11 files changed, 40 insertions, 40 deletions
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 6dad4e02..3c68f8de 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -24,7 +24,7 @@ kinclude_CPPFLAGS  = @kinclude_CPPFLAGS@
 AM_CFLAGS       = ${regular_CFLAGS}
 AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include -I${top_srcdir} ${kinclude_CPPFLAGS} ${CPPFLAGS} @libnetfilter_conntrack_CFLAGS@ @libnftnl_CFLAGS@
 AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
-AM_LDFLAGS      = @noundef_LDFLAGS@
+AM_LDFLAGS      = @noundef_LDFLAGS@ @regular_LDFLAGS@
 
 ifeq (${V},)
 AM_LIBTOOL_SILENT = --silent
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index c6c31727..97cb3baa 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -12,12 +12,17 @@
 :INPUT
 -i foobar;=;OK
 -o foobar;=;FAIL
+--logical-in br0;=;OK
+--logical-out br1;=;FAIL
 :FORWARD
 -i foobar;=;OK
 -o foobar;=;OK
+--logical-in br0 --logical-out br1;=;OK
 :OUTPUT
 -i foobar;=;FAIL
 -o foobar;=;OK
+--logical-in br0;=;FAIL
+--logical-out br1;=;OK
 :PREROUTING
 *nat
 -i foobar;=;OK
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 64018ce1..08dba42d 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
 
 static void
 conntrack_dump_ports(const char *prefix, const char *opt,
-		     u_int16_t port_low, u_int16_t port_high)
+		     uint16_t port_low, uint16_t port_high)
 {
 	if (port_high == 0 || port_low == port_high)
 		printf(" %s%s %u", prefix, opt, port_low);
@@ -1289,9 +1289,6 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl,
 	}
 
 	if (sinfo->match_flags & XT_CONNTRACK_ORIGSRC) {
-		if (&sinfo->origsrc_addr == 0L)
-			return 0;
-
 		xt_xlate_add(xl, "%sct original saddr %s", space,
 			     sinfo->invert_flags & XT_CONNTRACK_ORIGSRC ?
 			     "!= " : "");
@@ -1301,9 +1298,6 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl,
 	}
 
 	if (sinfo->match_flags & XT_CONNTRACK_ORIGDST) {
-		if (&sinfo->origdst_addr == 0L)
-			return 0;
-
 		xt_xlate_add(xl, "%sct original daddr %s", space,
 			     sinfo->invert_flags & XT_CONNTRACK_ORIGDST ?
 			     "!= " : "");
@@ -1313,9 +1307,6 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl,
 	}
 
 	if (sinfo->match_flags & XT_CONNTRACK_REPLSRC) {
-		if (&sinfo->replsrc_addr == 0L)
-			return 0;
-
 		xt_xlate_add(xl, "%sct reply saddr %s", space,
 			     sinfo->invert_flags & XT_CONNTRACK_REPLSRC ?
 			     "!= " : "");
@@ -1325,9 +1316,6 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl,
 	}
 
 	if (sinfo->match_flags & XT_CONNTRACK_REPLDST) {
-		if (&sinfo->repldst_addr == 0L)
-			return 0;
-
 		xt_xlate_add(xl, "%sct reply daddr %s", space,
 			     sinfo->invert_flags & XT_CONNTRACK_REPLDST ?
 			     "!= " : "");
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index a4c5415f..3fb6cf1a 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -112,9 +112,13 @@ static const struct sctp_chunk_names sctp_chunk_names[]
     { .name = "ECN_ECNE",	.chunk_type = 12,  .valid_flags = "--------", .nftname = "ecne" },
     { .name = "ECN_CWR",	.chunk_type = 13,  .valid_flags = "--------", .nftname = "cwr" },
     { .name = "SHUTDOWN_COMPLETE", .chunk_type = 14,  .valid_flags = "-------T", .nftname = "shutdown-complete" },
+    { .name = "I_DATA",		.chunk_type = 64,   .valid_flags = "----IUBE", .nftname = "i-data"},
+    { .name = "RE_CONFIG",	.chunk_type = 130,  .valid_flags = "--------", .nftname = "re-config"},
+    { .name = "PAD",		.chunk_type = 132,  .valid_flags = "--------", .nftname = "pad"},
     { .name = "ASCONF",		.chunk_type = 193,  .valid_flags = "--------", .nftname = "asconf" },
     { .name = "ASCONF_ACK",	.chunk_type = 128,  .valid_flags = "--------", .nftname = "asconf-ack" },
     { .name = "FORWARD_TSN",	.chunk_type = 192,  .valid_flags = "--------", .nftname = "forward-tsn" },
+    { .name = "I_FORWARD_TSN",	.chunk_type = 194,  .valid_flags = "--------", .nftname = "i-forward-tsn" },
 };
 
 static void
diff --git a/extensions/libxt_sctp.man b/extensions/libxt_sctp.man
index 3e5ffa09..06da04f8 100644
--- a/extensions/libxt_sctp.man
+++ b/extensions/libxt_sctp.man
@@ -19,12 +19,14 @@ Match if any of the given chunk types is present with given flags.
 only
 Match if only the given chunk types are present with given flags and none are missing.
 
-Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN
+Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE I_DATA RE_CONFIG PAD ASCONF ASCONF_ACK FORWARD_TSN I_FORWARD_TSN
 
 chunk type            available flags      
 .br
 DATA                  I U B E i u b e
 .br
+I_DATA                I U B E i u b e
+.br
 ABORT                 T t                 
 .br
 SHUTDOWN_COMPLETE     T t                 
diff --git a/extensions/libxt_sctp.t b/extensions/libxt_sctp.t
index 4016e4fb..4d3b113d 100644
--- a/extensions/libxt_sctp.t
+++ b/extensions/libxt_sctp.t
@@ -27,3 +27,7 @@
 -p sctp -m sctp --chunk-types all ASCONF_ACK;=;OK
 -p sctp -m sctp --chunk-types all FORWARD_TSN;=;OK
 -p sctp -m sctp --chunk-types all SHUTDOWN_COMPLETE;=;OK
+-p sctp -m sctp --chunk-types all I_DATA;=;OK
+-p sctp -m sctp --chunk-types all RE_CONFIG;=;OK
+-p sctp -m sctp --chunk-types all PAD;=;OK
+-p sctp -m sctp --chunk-types all I_FORWARD_TSN;=;OK
diff --git a/extensions/libxt_sctp.txlate b/extensions/libxt_sctp.txlate
index bb817525..6443abf9 100644
--- a/extensions/libxt_sctp.txlate
+++ b/extensions/libxt_sctp.txlate
@@ -41,4 +41,4 @@ iptables-translate -A INPUT -p sctp --chunk-types all INIT,DATA:iUbE,SACK,ABORT:
 nft add rule ip filter INPUT sctp chunk data flags & 0xf == 0x5 sctp chunk init exists sctp chunk sack exists sctp chunk abort flags & 0x1 == 0x1 counter accept
 
 iptables-translate -A INPUT -p sctp --chunk-types only SHUTDOWN_COMPLETE -j ACCEPT
-nft add rule ip filter INPUT sctp chunk data missing sctp chunk init missing sctp chunk init-ack missing sctp chunk sack missing sctp chunk heartbeat missing sctp chunk heartbeat-ack missing sctp chunk abort missing sctp chunk shutdown missing sctp chunk shutdown-ack missing sctp chunk error missing sctp chunk cookie-echo missing sctp chunk cookie-ack missing sctp chunk ecne missing sctp chunk cwr missing sctp chunk shutdown-complete exists sctp chunk asconf missing sctp chunk asconf-ack missing sctp chunk forward-tsn missing counter accept
+nft add rule ip filter INPUT sctp chunk data missing sctp chunk init missing sctp chunk init-ack missing sctp chunk sack missing sctp chunk heartbeat missing sctp chunk heartbeat-ack missing sctp chunk abort missing sctp chunk shutdown missing sctp chunk shutdown-ack missing sctp chunk error missing sctp chunk cookie-echo missing sctp chunk cookie-ack missing sctp chunk ecne missing sctp chunk cwr missing sctp chunk shutdown-complete exists sctp chunk i-data missing sctp chunk re-config missing sctp chunk pad missing sctp chunk asconf missing sctp chunk asconf-ack missing sctp chunk forward-tsn missing sctp chunk i-forward-tsn missing counter accept
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 16921023..a2137ab1 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -22,6 +22,12 @@
 #include <linux/netfilter/xt_set.h>
 #include "libxt_set.h"
 
+#ifdef DEBUG
+#define DEBUGP(x, args...) fprintf(stderr, x, ## args)
+#else
+#define DEBUGP(x, args...)
+#endif
+
 /* Revision 0 */
 
 static void
diff --git a/extensions/libxt_set.h b/extensions/libxt_set.h
index ad895a75..597bf7eb 100644
--- a/extensions/libxt_set.h
+++ b/extensions/libxt_set.h
@@ -6,7 +6,6 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <errno.h>
-#include "../iptables/xshared.h"
 
 static int
 get_version(unsigned *version)
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 739a8e7f..5d72a5cd 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -78,14 +78,13 @@ static void string_init(struct xt_entry_match *m)
 
 static void
 parse_string(const char *s, struct xt_string_info *info)
-{	
+{
 	/* xt_string does not need \0 at the end of the pattern */
-	if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
-		memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
-		info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
-		return;
-	}
-	xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
+	if (strlen(s) > sizeof(info->pattern))
+		xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
+
+	info->patlen = strnlen(s, sizeof(info->pattern));
+	memcpy(info->pattern, s, info->patlen);
 }
 
 static void
@@ -269,7 +268,7 @@ string_print(const void *ip, const struct xt_entry_match *match, int numeric)
 	printf(" ALGO name %s", info->algo);
 	if (info->from_offset != 0)
 		printf(" FROM %u", info->from_offset);
-	if (info->to_offset != 0)
+	if (info->to_offset != UINT16_MAX)
 		printf(" TO %u", info->to_offset);
 	if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
 		printf(" ICASE");
@@ -293,7 +292,7 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
 	printf(" --algo %s", info->algo);
 	if (info->from_offset != 0)
 		printf(" --from %u", info->from_offset);
-	if (info->to_offset != 0)
+	if (info->to_offset != UINT16_MAX)
 		printf(" --to %u", info->to_offset);
 	if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
 		printf(" --icase");
diff --git a/extensions/libxt_string.t b/extensions/libxt_string.t
index d68f099d..2f4b30cb 100644
--- a/extensions/libxt_string.t
+++ b/extensions/libxt_string.t
@@ -1,18 +1,11 @@
 :INPUT,FORWARD,OUTPUT
-# ERROR: cannot find: iptables -I INPUT -m string --algo bm --string "test"
-# -m string --algo bm --string "test";=;OK
-# ERROR: cannot find: iptables -I INPUT -m string --algo kmp --string "test")
-# -m string --algo kmp --string "test";=;OK
-# ERROR: cannot find: iptables -I INPUT -m string --algo kmp ! --string "test"
-# -m string --algo kmp ! --string "test";=;OK
-# cannot find: iptables -I INPUT -m string --algo bm --string "xxxxxxxxxxx" ....]
-# -m string --algo bm --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";=;OK
-# ERROR: cannot load: iptables -A INPUT -m string --algo bm --string "xxxx"
-# -m string --algo bm --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";=;OK
-# ERROR: cannot load: iptables -A INPUT -m string --algo bm --hexstring "|0a0a0a0a|"
-# -m string --algo bm --hexstring "|0a0a0a0a|";=;OK
-# ERROR: cannot find: iptables -I INPUT -m string --algo bm --from 0 --to 65535 --string "test"
-# -m string --algo bm --from 0 --to 65535 --string "test";=;OK
+-m string --algo bm --string "test";-m string --string "test" --algo bm;OK
+-m string --string "test" --algo kmp;=;OK
+-m string ! --string "test" --algo kmp;=;OK
+-m string --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --algo bm;=;OK
+-m string --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --algo bm;;FAIL
+-m string --hex-string "|0a0a0a0a|" --algo bm;=;OK
+-m string --algo bm --from 0 --to 65535 --string "test";-m string --string "test" --algo bm;OK
 -m string --algo wrong;;FAIL
 -m string --algo bm;;FAIL
 -m string;;FAIL