Donald Yandt (1): mnl: fix basehook comparison Eric Long (1): libnftables-json: fix raw payload expression documentation Florian Westphal (53): tests: shell: fix spurious dump failure in vmap timeout test tests: shell: don't rely on writable test directory tests: monitor: fix up test case breakage doc: extend description of fib expression src: allow to map key to nfqueue number tests: shell: add a test case for netdev ruleset flush + parallel link down tests: shell: add cgroupv2 socket match test case parser_bison: fix UaF when reporting table parse error rule: make cmd_free(NULL) valid evaluate: allow to re-use existing metered set netlink_delinarize: fix bogus munging of mask value src: add and use payload_expr_trim_force tests: py: extend raw payload match tests parser_bison: compact and simplify list and reset syntax parser_bison: get rid of unneeded statement payload: remove double-store payload: return early if dependency is not a payload expression tests: add atomic chain replace test tests: remove temporary file payload: don't kill dependency for proto_th tcpopt: add symbol table for mptcp suboptions expression: propagate key datatype for anonymous sets netlink_delinearize: also consider exthdr type when trimming binops expression: expr_build_udata_recurse should recurse segtree: fix string data initialisation doc: add mptcp to tcp option matching list src: fix reset element support for interval set type tests: extend reset test case to cover interval set and map type evaluate: don't crash if range has same start and end interval tests: shell: skip interval size tests on kernel that lack rbtree size fix evaluate: fix expression data corruption evaluate: don't allow merging interval set/map with non-interval one evaluate: move interval flag compat check after set key evaluation netlink: fix stack buffer overrun when emitting ranged expressions parser_bison: reject non-serializeable typeof expressions netlink_delinerize: add more restrictions on meta nfproto removal expression: tolerate named set protocol dependency evaluate: don't allow nat map with specified protocol rule: return error if table does not exist evaluate: fix assertion failure with malformed map definitions json: make sure timeout list is initialised evaluate: don't update cache for anonymous chains json: return error if table does not exist json: don't BUG when asked to list synproxies json: fix error propagation when parsing binop lhs/rhs expression: don't try to import empty string evaluate: compact STMT_F_STATEFUL checks evaluate: only allow stateful statements in set and map definitions cache: don't crash when filter is NULL evaluate: reject: remove unused expr function argument evaluate: fix crash when generating reject statement error parser_json: only allow concatenations with 2 or more expressions evaluate: bail out if ct saddr/daddr dependency cannot be inserted Jan Engelhardt (1): build: add hint for a2x error message Jeremy Sowden (1): src: allow binop expressions with variable right-hand operands Pablo Neira Ayuso (73): src: collapse set element commands from parser mnl: rename to mnl_seqnum_alloc() to mnl_seqnum_inc() mnl: update cmd_add_loc() to take struct nlmsghdr rule: netlink attribute offset is uint32_t for struct nlerr_loc src: fix extended netlink error reporting with large set elements tests: shell: move device to different namespace json: collapse set element commands from parser datatype: remove unused flags field mnl: restore --debug=netlink output with chains optimize: compare expression length intervals: set internal element location with the deletion trigger expression: remove elem_flags from EXPR_SET_ELEM to shrink struct expr size src: remove unused token_offset from struct location src: remove last_line from struct location src: shrink line_offset in struct location to 4 bytes libnftables: include canonical path to avoid duplicates main: prepend error tag to printed errors when parsing options intervals: add helper function to set previous element intervals: do not merge intervals with different timeout src: add EXPR_RANGE_VALUE expression and use it rule: constify set_is_non_concat_range() mnl: rename list of expression in mnl_nft_setelem_batch() mnl: do not send set size when set is constant set src: rework singleton interval transformation to reduce memory consumption scanner: better error reporting for CRLF line terminators evaluate: remove variable shadowing tests: shell: use mount --bind to change cgroupsv2 root tests: shell: delete netdev chain after test exthdr: incomplete type 2 routing header definition datatype: clamp boolean value to 0 and 1 ipopt: use ipv4 address datatype for address field in ip options parser_bison: turn redundant ip option type field match into boolean src: add symbol range expression to further compact intervals netlink_linearize: use range expression for OP_EQ and OP_IMPLICIT evaluate: auto-merge is only available for singleton interval sets tests: shell: interval sets with size tests: shell: random interval set with size evaluate: optimize zero length range evaluate: consolidate evaluation of symbol range expression payload: honor inner payload description in payload_expr_cmp() evaluate: release existing datatype when evaluating unary expression evaluate: simplify payload statement evaluation for bitfields evaluate: reject unsupported expressions in payload statement for bitfields evaluate: support for bitfield payload statement with binary operation netlink_delinearize: support for bitfield payload statement with binary operation segtree: incomplete output in get element command with maps netlink_linearize: reduce register waste with non-constant binop expressions src: print set element with multi-word description in single one line src: replace struct stmt_ops by type field in struct stmt tests: py: remove unknown fields parser_bison: consolidate counter grammar rule for set elements parser_bison: consolidate limit grammar rule for set elements parser_bison: consolidate quota grammar rule for set elements parser_bison: consolidate last grammar rule for set elements parser_bison: consolidate connlimit grammar rule for set elements tests: shell: extend coverage for set element statements tests: shell: missing ct count elements in new set_stmt test expression: add __EXPR_MAX and use it to define EXPR_MAX optimize: incorrect comparison for reject statement optimize: compact bitmask matching in set/map src: transform flag match expression to binop expression from parser src: remove flagcmp expression json: disallow empty concatenation expression: initialize list of expression to silence gcc compile warning expression: incorrect assert() list_expr_to_binop parser_json: reject empty jump/goto chain parser_json: allow statement stateful statement only in set elements parser_json: bail out on malformed statement in set cache: prevent possible crash rule filter is NULL optimize: expand expression list when merging into concatenation optimize: invalidate merge in case of duplicated key in set/map parser_bison: add selector_expr rule to restrict typeof_expr build: Bump version to 1.1.2 Phil Sutter (8): tests: shell: Join arithmetic statements in maps/vmap_timeout json: Support typeof in set and map types tests: py: Fix for storing payload into missing file monitor: Recognize flowtable add/del events tests: monitor: Run in own netns tests: monitor: Become $PWD agnostic tests: shell: Add socat availability feature test tests: shell: Fix owner/0002-persist on aarch64 Xiao Liang (1): fib: Change data type of fib oifname to "ifname"