Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- Re: [PATCH v2 0/9] Remove spin_unlock_wait(), (continued)
- [4.9.y,netfilter] please, cherry-pick 2638fd0f92d4,
Pablo Neira Ayuso
- [4.11.y,netfilter] please, cherry-pick 87e94dbc210a,
Pablo Neira Ayuso
- [RFC 0/2] nftables iptables nat co-existence patches,
Florian Westphal
- [nft crap] ct original ip saddr ... handling,
Florian Westphal
- [PATCH 01/17] rename struct ct to ct_helper, Florian Westphal
- [PATCH 02/17] src: prepare for future ct timeout policy support, Florian Westphal
- [PATCH 03/17] parser: use scanner tokens again for ct key handling, Florian Westphal
- [PATCH 04/17] parser: compact list of rhs keyword expressions, Florian Westphal
- [PATCH 05/17] bison: permit 'label' on rhs side of expression, Florian Westphal
- [PATCH 06/17] bison: permit keywords in list_stmt_expressions, Florian Westphal
- [PATCH 07/17] tests: ct: remove unsupported syntax, Florian Westphal
- [PATCH 08/17] src: add alternate syntax for ct saddr, Florian Westphal
- [PATCH 09/17] src: ct: store proto base of ct key, if any, Florian Westphal
- [PATCH 10/17] src: ct: add eval part to inject dependencies for ct saddr/daddr, Florian Westphal
- [PATCH 11/17] src: unifiy meta and ct postprocessing, Florian Westphal
- Re: [nft crap] ct original ip saddr ... handling, Pablo Neira Ayuso
- [PATCH] man: add include statement documentation.,
Ismo Puustinen
- [PATCH 1/2] scanner: support for wildcards in include statements.,
Ismo Puustinen
- [PATCH] netfilter: ip_tables: remove useless variable assignment in get_info(),
Gustavo A. R. Silva
- [PATCH] libnetfilter_queue: Add information about retrieving UID/GID/SECCTX fields,
Piotr Sawicki
- Bug on nfacct xml output, Marcelo S Mota
- [PATCH net-next] netfilter: conntrack: add a new NF_CT_EXT_EXPAND extension,
Lin Zhang
- Re: [netfilter-core] Heap overflow in xt_geoip.c,
Jan Engelhardt
- [PATCH nft] include: Remove __init macro definition., Varsha Rao
- [PATCH nft 1/2] src: add new generic context structure nft_ctx,
Pablo M. Bermudo Garay
- [PATCH 1/2] tests: shell: Add test for incomplete set add set command,
Shyam Saini
- [PATCH] bump version to 1.0.3,
Richard Weinberger
- [PATCH] nft: make raw payloads work,
Laurent Fasnacht
- [PATCH] tests: py: Fail test forcefully when bug is not fixed,
Shyam Saini
- [4.11.y netfilter] 4.11 iptables regression fix,
Florian Westphal
- [PATCH lnf-queue] src: prepare for new release,
Florian Westphal
- [PATCH nf-next] netfilter: nfnetlink: extended ACK reporting, Pablo Neira Ayuso
- [PATCH nft] evaluate: Better error reporting for bad set references, Pablo Neira Ayuso
- [PATCH nft] evaluate: merge nested set flags, Pablo Neira Ayuso
- [PATCH nf] netfilter: ebt_nflog: fix unexpected truncated packet,
Liping Zhang
- [NFQUEUE] lack of UID/GID fields in fragmented packets,
Piotr Sawicki
- [PATCH nft 0/4] restrict meta nfproto to inet family,
Florian Westphal
- [PATCHv3] tests: py: Add test for ambiguity while setting the value,
Shyam Saini
- [PATCH nft] src: error reporting for nested ruleset representation, Pablo Neira Ayuso
- [PATCH nft v3] src: Pass stateless, numeric, ip2name and handle variables as structure members.,
Varsha Rao
- [PATCH nft v2] src: Pass stateless, numeric, ip2name and handle variables as structure members.,
Varsha Rao
- [PATCH nft] src: Pass stateless, numeric, ip2name and handle variables as structure members.,
Varsha Rao
- [PATCH nf-next] netfilter: conntrack: use NFPROTO_MAX to size array,
Florian Westphal
- [PATCH nf-next] nf_tables: reduce chain type table size,
Florian Westphal
- using nft & iptables nat in parallel,
Florian Westphal
- [PATCH] netfilter: conntrack: fix clash resolution in nat,
Haishuang Yan
- [conntrack-tools PATCH v2] conntrackd: make the daemon run in RT mode by default,
Arturo Borrero Gonzalez
- [PATCHv2] tests: shell: Add test for ambguity while setting the value,
Shyam Saini
- [conntrack-tools PATCH v2] In order to prevent netlink buffer overrun, conntrackd is recommended to run,
Arturo Borrero Gonzalez
- [PATCH] tests: shell: Add test for ambguity while setting the value,
Shyam Saini
- [PATCH] netfilter: ctnetlink: move CTA_TIMEOUT case to outside,
Haishuang Yan
- nfqueue accepted packet is disappeared, Oleg
- [PATCH nft] netlink_delinearize: prefer ct event set foo,bar over 'set foo|bar',
Florian Westphal
- [PATCH] decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb,
Mateusz Jurczyk
- [PATCH] netfilter: nfnetlink: Improve input length sanitization in nfnetlink_rcv,
Mateusz Jurczyk
- [PATCH nft 1/2] doc: nft: describe -I override behaviour when path starts by ./ and /,
Pablo Neira Ayuso
- [PATCH nft 1/2] parser: allow ct eventmask set new,related,
Florian Westphal
- [PATCH 1/3] scanner: add files in include dirs in alphabetical order.,
Ismo Puustinen
- [PATCH v3 1/2] scanner: add support for include directories,
Ismo Puustinen
- [conntrack-tools PATCH 1/4] conntrackd: evaluate configuration earlier,
Arturo Borrero Gonzalez
- [PATCH] src: Remove expire information from list stateless ruleset.,
Varsha Rao
- [PATCH iptables 1/3] tests: xlate: generalize owner,
Pablo M. Bermudo Garay
- [PATCH V2] netfilter: Remove duplicated rcu_read_lock.,
Taehee Yoo
- [PATCH v2 1/2] scanner: add support for include directories,
Ismo Puustinen
- [PATCH nf-next RFC 0/5] netfilter: add net namespace support for cthelper,
Liping Zhang
- [PATCH nf] netfilter: nf_ct_dccp/sctp: fix memory leak after netns cleanup,
Liping Zhang
- [PATCH 1/1] iptables-xml: Fix segfault on jump without a target,
Oliver Ford
- [PATCH] netfilter, kbuild: use canonical method to specify objs.,
Jike Song
- [PATCH v2 nf-next] netfilter: ebt: Use new helper ebt_invalid_target to check target,
gfree . wind
- [PATCH nf-next] netfilter: ebt: Use ebt_invalid_target instead of INVALID_TARGET,
gfree . wind
- [PATCH] ipset: Fix ipset command replacement in runtest.sh,
Neutron Soutmun
- [PATCH nf-next] netns: add and use net_ns_barrier,
Florian Westphal
- [PATCH nf-next] netfilter: move table iteration out of netns exit paths,
Florian Westphal
- [PATCHv2] extensions: libxt_cluster: Add translation to nft,
Shyam Saini
- [PATCH nft] src: remove global nftnl_batch structure in mnl layer, Pablo Neira Ayuso
- [PATCH nft] meta: permit meta nfproto ip in ip family,
Florian Westphal
- [PATCH conntrack-tools] ipv6: remove use of HAVE_INET_PTON_IPV6,
Nicolas Dichtel
- [4.9.y,netfilter] please, cherry-pick da2f27e9e615,
Pablo Neira Ayuso
- [PATCH nf-next V2] netfilter: cttimeout: use nf_ct_iterate_cleanup_net to unlink timeout objs,
Liping Zhang
- [PATCH nf-next V2] netfilter: nf_ct_helper: use nf_ct_iterate_destroy to unlink helper objs,
Liping Zhang
- [PATCH nft 1/2] expression: don't trim off unary expression on delinearization,
Pablo Neira Ayuso
- [PATCH 1/1] iptables: Add file output option to iptables-save,
Oliver Ford
- [nft PATCH v2] evaluate: avoid reference to multiple src data in statements which set values,
Arturo Borrero Gonzalez
- NFQUEUE and TRPOXY, Pavel Vajarov
- [PATCH] Fix typo in documentation of nft,
Bertrand Bonnefoy-Claudet
- [PATCH nf-next 8/9,v2] netfilter: nft_set_hash: add non-resizable hashtable implementation,
Pablo Neira Ayuso
- [PATCHv2 net] netfilter: do not hold dev in ipt_CLUSTERIP, Xin Long
- [nft PATCH] evaluate: prevent using sets in payload statements,
Arturo Borrero Gonzalez
- [PATCH 1/1] extensions: libxt_cluster: Add translation to nft,
Shyam Saini
- [PATCH nft 1/3] rule: adjust set expression size accordingly with intervals,
Pablo Neira Ayuso
- [PATCH nf-next 0/9] nf_tables set updates,
Pablo Neira Ayuso
- [PATCH v3] extensions: libxt_hashlimit: fix uint64_t printf formats,
Alin Nastac
- [nft PATCH 0/4 RFC] Support IPv6 AH header matches,
Phil Sutter
- [PATCH nf] netfilter: nft_set_rbtree: handle re-addition element after deletion,
Pablo Neira Ayuso
- [PATCH nf] netfilter: nat: use atomic bit op to clear the _SRC_NAT_DONE_BIT,
Liping Zhang
- [PATCH nf-next 0/5] netfilter: conntrack: rework nf_ct_iterate, part 1.,
Florian Westphal
- [PATCH nf-next 0/3] netfilter: handle hash resize situation in nf_ct_iterate_cleanup,
Liping Zhang
- [PATCH nf] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize,
Liping Zhang
- [PATCH net] netfilter: do not hold dev in ipt_CLUSTERIP,
Xin Long
- [PATCH nft v3 0/7] switch l4 dependency to meta l4proto,
Florian Westphal
- [PATCH net-next 1/2] netfilter: resolve warnings about missing prototypes,
Stephen Hemminger
- [PATCH v5 1/1] iptables: Fix crash on malformed iptables-restore,
Oliver Ford
- [nft PATCH v3] List handles of added rules if requested,
Phil Sutter
- [PATCH v4 1/1] iptables: Fix crash on malformed iptables-restore, Oliver Ford
- [PATCH v3 1/1] iptables: Fix crash on malformed iptables-restore,
Oliver Ford
- [PATCH 00/12] Netfilter/IPVS fixes for net,
Pablo Neira Ayuso
- [PATCH 01/12] ipvs: SNAT packet replies only for NATed connections, Pablo Neira Ayuso
- [PATCH 10/12] netfilter: nf_tables: revisit chain/object refcounting from elements, Pablo Neira Ayuso
- [PATCH 12/12] netfilter: xtables: fix build failure from COMPAT_XT_ALIGN outside CONFIG_COMPAT, Pablo Neira Ayuso
- [PATCH 11/12] ebtables: arpreply: Add the standard target sanity check, Pablo Neira Ayuso
- [PATCH 03/12] netfilter: don't setup nat info for confirmed ct, Pablo Neira Ayuso
- [PATCH 09/12] netfilter: nf_tables: missing sanitization in data from userspace, Pablo Neira Ayuso
- [PATCH 05/12] netfilter: nfnl_cthelper: reject del request if helper obj is in use, Pablo Neira Ayuso
- [PATCH 08/12] netfilter: nf_tables: can't assume lock is acquired when dumping set elems, Pablo Neira Ayuso
- [PATCH 07/12] netfilter: synproxy: fix conntrackd interaction, Pablo Neira Ayuso
- [PATCH 04/12] netfilter: introduce nf_conntrack_helper_put helper function, Pablo Neira Ayuso
- [PATCH 02/12] netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch, Pablo Neira Ayuso
- [PATCH 06/12] netfilter: xtables: zero padding in data_to_user, Pablo Neira Ayuso
- Re: [PATCH 00/12] Netfilter/IPVS fixes for net, David Miller
- <Possible follow-ups>
- [PATCH 00/12] Netfilter/IPVS fixes for net, Pablo Neira Ayuso
- [PATCH 02/12] netfilter: xt_socket: Restore mark from full sockets only, Pablo Neira Ayuso
- [PATCH 12/12] netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1', Pablo Neira Ayuso
- [PATCH 11/12] netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook, Pablo Neira Ayuso
- [PATCH 10/12] netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user, Pablo Neira Ayuso
- [PATCH 08/12] netfilter: nf_tables: Release memory obtained by kasprintf, Pablo Neira Ayuso
- [PATCH 07/12] netfilter: ebtables: fix race condition in frame_filter_net_init(), Pablo Neira Ayuso
- [PATCH 05/12] netfilter: ipset: Fix race between dump and swap, Pablo Neira Ayuso
- [PATCH 09/12] netfilter: nf_tables: do not dump chain counters if not enabled, Pablo Neira Ayuso
- [PATCH 06/12] netfilter: nf_tables: fix update chain error, Pablo Neira Ayuso
- [PATCH 03/12] netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses, Pablo Neira Ayuso
- [PATCH 04/12] netfilter: ipset: pernet ops must be unregistered last, Pablo Neira Ayuso
- [PATCH 01/12] netfilter: ipvs: full-functionality option for ECN encapsulation in tunnel, Pablo Neira Ayuso
- Re: [PATCH 00/12] Netfilter/IPVS fixes for net, David Miller
- [PATCH 00/12] Netfilter/IPVS fixes for net, Pablo Neira Ayuso
- [PATCH 03/12] netfilter: ebtables: don't attempt to allocate 0-sized compat array, Pablo Neira Ayuso
- [PATCH 01/12] netfilter: nf_conntrack_sip: allow duplicate SDP expectations, Pablo Neira Ayuso
- [PATCH 07/12] netfilter: nf_tables: can't fail after linking rule into active rule list, Pablo Neira Ayuso
- [PATCH 08/12] netfilter: nf_tables: free set name in error path, Pablo Neira Ayuso
- [PATCH 06/12] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error, Pablo Neira Ayuso
- [PATCH 09/12] netfilter: conntrack: include kmemleak.h for kmemleak_not_leak(), Pablo Neira Ayuso
- [PATCH 04/12] netfilter: xt_connmark: Add bit mapping for bit-shift operation., Pablo Neira Ayuso
- [PATCH 10/12] netfilter: nf_tables: NAT chain and extensions require NF_TABLES, Pablo Neira Ayuso
- [PATCH 11/12] netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update, Pablo Neira Ayuso
- [PATCH 12/12] netfilter: xt_connmark: do not cast xt_connmark_tginfo1 to xt_connmark_tginfo2, Pablo Neira Ayuso
- [PATCH 02/12] ipvs: fix rtnl_lock lockups caused by start_sync_thread, Pablo Neira Ayuso
- [PATCH 05/12] netfilter: conntrack: silent a memory leak warning, Pablo Neira Ayuso
- Re: [PATCH 00/12] Netfilter/IPVS fixes for net, David Miller
- [PATCH] iptables: insist that the lock is held.,
Lorenzo Colitti
- [PATCH 0/6 RFC] Address NETFILTER_CFG issues,
Richard Guy Briggs
- [PATCH nf] netfilter: conntrack: fix false CRC32c mismatch using paged skb,
Davide Caratti
- [PATCH v2 1/1] iptables: Fix crash on malformed iptables-restore,
Oliver Ford
- <Possible follow-ups>
- Re: [PATCH v2 1/1] iptables: Fix crash on malformed iptables-restore, Oliver Ford
[PATCH v2] extensions: libxt_hashlimit: fix 64-bit printf formats,
Alin Nastac
[PATCH] extensions: libxt_hashlimit: fix 64-bit printf format,
Alin Nastac
[PATCH 1/1] iptables: Fix crash on malformed iptables-restore,
Oliver Ford
[PATCH nf] xtables: fix build failure from COMPAT_XT_ALIGN outside CONFIG_COMPAT,
Willem de Bruijn
[PATCH nf-next] netfilter: clusterip: switch to nf_register_net_hook,
Florian Westphal
linux-next: build failure after merge of the netfilter tree,
Stephen Rothwell
[PATCH nf v2] ebtables: arpreply: Add the standard target sanity check,
gfree . wind
[PATCH nf 1/2] netfilter: nf_tables: missing sanitization in data from userspace,
Pablo Neira Ayuso
[nft PATCH 0/2] monitor: Support printing processes which caused the event,
Phil Sutter
[nf-next PATCH] netfilter: nf_tables: Report transactions' process info to user space,
Phil Sutter
Re: [Bug 1145] nft 0.7: expression.c:966: range_expr_value_low: Assertion '0' failed.,
Florian Westphal
[PATCH xtables-addons] build: support for Linux 4.12,
Ralph Sennhauser
[PATCH nf] netfilter: nf_tables: can't assume lock is acquired when dumping set elems,
Liping Zhang
[PATCH nft] src: delete the old cache when dumping is interrupted,
Liping Zhang
[PATCH] netfilter: Remove duplicated rcu_read_lock.,
Taehee Yoo
[PATCH nf] ebtables: arpreply: Add the standard target sanity check,
gfree . wind
[PATCH] net: netfilter: netlink: delete extra spaces,
linzhang
[PATCH] netfilter: synproxy: fix conntrackd interaction,
Eric Leblond
RFC: Ideas about possible solutions for nfbz#949,
Phil Sutter
[nft PATCH RFC] monitor: Support printing processes which caused the event,
Phil Sutter
[PATCH nf] xtables: zero padding in data_to_user,
Willem de Bruijn
[PATCH nft 00/10] switch l4 dependency to meta l4proto,
Florian Westphal
- [PATCH nft 01/10] src: allow update of net base w. meta l4proto icmpv6, Florian Westphal
- [PATCH nft 05/10] tests: meta: add icmpv6 test case, Florian Westphal
- [PATCH nft 06/10] netlink_delinearize: reject: remove dependency for tcp-resets, Florian Westphal
- [PATCH nft 02/10] src: ipv6: switch implicit dependencies to meta l4proto, Florian Westphal
- [PATCH nft 07/10] tests: add ip reject with tcp and check for mark too, Florian Westphal
- [PATCH nft 03/10] src: treat ip6 nexthdr as a protocol, Florian Westphal
- [PATCH nft 08/10] src: add a comment wrt. reject dependency insertion, Florian Westphal
- [PATCH nft 10/10] tests: fix up meta l4proto change for ip family, Florian Westphal
- [PATCH nft 09/10] src: ip: switch implicit dependencies to meta l4proto too, Florian Westphal
- [PATCH nft 04/10] tests: fix up meta l4proto change for ip6 family, Florian Westphal
[PATCH nft] netlink_delink_delinearize: don't store dependency unless relop checks is eq check,
Florian Westphal
[conntrack-tools PATCH 1/2] conntrackd: consolidate more code to use resync_send(),
Arturo Borrero Gonzalez
Changing destination ip and port of TEE'ed udp,
Sergey Yermakov
[GIT PULL 0/1] IPVS Fixes for v4.12,
Simon Horman
[PATCH nft] netlink_delinearize: don't kill dependencies accross statements,
Florian Westphal
.config for iptables icmp rule delete failure,
Richard Guy Briggs
[PATCH nf V2 0/2] netfilter: reject cthelper del request if it is in use,
Liping Zhang
How to reinject a packet (skb) at some later point in time,
Pavel Vajarov
[PATCH nf] netfilter: don't setup nat info for confirmed ct,
Liping Zhang
[nft PATCH v2] List handles of added rules if requested,
Phil Sutter
[PATCH 1/1] libxtables: Display weird character warning for wildcards,
Oliver Ford
[PATCH nf v6 1/3] netfilter: helper: Rename struct nf_ct_helper_expectfn to nf_ct_nat_helper,
gfree . wind
[PATCH nft] parser: allow listing sets in one table,
Florian Westphal
[nft PATCH] List handles of added rules if requested,
Phil Sutter
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
