SOURCES/0001-Update-kernel-headers.patch

@@ -1,10 +1,10 @@
-From d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c Mon Sep 17 00:00:00 2001
+From 6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b Mon Sep 17 00:00:00 2001
-Message-Id: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
+Message-Id: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] Update kernel headers
 
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
 Upstream Status: iproute2-next.git commit 88786cd1
 
 commit 88786cd1a96a89427bc22061c7736eb2eac31121

SOURCES/0002-macvlan-Add-bclim-parameter.patch

@@ -1,12 +1,12 @@
-From 7d1444d9563575ec3346620f12788799080db8c5 Mon Sep 17 00:00:00 2001
+From 1638c2909a2911f981ee437dafde70e5e8d721f8 Mon Sep 17 00:00:00 2001
-Message-Id: <7d1444d9563575ec3346620f12788799080db8c5.1683109787.git.aclaudi@redhat.com>
+Message-Id: <1638c2909a2911f981ee437dafde70e5e8d721f8.1683117490.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] macvlan: Add bclim parameter
 
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
 Upstream Status: iproute2-next.git commit e8a3fb47
 
 commit e8a3fb470b4e96aa35a2731c7cc175b946c0a62d

SOURCES/0003-mptcp-add-support-for-implicit-flag.patch

@@ -1,69 +0,0 @@
-From ad96352bfdc2865237beca32fd7d50cfef3e75c7 Mon Sep 17 00:00:00 2001
-From: Wen Liang <wenliang@redhat.com>
-Date: Thu, 1 Jun 2023 10:33:46 -0400
-Subject: [PATCH] mptcp: add support for implicit flag
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2109135
-Upstream Status: iproute2-next.git commit 3a2535a4
-
-commit 3a2535a41854d481c1a052e267d1fe5d83f9493c
-Author: Andrea Claudi <aclaudi@redhat.com>
-Date:   Tue May 16 11:48:04 2023 +0200
-
-    mptcp: add support for implicit flag
-
-    Kernel supports implicit flag since commit d045b9eb95a9 ("mptcp:
-    introduce implicit endpoints"), included in v5.18.
-
-    Let's add support for displaying it to iproute2.
-
-    Before this change:
-    $ ip mptcp endpoint show
-    10.0.2.2 id 1 rawflags 10
-
-    After this change:
-    $ ip mptcp endpoint show
-    10.0.2.2 id 1 implicit
-
-    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
-    Signed-off-by: David Ahern <dsahern@kernel.org>
----
- ip/ipmptcp.c        | 1 +
- man/man8/ip-mptcp.8 | 9 +++++++++
- 2 files changed, 10 insertions(+)
-
-diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c
-index beba7a41..9847f95b 100644
---- a/ip/ipmptcp.c
-+++ b/ip/ipmptcp.c
-@@ -58,6 +58,7 @@ static const struct {
- 	{ "subflow",		MPTCP_PM_ADDR_FLAG_SUBFLOW },
- 	{ "backup",		MPTCP_PM_ADDR_FLAG_BACKUP },
- 	{ "fullmesh",		MPTCP_PM_ADDR_FLAG_FULLMESH },
-+	{ "implicit",		MPTCP_PM_ADDR_FLAG_IMPLICIT },
- 	{ "nobackup",		MPTCP_PM_ADDR_FLAG_NONE },
- 	{ "nofullmesh",		MPTCP_PM_ADDR_FLAG_NONE }
- };
-diff --git a/man/man8/ip-mptcp.8 b/man/man8/ip-mptcp.8
-index 72762f49..b427065c 100644
---- a/man/man8/ip-mptcp.8
-+++ b/man/man8/ip-mptcp.8
-@@ -176,6 +176,15 @@ endpoint. When the peer does announce addresses, each received ADD_ADDR
- sub-option will trigger creation of an additional subflow to generate a
- full mesh topology.
- 
-+.TP
-+.BR implicit
-+In some scenarios, an MPTCP
-+.BR subflow
-+can use a local address mapped by a implicit endpoint created by the
-+in-kernel path manager. Once set, the implicit flag cannot be removed, but
-+other flags can be added to the endpoint. Implicit endpoints cannot be
-+created from user-space.
-+
- .sp
- .PP
- The
--- 
-2.38.1
-

SOURCES/0003-tc-add-missing-separator.patch

@@ -1,12 +1,12 @@
-From 8bc9a4f3855d28ae718f14875dd78d49d53c4349 Mon Sep 17 00:00:00 2001
+From 4c2e1768c0d446345796dc058d1e114147a1029a Mon Sep 17 00:00:00 2001
-Message-Id: <8bc9a4f3855d28ae718f14875dd78d49d53c4349.1686076455.git.aclaudi@redhat.com>
+Message-Id: <4c2e1768c0d446345796dc058d1e114147a1029a.1686090191.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
-Date: Tue, 6 Jun 2023 20:08:25 +0200
+Date: Wed, 7 Jun 2023 00:15:59 +0200
 Subject: [PATCH] tc: add missing separator
 
-Jira: https://issues.redhat.com/browse/RHEL-586
+Jira: https://issues.redhat.com/browse/RHEL-487
 Upstream Status: iproute2-next.git commit 4e0e56e0
 
 commit 4e0e56e0ef05387f7f5d8ab41fe6ec6a1897b26d

SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch

@@ -0,0 +1,55 @@
+From dcff6d4c73cd9c33b4103a4505ecebe6852f63df Mon Sep 17 00:00:00 2001
+Message-ID: <dcff6d4c73cd9c33b4103a4505ecebe6852f63df.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ss: make is_selinux_enabled stub work like in SELinux
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit c8970828
+
+commit c8970828b6509af3ab0f2982da335fb6a6c846af
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:29:59 2023 +0200
+
+    ss: make is_selinux_enabled stub work like in SELinux
+
+    From the is_selinux_enabled() manpage:
+
+    is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not.
+
+    This makes the is_selinux_enabled() stub functions works exactly like
+    the SELinux function it is supposed to replace.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ misc/ss.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index de02fccb..d2dffbf8 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -77,7 +77,7 @@
+ /* Stubs for SELinux functions */
+ static int is_selinux_enabled(void)
+ {
+-	return -1;
++	return 0;
+ }
+ 
+ static int getpidcon(pid_t pid, char **context)
+@@ -5684,7 +5684,7 @@ int main(int argc, char *argv[])
+ 			show_sock_ctx++;
+ 			/* fall through */
+ 		case 'Z':
+-			if (is_selinux_enabled() <= 0) {
++			if (!is_selinux_enabled()) {
+ 				fprintf(stderr, "ss: SELinux is not enabled.\n");
+ 				exit(1);
+ 			}
+-- 
+2.41.0
+

SOURCES/0004-u32-fix-TC_U32_TERMINAL-printing.patch

@@ -1,65 +0,0 @@
-From 80e59389e93bf3f45204a38536f3f228adf153c7 Mon Sep 17 00:00:00 2001
-Message-Id: <80e59389e93bf3f45204a38536f3f228adf153c7.1686076455.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-From: Andrea Claudi <aclaudi@redhat.com>
-Date: Tue, 6 Jun 2023 20:05:15 +0200
-Subject: [PATCH] u32: fix TC_U32_TERMINAL printing
-
-Jira: https://issues.redhat.com/browse/RHEL-337
-Upstream Status: iproute2-next.git commit 2854d69a
-
-commit 2854d69a99f6e38d0d2426bd641a56d7a85bc61b
-Author: Hangbin Liu <liuhangbin@gmail.com>
-Date:   Wed Mar 1 22:21:00 2023 +0800
-
-    u32: fix TC_U32_TERMINAL printing
-
-    We previously printed an asterisk if there was no 'sel' or
-    'TC_U32_TERMINAL' flag. However,
-     commit 1ff227545ce1 ("u32: fix json formatting of flowid")
-    changed the logic to print an asterisk only if there is a
-    'TC_U32_TERMINAL' flag. Therefore, we need to fix this
-    regression.
-
-    Before the fix, the tdc u32 test failed:
-
-    1..11
-    not ok 1 afa9 - Add u32 with source match
-            Could not match regex pattern. Verify command output:
-    filter protocol ip pref 1 u32 chain 0
-    filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
-    filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 *flowid 1:1 not_in_hw
-      match 7f000001/ffffffff at 12
-            action order 1: gact action pass
-             random type none pass val 0
-             index 1 ref 1 bind 1
-
-    After fix, the test passed:
-    1..11
-    ok 1 afa9 - Add u32 with source match
-
-    Fixes: 1ff227545ce1 ("u32: fix json formatting of flowid")
-    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-    Reviewed-by: Victor Nogueira <victor@mojatatu.com>
-    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
----
- tc/f_u32.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tc/f_u32.c b/tc/f_u32.c
-index bfe9e5f9..de2d0c9e 100644
---- a/tc/f_u32.c
-+++ b/tc/f_u32.c
-@@ -1273,7 +1273,7 @@ static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
- 	if (tb[TCA_U32_CLASSID]) {
- 		__u32 classid = rta_getattr_u32(tb[TCA_U32_CLASSID]);
- 		SPRINT_BUF(b1);
--		if (sel && (sel->flags & TC_U32_TERMINAL))
-+		if (!sel || !(sel->flags & TC_U32_TERMINAL))
- 			print_string(PRINT_FP, NULL, "*", NULL);
- 
- 		print_string(PRINT_ANY, "flowid", "flowid %s ",
--- 
-2.40.1
-

SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch

@@ -0,0 +1,52 @@
+From d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768 Mon Sep 17 00:00:00 2001
+Message-ID: <d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ss: make SELinux stub functions conformant to API definitions
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit 61c6882c
+
+commit 61c6882ce21c1247c06cd61783120be0a2e2019c
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:00 2023 +0200
+
+    ss: make SELinux stub functions conformant to API definitions
+
+    getfilecon() and security_get_initial_context() use the const qualifier
+    for their first paramater in SELinux APIs.
+
+    This commit adds the const qualifier to these functions, making them
+    conformant to API definitions.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ misc/ss.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index d2dffbf8..fe19f489 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -86,13 +86,13 @@ static int getpidcon(pid_t pid, char **context)
+ 	return -1;
+ }
+ 
+-static int getfilecon(char *path, char **context)
++static int getfilecon(const char *path, char **context)
+ {
+ 	*context = NULL;
+ 	return -1;
+ }
+ 
+-static int security_get_initial_context(char *name,  char **context)
++static int security_get_initial_context(const char *name,  char **context)
+ {
+ 	*context = NULL;
+ 	return -1;
+-- 
+2.41.0
+

SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch

@@ -0,0 +1,156 @@
+From 0e71f7774a764c0a19037b79b71d7146769082ac Mon Sep 17 00:00:00 2001
+Message-ID: <0e71f7774a764c0a19037b79b71d7146769082ac.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] lib: add SELinux include and stub functions
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit e246ebc3
+
+commit e246ebc3b7f1f438310ad6fd1d5976ba6ccf7a69
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:01 2023 +0200
+
+    lib: add SELinux include and stub functions
+
+    ss provides some selinux stub functions, useful when iproute2 is
+    compiled without selinux support.
+
+    Move them to lib/ so we can use them in other iproute2 tools.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ include/selinux.h |  9 +++++++++
+ lib/Makefile      |  4 ++++
+ lib/selinux.c     | 32 ++++++++++++++++++++++++++++++++
+ misc/ss.c         | 34 +---------------------------------
+ 4 files changed, 46 insertions(+), 33 deletions(-)
+ create mode 100644 include/selinux.h
+ create mode 100644 lib/selinux.c
+
+diff --git a/include/selinux.h b/include/selinux.h
+new file mode 100644
+index 00000000..499aa966
+--- /dev/null
++++ b/include/selinux.h
+@@ -0,0 +1,9 @@
++#if HAVE_SELINUX
++#include <selinux/selinux.h>
++#else
++int is_selinux_enabled(void);
++void freecon(char *context);
++int getpidcon(pid_t pid, char **context);
++int getfilecon(const char *path, char **context);
++int security_get_initial_context(const char *name,  char **context);
++#endif
+diff --git a/lib/Makefile b/lib/Makefile
+index ddedd37f..aa7bbd2e 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -13,6 +13,10 @@ UTILOBJ += bpf_libbpf.o
+ endif
+ endif
+ 
++ifneq ($(HAVE_SELINUX),y)
++UTILOBJ += selinux.o
++endif
++
+ NLOBJ=libgenl.o libnetlink.o
+ ifeq ($(HAVE_MNL),y)
+ NLOBJ += mnl_utils.o
+diff --git a/lib/selinux.c b/lib/selinux.c
+new file mode 100644
+index 00000000..4e6805fc
+--- /dev/null
++++ b/lib/selinux.c
+@@ -0,0 +1,32 @@
++#include <stdlib.h>
++#include <unistd.h>
++#include "selinux.h"
++
++/* Stubs for SELinux functions */
++int is_selinux_enabled(void)
++{
++	return 0;
++}
++
++void freecon(char *context)
++{
++	free(context);
++}
++
++int getpidcon(pid_t pid, char **context)
++{
++	*context = NULL;
++	return -1;
++}
++
++int getfilecon(const char *path, char **context)
++{
++	*context = NULL;
++	return -1;
++}
++
++int security_get_initial_context(const char *name,  char **context)
++{
++	*context = NULL;
++	return -1;
++}
+diff --git a/misc/ss.c b/misc/ss.c
+index fe19f489..6e18bf0c 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -33,6 +33,7 @@
+ #include "version.h"
+ #include "rt_names.h"
+ #include "cg_map.h"
++#include "selinux.h"
+ 
+ #include <linux/tcp.h>
+ #include <linux/unix_diag.h>
+@@ -71,39 +72,6 @@
+ #define BUF_CHUNKS_MAX 5	/* Maximum number of allocated buffer chunks */
+ #define LEN_ALIGN(x) (((x) + 1) & ~1)
+ 
+-#if HAVE_SELINUX
+-#include <selinux/selinux.h>
+-#else
+-/* Stubs for SELinux functions */
+-static int is_selinux_enabled(void)
+-{
+-	return 0;
+-}
+-
+-static int getpidcon(pid_t pid, char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static int getfilecon(const char *path, char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static int security_get_initial_context(const char *name,  char **context)
+-{
+-	*context = NULL;
+-	return -1;
+-}
+-
+-static void freecon(char *context)
+-{
+-	free(context);
+-}
+-#endif
+-
+ int preferred_family = AF_UNSPEC;
+ static int show_options;
+ int show_details;
+-- 
+2.41.0
+

SOURCES/0007-Update-kernel-headers.patch

@@ -1,233 +0,0 @@
-From 92a7cd1de2b2137d8d3279ee32f9b0548d6f4894 Mon Sep 17 00:00:00 2001
-Message-ID: <92a7cd1de2b2137d8d3279ee32f9b0548d6f4894.1709652372.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-From: Andrea Claudi <aclaudi@redhat.com>
-Date: Mon, 4 Mar 2024 23:37:51 +0100
-Subject: [PATCH] Update kernel headers
-
-JIRA: https://issues.redhat.com/browse/RHEL-579
-Upstream Status: iproute2.git commit 94aeaf9cb12c88afa8fba8027a0e714aa4fec841
-
-commit 94aeaf9cb12c88afa8fba8027a0e714aa4fec841
-Author: David Ahern <dsahern@kernel.org>
-Date:   Tue Feb 7 09:09:29 2023 -0700
-
-    Update kernel headers
-
-    Update kernel headers to commit:
-        61d731e6538d ("Merge tag 'linux-can-next-for-6.3-20230206' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next")
-
-    Signed-off-by: David Ahern <dsahern@kernel.org>
-
-Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
----
- include/uapi/linux/bpf.h       | 12 ++++++++
- include/uapi/linux/fou.h       | 54 ++++++++++++++++------------------
- include/uapi/linux/if_bridge.h |  2 ++
- include/uapi/linux/if_link.h   |  5 ++++
- include/uapi/linux/if_packet.h |  1 +
- include/uapi/linux/in.h        |  1 +
- include/uapi/linux/snmp.h      |  3 ++
- 7 files changed, 50 insertions(+), 28 deletions(-)
-
-diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
-index a667908d..4abb4c73 100644
---- a/include/uapi/linux/bpf.h
-+++ b/include/uapi/linux/bpf.h
-@@ -1156,6 +1156,11 @@ enum bpf_link_type {
-  */
- #define BPF_F_XDP_HAS_FRAGS	(1U << 5)
- 
-+/* If BPF_F_XDP_DEV_BOUND_ONLY is used in BPF_PROG_LOAD command, the loaded
-+ * program becomes device-bound but can access XDP metadata.
-+ */
-+#define BPF_F_XDP_DEV_BOUND_ONLY	(1U << 6)
-+
- /* link_create.kprobe_multi.flags used in LINK_CREATE command for
-  * BPF_TRACE_KPROBE_MULTI attach type to create return probe.
-  */
-@@ -2644,6 +2649,11 @@ union bpf_attr {
-  *		  Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
-  *		  L2 type as Ethernet.
-  *
-+ *		* **BPF_F_ADJ_ROOM_DECAP_L3_IPV4**,
-+ *		  **BPF_F_ADJ_ROOM_DECAP_L3_IPV6**:
-+ *		  Indicate the new IP header version after decapsulating the outer
-+ *		  IP header. Used when the inner and outer IP versions are different.
-+ *
-  * 		A call to this helper is susceptible to change the underlying
-  * 		packet buffer. Therefore, at load time, all checks on pointers
-  * 		previously done by the verifier are invalidated and must be
-@@ -5803,6 +5813,8 @@ enum {
- 	BPF_F_ADJ_ROOM_ENCAP_L4_UDP	= (1ULL << 4),
- 	BPF_F_ADJ_ROOM_NO_CSUM_RESET	= (1ULL << 5),
- 	BPF_F_ADJ_ROOM_ENCAP_L2_ETH	= (1ULL << 6),
-+	BPF_F_ADJ_ROOM_DECAP_L3_IPV4	= (1ULL << 7),
-+	BPF_F_ADJ_ROOM_DECAP_L3_IPV6	= (1ULL << 8),
- };
- 
- enum {
-diff --git a/include/uapi/linux/fou.h b/include/uapi/linux/fou.h
-index 9f915118..5a7b959b 100644
---- a/include/uapi/linux/fou.h
-+++ b/include/uapi/linux/fou.h
-@@ -1,32 +1,37 @@
- /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
--/* fou.h - FOU Interface */
-+/* Do not edit directly, auto-generated from: */
-+/*	Documentation/netlink/specs/fou.yaml */
-+/* YNL-GEN uapi header */
- 
- #ifndef _LINUX_FOU_H
- #define _LINUX_FOU_H
- 
--/* NETLINK_GENERIC related info
-- */
- #define FOU_GENL_NAME		"fou"
--#define FOU_GENL_VERSION	0x1
-+#define FOU_GENL_VERSION	1
- 
- enum {
--	FOU_ATTR_UNSPEC,
--	FOU_ATTR_PORT,				/* u16 */
--	FOU_ATTR_AF,				/* u8 */
--	FOU_ATTR_IPPROTO,			/* u8 */
--	FOU_ATTR_TYPE,				/* u8 */
--	FOU_ATTR_REMCSUM_NOPARTIAL,		/* flag */
--	FOU_ATTR_LOCAL_V4,			/* u32 */
--	FOU_ATTR_LOCAL_V6,			/* in6_addr */
--	FOU_ATTR_PEER_V4,			/* u32 */
--	FOU_ATTR_PEER_V6,			/* in6_addr */
--	FOU_ATTR_PEER_PORT,			/* u16 */
--	FOU_ATTR_IFINDEX,			/* s32 */
--
--	__FOU_ATTR_MAX,
-+	FOU_ENCAP_UNSPEC,
-+	FOU_ENCAP_DIRECT,
-+	FOU_ENCAP_GUE,
- };
- 
--#define FOU_ATTR_MAX		(__FOU_ATTR_MAX - 1)
-+enum {
-+	FOU_ATTR_UNSPEC,
-+	FOU_ATTR_PORT,
-+	FOU_ATTR_AF,
-+	FOU_ATTR_IPPROTO,
-+	FOU_ATTR_TYPE,
-+	FOU_ATTR_REMCSUM_NOPARTIAL,
-+	FOU_ATTR_LOCAL_V4,
-+	FOU_ATTR_LOCAL_V6,
-+	FOU_ATTR_PEER_V4,
-+	FOU_ATTR_PEER_V6,
-+	FOU_ATTR_PEER_PORT,
-+	FOU_ATTR_IFINDEX,
-+
-+	__FOU_ATTR_MAX
-+};
-+#define FOU_ATTR_MAX (__FOU_ATTR_MAX - 1)
- 
- enum {
- 	FOU_CMD_UNSPEC,
-@@ -34,15 +39,8 @@ enum {
- 	FOU_CMD_DEL,
- 	FOU_CMD_GET,
- 
--	__FOU_CMD_MAX,
-+	__FOU_CMD_MAX
- };
--
--enum {
--	FOU_ENCAP_UNSPEC,
--	FOU_ENCAP_DIRECT,
--	FOU_ENCAP_GUE,
--};
--
--#define FOU_CMD_MAX	(__FOU_CMD_MAX - 1)
-+#define FOU_CMD_MAX (__FOU_CMD_MAX - 1)
- 
- #endif /* _LINUX_FOU_H */
-diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
-index 4a887cf4..921b212d 100644
---- a/include/uapi/linux/if_bridge.h
-+++ b/include/uapi/linux/if_bridge.h
-@@ -523,6 +523,8 @@ enum {
- 	BRIDGE_VLANDB_ENTRY_TUNNEL_INFO,
- 	BRIDGE_VLANDB_ENTRY_STATS,
- 	BRIDGE_VLANDB_ENTRY_MCAST_ROUTER,
-+	BRIDGE_VLANDB_ENTRY_MCAST_N_GROUPS,
-+	BRIDGE_VLANDB_ENTRY_MCAST_MAX_GROUPS,
- 	__BRIDGE_VLANDB_ENTRY_MAX,
- };
- #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1)
-diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
-index 644d3554..71ddffc6 100644
---- a/include/uapi/linux/if_link.h
-+++ b/include/uapi/linux/if_link.h
-@@ -374,6 +374,9 @@ enum {
- 
- 	IFLA_DEVLINK_PORT,
- 
-+	IFLA_GSO_IPV4_MAX_SIZE,
-+	IFLA_GRO_IPV4_MAX_SIZE,
-+
- 	__IFLA_MAX
- };
- 
-@@ -562,6 +565,8 @@ enum {
- 	IFLA_BRPORT_MCAST_EHT_HOSTS_CNT,
- 	IFLA_BRPORT_LOCKED,
- 	IFLA_BRPORT_MAB,
-+	IFLA_BRPORT_MCAST_N_GROUPS,
-+	IFLA_BRPORT_MCAST_MAX_GROUPS,
- 	__IFLA_BRPORT_MAX
- };
- #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
-diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
-index a8516b35..78c981d6 100644
---- a/include/uapi/linux/if_packet.h
-+++ b/include/uapi/linux/if_packet.h
-@@ -115,6 +115,7 @@ struct tpacket_auxdata {
- #define TP_STATUS_BLK_TMO		(1 << 5)
- #define TP_STATUS_VLAN_TPID_VALID	(1 << 6) /* auxdata has valid tp_vlan_tpid */
- #define TP_STATUS_CSUM_VALID		(1 << 7)
-+#define TP_STATUS_GSO_TCP		(1 << 8)
- 
- /* Tx ring - header status */
- #define TP_STATUS_AVAILABLE	      0
-diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h
-index dccf0791..c087f0a2 100644
---- a/include/uapi/linux/in.h
-+++ b/include/uapi/linux/in.h
-@@ -162,6 +162,7 @@ struct in_addr {
- #define MCAST_MSFILTER			48
- #define IP_MULTICAST_ALL		49
- #define IP_UNICAST_IF			50
-+#define IP_LOCAL_PORT_RANGE		51
- 
- #define MCAST_EXCLUDE	0
- #define MCAST_INCLUDE	1
-diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
-index 6600cb01..26f33a4c 100644
---- a/include/uapi/linux/snmp.h
-+++ b/include/uapi/linux/snmp.h
-@@ -95,6 +95,8 @@ enum
- 	ICMP_MIB_OUTADDRMASKS,			/* OutAddrMasks */
- 	ICMP_MIB_OUTADDRMASKREPS,		/* OutAddrMaskReps */
- 	ICMP_MIB_CSUMERRORS,			/* InCsumErrors */
-+	ICMP_MIB_RATELIMITGLOBAL,		/* OutRateLimitGlobal */
-+	ICMP_MIB_RATELIMITHOST,			/* OutRateLimitHost */
- 	__ICMP_MIB_MAX
- };
- 
-@@ -112,6 +114,7 @@ enum
- 	ICMP6_MIB_OUTMSGS,			/* OutMsgs */
- 	ICMP6_MIB_OUTERRORS,			/* OutErrors */
- 	ICMP6_MIB_CSUMERRORS,			/* InCsumErrors */
-+	ICMP6_MIB_RATELIMITHOST,		/* OutRateLimitHost */
- 	__ICMP6_MIB_MAX
- };
- 
--- 
-2.44.0
-

SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch

@@ -0,0 +1,81 @@
+From 6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2 Mon Sep 17 00:00:00 2001
+Message-ID: <6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2.1695227714.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Tue, 5 Sep 2023 12:44:19 +0200
+Subject: [PATCH] ip vrf: make ipvrf_exec SELinux-aware
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
+Upstream Status: iproute2-next.git commit 0d0eeaa6
+
+commit 0d0eeaa6cb9218e57ce910fc3a8991b80da6393e
+Author: Andrea Claudi <aclaudi@redhat.com>
+Date:   Wed Aug 23 19:30:02 2023 +0200
+
+    ip vrf: make ipvrf_exec SELinux-aware
+
+    When using ip vrf and SELinux is enabled, make sure to set the exec file
+    context before calling cmd_exec.
+
+    This ensures that the command is executed with the right context,
+    falling back to the ifconfig_t context when needed.
+
+    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
+    Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ include/selinux.h | 1 +
+ ip/ipvrf.c        | 6 ++++++
+ lib/selinux.c     | 5 +++++
+ 3 files changed, 12 insertions(+)
+
+diff --git a/include/selinux.h b/include/selinux.h
+index 499aa966..592c7680 100644
+--- a/include/selinux.h
++++ b/include/selinux.h
+@@ -6,4 +6,5 @@ void freecon(char *context);
+ int getpidcon(pid_t pid, char **context);
+ int getfilecon(const char *path, char **context);
+ int security_get_initial_context(const char *name,  char **context);
++int setexecfilecon(const char *filename, const char *fallback_type);
+ #endif
+diff --git a/ip/ipvrf.c b/ip/ipvrf.c
+index 0718bea8..b0dd2abe 100644
+--- a/ip/ipvrf.c
++++ b/ip/ipvrf.c
+@@ -24,6 +24,7 @@
+ #include "utils.h"
+ #include "ip_common.h"
+ #include "bpf_util.h"
++#include "selinux.h"
+ 
+ #define CGRP_PROC_FILE  "/cgroup.procs"
+ 
+@@ -455,6 +456,11 @@ static int ipvrf_exec(int argc, char **argv)
+ 		return -1;
+ 	}
+ 
++	if (is_selinux_enabled() && setexecfilecon(argv[1], "ifconfig_t")) {
++		fprintf(stderr, "setexecfilecon for \"%s\" failed\n", argv[1]);
++		return -1;
++	}
++
+ 	return -cmd_exec(argv[1], argv + 1, !!batch_mode, do_switch, argv[0]);
+ }
+ 
+diff --git a/lib/selinux.c b/lib/selinux.c
+index 4e6805fc..7e5dd16d 100644
+--- a/lib/selinux.c
++++ b/lib/selinux.c
+@@ -30,3 +30,8 @@ int security_get_initial_context(const char *name,  char **context)
+ 	*context = NULL;
+ 	return -1;
+ }
++
++int setexecfilecon(const char *filename, const char *fallback_type)
++{
++	return -1;
++}
+-- 
+2.41.0
+

SOURCES/0008-iplink-add-gso-and-gro-max_size-attributes-for-ipv4.patch

@@ -1,175 +0,0 @@
-From 7ef7c73bc3a271e3e5ccb8b1525c6e9152b99c9a Mon Sep 17 00:00:00 2001
-Message-ID: <7ef7c73bc3a271e3e5ccb8b1525c6e9152b99c9a.1709652372.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-From: Andrea Claudi <aclaudi@redhat.com>
-Date: Mon, 4 Mar 2024 23:37:51 +0100
-Subject: [PATCH] iplink: add gso and gro max_size attributes for ipv4
-
-JIRA: https://issues.redhat.com/browse/RHEL-579
-Upstream Status: iproute2.git commit 1dafe448c7a2f2be5dfddd8da250980708a48c41
-
-commit 1dafe448c7a2f2be5dfddd8da250980708a48c41
-Author: Xin Long <lucien.xin@gmail.com>
-Date:   Thu Feb 9 18:44:24 2023 -0500
-
-    iplink: add gso and gro max_size attributes for ipv4
-
-    This patch adds two attributes gso/gro_ipv4_max_size in iplink for the
-    user space support of the BIG TCP for IPv4:
-
-      https://lore.kernel.org/netdev/de811bf3-e2d8-f727-72bc-c8a754a9d929@tessares.net/T/
-
-    Note that after this kernel patchset, "gso/gro_max_size" are used for IPv6
-    packets while "gso/gro_ipv4_max_size" are for IPv4 patckets. To not break
-    these old applications using "gso/gro_ipv4_max_size" for IPv4 GSO packets,
-    the new size will also be set on "gso/gro_ipv4_max_size" in kernel when
-    "gso/gro_max_size" changes to a value <= 65536.
-
-    Signed-off-by: Xin Long <lucien.xin@gmail.com>
-    Signed-off-by: David Ahern <dsahern@kernel.org>
-
-Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
----
- ip/ipaddress.c        | 12 ++++++++++++
- ip/iplink.c           | 22 ++++++++++++++++++++--
- man/man8/ip-link.8.in | 30 +++++++++++++++++++++++++++---
- 3 files changed, 59 insertions(+), 5 deletions(-)
-
-diff --git a/ip/ipaddress.c b/ip/ipaddress.c
-index c7553bcd..9ba81438 100644
---- a/ip/ipaddress.c
-+++ b/ip/ipaddress.c
-@@ -1264,6 +1264,18 @@ int print_linkinfo(struct nlmsghdr *n, void *arg)
- 				   "gro_max_size %u ",
- 				   rta_getattr_u32(tb[IFLA_GRO_MAX_SIZE]));
- 
-+		if (tb[IFLA_GSO_IPV4_MAX_SIZE])
-+			print_uint(PRINT_ANY,
-+				   "gso_ipv4_max_size",
-+				   "gso_ipv4_max_size %u ",
-+				   rta_getattr_u32(tb[IFLA_GSO_IPV4_MAX_SIZE]));
-+
-+		if (tb[IFLA_GRO_IPV4_MAX_SIZE])
-+			print_uint(PRINT_ANY,
-+				   "gro_ipv4_max_size",
-+				   "gro_ipv4_max_size %u ",
-+				   rta_getattr_u32(tb[IFLA_GRO_IPV4_MAX_SIZE]));
-+
- 		if (tb[IFLA_PHYS_PORT_NAME])
- 			print_string(PRINT_ANY,
- 				     "phys_port_name",
-diff --git a/ip/iplink.c b/ip/iplink.c
-index 4ec9e370..a8da52f9 100644
---- a/ip/iplink.c
-+++ b/ip/iplink.c
-@@ -114,8 +114,8 @@ void iplink_usage(void)
- 		"		[ addrgenmode { eui64 | none | stable_secret | random } ]\n"
- 		"		[ protodown { on | off } ]\n"
- 		"		[ protodown_reason PREASON { on | off } ]\n"
--		"		[ gso_max_size BYTES ] | [ gso_max_segs PACKETS ]\n"
--		"		[ gro_max_size BYTES ]\n"
-+		"		[ gso_max_size BYTES ] [ gso_ipv4_max_size BYTES ] [ gso_max_segs PACKETS ]\n"
-+		"		[ gro_max_size BYTES ] [ gro_ipv4_max_size BYTES ]\n"
- 		"\n"
- 		"	ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]\n"
- 		"		[nomaster]\n"
-@@ -948,6 +948,24 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
- 				       *argv);
- 			addattr32(&req->n, sizeof(*req),
- 				  IFLA_GRO_MAX_SIZE, max_size);
-+		} else if (strcmp(*argv, "gso_ipv4_max_size") == 0) {
-+			unsigned int max_size;
-+
-+			NEXT_ARG();
-+			if (get_unsigned(&max_size, *argv, 0))
-+				invarg("Invalid \"gso_ipv4_max_size\" value\n",
-+				       *argv);
-+			addattr32(&req->n, sizeof(*req),
-+				  IFLA_GSO_IPV4_MAX_SIZE, max_size);
-+		}  else if (strcmp(*argv, "gro_ipv4_max_size") == 0) {
-+			unsigned int max_size;
-+
-+			NEXT_ARG();
-+			if (get_unsigned(&max_size, *argv, 0))
-+				invarg("Invalid \"gro_ipv4_max_size\" value\n",
-+				       *argv);
-+			addattr32(&req->n, sizeof(*req),
-+				  IFLA_GRO_IPV4_MAX_SIZE, max_size);
- 		} else if (strcmp(*argv, "parentdev") == 0) {
- 			NEXT_ARG();
- 			addattr_l(&req->n, sizeof(*req), IFLA_PARENT_DEV_NAME,
-diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
-index 62aebabd..bec1b78b 100644
---- a/man/man8/ip-link.8.in
-+++ b/man/man8/ip-link.8.in
-@@ -38,11 +38,16 @@ ip-link \- network device configuration
- .br
- .RB "[ " gso_max_size
- .IR BYTES " ]"
-+.RB "[ " gso_ipv4_max_size
-+.IR BYTES " ]"
- .RB "[ " gso_max_segs
- .IR SEGMENTS " ]"
- .br
- .RB "[ " gro_max_size
- .IR BYTES " ]"
-+.RB "[ " gro_ipv4_max_size
-+.IR BYTES " ]"
-+.br
- .RB "[ " netns " {"
- .IR PID " | " NETNSNAME " } ]"
- .br
-@@ -90,10 +95,15 @@ ip-link \- network device configuration
- .br
- .RB "[ " gso_max_size
- .IR BYTES " ]"
-+.RB "[ " gso_ipv4_max_size
-+.IR BYTES " ]"
- .RB "[ " gso_max_segs
- .IR SEGMENTS " ]"
-+.br
- .RB "[ " gro_max_size
- .IR BYTES " ]"
-+.RB "[ " gro_ipv4_max_size
-+.IR BYTES " ]"
- .br
- .RB "[ " name
- .IR NEWNAME " ]"
-@@ -423,7 +433,14 @@ specifies the number of receive queues for new device.
- .TP
- .BI gso_max_size " BYTES "
- specifies the recommended maximum size of a Generic Segment Offload
--packet the new device should accept.
-+packet the new device should accept. This is also used to enable BIG
-+TCP for IPv6 on this device when the size is greater than 65536.
-+
-+.TP
-+.BI gso_ipv4_max_size " BYTES "
-+specifies the recommended maximum size of a IPv4 Generic Segment Offload
-+packet the new device should accept. This is especially used to enable
-+BIG TCP for IPv4 on this device by setting to a size greater than 65536.
- 
- .TP
- .BI gso_max_segs " SEGMENTS "
-@@ -432,8 +449,15 @@ segments the new device should accept.
- 
- .TP
- .BI gro_max_size " BYTES "
--specifies the maximum size of a packet built by GRO stack
--on this device.
-+specifies the maximum size of a packet built by GRO stack on this
-+device. This is also used for BIG TCP to allow the size of a
-+merged IPv6 GSO packet on this device greater than 65536.
-+
-+.TP
-+.BI gro_ipv4_max_size " BYTES "
-+specifies the maximum size of a IPv4 packet built by GRO stack on this
-+device. This is especially used for BIG TCP to allow the size of a
-+merged IPv4 GSO packet on this device greater than 65536.
- 
- .TP
- .BI index " IDX "
--- 
-2.44.0
-

SOURCES/0008-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch

@@ -1,9 +1,9 @@
-From 17643a7c829e92859146e5d0f8b83e19d99b2592 Mon Sep 17 00:00:00 2001
+From e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9 Mon Sep 17 00:00:00 2001
-Message-ID: <17643a7c829e92859146e5d0f8b83e19d99b2592.1709652372.git.aclaudi@redhat.com>
+Message-ID: <e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9.1710441171.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
+In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
+References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
-Date: Mon, 4 Mar 2024 23:23:27 +0100
+Date: Thu, 14 Mar 2024 19:26:55 +0100
 Subject: [PATCH] ss: Add support for dumping TCP bound-inactive sockets.
 
 JIRA: https://issues.redhat.com/browse/RHEL-21017
@@ -71,10 +71,10 @@ index d413e570..2bc42b85 100644
  
  .B EXPRESSION
 diff --git a/misc/ss.c b/misc/ss.c
-index de02fccb..6a9cbac0 100644
+index 6e18bf0c..232178e6 100644
 --- a/misc/ss.c
 +++ b/misc/ss.c
-@@ -242,6 +242,8 @@ enum {
+@@ -210,6 +210,8 @@ enum {
  	SS_LAST_ACK,
  	SS_LISTEN,
  	SS_CLOSING,
@@ -83,7 +83,7 @@ index de02fccb..6a9cbac0 100644
  	SS_MAX
  };
  
-@@ -1409,6 +1411,8 @@ static void sock_state_print(struct sockstat *s)
+@@ -1377,6 +1379,8 @@ static void sock_state_print(struct sockstat *s)
  		[SS_LAST_ACK] = "LAST-ACK",
  		[SS_LISTEN] =	"LISTEN",
  		[SS_CLOSING] = "CLOSING",
@@ -92,7 +92,7 @@ index de02fccb..6a9cbac0 100644
  	};
  
  	switch (s->local.family) {
-@@ -5342,6 +5346,7 @@ static void _usage(FILE *dest)
+@@ -5310,6 +5314,7 @@ static void _usage(FILE *dest)
  "   -r, --resolve       resolve host names\n"
  "   -a, --all           display all sockets\n"
  "   -l, --listening     display listening sockets\n"
@@ -100,7 +100,7 @@ index de02fccb..6a9cbac0 100644
  "   -o, --options       show timer information\n"
  "   -e, --extended      show detailed socket information\n"
  "   -m, --memory        show socket memory usage\n"
-@@ -5424,9 +5429,17 @@ static int scan_state(const char *state)
+@@ -5392,9 +5397,17 @@ static int scan_state(const char *state)
  		[SS_LAST_ACK] = "last-ack",
  		[SS_LISTEN] =	"listening",
  		[SS_CLOSING] = "closing",
@@ -118,7 +118,7 @@ index de02fccb..6a9cbac0 100644
  	if (strcasecmp(state, "close") == 0 ||
  	    strcasecmp(state, "closed") == 0)
  		return (1<<SS_CLOSE);
-@@ -5449,6 +5462,7 @@ static int scan_state(const char *state)
+@@ -5417,6 +5430,7 @@ static int scan_state(const char *state)
  			return (1<<i);
  	}
  
@@ -126,7 +126,7 @@ index de02fccb..6a9cbac0 100644
  	fprintf(stderr, "ss: wrong state name: %s\n", state);
  	exit(-1);
  }
-@@ -5490,6 +5504,7 @@ static const struct option long_opts[] = {
+@@ -5458,6 +5472,7 @@ static const struct option long_opts[] = {
  	{ "vsock", 0, 0, OPT_VSOCK },
  	{ "all", 0, 0, 'a' },
  	{ "listening", 0, 0, 'l' },
@@ -134,7 +134,7 @@ index de02fccb..6a9cbac0 100644
  	{ "ipv4", 0, 0, '4' },
  	{ "ipv6", 0, 0, '6' },
  	{ "packet", 0, 0, '0' },
-@@ -5528,7 +5543,7 @@ int main(int argc, char *argv[])
+@@ -5496,7 +5511,7 @@ int main(int argc, char *argv[])
  	int state_filter = 0;
  
  	while ((ch = getopt_long(argc, argv,
@@ -143,7 +143,7 @@ index de02fccb..6a9cbac0 100644
  				 long_opts, NULL)) != EOF) {
  		switch (ch) {
  		case 'n':
-@@ -5593,6 +5608,9 @@ int main(int argc, char *argv[])
+@@ -5561,6 +5576,9 @@ int main(int argc, char *argv[])
  		case 'l':
  			state_filter = (1 << SS_LISTEN) | (1 << SS_CLOSE);
  			break;

SOURCES/0009-man-ip-link.8-add-a-note-for-gso_ipv4_max_size.patch

@@ -1,54 +0,0 @@
-From c7160bde79189ba8674acb6355771fb91b6eca28 Mon Sep 17 00:00:00 2001
-Message-ID: <c7160bde79189ba8674acb6355771fb91b6eca28.1709652372.git.aclaudi@redhat.com>
-In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-From: Andrea Claudi <aclaudi@redhat.com>
-Date: Mon, 4 Mar 2024 23:37:51 +0100
-Subject: [PATCH] man: ip-link.8: add a note for gso_ipv4_max_size
-
-JIRA: https://issues.redhat.com/browse/RHEL-579
-Upstream Status: iproute2-next.git commit 1d7f908103be90e8ac836ef0ce03b72997664b5a
-
-commit 1d7f908103be90e8ac836ef0ce03b72997664b5a
-Author: Xin Long <lucien.xin@gmail.com>
-Date:   Mon Feb 19 14:16:04 2024 -0500
-
-    man: ip-link.8: add a note for gso_ipv4_max_size
-
-    As Paolo noticed, a skb->len check against gso_max_size was added in:
-
-      https://lore.kernel.org/netdev/20231219125331.4127498-1-edumazet@google.com/
-
-    gso_max_size needs to be set to a value greater than or equal to
-    gso_ipv4_max_size to make BIG TCP IPv4 work properly.
-
-    To not break the current setup, this patch just adds a note into its
-    man doc for this.
-
-    Reported-by: Xiumei Mu <xmu@redhat.com>
-    Signed-off-by: Xin Long <lucien.xin@gmail.com>
-
-Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
----
- man/man8/ip-link.8.in | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
-index bec1b78b..b90d56c2 100644
---- a/man/man8/ip-link.8.in
-+++ b/man/man8/ip-link.8.in
-@@ -441,6 +441,11 @@ TCP for IPv6 on this device when the size is greater than 65536.
- specifies the recommended maximum size of a IPv4 Generic Segment Offload
- packet the new device should accept. This is especially used to enable
- BIG TCP for IPv4 on this device by setting to a size greater than 65536.
-+Note that
-+.B gso_max_size
-+needs to be set to a size greater than or equal to
-+.B gso_ipv4_max_size
-+to really enable BIG TCP for IPv4.
- 
- .TP
- .BI gso_max_segs " SEGMENTS "
--- 
-2.44.0
-

SPECS/iproute.spec

@@ -10,13 +10,12 @@ Source0:            https://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{v
 Source1:            rt_dsfield.deprecated
 Patch0:             0001-Update-kernel-headers.patch
 Patch1:             0002-macvlan-Add-bclim-parameter.patch
-Patch2:             0003-mptcp-add-support-for-implicit-flag.patch
+Patch2:             0003-tc-add-missing-separator.patch
-Patch3:             0004-u32-fix-TC_U32_TERMINAL-printing.patch
+Patch3:             0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch
-Patch4:             0005-tc-add-missing-separator.patch
+Patch4:             0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch
-Patch5:             0006-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
+Patch5:             0006-lib-add-SELinux-include-and-stub-functions.patch
-Patch6:             0007-Update-kernel-headers.patch
+Patch6:             0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch
-Patch7:             0008-iplink-add-gso-and-gro-max_size-attributes-for-ipv4.patch
+Patch7:             0008-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
-Patch8:             0009-man-ip-link.8-add-a-note-for-gso_ipv4_max_size.patch
 
 License:            GPL-2.0-or-later AND NIST-PD
 BuildRequires:      bison
@@ -148,154 +147,258 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield
 %{_includedir}/iproute2/bpf_elf.h
 
 %changelog
-* Fri Mar 08 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-6.el9
+* Thu Mar 14 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-6.el8
-- Fix nvr for rhel-9.4 GA (Andrea Claudi)
-
-* Tue Mar 05 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.1.el9
-- man: ip-link.8: add a note for gso_ipv4_max_size (Andrea Claudi)
-- iplink: add gso and gro max_size attributes for ipv4 (Andrea Claudi)
-- Update kernel headers (Andrea Claudi)
 - ss: Add support for dumping TCP bound-inactive sockets. (Andrea Claudi)
 
-* Tue Jun 06 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el9
+* Mon Sep 25 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el8
+- Bump version number (wrong exception build)
+
+* Wed Sep 20 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el8
+- ip vrf: make ipvrf_exec SELinux-aware (Andrea Claudi) [1780023]
+- lib: add SELinux include and stub functions (Andrea Claudi) [1780023]
+- ss: make SELinux stub functions conformant to API definitions (Andrea Claudi) [1780023]
+- ss: make is_selinux_enabled stub work like in SELinux (Andrea Claudi) [1780023]
+
+* Wed Jun 07 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-3.el8
 - tc: add missing separator (Andrea Claudi)
-- u32: fix TC_U32_TERMINAL printing (Andrea Claudi)
 
-* Mon Jun 05 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el9
+* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el8
-- Fix NVR, %autorelease not working (Andrea Claudi)
+- macvlan: Add bclim parameter (Andrea Claudi) [2188134]
+- Update kernel headers (Andrea Claudi) [2188134]
 
-* Thu Jun 01 2023 Wen Liang <wenliang@redhat.com> - 6.2.0-3.el9
+* Wed Apr 26 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el8
-- mptcp: add support for implicit flag (Wen Liang) [2109135]
+- New version 6.2.0 (Andrea Claudi) [RHEL-424]
 
-* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el9
+* Wed Jun 08 2022 Wen Liang <wenliang@redhat.com> - 5.18.0-1.el8
-- macvlan: Add bclim parameter (Andrea Claudi) [2186945]
+- New version 5.18.0 [2074607]
-- Update kernel headers (Andrea Claudi) [2186945]
 
-* Thu Apr 27 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el9
+* Mon Mar 21 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-4.el8
-- New version 6.2.0 (Andrea Claudi) [RHEL-428]
+- vdpa: Update man page with added support to configure max vq pair (Andrea Claudi) [2056827]
+- vdpa: Support reading device features (Andrea Claudi) [2056827]
+- vdpa: Support for configuring max VQ pairs for a device (Andrea Claudi) [2056827]
+- vdpa: Allow for printing negotiated features of a device (Andrea Claudi) [2056827]
+- vdpa: Remove unsupported command line option (Andrea Claudi) [2056827]
+- uapi: update vdpa.h (Andrea Claudi) [2056827]
+- Update kernel headers and import virtio_net (Andrea Claudi) [2056827]
 
-* Sat Jan 28 2023 Andrea Claudi <aclaudi@redhat.com> - 6.1.0-1.el9
+* Mon Feb 07 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-3.el8
-- New version 6.1.0 [2155604]
+- tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6` (Andrea Claudi) [1989591]
+- tc: u32: add support for json output (Andrea Claudi) [1989591]
 
-* Fri Jan 06 2023 Viktor Malik <vmalik@redhat.com> - 6.0.0-2.el9
+* Wed Jan 26 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el8
-- Rebuild for libbpf 1.0.0 [2158727]
+- vdpa: Enable user to set mtu of the vdpa device (Andrea Claudi) [2036880]
+- vdpa: Enable user to set mac address of vdpa device (Andrea Claudi) [2036880]
+- vdpa: Enable user to query vdpa device config layout (Andrea Claudi) [2036880]
+- vdpa: align uapi headers (Andrea Claudi) [2036880]
 
-* Thu Oct 06 2022 Andrea Claudi <aclaudi@redhat.com> - 6.0.0-1.el9
+* Tue Nov 23 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el8
-- New version 6.0.0 [2132427]
+- New version 5.15.0 (Andrea Claudi) [2016061]
 
-* Wed Jun 15 2022 Andrea Claudi <aclaudi@redhat.com> - 5.18.0-1.el9
+* Thu Oct 07 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-4.el8]
-- New version 5.18.0 [2074608]
+- lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists (Andrea Claudi) [1995082]
 
-* Thu Nov 25 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el9
+* Thu Aug 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-3.el8]
-- Fix gating.yaml [2009355]
+- tc: htb: improve burst error messages (Andrea Claudi) [1910745]
+- tc: u32: Fix key folding in sample option (Andrea Claudi) [1979425]
+- police: Fix normal output back to what it was (Andrea Claudi) [1981393]
+- police: Add support for json output (Andrea Claudi) [1981393]
+- police: add support for packet-per-second rate limiting (Andrea Claudi) [1981393]
+- Update kernel headers (Andrea Claudi) [1981393]
+- mptcp: add support for port based endpoint (Andrea Claudi) [1984733]
 
-* Wed Nov 24 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el9
+* Fri Aug 06 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-2.el8]
-- New version 5.15.0 [2009355]
+- add build and run-time dependencies on libbpf (Andrea Claudi) [1990402]
 
-* Wed Aug 18 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-5.el9
+* Mon Jun 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-1.el8]
-- Add build and runtime dependency on libbpf (Andrea Claudi) [1994520]
+- tc: f_flower: Add missing ct_state flags to usage description (Andrea Claudi) [1957243]
-- Use TC_LIB_DIR environment variable (Andrea Claudi) [1994545]
+- tc: f_flower: Add option to match on related ct state (Andrea Claudi) [1957243]
-- Re-add iproute-doc package on the specfile (Andrea Claudi) [1994581]
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.13.0-4.el9
+* Thu Apr 29 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-0.el8]
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- New version 5.12.0 [1939382]
-  Related: rhbz#1991688
 
-* Fri Jul 16 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-3.el9
+* Fri Mar 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-4.el8]
-- Fix changelog (Andrea Claudi) [1947854]
+- iplink_bareudp: cleanup help message and man page (Andrea Claudi) [1912412]
-- Add RHEL gating configuration (Aleksandra Fedorova)
 
-* Thu Jul 15 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-2.el9
+* Tue Feb 09 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-3.el8]
-- Remove Recommends: iproute-tc from spec file (Andrea Claudi) [1947854]
+- iproute: force rtm_dst_len to 32/128 (Andrea Claudi) [1852038]
 
-* Wed Jun 30 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-1.el9
+* Thu Jan 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-2.el8]
-- New version 5.13.0 (#1977898)
+- tc: flower: fix json output with mpls lse (Andrea Claudi) [1885770]
+- tc-mpls: fix manpage example and help message string (Andrea Claudi) [1885770]
+- tc-vlan: fix help and error message strings (Andrea Claudi) [1885770]
+- m_mpls: test the 'mac_push' action after 'modify' (Andrea Claudi) [1885770]
+- m_mpls: add mac_push action (Andrea Claudi) [1885770]
+- m_vlan: add pop_eth and push_eth actions (Andrea Claudi) [1885770]
+- Update kernel headers (Andrea Claudi) [1885770]
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.10.0-3.el9
+* Tue Nov 17 2020 Andrea Claudi <aclaudi@redhat.com> [5.9.0-1.el8]
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Rebase iproute to v5.9.0 [1896011]
 
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.10.0-2
+* Mon Jun 29 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-5.el8]
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- man: tc-ct.8: Add manual page for ct tc action (Andrea Claudi) [1844637]
+- tc: flower: Add matching on conntrack info (Andrea Claudi) [1844637]
+- tc: Introduce tc ct action (Andrea Claudi) [1844637]
+- tc: add NLA_F_NESTED flag to all actions options nested block (Andrea Claudi) [1844637]
+- Import tc_act/tc_ct.h uapi file (Andrea Claudi) [1844637]
+- ss: allow dumping kTLS info (Andrea Claudi) [1812207]
+- devlink: Add health error recovery status monitoring (Andrea Claudi) [1821039]
 
-* Mon Dec 21 2020 Andrea Claudi <aclaudi@redhat.com> - 5.10.0-1
+* Fri Jun 05 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-4.el8]
-- New version 5.10.0 (#1909551)
+- tc: f_flower: add options support for erspan (Andrea Claudi) [1830485]
+- tc: f_flower: add options support for vxlan (Andrea Claudi) [1830485]
+- tc: m_tunnel_key: add options support for erpsan (Andrea Claudi) [1830485]
+- tc: m_tunnel_key: add options support for vxlan (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for erspan metadata (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for vxlan metadata (Andrea Claudi) [1830485]
+- iproute_lwtunnel: add options support for geneve metadata (Andrea Claudi) [1830485]
+- Update kernel headers (Andrea Claudi) [1830485]
+- man: ip.8: add reference to mptcp man-page (Andrea Claudi) [1812207]
+- man: mptcp man page (Andrea Claudi) [1812207]
+- ss: allow dumping MPTCP subflow information (Andrea Claudi) [1812207]
+- Update kernel headers (Andrea Claudi) [1812207]
+- Update kernel headers (Andrea Claudi) [1812207]
+- add support for mptcp netlink interface (Andrea Claudi) [1812207]
+- Update kernel headers and import mptcp.h (Andrea Claudi) [1812207]
+- ip: xfrm: add espintcp encapsulation (Andrea Claudi) [1844045]
+- Update kernel headers and import udp.h (Andrea Claudi) [1844045]
 
-* Wed Dec 2 2020 Andrea Claudi <aclaudi@redhat.com> - 5.9.0-1
+* Thu Apr 30 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-3.el8]
-- New version 5.9.0
+- xfrm: also check for ipv6 state in xfrm_state_keep (Andrea Claudi) [1828033]
+- man: bridge.8: fix bridge link show description (Andrea Claudi) [1817571]
+- ip: fix ip route show json output for multipath nexthops (Andrea Claudi) [1738633]
+- ip link: xstats: fix TX IGMP reports string (Andrea Claudi) [1796041]
+- nstat: print useful error messages in abort() cases (Andrea Claudi) [1824896]
 
-* Mon Aug 10 2020 Phil Sutter <psutter@redhat.com> - 5.8.0-1
+* Thu Apr 23 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-2.el8]
-- New version 5.8.0
+- man: ip.8: Add missing vrf subcommand description (Andrea Claudi) [1780010]
+- xfrm: not try to delete ipcomp states when using deleteall (Andrea Claudi) [1808634]
+- ip-xfrm: Fix help messages (Andrea Claudi) [1796045]
+- man: rdma.8: Add missing resource subcommand description (Andrea Claudi) [1786576]
+- man: rdma-statistic: Add filter description (Andrea Claudi) [1786565]
+- tc: implement support for action flags (Andrea Claudi) [1770671]
+- Update kernel headers (Andrea Claudi) [1770671]
+- Update kernel headers (Andrea Claudi) [1770671]
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.0-2
+* Tue Oct 15 2019 Andrea Claudi <aclaudi@redhat.com> [5.3.0-1.el8]
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+- New version 5.3.0 [1752857]
 
-* Wed Jun 03 2020 Phil Sutter <psutter@redhat.com> - 5.7.0-1
+* Thu Jul 04 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-15.el8]
-- New version 5.7.0
+- netns: make netns_{save,restore} static (Andrea Claudi) [1719759]
+- ip vrf: use hook to change VRF in the child (Andrea Claudi) [1719759]
+- netns: switch netns in the child when executing commands (Andrea Claudi) [1719759]
+- m_mirred: don't bail if the control action is missing (Andrea Claudi) [1711760]
+- tc: introduce support for chain templates (Andrea Claudi) [1710291]
+- ip: reset netns after each command in batch mode (Andrea Claudi) [1671016]
 
-* Tue Jan 28 2020 Phil Sutter <psutter@redhat.com> - 5.5.0-1
+* Thu Jun 20 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-14.el8]
-- New version 5.5.0
+- ss: Review ssfilter (Andrea Claudi) [1698401]
 
-* Tue Nov 26 2019 Phil Sutter <psutter@redhat.com> - 5.4.0-1
+* Fri Jun 14 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-13.el8]
-- New version 5.4.0
+- ip-xfrm: Respect family in deleteall and list commands (Andrea Claudi) [1656717]
-- Drop iproute-doc package, upstream removed all non-manpage documentation
+- Update kernel headers (Andrea Claudi) [1716361]
+- uapi: update bpf header (Andrea Claudi) [1716361]
+- uapi: update headers to 4.20-rc1 (Andrea Claudi) [1716361]
+- bpf: add btf func and func_proto kind support (Andrea Claudi) [1716361]
+- lib/bpf: fix build warning if no elf (Andrea Claudi) [1716361]
+- bpf: initialise map symbol before retrieving and comparing its type (Andrea Claudi) [1716361]
+- Include bsd/string.h only in include/utils.h (Andrea Claudi) [1716361]
+- Use libbsd for strlcpy if available (Andrea Claudi) [1716361]
+- bpf: check map symbol type properly with newer llvm compiler (Andrea Claudi) [1716361]
+- bpf: implement btf handling and map annotation (Andrea Claudi) [1716361]
+- bpf: implement bpf to bpf calls support (Andrea Claudi) [1716361]
+- bpf: remove strict dependency on af_alg (Andrea Claudi) [1716361]
+- bpf: move bpf_elf_map fixup notification under verbose (Andrea Claudi) [1716361]
+- iplink: add support for reporting multiple XDP programs (Andrea Claudi) [1716361]
+- rdma: Document IB device renaming option (Andrea Claudi) [1663228]
+- rdma: Add an option to rename IB device interface (Andrea Claudi) [1663228]
+- rdma: Introduce command execution helper with required device name (Andrea Claudi) [1663228]
+- rdma: Update kernel include file to support IB device renaming (Andrea Claudi) [1663228]
+- libnetlink: Convert GETADDR dumps to use rtnl_addrdump_req (Andrea Claudi) [1716772]
 
-* Tue Oct 08 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-2
+* Wed May 29 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-12.el8]
-- ifcfg script uses killall, therefore requires psmisc package
+- devlink: Add param command support (Andrea Claudi) [1663199]
+- rdma: Fix representation of PortInfo CapabilityMask (Andrea Claudi) [1664694]
+- uapi: update ib_verbs (Andrea Claudi) [1664694]
+- tc: flower: Add support for QinQ (Andrea Claudi) [1615928]
+- ip rule: Add ipproto and port range to filter list (Andrea Claudi) [1678111]
 
-* Thu Sep 26 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-1
+* Thu Jan 31 2019 Phil Sutter <psutter@redhat.com> [4.18.0-11.el8]
-- New version 5.3.0
+- tc: m_tunnel_key: Add tunnel option support to act_tunnel_key (Phil Sutter) [1654761]
-- Add upstream-suggested backports
+- tc: f_flower: add geneve option match support to flower (Phil Sutter) [1654761]
+- l2tp: Fix printing of cookie and peer_cookie values (Phil Sutter) [1643805]
 
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.0-2
+* Tue Dec 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-10.el8]
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+- iplink: fix incorrect any address handling for ip tunnels (Phil Sutter) [1626304]
 
-* Tue Jul 23 2019 Phil Sutter <psutter@redhat.com> - 5.2.0-1
+* Tue Dec 11 2018 Phil Sutter <psutter@redhat.com> [4.18.0-9.el8]
-- New version 5.2.0
+- man: rdma: Add reference to rdma-resource.8 (Phil Sutter) [1610334]
-- Add upstream-suggested backports
-- Fix for tunnel creation when using 'dev' parameter
 
-* Wed May 29 2019 Phil Sutter <psutter@redhat.com> - 5.1.0-1
+* Thu Nov 29 2018 Phil Sutter <psutter@redhat.com> [4.18.0-8.el8]
-- New version 5.1.0
+- Bump release to run fresh CI tests.
 
-* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-2
+* Mon Nov 26 2018 Phil Sutter <psutter@redhat.com> [4.18.0-7.el8]
-- Restore Provides: hint, at least pptp depends on it
+- ip-route: Fix nexthop encap parsing (Phil Sutter) [1625358]
+- man: ip-route.8: Document nexthop limit (Phil Sutter) [1625358]
 
-* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-1
+* Thu Oct 25 2018 Phil Sutter <psutter@redhat.com> [4.18.0-6.el8]
-- New version 5.0.0
+- Update kernel headers (Phil Sutter) [1637440]
-- Get rid of old upgrade path hints
+- tc_util: Add support for showing TCA_STATS_BASIC_HW statistics (Phil Sutter) [1637440]
+- tc: Remove pointless assignments in batch() (Phil Sutter) [1602555]
+- tipc: Drop unused variable 'genl' (Phil Sutter) [1602555]
+- ip-route: Fix parse_encap_seg6() srh parsing (Phil Sutter) [1602555]
+- rdma: Don't pass garbage to rd_check_is_filtered() (Phil Sutter) [1602555]
+- ip-route: Fix for memleak in error path (Phil Sutter) [1602555]
+- rdma: Fix for ineffective check in add_filter() (Phil Sutter) [1602555]
+- devlink: Fix error reporting in cmd_resource_set() (Phil Sutter) [1602555]
+- libnetlink: fix use-after-free of message buf (Phil Sutter) [1602555]
+- libnetlink: don't return error on success (Phil Sutter) [1602555]
+- libnetlink: fix leak and using unused memory on error (Phil Sutter) [1602555]
+- tc: htb: Print default value in hex (Phil Sutter) [1641053]
 
-* Fri Feb 01 2019 Phil Sutter <psutter@redhat.com> - 4.20.0-1
+* Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-5.el8]
-- New version 4.20.0
+- utils: fix get_rtnl_link_stats_rta stats parsing (Phil Sutter) [1626306]
-- Add upstream-suggested backports
+- uapi: add snmp header file (Phil Sutter) [1626306]
-- Upstream dropped cbq script, remove it along with related configs
+- macsec: fix off-by-one when parsing attributes (Phil Sutter) [1628428]
-- Add libcap support
+- json: make 0xhex handle u64 (Phil Sutter) [1628428]
 
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.18.0-6
+* Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-4.el8]
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+- iplink_vxlan: take into account preferred_family creating vxlan device (Phil Sutter) [1626321]
+- ip-addrlabel: Fix printing of label value (Phil Sutter) [1639412]
+- bridge: fdb: Fix for missing keywords in non-JSON output (Phil Sutter) [1636532]
 
-* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-5
+* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-3.el8]
-- man: ip-route: Clarify referenced versions are Linux ones
+- lib: introduce print_nl (Phil Sutter) [1625500]
 
-* Fri Aug 31 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-4
+* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-2.el8]
-- iprule: Fix destination prefix output
+- bridge/mdb: fix missing new line when show bridge mdb (Phil Sutter) [1625500]
+- ip-route: Fix segfault with many nexthops (Phil Sutter) [1625358]
+- Update kernel headers (Phil Sutter) [1615915]
+- tc/flower: Add match on encapsulating tos/ttl (Phil Sutter) [1615915]
+- tc/act_tunnel_key: Enable setup of tos and ttl (Phil Sutter) [1615915]
+- iprule: Fix destination prefix output (Phil Sutter) [1623503]
+- ip: Add missing -M flag to help text (Phil Sutter) [1612704]
+- man: ss.8: Describe --events option (Phil Sutter) [1612704]
+- rtmon: List options in help text (Phil Sutter) [1612704]
+- man: rtacct.8: Fix nstat options (Phil Sutter) [1612704]
+- man: ifstat.8: Document --json and --pretty options (Phil Sutter) [1612704]
+- genl: Fix help text (Phil Sutter) [1612704]
+- man: devlink.8: Document -verbose option (Phil Sutter) [1612704]
+- devlink: trivial: Make help text consistent (Phil Sutter) [1612704]
+- bridge: trivial: Make help text consistent (Phil Sutter) [1612704]
+- man: bridge.8: Document -oneline option (Phil Sutter) [1612704]
 
-* Thu Aug 23 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-3
+* Tue Aug 14 2018 Phil Sutter - 4.18.0-1
-- Make colored output configurable
-
-* Thu Aug 16 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-2
-- Fix ss filter expressions
-
-* Tue Aug 14 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-1
 - New version 4.18.0
 
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.17.0-2
+* Thu Aug 09 2018 Phil Sutter <psutter@redhat.com> [4.17.0-1.el8]
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- rdma: print driver resource attributes (Phil Sutter) [1610334]
-
+- rdma: update rdma_netlink.h to get new driver attributes (Phil Sutter) [1610334]
-* Tue Jun 12 2018 Phil Sutter <psutter@redhat.com> - 4.17.0-1
+- rdma: Print net device name and index for RDMA device (Phil Sutter) [1610334]
-- New version 4.17.0
+- devlink: CTRL_ATTR_FAMILY_ID is a u16 (Phil Sutter) [1589317]
-
+- tc: Do not use addattr_nest_compat on mqprio and netem (Phil Sutter) [1589317]
-* Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
+- ipaddress: Fix and make consistent label match handling (Phil Sutter) [1589317]
-- New version 4.16.0
+- rt_dsfield: Ship deprecated values for compatibility (Phil Sutter) [1595683]
+- New version 4.17.0 including upstream-suggested fixes (Phil Sutter) [1589317]
 
 * Fri Feb 09 2018 Phil Sutter <psutter@redhat.com> - 4.15.0-1
 - New version 4.15.0