Arushi Singhal (2): iptables: tests: shell: Add README iptables: tests: add test for iptables-save and iptables-restore Chenbo Feng (1): extensions: libxt_quota: Allow setting the remaining quota Eric Garver (1): nft: don't print rule counters unless verbose Florian Westphal (5): extensions: don't bother to build libebt/libarp extensions if nft backend was disabled tests: check iptables retval, not echo nft: decode meta l4proto xtables: avoid bogus 'is incompatible' warning configure: bump versions for 1.8.1 release Heena Sirwani (1): xtables: Fix for segfault when registering hashlimit extension Joel Goguen (1): iptables-restore: free the table lock when skipping a table Joseph C. Sible (1): doc: Improve layout of u32 instructions Pablo Neira Ayuso (6): extensions: add cgroup revision 2 extensions: cgroup: fix option parsing for v2 Revert "extensions: libxt_quota: Allow setting the remaining quota" libxtables: prefix exported new functions for etherdb lookups libxtables: expose new etherdb lookup function through libxtables API iptables-test: add -N option to exercise netns removal path Phil Sutter (123): xtables: Support nft suffix for arptables and ebtables xtables: fix crash if nft_rule_list_get() fails iptables: replace memset by c99-style initializers xtables: merge {ip,arp}tables_command_state structs xtables: simplify struct nft_xt_ctx xtables: introduce rule_to_cs/clear_cs callbacks xtables: Use new callbacks in nft_rule_print_save() xtables: arp: make rule_to_cs callback private xtables: get rid of nft_ipv{4,6}_print_header() xtables: merge nft_ipv{4,6}_parse_target() xtables: eliminate nft_ipv{4,6}_rule_find() xtables: get rid of nft_ipv{4,6}_save_counters() xtables: rename {print,save}_rule functions xtables: introduce save_chain callback xtables: pass format to nft_rule_save() xtables: parameter to add_argv() may be const xtables: introduce nft_init_eb() xtables: implement ebtables-{save,restore} xtables: Allocate rule cache just once xtables: Fix for nft_rule_flush() returning garbage xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs xtables: Fix compilation with NLDEBUG defined xtables: Use correct built-in chain count xtables: Fix program name in xtables_error() Consolidate DEBUGP macros xshared: Consolidate parse_counters() xshared: Consolidate argv construction routines ebtables: Fix for wrong program name in error messages ebtables: Fix match_list insertion ebtables: Print non-standard target parameters arptables: Fix memleaks in do_commandarp() arptables: Fix for trailing spaces in output arptables: Print policy only for base chains ebtables: Support --init-table command xtables: Fix symlinks/names for ebtables-{save, restore} arptables: Fix opcode printing in numeric output arptables: Fix jumps into user-defined chains xtables: Do not count rules as chain references xtables: Fix for no output on first iptables-nft invocation xtables: Print error when listing non-existent chains xtables: Reserve space for 'opt' column in ip6tables output xtables: Match verbose ip{,6}tables output with legacy xtables-restore: Improve user-defined chain detection xtables-restore: Make COMMIT support configurable ebtables-restore: Use xtables_restore_parse() ebtables: Review match/target lookup xtables: Implement arptables-{save,restore} tests: Add arptables-{save,restore} testcases tests: Add ebtables-{save,restore} testcases xtables: Fix potential segfault in nft_rule_append() xtables: Spelling fixes in xtables-monitor tests: Fix skipping for recent nft-only tests xtables: Improve xtables-monitor first impression xtables: Don't pass full invflags to add_compat() xtables: Fix for wrong counter format in -S output ebtables: Remove flags misinterpretations xtables: Use native nftables limit expression ebtables: Merge libebt_limit.c into libxt_limit.c arptables: Drop extensions/libxt_mangle.c xtables: Fix for no output in iptables-nft -S ebtables: Fix for listing of non-existent chains xtables: Make 'iptables -S nonexisting' return non-zero ebtables: Fix entries count in chain listing xtables: Fix for segfault in iptables-nft xtables: Use meta l4proto for -p match extensions: AUDIT: Provide translation xlate-test: Fix for calling wrong command name ebtables: trivial: Leverage C99-style initializers a bit more ebtables-translate: Fix segfault while parsing extension options xtables: Add a few missing exit calls extensions: libebt_mark: Drop mark_supplied check ebtables: Review match/target lookup once more xtables: Add missing deinitialization ebtables-translate: Fix for libebt_limit.txlate ip6tables-translate: Fix libip6t_mh.txlate test xtables: Fix for deleting rules with comment xtables: Align return codes with legacy iptables xtables: Drop use of IP6T_F_PROTO xtables-restore: Fix flushing referenced custom chains xtables: Don't check all rules for being compatible xtables: Accept --wait in iptables-nft-restore libxtables: Fix potential array overrun in xtables_option_parse() libiptc: Avoid side-effect in memset() calls ebtables: Fix for potential array boundary overstep libxt_string: Avoid potential array out of bounds access extensions: REJECT: Merge reject tables xtables-save: Ignore uninteresting tables libxt_string: Fix array out of bounds check nfnl_osf: Drop pointless check in xt_osf_strchr() xtables: Fix for wrong assert() in __nft_table_flush() libxtables: Integrate getethertype.c from xtables core Mark fall through cases in switch() statements ip{, 6}tables-restore: Fix for uninitialized array 'curtable' xtables: Remove unused variable in nft_is_table_compatible() libxt_LED: Avoid string overrun while parsing led-trigger-id libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION libxt_conntrack: Avoid potential buffer overrun libxt_ipvs: Avoid potential buffer overrun libxt_time: Drop initialization of variable 'year' libiptc: Simplify alloc_handle() function signature libxtables: Avoid calling memcpy() with NULL source libxtables: Don't read garbage in xtables_strtoui() nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() iptables-apply: Quote strings passed to echo iptables-apply: Replace signal numbers by names Share print_ipv{4,6}_addr() from xtables iptables: Use print_ifaces() from xtables nft-arp: Drop ineffective conditional extensions: libebt_ip{, 6}: Drop pointless error checking Fix a few cases of pointless assignments libxtables: Use posix_spawn() instead of vfork() xtables: Don't read garbage in nft_ipv4_parse_payload() arptables: Fix incorrect strcmp() in nft_arp_rule_find() xtables: Drop pointless check iptables: Gitignore xtables-{legacy, nft}-multi scripts libxtables: Check extension real_name length libiptc: NULL-terminate errorname Combine command_match() implementations Combine parse_target() and command_jump() implementations arptables: Use the shared nft_ipv46_parse_target() nft-shared: Use xtables_calloc() xtables: Remove target_maxnamelen field