RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/nftables#60b6d3d324c90ea7ee6c0c5ec89f89cddc5b617e

.gitignore

@@ -0,0 +1,20 @@
+/nftables-20140326.tar.bz2
+/nftables-20140330.tar.bz2
+/nftables-20140426.tar.bz2
+/nftables-20140704.tar.bz2
+/nftables-20140903.tar.bz2
+/nftables-0.4.tar.bz2
+/nftables-0.5.tar.bz2
+/nftables-0.6.tar.bz2
+/nftables-0.7.tar.bz2
+/nftables-0.8.tar.bz2
+/nftables-0.8.1.tar.bz2
+/nftables-0.8.2.tar.bz2
+/nftables-0.8.3.tar.bz2
+/nftables-0.8.4.tar.bz2
+/nftables-0.8.5.tar.bz2
+/nftables-0.9.0.tar.bz2
+/nftables-0.9.1.tar.bz2
+/nftables-0.9.2.tar.bz2
+/nftables-0.9.3.tar.bz2
+/nftables-0.9.6.tar.bz2

nftables-fix_json_events.patch

@@ -0,0 +1,41 @@
+From c96c7da272e33a34770c4de4e3e50f7ed264672e Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 13 May 2020 16:29:51 +0200
+Subject: JSON: Improve performance of json_events_cb()
+
+The function tries to insert handles into JSON input for echo option.
+Yet there may be nothing to do if the given netlink message doesn't
+contain a handle, e.g. if it is an 'add element' command. Calling
+seqnum_to_json() is pointless overhead in that case, and if input is
+large this overhead is significant. Better wait with that call until
+after checking if the message is relevant at all.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Eric Garver <eric@garver.life>
+---
+ src/parser_json.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+Index: nftables-0.9.3/src/parser_json.c
+===================================================================
+--- nftables-0.9.3.orig/src/parser_json.c
++++ nftables-0.9.3/src/parser_json.c
+@@ -3838,12 +3838,15 @@ static uint64_t handle_from_nlmsg(const
+ }
+ int json_events_cb(const struct nlmsghdr *nlh, struct netlink_mon_handler *monh)
+ {
+-	json_t *tmp, *json = seqnum_to_json(nlh->nlmsg_seq);
+ 	uint64_t handle = handle_from_nlmsg(nlh);
++	json_t *tmp, *json;
+ 	void *iter;
+ 
+-	/* might be anonymous set, ignore message */
+-	if (!json || !handle)
++	if (!handle)
++		return MNL_CB_OK;
++
++	json = seqnum_to_json(nlh->nlmsg_seq);
++	if (!json)
+ 		return MNL_CB_OK;
+ 
+ 	tmp = json_object_get(json, "add");

nftables.conf

@@ -0,0 +1,17 @@
+#
+# This file will contain your nftables rules and
+# is read by the systemd service when restarting
+#
+# These provide an iptables like set of filters
+# (uncomment to include)
+# include "/etc/nftables/arp-filter.nft"
+# include "/etc/nftables/bridge-filter.nft"
+# include "/etc/nftables/inet-filter.nft"
+# include "/etc/nftables/ipv4-filter.nft"
+# include "/etc/nftables/ipv4-mangle.nft"
+# include "/etc/nftables/ipv4-nat.nft"
+# include "/etc/nftables/ipv4-raw.nft"
+# include "/etc/nftables/ipv6-filter.nft"
+# include "/etc/nftables/ipv6-mangle.nft"
+# include "/etc/nftables/ipv6-nat.nft"
+# include "/etc/nftables/ipv6-raw.nft"

nftables.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ProtectSystem=full
+ProtectHome=true
+ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
+ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
+ExecStop=/sbin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

nftables.spec

@@ -0,0 +1,297 @@
+Name:           nftables
+Version:        0.9.6
+Release:        1%{?dist}
+# Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
+Epoch:          1
+Summary:        Netfilter Tables userspace utillites
+
+License:        GPLv2
+URL:            https://netfilter.org/projects/nftables/
+Source0:        %{url}/files/%{name}-%{version}.tar.bz2
+Source1:        nftables.service
+Source2:        nftables.conf
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1834853
+Patch0:         nftables-fix_json_events.patch
+
+#BuildRequires: autogen
+#BuildRequires: autoconf
+#BuildRequires: automake
+#BuildRequires: libtool
+BuildRequires:  gcc
+BuildRequires: flex
+BuildRequires: bison
+BuildRequires: libmnl-devel
+BuildRequires: gmp-devel
+BuildRequires: readline-devel
+BuildRequires: libnftnl-devel
+BuildRequires: systemd
+BuildRequires: asciidoc
+BuildRequires: iptables-devel
+BuildRequires: jansson-devel
+BuildRequires: python3-devel
+
+%description
+Netfilter Tables userspace utilities.
+
+%package        devel
+Summary:        Development library for nftables / libnftables
+Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       pkgconfig
+
+%description devel
+Development tools and static libraries and header files for the libnftables library.
+
+%package -n     python3-nftables
+Summary:        Python module providing an interface to libnftables
+Requires:       %{name} = %{epoch}:%{version}-%{release}
+%{?python_provide:%python_provide python3-nftables}
+
+%description -n python3-nftables
+The nftables python module provides an interface to libnftables via ctypes.
+
+%prep
+%autosetup -p1
+
+%build
+#./autogen.sh
+%configure --disable-silent-rules --with-xtables --with-json \
+	--enable-python --with-python-bin=%{__python3}
+%make_build
+
+%install
+%make_install
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
+# Don't ship static lib (for now at least)
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libnftables.a
+
+chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*
+
+mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
+cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/
+
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
+cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
+chmod 600 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/nftables.conf
+
+mkdir -m 700 -p $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
+chmod 600 $RPM_BUILD_ROOT/%{_sysconfdir}/nftables/*.nft
+chmod 700 $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
+
+# make nftables.py use the real library file name
+# to avoid nftables-devel package dependency
+sofile=$(readlink $RPM_BUILD_ROOT/%{_libdir}/libnftables.so)
+sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
+	$RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
+
+%post
+%systemd_post nftables.service
+%ldconfig_post
+
+%preun
+%systemd_preun nftables.service
+
+%postun
+%systemd_postun_with_restart nftables.service
+%ldconfig_postun
+
+%files
+%license COPYING
+%config(noreplace) %{_sysconfdir}/nftables/
+%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
+%{_sbindir}/nft
+%{_libdir}/libnftables.so.*
+%{_mandir}/man5/libnftables-json.5*
+%{_mandir}/man8/nft*
+%{_unitdir}/nftables.service
+%{_docdir}/nftables/examples/*.nft
+
+%files devel
+%{_libdir}/libnftables.so
+%{_libdir}/pkgconfig/libnftables.pc
+%{_includedir}/nftables/libnftables.h
+%{_mandir}/man3/libnftables.3*
+
+%files -n python3-nftables
+%{python3_sitelib}/nftables-*.egg-info
+%{python3_sitelib}/nftables/
+
+%changelog
+* Sat Sep 05 2020 Neal Gompa <ngompa13@gmail.com> - 1:0.9.6-1
+- Update to 0.9.6 (RH#1846663)
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1:0.9.3-5
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:0.9.3-4
+- Rebuilt for Python 3.9
+
+* Fri May 15 2020 Richard Shaw <hobbes1069@gmail.com> - 1:0.9.3-3
+- Add patch for json performance with ipsets, fixes RHBZ#1834853.
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.3-1
+- Update to 0.9.3. Fixes bug #1778959
+
+* Tue Oct 01 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.2-3
+- Drop unneeded docbook2X build dependency
+- Add python3-nftables sub-package
+
+* Fri Aug 23 2019 Kevin Fenzi <kevin@scrye.com> - 0.9.2-2
+- Move libnftables section 3 man page to devel package.
+
+* Fri Aug 23 2019 Kevin Fenzi <kevin@scrye.com> - 0.9.2-1
+- Update to 0.9.2. Fixes bug #1743223
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jun 28 2019 Kevin Fenzi <kevin@scrye.com> - 0.9.1-2
+- Add some filters to nftables.conf
+
+* Tue Jun 25 2019 Kevin Fenzi <kevin@scrye.com> - 0.9.1-1
+- Update to 0.9.1. Fixes bug #1723515
+
+* Mon Jun 17 2019 Kevin Fenzi <kevin@scrye.com> - 0.9.0-7
+- Rebuild for new libnftnl.
+
+* Sat Mar 16 2019 Kevin Fenzi <kevin@scrye.com> - 1:0.9.0-6
+- Fix permissions. Bug #1685242
+
+* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:0.9.0-5
+- Rebuild for readline 8.0
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sun Nov 04 2018 Kevin Fenzi <kevin@scrye.com> - 0.9.0-3
+- Fix config file to have correct include names. Fixes bug #1642103
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Sat Jun 09 2018 Kevin Fenzi <kevin@scrye.com> - 0.9.0-1
+- Update to 0.9.0. Fixes bug #1589404
+
+* Fri May 11 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.5-1
+- Update to 0.8.5. Fixes bug #1576802
+
+* Sun May 06 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.4-2
+- Fix devel package to require the Epoch too.
+- Fix libraries split
+
+* Fri May 04 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.4-1
+- Update to 0.8.4. Fixes bug #1574096
+
+* Sat Mar 03 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.3-1
+- Update to 0.8.3. Fixes bug #1551207
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.8.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Feb 05 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.2-1
+- Update to 0.8.2. Fixes bug #1541582
+
+* Tue Jan 16 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.1-1
+- Update to 0.8.1. Fixes bug #1534982
+
+* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 0.8-1
+- Update to 0.8. 
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:0.7-2
+- Rebuild for readline 7.x
+
+* Thu Dec 22 2016 Kevin Fenzi <kevin@scrye.com> - 0.7-1
+- Update to 0.7
+
+* Fri Jul 15 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-2
+- Rebuild for new glibc symbols
+
+* Thu Jun 02 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-1
+- Update to 0.6.
+
+* Sun Apr 10 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-4
+- Add example config files and move config to /etc/sysconfig. Fixes bug #1313936
+
+* Fri Mar 25 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-3
+- Add systemd unit file. Fixes bug #1313936
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Sep 17 2015 Kevin Fenzi <kevin@scrye.com> 0.5-1
+- Update to 0.5
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Jan 10 2015 Kevin Fenzi <kevin@scrye.com> 0.4-2
+- Add patch to fix nft -f dep gen.
+
+* Fri Dec 26 2014 Kevin Fenzi <kevin@scrye.com> 0.4-1
+- Update to 0.4
+- Add Epoch to fix versioning. 
+
+* Wed Sep 03 2014 Kevin Fenzi <kevin@scrye.com> 0.100-4.20140903git
+- Update to 20140903 snapshot
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-4.20140704git
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Jul 04 2014 Kevin Fenzi <kevin@scrye.com> 0.100-3.20140704git
+- Update to new snapshot
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-2.20140426git
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Apr 26 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140426git
+- Update t0 20140426
+
+* Sun Mar 30 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140330git
+- Update to 20140330 snapshot
+- Sync versions to be post 0.100 release.
+
+* Wed Mar 26 2014 Kevin Fenzi <kevin@scrye.com> 0-0.7.20140326git
+- Update to 20140326 snapshot
+- Fix permissions on man pages. 
+
+* Mon Mar 24 2014 Kevin Fenzi <kevin@scrye.com> 0-0.6.20140324git
+- Update to 20140324 snapshot
+
+* Fri Mar 07 2014 Kevin Fenzi <kevin@scrye.com> 0-0.5.20140307git
+- Update to 20140307
+
+* Sat Jan 25 2014 Kevin Fenzi <kevin@scrye.com> 0-0.4.20140125git
+- Update to 20140125 snapshot
+
+* Sat Jan 18 2014 Kevin Fenzi <kevin@scrye.com> 0-0.3.20140118git
+- Update to 20140118 snapshot
+- Fixed License tag to be correct
+- Fixed changelog
+- nft scripts now use full path for nft
+- Fixed man page building
+- Dropped unneeded rm in install
+- Patched build to not be silent. 
+
+* Tue Dec 03 2013 Kevin Fenzi <kevin@scrye.com> 0-0.2.20131202git
+- Use upstream snapshots for source.
+- Use 0 for version. 
+
+* Sat Nov 30 2013 Kevin Fenzi <kevin@scrye.com> 0-0.1
+- initial version for Fedora review

sources

@@ -0,0 +1 @@
+SHA512 (nftables-0.9.6.tar.bz2) = ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df