From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Cc: netdev@vger.kernel.org, netfilter@vger.kernel.org,
netfilter-announce@lists.netfilter.org, lwn@lwn.net
Subject: [ANNOUNCE] nftables 0.8.3 release
Date: Sat, 3 Mar 2018 16:59:47 +0100 [thread overview]
Message-ID: <20180303155947.GG14238@breakpoint.cc> (raw)
[-- Attachment #1: Type: text/plain, Size: 1388 bytes --]
Hi!
The Netfilter project proudly presents:
nftables 0.8.3
This release includes a few fixes since last release plus following
enhancements:
- ifname_type, so its possible to match interface names via sets:
table inet t {
set s {
type ifname
elements = { "eth0",
"eth1" }
}
chain c {
iifname @s accept
oifname @s accept
}
}
- raw payload support to match headers that do not yet have
a more human-readable mnemonic. This also allows to match
udp and tcp port numbers in a single rule, because the raw
payload expression doesn't enforce a protocol dependency on
the network header. Example:
input meta l4proto {tcp, udp} @th,16,16 { dns, http }
matches both udp and tcp dport 53 and 80 in single rule.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/nftables/downloads.html#nftables-0.8.3
ftp://ftp.netfilter.org/pub/nftables/
To build the code, libnftnl 1.0.9 and libmnl >= 1.0.2 are required:
* http://netfilter.org/projects/libnftnl/index.html
* http://netfilter.org/projects/libmnl/index.html
Visit our wikipage for user documentation at:
* http://wiki.nftables.org
For the manpage reference, check man(8) nft.
In case of bugs and feature request, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
[-- Attachment #2: changelog-0.8.3.txt --]
[-- Type: text/plain, Size: 2652 bytes --]
Arturo Borrero Gonzalez (4):
nftables: rearrange files and examples
examples: add ct helper examples
files: add load balance example
meta: introduce datatype ifname_type
Baruch Siach (1):
src: fix build with older glibc
David Fabian (1):
Added undefine/redefine keywords
Duncan Roe (1):
doc/nft.xml: fix typo
Florian Westphal (16):
tests: enable sets test case 27
tests: add test case for sets updated from packet path
payload: don't decode past last valid template
include: fix build failure
tests: meta.t: fix test case for anonymous set automerge
payload: use integer_type when initializing a raw expression
payload: don't resolve expressions using the inet pseudoheader
src: make raw payloads work
doc: document raw protocol expression
tests: add raw payload test cases.
doc: mention meta l4proto and ipv6 nexthdr issue wrt. extension headers
doc: remove ipv6 address FIXME
doc: add example for rule add/delete
parser: use nf_key_proto
src: datatype: prefer sscanf, avoid strncpy
build: Bump version to v0.8.3
Harsha Sharma (2):
libnftables: don't crash when no commands are specified
src: Use snprintf() over strncpy()
Laura Garcia Liebana (1):
parser: support of maps with timeout
Pablo Neira Ayuso (11):
src: pass family to payload_dependency_kill()
payload: add payload_dependency_release() helper function
src: add payload_dependency_exists()
src: get rid of __payload_dependency_kill()
payload: add payload_may_dependency_kill()
netlink_delinearize: add meta_may_dependency_kill()
src: bail out when exporting ruleset with unsupported output
segtree: check for overlapping elements at insertion
tests: shell: regression test for bugzilla 1228
configure: misc updates
netlink: remove non-batching routines
Phil Sutter (10):
evaluate: Enable automerge feature for anonymous sets
Review switch statements for unmarked fall through cases
monitor: Make trace events respect output_fp
monitor: Make JSON/XML output respect output_fp
cli: Drop pointless check in cli_append_multiline()
erec: Avoid passing negative offset to fseek()
evaluate: Fix memleak in stmt_reject_gen_dependency()
hash: Fix potential null-pointer dereference in hash_expr_cmp()
netlink: Complain if setting O_NONBLOCK fails
netlink_delinearize: Fix resource leaks
Ville Skyttᅵ (2):
configure: Make missing docbook2man an error if man build requested
src: Spelling fixes
reply other threads:[~2018-03-03 15:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180303155947.GG14238@breakpoint.cc \
--to=fw@strlen.de \
--cc=lwn@lwn.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-announce@lists.netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).