Anatole Denis (7): evaluate: Add set to cache only when well-formed tests: Add regression test for malformed sets Revert "evaluate: check for NULL datatype in rhs in lookup expr" src: Interpret OP_NEQ against a set as OP_LOOKUP tests/py: Unmask negative set lookup rule: Introduce helper function cache_flush evaluate: Update cache on flush ruleset Anders K. Pedersen (4): rt: introduce routing expression Replace tests/files/expr-rt with Python based tests, and replace ether type with meta nfproto, which generates a bit fewer instructions. evaluate: Allow concatenation of rt nexthop etc. doc: fix synopsis for ct expression Arturo Borrero (3): tests: shell: delete unused variable in run-tests.sh tests: shell: cleanup tempfile handling in testcases/sets/cache_handling_0 tests: shell: run-tests.sh: use src/nft binary by default Arturo Borrero Gonzalez (12): tests: shell: update kernel modules to clean xt: update Arturo Borrero Gonzalez email address tests: shell: delete useless stderr output in testcase tests: shell: introduce the cache testcases directory tests: shell: add a new testcase for ruleset loading bug tests: shell: add testcases for comments in set elements tests: shell: allow to execute a single testcase tests: shell: testcase for adding many set elements tests: shell: testcase for deleting many set elements tests: shell: another testcase for deleting many set elements tests: shell: add a testcase for many defines tests: shell: add testcase for different defines usage Carlos Falgueras GarcĂ­a (1): src: Simplify parser rule_spec tree Elise Lennion (4): datatype: Replace getnameinfo() by internal lookup table datatype: Display pre-defined inet_service values in host byte order datatype: Display pre-defined inet_service values in decimal base expression: Show the base which pre-defined constants are displayed Florian Westphal (30): payload: don't update protocol context if we can't find a description meta: add random support meta: add tests for meta random ct: use nftables sysconf location for connlabel configuration tests: add basic payload tests tests: add ether payload set test netlink: add __binop_adjust helper payload: print base and raw values for unknown payloads evaluate: add small helper to check if payload expr needs binop adjustment evaluate: add support to set IPv6 non-byte header fields netlink: decode payload statment tests: ip6 dscp, flowlabel and ecn test cases netlink: make checksum fixup work with odd-sized header fields tests: ip payload set support for ecn and dscp ct: allow numeric conntrack labels ct: display bit number instead of raw value doc: update meta expression doc: payload and conntrack statement datatype: ll: use big endian byte ordering tests: catch ordering issue w. ether set payload: remove byteorder conversion meta: permit numeric interface type netlink: fix monitor trace crash with netdev family meta: fix pkttype name and add 'other' symbol utils: provide snprintf helper macro ct: allow resolving ct keys at run time meta: allow resolving meta keys at run time src: add fib expression Revert "tests: py: nft-tests.py: Add function for loading and removing kernel modules" bison: remove old log level tokens Jon Jensen (1): Correct description of -n/--numeric option Laura Garcia Liebana (5): doc: Update datatypes src: add offset attribute for numgen expression netlink: fix linearize numgen type src: make hash seed attribute optional src: add offset attribute for hash expression Liping Zhang (14): tests: shell: make testcases which using tcp/udp port more rubost tests: shell: add endless jump loop tests parser_bison: keep snat/dnat existing syntax unchanged tests: shell: add testcase for reject expr meta: fix memory leak in tc classid parser tests: py: replace "eth0" with "lo" in dup expr tests src: fix compile error due to _UNTIL renamed to _MODULUS in libnftnl tests: py: add more test cases for queue expr tests: py: fix numgen case failed due to changes in libnftnl src: support ct l3proto/protocol without direction syntax ct: fix "ct l3proto/protocol" syntax broken log: rename the log level "warning" to "warn" src: add log flags syntax support tests: shell: add test case for inserting element into verdict map Manuel Johannes Messner (3): tests: py: nft-tests.py: Add function for loading and removing kernel modules tests: py: any: Make tests more generic by using other interfaces tests: py: any: Remove duplicate tests Nicholas Vinson (1): nft: configure.ac: Replace magic dblatex dep. Pablo Neira (2): src: expose delinearize/linearize structures and stmt_error() src: trigger layer 4 checksum when pseudoheader fields are modified Pablo Neira Ayuso (71): src: use new definitions from libnftnl segtree: don't check for overlaps if set definition is empty tests: shell: cover transactions via nft -f using flat syntax datatype: time_type should send milliseconds to userspace parser_bison: restore parsing of dynamic set element updates netlink_linearize: skip NFTNL_EXPR_DYNSET_TIMEOUT attribute if timeout is unset include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h src: add xt compat support parser_bison: fix typo in symbol redefinition error reporting tests: shell: make sure split table definition works via nft -f xt: use struct xt_xlate_{mt,tg}_params parser_bison: keep map flag around when flags are specified scanner: honor absolute and relative paths via include file scanner: don't fall back on current directory if include is not found scanner: don't break line on include error message tests: tests to include files ct: add missing slash to connlabel path ct: release ct_label table on exit src: quote user-defined strings when used from rule selectors src: add 'to' for snat and dnat src: support for RFC2732 IPv6 address format with brackets parser_bison: missing token string in QUOTED_ASTERISK and ASTERISK_STRING scanner: allow strings starting by underscores and dots scanner: remove range expression src: rename datatype name from tc_handle to classid src: simplify classid printing using %x instead of %04x src: meta priority support using tc classid parser_bison: redirect to :port for consistency with nat/masq statement parser_bison: explicit indication on export ruleset src: add create set command tests: shell: cover add and create set command src: create element command tests: shell: cover add and create set command include: refresh uapi/linux/netfilter/nf_tables.h copy tests: py: adapt it to new add element command semantics src: add quota statement src: add numgen expression src: add hash expression evaluate: add expr_evaluate_integer() evaluate: validate maximum hash and numgen value parser_bison: add variable_expr rule parser_bison: allow variable references in set elements definition tests: py: adapt netlink bytecode output of numgen and hash evaluate: display expression, statement and command name on debug netlink_delinearize: Avoid potential null pointer deref doc: nft: add my copyright statement to the manpage doc: nft: document log, reject, counter, meta, limit, nat and queue statements src: use new range expression for != [a,b] intervals parser_bison: allow to use variable to add/create/delete elements src: don't need keyword for log level parser: add offset keyword and parser rule tests/py: add missing payload test for numgen offset netlink_linearize: skip set element expression in flow table key segtree: keep element comments in set intervals tests: py: add some testcases for log flags tests: py: missing range conversion in icmpv6 src: add notrack support mnl: use nftnl_set_elems_nlmsg_build_payload_iter() when deleting elements include: refresh nf_tables.h header datatype: honor -nn option from inet_service_type_print() evaluate: return ctx->table from table_lookup_global() src: add support to flush sets segtree: wrong prefix expression length on interval_map_decompose() segtree: don't trigger error on exact overlaps mnl: don't send empty set elements netlink message to kernel tests: py: update quota and payload netlink_linearize: fix IPv6 layer 4 checksum mangling mnl: add mnl_nft_setelem_batch_flush() and use it from netlink_flush_setelems() xt: use NFTNL_* definitions configure: Bump version to v0.7 include: Missing noinst_HEADERS updates Phil Sutter (5): evaluate: Fix datalen checks in expr_evaluate_string() evaluate: reject: Have a generic fix for missing network context evaluate: Avoid undefined behaviour in concat_subtype_id() parser_bison: Allow parens on RHS of relational_expr tests: py: Test TCP flags match with parentheses