CentOS Sources
2 years ago
committed by
MSVSphere Packaging Team
parent
1d7460252e
commit
8a2da5dd70
@ -1 +1 @@
|
||||
SOURCES/libnetfilter_conntrack-1.0.8.tar.bz2
|
||||
SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2
|
||||
|
||||
@ -1 +1 @@
|
||||
4c273a1806ba39656464fc77efbaa0a4ed56a330 SOURCES/libnetfilter_conntrack-1.0.8.tar.bz2
|
||||
5e27ae89897080aa83eb32b836c4fbe16920db29 SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
From f94ca582531980f86fc2ffed9f1f55f7172e83f8 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Fri, 10 Dec 2021 12:18:23 +0100
|
||||
Subject: [PATCH] conntrack: don't cancel nest on unknown layer 4 protocols
|
||||
|
||||
It is valid to specify CTA_PROTO_NUM with a protocol that is not
|
||||
natively supported by conntrack. Do not cancel the CTA_TUPLE_PROTO
|
||||
nest in this case.
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 45ec4b51e8290759e0d87d9405965be1352a4325)
|
||||
---
|
||||
src/conntrack/build_mnl.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
|
||||
index d9ad268cb8900..979c0c7e995a3 100644
|
||||
--- a/src/conntrack/build_mnl.c
|
||||
+++ b/src/conntrack/build_mnl.c
|
||||
@@ -73,8 +73,7 @@ nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t)
|
||||
mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id);
|
||||
break;
|
||||
default:
|
||||
- mnl_attr_nest_cancel(nlh, nest);
|
||||
- return -1;
|
||||
+ break;
|
||||
}
|
||||
mnl_attr_nest_end(nlh, nest);
|
||||
return 0;
|
||||
--
|
||||
2.38.0
|
||||
|
||||
@ -0,0 +1,57 @@
|
||||
From 8ee1e27facf598a1362b29b794e51271b5be4db7 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Marko <robimarko@gmail.com>
|
||||
Date: Thu, 24 Feb 2022 15:01:11 +0100
|
||||
Subject: [PATCH] conntrack: fix build with kernel 5.15 and musl
|
||||
|
||||
Currently, with kernel 5.15 headers and musl building is failing with
|
||||
redefinition errors due to a conflict between the kernel and musl headers.
|
||||
|
||||
Musl is able to suppres the conflicting kernel header definitions if they
|
||||
are included after the standard libc ones, however since ICMP definitions
|
||||
were moved into a separate internal header to avoid duplication this has
|
||||
stopped working and is breaking the builds.
|
||||
|
||||
It seems that the issue is that <netinet/in.h> which contains the UAPI
|
||||
suppression defines is included in the internal.h header and not in the
|
||||
proto.h which actually includes the kernel ICMP headers and thus UAPI
|
||||
supression defines are not present.
|
||||
|
||||
Solve this by moving the <netinet/in.h> include before the ICMP kernel
|
||||
includes in the proto.h
|
||||
|
||||
Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file")
|
||||
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||
(cherry picked from commit 21ee35dde73aec5eba35290587d479218c6dd824)
|
||||
---
|
||||
include/internal/internal.h | 1 -
|
||||
include/internal/proto.h | 1 +
|
||||
2 files changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/internal/internal.h b/include/internal/internal.h
|
||||
index 2ef8a9057628b..7cd7c44bf8336 100644
|
||||
--- a/include/internal/internal.h
|
||||
+++ b/include/internal/internal.h
|
||||
@@ -14,7 +14,6 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <time.h>
|
||||
#include <errno.h>
|
||||
-#include <netinet/in.h>
|
||||
|
||||
#include <libnfnetlink/libnfnetlink.h>
|
||||
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
|
||||
diff --git a/include/internal/proto.h b/include/internal/proto.h
|
||||
index 40e7bfe63cc77..60a5f4e4ff8e0 100644
|
||||
--- a/include/internal/proto.h
|
||||
+++ b/include/internal/proto.h
|
||||
@@ -2,6 +2,7 @@
|
||||
#define _NFCT_PROTO_H_
|
||||
|
||||
#include <stdint.h>
|
||||
+#include <netinet/in.h>
|
||||
#include <linux/icmp.h>
|
||||
#include <linux/icmpv6.h>
|
||||
|
||||
--
|
||||
2.38.0
|
||||
|
||||
@ -0,0 +1,92 @@
|
||||
From 883bc7739f467000f1ccb00b5d0e383c7289dcc0 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri, 25 Mar 2022 14:55:53 +0100
|
||||
Subject: [PATCH] expect/conntrack: Avoid spurious covscan overrun warning
|
||||
|
||||
It doesn't like how memset() is called for a struct nfnlhdr pointer with
|
||||
large size value. Pass void pointers instead. This also removes the call
|
||||
from __build_{expect,conntrack}() which is duplicate in
|
||||
__build_query_{exp,ct}() code-path.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 86f5bdc2a85b208053e7361ccd575e4eb3c853a3)
|
||||
---
|
||||
src/conntrack/api.c | 4 +++-
|
||||
src/conntrack/build.c | 2 --
|
||||
src/expect/api.c | 4 +++-
|
||||
src/expect/build.c | 2 --
|
||||
4 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
|
||||
index b7f64fb43ce83..7f72d07f2e7f6 100644
|
||||
--- a/src/conntrack/api.c
|
||||
+++ b/src/conntrack/api.c
|
||||
@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
|
||||
assert(req != NULL);
|
||||
assert(ct != NULL);
|
||||
|
||||
+ memset(req, 0, size);
|
||||
+
|
||||
return __build_conntrack(ssh, req, size, type, flags, ct);
|
||||
}
|
||||
|
||||
@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
|
||||
assert(data != NULL);
|
||||
assert(req != NULL);
|
||||
|
||||
- memset(req, 0, size);
|
||||
+ memset(buffer, 0, size);
|
||||
|
||||
switch(qt) {
|
||||
case NFCT_Q_CREATE:
|
||||
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
|
||||
index b5a7061d53698..f80cfc12d5e38 100644
|
||||
--- a/src/conntrack/build.c
|
||||
+++ b/src/conntrack/build.c
|
||||
@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- memset(req, 0, size);
|
||||
-
|
||||
buf = (char *)&req->nlh;
|
||||
nlh = mnl_nlmsg_put_header(buf);
|
||||
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
|
||||
diff --git a/src/expect/api.c b/src/expect/api.c
|
||||
index 39cd09249684c..b100c72ded50e 100644
|
||||
--- a/src/expect/api.c
|
||||
+++ b/src/expect/api.c
|
||||
@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
|
||||
assert(req != NULL);
|
||||
assert(exp != NULL);
|
||||
|
||||
+ memset(req, 0, size);
|
||||
+
|
||||
return __build_expect(ssh, req, size, type, flags, exp);
|
||||
}
|
||||
|
||||
@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
|
||||
assert(data != NULL);
|
||||
assert(req != NULL);
|
||||
|
||||
- memset(req, 0, size);
|
||||
+ memset(buffer, 0, size);
|
||||
|
||||
switch(qt) {
|
||||
case NFCT_Q_CREATE:
|
||||
diff --git a/src/expect/build.c b/src/expect/build.c
|
||||
index 2e0f968f36dad..1807adce26f62 100644
|
||||
--- a/src/expect/build.c
|
||||
+++ b/src/expect/build.c
|
||||
@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
|
||||
else
|
||||
return -1;
|
||||
|
||||
- memset(req, 0, size);
|
||||
-
|
||||
buf = (char *)&req->nlh;
|
||||
nlh = mnl_nlmsg_put_header(buf);
|
||||
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
|
||||
--
|
||||
2.38.0
|
||||
|
||||
Loading…
Reference in new issue