14 changed files with 771 additions and 625 deletions
--- a/SOURCES/0001-Update-kernel-headers.patch
+++ b/SOURCES/0001-Update-kernel-headers.patch
@ -1,10 +1,10 @@
-From 6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b Mon Sep 17 00:00:00 2001
+From d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c Mon Sep 17 00:00:00 2001
-Message-Id: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
+Message-Id: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] Update kernel headers
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
 Upstream Status: iproute2-next.git commit 88786cd1
 commit 88786cd1a96a89427bc22061c7736eb2eac31121
--- a/SOURCES/0002-macvlan-Add-bclim-parameter.patch
+++ b/SOURCES/0002-macvlan-Add-bclim-parameter.patch
@ -1,12 +1,12 @@
-From 1638c2909a2911f981ee437dafde70e5e8d721f8 Mon Sep 17 00:00:00 2001
+From 7d1444d9563575ec3346620f12788799080db8c5 Mon Sep 17 00:00:00 2001
-Message-Id: <1638c2909a2911f981ee437dafde70e5e8d721f8.1683117490.git.aclaudi@redhat.com>
+Message-Id: <7d1444d9563575ec3346620f12788799080db8c5.1683109787.git.aclaudi@redhat.com>
-In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
+In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
-References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com>
+References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1683109787.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Wed, 3 May 2023 11:19:24 +0200
 Subject: [PATCH] macvlan: Add bclim parameter
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2186945
 Upstream Status: iproute2-next.git commit e8a3fb47
 commit e8a3fb470b4e96aa35a2731c7cc175b946c0a62d
--- a/SOURCES/0003-mptcp-add-support-for-implicit-flag.patch
+++ b/SOURCES/0003-mptcp-add-support-for-implicit-flag.patch
@ -0,0 +1,69 @@
 From ad96352bfdc2865237beca32fd7d50cfef3e75c7 Mon Sep 17 00:00:00 2001
 From: Wen Liang <wenliang@redhat.com>
 Date: Thu, 1 Jun 2023 10:33:46 -0400
 Subject: [PATCH] mptcp: add support for implicit flag
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2109135
 Upstream Status: iproute2-next.git commit 3a2535a4
 commit 3a2535a41854d481c1a052e267d1fe5d83f9493c
 Author: Andrea Claudi <aclaudi@redhat.com>
 Date:   Tue May 16 11:48:04 2023 +0200
    mptcp: add support for implicit flag
    Kernel supports implicit flag since commit d045b9eb95a9 ("mptcp:
    introduce implicit endpoints"), included in v5.18.
    Let's add support for displaying it to iproute2.
    Before this change:
    $ ip mptcp endpoint show
    10.0.2.2 id 1 rawflags 10
    After this change:
    $ ip mptcp endpoint show
    10.0.2.2 id 1 implicit
    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 ---
 ip/ipmptcp.c        | 1 +
 man/man8/ip-mptcp.8 | 9 +++++++++
 2 files changed, 10 insertions(+)
 diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c
 index beba7a41..9847f95b 100644
 --- a/ip/ipmptcp.c
 +++ b/ip/ipmptcp.c
@@ -58,6 +58,7 @@ static const struct {
 	{ "subflow",		MPTCP_PM_ADDR_FLAG_SUBFLOW },
 	{ "backup",		MPTCP_PM_ADDR_FLAG_BACKUP },
 	{ "fullmesh",		MPTCP_PM_ADDR_FLAG_FULLMESH },
 +	{ "implicit",		MPTCP_PM_ADDR_FLAG_IMPLICIT },
 	{ "nobackup",		MPTCP_PM_ADDR_FLAG_NONE },
 	{ "nofullmesh",		MPTCP_PM_ADDR_FLAG_NONE }
 };
 diff --git a/man/man8/ip-mptcp.8 b/man/man8/ip-mptcp.8
 index 72762f49..b427065c 100644
 --- a/man/man8/ip-mptcp.8
 +++ b/man/man8/ip-mptcp.8
@@ -176,6 +176,15 @@ endpoint. When the peer does announce addresses, each received ADD_ADDR
 sub-option will trigger creation of an additional subflow to generate a
 full mesh topology.
 +.TP
 +.BR implicit
 +In some scenarios, an MPTCP
 +.BR subflow
 +can use a local address mapped by a implicit endpoint created by the
 +in-kernel path manager. Once set, the implicit flag cannot be removed, but
 +other flags can be added to the endpoint. Implicit endpoints cannot be
 +created from user-space.
 +
 .sp
 .PP
 The
 -- 
 2.38.1
--- a/SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch
+++ b/SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch
@ -1,55 +0,0 @@
 From dcff6d4c73cd9c33b4103a4505ecebe6852f63df Mon Sep 17 00:00:00 2001
 Message-ID: <dcff6d4c73cd9c33b4103a4505ecebe6852f63df.1695227714.git.aclaudi@redhat.com>
 In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Tue, 5 Sep 2023 12:44:19 +0200
 Subject: [PATCH] ss: make is_selinux_enabled stub work like in SELinux
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
 Upstream Status: iproute2-next.git commit c8970828
 commit c8970828b6509af3ab0f2982da335fb6a6c846af
 Author: Andrea Claudi <aclaudi@redhat.com>
 Date:   Wed Aug 23 19:29:59 2023 +0200
    ss: make is_selinux_enabled stub work like in SELinux
    From the is_selinux_enabled() manpage:
    is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not.
    This makes the is_selinux_enabled() stub functions works exactly like
    the SELinux function it is supposed to replace.
    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 ---
 misc/ss.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/misc/ss.c b/misc/ss.c
 index de02fccb..d2dffbf8 100644
 --- a/misc/ss.c
 +++ b/misc/ss.c
@@ -77,7 +77,7 @@
 /* Stubs for SELinux functions */
 static int is_selinux_enabled(void)
 {
 -	return -1;
 +	return 0;
 }
 static int getpidcon(pid_t pid, char **context)
@@ -5684,7 +5684,7 @@ int main(int argc, char *argv[])
 			show_sock_ctx++;
 			/* fall through */
 		case 'Z':
 -			if (is_selinux_enabled() <= 0) {
 +			if (!is_selinux_enabled()) {
 				fprintf(stderr, "ss: SELinux is not enabled.\n");
 				exit(1);
 			}
 -- 
 2.41.0
--- a/SOURCES/0004-u32-fix-TC_U32_TERMINAL-printing.patch
+++ b/SOURCES/0004-u32-fix-TC_U32_TERMINAL-printing.patch
@ -0,0 +1,65 @@
 From 80e59389e93bf3f45204a38536f3f228adf153c7 Mon Sep 17 00:00:00 2001
 Message-Id: <80e59389e93bf3f45204a38536f3f228adf153c7.1686076455.git.aclaudi@redhat.com>
 In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
 References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Tue, 6 Jun 2023 20:05:15 +0200
 Subject: [PATCH] u32: fix TC_U32_TERMINAL printing
 Jira: https://issues.redhat.com/browse/RHEL-337
 Upstream Status: iproute2-next.git commit 2854d69a
 commit 2854d69a99f6e38d0d2426bd641a56d7a85bc61b
 Author: Hangbin Liu <liuhangbin@gmail.com>
 Date:   Wed Mar 1 22:21:00 2023 +0800
    u32: fix TC_U32_TERMINAL printing
    We previously printed an asterisk if there was no 'sel' or
    'TC_U32_TERMINAL' flag. However,
     commit 1ff227545ce1 ("u32: fix json formatting of flowid")
    changed the logic to print an asterisk only if there is a
    'TC_U32_TERMINAL' flag. Therefore, we need to fix this
    regression.
    Before the fix, the tdc u32 test failed:
    1..11
    not ok 1 afa9 - Add u32 with source match
            Could not match regex pattern. Verify command output:
    filter protocol ip pref 1 u32 chain 0
    filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
    filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 *flowid 1:1 not_in_hw
      match 7f000001/ffffffff at 12
            action order 1: gact action pass
             random type none pass val 0
             index 1 ref 1 bind 1
    After fix, the test passed:
    1..11
    ok 1 afa9 - Add u32 with source match
    Fixes: 1ff227545ce1 ("u32: fix json formatting of flowid")
    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
    Reviewed-by: Victor Nogueira <victor@mojatatu.com>
    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 ---
 tc/f_u32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/tc/f_u32.c b/tc/f_u32.c
 index bfe9e5f9..de2d0c9e 100644
 --- a/tc/f_u32.c
 +++ b/tc/f_u32.c
@@ -1273,7 +1273,7 @@ static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
 	if (tb[TCA_U32_CLASSID]) {
 		__u32 classid = rta_getattr_u32(tb[TCA_U32_CLASSID]);
 		SPRINT_BUF(b1);
 -		if (sel && (sel->flags & TC_U32_TERMINAL))
 +		if (!sel || !(sel->flags & TC_U32_TERMINAL))
 			print_string(PRINT_FP, NULL, "*", NULL);
 		print_string(PRINT_ANY, "flowid", "flowid %s ",
 -- 
 2.40.1
--- a/SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch
+++ b/SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch
@ -1,52 +0,0 @@
 From d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768 Mon Sep 17 00:00:00 2001
 Message-ID: <d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768.1695227714.git.aclaudi@redhat.com>
 In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Tue, 5 Sep 2023 12:44:19 +0200
 Subject: [PATCH] ss: make SELinux stub functions conformant to API definitions
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
 Upstream Status: iproute2-next.git commit 61c6882c
 commit 61c6882ce21c1247c06cd61783120be0a2e2019c
 Author: Andrea Claudi <aclaudi@redhat.com>
 Date:   Wed Aug 23 19:30:00 2023 +0200
    ss: make SELinux stub functions conformant to API definitions
    getfilecon() and security_get_initial_context() use the const qualifier
    for their first paramater in SELinux APIs.
    This commit adds the const qualifier to these functions, making them
    conformant to API definitions.
    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 ---
 misc/ss.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/misc/ss.c b/misc/ss.c
 index d2dffbf8..fe19f489 100644
 --- a/misc/ss.c
 +++ b/misc/ss.c
@@ -86,13 +86,13 @@ static int getpidcon(pid_t pid, char **context)
 	return -1;
 }
 -static int getfilecon(char *path, char **context)
 +static int getfilecon(const char *path, char **context)
 {
 	*context = NULL;
 	return -1;
 }
 -static int security_get_initial_context(char *name,  char **context)
 +static int security_get_initial_context(const char *name,  char **context)
 {
 	*context = NULL;
 	return -1;
 -- 
 2.41.0
--- a/SOURCES/0005-tc-add-missing-separator.patch
+++ b/SOURCES/0005-tc-add-missing-separator.patch
@ -1,12 +1,12 @@
-From 4c2e1768c0d446345796dc058d1e114147a1029a Mon Sep 17 00:00:00 2001
+From 8bc9a4f3855d28ae718f14875dd78d49d53c4349 Mon Sep 17 00:00:00 2001
-Message-Id: <4c2e1768c0d446345796dc058d1e114147a1029a.1686090191.git.aclaudi@redhat.com>
+Message-Id: <8bc9a4f3855d28ae718f14875dd78d49d53c4349.1686076455.git.aclaudi@redhat.com>
-In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
+In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
-References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com>
+References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1686076455.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
-Date: Wed, 7 Jun 2023 00:15:59 +0200
+Date: Tue, 6 Jun 2023 20:08:25 +0200
 Subject: [PATCH] tc: add missing separator
-Jira: https://issues.redhat.com/browse/RHEL-487
+Jira: https://issues.redhat.com/browse/RHEL-586
 Upstream Status: iproute2-next.git commit 4e0e56e0
 commit 4e0e56e0ef05387f7f5d8ab41fe6ec6a1897b26d
--- a/SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch
+++ b/SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch
@ -1,156 +0,0 @@
 From 0e71f7774a764c0a19037b79b71d7146769082ac Mon Sep 17 00:00:00 2001
 Message-ID: <0e71f7774a764c0a19037b79b71d7146769082ac.1695227714.git.aclaudi@redhat.com>
 In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Tue, 5 Sep 2023 12:44:19 +0200
 Subject: [PATCH] lib: add SELinux include and stub functions
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
 Upstream Status: iproute2-next.git commit e246ebc3
 commit e246ebc3b7f1f438310ad6fd1d5976ba6ccf7a69
 Author: Andrea Claudi <aclaudi@redhat.com>
 Date:   Wed Aug 23 19:30:01 2023 +0200
    lib: add SELinux include and stub functions
    ss provides some selinux stub functions, useful when iproute2 is
    compiled without selinux support.
    Move them to lib/ so we can use them in other iproute2 tools.
    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 ---
 include/selinux.h |  9 +++++++++
 lib/Makefile      |  4 ++++
 lib/selinux.c     | 32 ++++++++++++++++++++++++++++++++
 misc/ss.c         | 34 +---------------------------------
 4 files changed, 46 insertions(+), 33 deletions(-)
 create mode 100644 include/selinux.h
 create mode 100644 lib/selinux.c
 diff --git a/include/selinux.h b/include/selinux.h
 new file mode 100644
 index 00000000..499aa966
 --- /dev/null
 +++ b/include/selinux.h
@@ -0,0 +1,9 @@
 +#if HAVE_SELINUX
 +#include <selinux/selinux.h>
 +#else
 +int is_selinux_enabled(void);
 +void freecon(char *context);
 +int getpidcon(pid_t pid, char **context);
 +int getfilecon(const char *path, char **context);
 +int security_get_initial_context(const char *name,  char **context);
 +#endif
 diff --git a/lib/Makefile b/lib/Makefile
 index ddedd37f..aa7bbd2e 100644
 --- a/lib/Makefile
 +++ b/lib/Makefile
@@ -13,6 +13,10 @@ UTILOBJ += bpf_libbpf.o
 endif
 endif
 +ifneq ($(HAVE_SELINUX),y)
 +UTILOBJ += selinux.o
 +endif
 +
 NLOBJ=libgenl.o libnetlink.o
 ifeq ($(HAVE_MNL),y)
 NLOBJ += mnl_utils.o
 diff --git a/lib/selinux.c b/lib/selinux.c
 new file mode 100644
 index 00000000..4e6805fc
 --- /dev/null
 +++ b/lib/selinux.c
@@ -0,0 +1,32 @@
 +#include <stdlib.h>
 +#include <unistd.h>
 +#include "selinux.h"
 +
 +/* Stubs for SELinux functions */
 +int is_selinux_enabled(void)
 +{
 +	return 0;
 +}
 +
 +void freecon(char *context)
 +{
 +	free(context);
 +}
 +
 +int getpidcon(pid_t pid, char **context)
 +{
 +	*context = NULL;
 +	return -1;
 +}
 +
 +int getfilecon(const char *path, char **context)
 +{
 +	*context = NULL;
 +	return -1;
 +}
 +
 +int security_get_initial_context(const char *name,  char **context)
 +{
 +	*context = NULL;
 +	return -1;
 +}
 diff --git a/misc/ss.c b/misc/ss.c
 index fe19f489..6e18bf0c 100644
 --- a/misc/ss.c
 +++ b/misc/ss.c
@@ -33,6 +33,7 @@
 #include "version.h"
 #include "rt_names.h"
 #include "cg_map.h"
 +#include "selinux.h"
 #include <linux/tcp.h>
 #include <linux/unix_diag.h>
@@ -71,39 +72,6 @@
 #define BUF_CHUNKS_MAX 5	/* Maximum number of allocated buffer chunks */
 #define LEN_ALIGN(x) (((x) + 1) & ~1)
 -#if HAVE_SELINUX
 -#include <selinux/selinux.h>
 -#else
 -/* Stubs for SELinux functions */
 -static int is_selinux_enabled(void)
 -{
 -	return 0;
 -}
 -
 -static int getpidcon(pid_t pid, char **context)
 -{
 -	*context = NULL;
 -	return -1;
 -}
 -
 -static int getfilecon(const char *path, char **context)
 -{
 -	*context = NULL;
 -	return -1;
 -}
 -
 -static int security_get_initial_context(const char *name,  char **context)
 -{
 -	*context = NULL;
 -	return -1;
 -}
 -
 -static void freecon(char *context)
 -{
 -	free(context);
 -}
 -#endif
 -
 int preferred_family = AF_UNSPEC;
 static int show_options;
 int show_details;
 -- 
 2.41.0
--- a/SOURCES/0006-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
+++ b/SOURCES/0006-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
@ -1,9 +1,9 @@
-From e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9 Mon Sep 17 00:00:00 2001
+From 17643a7c829e92859146e5d0f8b83e19d99b2592 Mon Sep 17 00:00:00 2001
-Message-ID: <e4e31412a2cdf90a08a7d5ab1a889f27ee13f7c9.1710441171.git.aclaudi@redhat.com>
+Message-ID: <17643a7c829e92859146e5d0f8b83e19d99b2592.1709652372.git.aclaudi@redhat.com>
-In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
+In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
-References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1710441171.git.aclaudi@redhat.com>
+References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
-Date: Thu, 14 Mar 2024 19:26:55 +0100
+Date: Mon, 4 Mar 2024 23:23:27 +0100
 Subject: [PATCH] ss: Add support for dumping TCP bound-inactive sockets.
 JIRA: https://issues.redhat.com/browse/RHEL-21017
@ -71,10 +71,10 @@ index d413e570..2bc42b85 100644
 .B EXPRESSION
 diff --git a/misc/ss.c b/misc/ss.c
-index 6e18bf0c..232178e6 100644
+index de02fccb..6a9cbac0 100644
 --- a/misc/ss.c
 +++ b/misc/ss.c
-@@ -210,6 +210,8 @@ enum {
+@@ -242,6 +242,8 @@ enum {
 	SS_LAST_ACK,
 	SS_LISTEN,
 	SS_CLOSING,
@ -83,7 +83,7 @@ index 6e18bf0c..232178e6 100644
 	SS_MAX
 };
-@@ -1377,6 +1379,8 @@ static void sock_state_print(struct sockstat *s)
+@@ -1409,6 +1411,8 @@ static void sock_state_print(struct sockstat *s)
 		[SS_LAST_ACK] = "LAST-ACK",
 		[SS_LISTEN] =	"LISTEN",
 		[SS_CLOSING] = "CLOSING",
@ -92,7 +92,7 @@ index 6e18bf0c..232178e6 100644
 	};
 	switch (s->local.family) {
-@@ -5310,6 +5314,7 @@ static void _usage(FILE *dest)
+@@ -5342,6 +5346,7 @@ static void _usage(FILE *dest)
 "   -r, --resolve       resolve host names\n"
 "   -a, --all           display all sockets\n"
 "   -l, --listening     display listening sockets\n"
@ -100,7 +100,7 @@ index 6e18bf0c..232178e6 100644
 "   -o, --options       show timer information\n"
 "   -e, --extended      show detailed socket information\n"
 "   -m, --memory        show socket memory usage\n"
-@@ -5392,9 +5397,17 @@ static int scan_state(const char *state)
+@@ -5424,9 +5429,17 @@ static int scan_state(const char *state)
 		[SS_LAST_ACK] = "last-ack",
 		[SS_LISTEN] =	"listening",
 		[SS_CLOSING] = "closing",
@ -118,7 +118,7 @@ index 6e18bf0c..232178e6 100644
 	if (strcasecmp(state, "close") == 0 ||
 	    strcasecmp(state, "closed") == 0)
 		return (1<<SS_CLOSE);
-@@ -5417,6 +5430,7 @@ static int scan_state(const char *state)
+@@ -5449,6 +5462,7 @@ static int scan_state(const char *state)
 			return (1<<i);
 	}
@ -126,7 +126,7 @@ index 6e18bf0c..232178e6 100644
 	fprintf(stderr, "ss: wrong state name: %s\n", state);
 	exit(-1);
 }
-@@ -5458,6 +5472,7 @@ static const struct option long_opts[] = {
+@@ -5490,6 +5504,7 @@ static const struct option long_opts[] = {
 	{ "vsock", 0, 0, OPT_VSOCK },
 	{ "all", 0, 0, 'a' },
 	{ "listening", 0, 0, 'l' },
@ -134,7 +134,7 @@ index 6e18bf0c..232178e6 100644
 	{ "ipv4", 0, 0, '4' },
 	{ "ipv6", 0, 0, '6' },
 	{ "packet", 0, 0, '0' },
-@@ -5496,7 +5511,7 @@ int main(int argc, char *argv[])
+@@ -5528,7 +5543,7 @@ int main(int argc, char *argv[])
 	int state_filter = 0;
 	while ((ch = getopt_long(argc, argv,
@ -143,7 +143,7 @@ index 6e18bf0c..232178e6 100644
 				 long_opts, NULL)) != EOF) {
 		switch (ch) {
 		case 'n':
-@@ -5561,6 +5576,9 @@ int main(int argc, char *argv[])
+@@ -5593,6 +5608,9 @@ int main(int argc, char *argv[])
 		case 'l':
 			state_filter = (1 << SS_LISTEN) | (1 << SS_CLOSE);
 			break;
--- a/SOURCES/0007-Update-kernel-headers.patch
+++ b/SOURCES/0007-Update-kernel-headers.patch
@ -0,0 +1,233 @@
 From 92a7cd1de2b2137d8d3279ee32f9b0548d6f4894 Mon Sep 17 00:00:00 2001
 Message-ID: <92a7cd1de2b2137d8d3279ee32f9b0548d6f4894.1709652372.git.aclaudi@redhat.com>
 In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Mon, 4 Mar 2024 23:37:51 +0100
 Subject: [PATCH] Update kernel headers
 JIRA: https://issues.redhat.com/browse/RHEL-579
 Upstream Status: iproute2.git commit 94aeaf9cb12c88afa8fba8027a0e714aa4fec841
 commit 94aeaf9cb12c88afa8fba8027a0e714aa4fec841
 Author: David Ahern <dsahern@kernel.org>
 Date:   Tue Feb 7 09:09:29 2023 -0700
    Update kernel headers
    Update kernel headers to commit:
        61d731e6538d ("Merge tag 'linux-can-next-for-6.3-20230206' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next")
    Signed-off-by: David Ahern <dsahern@kernel.org>
 Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
 ---
 include/uapi/linux/bpf.h       | 12 ++++++++
 include/uapi/linux/fou.h       | 54 ++++++++++++++++------------------
 include/uapi/linux/if_bridge.h |  2 ++
 include/uapi/linux/if_link.h   |  5 ++++
 include/uapi/linux/if_packet.h |  1 +
 include/uapi/linux/in.h        |  1 +
 include/uapi/linux/snmp.h      |  3 ++
 7 files changed, 50 insertions(+), 28 deletions(-)
 diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
 index a667908d..4abb4c73 100644
 --- a/include/uapi/linux/bpf.h
 +++ b/include/uapi/linux/bpf.h
@@ -1156,6 +1156,11 @@ enum bpf_link_type {
  */
 #define BPF_F_XDP_HAS_FRAGS	(1U << 5)
 +/* If BPF_F_XDP_DEV_BOUND_ONLY is used in BPF_PROG_LOAD command, the loaded
 + * program becomes device-bound but can access XDP metadata.
 + */
 +#define BPF_F_XDP_DEV_BOUND_ONLY	(1U << 6)
 +
 /* link_create.kprobe_multi.flags used in LINK_CREATE command for
  * BPF_TRACE_KPROBE_MULTI attach type to create return probe.
  */
@@ -2644,6 +2649,11 @@ union bpf_attr {
  *		  Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
  *		  L2 type as Ethernet.
  *
 + *		* **BPF_F_ADJ_ROOM_DECAP_L3_IPV4**,
 + *		  **BPF_F_ADJ_ROOM_DECAP_L3_IPV6**:
 + *		  Indicate the new IP header version after decapsulating the outer
 + *		  IP header. Used when the inner and outer IP versions are different.
 + *
  * 		A call to this helper is susceptible to change the underlying
  * 		packet buffer. Therefore, at load time, all checks on pointers
  * 		previously done by the verifier are invalidated and must be
@@ -5803,6 +5813,8 @@ enum {
 	BPF_F_ADJ_ROOM_ENCAP_L4_UDP	= (1ULL << 4),
 	BPF_F_ADJ_ROOM_NO_CSUM_RESET	= (1ULL << 5),
 	BPF_F_ADJ_ROOM_ENCAP_L2_ETH	= (1ULL << 6),
 +	BPF_F_ADJ_ROOM_DECAP_L3_IPV4	= (1ULL << 7),
 +	BPF_F_ADJ_ROOM_DECAP_L3_IPV6	= (1ULL << 8),
 };
 enum {
 diff --git a/include/uapi/linux/fou.h b/include/uapi/linux/fou.h
 index 9f915118..5a7b959b 100644
 --- a/include/uapi/linux/fou.h
 +++ b/include/uapi/linux/fou.h
@@ -1,32 +1,37 @@
 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
 -/* fou.h - FOU Interface */
 +/* Do not edit directly, auto-generated from: */
 +/*	Documentation/netlink/specs/fou.yaml */
 +/* YNL-GEN uapi header */
 #ifndef _LINUX_FOU_H
 #define _LINUX_FOU_H
 -/* NETLINK_GENERIC related info
 - */
 #define FOU_GENL_NAME		"fou"
 -#define FOU_GENL_VERSION	0x1
 +#define FOU_GENL_VERSION	1
 enum {
 -	FOU_ATTR_UNSPEC,
 -	FOU_ATTR_PORT,				/* u16 */
 -	FOU_ATTR_AF,				/* u8 */
 -	FOU_ATTR_IPPROTO,			/* u8 */
 -	FOU_ATTR_TYPE,				/* u8 */
 -	FOU_ATTR_REMCSUM_NOPARTIAL,		/* flag */
 -	FOU_ATTR_LOCAL_V4,			/* u32 */
 -	FOU_ATTR_LOCAL_V6,			/* in6_addr */
 -	FOU_ATTR_PEER_V4,			/* u32 */
 -	FOU_ATTR_PEER_V6,			/* in6_addr */
 -	FOU_ATTR_PEER_PORT,			/* u16 */
 -	FOU_ATTR_IFINDEX,			/* s32 */
 -
 -	__FOU_ATTR_MAX,
 +	FOU_ENCAP_UNSPEC,
 +	FOU_ENCAP_DIRECT,
 +	FOU_ENCAP_GUE,
 };
 -#define FOU_ATTR_MAX		(__FOU_ATTR_MAX - 1)
 +enum {
 +	FOU_ATTR_UNSPEC,
 +	FOU_ATTR_PORT,
 +	FOU_ATTR_AF,
 +	FOU_ATTR_IPPROTO,
 +	FOU_ATTR_TYPE,
 +	FOU_ATTR_REMCSUM_NOPARTIAL,
 +	FOU_ATTR_LOCAL_V4,
 +	FOU_ATTR_LOCAL_V6,
 +	FOU_ATTR_PEER_V4,
 +	FOU_ATTR_PEER_V6,
 +	FOU_ATTR_PEER_PORT,
 +	FOU_ATTR_IFINDEX,
 +
 +	__FOU_ATTR_MAX
 +};
 +#define FOU_ATTR_MAX (__FOU_ATTR_MAX - 1)
 enum {
 	FOU_CMD_UNSPEC,
@@ -34,15 +39,8 @@ enum {
 	FOU_CMD_DEL,
 	FOU_CMD_GET,
 -	__FOU_CMD_MAX,
 +	__FOU_CMD_MAX
 };
 -
 -enum {
 -	FOU_ENCAP_UNSPEC,
 -	FOU_ENCAP_DIRECT,
 -	FOU_ENCAP_GUE,
 -};
 -
 -#define FOU_CMD_MAX	(__FOU_CMD_MAX - 1)
 +#define FOU_CMD_MAX (__FOU_CMD_MAX - 1)
 #endif /* _LINUX_FOU_H */
 diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
 index 4a887cf4..921b212d 100644
 --- a/include/uapi/linux/if_bridge.h
 +++ b/include/uapi/linux/if_bridge.h
@@ -523,6 +523,8 @@ enum {
 	BRIDGE_VLANDB_ENTRY_TUNNEL_INFO,
 	BRIDGE_VLANDB_ENTRY_STATS,
 	BRIDGE_VLANDB_ENTRY_MCAST_ROUTER,
 +	BRIDGE_VLANDB_ENTRY_MCAST_N_GROUPS,
 +	BRIDGE_VLANDB_ENTRY_MCAST_MAX_GROUPS,
 	__BRIDGE_VLANDB_ENTRY_MAX,
 };
 #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1)
 diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
 index 644d3554..71ddffc6 100644
 --- a/include/uapi/linux/if_link.h
 +++ b/include/uapi/linux/if_link.h
@@ -374,6 +374,9 @@ enum {
 	IFLA_DEVLINK_PORT,
 +	IFLA_GSO_IPV4_MAX_SIZE,
 +	IFLA_GRO_IPV4_MAX_SIZE,
 +
 	__IFLA_MAX
 };
@@ -562,6 +565,8 @@ enum {
 	IFLA_BRPORT_MCAST_EHT_HOSTS_CNT,
 	IFLA_BRPORT_LOCKED,
 	IFLA_BRPORT_MAB,
 +	IFLA_BRPORT_MCAST_N_GROUPS,
 +	IFLA_BRPORT_MCAST_MAX_GROUPS,
 	__IFLA_BRPORT_MAX
 };
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
 diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
 index a8516b35..78c981d6 100644
 --- a/include/uapi/linux/if_packet.h
 +++ b/include/uapi/linux/if_packet.h
@@ -115,6 +115,7 @@ struct tpacket_auxdata {
 #define TP_STATUS_BLK_TMO		(1 << 5)
 #define TP_STATUS_VLAN_TPID_VALID	(1 << 6) /* auxdata has valid tp_vlan_tpid */
 #define TP_STATUS_CSUM_VALID		(1 << 7)
 +#define TP_STATUS_GSO_TCP		(1 << 8)
 /* Tx ring - header status */
 #define TP_STATUS_AVAILABLE	      0
 diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h
 index dccf0791..c087f0a2 100644
 --- a/include/uapi/linux/in.h
 +++ b/include/uapi/linux/in.h
@@ -162,6 +162,7 @@ struct in_addr {
 #define MCAST_MSFILTER			48
 #define IP_MULTICAST_ALL		49
 #define IP_UNICAST_IF			50
 +#define IP_LOCAL_PORT_RANGE		51
 #define MCAST_EXCLUDE	0
 #define MCAST_INCLUDE	1
 diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
 index 6600cb01..26f33a4c 100644
 --- a/include/uapi/linux/snmp.h
 +++ b/include/uapi/linux/snmp.h
@@ -95,6 +95,8 @@ enum
 	ICMP_MIB_OUTADDRMASKS,			/* OutAddrMasks */
 	ICMP_MIB_OUTADDRMASKREPS,		/* OutAddrMaskReps */
 	ICMP_MIB_CSUMERRORS,			/* InCsumErrors */
 +	ICMP_MIB_RATELIMITGLOBAL,		/* OutRateLimitGlobal */
 +	ICMP_MIB_RATELIMITHOST,			/* OutRateLimitHost */
 	__ICMP_MIB_MAX
 };
@@ -112,6 +114,7 @@ enum
 	ICMP6_MIB_OUTMSGS,			/* OutMsgs */
 	ICMP6_MIB_OUTERRORS,			/* OutErrors */
 	ICMP6_MIB_CSUMERRORS,			/* InCsumErrors */
 +	ICMP6_MIB_RATELIMITHOST,		/* OutRateLimitHost */
 	__ICMP6_MIB_MAX
 };
 -- 
 2.44.0
--- a/SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch
+++ b/SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch
@ -1,81 +0,0 @@
 From 6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2 Mon Sep 17 00:00:00 2001
 Message-ID: <6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2.1695227714.git.aclaudi@redhat.com>
 In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Tue, 5 Sep 2023 12:44:19 +0200
 Subject: [PATCH] ip vrf: make ipvrf_exec SELinux-aware
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023
 Upstream Status: iproute2-next.git commit 0d0eeaa6
 commit 0d0eeaa6cb9218e57ce910fc3a8991b80da6393e
 Author: Andrea Claudi <aclaudi@redhat.com>
 Date:   Wed Aug 23 19:30:02 2023 +0200
    ip vrf: make ipvrf_exec SELinux-aware
    When using ip vrf and SELinux is enabled, make sure to set the exec file
    context before calling cmd_exec.
    This ensures that the command is executed with the right context,
    falling back to the ifconfig_t context when needed.
    Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 ---
 include/selinux.h | 1 +
 ip/ipvrf.c        | 6 ++++++
 lib/selinux.c     | 5 +++++
 3 files changed, 12 insertions(+)
 diff --git a/include/selinux.h b/include/selinux.h
 index 499aa966..592c7680 100644
 --- a/include/selinux.h
 +++ b/include/selinux.h
@@ -6,4 +6,5 @@ void freecon(char *context);
 int getpidcon(pid_t pid, char **context);
 int getfilecon(const char *path, char **context);
 int security_get_initial_context(const char *name,  char **context);
 +int setexecfilecon(const char *filename, const char *fallback_type);
 #endif
 diff --git a/ip/ipvrf.c b/ip/ipvrf.c
 index 0718bea8..b0dd2abe 100644
 --- a/ip/ipvrf.c
 +++ b/ip/ipvrf.c
@@ -24,6 +24,7 @@
 #include "utils.h"
 #include "ip_common.h"
 #include "bpf_util.h"
 +#include "selinux.h"
 #define CGRP_PROC_FILE  "/cgroup.procs"
@@ -455,6 +456,11 @@ static int ipvrf_exec(int argc, char **argv)
 		return -1;
 	}
 +	if (is_selinux_enabled() && setexecfilecon(argv[1], "ifconfig_t")) {
 +		fprintf(stderr, "setexecfilecon for \"%s\" failed\n", argv[1]);
 +		return -1;
 +	}
 +
 	return -cmd_exec(argv[1], argv + 1, !!batch_mode, do_switch, argv[0]);
 }
 diff --git a/lib/selinux.c b/lib/selinux.c
 index 4e6805fc..7e5dd16d 100644
 --- a/lib/selinux.c
 +++ b/lib/selinux.c
@@ -30,3 +30,8 @@ int security_get_initial_context(const char *name,  char **context)
 	*context = NULL;
 	return -1;
 }
 +
 +int setexecfilecon(const char *filename, const char *fallback_type)
 +{
 +	return -1;
 +}
 -- 
 2.41.0
--- a/SOURCES/0008-iplink-add-gso-and-gro-max_size-attributes-for-ipv4.patch
+++ b/SOURCES/0008-iplink-add-gso-and-gro-max_size-attributes-for-ipv4.patch
@ -0,0 +1,175 @@
 From 7ef7c73bc3a271e3e5ccb8b1525c6e9152b99c9a Mon Sep 17 00:00:00 2001
 Message-ID: <7ef7c73bc3a271e3e5ccb8b1525c6e9152b99c9a.1709652372.git.aclaudi@redhat.com>
 In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Mon, 4 Mar 2024 23:37:51 +0100
 Subject: [PATCH] iplink: add gso and gro max_size attributes for ipv4
 JIRA: https://issues.redhat.com/browse/RHEL-579
 Upstream Status: iproute2.git commit 1dafe448c7a2f2be5dfddd8da250980708a48c41
 commit 1dafe448c7a2f2be5dfddd8da250980708a48c41
 Author: Xin Long <lucien.xin@gmail.com>
 Date:   Thu Feb 9 18:44:24 2023 -0500
    iplink: add gso and gro max_size attributes for ipv4
    This patch adds two attributes gso/gro_ipv4_max_size in iplink for the
    user space support of the BIG TCP for IPv4:
      https://lore.kernel.org/netdev/de811bf3-e2d8-f727-72bc-c8a754a9d929@tessares.net/T/
    Note that after this kernel patchset, "gso/gro_max_size" are used for IPv6
    packets while "gso/gro_ipv4_max_size" are for IPv4 patckets. To not break
    these old applications using "gso/gro_ipv4_max_size" for IPv4 GSO packets,
    the new size will also be set on "gso/gro_ipv4_max_size" in kernel when
    "gso/gro_max_size" changes to a value <= 65536.
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
 Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
 ---
 ip/ipaddress.c        | 12 ++++++++++++
 ip/iplink.c           | 22 ++++++++++++++++++++--
 man/man8/ip-link.8.in | 30 +++++++++++++++++++++++++++---
 3 files changed, 59 insertions(+), 5 deletions(-)
 diff --git a/ip/ipaddress.c b/ip/ipaddress.c
 index c7553bcd..9ba81438 100644
 --- a/ip/ipaddress.c
 +++ b/ip/ipaddress.c
@@ -1264,6 +1264,18 @@ int print_linkinfo(struct nlmsghdr *n, void *arg)
 				   "gro_max_size %u ",
 				   rta_getattr_u32(tb[IFLA_GRO_MAX_SIZE]));
 +		if (tb[IFLA_GSO_IPV4_MAX_SIZE])
 +			print_uint(PRINT_ANY,
 +				   "gso_ipv4_max_size",
 +				   "gso_ipv4_max_size %u ",
 +				   rta_getattr_u32(tb[IFLA_GSO_IPV4_MAX_SIZE]));
 +
 +		if (tb[IFLA_GRO_IPV4_MAX_SIZE])
 +			print_uint(PRINT_ANY,
 +				   "gro_ipv4_max_size",
 +				   "gro_ipv4_max_size %u ",
 +				   rta_getattr_u32(tb[IFLA_GRO_IPV4_MAX_SIZE]));
 +
 		if (tb[IFLA_PHYS_PORT_NAME])
 			print_string(PRINT_ANY,
 				     "phys_port_name",
 diff --git a/ip/iplink.c b/ip/iplink.c
 index 4ec9e370..a8da52f9 100644
 --- a/ip/iplink.c
 +++ b/ip/iplink.c
@@ -114,8 +114,8 @@ void iplink_usage(void)
 		"		[ addrgenmode { eui64 | none | stable_secret | random } ]\n"
 		"		[ protodown { on | off } ]\n"
 		"		[ protodown_reason PREASON { on | off } ]\n"
 -		"		[ gso_max_size BYTES ] | [ gso_max_segs PACKETS ]\n"
 -		"		[ gro_max_size BYTES ]\n"
 +		"		[ gso_max_size BYTES ] [ gso_ipv4_max_size BYTES ] [ gso_max_segs PACKETS ]\n"
 +		"		[ gro_max_size BYTES ] [ gro_ipv4_max_size BYTES ]\n"
 		"\n"
 		"	ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]\n"
 		"		[nomaster]\n"
@@ -948,6 +948,24 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
 				       *argv);
 			addattr32(&req->n, sizeof(*req),
 				  IFLA_GRO_MAX_SIZE, max_size);
 +		} else if (strcmp(*argv, "gso_ipv4_max_size") == 0) {
 +			unsigned int max_size;
 +
 +			NEXT_ARG();
 +			if (get_unsigned(&max_size, *argv, 0))
 +				invarg("Invalid \"gso_ipv4_max_size\" value\n",
 +				       *argv);
 +			addattr32(&req->n, sizeof(*req),
 +				  IFLA_GSO_IPV4_MAX_SIZE, max_size);
 +		}  else if (strcmp(*argv, "gro_ipv4_max_size") == 0) {
 +			unsigned int max_size;
 +
 +			NEXT_ARG();
 +			if (get_unsigned(&max_size, *argv, 0))
 +				invarg("Invalid \"gro_ipv4_max_size\" value\n",
 +				       *argv);
 +			addattr32(&req->n, sizeof(*req),
 +				  IFLA_GRO_IPV4_MAX_SIZE, max_size);
 		} else if (strcmp(*argv, "parentdev") == 0) {
 			NEXT_ARG();
 			addattr_l(&req->n, sizeof(*req), IFLA_PARENT_DEV_NAME,
 diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
 index 62aebabd..bec1b78b 100644
 --- a/man/man8/ip-link.8.in
 +++ b/man/man8/ip-link.8.in
@@ -38,11 +38,16 @@ ip-link \- network device configuration
 .br
 .RB "[ " gso_max_size
 .IR BYTES " ]"
 +.RB "[ " gso_ipv4_max_size
 +.IR BYTES " ]"
 .RB "[ " gso_max_segs
 .IR SEGMENTS " ]"
 .br
 .RB "[ " gro_max_size
 .IR BYTES " ]"
 +.RB "[ " gro_ipv4_max_size
 +.IR BYTES " ]"
 +.br
 .RB "[ " netns " {"
 .IR PID " | " NETNSNAME " } ]"
 .br
@@ -90,10 +95,15 @@ ip-link \- network device configuration
 .br
 .RB "[ " gso_max_size
 .IR BYTES " ]"
 +.RB "[ " gso_ipv4_max_size
 +.IR BYTES " ]"
 .RB "[ " gso_max_segs
 .IR SEGMENTS " ]"
 +.br
 .RB "[ " gro_max_size
 .IR BYTES " ]"
 +.RB "[ " gro_ipv4_max_size
 +.IR BYTES " ]"
 .br
 .RB "[ " name
 .IR NEWNAME " ]"
@@ -423,7 +433,14 @@ specifies the number of receive queues for new device.
 .TP
 .BI gso_max_size " BYTES "
 specifies the recommended maximum size of a Generic Segment Offload
 -packet the new device should accept.
 +packet the new device should accept. This is also used to enable BIG
 +TCP for IPv6 on this device when the size is greater than 65536.
 +
 +.TP
 +.BI gso_ipv4_max_size " BYTES "
 +specifies the recommended maximum size of a IPv4 Generic Segment Offload
 +packet the new device should accept. This is especially used to enable
 +BIG TCP for IPv4 on this device by setting to a size greater than 65536.
 .TP
 .BI gso_max_segs " SEGMENTS "
@@ -432,8 +449,15 @@ segments the new device should accept.
 .TP
 .BI gro_max_size " BYTES "
 -specifies the maximum size of a packet built by GRO stack
 -on this device.
 +specifies the maximum size of a packet built by GRO stack on this
 +device. This is also used for BIG TCP to allow the size of a
 +merged IPv6 GSO packet on this device greater than 65536.
 +
 +.TP
 +.BI gro_ipv4_max_size " BYTES "
 +specifies the maximum size of a IPv4 packet built by GRO stack on this
 +device. This is especially used for BIG TCP to allow the size of a
 +merged IPv4 GSO packet on this device greater than 65536.
 .TP
 .BI index " IDX "
 -- 
 2.44.0
--- a/SOURCES/0009-man-ip-link.8-add-a-note-for-gso_ipv4_max_size.patch
+++ b/SOURCES/0009-man-ip-link.8-add-a-note-for-gso_ipv4_max_size.patch
@ -0,0 +1,54 @@
 From c7160bde79189ba8674acb6355771fb91b6eca28 Mon Sep 17 00:00:00 2001
 Message-ID: <c7160bde79189ba8674acb6355771fb91b6eca28.1709652372.git.aclaudi@redhat.com>
 In-Reply-To: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 References: <d60a7ac3c0f6aa2a933f48a69ab31e3637f6906c.1709652372.git.aclaudi@redhat.com>
 From: Andrea Claudi <aclaudi@redhat.com>
 Date: Mon, 4 Mar 2024 23:37:51 +0100
 Subject: [PATCH] man: ip-link.8: add a note for gso_ipv4_max_size
 JIRA: https://issues.redhat.com/browse/RHEL-579
 Upstream Status: iproute2-next.git commit 1d7f908103be90e8ac836ef0ce03b72997664b5a
 commit 1d7f908103be90e8ac836ef0ce03b72997664b5a
 Author: Xin Long <lucien.xin@gmail.com>
 Date:   Mon Feb 19 14:16:04 2024 -0500
    man: ip-link.8: add a note for gso_ipv4_max_size
    As Paolo noticed, a skb->len check against gso_max_size was added in:
      https://lore.kernel.org/netdev/20231219125331.4127498-1-edumazet@google.com/
    gso_max_size needs to be set to a value greater than or equal to
    gso_ipv4_max_size to make BIG TCP IPv4 work properly.
    To not break the current setup, this patch just adds a note into its
    man doc for this.
    Reported-by: Xiumei Mu <xmu@redhat.com>
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
 Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
 ---
 man/man8/ip-link.8.in | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
 index bec1b78b..b90d56c2 100644
 --- a/man/man8/ip-link.8.in
 +++ b/man/man8/ip-link.8.in
@@ -441,6 +441,11 @@ TCP for IPv6 on this device when the size is greater than 65536.
 specifies the recommended maximum size of a IPv4 Generic Segment Offload
 packet the new device should accept. This is especially used to enable
 BIG TCP for IPv4 on this device by setting to a size greater than 65536.
 +Note that
 +.B gso_max_size
 +needs to be set to a size greater than or equal to
 +.B gso_ipv4_max_size
 +to really enable BIG TCP for IPv4.
 .TP
 .BI gso_max_segs " SEGMENTS "
 -- 
 2.44.0
--- a/SPECS/iproute.spec
+++ b/SPECS/iproute.spec
@ -10,12 +10,13 @@ Source0:            https://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{v
 Source1:            rt_dsfield.deprecated
 Patch0:             0001-Update-kernel-headers.patch
 Patch1:             0002-macvlan-Add-bclim-parameter.patch
-Patch2:             0003-tc-add-missing-separator.patch
+Patch2:             0003-mptcp-add-support-for-implicit-flag.patch
-Patch3:             0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch
+Patch3:             0004-u32-fix-TC_U32_TERMINAL-printing.patch
-Patch4:             0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch
+Patch4:             0005-tc-add-missing-separator.patch
-Patch5:             0006-lib-add-SELinux-include-and-stub-functions.patch
+Patch5:             0006-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
-Patch6:             0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch
+Patch6:             0007-Update-kernel-headers.patch
-Patch7:             0008-ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
+Patch7:             0008-iplink-add-gso-and-gro-max_size-attributes-for-ipv4.patch
 Patch8:             0009-man-ip-link.8-add-a-note-for-gso_ipv4_max_size.patch
 License:            GPL-2.0-or-later AND NIST-PD
 BuildRequires:      bison
@ -147,261 +148,154 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield
 %{_includedir}/iproute2/bpf_elf.h
 %changelog
-* Thu Mar 14 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-6.el8
+* Fri Mar 08 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-6.el9
 - Fix nvr for rhel-9.4 GA (Andrea Claudi)
 * Tue Mar 05 2024 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.1.el9
 - man: ip-link.8: add a note for gso_ipv4_max_size (Andrea Claudi)
 - iplink: add gso and gro max_size attributes for ipv4 (Andrea Claudi)
 - Update kernel headers (Andrea Claudi)
 - ss: Add support for dumping TCP bound-inactive sockets. (Andrea Claudi)
-* Mon Sep 25 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el8
+* Tue Jun 06 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-5.el9
- Bump version number (wrong exception build)
+- tc: add missing separator (Andrea Claudi)
 - u32: fix TC_U32_TERMINAL printing (Andrea Claudi)
-* Wed Sep 20 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el8
+* Mon Jun 05 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-4.el9
- ip vrf: make ipvrf_exec SELinux-aware (Andrea Claudi) [1780023]
+- Fix NVR, %autorelease not working (Andrea Claudi)
 - lib: add SELinux include and stub functions (Andrea Claudi) [1780023]
 - ss: make SELinux stub functions conformant to API definitions (Andrea Claudi) [1780023]
 - ss: make is_selinux_enabled stub work like in SELinux (Andrea Claudi) [1780023]
-* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 6.2.0-3.el8
+* Thu Jun 01 2023 Wen Liang <wenliang@redhat.com> - 6.2.0-3.el9
- Rebuilt for MSVSphere 8.8
+- mptcp: add support for implicit flag (Wen Liang) [2109135]
-* Wed Jun 07 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-3.el8
+* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el9
- tc: add missing separator (Andrea Claudi)
+- macvlan: Add bclim parameter (Andrea Claudi) [2186945]
 - Update kernel headers (Andrea Claudi) [2186945]
 * Thu Apr 27 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el9
 - New version 6.2.0 (Andrea Claudi) [RHEL-428]
 * Sat Jan 28 2023 Andrea Claudi <aclaudi@redhat.com> - 6.1.0-1.el9
 - New version 6.1.0 [2155604]
 * Fri Jan 06 2023 Viktor Malik <vmalik@redhat.com> - 6.0.0-2.el9
 - Rebuild for libbpf 1.0.0 [2158727]
 * Thu Oct 06 2022 Andrea Claudi <aclaudi@redhat.com> - 6.0.0-1.el9
 - New version 6.0.0 [2132427]
 * Wed Jun 15 2022 Andrea Claudi <aclaudi@redhat.com> - 5.18.0-1.el9
 - New version 5.18.0 [2074608]
 * Thu Nov 25 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el9
 - Fix gating.yaml [2009355]
 * Wed Nov 24 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el9
 - New version 5.15.0 [2009355]
 * Wed Aug 18 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-5.el9
 - Add build and runtime dependency on libbpf (Andrea Claudi) [1994520]
 - Use TC_LIB_DIR environment variable (Andrea Claudi) [1994545]
 - Re-add iproute-doc package on the specfile (Andrea Claudi) [1994581]
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.13.0-4.el9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Fri Jul 16 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-3.el9
 - Fix changelog (Andrea Claudi) [1947854]
 - Add RHEL gating configuration (Aleksandra Fedorova)
 * Thu Jul 15 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-2.el9
 - Remove Recommends: iproute-tc from spec file (Andrea Claudi) [1947854]
 * Wed Jun 30 2021 Andrea Claudi <aclaudi@redhat.com> - 5.13.0-1.el9
 - New version 5.13.0 (#1977898)
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.10.0-3.el9
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.10.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Mon Dec 21 2020 Andrea Claudi <aclaudi@redhat.com> - 5.10.0-1
 - New version 5.10.0 (#1909551)
 * Wed Dec 2 2020 Andrea Claudi <aclaudi@redhat.com> - 5.9.0-1
 - New version 5.9.0
 * Mon Aug 10 2020 Phil Sutter <psutter@redhat.com> - 5.8.0-1
 - New version 5.8.0
-* Wed May 03 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-2.el8
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.0-2
- macvlan: Add bclim parameter (Andrea Claudi) [2188134]
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
- Update kernel headers (Andrea Claudi) [2188134]
+
-
+* Wed Jun 03 2020 Phil Sutter <psutter@redhat.com> - 5.7.0-1
-* Wed Apr 26 2023 Andrea Claudi <aclaudi@redhat.com> - 6.2.0-1.el8
+- New version 5.7.0
- New version 6.2.0 (Andrea Claudi) [RHEL-424]
+
-
+* Tue Jan 28 2020 Phil Sutter <psutter@redhat.com> - 5.5.0-1
-* Wed Jun 08 2022 Wen Liang <wenliang@redhat.com> - 5.18.0-1.el8
+- New version 5.5.0
- New version 5.18.0 [2074607]
+
-
+* Tue Nov 26 2019 Phil Sutter <psutter@redhat.com> - 5.4.0-1
-* Mon Mar 21 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-4.el8
+- New version 5.4.0
- vdpa: Update man page with added support to configure max vq pair (Andrea Claudi) [2056827]
+- Drop iproute-doc package, upstream removed all non-manpage documentation
- vdpa: Support reading device features (Andrea Claudi) [2056827]
+
- vdpa: Support for configuring max VQ pairs for a device (Andrea Claudi) [2056827]
+* Tue Oct 08 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-2
- vdpa: Allow for printing negotiated features of a device (Andrea Claudi) [2056827]
+- ifcfg script uses killall, therefore requires psmisc package
- vdpa: Remove unsupported command line option (Andrea Claudi) [2056827]
+
- uapi: update vdpa.h (Andrea Claudi) [2056827]
+* Thu Sep 26 2019 Phil Sutter <psutter@redhat.com> - 5.3.0-1
- Update kernel headers and import virtio_net (Andrea Claudi) [2056827]
+- New version 5.3.0
-
+- Add upstream-suggested backports
-* Mon Feb 07 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-3.el8
+
- tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6` (Andrea Claudi) [1989591]
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.0-2
- tc: u32: add support for json output (Andrea Claudi) [1989591]
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
+
-* Wed Jan 26 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-2.el8
+* Tue Jul 23 2019 Phil Sutter <psutter@redhat.com> - 5.2.0-1
- vdpa: Enable user to set mtu of the vdpa device (Andrea Claudi) [2036880]
+- New version 5.2.0
- vdpa: Enable user to set mac address of vdpa device (Andrea Claudi) [2036880]
+- Add upstream-suggested backports
- vdpa: Enable user to query vdpa device config layout (Andrea Claudi) [2036880]
+- Fix for tunnel creation when using 'dev' parameter
- vdpa: align uapi headers (Andrea Claudi) [2036880]
+
-
+* Wed May 29 2019 Phil Sutter <psutter@redhat.com> - 5.1.0-1
-* Tue Nov 23 2021 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-1.el8
+- New version 5.1.0
- New version 5.15.0 (Andrea Claudi) [2016061]
+
-
+* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-2
-* Thu Oct 07 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-4.el8]
+- Restore Provides: hint, at least pptp depends on it
- lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists (Andrea Claudi) [1995082]
+
-
+* Wed Mar 20 2019 Phil Sutter <psutter@redhat.com> - 5.0.0-1
-* Thu Aug 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-3.el8]
+- New version 5.0.0
- tc: htb: improve burst error messages (Andrea Claudi) [1910745]
+- Get rid of old upgrade path hints
- tc: u32: Fix key folding in sample option (Andrea Claudi) [1979425]
+
- police: Fix normal output back to what it was (Andrea Claudi) [1981393]
+* Fri Feb 01 2019 Phil Sutter <psutter@redhat.com> - 4.20.0-1
- police: Add support for json output (Andrea Claudi) [1981393]
+- New version 4.20.0
- police: add support for packet-per-second rate limiting (Andrea Claudi) [1981393]
+- Add upstream-suggested backports
- Update kernel headers (Andrea Claudi) [1981393]
+- Upstream dropped cbq script, remove it along with related configs
- mptcp: add support for port based endpoint (Andrea Claudi) [1984733]
+- Add libcap support
-
+
-* Fri Aug 06 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-2.el8]
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.18.0-6
- add build and run-time dependencies on libbpf (Andrea Claudi) [1990402]
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
+
-* Mon Jun 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-1.el8]
+* Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-5
- tc: f_flower: Add missing ct_state flags to usage description (Andrea Claudi) [1957243]
+- man: ip-route: Clarify referenced versions are Linux ones
- tc: f_flower: Add option to match on related ct state (Andrea Claudi) [1957243]
+
-
+* Fri Aug 31 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-4
-* Thu Apr 29 2021 Andrea Claudi <aclaudi@redhat.com> [5.12.0-0.el8]
+- iprule: Fix destination prefix output
- New version 5.12.0 [1939382]
+
-
+* Thu Aug 23 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-3
-* Fri Mar 12 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-4.el8]
+- Make colored output configurable
- iplink_bareudp: cleanup help message and man page (Andrea Claudi) [1912412]
+
-
+* Thu Aug 16 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-2
-* Tue Feb 09 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-3.el8]
+- Fix ss filter expressions
- iproute: force rtm_dst_len to 32/128 (Andrea Claudi) [1852038]
+
-
+* Tue Aug 14 2018 Phil Sutter <psutter@redhat.com> - 4.18.0-1
 * Thu Jan 28 2021 Andrea Claudi <aclaudi@redhat.com> [5.9.0-2.el8]
 - tc: flower: fix json output with mpls lse (Andrea Claudi) [1885770]
 - tc-mpls: fix manpage example and help message string (Andrea Claudi) [1885770]
 - tc-vlan: fix help and error message strings (Andrea Claudi) [1885770]
 - m_mpls: test the 'mac_push' action after 'modify' (Andrea Claudi) [1885770]
 - m_mpls: add mac_push action (Andrea Claudi) [1885770]
 - m_vlan: add pop_eth and push_eth actions (Andrea Claudi) [1885770]
 - Update kernel headers (Andrea Claudi) [1885770]
 * Tue Nov 17 2020 Andrea Claudi <aclaudi@redhat.com> [5.9.0-1.el8]
 - Rebase iproute to v5.9.0 [1896011]
 * Mon Jun 29 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-5.el8]
 - man: tc-ct.8: Add manual page for ct tc action (Andrea Claudi) [1844637]
 - tc: flower: Add matching on conntrack info (Andrea Claudi) [1844637]
 - tc: Introduce tc ct action (Andrea Claudi) [1844637]
 - tc: add NLA_F_NESTED flag to all actions options nested block (Andrea Claudi) [1844637]
 - Import tc_act/tc_ct.h uapi file (Andrea Claudi) [1844637]
 - ss: allow dumping kTLS info (Andrea Claudi) [1812207]
 - devlink: Add health error recovery status monitoring (Andrea Claudi) [1821039]
 * Fri Jun 05 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-4.el8]
 - tc: f_flower: add options support for erspan (Andrea Claudi) [1830485]
 - tc: f_flower: add options support for vxlan (Andrea Claudi) [1830485]
 - tc: m_tunnel_key: add options support for erpsan (Andrea Claudi) [1830485]
 - tc: m_tunnel_key: add options support for vxlan (Andrea Claudi) [1830485]
 - iproute_lwtunnel: add options support for erspan metadata (Andrea Claudi) [1830485]
 - iproute_lwtunnel: add options support for vxlan metadata (Andrea Claudi) [1830485]
 - iproute_lwtunnel: add options support for geneve metadata (Andrea Claudi) [1830485]
 - Update kernel headers (Andrea Claudi) [1830485]
 - man: ip.8: add reference to mptcp man-page (Andrea Claudi) [1812207]
 - man: mptcp man page (Andrea Claudi) [1812207]
 - ss: allow dumping MPTCP subflow information (Andrea Claudi) [1812207]
 - Update kernel headers (Andrea Claudi) [1812207]
 - Update kernel headers (Andrea Claudi) [1812207]
 - add support for mptcp netlink interface (Andrea Claudi) [1812207]
 - Update kernel headers and import mptcp.h (Andrea Claudi) [1812207]
 - ip: xfrm: add espintcp encapsulation (Andrea Claudi) [1844045]
 - Update kernel headers and import udp.h (Andrea Claudi) [1844045]
 * Thu Apr 30 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-3.el8]
 - xfrm: also check for ipv6 state in xfrm_state_keep (Andrea Claudi) [1828033]
 - man: bridge.8: fix bridge link show description (Andrea Claudi) [1817571]
 - ip: fix ip route show json output for multipath nexthops (Andrea Claudi) [1738633]
 - ip link: xstats: fix TX IGMP reports string (Andrea Claudi) [1796041]
 - nstat: print useful error messages in abort() cases (Andrea Claudi) [1824896]
 * Thu Apr 23 2020 Andrea Claudi <aclaudi@redhat.com> [5.3.0-2.el8]
 - man: ip.8: Add missing vrf subcommand description (Andrea Claudi) [1780010]
 - xfrm: not try to delete ipcomp states when using deleteall (Andrea Claudi) [1808634]
 - ip-xfrm: Fix help messages (Andrea Claudi) [1796045]
 - man: rdma.8: Add missing resource subcommand description (Andrea Claudi) [1786576]
 - man: rdma-statistic: Add filter description (Andrea Claudi) [1786565]
 - tc: implement support for action flags (Andrea Claudi) [1770671]
 - Update kernel headers (Andrea Claudi) [1770671]
 - Update kernel headers (Andrea Claudi) [1770671]
 * Tue Oct 15 2019 Andrea Claudi <aclaudi@redhat.com> [5.3.0-1.el8]
 - New version 5.3.0 [1752857]
 * Thu Jul 04 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-15.el8]
 - netns: make netns_{save,restore} static (Andrea Claudi) [1719759]
 - ip vrf: use hook to change VRF in the child (Andrea Claudi) [1719759]
 - netns: switch netns in the child when executing commands (Andrea Claudi) [1719759]
 - m_mirred: don't bail if the control action is missing (Andrea Claudi) [1711760]
 - tc: introduce support for chain templates (Andrea Claudi) [1710291]
 - ip: reset netns after each command in batch mode (Andrea Claudi) [1671016]
 * Thu Jun 20 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-14.el8]
 - ss: Review ssfilter (Andrea Claudi) [1698401]
 * Fri Jun 14 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-13.el8]
 - ip-xfrm: Respect family in deleteall and list commands (Andrea Claudi) [1656717]
 - Update kernel headers (Andrea Claudi) [1716361]
 - uapi: update bpf header (Andrea Claudi) [1716361]
 - uapi: update headers to 4.20-rc1 (Andrea Claudi) [1716361]
 - bpf: add btf func and func_proto kind support (Andrea Claudi) [1716361]
 - lib/bpf: fix build warning if no elf (Andrea Claudi) [1716361]
 - bpf: initialise map symbol before retrieving and comparing its type (Andrea Claudi) [1716361]
 - Include bsd/string.h only in include/utils.h (Andrea Claudi) [1716361]
 - Use libbsd for strlcpy if available (Andrea Claudi) [1716361]
 - bpf: check map symbol type properly with newer llvm compiler (Andrea Claudi) [1716361]
 - bpf: implement btf handling and map annotation (Andrea Claudi) [1716361]
 - bpf: implement bpf to bpf calls support (Andrea Claudi) [1716361]
 - bpf: remove strict dependency on af_alg (Andrea Claudi) [1716361]
 - bpf: move bpf_elf_map fixup notification under verbose (Andrea Claudi) [1716361]
 - iplink: add support for reporting multiple XDP programs (Andrea Claudi) [1716361]
 - rdma: Document IB device renaming option (Andrea Claudi) [1663228]
 - rdma: Add an option to rename IB device interface (Andrea Claudi) [1663228]
 - rdma: Introduce command execution helper with required device name (Andrea Claudi) [1663228]
 - rdma: Update kernel include file to support IB device renaming (Andrea Claudi) [1663228]
 - libnetlink: Convert GETADDR dumps to use rtnl_addrdump_req (Andrea Claudi) [1716772]
 * Wed May 29 2019 Andrea Claudi <aclaudi@redhat.com> [4.18.0-12.el8]
 - devlink: Add param command support (Andrea Claudi) [1663199]
 - rdma: Fix representation of PortInfo CapabilityMask (Andrea Claudi) [1664694]
 - uapi: update ib_verbs (Andrea Claudi) [1664694]
 - tc: flower: Add support for QinQ (Andrea Claudi) [1615928]
 - ip rule: Add ipproto and port range to filter list (Andrea Claudi) [1678111]
 * Thu Jan 31 2019 Phil Sutter <psutter@redhat.com> [4.18.0-11.el8]
 - tc: m_tunnel_key: Add tunnel option support to act_tunnel_key (Phil Sutter) [1654761]
 - tc: f_flower: add geneve option match support to flower (Phil Sutter) [1654761]
 - l2tp: Fix printing of cookie and peer_cookie values (Phil Sutter) [1643805]
 * Tue Dec 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-10.el8]
 - iplink: fix incorrect any address handling for ip tunnels (Phil Sutter) [1626304]
 * Tue Dec 11 2018 Phil Sutter <psutter@redhat.com> [4.18.0-9.el8]
 - man: rdma: Add reference to rdma-resource.8 (Phil Sutter) [1610334]
 * Thu Nov 29 2018 Phil Sutter <psutter@redhat.com> [4.18.0-8.el8]
 - Bump release to run fresh CI tests.
 * Mon Nov 26 2018 Phil Sutter <psutter@redhat.com> [4.18.0-7.el8]
 - ip-route: Fix nexthop encap parsing (Phil Sutter) [1625358]
 - man: ip-route.8: Document nexthop limit (Phil Sutter) [1625358]
 * Thu Oct 25 2018 Phil Sutter <psutter@redhat.com> [4.18.0-6.el8]
 - Update kernel headers (Phil Sutter) [1637440]
 - tc_util: Add support for showing TCA_STATS_BASIC_HW statistics (Phil Sutter) [1637440]
 - tc: Remove pointless assignments in batch() (Phil Sutter) [1602555]
 - tipc: Drop unused variable 'genl' (Phil Sutter) [1602555]
 - ip-route: Fix parse_encap_seg6() srh parsing (Phil Sutter) [1602555]
 - rdma: Don't pass garbage to rd_check_is_filtered() (Phil Sutter) [1602555]
 - ip-route: Fix for memleak in error path (Phil Sutter) [1602555]
 - rdma: Fix for ineffective check in add_filter() (Phil Sutter) [1602555]
 - devlink: Fix error reporting in cmd_resource_set() (Phil Sutter) [1602555]
 - libnetlink: fix use-after-free of message buf (Phil Sutter) [1602555]
 - libnetlink: don't return error on success (Phil Sutter) [1602555]
 - libnetlink: fix leak and using unused memory on error (Phil Sutter) [1602555]
 - tc: htb: Print default value in hex (Phil Sutter) [1641053]
 * Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-5.el8]
 - utils: fix get_rtnl_link_stats_rta stats parsing (Phil Sutter) [1626306]
 - uapi: add snmp header file (Phil Sutter) [1626306]
 - macsec: fix off-by-one when parsing attributes (Phil Sutter) [1628428]
 - json: make 0xhex handle u64 (Phil Sutter) [1628428]
 * Thu Oct 18 2018 Phil Sutter <psutter@redhat.com> [4.18.0-4.el8]
 - iplink_vxlan: take into account preferred_family creating vxlan device (Phil Sutter) [1626321]
 - ip-addrlabel: Fix printing of label value (Phil Sutter) [1639412]
 - bridge: fdb: Fix for missing keywords in non-JSON output (Phil Sutter) [1636532]
 * Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-3.el8]
 - lib: introduce print_nl (Phil Sutter) [1625500]
 * Wed Sep 19 2018 Phil Sutter <psutter@redhat.com> [4.18.0-2.el8]
 - bridge/mdb: fix missing new line when show bridge mdb (Phil Sutter) [1625500]
 - ip-route: Fix segfault with many nexthops (Phil Sutter) [1625358]
 - Update kernel headers (Phil Sutter) [1615915]
 - tc/flower: Add match on encapsulating tos/ttl (Phil Sutter) [1615915]
 - tc/act_tunnel_key: Enable setup of tos and ttl (Phil Sutter) [1615915]
 - iprule: Fix destination prefix output (Phil Sutter) [1623503]
 - ip: Add missing -M flag to help text (Phil Sutter) [1612704]
 - man: ss.8: Describe --events option (Phil Sutter) [1612704]
 - rtmon: List options in help text (Phil Sutter) [1612704]
 - man: rtacct.8: Fix nstat options (Phil Sutter) [1612704]
 - man: ifstat.8: Document --json and --pretty options (Phil Sutter) [1612704]
 - genl: Fix help text (Phil Sutter) [1612704]
 - man: devlink.8: Document -verbose option (Phil Sutter) [1612704]
 - devlink: trivial: Make help text consistent (Phil Sutter) [1612704]
 - bridge: trivial: Make help text consistent (Phil Sutter) [1612704]
 - man: bridge.8: Document -oneline option (Phil Sutter) [1612704]
 * Tue Aug 14 2018 Phil Sutter - 4.18.0-1
 - New version 4.18.0
-* Thu Aug 09 2018 Phil Sutter <psutter@redhat.com> [4.17.0-1.el8]
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.17.0-2
- rdma: print driver resource attributes (Phil Sutter) [1610334]
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- rdma: update rdma_netlink.h to get new driver attributes (Phil Sutter) [1610334]
+
- rdma: Print net device name and index for RDMA device (Phil Sutter) [1610334]
+* Tue Jun 12 2018 Phil Sutter <psutter@redhat.com> - 4.17.0-1
- devlink: CTRL_ATTR_FAMILY_ID is a u16 (Phil Sutter) [1589317]
+- New version 4.17.0
- tc: Do not use addattr_nest_compat on mqprio and netem (Phil Sutter) [1589317]
+
- ipaddress: Fix and make consistent label match handling (Phil Sutter) [1589317]
+* Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
- rt_dsfield: Ship deprecated values for compatibility (Phil Sutter) [1595683]
+- New version 4.16.0
 - New version 4.17.0 including upstream-suggested fixes (Phil Sutter) [1589317]
 * Fri Feb 09 2018 Phil Sutter <psutter@redhat.com> - 4.15.0-1
 - New version 4.15.0