Linux Netfilter / IP Tables Devel

Date Index

[Prev Page][Next Page]

Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free, (continued)
- Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free, Jozsef Kadlecsik
[PATCH nft] expression: missing line in describe command with invalid expression, Pablo Neira Ayuso
[PATCH v2 nf-next 0/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
- [PATCH v2 nf-next 1/4] netfilter: nft_set_pipapo: constify lookup fn args where possible, Florian Westphal
- [PATCH v2 nf-next 2/4] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Florian Westphal
  - Re: [PATCH v2 nf-next 2/4] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Florian Westphal
- [PATCH v2 nf-next 3/4] netfilter: nft_set_pipapo: shrink data structures, Florian Westphal
- [PATCH v2 nf-next 4/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
- Re: [PATCH v2 nf-next 0/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Stefano Brivio
[ANNOUNCE] ipset 7.21 released, Jozsef Kadlecsik
[PATCH nf-next 0/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
- [PATCH nf-next 2/4] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Florian Westphal
  - Re: [PATCH nf-next 2/4] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Stefano Brivio
    - Re: [PATCH nf-next 2/4] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Florian Westphal
- [PATCH nf-next 1/4] netfilter: nft_set_pipapo: constify lookup fn args where possible, Florian Westphal
  - Re: [PATCH nf-next 1/4] netfilter: nft_set_pipapo: constify lookup fn args where possible, Stefano Brivio
- [PATCH nf-next 3/4] netfilter: nft_set_pipapo: shrink data structures, Florian Westphal
  - Re: [PATCH nf-next 3/4] netfilter: nft_set_pipapo: shrink data structures, Stefano Brivio
- [PATCH nf-next 4/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
  - Re: [PATCH nf-next 4/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Stefano Brivio
    - Re: [PATCH nf-next 4/4] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
[PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Ignat Korchagin
- Re: [PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Pablo Neira Ayuso
  - Re: [PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Ignat Korchagin
    - Re: [PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Jordan Griege
- Re: [PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Pablo Neira Ayuso
[PATCH 1/1] tests: use common shebang in "packetpath/flowtables" test, Thomas Haller
- Re: [PATCH 1/1] tests: use common shebang in "packetpath/flowtables" test, Phil Sutter
[PATCH 1/1] tests/shell: no longer support unprettified ".json-nft" files, Thomas Haller
- Re: [PATCH 1/1] tests/shell: no longer support unprettified ".json-nft" files, Phil Sutter
[syzbot] Monthly netfilter report (Feb 2024), syzbot
[netfilter-nf:testing 5/13] net/netfilter/ipset/ip_set_hash_gen.h:435:19: sparse: sparse: incorrect type in assignment (different address spaces), kernel test robot
[PATCH v3] netfilter: nat: restore default DNAT behavior, Kyle Swenson
[netfilter-nf:testing 8/13] net/netfilter/nft_set_pipapo.c:518: warning: Function parameter or struct member 'tstamp' not described in 'pipapo_get', kernel test robot
[nft PATCH] cache: Always set NFT_CACHE_TERSE for list cmd with --terse, Phil Sutter
- Re: [nft PATCH] cache: Always set NFT_CACHE_TERSE for list cmd with --terse, Phil Sutter
[PATCH,v2 nft 1/2] evaluate: skip byteorder conversion for selector smaller than 2 bytes, Pablo Neira Ayuso
- [PATCH nft 2/2] netlink_linearize: add assertion to catch for buggy byteorder, Pablo Neira Ayuso
[nft PATCH] cache: Reduce caching when terse listing a table, Phil Sutter
[PATCH nft] evaluate: skip byteorder conversion for selector smaller than 2 bytes, Pablo Neira Ayuso
[PATCH net 00/13] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
- [PATCH net 02/13] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
- [PATCH net 04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
  - Re: [PATCH net 04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Paolo Abeni
- [PATCH net 03/13] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
- [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Pablo Neira Ayuso
  - Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Thorsten Leemhuis
    - Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Paolo Abeni
      - Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Pablo Neira Ayuso
  - Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Paolo Abeni
    - Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Jozsef Kadlecsik
- [PATCH net 07/13] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
- [PATCH net 06/13] netfilter: ctnetlink: fix filtering for zone 0, Pablo Neira Ayuso
- [PATCH net 08/13] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
  - Re: [PATCH net 08/13] netfilter: nf_tables: use timestamp to check for set element timeout, Paolo Abeni
- [PATCH net 10/13] netfilter: nft_set_rbtree: skip end interval element from gc, Pablo Neira Ayuso
- [PATCH net 09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT, Pablo Neira Ayuso
- [PATCH net 12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Pablo Neira Ayuso
- [PATCH net 11/13] netfilter: nft_set_pipapo: store index in scratch maps, Pablo Neira Ayuso
  - Re: [PATCH net 11/13] netfilter: nft_set_pipapo: store index in scratch maps, Paolo Abeni
- [PATCH net 13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Pablo Neira Ayuso
  - Re: [PATCH net 13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Paolo Abeni
[PATCH AUTOSEL 5.4 6/7] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH AUTOSEL 5.10 09/16] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH AUTOSEL 5.15 12/23] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH AUTOSEL 6.1 15/29] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH AUTOSEL 6.6 21/38] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH AUTOSEL 6.7 23/44] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
[PATCH nf v2 0/3] netfilter: nft_set_pipapo: nft_set_pipapo: map_index must be per set, Florian Westphal
- [PATCH nf v2 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Florian Westphal
- [PATCH nf v2 2/3] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Florian Westphal
- [PATCH nf v2 3/3] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Florian Westphal
[nft PATCH] cache: Optimize caching for 'list tables' command, Phil Sutter
- Re: [nft PATCH] cache: Optimize caching for 'list tables' command, Phil Sutter
[nft PATCH v3] evaluate: fix check for unknown in cmd_op_to_name, 谢致邦 (XIE Zhibang)
- Re: [nft PATCH v3] evaluate: fix check for unknown in cmd_op_to_name, Phil Sutter
[PATCH conntrack] conntrack: don't print [USERSPACE] information in case of XML output, Ignacy Gawędzki
- Re: [PATCH conntrack] conntrack: don't print [USERSPACE] information in case of XML output, Florian Westphal
[nft PATCH v2] evaluate: fix check for unknown in cmd_op_to_name, 谢致邦 (XIE Zhibang)
- Re: [nft PATCH v2] evaluate: fix check for unknown in cmd_op_to_name, Phil Sutter
[PATCH nf] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
0x18: Dates And Location for upcoming conference, Jamal Hadi Salim
[PATCH] Makefile.am: don't silence -Wimplicit-function-declaration, Sam James
- Re: [PATCH] Makefile.am: don't silence -Wimplicit-function-declaration, Phil Sutter
[PATCH nf] netfilter: nfnetlink_queue: un-break NF_REPEAT, Florian Westphal
[PATCH nf-next] netfilter: xtables: fix up kconfig dependencies, Florian Westphal
- Re: [PATCH nf-next] netfilter: xtables: fix up kconfig dependencies, Randy Dunlap
[PATCH nf 0/3] netfilter: nft_set_pipapo: map_index must be per set, Florian Westphal
- [PATCH nf 2/3] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Florian Westphal
  - Re: [PATCH nf 2/3] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Stefano Brivio
- [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Florian Westphal
  - Re: [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Stefano Brivio
    - Re: [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Florian Westphal
      - Re: [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Stefano Brivio
        
        Re: [PATCH nf 1/3] netfilter: nft_set_pipapo: store index in scratch maps, Florian Westphal
- [PATCH nf 3/3] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Florian Westphal
  - Re: [PATCH nf 3/3] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Stefano Brivio
[PATCH] evaluate: fix check for unknown in cmd_op_to_name, 谢致邦 (XIE Zhibang)
[syzbot] [netfilter?] WARNING: suspicious RCU usage in hash_netportnet6_destroy, syzbot
- Re: [syzbot] [netfilter?] WARNING: suspicious RCU usage in hash_netportnet6_destroy, syzbot
[PATCH] ipvs: generic netlink multicast event group, Terin Stock
- Re: [PATCH] ipvs: generic netlink multicast event group, Julian Anastasov
  - Re: [PATCH] ipvs: generic netlink multicast event group, Pablo Neira Ayuso
    - Re: [PATCH] ipvs: generic netlink multicast event group, Julian Anastasov
      - Re: [PATCH] ipvs: generic netlink multicast event group, Terin Stock
[PATCH nf] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
[PATCH net] net: ctnetlink: fix filtering for zone 0, Felix Huettner
[PATCH v4.19.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(), Ajay Kaher
- [PATCH v5.4.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(), Ajay Kaher
  - Re: [PATCH v5.4.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(), Greg KH
iptables: considers incomplete rule in -C and finds an erroneous match, Roman Mamedov
- Re: iptables: considers incomplete rule in -C and finds an erroneous match, Roman Mamedov
- Re: iptables: considers incomplete rule in -C and finds an erroneous match, Phil Sutter
[PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed, Jozsef Kadlecsik
- Re: [PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed, Linux regression tracking (Thorsten Leemhuis)
[iptables PATCH 00/12] Range value related fixes/improvements, Phil Sutter
- [iptables PATCH 11/12] extensions: tcp/udp: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 09/12] extensions: ipcomp: Save inverted full ranges, Phil Sutter
- [iptables PATCH 12/12] libxtables: xtoptions: Respect min/max values when completing ranges, Phil Sutter
- [iptables PATCH 06/12] extensions: mh: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 07/12] extensions: rt: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 01/12] extensions: *.t/*.txlate: Test range corner-cases, Phil Sutter
- [iptables PATCH 03/12] libxtables: Reject negative port ranges, Phil Sutter
- [iptables PATCH 05/12] extensions: frag: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 04/12] extensions: ah: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 10/12] nft: Do not omit full ranges if inverted, Phil Sutter
- [iptables PATCH 02/12] libxtables: xtoptions: Assert ranges are monotonic increasing, Phil Sutter
- [iptables PATCH 08/12] extensions: esp: Save/xlate inverted full ranges, Phil Sutter
- Re: [iptables PATCH 00/12] Range value related fixes/improvements, Phil Sutter
[syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy, syzbot
- Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy, syzbot
- Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy, syzbot
[PATCH nf] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_byteorder: length must be multiple of size, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
[PATCH v5.10.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(), Ajay Kaher
[iptables PATCH 0/7] A number of ASAN-identified fixes, Phil Sutter
- [iptables PATCH 3/7] libxtables: Fix memleak of matches' udata, Phil Sutter
- [iptables PATCH 6/7] xshared: Introduce xtables_clear_args(), Phil Sutter
- [iptables PATCH 1/7] tests: iptables-test: Increase non-fast mode strictness, Phil Sutter
- [iptables PATCH 7/7] ebtables: Fix for memleak with change counters command, Phil Sutter
- [iptables PATCH 5/7] xshared: Fix for memleak in option merging with ebtables, Phil Sutter
- [iptables PATCH 2/7] nft: ruleparse: Add missing braces around ternary, Phil Sutter
- [iptables PATCH 4/7] xtables-eb: Eliminate 'opts' define, Phil Sutter
- Re: [iptables PATCH 0/7] A number of ASAN-identified fixes, Phil Sutter
[nft PATCH] json: Support sets' auto-merge option, Phil Sutter
- Re: [nft PATCH] json: Support sets' auto-merge option, Phil Sutter
- Re: [nft PATCH] json: Support sets' auto-merge option, Phil Sutter
[ANNOUNCE] ipset 7.20 released, Jozsef Kadlecsik
Re: linux-next: Tree for Jan 30 (netfilter, xtables), Randy Dunlap
- Re: linux-next: Tree for Jan 30 (netfilter, xtables), Florian Westphal
[PATCH nf,v2] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations, Pablo Neira Ayuso
[RFC PATCH v2 0/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
- [RFC PATCH v2 1/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
  - Re: [RFC PATCH v2 1/1] netfilter: nat: restore default DNAT behavior, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nft_osf: simplify init path, Pablo Neira Ayuso
[PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function, Pablo Neira Ayuso
- [PATCH nf-next 2/2] netfilter: nf_log: validate nf_logger_find_get(), Pablo Neira Ayuso
[PATCH nf] netfilter: nft_ct: bail out if helper is not found for NFPROTO_{IPV4,IPV6}, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nft_ct: bail out if helper is not found for NFPROTO_{IPV4,IPV6}, Pablo Neira Ayuso
[PATCH nf-next 0/9] netfilter updates for -next, Florian Westphal
- [PATCH nf-next 3/9] netfilter: nf_tables: Implement table adoption support, Florian Westphal
- [PATCH nf-next 4/9] netfilter: nf_tables: pass flags to set backend selection routine, Florian Westphal
- [PATCH nf-next 1/9] netfilter: uapi: Document NFT_TABLE_F_OWNER flag, Florian Westphal
  - Re: [PATCH nf-next 1/9] netfilter: uapi: Document NFT_TABLE_F_OWNER flag, patchwork-bot+netdevbpf
- [PATCH nf-next 2/9] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Florian Westphal
- [PATCH nf-next 6/9] ipvs: Simplify the allocation of ip_vs_conn slab caches, Florian Westphal
- [PATCH nf-next 5/9] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create(), Florian Westphal
- [PATCH nf-next 7/9] netfilter: arptables: allow xtables-nft only builds, Florian Westphal
- [PATCH nf-next 8/9] netfilter: xtables: allow xtables-nft only builds, Florian Westphal
- [PATCH nf-next 9/9] netfilter: ebtables: allow xtables-nft only builds, Florian Westphal
- Re: [PATCH nf-next 0/9] netfilter updates for -next, Jakub Kicinski
  - Re: [PATCH nf-next 0/9] netfilter updates for -next, Pablo Neira Ayuso
  - Re: [PATCH nf-next 0/9] netfilter updates for -next, Florian Westphal
[PATCH nft] datatype: display 0s time datatype, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger, Pablo Neira Ayuso
[PATCH nf] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations, Pablo Neira Ayuso
[PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
- [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
  - Re: [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Benjamin Tissoires
  - Re: [PATCH bpf-next v4 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, kernel test robot
- Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
- Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, patchwork-bot+netdevbpf
- Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Manu Bretelle
  - Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
  - Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
    - Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Manu Bretelle
      - Re: [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section, Viktor Malik
[RFC PATCH 0/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
- [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
  - Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior, Florian Westphal
    - Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
      - Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior, Florian Westphal
        
        Re: [RFC PATCH 1/1] netfilter: nat: restore default DNAT behavior, Kyle Swenson
[PATCH nf] netfilter: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Xin Long
- Re: [PATCH nf] netfilter: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Florian Westphal
[PATCH nf,v3] netfilter: nf_tables: validate NFPROTO_* family, Pablo Neira Ayuso
[PATCH nf,v2] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family, Pablo Neira Ayuso
Re: [ANN] net-next is OPEN, Jakub Kicinski
- Re: [ANN] net-next is OPEN, Matthieu Baerts
  - Re: [ANN] net-next is OPEN, Jakub Kicinski
  - Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
    - Re: [netfilter-core] [ANN] net-next is OPEN, Matthieu Baerts
      - Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Matthieu Baerts
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Matthieu Baerts
- Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
  - Re: [netfilter-core] [ANN] net-next is OPEN, Jakub Kicinski
    - Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
      - Re: [netfilter-core] [ANN] net-next is OPEN, Jakub Kicinski
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Jakub Kicinski
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Florian Westphal
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Jakub Kicinski
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Pablo Neira Ayuso
        
        Re: [netfilter-core] [ANN] net-next is OPEN, Jakub Kicinski
[PATCH nf-next 1/2] netfilter: xtables: add _LEGACY kconfig symbol, Florian Westphal
- [PATCH nf-next 2/2] netfilter: ebtables: add _LEGACY kconfig symbol, Florian Westphal
[PATCH nf-next] netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_expect_init, Kunwu Chan
[PATCH iptables] extensions: libebt_stp: fix range checking, Florian Westphal
- Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Phil Sutter
  - Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Florian Westphal
    - Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Phil Sutter
      - Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Florian Westphal
        
        Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Phil Sutter
        
        Re: [PATCH iptables] extensions: libebt_stp: fix range checking, Phil Sutter
[PATCH nf] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family, Pablo Neira Ayuso
- Re: [PATCH nf] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family, Florian Westphal
[PATCH nf-next] netfilter: arptables: allow arptables-nft only builds, Florian Westphal
- Re: [PATCH nf-next] netfilter: arptables: allow arptables-nft only builds, Phil Sutter
[PATCH] netfilter: nf_tables: Add a null pointer check in two functions, Markus Elfring
- Re: [PATCH] netfilter: nf_tables: Add a null pointer check in two functions, Phil Sutter
  - Re: netfilter: nf_tables: Add a null pointer check in two functions, Markus Elfring
- Re: [PATCH] netfilter: nf_tables: Add a null pointer check in two functions, Simon Horman
[iptables PATCH] iptables: Add missing error codes, Jacek Tomasiak
- Re: [iptables PATCH] iptables: Add missing error codes, Phil Sutter
  - Re: [iptables PATCH] iptables: Add missing error codes, Jacek Tomasiak
    - Re: [iptables PATCH] iptables: Add missing error codes, Phil Sutter
[PATCH nf-next] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create(), Kunwu Chan
- Re: [PATCH nf-next] netfilter: nf_conncount: Use KMEM_CACHE() instead of kmem_cache_create(), Markus Elfring
[PATCH 64/82] netfilter: Refactor intentional wrap-around test, Kees Cook
- Re: [PATCH 64/82] netfilter: Refactor intentional wrap-around test, Florian Westphal
[PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")., yiche
- Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")., Pablo Neira Ayuso
  - Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")., Florian Westphal
    - Message not available
      - Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")., Yi Chen
        
        Re: [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")., Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: reject QUEUE/DROP verdict parameters, Florian Westphal
PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling, Schaefer, Ryan
- Re: PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling, Schaefer, Ryan
- Re: PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling, Florian Westphal
- [PATCH] netfilter: conntrack: correct window scaling with retransmitted SYN, Ryan Schaefer
[PATCH nft 0/2] fix host-endian constant values in set lookup keys, Florian Westphal
- [PATCH nft 1/2] netlink_delinearize: move concat and value postprocessing to helpers, Florian Westphal
- [PATCH nft 2/2] evaluate: permit use of host-endian constant values in set lookup keys, Florian Westphal
[PATCH nf] netfilter: nf_tables: restrict anonymous set and map names to 16 bytes, Florian Westphal
[PATCH nf] netfilter: nft_limit: reject configurations that cause integer overflow, Florian Westphal
[PATCH nf] netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain, Pablo Neira Ayuso
[PATCH net,v2 00/13] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 02/13] netfilter: nf_tables: validate .maxattr at expression registration, Pablo Neira Ayuso
- [PATCH net 01/13] netfilter: nf_tables: reject invalid set policy, Pablo Neira Ayuso
  - Re: [PATCH net 01/13] netfilter: nf_tables: reject invalid set policy, patchwork-bot+netdevbpf
- [PATCH net 03/13] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
- [PATCH net 04/13] netfilter: nft_limit: do not ignore unsupported flags, Pablo Neira Ayuso
- [PATCH net 05/13] netfilter: nfnetlink_log: use proper helper for fetching physinif, Pablo Neira Ayuso
- [PATCH net 09/13] netfilter: nf_tables: check if catch-all set element is active in next generation, Pablo Neira Ayuso
- [PATCH net 07/13] netfilter: propagate net to nf_bridge_get_physindev, Pablo Neira Ayuso
- [PATCH net 11/13] netfilter: nf_tables: skip dead set elements in netlink dump, Pablo Neira Ayuso
- [PATCH net 10/13] netfilter: nf_tables: do not allow mismatch field size and set key length, Pablo Neira Ayuso
- [PATCH net 08/13] netfilter: bridge: replace physindev with physinif in nf_bridge_info, Pablo Neira Ayuso
- [PATCH net 12/13] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description, Pablo Neira Ayuso
- [PATCH net 06/13] netfilter: nf_queue: remove excess nf_bridge variable, Pablo Neira Ayuso
- [PATCH net 13/13] ipvs: avoid stat macros calls from preemptible context, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net,v2 00/13] Netfilter fixes for net, Pablo Neira Ayuso
  - [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
    - Re: [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, patchwork-bot+netdevbpf
      - Re: [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Paolo Abeni
  - [PATCH net 03/13] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
  - [PATCH net 04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
  - [PATCH net 02/13] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
  - [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Pablo Neira Ayuso
  - [PATCH net 07/13] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
  - [PATCH net 06/13] netfilter: ctnetlink: fix filtering for zone 0, Pablo Neira Ayuso
  - [PATCH net 09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT, Pablo Neira Ayuso
  - [PATCH net 10/13] netfilter: nft_set_rbtree: skip end interval element from gc, Pablo Neira Ayuso
  - [PATCH net 08/13] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
  - [PATCH net 11/13] netfilter: nft_set_pipapo: store index in scratch maps, Pablo Neira Ayuso
  - [PATCH net 12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Pablo Neira Ayuso
  - [PATCH net 13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Pablo Neira Ayuso
[PATCH nft] tests: py: remove huge-limit test cases, Florian Westphal
[syzbot] [netfilter?] WARNING in nf_hook_entry_head, syzbot
[PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Kunwu Chan
- Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Denis Kirjanov
- Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Simon Horman
  - Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Kunwu Chan
    - Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Simon Horman
      - Re: [PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches, Kunwu Chan
[PATCH 0/1] ipset performance regression in swap fix, Jozsef Kadlecsik
- [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation, Jozsef Kadlecsik
  - Re: [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH 0/1] ipset performance regression in swap fix, Jozsef Kadlecsik
  - [PATCH 1/1] netfilter: ipset: fix performance regression in swap operation, Jozsef Kadlecsik
[PATCH nft] evaluate: don't assert on net/transport header conflict, Florian Westphal
[PATCH net] net: ipvs: avoid stat macros calls from preemptible context, Fedor Pchelkin
- Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context, Julian Anastasov
- Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context, Simon Horman
- Re: [PATCH net] net: ipvs: avoid stat macros calls from preemptible context, Pablo Neira Ayuso
[PATCH nft] rule: fix sym refcount assertion, Florian Westphal
[PATCH nft] evaluate: error out when store needs more than one 128bit register of align fixup, Florian Westphal
[PATCH nf] netfilter: nf_tables: skip dead set elements in netlink dump, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: do not allow mismatch field size and set key length, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: check if catch-all set element is active in next generation, Pablo Neira Ayuso
[PATCH libnftnl,v3] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}, Pablo Neira Ayuso
[PATCH nft] rule: do not crash if to-be-printed flowtable lacks priority, Florian Westphal
[PATCH 1/2] parser: reject raw payload expressions with 0 length, Florian Westphal
[PATCH nft v3] src: do not merge a set with a erroneous one, Florian Westphal
- Re: [PATCH nft v3] src: do not merge a set with a erroneous one, Pablo Neira Ayuso
[PATCH libnftnl] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH libnftnl] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}, Pablo Neira Ayuso
[PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter, Pablo Neira Ayuso
- Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter, Phil Sutter
  - Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter, Pablo Neira Ayuso
    - Re: [PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter, Phil Sutter
[PATCH nft 0/2] memleak fixes for tests/shell/testcases/bogons/nft-f/, Pablo Neira Ayuso
- [PATCH nft 1/2] evaluate: release key expression in error path of implicit map with unknown datatype, Pablo Neira Ayuso
- [PATCH nft 2/2] evaluate: release mpz type in expr_evaluate_list() error path, Pablo Neira Ayuso
[PATCH nft,v2] evaluate: bail out if anonymous concat set defines a non concat expression, Pablo Neira Ayuso
[PATCH nft 0/2] evaluate: add more checks for '... set 1-3', Florian Westphal
- [PATCH nft 1/2] evaluate: tproxy: move range error checks after arg evaluation, Florian Westphal
- [PATCH nft v2 2/2] evaluate: add missing range checks for dup,fwd and payload statements, Florian Westphal
[PATCH nft] evaluate: error out when expression has no datatype, Florian Westphal
[PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free, Pavel Tikhomirov
- [PATCH v3 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif, Pavel Tikhomirov
  - Re: [PATCH v3 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif, Simon Horman
- [PATCH v3 2/4] netfilter: nf_queue: remove excess nf_bridge variable, Pavel Tikhomirov
  - Re: [PATCH v3 2/4] netfilter: nf_queue: remove excess nf_bridge variable, Simon Horman
- [PATCH v3 3/4] netfilter: propagate net to nf_bridge_get_physindev, Pavel Tikhomirov
  - Re: [PATCH v3 3/4] netfilter: propagate net to nf_bridge_get_physindev, Simon Horman
- [PATCH v3 4/4] netfilter: bridge: replace physindev with physinif in nf_bridge_info, Pavel Tikhomirov
- Re: [PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free, Pablo Neira Ayuso
  - Re: [PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free, Florian Westphal
[PATCH nft] evaluate: disable ct set with ranges, Florian Westphal
- Re: [PATCH nft] evaluate: disable ct set with ranges, Florian Westphal
  - Re: [PATCH nft] evaluate: disable ct set with ranges, Pablo Neira Ayuso
[PATCH nft] payload: only assert if l2 header base has no length, Florian Westphal
[iptables PATCH v2 0/3] iptables-save: Avoid /etc/protocols lookups, Phil Sutter
- [iptables PATCH v2 3/3] iptables-save: Avoid /etc/protocols lookups, Phil Sutter
- [iptables PATCH v2 2/3] libxtables: Add dccp and ipcomp to xtables_chain_protos, Phil Sutter
- [iptables PATCH v2 1/3] Revert "xshared: Print protocol numbers if --numeric was given", Phil Sutter
- Re: [iptables PATCH v2 0/3] iptables-save: Avoid /etc/protocols lookups, Phil Sutter
[PATCH nft 0/4] assorted fixes, Pablo Neira Ayuso
- [PATCH nft 2/4] evaluate: do not fetch next expression on runaway number of concatenation components, Pablo Neira Ayuso
- [PATCH nft 1/4] evaluate: skip anonymous set optimization for concatenations, Pablo Neira Ayuso
- [PATCH nft 3/4] evaluate: bail out if anonymous concat set defines a non concat expression, Pablo Neira Ayuso
- [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width", Pablo Neira Ayuso
  - Re: [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width", Florian Westphal
    - Re: [PATCH nft 4/4] Revert "datatype: do not assert when value exceeds expected width", Pablo Neira Ayuso
[iptables PATCH 1/2] Revert "xshared: Print protocol numbers if --numeric was given", Phil Sutter
- [iptables PATCH 2/2] iptables-save: Avoid /etc/protocols lookups, Phil Sutter
Re: Performance regression in ip_set_swap on 6.1.69, David Wang
- Re: Performance regression in ip_set_swap on 6.1.69, Jozsef Kadlecsik
  - Re: Performance regression in ip_set_swap on 6.1.69, David Wang
    - Re: Performance regression in ip_set_swap on 6.1.69, David Wang
    - Re: Performance regression in ip_set_swap on 6.1.69, Jozsef Kadlecsik
      - Re: Performance regression in ip_set_swap on 6.1.69, Jozsef Kadlecsik
        
        Re:Re: Performance regression in ip_set_swap on 6.1.69, David Wang
        
        Re:Re: Performance regression in ip_set_swap on 6.1.69, Jozsef Kadlecsik
        
        Re:Performance regression in ip_set_swap on 6.7.0, David Wang
        
        Re:Performance regression in ip_set_swap on 6.7.0, Jozsef Kadlecsik
        
        Re:Performance regression in ip_set_swap on 6.7.0, David Wang
        
        Re: Performance regression in ip_set_swap on 6.7.0, Ale Crismani
        
        Re: Performance regression in ip_set_swap on 6.7.0, Ale Crismani
        
        Re: Performance regression in ip_set_swap on 6.7.0, Jozsef Kadlecsik
[PATCH v2 nft 0/3] set related parser fixes, Florian Westphal
- [PATCH v2 nft 1/3] intervals: allow low-level interval code to return errors, Florian Westphal
- [PATCH v2 nft 2/3] src: do not merge a set with a erroneous one, Florian Westphal
- [PATCH v2 nft 3/3] evaluate: don't assert if set->data is NULL, Florian Westphal
  - Re: [PATCH v2 nft 3/3] evaluate: don't assert if set->data is NULL, Florian Westphal
[PATCH nftables] doc: clarify reject is supported at prerouting stage, Quan Tian
- Re: [PATCH nftables] doc: clarify reject is supported at prerouting stage, Pablo Neira Ayuso
[PATCH nft] doc: incorrect datatype description for icmpv6_type and icmpvx_code, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: validate .maxattr at expression registration, Pablo Neira Ayuso
[PATCH nft] tests: shell: extend coverage for netdevice removal, Pablo Neira Ayuso
[PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
- [PATCH bpf-next v3 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
- Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Lorenz Bauer
  - Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
- Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
  - Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
    - Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
      - Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
        
        Re: [PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
[PATCH nft] tests: shell: prefer project nft to system-wide nft, Florian Westphal
[PATCH bpf-next v2 0/3] Annotate kfuncs in .BTF_ids section, Daniel Xu
- [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
  - Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Jiri Olsa
    - Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
      - Re: [PATCH bpf-next v2 3/3] bpf: treewide: Annotate BPF kfuncs in BTF, Jiri Olsa
- Re: [PATCH bpf-next v2 0/3] Annotate kfuncs in .BTF_ids section, Jiri Olsa
[PATCH nf-next] netfilter: nf_tables: pass flags to set backend selection routine, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: reject invalid set policy, Pablo Neira Ayuso
[PATCH libnetfilter_queue] include: pktbuff.h needs stdbool.h, Duncan Roe
[PATCH bpf-next 0/2] Annotate kfuncs in .BTF_ids section, Daniel Xu
- [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
  - Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF, Jiri Olsa
    - Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
      - Re: [PATCH bpf-next 2/2] bpf: treewide: Annotate BPF kfuncs in BTF, Daniel Xu
[syzbot] Monthly netfilter report (Jan 2024), syzbot
[PATCH libnftnl] object: define nftnl_obj_unset(), Pablo Neira Ayuso
- Re: [PATCH libnftnl] object: define nftnl_obj_unset(), Nicholas Vinson
  - Re: [PATCH libnftnl] object: define nftnl_obj_unset(), Pablo Neira Ayuso
    - Re: [PATCH libnftnl] object: define nftnl_obj_unset(), Nicholas Vinson
[PATCH nf] netfilter: nft_immediate: drop chain reference counter on error, Pablo Neira Ayuso
[RFC nf-next v5 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v5 1/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v5 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
- Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update, D. Wythe
- Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update, Quentin Deslandes
  - Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update, Pablo Neira Ayuso
    - Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update, D. Wythe
Re: GUI Frontend for iptables and nftables Linux firewalls, Phil Sutter
- Message not available
  - Re: GUI Frontend for iptables and nftables Linux firewalls, Josef Vybíhal
[PATCH RFC libnetfilter_queue 0/1] libnfnetlink dependency elimination, Duncan Roe
- [PATCH RFC libnetfilter_queue 1/1] utils/nfqnl_test runs without libnfnetlink, Duncan Roe
feature request: list elements of table for scripting, Han Boetes
- Re: feature request: list elements of table for scripting, Phil Sutter
  - Re: feature request: list elements of table for scripting, Han Boetes
    - Re: feature request: list elements of table for scripting, Phil Sutter
      - Re: feature request: list elements of table for scripting, Han Boetes
        
        Re: feature request: list elements of table for scripting, Phil Sutter
[RFC nf-next v4 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v4 1/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next v4 1/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v4 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
[libnftnl] chain: Removed non-defined functions, Nicholas Vinson
- Re: [libnftnl] chain: Removed non-defined functions, Pablo Neira Ayuso
[PATCH 01/14] netfilter: cleanup enum nft_set_class, George Guo
- [PATCH 02/14] netfilter: cleanup struct nft_set_elem, George Guo
- [PATCH 03/14] netfilter: cleanup struct nft_ctx, George Guo
- [PATCH 04/14] netfilter: cleanup struct nft_set_iter, George Guo
- [PATCH 05/14] netfilter: cleanup struct nft_set_ops, George Guo
- [PATCH 06/14] netfilter: cleanup struct nft_set, George Guo
- [PATCH 07/14] netfilter: cleanup struct nft_set_ext_tmpl, George Guo
- [PATCH 08/14] netfilter: cleanup struct nft_expr_type, George Guo
- [PATCH 09/14] netfilter: cleanup struct nft_expr_ops, George Guo
- [PATCH 10/14] netfilter: cleanup struct nft_chain, George Guo
- [PATCH 11/14] netfilter: cleanup struct nft_base_chain, George Guo
- [PATCH 12/14] netfilter: cleanup struct nft_object, George Guo
- [PATCH 13/14] netfilter: cleanup struct nft_object_ops, George Guo
- [PATCH 14/14] netfilter: cleanup struct nft_flowtable, George Guo
- Re: [PATCH 01/14] netfilter: cleanup enum nft_set_class, Pablo Neira Ayuso
Kprobe for nf_nat is broken in Latest Debian 6.1.66-1, P K
- Re: Kprobe for nf_nat is broken in Latest Debian 6.1.66-1, P K
[PATCH v2 nft] datatype: do not assert when value exceeds expected width, Florian Westphal
[PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Brad Cowie
- Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Simon Horman
  - Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Brad Cowie
    - Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Xin Long
  - Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Aaron Conole
    - Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Pablo Neira Ayuso
    - Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states, Brad Cowie
[iptables PATCH v2] ebtables: Default to extrapositioned negations, Phil Sutter
- Re: [iptables PATCH v2] ebtables: Default to extrapositioned negations, Phil Sutter
[nf-next PATCH v2 0/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Phil Sutter
- [nf-next PATCH v2 2/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Phil Sutter
- [nf-next PATCH v2 3/3] netfilter: nf_tables: Implement table adoption support, Phil Sutter
- [nf-next PATCH v2 1/3] netfilter: uapi: Document NFT_TABLE_F_OWNER flag, Phil Sutter
- Re: [nf-next PATCH v2 0/3] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Pablo Neira Ayuso
[iptables PATCH] ebtables: Default to extrapositioned negations, Phil Sutter
[PATCH nft v2] src: do not allow to chain more than 16 binops, Florian Westphal
[iptables PATCH 00/23] Guided option parser for ebtables, Phil Sutter
- [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4, Phil Sutter
  - Re: [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4, Jan Engelhardt
    - Re: [iptables PATCH 04/23] libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4, Phil Sutter
- [iptables PATCH 12/23] extensions: libebt_log: Use guided option parser, Phil Sutter
- [iptables PATCH 05/23] ebtables: Support for guided option parser, Phil Sutter
- [iptables PATCH 10/23] extensions: libebt_ip6: Use guided option parser, Phil Sutter
- [iptables PATCH 23/23] extensions: libxt_HMARK: Review HMARK_parse(), Phil Sutter
- [iptables PATCH 13/23] extensions: libebt_mark: Use guided option parser, Phil Sutter
- [iptables PATCH 11/23] extensions: libebt_ip: Use guided option parser, Phil Sutter
- [iptables PATCH 14/23] extensions: libebt_nflog: Use guided option parser, Phil Sutter
- [iptables PATCH 08/23] extensions: libebt_arpreply: Use guided option parser, Phil Sutter
- [iptables PATCH 01/23] libxtables: xtoptions: Prevent XTOPT_PUT with XTTYPE_HOSTMASK, Phil Sutter
- [iptables PATCH 22/23] extensions: libebt_mark_m: Use guided option parser, Phil Sutter
- [iptables PATCH 15/23] extensions: libebt_snat: Use guided option parser, Phil Sutter
- [iptables PATCH 20/23] extensions: libxt_limit: Use guided option parser for NFPROTO_BRIDGE, too, Phil Sutter
- [iptables PATCH 16/23] extensions: libebt_redirect: Use guided option parser, Phil Sutter
- [iptables PATCH 21/23] extensions: libebt_pkttype: Use guided option parser, Phil Sutter
- [iptables PATCH 03/23] libxtables: xtoptions: Implement XTTYPE_ETHERMACMASK, Phil Sutter
- [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*, Phil Sutter
  - Re: [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*, Jan Engelhardt
    - Re: [iptables PATCH 02/23] libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT*, Phil Sutter
- [iptables PATCH 18/23] extensions: libebt_vlan: Use guided option parser, Phil Sutter
- [iptables PATCH 09/23] extensions: libebt_dnat: Use guided option parser, Phil Sutter
- [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser, Phil Sutter
  - Re: [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser, Jan Engelhardt
    - Re: [iptables PATCH 07/23] extensions: libebt_stp: Use guided option parser, Phil Sutter
- [iptables PATCH 19/23] extensions: libebt_arp: Use guided option parser, Phil Sutter
- [iptables PATCH 06/23] extensions: libebt_*: Drop some needless init callbacks, Phil Sutter
- [iptables PATCH 17/23] extensions: libebt_802_3: Use guided option parser, Phil Sutter
- Re: [iptables PATCH 00/23] Guided option parser for ebtables, Phil Sutter
[iptables PATCH] tests: iptables-test: Use difflib if dumps differ, Phil Sutter
- Re: [iptables PATCH] tests: iptables-test: Use difflib if dumps differ, Phil Sutter
[PATCH nft] netlink: fix stack overflow due to erroneous rounding, Florian Westphal
[RFC nf-next v3 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v3 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
- [RFC nf-next v3 1/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
    - Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, D. Wythe
      - Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
        
        Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, D. Wythe
        
        Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
        
        Re: [RFC nf-next v3 1/2] netfilter: bpf: support prog update, D. Wythe
[PATCH nft] src: do not allow to chain more than 16 binops, Florian Westphal
[PATCH nft] evaluate: don't crash if object map does not refer to a value, Florian Westphal
netfilter ipv6 flow offloading seemingly causing hangs - how to debug?, Pierre Bourdon
- Re: netfilter ipv6 flow offloading seemingly causing hangs - how to debug?, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: skip set commit for deleted/destroyed sets, Pablo Neira Ayuso
[PATCH nft] datatype: do not assert when value exceeds 255, Florian Westphal
[PATCH nft] parser_bison: error out on duplicated type/typeof/element keywords, Florian Westphal
[PATCH nft] intervals: BUG on prefix expressions without value, Florian Westphal
[PATCH v3 nft] support for afl++ (american fuzzy lop++) fuzzer, Florian Westphal
[iptables PATCH] iptables-legacy: Fix for mandatory lock waiting, Phil Sutter
- Re: [iptables PATCH] iptables-legacy: Fix for mandatory lock waiting, Phil Sutter
  - Re: [iptables PATCH] iptables-legacy: Fix for mandatory lock waiting, Phil Sutter
[PATCH nft] tests: shell: add test to cover payload transport match and mangle, Pablo Neira Ayuso
Can netfilter-ebpf modify packets ？, D. Wythe
[RFC nf-next v2 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v2 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
- [RFC nf-next v2 1/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update, Simon Horman
    - Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update, D. Wythe
      - Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update, Florian Westphal
        
        Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update, D. Wythe
PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files, Samuel Marks
- Re: PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files, Jan Engelhardt
- Re: [netfilter-core] PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files, Phil Sutter
- <Possible follow-ups>
- Re: PATCH [netfilter] Remove old case sensitive variants of lowercase .c and .h files, Tomasz Pala
[PATCH v39 18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx, Casey Schaufler
[PATCH v39 17/42] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
[PATCH v39 16/42] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[libnftnl PATCH 0/6] Attribute policies for expressions, Phil Sutter
- [libnftnl PATCH 6/6] expr: Enforce attr_policy compliance in nftnl_expr_set(), Phil Sutter
- [libnftnl PATCH 1/6] tests: Fix objref test case, Phil Sutter
- [libnftnl PATCH 4/6] include: Sync nf_log.h with kernel headers, Phil Sutter
- [libnftnl PATCH 2/6] expr: Repurpose struct expr_ops::max_attr field, Phil Sutter
- [libnftnl PATCH 5/6] expr: Introduce struct expr_ops::attr_policy, Phil Sutter
- [libnftnl PATCH 3/6] expr: Call expr_ops::set with legal types only, Phil Sutter
- Re: [libnftnl PATCH 0/6] Attribute policies for expressions, Phil Sutter
[nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs, Phil Sutter
- Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs, Pablo Neira Ayuso
  - Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs, Pablo Neira Ayuso
    - [nft PATCH 1/2] datatype: Initialize rt_symbol_tables' base field, Phil Sutter
      - [nft PATCH 2/2] datatype: Describe rt symbol tables, Phil Sutter
- Re: [nft PATCH] datatype: rt_symbol_table_init() to search for iproute2 configs, Phil Sutter
[PATCH net-next 07/24] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[nf-next PATCH] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Phil Sutter
- Re: [nf-next PATCH] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Pablo Neira Ayuso
[PATCH nft] tcpopt: don't create exthdr expression without datatype, Florian Westphal
[PATCH nft] evaluate: fix stack overflow with huge priority string, Florian Westphal
[RFC nf-next v1 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next v1 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
- [RFC nf-next v1 1/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next v1 1/2] netfilter: bpf: support prog update, Florian Westphal
    - Re: [RFC nf-next v1 1/2] netfilter: bpf: support prog update, D. Wythe
[PATCH nf-next] netfilter: nf_tables: validate chain type update if available, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: set transport offset from mac header for netdev/egress, Pablo Neira Ayuso
ulogd / JSON output / enhancement proposal, Gérald Colangelo
- Re: ulogd / JSON output / enhancement proposal, Jeremy Sowden
Bug in ulogd2 when destroying a stack that failed to start (with fix attached), Gérald Colangelo
[PATCH nft] evaluate: exthdr: statement arg must be not be a range, Florian Westphal
[PATCH iptables v2 0/6] Autoools silent-rules fixes, Jeremy Sowden
- [PATCH iptables v2 3/6] build: remove unused `AM_VERBOSE_CXX*` variables, Jeremy Sowden
- [PATCH iptables v2 4/6] build: use standard automake verbosity variables, Jeremy Sowden
- [PATCH iptables v2 1/6] build: format `AM_CPPFLAGS` variables, Jeremy Sowden
- [PATCH iptables v2 6/6] build: replace `echo -e` with `printf`, Jeremy Sowden
- [PATCH iptables v2 5/6] build: add an automake verbosity variable for `ln`, Jeremy Sowden
- [PATCH iptables v2 2/6] build: remove obsolete `AM_LIBTOOL_SILENT` variable, Jeremy Sowden
- Re: [PATCH iptables v2 0/6] Autoools silent-rules fixes, Phil Sutter
[PATCH nft] netlink: don't crash if prefix for < byte is requested, Florian Westphal
[PATCH iptables 0/7] Autoools silent-rules fixes, Jeremy Sowden
- [PATCH iptables 2/7] build: remove obsolete `AM_LIBTOOL_SILENT` variable, Jeremy Sowden
- [PATCH iptables 1/7] build: format `AM_CPPFLAGS` variables, Jeremy Sowden
- [PATCH iptables 7/7] build: suppress man-page listing in silent rules, Jeremy Sowden
  - Re: [PATCH iptables 7/7] build: suppress man-page listing in silent rules, Jan Engelhardt
    - Re: [PATCH iptables 7/7] build: suppress man-page listing in silent rules, Jeremy Sowden
- [PATCH iptables 5/7] build: add an automake verbosity variable for `ln`, Jeremy Sowden
- [PATCH iptables 6/7] build: replace `echo -e` with `printf`, Jeremy Sowden
  - Re: [PATCH iptables 6/7] build: replace `echo -e` with `printf`, Jeremy Sowden
- [PATCH iptables 4/7] build: use standard automake verbosity variables, Jeremy Sowden
- [PATCH iptables 3/7] build: remove unused `AM_VERBOSE_CXX*` variables, Jeremy Sowden
[PATCH v2 nft] initial support for the afl++ (american fuzzy lop++) fuzzer, Florian Westphal
- Re: [PATCH v2 nft] initial support for the afl++ (american fuzzy lop++) fuzzer, Thomas Haller
[PATCH nft] evaluate: fix gmp assertion with too-large reject code, Florian Westphal
[libnftnl RFC 1/2] expr: Repurpose struct expr_ops::max_attr field, Phil Sutter
- [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy, Phil Sutter
  - Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy, Florian Westphal
    - Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy, Phil Sutter
      - Re: [libnftnl RFC 2/2] expr: Introduce struct expr_ops::attr_policy, Florian Westphal
[PATCH nft 0/3] src: make set-merging less zealous, Florian Westphal
- [PATCH nft 1/3] intervals: BUG on prefix expressions without value, Florian Westphal
- [PATCH nft 2/3] src: do not merge a set with a erroneous one, Florian Westphal
- [PATCH nft 3/3] evaluate: don't assert if set->data is NULL, Florian Westphal
- Re: [PATCH nft 0/3] src: make set-merging less zealous, Florian Westphal
[PATCH nft] netlink: fix stack buffer overflow with sub-reg sized prefixes, Florian Westphal
[PATCH nft] meta: fix tc classid parsing out-of-bounds access, Florian Westphal
[PATCH nft] evaluate: error out when existing set has incompatible key, Florian Westphal
[PATCH nft] evaluate: stmt_nat: set reference must point to a map, Florian Westphal
[RFC nf-next 0/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next 1/2] netfilter: bpf: support prog update, D. Wythe
  - Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, Florian Westphal
    - Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
    - Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, D. Wythe
      - Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
        
        Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, D. Wythe
        
        Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
        
        Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, D. Wythe
        
        Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, Alexei Starovoitov
        
        Re: [RFC nf-next 1/2] netfilter: bpf: support prog update, D. Wythe
- [RFC nf-next 2/2] selftests/bpf: Add netfilter link prog update test, D. Wythe
[PATCH nft] parser_bison: fix memory leaks on hookspec error processing, Florian Westphal
[PATCH nft] parser_bison: close chain scope before chain release, Florian Westphal
[PATCH v2 nft] src: reject large raw payload and concat expressions, Florian Westphal
[PATCHv2 RFC net-next 00/14] ipvs: per-net tables and optimizations, Julian Anastasov
- [PATCHv2 RFC net-next 10/14] ipvs: show the current conn_tab size to users, Julian Anastasov
- [PATCHv2 RFC net-next 01/14] rculist_bl: add hlist_bl_for_each_entry_continue_rcu, Julian Anastasov
- [PATCHv2 RFC net-next 14/14] ipvs: add conn_lfactor and svc_lfactor sysctl vars, Julian Anastasov
- [PATCHv2 RFC net-next 05/14] ipvs: do not keep dest_dst after dest is removed, Julian Anastasov
- [PATCHv2 RFC net-next 13/14] ipvs: add ip_vs_status info, Julian Anastasov
- [PATCHv2 RFC net-next 03/14] ipvs: some service readers can use RCU, Julian Anastasov
- [PATCHv2 RFC net-next 11/14] ipvs: no_cport and dropentry counters can be per-net, Julian Anastasov
- [PATCHv2 RFC net-next 06/14] ipvs: use more counters to avoid service lookups, Julian Anastasov
- [PATCHv2 RFC net-next 04/14] ipvs: use single svc table, Julian Anastasov
- [PATCHv2 RFC net-next 07/14] ipvs: add resizable hash tables, Julian Anastasov
- [PATCHv2 RFC net-next 02/14] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns, Julian Anastasov
- [PATCHv2 RFC net-next 12/14] ipvs: use more keys for connection hashing, Julian Anastasov
- [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services, Julian Anastasov
  - Re: [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services, Simon Horman
    - Re: [PATCHv2 RFC net-next 08/14] ipvs: use resizable hash table for services, Julian Anastasov
- [PATCHv2 RFC net-next 09/14] ipvs: switch to per-net connection table, Julian Anastasov
[PATCH nft] evaluate: error out if concat expression becomes too large, Florian Westphal
[PATCH libnftnl] expr: fix buffer overflows in data value setters, Florian Westphal
[PATCH nft] parser_bison: reject large raw payload expressions, Florian Westphal
[PATCH nft] parser_bison: ensure all timeout policy names are released, Florian Westphal
[PATCH nft] parser_bison: make sure obj_free releases timeout policies, Florian Westphal
[PATCH nft] parser_bison: fix ct scope underflow if ct helper section is duplicated, Florian Westphal
Should we keep the advice to increase queue max length?, Duncan Roe
- Re: Should we keep the advice to increase queue max length?, Florian Westphal
[PATCH iptables] Fix spelling mistakes, Jeremy Sowden
- Re: [PATCH iptables] Fix spelling mistakes, Phil Sutter
[PATCH libnetfilter_queue 0/1] src: add nfq_socket_sendto() - send config request and check response, Duncan Roe
- [PATCH libnetfilter_queue 1/1] src: add nfq_socket_sendto() - send config request and check response, Duncan Roe
[PATCH ulogd] log NAT events using IPFIX, Tomasz Pala
- Re: [PATCH ulogd] log NAT events using IPFIX, Pablo Neira Ayuso
  - Re: [PATCH ulogd] log NAT events using IPFIX, Tomasz Pala
    - Re: [PATCH ulogd] log NAT events using IPFIX, Tomasz Pala
    - Re: [PATCH ulogd] log NAT events using IPFIX, Tomasz Pala
      - Re: [PATCH ulogd] log NAT events using IPFIX, Tomasz Pala

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite Discussion]