treewide: update nftables to 0.3 with patches This update nftables to 0.3. The bigger-buffer patch is no longer needed, because it turns out that it is possible to increase the buffer size using nftables.WithSockOptions, which k8s-nft-npc now does. I added two new patches which implement features which we need for k8s-nft-npc. I made upstream PRs for these which are still pending review. Change-Id: Iefbf850147a4c6dfd110e356fb43e822f436e843 Reviewed-on: https://review.monogon.dev/c/monogon/+/3994 Reviewed-by: Lorenz Brun <lorenz@monogon.tech> Tested-by: Jenkins CI

commit: ec03df42d643603d0a8d92b0db1cc4a4a865651e [log] [tgz]
author: Jan Schär <jan@monogon.tech> Thu Feb 27 14:30:45 2025 +0100
committer: Jan Schär <jan@monogon.tech> Thu Feb 27 15:16:44 2025 +0000
tree: cc8292ee06d10ff186ef26e8b36730cb14a500e0
parent: 6e2839e982bf86f7a7a9b14f10d6d3c39c070fa0 [diff] [blame]
diff --git a/build/bazel/go.MODULE.bazel b/build/bazel/go.MODULE.bazel
index 4f9ef10..a723144 100644
--- a/build/bazel/go.MODULE.bazel
+++ b/build/bazel/go.MODULE.bazel

@@ -327,8 +327,9 @@
     },
     "github.com/google/nftables": {
         "pre_patches": [
-            "//third_party/com_github_google_nftables:nftables-bigger-buffers.patch",
             "//third_party/com_github_google_nftables:nftables-dynamic-exprs.patch",
+            "//third_party/com_github_google_nftables:nftables-rule-handle.patch",
+            "//third_party/com_github_google_nftables:nftables-element-batching.patch",
         ],
     },
     "k8s.io/kubectl": {
commit	ec03df42d643603d0a8d92b0db1cc4a4a865651e	[log] [tgz]
author	Jan Schär <jan@monogon.tech>	Thu Feb 27 14:30:45 2025 +0100
committer	Jan Schär <jan@monogon.tech>	Thu Feb 27 15:16:44 2025 +0000
tree	cc8292ee06d10ff186ef26e8b36730cb14a500e0
parent	6e2839e982bf86f7a7a9b14f10d6d3c39c070fa0 [diff] [blame]