use pr ratelimiting in matches/targets, Pablo Neira Ayuso
- [PATCH 08/19] netfilter: xt_CT: use pr ratelimiting, Pablo Neira Ayuso
- [PATCH 12/19] netfilter: x_tables: rate-limit table mismatch warnings, Pablo Neira Ayuso
- [PATCH 11/19] netfilter: bridge: use pr ratelimiting, Pablo Neira Ayuso
- [PATCH 10/19] netfilter: xt_set: use pr ratelimiting, Pablo Neira Ayuso
- [PATCH 09/19] netfilter: xt_NFQUEUE: use pr ratelimiting, Pablo Neira Ayuso
- [PATCH 06/19] netfilter: x_tables: remove pr_info where possible, Pablo Neira Ayuso
- [PATCH 03/19] netfilter: drop outermost socket lock in getsockopt(), Pablo Neira Ayuso
- [PATCH 07/19] netfilter: x_tables: use pr ratelimiting in xt core, Pablo Neira Ayuso
- [PATCH 05/19] netfilter: ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get(), Pablo Neira Ayuso
- [PATCH 04/19] netfilter: add back stackpointer size checks, Pablo Neira Ayuso
- [PATCH 02/19] netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation, Pablo Neira Ayuso
- Re: [PATCH 00/19] Netfilter fixes for net, David Miller
[PATCH 01/12] netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_*,
Felix Fietkau
- [PATCH 10/12] netfilter: nf_flow_table: move init code to nf_flow_table_core.c, Felix Fietkau
- [PATCH 08/12] netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table, Felix Fietkau
- [PATCH 02/12] netfilter: nf_flow_table: clean up flow_offload_alloc, Felix Fietkau
- [PATCH 09/12] netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable dependencies, Felix Fietkau
- [PATCH 07/12] netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu, Felix Fietkau
- [PATCH 06/12] netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table, Felix Fietkau
- [PATCH 03/12] ipv6: make ip6_dst_mtu_forward inline, Felix Fietkau
- [PATCH 11/12] netfilter: nf_flow_table: fix priv pointer for netdev hook, Felix Fietkau
- [PATCH 04/12] netfilter: nf_flow_table: cache mtu in struct flow_offload_tuple, Felix Fietkau
- [PATCH 05/12] netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.c, Felix Fietkau
- [PATCH 12/12] netfilter: nf_flow_table: track flow tables in nf_flow_table directly, Felix Fietkau
[PATCH RFC PoC 0/3] nftables meets bpf,
Pablo Neira Ayuso
[PATCH iptables] extensions: connmark: remove non-working translation,
Florian Westphal
[PATCH iptables] extensions: mark: prefer plain 'set' over 'set mark and',
Florian Westphal
[PATCH nf] netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt,
Florian Westphal
[PATCH nf] netfilter: ebtables: convert BUG_ONs to WARN_ONs,
Florian Westphal
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt,
syzbot
BUG: unable to handle kernel paging request in ebt_among_mt_check,
syzbot
WARNING in compat_copy_entries,
syzbot
[PATCH] doc/nft.xml: fix typo,
Duncan Roe
[PATCH nft v2] nftables: basic support for extended netlink errors,
Florian Westphal
[PATCH iptables] extenstions: ecn: add tcp ecn/cwr translation, Florian Westphal
[PATCH nft] nftables: basic support for extended netlink errors, Florian Westphal
[RFC 1/9] netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_*,
Felix Fietkau
[PATCH nf] netfilter: IDLETIMER: be syzkaller friendly,
Eric Dumazet
[PATCH] netfilter: increase IPSTATS_MIB_CSUMERRORS stat,
Taehee Yoo
[PATCH nf-next] net: netfilter: nf_tables_api: Use id allocation.,
Varsha Rao
[PATCH RFC 0/4] net: add bpfilter,
Daniel Borkmann
[PATCH nf 0/2] netfilter: ipt_CLUSTERIP: two more fixes,
Florian Westphal
[PATCH net] netfilter: unlock xt_table earlier in __do_replace,
Xin Long
[PATCH] inet: don't call skb_orphan if tproxy happens in layer 2,
Gregory Vander Schueren
[PATCH nft] src: bail out when exporting ruleset with unsupported output, Pablo Neira Ayuso
Userspace nft parser limitations / suggestions / help, Fran Fitzpatrick
[PATCH nft] payload: don't decode past last valid template,
Florian Westphal
[PATCH nf] netfilter: don't set F_IFACE on ipv6 fib lookups,
Florian Westphal
[PATCH libnftnl] set_elem: nftnl_set_elems_parse() returns 0 if set is empty, Pablo Neira Ayuso
[PATCH libnftnl] examples: nft-set-del: fix set deletion, Pablo Neira Ayuso
[PATCH nft] parser_bison: restore nft {import,export} ruleset,
Pablo Neira Ayuso
Overlapping IP networks no longer allowed?,
Mantas Mikulėnas
[PATCH nft] tests: add test case for sets updated from packet path,
Florian Westphal
[PATCH net v3] netfilter: nat: cope with negative port range,
Paolo Abeni
[PATCH nft 0/6] rework dependency removal (v2),
Pablo Neira Ayuso
[PATCH net v2] netfilter: nat: cope with negative port range,
Paolo Abeni
[PATCH net] netfilter: nat: cope with negative port range,
Paolo Abeni
short question for you, Peter Williams
[PATCH] netfilter: ipt_ah: return boolean instead of integer,
Gustavo A. R. Silva
[PATCH net v2] netfilter: x_tables: fix missing timer initialization in xt_LED,
Paolo Abeni
divide error in nf_nat_l4proto_unique_tuple,
syzbot
[PATCH net] netfilter: x_tables: fix missing timer initialization in xt_LED,
Paolo Abeni
general protection fault in ipt_do_table,
syzbot
kernel BUG at kernel/time/timer.c:LINE!,
syzbot
[PATCH v2] .gitignore: ignore ASN.1 auto generated files,
Zhu Lingshan
[PATCH] netfilter: nf_conntrack_broadcast: remove useless parameter,
Taehee Yoo
[PATCH] netfilter: xt_cluster: get rid of xt_cluster_ipv6_is_multicast,
Taehee Yoo
[PATCH] netfilter: nfnetlink_acct: remove useless parameter,
Taehee Yoo
[PATCH] .gitignore: ignore ANS.1 auto generated files,
Zhu Lingshan
Apply "netfilter: nf_queue: Make the queue_handler pernet" to 4.4-stable,
Eric Biggers
[PATCH v2 nf 0/9] netfilter: x_tables: use printk ratelimiting,
Florian Westphal
[PATCH] src: fix build with older glibc, Baruch Siach
[Patch net v2] ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get(),
Cong Wang
[PATCH net v2] netfilter: drop outermost socket lock in getsockopt(),
Paolo Abeni
[PATCH net] netfilter: on setsockopt() acquire sock lock only in the required scope,
Paolo Abeni
[Patch net] ipt_CLUSTERIP: fix a race condition of proc file creation,
Cong Wang
linux-next: Signed-off-by missing for commit in the netfilter tree,
Stephen Rothwell
netfilter: x_tables: ratelimit most printks,
Florian Westphal
[PATCH nf RFC] netfilter: x_tables: only allow jumps to user-defined chains,
Florian Westphal
[PATCH nf] netfilter: add back stackpointer size checks,
Florian Westphal
[PATCH] configure: Make missing docbook2man an error if man build requested,
Ville Skyttä
[PATCH] Spelling fixes,
Ville Skyttä
[PATCH] netfilter: nf_flow_offload: fix use-after-free and a resource leak,
Felix Fietkau
[PATCH] netfilter: remove useless prototype,
Taehee Yoo
[nf:master 1/9] arch/x86/tools/insn_decoder_test: warning: ffffffff817c07c3: 0f ff e9 ud0 %ecx,%ebp,
kbuild test robot
[PATCH RFC 0/4] Netlink bus descriptions,
Pablo Neira Ayuso
[nft PATCH] Enable automerge feature for anonymous sets,
Phil Sutter
[PATCH] extensions: add tests for comp match options,
Harsha Sharma
How to retrieve original source address with FTP/NAT/TPROXY,
Gregory Vander Schueren
WARNING: proc registration bug in clusterip_tg_check,
syzbot
Re: [Bug 1224] nft export json fails with successful return code,
Phil Sutter
CPU load on queued_spin_lock_slowpath,
Tugrul Erdogan
[nf:flow-offload-hw-v2 6/6] net/netfilter/nf_flow_table_inet.o:undefined reference to `nf_flow_table_init',
kbuild test robot
[PATCH nf 1/3] netfilter: nft_flow_offload: no need to flush entries on module removal,
Pablo Neira Ayuso
[Patch net v2] xt_RATEEST: acquire xt_rateest_mutex for hash insert,
Cong Wang
proc_dir_entry 'ipt_CLUSTERIP/172.20.0.170' already registered (was syzkallzer), Alexey Dobriyan
[PATCH 1/2] netfilter: nf_tables: fix flowtable free,
Felix Fietkau
IPv6 Parameter problem with no ICMPv6 response ?,
David McCullough
[ANNOUNCE] nftables 0.8.2 release, Pablo Neira Ayuso
[ANNOUNCE] iptables 1.6.2 release, Pablo Neira Ayuso
[PATCH nft] netlink_delinearize: add assertion to prevent infinite loop, Pablo Neira Ayuso
Resurrecting "does nftables support string match?", Rob Thomas
[PATCH libnftnl] examples: do not call nftnl_batch_is_supported(), Pablo Neira Ayuso
Re: possible deadlock in xt_find_target,
Florian Westphal
[PATCH nf 1/2] netfilter: nft_flow_offload: wait for garbage collector to run after cleanup,
Pablo Neira Ayuso
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1,
syzbot
[Patch net] xt_RATEEST: acquire xt_rateest_mutex for hash insert,
Cong Wang
[Patch net] xt_cgroup: initialize info->priv in cgroup_mt_check_v1(),
Cong Wang
[PATCH nf] netfilter: flowtable infrastructure depends on NETFILTER_INGRESS, Pablo Neira Ayuso
[PATCH nf-next] netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure,
Subash Abhinov Kasiviswanathan
[patch 1/1] net/netfilter/x_tables.c: make allocation less aggressive,
akpm
[PATCH net] netfilter: on sockopt() acquire sock lock only in the required scope,
Paolo Abeni
[PATCH] netfilter: fix out-of-bounds accesses in clusterip_tg_check(),
Dmitry Vyukov
[PATCH v2] extensions: libipt_DNAT: support shifted portmap ranges, Thierry Du Tre
[PATCH v4] netfilter : add NAT support for shifted portmap ranges,
Thierry Du Tre
Re: possible deadlock in xt_find_revision, Florian Westphal
Re: possible deadlock in xt_find_table_lock, Florian Westphal
[PATCH v2] src: parse new handle attribute for tables, Harsha Sharma
KASAN: use-after-free Write in xt_rateest_tg_checkentry, syzbot
KASAN: use-after-free Write in xt_rateest_put,
syzbot
[PATCH] netfilter: fix pointer leaks to userspace,
Dmitry Vyukov
Re: kernel panic: Out of memory and no killable processes... (2),
Tetsuo Handa
Re: possible deadlock in do_ip_getsockopt, Florian Westphal
INFO: trying to register non-static key in del_timer_sync,
syzbot
[PATCH net] netfilter: xt_recent: do not accept / in table name, Eric Dumazet
KASAN: slab-out-of-bounds Read in clusterip_tg_check,
syzbot
general protection fault in cgroup_mt_destroy_v1, syzbot
[PATCH net] netfilter: xt_hashlimit: do not allow empty names,
Eric Dumazet
general protection fault in ip6t_do_table,
syzbot
[PATCH iptables] policy: add nft translation for simple policy none/strict use case, Florian Westphal
[PATCH iptables] tests: xlate-test: no need to require superuser privileges, Florian Westphal
[Iptables PATCH] extensions: Rename 'flow table' keyword to meter,
shyam saini
[PATCH nft] doc: dup and fwd statements,
Florian Westphal
[PATCH nft] tests: build: Add enable man page option.,
Varsha Rao
[conntrack-tools PATCH v2] conntrackd.conf.5: fix sentence about systemd,
Arturo Borrero Gonzalez
[conntrack-tools PATCH] conntrackd.conf.5: fix typo, duplicated systemd word in the sentence, Arturo Borrero Gonzalez
[PATCH nf-next,RFC v4] netfilter: nf_flow_table: add hardware offload support,
Pablo Neira Ayuso
[PATCH net] netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_match(),
Eric Dumazet
[PATCH nft] update gitignore,
Pablo M. Bermudo Garay
[PATCH] doc/nft.xml: Add deletion for objects via handles, Harsha Sharma
[PATCH v2] tests: shell: fetch rule handle with '-a' option and then delete rule,
Harsha Sharma
[PATCH] netfilter: nf_tables: Add extra bits for object handles,
Harsha Sharma
[PATCH] tests: shell: fetch rule handle with '-a' option and then delete,
Harsha Sharma
[PATCH nft 1/6] src: support for flowtable listing,
Pablo Neira Ayuso
iptables-save - suggest patch to add functionality,
Alban Vidal
[PATCH libnftnl 1/2] src: add flowtable support,
Pablo Neira Ayuso
[PATCH] build: do install libipset/args.h,
Jan Engelhardt
question about UNDEFINE/REDEFINE,
David Fabian
[PATCH nft,RFC] src: add 'auto-merge' option to sets, Pablo Neira Ayuso
[nft PATCH] tests/shell: Add back named_interval_automerging_0,
Phil Sutter
[PATCH nft] Revert ("src: Remove xt_stmt_() functions")., Pablo Neira Ayuso
Error: interval overlaps with previous one (with previously valid configuration),
Jeff Kletsky
[nf-next:master 27/32] net/netfilter/nf_tables_api.c:4331:19: sparse: symbol 'nf_tables_obj_lookup_byhandle' was not declared. Should it be static?,
kbuild test robot
[PATCH 00/32] Netfilter/IPVS updates for net-next,
Pablo Neira Ayuso
- [PATCH 02/32] netfilter: nf_tables: remove flag field from struct nft_af_info, Pablo Neira Ayuso
- [PATCH 03/32] netfilter: nf_tables: no need for struct nft_af_info to enable/disable table, Pablo Neira Ayuso
- [PATCH 04/32] netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup(), Pablo Neira Ayuso
- [PATCH 01/32] netfilter: nf_tables: remove nhooks field from struct nft_af_info, Pablo Neira Ayuso
- [PATCH 05/32] netfilter: nf_tables: add single table list for all families, Pablo Neira Ayuso
- [PATCH 08/32] netfilter: x_tables: unbreak module auto loading, Pablo Neira Ayuso
- [PATCH 06/32] netfilter: nf_tables: get rid of pernet families, Pablo Neira Ayuso
- [PATCH 07/32] netfilter: nf_tables: get rid of struct nft_af_info abstraction, Pablo Neira Ayuso
- [PATCH 10/32] netfilter: core: make local function __nf_unregister_net_hook static, Pablo Neira Ayuso
- [PATCH 09/32] netfilter: nf_tables: fix a typo in nf_tables_getflowtable(), Pablo Neira Ayuso
- [PATCH 19/32] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460, Pablo Neira Ayuso
- [PATCH 21/32] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef, Pablo Neira Ayuso
- [PATCH 24/32] netfilter: nf_nat_snmp_basic: replace ctinfo with dir., Pablo Neira Ayuso
- [PATCH 17/32] netfilter: nf_tables: flow_offload depends on flow_table, Pablo Neira Ayuso
- [PATCH 20/32] netfilter: nf_defrag: mark xt_table structures 'const' again, Pablo Neira Ayuso
- [PATCH 18/32] netfilter: x_tables: don't return garbage pointer on modprobe failure, Pablo Neira Ayuso
- [PATCH 25/32] netfilter: nf_nat_snmp_basic: use nf_ct_helper_log, Pablo Neira Ayuso
- [PATCH 27/32] netfilter: nf_tables: allocate handle and delete objects via handle, Pablo Neira Ayuso
- [PATCH 16/32] netfilter: nf_defrag: Skip defrag if NOTRACK is set, Pablo Neira Ayuso
- [PATCH 28/32] netfilter: return booleans instead of integers, Pablo Neira Ayuso
- [PATCH 22/32] netfilter: nf_nat_snmp_basic: remove useless comment, Pablo Neira Ayuso
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
