iptables: update to 1.8.6

Update iptables to 1.8.6

ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt

Refresh patch:
101-remove-check-already.patch

Signed-off-by: Curtis Deptuck <[email protected]>
Signed-off-by: Hans Dedecker <[email protected]> [refresh patches]

package/network/utils/iptables/Makefile

@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
-PKG_VERSION:=1.8.4
+PKG_VERSION:=1.8.6
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c
+PKG_HASH:=a0f4fe0c3eb8faa5bd9c8376d132f340b9558e750c91deb2d5028aa3d0047767
 
 PKG_FIXUP:=autoreconf
 PKG_FLAGS:=nonshared

package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch

@@ -15,8 +15,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
  include/linux/netfilter/xt_connmark.h |  10 +
  2 files changed, 324 insertions(+), 1 deletion(-)
 
-diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
-index 21e10913..c777b110 100644
 --- a/extensions/libxt_CONNMARK.c
 +++ b/extensions/libxt_CONNMARK.c
 @@ -22,6 +22,7 @@
@@ -47,7 +45,7 @@ index 21e10913..c777b110 100644
  };
  
  static const char *const xt_connmark_shift_ops[] = {
-@@ -114,6 +118,8 @@ static const struct xt_option_entry connmark_tg_opts[] = {
+@@ -114,6 +118,8 @@ static const struct xt_option_entry conn
  	 .excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)},
  	{.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32,
  	 .excl = F_CTMASK | F_NFMASK},
@@ -56,7 +54,7 @@ index 21e10913..c777b110 100644
  	XTOPT_TABLEEND,
  };
  #undef s
-@@ -148,6 +154,38 @@ static const struct xt_option_entry connmark_tg_opts_v2[] = {
+@@ -148,6 +154,38 @@ static const struct xt_option_entry conn
  };
  #undef s
  
@@ -111,7 +109,7 @@ index 21e10913..c777b110 100644
  static void connmark_tg_init(struct xt_entry_target *target)
  {
  	struct xt_connmark_tginfo1 *info = (void *)target->data;
-@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct xt_entry_target *target)
+@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct x
  	info->shift_bits = 0;
  }
  
@@ -128,7 +126,7 @@ index 21e10913..c777b110 100644
  static void CONNMARK_parse(struct xt_option_call *cb)
  {
  	struct xt_connmark_target_info *markinfo = cb->data;
-@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_option_call *cb)
+@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_
  		info->ctmark = cb->val.u32;
  		info->ctmask = 0;
  		break;
@@ -152,7 +150,7 @@ index 21e10913..c777b110 100644
  	case O_SAVE_MARK:
  		info->mode = XT_CONNMARK_SAVE;
  		break;
-@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct xt_option_call *cb)
+@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct
  	}
  }
  
@@ -231,7 +229,7 @@ index 21e10913..c777b110 100644
  static void connmark_tg_check(struct xt_fcheck_call *cb)
  {
  	if (!(cb->xflags & F_OP_ANY))
-@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, const struct xt_entry_target *target,
+@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, con
  	}
  }
  
@@ -297,7 +295,7 @@ index 21e10913..c777b110 100644
  static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
  {
  	const struct xt_connmark_target_info *markinfo =
-@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, const struct xt_entry_target *target)
+@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, cons
  	}
  }
  
@@ -336,7 +334,7 @@ index 21e10913..c777b110 100644
  static int connmark_tg_xlate(struct xt_xlate *xl,
  			     const struct xt_xlate_tg_params *params)
  {
-@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl,
+@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct x
  
  	return 1;
  }
@@ -403,7 +401,7 @@ index 21e10913..c777b110 100644
  static struct xtables_target connmark_tg_reg[] = {
  	{
  		.family        = NFPROTO_UNSPEC,
-@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg_reg[] = {
+@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg
  		.x6_options    = connmark_tg_opts_v2,
  		.xlate         = connmark_tg_xlate_v2,
  	},
@@ -426,8 +424,6 @@ index 21e10913..c777b110 100644
  };
  
  void _init(void)
-diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
-index bbf2acc9..1d8e721c 100644
 --- a/include/linux/netfilter/xt_connmark.h
 +++ b/include/linux/netfilter/xt_connmark.h
 @@ -18,6 +18,11 @@ enum {
@@ -454,6 +450,3 @@ index bbf2acc9..1d8e721c 100644
  struct xt_connmark_mtinfo1 {
  	__u32 mark, mask;
  	__u8 invert;
--- 
-2.21.0 (Apple Git-122.2)
-

package/network/utils/iptables/patches/101-remove-check-already.patch

@@ -1,9 +1,9 @@
 --- a/libxtables/xtables.c
 +++ b/libxtables/xtables.c
-@@ -903,12 +903,6 @@ static void xtables_check_options(const
+@@ -968,12 +968,6 @@ void xtables_register_match(struct xtabl
+ 	struct xtables_match **pos;
+ 	bool seen_myself = false;
  
- void xtables_register_match(struct xtables_match *me)
- {
 -	if (me->next) {
 -		fprintf(stderr, "%s: match \"%s\" already registered\n",
 -			xt_params->program_name, me->name);
@@ -13,10 +13,10 @@
  	if (me->version == NULL) {
  		fprintf(stderr, "%s: match %s<%u> is missing a version\n",
  		        xt_params->program_name, me->name, me->revision);
-@@ -1096,12 +1090,6 @@ void xtables_register_matches(struct xta
+@@ -1152,12 +1146,6 @@ void xtables_register_target(struct xtab
+ 	struct xtables_target **pos;
+ 	bool seen_myself = false;
  
- void xtables_register_target(struct xtables_target *me)
- {
 -	if (me->next) {
 -		fprintf(stderr, "%s: target \"%s\" already registered\n",
 -			xt_params->program_name, me->name);

package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch

@@ -1,6 +1,6 @@
 --- a/libxtables/xtables.c
 +++ b/libxtables/xtables.c
-@@ -360,6 +360,7 @@ static char *get_modprobe(void)
+@@ -403,6 +403,7 @@ static char *get_modprobe(void)
  
  int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
  {
@@ -8,7 +8,7 @@
  	char *buf = NULL;
  	char *argv[4];
  	int status;
-@@ -394,6 +395,7 @@ int xtables_insmod(const char *modname,
+@@ -437,6 +438,7 @@ int xtables_insmod(const char *modname,
  	free(buf);
  	if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
  		return 0;

package/network/utils/iptables/patches/200-configurable_builtin.patch

@@ -60,7 +60,7 @@
  
  .SECONDARY:
  
-@@ -148,11 +168,11 @@ libext4.a: initext4.o ${libext4_objs}
+@@ -161,11 +181,11 @@ libext4.a: initext4.o ${libext4_objs}
  libext6.a: initext6.o ${libext6_objs}
  	${AM_VERBOSE_AR} ${AR} crs $@ $^;
  

package/network/utils/iptables/patches/600-shared-libext.patch

@@ -9,7 +9,7 @@
  targets_install :=
  libext_objs := ${pfx_objs}
  libext_ebt_objs := ${pfb_objs}
-@@ -119,7 +119,7 @@ clean:
+@@ -132,7 +132,7 @@ clean:
  distclean: clean
  
  init%.o: init%.c
@@ -18,7 +18,7 @@
  
  -include .*.d
  
-@@ -151,22 +151,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
+@@ -164,22 +164,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
  #	handling code in the Makefiles.
  #
  lib%.o: ${srcdir}/lib%.c

package/network/utils/iptables/patches/700-disable-legacy-revisions.patch

@@ -1,6 +1,6 @@
 --- a/extensions/libxt_conntrack.c
 +++ b/extensions/libxt_conntrack.c
-@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x
+@@ -1395,6 +1395,7 @@ static int conntrack3_mt6_xlate(struct x
  }
  
  static struct xtables_match conntrack_mt_reg[] = {
@@ -8,7 +8,7 @@
  	{
  		.version       = XTABLES_VERSION,
  		.name          = "conntrack",
-@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt
+@@ -1470,6 +1471,7 @@ static struct xtables_match conntrack_mt
  		.alias	       = conntrack_print_name_alias,
  		.x6_options    = conntrack2_mt_opts,
  	},
@@ -16,7 +16,7 @@
  	{
  		.version       = XTABLES_VERSION,
  		.name          = "conntrack",
-@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt
+@@ -1502,6 +1504,7 @@ static struct xtables_match conntrack_mt
  		.x6_options    = conntrack3_mt_opts,
  		.xlate	       = conntrack3_mt6_xlate,
  	},
@@ -24,7 +24,7 @@
  	{
  		.family        = NFPROTO_UNSPEC,
  		.name          = "state",
-@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt
+@@ -1532,6 +1535,8 @@ static struct xtables_match conntrack_mt
  		.x6_parse      = state_ct23_parse,
  		.x6_options    = state_opts,
  	},
@@ -33,7 +33,7 @@
  	{
  		.family        = NFPROTO_UNSPEC,
  		.name          = "state",
-@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt
+@@ -1561,6 +1566,7 @@ static struct xtables_match conntrack_mt
  		.x6_parse      = state_parse,
  		.x6_options    = state_opts,
  	},
@@ -43,7 +43,7 @@
  void _init(void)
 --- a/extensions/libxt_CT.c
 +++ b/extensions/libxt_CT.c
-@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x
+@@ -363,6 +363,7 @@ static int xlate_ct1_tg(struct xt_xlate
  }
  
  static struct xtables_target ct_target_reg[] = {
@@ -51,7 +51,7 @@
  	{
  		.family		= NFPROTO_UNSPEC,
  		.name		= "CT",
-@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r
+@@ -388,6 +389,7 @@ static struct xtables_target ct_target_r
  		.x6_parse	= ct_parse_v1,
  		.x6_options	= ct_opts_v1,
  	},
@@ -59,15 +59,15 @@
  	{
  		.family		= NFPROTO_UNSPEC,
  		.name		= "CT",
-@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r
- 		.x6_parse	= ct_parse_v1,
+@@ -403,6 +405,7 @@ static struct xtables_target ct_target_r
  		.x6_options	= ct_opts_v1,
+ 		.xlate		= xlate_ct1_tg,
  	},
 +#ifndef NO_LEGACY
  	{
  		.family        = NFPROTO_UNSPEC,
  		.name          = "NOTRACK",
-@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r
+@@ -441,6 +444,7 @@ static struct xtables_target ct_target_r
  		.revision      = 0,
  		.version       = XTABLES_VERSION,
  	},