From e9c99e0f7f02e94d8e8ca3da4429f5221684c305 Mon Sep 17 00:00:00 2001 From: Etienne Champetier Date: Sun, 13 Mar 2022 00:24:13 -0500 Subject: iptables: backport missing init_extensions6() calls This fixes ip6tables-nft no being able to use built-in extensions like icmp6. Signed-off-by: Etienne Champetier --- package/network/utils/iptables/Makefile | 2 +- ...s-Call-init_extensions6-for-static-builds.patch | 68 ++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 package/network/utils/iptables/patches/001-xtables-Call-init_extensions6-for-static-builds.patch (limited to 'package') diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index f978173c9f..f8cf3ec6a5 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables PKG_VERSION:=1.8.7 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/network/utils/iptables/patches/001-xtables-Call-init_extensions6-for-static-builds.patch b/package/network/utils/iptables/patches/001-xtables-Call-init_extensions6-for-static-builds.patch new file mode 100644 index 0000000000..22ccfa533a --- /dev/null +++ b/package/network/utils/iptables/patches/001-xtables-Call-init_extensions6-for-static-builds.patch @@ -0,0 +1,68 @@ +From e727ccad036e2cdba3339536c65c7ceef43c0740 Mon Sep 17 00:00:00 2001 +From: Erik Wilson +Date: Tue, 13 Jul 2021 16:48:23 -0700 +Subject: [PATCH] xtables: Call init_extensions6() for static builds + +Initialize extensions from libext6 for cases where xtables is built statically. + +Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1550 +Signed-off-by: Erik Wilson +Signed-off-by: Florian Westphal +--- + iptables/xtables-monitor.c | 1 + + iptables/xtables-restore.c | 1 + + iptables/xtables-save.c | 1 + + iptables/xtables-standalone.c | 1 + + iptables/xtables-translate.c | 1 + + 5 files changed, 5 insertions(+) + +--- a/iptables/xtables-monitor.c ++++ b/iptables/xtables-monitor.c +@@ -628,6 +628,7 @@ int xtables_monitor_main(int argc, char + #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); ++ init_extensions6(); + #endif + + if (nft_init(&h, AF_INET, xtables_ipv4)) { +--- a/iptables/xtables-restore.c ++++ b/iptables/xtables-restore.c +@@ -364,6 +364,7 @@ xtables_restore_main(int family, const c + #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); ++ init_extensions6(); + #endif + break; + case NFPROTO_ARP: +--- a/iptables/xtables-save.c ++++ b/iptables/xtables-save.c +@@ -202,6 +202,7 @@ xtables_save_main(int family, int argc, + #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); ++ init_extensions6(); + #endif + tables = xtables_ipv4; + d.commit = true; +--- a/iptables/xtables-standalone.c ++++ b/iptables/xtables-standalone.c +@@ -57,6 +57,7 @@ xtables_main(int family, const char *pro + #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); ++ init_extensions6(); + #endif + + if (nft_init(&h, family, xtables_ipv4) < 0) { +--- a/iptables/xtables-translate.c ++++ b/iptables/xtables-translate.c +@@ -469,6 +469,7 @@ static int xtables_xlate_main_common(str + #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); ++ init_extensions6(); + #endif + tables = xtables_ipv4; + break; -- cgit v1.2.3