nftlb changelog

Complete nftlb ChangeLog

nftlb 0.6 (31 Mar 2020)

– farms: disable static sessions deletion after farm down
– sessions: delete static sessions when modifying the persistence structure
– farms: fix farm limit objects reload
– backends: fix start backend low priority with stateful object
– nft: fix delete filter elements when its not needed
– server: fix sigfault during a bad request
– server: return not found during a get farm that doesn’t exist
– policies: revert farms used counter in json dump
– sessions: fix backend marks used in session persistence
– sessions: support of deletion of timed sessions via API
– tests: add pre and post script for every test case
– farms: fix reload of tcpstrict and nfqueue
– server: unify api error messages and add verbose of the error
– server: fix sigsegv after requesting non existent URI key
– farms: fix helper rules generation
– nft: fix forward map reload based on backends
– src: apply pre and pos actionable when the attribute has changed
– nft: use backend marks in forward chain
– backends: reload farm in case of updating priority of a down backend
– backends: delete unused farm pointer in backends set priority
– backends: recalculate backends available when changing the backend priority
– src: remove unneeded debug messages
– policies: disable printing of automatic parameters and avoid the priority -1
– backends: fix backend action when is not available
– tests: improve api testing system and remove obsolete DESC parameter
– config: avoid to print unknown key as null
– nft: optimize static sessions rules to avoid to enter to dynamic map
– farms: do not return error when the farm doesn’t need to be rulerized
– server: fix sigsegv when returned rules generation error
– config: improve parsing error messages
– main: simplify previous nftlb tables check
– main: detect and clean any previous nftlb tables
– nft: avoid to flush the whole nft ruleset when deleting all farms
– config: improve api response messages
– nft: fix dynamic persistence rules
– farms: fix stateless dnat source MAC in order to ensure a consistent traffic
– server: modify source code to fully support ipv6
– sessions: introduce static and dynamic sessions support for DSR and stateless DNAT
– backends: use farm source address when available
– farms: disable network discovery when configured loopback network devices
– tests: rename api tests directories to a human-readable format
– tests: fix tests in order to force a given ether address
– backends: fix “force up status when configuring config_error”
– network: fix ether address discovery for ipv4 and ipv6
– farms: fix log level for some debug messages
– backends: force up status when configuring config_error
– policies: add support of _family_ attribute to introduce ipv6 policies
– backends: ensure to validate backends during map generation
– elements: start element when created
– farms: avoid configuring a config_err state
– farms: avoid to set priority 0
– policies: do not store elements
– nft: fix dynamic persistence rules
– network: introduce support of dual-stack in the networking layer
– nft: fix generation of ipv6 filter chain
– nft: add option to serialize nft commands
– nft: fix flow offload testing cases
– nft: refactorize farm log-prefix rules
– tests: fix flowoffload test output
– farms: introduce support of flow offload
– backends: delete unused parameter in backend switch
– nft: avoid to log per virtual service twice
– sessions: delete debug messages
– sessions: add static and dynamic session support
– farms: add support for local services
– nft: refactor chain base generation to add forward chain support
– tests: fix test files
– nft: simplify the chain and services name generation
– farms: enable several outbound interfaces for stateless dnat
– farms: fix won’t rulerize for stateless dnat without backends
– farms: support of stateless dnat direct clients
– farms: fix masquerade bit with masquerade
– farms: remove double generation of network interface index
– backends: use backend output interface whenever is possible
– backend: support of output interface per backend
– readme: delete low level networking input parameters
– backends: fix output interface calling when setting a new ip address
– farms: fix segfault when configuring stateless dnat
– backends: force to one element if the backend is uniquely identified
– nft: fix source address mapping in farm single port
– elements: fix flushing elements in policies
– farms: fix source address mapping with multiport virtual services
– nft: avoid sprintf over the same buffer
– farms: fix stopping farm while deleting service
– tests: allow to stop in an api call
– backends: fix backend status while removing all farms
– backends: enable mixed source natting per backend
– tests: refactor the test system for better maintenance
– policies: create sets with auto-merge by default
– policies: load elements if policy is not empty
– policies: optimize rulerization of policies
– nft: avoid zero marks
– backends: fix backend with mark 0x0
– backends: fix reload backends with source address
– farms: fix error parsing object in level -1 with limits
– server: add client request log info
– main: retrieve and print segfault signals
– tests: add api test to change the port per backend
– tests: enhance the api testing by not removing the reports files when it’s unknown
– backends: enable masquerade and configurable source address per backend
– farms: fix object rulerization
– policies: fix rules creation and deletion of policies
– tests: add api tests for policies
– farms: fix rulerize everything stops after wont rulerize
– farms: add api test case for deleting farms
– backends: fix priority generation after node deletion
– tests: create more api tests
– farms: make farms rulerize loop safe
– backends: fix priority generation
– main: implement daemon mode
– tests: classify the api testing system
– nft: fix filter table regeneration after farms flush
– tests: new api specific testing system
– server: fix rules deletion when deleting a backend
– backends: fix free of default macro defined log prefix
– nft: fix mark print output in backends map
– src: add support of log prefix
– tests: fix test nft output with the latest changes
– backends: add support of source address per backend
– readme: update rst rtlimit burst option

nftlb 0.5 (4 Jun 2019)

– farms: support of security policies for ingress modes
– backends: support of backend port natting
– backends: support of connection limits per backend
– nft: rewrite meters with stateful sets for limits
– server: support of Expect 100-Continue in PUT requests
– server: fix content length management to gather the request
– improve backends availability accounting

nftlb 0.4 (18 Mar 2019)

New features
– farms: add persistence between client and backend during a timeout
– policies: support of security policies per virtual service
– farms: support of queuing packets to userspace per service
– farms: support of tcp flow validation per service
– farms: support of max established connections per virtual service per source address
– farms: support of tcp resets per second allowed per virtual service per source address
– farms: support of new connections limit per second per virtual service and optional burst
– farms: add configurable hashing parameters
– src: support of delete all farms at once

– nft: refactor farm rules generation code
– server: add long body support
– config: parsing json values hardening
– nft: fix helpers rules according to protocol
– readme: update the new parameter tcp-strict to avoid bogus tcp attacks
– farms: enable mac discovery for stateless dnat
– main: hide the key parameter when the process is running for security reasons
– nft: separate services by interface name for ingress modes
– farms: force the network data reload when changing the virtual ip
– farm: set masquerade if source addr is empty
– nft: add prerouting filter chain for marking and helpers
– buffer: remove debug messages
– farm: set default scheduler parameter for hash algorithm only
– config: use string keys as much as possible
– readme: add stateless nat mode option
– tests: allow launch of one single test without service
– buffer: fix code indentation
– backends: only actionable if the backend is available
– backends: declare actionable functions
– buffer: support of scalable buffer
– backends: enable restart of backends after configuration
– nft: apply reset action per farm and backends
– nft: generalize actions for add or deletion postrouting elements
– farms: rename farm source-addr attribute instead of src-addr
– config: print marks in hex format
– tests: support to launch tests through web api
– build: move -lev to LDADD
– build: move preprocessor flags to CPPFLAGS

– config: return error when an object has not been selected
– backends: avoid go to config_error after setting dnat ip addresses
– nft: fix stateless dnat rules when the input and output interfaces are different
– nft: fix service name for stateless nat
– backend: fix backend validation during automated mac address request
– network: protect double free in handle
– server: fix double free segfault
– backends: fix backend validation when applying dsr mode
– farms: strim virtual interfaces for ingress chains
– nft: fix add element filter rules in reload
– nft: fix stateless dnat rules actions
– nft: avoid the use of filter chain and backend marks for ingress
– nft: avoid empty rules in filter chain when there is no backends
– backends: apply reload if changing the state of a backend
– nft: fix skb mark insertion from ct mark in filter chain
– nft: fix flush and delete chain filter
– nft: fix delete filter service and chain
– nft: fix delete elements from filter chain
– nft: avoid rules generation if there is no backend available
– backends: fix backend availability for ingress modes
– logs: fix set log level at startup
– objects: avoid buffer copy overlap
– buffer: fix typo in error message
– backends: fix backend going down
– Remove config.h file from .gitignore
– src: fix string copy sizes
– src: add a cleanup parsing structure to avoid null objects references
– config: fix farm mark json dump
– server: fix parse input body that produces buffer parsing error

nftlb 0.3 (15 Nov 2018)
This release is integrated in kubernetes as kube-nftlb

New features
– network: generalize netlink request to ask for routing data
– farms: new mode stateless dnat
– farms: add l7 helpers support
– farms: add input logging support
– farms: support of farm renaming with the ‘newname’ attribute
– farms: add mark flow support per virtual service
– nft: add flow mark per backend and farm using masks
– src: add custom source ip address configuration instead of masquerading

– events: generalize event loop
– farms: include new attributes for interface and mac address management
– network: add support to interoperate with some network discovery functions
– src: refactorization and api simplification
– events: generalize netlink event for dsr
– farms: make dsr counter global
– backends: include a new backend state config_error
– src: silent fallthrough warning
– backends: ensure the backends list is empty when configuring the
output interface
– farms: validate and rulerize per farm
– config: avoid to print auto-generated information of a farm
– farms: validate and check the farm status before rulerize
– server: expand the server buffer data
– readme: add new examples
– tests: improve diff output format
– nft: improve modularization of nft rules generation
– server: set SO_REUSEADDR socket flag
– main: initial signal handler skeleton
– server: add struct nftlb_client
– server: add struct nftlb_http_state
– server: add nftlb_http_send_response()
– server: add body response field to struct nftlb_http_state
– src: do no use EXIT_{SUCCESS,FAILURE}
– server: statify objects that are only used from server.c
– server: remove unnecessary definitions

– config: dump configuration with indented JSON
– nft: fix dsr rules to set the mac address instead of matching
– backend: fix update backend status when switching from down to up
– nft: avoid add rules if no backends are available
– objects: set right initial state for farms and backends
– farms: fix start-stop actions
– backends: input validation for net_get_neigh_ether()
– nft: fix stateless nat backend to client rule
– nft: fix udp ipv6 services name
– server: fix some web server memory leaks
– tests: fix some tests cases

nftlb 0.2 (14 May 2018)

– 3 topologies supported: Destination NAT, Source NAT and Direct
Server Return. This enables the load balancer to be setup in
one-armed and two-armed network architectures.
– support for both IPv4 and IPv6 families.
– multilayer capabilities: MAC based LB in layer 2, IP based LB
with protocol-agnostic at layer 3, and support of UDP, TCP and
SCTP LB at layer 4.
– multiport support for ranges and lists of ports.
– support of multiple virtual services setup.
– schedulers available: weight, round robin, hash and symmetric
– priority support per backend.
– JSON API service for monitoring, automation and management.
– web service authentication with a security key.
– automated testbed.

nftlb 0.1 (27 Feb 2018)

– Initial version

Was this article helpful?

Related Articles

Download Skudonet ADC Load Balancer
Community Edition

Source Code

A versatile and installable ADC system designed for diverse vendor hardware.


Installable ISO 

Load Balancing as a Service alongside an ADC orchestration toolkit.

Download Community Edition

Download Community Edition

“We manage the information you provide with the sole aim of assisting with your requests or queries in regards to our products or services; applying the computer and security procedures to ensure its protection. Your data can be rectified or removed upon request but won’t be offered to any third parties, unless we are legally required to do so.” Responsible: SKUDONET SL -