Alvaro Neira Ayuso (1): evaluate: clean up unused variables (pctx) Arturo Borrero (5): doc: add a reference to the wiki page in the man page rule: delete extra space in rule indentation tests: regression: consider policy in base chain rule: fix chain details align indentations monitor: fix missing space after chain name Eric Leblond (4): tests: regression: fix typo in README erec: fix buffer overflow erec: fix logic when reading from file payload: reorder case in a switch for consistency Florian Westphal (8): datatype: avoid crash in debug mode when printing integers tests: avoid more warnings tests: meta: use root for uid/gid checks tests: validate generated netlink instructions tests: add two test cases using binop w. payload tests: use the src/nft binary instead of $PATH one tests: add 'awkward' prefix match expression src: fix build with debug off Pablo Neira (1): netlink_delinearize: restore listing of host byteorder set elements Pablo Neira Ayuso (67): tests: regression: named sets work tests: regression: revisit chain tests payload: assert when accessing inner transport header evaluate: reject: fix dependency generation from nft -f build: use -Wno-sign-compare to avoid compilation warning in mini-gmp.c src: modify pr_debug() to use printf and introduce to pr_gmp_debug() meta: register pkttype_type datatype rule: fix object order via nft -f main: display errors through stderr src: expose table flags src: allow to specify the default policy for base chains evaluate: missing break; in str2hooknum() netlink: fix crash when adding new non-base chain tests: regression: masquerade is only allowed from postrouting tests: regression: fix bogus warnings in any/mark.t src: introduce netlink_init_error() src: restore interface to index cache mnl: use new libnftnl batch API netlink_delinearize: pass ctx pointer to stmt_reject_postprocess() netlink_delinearize: keep pointer to current statement from rule_pp_ctx netlink_delinearize: add payload_match_expand() netlink_delinearize: consolidate range printing tests: regression: reduce code duplication a bit on error reporting tests: regression: fix warnings related to range listing tests: regression: fix NAT tests Merge branch 'next-4.1' datatype: default to display bitmask in hexadecimal proto: use bitmask_type for comp flags tests: regression: ip6: reduce warning noise parser_bison: allow to use mark as datatype for maps and sets netlink: fix use-after-free netlink_events_cache_deltable() src: add netdev family support payload: fix transport matching with no network layer info in bridge family rule: missing family when listing of tables src: set chain->hookstr from delinearization rule: add do_list_tables() netlink: release table object via table_free() in netlink_get_table() configure: fix --enable-debug main: return error to shell on evaluation problems netlink_delinearize: meta l4proto range printing broken on 32bit src: restore nft list tables Merge branch 'next-4.2' src: add cache infrastructure and use it for table objects src: add cmd_evaluate_list() rule: add reference counter to the table object src: add table declaration to cache src: use cache infrastructure for set objects src: add set declaration to cache src: early allocation of the set ID rule: add chain reference counter src: use cache infrastructure for chain objects evaluate: add cmd_evaluate_rename() src: add chain declarations to cache src: use cache infrastructure for rule objects src: use cache infrastructure for set element objects src: get rid of EINTR handling for nft_netlink() evaluate: display error on unexisting chain when listing netlink: don't call netlink_dump_*() from listing functions with --debug=netlink tests: sets: don't include listing in payload tests tests: redirect: fix payload display tests: display error when trying to run tests out of the root directory netlink: flush stdout after each event in monitor mode mnl: rework netlink socket receive path for events evaluate: use existing table object from evaluation context tests: add concatenations and maps; combine them too src: use new symbols in libnftnl Bump version to v0.5 Patrick McHardy (57): datatype: generate name for concat types datatype: add new subtypes field to account number of concat data types datatype: add define for maximum number of bits and mask of datatype id utils: add fls() datatype: change concat_type_alloc() to construct type from id parser: alloc specifying concat types in set declarations eval: refactor NAT evaluation functions evaluate: add missing datatype compat checks for statement arguments netlink_delinearize: fix error handling for invalid registers netlink: fix memory leaks netlink: remove unnecessary temporary variable netlink: style fixes netlink: style fixes netlink: readability fixes netlink_delinearize: rename netlink_parse_*_sreg/dreg functions netlink_delinearize: cleanup hard to read code concat: add concat subtype lookup/id helpers netlink_delinearize: add register parsing helper function netlink_linearize: add register dumping helper function parser: properly fix handling of large integer values set: remove unused set_clone() function expr: fix crash when listing non-verdict mappings meta: don't print meta keyword for unqualified meta stmts evaluate: verify named map is actually a map evaluate: properly set datatype of map expression evaluate: check that map expressions' datatype matches mappings evaluate: use stmt_evaluate_arg() in all cases set_elem: convert flag value to inclusive-OR binops during delinearize nft-test: don't use colors if output is not a tty netlink: fix use after free in netlink_get_table() netlink_delinarize: fix payload dependency killing of link layer dependencies parser: remove duplicated grammar for chain policy datatype: fix parsing of time type datatype: less strict time parsing datatype: seperate time parsing/printing from time_type parser: add a time_spec rule parser: fix inconsistencies in set expression rules expr: add set_elem_expr as container for set element attributes set: add timeout support for sets setelem: add timeout support for set elements setelem: add support for attaching comments to set elements nftables: add set statemet netlink_linearize: fix range cmp instruction generation ct: add maximum helper length value netlink_delinearize: remove obsolete fixme Merge remote-tracking branch 'origin/master' into next-4.1 eval: prohibit variable sized types in concat expressions headers: sync headers for new register values netlink: pass expression to register allocation/release functions netlink_linearize: use NFT_REG32 values internally netlink_linearize: generate concat expressions netlink: pad constant concat sub-expressions netlink_delinearize: introduce register translation helper netlink_delinearize: handle relational and lookup concat expressions netlink: handle concat expressions in set data Merge remote-tracking branch 'origin/next-4.1' netlink_delinarize: fix merge conflict Steven Barth (4): parser: rename VERSION token to HDRVERSION datatype: use mpz_set_str instead of gmp_sscanf erec: use stdio vasprintf instead of gmp_vasprintf build: add --with-mini-gmp switch to disable linking libgmp