Netfilter Development

Show patches with: State = Action Required | Archived = No | 84 patches

Patch	Series	A/F/R/T	S/W/F	Date	Submitter	Delegate	State
[nf,v2,2/2] netfilter: nft_socket: make cgroupsv2 matching work with namespaces	Untitled series #422862	- 1 - -	---	2024-09-07	Florian Westphal		New
[net,v1,1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n	[net,v1,1/1] netfilter: nf_reject: Fix build error when CONFIG_BRIDGE_NETFILTER=n	- 2 - -	---	2024-09-06	Andy Shevchenko		New
[net-next,16/16] netfilter: nf_tables: set element timeout update support	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,15/16] netfilter: nf_tables: zero timeout means element never times out	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,14/16] netfilter: nf_tables: consolidate timeout extension for elements	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,13/16] netfilter: nf_tables: annotate data-races around element expiration	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,12/16] netfilter: nft_dynset: annotate data-races around set timeout	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- 1 - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,11/16] netfilter: nf_tables: remove annotation to access set timeout while holding lock	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- 1 - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,10/16] netfilter: nf_tables: reject expiration higher than timeout	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- 1 - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,09/16] netfilter: nf_tables: reject element expiration with no timeout	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- 1 - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,08/16] netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- 1 - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,07/16] netfilter: nf_tables: Add missing Kernel doc	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - 1 -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,06/16] netfilter: nf_tables: Correct spelling in nf_tables.h	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,05/16] netfilter: nf_tables: drop unused 3rd argument from validate callback ops	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,04/16] netfilter: conntrack: Convert to use ERR_CAST()	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,03/16] netfilter: Use kmemdup_array instead of kmemdup for multiple allocation	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - 1 -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,02/16] netfilter: nft_counter: Use u64_stats_t for statistic.	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	[net-next,01/16] netfilter: ctnetlink: support CTA_FILTER for flush	- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net-next,00/16] Netfilter updates for net-next		- - - -	---	2024-09-05	Pablo Neira Ayuso		New
[net,v1,1/1] netfilter: conntrack: Guard possoble unused functions	[net,v1,1/1] netfilter: conntrack: Guard possoble unused functions	- 1 - -	---	2024-09-05	Andy Shevchenko		New
[nf,1/2] netfilter: nft_socket: fix sk refcount leaks	[nf,1/2] netfilter: nft_socket: fix sk refcount leaks	- 1 - -	---	2024-09-05	Florian Westphal		New
[net-next,v1] netlink: specs: nftables: allow decode of tailscale ruleset	[net-next,v1] netlink: specs: nftables: allow decode of tailscale ruleset	- - - -	---	2024-09-04	Donald Hunter		New
conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)	conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)	- - - -	---	2024-09-03	Ahelenia Ziemiańska		Under Review
[nft,v2] src: support for timeout never in elements	[nft,v2] src: support for timeout never in elements	- - - -	---	2024-09-02	Pablo Neira Ayuso		New
[v2,net-next] netlink: specs: nftables: allow decode of default firewalld ruleset	[v2,net-next] netlink: specs: nftables: allow decode of default firewalld ruleset	- - 1 -	---	2024-09-02	Florian Westphal		New
[1/1] asn: fix missing quiet checks in xt_asn_build	[1/1] asn: fix missing quiet checks in xt_asn_build	- - - -	---	2024-09-02	Philip Prindeville		New
ksleftest nfqueue race with dnat	ksleftest nfqueue race with dnat	- - - -	---	2024-09-01	Antonio Ojea		New
[nf-next,v4,2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable	netfilter: Make IP_NF_IPTABLES_LEGACY selectable	- - - -	---	2024-08-29	Breno Leitao		New
[nf-next,v4,1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable	netfilter: Make IP_NF_IPTABLES_LEGACY selectable	- - - -	---	2024-08-29	Breno Leitao		New
[v2,2/2] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c	netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c	- - 1 -	---	2024-08-29	Uros Bizjak		New
[v2,1/2] err.h: Add ERR_PTR_PCPU(), PTR_ERR_PCPU() and IS_ERR_PCPU() macros	netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c	- - - -	---	2024-08-29	Uros Bizjak		New
[iptables,RFC,8/8] nft: Support compat extensions in rule userdata	nft: Implement forward compat for future binaries	- - - -	---	2024-07-31	Phil Sutter		New
[iptables,7/8] nft: Introduce UDATA_TYPE_COMPAT_EXT	nft: Implement forward compat for future binaries	- - - -	---	2024-07-31	Phil Sutter		New
[iptables,6/8] nft: __add_{match,target}() can't fail	nft: Implement forward compat for future binaries	- - - -	---	2024-07-31	Phil Sutter		New
[iptables,5/8] nft: ruleparse: Introduce nft_parse_rule_expr()	nft: Implement forward compat for future binaries	- - - -	---	2024-07-31	Phil Sutter		New
netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs	netfilter: conntrack: tcp: do not lower timeout to CLOSE for in-window RSTs	- - - -	---	2024-07-05	yyxRoy		New
[nf-next] netfilter: nf_tables: missing objects with no memcg accounting	[nf-next] netfilter: nf_tables: missing objects with no memcg accounting	- 1 - -	---	2024-06-05	Pablo Neira Ayuso		New
[nf] netfilter: restore default behavior for nf_conntrack_events	[nf] netfilter: restore default behavior for nf_conntrack_events	- 1 - -	---	2024-06-04	Nicolas Dichtel		New
[v2,7/7] selftests: netfilter: Torture nftables netdev hooks	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,6/7] netfilter: nf_tables: Add notications for hook changes	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,5/7] netfilter: nf_tables: Correctly handle NETDEV_RENAME events	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,4/7] netfilter: nf_tables: Dynamic hook interface binding	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,3/7] netfilter: nf_tables: Report active interfaces to user space	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,2/7] netfilter: nf_tables: Relax hook interface binding	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[v2,1/7] netfilter: nf_tables: Store user-defined hook ifname	Dynamic hook interface binding	- - - -	---	2024-05-17	Phil Sutter		New
[libnetfilter_queue] Stop a memory leak in nfq_close	[libnetfilter_queue] Stop a memory leak in nfq_close	- 1 - -	---	2024-05-06	Duncan Roe		New
[nft] limit: Support arbitrary unit values	[nft] limit: Support arbitrary unit values	- - - -	---	2024-04-13	Phil Sutter		New
[nf,2/2] netfilter: flowtable: use UDP timeout after flow teardown	[nf,1/2] netfilter: flowtable: infer TCP state and timeout before flow teardown	- 1 - -	---	2024-03-20	Pablo Neira Ayuso		New
[nf,1/2] netfilter: flowtable: infer TCP state and timeout before flow teardown	[nf,1/2] netfilter: flowtable: infer TCP state and timeout before flow teardown	- 1 - -	---	2024-03-20	Pablo Neira Ayuso		New
[nf] netfilter: nf_tables: do not reject dormant flag update for table with owner	[nf] netfilter: nf_tables: do not reject dormant flag update for table with owner	- 1 - -	---	2024-03-15	Quan Tian		New
[nf] netfilter: nf_tables: fix consistent table updates being rejected	[nf] netfilter: nf_tables: fix consistent table updates being rejected	- 1 - -	---	2024-03-13	Quan Tian		New
[v3,nf-next,2/2] netfilter: nf_tables: support updating userdata for nft_table	[v3,nf-next,1/2] netfilter: nf_tables: use struct nlattr * to store userdata for nft_table	- - - -	---	2024-03-11	Quan Tian		New
[v3,nf-next,1/2] netfilter: nf_tables: use struct nlattr * to store userdata for nft_table	[v3,nf-next,1/2] netfilter: nf_tables: use struct nlattr * to store userdata for nft_table	- - - -	---	2024-03-11	Quan Tian		New
[nf-next] netfilter: nft_byteorder: remove multi-register support	[nf-next] netfilter: nft_byteorder: remove multi-register support	- 1 - -	---	2024-02-14	Florian Westphal		New
[v3,nft] support for afl++ (american fuzzy lop++) fuzzer	[v3,nft] support for afl++ (american fuzzy lop++) fuzzer	- - - -	---	2023-12-19	Florian Westphal		New
ulogd / JSON output / enhancement proposal	ulogd / JSON output / enhancement proposal	- - - -	---	2023-12-14	Gérald Colangelo		New
Bug in ulogd2 when destroying a stack that failed to start (with fix attached)	Bug in ulogd2 when destroying a stack that failed to start (with fix attached)	- - - -	---	2023-12-14	Gérald Colangelo		New
[libnetfilter_queue,1/1] src: add nfq_socket_sendto() - send config request and check response	src: add nfq_socket_sendto() - send config request and check response	- - - -	---	2023-12-11	Duncan Roe		New
[ulogd] log NAT events using IPFIX	[ulogd] log NAT events using IPFIX	- - - -	---	2023-12-10	Tomasz Pala		New
[nft,2/2,v2] tests/shell: have .json-nft dumps prettified to wrap lines	Untitled series #385629	- - - -	---	2023-12-07	Thomas Haller		New
[nft,v2,5/5] tests/unit: add unit tests for libnftables	add infrastructure for unit tests	- - - -	---	2023-11-05	Thomas Haller		New
[nft,v2,4/5] build: cleanup if-blocks for conditional compilation in "Makefile.am"	add infrastructure for unit tests	- - - -	---	2023-11-05	Thomas Haller		New
[nft,v2,3/5] build: add `make check-tree` to check consistency of source tree	add infrastructure for unit tests	- - - -	---	2023-11-05	Thomas Haller		New
[nft,v2,2/5] build: add `make check-build` to run `./tests/build/run-tests.sh`	add infrastructure for unit tests	- - - -	---	2023-11-05	Thomas Haller		New
[nft,v2,1/5] build: add basic "check-{local,more,all}" and "build-all" make targets	add infrastructure for unit tests	- - - -	---	2023-11-05	Thomas Haller		New
[nft,4/5] datatype: extend set_datatype_alloc() to change size	more various cleanups related to struct datatype	- - - -	---	2023-09-27	Thomas Haller		New
[nft,3/5] datatype: don't clone datatype in set_datatype_alloc() if byteorder already matches	more various cleanups related to struct datatype	- - - -	---	2023-09-27	Thomas Haller		New
[nft,2/5] datatype: don't clone static name/desc strings for datatype	more various cleanups related to struct datatype	- - - -	---	2023-09-27	Thomas Haller		New
[nft,v5,8/8] tests: add tests for binops with variable RHS operands	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,7/8] parser_json: allow RHS mark and payload expressions	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,6/8] evaluate: allow binop expressions with variable right-hand operands	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,5/8] evaluate: preserve existing binop properties	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,4/8] evaluate: prevent nested byte-order conversions	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,3/8] netlink_delinearize: add support for processing variable payload statement arguments	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,2/8] netlink_delinearize: refactor stmt_payload_binop_postprocess	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nft,v5,1/8] netlink: support (de)linearization of new bitwise boolean operations	Bitwise boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[libnftnl,v3,5/5] tests: bitwise: add tests for new boolean operations	bitwise: support for boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[libnftnl,v3,4/5] tests: bitwise: refactor shift tests	bitwise: support for boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[libnftnl,v3,3/5] expr: bitwise: add support for kernel space AND, OR and XOR operations	bitwise: support for boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[libnftnl,v3,2/5] expr: bitwise: rename some boolean operation functions	bitwise: support for boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[libnftnl,v3,1/5] include: add new bitwise boolean attributes to nf_tables.h	bitwise: support for boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nf-next,v4,2/2] netfilter: bitwise: add support for doing AND, OR and XOR directly	netfilter: bitwise: support boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nf-next,v4,1/2] netfilter: bitwise: rename some boolean operation functions	netfilter: bitwise: support boolean operations with variable RHS operands	- - - -	---	2023-05-28	Jeremy Sowden		Under Review
[nf-next,v2,3/3] selftests: netfilter: flowtable vlan filtering bridge support	[nf-next,v2,1/3] nf_flow_table_offload: offload the vlan encap in the flowtable	- - - -	---	2022-05-26	wenxu@chinatelecom.cn	pablo	Under Review