Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- Re: iptables-nft: Wrong payload merge of rule filter - "! --sport xx ! --dport xx", (continued)
- [RFC nftables PATCH]: fix a2x: ERROR: missing --destination-dir: ./doc,
Neels Hofmeyr
- [PATCH] ipvs: allow netlink configuration from non-initial user namespace,
Michael Weiß
- [PATCH xtables] extensions: xt_TPROXY: add txlate support,
Florian Westphal
- [PATCH nft 0/5] parser_json: fix up transaction ordering,
Florian Westphal
- [PATCH net-next] netfilter: conntrack: avoid sending RST to reply out-of-window skb,
Jason Xing
- [PATCH nf-next 0/9] netfilter: nf_tables: rewrite gc again,
Florian Westphal
- [PATCH nf] netfilter: nf_tables: skip netdev hook unregistration if table is dormant,
Pablo Neira Ayuso
- [PATCH nft,v2] evaluate: translate meter into dynamic set, Pablo Neira Ayuso
- [PATCH nft] evaluate: translate meter into dynamic set, Pablo Neira Ayuso
- [PATCH net] netfilter: nf_tables: Fix a memory leak in nf_tables_updchain, Quan Tian
- Issues with netdev egress hooks,
Daniel Mack
- [PATCH net] netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery,
Linus Lüssing
- [syzbot] [netfilter?] KASAN: slab-use-after-free Read in ip_skb_dst_mtu, syzbot
- [PATCH xtables-nft v2] extensions: xt_socket: add txlate support for socket match,
Florian Westphal
- [PATCH xtables-nft] extensions: xt_socket: add txlate support for sk match v3, Florian Westphal
- [iptables PATCH 1/2] xlate: Improve redundant l4proto match avoidance,
Phil Sutter
- [PATCH net v3] netfilter: Add protection for bmp length out of range,
Lena Wang (王娜)
- [PATCH nf-next] netfilter: nf_tables: remove NETDEV_CHANGENAME from netdev chain event handler, Pablo Neira Ayuso
- [PATCH nf-next] netfilter: nf_tables: skip transaction if update object is not implemented, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: mark set as dead when deactivating anonymous set with timeout, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: mark set as dead when deactivating anonymous set,
Pablo Neira Ayuso
- [PATCH conntrack-tools v2 0/3] fix potential memory loss and exit codes,
Donald Yandt
- [PATCH conntrack-tools 0/3] fix potential memory loss and exit codes,
Donald Yandt
- [PATCH net v2] netfilter: Add protection for bmp length out of range,
Lena Wang (王娜)
- [PATCH nft 0/3] parser: allow to define maps that contain ct objects,
Florian Westphal
- [PATCH nf v2] netfilter: nft_ct: fix l3num expectations with inet pseudo family, Florian Westphal
- [PATCH nf] netfilter: nft_ct: fix l3num expectations with inet pseudo family, Florian Westphal
- [PATCH nf,v2 1/2] netfilter: nf_tables: disallow anonymous set with timeout flag,
Pablo Neira Ayuso
- [PATCH nf 1/2] netfilter: nf_tables: disallow anonymous set with NFT_SET_{TIMEOUT,EVAL} flags,
Pablo Neira Ayuso
- [iptables PATCH] xtables-translate: Leverage stored protocol names,
Phil Sutter
- [PATCH nft] rule: fix ASAN errors in priority to string conversion, Pablo Neira Ayuso
- [PATCH nft 0/3] nftables: add typeof support for objref maps,
Florian Westphal
- [iptables PATCH] nft: Fix for broken recover_rule_compat(),
Phil Sutter
- [PATCH v2 nf] netfilter: bridge: confirm multicast packets before passing them up the stack, Florian Westphal
- [PATCH nft] parser: compact type/typeof set rules, Florian Westphal
- [PATCH nft] parser: compact interval typeof rules, Florian Westphal
- Ulogd2 Mysql KO,
Yves Metivier
- [PATCH libnftnl 1/3] expr: immediate: check for chain attribute to release chain name,
Pablo Neira Ayuso
- [PATCH 0/2] netfilter: bridge_netfilter:,
Florian Westphal
- [PATCH nft] parser_json: allow 0 offsets again, Florian Westphal
- [PATCH net] netlink: validate length of NLA_{BE16,BE32} types,
Pablo Neira Ayuso
- [PATCH] netfilter: xtables: fix IP6_NF_IPTABLES_LEGACY typo,
Arnd Bergmann
- [PATCH v3] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(),
Ignat Korchagin
- [PATCH nf] netfilter: nf_tables: use kzalloc for hook allocation, Florian Westphal
- [PATCH nf] netfilter: nf_tables: register hooks last when adding new chain/flowtable, Pablo Neira Ayuso
- [PATCH nf 1/2] netfilter: nft_flow_offload: reset dst in route object after setting up flow,
Pablo Neira Ayuso
- [nft PATCH] src: improve error reporting for destroy command, 谢致邦 (XIE Zhibang)
- [PATCH net-next 00/12] netfilter updates for net-next,
Florian Westphal
- [PATCH net-next 02/12] netfilter: nf_log: consolidate check for NULL logger in lookup function, Florian Westphal
- [PATCH net-next 01/12] netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_expect_init, Florian Westphal
- [PATCH net-next 03/12] netfilter: nf_log: validate nf_logger_find_get(), Florian Westphal
- [PATCH net-next 06/12] netfilter: nft_set_pipapo: constify lookup fn args where possible, Florian Westphal
- [PATCH net-next 04/12] netfilter: nft_osf: simplify init path, Florian Westphal
- [PATCH net-next 07/12] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR, Florian Westphal
- [PATCH net-next 08/12] netfilter: nft_set_pipapo: shrink data structures, Florian Westphal
- [PATCH net-next 09/12] netfilter: nft_set_pipapo: speed up bulk element insertions, Florian Westphal
- [PATCH net-next 05/12] netfilter: xtables: fix up kconfig dependencies, Florian Westphal
- [PATCH net-next 10/12] netfilter: nft_set_pipapo: use GFP_KERNEL for insertions, Florian Westphal
- [PATCH net-next 11/12] netfilter: move nf_reinject into nfnetlink_queue modules, Florian Westphal
- [PATCH net-next 12/12] netfilter: x_tables: Use unsafe_memcpy() for 0-sized destination, Florian Westphal
- [PATCH v2] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(),
Ignat Korchagin
- [syzbot] [netfilter?] KMSAN: uninit-value in __nla_validate_parse (3),
syzbot
- Re: [RFC] nftables 0.9.8 -stable backports,
Pablo Neira Ayuso
- [PATCH libnftnl] obj: ct_timeout: setter checks for timeout array boundaries, Pablo Neira Ayuso
- [PATCH] Add protection for bmp length out of range,
Lena Wang (王娜)
- CFS for Netdev Conf 0x18 open!, Jamal Hadi Salim
- [PATCH nf] netfilter: nf_tables: set dormant flag on hook register failure, Florian Westphal
- [linux-next:master] BUILD REGRESSION d37e1e4c52bc60578969f391fb81f947c3e83118, kernel test robot
- [PATCH] netfilter: x_tables: Use unsafe_memcpy() for 0-sized destination,
Kees Cook
- [PATCH nf-next] netfilter: nft_set_pipapo: use GFP_KERNEL for insertions, Florian Westphal
- [PATCH net] netfilter: nf_tables: fix bidirectional offload regression,
Felix Fietkau
- [PATCH nf-next] netfilter: move nf_reinject into nfnetlink_queue modules, Florian Westphal
- [PATCH nf-next] netfilter: nft_byteorder: remove multi-register support, Florian Westphal
- [PATCH libnetfilter_queue 0/1] Convert libnetfilter_queue to use entirely libmnl functions,
Duncan Roe
- [PATCH libnetfilter_queue 1/1] Convert libnetfilter_queue to use entirely libmnl functions, Duncan Roe
- Re: [PATCH libnetfilter_queue 1/1] Convert libnetfilter_queue to use entirely libmnl functions, Pablo Neira Ayuso
- Re: [PATCH libnetfilter_queue 1/1] Convert libnetfilter_queue to use entirely libmnl functions, Duncan Roe
- [PATCH libnetfilter_queue 00/32] Convert libnetfilter_queue to not need libnfnetlink, Duncan Roe
- [PATCH libnetfilter_queue 01/32] src: Convert nfq_open() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 02/32] src: Convert nfq_open_nfnl() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 04/32] src: Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 03/32] src: Convert nfq_close() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 05/32] src: Convert nfq_set_queue_flags() & nfq_set_queue_maxlen() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 06/32] src: Convert nfq_handle_packet(), nfq_get_secctx(), nfq_get_payload() and all the nfq_get_ functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 08/32] src: Incorporate nfnl_rcvbufsiz() in libnetfilter_queue, Duncan Roe
- [PATCH libnetfilter_queue 07/32] src: Convert nfq_set_verdict() and nfq_set_verdict2() to use libmnl if there is no data, Duncan Roe
- [PATCH libnetfilter_queue 09/32] src: Convert nfq_fd() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 10/32] src: Convert remaining nfq_* functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 11/32] src: Fix checkpatch whitespace and block comment warnings, Duncan Roe
- [PATCH libnetfilter_queue 12/32] src: Copy nlif-related code from libnfnetlink, Duncan Roe
- [PATCH libnetfilter_queue 13/32] include: Cherry-pick macros and functions that nlif will need, Duncan Roe
- [PATCH libnetfilter_queue 14/32] doc: Add linux_list.h to the doxygen system, Duncan Roe
- [PATCH libnetfilter_queue 16/32] doc: Eliminate doxygen warnings from iftable.c, Duncan Roe
- [PATCH libnetfilter_queue 15/32] doc: Eliminate doxygen warnings from linux_list.h, Duncan Roe
- [PATCH libnetfilter_queue 17/32] whitespace: remove trailing spaces from iftable.c, Duncan Roe
- [PATCH libnetfilter_queue 19/32] src: Convert all nlif_* functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue 18/32] include: Use libmnl.h instead of libnfnetlink.h, Duncan Roe
- [PATCH libnetfilter_queue 20/32] src: Delete rtnl.c, Duncan Roe
- [PATCH libnetfilter_queue 21/32] build: Remove libnfnetlink from the build, Duncan Roe
- [PATCH libnetfilter_queue 22/32] include: Remove the last remaining use of a libnfnetlink header, Duncan Roe
- [PATCH libnetfilter_queue 23/32] doc: Get doxygen to document useful static inline functions, Duncan Roe
- [PATCH libnetfilter_queue 24/32] doc: SYNOPSIS of linux_list.h nominates libnetfilter_queue/libnetfilter_queue.h, Duncan Roe
- [PATCH libnetfilter_queue 25/32] doc: Move nlif usage description from libnetfilter_queue.c to iftable.c, Duncan Roe
- [PATCH libnetfilter_queue 26/32] build: Shave some time off build, Duncan Roe
- [PATCH libnetfilter_queue 28/32] build: Get real & user times back to what they were, Duncan Roe
- [PATCH libnetfilter_queue 27/32] doc: Resolve most issues with man page generated from linux_list.h, Duncan Roe
- [PATCH libnetfilter_queue 30/32] doc: Fix list_empty() doxygen comments, Duncan Roe
- [PATCH libnetfilter_queue 29/32] doc: Cater for doxygen variants w.r.t. #define stmts, Duncan Roe
- [PATCH libnetfilter_queue 31/32] src: Use a cast in place of convoluted construct, Duncan Roe
- [PATCH libnetfilter_queue 32/32] whitespace: Fix more checkpatch errors & warnings, Duncan Roe
- [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free,
syzbot
- [PATCH nft] expression: missing line in describe command with invalid expression, Pablo Neira Ayuso
- [PATCH v2 nf-next 0/4] netfilter: nft_set_pipapo: speed up bulk element insertions,
Florian Westphal
- [ANNOUNCE] ipset 7.21 released, Jozsef Kadlecsik
- [PATCH nf-next 0/4] netfilter: nft_set_pipapo: speed up bulk element insertions,
Florian Westphal
- [PATCH] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(),
Ignat Korchagin
- [PATCH 1/1] tests: use common shebang in "packetpath/flowtables" test,
Thomas Haller
- [PATCH 1/1] tests/shell: no longer support unprettified ".json-nft" files,
Thomas Haller
- [syzbot] Monthly netfilter report (Feb 2024), syzbot
- [netfilter-nf:testing 5/13] net/netfilter/ipset/ip_set_hash_gen.h:435:19: sparse: sparse: incorrect type in assignment (different address spaces), kernel test robot
- [PATCH v3] netfilter: nat: restore default DNAT behavior, Kyle Swenson
- [netfilter-nf:testing 8/13] net/netfilter/nft_set_pipapo.c:518: warning: Function parameter or struct member 'tstamp' not described in 'pipapo_get', kernel test robot
- [nft PATCH] cache: Always set NFT_CACHE_TERSE for list cmd with --terse,
Phil Sutter
- [PATCH,v2 nft 1/2] evaluate: skip byteorder conversion for selector smaller than 2 bytes,
Pablo Neira Ayuso
- [nft PATCH] cache: Reduce caching when terse listing a table, Phil Sutter
- [PATCH nft] evaluate: skip byteorder conversion for selector smaller than 2 bytes, Pablo Neira Ayuso
- [PATCH net 00/13] Netfilter fixes for net,
Pablo Neira Ayuso
- [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
- [PATCH net 02/13] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
- [PATCH net 04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
- [PATCH net 03/13] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
- [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Pablo Neira Ayuso
- [PATCH net 07/13] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
- [PATCH net 06/13] netfilter: ctnetlink: fix filtering for zone 0, Pablo Neira Ayuso
- [PATCH net 08/13] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH net 10/13] netfilter: nft_set_rbtree: skip end interval element from gc, Pablo Neira Ayuso
- [PATCH net 09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT, Pablo Neira Ayuso
- [PATCH net 12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Pablo Neira Ayuso
- [PATCH net 11/13] netfilter: nft_set_pipapo: store index in scratch maps, Pablo Neira Ayuso
- [PATCH net 13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Pablo Neira Ayuso
- [PATCH AUTOSEL 5.4 6/7] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH AUTOSEL 5.10 09/16] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH AUTOSEL 5.15 12/23] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH AUTOSEL 6.1 15/29] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH AUTOSEL 6.6 21/38] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH AUTOSEL 6.7 23/44] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new, Sasha Levin
- [PATCH nf v2 0/3] netfilter: nft_set_pipapo: nft_set_pipapo: map_index must be per set,
Florian Westphal
- [nft PATCH] cache: Optimize caching for 'list tables' command,
Phil Sutter
- [nft PATCH v3] evaluate: fix check for unknown in cmd_op_to_name,
谢致邦 (XIE Zhibang)
- [PATCH conntrack] conntrack: don't print [USERSPACE] information in case of XML output,
Ignacy Gawędzki
- [nft PATCH v2] evaluate: fix check for unknown in cmd_op_to_name,
谢致邦 (XIE Zhibang)
- [PATCH nf] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- 0x18: Dates And Location for upcoming conference, Jamal Hadi Salim
- [PATCH] Makefile.am: don't silence -Wimplicit-function-declaration,
Sam James
- [PATCH nf] netfilter: nfnetlink_queue: un-break NF_REPEAT, Florian Westphal
- [PATCH nf-next] netfilter: xtables: fix up kconfig dependencies,
Florian Westphal
- [PATCH nf 0/3] netfilter: nft_set_pipapo: map_index must be per set,
Florian Westphal
- [PATCH] evaluate: fix check for unknown in cmd_op_to_name, 谢致邦 (XIE Zhibang)
- [syzbot] [netfilter?] WARNING: suspicious RCU usage in hash_netportnet6_destroy,
syzbot
- [PATCH] ipvs: generic netlink multicast event group,
Terin Stock
- [PATCH nf] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
- [PATCH net] net: ctnetlink: fix filtering for zone 0, Felix Huettner
- [PATCH v4.19.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(),
Ajay Kaher
- iptables: considers incomplete rule in -C and finds an erroneous match,
Roman Mamedov
- [PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed,
Jozsef Kadlecsik
- [iptables PATCH 00/12] Range value related fixes/improvements,
Phil Sutter
- [iptables PATCH 11/12] extensions: tcp/udp: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 09/12] extensions: ipcomp: Save inverted full ranges, Phil Sutter
- [iptables PATCH 12/12] libxtables: xtoptions: Respect min/max values when completing ranges, Phil Sutter
- [iptables PATCH 06/12] extensions: mh: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 07/12] extensions: rt: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 01/12] extensions: *.t/*.txlate: Test range corner-cases, Phil Sutter
- [iptables PATCH 03/12] libxtables: Reject negative port ranges, Phil Sutter
- [iptables PATCH 05/12] extensions: frag: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 04/12] extensions: ah: Save/xlate inverted full ranges, Phil Sutter
- [iptables PATCH 10/12] nft: Do not omit full ranges if inverted, Phil Sutter
- [iptables PATCH 02/12] libxtables: xtoptions: Assert ranges are monotonic increasing, Phil Sutter
- [iptables PATCH 08/12] extensions: esp: Save/xlate inverted full ranges, Phil Sutter
- Re: [iptables PATCH 00/12] Range value related fixes/improvements, Phil Sutter
- [syzbot] [netfilter?] WARNING: ODEBUG bug in hash_netiface4_destroy,
syzbot
- [PATCH nf] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_byteorder: length must be multiple of size, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
- [PATCH v5.10.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval(), Ajay Kaher
- [iptables PATCH 0/7] A number of ASAN-identified fixes,
Phil Sutter
- [nft PATCH] json: Support sets' auto-merge option,
Phil Sutter
- [ANNOUNCE] ipset 7.20 released, Jozsef Kadlecsik
- Re: linux-next: Tree for Jan 30 (netfilter, xtables),
Randy Dunlap
- [PATCH nf,v2] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations, Pablo Neira Ayuso
- [RFC PATCH v2 0/1] netfilter: nat: restore default DNAT behavior,
Kyle Swenson
- [PATCH nf-next] netfilter: nft_osf: simplify init path, Pablo Neira Ayuso
- [PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function,
Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_ct: bail out if helper is not found for NFPROTO_{IPV4,IPV6},
Pablo Neira Ayuso
- [PATCH nf-next 0/9] netfilter updates for -next,
Florian Westphal
- [PATCH nf-next 3/9] netfilter: nf_tables: Implement table adoption support, Florian Westphal
- [PATCH nf-next 4/9] netfilter: nf_tables: pass flags to set backend selection routine, Florian Westphal
- [PATCH nf-next 1/9] netfilter: uapi: Document NFT_TABLE_F_OWNER flag, Florian Westphal
- [PATCH nf-next 2/9] netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST, Florian Westphal
- [PATCH nf-next 6/9] ipvs: Simplify the allocation of ip_vs_conn slab caches, Florian Westphal
- [PATCH nf-next 5/9] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create(), Florian Westphal
- [PATCH nf-next 7/9] netfilter: arptables: allow xtables-nft only builds, Florian Westphal
- [PATCH nf-next 8/9] netfilter: xtables: allow xtables-nft only builds, Florian Westphal
- [PATCH nf-next 9/9] netfilter: ebtables: allow xtables-nft only builds, Florian Westphal
- Re: [PATCH nf-next 0/9] netfilter updates for -next, Jakub Kicinski
- [PATCH nft] datatype: display 0s time datatype, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV, Pablo Neira Ayuso
- [PATCH nf] netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger, Pablo Neira Ayuso
- [PATCH nf] netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations, Pablo Neira Ayuso
- [PATCH bpf-next v4 0/3] Annotate kfuncs in .BTF_ids section,
Daniel Xu
- [RFC PATCH 0/1] netfilter: nat: restore default DNAT behavior,
Kyle Swenson
- [PATCH nf] netfilter: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new,
Xin Long
- [PATCH nf,v3] netfilter: nf_tables: validate NFPROTO_* family, Pablo Neira Ayuso
- [PATCH nf,v2] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family, Pablo Neira Ayuso
- Re: [ANN] net-next is OPEN,
Jakub Kicinski
- [PATCH nf-next 1/2] netfilter: xtables: add _LEGACY kconfig symbol,
Florian Westphal
- [PATCH nf-next] netfilter: expect: Simplify the allocation of slab caches in nf_conntrack_expect_init, Kunwu Chan
- [PATCH iptables] extensions: libebt_stp: fix range checking,
Florian Westphal
- [PATCH nf] netfilter: nf_tables: validate NFPROTO_{IPV4,IPV6,INET} family,
Pablo Neira Ayuso
- [PATCH nf-next] netfilter: arptables: allow arptables-nft only builds,
Florian Westphal
- [PATCH] netfilter: nf_tables: Add a null pointer check in two functions,
Markus Elfring
- [iptables PATCH] iptables: Add missing error codes,
Jacek Tomasiak
- [PATCH nf-next] netfilter: nf_conncount: Use KMEM_CACHE instead of kmem_cache_create(),
Kunwu Chan
- [PATCH 64/82] netfilter: Refactor intentional wrap-around test,
Kees Cook
- [PATCH] tests: shell: add test to cover ct offload by using nft flowtables To cover kernel patch ("netfilter: nf_tables: set transport offset from mac header for netdev/egress").,
yiche
[PATCH nf] netfilter: nf_tables: reject QUEUE/DROP verdict parameters, Florian Westphal
PROBLEM: nf_conntrack tcp SYN reuse results in incorrect window scaling,
Schaefer, Ryan
[PATCH nft 0/2] fix host-endian constant values in set lookup keys,
Florian Westphal
[PATCH nf] netfilter: nf_tables: restrict anonymous set and map names to 16 bytes, Florian Westphal
[PATCH nf] netfilter: nft_limit: reject configurations that cause integer overflow, Florian Westphal
[PATCH nf] netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain, Pablo Neira Ayuso
[PATCH net,v2 00/13] Netfilter fixes for net,
Pablo Neira Ayuso
- [PATCH net 02/13] netfilter: nf_tables: validate .maxattr at expression registration, Pablo Neira Ayuso
- [PATCH net 01/13] netfilter: nf_tables: reject invalid set policy, Pablo Neira Ayuso
- [PATCH net 03/13] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
- [PATCH net 04/13] netfilter: nft_limit: do not ignore unsupported flags, Pablo Neira Ayuso
- [PATCH net 05/13] netfilter: nfnetlink_log: use proper helper for fetching physinif, Pablo Neira Ayuso
- [PATCH net 09/13] netfilter: nf_tables: check if catch-all set element is active in next generation, Pablo Neira Ayuso
- [PATCH net 07/13] netfilter: propagate net to nf_bridge_get_physindev, Pablo Neira Ayuso
- [PATCH net 11/13] netfilter: nf_tables: skip dead set elements in netlink dump, Pablo Neira Ayuso
- [PATCH net 10/13] netfilter: nf_tables: do not allow mismatch field size and set key length, Pablo Neira Ayuso
- [PATCH net 08/13] netfilter: bridge: replace physindev with physinif in nf_bridge_info, Pablo Neira Ayuso
- [PATCH net 12/13] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description, Pablo Neira Ayuso
- [PATCH net 06/13] netfilter: nf_queue: remove excess nf_bridge variable, Pablo Neira Ayuso
- [PATCH net 13/13] ipvs: avoid stat macros calls from preemptible context, Pablo Neira Ayuso
- <Possible follow-ups>
- [PATCH net,v2 00/13] Netfilter fixes for net, Pablo Neira Ayuso
- [PATCH net 01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits, Pablo Neira Ayuso
- [PATCH net 03/13] netfilter: nft_compat: restrict match/target protocol to u16, Pablo Neira Ayuso
- [PATCH net 04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get(), Pablo Neira Ayuso
- [PATCH net 02/13] netfilter: nft_compat: reject unused compat flag, Pablo Neira Ayuso
- [PATCH net 05/13] netfilter: ipset: Missing gc cancellations fixed, Pablo Neira Ayuso
- [PATCH net 07/13] netfilter: nft_ct: reject direction for ct id, Pablo Neira Ayuso
- [PATCH net 06/13] netfilter: ctnetlink: fix filtering for zone 0, Pablo Neira Ayuso
- [PATCH net 09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT, Pablo Neira Ayuso
- [PATCH net 10/13] netfilter: nft_set_rbtree: skip end interval element from gc, Pablo Neira Ayuso
- [PATCH net 08/13] netfilter: nf_tables: use timestamp to check for set element timeout, Pablo Neira Ayuso
- [PATCH net 11/13] netfilter: nft_set_pipapo: store index in scratch maps, Pablo Neira Ayuso
- [PATCH net 12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area, Pablo Neira Ayuso
- [PATCH net 13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer, Pablo Neira Ayuso
[PATCH nft] tests: py: remove huge-limit test cases, Florian Westphal
[syzbot] [netfilter?] WARNING in nf_hook_entry_head, syzbot
[PATCH net] ipvs: Simplify the allocation of ip_vs_conn slab caches,
Kunwu Chan
[PATCH 0/1] ipset performance regression in swap fix,
Jozsef Kadlecsik
[PATCH nft] evaluate: don't assert on net/transport header conflict, Florian Westphal
[PATCH net] net: ipvs: avoid stat macros calls from preemptible context,
Fedor Pchelkin
[PATCH nft] rule: fix sym refcount assertion, Florian Westphal
[PATCH nft] evaluate: error out when store needs more than one 128bit register of align fixup, Florian Westphal
[PATCH nf] netfilter: nf_tables: skip dead set elements in netlink dump, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: do not allow mismatch field size and set key length, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: check if catch-all set element is active in next generation, Pablo Neira Ayuso
[PATCH libnftnl,v3] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}, Pablo Neira Ayuso
[PATCH nft] rule: do not crash if to-be-printed flowtable lacks priority, Florian Westphal
[PATCH 1/2] parser: reject raw payload expressions with 0 length, Florian Westphal
[PATCH nft v3] src: do not merge a set with a erroneous one,
Florian Westphal
[PATCH libnftnl] set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA},
Pablo Neira Ayuso
[PATCH libnftnl] set: buffer overflow in NFTNL_SET_DESC_CONCAT setter,
Pablo Neira Ayuso
[PATCH nft 0/2] memleak fixes for tests/shell/testcases/bogons/nft-f/,
Pablo Neira Ayuso
[PATCH nft,v2] evaluate: bail out if anonymous concat set defines a non concat expression, Pablo Neira Ayuso
[PATCH nft 0/2] evaluate: add more checks for '... set 1-3',
Florian Westphal
[PATCH nft] evaluate: error out when expression has no datatype, Florian Westphal
[PATCH v3 0/4] netlink: bridge: fix nf_bridge->physindev use after free,
Pavel Tikhomirov
[PATCH nft] evaluate: disable ct set with ranges,
Florian Westphal
[PATCH nft] payload: only assert if l2 header base has no length, Florian Westphal
[iptables PATCH v2 0/3] iptables-save: Avoid /etc/protocols lookups,
Phil Sutter
[PATCH nft 0/4] assorted fixes,
Pablo Neira Ayuso
[iptables PATCH 1/2] Revert "xshared: Print protocol numbers if --numeric was given",
Phil Sutter
Re: Performance regression in ip_set_swap on 6.1.69,
David Wang
[PATCH v2 nft 0/3] set related parser fixes,
Florian Westphal
[PATCH nftables] doc: clarify reject is supported at prerouting stage,
Quan Tian
[PATCH nft] doc: incorrect datatype description for icmpv6_type and icmpvx_code, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: bail out if stateful expression provides no .clone, Pablo Neira Ayuso
[PATCH nf-next] netfilter: nf_tables: validate .maxattr at expression registration, Pablo Neira Ayuso
[PATCH nft] tests: shell: extend coverage for netdevice removal, Pablo Neira Ayuso
[PATCH bpf-next v3 0/3] Annotate kfuncs in .BTF_ids section,
Daniel Xu
[PATCH nft] tests: shell: prefer project nft to system-wide nft, Florian Westphal
[PATCH bpf-next v2 0/3] Annotate kfuncs in .BTF_ids section,
Daniel Xu
[PATCH nf-next] netfilter: nf_tables: pass flags to set backend selection routine, Pablo Neira Ayuso
[PATCH nf] netfilter: nf_tables: reject invalid set policy, Pablo Neira Ayuso
[PATCH libnetfilter_queue] include: pktbuff.h needs stdbool.h, Duncan Roe
[PATCH bpf-next 0/2] Annotate kfuncs in .BTF_ids section,
Daniel Xu
[syzbot] Monthly netfilter report (Jan 2024), syzbot
[PATCH libnftnl] object: define nftnl_obj_unset(),
Pablo Neira Ayuso
[PATCH nf] netfilter: nft_immediate: drop chain reference counter on error, Pablo Neira Ayuso
[RFC nf-next v5 0/2] netfilter: bpf: support prog update,
D. Wythe
Re: GUI Frontend for iptables and nftables Linux firewalls,
Phil Sutter
[PATCH RFC libnetfilter_queue 0/1] libnfnetlink dependency elimination,
Duncan Roe
feature request: list elements of table for scripting,
Han Boetes
[RFC nf-next v4 0/2] netfilter: bpf: support prog update,
D. Wythe
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
