Difference between revisions of "List of updates since Linux kernel 3.13"
Jump to navigation
Jump to search
(add 5.6 reference) |
(cross-link to cli updates page) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
A listing of the development progress. | A listing of the development progress on the kernel side. See also [[List of updates in the nft command line tool]]. | ||
== 6.3 == | |||
* Support for 'nft destroy' | |||
== 6.2 == | |||
* Support for inner header matching, such as "udp dport 6081 geneve ip saddr 10.141.11.2" | |||
== 5.17 == | |||
* fwd command in egress hook | |||
== 5.16 == | |||
* netdev egress hook | |||
== 5.11 == | |||
* multiple expression support for sets (e.g., so a set can have both a limit and a counter) | |||
== 5.10 == | |||
* Support for ingress hook in inet family | |||
* Support for comments on tables, chains, sets, maps, stateful objects, etc. | |||
== 5.7 == | |||
* Support for stateful expressions (e.g. counters) on set elements | |||
== 5.6 == | == 5.6 == | ||
* Support for ranges (intervals) in concatenations | * Support for ranges (intervals) in [[concatenations]] | ||
== 5.4 == | |||
* meta time / hour / day | |||
== 5.3 == | |||
* [[Bridge filtering#Stateful_filtering|conntrack support for the ''bridge'' family]] | |||
* th expression for [[Matching packet headers#Matching_UDP.2FTCP_headers_in_the_same_rule|matching UDP/TCP headers in the same rule]] | |||
* [[synproxy]] statement | |||
== 5.2 == | |||
* Support for NAT in inet family | |||
== 5.0 == | |||
* ipsec / xfrm expressions | |||
== 4.20 == | |||
* [[secmark]] support | |||
== 4.19 == | |||
* tproxy statement | |||
== 4.18 == | |||
* nftables NAT is no longer incompatible with iptables NAT | |||
* [[connlimits]] (but buggy until 4.19.10!) | |||
* [[Meters#Doing_connlimit_with_nft|ct count]] | |||
* log level audit | |||
== 4.16 == | == 4.16 == | ||
| Line 12: | Line 74: | ||
* Fetch single elements of a set (i.e, nft get element) | * Fetch single elements of a set (i.e, nft get element) | ||
== 4.14 == | |||
* PMTU calculation / MSS clamping ([[Mangling_packet_headers#Mangling TCP options|tcp option maxseg size set rt mtu]]) | |||
== 4.12 == | |||
* [[Setting_packet_connection_tracking_metainformation#ct_helper_set_-_Assign_conntrack_helper|ct helper set]] | |||
== 4.10 == | == 4.10 == | ||
* notrack support | * notrack support | ||
* [[stateful objects]] | |||
* nexthop and fib, for [[matching routing information]] | |||
* improved [[Mangling packet headers|packet mangling]] support | |||
== 4.6 == | |||
* [[Ruleset debug/tracing]] | |||
== 4.5 == | |||
* [[Meters]] | |||
== 4.3 == | == 4.3 == | ||
| Line 32: | Line 113: | ||
Major updates in the generic set infrastructure: | Major updates in the generic set infrastructure: | ||
* Concatenations. | * [[Concatenations]]. | ||
* Timeout per set elements. | * Timeout per set elements. | ||
* Comments per set elements. | * Comments per set elements. | ||
Latest revision as of 16:17, 5 January 2024
A listing of the development progress on the kernel side. See also List of updates in the nft command line tool.
6.3
- Support for 'nft destroy'
6.2
- Support for inner header matching, such as "udp dport 6081 geneve ip saddr 10.141.11.2"
5.17
- fwd command in egress hook
5.16
- netdev egress hook
5.11
- multiple expression support for sets (e.g., so a set can have both a limit and a counter)
5.10
- Support for ingress hook in inet family
- Support for comments on tables, chains, sets, maps, stateful objects, etc.
5.7
- Support for stateful expressions (e.g. counters) on set elements
5.6
- Support for ranges (intervals) in concatenations
5.4
- meta time / hour / day
5.3
- conntrack support for the bridge family
- th expression for matching UDP/TCP headers in the same rule
- synproxy statement
5.2
- Support for NAT in inet family
5.0
- ipsec / xfrm expressions
4.20
- secmark support
4.19
- tproxy statement
4.18
- nftables NAT is no longer incompatible with iptables NAT
- connlimits (but buggy until 4.19.10!)
- ct count
- log level audit
4.16
- flowtable support
4.15
- Fetch single elements of a set (i.e, nft get element)
4.14
- PMTU calculation / MSS clamping (tcp option maxseg size set rt mtu)
4.12
4.10
- notrack support
- stateful objects
- nexthop and fib, for matching routing information
- improved packet mangling support
4.6
4.5
4.3
- Enhancements for the limit expression, support for ratelimit bytes/time unit.
- Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
- VLAN header matching support when NIC support offloads.
4.2
- New 'netdev' family for filtering from ingress.
- Context to x_tables extensions to know if they run from nft_compat.
4.1
Major updates in the generic set infrastructure:
- Concatenations.
- Timeout per set elements.
- Comments per set elements.
- Dynamic set instantiation.
4.0
- Mostly fixes.
3.19
- redirect support.
3.18
- masquerading support.
- meta cpu, devgroup matching.
- reject bridge support.
- destroy table and its content, ie. nft flush ruleset.
3.17
- log and nflog support for ip, ip6, arp and bridge families.
3.16
- connlabel support.
3.15
- Comments per rule support.
- IPv4 reject support.
3.14
- set packet mark support.
- nfqueue support (only for ip and ip6 families).
- rule tracing support.
- IPv6 and inet reject support.
3.13
- nf_tables merged mainstream.