Beginning of December '19 source development released
- nftables 0.9.3 [1]
- libnftnl 1.1.5 [2]
Since each provides fixes for existing functionality it would be appreciated if a developer could be obliged to sponsor a PR for Master and 19.07
changelog nftables
Ander Juaristi (4):
netfilter: support for element deletion
evaluate: New internal helper __expr_evaluate_range
meta: Introduce new conditions 'time', 'day' and 'hour'
tests: add meta time test casesChristian Göttsche (3):
statement: make secmark statements idempotent
src: add ability to set/get secmarks to/from connection
files: add example secmark configEric Garver (6):
cache: fix --echo with index/position
tests: shell: check that rule add with index works with echo
tests: shell: verify huge transaction returns expected number of rules
tests: shell: add huge JSON transaction
tests: shell: add huge transaction from firewalld
parser_json: fix crash on insert rule to bad referencesEric Jallot (10):
src: secmark: fix brace indentation and missing quotes in selctx output
src: parser_json: fix crash while restoring secmark object
src: obj: fix memleak in handle_free()
tests: shell: fix failed tests due to missing quotes
obj: fix memleak in parser_bison.y
flowtable: fix memleak in exit path
src: flowtable: add support for named flowtable listing
doc: fix missing family in plural forms list command.
src: flowtable: add support for delete command by handle
scanner: fix out-of-bound memory write in include_file()Fernando Fernandez Mancera (5):
netlink_delinearize: fix wrong conversion to "list" in ct mark
src: add synproxy stateful object support
json: fix type mismatch on "ct expect" json exporting
json: tests: fix typo in ct expectation json test
tests: add stateful object update operation testFlorian Westphal (6):
src: json: add support for element deletion
src: evaluate: catch invalid 'meta day' values in eval step
evaluate: flag fwd and queue statements as terminal
src: meter: avoid double-space in list ruleset output
tests: check we can use "dynamic" set for lookups
expression: extend 'nft describe' to allow listing data typesJeremy Sowden (11):
configure: remove unused AC_SUBST macros.
cli: remove unused declaration.
cli: add linenoise CLI implementation.
src: use-T
as the short option for--numeric-time
.
src: add --terse to suppress output of set elements.
doc: add missing output flag documentation.
main: add missingOPT_NUMERIC_PROTO
long option.
main: remove duplicate output flag assignment.
py: add missing output flags.
src: add and useset_is_meter
helper
doc: fix inconsistency in set statement documentation.Michal Rostecki (1):
mnl: Fix -Wimplicit-function-declaration warningsPablo Neira Ayuso (15):
tests: shell: use-after-free from abort path
mnl: fix --echo buffer size again
libnftables: use-after-free in exit path
mnl: do not cache sender buffer size
tests: shell: delete flowtable after flush chain
libnftables: memleak when list of commands is empty
segtree: always close interval in non-anonymous sets
datatype: display description for header field < 8 bits
src: define flowtable device compound as a list
src: restore --echo with anonymous sets
src: add multidevice support for netdev chain
tests: shell: set reference from variable definition
segtree: restore automerge
netlink: off-by-one write in netdev chain device array
build: Bump version to v0.9.3Phil Sutter (25):
parser_bison: Fix 'exists' keyword on Big Endian
mnl: Don't use nftnl_set_set()
monitor: Add missing newline to error message
tests/monitor: Fix for changed ct timeout format
rule: Fix for single line ct timeout printing
parser_json: Fix checking of parse_policy() return code
tproxy: Add missing error checking when parsing from netlink
main: Fix for misleading error with negative chain priority
Revert "main: Fix for misleading error with negative chain priority"
tests/py: Fix test script for Python3 tempfile
mnl: Replace use of untyped nftnl data setters
doc: Drop incorrect requirement for nft configs
libnftables: Store top_scope in struct nft_ctx
meta: Rewrite hour_type_print()
segtree: Check ranges when deleting elements
segtree: Fix get element for little endian ranges
cache: Reduce caching for get command
parser_bison: Avoid set references in odd places
files: Install sample scripts from files/examples
files: Drop shebangs from config files
scanner: Introduce numberstring
nft.8: Describe numgen expression
nft.8: Fix nat family spec position
tests/py: Set a fixed timezone in nft-test.py
segtree: Fix add and delete of element in same batchSergei Trofimovich (1):
nftables: don't crash in 'list ruleset' if policy is not setSven Auhagen (1):
mnl: remove artifical cap on 8 devices per flowtablewenxu (1):
meta: add ibrpvid and ibrvproto support
changelog libnftnl
Ander Juaristi (2):
expr: meta: Make NFT_META_TIME_{NS, DAY, HOUR} known
expr: meta: Make NFT_DYNSET_OP_DELETE knownEric Jallot (1):
flowtable: add support for handle attributeFernando Fernandez Mancera (1):
src: synproxy stateful object supportManuel Messner (1):
flowtable: Fix symbol export for clangPablo Neira Ayuso (4):
flowtable: device array dynamic allocation
chain: multi-device support
flowtable: remove NFTA_FLOWTABLE_SIZE
build: libnftnl 1.1.5 releasePhil Sutter (11):
set: Export nftnl_set_list_lookup_byname()
obj: ct_timeout: Check return code of mnl_attr_parse_nested()
set_elem: Fix return code of nftnl_set_elem_set()
obj/tunnel: Fix for undefined behaviour
set: Don't bypass checks in nftnl_set_set_u{32,64}()
obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data()
set_elem: Validate nftnl_set_elem_set() parameters
obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser
libnftnl.map: Export nftnl_{obj,flowtable}_set_data()
Deprecate untyped data setters
utils: Define __visible even if not supported by compiler
[1] https://netfilter.org/news.html#2019-12-02-d
[2] https://netfilter.org/news.html#2019-12-02