[iptables PATCH] xtables: Accept --wait in iptables-nft-restore

Passing --wait option to iptables-nft-restore led to program abort because the flag parameter was not skipped. Mimick iptables-restore behaviour when encountering --wait or --wait-interval options (but still ignore the parameter). Fixes: b9d7b49d84bc2 ("xtables-compat: restore: sync options with

[PATCH nft 5/5] src: add ipsec (xfrm) expression

From: Máté Eckl This allows matching on ipsec tunnel/beet addresses in xfrm state associated with a packet, ipsec request id and the SPI. Examples: ipsec in ip saddr 192.168.1.0/24 ipsec out ip6 daddr @endpoints ipsec in spi 1-65536 Joint work with Máté Eckl. Cc: Máté Eckl Signed-off-by:

[PATCH libnftnl 2/5] expr: add xfrm support

Signed-off-by: Florian Westphal --- include/libnftnl/expr.h | 8 + include/linux/netfilter/nf_tables.h | 29 src/Makefile.am | 1 + src/expr/xfrm.c | 325 src/expr_ops.c | 2

[PATCH nft 4/5] src: rename meta secpath to meta ipsec

for symmetry with 'rt ipsec'. "meta secpath" still works. Signed-off-by: Florian Westphal --- doc/primary-expression.txt | 6 +++--- src/meta.c | 5 - src/parser_bison.y | 1 + tests/py/inet/meta.t | 4 ++-- tests/py/inet/meta.t.payload | 2 +- 5 files