openwrt/package/network/utils/iptables/Makefile

782 lines
20 KiB
Makefile
Raw Normal View History

#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
2005-03-21 08:12:49 +00:00
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
iptables: update to 1.8.8 Remove upstreamed patches: - 001-xtables-Call-init_extensions6-for-static-builds.patch - 002-xtables-Call-init_extensions_a_b.patch Fix patches: - 102-iptables-disable-modprobe.patch Fix warnings in the form of: xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function] 475 | static char *get_modprobe(void) | ^~~~~~~~~~~~ Backport patches: - 020-treewide-use-uint-instead-of-u_int.patch - 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch - 040-xshared-Fix-build-for-Werror-format-security.patch - 050-build-fix-error-during-out-of-tree-build.patch - 060-libxtables-unexport-init_extensions-declarations.patch Refresh patches: - 101-remove-check-already.patch - 102-iptables-disable-modprobe.patch - 200-configurable_builtin.patch - 600-shared-libext.patch - 700-disable-legacy-revisions.patch Remove from Makefile: $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/ Changelog: fa0ccdbd configure: bump version for 1.8.8 release 8468fd4f nft: Fix EPERM handling for extensions without rev 0 ce9195c6 extensions: LOG: Document --log-macdecode in man page 404f304d man: *NAT: Review --random* option descriptions 0a538259 extensions: DNAT: Merge core printing functions a7c2b728 libxtables: Revert change to struct xtables_pprot fd64a587 libxtables: Drop xtables_globals 'optstring' field 3b8a6a6f xshared: Extend xtables_printhelp() for arptables 8ff84eaf xshared: Move arp_opcodes into shared space adbfec0b extensions: MARK: Drop extra newline at end of help 1dcfb81e nft: split gen_payload() to allocate register and initialize expression 7e38890c nft: prepare for dynamic register allocation 165cafec nft: pass handle to helper functions to build netlink payload 94309632 nft: native mark matching support aa92ec96 nft: pass struct nft_xt_ctx to parse_meta() 4c70c42f nft-shared: update context register for bitwise expression 18c96821 extensions: man: Document service name support in DNAT and REDIRECT 72d542b6 extensions: Merge REDIRECT into DNAT 14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets 9621318b extensions: DNAT: Rename from libipt to libxt 2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also 7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code 3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers 070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified" 08c14fa6 man: DNAT: Describe shifted port range feature 24fff5d7 xlate-test: Fix for empty source line on failure ac4c84cc libxtables: Boost rule target checks by announcing chain names f58b0d74 libxtables: Implement notargets hash table b1aee6b2 nft: Reject standard targets as chain names when restoring b555bfed tests: shell: Fix 0004-return-codes_0 for static builds c293e116 nft: Review static extension loading 0836524f xtables: Call init_extensions{,a,b}() for static builds 6c689b63 Simplify static build extension loading 0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric 0c0cd434 nft: Don't pass command state opaque to family ops callbacks b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent 07ee529f nft: Speed up immediate parsing b5f2faea nft: Simplify immediate parsing 17534cb1 Improve error messages for unsupported extensions 2dbb49d1 libxtables: Register only the highest revision extension 07e2107e xshared: Implement xtables lock timeout using signals a3980769 tests: NFLOG: enable `--nflog-range` tests b8e8ac27 tests: support explicit variant test result adb03c3f tests: add `NOMATCH` test result 7a006c7d tests: iptables-test: rename variable b7f15b42 iptables.8: Describe the effect of multiple -v flags 1407a9c4 tests: iptables-test: Support variant deviation fc8f7289 nft: cache: Dump rules if debugging 73b91292 nft: Add debug output to table creation 51d9d9e0 ebtables: Support verbose mode ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains 17ed253f iptables-restore: Support for extra debug output a761a026 nft: Use verbose flag to toggle debug output 98e69b7e nft: add support for native tcp flag matching 92808bd5 nft-shared: add tcp flag dissection 6aba94ef nft: prefer native expressions instead of tcp match c034cf31 nft: prefer native expressions instead of udp match 5489493e nft-shared: support native udp port delinearize 5795a1b5 nft-shared: support native tcp port range delinearize 250dce87 nft-shared: support native tcp port delinearize ea5d45dc extensions: libxt_NFLOG: fix typo 26ecdf53 xshared: Fix response to unprivileged users b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` 05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases 62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG 30b178b9 extensions: *NAT: Kill multiple IPv4 range support 7ee5b970 tests: iptables-test: correct misspelt variable 223f02ca nft: fix indentation error. 5c2c2eea ip6tables: Use the shared do_parse, too 9baf3bf0 iptables: Use xtables' do_parse() function e4f5185d nft: Move proto_parse and post_parse callbacks to xshared ded7b579 xshared: Store parsed wait and wait_interval in xtables_args 62c3c93d xshared: Move do_parse to shared space 3039a52c xtables: Do not pass nft_handle to do_parse() ece001c2 xtables: Pass xtables_args to check_inverse() 17abaeb1 xtables: Pass xtables_args to check_empty_interface() dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h 98a4462f xtables: Pull table validity check out of do_parse() d83371c7 xtables: Drop xtables' family on demand feature 49aa44ba nft-shared: set correct register value b129b1cf iptables-*-restore: Drop pointless line reference 316d8efb libxtables: Extend basic_exit_err() 4bff5aef xtables_globals: Embed variant name in .program_version 51e5d293 xshared: Share exit_tryhelp() 56ac0452 xshared: Share a common printhelp function 4149b5d8 xshared: Share print_match_save() between legacy ip*tables 273d88a7 extensions: tcpmss: add iptables-translate support 7213561d xshared: Make load_proto() static cf14b92b nft-shared: Drop unused function print_proto() 24f30842 xshared: Share print_header() with legacy iptables a323c283 xshared: Share print_fragment() with legacy 1d73cec0 xshared: Share print_rule_details() with legacy e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy 22f2e1fc xshared: Share save_rule_details() with legacy 766e4872 xshared: Share print_iface() function b5881e7f nft: Change whitespace printing in save_rule callback 1189d830 xshared: Merge and share parse_chain() 1eab8e83 extensions: hashlimit: Fix tests with HZ=1000 afa525ee xlate-test: Print full path if testing all files b8d5271d Unbreak xtables-translate 0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c 142cf724 xtables: arptables accepts empty interface names ab0a785a xtables: Derive xtables_globals from family 6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic 832a0e2b nft-arp: Introduce post_parse callback 0aea399d arptables: Use standard data structures when parsing fe83b12f libxtables: Introduce xtables_globals print_help callback 0687852d xtables-standalone: Drop version number from init errors dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions 38e1fe58 xtables: Simplify addr_mask freeing cfdda180 nft-shared: Introduce init_cs family ops callback 65b150ae xshared: Store optstring in xtables_globals 2e6014c7 nft: Introduce builtin_tables_lookup() db90ff64 tests: shell: fix bashism 45d8f769 nft: Delete builtin chains compatibly e865a853 nft-chain: Introduce base_slot field f9b33967 nft: Check base-chain compatibility when adding to cache 43189612 nft: cache: Avoid double free of unrecognized base-chains 040a15f2 xtables-translate: add missing argument and option to usage 2ed6dc75 tests: iptables-test: Fix conditional colors on stderr 63ab4fe3 ebtables: Avoid dropping policy when flushing b714d45d iptables-test.py: print with color escapes only when stdout isatty 481626bb tests: shell: Return non-zero on error 7559af83 tests: iptables-test: Exit non-zero on error c057939d tests: xlate-test: Exit non-zero on error a8da7186 tests: iptables-test: Print errors to stderr 5166c445 tests: xlate-test: Print errors to stderr fa78ff15 tests: xlate-test: Don't skip any input after the first empty line fcbe454b tests: iptables-test: Fix missing chain case 61e85e31 iptables-nft: allow removal of empty builtin chains 544e7dc1 Fix a few doc typos e438b976 nft: Use xtables_{m,c}alloc() everywhere ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add() cf410aa6 extensions: libxt_mac: Fix for missing space in listing 7ae14dc1 iptables-test: Make netns spawning more robust bef9dc57 extensions: hashlimit: Fix tests with HZ=100 943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule ef7781eb libxtables: exit if called by setuid executeable 8629c53f tests/shell: Assert non-verbose mode is silent 57d1422d nft: Fix for non-verbose check command 26318637 ebtables: Dump atomic waste 765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options e727ccad xtables: Call init_extensions6() for static builds 9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports c8145139 extensions: libxt_conntrack: simplify translation using negation 1c934617 extensions: libxt_tcp: rework translation to use flags match representation bb01e33d extensions: libxt_connlimit: add translation 62828a6a tests: xlate-test: support multiline expectation ba863c4b libxtables: extend xlate infrastructure 68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy() 9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any() 084671d5 iptables-apply: Drop unused variable 0729ab37 nft: Avoid buffer size warnings copying iface names eab75ed3 nft: Avoid memleak in error path of nft_cmd_new() ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask() 8bb5bcae extensions: libebt_ip6: Drop unused variables 97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() 5818be17 extensions: sctp: Translate --chunk-types option a61282ec extensions: sctp: Fix nftables translation 556f7044 Use proto_to_name() from xshared in more places eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function 9dc50b5b xshared: Merge invflags handling code 3664249f xshared: Eliminate iptables_command_state->invert f647f61f xtables: Make invflags 16bit wide 616800af extensions: SECMARK: Implement revision 1 1e984079 nft-arp: Make use of ipv4_addr_to_string() acac2dbe Eliminate inet_aton() and inet_ntoa() 9084ef29 extensions: sctp: Explain match types in man page a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets fdf64dcd nft: cache: Sort chains on demand only c5d9a723 fix build for missing ETH_ALEN definition 18d7535d extensions: libxt_conntrack: use bitops for status negation 18e334da extensions: libxt_conntrack: use bitops for state negation 831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit 46f9d3a9 xtables-translate: Fix translation of odd netmasks 330f5df0 nft: Fix bitwise expression avoidance detection 5f1fcace iptables-nft: fix -Z option c9441657 include: Drop libipulog.h 30c1d443 ebtables: Exit gracefully on invalid table names Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-05-14 05:04:12 +00:00
PKG_VERSION:=1.8.8
PKG_RELEASE:=2
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
iptables: update to 1.8.8 Remove upstreamed patches: - 001-xtables-Call-init_extensions6-for-static-builds.patch - 002-xtables-Call-init_extensions_a_b.patch Fix patches: - 102-iptables-disable-modprobe.patch Fix warnings in the form of: xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function] 475 | static char *get_modprobe(void) | ^~~~~~~~~~~~ Backport patches: - 020-treewide-use-uint-instead-of-u_int.patch - 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch - 040-xshared-Fix-build-for-Werror-format-security.patch - 050-build-fix-error-during-out-of-tree-build.patch - 060-libxtables-unexport-init_extensions-declarations.patch Refresh patches: - 101-remove-check-already.patch - 102-iptables-disable-modprobe.patch - 200-configurable_builtin.patch - 600-shared-libext.patch - 700-disable-legacy-revisions.patch Remove from Makefile: $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/ Changelog: fa0ccdbd configure: bump version for 1.8.8 release 8468fd4f nft: Fix EPERM handling for extensions without rev 0 ce9195c6 extensions: LOG: Document --log-macdecode in man page 404f304d man: *NAT: Review --random* option descriptions 0a538259 extensions: DNAT: Merge core printing functions a7c2b728 libxtables: Revert change to struct xtables_pprot fd64a587 libxtables: Drop xtables_globals 'optstring' field 3b8a6a6f xshared: Extend xtables_printhelp() for arptables 8ff84eaf xshared: Move arp_opcodes into shared space adbfec0b extensions: MARK: Drop extra newline at end of help 1dcfb81e nft: split gen_payload() to allocate register and initialize expression 7e38890c nft: prepare for dynamic register allocation 165cafec nft: pass handle to helper functions to build netlink payload 94309632 nft: native mark matching support aa92ec96 nft: pass struct nft_xt_ctx to parse_meta() 4c70c42f nft-shared: update context register for bitwise expression 18c96821 extensions: man: Document service name support in DNAT and REDIRECT 72d542b6 extensions: Merge REDIRECT into DNAT 14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets 9621318b extensions: DNAT: Rename from libipt to libxt 2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also 7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code 3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers 070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified" 08c14fa6 man: DNAT: Describe shifted port range feature 24fff5d7 xlate-test: Fix for empty source line on failure ac4c84cc libxtables: Boost rule target checks by announcing chain names f58b0d74 libxtables: Implement notargets hash table b1aee6b2 nft: Reject standard targets as chain names when restoring b555bfed tests: shell: Fix 0004-return-codes_0 for static builds c293e116 nft: Review static extension loading 0836524f xtables: Call init_extensions{,a,b}() for static builds 6c689b63 Simplify static build extension loading 0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric 0c0cd434 nft: Don't pass command state opaque to family ops callbacks b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent 07ee529f nft: Speed up immediate parsing b5f2faea nft: Simplify immediate parsing 17534cb1 Improve error messages for unsupported extensions 2dbb49d1 libxtables: Register only the highest revision extension 07e2107e xshared: Implement xtables lock timeout using signals a3980769 tests: NFLOG: enable `--nflog-range` tests b8e8ac27 tests: support explicit variant test result adb03c3f tests: add `NOMATCH` test result 7a006c7d tests: iptables-test: rename variable b7f15b42 iptables.8: Describe the effect of multiple -v flags 1407a9c4 tests: iptables-test: Support variant deviation fc8f7289 nft: cache: Dump rules if debugging 73b91292 nft: Add debug output to table creation 51d9d9e0 ebtables: Support verbose mode ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains 17ed253f iptables-restore: Support for extra debug output a761a026 nft: Use verbose flag to toggle debug output 98e69b7e nft: add support for native tcp flag matching 92808bd5 nft-shared: add tcp flag dissection 6aba94ef nft: prefer native expressions instead of tcp match c034cf31 nft: prefer native expressions instead of udp match 5489493e nft-shared: support native udp port delinearize 5795a1b5 nft-shared: support native tcp port range delinearize 250dce87 nft-shared: support native tcp port delinearize ea5d45dc extensions: libxt_NFLOG: fix typo 26ecdf53 xshared: Fix response to unprivileged users b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` 05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases 62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG 30b178b9 extensions: *NAT: Kill multiple IPv4 range support 7ee5b970 tests: iptables-test: correct misspelt variable 223f02ca nft: fix indentation error. 5c2c2eea ip6tables: Use the shared do_parse, too 9baf3bf0 iptables: Use xtables' do_parse() function e4f5185d nft: Move proto_parse and post_parse callbacks to xshared ded7b579 xshared: Store parsed wait and wait_interval in xtables_args 62c3c93d xshared: Move do_parse to shared space 3039a52c xtables: Do not pass nft_handle to do_parse() ece001c2 xtables: Pass xtables_args to check_inverse() 17abaeb1 xtables: Pass xtables_args to check_empty_interface() dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h 98a4462f xtables: Pull table validity check out of do_parse() d83371c7 xtables: Drop xtables' family on demand feature 49aa44ba nft-shared: set correct register value b129b1cf iptables-*-restore: Drop pointless line reference 316d8efb libxtables: Extend basic_exit_err() 4bff5aef xtables_globals: Embed variant name in .program_version 51e5d293 xshared: Share exit_tryhelp() 56ac0452 xshared: Share a common printhelp function 4149b5d8 xshared: Share print_match_save() between legacy ip*tables 273d88a7 extensions: tcpmss: add iptables-translate support 7213561d xshared: Make load_proto() static cf14b92b nft-shared: Drop unused function print_proto() 24f30842 xshared: Share print_header() with legacy iptables a323c283 xshared: Share print_fragment() with legacy 1d73cec0 xshared: Share print_rule_details() with legacy e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy 22f2e1fc xshared: Share save_rule_details() with legacy 766e4872 xshared: Share print_iface() function b5881e7f nft: Change whitespace printing in save_rule callback 1189d830 xshared: Merge and share parse_chain() 1eab8e83 extensions: hashlimit: Fix tests with HZ=1000 afa525ee xlate-test: Print full path if testing all files b8d5271d Unbreak xtables-translate 0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c 142cf724 xtables: arptables accepts empty interface names ab0a785a xtables: Derive xtables_globals from family 6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic 832a0e2b nft-arp: Introduce post_parse callback 0aea399d arptables: Use standard data structures when parsing fe83b12f libxtables: Introduce xtables_globals print_help callback 0687852d xtables-standalone: Drop version number from init errors dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions 38e1fe58 xtables: Simplify addr_mask freeing cfdda180 nft-shared: Introduce init_cs family ops callback 65b150ae xshared: Store optstring in xtables_globals 2e6014c7 nft: Introduce builtin_tables_lookup() db90ff64 tests: shell: fix bashism 45d8f769 nft: Delete builtin chains compatibly e865a853 nft-chain: Introduce base_slot field f9b33967 nft: Check base-chain compatibility when adding to cache 43189612 nft: cache: Avoid double free of unrecognized base-chains 040a15f2 xtables-translate: add missing argument and option to usage 2ed6dc75 tests: iptables-test: Fix conditional colors on stderr 63ab4fe3 ebtables: Avoid dropping policy when flushing b714d45d iptables-test.py: print with color escapes only when stdout isatty 481626bb tests: shell: Return non-zero on error 7559af83 tests: iptables-test: Exit non-zero on error c057939d tests: xlate-test: Exit non-zero on error a8da7186 tests: iptables-test: Print errors to stderr 5166c445 tests: xlate-test: Print errors to stderr fa78ff15 tests: xlate-test: Don't skip any input after the first empty line fcbe454b tests: iptables-test: Fix missing chain case 61e85e31 iptables-nft: allow removal of empty builtin chains 544e7dc1 Fix a few doc typos e438b976 nft: Use xtables_{m,c}alloc() everywhere ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add() cf410aa6 extensions: libxt_mac: Fix for missing space in listing 7ae14dc1 iptables-test: Make netns spawning more robust bef9dc57 extensions: hashlimit: Fix tests with HZ=100 943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule ef7781eb libxtables: exit if called by setuid executeable 8629c53f tests/shell: Assert non-verbose mode is silent 57d1422d nft: Fix for non-verbose check command 26318637 ebtables: Dump atomic waste 765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options e727ccad xtables: Call init_extensions6() for static builds 9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports c8145139 extensions: libxt_conntrack: simplify translation using negation 1c934617 extensions: libxt_tcp: rework translation to use flags match representation bb01e33d extensions: libxt_connlimit: add translation 62828a6a tests: xlate-test: support multiline expectation ba863c4b libxtables: extend xlate infrastructure 68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy() 9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any() 084671d5 iptables-apply: Drop unused variable 0729ab37 nft: Avoid buffer size warnings copying iface names eab75ed3 nft: Avoid memleak in error path of nft_cmd_new() ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask() 8bb5bcae extensions: libebt_ip6: Drop unused variables 97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() 5818be17 extensions: sctp: Translate --chunk-types option a61282ec extensions: sctp: Fix nftables translation 556f7044 Use proto_to_name() from xshared in more places eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function 9dc50b5b xshared: Merge invflags handling code 3664249f xshared: Eliminate iptables_command_state->invert f647f61f xtables: Make invflags 16bit wide 616800af extensions: SECMARK: Implement revision 1 1e984079 nft-arp: Make use of ipv4_addr_to_string() acac2dbe Eliminate inet_aton() and inet_ntoa() 9084ef29 extensions: sctp: Explain match types in man page a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets fdf64dcd nft: cache: Sort chains on demand only c5d9a723 fix build for missing ETH_ALEN definition 18d7535d extensions: libxt_conntrack: use bitops for status negation 18e334da extensions: libxt_conntrack: use bitops for state negation 831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit 46f9d3a9 xtables-translate: Fix translation of odd netmasks 330f5df0 nft: Fix bitwise expression avoidance detection 5f1fcace iptables-nft: fix -Z option c9441657 include: Drop libipulog.h 30c1d443 ebtables: Exit gracefully on invalid table names Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-05-14 05:04:12 +00:00
PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
PKG_INSTALL:=1
PKG_BUILD_FLAGS:=gc-sections no-lto
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0
PKG_CPE_ID:=cpe:/a:netfilter:iptables
include $(INCLUDE_DIR)/package.mk
ifeq ($(DUMP),)
-include $(LINUX_DIR)/.config
include $(INCLUDE_DIR)/netfilter.mk
STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
endif
define Package/iptables/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
URL:=https://netfilter.org/
endef
define Package/iptables/Module
$(call Package/iptables/Default)
DEPENDS:=+libxtables $(1)
endef
define Package/xtables-legacy
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
endef
define Package/iptables-zz-legacy
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool
DEPENDS+= +xtables-legacy
PROVIDES:=iptables iptables-legacy
ALTERNATIVES:=\
200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
endef
define Package/iptables-zz-legacy/description
IP firewall administration tool.
Matches:
- icmp
- tcp
- udp
- comment
- conntrack
- limit
- mac
- mark
- multiport
- set
- state
- time
Targets:
- ACCEPT
- CT
- DNAT
- DROP
- REJECT
- FLOWOFFLOAD
- LOG
- MARK
- MASQUERADE
- REDIRECT
- SET
- SNAT
- TCPMSS
Tables:
- filter
- mangle
- nat
- raw
endef
define Package/xtables-nft
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool nft
DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
endef
define Package/arptables-nft
$(call Package/iptables/Default)
DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
TITLE:=ARP firewall administration tool nft
PROVIDES:=arptables
ALTERNATIVES:=\
300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
endef
define Package/ebtables-nft
$(call Package/iptables/Default)
DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
TITLE:=Bridge firewall administration tool nft
PROVIDES:=ebtables
ALTERNATIVES:=\
300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
endef
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
define Package/iptables-nft
$(call Package/iptables/Default)
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
TITLE:=IP firewall administration tool nft
DEPENDS:=+kmod-ipt-core +xtables-nft
PROVIDES:=iptables
ALTERNATIVES:=\
300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
endef
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
define Package/iptables-nft/description
Extra iptables nftables nft binaries.
iptables-nft
iptables-nft-restore
iptables-nft-save
iptables-translate
iptables-restore-translate
endef
define Package/iptables-mod-conntrack-extra
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
TITLE:=Extra connection tracking extensions
endef
define Package/iptables-mod-conntrack-extra/description
Extra iptables extensions for connection tracking.
Matches:
- connbytes
- connlimit
- connmark
- recent
- helper
Targets:
- CONNMARK
endef
define Package/iptables-mod-conntrack-label
$(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
TITLE:=Connection tracking labeling extension
DEFAULT:=y if IPTABLES_CONNLABEL
endef
define Package/iptables-mod-conntrack-label/description
Match and set label(s) on connection tracking entries
Matches:
- connlabel
endef
define Package/iptables-mod-filter
$(call Package/iptables/Module, +kmod-ipt-filter)
TITLE:=Content inspection extensions
endef
define Package/iptables-mod-filter/description
iptables extensions for packet content inspection.
Includes support for:
Matches:
- string
- bpf
endef
define Package/iptables-mod-ipopt
$(call Package/iptables/Module, +kmod-ipt-ipopt)
TITLE:=IP/Packet option extensions
endef
define Package/iptables-mod-ipopt/description
iptables extensions for matching/changing IP packet options.
Matches:
- dscp
- ecn
- length
- statistic
- tcpmss
- unclean
- hl
Targets:
- DSCP
- CLASSIFY
- ECN
- HL
endef
define Package/iptables-mod-ipsec
$(call Package/iptables/Module, +kmod-ipt-ipsec)
TITLE:=IPsec extensions
endef
define Package/iptables-mod-ipsec/description
iptables extensions for matching ipsec traffic.
Matches:
- ah
- esp
- policy
endef
define Package/iptables-mod-nat-extra
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
TITLE:=Extra NAT extensions
endef
define Package/iptables-mod-nat-extra/description
iptables extensions for extra NAT targets.
Targets:
- MIRROR
- NETMAP
endef
define Package/iptables-mod-nflog
$(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
TITLE:=Netfilter NFLOG target
endef
define Package/iptables-mod-nflog/description
iptables extension for user-space logging via NFNETLINK.
Includes:
- libxt_NFLOG
endef
define Package/iptables-mod-trace
$(call Package/iptables/Module, +kmod-ipt-debug)
TITLE:=Netfilter TRACE target
endef
define Package/iptables-mod-trace/description
iptables extension for TRACE target
Includes:
- libxt_TRACE
endef
define Package/iptables-mod-nfqueue
$(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
TITLE:=Netfilter NFQUEUE target
endef
define Package/iptables-mod-nfqueue/description
iptables extension for user-space queuing via NFNETLINK.
Includes:
- libxt_NFQUEUE
endef
define Package/iptables-mod-hashlimit
$(call Package/iptables/Module, +kmod-ipt-hashlimit)
TITLE:=hashlimit matching
endef
define Package/iptables-mod-hashlimit/description
iptables extensions for hashlimit matching
Matches:
- hashlimit
endef
define Package/iptables-mod-rpfilter
$(call Package/iptables/Module, +kmod-ipt-rpfilter)
TITLE:=rpfilter iptables extension
endef
define Package/iptables-mod-rpfilter/description
iptables extensions for reverse path filter test on a packet
Matches:
- rpfilter
endef
2007-06-02 22:57:33 +00:00
define Package/iptables-mod-iprange
$(call Package/iptables/Module, +kmod-ipt-iprange)
TITLE:=IP range extension
endef
define Package/iptables-mod-iprange/description
iptables extensions for matching ip ranges.
Matches:
- iprange
2007-06-02 22:57:33 +00:00
endef
define Package/iptables-mod-cluster
$(call Package/iptables/Module, +kmod-ipt-cluster)
TITLE:=Match cluster extension
endef
define Package/iptables-mod-cluster/description
iptables extensions for matching cluster.
Netfilter (IPv4/IPv6) module for matching cluster
This option allows you to build work-load-sharing clusters of
network servers/stateful firewalls without having a dedicated
load-balancing router/server/switch. Basically, this match returns
true when the packet must be handled by this cluster node. Thus,
all nodes see all packets and this match decides which node handles
what packets. The work-load sharing algorithm is based on source
address hashing.
This module is usable for ipv4 and ipv6.
If you select it, it enables kmod-ipt-cluster.
see `iptables -m cluster --help` for more information.
endef
define Package/iptables-mod-clusterip
$(call Package/iptables/Module, +kmod-ipt-clusterip)
TITLE:=Clusterip extension
endef
define Package/iptables-mod-clusterip/description
iptables extensions for CLUSTERIP.
The CLUSTERIP target allows you to build load-balancing clusters of
network servers without having a dedicated load-balancing
router/server/switch.
If you select it, it enables kmod-ipt-clusterip.
see `iptables -j CLUSTERIP --help` for more information.
endef
define Package/iptables-mod-extra
$(call Package/iptables/Module, +kmod-ipt-extra)
TITLE:=Other extra iptables extensions
endef
define Package/iptables-mod-extra/description
Other extra iptables extensions.
Matches:
- addrtype
- condition
- owner
- pkttype
- quota
endef
define Package/iptables-mod-physdev
$(call Package/iptables/Module, +kmod-ipt-physdev)
TITLE:=physdev iptables extension
endef
define Package/iptables-mod-physdev/description
The iptables physdev match.
endef
define Package/iptables-mod-led
$(call Package/iptables/Module, +kmod-ipt-led)
TITLE:=LED trigger iptables extension
endef
define Package/iptables-mod-led/description
iptables extension for triggering a LED.
Targets:
- LED
endef
define Package/iptables-mod-socket
$(call Package/iptables/Module, +kmod-ipt-socket)
TITLE:=Socket match iptables extensions
endef
define Package/iptables-mod-socket/description
Socket match iptables extensions.
Matches:
- socket
endef
define Package/iptables-mod-tproxy
$(call Package/iptables/Module, +kmod-ipt-tproxy)
TITLE:=Transparent proxy iptables extensions
endef
define Package/iptables-mod-tproxy/description
Transparent proxy iptables extensions.
Targets:
- TPROXY
endef
define Package/iptables-mod-tee
$(call Package/iptables/Module, +kmod-ipt-tee)
TITLE:=TEE iptables extensions
endef
define Package/iptables-mod-tee/description
TEE iptables extensions.
Targets:
- TEE
endef
define Package/iptables-mod-u32
$(call Package/iptables/Module, +kmod-ipt-u32)
TITLE:=U32 iptables extensions
endef
define Package/iptables-mod-u32/description
U32 iptables extensions.
Matches:
- u32
endef
define Package/iptables-mod-checksum
$(call Package/iptables/Module, +kmod-ipt-checksum)
TITLE:=IP CHECKSUM target extension
endef
define Package/iptables-mod-checksum/description
iptables extension for the CHECKSUM calculation target
endef
define Package/ip6tables-zz-legacy
$(call Package/iptables/Default)
DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
CATEGORY:=Network
TITLE:=IPv6 firewall administration tool
PROVIDES:=ip6tables ip6tables-legacy
ALTERNATIVES:=\
200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
endef
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
define Package/ip6tables-nft
$(call Package/iptables/Default)
DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
TITLE:=IP firewall administration tool nft
PROVIDES:=ip6tables
ALTERNATIVES:=\
300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
endef
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
define Package/ip6tables-nft/description
Extra ip6tables nftables nft binaries.
ip6tables-nft
ip6tables-nft-restore
ip6tables-nft-save
ip6tables-translate
ip6tables-restore-translate
endef
define Package/ip6tables-extra
$(call Package/iptables/Default)
DEPENDS:=+libxtables +kmod-ip6tables-extra
TITLE:=IPv6 header matching modules
endef
define Package/ip6tables-extra/description
iptables header matching modules for IPv6
endef
define Package/ip6tables-mod-nat
$(call Package/iptables/Default)
DEPENDS:=+libxtables +kmod-ipt-nat6
TITLE:=IPv6 NAT extensions
endef
define Package/ip6tables-mod-nat/description
iptables extensions for IPv6-NAT targets.
endef
define Package/libip4tc
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptc library
ABI_VERSION:=2
endef
define Package/libip6tc
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptc library
ABI_VERSION:=2
endef
define Package/libiptext
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptext library
ABI_VERSION:=0
DEPENDS:=+libxtables
endef
define Package/libiptext6
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptext library
ABI_VERSION:=0
DEPENDS:=+libxtables
endef
define Package/libiptext-nft
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
ABI_VERSION:=0
DEPENDS:=+libxtables
endef
define Package/libxtables
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
MENU:=1
ABI_VERSION:=12
DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
endef
define Package/libxtables/config
config IPTABLES_CONNLABEL
bool "Enable Connlabel support"
default n
help
This enable connlabel support in iptables.
endef
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
$(TARGET_CPPFLAGS)
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
-DNO_LEGACY
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
--enable-devel \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
iptables: update to 1.6.2 459b6932 policy: add nft translation for simple policy none/strict use case 255e55b7 tests: xlate-test: no need to require superuser privileges 6990bbc5 extensions: hashlimit: remove space before burst in translation to nft 13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter c252a2b0 extensions: Add test for cluster nft translation bda1daa4 extensions: ip6t_{S,D}NAT: add more tests 88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported 64a0e098 extensions: libxt_cluster: Add translation to nft 6067208f extensions: add support for 'srh' match 0f387b07 extensions: hashlimit: fix incorrect burst in translations 1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst 27de281d extensions: Add macro _DEFAULT_SOURCE. 75364151 iptables: Remove const qualifier from struct option. 8b0da213 iptables: masquerade: add randomize-full support e64db006 iptables: patch to correct linker flag sequence 033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges. 505bfa11 iptables: xtables-eb: Remove const qualifier from struct option a6d6821a iptables: extensions: Fix MARK target help 71de414c libxt_sctp: fix array out of range in print_chunk 1a32381a extensions: add tests for ipcomp protocol 4bd51770 tests: xlate: print output in same way as nft-test.py d0e3d95f libxt_recent: Remove ineffective checks for info->name 23e6ed71 libxt_TOS: add tests for translation infrastructure 9564595e Update .gitignore bebce197 iptables: iptables-compat translation for TCPMSS dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges 0e958281 iptables-translate: add test file for TCPMSS extension de3c68b6 iptables-compat: do not allow to delete populated user define chains f4b80ce7 iptables: change large file support handling f5b46c2f iptables: Constify option struct 21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait 60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value af468b6e utils: Add a man page for nfnl_osf 1773dcaa utils: nfnl_osf: Fix synopsis in help text 895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration 3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT 1c32e560 netfilter: xt_hashlimit: add rate match mode b5331f88 xtables-compat: fix memory leak when listing 91ae12e3 xtables-compat-restore: fix several memory leaks 79e1edd1 iptables-xml: Fix segfault on jump without a target c49a93f1 xtables-translate: fix double space before comment 79fa7cc2 libip6t_icmp6: xlate: remove leftover space 8e62f572 tests: xlate: generalize owner 8d994bcf iptables: Add file output option to iptables-save f8e5ebc5 iptables: Fix crash on malformed iptables-restore 80d8bfaa iptables: insist that the lock is held. c29d99c8 libxtables: Display weird character warning for wildcards 1fe96cfb tests: xlate: check if it is being run as root 3f92b259 tests: xlate: remove python 3.5 dependency d89dc47a iptables-restore/save: exit when given an unknown option 65801d02 iptables-restore.8: document -w/-W options 9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument 1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats 27f69f4a iptables: extensions: Remove typedef in struct. 340105fa tests: add regression tests for xtables-translate b669e184 extensions: libxt_TOS: Add translation to nft b2a84476 iptables: Remove unnecessary braces. 2963a8df iptables: Remove explicit static variables initalization. 1cf4ba6f iptables: Constify option struct 999eaa24 iptables-restore: support acquiring the lock. 6e2e169e iptables: remove duplicated argument parsing code 836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h. b91af533 iptables: set the path of the lock file via a configure option. 0e94eb2e iptables-translate: print nft iff there are more expanded rules to print 48ad179b libxtables: abolish AI_CANONNAME 9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr c6df55d6 iptables-translate: print nft command for each expand rules via dns names 82dacbb8 xtables-translate: Avoid querying the kernel 9f972f45 extensions: libxt_addrtype: Add translation to nft 2c8e251e utils: nfsynproxy: fix build with musl libc 9b8cb756 libiptc: don't set_changed() when checking rules with module jumps eb66632d extensions: libxt_hashlimit: Add translation to nft 72bb3dbf xshared: using the blocking file lock request when we wait indefinitely 24f81746 xshared: do not lock again and again if "-w" option is not specified fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug 516d9191 iptables: update pf.os Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-02-17 15:58:57 +00:00
--with-xt-lock-name=/var/run/xtables.lock \
$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
$(if $(CONFIG_IPV6),,--disable-ipv6)
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
COPT_FLAGS="$(TARGET_CFLAGS)" \
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
define Build/Configure/rebuild
$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
rm -f $(PKG_BUILD_DIR)/.config_*
rm -f $(PKG_BUILD_DIR)/.configured_*
touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
endef
endif
define Build/Configure
$(Build/Configure/rebuild)
$(Build/Configure/Default)
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DIR) $(1)/usr/include/iptables
$(INSTALL_DIR) $(1)/usr/include/net/netfilter
# XXX: iptables header fixup, some headers are not installed by iptables anymore
$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
# XXX: needed by firewall3
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
endef
define Package/xtables-legacy/install
$(INSTALL_DIR) $(1)/usr/sbin
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
endef
define Package/iptables-zz-legacy/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
define Package/xtables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
endef
define Package/arptables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
endef
define Package/ebtables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
endef
define Package/iptables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/ip6tables-zz-legacy/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
endef
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
define Package/ip6tables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
endef
define Package/libip6tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
endef
define Package/libiptext/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
endef
define Package/libiptext6/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
endef
define Package/libiptext-nft/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
endef
define Package/libxtables/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
endef
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
fi; \
done
$(3)
endef
$$(eval $$(call BuildPackage,$(1)))
endef
$(eval $(call BuildPackage,libxtables))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libiptext))
$(eval $(call BuildPackage,libiptext6))
$(eval $(call BuildPackage,libiptext-nft))
$(eval $(call BuildPackage,xtables-legacy))
$(eval $(call BuildPackage,xtables-nft))
$(eval $(call BuildPackage,arptables-nft))
$(eval $(call BuildPackage,ebtables-nft))
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(eval $(call BuildPackage,iptables-nft))
$(eval $(call BuildPackage,iptables-zz-legacy))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
2007-06-02 22:57:33 +00:00
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
$(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
$(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
$(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
$(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
$(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
iptables: bump to 1.8.2 Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-11-11 16:32:03 +00:00
$(eval $(call BuildPackage,ip6tables-nft))
$(eval $(call BuildPackage,ip6tables-zz-legacy))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))