Nftables reaches 1.0

Regarding bpfilter and its stagnation, I have a little story to tell. Back when bpfilter was new, Davem asked me if I'd lend a hand with the code generator (in the user-mode blob that translates iptables rulesets to BPF programs); I replied that I'd like to but that I couldn't find the documentation of the iptables uAPI/ABI and I didn't know it well enough to work without docs. (include/uapi/linux/netfilter_ipv4/ip_tables.h is… unenlightening.)

I heard nothing back, leading me to suspect that maybe the problem is that no-one *else* can remember all the corners of iptables either. 'The implementation is the spec' is fine until you want to replace the implementation.