From 1fe54ec39a071ea3b06e6883e542dfdcf40d2840 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 15 May 2025 21:51:17 +0200
Subject: build: bump release version to 2.0.9

Update library dependencies to latest available releases.
Add examples using nftables to the README file.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 README       | 38 ++++++++++++++++++++++++++++++++++----
 configure.ac | 10 +++++-----
 2 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/README b/README
index 87c605f..9d7a7b5 100644
--- a/README
+++ b/README
@@ -58,15 +58,45 @@ to use.
 = NFLOG usage
 
 At first a simple example, which passes every outgoing packet to the
-userspace logging, using nfnetlink group 3.
+userspace logging, using nfnetlink group 3, in nftables:
 
-iptables -A OUTPUT -j NFLOG --nflog-group 3
+  ``` ruleset.nft ```
+  table inet filter {
+      chain output {
+          type filter hook output priority filter; policy accept;
+
+          log group 3
+      }
+  }
+  ```
+
+in iptables:
+
+  # iptables -A OUTPUT -j NFLOG --nflog-group 3
 
 A more advanced one, passing all incoming tcp packets with destination
 port 80 to the userspace logging daemon listening on netlink multicast
-group 32. All packets get tagged with the ulog prefix "inp"
+group 32. All packets get tagged with the ulog prefix "inp", in nftables:
+
+  ``` ruleset.nft ```
+  table inet filter {
+      chain intput {
+          type filter hook input priority filter; policy accept;
+
+          tcp dport 80 log prefix "inp" group 32
+      }
+  }
+  ```
+
+in iptables:
+
+  # iptables -A INPUT -j NFLOG -p tcp --dport 80 --nflog-group 32 --nflog-prefix inp
+
+See man nft(8) and section LOG STATEMENT for complete information on NFLOG.
+
+You can load your nftables ruleset with:
 
-iptables -A INPUT -j NFLOG -p tcp --dport 80 --nflog-group 32 --nflog-prefix inp
+  # nft -f ruleset.nft
 
 See iptables -j NFLOG -h for complete information about NFLOG.
 
diff --git a/configure.ac b/configure.ac
index c4a84f3..55e6bc6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT([ulogd], [2.0.8])
+AC_INIT([ulogd], [2.0.9])
 AC_PREREQ([2.50])
 AC_CONFIG_AUX_DIR([build-aux])
 AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-xz 1.10b subdir-objects])
@@ -38,7 +38,7 @@ AC_SEARCH_LIBS([pthread_create], [pthread], [libpthread_LIBS="$LIBS"; LIBS=""])
 AC_SUBST([libpthread_LIBS])
 
 dnl Check for the right nfnetlink version
-PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
+PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.2])
 
 AC_ARG_ENABLE([nflog],
               [AS_HELP_STRING([--enable-nflog], [Enable nflog module [default=yes]])],
@@ -55,7 +55,7 @@ AC_ARG_ENABLE([nfct],
               [enable_nfct=$enableval],
               [enable_nfct=yes])
 AS_IF([test "x$enable_nfct" = "xyes"],
-      [PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.2])
+      [PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.1.0])
        AC_DEFINE([BUILD_NFCT], [1], [Building nfct module])],
       [enable_nfct=no])
 AM_CONDITIONAL([BUILD_NFCT], [test "x$enable_nfct" = "xyes"])
@@ -65,8 +65,8 @@ AC_ARG_ENABLE([nfacct],
               [enable_nfacct=$enableval],
               [enable_nfacct=yes])
 AS_IF([test "x$enable_nfacct" = "xyes"],
-      [PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
-       PKG_CHECK_MODULES([LIBNETFILTER_ACCT], [libnetfilter_acct >= 1.0.1])
+      [PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.5])
+       PKG_CHECK_MODULES([LIBNETFILTER_ACCT], [libnetfilter_acct >= 1.0.3])
        AC_DEFINE([BUILD_NFACCT], [1], [Building nfacct module])],
       [enable_nfacct=no])
 AM_CONDITIONAL([BUILD_NFACCT], [test "x$enable_nfacct" = "xyes"])
-- 
cgit v1.2.3