Difference between revisions of "List of updates since Linux kernel 3.13"
Jump to navigation
Jump to search
(add more features mentioned on other wiki pages) |
(fix netdev egress version (it was reverted from 5.7 before release)) |
||
| Line 4: | Line 4: | ||
* Support for inner header matching, such as "udp dport 6081 geneve ip saddr 10.141.11.2" | * Support for inner header matching, such as "udp dport 6081 geneve ip saddr 10.141.11.2" | ||
== 5.16 == | |||
* netdev egress hook | |||
== 5.10 == | == 5.10 == | ||
| Line 9: | Line 13: | ||
* Support for ingress hook in inet family | * Support for ingress hook in inet family | ||
* Support for comments on tables, chains, sets, maps, etc. | * Support for comments on tables, chains, sets, maps, etc. | ||
== 5.6 == | == 5.6 == | ||
Revision as of 17:00, 22 December 2023
A listing of the development progress.
6.2
- Support for inner header matching, such as "udp dport 6081 geneve ip saddr 10.141.11.2"
5.16
- netdev egress hook
5.10
- Support for ingress hook in inet family
- Support for comments on tables, chains, sets, maps, etc.
5.6
- Support for ranges (intervals) in concatenations
5.4
- meta time / hour / day
5.3
- conntrack support for the bridge family
- th expression for matching UDP/TCP headers in the same rule
- synproxy statement
5.2
- Support for NAT in inet family
5.0
- ipsec / xfrm expressions
4.20
- secmark support
4.19
- tproxy statement
4.18
- nftables NAT is no longer incompatible with iptables NAT
- connlimits (but buggy until 4.19.10!)
- ct count
- log level audit
4.16
- flowtable support
4.15
- Fetch single elements of a set (i.e, nft get element)
4.14
- PMTU calculation / MSS clamping (tcp option maxseg size set rt mtu)
4.12
4.10
- notrack support
- stateful objects
- nexthop and fib, for matching routing information
- improved packet mangling support
4.6
4.5
4.3
- Enhancements for the limit expression, support for ratelimit bytes/time unit.
- Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
- VLAN header matching support when NIC support offloads.
4.2
- New 'netdev' family for filtering from ingress.
- Context to x_tables extensions to know if they run from nft_compat.
4.1
Major updates in the generic set infrastructure:
- Concatenations.
- Timeout per set elements.
- Comments per set elements.
- Dynamic set instantiation.
4.0
- Mostly fixes.
3.19
- redirect support.
3.18
- masquerading support.
- meta cpu, devgroup matching.
- reject bridge support.
- destroy table and its content, ie. nft flush ruleset.
3.17
- log and nflog support for ip, ip6, arp and bridge families.
3.16
- connlabel support.
3.15
- Comments per rule support.
- IPv4 reject support.
3.14
- set packet mark support.
- nfqueue support (only for ip and ip6 families).
- rule tracing support.
- IPv6 and inet reject support.
3.13
- nf_tables merged mainstream.