Adam Gołębiowski (1):
extensions: format-security fixes in libip[6]t_icmp
Baruch Siach (5):
ebtables: vlan: fix userspace/kernel headers collision
xtables-monitor: fix build with older glibc
include: fix build with kernel headers before 4.2
xtables-monitor: fix build with musl libc
include: extend the headers conflict workaround to in6.h
Florian Westphal (12):
arptables-nft: use generic expression parsing function
xtables: rename opcodes to arp_opcodes
xtables: make all nft_parse_ helpers static
arptables-nft: fix decoding of hlen on bigendian platforms
tests: return-codes script is bash specific
xtables: unify user chain add/flush for restore case
xtables: add skip flag to objects
xtables: add and use nft_build_cache
xtables: add and set "implict" flag on transaction objects
xtables: handle concurrent ruleset modifications
tests: add test script for race-free restore
extensions: SYNPROXY: should not be needed anymore on current kernels
Lucas Stach (1):
xtables-legacy: add missing config.h include
Pablo Neira Ayuso (19):
nft: add type field to builtin_table
nft: move chain_cache back to struct nft_handle
nft: move initialize to struct nft_handle
xtables: constify struct builtin_table and struct builtin_chain
extensions: libip6t_mh: fix bogus translation error
xshared: check for maximum buffer length in add_param_to_argv()
man: refer to iptables-translate and ip6tables
nft: add struct nft_cache
nft: statify nft_rebuild_cache()
nft: add __nft_table_builtin_find()
nft: add flush_cache()
nft: cache table list
nft: ensure cache consistency
nft: keep original cache in case of ERESTART
nft: don't skip table addition from ERESTART
nft: don't care about previous state in ERESTART
nft: do not retry on EINTR
nft: reset netlink sender buffer size of socket restart
configure: bump versions for 1.8.3 release
Phil Sutter (84):
libiptc: Extend struct xtc_ops
ip6tables-restore: Merge into iptables-restore.c
ip6tables-save: Merge into iptables-save.c
xtables: Introduce per table chain caches
arptables: Support --set-counters option
ebtables: Use xtables_exit_err()
xtables: Don't use native nftables comments
extensions: libipt_realm: Document allowed realm values
extensions: TRACE: Point at xtables-monitor in documentation
nft: Simplify nftnl_rule_list_chain_save()
nft: Review unclear return points
xtables-restore: Review chain handling
nft: Review is_*_compatible() routines
nft: Reduce __nft_rule_del() signature
nft: Reduce indenting level in flush_chain_cache()
nft: Simplify per table chain cache update
nft: Simplify nft_rule_insert() a bit
nft: Introduce fetch_chain_cache()
nft: Move nft_rule_list_get() above nft_chain_list_get()
xtables: Implement per chain rule cache
nft: Drop nft_chain_list_find()
xtables: Optimize flushing a specific chain
xtables: Optimize nft_chain_zero_counters()
tests: Extend verbose output and return code tests
xtables: Optimize user-defined chain deletion
xtables: Optimize list command with given chain
xtables: Optimize list rules command with given chain
nft: Make use of nftnl_rule_lookup_byindex()
nft: Simplify nft_is_chain_compatible()
nft: Simplify flush_chain_cache()
xtables: Set errno in nft_rule_check() if chain not found
nft: Add new builtin chains to cache immediately
xtables: Fix position of replaced rules in cache
utils: Add a manpage for nfbpf_compile
xtables: Fix for inserting rule at wrong position
xtables: Speed up chain deletion in large rulesets
arptables-nft: Fix listing rules without target
arptables-nft: Fix MARK target parsing and printing
arptables-nft: Fix CLASSIFY target printing
arptables-nft: Remove space between *cnt= and value
arptables-nft-save: Fix position of -j option
arptables-nft: Don't print default h-len/h-type values
tests: shell: Add arptables-nft verbose output test
xtables: Catch errors when zeroing rule rounters
ebtables: Fix rule listing with counters
nft: Fix potential memleaks in nft_*_rule_find()
arptables-nft: Set h-type/h-length masks by default, too
extensions: Fix arptables extension tests
xtables: Fix for crash when comparing rules with standard target
xtables: Fix for false-positive rule matching
Revert "ebtables: use extrapositioned negation consistently"
xshared: Explicitly pass target to command_jump()
xtables-save: Fix table not found error message
nft: Don't assume NFTNL_RULE_USERDATA holds a comment
nft: Introduce UDATA_TYPE_EBTABLES_POLICY
ebtables-nft: Support user-defined chain policies
nft: Eliminate dead code in __nft_rule_list
xtables: Fix error message when zeroing a non-existent chain
xtables: Move new chain check to where it belongs
xtables: Fix error messages in commands with rule number
xtables: Fix error message for chain renaming
tests: Extend return codes check by error messages
arptables: Print space before comma and counters
xlate-test: Support testing host binaries
tests/shell: Support testing host binaries
doc: Install ip{6,}tables-translate.8 manpages
extensions: AUDIT: Document ineffective --type option
extensions: Fix ipvs vproto parsing
extensions: Fix ipvs vproto option printing
extensions: Add testcase for libxt_ipvs
extensions: connlabel: Fallback on missing connlabel.conf
doc: Add arptables-nft man pages
doc: Adjust arptables man pages
doc: Add ebtables man page
doc: Adjust ebtables man page
xtables-legacy.8: Remove stray colon
xtables-save: Point at existing man page in help text
extensions: Install symlinks as such
man: iptables-save: Add note about module autoloading
xtables: Don't leak iter in error path of __nft_chain_zero_counters()
tests: Fix ipt-restore/0004-restore-race_0 testcase
xtables: Fix for explicit rule flushes
Drop release.sh
Revert "build: don't include tests in released tarball"
Sam Banks (1):
extensions: libxt_osf.: Typo in manpage
Changes: