Hi!
The Netfilter project proudly presents:
nftables 1.1.5
This release contains fixes:
- Fix regressions in JSON ruleset listing, restore set flags to display
single item with array:
- "flags": "interval"
+ "flags": ["interval"]
... and use "oif" result type instead of the new check for simple
matching on fib:
- "result": "check"
+ "result": "oif"
to restore third party JSON parsers.
- Add new --with-unitdir=PATH option for ./configure to install the
nftables systemd unit file. If PATH is not specified, then auto-detect
systemd unit path. Check man(8) nftables.service for more information.
- Fix misleading "No buffer space available" error when kernel reports
too many errors back to userspace.
... and a handful more of small fixes.
See changelog for more details (attached to this email).
You can download this new release from:
https://www.netfilter.org/projects/nftables/downloads.html
https://www.netfilter.org/pub/nftables/
To build the code, libnftnl >= 1.3.0 and libmnl >= 1.0.4 are required:
* https://netfilter.org/projects/libnftnl/index.html
* https://netfilter.org/projects/libmnl/index.html
Visit our wikipage for user documentation at:
* https://wiki.nftables.org
For the manpage reference, check man(8) nft.
In case of bugs and feature requests, file them via:
* https://bugzilla.netfilter.org
Happy firewalling.
Florian Westphal (6):
tests: py: revert dccp python tests
tests: shell: update comment to name the right commit.
evaluate: check XOR RHS operand is a constant value
tests: shell: add parser and packetpath test
src: fix memory leak in anon chain error handling
mnl: silence compiler warning
Jan Engelhardt (1):
tools: add a systemd unit for static rulesets
Pablo Neira Ayuso (8):
segtree: incorrect type when aggregating concatenated set ranges
src: ensure chain policy evaluation when specified
fib: restore JSON output for relational expressions
tests: shell: cover sets as set elems evaluation
tests: shell: coverage for simple verdict map merger
mnl: continue on ENOBUFS errors when processing batch
build: disable --with-unitdir by default
build: Bump version to 1.1.5
Phil Sutter (19):
tests: shell: Fix packetpath/rate_limit for old socat
src: netlink: netlink_delinearize_table() may return NULL
tests: py: Drop duplicate test in any/meta.t
tests: py: Drop stale entries since redundant test case removal
tests: py: Drop stale payload from any/rawpayload.t.payload
tests: py: Drop duplicate test from inet/geneve.t
tests: py: Drop duplicate test from inet/gre.t
tests: py: Drop duplicate test from inet/gretap.t
tests: py: Drop stale entry from inet/tcp.t.json
tests: py: Drop duplicate test from inet/vxlan.t
tests: py: Drop redundant payloads for ip/ip.t
tests: py: Drop stale entry from ip/snat.t.json
tests: py: Drop stale entries from ip6/{ct,meta}.t.json
tests: py: Drop stale entry from ip/snat.t.payload
tests: py: Fix tests added for 'icmpv6 taddr' support
json: Do not reduce single-item arrays on output
tests: monitor: Fix for flag arrays in JSON output
trace: Fix for memleak in trace_alloc_list() error path
Makefile: Fix for 'make distcheck'
Łukasz Stelmach (1):
doc: Add a note about route_localnet sysctl
