xtables: Fix rules print/save after iptables update

xtables: Fix rules print/save after iptables update

Updating iptables from 1.4.x to 1.6.x brokes rules print/save output
and causes rules load after reboot to fail. Here is example from
iptables-save(8) output after update:

  -A CHAIN1 -m set [unsupported revision] -j DROP
  -A CHAIN1 -m set [unsupported revision] -j DROP

Similar output could be obtained via iptables -L CHAIN1. While issue
reproduced with xt_set match it is not specific to any match or
target module: it is related on how xtables handles revisions.

In this particular case we have following situation:

  1) Kernel supports revisions from 1 to 4.

  2) Rules configured with iptables 1.4.x supporting only
     revisions from 1 to 3. Choosen highest possible revision 3.

  3) Rules printed/saved with iptables 1.6.x supporting revisions
     from 1 to 4.

  4) Xtables registers matches/targets with highest supported
     revision by the kernel. This is 4 in our case after update to
     iptables 1.6.x.

  5) When printing/saving kernel submits match/target with revision
     it is configured (3), while iptables thinks that rules configured
     with highest supported (4). That's causes revision mismatch in
     during print and "[unsupported revision]" output.

To fix this issue we now store all supported by kernel and xtables
revisions in xt_matches/xt_targets list sorted in descending order.

Introduce helper routines to find match/target with given revision
and use them to find right revision to print submitted by kernel
entry.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>