lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Zv3P2VdIqSG2xUmE@calendula>
Date: Thu, 3 Oct 2024 00:57:29 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org, netfilter@...r.kernel.org,
	netfilter-announce@...ts.netfilter.org, lwn@....net,
	netdev@...r.kernel.org
Subject: [ANNOUNCE] nftables 1.1.1 release

Hi!

The Netfilter project proudly presents:

        nftables 1.1.1

This release contains mostly fixes, listed in no particular order:

- reduce netlink cache dependencies to speed up incremental updates.
- fix UDP packet mangling when checksum field is zero.
- several fixes for nft reset command.
- JSON parser fixes.
- variables are not supported by -o/--optimize.
- allow zero burst in byte ratelimiter.

  table netdev filter {
       set test123 {
               typeof ip saddr
               limit rate over 1 mbytes/second
               elements = { 1.2.3.4 limit rate over 1 mbytes/second }
       }
  }

- fix double-free when users call nft_ctx_clear_vars() first, then nft_ctx_free().
- document that tproxy statement is non-terminal (compared to iptables).
  This allows for tproxy+log and tproxy+mark combos, see man nft(8) for details.
- add egress support for 'list hooks'.

  # nft list hooks netdev device eth0
  family netdev {
          hook ingress device eth0 {
                   0000000000 chain inet ingress in_public [nf_tables]
                   0000000000 chain netdev ingress in_public [nf_tables]
          }
          hook egress device eth0 {
                   0000000000 chain netdev ingress out_public [nf_tables]
          }
  }

- fix listing inconsistencies in "nft list hooks".
- "nft list hooks netdev" now iterates all interfaces and then list all of them.
- document "nft list hooks" command, see man nft(8).

... including manpage updates too and tests enhancements.

See changelog for more details (attached to this email).

You can download this new release from:

https://www.netfilter.org/projects/nftables/downloads.html
https://www.netfilter.org/pub/nftables/

[ NOTE: We have switched to .tar.xz files for releases. ]

To build the code, libnftnl >= 1.2.8 and libmnl >= 1.0.4 are required:

* https://netfilter.org/projects/libnftnl/index.html
* https://netfilter.org/projects/libmnl/index.html

Visit our wikipage for user documentation at:

* https://wiki.nftables.org

For the manpage reference, check man(8) nft.

In case of bugs and feature requests, file them via:

* https://bugzilla.netfilter.org

Happy firewalling.

View attachment "changes-nftables-1.1.1.txt" of type "text/plain" (3199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ