conntrack-tools: update to 1.4.7

Release Notes:
https://marc.info/?l=netfilter&m=166506855929074&w=2

Remove upstreamed:
- 001-endianness_fix.patch (upstreamed: conntrackd: fix endianness bug
  in IPv4 and IPv6 address)
- 002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>

diff --git a/net/conntrack-tools/Makefile b/net/conntrack-tools/Makefile
index 56540eaf745c4f2babd6d3c32f8ccf2338113b10..9c063d84c6743526da848a7c441f54012f41b802 100644 (file)
--- a/net/conntrack-tools/Makefile
+++ b/net/conntrack-tools/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=conntrack-tools
-PKG_VERSION:=1.4.6
-PKG_RELEASE:=3
+PKG_VERSION:=1.4.7
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.netfilter.org/projects/conntrack-tools/files
-PKG_HASH:=590859cc848245dbfd9c6487761dd303b3a1771e007f4f42213063ca56205d5f
+PKG_HASH:=099debcf57e81690ced57f516b493588a73518f48c14d656f823b29b4fc24b5d
 
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0-or-later

diff --git a/net/conntrack-tools/patches/001-endianness_fix.patch b/net/conntrack-tools/patches/001-endianness_fix.patch
deleted file mode 100644 (file)
index 1dcb00a..0000000
--- a/net/conntrack-tools/patches/001-endianness_fix.patch
+++ /dev/null
@@ -1,101 +0,0 @@
---- a/src/build.c
-+++ b/src/build.c
-@@ -66,7 +66,14 @@ ct_build_u32(const struct nf_conntrack *
- }
- 
- static inline void
--ct_build_u128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
-+ct_build_be32(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
-+{
-+      uint32_t data = nfct_get_attr_u32(ct, a);
-+      addattr(n, b, &data, sizeof(uint32_t));
-+}
-+
-+static inline void
-+ct_build_be128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
- {
-       const char *data = nfct_get_attr(ct, a);
-       addattr(n, b, data, sizeof(uint32_t) * 4);
-@@ -279,18 +286,18 @@ void ct2msg(const struct nf_conntrack *c
-       switch (nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO)) {
-       case AF_INET:
-               if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
--                      ct_build_u32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
-+                      ct_build_be32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
-               if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
--                      ct_build_u32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
-+                      ct_build_be32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
-               break;
-       case AF_INET6:
-               if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
--                      ct_build_u128(ct, ATTR_REPL_IPV6_DST, n,
--                                    NTA_SNAT_IPV6);
-+                      ct_build_be128(ct, ATTR_REPL_IPV6_DST, n,
-+                                     NTA_SNAT_IPV6);
-               }
-               if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
--                      ct_build_u128(ct, ATTR_REPL_IPV6_SRC, n,
--                                    NTA_DNAT_IPV6);
-+                      ct_build_be128(ct, ATTR_REPL_IPV6_SRC, n,
-+                                     NTA_DNAT_IPV6);
-               }
-               break;
-       default:
---- a/src/parse.c
-+++ b/src/parse.c
-@@ -29,7 +29,8 @@
- static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data);
--static void ct_parse_u128(struct nf_conntrack *ct, int attr, void *data);
-+static void ct_parse_be32(struct nf_conntrack *ct, int attr, void *data);
-+static void ct_parse_be128(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_str(struct nf_conntrack *ct,
-                        const struct netattr *, void *data);
- static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data);
-@@ -108,12 +109,12 @@ static struct ct_parser h[NTA_MAX] = {
-               .size   = NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
-       },
-       [NTA_SNAT_IPV4] = {
--              .parse  = ct_parse_u32,
-+              .parse  = ct_parse_be32,
-               .attr   = ATTR_SNAT_IPV4,
-               .size   = NTA_SIZE(sizeof(uint32_t)),
-       },
-       [NTA_DNAT_IPV4] = {
--              .parse  = ct_parse_u32,
-+              .parse  = ct_parse_be32,
-               .attr   = ATTR_DNAT_IPV4,
-               .size   = NTA_SIZE(sizeof(uint32_t)),
-       },
-@@ -192,12 +193,12 @@ static struct ct_parser h[NTA_MAX] = {
-               .max_size = NTA_SIZE(NTA_LABELS_MAX_SIZE),
-       },
-       [NTA_SNAT_IPV6] = {
--              .parse  = ct_parse_u128,
-+              .parse  = ct_parse_be128,
-               .attr   = ATTR_SNAT_IPV6,
-               .size   = NTA_SIZE(sizeof(uint32_t) * 4),
-       },
-       [NTA_DNAT_IPV6] = {
--              .parse  = ct_parse_u128,
-+              .parse  = ct_parse_be128,
-               .attr   = ATTR_DNAT_IPV6,
-               .size   = NTA_SIZE(sizeof(uint32_t) * 4),
-       },
-@@ -229,7 +230,14 @@ ct_parse_u32(struct nf_conntrack *ct, in
- }
- 
- static void
--ct_parse_u128(struct nf_conntrack *ct, int attr, void *data)
-+ct_parse_be32(struct nf_conntrack *ct, int attr, void *data)
-+{
-+      uint32_t *value = (uint32_t *) data;
-+      nfct_set_attr_u32(ct, h[attr].attr, *value);
-+}
-+
-+static void
-+ct_parse_be128(struct nf_conntrack *ct, int attr, void *data)
- {
-       nfct_set_attr(ct, h[attr].attr, data);
- }

diff --git a/net/conntrack-tools/patches/002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch b/net/conntrack-tools/patches/002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch
deleted file mode 100644 (file)
index 9271c4b..0000000
--- a/net/conntrack-tools/patches/002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From ed875ee2dc98fe8fd7f5d171ec33a96606682495 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Mon, 8 Nov 2021 12:26:55 +0100
-Subject: conntrackd: do not include conntrack ID in hashtable cmp
-
-Depending on your conntrackd configuration, events might get lost,
-leaving stuck entries in the cache forever. Skip checking the conntrack
-ID to allow for lazy cleanup by when a new entry that is represented by
-the same tuple is added.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- src/cache-ct.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/src/cache-ct.c
-+++ b/src/cache-ct.c
-@@ -88,21 +88,12 @@ cache_ct_hash(const void *data, const st
-       return ret;
- }
- 
--/* master conntrack of expectations have no ID */
--static inline int
--cache_ct_cmp_id(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2)
--{
--      return nfct_attr_is_set(ct2, ATTR_ID) ?
--             nfct_get_attr_u32(ct1, ATTR_ID) == nfct_get_attr_u32(ct2, ATTR_ID) : 1;
--}
--
- static int cache_ct_cmp(const void *data1, const void *data2)
- {
-       const struct cache_object *obj = data1;
-       const struct nf_conntrack *ct = data2;
- 
--      return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG) &&
--             cache_ct_cmp_id(obj->ptr, ct);
-+      return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG);
- }
- 
- static void *cache_ct_alloc(void)