From 388f3aba8f0623bf3959b725fbae1dd74d9494b4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 27 Sep 2023 13:13:58 +0000 Subject: [PATCH] import CS libnftnl-1.2.2-3.el8 --- .gitignore | 2 +- .libnftnl.metadata | 2 +- ...tore-custom-LIBNFTNL_RHEL_14-version.patch | 47 ++++ ...ble-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch | 47 ---- ...mleak-in-error-path-of-nftnl_flowtab.patch | 39 --- ...k-in-error-path-of-nftnl_chain_parse.patch | 38 --- ...owtable-Correctly-check-realloc-call.patch | 61 ----- ...5-chain-Correctly-check-realloc-call.patch | 61 ----- ...nclude-resync-nf_tables.h-cache-copy.patch | 84 ------ ...-for-NFTA_SET_DESC_CONCAT-attributes.patch | 252 ------------------ ...ce-support-for-NFTNL_SET_ELEM_KEY_EN.patch | 125 --------- ...ading-garbage-in-nftnl_chain-getters.patch | 57 ---- ...-set-and-build-for-NFTNL_SET_ELEM_EX.patch | 56 ---- ...ase-stateful-expression-from-.free-p.patch | 47 ---- ...et-expose-nftnl_set_elem_nlmsg_build.patch | 87 ------ SPECS/libnftnl.spec | 27 +- 16 files changed, 62 insertions(+), 970 deletions(-) create mode 100644 SOURCES/0001-libnftnl.map-Restore-custom-LIBNFTNL_RHEL_14-version.patch delete mode 100644 SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch delete mode 100644 SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch delete mode 100644 SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch delete mode 100644 SOURCES/0004-flowtable-Correctly-check-realloc-call.patch delete mode 100644 SOURCES/0005-chain-Correctly-check-realloc-call.patch delete mode 100644 SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch delete mode 100644 SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch delete mode 100644 SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch delete mode 100644 SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch delete mode 100644 SOURCES/0010-set_elem-missing-set-and-build-for-NFTNL_SET_ELEM_EX.patch delete mode 100644 SOURCES/0011-expr-dynset-release-stateful-expression-from-.free-p.patch delete mode 100644 SOURCES/0012-set-expose-nftnl_set_elem_nlmsg_build.patch diff --git a/.gitignore b/.gitignore index 85ddb15..7eb7ab6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libnftnl-1.1.5.tar.bz2 +SOURCES/libnftnl-1.2.2.tar.bz2 diff --git a/.libnftnl.metadata b/.libnftnl.metadata index 701ec2c..816807c 100644 --- a/.libnftnl.metadata +++ b/.libnftnl.metadata @@ -1 +1 @@ -a923bae5b028a30c5c8aa4c0f71445885867274b SOURCES/libnftnl-1.1.5.tar.bz2 +a43773c5569d6a80cd94add256bef4dd63dd7571 SOURCES/libnftnl-1.2.2.tar.bz2 diff --git a/SOURCES/0001-libnftnl.map-Restore-custom-LIBNFTNL_RHEL_14-version.patch b/SOURCES/0001-libnftnl.map-Restore-custom-LIBNFTNL_RHEL_14-version.patch new file mode 100644 index 0000000..2491115 --- /dev/null +++ b/SOURCES/0001-libnftnl.map-Restore-custom-LIBNFTNL_RHEL_14-version.patch @@ -0,0 +1,47 @@ +From 7255af8a844a1444d59023500d176c8c2fff7a62 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 28 Jun 2023 15:41:05 +0200 +Subject: [PATCH] libnftnl.map: Restore custom LIBNFTNL_RHEL_14 version + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2211096 +Upstream Status: RHEL-only + +Avoid breaking old binaries. Keep the custom version name exporting +symbol nftnl_set_elem_nlmsg_build upstream exported in LIBNFTNL_17. +--- + src/libnftnl.map | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libnftnl.map b/src/libnftnl.map +index ad8f2af060aef..26701c2984296 100644 +--- a/src/libnftnl.map ++++ b/src/libnftnl.map +@@ -360,6 +360,10 @@ LIBNFTNL_13 { + nftnl_flowtable_set_data; + } LIBNFTNL_12; + ++LIBNFTNL_RHEL_14 { ++ nftnl_set_elem_nlmsg_build; ++} LIBNFTNL_13; ++ + LIBNFTNL_14 { + nftnl_udata_nest_start; + nftnl_udata_nest_end; +@@ -367,7 +371,7 @@ LIBNFTNL_14 { + nftnl_chain_get_array; + nftnl_flowtable_set_array; + nftnl_flowtable_get_array; +-} LIBNFTNL_13; ++} LIBNFTNL_RHEL_14; + + LIBNFTNL_15 { + nftnl_obj_get_data; +@@ -385,5 +389,4 @@ LIBNFTNL_16 { + } LIBNFTNL_15; + + LIBNFTNL_17 { +- nftnl_set_elem_nlmsg_build; + } LIBNFTNL_16; +-- +2.40.0 + diff --git a/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch b/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch deleted file mode 100644 index 441c656..0000000 --- a/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3f0616b15e32def6d01b4535ac0efb51caa07662 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 18:55:39 +0100 -Subject: [PATCH] tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1717129 -Upstream Status: libnftnl commit b2388765e0c44 - -commit b2388765e0c4405442faa13845419f6a35d0134c -Author: Phil Sutter -Date: Mon Dec 2 18:29:56 2019 +0100 - - tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE - - Marshalling code around that attribute has been dropped by commit - d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is - lost during the test. - - Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a - later point, leave the test code in place but just comment it out. - - Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") - Signed-off-by: Phil Sutter - Acked-by: Pablo Neira Ayuso ---- - tests/nft-flowtable-test.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c -index 3edb00d..8ab8d4c 100644 ---- a/tests/nft-flowtable-test.c -+++ b/tests/nft-flowtable-test.c -@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE)) - print_err("Flowtable use mismatches"); -+#if 0 - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE)) - print_err("Flowtable size mismatches"); -+#endif - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS)) - print_err("Flowtable flags mismatches"); --- -1.8.3.1 - diff --git a/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch b/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch deleted file mode 100644 index bfda34a..0000000 --- a/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e744735b92ee312cd2ad08776f3c56962ab53710 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 6 Dec 2019 17:31:16 +0100 -Subject: [PATCH] flowtable: Fix memleak in error path of - nftnl_flowtable_parse_devs() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952 -Upstream Status: libnftnl commit ba1b02594e8d0 - -commit ba1b02594e8d05e4c791925a50f9309f89b55c80 -Author: Phil Sutter -Date: Mon Dec 2 22:57:40 2019 +0100 - - flowtable: Fix memleak in error path of nftnl_flowtable_parse_devs() - - In error case, allocated dev_array is not freed. - - Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") - Signed-off-by: Phil Sutter - Acked-by: Pablo Neira Ayuso ---- - src/flowtable.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/flowtable.c b/src/flowtable.c -index 324e80f..db31943 100644 ---- a/src/flowtable.c -+++ b/src/flowtable.c -@@ -419,6 +419,7 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, - err: - while (len--) - xfree(dev_array[len]); -+ xfree(dev_array); - return -1; - } - --- -1.8.3.1 - diff --git a/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch b/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch deleted file mode 100644 index 7d58f81..0000000 --- a/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a5241b8fcd2f62d8e71bf9dfebfbcf27a8a61e46 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 6 Dec 2019 17:31:16 +0100 -Subject: [PATCH] chain: Fix memleak in error path of nftnl_chain_parse_devs() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952 -Upstream Status: libnftnl commit 32a8c5f52355e - -commit 32a8c5f52355ef69bf74c28e27345b2e03d948e7 -Author: Phil Sutter -Date: Mon Dec 2 23:00:20 2019 +0100 - - chain: Fix memleak in error path of nftnl_chain_parse_devs() - - In error case, dev_array is not freed when it should. - - Fixes: e3ac19b5ec162 ("chain: multi-device support") - Signed-off-by: Phil Sutter - Acked-by: Pablo Neira Ayuso ---- - src/chain.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/chain.c b/src/chain.c -index d4050d2..9cc8735 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -636,6 +636,7 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - err: - while (len--) - xfree(dev_array[len]); -+ xfree(dev_array); - return -1; - } - --- -1.8.3.1 - diff --git a/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch b/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch deleted file mode 100644 index 79c6264..0000000 --- a/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 8f24f6eed8d905fb6b64d003ae3f4f1e657301aa Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 6 Dec 2019 17:31:16 +0100 -Subject: [PATCH] flowtable: Correctly check realloc() call - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952 -Upstream Status: libnftnl commit 835d645f40525 - -commit 835d645f4052551c5c1829c37a07c882f2260f65 -Author: Phil Sutter -Date: Mon Dec 2 23:08:07 2019 +0100 - - flowtable: Correctly check realloc() call - - If realloc() fails, it returns NULL but the original pointer is - untouchted and therefore still has to be freed. Unconditionally - overwriting the old pointer is therefore a bad idea, use a temporary - variable instead. - - Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") - Signed-off-by: Phil Sutter - Acked-by: Pablo Neira Ayuso ---- - src/flowtable.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/src/flowtable.c b/src/flowtable.c -index db31943..9ba3b6d 100644 ---- a/src/flowtable.c -+++ b/src/flowtable.c -@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data) - static int nftnl_flowtable_parse_devs(struct nlattr *nest, - struct nftnl_flowtable *c) - { -- const char **dev_array; -+ const char **dev_array, **tmp; - int len = 0, size = 8; - struct nlattr *attr; - -@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, - goto err; - dev_array[len++] = strdup(mnl_attr_get_str(attr)); - if (len >= size) { -- dev_array = realloc(dev_array, -- size * 2 * sizeof(char *)); -- if (!dev_array) -+ tmp = realloc(dev_array, size * 2 * sizeof(char *)); -+ if (!tmp) - goto err; - - size *= 2; -- memset(&dev_array[len], 0, -- (size - len) * sizeof(char *)); -+ memset(&tmp[len], 0, (size - len) * sizeof(char *)); -+ dev_array = tmp; - } - } - --- -1.8.3.1 - diff --git a/SOURCES/0005-chain-Correctly-check-realloc-call.patch b/SOURCES/0005-chain-Correctly-check-realloc-call.patch deleted file mode 100644 index 41f068b..0000000 --- a/SOURCES/0005-chain-Correctly-check-realloc-call.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 2facd747b6bbcd3716841e6213b7b9e9b94c556a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 6 Dec 2019 17:31:16 +0100 -Subject: [PATCH] chain: Correctly check realloc() call - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952 -Upstream Status: libnftnl commit d95a703746d53 - -commit d95a703746d5394d56a9f464e343594e4882da0d -Author: Phil Sutter -Date: Mon Dec 2 23:12:34 2019 +0100 - - chain: Correctly check realloc() call - - If realloc() fails, it returns NULL but the original pointer is - untouchted and therefore still has to be freed. Unconditionally - overwriting the old pointer is therefore a bad idea, use a temporary - variable instead. - - Fixes: e3ac19b5ec162 ("chain: multi-device support") - Signed-off-by: Phil Sutter - Acked-by: Pablo Neira Ayuso ---- - src/chain.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/src/chain.c b/src/chain.c -index 9cc8735..b9a16fc 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data) - - static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - { -- const char **dev_array; -+ const char **dev_array, **tmp; - int len = 0, size = 8; - struct nlattr *attr; - -@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - goto err; - dev_array[len++] = strdup(mnl_attr_get_str(attr)); - if (len >= size) { -- dev_array = realloc(dev_array, -- size * 2 * sizeof(char *)); -- if (!dev_array) -+ tmp = realloc(dev_array, size * 2 * sizeof(char *)); -+ if (!tmp) - goto err; - - size *= 2; -- memset(&dev_array[len], 0, -- (size - len) * sizeof(char *)); -+ memset(&tmp[len], 0, (size - len) * sizeof(char *)); -+ dev_array = tmp; - } - } - --- -1.8.3.1 - diff --git a/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch b/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch deleted file mode 100644 index 8cc1998..0000000 --- a/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 83cc5382243253156b5813f0d6b9527cbede5aa3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 13 Feb 2020 17:47:45 +0100 -Subject: [PATCH] include: resync nf_tables.h cache copy - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223 -Upstream Status: libnftnl commit 131a6c2fa4ccc - -commit 131a6c2fa4cccaa04a7b93b686f10f5ba6f11b3d -Author: Stefano Brivio -Date: Thu Jan 30 01:16:32 2020 +0100 - - include: resync nf_tables.h cache copy - - Get this header in sync with nf-next as of merge commit - b3a608222336 (5.6-rc1-ish). - - Signed-off-by: Stefano Brivio - Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter/nf_tables.h | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h -index bb9b049..312c7b2 100644 ---- a/include/linux/netfilter/nf_tables.h -+++ b/include/linux/netfilter/nf_tables.h -@@ -48,6 +48,7 @@ enum nft_registers { - - #define NFT_REG_SIZE 16 - #define NFT_REG32_SIZE 4 -+#define NFT_REG32_COUNT (NFT_REG32_15 - NFT_REG32_00 + 1) - - /** - * enum nft_verdicts - nf_tables internal verdicts -@@ -301,15 +302,29 @@ enum nft_set_policies { - * enum nft_set_desc_attributes - set element description - * - * @NFTA_SET_DESC_SIZE: number of elements in set (NLA_U32) -+ * @NFTA_SET_DESC_CONCAT: description of field concatenation (NLA_NESTED) - */ - enum nft_set_desc_attributes { - NFTA_SET_DESC_UNSPEC, - NFTA_SET_DESC_SIZE, -+ NFTA_SET_DESC_CONCAT, - __NFTA_SET_DESC_MAX - }; - #define NFTA_SET_DESC_MAX (__NFTA_SET_DESC_MAX - 1) - - /** -+ * enum nft_set_field_attributes - attributes of concatenated fields -+ * -+ * @NFTA_SET_FIELD_LEN: length of single field, in bits (NLA_U32) -+ */ -+enum nft_set_field_attributes { -+ NFTA_SET_FIELD_UNSPEC, -+ NFTA_SET_FIELD_LEN, -+ __NFTA_SET_FIELD_MAX -+}; -+#define NFTA_SET_FIELD_MAX (__NFTA_SET_FIELD_MAX - 1) -+ -+/** - * enum nft_set_attributes - nf_tables set netlink attributes - * - * @NFTA_SET_TABLE: table name (NLA_STRING) -@@ -370,6 +385,7 @@ enum nft_set_elem_flags { - * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) - * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes) - * @NFTA_SET_ELEM_OBJREF: stateful object reference (NLA_STRING) -+ * @NFTA_SET_ELEM_KEY_END: closing key value (NLA_NESTED: nft_data) - */ - enum nft_set_elem_attributes { - NFTA_SET_ELEM_UNSPEC, -@@ -382,6 +398,7 @@ enum nft_set_elem_attributes { - NFTA_SET_ELEM_EXPR, - NFTA_SET_ELEM_PAD, - NFTA_SET_ELEM_OBJREF, -+ NFTA_SET_ELEM_KEY_END, - __NFTA_SET_ELEM_MAX - }; - #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) --- -1.8.3.1 - diff --git a/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch b/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch deleted file mode 100644 index d2db93d..0000000 --- a/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch +++ /dev/null @@ -1,252 +0,0 @@ -From db234c0c95ac45b5ff8602d8686d2bb1bbaa7883 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 13 Feb 2020 17:47:45 +0100 -Subject: [PATCH] set: Add support for NFTA_SET_DESC_CONCAT attributes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223 -Upstream Status: libnftnl commit 7cd41b5387acf - -commit 7cd41b5387acf84088e9299a796f7c2c72339a1a -Author: Stefano Brivio -Date: Thu Jan 30 01:16:33 2020 +0100 - - set: Add support for NFTA_SET_DESC_CONCAT attributes - - If NFTNL_SET_DESC_CONCAT data is passed, pass that to the kernel - as NFTA_SET_DESC_CONCAT attributes: it describes the length of - single concatenated fields, in bytes. - - Similarly, parse NFTA_SET_DESC_CONCAT attributes if received - from the kernel. - - This is the libnftnl counterpart for nftables patch: - src: Add support for NFTNL_SET_DESC_CONCAT - - v4: - - move NFTNL_SET_DESC_CONCAT to the end of enum nftnl_set_attr - to avoid ABI breakage (Pablo Neira Ayuso) - v3: - - use NFTNL_SET_DESC_CONCAT and NFTA_SET_DESC_CONCAT instead of a - stand-alone NFTA_SET_SUBKEY attribute (Pablo Neira Ayuso) - - pass field length in bytes instead of bits, fields would get - unnecessarily big otherwise - v2: - - fixed grammar in commit message - - removed copy of array bytes in nftnl_set_nlmsg_build_subkey_payload(), - we're simply passing values to htonl() (Phil Sutter) - - Signed-off-by: Stefano Brivio - Signed-off-by: Pablo Neira Ayuso ---- - include/libnftnl/set.h | 1 + - include/set.h | 2 + - src/set.c | 111 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 95 insertions(+), 19 deletions(-) - -diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h -index db3fa68..bbbf58d 100644 ---- a/include/libnftnl/set.h -+++ b/include/libnftnl/set.h -@@ -29,6 +29,7 @@ enum nftnl_set_attr { - NFTNL_SET_USERDATA, - NFTNL_SET_OBJ_TYPE, - NFTNL_SET_HANDLE, -+ NFTNL_SET_DESC_CONCAT, - __NFTNL_SET_MAX - }; - #define NFTNL_SET_MAX (__NFTNL_SET_MAX - 1) -diff --git a/include/set.h b/include/set.h -index 446acd2..895ffdb 100644 ---- a/include/set.h -+++ b/include/set.h -@@ -25,6 +25,8 @@ struct nftnl_set { - enum nft_set_policies policy; - struct { - uint32_t size; -+ uint8_t field_len[NFT_REG32_COUNT]; -+ uint8_t field_count; - } desc; - struct list_head element_list; - -diff --git a/src/set.c b/src/set.c -index 78447c6..651dcfa 100644 ---- a/src/set.c -+++ b/src/set.c -@@ -89,6 +89,7 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) - case NFTNL_SET_ID: - case NFTNL_SET_POLICY: - case NFTNL_SET_DESC_SIZE: -+ case NFTNL_SET_DESC_CONCAT: - case NFTNL_SET_TIMEOUT: - case NFTNL_SET_GC_INTERVAL: - break; -@@ -174,6 +175,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, - case NFTNL_SET_DESC_SIZE: - memcpy(&s->desc.size, data, sizeof(s->desc.size)); - break; -+ case NFTNL_SET_DESC_CONCAT: -+ memcpy(&s->desc.field_len, data, data_len); -+ while (s->desc.field_len[++s->desc.field_count]); -+ break; - case NFTNL_SET_TIMEOUT: - memcpy(&s->timeout, data, sizeof(s->timeout)); - break; -@@ -266,6 +271,9 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr, - case NFTNL_SET_DESC_SIZE: - *data_len = sizeof(uint32_t); - return &s->desc.size; -+ case NFTNL_SET_DESC_CONCAT: -+ *data_len = s->desc.field_count; -+ return s->desc.field_len; - case NFTNL_SET_TIMEOUT: - *data_len = sizeof(uint64_t); - return &s->timeout; -@@ -351,13 +359,42 @@ err: - return NULL; - } - -+static void nftnl_set_nlmsg_build_desc_size_payload(struct nlmsghdr *nlh, -+ struct nftnl_set *s) -+{ -+ mnl_attr_put_u32(nlh, NFTA_SET_DESC_SIZE, htonl(s->desc.size)); -+} -+ -+static void nftnl_set_nlmsg_build_desc_concat_payload(struct nlmsghdr *nlh, -+ struct nftnl_set *s) -+{ -+ struct nlattr *nest; -+ int i; -+ -+ nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC_CONCAT); -+ for (i = 0; i < NFT_REG32_COUNT && i < s->desc.field_count; i++) { -+ struct nlattr *nest_elem; -+ -+ nest_elem = mnl_attr_nest_start(nlh, NFTA_LIST_ELEM); -+ mnl_attr_put_u32(nlh, NFTA_SET_FIELD_LEN, -+ htonl(s->desc.field_len[i])); -+ mnl_attr_nest_end(nlh, nest_elem); -+ } -+ mnl_attr_nest_end(nlh, nest); -+} -+ - static void - nftnl_set_nlmsg_build_desc_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - { - struct nlattr *nest; - - nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC); -- mnl_attr_put_u32(nlh, NFTA_SET_DESC_SIZE, htonl(s->desc.size)); -+ -+ if (s->flags & (1 << NFTNL_SET_DESC_SIZE)) -+ nftnl_set_nlmsg_build_desc_size_payload(nlh, s); -+ if (s->flags & (1 << NFTNL_SET_DESC_CONCAT)) -+ nftnl_set_nlmsg_build_desc_concat_payload(nlh, s); -+ - mnl_attr_nest_end(nlh, nest); - } - -@@ -387,7 +424,7 @@ void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - mnl_attr_put_u32(nlh, NFTA_SET_ID, htonl(s->id)); - if (s->flags & (1 << NFTNL_SET_POLICY)) - mnl_attr_put_u32(nlh, NFTA_SET_POLICY, htonl(s->policy)); -- if (s->flags & (1 << NFTNL_SET_DESC_SIZE)) -+ if (s->flags & (1 << NFTNL_SET_DESC_SIZE | 1 << NFTNL_SET_DESC_CONCAT)) - nftnl_set_nlmsg_build_desc_payload(nlh, s); - if (s->flags & (1 << NFTNL_SET_TIMEOUT)) - mnl_attr_put_u64(nlh, NFTA_SET_TIMEOUT, htobe64(s->timeout)); -@@ -445,39 +482,75 @@ static int nftnl_set_parse_attr_cb(const struct nlattr *attr, void *data) - return MNL_CB_OK; - } - --static int nftnl_set_desc_parse_attr_cb(const struct nlattr *attr, void *data) -+static int -+nftnl_set_desc_concat_field_parse_attr_cb(const struct nlattr *attr, void *data) -+{ -+ int type = mnl_attr_get_type(attr); -+ struct nftnl_set *s = data; -+ -+ if (type != NFTA_SET_FIELD_LEN) -+ return MNL_CB_OK; -+ -+ if (mnl_attr_validate(attr, MNL_TYPE_U32)) -+ return MNL_CB_ERROR; -+ -+ s->desc.field_len[s->desc.field_count] = ntohl(mnl_attr_get_u32(attr)); -+ s->desc.field_count++; -+ -+ return MNL_CB_OK; -+} -+ -+static int -+nftnl_set_desc_concat_parse_attr_cb(const struct nlattr *attr, void *data) - { -- const struct nlattr **tb = data; - int type = mnl_attr_get_type(attr); -+ struct nftnl_set *s = data; -+ -+ if (type != NFTA_LIST_ELEM) -+ return MNL_CB_OK; -+ -+ return mnl_attr_parse_nested(attr, -+ nftnl_set_desc_concat_field_parse_attr_cb, -+ s); -+} -+ -+static int nftnl_set_desc_parse_attr_cb(const struct nlattr *attr, void *data) -+{ -+ int type = mnl_attr_get_type(attr), err; -+ struct nftnl_set *s = data; - - if (mnl_attr_type_valid(attr, NFTA_SET_DESC_MAX) < 0) - return MNL_CB_OK; - - switch (type) { - case NFTA_SET_DESC_SIZE: -- if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { - abi_breakage(); -+ break; -+ } -+ -+ s->desc.size = ntohl(mnl_attr_get_u32(attr)); -+ s->flags |= (1 << NFTNL_SET_DESC_SIZE); -+ break; -+ case NFTA_SET_DESC_CONCAT: -+ err = mnl_attr_parse_nested(attr, -+ nftnl_set_desc_concat_parse_attr_cb, -+ s); -+ if (err != MNL_CB_OK) -+ abi_breakage(); -+ -+ s->flags |= (1 << NFTNL_SET_DESC_CONCAT); -+ break; -+ default: - break; - } - -- tb[type] = attr; - return MNL_CB_OK; - } - --static int nftnl_set_desc_parse(struct nftnl_set *s, -- const struct nlattr *attr) -+static int nftnl_set_desc_parse(struct nftnl_set *s, const struct nlattr *attr) - { -- struct nlattr *tb[NFTA_SET_DESC_MAX + 1] = {}; -- -- if (mnl_attr_parse_nested(attr, nftnl_set_desc_parse_attr_cb, tb) < 0) -- return -1; -- -- if (tb[NFTA_SET_DESC_SIZE]) { -- s->desc.size = ntohl(mnl_attr_get_u32(tb[NFTA_SET_DESC_SIZE])); -- s->flags |= (1 << NFTNL_SET_DESC_SIZE); -- } -- -- return 0; -+ return mnl_attr_parse_nested(attr, nftnl_set_desc_parse_attr_cb, s); - } - - EXPORT_SYMBOL(nftnl_set_nlmsg_parse); --- -1.8.3.1 - diff --git a/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch b/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch deleted file mode 100644 index c57b126..0000000 --- a/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 0ac992b8118bce817e0f1da3e2581c4cde95ca80 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 13 Feb 2020 17:47:45 +0100 -Subject: [PATCH] set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223 -Upstream Status: libnftnl commit 04cc28d8d6923 - -commit 04cc28d8d6923ea66b08ae9a74d81d8b6ac5b2d7 -Author: Stefano Brivio -Date: Thu Jan 30 01:16:34 2020 +0100 - - set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END - - The new set element attribute maps to the netlink attribute - NFTA_SET_ELEM_KEY_END in the same way as NFTNL_SET_ELEM_KEY - maps to NFTA_SET_ELEM_KEY, and represents the key data used - to express the upper bound of a range, in concatenations. - - Suggested-by: Pablo Neira Ayuso - Signed-off-by: Stefano Brivio - Signed-off-by: Pablo Neira Ayuso ---- - include/libnftnl/set.h | 1 + - include/set_elem.h | 1 + - src/set_elem.c | 24 ++++++++++++++++++++++++ - 3 files changed, 26 insertions(+) - -diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h -index bbbf58d..6843adf 100644 ---- a/include/libnftnl/set.h -+++ b/include/libnftnl/set.h -@@ -105,6 +105,7 @@ enum { - NFTNL_SET_ELEM_USERDATA, - NFTNL_SET_ELEM_EXPR, - NFTNL_SET_ELEM_OBJREF, -+ NFTNL_SET_ELEM_KEY_END, - __NFTNL_SET_ELEM_MAX - }; - #define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1) -diff --git a/include/set_elem.h b/include/set_elem.h -index cc4d529..52f185a 100644 ---- a/include/set_elem.h -+++ b/include/set_elem.h -@@ -8,6 +8,7 @@ struct nftnl_set_elem { - uint32_t set_elem_flags; - uint32_t flags; - union nftnl_data_reg key; -+ union nftnl_data_reg key_end; - union nftnl_data_reg data; - struct nftnl_expr *expr; - uint64_t timeout; -diff --git a/src/set_elem.c b/src/set_elem.c -index d3ce807..2203193 100644 ---- a/src/set_elem.c -+++ b/src/set_elem.c -@@ -75,6 +75,7 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) - break; - case NFTNL_SET_ELEM_FLAGS: - case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */ -+ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ - case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ - case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */ - case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */ -@@ -118,6 +119,10 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, - memcpy(&s->key.val, data, data_len); - s->key.len = data_len; - break; -+ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ -+ memcpy(&s->key_end.val, data, data_len); -+ s->key_end.len = data_len; -+ break; - case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ - memcpy(&s->data.verdict, data, sizeof(s->data.verdict)); - break; -@@ -193,6 +198,9 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t - case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */ - *data_len = s->key.len; - return &s->key.val; -+ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ -+ *data_len = s->key_end.len; -+ return &s->key_end.val; - case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ - *data_len = sizeof(s->data.verdict); - return &s->data.verdict; -@@ -287,6 +295,14 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, - mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key.len, e->key.val); - mnl_attr_nest_end(nlh, nest1); - } -+ if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) { -+ struct nlattr *nest1; -+ -+ nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_KEY_END); -+ mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key_end.len, -+ e->key_end.val); -+ mnl_attr_nest_end(nlh, nest1); -+ } - if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT)) { - struct nlattr *nest1, *nest2; - -@@ -373,6 +389,7 @@ static int nftnl_set_elem_parse_attr_cb(const struct nlattr *attr, void *data) - abi_breakage(); - break; - case NFTA_SET_ELEM_KEY: -+ case NFTA_SET_ELEM_KEY_END: - case NFTA_SET_ELEM_DATA: - case NFTA_SET_ELEM_EXPR: - if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) -@@ -421,6 +438,13 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest - goto out_set_elem; - e->flags |= (1 << NFTNL_SET_ELEM_KEY); - } -+ if (tb[NFTA_SET_ELEM_KEY_END]) { -+ ret = nftnl_parse_data(&e->key_end, tb[NFTA_SET_ELEM_KEY_END], -+ &type); -+ if (ret < 0) -+ goto out_set_elem; -+ e->flags |= (1 << NFTNL_SET_ELEM_KEY_END); -+ } - if (tb[NFTA_SET_ELEM_DATA]) { - ret = nftnl_parse_data(&e->data, tb[NFTA_SET_ELEM_DATA], &type); - if (ret < 0) --- -1.8.3.1 - diff --git a/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch b/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch deleted file mode 100644 index 9bb2500..0000000 --- a/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 6854ec003b42cf02d4b40c0942d49ede9f6d94c0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 19 Feb 2020 12:00:31 +0100 -Subject: [PATCH] src: Fix for reading garbage in nftnl_chain getters - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1758673 -Upstream Status: libnftnl commit 629ee38dca486 - -commit 629ee38dca48651bc8c0eedf2f3a0066a6c0aa5b -Author: Phil Sutter -Date: Fri Feb 14 18:20:29 2020 +0100 - - src: Fix for reading garbage in nftnl_chain getters - - In {s,u}{32,64} type getters nftnl_assert() is called to make sure - returned data length matches expectations. Therefore all attributes must - set data_len, which NFTNL_CHAIN_DEVICES didn't. - - While being at it, do the same change for NFTNL_FLOWTABLE_DEVICES as - well to make code a bit more consistent although the problem was fixed - for flowtables with commit f8eed54150fd4 ("flowtable: Fix for reading - garbage") already (but in the other direction). - - Fixes: e3ac19b5ec162 ("chain: multi-device support") - Signed-off-by: Phil Sutter ---- - src/chain.c | 1 + - src/flowtable.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/chain.c b/src/chain.c -index b9a16fc..6e90763 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -365,6 +365,7 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, - *data_len = strlen(c->dev) + 1; - return c->dev; - case NFTNL_CHAIN_DEVICES: -+ *data_len = 0; - return &c->dev_array[0]; - } - return NULL; -diff --git a/src/flowtable.c b/src/flowtable.c -index 9ba3b6d..bf3e443 100644 ---- a/src/flowtable.c -+++ b/src/flowtable.c -@@ -231,6 +231,7 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, - *data_len = sizeof(int32_t); - return &c->family; - case NFTNL_FLOWTABLE_DEVICES: -+ *data_len = 0; - return &c->dev_array[0]; - case NFTNL_FLOWTABLE_SIZE: - *data_len = sizeof(int32_t); --- -1.8.3.1 - diff --git a/SOURCES/0010-set_elem-missing-set-and-build-for-NFTNL_SET_ELEM_EX.patch b/SOURCES/0010-set_elem-missing-set-and-build-for-NFTNL_SET_ELEM_EX.patch deleted file mode 100644 index 3d38755..0000000 --- a/SOURCES/0010-set_elem-missing-set-and-build-for-NFTNL_SET_ELEM_EX.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e04405f86a93185e4843b4e8c0644a4c66683fac Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 13 Jan 2022 20:10:27 +0100 -Subject: [PATCH] set_elem: missing set and build for NFTNL_SET_ELEM_EXPR - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2040478 -Upstream Status: libnftnl commit 92705574380f7 - -commit 92705574380f7ffd9f244b4cb69422a85269ab41 -Author: Pablo Neira Ayuso -Date: Wed Mar 11 14:23:33 2020 +0100 - - set_elem: missing set and build for NFTNL_SET_ELEM_EXPR - - Extend nftnl_set_elem_set() and nftnl_set_elem_nlmsg_build_payload() to - support for the NFTNL_SET_ELEM_EXPR attribute. - - Signed-off-by: Pablo Neira Ayuso ---- - src/set_elem.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/set_elem.c b/src/set_elem.c -index 2203193..4421322 100644 ---- a/src/set_elem.c -+++ b/src/set_elem.c -@@ -162,6 +162,12 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, - if (!s->objref) - return -1; - break; -+ case NFTNL_SET_ELEM_EXPR: -+ if (s->flags & (1 << NFTNL_SET_ELEM_EXPR)) -+ nftnl_expr_free(s->expr); -+ -+ s->expr = (void *)data; -+ break; - } - s->flags |= (1 << attr); - return 0; -@@ -326,6 +332,13 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, - mnl_attr_put(nlh, NFTA_SET_ELEM_USERDATA, e->user.len, e->user.data); - if (e->flags & (1 << NFTNL_SET_ELEM_OBJREF)) - mnl_attr_put_strz(nlh, NFTA_SET_ELEM_OBJREF, e->objref); -+ if (e->flags & (1 << NFTNL_SET_ELEM_EXPR)) { -+ struct nlattr *nest1; -+ -+ nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_EXPR); -+ nftnl_expr_build_payload(nlh, e->expr); -+ mnl_attr_nest_end(nlh, nest1); -+ } - } - - static void nftnl_set_elem_nlmsg_build_def(struct nlmsghdr *nlh, --- -2.31.1 - diff --git a/SOURCES/0011-expr-dynset-release-stateful-expression-from-.free-p.patch b/SOURCES/0011-expr-dynset-release-stateful-expression-from-.free-p.patch deleted file mode 100644 index 326458c..0000000 --- a/SOURCES/0011-expr-dynset-release-stateful-expression-from-.free-p.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 719810aeae4bf7a5c99bb6090070e769954d2e01 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 13 Jan 2022 20:10:27 +0100 -Subject: [PATCH] expr: dynset: release stateful expression from .free path - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2040478 -Upstream Status: libnftnl commit 0bd7d62c450c6 - -commit 0bd7d62c450c6736af4141d37073c5b40f1f894d -Author: Pablo Neira Ayuso -Date: Wed May 6 20:45:35 2020 +0200 - - expr: dynset: release stateful expression from .free path - - ==22778==ERROR: LeakSanitizer: detected memory leaks - - Direct leak of 64 byte(s) in 1 object(s) allocated from: - #0 0x7f3212406518 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9518) - #1 0x7f321041703e in nftnl_expr_alloc /home/pablo/devel/scm/git-netfilter/libnftnl/src/expr.c:37 - #2 0x7f3211d51c16 in netlink_gen_limit_stmt /home/pablo/devel/scm/git-netfilter/nftables/src/netlink_linearize.c:859 - #3 0x7f3211d5220c in netlink_gen_stmt_stateful /home/pablo/devel/scm/git-netfilter/nftables/src/netlink_linearize.c:891 - #4 0x7f3211d58630 in netlink_gen_meter_stmt /home/pablo/devel/scm/git-netfilter/nftables/src/netlink_linearize.c:1441 - [...] - - SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). - - Signed-off-by: Pablo Neira Ayuso ---- - src/expr/dynset.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/expr/dynset.c b/src/expr/dynset.c -index 4870923..466dfff 100644 ---- a/src/expr/dynset.c -+++ b/src/expr/dynset.c -@@ -278,6 +278,8 @@ static void nftnl_expr_dynset_free(const struct nftnl_expr *e) - struct nftnl_expr_dynset *dynset = nftnl_expr_data(e); - - xfree(dynset->set_name); -+ if (dynset->expr) -+ nftnl_expr_free(dynset->expr); - } - - struct expr_ops expr_ops_dynset = { --- -2.31.1 - diff --git a/SOURCES/0012-set-expose-nftnl_set_elem_nlmsg_build.patch b/SOURCES/0012-set-expose-nftnl_set_elem_nlmsg_build.patch deleted file mode 100644 index e2624c4..0000000 --- a/SOURCES/0012-set-expose-nftnl_set_elem_nlmsg_build.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 3fb9a2e1b66e931453b18b022b0a364a66699580 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 21 Jan 2022 13:48:20 +0100 -Subject: [PATCH] set: expose nftnl_set_elem_nlmsg_build() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2040754 -Upstream Status: libnftnl commit 8d74a15d941c6 -Conflicts: Adjusted symbol version name to avoid confusion with upstream - versions. - -commit 8d74a15d941c69b7d0f5961be1e56b87ca3235d0 -Author: Pablo Neira Ayuso -Date: Thu Nov 4 14:09:44 2021 +0100 - - set: expose nftnl_set_elem_nlmsg_build() - - Expose a function to build one single set element netlink message. - - Signed-off-by: Pablo Neira Ayuso ---- - include/libnftnl/set.h | 2 ++ - src/libnftnl.map | 4 ++++ - src/set_elem.c | 9 +++++---- - 3 files changed, 11 insertions(+), 4 deletions(-) - -diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h -index 6843adf..99d692e 100644 ---- a/include/libnftnl/set.h -+++ b/include/libnftnl/set.h -@@ -135,6 +135,8 @@ bool nftnl_set_elem_is_set(const struct nftnl_set_elem *s, uint16_t attr); - #define nftnl_set_elem_nlmsg_build_hdr nftnl_nlmsg_build_hdr - void nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s); - void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set_elem *e); -+struct nlattr *nftnl_set_elem_nlmsg_build(struct nlmsghdr *nlh, -+ struct nftnl_set_elem *elem, int i); - - int nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err); -diff --git a/src/libnftnl.map b/src/libnftnl.map -index 8230d15..0799570 100644 ---- a/src/libnftnl.map -+++ b/src/libnftnl.map -@@ -359,3 +359,7 @@ LIBNFTNL_13 { - nftnl_obj_set_data; - nftnl_flowtable_set_data; - } LIBNFTNL_12; -+ -+LIBNFTNL_RHEL_14 { -+ nftnl_set_elem_nlmsg_build; -+} LIBNFTNL_13; -diff --git a/src/set_elem.c b/src/set_elem.c -index 4421322..ce1a976 100644 ---- a/src/set_elem.c -+++ b/src/set_elem.c -@@ -352,8 +352,9 @@ static void nftnl_set_elem_nlmsg_build_def(struct nlmsghdr *nlh, - mnl_attr_put_strz(nlh, NFTA_SET_ELEM_LIST_TABLE, s->table); - } - --static struct nlattr *nftnl_set_elem_build(struct nlmsghdr *nlh, -- struct nftnl_set_elem *elem, int i) -+EXPORT_SYMBOL(nftnl_set_elem_nlmsg_build); -+struct nlattr *nftnl_set_elem_nlmsg_build(struct nlmsghdr *nlh, -+ struct nftnl_set_elem *elem, int i) - { - struct nlattr *nest2; - -@@ -378,7 +379,7 @@ void nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set - - nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_LIST_ELEMENTS); - list_for_each_entry(elem, &s->element_list, head) -- nftnl_set_elem_build(nlh, elem, ++i); -+ nftnl_set_elem_nlmsg_build(nlh, elem, ++i); - - mnl_attr_nest_end(nlh, nest1); - } -@@ -818,7 +819,7 @@ int nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh, - nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_LIST_ELEMENTS); - elem = nftnl_set_elems_iter_next(iter); - while (elem != NULL) { -- nest2 = nftnl_set_elem_build(nlh, elem, ++i); -+ nest2 = nftnl_set_elem_nlmsg_build(nlh, elem, ++i); - if (nftnl_attr_nest_overflow(nlh, nest1, nest2)) { - /* Go back to previous not to miss this element */ - iter->cur = list_entry(iter->cur->head.prev, --- -2.31.1 - diff --git a/SPECS/libnftnl.spec b/SPECS/libnftnl.spec index d249733..d84ec89 100644 --- a/SPECS/libnftnl.spec +++ b/SPECS/libnftnl.spec @@ -1,5 +1,5 @@ -%define rpmversion 1.1.5 -%define specrelease 5 +%define rpmversion 1.2.2 +%define specrelease 3 Name: libnftnl Version: %{rpmversion} @@ -12,18 +12,8 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: libmnl-devel -Patch0: 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch -Patch1: 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch -Patch2: 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch -Patch3: 0004-flowtable-Correctly-check-realloc-call.patch -Patch4: 0005-chain-Correctly-check-realloc-call.patch -Patch5: 0006-include-resync-nf_tables.h-cache-copy.patch -Patch6: 0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch -Patch7: 0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch -Patch8: 0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch -Patch9: 0010-set_elem-missing-set-and-build-for-NFTNL_SET_ELEM_EX.patch -Patch10: 0011-expr-dynset-release-stateful-expression-from-.free-p.patch -Patch11: 0012-set-expose-nftnl_set_elem_nlmsg_build.patch + +Patch0001: 0001-libnftnl.map-Restore-custom-LIBNFTNL_RHEL_14-version.patch %description A library for low-level interaction with nftables Netlink's API over libmnl. @@ -70,6 +60,15 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %{_includedir}/libnftnl %changelog +* Wed Jun 28 2023 Phil Sutter [1.2.2-3.el8] +- Export nftnl_set_elem_nlmsg_build symbol in the right version + +* Wed Jun 28 2023 Phil Sutter [1.2.2-2.el8] +- libnftnl.map: Restore custom LIBNFTNL_RHEL_14 version (Phil Sutter) [2211096] + +* Tue May 30 2023 Phil Sutter [1.2.2-1.el8] +- Rebase onto version 1.2.2 (Phil Sutter) [2211096] + * Fri Jan 21 2022 Phil Sutter [1.1.5-5.el8] - set: expose nftnl_set_elem_nlmsg_build() (Phil Sutter) [2040754] - expr: dynset: release stateful expression from .free path (Phil Sutter) [2040478]