Alvaro Neira (15): linealize: generate unary expression with the appropiate operation payload: generate dependency in the appropriate byteorder src: Enhance payload_gen_dependency() datatype: Enhance symbolic_constant_parse() nft: complete reject support evaluate: fix a crash if we specify ether type or meta nfproto in reject delinearize: list the icmpx reason with the string associated evaluate: reject: fix crash if we specify ether type or meta nfproto evaluate: reject: fix crash if we have transport protocol conflict from inet test: update and add the reject tests for ip, ip6, bridge and inet. evaluate: reject: accept a reject reason with incorrect network context evaluate: reject: check in bridge and inet the network context in reject evaluate: reject: check the context in reject without reason for bridge and inet tables evaluate: reject: enhance the error support throwing message with more details evaluate: reject: fix crash on NULL location with bridge and tcp reset Alvaro Neira Ayuso (1): src: add specific byteorder to the struct proto_hdr_template Ana Rey (15): src: Add support for pkttype in meta expresion src: Add support for cpu in meta expresion src: meta: Fix the size of cpu attribute src: Add devgroup support in meta expresion tests: Add automated regression testing tests: Add ip folder with test files tests: Add ip6 folder with test files. tests: Add inet folder with test files. tests: Add arp folder with test files. tests: Add bridge folder with test files. tests: Add any folder with test files. tests: regression: Delete all reference to wlan0 in test files tests: regression: Delete an unnecessary whitespace in an output messages meta: Add support for datatype devgroup src: Add cgroup support in meta expresion Arturo Borrero (18): netlink: monitor: add a helper function to handle sets referenced by a rule netlink: monitor: fix how rules with intervals are printed doc: update documentation with 'monitor' and 'export' src: add `flush ruleset' netlink: include file and line in netlink ABI errors src: add set optimization options rule: rename do_command_list_cleanup() to table_cleanup() rule: factorize chain and table listing code src: add list ruleset command src: add nat persistent and random options src: add masquerade support tests: add tests for masquerade mnl: delete useless parameter nf_sock in batch functions src: add redirect support nft: don't resolve hostnames by default tests/regression: masquerade: fix invalid syntax tests/regression: redirect: fix invalid syntax parser: allow both nat_flags and port specification in redirect David Kozub (1): build: add missing \ in src/Makefile.am (AM_CPPFLAGS) Eric Leblond (2): scanner: fix reading of really long line datatype: fix name of icmp* code Giorgio Dal Molin (2): build: add autotools support for the 'doc' subdir build: add autotools support for the 'files' subdir Kevin Fenzi (1): doc: nft: Fix trivial error in man page where flush should be rename Pablo Neira Ayuso (53): proto: initialize result expression in ethertype_parse() mnl: immediately return on errors in mnl_nft_ruleset_dump() mnl: check for NLM_F_DUMP_INTR when dumping object lists mnl: add nft_batch_continue() helper mnl: add nft_nlmsg_batch_current() helper src: rework batching logic to fix possible use of uninitialized pages main: propagate error to shell mnl: introduce NFT_NLMSG_MAXSIZE mnl: fix crashes when using sets with many elements src: add level option to the log statement src: don't return error in netlink_linearize_rule() include: refresh include/linux/nf_tables.h cached copy log: netlink_linearize: don't set level if user didn't specify src: fix 'describe' command when passing wrong expressions mnl: consistency checks across several netlink dumps mnl: use nft_batch_begin and nft_batch_end from libnftnl src: interpret the event type from the evaluation step netlink: use switch whenever possible in the monitor code utils: indicate file and line on memory allocation errors include: refresh cached copy of nf_tables.h build: use PKG_CHECK_MODULES to check for libmnl and libnftnl build: use AC_PROG_YACC and AM_PROG_LEX rename parser.y to parser_bison.y include: add cli.h build: autotools conversion netlink: don't bug on unknown events src: restore nft --debug parser: restore named vmap tests: regression: any/queue.t: use new syntax tests: regression: don't use -nnn for non-list commands tests: regression: fix bogus error due to bash tests: regression: test masquerade from nat/postrouting too datatype: fix crash when using basetype instead of symbolic constants datatype: relax datatype check in integer_type_parse() netlink_delinearize: clone on netlink_get_register(), release previous on _set() meta: set base field on clones tests: regression: fix "Listing is broken" instead of output mismatch tests: regression: any/ct: remove wrong output scanner: don't bug on too large values payload: fix endianess issue in payload_expr_pctx_update() src: generate set members using integer_type in the appropriate byteorder netlink_delinearize: fix listing of set members in host byteorder using integer_type netlink: fix listing of range set elements in host byteorder rule: fix segmentation faults on kernels without nftables support tests: regression: adapt nat tests to use random-fully tests: regression: redirect.t: fix bogus errors parser: use 'redirect to PORT' instead of 'redirect :PORT' tests: regression: fix wrong number of test files tests: regression: simplify run_test_file() in case `-e' is used tests: regression: log.t: this works for bridge and arp since 3.17 build: restore --disable-debug datatype: missing byteorder in string_type Bump version to v0.4 Patrick McHardy (16): netlink: check and handle errors from netlink_delinearize_set() evaluate: fix concat expressions as map arguments payload: take endianess into account when updating the payload context datatype: take endianess into account in symbolic_constant_print() proto: fix byteorder of ETH_P_* values verdict type: handle verdict flags and encoded additional information parser: simplify monitor command parsing parser: compact log level grammar expr: make range_low()/range_high() usable outside of segtree queue: clean up queue statement parser: rearrange monitor/export rules dtype: remove unnecessary icmp* parse/print functions stmt: rename nat "random-fully" option to "fully-random" meta: properly align types in meta_template table dtype: fix memory leak in concat_type_destroy() datatype: print datatype name in datatype_print() BUG message Steven Barth (2): build: allow disabling libreadline-support build: remove unnecessary libintl.h check Yanchuan Nian (2): Fix memory leak in nft get operation Fix typo in chain hook parsing Yuxuan Shui (1): payload: use proto_unknown for raw protocol header