Netfilter Development

Show patches with: State = Action Required | Archived = No | 84 patches

Patch	Series	A/F/R/T	S/W/F	Date	Submitter	Delegate	State
[net,8/8] netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 1 -	---	2026-04-20	Pablo Neira Ayuso		New
[net,7/8] netfilter: nfnetlink_osf: fix out-of-bounds read on option matching	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 1 -	---	2026-04-20	Pablo Neira Ayuso		New
[net,6/8] ipvs: fix MTU check for GSO packets in tunnel mode	[net,1/8] netfilter: nft_osf: restrict it to ipv4	1 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[net,5/8] netfilter: nat: use kfree_rcu to release ops	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[net,4/8] netfilter: xtables: restrict several matches to inet family	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[net,3/8] netfilter: conntrack: remove sprintf usage	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[net,2/8] netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO	[net,1/8] netfilter: nft_osf: restrict it to ipv4	- 1 1 -	---	2026-04-20	Pablo Neira Ayuso		New
[net,1/8] netfilter: nft_osf: restrict it to ipv4	[net,1/8] netfilter: nft_osf: restrict it to ipv4	1 1 1 -	---	2026-04-20	Pablo Neira Ayuso		New
[net,0/8] Netfilter/IPVS fixes for net		- - - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v2] netfilter: nft_compat: run checkentry() from .validate	[nf,v2] netfilter: nft_compat: run checkentry() from .validate	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v3] netfilter: arp_tables: fix IEEE1394 ARP payload parsing	[nf,v3] netfilter: arp_tables: fix IEEE1394 ARP payload parsing	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v8,4/4] netfilter: nf_tables: add hook transactions for device deletions	[nf,v8,1/4] netfilter: nf_tables: use list_del_rcu for netlink hooks	- 2 - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v8,3/4] netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase	[nf,v8,1/4] netfilter: nf_tables: use list_del_rcu for netlink hooks	- 2 - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v8,2/4] rculist: add list_splice_rcu() for private lists	[nf,v8,1/4] netfilter: nf_tables: use list_del_rcu for netlink hooks	- - 1 -	---	2026-04-20	Pablo Neira Ayuso		New
[nf,v8,1/4] netfilter: nf_tables: use list_del_rcu for netlink hooks	[nf,v8,1/4] netfilter: nf_tables: use list_del_rcu for netlink hooks	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[nf] netfilter: nft_compat: run checkentry() from .validate	[nf] netfilter: nft_compat: run checkentry() from .validate	- 1 - -	---	2026-04-20	Pablo Neira Ayuso		New
[net] ipvs: fix races around est_mutex and est_cpulist	[net] ipvs: fix races around est_mutex and est_cpulist	- 1 - -	---	2026-04-20	Julian Anastasov		New
[libnftnl,v3] expr: add support to math expression	[libnftnl,v3] expr: add support to math expression	- - - -	---	2026-04-20	Fernando Fernandez Mancera		New
[nf-next,v4] netfilter: nf_tables: add math expression support	[nf-next,v4] netfilter: nf_tables: add math expression support	- - - -	---	2026-04-20	Fernando Fernandez Mancera		New
[PATCHv2,net,3/3] ipvs: fix the spin_lock usage for RT build	IPVS: fixes after the new hash tables	- 1 - -	---	2026-04-20	Julian Anastasov		New
[PATCHv2,net,2/3] ipvs: fix races around the conn_lfactor and svc_lfactor sysctl vars	IPVS: fixes after the new hash tables	- - - -	---	2026-04-20	Julian Anastasov		New
[PATCHv2,net,1/3] ipvs: fixes for the new ip_vs_status info	IPVS: fixes after the new hash tables	- - - -	---	2026-04-20	Julian Anastasov		New
[RFC,nf-next] netfilter: flowtable_offload: propagate CT mark to hardware offload path	[RFC,nf-next] netfilter: flowtable_offload: propagate CT mark to hardware offload path	- - - -	---	2026-04-20	Lorenzo Bianconi		New
[2/2,nf,v2] netfilter: xtables: fix L4 header parsing for non-first fragments	[1/2,nf,v2] netfilter: nf_tables: skip L4 header parsing for non-first fragments	- 1 - -	---	2026-04-20	Fernando Fernandez Mancera		New
[1/2,nf,v2] netfilter: nf_tables: skip L4 header parsing for non-first fragments	[1/2,nf,v2] netfilter: nf_tables: skip L4 header parsing for non-first fragments	- 4 - -	---	2026-04-20	Fernando Fernandez Mancera		New
[nft] json: output set/map element count	[nft] json: output set/map element count	- - - -	---	2026-04-19	Niklas Fiekas		New
[iptables] tests: shell: add test case for checkentry hook validations	[iptables] tests: shell: add test case for checkentry hook validations	- - - -	---	2026-04-19	Florian Westphal		New
[nf] netfilter: x_tables: add late validate callback for nft_compat sake	[nf] netfilter: x_tables: add late validate callback for nft_compat sake	- 1 - -	---	2026-04-19	Florian Westphal		New
[net,v2] selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test	[net,v2] selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test	1 - - -	---	2026-04-18	Yi Chen		New
[nf] netfilter: xt_TCPMSS: check skb_dst before path-MTU clamping	[nf] netfilter: xt_TCPMSS: check skb_dst before path-MTU clamping	- 1 - -	---	2026-04-18	Weiming Shi		Under Review
[nf,v2] netfilter: arp_tables: fix IEEE1394 ARP payload mangling	[nf,v2] netfilter: arp_tables: fix IEEE1394 ARP payload mangling	- 1 - -	---	2026-04-18	Florian Westphal		New
[2/2,nf] netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check	[1/2,nf] netfilter: nfnetlink_osf: fix out-of-bounds read on option matching	- 1 1 -	---	2026-04-17	Fernando Fernandez Mancera		New
[1/2,nf] netfilter: nfnetlink_osf: fix out-of-bounds read on option matching	[1/2,nf] netfilter: nfnetlink_osf: fix out-of-bounds read on option matching	- 1 1 -	---	2026-04-17	Fernando Fernandez Mancera		New
[nf,1/1] netfilter: xt_policy: fix strict mode inbound policy matching	[nf,1/1] netfilter: xt_policy: fix strict mode inbound policy matching	1 1 - -	---	2026-04-17	Ren Wei		New
[nf,v3] netfilter: nat: use kfree_rcu to release ops	[nf,v3] netfilter: nat: use kfree_rcu to release ops	- 1 - -	---	2026-04-17	Pablo Neira Ayuso		New
[nf] netfilter: nf_tables: use list_del_rcu for netlink hooks	[nf] netfilter: nf_tables: use list_del_rcu for netlink hooks	- 1 - -	---	2026-04-15	Florian Westphal		New
[nf,v2] netfilter: nat: use kfree_rcu to release ops	[nf,v2] netfilter: nat: use kfree_rcu to release ops	- 1 - -	---	2026-04-15	Pablo Neira Ayuso		New
[net,v4] ipvs: fix MTU check for GSO packets in tunnel mode	[net,v4] ipvs: fix MTU check for GSO packets in tunnel mode	1 1 - -	---	2026-04-15	Yingnan Zhang		New
[nf,v2] netfilter: xtables: restrict several matches to inet family	[nf,v2] netfilter: xtables: restrict several matches to inet family	- 1 - -	---	2026-04-15	Pablo Neira Ayuso		New
[nf-next] netfilter: allow nfnetlink built-in only	[nf-next] netfilter: allow nfnetlink built-in only	- - 1 -	---	2026-04-15	Pablo Neira Ayuso		New
[nf,v2] netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO	[nf,v2] netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO	- 1 1 -	---	2026-04-14	Xiang Mei		New
[nf,2/2] netfilter: nf_conntrack_sip: don't use strtoul_simple	[nf,1/2] netfilter: conntrack: remove sprintf usage	- - - -	---	2026-04-14	Florian Westphal		New
[nf,1/2] netfilter: conntrack: remove sprintf usage	[nf,1/2] netfilter: conntrack: remove sprintf usage	- 1 - -	---	2026-04-14	Florian Westphal		New
netfilter module-autoload: duplicate request for netfilter module	netfilter module-autoload: duplicate request for netfilter module	- - - -	---	2026-04-14	Zhe Zhao		New
[v2,nf] netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()	[v2,nf] netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()	- 2 - -	---	2026-04-14	Eric Woudstra		New
[nf] netfilter: nft_osf: restrict it to ipv6	[nf] netfilter: nft_osf: restrict it to ipv6	1 1 1 -	---	2026-04-14	Pablo Neira Ayuso		New
[nf,3/3] netfilter: nf_tables: add hook transactions for device deletions	[nf,1/3] rculist: add list_splice_rcu() for private lists	- 2 - -	---	2026-04-13	Pablo Neira Ayuso		New
[nf,2/3] netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase	[nf,1/3] rculist: add list_splice_rcu() for private lists	- 2 - -	---	2026-04-13	Pablo Neira Ayuso		New
[nf,1/3] rculist: add list_splice_rcu() for private lists	[nf,1/3] rculist: add list_splice_rcu() for private lists	- - - -	---	2026-04-13	Pablo Neira Ayuso		New
netfilter: nfnetlink_cthelper: fix expect policy update copying only first class values to all clas…	netfilter: nfnetlink_cthelper: fix expect policy update copying only first class values to all clas…	- 1 - -	---	2026-04-13	Dudu Lu		New
[nf-next,v2] netfilter: nft_set_rbtree: remove dead conditional	[nf-next,v2] netfilter: nft_set_rbtree: remove dead conditional	- - - -	---	2026-04-11	Florian Westphal		New
netfilter: nfnl_cthelper: apply per-class values when updating policies	netfilter: nfnl_cthelper: apply per-class values when updating policies	- 1 - -	---	2026-04-11	David Carlier		New
[v2,nf-next] netfilter: nft_set_pipapo_avx2: restore performance optimization	[v2,nf-next] netfilter: nft_set_pipapo_avx2: restore performance optimization	- - 1 -	---	2026-04-11	Florian Westphal		New
[2/2] netfilter: validate values parsed by try_number	[1/2] netfilter fix u16 overflow in get_port()	- - - -	---	2026-04-10	Cyber-JA		New
[1/2] netfilter fix u16 overflow in get_port()	[1/2] netfilter fix u16 overflow in get_port()	- - - -	---	2026-04-10	Cyber-JA		New
[RFC,net-next,4/4] net: ethernet: mtk_eth_soc: report INGRESS_L2 byte_type in flow stats	improve hw flow offload byte accounting	- - - -	---	2026-04-09	Daniel Golle		New
[RFC,net-next,3/4] nf_flow_table: convert hw byte counts and update sub-interface stats	improve hw flow offload byte accounting	- - - -	---	2026-04-09	Daniel Golle		New
[RFC,net-next,2/4] nf_flow_table: track sub-interface and bridge ifindex in flow tuple	improve hw flow offload byte accounting	- - - -	---	2026-04-09	Daniel Golle		New
[RFC,net-next,1/4] net: flow_offload: let drivers report byte counter semantics	improve hw flow offload byte accounting	- - - -	---	2026-04-09	Daniel Golle		New
[v2] netfilter: nft_fwd_netdev: use recursion counter in neigh egress path	[v2] netfilter: nft_fwd_netdev: use recursion counter in neigh egress path	- 1 - -	---	2026-04-09	Weiming Shi		Under Review
[nft,5/5] libnftables: support for several list and reset commands	support for several list and reset commands	- - - -	---	2026-04-08	Pablo Neira Ayuso		New
[nft,4/5] libnftables: use nft_eval_run_cmds() in nft_run_cmd_from_filename()	support for several list and reset commands	- - - -	---	2026-04-08	Pablo Neira Ayuso		New
[nft,3/5] libnftables: consolidate evaluation and netlink run	support for several list and reset commands	- - - -	---	2026-04-08	Pablo Neira Ayuso		New
[nft,2/5] libnftables: add nft_run_cmd_release() helper and use it	support for several list and reset commands	- - - -	---	2026-04-08	Pablo Neira Ayuso		New
[nft,2/2] parser_bison: Accept non-constant binop on LHS of relationals	A bit of non-constant binop follow-up	- - - -	---	2026-04-02	Phil Sutter		New
[nft,1/2] parser_json: Accept non-RHS expressions in binop RHS	A bit of non-constant binop follow-up	- 1 - -	---	2026-04-02	Phil Sutter		New
selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test	selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test	- - - -	---	2026-03-30	Yi Chen		New
[nf-next,v2,2/2] net: dsa: update net_device stats with HW offloaded flows stats	Update (DSA) netdev stats with offloaded flows	- - - -	---	2026-03-24	Ahmed Zaki		Needs Review / ACK
[nf-next,v2,1/2] netfilter: flowtable: update netdev stats with HW_OFFLOAD flows	Update (DSA) netdev stats with offloaded flows	- - - -	---	2026-03-24	Ahmed Zaki		Needs Review / ACK
[nf-next,v2] netfilter: nfnetlink_hook: Dump nat type chains	[nf-next,v2] netfilter: nfnetlink_hook: Dump nat type chains	- - - -	---	2026-03-20	Phil Sutter		Under Review
[v12,nf-next] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW	[v12,nf-next] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW	- - - -	---	2026-03-17	Eric Woudstra		Needs Review / ACK
[v12,nf-next] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info()	[v12,nf-next] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info()	- - 1 -	---	2026-03-17	Eric Woudstra		Needs Review / ACK
[v2] netfilter: nf_conntrack_sip: add bounds-checked port parsing helper	[v2] netfilter: nf_conntrack_sip: add bounds-checked port parsing helper	- 1 - 1	---	2026-03-13	Guanni Qu		Under Review
netfilter: ipset: harden payload calculation in call_ad()	netfilter: ipset: harden payload calculation in call_ad()	1 - - -	---	2026-03-13	David Baum	kadlec	Under Review
[nft] cache: Fix for multiple commands in a single batch	[nft] cache: Fix for multiple commands in a single batch	- 1 - -	---	2026-03-11	Phil Sutter		New
[nft] datatype: Accept IPv4 addresses for ip6addr_type	[nft] datatype: Accept IPv4 addresses for ip6addr_type	- - - -	---	2025-12-10	Phil Sutter		New
[nft,v2] src: Convert ip {s,d}addr to IPv4-mapped as needed	[nft,v2] src: Convert ip {s,d}addr to IPv4-mapped as needed	- - - -	---	2025-12-10	Phil Sutter		New
[nft,v3] src: add connlimit stateful object support	[nft,v3] src: add connlimit stateful object support	- - 1 -	---	2025-11-24	Fernando Fernandez Mancera		New
[libnftnl] src: add connlimit stateful object support	[libnftnl] src: add connlimit stateful object support	- - - -	---	2025-11-04	Fernando Fernandez Mancera		New
[libnftnl,v2] expr: add support to math expression	[libnftnl,v2] expr: add support to math expression	- - - -	---	2025-11-03	Fernando Fernandez Mancera		New
[V6] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl	[V6] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl	- - - -	---	2025-04-15	lvxiafei		Under Review
[nf] netfilter: conntrack: correct sequence on reinitialized TCP connection	[nf] netfilter: conntrack: correct sequence on reinitialized TCP connection	- 1 - -	---	2025-02-20	Pablo Neira Ayuso		New
[nftables] include: fix for musl with iptables v1.8.11	[nftables] include: fix for musl with iptables v1.8.11	- - - -	---	2024-12-19	Alyssa Ross		New
[nft] limit: Support arbitrary unit values	[nft] limit: Support arbitrary unit values	- - - -	---	2024-04-13	Phil Sutter		New