[openwrt/openwrt] iptables: update to 1.8.6
LEDE Commits
lede-commits at lists.infradead.org
Sat Jan 9 04:24:07 EST 2021
dedeckeh pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/2e590a63645a5c89ad752abfe36458dc0f49c739
commit 2e590a63645a5c89ad752abfe36458dc0f49c739
Author: Curtis Deptuck <curtdept at me.com>
AuthorDate: Wed Dec 2 17:28:39 2020 -0700
iptables: update to 1.8.6
Update iptables to 1.8.6
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt
Refresh patch:
101-remove-check-already.patch
Signed-off-by: Curtis Deptuck <curtdept at me.com>
Signed-off-by: Hans Dedecker <dedeckeh at gmail.com> [refresh patches]
---
package/network/utils/iptables/Makefile | 4 ++--
.../patches/010-add-set-dscpmark-support.patch | 25 ++++++++--------------
.../patches/101-remove-check-already.patch | 12 +++++------
.../patches/102-iptables-disable-modprobe.patch | 4 ++--
.../patches/200-configurable_builtin.patch | 2 +-
.../utils/iptables/patches/600-shared-libext.patch | 4 ++--
.../patches/700-disable-legacy-revisions.patch | 20 ++++++++---------
7 files changed, 32 insertions(+), 39 deletions(-)
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 616274ebdd..c4b87f0df6 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.8.4
+PKG_VERSION:=1.8.6
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c
+PKG_HASH:=a0f4fe0c3eb8faa5bd9c8376d132f340b9558e750c91deb2d5028aa3d0047767
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
diff --git a/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch b/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch
index fb6978e6f7..9a5de639aa 100644
--- a/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch
+++ b/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch
@@ -15,8 +15,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
include/linux/netfilter/xt_connmark.h | 10 +
2 files changed, 324 insertions(+), 1 deletion(-)
-diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
-index 21e10913..c777b110 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -22,6 +22,7 @@
@@ -47,7 +45,7 @@ index 21e10913..c777b110 100644
};
static const char *const xt_connmark_shift_ops[] = {
-@@ -114,6 +118,8 @@ static const struct xt_option_entry connmark_tg_opts[] = {
+@@ -114,6 +118,8 @@ static const struct xt_option_entry conn
.excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)},
{.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32,
.excl = F_CTMASK | F_NFMASK},
@@ -56,7 +54,7 @@ index 21e10913..c777b110 100644
XTOPT_TABLEEND,
};
#undef s
-@@ -148,6 +154,38 @@ static const struct xt_option_entry connmark_tg_opts_v2[] = {
+@@ -148,6 +154,38 @@ static const struct xt_option_entry conn
};
#undef s
@@ -111,7 +109,7 @@ index 21e10913..c777b110 100644
static void connmark_tg_init(struct xt_entry_target *target)
{
struct xt_connmark_tginfo1 *info = (void *)target->data;
-@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct xt_entry_target *target)
+@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct x
info->shift_bits = 0;
}
@@ -128,7 +126,7 @@ index 21e10913..c777b110 100644
static void CONNMARK_parse(struct xt_option_call *cb)
{
struct xt_connmark_target_info *markinfo = cb->data;
-@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_option_call *cb)
+@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_
info->ctmark = cb->val.u32;
info->ctmask = 0;
break;
@@ -152,7 +150,7 @@ index 21e10913..c777b110 100644
case O_SAVE_MARK:
info->mode = XT_CONNMARK_SAVE;
break;
-@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct xt_option_call *cb)
+@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct
}
}
@@ -231,7 +229,7 @@ index 21e10913..c777b110 100644
static void connmark_tg_check(struct xt_fcheck_call *cb)
{
if (!(cb->xflags & F_OP_ANY))
-@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, const struct xt_entry_target *target,
+@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, con
}
}
@@ -297,7 +295,7 @@ index 21e10913..c777b110 100644
static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_connmark_target_info *markinfo =
-@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, const struct xt_entry_target *target)
+@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, cons
}
}
@@ -336,7 +334,7 @@ index 21e10913..c777b110 100644
static int connmark_tg_xlate(struct xt_xlate *xl,
const struct xt_xlate_tg_params *params)
{
-@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl,
+@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct x
return 1;
}
@@ -403,7 +401,7 @@ index 21e10913..c777b110 100644
static struct xtables_target connmark_tg_reg[] = {
{
.family = NFPROTO_UNSPEC,
-@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg_reg[] = {
+@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg
.x6_options = connmark_tg_opts_v2,
.xlate = connmark_tg_xlate_v2,
},
@@ -426,8 +424,6 @@ index 21e10913..c777b110 100644
};
void _init(void)
-diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
-index bbf2acc9..1d8e721c 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -18,6 +18,11 @@ enum {
@@ -454,6 +450,3 @@ index bbf2acc9..1d8e721c 100644
struct xt_connmark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
---
-2.21.0 (Apple Git-122.2)
-
diff --git a/package/network/utils/iptables/patches/101-remove-check-already.patch b/package/network/utils/iptables/patches/101-remove-check-already.patch
index 98e825f016..16afafec2d 100644
--- a/package/network/utils/iptables/patches/101-remove-check-already.patch
+++ b/package/network/utils/iptables/patches/101-remove-check-already.patch
@@ -1,9 +1,9 @@
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
-@@ -903,12 +903,6 @@ static void xtables_check_options(const
+@@ -968,12 +968,6 @@ void xtables_register_match(struct xtabl
+ struct xtables_match **pos;
+ bool seen_myself = false;
- void xtables_register_match(struct xtables_match *me)
- {
- if (me->next) {
- fprintf(stderr, "%s: match \"%s\" already registered\n",
- xt_params->program_name, me->name);
@@ -13,10 +13,10 @@
if (me->version == NULL) {
fprintf(stderr, "%s: match %s<%u> is missing a version\n",
xt_params->program_name, me->name, me->revision);
-@@ -1096,12 +1090,6 @@ void xtables_register_matches(struct xta
+@@ -1152,12 +1146,6 @@ void xtables_register_target(struct xtab
+ struct xtables_target **pos;
+ bool seen_myself = false;
- void xtables_register_target(struct xtables_target *me)
- {
- if (me->next) {
- fprintf(stderr, "%s: target \"%s\" already registered\n",
- xt_params->program_name, me->name);
diff --git a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch
index 0866118440..b8e19c781a 100644
--- a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch
+++ b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch
@@ -1,6 +1,6 @@
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
-@@ -360,6 +360,7 @@ static char *get_modprobe(void)
+@@ -403,6 +403,7 @@ static char *get_modprobe(void)
int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
{
@@ -8,7 +8,7 @@
char *buf = NULL;
char *argv[4];
int status;
-@@ -394,6 +395,7 @@ int xtables_insmod(const char *modname,
+@@ -437,6 +438,7 @@ int xtables_insmod(const char *modname,
free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0;
diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch
index 5788a829b0..6d7b5b5822 100644
--- a/package/network/utils/iptables/patches/200-configurable_builtin.patch
+++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch
@@ -60,7 +60,7 @@
.SECONDARY:
-@@ -148,11 +168,11 @@ libext4.a: initext4.o ${libext4_objs}
+@@ -161,11 +181,11 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch
index 7b798b7fda..819f628f9e 100644
--- a/package/network/utils/iptables/patches/600-shared-libext.patch
+++ b/package/network/utils/iptables/patches/600-shared-libext.patch
@@ -9,7 +9,7 @@
targets_install :=
libext_objs := ${pfx_objs}
libext_ebt_objs := ${pfb_objs}
-@@ -119,7 +119,7 @@ clean:
+@@ -132,7 +132,7 @@ clean:
distclean: clean
init%.o: init%.c
@@ -18,7 +18,7 @@
-include .*.d
-@@ -151,22 +151,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
+@@ -164,22 +164,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
# handling code in the Makefiles.
#
lib%.o: ${srcdir}/lib%.c
diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
index 86715fc8e7..cc451ef959 100644
--- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
+++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
@@ -1,6 +1,6 @@
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
-@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x
+@@ -1395,6 +1395,7 @@ static int conntrack3_mt6_xlate(struct x
}
static struct xtables_match conntrack_mt_reg[] = {
@@ -8,7 +8,7 @@
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt
+@@ -1470,6 +1471,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias,
.x6_options = conntrack2_mt_opts,
},
@@ -16,7 +16,7 @@
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt
+@@ -1502,6 +1504,7 @@ static struct xtables_match conntrack_mt
.x6_options = conntrack3_mt_opts,
.xlate = conntrack3_mt6_xlate,
},
@@ -24,7 +24,7 @@
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt
+@@ -1532,6 +1535,8 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse,
.x6_options = state_opts,
},
@@ -33,7 +33,7 @@
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt
+@@ -1561,6 +1566,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_parse,
.x6_options = state_opts,
},
@@ -43,7 +43,7 @@
void _init(void)
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
-@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x
+@@ -363,6 +363,7 @@ static int xlate_ct1_tg(struct xt_xlate
}
static struct xtables_target ct_target_reg[] = {
@@ -51,7 +51,7 @@
{
.family = NFPROTO_UNSPEC,
.name = "CT",
-@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r
+@@ -388,6 +389,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1,
},
@@ -59,15 +59,15 @@
{
.family = NFPROTO_UNSPEC,
.name = "CT",
-@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r
- .x6_parse = ct_parse_v1,
+@@ -403,6 +405,7 @@ static struct xtables_target ct_target_r
.x6_options = ct_opts_v1,
+ .xlate = xlate_ct1_tg,
},
+#ifndef NO_LEGACY
{
.family = NFPROTO_UNSPEC,
.name = "NOTRACK",
-@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r
+@@ -441,6 +444,7 @@ static struct xtables_target ct_target_r
.revision = 0,
.version = XTABLES_VERSION,
},
More information about the lede-commits
mailing list