Netfilter Development

Show patches with: State = Action Required | 35 patches

Patch	Series	A/F/R/T	S/W/F	Date	Submitter	Delegate	State
[libnetfilter_conntrack] tests: add a wrapper for the filter test case	[libnetfilter_conntrack] tests: add a wrapper for the filter test case	- - - -	---	2026-03-09	Florian Westphal		New
[libnetfilter_conntrack] tests: test_api: expose return value and fix various bugs	[libnetfilter_conntrack] tests: test_api: expose return value and fix various bugs	- - - -	---	2026-03-09	Florian Westphal		New
[nft] tests: shell: add rbtree reload test case	[nft] tests: shell: add rbtree reload test case	- - - -	---	2026-03-09	Florian Westphal		New
netfilter: xtables: fix possible off-by-one when accessing TCP/DCCP options	netfilter: xtables: fix possible off-by-one when accessing TCP/DCCP options	- - - -	---	2026-03-08	Pablo Neira Ayuso		New
[nf,v2] netfilter: nft_set_rbtree: allocate same array size on updates	[nf,v2] netfilter: nft_set_rbtree: allocate same array size on updates	- 1 - -	---	2026-03-08	Pablo Neira Ayuso		New
[net] netfilter: nf_flow_table_offload: fix heap overflow in flow_action_entry_next()	[net] netfilter: nf_flow_table_offload: fix heap overflow in flow_action_entry_next()	- 1 - -	---	2026-03-07	Hyunwoo Kim		New
[net] netfilter: nf_conntrack_sctp: validate state value in nlattr_to_sctp()	[net] netfilter: nf_conntrack_sctp: validate state value in nlattr_to_sctp()	- 1 - -	---	2026-03-07	Hyunwoo Kim		New
[net] netfilter: ctnetlink: validate CTA_EXPECT_NAT_DIR to prevent OOB access	[net] netfilter: ctnetlink: validate CTA_EXPECT_NAT_DIR to prevent OOB access	- 1 - -	---	2026-03-07	Hyunwoo Kim		New
[nf,v2] netfilter: nft_set_rbtree: allocate same array size on updates	[nf,v2] netfilter: nft_set_rbtree: allocate same array size on updates	- 1 - -	---	2026-03-07	Pablo Neira Ayuso		New
[nft] datatype: Accept IPv4 addresses for ip6addr_type	[nft] datatype: Accept IPv4 addresses for ip6addr_type	- - - -	---	2025-12-10	Phil Sutter		New
[nft,v2] src: Convert ip {s,d}addr to IPv4-mapped as needed	[nft,v2] src: Convert ip {s,d}addr to IPv4-mapped as needed	- - - -	---	2025-12-10	Phil Sutter		New
Some common changes in ulogs: 1) Added debug log to indicate when stack is created. Helps to debug …	Some common changes in ulogs: 1) Added debug log to indicate when stack is created. Helps to debug …	- - - -	---	2025-11-30	Serhii Ivanov		New
Update nlog plufin to provide more information to other ones	Update nlog plufin to provide more information to other ones	- - - -	---	2025-11-30	Serhii Ivanov		New
Added netfilter output plugin with ability to write into pcap nflog packets	Added netfilter output plugin with ability to write into pcap nflog packets	- - - -	---	2025-11-30	Serhii Ivanov		New
[nft,v3] src: add connlimit stateful object support	[nft,v3] src: add connlimit stateful object support	- - 1 -	---	2025-11-24	Fernando Fernandez Mancera		New
[libnftnl] src: add connlimit stateful object support	[libnftnl] src: add connlimit stateful object support	- - - -	---	2025-11-04	Fernando Fernandez Mancera		New
[libnftnl,v2] expr: add support to math expression	[libnftnl,v2] expr: add support to math expression	- - - -	---	2025-11-03	Fernando Fernandez Mancera		New
[nf] netfilter: conntrack: correct sequence on reinitialized TCP connection	[nf] netfilter: conntrack: correct sequence on reinitialized TCP connection	- 1 - -	---	2025-02-20	Pablo Neira Ayuso		New
[nftables] include: fix for musl with iptables v1.8.11	[nftables] include: fix for musl with iptables v1.8.11	- - - -	---	2024-12-19	Alyssa Ross		New
[v4] net/bridge: Optimizing read-write locks in ebtables.c	[v4] net/bridge: Optimizing read-write locks in ebtables.c	- - - -	---	2024-09-25	yushengjin		New
[nft] limit: Support arbitrary unit values	[nft] limit: Support arbitrary unit values	- - - -	---	2024-04-13	Phil Sutter		New
netfilter: nf_tables: Fix typo in enum description	netfilter: nf_tables: Fix typo in enum description	- - - -	---	2026-03-09	Jelle van der Waa		Under Review
[v2] netfilter: guard option walkers against 1-byte tail reads	[v2] netfilter: guard option walkers against 1-byte tail reads	- 1 - -	---	2026-03-07	David Dull		Under Review
[net] netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path	[net] netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path	- 1 - -	---	2026-03-07	Hyunwoo Kim		Under Review
[net] netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()	[net] netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()	- 1 - -	---	2026-03-07	Hyunwoo Kim		Under Review
[net] netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()	[net] netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()	- 1 - -	---	2026-03-07	Hyunwoo Kim		Under Review
[net] netfilter: ctnetlink: fix use-after-free of exp->master in single expectation GET	[net] netfilter: ctnetlink: fix use-after-free of exp->master in single expectation GET	- 1 - -	---	2026-03-07	Hyunwoo Kim		Under Review
[net] netfilter: ctnetlink: fix use-after-free of exp->master in expectation dump	[net] netfilter: ctnetlink: fix use-after-free of exp->master in expectation dump	- 1 - -	---	2026-03-07	Hyunwoo Kim		Under Review
[v2] netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()	[v2] netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()	- 1 - -	---	2026-03-06	Jenny Guanni Qu		Under Review
[nf] netfilter: nf_tables: always walk all pending catchall elements	[nf] netfilter: nf_tables: always walk all pending catchall elements	- 1 - -	---	2026-03-05	Florian Westphal		Under Review
[nf] netfilter: nf_tables: Fix for duplicate device in netdev hooks	[nf] netfilter: nf_tables: Fix for duplicate device in netdev hooks	- 1 - 1	---	2026-03-05	Phil Sutter		Under Review
netfilter: use function typedefs for __rcu NAT helper hook pointers	netfilter: use function typedefs for __rcu NAT helper hook pointers	- - - -	---	2026-03-03	Sun Jian		Under Review
[v2,nf] netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()	[v2,nf] netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()	- 1 - -	---	2026-02-27	Eric Woudstra		Under Review
[ipset] tests: Fix for standalone calls to setlist_resize.sh	[ipset] tests: Fix for standalone calls to setlist_resize.sh	- 1 - -	---	2025-07-22	Phil Sutter	kadlec	Under Review
[V6] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl	[V6] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl	- - - -	---	2025-04-15	lvxiafei		Under Review