Hi! I'm honored to present nftlb 0.6 nftlb stands for nftables load balancer, a user-space tool that builds a complete load balancer and traffic distributor using the nft infrastructure. nftlb is a nftables rules manager that creates virtual services for load balancing at layer 2, layer 3 and layer 4, minimizing the number of rules and using structures to match efficiently the packets. It comes with an easy JSON API service to control, to monitor and automate the configuration. Most important changes in this version are: * Support of static and dynamic sessions for all LB modes (NAT-based and ingress-based) with a configurable structure based on IPs, ports or MAC addresses. * Full session management via API. * Improvement of API error message responses. * Optimization of security policy lists and ipv6 support. * Option to send commands to nft in batches or serialized. * Support of local services, in cases where security policies managed by nftlb are required for non-forwarded services. * Support of dual-stack discovery for DSR and stateless-dNAT. * Support of several output interfaces for DSR and stateless-dNAT. * Support of connection tracking offload. For further details, please refer to the official repository: https://github.com/zevenet/nftlb You can download this tool from: https://github.com/zevenet/nftlb/releases/tag/v0.6 Special thanks to the issue reporters kerframil and zhanrox. Happy load balancing! -- Detailed changelog: – farms: disable static sessions deletion after farm down – sessions: delete static sessions when modifying the persistence structure – farms: fix farm limit objects reload – backends: fix start backend low priority with stateful object – nft: fix delete filter elements when its not needed – server: fix sigfault during a bad request – server: return not found during a get farm that doesn’t exist – policies: revert farms used counter in json dump – sessions: fix backend marks used in session persistence – sessions: support of deletion of timed sessions via API – tests: add pre and post script for every test case – farms: fix reload of tcpstrict and nfqueue – server: unify api error messages and add verbose of the error – server: fix sigsegv after requesting non existent URI key – farms: fix helper rules generation – nft: fix forward map reload based on backends – src: apply pre and pos actionable when the attribute has changed – nft: use backend marks in forward chain – backends: reload farm in case of updating priority of a down backend – backends: delete unused farm pointer in backends set priority – backends: recalculate backends available when changing the backend priority – src: remove unneeded debug messages – policies: disable printing of automatic parameters and avoid the priority -1 – backends: fix backend action when is not available – tests: improve api testing system and remove obsolete DESC parameter – config: avoid to print unknown key as null – nft: optimize static sessions rules to avoid to enter to dynamic map – farms: do not return error when the farm doesn’t need to be rulerized – server: fix sigsegv when returned rules generation error – config: improve parsing error messages – main: simplify previous nftlb tables check – main: detect and clean any previous nftlb tables – nft: avoid to flush the whole nft ruleset when deleting all farms – config: improve api response messages – nft: fix dynamic persistence rules – farms: fix stateless dnat source MAC in order to ensure a consistent traffic – server: modify source code to fully support ipv6 – sessions: introduce static and dynamic sessions support for DSR and stateless DNAT – backends: use farm source address when available – farms: disable network discovery when configured loopback network devices – tests: rename api tests directories to a human-readable format – tests: fix tests in order to force a given ether address – backends: fix “force up status when configuring config_error” – network: fix ether address discovery for ipv4 and ipv6 – farms: fix log level for some debug messages – backends: force up status when configuring config_error – policies: add support of _family_ attribute to introduce ipv6 policies – backends: ensure to validate backends during map generation – elements: start element when created – farms: avoid configuring a config_err state – farms: avoid to set priority 0 – policies: do not store elements – nft: fix dynamic persistence rules – network: introduce support of dual-stack in the networking layer – nft: fix generation of ipv6 filter chain – nft: add option to serialize nft commands – nft: fix flow offload testing cases – nft: refactorize farm log-prefix rules – tests: fix flowoffload test output – farms: introduce support of flow offload – backends: delete unused parameter in backend switch – nft: avoid to log per virtual service twice – sessions: delete debug messages – sessions: add static and dynamic session support – farms: add support for local services – nft: refactor chain base generation to add forward chain support – tests: fix test files – nft: simplify the chain and services name generation – farms: enable several outbound interfaces for stateless dnat – farms: fix won’t rulerize for stateless dnat without backends – farms: support of stateless dnat direct clients – farms: fix masquerade bit with masquerade – farms: remove double generation of network interface index – backends: use backend output interface whenever is possible – backend: support of output interface per backend – readme: delete low level networking input parameters – backends: fix output interface calling when setting a new ip address – farms: fix segfault when configuring stateless dnat – backends: force to one element if the backend is uniquely identified – nft: fix source address mapping in farm single port – elements: fix flushing elements in policies – farms: fix source address mapping with multiport virtual services – nft: avoid sprintf over the same buffer – farms: fix stopping farm while deleting service – tests: allow to stop in an api call – backends: fix backend status while removing all farms – backends: enable mixed source natting per backend – tests: refactor the test system for better maintenance – policies: create sets with auto-merge by default – policies: load elements if policy is not empty – policies: optimize rulerization of policies – nft: avoid zero marks – backends: fix backend with mark 0x0 – backends: fix reload backends with source address – farms: fix error parsing object in level -1 with limits – server: add client request log info – main: retrieve and print segfault signals – tests: add api test to change the port per backend – tests: enhance the api testing by not removing the reports files when it’s unknown – backends: enable masquerade and configurable source address per backend – farms: fix object rulerization – policies: fix rules creation and deletion of policies – tests: add api tests for policies – farms: fix rulerize everything stops after wont rulerize – farms: add api test case for deleting farms – backends: fix priority generation after node deletion – tests: create more api tests – farms: make farms rulerize loop safe – backends: fix priority generation – main: implement daemon mode – tests: classify the api testing system – nft: fix filter table regeneration after farms flush – tests: new api specific testing system – server: fix rules deletion when deleting a backend – backends: fix free of default macro defined log prefix – nft: fix mark print output in backends map – src: add support of log prefix – tests: fix test nft output with the latest changes – backends: add support of source address per backend – readme: update rst rtlimit burst option