conntrack-tools-1.4.8-3
- Backport fixes from upstream Resolves: RHEL-66056
This commit is contained in:
parent
2535f18583
commit
71462585ba
@ -0,0 +1,39 @@
|
||||
From 580de3da8866cf647afb877f8109613c00286408 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Brunner <s.brunner@stephan-brunner.net>
|
||||
Date: Mon, 15 Jul 2024 16:13:42 +0200
|
||||
Subject: [PATCH] conntrack: tcp: fix parsing of tuple-port-src and
|
||||
tuple-port-dst
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
As seen in the parsing code above, L4PROTO should be set to IPPROTO_TCP, not the port number itself.
|
||||
|
||||
Fixes: 40efc1ebb15b ("conntrack: cleanup command line tool protocol extensions")
|
||||
Co-Developed-by: Reinhard Nißl <reinhard.nissl@fee.de>
|
||||
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
|
||||
(cherry picked from commit 8a251ddc8c9da5b04e95eaba23cde6ab6576b7ca)
|
||||
---
|
||||
extensions/libct_proto_tcp.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
|
||||
index 27f583379d325..4681693598ae8 100644
|
||||
--- a/extensions/libct_proto_tcp.c
|
||||
+++ b/extensions/libct_proto_tcp.c
|
||||
@@ -165,13 +165,13 @@ static int parse_options(char c,
|
||||
case '8':
|
||||
port = htons(atoi(optarg));
|
||||
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_SRC, port);
|
||||
- nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
|
||||
+ nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
|
||||
*flags |= CT_TCP_EXPTUPLE_SPORT;
|
||||
break;
|
||||
case '9':
|
||||
port = htons(atoi(optarg));
|
||||
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_DST, port);
|
||||
- nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
|
||||
+ nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
|
||||
*flags |= CT_TCP_EXPTUPLE_DPORT;
|
||||
break;
|
||||
}
|
@ -0,0 +1,46 @@
|
||||
From 22d290c9122a6b78db0ef3b6d1b29e3560dd615d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ahelenia=20Ziemia=C5=84ska?=
|
||||
<nabijaczleweli@nabijaczleweli.xyz>
|
||||
Date: Tue, 3 Sep 2024 04:16:21 +0200
|
||||
Subject: [PATCH] conntrack: -L doesn't take a value, so don't discard one
|
||||
(same for -IUDGEFA)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The manual says
|
||||
COMMANDS
|
||||
These options specify the particular operation to perform.
|
||||
Only one of them can be specified at any given time.
|
||||
|
||||
-L --dump
|
||||
List connection tracking or expectation table
|
||||
|
||||
So, naturally, "conntrack -Lo extended" should work,
|
||||
but it doesn't, it's equivalent to "conntrack -L",
|
||||
and you need "conntrack -L -o extended".
|
||||
This violates user expectations (borne of the Utility Syntax Guidelines)
|
||||
and contradicts the manual.
|
||||
|
||||
optarg is unused, anyway. Unclear why any of these were :: at all?
|
||||
|
||||
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 33f030f7d4e64d3ee20f76330c50e02e9c92932c)
|
||||
---
|
||||
src/conntrack.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index 0d713520b9020..9fa49869b5534 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -337,7 +337,7 @@ static struct option original_opts[] = {
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
-static const char *getopt_str = ":L::I::U::D::G::E::F::A::hVs:d:r:q:"
|
||||
+static const char *getopt_str = ":LIUDGEFAhVs:d:r:q:"
|
||||
"p:t:u:e:a:z[:]:{:}:m:i:f:o:n::"
|
||||
"g::c:b:C::Sj::w:l:<:>::(:):";
|
||||
|
74
0009-tests-conntrack-missing-space-before-option.patch
Normal file
74
0009-tests-conntrack-missing-space-before-option.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From c553627f6ae3b4ad3166e9a79e6eea8979d4972a Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Tue, 1 Oct 2024 14:22:34 +0200
|
||||
Subject: [PATCH] tests: conntrack: missing space before option
|
||||
|
||||
Recent updates make the conntrack parser slightly more robust. A few
|
||||
test lines include:
|
||||
|
||||
... -w 11-s 2001:DB8::1.1.1.1 ...
|
||||
|
||||
where space is missing. These are typos rather than valid input.
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 3d79708c99d95bfaaad70c7b1efe5c36e85196f4)
|
||||
---
|
||||
tests/conntrack/testsuite/09dumpopt | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tests/conntrack/testsuite/09dumpopt b/tests/conntrack/testsuite/09dumpopt
|
||||
index c1e0e6ed376d5..9dcd51f816384 100644
|
||||
--- a/tests/conntrack/testsuite/09dumpopt
|
||||
+++ b/tests/conntrack/testsuite/09dumpopt
|
||||
@@ -25,7 +25,7 @@
|
||||
# delete reverse
|
||||
-D -w 11 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
|
||||
# delete v6 conntrack
|
||||
--D -w 11-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
+-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
# delete icmp ping request entry
|
||||
-D -w 11 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
|
||||
# delete old entries
|
||||
@@ -33,7 +33,7 @@
|
||||
# delete reverse
|
||||
-D -w 10 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
|
||||
# delete v6 conntrack
|
||||
--D -w 10-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
+-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
# delete icmp ping request entry
|
||||
-D -w 10 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
|
||||
#
|
||||
@@ -64,7 +64,7 @@
|
||||
# delete reverse
|
||||
-D -w 11 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
|
||||
# delete v6 conntrack
|
||||
--D -w 11-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
+-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
|
||||
# delete icmp ping request entry
|
||||
-D -w 11 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
|
||||
# delete old entries
|
||||
@@ -72,7 +72,7 @@
|
||||
# delete reverse
|
||||
-D -w 10 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; BAD
|
||||
# delete v6 conntrack
|
||||
--D -w 10-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
|
||||
+-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
|
||||
# delete icmp ping request entry
|
||||
-D -w 10 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; BAD
|
||||
#
|
||||
@@ -161,13 +161,13 @@
|
||||
# IGMP
|
||||
-D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 2 ; OK
|
||||
# Some fency protocol
|
||||
--D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
|
||||
+-D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
|
||||
# Some fency protocol with IPv6
|
||||
-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p 200 ; OK
|
||||
# Delete stuff in zone 11, should succeed
|
||||
# IGMP
|
||||
-D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 2 ; OK
|
||||
# Some fency protocol
|
||||
--D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
|
||||
+-D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
|
||||
# Some fency protocol with IPv6
|
||||
-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p 200 ; OK
|
80
0010-conntrack-improve-secmark-id-zone-parser.patch
Normal file
80
0010-conntrack-improve-secmark-id-zone-parser.patch
Normal file
@ -0,0 +1,80 @@
|
||||
From c8ec76ff8f57854cc30fcaad7df890e6127fba71 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Tue, 1 Oct 2024 13:46:18 +0200
|
||||
Subject: [PATCH] conntrack: improve --secmark,--id,--zone parser
|
||||
|
||||
strtoul() is called with no error checking at all, add a helper
|
||||
function to validate input is correct for values less than
|
||||
UINT32_MAX.
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit bd20d768ce9a1433182ac523ab2b6c18bb9a1649)
|
||||
---
|
||||
src/conntrack.c | 35 +++++++++++++++++++++++++++++------
|
||||
1 file changed, 29 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index 9fa49869b5534..18829dbf79bce 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -1213,6 +1213,26 @@ parse_parameter_mask(const char *arg, unsigned int *status, unsigned int *mask,
|
||||
exit_error(PARAMETER_PROBLEM, "Bad parameter `%s'", arg);
|
||||
}
|
||||
|
||||
+static int parse_value(const char *str, uint32_t *ret, uint64_t max)
|
||||
+{
|
||||
+ char *endptr;
|
||||
+ uint64_t val;
|
||||
+
|
||||
+ assert(max <= UINT32_MAX);
|
||||
+
|
||||
+ errno = 0;
|
||||
+ val = strtoul(str, &endptr, 0);
|
||||
+ if (endptr == str ||
|
||||
+ *endptr != '\0' ||
|
||||
+ (val == ULONG_MAX && errno == ERANGE) ||
|
||||
+ val > max)
|
||||
+ return -1;
|
||||
+
|
||||
+ *ret = val;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static void
|
||||
parse_u32_mask(const char *arg, struct u32_mask *m)
|
||||
{
|
||||
@@ -2918,6 +2938,7 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
|
||||
struct ct_tmpl *tmpl;
|
||||
int res = 0, partial;
|
||||
union ct_address ad;
|
||||
+ uint32_t value;
|
||||
int c, cmd;
|
||||
|
||||
/* we release these objects in the exit_error() path. */
|
||||
@@ -3078,17 +3099,19 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
|
||||
case 'w':
|
||||
case '(':
|
||||
case ')':
|
||||
+ if (parse_value(optarg, &value, UINT16_MAX) < 0)
|
||||
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
|
||||
+
|
||||
options |= opt2type[c];
|
||||
- nfct_set_attr_u16(tmpl->ct,
|
||||
- opt2attr[c],
|
||||
- strtoul(optarg, NULL, 0));
|
||||
+ nfct_set_attr_u16(tmpl->ct, opt2attr[c], value);
|
||||
break;
|
||||
case 'i':
|
||||
case 'c':
|
||||
+ if (parse_value(optarg, &value, UINT32_MAX) < 0)
|
||||
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
|
||||
+
|
||||
options |= opt2type[c];
|
||||
- nfct_set_attr_u32(tmpl->ct,
|
||||
- opt2attr[c],
|
||||
- strtoul(optarg, NULL, 0));
|
||||
+ nfct_set_attr_u32(tmpl->ct, opt2attr[c], value);
|
||||
break;
|
||||
case 'm':
|
||||
options |= opt2type[c];
|
71
0011-conntrack-improve-mark-parser.patch
Normal file
71
0011-conntrack-improve-mark-parser.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From 7541be6e37e1b9db4f88852258a8d0d2cefb4a77 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Sat, 12 Oct 2024 17:26:40 +0200
|
||||
Subject: [PATCH] conntrack: improve --mark parser
|
||||
|
||||
Enhance helper function to parse mark and mask (if available), bail out
|
||||
if input is not correct.
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 401d91326bc9c3a5bab2fd319acdc844f511bb7e)
|
||||
---
|
||||
src/conntrack.c | 34 +++++++++++++++++++++++++++-------
|
||||
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index 18829dbf79bce..a51a3ef82fcfc 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -1233,17 +1233,35 @@ static int parse_value(const char *str, uint32_t *ret, uint64_t max)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
parse_u32_mask(const char *arg, struct u32_mask *m)
|
||||
{
|
||||
- char *end;
|
||||
+ uint64_t val, mask;
|
||||
+ char *endptr;
|
||||
+
|
||||
+ val = strtoul(arg, &endptr, 0);
|
||||
+ if (endptr == arg ||
|
||||
+ (*endptr != '\0' && *endptr != '/') ||
|
||||
+ (val == ULONG_MAX && errno == ERANGE) ||
|
||||
+ val > UINT32_MAX)
|
||||
+ return -1;
|
||||
|
||||
- m->value = (uint32_t) strtoul(arg, &end, 0);
|
||||
+ m->value = val;
|
||||
|
||||
- if (*end == '/')
|
||||
- m->mask = (uint32_t) strtoul(end+1, NULL, 0);
|
||||
- else
|
||||
+ if (*endptr == '/') {
|
||||
+ mask = strtoul(endptr + 1, &endptr, 0);
|
||||
+ if (endptr == arg ||
|
||||
+ *endptr != '\0' ||
|
||||
+ (val == ULONG_MAX && errno == ERANGE) ||
|
||||
+ val > UINT32_MAX)
|
||||
+ return -1;
|
||||
+
|
||||
+ m->mask = mask;
|
||||
+ } else {
|
||||
m->mask = ~0;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -3115,7 +3133,9 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
|
||||
break;
|
||||
case 'm':
|
||||
options |= opt2type[c];
|
||||
- parse_u32_mask(optarg, &tmpl->mark);
|
||||
+ if (parse_u32_mask(optarg, &tmpl->mark) < 0)
|
||||
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
|
||||
+
|
||||
tmpl->filter_mark_kernel.val = tmpl->mark.value;
|
||||
tmpl->filter_mark_kernel.mask = tmpl->mark.mask;
|
||||
tmpl->filter_mark_kernel_set = true;
|
30
0012-conntrack-Fix-for-ENOENT-in-mnl_nfct_delete_cb.patch
Normal file
30
0012-conntrack-Fix-for-ENOENT-in-mnl_nfct_delete_cb.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 949818d6444f1692562b29bc0fb8d4d98d435276 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Tue, 5 Nov 2024 22:27:34 +0100
|
||||
Subject: [PATCH] conntrack: Fix for ENOENT in mnl_nfct_delete_cb()
|
||||
|
||||
Align behaviour with that of mnl_nfct_update_cb(): Just free the
|
||||
nf_conntrack object and return. Do not increment counter variable, and
|
||||
certainly do not try to print an uninitialized buffer.
|
||||
|
||||
Fixes: a7abf3f5dc7c4 ("conntrack: skip ENOENT when -U/-D finds a stale conntrack entry")
|
||||
Reviewed-by: Florian Westphal <fw@strlen.de>
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 4220bd83187b6deac7a93d6775aa5e4423b8e2e5)
|
||||
---
|
||||
src/conntrack.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index a51a3ef82fcfc..52ba4ac5e44f7 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -2030,7 +2030,7 @@ static int mnl_nfct_delete_cb(const struct nlmsghdr *nlh, void *data)
|
||||
if (res < 0) {
|
||||
/* the entry has vanish in middle of the delete */
|
||||
if (errno == ENOENT)
|
||||
- goto done;
|
||||
+ goto destroy_ok;
|
||||
exit_error(OTHER_PROBLEM,
|
||||
"Operation failed: %s",
|
||||
err2str(errno, CT_DELETE));
|
233
0013-src-Eliminate-warnings-with-Wcalloc-transposed-args.patch
Normal file
233
0013-src-Eliminate-warnings-with-Wcalloc-transposed-args.patch
Normal file
@ -0,0 +1,233 @@
|
||||
From 8728a932fb59b9b83e7c10daa1be9791fd7a5527 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Tue, 5 Nov 2024 22:51:58 +0100
|
||||
Subject: [PATCH] src: Eliminate warnings with -Wcalloc-transposed-args
|
||||
|
||||
calloc() expects the number of elements in the first parameter, not the
|
||||
second. Swap them and while at it drop one pointless cast (the function
|
||||
returns a void pointer anyway).
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
Acked-by: Florian Westphal <fw@strlen.de>
|
||||
(cherry picked from commit 7ab577898f83105e3aa38ac96f3ac70c91ecb2ac)
|
||||
---
|
||||
src/channel.c | 4 ++--
|
||||
src/channel_mcast.c | 2 +-
|
||||
src/channel_tcp.c | 2 +-
|
||||
src/channel_udp.c | 2 +-
|
||||
src/fds.c | 4 ++--
|
||||
src/filter.c | 2 +-
|
||||
src/multichannel.c | 2 +-
|
||||
src/origin.c | 2 +-
|
||||
src/process.c | 2 +-
|
||||
src/queue.c | 2 +-
|
||||
src/tcp.c | 4 ++--
|
||||
src/udp.c | 4 ++--
|
||||
src/vector.c | 2 +-
|
||||
13 files changed, 17 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/src/channel.c b/src/channel.c
|
||||
index acbfa7da5ebe6..0b89391e46fc1 100644
|
||||
--- a/src/channel.c
|
||||
+++ b/src/channel.c
|
||||
@@ -56,7 +56,7 @@ channel_buffer_open(int mtu, int headersiz)
|
||||
{
|
||||
struct channel_buffer *b;
|
||||
|
||||
- b = calloc(sizeof(struct channel_buffer), 1);
|
||||
+ b = calloc(1, sizeof(struct channel_buffer));
|
||||
if (b == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -94,7 +94,7 @@ channel_open(struct channel_conf *cfg)
|
||||
if (cfg->channel_flags >= CHANNEL_F_MAX)
|
||||
return NULL;
|
||||
|
||||
- c = calloc(sizeof(struct channel), 1);
|
||||
+ c = calloc(1, sizeof(struct channel));
|
||||
if (c == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/channel_mcast.c b/src/channel_mcast.c
|
||||
index 35801d71d48ac..9c9dc62aaf48d 100644
|
||||
--- a/src/channel_mcast.c
|
||||
+++ b/src/channel_mcast.c
|
||||
@@ -19,7 +19,7 @@ static void
|
||||
struct mcast_channel *m;
|
||||
struct mcast_conf *c = conf;
|
||||
|
||||
- m = calloc(sizeof(struct mcast_channel), 1);
|
||||
+ m = calloc(1, sizeof(struct mcast_channel));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/channel_tcp.c b/src/channel_tcp.c
|
||||
index a84603cec0509..173c47ac1d732 100644
|
||||
--- a/src/channel_tcp.c
|
||||
+++ b/src/channel_tcp.c
|
||||
@@ -21,7 +21,7 @@ static void
|
||||
struct tcp_channel *m;
|
||||
struct tcp_conf *c = conf;
|
||||
|
||||
- m = calloc(sizeof(struct tcp_channel), 1);
|
||||
+ m = calloc(1, sizeof(struct tcp_channel));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/channel_udp.c b/src/channel_udp.c
|
||||
index a46a2b1c89296..3b3d754552904 100644
|
||||
--- a/src/channel_udp.c
|
||||
+++ b/src/channel_udp.c
|
||||
@@ -19,7 +19,7 @@ static void
|
||||
struct udp_channel *m;
|
||||
struct udp_conf *c = conf;
|
||||
|
||||
- m = calloc(sizeof(struct udp_channel), 1);
|
||||
+ m = calloc(1, sizeof(struct udp_channel));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/fds.c b/src/fds.c
|
||||
index 0b95437da44ff..d2c8b59615efb 100644
|
||||
--- a/src/fds.c
|
||||
+++ b/src/fds.c
|
||||
@@ -30,7 +30,7 @@ struct fds *create_fds(void)
|
||||
{
|
||||
struct fds *fds;
|
||||
|
||||
- fds = (struct fds *) calloc(sizeof(struct fds), 1);
|
||||
+ fds = calloc(1, sizeof(struct fds));
|
||||
if (fds == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -60,7 +60,7 @@ int register_fd(int fd, void (*cb)(void *data), void *data, struct fds *fds)
|
||||
if (fd > fds->maxfd)
|
||||
fds->maxfd = fd;
|
||||
|
||||
- item = calloc(sizeof(struct fds_item), 1);
|
||||
+ item = calloc(1, sizeof(struct fds_item));
|
||||
if (item == NULL)
|
||||
return -1;
|
||||
|
||||
diff --git a/src/filter.c b/src/filter.c
|
||||
index ee316e7a3ca84..e863ea98c150b 100644
|
||||
--- a/src/filter.c
|
||||
+++ b/src/filter.c
|
||||
@@ -77,7 +77,7 @@ struct ct_filter *ct_filter_create(void)
|
||||
int i;
|
||||
struct ct_filter *filter;
|
||||
|
||||
- filter = calloc(sizeof(struct ct_filter), 1);
|
||||
+ filter = calloc(1, sizeof(struct ct_filter));
|
||||
if (!filter)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/multichannel.c b/src/multichannel.c
|
||||
index 952b5674585f0..25a9908ecc898 100644
|
||||
--- a/src/multichannel.c
|
||||
+++ b/src/multichannel.c
|
||||
@@ -21,7 +21,7 @@ multichannel_open(struct channel_conf *conf, int len)
|
||||
if (len <= 0 || len > MULTICHANNEL_MAX)
|
||||
return NULL;
|
||||
|
||||
- m = calloc(sizeof(struct multichannel), 1);
|
||||
+ m = calloc(1, sizeof(struct multichannel));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/origin.c b/src/origin.c
|
||||
index 3c65f3da3f3e9..e44ffa050e354 100644
|
||||
--- a/src/origin.c
|
||||
+++ b/src/origin.c
|
||||
@@ -31,7 +31,7 @@ int origin_register(struct nfct_handle *h, int origin_type)
|
||||
{
|
||||
struct origin *nlp;
|
||||
|
||||
- nlp = calloc(sizeof(struct origin), 1);
|
||||
+ nlp = calloc(1, sizeof(struct origin));
|
||||
if (nlp == NULL)
|
||||
return -1;
|
||||
|
||||
diff --git a/src/process.c b/src/process.c
|
||||
index 08598eeae84de..47f14da272493 100644
|
||||
--- a/src/process.c
|
||||
+++ b/src/process.c
|
||||
@@ -37,7 +37,7 @@ int fork_process_new(int type, int flags, void (*cb)(void *data), void *data)
|
||||
}
|
||||
}
|
||||
}
|
||||
- c = calloc(sizeof(struct child_process), 1);
|
||||
+ c = calloc(1, sizeof(struct child_process));
|
||||
if (c == NULL)
|
||||
return -1;
|
||||
|
||||
diff --git a/src/queue.c b/src/queue.c
|
||||
index e94dc7c45d1fd..cab754bd482c1 100644
|
||||
--- a/src/queue.c
|
||||
+++ b/src/queue.c
|
||||
@@ -33,7 +33,7 @@ queue_create(const char *name, int max_objects, unsigned int flags)
|
||||
{
|
||||
struct queue *b;
|
||||
|
||||
- b = calloc(sizeof(struct queue), 1);
|
||||
+ b = calloc(1, sizeof(struct queue));
|
||||
if (b == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/tcp.c b/src/tcp.c
|
||||
index 91fe524542013..dca0e09a3dff1 100644
|
||||
--- a/src/tcp.c
|
||||
+++ b/src/tcp.c
|
||||
@@ -31,7 +31,7 @@ struct tcp_sock *tcp_server_create(struct tcp_conf *c)
|
||||
struct tcp_sock *m;
|
||||
socklen_t socklen = sizeof(int);
|
||||
|
||||
- m = calloc(sizeof(struct tcp_sock), 1);
|
||||
+ m = calloc(1, sizeof(struct tcp_sock));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -209,7 +209,7 @@ struct tcp_sock *tcp_client_create(struct tcp_conf *c)
|
||||
{
|
||||
struct tcp_sock *m;
|
||||
|
||||
- m = calloc(sizeof(struct tcp_sock), 1);
|
||||
+ m = calloc(1, sizeof(struct tcp_sock));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/udp.c b/src/udp.c
|
||||
index d0a7f5b546e6b..6102328c649f2 100644
|
||||
--- a/src/udp.c
|
||||
+++ b/src/udp.c
|
||||
@@ -25,7 +25,7 @@ struct udp_sock *udp_server_create(struct udp_conf *conf)
|
||||
struct udp_sock *m;
|
||||
socklen_t socklen = sizeof(int);
|
||||
|
||||
- m = calloc(sizeof(struct udp_sock), 1);
|
||||
+ m = calloc(1, sizeof(struct udp_sock));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -97,7 +97,7 @@ struct udp_sock *udp_client_create(struct udp_conf *conf)
|
||||
struct udp_sock *m;
|
||||
socklen_t socklen = sizeof(int);
|
||||
|
||||
- m = calloc(sizeof(struct udp_sock), 1);
|
||||
+ m = calloc(1, sizeof(struct udp_sock));
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
|
||||
diff --git a/src/vector.c b/src/vector.c
|
||||
index 92a54367d108a..29e8fbe4fdb52 100644
|
||||
--- a/src/vector.c
|
||||
+++ b/src/vector.c
|
||||
@@ -35,7 +35,7 @@ struct vector *vector_create(size_t size)
|
||||
{
|
||||
struct vector *v;
|
||||
|
||||
- v = calloc(sizeof(struct vector), 1);
|
||||
+ v = calloc(1, sizeof(struct vector));
|
||||
if (v == NULL)
|
||||
return NULL;
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: conntrack-tools
|
||||
Version: 1.4.8
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Manipulate netfilter connection tracking table and run High Availability
|
||||
License: GPL-2.0-only
|
||||
URL: http://conntrack-tools.netfilter.org/
|
||||
@ -9,12 +9,20 @@ Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.t
|
||||
Source2: NetfilterCoreTeam-OpenGPG-KEY.txt
|
||||
Source3: conntrackd.service
|
||||
Source4: conntrackd.conf
|
||||
Patch001: 0001-conntrack-ct-label-update-requires-proper-ruleset.patch
|
||||
Patch002: 0002-conntrack-don-t-print-USERSPACE-information-in-case-.patch
|
||||
Patch003: 0003-conntrackd-prevent-memory-loss-if-reallocation-fails.patch
|
||||
Patch004: 0004-conntrackd-exit-with-failure-status.patch
|
||||
Patch005: 0005-conntrackd-Fix-signal-handler-race-condition.patch
|
||||
Patch006: 0006-conntrackd-helpers-rpc-Don-t-add-expectation-table-e.patch
|
||||
|
||||
Patch0001: 0001-conntrack-ct-label-update-requires-proper-ruleset.patch
|
||||
Patch0002: 0002-conntrack-don-t-print-USERSPACE-information-in-case-.patch
|
||||
Patch0003: 0003-conntrackd-prevent-memory-loss-if-reallocation-fails.patch
|
||||
Patch0004: 0004-conntrackd-exit-with-failure-status.patch
|
||||
Patch0005: 0005-conntrackd-Fix-signal-handler-race-condition.patch
|
||||
Patch0006: 0006-conntrackd-helpers-rpc-Don-t-add-expectation-table-e.patch
|
||||
Patch0007: 0007-conntrack-tcp-fix-parsing-of-tuple-port-src-and-tupl.patch
|
||||
Patch0008: 0008-conntrack-L-doesn-t-take-a-value-so-don-t-discard-on.patch
|
||||
Patch0009: 0009-tests-conntrack-missing-space-before-option.patch
|
||||
Patch0010: 0010-conntrack-improve-secmark-id-zone-parser.patch
|
||||
Patch0011: 0011-conntrack-improve-mark-parser.patch
|
||||
Patch0012: 0012-conntrack-Fix-for-ENOENT-in-mnl_nfct_delete_cb.patch
|
||||
Patch0013: 0013-src-Eliminate-warnings-with-Wcalloc-transposed-args.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -96,6 +104,9 @@ install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/conntrackd/
|
||||
%systemd_postun conntrackd.service
|
||||
|
||||
%changelog
|
||||
* Fri Nov 15 2024 Phil Sutter <psutter@redhat.com> - 1.4.8-3
|
||||
- Backport fixes from upstream
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.4.8-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
Loading…
Reference in New Issue
Block a user