aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/iproute2
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/utils/iproute2')
-rw-r--r--package/network/utils/iproute2/Makefile6
-rw-r--r--package/network/utils/iproute2/patches/001-devlink-fix-libc-and-kernel-headers-collision.patch50
-rw-r--r--package/network/utils/iproute2/patches/090-tc-add-support-for-action-act_ctinfo.patch571
-rw-r--r--package/network/utils/iproute2/patches/135-sync-iptables-header.patch101
4 files changed, 3 insertions, 725 deletions
diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile
index 4db7d75d80..cfa6c64cd8 100644
--- a/package/network/utils/iproute2/Makefile
+++ b/package/network/utils/iproute2/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=iproute2
-PKG_VERSION:=5.1.0
-PKG_RELEASE:=2
+PKG_VERSION:=5.2.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2
-PKG_HASH:=dc5a980873eabf6b00c0be976b6e5562b1400d47d1d07d2ac35d5e5acbcf7bcf
+PKG_HASH:=a5b95dec26353fc71dba9bb403e9343fad2a06bd69fb154a22a2aa2914f74da8
PKG_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=iptables
PKG_LICENSE:=GPL-2.0
diff --git a/package/network/utils/iproute2/patches/001-devlink-fix-libc-and-kernel-headers-collision.patch b/package/network/utils/iproute2/patches/001-devlink-fix-libc-and-kernel-headers-collision.patch
deleted file mode 100644
index bde2b5780c..0000000000
--- a/package/network/utils/iproute2/patches/001-devlink-fix-libc-and-kernel-headers-collision.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From d0272f5404773a60cbc17c2277affdbbf8d99c67 Mon Sep 17 00:00:00 2001
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Thu, 27 Jun 2019 21:37:19 +0300
-Subject: devlink: fix libc and kernel headers collision
-
-Since commit 2f1242efe9d ("devlink: Add devlink health show command") we
-use the sys/sysinfo.h header for the sysinfo(2) system call. But since
-iproute2 carries a local version of the kernel struct sysinfo, this
-causes a collision with libc that do not rely on kernel defined sysinfo
-like musl libc:
-
-In file included from devlink.c:25:0:
-.../sysroot/usr/include/sys/sysinfo.h:10:8: error: redefinition of 'struct sysinfo'
- struct sysinfo {
- ^~~~~~~
-In file included from ../include/uapi/linux/kernel.h:5:0,
- from ../include/uapi/linux/netlink.h:5,
- from ../include/uapi/linux/genetlink.h:6,
- from devlink.c:21:
-../include/uapi/linux/sysinfo.h:8:8: note: originally defined here
- struct sysinfo {
- ^~~~~~~
-
-Move the sys/sysinfo.h userspace header before kernel headers, and
-suppress the indirect include of linux/sysinfo.h.
-
-Cc: Aya Levin <ayal@mellanox.com>
-Cc: Moshe Shemesh <moshe@mellanox.com>
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
-Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
----
- devlink/devlink.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/devlink/devlink.c
-+++ b/devlink/devlink.c
-@@ -18,11 +18,12 @@
- #include <limits.h>
- #include <errno.h>
- #include <inttypes.h>
-+#include <sys/sysinfo.h>
-+#define _LINUX_SYSINFO_H /* avoid collision with musl header */
- #include <linux/genetlink.h>
- #include <linux/devlink.h>
- #include <libmnl/libmnl.h>
- #include <netinet/ether.h>
--#include <sys/sysinfo.h>
- #include <sys/queue.h>
-
- #include "SNAPSHOT.h"
diff --git a/package/network/utils/iproute2/patches/090-tc-add-support-for-action-act_ctinfo.patch b/package/network/utils/iproute2/patches/090-tc-add-support-for-action-act_ctinfo.patch
deleted file mode 100644
index cc74c29c3c..0000000000
--- a/package/network/utils/iproute2/patches/090-tc-add-support-for-action-act_ctinfo.patch
+++ /dev/null
@@ -1,571 +0,0 @@
-From dff8eadcab33209e040e77a5d56d5def04808144 Mon Sep 17 00:00:00 2001
-From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
-Date: Fri, 15 Mar 2019 09:35:37 +0000
-Subject: [PATCH] tc: add support for action act_ctinfo
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-ctinfo is a tc action restoring data stored in conntrack marks to
-various fields. At present it has two independent modes of operation,
-restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
-marks into packet skb marks.
-
-It understands a number of parameters specific to this action in
-additional to the usual action syntax. Each operating mode is
-independent of the other so all options are optional, however not
-specifying at least one mode is a bit pointless.
-
-Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
- [CONTROL] [index <INDEX>]
-
-DSCP mode
-
-dscp enables copying of a DSCP stored in the conntrack mark into the
-ipv4/v6 diffserv field. The mask is a 32bit field and specifies where
-in the conntrack mark the DSCP value is located. It must be 6
-contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
-upper 6 bits of the conntrack mark.
-
-The DSCP copying may be optionally controlled by a statemask. The
-statemask is a 32bit field, usually with a single bit set and must not
-overlap the dscp mask. The DSCP restore operation will only take place
-if the corresponding bit/s in conntrack mark ANDed with the statemask
-yield a non zero result.
-
-eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
-bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this
-example.
-
-CPMARK mode
-
-cpmark enables copying of the conntrack mark to the packet skb mark. In
-this mode it is completely equivalent to the existing act_connmark
-action. Additional functionality is provided by the optional mask
-parameter, whereby the stored conntrack mark is logically ANDed with the
-cpmark mask before being stored into skb mark. This allows shared usage
-of the conntrack mark between applications.
-
-eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
-conntrack mark, thus may be useful in the event that the upper 8 bits
-are used by the DSCP function.
-
-Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
- [CONTROL] [index <INDEX>]
-where :
- dscp MASK is the bitmask to restore DSCP
- STATEMASK is the bitmask to determine conditional restoring
- cpmark MASK mask applied to restored packet mark
- ZONE is the conntrack zone
- CONTROL := reclassify | pipe | drop | continue | ok |
- goto chain <CHAIN_INDEX>
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
-Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
----
- include/uapi/linux/pkt_cls.h | 3 +-
- include/uapi/linux/tc_act/tc_ctinfo.h | 29 +++
- man/man8/tc-ctinfo.8 | 170 ++++++++++++++++
- tc/Makefile | 1 +
- tc/m_ctinfo.c | 268 ++++++++++++++++++++++++++
- 5 files changed, 470 insertions(+), 1 deletion(-)
- create mode 100644 include/uapi/linux/tc_act/tc_ctinfo.h
- create mode 100644 man/man8/tc-ctinfo.8
- create mode 100644 tc/m_ctinfo.c
-
---- a/include/uapi/linux/pkt_cls.h
-+++ b/include/uapi/linux/pkt_cls.h
-@@ -105,6 +105,7 @@ enum tca_id {
- TCA_ID_IFE = TCA_ACT_IFE,
- TCA_ID_SAMPLE = TCA_ACT_SAMPLE,
- /* other actions go here */
-+ TCA_ID_CTINFO=27,
- __TCA_ID_MAX = 255
- };
-
---- /dev/null
-+++ b/include/uapi/linux/tc_act/tc_ctinfo.h
-@@ -0,0 +1,29 @@
-+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
-+#ifndef __UAPI_TC_CTINFO_H
-+#define __UAPI_TC_CTINFO_H
-+
-+#include <linux/types.h>
-+#include <linux/pkt_cls.h>
-+
-+struct tc_ctinfo {
-+ tc_gen;
-+};
-+
-+enum {
-+ TCA_CTINFO_UNSPEC,
-+ TCA_CTINFO_PAD,
-+ TCA_CTINFO_TM,
-+ TCA_CTINFO_ACT,
-+ TCA_CTINFO_ZONE,
-+ TCA_CTINFO_PARMS_DSCP_MASK,
-+ TCA_CTINFO_PARMS_DSCP_STATEMASK,
-+ TCA_CTINFO_PARMS_CPMARK_MASK,
-+ TCA_CTINFO_STATS_DSCP_SET,
-+ TCA_CTINFO_STATS_DSCP_ERROR,
-+ TCA_CTINFO_STATS_CPMARK_SET,
-+ __TCA_CTINFO_MAX
-+};
-+
-+#define TCA_CTINFO_MAX (__TCA_CTINFO_MAX - 1)
-+
-+#endif
---- /dev/null
-+++ b/man/man8/tc-ctinfo.8
-@@ -0,0 +1,170 @@
-+.TH "ctinfo action in tc" 8 "4 Jun 2019" "iproute2" "Linux"
-+.SH NAME
-+ctinfo \- tc connmark processing action
-+.SH SYNOPSIS
-+.B tc ... action ctinfo
-+[
-+.B dscp
-+MASK [STATEMASK] ] [
-+.B cpmark
-+[MASK] ] [
-+.B zone
-+ZONE ] [
-+.B CONTROL
-+] [
-+.B index
-+<INDEX>
-+]
-+
-+.SH DESCRIPTION
-+CTINFO (Conntrack Information) is a tc action for retrieving data from
-+conntrack marks into various fields. At present it has two independent
-+processing modes which may be viewed as sub-functions.
-+
-+DSCP mode copies a DSCP stored in conntrack's connmark into the IPv4/v6 diffserv
-+field. The copying may conditionally occur based on a flag also stored in the
-+connmark. DSCP mode was designed to assist in restoring packet classifications on
-+ingress, classifications which may then be used by qdiscs such as CAKE. It may be
-+used in any circumstance where ingress classification needs to be maintained across
-+links that otherwise bleach or remap according to their own policies.
-+
-+CPMARK (copymark) mode copies the conntrack connmark into the packet's mark field. Without
-+additional parameters it is functionally completely equivalent to the existing
-+connmark action. An optional mask may be specified to mask which bits of the
-+connmark are restored. This may be useful when DSCP and CPMARK modes are combined.
-+
-+Simple statistics (tc -s) on DSCP restores and CPMARK copies are maintained where values for
-+set indicate a count of packets altered for that mode. DSCP includes an error count
-+where the destination packet's diffserv field was unwriteable.
-+.SH PARAMETERS
-+.SS DSCP mode parameters:
-+.IP mask
-+A mask of 6 contiguous bits indicating where the DSCP value is located in the 32 bit
-+conntrack mark field. A mask must be provided for this mode. mask is a 32 bit
-+unsigned value.
-+.IP statemask
-+A mask of at least 1 bit indicating where a conditional restore flag is located in the
-+32 bit conntrack mark field. The statemask bit/s must NOT overlap the mask bits. The
-+DSCP will be restored if the conntrack mark logically ANDed with the statemask yields
-+a non-zero result. statemask is an optional unsigned 32 bit value.
-+.SS CPMARK mode parameters:
-+.IP mask
-+Store the logically ANDed result of conntrack mark and mask into the packet's mark
-+field. Default is 0xffffffff i.e. the whole mark field. mask is an optional unsigned 32 bit
-+value
-+.SS Overall action parameters:
-+.IP zone
-+Specify the conntrack zone when doing conntrack lookups for packets.
-+zone is a 16bit unsigned decimal value.
-+Default is 0.
-+.IP CONTROL
-+The following keywords allow to control how the tree of qdisc, classes,
-+filters and actions is further traversed after this action.
-+.RS
-+.TP
-+.B reclassify
-+Restart with the first filter in the current list.
-+.TP
-+.B pipe
-+Continue with the next action attached to the same filter.
-+.TP
-+.B drop
-+Drop the packet.
-+.TP
-+.B shot
-+synonym for
-+.B drop
-+.TP
-+.B continue
-+Continue classification with the next filter in line.
-+.TP
-+.B pass
-+Finish classification process and return to calling qdisc for further packet
-+processing. This is the default.
-+.RE
-+.IP index
-+Specify an index for this action in order to being able to identify it in later
-+commands. index is a 32bit unsigned decimal value.
-+.SH EXAMPLES
-+Example showing conditional restoration of DSCP on ingress via an IFB
-+.RS
-+.EX
-+
-+#Set up the IFB interface
-+.br
-+tc qdisc add dev ifb4eth0 handle ffff: ingress
-+
-+#Put CAKE qdisc on it
-+.br
-+tc qdisc add dev ifb4eth0 root cake bandwidth 40mbit
-+
-+#Set interface UP
-+.br
-+ip link set dev ifb4eth0 up
-+
-+#Add 2 actions, ctinfo to restore dscp & mirred to redirect the packets to IFB
-+.br
-+tc filter add dev eth0 parent ffff: protocol all prio 10 u32 \\
-+ match u32 0 0 flowid 1:1 action \\
-+ ctinfo dscp 0xfc000000 0x01000000 \\
-+ mirred egress redirect dev ifb4eth0
-+
-+tc -s qdisc show dev eth0 ingress
-+
-+ filter parent ffff: protocol all pref 10 u32 chain 0
-+ filter parent ffff: protocol all pref 10 u32 chain 0 fh 800: ht divisor 1
-+ filter parent ffff: protocol all pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 not_in_hw
-+ match 00000000/00000000 at 0
-+ action order 1: ctinfo zone 0 pipe
-+ index 2 ref 1 bind 1 dscp 0xfc000000 0x01000000 installed 72 sec used 0 sec DSCP set 1333 error 0 CPMARK set 0
-+ Action statistics:
-+ Sent 658484 bytes 1833 pkt (dropped 0, overlimits 0 requeues 0)
-+ backlog 0b 0p requeues 0
-+
-+ action order 2: mirred (Egress Redirect to device ifb4eth0) stolen
-+ index 1 ref 1 bind 1 installed 72 sec used 0 sec
-+ Action statistics:
-+ Sent 658484 bytes 1833 pkt (dropped 0, overlimits 0 requeues 0)
-+ backlog 0b 0p requeues 0
-+.EE
-+.RE
-+
-+Example showing conditional restoration of DSCP on egress
-+
-+This may appear nonsensical since iptables marking of egress packets is easy
-+to achieve, however the iptables flow classification rules may be extensive
-+and so some sort of set once and forget may be useful especially on cpu
-+constrained devices.
-+.RS
-+.EX
-+
-+# Send unmarked connections to a marking chain which needs to store a DSCP
-+and set statemask bit in the connmark
-+.br
-+iptables -t mangle -A POSTROUTING -o eth0 -m connmark \\
-+ --mark 0x00000000/0x01000000 -g CLASS_MARKING_CHAIN
-+
-+# Apply marked DSCP to the packets
-+.br
-+tc filter add dev eth0 protocol all prio 10 u32 \\
-+ match u32 0 0 flowid 1:1 action \\
-+ ctinfo dscp 0xfc000000 0x01000000
-+
-+tc -s filter show dev eth0
-+ filter parent 800e: protocol all pref 10 u32 chain 0
-+ filter parent 800e: protocol all pref 10 u32 chain 0 fh 800: ht divisor 1
-+ filter parent 800e: protocol all pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 not_in_hw
-+ match 00000000/00000000 at 0
-+ action order 1: ctinfo zone 0 pipe
-+ index 1 ref 1 bind 1 dscp 0xfc000000 0x01000000 installed 7414 sec used 0 sec DSCP set 53404 error 0 CPMARK set 0
-+ Action statistics:
-+ Sent 32890260 bytes 120441 pkt (dropped 0, overlimits 0 requeues 0)
-+ backlog 0b 0p requeues 0
-+.br
-+.SH SEE ALSO
-+.BR tc (8),
-+.BR tc-cake (8)
-+.BR tc-connmark (8)
-+.BR tc-mirred (8)
-+.SH AUTHORS
-+ctinfo was written by Kevin Darbyshire-Bryant.
---- a/tc/Makefile
-+++ b/tc/Makefile
-@@ -48,6 +48,7 @@ TCMODULES += m_csum.o
- TCMODULES += m_simple.o
- TCMODULES += m_vlan.o
- TCMODULES += m_connmark.o
-+TCMODULES += m_ctinfo.o
- TCMODULES += m_bpf.o
- TCMODULES += m_tunnel_key.o
- TCMODULES += m_sample.o
---- /dev/null
-+++ b/tc/m_ctinfo.c
-@@ -0,0 +1,268 @@
-+/* SPDX-License-Identifier: GPL-2.0 */
-+/*
-+ * m_ctinfo.c netfilter ctinfo mark action
-+ *
-+ * Copyright (c) 2019 Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <string.h>
-+#include "utils.h"
-+#include "tc_util.h"
-+#include <linux/tc_act/tc_ctinfo.h>
-+
-+static void
-+explain(void)
-+{
-+ fprintf(stderr,
-+ "Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>]\n"
-+ "where :\n"
-+ "\tdscp MASK bitmask location of stored DSCP\n"
-+ "\t STATEMASK bitmask to determine conditional restoring\n"
-+ "\tcpmark MASK mask applied to mark on restoration\n"
-+ "\tZONE is the conntrack zone\n"
-+ "\tCONTROL := reclassify | pipe | drop | continue | ok |\n"
-+ "\t goto chain <CHAIN_INDEX>\n");
-+}
-+
-+static void
-+usage(void)
-+{
-+ explain();
-+ exit(-1);
-+}
-+
-+static int
-+parse_ctinfo(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
-+ struct nlmsghdr *n)
-+{
-+ unsigned int cpmarkmask = 0, dscpmask = 0, dscpstatemask = 0;
-+ struct tc_ctinfo sel = {};
-+ unsigned short zone = 0;
-+ char **argv = *argv_p;
-+ struct rtattr *tail;
-+ int argc = *argc_p;
-+ int ok = 0;
-+ __u8 i;
-+
-+ while (argc > 0) {
-+ if (matches(*argv, "ctinfo") == 0) {
-+ ok = 1;
-+ NEXT_ARG_FWD();
-+ } else if (matches(*argv, "help") == 0) {
-+ usage();
-+ } else {
-+ break;
-+ }
-+
-+ }
-+
-+ if (!ok) {
-+ explain();
-+ return -1;
-+ }
-+
-+ if (argc) {
-+ if (matches(*argv, "dscp") == 0) {
-+ NEXT_ARG();
-+ if (get_u32(&dscpmask, *argv, 0)) {
-+ fprintf(stderr,
-+ "ctinfo: Illegal dscp \"mask\"\n");
-+ return -1;
-+ }
-+ if (NEXT_ARG_OK()) {
-+ NEXT_ARG_FWD();
-+ if (!get_u32(&dscpstatemask, *argv, 0))
-+ NEXT_ARG_FWD(); /* was a statemask */
-+ } else {
-+ NEXT_ARG_FWD();
-+ }
-+ }
-+ }
-+
-+ /* cpmark has optional mask parameter, so the next arg might not */
-+ /* exist, or it might be the next option, or it may actually be a */
-+ /* 32bit mask */
-+ if (argc) {
-+ if (matches(*argv, "cpmark") == 0) {
-+ cpmarkmask = ~0;
-+ if (NEXT_ARG_OK()) {
-+ NEXT_ARG_FWD();
-+ if (!get_u32(&cpmarkmask, *argv, 0))
-+ NEXT_ARG_FWD(); /* was a mask */
-+ } else {
-+ NEXT_ARG_FWD();
-+ }
-+ }
-+ }
-+
-+ if (argc) {
-+ if (matches(*argv, "zone") == 0) {
-+ NEXT_ARG();
-+ if (get_u16(&zone, *argv, 10)) {
-+ fprintf(stderr, "ctinfo: Illegal \"zone\"\n");
-+ return -1;
-+ }
-+ NEXT_ARG_FWD();
-+ }
-+ }
-+
-+ parse_action_control_dflt(&argc, &argv, &sel.action,
-+ false, TC_ACT_PIPE);
-+
-+ if (argc) {
-+ if (matches(*argv, "index") == 0) {
-+ NEXT_ARG();
-+ if (get_u32(&sel.index, *argv, 10)) {
-+ fprintf(stderr, "ctinfo: Illegal \"index\"\n");
-+ return -1;
-+ }
-+ NEXT_ARG_FWD();
-+ }
-+ }
-+
-+ if (dscpmask & dscpstatemask) {
-+ fprintf(stderr,
-+ "ctinfo: dscp mask & statemask must NOT overlap\n");
-+ return -1;
-+ }
-+
-+ i = ffs(dscpmask);
-+ if (i && ((~0 & (dscpmask >> (i - 1))) != 0x3f)) {
-+ fprintf(stderr,
-+ "ctinfo: dscp mask must be 6 contiguous bits long\n");
-+ return -1;
-+ }
-+
-+ tail = addattr_nest(n, MAX_MSG, tca_id);
-+ addattr_l(n, MAX_MSG, TCA_CTINFO_ACT, &sel, sizeof(sel));
-+ addattr16(n, MAX_MSG, TCA_CTINFO_ZONE, zone);
-+
-+ if (dscpmask)
-+ addattr32(n, MAX_MSG,
-+ TCA_CTINFO_PARMS_DSCP_MASK, dscpmask);
-+
-+ if (dscpstatemask)
-+ addattr32(n, MAX_MSG,
-+ TCA_CTINFO_PARMS_DSCP_STATEMASK, dscpstatemask);
-+
-+ if (cpmarkmask)
-+ addattr32(n, MAX_MSG,
-+ TCA_CTINFO_PARMS_CPMARK_MASK, cpmarkmask);
-+
-+ addattr_nest_end(n, tail);
-+
-+ *argc_p = argc;
-+ *argv_p = argv;
-+ return 0;
-+}
-+
-+static void print_ctinfo_stats(FILE *f, struct rtattr *tb[TCA_CTINFO_MAX + 1])
-+{
-+ struct tcf_t *tm;
-+
-+ if (tb[TCA_CTINFO_TM]) {
-+ tm = RTA_DATA(tb[TCA_CTINFO_TM]);
-+
-+ print_tm(f, tm);
-+ }
-+
-+ if (tb[TCA_CTINFO_STATS_DSCP_SET])
-+ print_lluint(PRINT_ANY, "dscpset", " DSCP set %llu",
-+ rta_getattr_u64(tb[TCA_CTINFO_STATS_DSCP_SET]));
-+ if (tb[TCA_CTINFO_STATS_DSCP_ERROR])
-+ print_lluint(PRINT_ANY, "dscperror", " error %llu",
-+ rta_getattr_u64(tb[TCA_CTINFO_STATS_DSCP_ERROR]));
-+
-+ if (tb[TCA_CTINFO_STATS_CPMARK_SET])
-+ print_lluint(PRINT_ANY, "cpmarkset", " CPMARK set %llu",
-+ rta_getattr_u64(tb[TCA_CTINFO_STATS_CPMARK_SET]));
-+}
-+
-+static int print_ctinfo(struct action_util *au, FILE *f, struct rtattr *arg)
-+{
-+ unsigned int cpmarkmask = ~0, dscpmask = 0, dscpstatemask = 0;
-+ struct rtattr *tb[TCA_CTINFO_MAX + 1];
-+ unsigned short zone = 0;
-+ struct tc_ctinfo *ci;
-+
-+ if (arg == NULL)
-+ return -1;
-+
-+ parse_rtattr_nested(tb, TCA_CTINFO_MAX, arg);
-+ if (!tb[TCA_CTINFO_ACT]) {
-+ print_string(PRINT_FP, NULL, "%s",
-+ "[NULL ctinfo action parameters]");
-+ return -1;
-+ }
-+
-+ ci = RTA_DATA(tb[TCA_CTINFO_ACT]);
-+
-+ if (tb[TCA_CTINFO_PARMS_DSCP_MASK]) {
-+ if (RTA_PAYLOAD(tb[TCA_CTINFO_PARMS_DSCP_MASK]) >=
-+ sizeof(__u32))
-+ dscpmask = rta_getattr_u32(
-+ tb[TCA_CTINFO_PARMS_DSCP_MASK]);
-+ else
-+ print_string(PRINT_FP, NULL, "%s",
-+ "[invalid dscp mask parameter]");
-+ }
-+
-+ if (tb[TCA_CTINFO_PARMS_DSCP_STATEMASK]) {
-+ if (RTA_PAYLOAD(tb[TCA_CTINFO_PARMS_DSCP_STATEMASK]) >=
-+ sizeof(__u32))
-+ dscpstatemask = rta_getattr_u32(
-+ tb[TCA_CTINFO_PARMS_DSCP_STATEMASK]);
-+ else
-+ print_string(PRINT_FP, NULL, "%s",
-+ "[invalid dscp statemask parameter]");
-+ }
-+
-+ if (tb[TCA_CTINFO_PARMS_CPMARK_MASK]) {
-+ if (RTA_PAYLOAD(tb[TCA_CTINFO_PARMS_CPMARK_MASK]) >=
-+ sizeof(__u32))
-+ cpmarkmask = rta_getattr_u32(
-+ tb[TCA_CTINFO_PARMS_CPMARK_MASK]);
-+ else
-+ print_string(PRINT_FP, NULL, "%s",
-+ "[invalid cpmark mask parameter]");
-+ }
-+
-+ if (tb[TCA_CTINFO_ZONE] && RTA_PAYLOAD(tb[TCA_CTINFO_ZONE]) >=
-+ sizeof(__u16))
-+ zone = rta_getattr_u16(tb[TCA_CTINFO_ZONE]);
-+
-+ print_string(PRINT_ANY, "kind", "%s ", "ctinfo");
-+ print_hu(PRINT_ANY, "zone", "zone %u", zone);
-+ print_action_control(f, " ", ci->action, "");
-+
-+ print_string(PRINT_FP, NULL, "%s", _SL_);
-+ print_uint(PRINT_ANY, "index", "\t index %u", ci->index);
-+ print_int(PRINT_ANY, "ref", " ref %d", ci->refcnt);
-+ print_int(PRINT_ANY, "bind", " bind %d", ci->bindcnt);
-+
-+ if (tb[TCA_CTINFO_PARMS_DSCP_MASK]) {
-+ print_0xhex(PRINT_ANY, "dscpmask", " dscp %#010llx", dscpmask);
-+ print_0xhex(PRINT_ANY, "dscpstatemask", " %#010llx",
-+ dscpstatemask);
-+ }
-+
-+ if (tb[TCA_CTINFO_PARMS_CPMARK_MASK])
-+ print_0xhex(PRINT_ANY, "cpmark", " cpmark %#010llx",
-+ cpmarkmask);
-+
-+ if (show_stats)
-+ print_ctinfo_stats(f, tb);
-+
-+ print_string(PRINT_FP, NULL, "%s", _SL_);
-+
-+ return 0;
-+}
-+
-+struct action_util ctinfo_action_util = {
-+ .id = "ctinfo",
-+ .parse_aopt = parse_ctinfo,
-+ .print_aopt = print_ctinfo,
-+};
diff --git a/package/network/utils/iproute2/patches/135-sync-iptables-header.patch b/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
deleted file mode 100644
index bba90e69ab..0000000000
--- a/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-Description: Sync header from iptables
- The current versions in several suites have the same content:
- - 1.6.1-2 (unstable)
-Bug: https://bugs.debian.org/868059
-Forwarded: not-needed
-Author: Cyril Brulebois <cyril@debamax.com>
-Last-Update: 2017-11-22
---- a/include/xtables.h
-+++ b/include/xtables.h
-@@ -206,9 +206,24 @@ enum xtables_ext_flags {
- XTABLES_EXT_ALIAS = 1 << 0,
- };
-
-+struct xt_xlate;
-+
-+struct xt_xlate_mt_params {
-+ const void *ip;
-+ const struct xt_entry_match *match;
-+ int numeric;
-+ bool escape_quotes;
-+};
-+
-+struct xt_xlate_tg_params {
-+ const void *ip;
-+ const struct xt_entry_target *target;
-+ int numeric;
-+ bool escape_quotes;
-+};
-+
- /* Include file for additions: new matches and targets. */
--struct xtables_match
--{
-+struct xtables_match {
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
-@@ -270,6 +285,10 @@ struct xtables_match
- void (*x6_fcheck)(struct xt_fcheck_call *);
- const struct xt_option_entry *x6_options;
-
-+ /* Translate iptables to nft */
-+ int (*xlate)(struct xt_xlate *xl,
-+ const struct xt_xlate_mt_params *params);
-+
- /* Size of per-extension instance extra "global" scratch space */
- size_t udata_size;
-
-@@ -281,8 +300,7 @@ struct xtables_match
- unsigned int loaded; /* simulate loading so options are merged properly */
- };
-
--struct xtables_target
--{
-+struct xtables_target {
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
-@@ -347,6 +365,10 @@ struct xtables_target
- void (*x6_fcheck)(struct xt_fcheck_call *);
- const struct xt_option_entry *x6_options;
-
-+ /* Translate iptables to nft */
-+ int (*xlate)(struct xt_xlate *xl,
-+ const struct xt_xlate_tg_params *params);
-+
- size_t udata_size;
-
- /* Ignore these men behind the curtain: */
-@@ -407,6 +429,17 @@ struct xtables_globals
-
- #define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
-
-+/*
-+ * enum op-
-+ *
-+ * For writing clean nftables translations code
-+ */
-+enum xt_op {
-+ XT_OP_EQ,
-+ XT_OP_NEQ,
-+ XT_OP_MAX,
-+};
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
-@@ -549,6 +582,14 @@ extern void xtables_lmap_free(struct xta
- extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
- extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
-
-+/* xlate infrastructure */
-+struct xt_xlate *xt_xlate_alloc(int size);
-+void xt_xlate_free(struct xt_xlate *xl);
-+void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
-+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
-+const char *xt_xlate_get_comment(struct xt_xlate *xl);
-+const char *xt_xlate_get(struct xt_xlate *xl);
-+
- #ifdef XTABLES_INTERNAL
-
- /* Shipped modules rely on this... */