SOURCES/0001-Update-kernel-headers.patch

@@ -1,10 +1,10 @@
-From d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c Mon Sep 17 00:00:00 2001
-Message-Id: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
+From 6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b Mon Sep 17 00:00:00 2001
+Message-Id: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] Update kernel headers
 
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
 Upstream Status: iproute2-next.git commit 88786cd1
 
 commit 88786cd1a96a89427bc22061c7736eb2eac31121

SOURCES/0002-macvlan-Add-bclim-parameter.patch

@@ -1,12 +1,12 @@
-From 7d1444d9563575ec3346620f12788799080db8c5 Mon Sep 17 00:00:00 2001
-Message-Id: <7d1444d9563575ec3346620f12788799080db8c5.1683109787.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
+From 1638c2909a2911f981ee437dafde70e5e8d721f8 Mon Sep 17 00:00:00 2001
+Message-Id: <1638c2909a2911f981ee437dafde70e5e8d721f8.1683117490.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] macvlan: Add bclim parameter
 
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
 Upstream Status: iproute2-next.git commit e8a3fb47
 
 commit e8a3fb470b4e96aa35a2731c7cc175b946c0a62d

SOURCES/0003-mptcp-add-support-for-implicit-flag.patch

@@ -1,69 +0,0 @@
-From ad96352bfdc2865237beca32fd7d50cfef3e75c7 Mon Sep 17 00:00:00 2001
-From: Wen Liang <wenliang@redhat.com>
-Date: Thu, 1 Jun 2023 10:33:46 -0400
-Subject: [PATCH] mptcp: add support for implicit flag
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2109135
-Upstream Status: iproute2-next.git commit 3a2535a4
-
-commit 3a2535a41854d481c1a052e267d1fe5d83f9493c
-Author: Andrea Claudi <aclaudi@redhat.com>
-Date:   Tue May 16 11:48:04 2023 +0200
-
-    mptcp: add support for implicit flag
-
-    Kernel supports implicit flag since commit d045b9eb95a9 ("mptcp:
-    introduce implicit endpoints"), included in v5.18.
-
-    Let's add support for displaying it to iproute2.
-
-    Before this change:
-    $ ip mptcp endpoint show
-    10.0.2.2 id 1 rawflags 10
-
-    After this change:
-    $ ip mptcp endpoint show
-    10.0.2.2 id 1 implicit
-
-    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
-    Signed-off-by: David Ahern <dsahern@kernel.org>
----
- ip/ipmptcp.c        | 1 +
- man/man8/ip-mptcp.8 | 9 +++++++++
- 2 files changed, 10 insertions(+)
-
-diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c
-index beba7a41..9847f95b 100644
---- a/ip/ipmptcp.c
-+++ b/ip/ipmptcp.c
-@@ -58,6 +58,7 @@ static const struct {
- 	{ "subflow",		MPTCP_PM_ADDR_FLAG_SUBFLOW },
- 	{ "backup",		MPTCP_PM_ADDR_FLAG_BACKUP },
- 	{ "fullmesh",		MPTCP_PM_ADDR_FLAG_FULLMESH },
-+	{ "implicit",		MPTCP_PM_ADDR_FLAG_IMPLICIT },
- 	{ "nobackup",		MPTCP_PM_ADDR_FLAG_NONE },
- 	{ "nofullmesh",		MPTCP_PM_ADDR_FLAG_NONE }
- };
-diff --git a/man/man8/ip-mptcp.8 b/man/man8/ip-mptcp.8
-index 72762f49..b427065c 100644
---- a/man/man8/ip-mptcp.8
-+++ b/man/man8/ip-mptcp.8
-@@ -176,6 +176,15 @@ endpoint. When the peer does announce addresses, each received ADD_ADDR
- sub-option will trigger creation of an additional subflow to generate a
- full mesh topology.
- 
-+.TP
-+.BR implicit
-+In some scenarios, an MPTCP
-+.BR subflow
-+can use a local address mapped by a implicit endpoint created by the
-+in-kernel path manager. Once set, the implicit flag cannot be removed, but
-+other flags can be added to the endpoint. Implicit endpoints cannot be
-+created from user-space.
-+
- .sp
- .PP
- The
--- 
-2.38.1
-

SOURCES/0003-tc-add-missing-separator.patch

@@ -1,12 +1,12 @@
-From 8bc9a4f3855d28ae718f14875dd78d49d53c4349 Mon Sep 17 00:00:00 2001
-Message-Id: <8bc9a4f3855d28ae718f14875dd78d49d53c4349.1686076455.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
+From 4c2e1768c0d446345796dc058d1e114147a1029a Mon Sep 17 00:00:00 2001
+Message-Id: <4c2e1768c0d446345796dc058d1e114147a1029a.1686090191.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
-Date: Tue, 6 Jun 2023 20:08:25 +0200
+Date: Wed, 7 Jun 2023 00:15:59 +0200
 Subject: [PATCH] tc: add missing separator
 
-Jira: https://issues.redhat.com/browse/RHEL-586
+Jira: https://issues.redhat.com/browse/RHEL-487
 Upstream Status: iproute2-next.git commit 4e0e56e0
 
 commit 4e0e56e0ef05387f7f5d8ab41fe6ec6a1897b26d

SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch

@@ -0,0 +1,55 @@
+From dcff6d4c73cd9c33b4103a4505ecebe6852f63df Mon Sep 17 00:00:00 2001
+Message-ID: <dcff6d4c73cd9c33b4103a4505ecebe6852f63df.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ss: make is_selinux_enabled stub work like in SELinux
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit c8970828
+
+commit c8970828b6509af3ab0f2982da335fb6a6c846af
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:29:59 2023 +0200
+
+    ss: make is_selinux_enabled stub work like in SELinux
+
+    From the is_selinux_enabled() manpage:
+
+    is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not.
+
+    This makes the is_selinux_enabled() stub functions works exactly like
+    the SELinux function it is supposed to replace.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ misc/ss.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index de02fccb..d2dffbf8 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -77,7 +77,7 @@
+ /* Stubs for SELinux functions */
+ static int is_selinux_enabled(void)
+ {
+-	return -1;
++	return 0;
+ }
+ 
+ static int getpidcon(pid_t pid, char **context)
+@@ -5684,7 +5684,7 @@ int main(int argc, char *argv[])
+ 			show_sock_ctx++;
+ 			/* fall through */
+ 		case 'Z':
+-			if (is_selinux_enabled() <= 0) {
++			if (!is_selinux_enabled()) {
+ 				fprintf(stderr, "ss: SELinux is not enabled.\n");
+ 				exit(1);
+ 			}
+-- 
+2.41.0
+

SOURCES/0004-u32-fix-TC_U32_TERMINAL-printing.patch

@@ -1,65 +0,0 @@
-From 80e59389e93bf3f45204a38536f3f228adf153c7 Mon Sep 17 00:00:00 2001
-Message-Id: <80e59389e93bf3f45204a38536f3f228adf153c7.1686076455.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-From: Andrea Claudi <aclaudi@redhat.com>
-Date: Tue, 6 Jun 2023 20:05:15 +0200
-Subject: [PATCH] u32: fix TC_U32_TERMINAL printing
-
-Jira: https://issues.redhat.com/browse/RHEL-337
-Upstream Status: iproute2-next.git commit 2854d69a
-
-commit 2854d69a99f6e38d0d2426bd641a56d7a85bc61b
-Author: Hangbin Liu <liuhangbin@gmail.com>
-Date:   Wed Mar 1 22:21:00 2023 +0800
-
-    u32: fix TC_U32_TERMINAL printing
-
-    We previously printed an asterisk if there was no 'sel' or
-    'TC_U32_TERMINAL' flag. However,
-     commit 1ff227545ce1 ("u32: fix json formatting of flowid")
-    changed the logic to print an asterisk only if there is a
-    'TC_U32_TERMINAL' flag. Therefore, we need to fix this
-    regression.
-
-    Before the fix, the tdc u32 test failed:
-
-    1..11
-    not ok 1 afa9 - Add u32 with source match
-            Could not match regex pattern. Verify command output:
-    filter protocol ip pref 1 u32 chain 0
-    filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
-    filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 *flowid 1:1 not_in_hw
-      match 7f000001/ffffffff at 12
-            action order 1: gact action pass
-             random type none pass val 0
-             index 1 ref 1 bind 1
-
-    After fix, the test passed:
-    1..11
-    ok 1 afa9 - Add u32 with source match
-
-    Fixes: 1ff227545ce1 ("u32: fix json formatting of flowid")
-    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-    Reviewed-by: Victor Nogueira <victor@mojatatu.com>
-    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
----
- tc/f_u32.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tc/f_u32.c b/tc/f_u32.c
-index bfe9e5f9..de2d0c9e 100644
---- a/tc/f_u32.c
-+++ b/tc/f_u32.c
-@@ -1273,7 +1273,7 @@ static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
- 	if (tb[TCA_U32_CLASSID]) {
- 		__u32 classid = rta_getattr_u32(tb[TCA_U32_CLASSID]);
- 		SPRINT_BUF(b1);
--		if (sel && (sel->flags & TC_U32_TERMINAL))
-+		if (!sel || !(sel->flags & TC_U32_TERMINAL))
- 			print_string(PRINT_FP, NULL, "*", NULL);
- 
- 		print_string(PRINT_ANY, "flowid", "flowid %s ",
--- 
-2.40.1
-

SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch

@@ -0,0 +1,52 @@
+From d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768 Mon Sep 17 00:00:00 2001
+Message-ID: <d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ss: make SELinux stub functions conformant to API definitions
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit 61c6882c
+
+commit 61c6882ce21c1247c06cd61783120be0a2e2019c
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:00 2023 +0200
+
+    ss: make SELinux stub functions conformant to API definitions
+
+    getfilecon() and security_get_initial_context() use the const qualifier
+    for their first paramater in SELinux APIs.
+
+    This commit adds the const qualifier to these functions, making them
+    conformant to API definitions.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ misc/ss.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index d2dffbf8..fe19f489 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -86,13 +86,13 @@ static int getpidcon(pid_t pid, char **context)
+ 	return -1;
+ }
+ 
+-static int getfilecon(char *path, char **context)
++static int getfilecon(const char *path, char **context)
+ {
+ 	*context = NULL;
+ 	return -1;
+ }
+ 
+-static int security_get_initial_context(char *name,  char **context)
++static int security_get_initial_context(const char *name,  char **context)
+ {
+ 	*context = NULL;
+ 	return -1;
+-- 
+2.41.0
+

SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch

@@ -0,0 +1,156 @@
+From 0e71f7774a764c0a19037b79b71d7146769082ac Mon Sep 17 00:00:00 2001
+Message-ID: <0e71f7774a764c0a19037b79b71d7146769082ac.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] lib: add SELinux include and stub functions
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit e246ebc3
+
+commit e246ebc3b7f1f438310ad6fd1d5976ba6ccf7a69
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:01 2023 +0200
+
+    lib: add SELinux include and stub functions
+
+    ss provides some selinux stub functions, useful when iproute2 is
+    compiled without selinux support.
+
+    Move them to lib/ so we can use them in other iproute2 tools.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ include/selinux.h |  9 +++++++++
+ lib/Makefile      |  4 ++++
+ lib/selinux.c     | 32 ++++++++++++++++++++++++++++++++
+ misc/ss.c         | 34 +---------------------------------
+ 4 files changed, 46 insertions(+), 33 deletions(-)
+ create mode 100644 include/selinux.h
+ create mode 100644 lib/selinux.c
+
+diff --git a/include/selinux.h b/include/selinux.h
+new file mode 100644
+index 00000000..499aa966
+--- /dev/null
++++ b/include/selinux.h
+@@ -0,0 +1,9 @@
++#if HAVE_SELINUX
++#include <selinux/selinux.h>
++#else
++int is_selinux_enabled(void);
++void freecon(char *context);
++int getpidcon(pid_t pid, char **context);
++int getfilecon(const char *path, char **context);
++int security_get_initial_context(const char *name,  char **context);
++#endif
+diff --git a/lib/Makefile b/lib/Makefile
+index ddedd37f..aa7bbd2e 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -13,6 +13,10 @@ UTILOBJ += bpf_libbpf.o
+ endif
+ endif
+ 
++ifneq ($(HAVE_SELINUX),y)
++UTILOBJ += selinux.o
++endif
++
+ NLOBJ=libgenl.o libnetlink.o
+ ifeq ($(HAVE_MNL),y)
+ NLOBJ += mnl_utils.o
+diff --git a/lib/selinux.c b/lib/selinux.c
+new file mode 100644
+index 00000000..4e6805fc
+--- /dev/null
++++ b/lib/selinux.c
+@@ -0,0 +1,32 @@
++#include <stdlib.h>
++#include <unistd.h>
++#include "selinux.h"
++
++/* Stubs for SELinux functions */
++int is_selinux_enabled(void)
++{
++	return 0;
++}
++
++void freecon(char *context)
++{
++	free(context);
++}
++
++int getpidcon(pid_t pid, char **context)
++{
++	*context = NULL;
++	return -1;
++}
++
++int getfilecon(const char *path, char **context)
++{
++	*context = NULL;
++	return -1;
++}
++
++int security_get_initial_context(const char *name,  char **context)
++{
++	*context = NULL;
++	return -1;
++}
+diff --git a/misc/ss.c b/misc/ss.c
+index fe19f489..6e18bf0c 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -33,6 +33,7 @@
+ #include "version.h"
+ #include "rt_names.h"
+ #include "cg_map.h"
++#include "selinux.h"
+ 
+ #include <linux/tcp.h>
+ #include <linux/unix_diag.h>
+@@ -71,39 +72,6 @@
+ #define BUF_CHUNKS_MAX 5	/* Maximum number of allocated buffer chunks */
+ #define LEN_ALIGN(x) (((x) + 1) & ~1)
+ 
+-#if HAVE_SELINUX
+-#include <selinux/selinux.h>
+-#else
+-/* Stubs for SELinux functions */
+-static int is_selinux_enabled(void)
+-{
+-	return 0;
+-}
+-
+-static int getpidcon(pid_t pid, char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static int getfilecon(const char *path, char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static int security_get_initial_context(const char *name,  char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static void freecon(char *context)
+-{
+-	free(context);
+-}
+-#endif
+-
+ int preferred_family = AF_UNSPEC;
+ static int show_options;
+ int show_details;
+-- 
+2.41.0
+

SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch

@@ -0,0 +1,81 @@
+From 6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2 Mon Sep 17 00:00:00 2001
+Message-ID: <6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ip vrf: make ipvrf_exec SELinux-aware
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit 0d0eeaa6
+
+commit 0d0eeaa6cb9218e57ce910fc3a8991b80da6393e
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:02 2023 +0200
+
+    ip vrf: make ipvrf_exec SELinux-aware
+
+    When using ip vrf and SELinux is enabled, make sure to set the exec file
+    context before calling cmd_exec.
+
+    This ensures that the command is executed with the right context,
+    falling back to the ifconfig_t context when needed.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ include/selinux.h | 1 +
+ ip/ipvrf.c        | 6 ++++++
+ lib/selinux.c     | 5 +++++
+ 3 files changed, 12 insertions(+)
+
+diff --git a/include/selinux.h b/include/selinux.h
+index 499aa966..592c7680 100644
+--- a/include/selinux.h
++++ b/include/selinux.h
+@@ -6,4 +6,5 @@ void freecon(char *context);
+ int getpidcon(pid_t pid, char **context);
+ int getfilecon(const char *path, char **context);
+ int security_get_initial_context(const char *name,  char **context);
++int setexecfilecon(const char *filename, const char *fallback_type);
+ #endif
+diff --git a/ip/ipvrf.c b/ip/ipvrf.c
+index 0718bea8..b0dd2abe 100644
+--- a/ip/ipvrf.c
++++ b/ip/ipvrf.c
+@@ -24,6 +24,7 @@
+ #include "utils.h"
+ #include "ip_common.h"
+ #include "bpf_util.h"
++#include "selinux.h"
+ 
+ #define CGRP_PROC_FILE  "/cgroup.procs"
+ 
+@@ -455,6 +456,11 @@ static int ipvrf_exec(int argc, char **argv)
+ 		return -1;
+ 	}
+ 
++	if (is_selinux_enabled() && setexecfilecon(argv[1], "ifconfig_t")) {
++		fprintf(stderr, "setexecfilecon for \"%s\" failed\n", argv[1]);
++		return -1;
++	}
++
+ 	return -cmd_exec(argv[1], argv + 1, !!batch_mode, do_switch, argv[0]);
+ }
+ 
+diff --git a/lib/selinux.c b/lib/selinux.c
+index 4e6805fc..7e5dd16d 100644
+--- a/lib/selinux.c
++++ b/lib/selinux.c
+@@ -30,3 +30,8 @@ int security_get_initial_context(const char *name,  char **context)
+ 	*context = NULL;
+ 	return -1;
+ }
++
++int setexecfilecon(const char *filename, const char *fallback_type)
++{
++	return -1;
++}
+-- 
+2.41.0
+

SOURCES/0008-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch

@@ -0,0 +1,158 @@
+From e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9 Mon Sep 17 00:00:00 2001
+Message-ID: <e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9.1710441171.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Thu, 14 Mar 2024 19:26:55 +0100
+Subject: [PATCH] ss: Add support for dumping TCP bound-inactive sockets.
+
+JIRA: https://issues.redhat.com/browse/RHEL-21017
+Upstream Status: iproute2.git commit ae447da64975ad02e40a93ccbc440a6477af96c0
+
+commit ae447da64975ad02e40a93ccbc440a6477af96c0
+Author: Guillaume Nault <gnault@redhat.com>
+Date:   Tue Dec 19 14:18:13 2023 +0100
+
+    ss: Add support for dumping TCP bound-inactive sockets.
+
+    Make ss aware of the new "bound-inactive" pseudo-state for TCP (see
+    Linux commit 91051f003948 ("tcp: Dump bound-only sockets in inet_diag.")).
+    These are TCP sockets that have been bound, but are neither listening nor
+    connecting.
+
+    With this patch, these sockets can now be dumped with:
+
+      * the existing -a (--all) option, to dump all sockets, including
+        bound-inactive ones,
+
+      * the new -B (--bound-inactive) option, to dump them exclusively,
+
+      * the new "bound-inactive" state, to be used in a STATE-FILTER.
+
+    Note that the SS_BOUND_INACTIVE state is a pseudo-state used for queries
+    only. The kernel returns them as SS_CLOSE.
+
+    The SS_NEW_SYN_RECV pseudo-state is added in this patch only because we
+    have to set its entry in the sstate_namel array (in scan_state()). Care
+    is taken not to make it visible by users.
+
+    Signed-off-by: Guillaume Nault <gnault@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+
+Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+---
+ man/man8/ss.8 |  7 +++++++
+ misc/ss.c     | 20 +++++++++++++++++++-
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/man/man8/ss.8 b/man/man8/ss.8
+index d413e570..2bc42b85 100644
+--- a/man/man8/ss.8
++++ b/man/man8/ss.8
+@@ -40,6 +40,10 @@ established connections) sockets.
+ .B \-l, \-\-listening
+ Display only listening sockets (these are omitted by default).
+ .TP
++.B \-B, \-\-bound-inactive
++Display only TCP bound but inactive (not listening, connecting, etc.) sockets
++(these are omitted by default).
++.TP
+ .B \-o, \-\-options
+ Show timer information. For TCP protocol, the output format is:
+ .RS
+@@ -458,6 +462,9 @@ states except for
+ - opposite to
+ .B bucket
+ 
++.B bound-inactive
++- bound but otherwise inactive sockets (not listening, connecting, etc.)
++
+ .SH EXPRESSION
+ 
+ .B EXPRESSION
+diff --git a/misc/ss.c b/misc/ss.c
+index 6e18bf0c..232178e6 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -210,6 +210,8 @@ enum {
+ 	SS_LAST_ACK,
+ 	SS_LISTEN,
+ 	SS_CLOSING,
++	SS_NEW_SYN_RECV, /* Kernel only value, not for use in user space */
++	SS_BOUND_INACTIVE,
+ 	SS_MAX
+ };
+ 
+@@ -1377,6 +1379,8 @@ static void sock_state_print(struct sockstat *s)
+ 		[SS_LAST_ACK] = "LAST-ACK",
+ 		[SS_LISTEN] =	"LISTEN",
+ 		[SS_CLOSING] = "CLOSING",
++		[SS_NEW_SYN_RECV] = "UNDEF", /* Never returned by kernel */
++		[SS_BOUND_INACTIVE] = "UNDEF", /* Never returned by kernel */
+ 	};
+ 
+ 	switch (s->local.family) {
+@@ -5310,6 +5314,7 @@ static void _usage(FILE *dest)
+ "   -r, --resolve       resolve host names\n"
+ "   -a, --all           display all sockets\n"
+ "   -l, --listening     display listening sockets\n"
++"   -B, --bound-inactive display TCP bound but inactive sockets\n"
+ "   -o, --options       show timer information\n"
+ "   -e, --extended      show detailed socket information\n"
+ "   -m, --memory        show socket memory usage\n"
+@@ -5392,9 +5397,17 @@ static int scan_state(const char *state)
+ 		[SS_LAST_ACK] = "last-ack",
+ 		[SS_LISTEN] =	"listening",
+ 		[SS_CLOSING] = "closing",
++		[SS_NEW_SYN_RECV] = "new-syn-recv",
++		[SS_BOUND_INACTIVE] = "bound-inactive",
+ 	};
+ 	int i;
+ 
++	/* NEW_SYN_RECV is a kernel implementation detail. It shouldn't be used
++	 * or even be visible by users.
++	 */
++	if (strcasecmp(state, "new-syn-recv") == 0)
++		goto wrong_state;
++
+ 	if (strcasecmp(state, "close") == 0 ||
+ 	    strcasecmp(state, "closed") == 0)
+ 		return (1<<SS_CLOSE);
+@@ -5417,6 +5430,7 @@ static int scan_state(const char *state)
+ 			return (1<<i);
+ 	}
+ 
++wrong_state:
+ 	fprintf(stderr, "ss: wrong state name: %s\n", state);
+ 	exit(-1);
+ }
+@@ -5458,6 +5472,7 @@ static const struct option long_opts[] = {
+ 	{ "vsock", 0, 0, OPT_VSOCK },
+ 	{ "all", 0, 0, 'a' },
+ 	{ "listening", 0, 0, 'l' },
++	{ "bound-inactive", 0, 0, 'B' },
+ 	{ "ipv4", 0, 0, '4' },
+ 	{ "ipv6", 0, 0, '6' },
+ 	{ "packet", 0, 0, '0' },
+@@ -5496,7 +5511,7 @@ int main(int argc, char *argv[])
+ 	int state_filter = 0;
+ 
+ 	while ((ch = getopt_long(argc, argv,
+-				 "dhaletuwxnro460spTbEf:mMiA:D:F:vVzZN:KHSO",
++				 "dhalBetuwxnro460spTbEf:mMiA:D:F:vVzZN:KHSO",
+ 				 long_opts, NULL)) != EOF) {
+ 		switch (ch) {
+ 		case 'n':
+@@ -5561,6 +5576,9 @@ int main(int argc, char *argv[])
+ 		case 'l':
+ 			state_filter = (1 << SS_LISTEN) | (1 << SS_CLOSE);
+ 			break;
++		case 'B':
++			state_filter = 1 << SS_BOUND_INACTIVE;
++			break;
+ 		case '4':
+ 			filter_af_set(&current_filter, AF_INET);
+ 			break;
+-- 
+2.44.0
+

SPECS/iproute.spec

@@ -1,7 +1,7 @@
 Summary:            Advanced IP routing and network device configuration tools
 Name:               iproute
 Version:            6.2.0
-Release:            5%{?dist}%{?buildid}
+Release:            6%{?dist}%{?buildid}
 %if 0%{?rhel}
 Group:              Applications/System
 %endif
@@ -10,9 +10,12 @@ Source0:            https://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{v
 Source1:            rt_dsfield.deprecated
 Patch0:             0001-Update-kernel-headers.patch
 Patch1:             0002-macvlan-Add-bclim-parameter.patch
-Patch2:             0003-mptcp-add-support-for-implicit-flag.patch
-Patch3:             0004-u32-fix-TC_U32_TERMINAL-printing.patch
-Patch4:             0005-tc-add-missing-separator.patch
+Patch2:             0003-tc-add-missing-separator.patch
+Patch3:             0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch
+Patch4:             0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch
+Patch5:             0006-lib-add-SELinux-include-and-stub-functions.patch
+Patch6:             0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch
+Patch7:             0008-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
 
 License:            GPL-2.0-or-later AND NIST-PD
 BuildRequires:      bison
@@ -144,145 +147,258 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield
 %{_includedir}/iproute2/bpf_elf.h
 
 %changelog
-* Tue Jun 06 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el9
-- tc: add missing separator (Andrea Claudi) [RHEL-337]
-- u32: fix TC_U32_TERMINAL printing (Andrea Claudi) [RHEL-586]
+* Thu Mar 14 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-6.el8
+- ss: Add support for dumping TCP bound-inactive sockets. (Andrea Claudi)
 
-* Mon Jun 05 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el9
-- Fix NVR, %autorelease not working (Andrea Claudi)
+* Mon Sep 25 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el8
+- Bump version number (wrong exception build)
 
-* Thu Jun 01 2023 Wen Liang <wenliang@redhat.com> - 6.2.0-3.el9
-- mptcp: add support for implicit flag (Wen Liang) [2109135]
+* Wed Sep 20 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el8
+- ip vrf: make ipvrf_exec SELinux-aware (Andrea Claudi) [1780023]
+- lib: add SELinux include and stub functions (Andrea Claudi) [1780023]
+- ss: make SELinux stub functions conformant to API definitions (Andrea Claudi) [1780023]
+- ss: make is_selinux_enabled stub work like in SELinux (Andrea Claudi) [1780023]
 
-* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el9
-- macvlan: Add bclim parameter (Andrea Claudi) [2186945]
-- Update kernel headers (Andrea Claudi) [2186945]
+* Wed Jun 07 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-3.el8
+- tc: add missing separator (Andrea Claudi)
 
-* Thu Apr 27 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el9
-- New version 6.2.0 (Andrea Claudi) [RHEL-428]
+* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el8
+- macvlan: Add bclim parameter (Andrea Claudi) [2188134]
+- Update kernel headers (Andrea Claudi) [2188134]
 
-* Sat Jan 28 2023 Andrea Claudi <aclaudi@redhat.com> - 6.1.0-1.el9
-- New version 6.1.0 [2155604]
+* Wed Apr 26 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el8
+- New version 6.2.0 (Andrea Claudi) [RHEL-424]
 
-* Fri Jan 06 2023 Viktor Malik <vmalik@redhat.com> - 6.0.0-2.el9
-- Rebuild for libbpf 1.0.0 [2158727]
+* Wed Jun 08 2022 Wen Liang <wenliang@redhat.com> - 5.18.0-1.el8
+- New version 5.18.0 [2074607]
 
-* Thu Oct 06 2022 Andrea Claudi <aclaudi@redhat.com> - 6.0.0-1.el9
-- New version 6.0.0 [2132427]
+* Mon Mar 21 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-4.el8
+- vdpa: Update man page with added support to configure max vq pair (Andrea Claudi) [2056827]
+- vdpa: Support reading device features (Andrea Claudi) [2056827]
+- vdpa: Support for configuring max VQ pairs for a device (Andrea Claudi) [2056827]
+- vdpa: Allow for printing negotiated features of a device (Andrea Claudi) [2056827]
+- vdpa: Remove unsupported command line option (Andrea Claudi) [2056827]
+- uapi: update vdpa.h (Andrea Claudi) [2056827]
+- Update kernel headers and import virtio_net (Andrea Claudi) [2056827]
 
-* Wed Jun 15 2022 Andrea Claudi <aclaudi@redhat.com> - 5.18.0-1.el9
-- New version 5.18.0 [2074608]
+* Mon Feb 07 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-3.el8
+- tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6` (Andrea Claudi) [1989591]
+- tc: u32: add support for json output (Andrea Claudi) [1989591]
 
-* Thu Nov 25 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el9
-- Fix gating.yaml [2009355]
+* Wed Jan 26 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el8
+- vdpa: Enable user to set mtu of the vdpa device (Andrea Claudi) [2036880]
+- vdpa: Enable user to set mac address of vdpa device (Andrea Claudi) [2036880]
+- vdpa: Enable user to query vdpa device config layout (Andrea Claudi) [2036880]
+- vdpa: align uapi headers (Andrea Claudi) [2036880]
 
-* Wed Nov 24 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el9
-- New version 5.15.0 [2009355]
+* Tue Nov 23 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el8
+- New version 5.15.0 (Andrea Claudi) [2016061]
 
-* Wed Aug 18 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-5.el9
-- Add build and runtime dependency on libbpf (Andrea Claudi) [1994520]
-- Use TC_LIB_DIR environment variable (Andrea Claudi) [1994545]
-- Re-add iproute-doc package on the specfile (Andrea Claudi) [1994581]
+* Thu Oct 07 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-4.el8]
+- lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists (Andrea Claudi) [1995082]
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.13.0-4.el9
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Thu Aug 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-3.el8]
+- tc: htb: improve burst error messages (Andrea Claudi) [1910745]
+- tc: u32: Fix key folding in sample option (Andrea Claudi) [1979425]
+- police: Fix normal output back to what it was (Andrea Claudi) [1981393]
+- police: Add support for json output (Andrea Claudi) [1981393]
+- police: add support for packet-per-second rate limiting (Andrea Claudi) [1981393]
+- Update kernel headers (Andrea Claudi) [1981393]
+- mptcp: add support for port based endpoint (Andrea Claudi) [1984733]
 
-* Fri Jul 16 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-3.el9
-- Fix changelog (Andrea Claudi) [1947854]
-- Add RHEL gating configuration (Aleksandra Fedorova)
+* Fri Aug 06 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-2.el8]
+- add build and run-time dependencies on libbpf (Andrea Claudi) [1990402]
 
-* Thu Jul 15 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-2.el9
-- Remove Recommends: iproute-tc from spec file (Andrea Claudi) [1947854]
+* Mon Jun 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-1.el8]
+- tc: f_flower: Add missing ct_state flags to usage description (Andrea Claudi) [1957243]
+- tc: f_flower: Add option to match on related ct state (Andrea Claudi) [1957243]
 
-* Wed Jun 30 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-1.el9
-- New version 5.13.0 (#1977898)
+* Thu Apr 29 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-0.el8]
+- New version 5.12.0 [1939382]
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.10.0-3.el9
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Fri Mar 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-4.el8]
+- iplink_bareudp: cleanup help message and man page (Andrea Claudi) [1912412]
 
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.10.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Tue Feb 09 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-3.el8]
+- iproute: force rtm_dst_len to 32/128 (Andrea Claudi) [1852038]
 
-* Mon Dec 21 2020 Andrea Claudi <aclaudi@redhat.com> - 5.10.0-1
-- New version 5.10.0 (#1909551)
+* Thu Jan 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-2.el8]
+- tc: flower: fix json output with mpls lse (Andrea Claudi) [1885770]
+- tc-mpls: fix manpage example and help message string (Andrea Claudi) [1885770]
+- tc-vlan: fix help and error message strings (Andrea Claudi) [1885770]
+- m_mpls: test the 'mac_push' action after 'modify' (Andrea Claudi) [1885770]
+- m_mpls: add mac_push action (Andrea Claudi) [1885770]
+- m_vlan: add pop_eth and push_eth actions (Andrea Claudi) [1885770]
+- Update kernel headers (Andrea Claudi) [1885770]
 
-* Wed Dec 2 2020 Andrea Claudi <aclaudi@redhat.com> - 5.9.0-1
-- New version 5.9.0
+* Tue Nov 17 2020 Andrea Claudi <aclaudi@redhat.com> [5.9.0-1.el8]
+- Rebase iproute to v5.9.0 [1896011]
 
-* Mon Aug 10 2020 Phil Sutter <psutter@redhat.com> - 5.8.0-1
-- New version 5.8.0
+* Mon Jun 29 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-5.el8]
+- man: tc-ct.8: Add manual page for ct tc action (Andrea Claudi) [1844637]
+- tc: flower: Add matching on conntrack info (Andrea Claudi) [1844637]
+- tc: Introduce tc ct action (Andrea Claudi) [1844637]
+- tc: add NLA_F_NESTED flag to all actions options nested block (Andrea Claudi) [1844637]
+- Import tc_act/tc_ct.h uapi file (Andrea Claudi) [1844637]
+- ss: allow dumping kTLS info (Andrea Claudi) [1812207]
+- devlink: Add health error recovery status monitoring (Andrea Claudi) [1821039]
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Fri Jun 05 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-4.el8]
+- tc: f_flower: add options support for erspan (Andrea Claudi) [1830485]
+- tc: f_flower: add options support for vxlan (Andrea Claudi) [1830485]
+- tc: m_tunnel_key: add options support for erpsan (Andrea Claudi) [1830485]
+- tc: m_tunnel_key: add options support for vxlan (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for erspan metadata (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for vxlan metadata (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for geneve metadata (Andrea Claudi) [1830485]
+- Update kernel headers (Andrea Claudi) [1830485]
+- man: ip.8: add reference to mptcp man-page (Andrea Claudi) [1812207]
+- man: mptcp man page (Andrea Claudi) [1812207]
+- ss: allow dumping MPTCP subflow information (Andrea Claudi) [1812207]
+- Update kernel headers (Andrea Claudi) [1812207]
+- Update kernel headers (Andrea Claudi) [1812207]
+- add support for mptcp netlink interface (Andrea Claudi) [1812207]
+- Update kernel headers and import mptcp.h (Andrea Claudi) [1812207]
+- ip: xfrm: add espintcp encapsulation (Andrea Claudi) [1844045]
+- Update kernel headers and import udp.h (Andrea Claudi) [1844045]
 
-* Wed Jun 03 2020 Phil Sutter <psutter@redhat.com> - 5.7.0-1
-- New version 5.7.0
+* Thu Apr 30 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-3.el8]
+- xfrm: also check for ipv6 state in xfrm_state_keep (Andrea Claudi) [1828033]
+- man: bridge.8: fix bridge link show description (Andrea Claudi) [1817571]
+- ip: fix ip route show json output for multipath nexthops (Andrea Claudi) [1738633]
+- ip link: xstats: fix TX IGMP reports string (Andrea Claudi) [1796041]
+- nstat: print useful error messages in abort() cases (Andrea Claudi) [1824896]
 
-* Tue Jan 28 2020 Phil Sutter <psutter@redhat.com> - 5.5.0-1
-- New version 5.5.0
+* Thu Apr 23 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-2.el8]
+- man: ip.8: Add missing vrf subcommand description (Andrea Claudi) [1780010]
+- xfrm: not try to delete ipcomp states when using deleteall (Andrea Claudi) [1808634]
+- ip-xfrm: Fix help messages (Andrea Claudi) [1796045]
+- man: rdma.8: Add missing resource subcommand description (Andrea Claudi) [1786576]
+- man: rdma-statistic: Add filter description (Andrea Claudi) [1786565]
+- tc: implement support for action flags (Andrea Claudi) [1770671]
+- Update kernel headers (Andrea Claudi) [1770671]
+- Update kernel headers (Andrea Claudi) [1770671]
 
-* Tue Nov 26 2019 Phil Sutter <psutter@redhat.com> - 5.4.0-1
-- New version 5.4.0
-- Drop iproute-doc package, upstream removed all non-manpage documentation
+* Tue Oct 15 2019 Andrea Claudi <aclaudi@redhat.com> [5.3.0-1.el8]
+- New version 5.3.0 [1752857]
 
-* Tue Oct 08 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-2
-- ifcfg script uses killall, therefore requires psmisc package
+* Thu Jul 04 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-15.el8]
+- netns: make netns_{save,restore} static (Andrea Claudi) [1719759]
+- ip vrf: use hook to change VRF in the child (Andrea Claudi) [1719759]
+- netns: switch netns in the child when executing commands (Andrea Claudi) [1719759]
+- m_mirred: don't bail if the control action is missing (Andrea Claudi) [1711760]
+- tc: introduce support for chain templates (Andrea Claudi) [1710291]
+- ip: reset netns after each command in batch mode (Andrea Claudi) [1671016]
 
-* Thu Sep 26 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-1
-- New version 5.3.0
-- Add upstream-suggested backports
+* Thu Jun 20 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-14.el8]
+- ss: Review ssfilter (Andrea Claudi) [1698401]
 
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Fri Jun 14 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-13.el8]
+- ip-xfrm: Respect family in deleteall and list commands (Andrea Claudi) [1656717]
+- Update kernel headers (Andrea Claudi) [1716361]
+- uapi: update bpf header (Andrea Claudi) [1716361]
+- uapi: update headers to 4.20-rc1 (Andrea Claudi) [1716361]
+- bpf: add btf func and func_proto kind support (Andrea Claudi) [1716361]
+- lib/bpf: fix build warning if no elf (Andrea Claudi) [1716361]
+- bpf: initialise map symbol before retrieving and comparing its type (Andrea Claudi) [1716361]
+- Include bsd/string.h only in include/utils.h (Andrea Claudi) [1716361]
+- Use libbsd for strlcpy if available (Andrea Claudi) [1716361]
+- bpf: check map symbol type properly with newer llvm compiler (Andrea Claudi) [1716361]
+- bpf: implement btf handling and map annotation (Andrea Claudi) [1716361]
+- bpf: implement bpf to bpf calls support (Andrea Claudi) [1716361]
+- bpf: remove strict dependency on af_alg (Andrea Claudi) [1716361]
+- bpf: move bpf_elf_map fixup notification under verbose (Andrea Claudi) [1716361]
+- iplink: add support for reporting multiple XDP programs (Andrea Claudi) [1716361]
+- rdma: Document IB device renaming option (Andrea Claudi) [1663228]
+- rdma: Add an option to rename IB device interface (Andrea Claudi) [1663228]
+- rdma: Introduce command execution helper with required device name (Andrea Claudi) [1663228]
+- rdma: Update kernel include file to support IB device renaming (Andrea Claudi) [1663228]
+- libnetlink: Convert GETADDR dumps to use rtnl_addrdump_req (Andrea Claudi) [1716772]
 
-* Tue Jul 23 2019 Phil Sutter <psutter@redhat.com> - 5.2.0-1
-- New version 5.2.0
-- Add upstream-suggested backports
-- Fix for tunnel creation when using 'dev' parameter
+* Wed May 29 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-12.el8]
+- devlink: Add param command support (Andrea Claudi) [1663199]
+- rdma: Fix representation of PortInfo CapabilityMask (Andrea Claudi) [1664694]
+- uapi: update ib_verbs (Andrea Claudi) [1664694]
+- tc: flower: Add support for QinQ (Andrea Claudi) [1615928]
+- ip rule: Add ipproto and port range to filter list (Andrea Claudi) [1678111]
 
-* Wed May 29 2019 Phil Sutter <psutter@redhat.com> - 5.1.0-1
-- New version 5.1.0
+* Thu Jan 31 2019 Phil Sutter <psutter@redhat.com> [4.18.0-11.el8]
+- tc: m_tunnel_key: Add tunnel option support to act_tunnel_key (Phil Sutter) [1654761]
+- tc: f_flower: add geneve option match support to flower (Phil Sutter) [1654761]
+- l2tp: Fix printing of cookie and peer_cookie values (Phil Sutter) [1643805]
 
-* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-2
-- Restore Provides: hint, at least pptp depends on it
+* Tue Dec 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-10.el8]
+- iplink: fix incorrect any address handling for ip tunnels (Phil Sutter) [1626304]
 
-* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-1
-- New version 5.0.0
-- Get rid of old upgrade path hints
+* Tue Dec 11 2018 Phil Sutter <psutter@redhat.com> [4.18.0-9.el8]
+- man: rdma: Add reference to rdma-resource.8 (Phil Sutter) [1610334]
 
-* Fri Feb 01 2019 Phil Sutter <psutter@redhat.com> - 4.20.0-1
-- New version 4.20.0
-- Add upstream-suggested backports
-- Upstream dropped cbq script, remove it along with related configs
-- Add libcap support
+* Thu Nov 29 2018 Phil Sutter <psutter@redhat.com> [4.18.0-8.el8]
+- Bump release to run fresh CI tests.
 
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.18.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+* Mon Nov 26 2018 Phil Sutter <psutter@redhat.com> [4.18.0-7.el8]
+- ip-route: Fix nexthop encap parsing (Phil Sutter) [1625358]
+- man: ip-route.8: Document nexthop limit (Phil Sutter) [1625358]
 
-* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-5
-- man: ip-route: Clarify referenced versions are Linux ones
+* Thu Oct 25 2018 Phil Sutter <psutter@redhat.com> [4.18.0-6.el8]
+- Update kernel headers (Phil Sutter) [1637440]
+- tc_util: Add support for showing TCA_STATS_BASIC_HW statistics (Phil Sutter) [1637440]
+- tc: Remove pointless assignments in batch() (Phil Sutter) [1602555]
+- tipc: Drop unused variable 'genl' (Phil Sutter) [1602555]
+- ip-route: Fix parse_encap_seg6() srh parsing (Phil Sutter) [1602555]
+- rdma: Don't pass garbage to rd_check_is_filtered() (Phil Sutter) [1602555]
+- ip-route: Fix for memleak in error path (Phil Sutter) [1602555]
+- rdma: Fix for ineffective check in add_filter() (Phil Sutter) [1602555]
+- devlink: Fix error reporting in cmd_resource_set() (Phil Sutter) [1602555]
+- libnetlink: fix use-after-free of message buf (Phil Sutter) [1602555]
+- libnetlink: don't return error on success (Phil Sutter) [1602555]
+- libnetlink: fix leak and using unused memory on error (Phil Sutter) [1602555]
+- tc: htb: Print default value in hex (Phil Sutter) [1641053]
 
-* Fri Aug 31 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-4
-- iprule: Fix destination prefix output
+* Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-5.el8]
+- utils: fix get_rtnl_link_stats_rta stats parsing (Phil Sutter) [1626306]
+- uapi: add snmp header file (Phil Sutter) [1626306]
+- macsec: fix off-by-one when parsing attributes (Phil Sutter) [1628428]
+- json: make 0xhex handle u64 (Phil Sutter) [1628428]
 
-* Thu Aug 23 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-3
-- Make colored output configurable
+* Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-4.el8]
+- iplink_vxlan: take into account preferred_family creating vxlan device (Phil Sutter) [1626321]
+- ip-addrlabel: Fix printing of label value (Phil Sutter) [1639412]
+- bridge: fdb: Fix for missing keywords in non-JSON output (Phil Sutter) [1636532]
 
-* Thu Aug 16 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-2
-- Fix ss filter expressions
+* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-3.el8]
+- lib: introduce print_nl (Phil Sutter) [1625500]
 
-* Tue Aug 14 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-1
+* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-2.el8]
+- bridge/mdb: fix missing new line when show bridge mdb (Phil Sutter) [1625500]
+- ip-route: Fix segfault with many nexthops (Phil Sutter) [1625358]
+- Update kernel headers (Phil Sutter) [1615915]
+- tc/flower: Add match on encapsulating tos/ttl (Phil Sutter) [1615915]
+- tc/act_tunnel_key: Enable setup of tos and ttl (Phil Sutter) [1615915]
+- iprule: Fix destination prefix output (Phil Sutter) [1623503]
+- ip: Add missing -M flag to help text (Phil Sutter) [1612704]
+- man: ss.8: Describe --events option (Phil Sutter) [1612704]
+- rtmon: List options in help text (Phil Sutter) [1612704]
+- man: rtacct.8: Fix nstat options (Phil Sutter) [1612704]
+- man: ifstat.8: Document --json and --pretty options (Phil Sutter) [1612704]
+- genl: Fix help text (Phil Sutter) [1612704]
+- man: devlink.8: Document -verbose option (Phil Sutter) [1612704]
+- devlink: trivial: Make help text consistent (Phil Sutter) [1612704]
+- bridge: trivial: Make help text consistent (Phil Sutter) [1612704]
+- man: bridge.8: Document -oneline option (Phil Sutter) [1612704]
+
+* Tue Aug 14 2018 Phil Sutter - 4.18.0-1
 - New version 4.18.0
 
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.17.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Jun 12 2018 Phil Sutter <psutter@redhat.com> - 4.17.0-1
-- New version 4.17.0
-
-* Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
-- New version 4.16.0
+* Thu Aug 09 2018 Phil Sutter <psutter@redhat.com> [4.17.0-1.el8]
+- rdma: print driver resource attributes (Phil Sutter) [1610334]
+- rdma: update rdma_netlink.h to get new driver attributes (Phil Sutter) [1610334]
+- rdma: Print net device name and index for RDMA device (Phil Sutter) [1610334]
+- devlink: CTRL_ATTR_FAMILY_ID is a u16 (Phil Sutter) [1589317]
+- tc: Do not use addattr_nest_compat on mqprio and netem (Phil Sutter) [1589317]
+- ipaddress: Fix and make consistent label match handling (Phil Sutter) [1589317]
+- rt_dsfield: Ship deprecated values for compatibility (Phil Sutter) [1595683]
+- New version 4.17.0 including upstream-suggested fixes (Phil Sutter) [1589317]
 
 * Fri Feb 09 2018 Phil Sutter <psutter@redhat.com> - 4.15.0-1
 - New version 4.15.0