Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libnetfilter_conntrack for
openSUSE:Factory checked in at 2022-02-15 23:57:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libnetfilter_conntrack (Old)
and /work/SRC/openSUSE:Factory/.libnetfilter_conntrack.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libnetfilter_conntrack"
Tue Feb 15 23:57:02 2022 rev:27 rq:954305 version:1.0.9
Changes:
--------
---
/work/SRC/openSUSE:Factory/libnetfilter_conntrack/libnetfilter_conntrack.changes
2020-10-24 15:14:32.948033908 +0200
+++
/work/SRC/openSUSE:Factory/.libnetfilter_conntrack.new.1956/libnetfilter_conntrack.changes
2022-02-15 23:57:11.600198112 +0100
@@ -1,0 +2,11 @@
+Mon Feb 14 11:58:20 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 1.0.9
+ * This release comes with the new nfct_nlmsg_build_filter()
+ function that allows to add metadata for kernel-side
+ filtering of conntrack entries during conntrack table dump.
+ * The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER
+ argument, it allows to flush only IPv6 or IPv4 entries from
+ the connection tracking table.
+
+-------------------------------------------------------------------
Old:
----
libnetfilter_conntrack-1.0.8.tar.bz2
libnetfilter_conntrack-1.0.8.tar.bz2.sig
New:
----
libnetfilter_conntrack-1.0.9.tar.bz2
libnetfilter_conntrack-1.0.9.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libnetfilter_conntrack.spec ++++++
--- /var/tmp/diff_new_pack.0jV2Q4/_old 2022-02-15 23:57:12.212199802 +0100
+++ /var/tmp/diff_new_pack.0jV2Q4/_new 2022-02-15 23:57:12.216199813 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libnetfilter_conntrack
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,16 +18,16 @@
Name: libnetfilter_conntrack
%define lname libnetfilter_conntrack3
-Version: 1.0.8
+Version: 1.0.9
Release: 0
Summary: Userspace library for the in-kernel connection tracking state
table
License: GPL-2.0-or-later
Group: Productivity/Networking/Security
URL: https://netfilter.org/projects/libnetfilter_conntrack/
-#Git-Clone: git://git.netfilter.org/libnetfilter_conntrack
-Source:
ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/%name-%version.tar.bz2
-Source2:
ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/%name-%version.tar.bz2.sig
+#Git-Clone: https://git.netfilter.org/libnetfilter_conntrack/
+Source:
https://netfilter.org/projects/libnetfilter_conntrack/files/%name-%version.tar.bz2
+Source2:
https://netfilter.org/projects/libnetfilter_conntrack/files/%name-%version.tar.bz2.sig
Source3: baselibs.conf
Source4: %name.keyring
BuildRequires: pkgconfig >= 0.21
++++++ libnetfilter_conntrack-1.0.8.tar.bz2 ->
libnetfilter_conntrack-1.0.9.tar.bz2 ++++++
++++ 7554 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/Make_global.am
new/libnetfilter_conntrack-1.0.9/Make_global.am
--- old/libnetfilter_conntrack-1.0.8/Make_global.am 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/Make_global.am 2022-02-14
11:56:33.286607866 +0100
@@ -1,8 +1,24 @@
# This is _NOT_ the library release version, it's an API version.
-# Please read Chapter 6 "Library interface versions" of the libtool
-# documentation before making any modification
-# http://sources.redhat.com/autobook/autobook/autobook_91.html
-LIBVERSION=10:0:7
+# Extracted from Chapter 6 "Library interface versions" of the libtool docs.
+#
+# <snippet>
+# Here are a set of rules to help you update your library version information:
+#
+# 1. Start with version information of `0:0:0' for each libtool library.
+# 2. Update the version information only immediately before a public release
+# of your software. More frequent updates are unnecessary, and only guarantee
+# that the current interface number gets larger faster.
+# 3. If the library source code has changed at all since the last update,
+# then increment revision (`c:r:a' becomes `c:r+1:a').
+# 4. If any interfaces have been added, removed, or changed since the last
+# update, increment current, and set revision to 0.
+# 5. If any interfaces have been added since the last public release, then
+# increment age.
+# 6. If any interfaces have been removed since the last public release, then
+# set age to 0.
+# </snippet>
+#
+LIBVERSION=11:0:8
AM_CPPFLAGS = -I$(top_srcdir)/include ${LIBNFNETLINK_CFLAGS} ${LIBMNL_CFLAGS}
AM_CFLAGS = -Wall
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/build-aux/ar-lib
new/libnetfilter_conntrack-1.0.9/build-aux/ar-lib
--- old/libnetfilter_conntrack-1.0.8/build-aux/ar-lib 2020-04-01
18:53:30.485127871 +0200
+++ new/libnetfilter_conntrack-1.0.9/build-aux/ar-lib 2022-02-14
11:56:39.436915337 +0100
@@ -2,9 +2,9 @@
# Wrapper for Microsoft lib.exe
me=ar-lib
-scriptversion=2012-03-01.08; # UTC
+scriptversion=2019-07-04.01; # UTC
-# Copyright (C) 2010-2014 Free Software Foundation, Inc.
+# Copyright (C) 2010-2020 Free Software Foundation, Inc.
# Written by Peter Rosin <p...@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
@@ -18,7 +18,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -53,7 +53,7 @@
MINGW*)
file_conv=mingw
;;
- CYGWIN*)
+ CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -65,7 +65,7 @@
mingw)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
- cygwin)
+ cygwin | msys)
file=`cygpath -m "$file" || echo "$file"`
;;
wine)
@@ -224,10 +224,11 @@
esac
done
else
- $AR -NOLOGO -LIST "$archive" | sed -e 's/\\/\\\\/g' | while read member
- do
- $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $?
- done
+ $AR -NOLOGO -LIST "$archive" | tr -d '\r' | sed -e 's/\\/\\\\/g' \
+ | while read member
+ do
+ $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $?
+ done
fi
elif test -n "$quick$replace"; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/build-aux/compile
new/libnetfilter_conntrack-1.0.9/build-aux/compile
--- old/libnetfilter_conntrack-1.0.8/build-aux/compile 2020-04-01
18:53:30.489127866 +0200
+++ new/libnetfilter_conntrack-1.0.9/build-aux/compile 2022-02-14
11:56:39.446915833 +0100
@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2012-10-14.11; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Written by Tom Tromey <tro...@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -53,7 +53,7 @@
MINGW*)
file_conv=mingw
;;
- CYGWIN*)
+ CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
- cygwin/*)
+ cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
@@ -255,7 +255,8 @@
echo "compile $scriptversion"
exit $?
;;
- cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+ icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@@ -339,9 +340,9 @@
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/build-aux/missing
new/libnetfilter_conntrack-1.0.9/build-aux/missing
--- old/libnetfilter_conntrack-1.0.8/build-aux/missing 2020-04-01
18:53:30.505127841 +0200
+++ new/libnetfilter_conntrack-1.0.9/build-aux/missing 2022-02-14
11:56:39.456916329 +0100
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2013-10-28.13; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@
exit $st
fi
-perl_URL=http://www.perl.org/
-flex_URL=http://flex.sourceforge.net/
-gnu_software_URL=http://www.gnu.org/software
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
program_details ()
{
@@ -207,9 +207,9 @@
exit $st
# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/build-aux/test-driver
new/libnetfilter_conntrack-1.0.9/build-aux/test-driver
--- old/libnetfilter_conntrack-1.0.8/build-aux/test-driver 1970-01-01
01:00:00.000000000 +0100
+++ new/libnetfilter_conntrack-1.0.9/build-aux/test-driver 2022-02-14
11:56:39.716929236 +0100
@@ -0,0 +1,150 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2020 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-autom...@gnu.org> or send patches to
+# <automake-patc...@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error. This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+ echo "$0: $*" >&2
+ print_usage >&2
+ exit 2
+}
+
+print_usage ()
+{
+ cat <<END
+Usage:
+ test-driver --test-name NAME --log-file PATH --trs-file PATH
+ [--expect-failure {yes|no}] [--color-tests {yes|no}]
+ [--enable-hard-errors {yes|no}] [--]
+ TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
+END
+}
+
+test_name= # Used for reporting.
+log_file= # Where to save the output of the test script.
+trs_file= # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+ case $1 in
+ --help) print_usage; exit $?;;
+ --version) echo "test-driver $scriptversion"; exit $?;;
+ --test-name) test_name=$2; shift;;
+ --log-file) log_file=$2; shift;;
+ --trs-file) trs_file=$2; shift;;
+ --color-tests) color_tests=$2; shift;;
+ --expect-failure) expect_failure=$2; shift;;
+ --enable-hard-errors) enable_hard_errors=$2; shift;;
+ --) shift; break;;
+ -*) usage_error "invalid option: '$1'";;
+ *) break;;
+ esac
+ shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file" = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file" = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+ usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+ usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+ # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+ red='�[0;31m' # Red.
+ grn='�[0;32m' # Green.
+ lgn='�[1;32m' # Light green.
+ blu='�[1;34m' # Blue.
+ mgn='�[0;35m' # Magenta.
+ std='�[m' # No color.
+else
+ red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here.
+"$@" >$log_file 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+ tweaked_estatus=1
+else
+ tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+ 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+ 0:*) col=$grn res=PASS recheck=no gcopy=no;;
+ 77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
+ 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;;
+ *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;;
+ *:*) col=$red res=FAIL recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/configure.ac
new/libnetfilter_conntrack-1.0.9/configure.ac
--- old/libnetfilter_conntrack-1.0.8/configure.ac 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/configure.ac 2022-02-14
11:56:33.286607866 +0100
@@ -1,9 +1,9 @@
dnl Process this file with autoconf to create configure.
-AC_INIT([libnetfilter_conntrack], [1.0.8])
+AC_INIT([libnetfilter_conntrack], [1.0.9])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
-AC_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([-Wall foreign subdir-objects
@@ -14,8 +14,7 @@
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_PROG_CC
-AC_DISABLE_STATIC
-AM_PROG_LIBTOOL
+LT_INIT([disable-static])
AC_PROG_INSTALL
AC_PROG_LN_S
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/examples/Makefile.am
new/libnetfilter_conntrack-1.0.9/examples/Makefile.am
--- old/libnetfilter_conntrack-1.0.8/examples/Makefile.am 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/examples/Makefile.am 2022-02-14
11:56:33.286607866 +0100
@@ -12,41 +12,41 @@
nfexp-mnl-event
nfct_mnl_create_SOURCES = nfct-mnl-create.c
-nfct_mnl_create_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_create_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_create_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_create_LDFLAGS = -dynamic
nfct_mnl_del_SOURCES = nfct-mnl-del.c
-nfct_mnl_del_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_del_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_del_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_del_LDFLAGS = -dynamic
nfct_mnl_dump_SOURCES = nfct-mnl-dump.c
-nfct_mnl_dump_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_dump_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_dump_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_dump_LDFLAGS = -dynamic
nfct_mnl_dump_labels_SOURCES = nfct-mnl-dump-labels.c
-nfct_mnl_dump_labels_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_dump_labels_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_dump_labels_LDADD = ../src/libnetfilter_conntrack.la -ldl
${LIBMNL_LIBS}
+nfct_mnl_dump_labels_LDFLAGS = -dynamic
nfct_mnl_set_label_SOURCES = nfct-mnl-set-label.c
-nfct_mnl_set_label_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_set_label_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_set_label_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_set_label_LDFLAGS = -dynamic
nfct_mnl_event_SOURCES = nfct-mnl-event.c
-nfct_mnl_event_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_event_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_event_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_event_LDFLAGS = -dynamic
nfct_mnl_flush_SOURCES = nfct-mnl-flush.c
-nfct_mnl_flush_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_flush_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_flush_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_flush_LDFLAGS = -dynamic
nfct_mnl_get_SOURCES = nfct-mnl-get.c
-nfct_mnl_get_LDADD = ../src/libnetfilter_conntrack.la
-nfct_mnl_get_LDFLAGS = -dynamic -ldl -lmnl
+nfct_mnl_get_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfct_mnl_get_LDFLAGS = -dynamic
nfexp_mnl_dump_SOURCES = nfexp-mnl-dump.c
-nfexp_mnl_dump_LDADD = ../src/libnetfilter_conntrack.la
-nfexp_mnl_dump_LDFLAGS = -dynamic -ldl -lmnl
+nfexp_mnl_dump_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfexp_mnl_dump_LDFLAGS = -dynamic
nfexp_mnl_event_SOURCES = nfexp-mnl-event.c
-nfexp_mnl_event_LDADD = ../src/libnetfilter_conntrack.la
-nfexp_mnl_event_LDFLAGS = -dynamic -ldl -lmnl
+nfexp_mnl_event_LDADD = ../src/libnetfilter_conntrack.la -ldl ${LIBMNL_LIBS}
+nfexp_mnl_event_LDFLAGS = -dynamic
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-create.c
new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-create.c
--- old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-create.c 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-create.c 2022-02-14
11:56:33.286607866 +0100
@@ -60,7 +60,11 @@
nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-del.c
new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-del.c
--- old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-del.c 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-del.c 2022-02-14
11:56:33.286607866 +0100
@@ -55,7 +55,11 @@
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-get.c
new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-get.c
--- old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-get.c 2020-04-01
18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-get.c 2022-02-14
11:56:33.286607866 +0100
@@ -74,7 +74,11 @@
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-set-label.c
new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-set-label.c
--- old/libnetfilter_conntrack-1.0.8/examples/nfct-mnl-set-label.c
2020-04-01 18:53:22.609140051 +0200
+++ new/libnetfilter_conntrack-1.0.9/examples/nfct-mnl-set-label.c
2022-02-14 11:56:33.286607866 +0100
@@ -19,6 +19,7 @@
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
struct nfgenmsg *nfh;
+ int ret;
if (b) {
if (bit < 0)
@@ -55,7 +56,11 @@
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
if (mnl_socket_sendto(cbargs->nl, nlh, nlh->nlmsg_len) < 0)
perror("mnl_socket_sendto");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/internal/Makefile.am
new/libnetfilter_conntrack-1.0.9/include/internal/Makefile.am
--- old/libnetfilter_conntrack-1.0.8/include/internal/Makefile.am
2020-04-01 18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/include/internal/Makefile.am
2022-02-14 11:56:33.286607866 +0100
@@ -1,2 +1,2 @@
noinst_HEADERS = bitops.h extern.h linux_list.h prototypes.h \
- internal.h object.h types.h stack.h
+ internal.h object.h types.h stack.h proto.h
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/internal/internal.h
new/libnetfilter_conntrack-1.0.9/include/internal/internal.h
--- old/libnetfilter_conntrack-1.0.8/include/internal/internal.h
2020-04-01 18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/include/internal/internal.h
2022-02-14 11:56:33.286607866 +0100
@@ -27,6 +27,7 @@
#include "internal/types.h"
#include "internal/extern.h"
#include "internal/bitops.h"
+#include "internal/proto.h"
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
@@ -40,7 +41,11 @@
#define IPPROTO_DCCP 33
#endif
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+
#define BUFFER_SIZE(ret, size, len, offset) \
+ if (ret < 0) \
+ return -1; \
size += ret; \
if (ret > len) \
ret = len; \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/internal/object.h
new/libnetfilter_conntrack-1.0.9/include/internal/object.h
--- old/libnetfilter_conntrack-1.0.8/include/internal/object.h 2020-04-01
18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/include/internal/object.h 2022-02-14
11:56:33.286607866 +0100
@@ -287,6 +287,7 @@
struct nfct_filter_dump {
struct nfct_filter_dump_mark mark;
+ struct nfct_filter_dump_mark status;
uint8_t l3num;
uint32_t set;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/internal/proto.h
new/libnetfilter_conntrack-1.0.9/include/internal/proto.h
--- old/libnetfilter_conntrack-1.0.8/include/internal/proto.h 1970-01-01
01:00:00.000000000 +0100
+++ new/libnetfilter_conntrack-1.0.9/include/internal/proto.h 2022-02-14
11:56:33.286607866 +0100
@@ -0,0 +1,19 @@
+#ifndef _NFCT_PROTO_H_
+#define _NFCT_PROTO_H_
+
+#include <stdint.h>
+#include <linux/icmp.h>
+#include <linux/icmpv6.h>
+
+#ifndef ICMPV6_NI_QUERY
+#define ICMPV6_NI_QUERY 139
+#endif
+
+#ifndef ICMPV6_NI_REPLY
+#define ICMPV6_NI_REPLY 140
+#endif
+
+uint8_t __icmp_reply_type(uint8_t type);
+uint8_t __icmpv6_reply_type(uint8_t type);
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack.h
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/libnetfilter_conntrack.h
---
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack.h
2020-04-01 18:53:22.613140045 +0200
+++
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/libnetfilter_conntrack.h
2022-02-14 11:56:33.286607866 +0100
@@ -137,11 +137,11 @@
ATTR_HELPER_INFO, /* variable length */
ATTR_CONNLABELS, /* variable length */
ATTR_CONNLABELS_MASK, /* variable length */
- ATTR_ORIG_ZONE, /* u16 bits */
+ ATTR_ORIG_ZONE = 68, /* u16 bits */
ATTR_REPL_ZONE, /* u16 bits */
ATTR_SNAT_IPV6, /* u128 bits */
ATTR_DNAT_IPV6, /* u128 bits */
- ATTR_SYNPROXY_ISN, /* u32 bits */
+ ATTR_SYNPROXY_ISN = 72, /* u32 bits */
ATTR_SYNPROXY_ITS, /* u32 bits */
ATTR_SYNPROXY_TSOFF, /* u32 bits */
ATTR_MAX
@@ -452,6 +452,7 @@
NFCT_Q_CREATE_UPDATE,
NFCT_Q_DUMP_FILTER,
NFCT_Q_DUMP_FILTER_RESET,
+ NFCT_Q_FLUSH_FILTER,
};
extern int nfct_query(struct nfct_handle *h,
@@ -545,6 +546,7 @@
enum nfct_filter_dump_attr {
NFCT_FILTER_DUMP_MARK = 0, /* struct nfct_filter_dump_mark */
NFCT_FILTER_DUMP_L3NUM, /* uint8_t */
+ NFCT_FILTER_DUMP_STATUS, /* struct nfct_filter_dump_mark */
NFCT_FILTER_DUMP_MAX
};
@@ -585,6 +587,7 @@
/* New low level API: netlink functions */
extern int nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack
*ct);
+extern int nfct_nlmsg_build_filter(struct nlmsghdr *nlh, const struct
nfct_filter_dump *filter_dump);
extern int nfct_nlmsg_parse(const struct nlmsghdr *nlh, struct nf_conntrack
*ct);
extern int nfct_payload_parse(const void *payload, size_t payload_len,
uint16_t l3num, struct nf_conntrack *ct);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
---
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
2020-04-01 18:53:22.613140045 +0200
+++
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
2022-02-14 11:56:33.286607866 +0100
@@ -14,6 +14,8 @@
SCTP_CONNTRACK_SHUTDOWN_SENT,
SCTP_CONNTRACK_SHUTDOWN_RECD,
SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
+ SCTP_CONNTRACK_HEARTBEAT_SENT,
+ SCTP_CONNTRACK_HEARTBEAT_ACKED,
SCTP_CONNTRACK_MAX
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
---
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
2020-04-01 18:53:22.613140045 +0200
+++
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
2022-02-14 11:56:33.286607866 +0100
@@ -102,6 +102,15 @@
IPS_UNTRACKED_BIT = 12,
IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
+#ifdef __KERNEL__
+ /* Re-purposed for in-kernel use:
+ * Tags a conntrack entry that clashed with an existing entry
+ * on insert.
+ */
+ IPS_NAT_CLASH_BIT = IPS_UNTRACKED_BIT,
+ IPS_NAT_CLASH = IPS_UNTRACKED,
+#endif
+
/* Conntrack got a helper explicitly attached via CT target. */
IPS_HELPER_BIT = 13,
IPS_HELPER = (1 << IPS_HELPER_BIT),
@@ -110,14 +119,19 @@
IPS_OFFLOAD_BIT = 14,
IPS_OFFLOAD = (1 << IPS_OFFLOAD_BIT),
+ /* Conntrack has been offloaded to hardware. */
+ IPS_HW_OFFLOAD_BIT = 15,
+ IPS_HW_OFFLOAD = (1 << IPS_HW_OFFLOAD_BIT),
+
/* Be careful here, modifying these bits can make things messy,
* so don't let users modify them directly.
*/
IPS_UNCHANGEABLE_MASK = (IPS_NAT_DONE_MASK | IPS_NAT_MASK |
IPS_EXPECTED | IPS_CONFIRMED | IPS_DYING |
- IPS_SEQ_ADJUST | IPS_TEMPLATE | IPS_OFFLOAD),
+ IPS_SEQ_ADJUST | IPS_TEMPLATE | IPS_UNTRACKED |
+ IPS_OFFLOAD | IPS_HW_OFFLOAD),
- __IPS_MAX_BIT = 15,
+ __IPS_MAX_BIT = 16,
};
/* Connection tracking event types */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
---
old/libnetfilter_conntrack-1.0.8/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
2020-04-01 18:53:22.613140045 +0200
+++
new/libnetfilter_conntrack-1.0.9/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
2022-02-14 11:56:33.286607866 +0100
@@ -58,6 +58,8 @@
CTA_LABELS,
CTA_LABELS_MASK,
CTA_SYNPROXY,
+ CTA_FILTER,
+ CTA_STATUS_MASK,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)
@@ -121,6 +123,7 @@
CTA_PROTOINFO_DCCP_STATE,
CTA_PROTOINFO_DCCP_ROLE,
CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
+ CTA_PROTOINFO_DCCP_PAD,
__CTA_PROTOINFO_DCCP_MAX,
};
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
@@ -140,6 +143,7 @@
CTA_COUNTERS_BYTES, /* 64bit counters */
CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
+ CTA_COUNTERS_PAD,
__CTA_COUNTERS_MAX
};
#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
@@ -148,6 +152,7 @@
CTA_TIMESTAMP_UNSPEC,
CTA_TIMESTAMP_START,
CTA_TIMESTAMP_STOP,
+ CTA_TIMESTAMP_PAD,
__CTA_TIMESTAMP_MAX
};
#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
@@ -242,19 +247,21 @@
enum ctattr_stats_cpu {
CTA_STATS_UNSPEC,
- CTA_STATS_SEARCHED,
+ CTA_STATS_SEARCHED, /* no longer used */
CTA_STATS_FOUND,
- CTA_STATS_NEW,
+ CTA_STATS_NEW, /* no longer used */
CTA_STATS_INVALID,
- CTA_STATS_IGNORE,
- CTA_STATS_DELETE,
- CTA_STATS_DELETE_LIST,
+ CTA_STATS_IGNORE, /* no longer used */
+ CTA_STATS_DELETE, /* no longer used */
+ CTA_STATS_DELETE_LIST, /* no longer used */
CTA_STATS_INSERT,
CTA_STATS_INSERT_FAILED,
CTA_STATS_DROP,
CTA_STATS_EARLY_DROP,
CTA_STATS_ERROR,
CTA_STATS_SEARCH_RESTART,
+ CTA_STATS_CLASH_RESOLVE,
+ CTA_STATS_CHAIN_TOOLONG,
__CTA_STATS_MAX,
};
#define CTA_STATS_MAX (__CTA_STATS_MAX - 1)
@@ -262,6 +269,7 @@
enum ctattr_stats_global {
CTA_STATS_GLOBAL_UNSPEC,
CTA_STATS_GLOBAL_ENTRIES,
+ CTA_STATS_GLOBAL_MAX_ENTRIES,
__CTA_STATS_GLOBAL_MAX,
};
#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
@@ -275,6 +283,14 @@
};
#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1)
+enum ctattr_filter {
+ CTA_FILTER_UNSPEC,
+ CTA_FILTER_ORIG_FLAGS,
+ CTA_FILTER_REPLY_FLAGS,
+ __CTA_FILTER_MAX
+};
+#define CTA_FILTER_MAX (__CTA_FILTER_MAX - 1)
+
#ifdef __cplusplus
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/libnetfilter_conntrack.pc.in
new/libnetfilter_conntrack-1.0.9/libnetfilter_conntrack.pc.in
--- old/libnetfilter_conntrack-1.0.8/libnetfilter_conntrack.pc.in
2020-04-01 18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/libnetfilter_conntrack.pc.in
2022-02-14 11:56:33.286607866 +0100
@@ -12,5 +12,5 @@
Requires: libnfnetlink
Conflicts:
Libs: -L${libdir} -lnetfilter_conntrack
-Libs.private: @LIBNFNETLINK_LIBS@
+Libs.private: @LIBNFNETLINK_LIBS@ @LIBMNL_LIBS@
Cflags: -I${includedir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/m4/libtool.m4
new/libnetfilter_conntrack-1.0.9/m4/libtool.m4
--- old/libnetfilter_conntrack-1.0.8/m4/libtool.m4 2020-04-01
18:53:27.097133111 +0200
+++ new/libnetfilter_conntrack-1.0.9/m4/libtool.m4 2022-02-14
11:56:37.066797369 +0100
@@ -1041,8 +1041,8 @@
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+ $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@@ -1071,11 +1071,11 @@
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+ 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[[012]][[,.]]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined
${wl}suppress' ;;
- 10.*)
+ 10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@@ -1492,7 +1492,7 @@
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
@@ -4063,7 +4063,8 @@
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
- if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe"
\> $nlist) && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext |
$lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \>
$nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -4703,6 +4704,12 @@
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -6438,7 +6445,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 |
$GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 |
$GREP -v "^Configured with:" | $GREP " \-L"'
else
GXX=no
@@ -6813,7 +6820,7 @@
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -6878,7 +6885,7 @@
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -7217,7 +7224,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# FIXME: insert proper C++ library support
@@ -7301,7 +7308,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v
conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v
conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
@@ -7312,7 +7319,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/Makefile.am
new/libnetfilter_conntrack-1.0.9/src/conntrack/Makefile.am
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/Makefile.am 2020-04-01
18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/Makefile.am 2022-02-14
11:56:33.296608370 +0100
@@ -14,4 +14,5 @@
copy.c \
filter.c bsf.c filter_dump.c \
grp.c grp_getter.c grp_setter.c \
- stack.c
+ stack.c \
+ proto.c
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/api.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/api.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/api.c 2020-04-01
18:53:22.613140045 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/api.c 2022-02-14
11:56:33.296608370 +0100
@@ -831,6 +831,9 @@
nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family,
NFNETLINK_V0);
break;
+ case NFCT_Q_FLUSH_FILTER:
+ nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family, 1);
+ break;
case NFCT_Q_DUMP:
nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, *family,
NFNETLINK_V0);
@@ -1099,9 +1102,9 @@
* print the message just after you receive the destroy event. If you want
* more accurate timestamping, use NFCT_OF_TIMESTAMP.
*
- * This function returns the size of the information that _would_ have been
- * written to the buffer, even if there was no room for it. Thus, the
- * behaviour is similar to snprintf.
+ * On error, -1 is returned and errno is set appropiately. Otherwise the
+ * size of what _would_ be written is returned, even if the size of the
+ * buffer is insufficient. This behaviour is similar to snprintf.
*/
int nfct_snprintf(char *buf,
unsigned int size,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/build_mnl.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/build_mnl.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/build_mnl.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/build_mnl.c 2022-02-14
11:56:33.296608370 +0100
@@ -73,8 +73,7 @@
mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id);
break;
default:
- mnl_attr_nest_cancel(nlh, nest);
- return -1;
+ break;
}
mnl_attr_nest_end(nlh, nest);
return 0;
@@ -496,10 +495,7 @@
test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
- test_bit(ATTR_REPL_ZONE, ct->head.set) ||
- test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
- test_bit(ATTR_ICMP_CODE, ct->head.set) ||
- test_bit(ATTR_ICMP_ID, ct->head.set)) {
+ test_bit(ATTR_REPL_ZONE, ct->head.set)) {
const struct __nfct_tuple *t = &ct->repl;
struct nlattr *nest;
@@ -598,3 +594,25 @@
return 0;
}
+
+int nfct_nlmsg_build_filter(struct nlmsghdr *nlh,
+ const struct nfct_filter_dump *filter_dump)
+{
+ struct nfgenmsg *nfg;
+
+ if (filter_dump->set & (1 << NFCT_FILTER_DUMP_MARK)) {
+ mnl_attr_put_u32(nlh, CTA_MARK, htonl(filter_dump->mark.val));
+ mnl_attr_put_u32(nlh, CTA_MARK_MASK,
htonl(filter_dump->mark.mask));
+ }
+ if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM)) {
+ nfg = mnl_nlmsg_get_payload(nlh);
+ nfg->nfgen_family = filter_dump->l3num;
+ }
+ if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) {
+ mnl_attr_put_u32(nlh, CTA_STATUS,
htonl(filter_dump->status.val));
+ mnl_attr_put_u32(nlh, CTA_STATUS_MASK,
+ htonl(filter_dump->status.mask));
+ }
+
+ return 0;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/copy.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/copy.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/copy.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/copy.c 2022-02-14
11:56:33.296608370 +0100
@@ -427,8 +427,8 @@
static void copy_attr_helper_name(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- strncpy(dest->helper_name, orig->helper_name, NFCT_HELPER_NAME_MAX);
- dest->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
+ snprintf(dest->helper_name, NFCT_HELPER_NAME_MAX, "%s",
+ orig->helper_name);
}
static void copy_attr_zone(struct nf_conntrack *dest,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/filter_dump.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/filter_dump.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/filter_dump.c
2020-04-01 18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/filter_dump.c
2022-02-14 11:56:33.296608370 +0100
@@ -8,6 +8,7 @@
*/
#include "internal/internal.h"
+#include <libmnl/libmnl.h>
static void
set_filter_dump_attr_mark(struct nfct_filter_dump *filter_dump,
@@ -20,6 +21,16 @@
}
static void
+set_filter_dump_attr_status(struct nfct_filter_dump *filter_dump,
+ const void *value)
+{
+ const struct nfct_filter_dump_mark *this = value;
+
+ filter_dump->status.val = this->val;
+ filter_dump->status.mask = this->mask;
+}
+
+static void
set_filter_dump_attr_family(struct nfct_filter_dump *filter_dump,
const void *value)
{
@@ -29,19 +40,11 @@
const set_filter_dump_attr set_filter_dump_attr_array[NFCT_FILTER_DUMP_MAX] = {
[NFCT_FILTER_DUMP_MARK] = set_filter_dump_attr_mark,
[NFCT_FILTER_DUMP_L3NUM] = set_filter_dump_attr_family,
+ [NFCT_FILTER_DUMP_STATUS] = set_filter_dump_attr_status,
};
void __build_filter_dump(struct nfnlhdr *req, size_t size,
const struct nfct_filter_dump *filter_dump)
{
- if (filter_dump->set & (1 << NFCT_FILTER_DUMP_MARK)) {
- nfnl_addattr32(&req->nlh, size, CTA_MARK,
- htonl(filter_dump->mark.val));
- nfnl_addattr32(&req->nlh, size, CTA_MARK_MASK,
- htonl(filter_dump->mark.mask));
- }
- if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM)) {
- struct nfgenmsg *nfg = NLMSG_DATA(&req->nlh);
- nfg->nfgen_family = filter_dump->l3num;
- }
+ nfct_nlmsg_build_filter(&req->nlh, filter_dump);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/grp_setter.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/grp_setter.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/grp_setter.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/grp_setter.c 2022-02-14
11:56:33.296608370 +0100
@@ -8,34 +8,6 @@
*/
#include "internal/internal.h"
-#include <linux/icmp.h>
-#include <linux/icmpv6.h>
-
-static const uint8_t invmap_icmp[] = {
- [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
- [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
- [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
- [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
- [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
- [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
- [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
- [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
-};
-
-#ifndef ICMPV6_NI_QUERY
-#define ICMPV6_NI_QUERY 139
-#endif
-
-#ifndef ICMPV6_NI_REPLY
-#define ICMPV6_NI_REPLY 140
-#endif
-
-static const uint8_t invmap_icmpv6[] = {
- [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
- [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
- [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
- [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
-};
static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value)
{
@@ -85,18 +57,18 @@
static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
{
- uint8_t rtype;
const struct nfct_attr_grp_icmp *this = value;
+ uint8_t rtype = 0;
ct->head.orig.l4dst.icmp.type = this->type;
switch(ct->head.orig.l3protonum) {
case AF_INET:
- rtype = invmap_icmp[this->type];
+ rtype = __icmp_reply_type(this->type);
break;
case AF_INET6:
- rtype = invmap_icmpv6[this->type - 128];
+ rtype = __icmpv6_reply_type(this->type);
break;
default:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/parse_mnl.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/parse_mnl.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/parse_mnl.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/parse_mnl.c 2022-02-14
11:56:33.296608370 +0100
@@ -690,9 +690,8 @@
if (!tb[CTA_HELP_NAME])
return 0;
- strncpy(ct->helper_name, mnl_attr_get_str(tb[CTA_HELP_NAME]),
- NFCT_HELPER_NAME_MAX);
- ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
+ snprintf(ct->helper_name, NFCT_HELPER_NAME_MAX, "%s",
+ mnl_attr_get_str(tb[CTA_HELP_NAME]));
set_bit(ATTR_HELPER_NAME, ct->head.set);
if (!tb[CTA_HELP_INFO])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/proto.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/proto.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/proto.c 1970-01-01
01:00:00.000000000 +0100
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/proto.c 2022-02-14
11:56:33.296608370 +0100
@@ -0,0 +1,36 @@
+#include <internal/proto.h>
+#include <internal/internal.h>
+
+static const uint8_t invmap_icmp[] = {
+ [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
+ [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
+ [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
+ [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
+ [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
+ [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
+ [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
+ [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
+};
+
+static const uint8_t invmap_icmpv6[] = {
+ [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
+ [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
+ [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_REPLY + 1,
+ [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_QUERY + 1
+};
+
+uint8_t __icmp_reply_type(uint8_t type)
+{
+ if (type < ARRAY_SIZE(invmap_icmp))
+ return invmap_icmp[type];
+
+ return 0;
+}
+
+uint8_t __icmpv6_reply_type(uint8_t type)
+{
+ if (type - 128 < ARRAY_SIZE(invmap_icmpv6))
+ return invmap_icmpv6[type - 128];
+
+ return 0;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/setter.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/setter.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/setter.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/setter.c 2022-02-14
11:56:33.296608370 +0100
@@ -8,34 +8,6 @@
*/
#include "internal/internal.h"
-#include <linux/icmp.h>
-#include <linux/icmpv6.h>
-
-static const uint8_t invmap_icmp[] = {
- [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
- [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
- [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
- [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
- [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
- [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
- [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
- [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
-};
-
-#ifndef ICMPV6_NI_QUERY
-#define ICMPV6_NI_QUERY 139
-#endif
-
-#ifndef ICMPV6_NI_REPLY
-#define ICMPV6_NI_REPLY 140
-#endif
-
-static const uint8_t invmap_icmpv6[] = {
- [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
- [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
- [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
- [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
-};
static void
set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len)
@@ -124,17 +96,18 @@
static void
set_attr_icmp_type(struct nf_conntrack *ct, const void *value, size_t len)
{
- uint8_t rtype;
+ uint8_t type = *((uint8_t *) value);
+ uint8_t rtype = 0;
- ct->head.orig.l4dst.icmp.type = *((uint8_t *) value);
+ ct->head.orig.l4dst.icmp.type = type;
switch(ct->head.orig.l3protonum) {
case AF_INET:
- rtype = invmap_icmp[*((uint8_t *) value)];
+ rtype = __icmp_reply_type(type);
break;
case AF_INET6:
- rtype = invmap_icmpv6[*((uint8_t *) value) - 128];
+ rtype = __icmpv6_reply_type(type);
break;
default:
@@ -389,8 +362,7 @@
static void
set_attr_helper_name(struct nf_conntrack *ct, const void *value, size_t len)
{
- strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX);
- ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
+ snprintf(ct->helper_name, NFCT_HELPER_NAME_MAX, "%s", (char *)value);
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf.c 2022-02-14
11:56:33.296608370 +0100
@@ -48,6 +48,8 @@
[SCTP_CONNTRACK_SHUTDOWN_SENT] = "SHUTDOWN_SENT",
[SCTP_CONNTRACK_SHUTDOWN_RECD] = "SHUTDOWN_RECD",
[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT] = "SHUTDOWN_ACK_SENT",
+ [SCTP_CONNTRACK_HEARTBEAT_SENT] = "HEARTBEAT_SENT",
+ [SCTP_CONNTRACK_HEARTBEAT_ACKED] = "HEARTBEAT_ACKED",
};
const char *const dccp_states[DCCP_CONNTRACK_MAX] = {
@@ -85,6 +87,9 @@
return -1;
}
+ if (size < 0)
+ return size;
+
/* NULL terminated string */
buf[size+1 > len ? len-1 : size] = '\0';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf_default.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf_default.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf_default.c
2020-04-01 18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf_default.c
2022-02-14 11:56:33.296608370 +0100
@@ -13,20 +13,24 @@
unsigned int len,
const struct nf_conntrack *ct)
{
- return (snprintf(buf, len, "%-8s %u ",
- l3proto2str[ct->head.orig.l3protonum] == NULL ?
- "unknown" : l3proto2str[ct->head.orig.l3protonum],
- ct->head.orig.l3protonum));
+ uint8_t num = ct->head.orig.l3protonum;
+
+ if (!test_bit(ATTR_ORIG_L3PROTO, ct->head.set))
+ return -1;
+
+ return snprintf(buf, len, "%-8s %u ", __l3proto2str(num), num);
}
int __snprintf_protocol(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return (snprintf(buf, len, "%-8s %u ",
- proto2str[ct->head.orig.protonum] == NULL ?
- "unknown" : proto2str[ct->head.orig.protonum],
- ct->head.orig.protonum));
+ uint8_t num = ct->head.orig.protonum;
+
+ if (!test_bit(ATTR_ORIG_L4PROTO, ct->head.set))
+ return -1;
+
+ return snprintf(buf, len, "%-8s %u ", __proto2str(num), num);
}
static int __snprintf_timeout(char *buf,
@@ -40,30 +44,48 @@
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ",
- ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ?
- states[ct->protoinfo.tcp.state] :
- states[TCP_CONNTRACK_NONE]);
+ uint8_t state = ct->protoinfo.tcp.state;
+ const char *str = NULL;
+
+ if (state < ARRAY_SIZE(states))
+ str = states[state];
+
+ if (str == NULL)
+ str = states[TCP_CONNTRACK_NONE];
+
+ return snprintf(buf, len, "%s ", str);
}
static int __snprintf_protoinfo_sctp(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ",
- ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ?
- sctp_states[ct->protoinfo.sctp.state] :
- sctp_states[SCTP_CONNTRACK_NONE]);
+ uint8_t state = ct->protoinfo.sctp.state;
+ const char *str = NULL;
+
+ if (state < ARRAY_SIZE(sctp_states))
+ str = sctp_states[state];
+
+ if (str == NULL)
+ str = sctp_states[SCTP_CONNTRACK_NONE];
+
+ return snprintf(buf, len, "%s ", str);
}
static int __snprintf_protoinfo_dccp(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ",
- ct->protoinfo.dccp.state < DCCP_CONNTRACK_MAX ?
- sctp_states[ct->protoinfo.dccp.state] :
- sctp_states[DCCP_CONNTRACK_NONE]);
+ const char *str = NULL;
+ uint8_t state = ct->protoinfo.dccp.state;
+
+ if (state < ARRAY_SIZE(dccp_states))
+ str = dccp_states[state];
+
+ if (str == NULL)
+ str = dccp_states[DCCP_CONNTRACK_NONE];
+
+ return snprintf(buf, len, "%s ", str);
}
static int __snprintf_address_ipv4(char *buf,
@@ -108,7 +130,7 @@
if (!inet_ntop(AF_INET6, &dst, tmp, sizeof(tmp)))
return -1;
- ret = snprintf(buf+offset, len-size, "%s=%s ", dst_tag, tmp);
+ ret = snprintf(buf + offset, len, "%s=%s ", dst_tag, tmp);
BUFFER_SIZE(ret, size, len, offset);
return size;
@@ -136,7 +158,7 @@
return size;
}
-int __snprintf_proto(char *buf,
+int __snprintf_proto(char *buf,
unsigned int len,
const struct __nfct_tuple *tuple)
{
@@ -184,7 +206,9 @@
{
int size = 0;
- if (ct->status & IPS_OFFLOAD)
+ if (ct->status & IPS_HW_OFFLOAD)
+ size = snprintf(buf, len, "[HW_OFFLOAD] ");
+ else if (ct->status & IPS_OFFLOAD)
size = snprintf(buf, len, "[OFFLOAD] ");
else if (ct->status & IPS_ASSURED)
size = snprintf(buf, len, "[ASSURED] ");
@@ -197,7 +221,7 @@
const struct nf_conntrack *ct)
{
int size = 0;
-
+
if (!(ct->status & IPS_SEEN_REPLY))
size = snprintf(buf, len, "[UNREPLIED] ");
@@ -345,7 +369,7 @@
return size;
}
-int __snprintf_conntrack_default(char *buf,
+int __snprintf_conntrack_default(char *buf,
unsigned int len,
const struct nf_conntrack *ct,
unsigned int msg_type,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf_xml.c
new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf_xml.c
--- old/libnetfilter_conntrack-1.0.8/src/conntrack/snprintf_xml.c
2020-04-01 18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/conntrack/snprintf_xml.c
2022-02-14 11:56:33.296608370 +0100
@@ -55,12 +55,28 @@
const char *__proto2str(uint8_t protonum)
{
- return proto2str[protonum] ? proto2str[protonum] : "unknown";
+ const char *str = NULL;
+
+ if (protonum < ARRAY_SIZE(proto2str))
+ str = proto2str[protonum];
+
+ if (str == NULL)
+ str = "unknown";
+
+ return str;
}
const char *__l3proto2str(uint8_t protonum)
{
- return l3proto2str[protonum] ? l3proto2str[protonum] : "unknown";
+ const char *str = NULL;
+
+ if (protonum < ARRAY_SIZE(l3proto2str))
+ str = l3proto2str[protonum];
+
+ if (str == NULL)
+ str = "unknown";
+
+ return str;
}
static int __snprintf_ipv4_xml(char *buf,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/expect/api.c
new/libnetfilter_conntrack-1.0.9/src/expect/api.c
--- old/libnetfilter_conntrack-1.0.8/src/expect/api.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/expect/api.c 2022-02-14
11:56:33.296608370 +0100
@@ -795,8 +795,9 @@
* - NFEXP_O_LAYER: include layer 3 information in the output, this is
* *only* required by NFEXP_O_DEFAULT.
*
- * On error, -1 is returned and errno is set appropiately. Otherwise,
- * 0 is returned.
+ * On error, -1 is returned and errno is set appropiately. Otherwise the
+ * size of what _would_ be written is returned, even if the size of the
+ * buffer is insufficient. This behaviour is similar to snprintf.
*/
int nfexp_snprintf(char *buf,
unsigned int size,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/expect/parse_mnl.c
new/libnetfilter_conntrack-1.0.9/src/expect/parse_mnl.c
--- old/libnetfilter_conntrack-1.0.8/src/expect/parse_mnl.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/expect/parse_mnl.c 2022-02-14
11:56:33.296608370 +0100
@@ -10,6 +10,7 @@
*/
#include "internal/internal.h"
+#include <assert.h>
#include <libmnl/libmnl.h>
static int nlmsg_parse_expection_attr_cb(const struct nlattr *attr, void *data)
@@ -139,10 +140,8 @@
set_bit(ATTR_EXP_FLAGS, exp->set);
}
if (tb[CTA_EXPECT_HELP_NAME]) {
- strncpy(exp->helper_name,
- mnl_attr_get_str(tb[CTA_EXPECT_HELP_NAME]),
- NFCT_HELPER_NAME_MAX);
- exp->helper_name[NFCT_HELPER_NAME_MAX - 1] = '\0';
+ snprintf(exp->helper_name, NFCT_HELPER_NAME_MAX, "%s",
+ mnl_attr_get_str(tb[CTA_EXPECT_HELP_NAME]));
set_bit(ATTR_EXP_HELPER_NAME, exp->set);
}
if (tb[CTA_EXPECT_CLASS]) {
@@ -153,9 +152,11 @@
nfexp_nlmsg_parse_nat(nfg, tb[CTA_EXPECT_NAT], exp);
if (tb[CTA_EXPECT_FN]) {
- strncpy(exp->expectfn, mnl_attr_get_payload(tb[CTA_EXPECT_FN]),
- __NFCT_EXPECTFN_MAX);
- exp->expectfn[__NFCT_EXPECTFN_MAX - 1] = '\0';
+ int len = mnl_attr_get_payload_len(tb[CTA_EXPECT_FN]);
+ /* the kernel doesn't impose a max length on this str */
+ assert(len <= __NFCT_EXPECTFN_MAX);
+ snprintf(exp->expectfn, __NFCT_EXPECTFN_MAX, "%s",
+ (char *)mnl_attr_get_payload(tb[CTA_EXPECT_FN]));
set_bit(ATTR_EXP_FN, exp->set);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/expect/setter.c
new/libnetfilter_conntrack-1.0.9/src/expect/setter.c
--- old/libnetfilter_conntrack-1.0.8/src/expect/setter.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/expect/setter.c 2022-02-14
11:56:33.296608370 +0100
@@ -46,8 +46,7 @@
static void set_exp_attr_helper_name(struct nf_expect *exp, const void *value)
{
- strncpy(exp->helper_name, value, NFCT_HELPER_NAME_MAX);
- exp->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
+ snprintf(exp->helper_name, NFCT_HELPER_NAME_MAX, "%s", (char *)value);
}
static void set_exp_attr_nat_dir(struct nf_expect *exp, const void *value)
@@ -62,8 +61,7 @@
static void set_exp_attr_expectfn(struct nf_expect *exp, const void *value)
{
- strncpy(exp->expectfn, value, __NFCT_EXPECTFN_MAX);
- exp->expectfn[__NFCT_EXPECTFN_MAX-1] = '\0';
+ snprintf(exp->expectfn, __NFCT_EXPECTFN_MAX, "%s", (char *)value);
}
const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/src/expect/snprintf.c
new/libnetfilter_conntrack-1.0.9/src/expect/snprintf.c
--- old/libnetfilter_conntrack-1.0.8/src/expect/snprintf.c 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/src/expect/snprintf.c 2022-02-14
11:56:33.296608370 +0100
@@ -30,6 +30,9 @@
return -1;
}
+ if (size < 0)
+ return size;
+
/* NULL terminated string */
buf[size+1 > len ? len-1 : size] = '\0';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/tests/Makefile.am
new/libnetfilter_conntrack-1.0.9/tests/Makefile.am
--- old/libnetfilter_conntrack-1.0.8/tests/Makefile.am 2020-04-01
18:53:22.617140038 +0200
+++ new/libnetfilter_conntrack-1.0.9/tests/Makefile.am 2022-02-14
11:56:33.296608370 +0100
@@ -3,6 +3,10 @@
check_PROGRAMS = test_api test_filter test_connlabel ct_stress \
ct_events_reliable
+EXTRA_DIST = qa-connlabel.conf
+
+TESTS = test_api test_filter test_connlabel
+
test_api_SOURCES = test_api.c
test_api_LDADD = ../src/libnetfilter_conntrack.la
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/tests/qa-connlabel.conf
new/libnetfilter_conntrack-1.0.9/tests/qa-connlabel.conf
--- old/libnetfilter_conntrack-1.0.8/tests/qa-connlabel.conf 1970-01-01
01:00:00.000000000 +0100
+++ new/libnetfilter_conntrack-1.0.9/tests/qa-connlabel.conf 2022-02-14
11:56:33.296608370 +0100
@@ -0,0 +1,11 @@
+0 zero
+# duplicate names should be skipped
+1 zero
+1 test label 1
+1 zero
+# .. so this should have added bit 1 as "test label 1"
+2 test label 2
+# duplicate bit, should be skipped, too
+2 duplicate
+5 unused label
+42 T
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libnetfilter_conntrack-1.0.8/tests/test_connlabel.c
new/libnetfilter_conntrack-1.0.9/tests/test_connlabel.c
--- old/libnetfilter_conntrack-1.0.8/tests/test_connlabel.c 2020-04-01
18:53:22.621140033 +0200
+++ new/libnetfilter_conntrack-1.0.9/tests/test_connlabel.c 2022-02-14
11:56:33.296608370 +0100
@@ -1,4 +1,5 @@
#include <assert.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
@@ -60,6 +61,13 @@
l = nfct_labelmap_new("qa-connlabel.conf");
if (!l)
l = nfct_labelmap_new("tests/qa-connlabel.conf");
+ if (!l) {
+ char testconf[PATH_MAX];
+
+ snprintf(testconf, PATH_MAX,
+ "%s/qa-connlabel.conf", getenv("srcdir"));
+ l = nfct_labelmap_new(testconf);
+ }
assert(l);
puts("qa-connlabel.conf:");
dump_map(l);
++++++ libnetfilter_conntrack.keyring ++++++
--- /var/tmp/diff_new_pack.0jV2Q4/_old 2022-02-15 23:57:12.504200609 +0100
+++ /var/tmp/diff_new_pack.0jV2Q4/_new 2022-02-15 23:57:12.508200620 +0100
@@ -1,108 +1,65 @@
-pub 4096R/0xA4111F89BB5F58CC 2010-10-21 [expires: 2015-10-20]
- Key fingerprint = 57FF 5E9C 9AA6 7A86 0B55 7AF7 A411 1F89 BB5F 58CC
-uid [ expired] Netfilter Core Team <coret...@netfilter.org>
-sub 4096R/0x0FD3A13A04B92F5C 2010-10-21 [expires: 2015-10-20]
-
-pub 4096R/0xAB4655A126D292E4 2015-10-19 [expires: 2020-10-17]
- Key fingerprint = C09D B206 3F1D 7034 BA61 52AD AB46 55A1 26D2 92E4
-uid [ unknown] Netfilter Core Team <coret...@netfilter.org>
-sub 4096R/0xE3B0B6BAE3AAA39E 2015-10-19 [expires: 2020-10-17]
-
-----BEGIN PGP PUBLIC KEY BLOCK-----
-mQINBEzAS5EBEADVlGm+KwODJcVmP33HTCbn/eP8obZbgu+3Z1CYRklF8V43vC6D
-8Jfk7fjD4/gWbAKZxriOESXVAN7mp0Fho4+Ga+pxWeLIET9tVM5xbNFK1p9R3XCK
-p5SrugG+tGhizTR9b/1YCMVRz/yX3aDtC7lwObas4hkr5BqhphjvlkjFE7us32by
-43LPpFj2yUpp1VdOf6gxl03kAgJg08h9J7a+n9KHQeAhIpXSRFq3tXiTdXQlovsv
-ckwBjO0m8P2d1Z8/UYwXQgXzuO8W8EqaUSR95nDwl7UnilnKJm2fGvNg3A6PfCSk
-3KdeEBZ45SRfMTPsuC5C4T0Az75h3HFR6YSae46ymg7d4ZA/Bd5K4hvp4PdYrfCi
-GXen7iK9q5XDpopWb0yCrEVJzKjBjDurvpLtAD0IFWcpB6zwM38AnxVH05J8QOx/
-VCZ4vZJxTKWbpHbdcISSMmVt00VfKorF9DsjiAcBRMBcIvDpJTP4yjvr32W09wLc
-d5CIYGrLKhLNysUIJ44AQoTL9yV5aQvCb2EFnoPqCEKQm8onTAGX19PpTDjDPJFt
-WyMMUDtiMp2yODuFo1qHjxvqzSVX+Ti2sGpiT1hEz97GAIlbAvmXs/bTb+U+rBnd
-6027ooes3cWmBSV5kpz/sMp+nFynrLZ5NDnehPScz3W31oGgSdrGsnnhaQARAQAB
+mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
+660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
+V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
+zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
+Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
+KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
+dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
+WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
+9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
++IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
+U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
-PgQTAQIAKAUCTMBLkQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
-CgkQpBEfibtfWMzULxAAtGgYeuEqk0F9y4sz6hFJf+fXKSPPrwWTIUXs/sCxlBtS
-lgf9oTvk3aT48zsMIfsDsS8yfIUjaK+eedIZW3oJ0lBtwRncZKjks8Od5J7DvEhR
-Kpo3cajT1KXJh584IvXN0/BbCdPUI6EQE8n0fEUrSWANfzhuD3qYtX9UUGBq/7i8
-Cf3pGFDeYRjcwWeNZ1T+xbaCKPS5BGlOVhMtauaTBZvTJniB828bOZXd3KrXUeul
-AicbzZzqU7XcNX2YKw19MTQzuGNZQ3npJUPQiHgyELTh3+YUmRkPaZaZiDNZeQvu
-/j8cgSoa26Q48apjghREo0Ues4MwQwEGBbdVkEQQMuC9ASti3OyZBTOqyApc2rpE
-VsW2CkqvoQ8jaP51Ua4mjerYkqEqXaVtbPelNFMJXGNXrKdf0xg5Nl/onWnT9S/s
-jtR3LtjOQ0apbBiGPROtYKWSQtA55TgYNLLS1+947TvU134Px1FA8Dqi72SBl7Xc
-ET4nwISO222wMJBxbY4MYB2TppMysIKXUazIyekbRkpK1woH4AR6NsuJOiVdhjEi
-46MkN7tmHI9S9blA98Ih6C9hMz2YgmQEwOQ0qYgVruPdYZSP+M5o+pra9ch+STBk
-FbB03L9kqcAAE8wpGSBRYU+KuyVRipnPeqoeR8niO71AiKbsfbL1skTGRafC2Q+5
-Ag0ETMBLkQEQANNv2Ymm/BVxwqb1vrLq1scoWK5kmeaRD3ndMBv9F3xwqGnE/JTn
-HnVoZIzGb8MD+MCe9jfm8Y+NLU0D71NpDDqRzFZCCjcTmRMYV6QXlsg/ndnSaU1b
-hG0gSq4N+qZFZ+35yiY5pYv1qZkIqWr4/vg9mk53CU620bNgNJ1+F19s/eTw1231
-pJ6K6BsDi7pj4LXGD5wHZPKAmLabFweCkGbGQo6VwWw1ieNJ0igvzkZtVXuvoeHU
-mAitCaZT9AIYDl4PHryckIzjgTdhK0PP92fyHV64Yr3B7G6hWlEwq4wKk9irdgqD
-20Fuqw8Cvv6k1YucWfdpNbZkUI3siQE+1HUUuRTcT8yrPcEA5ZM1/U+e8jBT3EAr
-hk69G6LCfwyX2Xd/JGlBmc0Qv0t2YKqj9Io1G5lBN1q57+vK7ttiIUomwvfD2ltY
-0bdcEr5LjXOk3Sb+OPIVm7+vr6hDMKdUpdm5ABZRSUb0RJ37hBT+DKYbnp0t/e3a
-MXxV9m3jUq8hNdwc8vU1khr9kf+MWPonE0Vw2kqHIIb4I5W9HkMJf4Vzj9/hVPMI
-ucV+2de/7zqxwa0Jh5VSD7SeKj7LznsAy9gi/AioYq4AKVTsigfyJlWpjOLeOvv7
-z4uUfLRQ5OWWfX8BBw8SoPwnWQD4cXHkrHXVwYR2yy7pEc1CstUN+uqXABEBAAGJ
-AiUEGAECAA8FAkzAS5ECGwwFCQlmAYAACgkQpBEfibtfWMyLqw/6A12S4bnLYaik
-ToKc13ywTUsHplbmlLOy2E/5ZMksdfuWjh9XTMR0nbXWnFULxGKTP00kA0yVpv/j
-beDY/qLzY2Yb0rROCQJjuWSLYuNW40+Hmh9TGsDWt7iK3XsONVpV0sRsMOBCwV3k
-2EsFXu73Fj+1JvQ+WSGluj+N7HFAqPi5OFk3IFFnIGhScUz22V6meSaOEqiXLySg
-qh3lv7+XuGzoBjdy7dDm+SnbmK9lO1IqPsIm4iDwmTNJBiu1Wrz319kLYA0/Vx+o
-fmxyViOX1GZShb1mGH0Aeo4jeYmDNLXapkoymC3HCIMctYDmuIw6QlgG8i1LRcFh
-VKMngLjZ17dl/w8gYOdkCsGIUBzvbFBhxuJnXMnFVyDxft/lorMAimH2kbjDn6qa
-H0uV8ILfFVe6gnKzanugmaSQjWzby/ARPhs6OYAXoIUv5MUVDgvTzVmTckWjVa1R
-kMm3eGmDSqoMxsPmarb80nkoFQMOPhJWlyaUCt6HHRYuSkIcxY4H4Ni3Oq1s1R9/
-EqUuIfxNv7Kp0mcsE2KvANc3JfB9wXwLWqDYRCifLkCD6pbpt9L/+xQ49VzcFxNO
-9DqTyk4N7cz7OZrAi+ouVrdFuiwnZyn5YSQoof6Pos58b3bkFn14m9gofwTqGzPh
-R4Vot9rRu5zrWdoCM4cRThpJyrjqBMuZAg0EViV2IwEQALrfnP0L2QbpXPN1Yg7w
-ESbOMnp3B7nIyeVmo3mvYI/mH0GtEHcFbigsUt4nIXCxI/ppB5NQH/GR8EbTUbq2
-OycNaIRWSDYHX+LDijyZ9NO6m8wbQODdhjroK7q8rHzO8Vp+reNzPM2nY7Uh3w3s
-dPrOERGYeZld1nDyN20ko2Zg4fIJIwVJaHwv4L1j9GYAKp6ACnyG81+VA9adPNCi
-9YyIbET/3/bWkl86AS78rLY7fFo5s2BZn0gvFzCB/q9v/dKYs6e5aX7DUeF2q4OW
-/J7vJjITXGum7ydRC3Neov8PdeNAbBfciznWvnTyArExjgTiHwqQOIDnW4dEJtJw
-iNP50rVKb5DZI3/YokZ5AAQV70ZZemL/5vfGl6a77wvuUFcKFtiQq3JYvt3oWcBO
-zyWbd7L1McwAbOOeSXS9hGWuWHjzFuQl7igdJAXs4GRCgUbM83yTCtmDD11337De
-diSfrcgtmNpkvfRBkjUKYten6N1jsNBqCevLxw0uFYBeSVl96KJyybMd2Rd7P+tC
-jtfpPuEvw9AlPqHZKnKQ4c8vp07MCI9JavJ/nola7rCMk0LULC9tttyaOGNSD3vb
-/t26lXr6qOV60+0lw7xEbdAu8zdEqR/ixKbvn1jbSajTcH3geGL7YakliuctRWTB
-XYyd8abaKDUzrTES1JJ53xRNABEBAAG0LE5ldGZpbHRlciBDb3JlIFRlYW0gPGNv
-cmV0ZWFtQG5ldGZpbHRlci5vcmc+iQI+BBMBAgAoBQJWJXYjAhsDBQkJZgGABgsJ
-CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCrRlWhJtKS5NoHEAC6mgfbDygR+Mrb
-Hg3qbGkgonPjUnYBqkBDz8jgdvFXS3Qm/ANI92qqeLkG+eFusuioIpXg4SHNmyUB
-oR+B60tApBtzO88iAbCHkjvfz4fqAZpYJ3VzYXIa/ScSoQHj77quNkO9aauikTj4
-ro6gnMUI2ilN1dv9Fb9/3XYxfyvP7QhWyGRuu9MekaPNjATtw7tDnDBe0C5eHrwX
-l2ojGxldj2eecoLLYcGw8x4rVDAxlNldh6tNgwc3IQ+4FkIri5sudK4vxDkPbouf
-srT6xoUe+qAj+9mScUeRFSrrdCCRd2EsBq+jhWS/kOWa0OAi6TKSOXMIdJze84Og
-R+67m+PNivmZ5+XgSmM/AzN36Lynx8nx7WNThVCd9HViq9kyXI1tQazGU30++Wec
-ct+7VE2f4aP5ITjd7WlHlEULVjRMBg+mFdz+jfmEncmC41TjWykqvrZWsT98FhNR
-YiRVsniiNvc7BS8X1qBODovvKg44yF3xEy3uFScHMqwMjiEqtVfQpfZh9PjzX1eA
-uj9sMF16NnzVeT/n4gKbO8E4vebtIJgzMd19Y0KCxfMxu4rjSHw1T0bYzwOoa9y/
-ejKM/G/NEnFKzwjySEbG9zlciJXrhb7a2y+YzNvSjEuP8Hs2BLPgJkZtVoiE4UVE
-9Wb7jNhyUz4RC0FdjRyGItGglyc9IbkCDQRWJXYjARAArK1scDuvvWTEJv+y0Sr3
-hnM8mnHIK2XNcn4p/d5nO1myCtZWPRVDIQyyXJMntEqrLBMnjxBdQcQkt7o2mJFL
-yJYO+Xb/9JyH161MPybM60dDXOTTxnAp3dDH4tdL/5snVAyrC93W2PMahK4bdwpM
-10Cz/FxtcB2xJ7Zoqq3bveN4KSUabsRYJN29BwjKtg392MtJ68SAAWN21feQ/Js9
-KjDpNoX2Sl9ZoIR2bbIsaGNeti/ciTy43MS/V6KXNTcoYrgySyW/HCNw9KjtvH+g
-/W/ze0sCXJKLby6oRQfsR2zPBTs9YB92GepG+3j1v+tw4jtbvmLKSse+S5BG8Ue2
-j3Bxbz4/RECdrlxDe4gX1hi5K/W0159pB65fha+DM3YvKrNouKsqLsxm5DMjDjdE
-qVQWtPd4tYy4uL2RWcGvvede+tN5rYsBatfelMfTSFN+jxFntwok6YmulnzIDP4O
-tUjLOpH1ZyNTcXEyAQz51aXcjVuk/6MV64hSEnH1FB7v79Zo9afdmNSKdpXf8nvZ
-3IO7HnXhpwh3pjWplyalZR7nb7PlIDxHCK6S3EN3lutBX4w9oh03KfrWlfZb2TD/
-s85uNzbU7TSb8KFC90i9H/qsd1w3kzy4evRJlyFvIqwksYY76huTfpDdx8yabfFY
-IG2TXc2iMkA7R+oMo+B46kkAEQEAAYkCJQQYAQIADwUCViV2IwIbDAUJCWYBgAAK
-CRCrRlWhJtKS5IB2D/9eL6TJ82wCrh3Hx+R3YeWVObukEBq4Ho8KRFngvIi+2D14
-PljWtITPeplDtpXu3E1i7I74F1925xFs7pT6BD65e13/18y4RX5pwGfu0HTJpi3U
-B47WXlSnyRBLD+/qiKcSCkR1mcKJgyIY9KbA0rr1Drv/3DJR+wBt9Fuww/gxgv7v
-yIxxrDa2+GESxJc1iLyuKFiDtnUkmJpqtJV0szi38W1NQUwWWF3CWUpqfvn316CJ
-4cTyuurLn994ceJDherS9tFcYASdmbl6g6PwWgdFrpmb44J7gdBCsB9q2cpjhDbu
-bgTq7V32CVMBGKOThihJZHIz/LZyuHv9WNYXUNfpEOOUN97C+j6091TSh+5P6oJO
-E61VMBBL51nw3T0FFKtA9kubKLk08GH75vPLaBqLa5B88Z3nJWdlaJOdgGEz65PU
-Uh78iWJ3AFAOwhsDEfxFYC+gZWqt9qw3Wyp2eY2q+5ep4KRxuqq3M0V3zXE6z5ff
-F8CCqRe/yzGAh8RxEmT/Nl+yHEIVv7qpJk6GSvkXr5dN/jyZCiN2fHEhZOBtLvln
-E5UjMbYOGqk3F8OARHarJ/qARATzqNYdDRe9SKxlbog+k6WWxJ4ivSVmYY28vEWf
-79IZ79ZHJ0woRi+vr3Cwpc488Sjwi7a/O0HW6zXSaxXNeYR0VnwvcrZrtlCqIQ==
-=zI6p
+VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
+CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
++ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
+RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
+4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
+IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
+bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
+Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
+QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
+wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
+4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
+tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
+n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
+oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
+o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
+ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
+tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
+HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
+FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
+diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
+R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
+uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
+Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
+UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
+KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
+RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
+wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
+0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
+q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
+k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
+pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
+plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
+qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
+iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
+jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
+ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
+CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
+8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
+bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
+jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
+rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
+3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
+7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
+7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
+yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
+leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
+U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
+rlbu70nh2kSJrg==
+=wukb
-----END PGP PUBLIC KEY BLOCK-----
