Difference between revisions of "List of updates since Linux kernel 3.13"

From nftables wiki
Jump to navigation Jump to search
(add 4.10 with notrack support)
(add 4.16 reference)
(One intermediate revision by the same user not shown)
Line 63: Line 63:


* notrack support
* notrack support
== 4.15 ==
* Fetch single elements of a set (i.e, nft get element)
== 4.16 ==
* flowtable support

Revision as of 13:15, 7 March 2018

A listing of the development progress.

3.13

  • nf_tables merged mainstream.

3.14

  • set packet mark support.
  • nfqueue support (only for ip and ip6 families).
  • rule tracing support.
  • IPv6 and inet reject support.

3.15

  • Comments per rule support.
  • IPv4 reject support.

3.16

  • connlabel support.

3.17

  • log and nflog support for ip, ip6, arp and bridge families.

3.18

  • masquerading support.
  • meta cpu, devgroup matching.
  • reject bridge support.
  • destroy table and its content, ie. nft flush ruleset.

3.19

  • redirect support.

4.0

  • Mostly fixes.

4.1

Major updates in the generic set infrastructure:

  • Concatenations.
  • Timeout per set elements.
  • Comments per set elements.
  • Dynamic set instantiation.

4.2

  • New 'netdev' family for filtering from ingress.
  • Context to x_tables extensions to know if they run from nft_compat.

4.3

  • Enhancements for the limit expression, support for ratelimit bytes/time unit.
  • Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
  • VLAN header matching support when NIC support offloads.

4.10

  • notrack support

4.15

  • Fetch single elements of a set (i.e, nft get element)

4.16

  • flowtable support