Ahmed Abdelsalam (2): extensions: libip6t_srh: support matching previous, next and last SID extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid Arturo Borrero Gonzalez (2): iptables: add xtables-compat.8 manpage iptables: add xtables-translate.8 manpage Arushi Singhal (3): iptables: constify option struct xtables: homogenize error message iptables: tests: shell: add shell test-suite Duncan Roe (1): xtables-compat-multi.c: Allow symlink of ebtables Florian Westphal (107): xtables-compat-restore: use correct hook priorities extensions: prefer plain 'set' over 'set mark and' extensions: connmark: remove non-working translation extenstions: ecn: add tcp ecn/cwr translation xtables-compat: fix snprintf truncation warnings xtables-compat: also validate priorities and hook points match expected values xtables-compat: skip unsupported tables xtables-compat: only validate the xtables builtin tables libxt_comment: silence truncation warning ebtables-compat: don't make failing extension load fatal ebtables-compat: load mark target ebtables-compat: add initial translations xt-compat: constify a few struct members xtables-translate: rm duplicate includes nft: make nft_init self-contained libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' nft-bridge: add forward declaration for struct nftnl_rule ebtables-compat: support intra-positioned negations nft: fix crash when getprotobynumber() returns 0 nft-bridge: fix mac address printing nft-bridge: add eb-translate backend functions xtables-eb: export 3 functions xlate-translate: split common parts into helper xt-compat: add ebtables-translate ebtables-translate: add initial test cases icmp: split icmp type printing to header file xt-translate: quote interface names in translated output libebt_ip: add icmp support libebt_ip: fix translations for tos and icmp ebtables-compat: add 'ip6' match extension ebtables-translate: update table name on -t ebtables-compat: add 'pkttype' match extension ebtables-compat: add 'vlan' match extension nft: arptables: remove obsolete forward hook definition ebtables-translate: turn off useless compat queries extensions: ULOG: remove test xtables-compat: only fetch revisions for ip/ip6 iptables-test: add nft switch and test binaries from git xtables-compat: truncate comments to 254 bytes xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds xtables-compat: ebtables: handle mac masks properly xlate-test: use locally installed xlate tools xtables-compat: fall back to comment match in case name is too long xtables.conf: fix hook skeletons xtables-compat: output -s,d first during save, just like iptables extensions: add xlate test for ipables -f xtables-compat: restore: sync options with iptables-restore xtables-compat: avoid unneeded bitwise ops xtables-compat: also check tg2->userspacesize xtables-compat: fix ipv4 frag (-f) iptables-test: fix bug with rateest xtables-compat: ebtables: support concurrent option xtables-compat: xtables-save: don't return 1 xtables-compat: pass larger socket buffer extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 xtables-compat: fix wildcard detection xtables-compat: pass correct table skeleton xtables-compat: ebtables: kill ebtables_command_state xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall xtables-compat: ebtables: add and use helper to parse all interface names xtables-compat: ebtables: fix logical interface negation xtables-compat: ebtables: remove interface masks from ebt_entry struct xtables-compat: ebtables: add helpers to print interface and mac addresses xtables-compat: ebtables: allow checking for zero-mac ebtables-translate: suppress redundant protocols xtables-compat: ip6table-save: fix save of ip6 address masks libxtables: store all requested match types xtables-compat: extend generic tests for masks and wildcards xtables-compat: ebtables: prefer snprintf to strncpy ebtables-compat: add nat match extensions ebtables-compat: add redirect match extension ebtables-compat: add arp match extension xtables: allow dumping of chains in specific table xtables-compat: remove nft_is_ruleset_compatible xtables: extended error reporting xtables-compat: append all errors into single line xtables-compat: ignore '+' interface name xtables-compat: skip invalid tables ebtables-translate: remove --change-counters code configure: add -Wlogical-op warning to cflags xtables: remove dead code inherited from ebtables xtables: silence two compiler warnings include: update kernel netfilter header files iptables8.in: Update coreteam names xtables: add nf_tables vs. legacy postfix to version strings xtables: warn in case old-style (set/getsockopt) tables exist xtables: translate nft meta trace set 1 to -j TRACE xtables: add xtables-monitor tests: make duplicate test work xtables-restore: init table before processing policies xtables: rename xt-multi binaries to -nft, -legacy tests: adapt test suite to run with legacy+nftables based binaries tests: add initial save/restore test cases tests: add another ipv4 only ruleset tests: add firewalld default ruleset from fedora 27 ebtables-nft: don't crash on ebtables -X ebtables-nft: remove exec_style ebtables-nft: make -L, -X CHAINNAME work tests: add a few simple tests for list/new/delete tests: fix variable name to multi-binary tests: add script that mimics firewalld startup ebtables-nft: add stp match xtables: display legacy/nf_tables flavor in error messages, too xtables-legacy: fix argv0 name for ip6tables-legacy xtables-monitor: add --version option man: clarify translate tools do not modify any state configure: bump version and libnftnl dependency Harsha Sharma (1): extensions: add tests for comp match options Hauke Mehrtens (1): extensions: libxt_bpf: Fix build with old kernel versions Jack Ma (1): extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark Jan Engelhardt (1): doc: fix some spellos and the dash escape Major Hayden (1): doc: Fix spelling error in hashlimit section Pablo Neira Ayuso (20): extensions: CLUSTERIP: add tests extensions: CLUSTERIP: do not allow --local-node 0 iptables-compat: handle netlink dump EINTR errors iptables-compat: statify nft_restart() iptables-compat: remove non-batching routines iptables-compat: do not fail on restore if user chain exists iptables-compat: chains are purge out already from table flush xtables-compat-restore: flush rules and delete user-defined chains xtables-compat-restore: flush user-defined chains with -n xtables-compat: fix bogus error with -X and no user-defined chains xtables-compat-restore: flush table and its content with no -n extensions: libxt_CONNMARK: incorrect translation after v2 xtables: inconsistent error reporting for -X and no empty chain xtables: use libnftnl batch API xtables: allocate struct xt_comment_info for comments xtables: initialize basechains only once on ruleset restore xtables: add chain cache xtables: rework rule cache logic xtables: initialize basechains for rule flush command too xtables: more error printing fixes Serhey Popovych (7): extensions: Initialize linear mapping of symbols in _init() of extension xtables: Introduce and use common function to parse val[/mask] arguments xtables: Introduce and use common function to print val[/mask] arguments xtables: Do not register matches/targets with incompatible revision xtables: Check match/target size vs XT_ALIGN(size) at register time xtables: Register all match/target revisions supported by us and kernel xtables: Fix rules print/save after iptables update Thierry Du Tre (2): extensions: libipt_DNAT: support shifted portmap ranges extensions: libipt_DNAT: tests added for shifted portmap range