| Published | Title | Version | Author | Status |
|---|---|---|---|---|
| 2026-03-25 16:41 UTC | netfilter: nf_tables: reject requests exceeding NF_FLOW_RULE_ACTION_MAX actions | 1 | fw@strlen.de | finished in 4h19m0s |
| 2026-03-25 13:10 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h23m0s |
| 2026-03-24 20:40 UTC | Update (DSA) netdev stats with offloaded flows | 2 | anzaki@gmail.com | finished in 4h39m0s |
| 2026-03-24 15:18 UTC | ipvs: Fix incorrect use of HK_TYPE_KTHREAD housekeeping cpumask | 1 | longman@redhat.com | finished in 4h34m0s |
| 2026-03-23 19:41 UTC | include: fix NLA type comments for log attributes | 1 | roedlrudi@gmail.com | skipped |
| 2026-03-23 16:25 UTC | IPVS changes, part 4 of 4 - extras | 1 | ja@ssi.bg | finished in 4h37m0s |
| 2026-03-23 08:56 UTC | netfilter: osf: add deprecation notices | 1 | fw@strlen.de | finished in 4h29m0s |
| 2026-03-23 08:07 UTC | netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp | 1 | bestswngs@gmail.com | finished in 2h1m0s |
| 2026-03-20 15:19 UTC | netfilter: nfnetlink_hook: Dump nat type chains | 2 | phil@nwl.cc | finished in 4h26m0s |
| 2026-03-20 15:16 UTC | mnl: Fix ordering of hooks in 'list hooks' output | 1 | phil@nwl.cc | skipped |
| 2026-03-20 12:59 UTC | conntrack expectation fixes | 1 | pablo@netfilter.org |
finished
in 57m0s
[1 findings] |
| 2026-03-20 11:40 UTC | netfilter: ipset: Fix data race between add and list header | 1 | kadlec@netfilter.org | finished in 4h39m0s |
| 2026-03-20 08:43 UTC | examples: nft-rule-add: Fix compile on musl libc | 1 | awilcox@wilcox-tech.com | skipped |
| 2026-03-19 13:32 UTC | parser: Support table spec in 'list chains' command | 1 | phil@nwl.cc | skipped |
| 2026-03-19 13:32 UTC | segtree: Fix for variable-sized object may not be initialized | 1 | phil@nwl.cc | skipped |
| 2026-03-19 11:44 UTC | tunnel: check kernel does not provide too large geneve data | 1 | pablo@netfilter.org | skipped |
| 2026-03-19 09:38 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h11m0s |
| 2026-03-19 09:06 UTC | set{,_elem}: Drop nftnl_set{,_elem}_clone() | 1 | phil@nwl.cc | skipped |
| 2026-03-18 13:42 UTC | netfilter: nft_set_pipapo_avx2: remove redundant loop in lookup_slow | 1 | fw@strlen.de | finished in 4h27m0s |
| 2026-03-18 13:38 UTC | netfilter: nft_set_pipapo: increment data in one step | 1 | fw@strlen.de | finished in 4h14m0s |
| 2026-03-18 13:24 UTC | netfilter: nft_set_pipapo_avx2: don't return non-matching entry | 1 | fw@strlen.de | finished in 4h15m0s |
| 2026-03-18 02:56 UTC | src: Export nftnl_set_clone symbol | 1 | chlorodose@gmail.com | skipped |
| 2026-03-17 23:48 UTC | Update netdev stats with offloaded flows | 1 | anzaki@gmail.com | finished in 4h3m0s |
| 2026-03-17 17:59 UTC | netfilter: nf_tables: release flowtable after rcu grace period on error | 1 | pablo@netfilter.org | finished in 4h0m0s |
| 2026-03-17 14:00 UTC | ipvs: Move defense_work to system_dfl_long_wq | 1 | iluceno@suse.de |
finished
in 1h11m0s
[1 findings] |
| 2026-03-17 11:49 UTC | netfilter: bpf: defer hook memory release until rcu readers are done | 1 | fw@strlen.de | finished in 1h8m0s |
| 2026-03-17 11:03 UTC | bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign | 12 | ericwouds@gmail.com | finished in 4h23m0s |
| 2026-03-17 10:17 UTC | bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW | 12 | ericwouds@gmail.com | skipped |
| 2026-03-17 10:15 UTC | netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() | 12 | ericwouds@gmail.com | finished in 2h3m0s |
| 2026-03-16 08:14 UTC | netfilter: add more netlink-based policy range checks | 1 | fw@strlen.de | finished in 4h1m0s |
| 2026-03-15 17:06 UTC | netfilter: add missing kernel-doc parameters for nf_hook() | 2 | xaum.io@gmail.com | finished in 4h30m0s |
| 2026-03-15 07:44 UTC | hash: add fast paths for common key sizes and new fast hash functions | 1 | aaryan.bansal.dev@gmail.com | finished in 4h13m0s |
| 2026-03-13 20:13 UTC | netfilter: nf_nat_sip: validate exp->dir in nf_nat_sip_expected() | 1 | qguanni@gmail.com | finished in 1h52m0s |
| 2026-03-13 19:52 UTC | netfilter: nf_conntrack_sip: add bounds-checked port parsing helper | 2 | qguanni@gmail.com | finished in 1h0m0s |
| 2026-03-13 18:01 UTC | netfilter: ipset: harden payload calculation in call_ad() | 1 | davidbaum461@gmail.com | finished in 4h25m0s |
| 2026-03-13 15:32 UTC | netfilter: nfnetlink_hook: Dump nat type chains | 1 | phil@nwl.cc | finished in 4h14m0s |
| 2026-03-13 15:06 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h14m0s |
| 2026-03-13 10:44 UTC | Revert "tests: py: use `os.unshare` Python function" | 1 | phil@nwl.cc | skipped |
| 2026-03-12 22:31 UTC | netfilter: conntrack: expose gc_scan_interval_max via sysctl | 2 | panchamukhi@arista.com | finished in 4h12m0s |
| 2026-03-12 18:51 UTC | netfilter: nfnetlink_queue: prefer skb_mac_header helpers | 1 | fw@strlen.de | finished in 4h17m0s |
| 2026-03-12 18:05 UTC | netfilter: add deprecation warning for dccp support | 1 | fw@strlen.de | finished in 4h7m0s |
| 2026-03-12 17:56 UTC | netfilter: nf_conntrack_sip: remove net variable shadowing | 1 | fw@strlen.de | finished in 2h23m0s |
| 2026-03-12 17:55 UTC | netfilter: nf_conntrack_h323: remove unreliable debug code in decode_octstr | 1 | fw@strlen.de | finished in 1h15m0s |
| 2026-03-12 14:59 UTC | netfilter: xt_time: use unsigned int for monthday bit shift | 1 | qguanni@gmail.com | finished in 1h8m0s |
| 2026-03-12 14:55 UTC | netfilter: nf_conntrack_sip: fix OOB read in SIP URI port parsing | 1 | qguanni@gmail.com | finished in 58m0s |
| 2026-03-12 14:49 UTC | netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() | 1 | qguanni@gmail.com | finished in 2h2m0s |
| 2026-03-12 14:42 UTC | netfilter: ctnetlink: validate CTA_EXPECT_NAT_DIR value | 1 | qguanni@gmail.com | finished in 50m0s |
| 2026-03-12 12:48 UTC | netfilter: nft_ct: drop pending enqueued packets on removal | 1 | pablo@netfilter.org | finished in 4h19m0s |
| 2026-03-12 10:11 UTC | nf_tables: nft_dynset: fix possible stateful expression memleak in error path | 1 | pablo@netfilter.org | finished in 4h10m0s |
| 2026-03-12 01:14 UTC | netfilter: nft_set_rbtree: revisit array resize logic | 1 | pablo@netfilter.org | skipped |
| 2026-03-11 19:40 UTC | netfilter: conntrack: expose gc_scan_interval_max via sysctl | 1 | panchamukhi@arista.com | finished in 4h4m0s |
| 2026-03-11 19:33 UTC | cache: Fix for multiple commands in a single batch | 1 | phil@nwl.cc | skipped |
| 2026-03-11 17:52 UTC | parser_bison: add range check for synproxy wscale | 1 | fw@strlen.de | skipped |
| 2026-03-11 15:29 UTC | netfilter: revert nft_set_rbtree: validate open interval overlap | 1 | fw@strlen.de | finished in 4h1m0s |
| 2026-03-11 09:58 UTC | netfilter: nft_meta: add double-tagged vlan and pppoe support | 1 | pablo@netfilter.org | finished in 4h3m0s |
| 2026-03-10 23:11 UTC | Enhance cache filter for list commands | 1 | phil@nwl.cc | skipped |
| 2026-03-10 21:49 UTC | netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() | 1 | research@johannes-moeller.dev | finished in 1h32m0s |
| 2026-03-10 17:18 UTC | xtables-translate: Return non-zero if translation fails | 1 | phil@nwl.cc | skipped |
| 2026-03-10 14:39 UTC | netfilter: nf_flow_table_ip: reset mac header before vlan push | 1 | ericwouds@gmail.com | finished in 4h12m0s |
| 2026-03-10 13:28 UTC | netfilter: conntrack: add missing netlink policy validations | 1 | fw@strlen.de | finished in 4h18m0s |
| 2026-03-10 13:20 UTC | netfilter: updates for net | 2 | fw@strlen.de | finished in 4h6m0s |
| 2026-03-09 21:08 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h3m0s |
| 2026-03-09 20:29 UTC | netfilter: nf_tables: Fix typo in enum description | 1 | jelle@vdwaa.nl | finished in 1h3m0s |
| 2026-03-09 15:45 UTC | tests: add a wrapper for the filter test case | 1 | fw@strlen.de | finished in 54m0s |
| 2026-03-09 15:45 UTC | tests: test_api: expose return value and fix various bugs | 1 | fw@strlen.de | skipped |
| 2026-03-09 15:40 UTC | tests: shell: add rbtree reload test case | 1 | fw@strlen.de | finished in 58m0s |
| 2026-03-08 15:52 UTC | netfilter: guard option walkers against 1-byte tail reads | 3 | monderasdor@gmail.com | finished in 39m0s |
| 2026-03-08 11:25 UTC | netfilter: xtables: fix possible off-by-one when accessing TCP/DCCP options | 1 | pablo@netfilter.org | finished in 4h2m0s |
| 2026-03-07 18:45 UTC | netfilter: guard option walkers against 1-byte tail reads | 2 | monderasdor@gmail.com | finished in 41m0s |
| 2026-03-07 18:26 UTC | netfilter: guard option walkers against 1-byte tail reads | 1 | monderasdor@gmail.com | finished in 43m0s |
| 2026-03-07 17:24 UTC | netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path | 1 | imv4bel@gmail.com | finished in 3h58m0s |
| 2026-03-07 17:23 UTC | netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() | 1 | imv4bel@gmail.com | finished in 4h4m0s |
| 2026-03-07 17:23 UTC | netfilter: nf_flow_table_offload: fix heap overflow in flow_action_entry_next() | 1 | imv4bel@gmail.com | finished in 4h7m0s |
| 2026-03-07 17:22 UTC | netfilter: nf_conntrack_sctp: validate state value in nlattr_to_sctp() | 1 | imv4bel@gmail.com | finished in 4h13m0s |
| 2026-03-07 17:22 UTC | netfilter: ctnetlink: validate CTA_EXPECT_NAT_DIR to prevent OOB access | 1 | imv4bel@gmail.com | finished in 3h56m0s |
| 2026-03-07 17:21 UTC | netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() | 1 | imv4bel@gmail.com | finished in 3h59m0s |
| 2026-03-07 17:21 UTC | netfilter: ctnetlink: fix use-after-free of exp->master in single expectation GET | 1 | imv4bel@gmail.com | finished in 4h8m0s |
| 2026-03-07 17:20 UTC | netfilter: ctnetlink: fix use-after-free of exp->master in expectation dump | 1 | imv4bel@gmail.com | finished in 4h4m0s |
| 2026-03-06 19:12 UTC | netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() | 2 | qguanni@gmail.com | finished in 4h5m0s |
| 2026-03-06 12:36 UTC | netfilter: nft_set_rbtree: allocate same array size on updates | 1 | pablo@netfilter.org |
finished
in 4h6m0s
[1 findings] |
| 2026-03-06 08:08 UTC | netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() | 1 | qguanni@gmail.com | finished in 4h23m0s |
| 2026-03-05 21:17 UTC | netfilter: nf_tables: always walk all pending catchall elements | 1 | fw@strlen.de | finished in 3h54m0s |
| 2026-03-05 17:53 UTC | tests: py: use `os.unshare` Python function | 1 | jeremy@azazel.net | skipped |
| 2026-03-05 12:26 UTC | netfilter: updates for net | 2 | fw@strlen.de | finished in 4h3m0s |
| 2026-03-05 12:01 UTC | netfilter: nf_tables: Fix for duplicate device in netdev hooks | 1 | phil@nwl.cc | finished in 4h13m0s |
| 2026-03-05 11:15 UTC | include: linux: nf_tables.h: Sync with current kernel UAPI headers | 1 | phil@nwl.cc | skipped |
| 2026-03-05 00:47 UTC | net: Add SPDX ids to some source files | 1 | tim.bird@sony.com | finished in 4h11m0s |
| 2026-03-04 18:13 UTC | tests: iptables-test, xlate-test: use `os.unshare` Python function | 1 | jeremy@azazel.net | skipped |
| 2026-03-04 17:29 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h9m0s |
| 2026-03-04 11:49 UTC | netfilter: updates for net-next | 1 | fw@strlen.de | finished in 4h13m0s |
| 2026-03-04 05:36 UTC | netfilter: nft_set_pipapo: split gc in unlink and reclaim phase | 2 | fw@strlen.de | finished in 4h22m0s |
| 2026-03-03 19:57 UTC | doc/netlink: Expand nftables specification | 8 | one-d-wide@protonmail.com | finished in 1h5m0s |
| 2026-03-03 19:02 UTC | netfilter: nft_set_pipapo: fix UaF during gc walk | 1 | fw@strlen.de | finished in 4h21m0s |
| 2026-03-03 10:15 UTC | netfilter: use function typedefs for __rcu NAT helper hook pointers | 1 | sun.jian.kdev@gmail.com | finished in 1h39m0s |
| 2026-03-02 21:26 UTC | netfilter: nf_tables: fix use-after-free on ops->dev | 1 | koike@igalia.com | finished in 4h16m0s |
| 2026-03-02 16:05 UTC | rule: fix NULL pointer dereference in do_list_flowtable | 1 | ant.v.moryakov@gmail.com | skipped |
| 2026-02-27 16:29 UTC | netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push() | 2 | ericwouds@gmail.com | finished in 4h11m0s |
| 2026-02-26 20:22 UTC | netfilter: nfnetlink_queue: remove locking in nfqnl_get_sk_secctx | 1 | fw@strlen.de | finished in 4h35m0s |
| 2026-02-26 20:21 UTC | ipv6: switch nft_fib_ipv6 to fib6_lookup | 2 | fw@strlen.de | finished in 4h24m0s |
| 2026-02-26 19:50 UTC | IPVS changes, part 3 of 4 - per-net tables | 1 | ja@ssi.bg | finished in 4h9m0s |