Arturo Borrero (27): tests/: rearrange tests directory tests/: add shell test-suite tests/shell: add maps tests cases tests/shell: add test case for cache bug tests/shell: add tests for handles and comments rule: don't list anonymous sets rule: delete extra space in sets printing tests/shell: add first `nft -f' tests tests/listing: add some listing tests tests/shell: unload modules between tests tests/shell/run-tests.sh: tune kernel cleanup tests/shell: add chain validations tests rule: don't print trailing statement whitespace tests/shell: add new testcases for commit/rollback tests/shell: add some tests for network namespaces evaluate: improve rule management checks test: shell: also unload NAT modules tests/shell: add testcases for Netfilter bug #965 tests/shell: delete tempfile failover in testcases tests: shell: add testcases for named sets with intervals tests: py: allow to run tests with other nft binaries dist: include tests/ directory and files in tarball evaluate: check for NULL datatype in rhs in lookup expr tests/shell: add testcase for 'nft -f' load with actions tests/shell: add testcase to catch segfault if invalid syntax was used tests/shell/run-tests.sh: execute tests in sorted order tests/shell/run-tests.sh: print hint about testcase being executed Arturo Borrero Gonzalez (1): rule: fix printing of rule comments Carlos Falgueras García (6): src: Add command "replace" for rules rule: Use libnftnl user data TLV infrastructure netlink_linearize: do not duplicate user data when linearizing user data set_elem: Use libnftnl/udata to store set element comment parser: Consolidate comment production parser: cap comment length to 128 bytes Florian Westphal (54): tests: don't depend on set element order nft: allow stacking vlan header on top of ethernet payload: disable payload merge if offsets are not on byte boundary. src: netlink_linearize: handle sub-byte lengths src: netlink: don't truncate set key lengths nft: fill in doff and fix ihl/version template entries netlink: cmp: shift rhs constant if lhs offset doesn't start on byte boundary tests: add tests for ip version/hdrlength/tcp doff nft: support listing expressions that use non-byte header fields tests: vlan tests vlan: make != tests work expression: provide clone operation for set element ops src: allow filtering on L2 header in inet family tests: add tests matching on ether saddr for inet, bridge, ip, ip6 rule: don't reorder protocol payload expressions when merging tests: add test cases for ethernet header matching tests: add inet test for ip/ether concatenation tests: regression: fix arp.t expected payload doc: update meta and ct expression keyword lists ct: add support for directional keys netlink: don't handle lhs zero-length expression as concat type netlink: only drop mask if it matches left known-size operand src: ct: make ct l3proto work tests: add ct tests for ip family nft: swap key and direction in ct_dir syntax ct: add packet/byte counter support netlink_linearize: use u64 conversion for 64bit quantities ct regression tests for bytes, packets tests: ct: remove BUG cases that work with current master doc: update ct expression netlink: move binop postprocess to extra function tests: add two map test cases netlink: do binop postprocessing also for map lookups netlink_delinearize: only remove protocol if equal cmp is used meta: fix error checks in tc handle parser examples: use current type names evaluate: reject set references in set elements evaluate: enforce ip6 proto with exthdr expression netlink: split generic part of netlink_gen_payload_mask into helper netlink: add and use netlink_gen_exthdr_mask payload: move payload_gen_dependency generic part to helper exthdr: generate dependencies for inet/bridge/netdev family tests: add/fix inet+exthdr tests exthdr: remove implicit dependencies exthdr: store offset for later use netlink_delinearize: prepare binop_postprocess for exthdr demux netlink_delinearize: handle extension header templates with odd sizes tests: frag: enable more tests netlink_delinearize: fix bogus offset w exthdr expressions nft-test: don't zap remainder of rule after handling a set netlink_delinarize: shift constant for ranges too tests: frag: enable more tests payload: only merge if adjacent and combined size fits into a register netlink_delinerize: don't use meta_match_postprocess for ct pp Laura Garcia Liebana (3): proto: Add router advertisement and solicitation icmp types doc: fix compression parameter index doc: fix old parameters and update datatypes Liping Zhang (4): evaluate: fix crash if we add an error format rule meta: fix endianness in priority meta: fix a format error display when we set priority to root or none parser: fix crash if we add a chain with an error chain type Magnus Öberg (1): build: include/mini-gmp.h is not included at "make dist" Pablo M. Bermudo Garay (16): tests: regression: homogenize indentation style tests: regression: allow to run tests from anywhere tests: add *.got files to .gitignore tests: remove useless logic tests: fix crash when rule test is malformed tests/py: remove unused variables tests/py: fix style tests/py: simplify use of globals tests/py: convert chains and tables to objects tests/py: modify supported test file syntax tests/py: update test files syntax rule: add 'list flow tables' support rule: add support for display flow tables content src: add 'list maps' support src: add support for display maps content evaluate: fix "list set" unexpected behaviour Pablo Neira Ayuso (96): src: add per-bytes limit src: add burst parameter to limit tests: limit: extend them to validate new bytes/second and burst parameters rule: filter out tables depending on family parser: show all tables via list tables with no family src: add dup statement support tests: add tests for dup rule: display table when listing sets src: add `list chains' command rule: display table when listing one set evaluate: check if set exists before listing it rule: `list sets' only displays declaration, not definition rule: rework list chain parser_bison: show all sets via list sets with no family evaluate: check if table and chain exists when adding rules netlink_linearize: factor out prefix generation evaluate: fix mapping evaluation src: add interface wildcard matching evaluate: fix string matching on big endian netlink_delinearize: fix use-after-free tests: vlan pcp and cfi are located in the first byte src: fix sub-byte protocol header definitions netlink_delinearize: postprocess expression before range merge netlink_delinearize: add previous statement to rule_pp_ctx src: add new netdev protocol description tests: py: check set value from selector and map parser: restrict relational rhs expression recursion parser: add redirect constant to rhs_expr rule parser: get rid of multiton_expr from lhs relational expression parser: rename multiton_expr to multiton_rhs_expr parser: restore bitwise operations from the rhs of relational expressions parser_bison: initializer_expr must use rhs_expr tests/py: don't test log statement from protocol match tests/py: test udp from ip and ip6 families tests/py: netdev family with ingress chain src: support limit rate over value src: add dup statement for netdev src: add fwd statement for netdev tests/py: test port ranges and maps for redirect evaluate: resolve_protocol_conflict() should return int evaluate: move inet/netdev protocol context supersede logic to supersede_dep() evaluate: check if we have to resolve a conflict in first place evaluate: don't adjust offset from resolve_protocol_conflict() evaluate: only try to replace dummy protocol from link-layer context evaluate: assert on invalid base in resolve_protocol_conflict() evaluate: wrap protocol context debunk into function evaluate: generate ether type payload after meta iiftype proto: proto_dev_type() returns interface type for base protocols too src: annotate follow up dependency just after killing another tests/py: test vlan on ingress netlink_delinearize: prune implicit binop before payload_match_postprocess() proto: use parameter-problem for icmpv6 type tests/py: extend masquerade to cover ports too rule: simplify ("rule: delete extra space in sets printing") parser: remove 'reset' as reserve keyword tests/py: enable tests for dccp types parser_bison: allow 'snat' and 'dnat' keywords from the right-hand side tests/py: add tests for router-advertisement and router-solicitation icmp types src: revisit cache population logic evaluate: use table_lookup_global() from expr_evaluate_symbol() parser_bison: simplify hook_spec rule parser_bison: duplicate string returned by chain_type_name_lookup() parser_bison: release parsed type and hook name strings src: store parser location for handle and position specifiers segtree: perform stricter expression type validation from expr_value() segtree: clone full expression from interval_map_decompose() segtree: handle adjacent interval nodes from expr_value_cmp() segtree: explicit initialization via set_to_intervals() rule: support for incremental set interval element updates segtree: special handling for the first non-matching segment evaluate: bail out on prefix or range to non-interval set segtree: set expr->len for prefix expression from interval_map_decompose() segtree: add expr_to_intervals() segtree: rename set expression set_to_segtree() segtree: add interval overlap detection for dynamic updates tests/py: add more interval tests for anonymous sets tests/py: explicitly indication of set type and flags from test definitions tests/py: add interval tests evaluate: transfer right shifts to range side evaluate: transfer right shifts to set reference side src: move payload sub-byte matching to the evaluation step evaluate: handle payload matching split in two bytes proto: update IPv6 flowlabel offset and length according to RFC2460 proto: remove priority field definition from IPv6 header src: add dscp support src: add ecn support tests/py: add missing netdev ip dscp payload tests tests/py: fix fragment-offset field tests/py: fix payload of dccp type in set elements netlink: several function constifications src: declare interval_map_decompose() from header file tests/py: update for changed set name in payload parser_bison: update flow table syntax include: constify nlexpr field in location structure tests/py: add tests for frag more-fragments and frag reserved2 Bump version to v0.6 Patrick McHardy (17): rule: move comment out of handle proto: add checksum key information to struct proto_desc payload: add payload statement proto: fix arpop symbol table endianess netlink: fix up indentation damage payload: fix stacked headers protocol context tracking nft: resync kernel header files payload: move payload depedency tracking to payload.c payload: add payload_is_stacked() proto: add protocol header fields filter and ordering for packet decoding nft monitor [ trace ] evaluate: transfer right shifts to constant side set: allow non-constant implicit set declarations set: explicitly supply name to implicit set declarations netlink_delinearize: support parsing statements not contained within a rule stmt: support generating stateful statements outside of rule context src: add flow statement Piyush Pangtey (3): doc: nft: Fixed a typo and added/changed punctuation nft: Modified punctuation used in nft's show_help rule: Remove memory leak Shivani Bhardwaj (5): src: datatype: Modify symbol table for icmpv6 packet types ip6: Add tests for icmpv6 packet types src: netlink_linearize: Fix bug for redirect target src: Add support for masquerade port selection src: evaluate: Show error for fanout without balance