'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 }
th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Remove upstreamed patch:
- 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch
Changes:
13248670 build: Bump version to 1.0.5
3432eebd tests/py: disable arp family for queue statement
180ce4d7 meta: don't use non-POSIX formats in strptime()
c1c223f1 src: allow anon set concatenation with ether and vlan
87c3041b evaluate: search stacked header list for matching payload dep
b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context
f680055c tests: add a test case for ether and vlan listing
dbd5f348 debug: dump the l2 protocol stack
0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset
89688c94 netlink_delinearize: postprocess binary ands in concatenations
0542a431 netlink_delinearize: allow postprocessing on concatenated elements
8efab552 parser_json: fix device parsing in netdev family
76fae8f5 src: proto: support DF, LE PHB, VA for DSCP
446e76db doc: Document limitations of ipsec expression with xfrm_interface
a2ddb38f cache: report an error message if cache initialization fails
649b8ce3 cache: validate handle string length
64c74ba5 cache: prepare nft_cache_evaluate() to return error
46980cdd rule: crash when uncollapsing command with unexisting table or set
8a6cdfaf cache: release pending rules when chain binding lookup fails
e17337df evaluate: report missing interval flag when using prefix/range in concatenation
45c097c6 scanner: allow prefix in ip6 scope
6c23bfa5 segtree: fix map listing with interface wildcard
8623772a scanner: don't pop active flex scanner scope
994bf500 parser: add missing synproxy scope closure
ed2426bc tests/py: Add a test for failing ipsec after counter
27107b49 evaluate: fix segfault when adding elements to invalid set
0f82b07f mnl: store netlink error location for set elements
15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting
f56e901a parser_bison: fix error location for set elements
6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch
5357cb7b intervals: fix crash when trying to remove element in empty set
d54510f8 netlink_delinearize: memleak when parsing concatenation data
12a223ce libnftables: release top level scope
b91bbf88 optimize: limit statement is not supported yet
45a61a75 optimize: assume verdict is same when rules have no verdict
fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational
29e62111 tests: shell: run -c -o on ruleset
887405df optimize: add unsupported statement
8f61a69e optimize: add hash expression support
ca8fd77a optimize: add numgen expression support
721efd64 optimize: add binop expression support
f7e901a2 optimize: add fib expression support
54b1e49f optimize: add xfrm expression support
0beaea37 optimize: add osf expression support
d07fe8e8 optimize: fix verdict map merging
38d48fe5 optimize: fix reject statement
f9939f89 optimize: remove comment after merging
8f10f33a optimize: do not print stateful information
3ac932e9 optimize: do not merge rules with set reference in rhs
64ebb03a optimize: do not compare relational expression rhs when collecting statements
59e3a592 intervals: Do not sort cached set elements over and over again
d434de8b intervals: do not empty cache for maps
87ba510f intervals: do not report exact overlaps for new elements
498a5f0c rule: collapse set element commands
8fafe4e6 tests: shell: runtime set element automerge
638af0ce Revert "scanner: flags: move to own scope"
Signed-off-by: Nick Hainke <vincent@systemli.org>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove backport:
- 001-examples-compile-with-make-check.patch
87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Missing header for va_list.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
