[PATCH xtables-addons] build: support for Linux 4.12

As a result of commit cc41c84b7e7f ("netfilter: kill the fake untracked conntrack objects") the helper nf_ct_is_untracked always returns false and commit ab8bc7ed864b ("netfilter: remove nf_ct_is_untracked") removes it all together. Signed-off-by: Ralph Sennhauser ---

[PATCH nf] netfilter: nf_tables: can't assume lock is acquired when dumping set elems

From: Liping Zhang When dumping the elements related to a specified set, we may invoke the nf_tables_dump_set with the NFNL_SUBSYS_NFTABLES lock not acquired. So we should use the proper rcu operation to avoid race condition, just like other nft dump operations.

[PATCH nft] src: delete the old cache when dumping is interrupted

From: Liping Zhang When the dumping operation is interrupted, we will restart the cache_init(), but unfortunatly, we forget to delete the old cache. So in extreme case, we will leak a huge amount of memory. Running the following commands can simulate the extreme case: #