[openwrt/openwrt] iptables: update to 1.6.2

LEDE Commits lede-commits at lists.infradead.org
Fri Feb 23 10:19:10 PST 2018

dedeckeh pushed a commit to openwrt/openwrt.git, branch master:

commit 2805402f868871a178a80198b990675bcc433699
Author: Ansuel Smith <ansuelsmth at gmail.com>
AuthorDate: Sat Feb 17 16:58:57 2018 +0100

    iptables: update to 1.6.2
    459b6932 policy: add nft translation for simple policy none/strict use case
    255e55b7 tests: xlate-test: no need to require superuser privileges
    6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
    13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
    c252a2b0 extensions: Add test for cluster nft translation
    bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
    88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
    64a0e098 extensions: libxt_cluster: Add translation to nft
    6067208f extensions: add support for 'srh' match
    0f387b07 extensions: hashlimit: fix incorrect burst in translations
    1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
    27de281d extensions: Add macro _DEFAULT_SOURCE.
    75364151 iptables: Remove const qualifier from struct option.
    8b0da213 iptables: masquerade: add randomize-full support
    e64db006 iptables: patch to correct linker flag sequence
    033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
    505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
    a6d6821a iptables: extensions: Fix MARK target help
    71de414c libxt_sctp: fix array out of range in print_chunk
    1a32381a extensions: add tests for ipcomp protocol
    4bd51770 tests: xlate: print output in same way as nft-test.py
    d0e3d95f libxt_recent: Remove ineffective checks for info->name
    23e6ed71 libxt_TOS: add tests for translation infrastructure
    9564595e Update .gitignore
    bebce197 iptables: iptables-compat translation for TCPMSS
    dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
    0e958281 iptables-translate: add test file for TCPMSS extension
    de3c68b6 iptables-compat: do not allow to delete populated user define chains
    f4b80ce7 iptables: change large file support handling
    f5b46c2f iptables: Constify option struct
    21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
    60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
    af468b6e utils: Add a man page for nfnl_osf
    1773dcaa utils: nfnl_osf: Fix synopsis in help text
    895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
    3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
    1c32e560 netfilter: xt_hashlimit: add rate match mode
    b5331f88 xtables-compat: fix memory leak when listing
    91ae12e3 xtables-compat-restore: fix several memory leaks
    79e1edd1 iptables-xml: Fix segfault on jump without a target
    c49a93f1 xtables-translate: fix double space before comment
    79fa7cc2 libip6t_icmp6: xlate: remove leftover space
    8e62f572 tests: xlate: generalize owner
    8d994bcf iptables: Add file output option to iptables-save
    f8e5ebc5 iptables: Fix crash on malformed iptables-restore
    80d8bfaa iptables: insist that the lock is held.
    c29d99c8 libxtables: Display weird character warning for wildcards
    1fe96cfb tests: xlate: check if it is being run as root
    3f92b259 tests: xlate: remove python 3.5 dependency
    d89dc47a iptables-restore/save: exit when given an unknown option
    65801d02 iptables-restore.8: document -w/-W options
    9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
    1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
    27f69f4a iptables: extensions: Remove typedef in struct.
    340105fa tests: add regression tests for xtables-translate
    b669e184 extensions: libxt_TOS: Add translation to nft
    b2a84476 iptables: Remove unnecessary braces.
    2963a8df iptables: Remove explicit static variables initalization.
    1cf4ba6f iptables: Constify option struct
    999eaa24 iptables-restore: support acquiring the lock.
    6e2e169e iptables: remove duplicated argument parsing code
    836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
    b91af533 iptables: set the path of the lock file via a configure option.
    0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
    48ad179b libxtables: abolish AI_CANONNAME
    9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
    c6df55d6 iptables-translate: print nft command for each expand rules via dns names
    82dacbb8 xtables-translate: Avoid querying the kernel
    9f972f45 extensions: libxt_addrtype: Add translation to nft
    2c8e251e utils: nfsynproxy: fix build with musl libc
    9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
    eb66632d extensions: libxt_hashlimit: Add translation to nft
    72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
    24f81746 xshared: do not lock again and again if "-w" option is not specified
    fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
    516d9191 iptables: update pf.os
    Signed-off-by: Ansuel Smith <ansuelsmth at gmail.com>
 package/network/utils/iptables/Makefile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 9c6abfb..ae9212a 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
@@ -506,6 +506,7 @@ CONFIGURE_ARGS += \
 	--enable-devel \
 	--with-kernel="$(LINUX_DIR)/user_headers" \
 	--with-xtlibdir=/usr/lib/iptables \
+	--with-xt-lock-name=/var/run/xtables.lock \
 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
 	$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
 	$(if $(CONFIG_IPV6),,--disable-ipv6)

More information about the lede-commits mailing list