On Sat, Jul 27, 2024 at 11:36:34PM +0200, Phil Sutter wrote: > With my fix for flushing non-existent chains I inadvertently turned > chain flushes into nops and broke iptables-restore with input containing > a flush early before other commands. The shell testsuite clearly > identified all these issues, but I had tested only the problem case. > This is fixed by patch 2 with patch 1 as basic work. > > Patches 3-7 fix other issues I stumbled upon when working on some > approach for forward-compatibility. > > The remaining patches are not strictly fixes but trivial enough to just > go along with the rest. > > Phil Sutter (14): > nft: cache: Annotate faked base chains as such > nft: Fix for zeroing existent builtin chains > extensions: recent: Fix format string for unsigned values > extensions: conntrack: Use the right callbacks > nft: cmd: Init struct nft_cmd::head early > nft: Add potentially missing init_cs calls > arptables: Fix conditional opcode/proto-type printing > xshared: Do not omit all-wildcard interface spec when inverted > extensions: conntrack: Reuse print_state() for old state match > xshared: Make save_iface() static > xshared: Move NULL pointer check into save_iface() > libxtables: Debug: Slightly improve extension ordering debugging > arptables: Introduce print_iface() > ebtables: Omit all-wildcard interface specs from output Series applied.
