* [ANNOUNCE] libnftnl 1.0.7 release
@ 2016-12-19 22:57 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2016-12-19 22:57 UTC (permalink / raw)
To: netfilter-devel; +Cc: netfilter, netfilter-announce, lwn
[-- Attachment #1: Type: text/plain, Size: 1151 bytes --]
Hi!
The Netfilter project proudly presents:
libnftnl 1.0.7
libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem. The
library libnftnl has been previously known as libnftables. This library
is currently used by the nft command line tool.
This release includes the following list of updates:
* New nftnl_rule_cmp() interface to compare rules.
* Support for new kernel expressions:
- Number Generator (a.k.a. numgen).
- Routing (a.k.a. rt).
- Range.
- Inverted set lookups.
- Inverted dynamic set updates (ie. rule mismatch on full sets).
- Packet quota.
- Hash.
- Forward Information Base lookups (a.k.a. fib).
- Reference to stateful objects (requires kernel 4.10-rc).
- Notrack.
* Allow to add userdata to sets.
* Support for stateful objects, including quota and counter (requires
kernel 4.10-rc).
* Support for layer 4 pseudoheader fields checksum updates (requires
kernel 4.10-rc).
... and fixes.
You can download this library from:
http://www.netfilter.org/projects/libnftnl/downloads.html
ftp://ftp.netfilter.org/pub/libnftnl/
Thanks!
[-- Attachment #2: changes-libnftnl-1.0.7.txt --]
[-- Type: text/plain, Size: 4893 bytes --]
Anders K. Pedersen (1):
src: introduce rt expression
Arturo Borrero (2):
expr: lookup: give support for inverted matching
src: remove libmxml support
Arturo Borrero Gonzalez (1):
src: update Arturo Borrero Gonzalez email
Carlos Falgueras García (19):
src: Fix leak in nftnl_*_unset()
chain: Check correct attribute
src: fix missing error checking in parser functions
set: Add new attribute into 'set' to store user data
tests: Check set user data
src: Fix missing nul-termination in nftnl_*_set_str()
src: Fix nftnl_*_get_data() to return the real attribute length
src: Constify iterators
rule: Implement internal iterator for expressions
tests: Add missing tests to test-script.sh
expr: Fix lookup builder
tests: Fix tests for immediate and lookup expressions
tests: masq: Fix wrong expression creation
utils: Fix out of bound access in nftnl_family2str
expr: cmp: Use cmp2str() instead of directly access to array
src: Implement rule comparison
rule: Fix comparison between rules if number of expressions differ
expr: data_reg: Fix DATA_CHAIN comparison
expr: immediate: Fix verdict comparison
Florian Westphal (1):
expr: add fib expression
Josue Alvarez (1):
examples: nft-rule-get: selective rule dumping
Laura Garcia Liebana (5):
expr: add hash expression
expr: add number generation expression
expr: numgen: Rename until attribute by modulus
expr: hash: Add offset to hash value
expr: numgen: add number generation offset
Liping Zhang (7):
trace: use get_u32 to parse NFPROTO and POLICY attribute
expr: queue: remove redundant NFTNL_EXPR_QUEUE_NUM set in json parse
tests: queue: add missing NFTNL_EXPR_QUEUE_FLAGS compare test
expr: queue: add NFTA_QUEUE_SREG_QNUM attr support
expr: log: fix typo in nftnl_expr_log_export
expr: log: do not print prefix if it is not set
expr: log: complete log flags support
Pablo Neira Ayuso (43):
examples: nft-table-upd: don't use deprecated aliases
expr: payload: don't use deprecated definition NFT_EXPR_PAYLOAD_SREG
src: assert when setting unknown attributes
src: return value on setters that internally allocate memory
src: check for strdup() errors from setters and parsers
expr: data_reg: get rid of leftover perror() calls
src: simplify unsetters
src: check for flags before releasing attributes
tests: shuffle values that are injected
chain: dynamically allocate name
tests: stricter string attribute validation
set_elem: fix return in several error paths of nftnl_set_elems_parse2()
expr: lookup: print flags only if they are available
src: don't set data_len to zero when returning pointers
Revert "common: Avoid integer overflow in nftnl_batch_is_supported()"
expr: add quota expression
expr: numgen: use switch to handle numgen types from snprintf
expr: numgen: add missing trailing whitespace
expr: hash: missing trailing space and modulus in hexadecimal in snprintf
expr: numgen: add missing nftnl_expr_ng_cmp()
set: fix incorrect maximum set description attribute
include: resync nf_tables.h cache copy
src: display offset only if present in hash and numgen expressions
src: add range expression
set_elem: don't add NFTA_SET_ELEM_LIST_ELEMENTS attribute if set is empty
src: add notrack expression
expr: missing offset handling for snprintf() in hash and numgen
include: refresh nf_tables.h cache copy
expr: call expr->ops->snprintf only if defined
examples: add nft-map-add
examples: nft-set-add: update it to add a set that stores port numbers
examples: nft-set-elem-add: add missing batch logic
expr: payload: add NFTNL_EXPR_PAYLOAD_FLAGS
set_elem: nftnl_set_elems_nlmsg_build_payload_iter()
include: fetch stateful object updates for nf_tables.h cache copy
src: support for stateful objects
expr: add stateful object reference expression
set: add NFTNL_SET_OBJ_TYPE attribute
set_elem: add NFTNL_SET_ELEM_OBJREF attribute
expr: objref: add support for stateful object maps
quota: support for consumed bytes
build: update LIBVERSION to prepare a new release
include: Missing nf_log.h in Makefile
Phil Sutter (7):
set: prevent memleak in nftnl_jansson_parse_set_info()
expr/ct: prevent array index overrun in ctkey2str()
expr/limit: Drop unreachable code in limit_to_type()
common: Avoid integer overflow in nftnl_batch_is_supported()
src: Avoid returning uninitialized data
ruleset: Initialize ctx.flags before calling nftnl_ruleset_ctx_set()
utils: Don't return directly from SNPRINTF_BUFFER_SIZE
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-12-19 22:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-19 22:57 [ANNOUNCE] libnftnl 1.0.7 release Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.