Florian Westphal (10): arptables-nft: remove ARPT_INV flags usage nft-arp: add missing mask support nft-arp: add arptables-translate arptables-txlate: add test cases extensions: MARK: fix arptables support extensions: libebt_stp: fix range checking extensions: xt_socket: add txlate support for socket match extensions: xt_TPROXY: add txlate support iptables: tests: add missing make +x iptables: tests: shell: use bash, not sh Jacek Tomasiak (1): iptables: Add missing error codes Jan Engelhardt (15): man: display number ranges with an en dash man: encode minushyphen the way groff/man requires it man: encode emdash the way groff/man requires it man: encode hyphens the way groff/man requires it man: consistent casing of "IPv[46]" man: grammar fixes to some manpages man: use native bullet point markup man: consistent use of \(em in Name sections man: remove lone .nh command man: repeal manual hyphenation man: stop putting non-terminals in italic man: copy synopsis markup from iptables.8 to arptables-nft.8 man: limit targets for -P option synopsis man: more backslash-encoding of characters man: proper roff encoding for ~ and ^ Jeremy Sowden (7): Fix spelling mistakes build: format `AM_CPPFLAGS` variables build: remove obsolete `AM_LIBTOOL_SILENT` variable build: remove unused `AM_VERBOSE_CXX*` variables build: use standard automake verbosity variables build: add an automake verbosity variable for `ln` build: replace `echo -e` with `printf` Joshua Lant (2): iptables: align xt_CONNMARK with current kernel headers configure: Determine if musl is used for build Maxin B. John (1): configure: Add option to enable/disable libnfnetlink Pablo Neira Ayuso (1): tests: iptables-test: extend coverage for ip6tables Phil Sutter (159): libiptc: Fix for another segfault due to chain index NULL pointer extensions: string: Clarify description of --to extensions: string: Adjust description of --to to recent kernel changes man: use .TP for lists in xt_osf man page man: reveal rateest's combination categories ebtables: Fix corner-case noflush restore bug arptables: Fix formatting of numeric --h-type output arptables: Fix --proto-type mask formatting extensions: libarpt_standard.t: Add a rule with builtin option masks Makefile: Install arptables-translate link and man page nft-bridge: nft_bridge_add() uses wrong flags xshared: struct xt_cmd_parse::xlate is unused xshared: All variants support -v, update OPTSTRING_COMMON xshared: Drop needless assignment in --help case xshared: Drop pointless CMD_REPLACE check tests: xlate: Print failing command line ebtables: Drop append_entry() wrapper ebtables: Make ebt_load_match_extensions() static ebtables: Align line number formatting with legacy xshared: do_parse: Ignore '-j CONTINUE' ebtables: Implement --change-counters command libxtables: Combine the two extension option mergers libxtables: Fix guided option parser for use with arptables libxtables: Introduce xtables_strtoul_base() libxtables: Introduce struct xt_option_entry::base extensions: libarpt_mangle: Use guided option parser extensions: MARK: arptables: Use guided option parser xshared: Introduce xt_cmd_parse_ops::option_name xshared: Introduce xt_cmd_parse_ops::option_invert xshared: Simplify generic_opt_check() xshared: Entirely ignore interface masks when saving rules xshared: Do not populate interface masks per default nft: Leave interface masks alone when parsing from kernel man: Do not escape exclamation marks libxtables: xtoptions: Fix for garbage access in xtables_options_xfrm() libxtables: xtoptions: Fix for non-CIDR-compatible hostmasks xshared: do_parse: Skip option checking for CMD_DELETE_NUM xshared: Perform protocol value parsing in callback xshared: Turn command_default() into a callback xshared: Introduce print_help callback (again) xshared: Support rule range deletion in do_parse() xshared: Support for ebtables' --change-counters command ebtables{,-translate}: Convert if-clause to switch() ebtables: Change option values to avoid clashes ebtables: Pass struct iptables_command_state to print_help() ebtables: Make 'h' case just a call to print_help() ebtables: Use struct xt_cmd_parse xshared: Introduce option_test_and_reject() ebtables: Use do_parse() from xshared iptables-legacy: Fix for mandatory lock waiting tests: iptables-test: Use difflib if dumps differ libxtables: xtoptions: Prevent XTOPT_PUT with XTTYPE_HOSTMASK libxtables: xtoptions: Support XTOPT_NBO with XTTYPE_UINT* libxtables: xtoptions: Implement XTTYPE_ETHERMACMASK libxtables: xtoptions: Treat NFPROTO_BRIDGE as IPv4 ebtables: Support for guided option parser extensions: libebt_*: Drop some needless init callbacks extensions: libebt_stp: Use guided option parser extensions: libebt_arpreply: Use guided option parser extensions: libebt_dnat: Use guided option parser extensions: libebt_ip6: Use guided option parser extensions: libebt_ip: Use guided option parser extensions: libebt_log: Use guided option parser extensions: libebt_mark: Use guided option parser extensions: libebt_nflog: Use guided option parser extensions: libebt_snat: Use guided option parser extensions: libebt_redirect: Use guided option parser extensions: libebt_802_3: Use guided option parser extensions: libebt_vlan: Use guided option parser extensions: libebt_arp: Use guided option parser extensions: libxt_limit: Use guided option parser for NFPROTO_BRIDGE, too extensions: libebt_pkttype: Use guided option parser extensions: libebt_mark_m: Use guided option parser extensions: libxt_HMARK: Review HMARK_parse() ebtables: Default to extrapositioned negations tests: iptables-test: Increase non-fast mode strictness nft: ruleparse: Add missing braces around ternary libxtables: Fix memleak of matches' udata xtables-eb: Eliminate 'opts' define xshared: Fix for memleak in option merging with ebtables xshared: Introduce xtables_clear_args() ebtables: Fix for memleak with change counters command extensions: *.t/*.txlate: Test range corner-cases libxtables: xtoptions: Assert ranges are monotonic increasing libxtables: Reject negative port ranges extensions: ah: Save/xlate inverted full ranges extensions: frag: Save/xlate inverted full ranges extensions: mh: Save/xlate inverted full ranges extensions: rt: Save/xlate inverted full ranges extensions: esp: Save/xlate inverted full ranges extensions: ipcomp: Save inverted full ranges nft: Do not omit full ranges if inverted extensions: tcp/udp: Save/xlate inverted full ranges libxtables: xtoptions: Respect min/max values when completing ranges Revert "xshared: Print protocol numbers if --numeric was given" libxtables: Add dccp and ipcomp to xtables_chain_protos iptables-save: Avoid /etc/protocols lookups nft: Fix for broken recover_rule_compat() xtables-translate: Leverage stored protocol names xlate: Improve redundant l4proto match avoidance xlate: libip6t_mh: Fix and simplify plain '-m mh' match xshared: Fix parsing of empty string arg in '-c' option libxtables: Attenuate effects of functions' internal static buffers man: extensions: recent: Clarify default value of ip_list_hash_size extensions: libxt_sctp: Add an extra assert() ebtables: Include 'bitmask' value when comparing rules man: recent: Adjust to changes around ip_pkt_list_tot parameter xtables-monitor: Proper re-init for rule's family xtables-monitor: Flush stdout after all lines of output xtables-monitor: Align builtin chain and table output xtables-monitor: Support arptables chain events tests: shell: New xtables-monitor test xtables-monitor: Fix for ebtables rule events xtables-monitor: Ignore ebtables policy rules unless tracing xtables-monitor: Print commands instead of -4/-6/-0 flags nft: Fix for zeroing non-existent builtin chains extensions: recent: New kernels support 999 hits nft: cache: Annotate faked base chains as such nft: Fix for zeroing existent builtin chains extensions: recent: Fix format string for unsigned values extensions: conntrack: Use the right callbacks nft: cmd: Init struct nft_cmd::head early nft: Add potentially missing init_cs calls arptables: Fix conditional opcode/proto-type printing xshared: Do not omit all-wildcard interface spec when inverted extensions: conntrack: Reuse print_state() for old state match xshared: Make save_iface() static xshared: Move NULL pointer check into save_iface() libxtables: Debug: Slightly improve extension ordering debugging arptables: Introduce print_iface() ebtables: Omit all-wildcard interface specs from output ebtables: Zero freed pointers in ebt_cs_clean() ebtables: Introduce nft_bridge_init_cs() nft: Reduce overhead in nft_rule_find() nft: ruleparse: Drop 'iter' variable in nft_rule_to_iptables_command_state extensions: TPROXY: Fix for translation being non-terminal tests: shell: Adjust for recent changes in libnftnl tests: iptables-test: Append stderr output to log file man: xtables-legacy.8: Join two paragraphs man: ebtables-nft.8: Note that --concurrent is a NOP gitignore: Ignore generated arptables-translate.8 xshared: iptables does not support '-b' ebtables: Fix for -S with rule number nft: Fix for -Z with bogus rule number tests: shell: Test some commands involving rule numbers tests: iptables-test: Fix for duplicate supposed-to-fail errors tests: shell: Fix for 'make distcheck' ebtables: Clone extensions before modifying them ebtables: Simplify ebt_add_{match,watcher} tests: shell: Test ebtables-restore deleting among matches tests: iptables-test: Properly assert rule deletion errors tests: iptables-test: Extend fast mode docs a bit tests: shell: iptables/0010-wait_0 is unreliable tests: shell: Print escape sequences with terminals only tests: iptables-test: Fix for 'make distcheck' tests: xlate-test: Fix for 'make distcheck' Makefile.am: Revert to old serial test harness libxtables: Hide xtables_strtoul_base() symbol configure: Bump version for 1.8.11 release Sriram Rajagopalan (1): nft: Do not combine inverted payload matches