7 files changed, 0 insertions, 769 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 88c7e1d7ee42..5b0d7b0a59e5 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,25 +1,15 @@
 AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f6d68662f1191ff73d2a43a1bf49fb795f3763705f8aeb0a4f22cab0006a943e01adb188f1ef9eb05125dfdbd SHA512 a14e48f014f75c7e611bf2a653d9760804754febd1ae4543f78abbfbe60c79f5aa07c5fd53fe26bb74b48fcb8cb8aa78274771212e41c42db031e8c8ba7e81d2
 AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e
 AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677
-AUX nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch 1062 BLAKE2B 65306c5f920c6179ebd064737a1713d0af7f94ca3b813aa19a1abe5162f88d5507d290fdbdcb05729a83bf1c7d36bc0a61252b224b44896722a89e71982ec8bf SHA512 1d2fed0ca10ee5f7beab94808a73a0002ec6ba63deaa44ab87fdd97d869f0da776ce6c09834d9c6bc7393ae80aca7a326ab1e8df0b122ad016cba5627fd4fffa
-AUX nftables-1.0.2-compilation.patch 1188 BLAKE2B 524298dbe639ee9c613d9314cd6ad10abe058534bc6fd1773aeab14fc76103247817ff472e4c7b03e5d2adda5ce84172bb98aac548d432e64f61222d85c6f43c SHA512 d438ec732840eeddfb123e184d00e7b54590e85004a7e89bbacfac48602e36b5082f29a3848ed54769f5155b162beeda7eee58f788fc917dfb598e1ad986694d
-AUX nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch 960 BLAKE2B d37f4f2dd72268303170d5d1af1a52e922724fc578afbaf85d05eb5f7beaef3cb67cff37f324cb2adb5b41a7e9b656c51142e6c122a8ea8ecae3ede84e46f7ff SHA512 e1a4da28d62bb09b1e4acdbb3acef211b640715ed0aae93c5206debc3dd2367385aa0c06a9f9a94297c21fb25d659d3e3d51463261d9e4eef269c2c450f0f4e1
-AUX nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch 8917 BLAKE2B f520876282dfe97b27b8cc806cce3bce15051acc45427e2a5d399cf2980f23c0b989ef57df1c85af34abe7cebf74288927fdeab95a0be10b4070e12951ee858a SHA512 f51f47d6fb3ca84a6a7f540e0b240c4d1eeb793a1066113a4b1653d38d9fa37ac99017d4131be73791d241ae6cbde3956b38e282b5540fce9ce81b9ad0e65d8f
 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602
 AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3
 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144
 AUX nftables.init-r1 2279 BLAKE2B 1c4c28ea5b6a22905b3ec7de8e54726933b579352ecd799b7641384a138ffa2d4a2deb87d84ef5d75a43ae30759f1550d611c2560096bb5083cae9bb834be2bb SHA512 2165223bfd4f300b9cc01f604347fc5167f68515174b0d116b667bd05f4baf8c2f931e482f632975a8be371c2147951d9407f397ea4dbcbac79a6738cbd23015
 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0
-DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca
-DIST nftables-1.0.2.tar.bz2.sig 566 BLAKE2B 5b7a20b28c274a950b718e2e14313772707b6bdc3f4519f747350593c1eb3bfbcf8c5dd9ae7d5aa0488c5cde9af8b58e05349c75e8a8246c5634303a331f9d98 SHA512 9be59d771833ac315fd52cffe7074ed9d49fbf592aec8d94500bbc7cc1f44dcb54b3815c46831a5e7e4c4770901cbdd6b8ffc5aa8d8cb7e064ec1c8453d890f1
-DIST nftables-1.0.4.tar.bz2 979540 BLAKE2B 1b2c596245cb7f1bc574250d13b9ff6f424f98e98d5955befadb83ea0a71acc6524b066e39f1e9d151f3946b690b2dee45b7d416347371f88911c8d6a9de047e SHA512 7d96c791365d399b3b930a1f9d6c6aa4a8c2180c258bb5163d9d62ea4d094857e2ebb20fc3ef13b89f449f216d0a291d3bcf288704f1e3bd3ceb51b6cadf8215
-DIST nftables-1.0.4.tar.bz2.sig 566 BLAKE2B 1ac42a2eb678abcc21d01bbaf5f9a3af3f4c49fa1f0732f2522d3da14e94aacbb12075650d2786224f8fef869fcdc94a1463bd76272aa44fc50ea31a8ebae1bf SHA512 2d2acd4810c1ede844e1eac81a5480866ad40ae71dfcf92d166fd9295290adff70d35d7de8cf1ec81ab63d184b221419ff144bc7010e18884afa992173723af8
 DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b43b7f4f9bff9f7fb46928c6c7eee5a6f07150c404f7cf42f5a1d2e980860a4dd2589b99773179e019a093c42cfa SHA512 51cbf10579db7eed58f4358044840f2ce1bffe84533c5fb03e0ebcc702970856455576ac793169c94d38a9f8148e33631ad91444e54a8be189d93af7c27feb9a
 DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511
 DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119
 DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93
-EBUILD nftables-1.0.2-r1.ebuild 5163 BLAKE2B 02bacad62aea322b42251fb73ea3e23e061167ae5bde03f751231db9b33f3d85cb8a8b0b28038140264092c2a1776e0a4c9b0a464775a0e30c57cc988ac09a36 SHA512 2b55eb2c17686e13ddde19d4da06d0ac1efe09500fd62cc205fcf95d9977f7d2478369aec51e2455aed69c49869afcc54badd08bc3c4bcf26d58972d095c8aa8
-EBUILD nftables-1.0.4-r2.ebuild 6033 BLAKE2B 146c896057b823592e367319da736f1308b505089b64b5959b8dbc8987a0e2c8d9af94cabd19c339d3c3f97dcac20e68b329d26b5ef38c9aed4fce68cda2ba1c SHA512 daae97981fcc9b60c89b0134da5d49c068ba333301d94c4674f2beea640161282dc408fc8783671eed3879806bbc41ce0bc46862df80dac0d6b8711eacf77afa
 EBUILD nftables-1.0.5.ebuild 5944 BLAKE2B 1b229a8f663b6deac5e0e128df643ee0f692cf57b56de55c15bd89a077f7dea77ffeb912105c1143140d04753c99e92407114fc38948448b77f8a00d4ec20af5 SHA512 8ed956950eb5483d60dc7b7f69d05bbebe10e88dfdbd2eea899745497c2c4e9d8375d1eb7625787a177059f694f3a81034c589c4a7fcd2775456720f391e7d4d
 EBUILD nftables-1.0.6.ebuild 5948 BLAKE2B d589efae99fcb836b4672cc7acb8660270589c06977b6877a486fc3cb355c5d71eb7e31913d498f966a5611d35eb34fe867ebb9c259d3c8af4567788b6642c2c SHA512 fc8f3fc879a8117d71ca21b1fe4c5a471aa70fc5ad482e58d0e198654ab564196325bde910466c63416285b8842e2988fa19fb64544da5502c08718db18333ff
 EBUILD nftables-9999.ebuild 5948 BLAKE2B d589efae99fcb836b4672cc7acb8660270589c06977b6877a486fc3cb355c5d71eb7e31913d498f966a5611d35eb34fe867ebb9c259d3c8af4567788b6642c2c SHA512 fc8f3fc879a8117d71ca21b1fe4c5a471aa70fc5ad482e58d0e198654ab564196325bde910466c63416285b8842e2988fa19fb64544da5502c08718db18333ff
diff --git a/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
deleted file mode 100644
index 41c3de5bc83b..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-https://git.netfilter.org/nftables/commit/src?id=1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f
-
-From: Sam James <sam@gentoo.org>
-Date: Thu, 24 Feb 2022 19:45:43 +0000
-Subject: build: explicitly pass --version-script to linker
-
---version-script is a linker option, so let's use -Wl, so that
-libtool handles it properly. It seems like the previous method gets silently
-ignored with GNU libtool in some cases(?) and downstream in Gentoo,
-we had to apply this change to make the build work with slibtool anyway.
-
-But it's indeed correct in any case, so let's swap.
-
-Signed-off-by: Sam James <sam@gentoo.org>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
- 
- libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
- libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
--			 --version-script=$(srcdir)/libnftables.map
-+			 -Wl,--version-script=$(srcdir)/libnftables.map
- 
- if BUILD_MINIGMP
- noinst_LTLIBRARIES += libminigmp.la
-cgit v1.2.3
diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
deleted file mode 100644
index 96670c1d9531..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3
-
-From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 22 Feb 2022 00:56:36 +0100
-Subject: examples: compile with `make check' and add AM_CPPFLAGS
-
-Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
-specify local headers via -I.
-
-Unfortunately, `make distcheck' did not catch this compile time error in
-my system, since it was using the nftables/libnftables.h file of the
-previous nftables release.
-
-Fixes: 5b364657a35f ("build: missing SUBIRS update")
-Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- examples/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/examples/Makefile.am b/examples/Makefile.am
-index c972170d..3b8b0b67 100644
---- a/examples/Makefile.am
-+++ b/examples/Makefile.am
-@@ -1,4 +1,6 @@
--noinst_PROGRAMS	= nft-buffer		\
-+check_PROGRAMS	= nft-buffer		\
- 		  nft-json-file
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/include
-+
- LDADD = $(top_builddir)/src/libnftables.la
--- 
-cgit v1.2.3
-
diff --git a/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
deleted file mode 100644
index 09841d482222..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://git.netfilter.org/nftables/commit/src?id=e98a9b83cd52c7c75bedb3dad46539b197ed17ba
-
-From: Sam James <sam@gentoo.org>
-Date: Thu, 24 Feb 2022 19:45:42 +0000
-Subject: libnftables.map: export new nft_ctx_{get,set}_optimize API
-
-[ Remove incorrect symbol names were exported via .map file ]
-
-Without this, we're not explicitly saying this is part of the
-public API.
-
-This new API was added in 1.0.2 and is used by e.g. the main
-nft binary. Noticed when fixing the version-script option
-(separate patch) which picked up this problem when .map
-was missing symbols (related to when symbol visibility
-options get set).
-
-Signed-off-by: Sam James <sam@gentoo.org>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/src/libnftables.map
-+++ b/src/libnftables.map
-@@ -30,6 +30,6 @@ LIBNFTABLES_2 {
- } LIBNFTABLES_1;
- 
- LIBNFTABLES_3 {
--  nft_set_optimize;
--  nft_get_optimize;
-+  nft_ctx_set_optimize;
-+  nft_ctx_get_optimize;
- } LIBNFTABLES_2;
-cgit v1.2.3
diff --git a/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch b/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch
deleted file mode 100644
index db58602bb4e6..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch
+++ /dev/null
@@ -1,252 +0,0 @@
-From 638af0ceb2b22307098bb2730822e148ef0b9424 Mon Sep 17 00:00:00 2001
-From: Florian Westphal <fw@strlen.de>
-Date: Fri, 10 Jun 2022 13:01:46 +0200
-Subject: Revert "scanner: flags: move to own scope"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Excess nesting of scanner scopes is very fragile and error prone:
-
-rule `iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop`
-fails with `Error: No symbol type information` hinting at `prefix`
-
-Problem is that we nest via:
- counter
-   limit
-     log
-    flags
-
-By the time 'prefix' is scanned, state is still stuck in 'counter' due
-to this nesting.  Working around "prefix" isn't enough, any other
-keyword, e.g. "level" in 'flags all level debug' will be parsed as 'string' too.
-
-So, revert this.
-
-Fixes: a16697097e2b ("scanner: flags: move to own scope")
-Reported-by: Christian Göttsche <cgzones@googlemail.com>
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- include/parser.h                  |  1 -
- src/parser_bison.y                | 29 ++++++++++++++---------------
- src/scanner.l                     | 18 +++++++-----------
- tests/shell/testcases/parsing/log | 10 ++++++++++
- 4 files changed, 31 insertions(+), 27 deletions(-)
- create mode 100755 tests/shell/testcases/parsing/log
-
-diff --git a/include/parser.h b/include/parser.h
-index f32154cc..d8d2eb11 100644
---- a/include/parser.h
-+++ b/include/parser.h
-@@ -35,7 +35,6 @@ enum startcond_type {
- 	PARSER_SC_CT,
- 	PARSER_SC_COUNTER,
- 	PARSER_SC_ETH,
--	PARSER_SC_FLAGS,
- 	PARSER_SC_ICMP,
- 	PARSER_SC_IGMP,
- 	PARSER_SC_IP,
-diff --git a/src/parser_bison.y b/src/parser_bison.y
-index ca5c488c..2a0240fb 100644
---- a/src/parser_bison.y
-+++ b/src/parser_bison.y
-@@ -942,7 +942,6 @@ close_scope_esp		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); }
- close_scope_eth		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_ETH); };
- close_scope_export	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_EXPORT); };
- close_scope_fib		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FIB); };
--close_scope_flags	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_FLAGS); };
- close_scope_frag	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FRAG); };
- close_scope_fwd		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_FWD); };
- close_scope_hash	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
-@@ -1679,7 +1678,7 @@ table_block_alloc	:	/* empty */
- 			}
- 			;
- 
--table_options		:	FLAGS		STRING	close_scope_flags
-+table_options		:	FLAGS		STRING
- 			{
- 				if (strcmp($2, "dormant") == 0) {
- 					$<table>0->flags |= TABLE_F_DORMANT;
-@@ -1946,7 +1945,7 @@ set_block		:	/* empty */	{ $$ = $<set>-1; }
- 				datatype_set($1->key, $3->dtype);
- 				$$ = $1;
- 			}
--			|	set_block	FLAGS		set_flag_list	stmt_separator	close_scope_flags
-+			|	set_block	FLAGS		set_flag_list	stmt_separator
- 			{
- 				$1->flags = $3;
- 				$$ = $1;
-@@ -2080,7 +2079,7 @@ map_block		:	/* empty */	{ $$ = $<set>-1; }
- 				$1->flags  |= NFT_SET_OBJECT;
- 				$$ = $1;
- 			}
--			|	map_block	FLAGS		set_flag_list	stmt_separator	close_scope_flags
-+			|	map_block	FLAGS		set_flag_list	stmt_separator
- 			{
- 				$1->flags |= $3;
- 				$$ = $1;
-@@ -2153,7 +2152,7 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
- 			{
- 				$$->flags |= NFT_FLOWTABLE_COUNTER;
- 			}
--			|	flowtable_block	FLAGS	OFFLOAD	stmt_separator	close_scope_flags
-+			|	flowtable_block	FLAGS	OFFLOAD	stmt_separator
- 			{
- 				$$->flags |= FLOWTABLE_F_HW_OFFLOAD;
- 			}
-@@ -2520,7 +2519,7 @@ dev_spec		:	DEVICE	string
- 			|	/* empty */		{ $$ = NULL; }
- 			;
- 
--flags_spec		:	FLAGS		OFFLOAD	close_scope_flags
-+flags_spec		:	FLAGS		OFFLOAD
- 			{
- 				$<chain>0->flags |= CHAIN_F_HW_OFFLOAD;
- 			}
-@@ -3126,7 +3125,7 @@ log_arg			:	PREFIX			string
- 				$<stmt>0->log.level	= $2;
- 				$<stmt>0->log.flags 	|= STMT_LOG_LEVEL;
- 			}
--			|	FLAGS			log_flags	close_scope_flags
-+			|	FLAGS			log_flags
- 			{
- 				$<stmt>0->log.logflags	|= $2;
- 			}
-@@ -3828,13 +3827,13 @@ queue_stmt		:	queue_stmt_compat	close_scope_queue
- 			{
- 				$$ = queue_stmt_alloc(&@$, $3, 0);
- 			}
--			|	QUEUE FLAGS	queue_stmt_flags close_scope_flags TO queue_stmt_expr close_scope_queue
-+			|	QUEUE FLAGS	queue_stmt_flags TO queue_stmt_expr close_scope_queue
- 			{
--				$$ = queue_stmt_alloc(&@$, $6, $3);
-+				$$ = queue_stmt_alloc(&@$, $5, $3);
- 			}
--			|	QUEUE	FLAGS	queue_stmt_flags close_scope_flags QUEUENUM queue_stmt_expr_simple close_scope_queue
-+			|	QUEUE	FLAGS	queue_stmt_flags QUEUENUM queue_stmt_expr_simple close_scope_queue
- 			{
--				$$ = queue_stmt_alloc(&@$, $6, $3);
-+				$$ = queue_stmt_alloc(&@$, $5, $3);
- 			}
- 			;
- 
-@@ -5501,7 +5500,7 @@ comp_hdr_expr		:	COMP	comp_hdr_field	close_scope_comp
- 			;
- 
- comp_hdr_field		:	NEXTHDR		{ $$ = COMPHDR_NEXTHDR; }
--			|	FLAGS	close_scope_flags	{ $$ = COMPHDR_FLAGS; }
-+			|	FLAGS		{ $$ = COMPHDR_FLAGS; }
- 			|	CPI		{ $$ = COMPHDR_CPI; }
- 			;
- 
-@@ -5562,7 +5561,7 @@ tcp_hdr_field		:	SPORT		{ $$ = TCPHDR_SPORT; }
- 			|	ACKSEQ		{ $$ = TCPHDR_ACKSEQ; }
- 			|	DOFF		{ $$ = TCPHDR_DOFF; }
- 			|	RESERVED	{ $$ = TCPHDR_RESERVED; }
--			|	FLAGS	close_scope_flags	{ $$ = TCPHDR_FLAGS; }
-+			|	FLAGS		{ $$ = TCPHDR_FLAGS; }
- 			|	WINDOW		{ $$ = TCPHDR_WINDOW; }
- 			|	CHECKSUM	{ $$ = TCPHDR_CHECKSUM; }
- 			|	URGPTR		{ $$ = TCPHDR_URGPTR; }
-@@ -5676,7 +5675,7 @@ sctp_chunk_type		:	DATA		{ $$ = SCTP_CHUNK_TYPE_DATA; }
- 			;
- 
- sctp_chunk_common_field	:	TYPE	close_scope_type	{ $$ = SCTP_CHUNK_COMMON_TYPE; }
--			|	FLAGS	close_scope_flags	{ $$ = SCTP_CHUNK_COMMON_FLAGS; }
-+			|	FLAGS	{ $$ = SCTP_CHUNK_COMMON_FLAGS; }
- 			|	LENGTH	{ $$ = SCTP_CHUNK_COMMON_LENGTH; }
- 			;
- 
-@@ -5844,7 +5843,7 @@ rt4_hdr_expr		:	RT4	rt4_hdr_field	close_scope_rt
- 			;
- 
- rt4_hdr_field		:	LAST_ENT	{ $$ = RT4HDR_LASTENT; }
--			|	FLAGS	close_scope_flags	{ $$ = RT4HDR_FLAGS; }
-+			|	FLAGS		{ $$ = RT4HDR_FLAGS; }
- 			|	TAG		{ $$ = RT4HDR_TAG; }
- 			|	SID		'['	NUM	']'
- 			{
-diff --git a/src/scanner.l b/src/scanner.l
-index 2154281e..7eb74020 100644
---- a/src/scanner.l
-+++ b/src/scanner.l
-@@ -201,7 +201,6 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- %s SCANSTATE_CT
- %s SCANSTATE_COUNTER
- %s SCANSTATE_ETH
--%s SCANSTATE_FLAGS
- %s SCANSTATE_ICMP
- %s SCANSTATE_IGMP
- %s SCANSTATE_IP
-@@ -339,7 +338,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- "jump"			{ return JUMP; }
- "goto"			{ return GOTO; }
- "return"		{ return RETURN; }
--<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_FLAGS,SCANSTATE_IP,SCANSTATE_IP6>"to"			{ return TO; } /* XXX: SCANSTATE_FLAGS and SCANSTATE_IP here are workarounds */
-+<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_IP,SCANSTATE_IP6>"to"			{ return TO; } /* XXX: SCANSTATE_IP is a workaround */
- 
- "inet"			{ return INET; }
- "netdev"		{ return NETDEV; }
-@@ -363,14 +362,9 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- "index"			{ return INDEX; }
- "comment"		{ return COMMENT; }
- 
--<SCANSTATE_FLAGS>{
--	"constant"		{ return CONSTANT; }
--	"dynamic"		{ return DYNAMIC; }
--
--	/* log flags */
--	"all"			{ return ALL; }
--}
-+"constant"		{ return CONSTANT; }
- "interval"		{ return INTERVAL; }
-+"dynamic"		{ return DYNAMIC; }
- "auto-merge"		{ return AUTOMERGE; }
- "timeout"		{ return TIMEOUT; }
- "gc-interval"		{ return GC_INTERVAL; }
-@@ -418,7 +412,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- }
- 
- "queue"			{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_QUEUE); return QUEUE;}
--<SCANSTATE_FLAGS,SCANSTATE_EXPR_QUEUE>{
-+<SCANSTATE_EXPR_QUEUE>{
- 	"num"		{ return QUEUENUM;}
- 	"bypass"	{ return BYPASS;}
- 	"fanout"	{ return FANOUT;}
-@@ -612,7 +606,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- <SCANSTATE_EXPR_COMP>{
- 	"cpi"			{ return CPI; }
- }
--"flags"			{ scanner_push_start_cond(yyscanner, SCANSTATE_FLAGS); return FLAGS; }
-+"flags"			{ return FLAGS; }
- 
- "udp"			{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_UDP); return UDP; }
- "udplite"		{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_UDPLITE); return UDPLITE; }
-@@ -781,6 +775,8 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
- 
- "notrack"		{ return NOTRACK; }
- 
-+"all"			{ return ALL; }
-+
- <SCANSTATE_CMD_EXPORT,SCANSTATE_CMD_IMPORT,SCANSTATE_CMD_MONITOR>{
- 	"xml"			{ return XML; }
- 	"json"			{ return JSON; }
-diff --git a/tests/shell/testcases/parsing/log b/tests/shell/testcases/parsing/log
-new file mode 100755
-index 00000000..0b89d589
---- /dev/null
-+++ b/tests/shell/testcases/parsing/log
-@@ -0,0 +1,10 @@
-+#!/bin/bash
-+
-+$NFT add table t || exit 1
-+$NFT add chain t c || exit 1
-+$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop' || exit 1
-+$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all level debug drop' || exit 1
-+$NFT delete table t || exit 1
-+
-+exit 0
-+
--- 
-cgit v1.2.3
-
diff --git a/net-firewall/nftables/nftables-1.0.2-r1.ebuild b/net-firewall/nftables/nftables-1.0.2-r1.ebuild
deleted file mode 100644
index a7337abb2897..000000000000
--- a/net-firewall/nftables/nftables-1.0.2-r1.ebuild
+++ /dev/null
@@ -1,191 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-DISTUTILS_OPTIONAL=1
-inherit autotools linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}/nftables-1.0.2-compilation.patch"
-	"${FILESDIR}/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch"
-	"${FILESDIR}/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch"
-)
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}
diff --git a/net-firewall/nftables/nftables-1.0.4-r2.ebuild b/net-firewall/nftables/nftables-1.0.4-r2.ebuild
deleted file mode 100644
index 394dfa382ae0..000000000000
--- a/net-firewall/nftables/nftables-1.0.4-r2.ebuild
+++ /dev/null
@@ -1,222 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python3_{8..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.2:0=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${PYTHON_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch"
-	)
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
-		if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
-			eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-			eerror "nft. This probably means that there is a regression introduced by v${PV}."
-			eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-
-			if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-				die "Aborting because of failed nft reload!"
-			fi
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}