Arturo Borrero Gonzalez (1): nft: rearrange help output to group related options together Balazs Scheidler (5): socket: add support for "wildcard" key src/scanner.l: fix whitespace issue for the TRANSPARENT keyword doc: added documentation on "socket wildcard" tests: added "socket wildcard" testcases tests: allow tests/monitor to use a custom nft executable Devin Bayer (1): nft: migrate man page examples with `meter` directive to sets Florian Westphal (9): doc: revisit meta/rt primary expressions and ct statement monitor: print "dormant" flag in monitor mode tests: extend existing dormat test case to catch a kernel bug evaluate: permit get element on maps netlink: fix concat range expansion in map case tests: extend 0043concatenated_ranges_0 to cover maps too nftables: dump raw element info from libnftnl when netlink debugging is on proto: add sctp crc32 checksum fixup segtree: copy expr data to closing element Gopal Yadav (2): json: Combining --terse with --json has no effect Solves Bug 1462 - `nft -j list set` does not show counters Jeremy Sowden (3): tests: py: add missing JSON output for ct test. tests: py: correct order of set elements in test JSON output. tests: py: add missing test JSON output for TCP flag tests. Jindrich Makovicka (1): libnftables: avoid repeated command list traversal on errors Jose M. Guisado Gomez (6): src: fix obj list output when reset command src: add comment support for set declarations src: add comment support when adding tables src: add comment support for objects parser_bison: fail when specifying multiple comments src: add comment support for chains Pablo Neira Ayuso (45): src: Allow for empty set variable definition segtree: zap element statement when decomposing interval src: use expression to store the log prefix src: allow for variables in the log prefix string datatype: convert chain name from gmp value to string src: support for implicit chain bindings parser_bison: memleak in log prefix string evaluate: UAF in stmt_evaluate_log_prefix() tests: shell: chmod 755 testcases/chains/0030create_0 src: allow to use variables in flowtable and chain devices evaluate: use evaluate_expr_variable() for chain policy evaluation tests: shell: remove check for reject from prerouting rule: flush set cache before flush command rule: missing map command expansion evaluate: replace variable expression by the value expression src: allow for negative value in variable definitions evaluate: bail out with concatenations and singleton values evaluate: flush set cache from the evaluation phase src: remove cache lookups after the evaluation phase evaluate: remove table from cache on delete table parser_bison: memleak symbol redefinition evaluate: memleak in invalid default policy definition evaluate: UAF in hook priority expression netlink_delinearize: transform binary operation to prefix only with values evaluate: disregard ct address matching without family segtree: memleaks in interval_map_decompose() src: cache gets out of sync in interactive mode src: add comment support for map too mergesort: unbreak listing with binops src: add expression handler hashtable src: add chain hashtable cache mergesort: find base value expression type via recursion mnl: larger receive socket buffer for netlink errors tests: py: flush log file output before running each command evaluate: remove one indent level in __expr_evaluate_payload() src: context tracking for multiple transport protocols src: ingress inet support doc: nft.8: describe inet ingress hook rule: larger number of error locations src: constify location parameter in cmd_add_loc() src: improve rule error reporting segtree: UAF in interval_map_decompose() monitor: do not print generation ID with --echo Revert "monitor: do not print generation ID with --echo" build: Bump version to v0.9.7 Phil Sutter (4): doc: Document notrack statement json: Expect refcount increment by json_array_extend() evaluate: Reject quoted strings containing only wildcard json: Fix memleak in set_dtype_json() Stefano Brivio (5): tests: Run in separate network namespace, don't break connectivity tests: shell: Allow wrappers to be passed as nft command tests: 0043concatenated_ranges_0: Fix checks for add/delete failures tests: 0044interval_overlap_0: Repeat insertion tests with timeout tests: sets: Check rbtree overlap detection after tree rotations