Hi! The Netfilter project proudly presents: libnftnl 1.0.7 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes the following list of updates: * New nftnl_rule_cmp() interface to compare rules. * Support for new kernel expressions: - Number Generator (a.k.a. numgen). - Routing (a.k.a. rt). - Range. - Inverted set lookups. - Inverted dynamic set updates (ie. rule mismatch on full sets). - Packet quota. - Hash. - Forward Information Base lookups (a.k.a. fib). - Reference to stateful objects (requires kernel 4.10-rc). - Notrack. * Allow to add userdata to sets. * Support for stateful objects, including quota and counter (requires kernel 4.10-rc). * Support for layer 4 pseudoheader fields checksum updates (requires kernel 4.10-rc). ... and fixes. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! -------------- next part -------------- Anders K. Pedersen (1): src: introduce rt expression Arturo Borrero (2): expr: lookup: give support for inverted matching src: remove libmxml support Arturo Borrero Gonzalez (1): src: update Arturo Borrero Gonzalez email Carlos Falgueras GarcĂa (19): src: Fix leak in nftnl_*_unset() chain: Check correct attribute src: fix missing error checking in parser functions set: Add new attribute into 'set' to store user data tests: Check set user data src: Fix missing nul-termination in nftnl_*_set_str() src: Fix nftnl_*_get_data() to return the real attribute length src: Constify iterators rule: Implement internal iterator for expressions tests: Add missing tests to test-script.sh expr: Fix lookup builder tests: Fix tests for immediate and lookup expressions tests: masq: Fix wrong expression creation utils: Fix out of bound access in nftnl_family2str expr: cmp: Use cmp2str() instead of directly access to array src: Implement rule comparison rule: Fix comparison between rules if number of expressions differ expr: data_reg: Fix DATA_CHAIN comparison expr: immediate: Fix verdict comparison Florian Westphal (1): expr: add fib expression Josue Alvarez (1): examples: nft-rule-get: selective rule dumping Laura Garcia Liebana (5): expr: add hash expression expr: add number generation expression expr: numgen: Rename until attribute by modulus expr: hash: Add offset to hash value expr: numgen: add number generation offset Liping Zhang (7): trace: use get_u32 to parse NFPROTO and POLICY attribute expr: queue: remove redundant NFTNL_EXPR_QUEUE_NUM set in json parse tests: queue: add missing NFTNL_EXPR_QUEUE_FLAGS compare test expr: queue: add NFTA_QUEUE_SREG_QNUM attr support expr: log: fix typo in nftnl_expr_log_export expr: log: do not print prefix if it is not set expr: log: complete log flags support Pablo Neira Ayuso (43): examples: nft-table-upd: don't use deprecated aliases expr: payload: don't use deprecated definition NFT_EXPR_PAYLOAD_SREG src: assert when setting unknown attributes src: return value on setters that internally allocate memory src: check for strdup() errors from setters and parsers expr: data_reg: get rid of leftover perror() calls src: simplify unsetters src: check for flags before releasing attributes tests: shuffle values that are injected chain: dynamically allocate name tests: stricter string attribute validation set_elem: fix return in several error paths of nftnl_set_elems_parse2() expr: lookup: print flags only if they are available src: don't set data_len to zero when returning pointers Revert "common: Avoid integer overflow in nftnl_batch_is_supported()" expr: add quota expression expr: numgen: use switch to handle numgen types from snprintf expr: numgen: add missing trailing whitespace expr: hash: missing trailing space and modulus in hexadecimal in snprintf expr: numgen: add missing nftnl_expr_ng_cmp() set: fix incorrect maximum set description attribute include: resync nf_tables.h cache copy src: display offset only if present in hash and numgen expressions src: add range expression set_elem: don't add NFTA_SET_ELEM_LIST_ELEMENTS attribute if set is empty src: add notrack expression expr: missing offset handling for snprintf() in hash and numgen include: refresh nf_tables.h cache copy expr: call expr->ops->snprintf only if defined examples: add nft-map-add examples: nft-set-add: update it to add a set that stores port numbers examples: nft-set-elem-add: add missing batch logic expr: payload: add NFTNL_EXPR_PAYLOAD_FLAGS set_elem: nftnl_set_elems_nlmsg_build_payload_iter() include: fetch stateful object updates for nf_tables.h cache copy src: support for stateful objects expr: add stateful object reference expression set: add NFTNL_SET_OBJ_TYPE attribute set_elem: add NFTNL_SET_ELEM_OBJREF attribute expr: objref: add support for stateful object maps quota: support for consumed bytes build: update LIBVERSION to prepare a new release include: Missing nf_log.h in Makefile Phil Sutter (7): set: prevent memleak in nftnl_jansson_parse_set_info() expr/ct: prevent array index overrun in ctkey2str() expr/limit: Drop unreachable code in limit_to_type() common: Avoid integer overflow in nftnl_batch_is_supported() src: Avoid returning uninitialized data ruleset: Initialize ctx.flags before calling nftnl_ruleset_ctx_set() utils: Don't return directly from SNPRINTF_BUFFER_SIZE