build: bump release version to 2.0.9

Update library dependencies to latest available releases.
Add examples using nftables to the README file.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/README b/README
index 87c605f88d048b02308bba083febeb95ded7e359..9d7a7b5eefc6eda12e8db71981bdbf906d7c0b31 100644 (file)
--- a/README
+++ b/README
@@ -58,15 +58,45 @@ to use.
 = NFLOG usage
 
 At first a simple example, which passes every outgoing packet to the
-userspace logging, using nfnetlink group 3.
+userspace logging, using nfnetlink group 3, in nftables:
 
-iptables -A OUTPUT -j NFLOG --nflog-group 3
+  ``` ruleset.nft ```
+  table inet filter {
+      chain output {
+          type filter hook output priority filter; policy accept;
+
+          log group 3
+      }
+  }
+  ```
+
+in iptables:
+
+  # iptables -A OUTPUT -j NFLOG --nflog-group 3
 
 A more advanced one, passing all incoming tcp packets with destination
 port 80 to the userspace logging daemon listening on netlink multicast
-group 32. All packets get tagged with the ulog prefix "inp"
+group 32. All packets get tagged with the ulog prefix "inp", in nftables:
+
+  ``` ruleset.nft ```
+  table inet filter {
+      chain intput {
+          type filter hook input priority filter; policy accept;
+
+          tcp dport 80 log prefix "inp" group 32
+      }
+  }
+  ```
+
+in iptables:
+
+  # iptables -A INPUT -j NFLOG -p tcp --dport 80 --nflog-group 32 --nflog-prefix inp
+
+See man nft(8) and section LOG STATEMENT for complete information on NFLOG.
+
+You can load your nftables ruleset with:
 
-iptables -A INPUT -j NFLOG -p tcp --dport 80 --nflog-group 32 --nflog-prefix inp
+  # nft -f ruleset.nft
 
 See iptables -j NFLOG -h for complete information about NFLOG.
 

diff --git a/configure.ac b/configure.ac
index c4a84f366ddb24614f08171084c7bf690b40ff7f..55e6bc6576d86fa5fe7d2f821ac67feba2b7e94e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT([ulogd], [2.0.8])
+AC_INIT([ulogd], [2.0.9])
 AC_PREREQ([2.50])
 AC_CONFIG_AUX_DIR([build-aux])
 AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-xz 1.10b subdir-objects])
@@ -38,7 +38,7 @@ AC_SEARCH_LIBS([pthread_create], [pthread], [libpthread_LIBS="$LIBS"; LIBS=""])
 AC_SUBST([libpthread_LIBS])
 
 dnl Check for the right nfnetlink version
-PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
+PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.2])
 
 AC_ARG_ENABLE([nflog],
               [AS_HELP_STRING([--enable-nflog], [Enable nflog module [default=yes]])],
@@ -55,7 +55,7 @@ AC_ARG_ENABLE([nfct],
               [enable_nfct=$enableval],
               [enable_nfct=yes])
 AS_IF([test "x$enable_nfct" = "xyes"],
-      [PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.2])
+      [PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.1.0])
        AC_DEFINE([BUILD_NFCT], [1], [Building nfct module])],
       [enable_nfct=no])
 AM_CONDITIONAL([BUILD_NFCT], [test "x$enable_nfct" = "xyes"])
@@ -65,8 +65,8 @@ AC_ARG_ENABLE([nfacct],
               [enable_nfacct=$enableval],
               [enable_nfacct=yes])
 AS_IF([test "x$enable_nfacct" = "xyes"],
-      [PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
-       PKG_CHECK_MODULES([LIBNETFILTER_ACCT], [libnetfilter_acct >= 1.0.1])
+      [PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.5])
+       PKG_CHECK_MODULES([LIBNETFILTER_ACCT], [libnetfilter_acct >= 1.0.3])
        AC_DEFINE([BUILD_NFACCT], [1], [Building nfacct module])],
       [enable_nfacct=no])
 AM_CONDITIONAL([BUILD_NFACCT], [test "x$enable_nfacct" = "xyes"])