iproute package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>

SOURCES/0001-Confirm-success-for-each-tc-batch-command.patch

@@ -0,0 +1,105 @@
+From d9a1dc236a9bcc06f04d609e2654f76c6a9459e7 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 14 Dec 2015 21:02:18 +0100
+Subject: [PATCH] Confirm success for each tc -batch command
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=977844
+Upstream Status: Rejected.
+
+The original patch has been extended by the related man page additions
+which were contained in another local patch.
+
+commit 8c5024483cbbfdc092945a00be05d917485b9af3
+Author: Petr Písař <ppisar@redhat.com>
+Date:   Thu Sep 19 11:25:49 2013 +0200
+
+    Confirm success for each tc -batch command
+
+    If `tc -force -batch' is fed by a controlling program from a pipe,
+    it's not possible to recognize when a command has been processes
+    successfully.
+
+    This patch adds an optional `-OK' option to the tc(8) tool, so `tc
+    -force -OK -batch' will print "OK\n" to standard output on each
+    successfully completed tc command.
+
+    Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ man/man8/tc.8 | 8 +++++++-
+ tc/tc.c       | 8 +++++++-
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/man/man8/tc.8 b/man/man8/tc.8
+index f96911a..a341a8f 100644
+--- a/man/man8/tc.8
++++ b/man/man8/tc.8
+@@ -62,7 +62,7 @@ tc \- show / manipulate traffic control settings
+ .P
+ .ti 8
+ .IR OPTIONS " := {"
+-\fB[ -force ] -b\fR[\fIatch\fR] \fB[ filename ] \fR|
++\fB[ -force ] [ -OK ] -b\fR[\fIatch\fR] \fB[ filename ] \fR|
+ \fB[ \fB-n\fR[\fIetns\fR] name \fB] \fR|
+ \fB[ \fB-nm \fR| \fB-nam\fR[\fIes\fR] \fB] \fR|
+ \fB[ \fR{ \fB-cf \fR| \fB-c\fR[\fIonf\fR] \fR} \fB[ filename ] \fB] \fR}
+@@ -603,6 +603,12 @@ don't terminate tc on errors in batch mode.
+ If there were any errors during execution of the commands, the application return code will be non zero.
+ 
+ .TP
++.BR "\-OK"
++in batch mode, print
++.B OK
++and a new line on standard output after each successfully interpreted command.
++
++.TP
+ .BR "\-n" , " \-net" , " \-netns " <NETNS>
+ switches
+ .B tc
+diff --git a/tc/tc.c b/tc/tc.c
+index 8e64a82..360c9f1 100644
+--- a/tc/tc.c
++++ b/tc/tc.c
+@@ -42,6 +42,7 @@ int batch_mode;
+ int resolve_hosts;
+ int use_iec;
+ int force;
++int ok;
+ bool use_names;
+ 
+ static char *conf_file;
+@@ -188,7 +189,7 @@ noexist:
+ static void usage(void)
+ {
+ 	fprintf(stderr, "Usage: tc [ OPTIONS ] OBJECT { COMMAND | help }\n"
+-			"       tc [-force] -batch filename\n"
++			"       tc [-force] [-OK] -batch filename\n"
+ 			"where  OBJECT := { qdisc | class | filter | action | monitor | exec }\n"
+ 	                "       OPTIONS := { -s[tatistics] | -d[etails] | -r[aw] | -p[retty] | -b[atch] [filename] | -n[etns] name |\n"
+ 			"                    -nm | -nam[es] | { -cf | -conf } path }\n");
+@@ -254,6 +255,9 @@ static int batch(const char *name)
+ 			ret = 1;
+ 			if (!force)
+ 				break;
++		} else if (ok) {
++			printf("OK\n");
++			fflush(stdout);
+ 		}
+ 	}
+ 	if (line)
+@@ -293,6 +297,8 @@ int main(int argc, char **argv)
+ 			return 0;
+ 		} else if (matches(argv[1], "-force") == 0) {
+ 			++force;
++		} else if (matches(argv[1], "-OK") == 0) {
++			++ok;
+ 		} else if (matches(argv[1], "-batch") == 0) {
+ 			argc--;	argv++;
+ 			if (argc <= 1)
+-- 
+1.8.3.1
+

SOURCES/0002-Really-fix-get_addr-and-get_prefix-error-messages.patch

@@ -0,0 +1,88 @@
+From aed8229c0bec5c56deaf1ea2047ca0263732477f Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 11 Aug 2017 11:11:32 +0200
+Subject: [PATCH] Really fix get_addr() and get_prefix() error messages
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477206
+Upstream Status: iproute2.git commit 34705c807a389
+
+commit 34705c807a38909247d1bb29ccdffe42e5c1dab3
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Tue Aug 1 18:36:11 2017 +0200
+
+    Really fix get_addr() and get_prefix() error messages
+
+    Both functions take the desired address family as a parameter. So using
+    that to notify the user what address family was expected is correct,
+    unlike using dst->family which will tell the user only what address
+    family was specified.
+
+    The situation which commit 334af76143368 tried to fix was when 'ip'
+    would accept addresses from multiple families. In that case, the family
+    parameter is set to AF_UNSPEC so that get_addr_1() may accept any valid
+    address.
+
+    This patch introduces a wrapper around family_name() which returns the
+    string "any valid" for AF_UNSPEC instead of the three question marks
+    unsuitable for use in error messages.
+
+    Tests for AF_UNSPEC:
+
+    | # ip a a 256.10.166.1/24 dev d0
+    | Error: any valid prefix is expected rather than "256.10.166.1/24".
+
+    | # ip neighbor add proxy 2001:db8::g dev d0
+    | Error: any valid address is expected rather than "2001:db8::g".
+
+    Tests for explicit address family:
+
+    | # ip -6 addrlabel add prefix 1.1.1.1/24 label 123
+    | Error: inet6 prefix is expected rather than "1.1.1.1/24".
+
+    | # ip -4 addrlabel add prefix dead:beef::1/24 label 123
+    | Error: inet prefix is expected rather than "dead:beef::1/24".
+
+    Reported-by: Jaroslav Aster <jaster@redhat.com>
+    Fixes: 334af76143368 ("fix get_addr() and get_prefix() error messages")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ lib/utils.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/utils.c b/lib/utils.c
+index 6d5642f..7d6ee53 100644
+--- a/lib/utils.c
++++ b/lib/utils.c
+@@ -613,12 +613,19 @@ done:
+ 	return err;
+ }
+ 
++static const char *family_name_verbose(int family)
++{
++	if (family == AF_UNSPEC)
++		return "any valid";
++	return family_name(family);
++}
++
+ int get_addr(inet_prefix *dst, const char *arg, int family)
+ {
+ 	if (get_addr_1(dst, arg, family)) {
+ 		fprintf(stderr,
+ 			"Error: %s address is expected rather than \"%s\".\n",
+-			family_name(dst->family), arg);
++			family_name_verbose(family), arg);
+ 		exit(1);
+ 	}
+ 	return 0;
+@@ -636,7 +643,7 @@ int get_prefix(inet_prefix *dst, char *arg, int family)
+ 	if (get_prefix_1(dst, arg, family)) {
+ 		fprintf(stderr,
+ 			"Error: %s prefix is expected rather than \"%s\".\n",
+-			family_name(dst->family), arg);
++			family_name_verbose(family), arg);
+ 		exit(1);
+ 	}
+ 	return 0;
+-- 
+1.8.3.1
+

SOURCES/0003-tc-simple-Fix-documentation.patch

@@ -0,0 +1,102 @@
+From 3d016b2ca5862b3f47da5b28aca43bd96d5c3c49 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 11 Aug 2017 11:13:26 +0200
+Subject: [PATCH] tc-simple: Fix documentation
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477523
+Upstream Status: iproute2.git commit e2a055dd23f0e
+
+commit e2a055dd23f0e7527a987c24687cb6b0b86f0cde
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Aug 3 17:00:51 2017 +0200
+
+    tc-simple: Fix documentation
+
+    - CONTROL has to come last, otherwise 'index' applies to gact and not
+      simple itself.
+    - Man page wasn't updated to reflect syntax changes.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ man/man8/tc-simple.8 | 29 ++++++++++++++++++++++++++---
+ tc/m_simple.c        |  4 ++--
+ 2 files changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8
+index 2206dc3..7363ab5 100644
+--- a/man/man8/tc-simple.8
++++ b/man/man8/tc-simple.8
+@@ -6,15 +6,37 @@ simple - basic example action
+ .in +8
+ .ti -8
+ .BR tc " ... " "action simple"
+-.I STRING
++[
++.BI sdata " STRING"
++] [
++.BI index " INDEX"
++] [
++.I CONTROL
++]
++
++.ti -8
++.IR CONTROL " := {"
++.BR reclassify " | " pipe " | " drop " | " continue " | " ok " }"
++
+ .SH DESCRIPTION
+ This is a pedagogical example rather than an actually useful action. Upon every access, it prints the given
+ .I STRING
+ which may be of arbitrary length.
+ .SH OPTIONS
+ .TP
+-.I STRING
++.BI sdata " STRING"
+ The actual string to print.
++.TP
++.BI index " INDEX"
++Optional action index value.
++.TP
++.I CONTROL
++Indicate how
++.B tc
++should proceed after executing the action. For a description of the possible
++.I CONTROL
++values, see
++.BR tc-actions (8).
+ .SH EXAMPLES
+ The following example makes the kernel yell "Incoming ICMP!" every time it sees
+ an incoming ICMP on eth0. Steps are:
+@@ -36,7 +58,7 @@ display stats again and observe increment by 1
+ .EX
+   hadi@noma1:$ tc qdisc add dev eth0 ingress
+   hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
+-	 u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP"
++	 u32 match ip protocol 1 0xff flowid 1:1 action simple sdata "Incoming ICMP"
+ 
+   hadi@noma1:$ sudo tc -s filter ls  dev eth0 parent ffff:
+    filter protocol ip pref 5 u32
+@@ -74,3 +96,4 @@ display stats again and observe increment by 1
+ .EE
+ .SH SEE ALSO
+ .BR tc (8)
++.BR tc-actions (8)
+diff --git a/tc/m_simple.c b/tc/m_simple.c
+index 3a8bd91..ab63384 100644
+--- a/tc/m_simple.c
++++ b/tc/m_simple.c
+@@ -81,10 +81,10 @@
+ #endif
+ static void explain(void)
+ {
+-	fprintf(stderr, "Usage:... simple [sdata STRING] [CONTROL] [index INDEX]\n");
++	fprintf(stderr, "Usage:... simple [sdata STRING] [index INDEX] [CONTROL]\n");
+ 	fprintf(stderr, "\tSTRING being an arbitrary string\n"
+-		"\tCONTROL := reclassify|pipe|drop|continue|ok\n"
+ 		"\tINDEX := optional index value used\n");
++		"\tCONTROL := reclassify|pipe|drop|continue|ok\n"
+ }
+ 
+ static void usage(void)
+-- 
+1.8.3.1
+

SOURCES/0004-tc-fix-m_simple-usage.patch

@@ -0,0 +1,37 @@
+From d203110b883afafa58b735a3e94c71f255db7608 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 11 Aug 2017 11:13:26 +0200
+Subject: [PATCH] tc: fix m_simple usage
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477523
+Upstream Status: iproute2.git commit 620fc6696d4f4
+
+commit 620fc6696d4f4e9ad540a45892873b0382907739
+Author: Stephen Hemminger <stephen@networkplumber.org>
+Date:   Thu Aug 3 16:10:18 2017 -0700
+
+    tc: fix m_simple usage
+
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/m_simple.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tc/m_simple.c b/tc/m_simple.c
+index ab63384..65e48ad 100644
+--- a/tc/m_simple.c
++++ b/tc/m_simple.c
+@@ -83,8 +83,8 @@ static void explain(void)
+ {
+ 	fprintf(stderr, "Usage:... simple [sdata STRING] [index INDEX] [CONTROL]\n");
+ 	fprintf(stderr, "\tSTRING being an arbitrary string\n"
+-		"\tINDEX := optional index value used\n");
+-		"\tCONTROL := reclassify|pipe|drop|continue|ok\n"
++		"\tINDEX := optional index value used\n"
++		"\tCONTROL := reclassify|pipe|drop|continue|ok\n");
+ }
+ 
+ static void usage(void)
+-- 
+1.8.3.1
+

SOURCES/0005-bpf-Make-bytecode-file-reading-a-little-more-robust.patch

@@ -0,0 +1,96 @@
+From 91cda136ef27402256dbf85434374b43ab52d932 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 11 Aug 2017 11:15:30 +0200
+Subject: [PATCH] bpf: Make bytecode-file reading a little more robust
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477491
+Upstream Status: iproute2.git commit 3da3ebfca85b8
+
+commit 3da3ebfca85b8f1e8252b898453d8cb383c5c398
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Wed Aug 2 14:57:56 2017 +0200
+
+    bpf: Make bytecode-file reading a little more robust
+
+    bpf_parse_string() will now correctly handle:
+
+    - Extraneous whitespace,
+    - OPs on multiple lines and
+    - overlong file names.
+
+    The added feature of allowing to have OPs on multiple lines (like e.g.
+    tcpdump prints them) is rather a side effect of fixing detection of
+    malformed bytecode files having random content on a second line, like
+    e.g.:
+
+    | 4,40 0 0 12,21 0 1 2048,6 0 0 262144,6 0 0 0
+    | foobar
+
+    Cc: Daniel Borkmann <daniel@iogearbox.net>
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
+---
+ lib/bpf.c | 32 ++++++++++++++++++++++++--------
+ 1 file changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/lib/bpf.c b/lib/bpf.c
+index 04ee1ab..73dac5c 100644
+--- a/lib/bpf.c
++++ b/lib/bpf.c
+@@ -160,11 +160,11 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
+ 
+ 	if (from_file) {
+ 		size_t tmp_len, op_len = sizeof("65535 255 255 4294967295,");
+-		char *tmp_string, *last;
++		char *tmp_string, *pos, c, c_prev = ' ';
+ 		FILE *fp;
+ 
+ 		tmp_len = sizeof("4096,") + BPF_MAXINSNS * op_len;
+-		tmp_string = calloc(1, tmp_len);
++		tmp_string = pos = calloc(1, tmp_len);
+ 		if (tmp_string == NULL)
+ 			return -ENOMEM;
+ 
+@@ -175,17 +175,33 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
+ 			return -ENOENT;
+ 		}
+ 
+-		if (!fgets(tmp_string, tmp_len, fp)) {
++		while ((c = fgetc(fp)) != EOF) {
++			switch (c) {
++			case '\n':
++				if (c_prev != ',')
++					*(pos++) = ',';
++				break;
++			case ' ':
++			case '\t':
++				if (c_prev != ' ')
++					*(pos++) = c;
++				break;
++			default:
++				*(pos++) = c;
++			}
++			if (pos - tmp_string == tmp_len)
++				break;
++			c_prev = c;
++		}
++
++		if (!feof(fp)) {
+ 			free(tmp_string);
+ 			fclose(fp);
+-			return -EIO;
++			return -E2BIG;
+ 		}
+ 
+ 		fclose(fp);
+-
+-		last = &tmp_string[strlen(tmp_string) - 1];
+-		if (*last == '\n')
+-			*last = 0;
++		*pos = 0;
+ 
+ 		*need_release = true;
+ 		*bpf_string = tmp_string;
+-- 
+1.8.3.1
+

SOURCES/0006-ss-Fix-for-added-diag-support-check.patch

@@ -0,0 +1,93 @@
+From 2dc48cc4101b9788dcafd38b07a82f8c91b4d3f6 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 31 Aug 2017 14:23:11 +0200
+Subject: [PATCH] ss: Fix for added diag support check
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1487152
+Upstream Status: iproute2.git commit 6c6bbc30f4e7f
+
+commit 6c6bbc30f4e7fedc74381627f7ec86d26050b404
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Mon Aug 28 19:31:22 2017 +0200
+
+    ss: Fix for added diag support check
+
+    Commit 9f66764e308e9 ("libnetlink: Add test for error code returned from
+    netlink reply") changed rtnl_dump_filter_l() to return an error in case
+    NLMSG_DONE would contain one, even if it was ENOENT.
+
+    This in turn breaks ss when it tries to dump DCCP sockets on a system
+    without support for it: The function tcp_show(), which is shared between
+    TCP and DCCP, will start parsing /proc since inet_show_netlink() returns
+    an error - yet it parses /proc/net/tcp which doesn't make sense for DCCP
+    sockets at all.
+
+    On my system, a call to 'ss' without further arguments prints the list
+    of connected TCP sockets twice.
+
+    Fix this by introducing a dedicated function dccp_show() which does not
+    have a fallback to /proc, just like sctp_show(). And since tcp_show()
+    is no longer "multi-purpose", drop it's socktype parameter.
+
+    Fixes: 9f66764e308e9 ("libnetlink: Add test for error code returned from netlink reply")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ misc/ss.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index 12763c9..b84baf3 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -2735,7 +2735,7 @@ static int tcp_show_netlink_file(struct filter *f)
+ 	}
+ }
+ 
+-static int tcp_show(struct filter *f, int socktype)
++static int tcp_show(struct filter *f)
+ {
+ 	FILE *fp = NULL;
+ 	char *buf = NULL;
+@@ -2750,7 +2750,7 @@ static int tcp_show(struct filter *f, int socktype)
+ 		return tcp_show_netlink_file(f);
+ 
+ 	if (!getenv("PROC_NET_TCP") && !getenv("PROC_ROOT")
+-	    && inet_show_netlink(f, NULL, socktype) == 0)
++	    && inet_show_netlink(f, NULL, IPPROTO_TCP) == 0)
+ 		return 0;
+ 
+ 	/* Sigh... We have to parse /proc/net/tcp... */
+@@ -2818,6 +2818,18 @@ outerr:
+ 	} while (0);
+ }
+ 
++static int dccp_show(struct filter *f)
++{
++	if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
++		return 0;
++
++	if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
++	    && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
++		return 0;
++
++	return 0;
++}
++
+ static int sctp_show(struct filter *f)
+ {
+ 	if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
+@@ -4368,9 +4380,9 @@ int main(int argc, char *argv[])
+ 	if (current_filter.dbs & (1<<UDP_DB))
+ 		udp_show(&current_filter);
+ 	if (current_filter.dbs & (1<<TCP_DB))
+-		tcp_show(&current_filter, IPPROTO_TCP);
++		tcp_show(&current_filter);
+ 	if (current_filter.dbs & (1<<DCCP_DB))
+-		tcp_show(&current_filter, IPPROTO_DCCP);
++		dccp_show(&current_filter);
+ 	if (current_filter.dbs & (1<<SCTP_DB))
+ 		sctp_show(&current_filter);
+ 
+-- 
+1.8.3.1
+

SOURCES/0007-tc-simple.8-Fix-reference-to-non-existing-tc-actions.patch

@@ -0,0 +1,31 @@
+From 4917021d1ebea2b75cdcf31272452aa5cc3ff7ec Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 1 Sep 2017 13:05:45 +0200
+Subject: [PATCH] tc-simple.8: Fix reference to non-existing tc-actions.8
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477523
+Upstream Status: RHEL-only
+
+The referenced man page doesn't exist in RHEL iproute package, so better
+refer to an existing one which also contains the CONTROL value
+description.
+---
+ man/man8/tc-simple.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8
+index 7363ab5..a0deb0b 100644
+--- a/man/man8/tc-simple.8
++++ b/man/man8/tc-simple.8
+@@ -36,7 +36,7 @@ Indicate how
+ should proceed after executing the action. For a description of the possible
+ .I CONTROL
+ values, see
+-.BR tc-actions (8).
++.BR tc-pedit (8).
+ .SH EXAMPLES
+ The following example makes the kernel yell "Incoming ICMP!" every time it sees
+ an incoming ICMP on eth0. Steps are:
+-- 
+1.8.3.1
+

SOURCES/0008-lib-bpf-Fix-bytecode-file-parsing.patch

@@ -0,0 +1,74 @@
+From 584ca9f67952162dfdd02d984aa12640e45a4235 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 6 Sep 2017 11:53:53 +0200
+Subject: [PATCH] lib/bpf: Fix bytecode-file parsing
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477491
+Upstream Status: iproute2.git commit 7c87c7fed18d1
+
+commit 7c87c7fed18d1162e045c8331cb68fa440bc5728
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Tue Aug 29 17:09:45 2017 +0200
+
+    lib/bpf: Fix bytecode-file parsing
+
+    The signedness of char type is implementation dependent, and there are
+    architectures on which it is unsigned by default. In that case, the
+    check whether fgetc() returned EOF failed because the return value was
+    assigned an (unsigned) char variable prior to comparison with EOF (which
+    is defined to -1). Fix this by using int as type for 'c' variable, which
+    also matches the declaration of fgetc().
+
+    While being at it, fix the parser logic to correctly handle multiple
+    empty lines and consecutive whitespace and tab characters to further
+    improve the parser's robustness. Note that this will still detect double
+    separator characters, so doesn't soften up the parser too much.
+
+    Fixes: 3da3ebfca85b8 ("bpf: Make bytecode-file reading a little more robust")
+    Cc: Daniel Borkmann <daniel@iogearbox.net>
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
+---
+ lib/bpf.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/bpf.c b/lib/bpf.c
+index 73dac5c..3aabf44 100644
+--- a/lib/bpf.c
++++ b/lib/bpf.c
+@@ -160,8 +160,9 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
+ 
+ 	if (from_file) {
+ 		size_t tmp_len, op_len = sizeof("65535 255 255 4294967295,");
+-		char *tmp_string, *pos, c, c_prev = ' ';
++		char *tmp_string, *pos, c_prev = ' ';
+ 		FILE *fp;
++		int c;
+ 
+ 		tmp_len = sizeof("4096,") + BPF_MAXINSNS * op_len;
+ 		tmp_string = pos = calloc(1, tmp_len);
+@@ -180,18 +181,20 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
+ 			case '\n':
+ 				if (c_prev != ',')
+ 					*(pos++) = ',';
++				c_prev = ',';
+ 				break;
+ 			case ' ':
+ 			case '\t':
+ 				if (c_prev != ' ')
+ 					*(pos++) = c;
++				c_prev = ' ';
+ 				break;
+ 			default:
+ 				*(pos++) = c;
++				c_prev = c;
+ 			}
+ 			if (pos - tmp_string == tmp_len)
+ 				break;
+-			c_prev = c;
+ 		}
+ 
+ 		if (!feof(fp)) {
+-- 
+1.8.3.1
+

SOURCES/0009-tc-simple.8-Fix-one-more-reference-to-non-existing-t.patch

@@ -0,0 +1,27 @@
+From 3905b2d8f676601c022804d197be9165dacff11c Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 6 Sep 2017 15:44:19 +0200
+Subject: [PATCH] tc-simple.8: Fix one more reference to non-existing
+ tc-actions.8
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477523
+Upstream Status: RHEL-only
+
+Previous fix missed to update the SEE ALSO section as well.
+---
+ man/man8/tc-simple.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8
+index a0deb0b..beab313 100644
+--- a/man/man8/tc-simple.8
++++ b/man/man8/tc-simple.8
+@@ -96,4 +96,4 @@ display stats again and observe increment by 1
+ .EE
+ .SH SEE ALSO
+ .BR tc (8)
+-.BR tc-actions (8)
++.BR tc-pedit (8)
+-- 
+1.8.3.1
+

SOURCES/0010-tc-m_xt-Prevent-a-segfault-in-libipt.patch

@@ -0,0 +1,49 @@
+From 074062808c630f2efb55c7093d510b44a38e74e5 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 14 Sep 2017 15:27:47 +0200
+Subject: [PATCH] tc: m_xt: Prevent a segfault in libipt
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1465599
+Upstream Status: iproute2.git commit f6fc1055e41a8
+
+commit f6fc1055e41a8a924313c336b39b9ffe0c86938b
+Author: Phil Sutter <psutter@redhat.com>
+Date:   Tue May 23 15:40:57 2017 +0200
+
+    tc: m_xt: Prevent a segfault in libipt
+
+    This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These
+    are still not usable with this patch, but at least tc doesn't crash
+    anymore when one tries to use them.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ tc/m_xt.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tc/m_xt.c b/tc/m_xt.c
+index e59df8e..ad52d23 100644
+--- a/tc/m_xt.c
++++ b/tc/m_xt.c
+@@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p,
+ 		     char ***argv_p, int tca_id, struct nlmsghdr *n)
+ {
+ 	struct xtables_target *m = NULL;
++#if XTABLES_VERSION_CODE >= 6
++	struct ipt_entry fw = {};
++#endif
+ 	struct rtattr *tail;
+ 
+ 	int c;
+@@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p,
+ 		default:
+ #if XTABLES_VERSION_CODE >= 6
+ 			if (m != NULL && m->x6_parse != NULL) {
+-				xtables_option_tpcall(c, argv, 0, m, NULL);
++				xtables_option_tpcall(c, argv, 0, m, &fw);
+ #else
+ 			if (m != NULL && m->parse != NULL) {
+ 				m->parse(c - m->option_offset, argv, 0,
+-- 
+1.8.3.1
+

SOURCES/0011-link_gre6-really-support-encaplimit-option.patch

@@ -0,0 +1,51 @@
+From 2db276543a03633a61ba0815a01c8bb2846830ab Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 14 Sep 2017 15:30:37 +0200
+Subject: [PATCH] link_gre6: really support encaplimit option
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459600
+Upstream Status: iproute2.git commit a11b7b71a6eba
+Conflicts: Context change due to missing commit ad4b1425c3182
+	   ("iplink: Expose IFLA_*_FWMARK attributes for supported link
+	   types").
+
+commit a11b7b71a6eba4ee80e931e4f75321a0cf0116f1
+Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Date:   Wed Jun 14 18:45:42 2017 +0200
+
+    link_gre6: really support encaplimit option
+
+    This option is documented in gre6 help, but was not supported.
+
+    Fixes: af89576d7a8c ("iproute2: GRE over IPv6 tunnel support.")
+    Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+---
+ ip/link_gre6.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/ip/link_gre6.c b/ip/link_gre6.c
+index 1b4fb05..76416b2 100644
+--- a/ip/link_gre6.c
++++ b/ip/link_gre6.c
+@@ -339,6 +339,18 @@ get_failed:
+ 			encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
+ 		} else if (strcmp(*argv, "noencap-remcsum") == 0) {
+ 			encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM;
++		} else if (strcmp(*argv, "encaplimit") == 0) {
++			NEXT_ARG();
++			if (strcmp(*argv, "none") == 0) {
++				flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
++			} else {
++				__u8 uval;
++
++				if (get_u8(&uval, *argv, 0) < -1)
++					invarg("invalid ELIM", *argv);
++				encap_limit = uval;
++				flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
++			}
+ 		} else
+ 			usage();
+ 		argc--; argv++;
+-- 
+1.8.3.1
+

SOURCES/0012-tc-fix-typo-in-manpage.patch

@@ -0,0 +1,40 @@
+From beb8e1aa7ed08f86fb87ff58f7c69aaa2b68b862 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 14 Sep 2017 15:38:46 +0200
+Subject: [PATCH] tc: fix typo in manpage
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417162
+Upstream Status: iproute2.git commit b09515553fded
+
+commit b09515553fded944713955815a3f1cc855384abd
+Author: Matteo Croce <mcroce@redhat.com>
+Date:   Fri Jul 7 15:08:33 2017 +0200
+
+    tc: fix typo in manpage
+
+    Fix a typo in the 'tc' manpage and reword some sentences.
+
+    Signed-off-by: Matteo Croce <mcroce@redhat.com>
+---
+ man/man8/tc-csum.8 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8
+index 718301d..409ab71 100644
+--- a/man/man8/tc-csum.8
++++ b/man/man8/tc-csum.8
+@@ -29,9 +29,9 @@ csum - checksum update action
+ The
+ .B csum
+ action triggers checksum recalculation of specified packet headers. It is
+-commonly used after packet editing using the
++commonly used to fix incorrect checksums after the
+ .B pedit
+-action to fix for then incorrect checksums.
++action has modified the packet content.
+ .SH OPTIONS
+ .TP
+ .I TARGET
+-- 
+1.8.3.1
+

SOURCES/0013-ip-neigh-allow-flush-FAILED-neighbour-entry.patch

@@ -0,0 +1,52 @@
+From 3b6fd8227cbb03b5b211d2cb53534ad405673668 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <mcroce@redhat.com>
+Date: Wed, 2 Aug 2017 13:57:17 +0200
+Subject: [PATCH] ip neigh: allow flush FAILED neighbour entry
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1469945
+Tested: locally using proper reproducer
+Upstream Status: merged 37a5f7c5
+
+commit 37a5f7c571623059ae671992f72feaa444a6ffc8
+Author: Hangbin Liu <liuhangbin@gmail.com>
+Date:   Fri Jun 16 11:31:52 2017 +0800
+
+    ip neigh: allow flush FAILED neighbour entry
+
+    After upstream commit 5071034e4af7 ('neigh: Really delete an arp/neigh entry
+    on "ip neigh delete" or "arp -d"'), we could delete a single FAILED neighbour
+    entry now. But `ip neigh flush` still skip the FAILED entry.
+
+    Move the filter after first round flush so we can flush FAILED entry on fixed
+    kernel and also do not keep retrying on old kernel.
+
+    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+
+Signed-off-by: Matteo Croce <mcroce@redhat.com>
+---
+ ip/ipneigh.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ip/ipneigh.c b/ip/ipneigh.c
+index 4d8fc85..9c38a60 100644
+--- a/ip/ipneigh.c
++++ b/ip/ipneigh.c
+@@ -445,7 +445,6 @@ static int do_show_or_flush(int argc, char **argv, int flush)
+ 		filter.flushb = flushb;
+ 		filter.flushp = 0;
+ 		filter.flushe = sizeof(flushb);
+-		filter.state &= ~NUD_FAILED;
+ 
+ 		while (round < MAX_ROUNDS) {
+ 			if (rtnl_dump_request_n(&rth, &req.n) < 0) {
+@@ -474,6 +473,7 @@ static int do_show_or_flush(int argc, char **argv, int flush)
+ 				printf("\n*** Round %d, deleting %d entries ***\n", round, filter.flushed);
+ 				fflush(stdout);
+ 			}
++			filter.state &= ~NUD_FAILED;
+ 		}
+ 		printf("*** Flush not complete bailing out after %d rounds\n",
+ 			MAX_ROUNDS);
+-- 
+1.8.3.1
+

SOURCES/0014-netns-avoid-directory-traversal.patch

@@ -0,0 +1,58 @@
+From 74061958f56a4626a3a146c72f16e43012e828f1 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 14 Sep 2017 15:39:23 +0200
+Subject: [PATCH] netns: avoid directory traversal
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1468529
+Upstream Status: iproute2.git commit 79928fd0552b5
+
+commit 79928fd0552b520aa36a22e71144d10a32f7e4fe
+Author: Matteo Croce <mcroce@redhat.com>
+Date:   Thu Jul 20 00:36:32 2017 +0200
+
+    netns: avoid directory traversal
+
+    ip netns keeps track of created namespaces with bind mounts named
+    /var/run/netns/<namespace>. No input sanitization is done, allowing creation and
+    deletion of files relatives to /var/run/netns or, if the path is non existent or
+    invalid, allows to create "untracked" namespaces (invisible to the tool).
+
+    This commit denies creation or deletion of namespaces with names contaning
+    "/" or matching exactly "." or "..".
+
+    Signed-off-by: Matteo Croce <mcroce@redhat.com>
+---
+ ip/ipnetns.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/ip/ipnetns.c b/ip/ipnetns.c
+index 0b0378a..4254994 100644
+--- a/ip/ipnetns.c
++++ b/ip/ipnetns.c
+@@ -766,6 +766,11 @@ static int netns_monitor(int argc, char **argv)
+ 	return 0;
+ }
+ 
++static int invalid_name(const char *name)
++{
++	return strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");
++}
++
+ int do_netns(int argc, char **argv)
+ {
+ 	netns_nsid_socket_init();
+@@ -775,6 +780,11 @@ int do_netns(int argc, char **argv)
+ 		return netns_list(0, NULL);
+ 	}
+ 
++	if (argc > 1 && invalid_name(argv[1])) {
++		fprintf(stderr, "Invalid netns name \"%s\"\n", argv[1]);
++		exit(-1);
++	}
++
+ 	if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
+ 	    (matches(*argv, "lst") == 0)) {
+ 		netns_map_init();
+-- 
+1.8.3.1
+

SOURCES/0015-utils-return-default-family-when-rtm_family-is-not-R.patch

@@ -0,0 +1,58 @@
+From 420957e4c56f65703c6f2f24da0ea35c6b7bbcda Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Thu, 27 Jul 2017 21:52:30 +0200
+Subject: [PATCH] utils: return default family when rtm_family is not
+ RTNL_FAMILY_IPMR/IP6MR
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1475762
+Upstream Status: iproute2.git commit 5ce897a03bfd
+
+commit 5ce897a03bfda76dc66dc1acfa014fc0e3d3022a
+Author: Hangbin Liu <liuhangbin@gmail.com>
+Date:   Thu Jul 27 17:44:15 2017 +0800
+
+    utils: return default family when rtm_family is not RTNL_FAMILY_IPMR/IP6MR
+
+    When we get a multicast route, the rtm_type is RTN_MULTICAST, but the
+    rtm_family may be AF_INET. If we only check the type with RTNL_FAMILY_IPMR,
+    we will get malformed address. e.g.
+
+    + ip -4 route add multicast 172.111.1.1 dev em1 table main
+
+    Before fix:
+    + ip route list type multicast table main
+    multicast ac6f:101:800:400:400:0:3c00:0 dev em1 scope link
+
+    After fix:
+    + ip route list type multicast table main
+    multicast 172.111.1.1 dev em1 scope link
+
+    Fixes: 56e3eb4c3400 ("ip: route: fix multicast route dumps")
+    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+    Acked-by: Phil Sutter <phil@nwl.cc>
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ lib/utils.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/utils.c b/lib/utils.c
+index 7d6ee53..9f55391 100644
+--- a/lib/utils.c
++++ b/lib/utils.c
+@@ -1219,5 +1219,11 @@ int get_real_family(int rtm_type, int rtm_family)
+ 	if (rtm_type != RTN_MULTICAST)
+ 		return rtm_family;
+ 
+-	return rtm_family == RTNL_FAMILY_IPMR ? AF_INET : AF_INET6;
++	if (rtm_family == RTNL_FAMILY_IPMR)
++		return AF_INET;
++
++	if (rtm_family == RTNL_FAMILY_IP6MR)
++		return AF_INET6;
++
++	return rtm_family;
+ }
+-- 
+1.8.3.1
+

SOURCES/0016-link_gre6-Fix-for-changing-tclass-flowlabel.patch

@@ -0,0 +1,49 @@
+From 449517f7769dde4905564ce17e126bfd4e1f7147 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 6 Oct 2017 17:27:09 +0200
+Subject: [PATCH] link_gre6: Fix for changing tclass/flowlabel
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1487486
+Upstream Status: iproute2.git commit e7fefb3214b5a
+
+commit e7fefb3214b5a1ed030cab9df513560c503a9851
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Fri Sep 1 16:08:08 2017 +0200
+
+    link_gre6: Fix for changing tclass/flowlabel
+
+    When trying to change tclass or flowlabel of a GREv6 tunnel which has
+    the respective value set already, the code accidentally bitwise OR'ed
+    the old and the new value, leading to unexpected results. Fix this by
+    clearing the relevant bits of flowinfo variable prior to assigning the
+    new value.
+
+    Fixes: af89576d7a8c4 ("iproute2: GRE over IPv6 tunnel support.")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ ip/link_gre6.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ip/link_gre6.c b/ip/link_gre6.c
+index 76416b2..fe3ab64 100644
+--- a/ip/link_gre6.c
++++ b/ip/link_gre6.c
+@@ -282,6 +282,7 @@ get_failed:
+ 			else {
+ 				if (get_u8(&uval, *argv, 16))
+ 					invarg("invalid TClass", *argv);
++				flowinfo &= ~IP6_FLOWINFO_TCLASS;
+ 				flowinfo |= htonl((__u32)uval << 20) & IP6_FLOWINFO_TCLASS;
+ 				flags &= ~IP6_TNL_F_USE_ORIG_TCLASS;
+ 			}
+@@ -297,6 +298,7 @@ get_failed:
+ 					invarg("invalid Flowlabel", *argv);
+ 				if (uval > 0xFFFFF)
+ 					invarg("invalid Flowlabel", *argv);
++				flowinfo &= ~IP6_FLOWINFO_FLOWLABEL;
+ 				flowinfo |= htonl(uval) & IP6_FLOWINFO_FLOWLABEL;
+ 				flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
+ 			}
+-- 
+1.8.3.1
+

SOURCES/0017-netlink-Change-rtnl_dump_done-to-always-show-error.patch

@@ -0,0 +1,92 @@
+From 61ccf0f453306e727e254e6de1641bb934a3b7ec Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:07 +0800
+Subject: [PATCH] netlink: Change rtnl_dump_done to always show error
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git commit 05a14fc12188
+
+commit 05a14fc1218885ba6236b409fbf6b89976b8636e
+Author: David Ahern <dsahern@gmail.com>
+Date:   Tue May 16 14:22:46 2017 -0700
+
+    netlink: Change rtnl_dump_done to always show error
+
+    The original code which became rtnl_dump_done only shows netlink errors
+    if the protocol is NETLINK_SOCK_DIAG, but netlink dumps always appends
+    the length which contains any error encountered during the dump. Update
+    rtnl_dump_done to always show the error if there is one.
+
+    As an *example* without this patch, dumping a route object that exceeds
+    the internal buffer size terminates with no message to the user -- the
+    dump just ends because the NLMSG_DONE attribute was received. With this
+    patch the user at least gets a message that the dump was aborted.
+
+    $ ip ro ls
+    default via 10.0.2.2 dev eth0
+    10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
+    10.10.0.0/16 dev veth1 proto kernel scope link src 10.10.0.1
+    172.16.1.0/24 dev br0.11 proto kernel scope link src 172.16.1.1
+    Error: Buffer too small for object
+    Dump terminated
+
+    The point of this patch is to notify the user of a failure versus
+    silently exiting on a partial dump. Because the NLMSG_DONE attribute
+    was received, the entire dump needs to be restarted to use a larger
+    buffer for EMSGSIZE errors. That could be done automatically but it
+    has other user impacts (e.g., duplicate output if the dump is
+    restarted) and should be the subject of a different patch.
+
+    Signed-off-by: David Ahern <dsahern@gmail.com>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+---
+ lib/libnetlink.c | 28 +++++++++++++++++-----------
+ 1 file changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index 9303b66..e91bd5a 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -266,21 +266,27 @@ static int rtnl_dump_done(const struct rtnl_handle *rth,
+ {
+ 	int len = *(int *)NLMSG_DATA(h);
+ 
+-	if (rth->proto == NETLINK_SOCK_DIAG) {
+-		if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
+-			fprintf(stderr, "DONE truncated\n");
+-			return -1;
+-		}
+-
++	if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
++		fprintf(stderr, "DONE truncated\n");
++		return -1;
++	}
+ 
+-		if (len < 0) {
+-			errno = -len;
+-			if (errno == ENOENT || errno == EOPNOTSUPP)
+-				return -1;
++	if (len < 0) {
++		errno = -len;
++		switch (errno) {
++		case ENOENT:
++		case EOPNOTSUPP:
++			return -1;
++		case EMSGSIZE:
++			fprintf(stderr,
++				"Error: Buffer too small for object.\n");
++			break;
++		default:
+ 			perror("RTNETLINK answers");
+-			return len;
+ 		}
++		return len;
+ 	}
++
+ 	return 0;
+ }
+ 
+-- 
+1.8.3.1
+

SOURCES/0018-libnetlink-drop-unused-parameter-to-rtnl_dump_done.patch

@@ -0,0 +1,47 @@
+From 9346e08c2f9059decf889fb89f2859e7ed61f573 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:08 +0800
+Subject: [PATCH] libnetlink: drop unused parameter to rtnl_dump_done
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git commit 0efa625765b4
+
+commit 0efa625765b4481e1e474526eb0feda747b720e5
+Author: Stephen Hemminger <stephen@networkplumber.org>
+Date:   Thu Aug 24 15:02:32 2017 -0700
+
+    libnetlink: drop unused parameter to rtnl_dump_done
+
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+---
+ lib/libnetlink.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index e91bd5a..b08518d 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -261,8 +261,7 @@ int rtnl_dump_request_n(struct rtnl_handle *rth, struct nlmsghdr *n)
+ 	return sendmsg(rth->fd, &msg, 0);
+ }
+ 
+-static int rtnl_dump_done(const struct rtnl_handle *rth,
+-			  struct nlmsghdr *h)
++static int rtnl_dump_done(struct nlmsghdr *h)
+ {
+ 	int len = *(int *)NLMSG_DATA(h);
+ 
+@@ -368,7 +367,7 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth,
+ 					dump_intr = 1;
+ 
+ 				if (h->nlmsg_type == NLMSG_DONE) {
+-					err = rtnl_dump_done(rth, h);
++					err = rtnl_dump_done(h);
+ 					if (err < 0)
+ 						return -1;
+ 
+-- 
+1.8.3.1
+

SOURCES/0019-iproute-Add-support-for-extended-ack-to-rtnl_talk.patch

@@ -0,0 +1,255 @@
+From a9f81b704c4e883a996927e77afdb960a7f47fd9 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:09 +0800
+Subject: [PATCH] iproute: Add support for extended ack to rtnl_talk
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git commit b6432e68ac2f
+Conflicts: Manually added NETLINK_EXT_ACK define to linux headers.
+
+commit b6432e68ac2f1f6b4ea50aa0d6d47e72c445c71c
+Author: Stephen Hemminger <stephen@networkplumber.org>
+Date:   Fri Aug 4 09:52:15 2017 -0700
+
+    iproute: Add support for extended ack to rtnl_talk
+
+    Add support for extended ack error reporting via libmnl.
+    Add a new function rtnl_talk_extack that takes a callback as an input
+    arg. If a netlink response contains extack attributes, the callback is
+    is invoked with the the err string, offset in the message and a pointer
+    to the message returned by the kernel.
+
+    If iproute2 is built without libmnl, it will still work but
+    extended error reports from kernel will not be available.
+
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+
+squash! iproute: Add support for extended ack to rtnl_talk
+---
+ include/libnetlink.h    |   6 +++
+ include/linux/netlink.h |   1 +
+ lib/Makefile            |   7 ++++
+ lib/libnetlink.c        | 109 ++++++++++++++++++++++++++++++++++++++++++++----
+ 4 files changed, 116 insertions(+), 7 deletions(-)
+
+diff --git a/include/libnetlink.h b/include/libnetlink.h
+index bd0267d..654aebc 100644
+--- a/include/libnetlink.h
++++ b/include/libnetlink.h
+@@ -65,6 +65,9 @@ typedef int (*rtnl_listen_filter_t)(const struct sockaddr_nl *,
+ 				    struct rtnl_ctrl_data *,
+ 				    struct nlmsghdr *n, void *);
+ 
++typedef int (*nl_ext_ack_fn_t)(const char *errmsg, uint32_t off,
++			       const struct nlmsghdr *inner_nlh);
++
+ struct rtnl_dump_filter_arg {
+ 	rtnl_filter_t filter;
+ 	void *arg1;
+@@ -81,6 +84,9 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth,
+ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 	      struct nlmsghdr *answer, size_t len)
+ 	__attribute__((warn_unused_result));
++int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
++	      struct nlmsghdr *answer, size_t len, nl_ext_ack_fn_t errfn)
++	__attribute__((warn_unused_result));
+ int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 				   struct nlmsghdr *answer, size_t len)
+ 	__attribute__((warn_unused_result));
+diff --git a/include/linux/netlink.h b/include/linux/netlink.h
+index a982b3c..d1e26a2 100644
+--- a/include/linux/netlink.h
++++ b/include/linux/netlink.h
+@@ -113,6 +113,7 @@ struct nlmsgerr {
+ #define NETLINK_LISTEN_ALL_NSID		8
+ #define NETLINK_LIST_MEMBERSHIPS	9
+ #define NETLINK_CAP_ACK			10
++#define NETLINK_EXT_ACK			11
+ 
+ struct nl_pktinfo {
+ 	__u32	group;
+diff --git a/lib/Makefile b/lib/Makefile
+index 1d24ca2..f81888c 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -4,6 +4,13 @@ ifeq ($(IP_CONFIG_SETNS),y)
+ 	CFLAGS += -DHAVE_SETNS
+ endif
+ 
++ifeq ($(HAVE_MNL),y)
++	CFLAGS += $(shell $(PKG_CONFIG) libmnl --cflags)
++	LDLIBS += $(shell $(PKG_CONFIG) libmnl --libs)
++else
++@warn "libmnl required for error support"
++endif
++
+ CFLAGS += -fPIC
+ 
+ UTILOBJ = utils.o rt_names.o ll_types.o ll_proto.o ll_addr.o \
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index b08518d..a057831 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -36,6 +36,79 @@
+ 
+ int rcvbuf = 1024 * 1024;
+ 
++#ifdef HAVE_LIBMNL
++#include <libmnl/libmnl.h>
++
++static const enum mnl_attr_data_type extack_policy[NLMSGERR_ATTR_MAX + 1] = {
++	[NLMSGERR_ATTR_MSG]	= MNL_TYPE_NUL_STRING,
++	[NLMSGERR_ATTR_OFFS]	= MNL_TYPE_U32,
++};
++
++static int err_attr_cb(const struct nlattr *attr, void *data)
++{
++	const struct nlattr **tb = data;
++	uint16_t type;
++
++	if (mnl_attr_type_valid(attr, NLMSGERR_ATTR_MAX) < 0)
++		return MNL_CB_ERROR;
++
++	type = mnl_attr_get_type(attr);
++	if (mnl_attr_validate(attr, extack_policy[type]) < 0)
++		return MNL_CB_ERROR;
++
++
++	tb[type] = attr;
++	return MNL_CB_OK;
++}
++
++
++/* dump netlink extended ack error message */
++static int nl_dump_ext_err(const struct nlmsghdr *nlh, nl_ext_ack_fn_t errfn)
++{
++	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
++	const struct nlmsgerr *err = mnl_nlmsg_get_payload(nlh);
++	const struct nlmsghdr *err_nlh = NULL;
++	unsigned int hlen = sizeof(*err);
++	const char *errmsg = NULL;
++	uint32_t off = 0;
++
++	if (!errfn)
++		return 0;
++
++	/* no TLVs, nothing to do here */
++	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
++		return 0;
++
++	/* if NLM_F_CAPPED is set then the inner err msg was capped */
++	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
++		hlen += mnl_nlmsg_get_payload_len(&err->msg);
++
++	mnl_attr_parse(nlh, hlen, err_attr_cb, tb);
++
++	if (tb[NLMSGERR_ATTR_MSG])
++		errmsg = mnl_attr_get_str(tb[NLMSGERR_ATTR_MSG]);
++
++	if (tb[NLMSGERR_ATTR_OFFS]) {
++		off = mnl_attr_get_u32(tb[NLMSGERR_ATTR_OFFS]);
++
++		if (off > nlh->nlmsg_len) {
++			fprintf(stderr,
++				"Invalid offset for NLMSGERR_ATTR_OFFS\n");
++			off = 0;
++		} else if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
++			err_nlh = &err->msg;
++	}
++
++	return errfn(errmsg, off, err_nlh);
++}
++#else
++/* No extended error ack without libmnl */
++static int nl_dump_ext_err(const struct nlmsghdr *nlh, nl_ext_ack_fn_t errfn)
++{
++	return 0;
++}
++#endif
++
+ void rtnl_close(struct rtnl_handle *rth)
+ {
+ 	if (rth->fd >= 0) {
+@@ -49,6 +122,7 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
+ {
+ 	socklen_t addr_len;
+ 	int sndbuf = 32768;
++	int one = 1;
+ 
+ 	memset(rth, 0, sizeof(*rth));
+ 
+@@ -71,6 +145,10 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
+ 		return -1;
+ 	}
+ 
++	/* Older kernels may no support extended ACK reporting */
++	setsockopt(rth->fd, SOL_NETLINK, NETLINK_EXT_ACK,
++		   &one, sizeof(one));
++
+ 	memset(&rth->local, 0, sizeof(rth->local));
+ 	rth->local.nl_family = AF_NETLINK;
+ 	rth->local.nl_groups = subscriptions;
+@@ -421,9 +499,19 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth,
+ 	return rtnl_dump_filter_l(rth, a);
+ }
+ 
++static void rtnl_talk_error(struct nlmsghdr *h, struct nlmsgerr *err,
++			    nl_ext_ack_fn_t errfn)
++{
++	if (nl_dump_ext_err(h, errfn))
++		return;
++
++	fprintf(stderr, "RTNETLINK answers: %s\n",
++		strerror(-err->error));
++}
++
+ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 		       struct nlmsghdr *answer, size_t maxlen,
+-		       bool show_rtnl_err)
++		       bool show_rtnl_err, nl_ext_ack_fn_t errfn)
+ {
+ 	int status;
+ 	unsigned int seq;
+@@ -510,10 +598,10 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 					return 0;
+ 				}
+ 
+-				if (rtnl->proto != NETLINK_SOCK_DIAG && show_rtnl_err)
+-					fprintf(stderr,
+-						"RTNETLINK answers: %s\n",
+-						strerror(-err->error));
++				if (rtnl->proto != NETLINK_SOCK_DIAG &&
++				    show_rtnl_err)
++					rtnl_talk_error(h, err, errfn);
++
+ 				errno = -err->error;
+ 				return -1;
+ 			}
+@@ -545,13 +633,20 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 	      struct nlmsghdr *answer, size_t maxlen)
+ {
+-	return __rtnl_talk(rtnl, n, answer, maxlen, true);
++	return __rtnl_talk(rtnl, n, answer, maxlen, true, NULL);
++}
++
++int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
++		     struct nlmsghdr *answer, size_t maxlen,
++		     nl_ext_ack_fn_t errfn)
++{
++	return __rtnl_talk(rtnl, n, answer, maxlen, true, errfn);
+ }
+ 
+ int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 				   struct nlmsghdr *answer, size_t maxlen)
+ {
+-	return __rtnl_talk(rtnl, n, answer, maxlen, false);
++	return __rtnl_talk(rtnl, n, answer, maxlen, false, NULL);
+ }
+ 
+ int rtnl_listen_all_nsid(struct rtnl_handle *rth)
+-- 
+1.8.3.1
+

SOURCES/0020-iplink-check-for-message-truncation-in-iplink_get.patch

@@ -0,0 +1,51 @@
+From 8372b7bb8f7211563d888fdd30e473c161f7d0a0 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:10 +0800
+Subject: [PATCH] iplink: check for message truncation in iplink_get()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git commit 6599162b958e
+
+commit 6599162b958ea5a43d729df4f30aad515db26ff4
+Author: Michal Kubecek <mkubecek@suse.cz>
+Date:   Fri Sep 1 18:39:11 2017 +0200
+
+    iplink: check for message truncation in iplink_get()
+
+    If message length exceeds maxlen argument of rtnl_talk(), it is truncated
+    to maxlen but unlike in the case of truncation to the length of local
+    buffer in rtnl_talk(), the caller doesn't get any indication of a problem.
+
+    In particular, iplink_get() passes the truncated message on and parsing it
+    results in various warnings and sometimes even a segfault (observed with
+    "ip link show dev ..." for a NIC with 125 VFs).
+
+    Handle message truncation in iplink_get() the same way as truncation in
+    rtnl_talk() would be handled: return an error.
+
+    Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+---
+ ip/iplink.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/ip/iplink.c b/ip/iplink.c
+index da3f9a7..2b2421f 100644
+--- a/ip/iplink.c
++++ b/ip/iplink.c
+@@ -1031,6 +1031,11 @@ int iplink_get(unsigned int flags, char *name, __u32 filt_mask)
+ 
+ 	if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0)
+ 		return -2;
++	if (answer.n.nlmsg_len > sizeof(answer.buf)) {
++		fprintf(stderr, "Message truncated from %u to %lu\n",
++			answer.n.nlmsg_len, sizeof(answer.buf));
++		return -2;
++	}
+ 
+ 	if (brief)
+ 		print_linkinfo_brief(NULL, &answer.n, stdout);
+-- 
+1.8.3.1
+

SOURCES/0021-iplink-double-the-buffer-size-also-in-iplink_get.patch

@@ -0,0 +1,48 @@
+From c560900fc16eeac064cc7c43a96c5343fe68ae76 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:11 +0800
+Subject: [PATCH] iplink: double the buffer size also in iplink_get()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git commit 460c03f3f3cc
+
+commit 460c03f3f3cc436ff4673d75722ba68a6ec9343d
+Author: Michal Kubecek <mkubecek@suse.cz>
+Date:   Fri Sep 1 18:39:16 2017 +0200
+
+    iplink: double the buffer size also in iplink_get()
+
+    Commit 72b365e8e0fd ("libnetlink: Double the dump buffer size") increased
+    the buffer size for "ip link show" command to 32 KB to handle NICs with
+    large number of VFs. With "dev" filter, a different code path is taken and
+    iplink_get() still uses only 16 KB buffer.
+
+    The size of 32768 is not very future-proof as NICs supporting 120-128 VFs
+    are already in use so that single RTM_NEWLINK message in the dump can
+    exceed 30000 bytes. But it's what rtnl_talk() and rtnl_dump_filter_l() use
+    so let's be consistent. Once this proves insufficient, all three sizes
+    should be increased.
+
+    Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+---
+ ip/iplink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ip/iplink.c b/ip/iplink.c
+index 2b2421f..5afbadf 100644
+--- a/ip/iplink.c
++++ b/ip/iplink.c
+@@ -1015,7 +1015,7 @@ int iplink_get(unsigned int flags, char *name, __u32 filt_mask)
+ 	};
+ 	struct {
+ 		struct nlmsghdr n;
+-		char buf[16384];
++		char buf[32768];
+ 	} answer;
+ 
+ 	if (name) {
+-- 
+1.8.3.1
+

SOURCES/0022-lib-libnetlink-re-malloc-buff-if-size-is-not-enough.patch

@@ -0,0 +1,252 @@
+From 49e7c0e7c8c9a982fd3aa69bbed4e306a1dcb331 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <haliu@redhat.com>
+Date: Wed, 8 Nov 2017 14:39:12 +0800
+Subject: [PATCH] lib/libnetlink: re malloc buff if size is not enough
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1380803
+Upstream Status: iproute2.git net-next commit 2d34851cd341
+
+commit 2d34851cd341f0e1b3fc17ca3e6e874229f3a1f8
+Author: Hangbin Liu <liuhangbin@gmail.com>
+Date:   Thu Oct 26 09:41:46 2017 +0800
+
+    lib/libnetlink: re malloc buff if size is not enough
+
+    With commit 72b365e8e0fd ("libnetlink: Double the dump buffer size")
+    we doubled the buffer size to support more VFs. But the VFs number is
+    increasing all the time. Some customers even use more than 200 VFs now.
+
+    We could not double it everytime when the buffer is not enough. Let's just
+    not hard code the buffer size and malloc the correct number when running.
+
+    Introduce function rtnl_recvmsg() to always return a newly allocated buffer.
+    The caller need to free it after using.
+
+    Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+Signed-off-by: Hangbin Liu <haliu@redhat.com>
+---
+ lib/libnetlink.c | 114 ++++++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 80 insertions(+), 34 deletions(-)
+
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index a057831..446c960 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -386,6 +386,64 @@ static void rtnl_dump_error(const struct rtnl_handle *rth,
+ 	}
+ }
+ 
++static int __rtnl_recvmsg(int fd, struct msghdr *msg, int flags)
++{
++	int len;
++
++	do {
++		len = recvmsg(fd, msg, flags);
++	} while (len < 0 && (errno == EINTR || errno == EAGAIN));
++
++	if (len < 0) {
++		fprintf(stderr, "netlink receive error %s (%d)\n",
++			strerror(errno), errno);
++		return -errno;
++	}
++
++	if (len == 0) {
++		fprintf(stderr, "EOF on netlink\n");
++		return -ENODATA;
++	}
++
++	return len;
++}
++
++static int rtnl_recvmsg(int fd, struct msghdr *msg, char **answer)
++{
++	struct iovec *iov = msg->msg_iov;
++	char *buf;
++	int len;
++
++	iov->iov_base = NULL;
++	iov->iov_len = 0;
++
++	len = __rtnl_recvmsg(fd, msg, MSG_PEEK | MSG_TRUNC);
++	if (len < 0)
++		return len;
++
++	buf = malloc(len);
++	if (!buf) {
++		fprintf(stderr, "malloc error: not enough buffer\n");
++		return -ENOMEM;
++	}
++
++	iov->iov_base = buf;
++	iov->iov_len = len;
++
++	len = __rtnl_recvmsg(fd, msg, 0);
++	if (len < 0) {
++		free(buf);
++		return len;
++	}
++
++	if (answer)
++		*answer = buf;
++	else
++		free(buf);
++
++	return len;
++}
++
+ int rtnl_dump_filter_l(struct rtnl_handle *rth,
+ 		       const struct rtnl_dump_filter_arg *arg)
+ {
+@@ -397,31 +455,18 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth,
+ 		.msg_iov = &iov,
+ 		.msg_iovlen = 1,
+ 	};
+-	char buf[32768];
++	char *buf;
+ 	int dump_intr = 0;
+ 
+-	iov.iov_base = buf;
+ 	while (1) {
+ 		int status;
+ 		const struct rtnl_dump_filter_arg *a;
+ 		int found_done = 0;
+ 		int msglen = 0;
+ 
+-		iov.iov_len = sizeof(buf);
+-		status = recvmsg(rth->fd, &msg, 0);
+-
+-		if (status < 0) {
+-			if (errno == EINTR || errno == EAGAIN)
+-				continue;
+-			fprintf(stderr, "netlink receive error %s (%d)\n",
+-				strerror(errno), errno);
+-			return -1;
+-		}
+-
+-		if (status == 0) {
+-			fprintf(stderr, "EOF on netlink\n");
+-			return -1;
+-		}
++		status = rtnl_recvmsg(rth->fd, &msg, &buf);
++		if (status < 0)
++			return status;
+ 
+ 		if (rth->dump_fp)
+ 			fwrite(buf, 1, NLMSG_ALIGN(status), rth->dump_fp);
+@@ -446,8 +491,10 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth,
+ 
+ 				if (h->nlmsg_type == NLMSG_DONE) {
+ 					err = rtnl_dump_done(h);
+-					if (err < 0)
++					if (err < 0) {
++						free(buf);
+ 						return -1;
++					}
+ 
+ 					found_done = 1;
+ 					break; /* process next filter */
+@@ -455,19 +502,23 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth,
+ 
+ 				if (h->nlmsg_type == NLMSG_ERROR) {
+ 					rtnl_dump_error(rth, h);
++					free(buf);
+ 					return -1;
+ 				}
+ 
+ 				if (!rth->dump_fp) {
+ 					err = a->filter(&nladdr, h, a->arg1);
+-					if (err < 0)
++					if (err < 0) {
++						free(buf);
+ 						return err;
++					}
+ 				}
+ 
+ skip_it:
+ 				h = NLMSG_NEXT(h, msglen);
+ 			}
+ 		}
++		free(buf);
+ 
+ 		if (found_done) {
+ 			if (dump_intr)
+@@ -527,7 +578,7 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 		.msg_iov = &iov,
+ 		.msg_iovlen = 1,
+ 	};
+-	char   buf[32768] = {};
++	char *buf;
+ 
+ 	n->nlmsg_seq = seq = ++rtnl->seq;
+ 
+@@ -540,22 +591,12 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 		return -1;
+ 	}
+ 
+-	iov.iov_base = buf;
+ 	while (1) {
+-		iov.iov_len = sizeof(buf);
+-		status = recvmsg(rtnl->fd, &msg, 0);
++		status = rtnl_recvmsg(rtnl->fd, &msg, &buf);
++
++		if (status < 0)
++			return status;
+ 
+-		if (status < 0) {
+-			if (errno == EINTR || errno == EAGAIN)
+-				continue;
+-			fprintf(stderr, "netlink receive error %s (%d)\n",
+-				strerror(errno), errno);
+-			return -1;
+-		}
+-		if (status == 0) {
+-			fprintf(stderr, "EOF on netlink\n");
+-			return -1;
+-		}
+ 		if (msg.msg_namelen != sizeof(nladdr)) {
+ 			fprintf(stderr,
+ 				"sender address length == %d\n",
+@@ -569,6 +610,7 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 			if (l < 0 || len > status) {
+ 				if (msg.msg_flags & MSG_TRUNC) {
+ 					fprintf(stderr, "Truncated message\n");
++					free(buf);
+ 					return -1;
+ 				}
+ 				fprintf(stderr,
+@@ -595,6 +637,7 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 					if (answer)
+ 						memcpy(answer, h,
+ 						       MIN(maxlen, h->nlmsg_len));
++					free(buf);
+ 					return 0;
+ 				}
+ 
+@@ -603,12 +646,14 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 					rtnl_talk_error(h, err, errfn);
+ 
+ 				errno = -err->error;
++				free(buf);
+ 				return -1;
+ 			}
+ 
+ 			if (answer) {
+ 				memcpy(answer, h,
+ 				       MIN(maxlen, h->nlmsg_len));
++				free(buf);
+ 				return 0;
+ 			}
+ 
+@@ -617,6 +662,7 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ 			status -= NLMSG_ALIGN(len);
+ 			h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
+ 		}
++		free(buf);
+ 
+ 		if (msg.msg_flags & MSG_TRUNC) {
+ 			fprintf(stderr, "Message truncated\n");
+-- 
+1.8.3.1
+

SOURCES/0025-devlink-Change-netlink-attribute-validation.patch

@@ -0,0 +1,151 @@
+From 56a3a027d053ab592a3363a92108c93c150301f5 Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] devlink: Change netlink attribute validation
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit 4f10cede93b758785f5b201774ed3e02eaf1a7bb
+Author: Arkadi Sharshevsky <arkadis@mellanox.com>
+Date:   Wed May 3 13:25:22 2017 +0200
+
+    devlink: Change netlink attribute validation
+
+    Currently the netlink attribute resolving is done by a sequence of
+    if's. Change the attribute resolving to table lookup.
+
+    Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
+    Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+    Reviewed-by: Greg Rose <gvrose8192@gmail.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ devlink/devlink.c | 103 ++++++++++++++++--------------------------------------
+ 1 file changed, 30 insertions(+), 73 deletions(-)
+
+diff --git a/devlink/devlink.c b/devlink/devlink.c
+index e90226e..35220d8 100644
+--- a/devlink/devlink.c
++++ b/devlink/devlink.c
+@@ -232,88 +232,45 @@ static bool dl_no_arg(struct dl *dl)
+ 	return dl_argc(dl) == 0;
+ }
+ 
++static const enum mnl_attr_data_type devlink_policy[DEVLINK_ATTR_MAX + 1] = {
++	[DEVLINK_ATTR_BUS_NAME] = MNL_TYPE_NUL_STRING,
++	[DEVLINK_ATTR_DEV_NAME] = MNL_TYPE_NUL_STRING,
++	[DEVLINK_ATTR_PORT_INDEX] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_PORT_TYPE] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_PORT_DESIRED_TYPE] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_PORT_NETDEV_IFINDEX] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_PORT_NETDEV_NAME] = MNL_TYPE_NUL_STRING,
++	[DEVLINK_ATTR_PORT_IBDEV_NAME] = MNL_TYPE_NUL_STRING,
++	[DEVLINK_ATTR_SB_INDEX] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_SB_SIZE] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_SB_INGRESS_POOL_COUNT] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_EGRESS_POOL_COUNT] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_INGRESS_TC_COUNT] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_EGRESS_TC_COUNT] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_POOL_INDEX] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_POOL_TYPE] = MNL_TYPE_U8,
++	[DEVLINK_ATTR_SB_POOL_SIZE] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE] = MNL_TYPE_U8,
++	[DEVLINK_ATTR_SB_THRESHOLD] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_SB_TC_INDEX] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_SB_OCC_CUR] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_SB_OCC_MAX] = MNL_TYPE_U32,
++	[DEVLINK_ATTR_ESWITCH_MODE] = MNL_TYPE_U16,
++	[DEVLINK_ATTR_ESWITCH_INLINE_MODE] = MNL_TYPE_U8,
++};
++
+ static int attr_cb(const struct nlattr *attr, void *data)
+ {
+ 	const struct nlattr **tb = data;
+ 	int type;
+ 
+-	type = mnl_attr_get_type(attr);
+-
+ 	if (mnl_attr_type_valid(attr, DEVLINK_ATTR_MAX) < 0)
+ 		return MNL_CB_ERROR;
+ 
+-	if (type == DEVLINK_ATTR_BUS_NAME &&
+-	    mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_DEV_NAME &&
+-	    mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_INDEX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_TYPE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_DESIRED_TYPE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_NETDEV_IFINDEX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_NETDEV_NAME &&
+-	    mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_PORT_IBDEV_NAME &&
+-	    mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_INDEX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_SIZE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_INGRESS_POOL_COUNT &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_EGRESS_POOL_COUNT &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_INGRESS_TC_COUNT &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_EGRESS_TC_COUNT &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_POOL_INDEX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_POOL_TYPE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_POOL_SIZE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_THRESHOLD &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_TC_INDEX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_OCC_CUR &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_SB_OCC_MAX &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_ESWITCH_MODE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+-		return MNL_CB_ERROR;
+-	if (type == DEVLINK_ATTR_ESWITCH_INLINE_MODE &&
+-	    mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
++	type = mnl_attr_get_type(attr);
++	if (mnl_attr_validate(attr, devlink_policy[type]) < 0)
+ 		return MNL_CB_ERROR;
++
+ 	tb[type] = attr;
+ 	return MNL_CB_OK;
+ }
+-- 
+1.8.3.1
+

SOURCES/0027-tc-Reflect-HW-offload-status.patch

@@ -0,0 +1,104 @@
+From 724d67b36f9e6bbbfac88b29fee019c05284a888 Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] tc: Reflect HW offload status
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit e57285b81a098ed705d683ce94f9abd1cc53438a
+Author: Or Gerlitz <ogerlitz@mellanox.com>
+Date:   Thu May 4 16:15:15 2017 +0300
+
+    tc: Reflect HW offload status
+
+    Currently there is no way of querying whether a filter is
+    offloaded to HW or not when using "both" policy (where none
+    of skip_sw or skip_hw flags are set by user-space).
+
+    Add two new flags, "in hw" and "not in hw" such that user
+    space can determine if a filter is actually offloaded to
+    hw or not. The "in hw" UAPI semantics was chosen so it's
+    similar to the "skip hw" flag logic.
+
+    If none of these two flags are set, this signals running
+    over older kernel.
+
+    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
+    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
+    Reviewed-by: Simon Horman <simon.horman@netronome.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ tc/f_bpf.c      | 5 +++++
+ tc/f_flower.c   | 5 +++++
+ tc/f_matchall.c | 5 +++++
+ tc/f_u32.c      | 5 +++++
+ 4 files changed, 20 insertions(+)
+
+diff --git a/tc/f_bpf.c b/tc/f_bpf.c
+index df8a259..75c44c0 100644
+--- a/tc/f_bpf.c
++++ b/tc/f_bpf.c
+@@ -210,6 +210,11 @@ static int bpf_print_opt(struct filter_util *qu, FILE *f,
+ 			fprintf(f, "skip_hw ");
+ 		if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ 			fprintf(f, "skip_sw ");
++
++		if (flags & TCA_CLS_FLAGS_IN_HW)
++			fprintf(f, "in_hw ");
++		else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
++			fprintf(f, "not_in_hw ");
+ 	}
+ 
+ 	if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN])
+diff --git a/tc/f_flower.c b/tc/f_flower.c
+index 5aac4a0..ebc63ca 100644
+--- a/tc/f_flower.c
++++ b/tc/f_flower.c
+@@ -1171,6 +1171,11 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
+ 			fprintf(f, "\n  skip_hw");
+ 		if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ 			fprintf(f, "\n  skip_sw");
++
++		if (flags & TCA_CLS_FLAGS_IN_HW)
++			fprintf(f, "\n  in_hw");
++		else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
++			fprintf(f, "\n  not_in_hw");
+ 	}
+ 
+ 	if (tb[TCA_FLOWER_ACT])
+diff --git a/tc/f_matchall.c b/tc/f_matchall.c
+index ac48630..5a51e75 100644
+--- a/tc/f_matchall.c
++++ b/tc/f_matchall.c
+@@ -137,6 +137,11 @@ static int matchall_print_opt(struct filter_util *qu, FILE *f,
+ 			fprintf(f, "\n  skip_hw");
+ 		if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ 			fprintf(f, "\n  skip_sw");
++
++		if (flags & TCA_CLS_FLAGS_IN_HW)
++			fprintf(f, "\n  in_hw");
++		else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
++			fprintf(f, "\n  not_in_hw");
+ 	}
+ 
+ 	if (tb[TCA_MATCHALL_ACT])
+diff --git a/tc/f_u32.c b/tc/f_u32.c
+index 92c1fcd..ff700e9 100644
+--- a/tc/f_u32.c
++++ b/tc/f_u32.c
+@@ -1264,6 +1264,11 @@ static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
+ 			fprintf(f, "skip_hw ");
+ 		if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ 			fprintf(f, "skip_sw ");
++
++		if (flags & TCA_CLS_FLAGS_IN_HW)
++			fprintf(f, "in_hw ");
++		else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
++			fprintf(f, "not_in_hw ");
+ 	}
+ 
+ 	if (tb[TCA_U32_PCNT]) {
+-- 
+1.8.3.1
+

SOURCES/0028-pedit-Fix-a-typo-in-warning.patch

@@ -0,0 +1,39 @@
+From b2e49d92325d876d29e2d4f1a83bd86adfc4bc73 Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] pedit: Fix a typo in warning
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit 290cdc058d8bbcae3cfefafe83d8263e02ac5a6f
+Author: Amir Vadai <amir@vadai.me>
+Date:   Sun May 14 11:17:43 2017 +0300
+
+    pedit: Fix a typo in warning
+
+    'ex' attribute should be placed after 'action pedit' and not after
+    'munge'.
+
+    Signed-off-by: Amir Vadai <amir@vadai.me>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ tc/m_pedit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/m_pedit.c b/tc/m_pedit.c
+index 6498dd9..7ef2acc 100644
+--- a/tc/m_pedit.c
++++ b/tc/m_pedit.c
+@@ -146,7 +146,7 @@ int pack_key(struct m_pedit_sel *_sel, struct m_pedit_key *tkey)
+ 		if (tkey->htype != TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK ||
+ 		    tkey->cmd != TCA_PEDIT_KEY_EX_CMD_SET) {
+ 			fprintf(stderr,
+-				"Munge parameters not supported. Use 'munge ex'.\n");
++				"Munge parameters not supported. Use 'pedit ex munge ...'.\n");
+ 			return -1;
+ 		}
+ 	}
+-- 
+1.8.3.1
+

SOURCES/0029-pedit-Do-not-allow-using-retain-for-too-big-fields.patch

@@ -0,0 +1,58 @@
+From 2bf855b076bbe5aa4665f7efd8bcaf882821cab5 Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] pedit: Do not allow using retain for too big fields
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit cdca191862775c47533908301760edd55763e861
+Author: Amir Vadai <amir@vadai.me>
+Date:   Sun May 14 11:17:44 2017 +0300
+
+    pedit: Do not allow using retain for too big fields
+
+    Using retain for fields longer than 32 bits is not supported.
+    Do not allow user to do it.
+
+    Signed-off-by: Amir Vadai <amir@vadai.me>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ man/man8/tc-pedit.8 | 3 ++-
+ tc/m_pedit.c        | 6 ++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8
+index 7f482ea..9c4d57b 100644
+--- a/man/man8/tc-pedit.8
++++ b/man/man8/tc-pedit.8
+@@ -266,7 +266,8 @@ Keep the addressed data as is.
+ .BI retain " RVAL"
+ This optional extra part of
+ .I CMD_SPEC
+-allows to exclude bits from being changed.
++allows to exclude bits from being changed. Supported only for 32 bits fields
++or smaller.
+ .TP
+ .I CONTROL
+ The following keywords allow to control how the tree of qdisc, classes,
+diff --git a/tc/m_pedit.c b/tc/m_pedit.c
+index 7ef2acc..9b74c96 100644
+--- a/tc/m_pedit.c
++++ b/tc/m_pedit.c
+@@ -353,6 +353,12 @@ int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type, __u32 retain,
+ 		argv++;
+ 	}
+ 
++	if (len > 4 && retain != ~0) {
++		fprintf(stderr,
++			"retain is not supported for fields longer the 32 bits\n");
++		return -1;
++	}
++
+ 	if (type == TMAC) {
+ 		res = pack_mac(sel, tkey, (__u8 *)val);
+ 		goto done;
+-- 
+1.8.3.1
+

SOURCES/0030-pedit-Check-for-extended-capability-in-protocol-pars.patch

@@ -0,0 +1,55 @@
+From 0bc6d74ce3291b669bc05524b404bc6914dab5ba Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] pedit: Check for extended capability in protocol parser
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit a13426fe1a2b0fdebacc33820105523934eb355f
+Author: Amir Vadai <amir@vadai.me>
+Date:   Sun May 14 11:17:45 2017 +0300
+
+    pedit: Check for extended capability in protocol parser
+
+    Do not allow using eth and udp header types if non-extended pedit kABI
+    is being used. Other protocol parsers already have this check.
+
+    Signed-off-by: Amir Vadai <amir@vadai.me>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ tc/p_eth.c | 3 +++
+ tc/p_udp.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/tc/p_eth.c b/tc/p_eth.c
+index ad3e28f..2d2f96c 100644
+--- a/tc/p_eth.c
++++ b/tc/p_eth.c
+@@ -34,6 +34,9 @@ parse_eth(int *argc_p, char ***argv_p,
+ 	if (argc < 2)
+ 		return -1;
+ 
++	if (!sel->extended)
++		return -1;
++
+ 	tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
+ 
+ 	if (strcmp(*argv, "type") == 0) {
+diff --git a/tc/p_udp.c b/tc/p_udp.c
+index a56a1b5..3916d95 100644
+--- a/tc/p_udp.c
++++ b/tc/p_udp.c
+@@ -34,6 +34,9 @@ parse_udp(int *argc_p, char ***argv_p,
+ 	if (argc < 2)
+ 		return -1;
+ 
++	if (!sel->extended)
++		return -1;
++
+ 	tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_UDP;
+ 
+ 	if (strcmp(*argv, "sport") == 0) {
+-- 
+1.8.3.1
+

SOURCES/0031-pedit-Introduce-ipv6-support.patch

@@ -0,0 +1,304 @@
+From 26ab66d7c43c3ef60ab058d4c3da8989a5c1dd46 Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] pedit: Introduce ipv6 support
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit f3e1b2448a95baef587965b08f48d49b6e1ec2cb
+Author: Amir Vadai <amir@vadai.me>
+Date:   Sun May 14 11:17:46 2017 +0300
+
+    pedit: Introduce ipv6 support
+
+    Add support for modifying IPv6 headers using pedit.
+
+    Signed-off-by: Amir Vadai <amir@vadai.me>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ man/man8/tc-pedit.8 | 30 ++++++++++++++++++
+ tc/Makefile         |  1 +
+ tc/m_pedit.c        | 43 +++++++++++++++++++++++--
+ tc/p_ip.c           | 17 +---------
+ tc/p_ip6.c          | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 164 insertions(+), 18 deletions(-)
+ create mode 100644 tc/p_ip6.c
+
+diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8
+index 9c4d57b..82d4217 100644
+--- a/man/man8/tc-pedit.8
++++ b/man/man8/tc-pedit.8
+@@ -33,6 +33,8 @@ pedit - generic packet editor action
+ |
+ .BI ip " EX_IPHDR_FIELD"
+ |
++.BI ip6 " IP6HDR_FIELD"
++|
+ .BI tcp " TCPHDR_FIELD"
+ |
+ .BI udp " UDPHDR_FIELD"
+@@ -55,6 +57,12 @@ pedit - generic packet editor action
+ .IR EX_IPHDR_FIELD " := { "
+ .BR ttl " }"
+ 
++
++.ti -8
++.IR IP6HDR_FIELD " := { "
++.BR src " | " dst " | " flow_lbl " | " payload_len " | " nexthdr " |"
++.BR hoplimit " }"
++
+ .ti -8
+ .IR TCPHDR_FIELD " := { "
+ .BR sport " | " dport " | " flags " }"
+@@ -211,6 +219,25 @@ are:
+ .B ttl
+ .RE
+ .TP
++.BI ip6 " IP6HDR_FIELD"
++The supported keywords for
++.I IP6HDR_FIELD
++are:
++.RS
++.TP
++.B src
++.TQ
++.B dst
++.TQ
++.B flow_lbl
++.TQ
++.B payload_len
++.TQ
++.B nexthdr
++.TQ
++.B hoplimit
++.RE
++.TP
+ .BI tcp " TCPHDR_FIELD"
+ The supported keywords for
+ .I TCPHDR_FIELD
+@@ -331,6 +358,9 @@ tc filter add dev eth0 parent ffff: u32 \\
+ 	action pedit ex munge ip dst set 192.168.1.199
+ tc filter add dev eth0 parent ffff: u32 \\
+ 	match ip sport 22 0xffff \\
++	action pedit ex munge ip6 dst set fe80::dacb:8aff:fec7:320e
++tc filter add dev eth0 parent ffff: u32 \\
++	match ip sport 22 0xffff \\
+ 	action pedit ex munge eth dst set 11:22:33:44:55:66
+ tc filter add dev eth0 parent ffff: u32 \\
+ 	match ip dport 23 0xffff \\
+diff --git a/tc/Makefile b/tc/Makefile
+index 446a113..9a6bb1d 100644
+--- a/tc/Makefile
++++ b/tc/Makefile
+@@ -53,6 +53,7 @@ TCMODULES += m_bpf.o
+ TCMODULES += m_tunnel_key.o
+ TCMODULES += m_sample.o
+ TCMODULES += p_ip.o
++TCMODULES += p_ip6.o
+ TCMODULES += p_icmp.o
+ TCMODULES += p_eth.o
+ TCMODULES += p_tcp.o
+diff --git a/tc/m_pedit.c b/tc/m_pedit.c
+index 9b74c96..dfa6b2c 100644
+--- a/tc/m_pedit.c
++++ b/tc/m_pedit.c
+@@ -257,6 +257,32 @@ static int pack_mac(struct m_pedit_sel *sel, struct m_pedit_key *tkey,
+ 	return ret;
+ }
+ 
++static int pack_ipv6(struct m_pedit_sel *sel, struct m_pedit_key *tkey,
++		     __u32 *ipv6)
++{
++	int ret = 0;
++	int i;
++
++	if (tkey->off & 0x3) {
++		fprintf(stderr,
++			"pack_ipv6: IPv6 offsets must begin in 32bit boundaries\n");
++		return -1;
++	}
++
++	for (i = 0; i < 4; i++) {
++		tkey->mask = 0;
++		tkey->val = ntohl(ipv6[i]);
++
++		ret = pack_key32(~0, sel, tkey);
++		if (ret)
++			return ret;
++
++		tkey->off += 4;
++	}
++
++	return 0;
++}
++
+ int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type)
+ {
+ 	int argc = *argc_p;
+@@ -281,8 +307,16 @@ int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type)
+ 		return 0;
+ 	}
+ 
+-	if (type == TIPV6)
+-		return -1; /* not implemented yet */
++	if (type == TIPV6) {
++		inet_prefix addr;
++
++		if (get_prefix_1(&addr, *argv, AF_INET6))
++			return -1;
++
++		memcpy(val, addr.data, addr.bytelen);
++
++		return 0;
++	}
+ 
+ 	if (type == TMAC) {
+ #define MAC_ALEN 6
+@@ -364,6 +398,11 @@ int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type, __u32 retain,
+ 		goto done;
+ 	}
+ 
++	if (type == TIPV6) {
++		res = pack_ipv6(sel, tkey, val);
++		goto done;
++	}
++
+ 	tkey->val = *v;
+ 	tkey->mask = *m;
+ 
+diff --git a/tc/p_ip.c b/tc/p_ip.c
+index 22fe650..0272a6e 100644
+--- a/tc/p_ip.c
++++ b/tc/p_ip.c
+@@ -1,5 +1,5 @@
+ /*
+- * m_pedit.c		packet editor: IPV4/6 header
++ * p_ip.c		packet editor: IPV4 header
+  *
+  *		This program is free software; you can distribute it and/or
+  *		modify it under the terms of the GNU General Public License
+@@ -156,23 +156,8 @@ done:
+ 	return res;
+ }
+ 
+-static int
+-parse_ip6(int *argc_p, char ***argv_p,
+-	  struct m_pedit_sel *sel, struct m_pedit_key *tkey)
+-{
+-	int res = -1;
+-	return res;
+-}
+-
+ struct m_pedit_util p_pedit_ip = {
+ 	NULL,
+ 	"ip",
+ 	parse_ip,
+ };
+-
+-
+-struct m_pedit_util p_pedit_ip6 = {
+-	NULL,
+-	"ip6",
+-	parse_ip6,
+-};
+diff --git a/tc/p_ip6.c b/tc/p_ip6.c
+new file mode 100644
+index 0000000..a4824bd
+--- /dev/null
++++ b/tc/p_ip6.c
+@@ -0,0 +1,91 @@
++/*
++ * p_ip6.c		packet editor: IPV6 header
++ *
++ *		This program is free software; you can distribute it and/or
++ *		modify it under the terms of the GNU General Public License
++ *		as published by the Free Software Foundation; either version
++ *		2 of the License, or (at your option) any later version.
++ *
++ * Authors:  Amir Vadai <amir@vadai.me>
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <syslog.h>
++#include <fcntl.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <string.h>
++#include "utils.h"
++#include "tc_util.h"
++#include "m_pedit.h"
++
++static int
++parse_ip6(int *argc_p, char ***argv_p,
++	  struct m_pedit_sel *sel, struct m_pedit_key *tkey)
++{
++	int res = -1;
++	int argc = *argc_p;
++	char **argv = *argv_p;
++
++	if (argc < 2)
++		return -1;
++
++	if (!sel->extended)
++		return -1;
++
++	tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
++
++	if (strcmp(*argv, "src") == 0) {
++		NEXT_ARG();
++		tkey->off = 8;
++		res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey);
++		goto done;
++	}
++	if (strcmp(*argv, "dst") == 0) {
++		NEXT_ARG();
++		tkey->off = 24;
++		res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey);
++		goto done;
++	}
++	if (strcmp(*argv, "flow_lbl") == 0) {
++		NEXT_ARG();
++		tkey->off = 0;
++		res = parse_cmd(&argc, &argv, 4, TU32, 0x0007ffff, sel, tkey);
++		goto done;
++	}
++	if (strcmp(*argv, "payload_len") == 0) {
++		NEXT_ARG();
++		tkey->off = 4;
++		res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
++		goto done;
++	}
++	if (strcmp(*argv, "nexthdr") == 0) {
++		NEXT_ARG();
++		tkey->off = 6;
++		res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
++		goto done;
++	}
++	if (strcmp(*argv, "hoplimit") == 0) {
++		NEXT_ARG();
++		tkey->off = 7;
++		res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
++		goto done;
++	}
++
++	return -1;
++
++done:
++	*argc_p = argc;
++	*argv_p = argv;
++	return res;
++}
++
++struct m_pedit_util p_pedit_ip6 = {
++	NULL,
++	"ipv6",
++	parse_ip6,
++};
+-- 
+1.8.3.1
+

SOURCES/0032-devlink-Add-option-to-set-and-show-eswitch-encapsula.patch

@@ -0,0 +1,189 @@
+From d9857ffec0266aea1c56ee26369972ade68f501a Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] devlink: Add option to set and show eswitch encapsulation
+ support
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit d315b706e9d4a550096140aa298d46b2aa7733e9
+Author: Roi Dayan <roid@mellanox.com>
+Date:   Sun May 21 08:37:27 2017 +0300
+
+    devlink: Add option to set and show eswitch encapsulation support
+
+    This is an e-switch global knob to enable HW support for applying
+    encapsulation/decapsulation to VF traffic as part of SRIOV e-switch offloading.
+
+    The actual encap/decap is carried out (along with the matching and other
+    actions) per offloaded e-switch rules, e.g as done when offloading the TC tunnel
+    key action.
+
+    Possible values are enable/disable.
+
+    Signed-off-by: Roi Dayan <roid@mellanox.com>
+    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ devlink/devlink.c      | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
+ man/man8/devlink-dev.8 | 13 +++++++++++++
+ 2 files changed, 60 insertions(+), 1 deletion(-)
+
+diff --git a/devlink/devlink.c b/devlink/devlink.c
+index e22ee0a..f9bc16c 100644
+--- a/devlink/devlink.c
++++ b/devlink/devlink.c
+@@ -176,6 +176,7 @@ static void ifname_map_free(struct ifname_map *ifname_map)
+ #define DL_OPT_ESWITCH_INLINE_MODE	BIT(12)
+ #define DL_OPT_DPIPE_TABLE_NAME	BIT(13)
+ #define DL_OPT_DPIPE_TABLE_COUNTERS	BIT(14)
++#define DL_OPT_ESWITCH_ENCAP_MODE	BIT(15)
+ 
+ struct dl_opts {
+ 	uint32_t present; /* flags of present items */
+@@ -195,6 +196,7 @@ struct dl_opts {
+ 	enum devlink_eswitch_inline_mode eswitch_inline_mode;
+ 	const char *dpipe_table_name;
+ 	bool dpipe_counters_enable;
++	bool eswitch_encap_mode;
+ };
+ 
+ struct dl {
+@@ -299,6 +301,7 @@ static const enum mnl_attr_data_type devlink_policy[DEVLINK_ATTR_MAX + 1] = {
+ 	[DEVLINK_ATTR_SB_OCC_MAX] = MNL_TYPE_U32,
+ 	[DEVLINK_ATTR_ESWITCH_MODE] = MNL_TYPE_U16,
+ 	[DEVLINK_ATTR_ESWITCH_INLINE_MODE] = MNL_TYPE_U8,
++	[DEVLINK_ATTR_ESWITCH_ENCAP_MODE] = MNL_TYPE_U8,
+ 	[DEVLINK_ATTR_DPIPE_TABLES] = MNL_TYPE_NESTED,
+ 	[DEVLINK_ATTR_DPIPE_TABLE] = MNL_TYPE_NESTED,
+ 	[DEVLINK_ATTR_DPIPE_TABLE_NAME] = MNL_TYPE_STRING,
+@@ -754,6 +757,19 @@ static int dpipe_counters_enable_get(const char *typestr,
+ 	return 0;
+ }
+ 
++static int eswitch_encap_mode_get(const char *typestr, bool *p_mode)
++{
++	if (strcmp(typestr, "enable") == 0) {
++		*p_mode = true;
++	} else if (strcmp(typestr, "disable") == 0) {
++		*p_mode = false;
++	} else {
++		pr_err("Unknown eswitch encap mode \"%s\"\n", typestr);
++		return -EINVAL;
++	}
++	return 0;
++}
++
+ static int dl_argv_parse(struct dl *dl, uint32_t o_required,
+ 			 uint32_t o_optional)
+ {
+@@ -908,7 +924,19 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required,
+ 			if (err)
+ 				return err;
+ 			o_found |= DL_OPT_DPIPE_TABLE_COUNTERS;
++		} else if (dl_argv_match(dl, "encap") &&
++			   (o_all & DL_OPT_ESWITCH_ENCAP_MODE)) {
++			const char *typestr;
+ 
++			dl_arg_inc(dl);
++			err = dl_argv_str(dl, &typestr);
++			if (err)
++				return err;
++			err = eswitch_encap_mode_get(typestr,
++						     &opts->eswitch_encap_mode);
++			if (err)
++				return err;
++			o_found |= DL_OPT_ESWITCH_ENCAP_MODE;
+ 		} else {
+ 			pr_err("Unknown option \"%s\"\n", dl_argv(dl));
+ 			return -EINVAL;
+@@ -986,6 +1014,13 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required,
+ 		pr_err("Dpipe table counter state expected\n");
+ 		return -EINVAL;
+ 	}
++
++	if ((o_required & DL_OPT_ESWITCH_ENCAP_MODE) &&
++	    !(o_found & DL_OPT_ESWITCH_ENCAP_MODE)) {
++		pr_err("E-Switch encapsulation option expected.\n");
++		return -EINVAL;
++	}
++
+ 	return 0;
+ }
+ 
+@@ -1041,6 +1076,9 @@ static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl)
+ 	if (opts->present & DL_OPT_DPIPE_TABLE_COUNTERS)
+ 		mnl_attr_put_u8(nlh, DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED,
+ 				opts->dpipe_counters_enable);
++	if (opts->present & DL_OPT_ESWITCH_ENCAP_MODE)
++		mnl_attr_put_u8(nlh, DEVLINK_ATTR_ESWITCH_ENCAP_MODE,
++				opts->eswitch_encap_mode);
+ }
+ 
+ static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl,
+@@ -1097,6 +1135,7 @@ static void cmd_dev_help(void)
+ 	pr_err("Usage: devlink dev show [ DEV ]\n");
+ 	pr_err("       devlink dev eswitch set DEV [ mode { legacy | switchdev } ]\n");
+ 	pr_err("                               [ inline-mode { none | link | network | transport } ]\n");
++	pr_err("                               [ encap { disable | enable } ]\n");
+ 	pr_err("       devlink dev eswitch show DEV\n");
+ }
+ 
+@@ -1421,6 +1460,12 @@ static void pr_out_eswitch(struct dl *dl, struct nlattr **tb)
+ 			   eswitch_inline_mode_name(mnl_attr_get_u8(
+ 				   tb[DEVLINK_ATTR_ESWITCH_INLINE_MODE])));
+ 
++	if (tb[DEVLINK_ATTR_ESWITCH_ENCAP_MODE]) {
++		bool encap_mode = !!mnl_attr_get_u8(tb[DEVLINK_ATTR_ESWITCH_ENCAP_MODE]);
++
++		pr_out_str(dl, "encap", encap_mode ? "enable" : "disable");
++	}
++
+ 	pr_out_handle_end(dl);
+ }
+ 
+@@ -1465,7 +1510,8 @@ static int cmd_dev_eswitch_set(struct dl *dl)
+ 
+ 	err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE,
+ 				DL_OPT_ESWITCH_MODE |
+-				DL_OPT_ESWITCH_INLINE_MODE);
++				DL_OPT_ESWITCH_INLINE_MODE |
++				DL_OPT_ESWITCH_ENCAP_MODE);
+ 
+ 	if (err)
+ 		return err;
+diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8
+index 6bfe66f..b074d57 100644
+--- a/man/man8/devlink-dev.8
++++ b/man/man8/devlink-dev.8
+@@ -34,6 +34,9 @@ devlink-dev \- devlink device configuration
+ .RI "[ "
+ .BR inline-mode " { " none " | " link " | " network " | " transport " } "
+ .RI "]"
++.RI "[ "
++.BR encap " { " disable " | " enable " } "
++.RI "]"
+ 
+ .ti -8
+ .BR "devlink dev eswitch show"
+@@ -81,6 +84,16 @@ Some HWs need the VF driver to put part of the packet headers on the TX descript
+ .I transport
+ - L4 mode
+ 
++.TP
++.BR encap " { " disable " | " enable " } "
++Set eswitch encapsulation support
++
++.I disable
++- Disable encapsulation support
++
++.I enable
++- Enable encapsulation support
++
+ .SH "EXAMPLES"
+ .PP
+ devlink dev show
+-- 
+1.8.3.1
+

SOURCES/0033-tc-flower-add-support-for-tcp-flags.patch

@@ -0,0 +1,154 @@
+From 7cbf364a5f68ba008c5e0702266fe3dc606b1d6f Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] tc: flower: add support for tcp flags
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit 0c30d14d0a2fc2fb6b7fef62bea05f2e5c3eb26a
+Author: Jiri Pirko <jiri@mellanox.com>
+Date:   Tue May 23 23:51:39 2017 +0200
+
+    tc: flower: add support for tcp flags
+
+    Allow user to insert a flower classifier filter rule which includes
+    match for tcp flags.
+
+    Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ man/man8/tc-flower.8 |  8 +++++++
+ tc/f_flower.c        | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 70 insertions(+)
+
+diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
+index ba29065..7648079 100644
+--- a/man/man8/tc-flower.8
++++ b/man/man8/tc-flower.8
+@@ -35,6 +35,8 @@ flower \- flow based traffic control filter
+ .IR PREFIX " | { "
+ .BR dst_port " | " src_port " } "
+ .IR port_number " } | "
++.B tcp_flags
++.IR MASKED_TCP_FLAGS " | "
+ .B type
+ .IR MASKED_TYPE " | "
+ .B code
+@@ -136,6 +138,12 @@ Match on layer 4 protocol source or destination port number. Only available for
+ .BR ip_proto " values " udp ", " tcp  " and " sctp
+ which have to be specified in beforehand.
+ .TP
++.BI tcp_flags " MASKED_TCP_FLAGS"
++Match on TCP flags represented as 12bit bitfield in in hexadecimal format.
++A mask may be optionally provided to limit the bits which are matched. A mask
++is provided by following the value with a slash and then the mask. If the mask
++is missing then a match on all bits is assumed.
++.TP
+ .BI type " MASKED_TYPE"
+ .TQ
+ .BI code " MASKED_CODE"
+diff --git a/tc/f_flower.c b/tc/f_flower.c
+index ebc63ca..1b6b46e 100644
+--- a/tc/f_flower.c
++++ b/tc/f_flower.c
+@@ -57,6 +57,7 @@ static void explain(void)
+ 		"                       src_ip PREFIX |\n"
+ 		"                       dst_port PORT-NUMBER |\n"
+ 		"                       src_port PORT-NUMBER |\n"
++		"                       tcp_flags MASKED-TCP_FLAGS |\n"
+ 		"                       type MASKED-ICMP-TYPE |\n"
+ 		"                       code MASKED-ICMP-CODE |\n"
+ 		"                       arp_tip IPV4-PREFIX |\n"
+@@ -474,6 +475,41 @@ static int flower_parse_port(char *str, __u8 ip_proto,
+ 	return 0;
+ }
+ 
++#define TCP_FLAGS_MAX_MASK 0xfff
++
++static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
++				  struct nlmsghdr *n)
++{
++	char *slash;
++	int ret, err = -1;
++	__u16 flags;
++
++	slash = strchr(str, '/');
++	if (slash)
++		*slash = '\0';
++
++	ret = get_u16(&flags, str, 16);
++	if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
++		goto err;
++
++	addattr16(n, MAX_MSG, flags_type, htons(flags));
++
++	if (slash) {
++		ret = get_u16(&flags, slash + 1, 16);
++		if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
++			goto err;
++	} else {
++		flags = TCP_FLAGS_MAX_MASK;
++	}
++	addattr16(n, MAX_MSG, mask_type, htons(flags));
++
++	err = 0;
++err:
++	if (slash)
++		*slash = '/';
++	return err;
++}
++
+ static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
+ {
+ 	int ret;
+@@ -671,6 +707,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
+ 				fprintf(stderr, "Illegal \"src_port\"\n");
+ 				return -1;
+ 			}
++		} else if (matches(*argv, "tcp_flags") == 0) {
++			NEXT_ARG();
++			ret = flower_parse_tcp_flags(*argv,
++						     TCA_FLOWER_KEY_TCP_FLAGS,
++						     TCA_FLOWER_KEY_TCP_FLAGS_MASK,
++						     n);
++			if (ret < 0) {
++				fprintf(stderr, "Illegal \"tcp_flags\"\n");
++				return -1;
++			}
+ 		} else if (matches(*argv, "type") == 0) {
+ 			NEXT_ARG();
+ 			ret = flower_parse_icmp(*argv, eth_type, ip_proto,
+@@ -1000,6 +1046,19 @@ static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
+ 		fprintf(f, "\n  %s %d", name, rta_getattr_be16(attr));
+ }
+ 
++static void flower_print_tcp_flags(FILE *f, char *name,
++				  struct rtattr *flags_attr,
++				  struct rtattr *mask_attr)
++{
++	if (!flags_attr)
++		return;
++	fprintf(f, "\n  %s %x", name, rta_getattr_be16(flags_attr));
++	if (!mask_attr)
++		return;
++	fprintf(f, "/%x", rta_getattr_be16(mask_attr));
++}
++
++
+ static void flower_print_key_id(FILE *f, const char *name,
+ 				struct rtattr *attr)
+ {
+@@ -1110,6 +1169,9 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
+ 	if (nl_type >= 0)
+ 		flower_print_port(f, "src_port", tb[nl_type]);
+ 
++	flower_print_tcp_flags(f, "tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
++			       tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
++
+ 	nl_type = flower_icmp_attr_type(eth_type, ip_proto,
+ 					FLOWER_ICMP_FIELD_TYPE);
+ 	nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
+-- 
+1.8.3.1
+

SOURCES/0034-iplink-Update-usage-in-help-message.patch

@@ -0,0 +1,60 @@
+From 41b38afb79a82eec66fea08fc021a35cf1d550fc Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] iplink: Update usage in help message
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit 5a3ec4ba64783a640e7716a37faae4be49489e51
+Author: Eli Cohen <eli@mellanox.com>
+Date:   Sun Jun 4 15:36:48 2017 +0300
+
+    iplink: Update usage in help message
+
+    Add to usage message a description of how to configure Infiniband node
+    and port GUIDs. Also modify the man page to emphasize the GUIDs are
+    configured for Infiniband VFs.
+
+    Fixes: d91fb3f4c7e4 ("Add support for configuring Infiniband GUIDs")
+    Signed-off-by: Eli Cohen <eli@mellanox.com>
+    Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ ip/iplink.c           | 2 ++
+ man/man8/ip-link.8.in | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ip/iplink.c b/ip/iplink.c
+index b08d227..193997c 100644
+--- a/ip/iplink.c
++++ b/ip/iplink.c
+@@ -91,6 +91,8 @@ void iplink_usage(void)
+ 		"				   [ query_rss { on | off} ]\n"
+ 		"				   [ state { auto | enable | disable} ] ]\n"
+ 		"				   [ trust { on | off} ] ]\n"
++		"				   [ node_guid { eui64 } ]\n"
++		"				   [ port_guid { eui64 } ]\n"
+ 		"			  [ xdp { off |\n"
+ 		"				  object FILE [ section NAME ] [ verbose ] |\n"
+ 		"				  pinned FILE } ]\n"
+diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
+index a5ddfe7..48417db 100644
+--- a/man/man8/ip-link.8.in
++++ b/man/man8/ip-link.8.in
+@@ -1564,10 +1564,10 @@ sent by the VF.
+ which may impact security and/or performance. (e.g. VF multicast promiscuous mode)
+ .sp
+ .BI node_guid " eui64"
+-- configure node GUID for the VF.
++- configure node GUID for Infiniband VFs.
+ .sp
+ .BI port_guid " eui64"
+-- configure port GUID for the VF.
++- configure port GUID for Infiniband VFs.
+ .in -8
+ 
+ .TP
+-- 
+1.8.3.1
+

SOURCES/0035-tc-flower-add-support-for-matching-on-ip-tos-and-ttl.patch

@@ -0,0 +1,177 @@
+From f8e5b20689cdc1f488140d9da4adf6f3ca421d3f Mon Sep 17 00:00:00 2001
+From: Kamal Heib <kheib@redhat.com>
+Date: Thu, 9 Nov 2017 04:44:32 -0500
+Subject: [PATCH] tc: flower: add support for matching on ip tos and ttl
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539
+
+commit 6ea2c2b1cff676be2d01029a01cbd84d0675213c
+Author: Or Gerlitz <ogerlitz@mellanox.com>
+Date:   Wed Jun 7 15:17:54 2017 +0300
+
+    tc: flower: add support for matching on ip tos and ttl
+
+    Allow users to set flower classifier filter rules which
+    include matches for ip tos and ttl.
+
+    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
+    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
+
+Signed-off-by: Kamal Heib <kheib@redhat.com>
+---
+ man/man8/tc-flower.8 | 17 +++++++++++-
+ tc/f_flower.c        | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 91 insertions(+), 1 deletion(-)
+
+diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
+index 7648079..be46f02 100644
+--- a/man/man8/tc-flower.8
++++ b/man/man8/tc-flower.8
+@@ -30,7 +30,11 @@ flower \- flow based traffic control filter
+ .BR vlan_ethtype " { " ipv4 " | " ipv6 " | "
+ .IR ETH_TYPE " } | "
+ .BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | "
+-.IR IP_PROTO " } | { "
++.IR IP_PROTO " } | "
++.B ip_tos
++.IR MASKED_IP_TOS " | "
++.B ip_ttl
++.IR MASKED_IP_TTL " | { "
+ .BR dst_ip " | " src_ip " } "
+ .IR PREFIX " | { "
+ .BR dst_port " | " src_port " } "
+@@ -122,6 +126,17 @@ may be
+ .BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
+ or an unsigned 8bit value in hexadecimal format.
+ .TP
++.BI ip_tos " MASKED_IP_TOS"
++Match on ipv4 TOS or ipv6 traffic-class - eight bits in hexadecimal format.
++A mask may be optionally provided to limit the bits which are matched. A mask
++is provided by following the value with a slash and then the mask. If the mask
++is missing then a match on all bits is assumed.
++.TP
++.BI ip_ttl " MASKED_IP_TTL"
++Match on ipv4 TTL or ipv6 hop-limit  - eight bits value in decimal or hexadecimal format.
++A mask may be optionally provided to limit the bits which are matched. Same
++logic is used for the mask as with matching on ip_tos.
++.TP
+ .BI dst_ip " PREFIX"
+ .TQ
+ .BI src_ip " PREFIX"
+diff --git a/tc/f_flower.c b/tc/f_flower.c
+index 1b6b46e..5be693a 100644
+--- a/tc/f_flower.c
++++ b/tc/f_flower.c
+@@ -53,6 +53,8 @@ static void explain(void)
+ 		"                       dst_mac MASKED-LLADDR |\n"
+ 		"                       src_mac MASKED-LLADDR |\n"
+ 		"                       ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
++		"                       ip_tos MASKED-IP_TOS |\n"
++		"                       ip_ttl MASKED-IP_TTL |\n"
+ 		"                       dst_ip PREFIX |\n"
+ 		"                       src_ip PREFIX |\n"
+ 		"                       dst_port PORT-NUMBER |\n"
+@@ -510,6 +512,41 @@ err:
+ 	return err;
+ }
+ 
++static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
++				   struct nlmsghdr *n)
++{
++	char *slash;
++	int ret, err = -1;
++	__u8 tos_ttl;
++
++	slash = strchr(str, '/');
++	if (slash)
++		*slash = '\0';
++
++	ret = get_u8(&tos_ttl, str, 10);
++	if (ret < 0)
++		ret = get_u8(&tos_ttl, str, 16);
++	if (ret < 0)
++		goto err;
++
++	addattr8(n, MAX_MSG, key_type, tos_ttl);
++
++	if (slash) {
++		ret = get_u8(&tos_ttl, slash + 1, 16);
++		if (ret < 0)
++			goto err;
++	} else {
++		tos_ttl = 0xff;
++	}
++	addattr8(n, MAX_MSG, mask_type, tos_ttl);
++
++	err = 0;
++err:
++	if (slash)
++		*slash = '/';
++	return err;
++}
++
+ static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
+ {
+ 	int ret;
+@@ -665,6 +702,26 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
+ 				fprintf(stderr, "Illegal \"ip_proto\"\n");
+ 				return -1;
+ 			}
++		} else if (matches(*argv, "ip_tos") == 0) {
++			NEXT_ARG();
++			ret = flower_parse_ip_tos_ttl(*argv,
++						      TCA_FLOWER_KEY_IP_TOS,
++						      TCA_FLOWER_KEY_IP_TOS_MASK,
++						      n);
++			if (ret < 0) {
++				fprintf(stderr, "Illegal \"ip_tos\"\n");
++				return -1;
++			}
++		} else if (matches(*argv, "ip_ttl") == 0) {
++			NEXT_ARG();
++			ret = flower_parse_ip_tos_ttl(*argv,
++						      TCA_FLOWER_KEY_IP_TTL,
++						      TCA_FLOWER_KEY_IP_TTL_MASK,
++						      n);
++			if (ret < 0) {
++				fprintf(stderr, "Illegal \"ip_ttl\"\n");
++				return -1;
++			}
+ 		} else if (matches(*argv, "dst_ip") == 0) {
+ 			NEXT_ARG();
+ 			ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
+@@ -963,6 +1020,19 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto,
+ 	*p_ip_proto = ip_proto;
+ }
+ 
++static void flower_print_ip_attr(FILE *f, char *name,
++				 struct rtattr *key_attr,
++				 struct rtattr *mask_attr)
++{
++	if (!key_attr)
++		return;
++
++	fprintf(f, "\n  %s %x", name, rta_getattr_u8(key_attr));
++	if (!mask_attr)
++		return;
++	fprintf(f, "/%x", rta_getattr_u8(mask_attr));
++}
++
+ static void flower_print_matching_flags(FILE *f, char *name,
+ 					enum flower_matching_flags type,
+ 					struct rtattr *attr,
+@@ -1150,6 +1220,11 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
+ 	flower_print_eth_type(f, &eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
+ 	flower_print_ip_proto(f, &ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
+ 
++	flower_print_ip_attr(f, "ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
++			    tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
++	flower_print_ip_attr(f, "ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
++			    tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
++
+ 	flower_print_ip_addr(f, "dst_ip", eth_type,
+ 			     tb[TCA_FLOWER_KEY_IPV4_DST],
+ 			     tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
+-- 
+1.8.3.1
+

SOURCES/0037-uapi-add-include-linux-vm_sockets_diag.h.patch

@@ -0,0 +1,64 @@
+From 74e00895532b878a902f9b0477e1b00d1be9df59 Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Sun, 22 Oct 2017 21:44:25 +0200
+Subject: [PATCH] uapi: add include linux/vm_sockets_diag.h
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1472759
+Upstream Status: iproute2.git commit e9b0d82dfac2
+
+commit e9b0d82dfac25912cf757945d9caf6fe2371f526
+Author: Stephen Hemminger <stephen@networkplumber.org>
+Date:   Wed Oct 11 10:49:25 2017 -0700
+
+    uapi: add include linux/vm_sockets_diag.h
+
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ include/uapi/linux/vm_sockets_diag.h | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+ create mode 100644 include/uapi/linux/vm_sockets_diag.h
+
+diff --git a/include/uapi/linux/vm_sockets_diag.h b/include/uapi/linux/vm_sockets_diag.h
+new file mode 100644
+index 0000000..a732a6f
+--- /dev/null
++++ b/include/uapi/linux/vm_sockets_diag.h
+@@ -0,0 +1,33 @@
++/* AF_VSOCK sock_diag(7) interface for querying open sockets */
++
++#ifndef __VM_SOCKETS_DIAG_H__
++#define __VM_SOCKETS_DIAG_H__
++
++#include <linux/types.h>
++
++/* Request */
++struct vsock_diag_req {
++	__u8	sdiag_family;	/* must be AF_VSOCK */
++	__u8	sdiag_protocol;	/* must be 0 */
++	__u16	pad;		/* must be 0 */
++	__u32	vdiag_states;	/* query bitmap (e.g. 1 << TCP_LISTEN) */
++	__u32	vdiag_ino;	/* must be 0 (reserved) */
++	__u32	vdiag_show;	/* must be 0 (reserved) */
++	__u32	vdiag_cookie[2];
++};
++
++/* Response */
++struct vsock_diag_msg {
++	__u8	vdiag_family;	/* AF_VSOCK */
++	__u8	vdiag_type;	/* SOCK_STREAM or SOCK_DGRAM */
++	__u8	vdiag_state;	/* sk_state (e.g. TCP_LISTEN) */
++	__u8	vdiag_shutdown; /* local RCV_SHUTDOWN | SEND_SHUTDOWN */
++	__u32   vdiag_src_cid;
++	__u32   vdiag_src_port;
++	__u32   vdiag_dst_cid;
++	__u32   vdiag_dst_port;
++	__u32	vdiag_ino;
++	__u32	vdiag_cookie[2];
++};
++
++#endif /* __VM_SOCKETS_DIAG_H__ */
+-- 
+1.8.3.1
+

SOURCES/0038-ss-allow-AF_FAMILY-constants-32.patch

@@ -0,0 +1,213 @@
+From f59533eb3cb188a23456444aeb19ac3634eddd8c Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Sun, 22 Oct 2017 21:44:26 +0200
+Subject: [PATCH] ss: allow AF_FAMILY constants >32
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1472759
+Upstream Status: iproute2.git commit b338a3e7e7d9
+
+commit b338a3e7e7d95c9d46de9748604da06287664033
+Author: Stefan Hajnoczi <stefanha@redhat.com>
+Date:   Fri Oct 6 11:48:39 2017 -0400
+
+    ss: allow AF_FAMILY constants >32
+
+    Linux has more than 32 address families defined in <bits/socket.h>.  Use
+    a 64-bit type so all of them can be represented in the filter->families
+    bitmask.
+
+    It's easy to introduce bugs when using (1 << AF_FAMILY) because the
+    value is 32-bit.  This can produce incorrect results from bitmask
+    operations so introduce the FAMILY_MASK() macro to eliminate these bugs.
+
+    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ misc/ss.c | 54 ++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 28 insertions(+), 26 deletions(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index d3fb9a7..0d64527 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -170,55 +170,57 @@ enum {
+ struct filter {
+ 	int dbs;
+ 	int states;
+-	int families;
++	uint64_t families;
+ 	struct ssfilter *f;
+ 	bool kill;
+ };
+ 
++#define FAMILY_MASK(family) ((uint64_t)1 << (family))
++
+ static const struct filter default_dbs[MAX_DB] = {
+ 	[TCP_DB] = {
+ 		.states   = SS_CONN,
+-		.families = (1 << AF_INET) | (1 << AF_INET6),
++		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
+ 	[DCCP_DB] = {
+ 		.states   = SS_CONN,
+-		.families = (1 << AF_INET) | (1 << AF_INET6),
++		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
+ 	[UDP_DB] = {
+ 		.states   = (1 << SS_ESTABLISHED),
+-		.families = (1 << AF_INET) | (1 << AF_INET6),
++		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
+ 	[RAW_DB] = {
+ 		.states   = (1 << SS_ESTABLISHED),
+-		.families = (1 << AF_INET) | (1 << AF_INET6),
++		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
+ 	[UNIX_DG_DB] = {
+ 		.states   = (1 << SS_CLOSE),
+-		.families = (1 << AF_UNIX),
++		.families = FAMILY_MASK(AF_UNIX),
+ 	},
+ 	[UNIX_ST_DB] = {
+ 		.states   = SS_CONN,
+-		.families = (1 << AF_UNIX),
++		.families = FAMILY_MASK(AF_UNIX),
+ 	},
+ 	[UNIX_SQ_DB] = {
+ 		.states   = SS_CONN,
+-		.families = (1 << AF_UNIX),
++		.families = FAMILY_MASK(AF_UNIX),
+ 	},
+ 	[PACKET_DG_DB] = {
+ 		.states   = (1 << SS_CLOSE),
+-		.families = (1 << AF_PACKET),
++		.families = FAMILY_MASK(AF_PACKET),
+ 	},
+ 	[PACKET_R_DB] = {
+ 		.states   = (1 << SS_CLOSE),
+-		.families = (1 << AF_PACKET),
++		.families = FAMILY_MASK(AF_PACKET),
+ 	},
+ 	[NETLINK_DB] = {
+ 		.states   = (1 << SS_CLOSE),
+-		.families = (1 << AF_NETLINK),
++		.families = FAMILY_MASK(AF_NETLINK),
+ 	},
+ 	[SCTP_DB] = {
+ 		.states   = SS_CONN,
+-		.families = (1 << AF_INET) | (1 << AF_INET6),
++		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
+ };
+ 
+@@ -258,14 +260,14 @@ static void filter_db_set(struct filter *f, int db)
+ static void filter_af_set(struct filter *f, int af)
+ {
+ 	f->states	   |= default_afs[af].states;
+-	f->families	   |= 1 << af;
++	f->families	   |= FAMILY_MASK(af);
+ 	do_default	    = 0;
+ 	preferred_family    = af;
+ }
+ 
+ static int filter_af_get(struct filter *f, int af)
+ {
+-	return f->families & (1 << af);
++	return !!(f->families & FAMILY_MASK(af));
+ }
+ 
+ static void filter_default_dbs(struct filter *f)
+@@ -302,7 +304,7 @@ static void filter_merge_defaults(struct filter *f)
+ 			f->families |= default_dbs[db].families;
+ 	}
+ 	for (af = 0; af < AF_MAX; af++) {
+-		if (!(f->families & (1 << af)))
++		if (!(f->families & FAMILY_MASK(af)))
+ 			continue;
+ 
+ 		if (!(default_afs[af].dbs & f->dbs))
+@@ -2599,7 +2601,7 @@ static int show_one_inet_sock(const struct sockaddr_nl *addr,
+ 	struct inet_diag_msg *r = NLMSG_DATA(h);
+ 	struct sockstat s = {};
+ 
+-	if (!(diag_arg->f->families & (1 << r->idiag_family)))
++	if (!(diag_arg->f->families & FAMILY_MASK(r->idiag_family)))
+ 		return 0;
+ 
+ 	parse_diag_msg(h, &s);
+@@ -2785,7 +2787,7 @@ static int tcp_show(struct filter *f)
+ 		return -1;
+ 	}
+ 
+-	if (f->families & (1<<AF_INET)) {
++	if (f->families & FAMILY_MASK(AF_INET)) {
+ 		if ((fp = net_tcp_open()) == NULL)
+ 			goto outerr;
+ 
+@@ -2795,7 +2797,7 @@ static int tcp_show(struct filter *f)
+ 		fclose(fp);
+ 	}
+ 
+-	if ((f->families & (1<<AF_INET6)) &&
++	if ((f->families & FAMILY_MASK(AF_INET6)) &&
+ 	    (fp = net_tcp6_open()) != NULL) {
+ 		setbuffer(fp, buf, bufsize);
+ 		if (generic_record_read(fp, tcp_show_line, f, AF_INET6))
+@@ -2894,7 +2896,7 @@ static int udp_show(struct filter *f)
+ 	    && inet_show_netlink(f, NULL, IPPROTO_UDP) == 0)
+ 		return 0;
+ 
+-	if (f->families&(1<<AF_INET)) {
++	if (f->families&FAMILY_MASK(AF_INET)) {
+ 		if ((fp = net_udp_open()) == NULL)
+ 			goto outerr;
+ 		if (generic_record_read(fp, dgram_show_line, f, AF_INET))
+@@ -2902,7 +2904,7 @@ static int udp_show(struct filter *f)
+ 		fclose(fp);
+ 	}
+ 
+-	if ((f->families&(1<<AF_INET6)) &&
++	if ((f->families&FAMILY_MASK(AF_INET6)) &&
+ 	    (fp = net_udp6_open()) != NULL) {
+ 		if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
+ 			goto outerr;
+@@ -2934,7 +2936,7 @@ static int raw_show(struct filter *f)
+ 	    inet_show_netlink(f, NULL, IPPROTO_RAW) == 0)
+ 		return 0;
+ 
+-	if (f->families&(1<<AF_INET)) {
++	if (f->families&FAMILY_MASK(AF_INET)) {
+ 		if ((fp = net_raw_open()) == NULL)
+ 			goto outerr;
+ 		if (generic_record_read(fp, dgram_show_line, f, AF_INET))
+@@ -2942,7 +2944,7 @@ static int raw_show(struct filter *f)
+ 		fclose(fp);
+ 	}
+ 
+-	if ((f->families&(1<<AF_INET6)) &&
++	if ((f->families&FAMILY_MASK(AF_INET6)) &&
+ 	    (fp = net_raw6_open()) != NULL) {
+ 		if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
+ 			goto outerr;
+@@ -3682,13 +3684,13 @@ static int handle_follow_request(struct filter *f)
+ 	int groups = 0;
+ 	struct rtnl_handle rth;
+ 
+-	if (f->families & (1 << AF_INET) && f->dbs & (1 << TCP_DB))
++	if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << TCP_DB))
+ 		groups |= 1 << (SKNLGRP_INET_TCP_DESTROY - 1);
+-	if (f->families & (1 << AF_INET) && f->dbs & (1 << UDP_DB))
++	if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << UDP_DB))
+ 		groups |= 1 << (SKNLGRP_INET_UDP_DESTROY - 1);
+-	if (f->families & (1 << AF_INET6) && f->dbs & (1 << TCP_DB))
++	if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << TCP_DB))
+ 		groups |= 1 << (SKNLGRP_INET6_TCP_DESTROY - 1);
+-	if (f->families & (1 << AF_INET6) && f->dbs & (1 << UDP_DB))
++	if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << UDP_DB))
+ 		groups |= 1 << (SKNLGRP_INET6_UDP_DESTROY - 1);
+ 
+ 	if (groups == 0)
+-- 
+1.8.3.1
+

SOURCES/0039-ss-add-AF_VSOCK-support.patch

@@ -0,0 +1,398 @@
+From fe898bd10be2bc527f81421f06afff77e8ba42eb Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Sun, 22 Oct 2017 21:44:27 +0200
+Subject: [PATCH] ss: add AF_VSOCK support
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1472759
+Upstream Status: iproute2.git commit c759116a0b2b
+
+commit c759116a0b2b6da8df9687b0a40ac69050132c77
+Author: Stefan Hajnoczi <stefanha@redhat.com>
+Date:   Fri Oct 6 11:48:41 2017 -0400
+
+    ss: add AF_VSOCK support
+
+    The AF_VSOCK address family is a host<->guest communications channel
+    supported by VMware, KVM, and Hyper-V.  Initial VMware support was
+    released in Linux 3.9 in 2013 and transports for other hypervisors were
+    added later.
+
+    AF_VSOCK addresses are <u32 cid, u32 port> tuples.  The 32-bit cid
+    integer is comparable to an IP address.  AF_VSOCK ports work like
+    TCP/UDP ports.
+
+    Both SOCK_STREAM and SOCK_DGRAM socket types are available.
+
+    This patch adds AF_VSOCK support to ss(8) so that sockets can be
+    observed.
+
+    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ man/man8/ss.8 |   8 ++-
+ misc/ss.c     | 184 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 188 insertions(+), 4 deletions(-)
+
+diff --git a/man/man8/ss.8 b/man/man8/ss.8
+index 81de69d..4323eee 100644
+--- a/man/man8/ss.8
++++ b/man/man8/ss.8
+@@ -125,14 +125,18 @@ Display Unix domain sockets (alias for -f unix).
+ .B \-S, \-\-sctp
+ Display SCTP sockets.
+ .TP
++.B \-\-vsock
++Display vsock sockets (alias for -f vsock).
++.TP
+ .B \-f FAMILY, \-\-family=FAMILY
+ Display sockets of type FAMILY.
+-Currently the following families are supported: unix, inet, inet6, link, netlink.
++Currently the following families are supported: unix, inet, inet6, link, netlink, vsock.
+ .TP
+ .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
+ List of socket tables to dump, separated by commas. The following identifiers
+ are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
+-unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp.
++unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp,
++vsock_stream, vsock_dgram.
+ .TP
+ .B \-D FILE, \-\-diag=FILE
+ Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
+diff --git a/misc/ss.c b/misc/ss.c
+index 0d64527..e922665 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -44,6 +44,7 @@
+ #include <linux/packet_diag.h>
+ #include <linux/netlink_diag.h>
+ #include <linux/sctp.h>
++#include <linux/vm_sockets_diag.h>
+ 
+ #define MAGIC_SEQ 123456
+ 
+@@ -126,6 +127,8 @@ enum {
+ 	PACKET_R_DB,
+ 	NETLINK_DB,
+ 	SCTP_DB,
++	VSOCK_ST_DB,
++	VSOCK_DG_DB,
+ 	MAX_DB
+ };
+ 
+@@ -134,6 +137,7 @@ enum {
+ #define ALL_DB ((1<<MAX_DB)-1)
+ #define INET_L4_DBM ((1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
+ #define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
++#define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
+ 
+ enum {
+ 	SS_UNKNOWN,
+@@ -222,6 +226,14 @@ static const struct filter default_dbs[MAX_DB] = {
+ 		.states   = SS_CONN,
+ 		.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ 	},
++	[VSOCK_ST_DB] = {
++		.states   = SS_CONN,
++		.families = FAMILY_MASK(AF_VSOCK),
++	},
++	[VSOCK_DG_DB] = {
++		.states   = SS_CONN,
++		.families = FAMILY_MASK(AF_VSOCK),
++	},
+ };
+ 
+ static const struct filter default_afs[AF_MAX] = {
+@@ -245,6 +257,10 @@ static const struct filter default_afs[AF_MAX] = {
+ 		.dbs    = (1 << NETLINK_DB),
+ 		.states = (1 << SS_CLOSE),
+ 	},
++	[AF_VSOCK] = {
++		.dbs    = VSOCK_DBM,
++		.states = SS_CONN,
++	},
+ };
+ 
+ static int do_default = 1;
+@@ -283,6 +299,8 @@ static void filter_default_dbs(struct filter *f)
+ 	filter_db_set(f, PACKET_DG_DB);
+ 	filter_db_set(f, NETLINK_DB);
+ 	filter_db_set(f, SCTP_DB);
++	filter_db_set(f, VSOCK_ST_DB);
++	filter_db_set(f, VSOCK_DG_DB);
+ }
+ 
+ static void filter_states_set(struct filter *f, int states)
+@@ -792,6 +810,18 @@ static const char *proto_name(int protocol)
+ 	return "???";
+ }
+ 
++static const char *vsock_netid_name(int type)
++{
++	switch (type) {
++	case SOCK_STREAM:
++		return "v_str";
++	case SOCK_DGRAM:
++		return "v_dgr";
++	default:
++		return "???";
++	}
++}
++
+ static void sock_state_print(struct sockstat *s)
+ {
+ 	const char *sock_name;
+@@ -824,6 +854,9 @@ static void sock_state_print(struct sockstat *s)
+ 	case AF_NETLINK:
+ 		sock_name = "nl";
+ 		break;
++	case AF_VSOCK:
++		sock_name = vsock_netid_name(s->type);
++		break;
+ 	default:
+ 		sock_name = "unknown";
+ 	}
+@@ -1139,6 +1172,8 @@ static int run_ssfilter(struct ssfilter *f, struct sockstat *s)
+ 			return s->lport == 0 && s->local.data[0] == 0;
+ 		if (s->local.family == AF_NETLINK)
+ 			return s->lport < 0;
++		if (s->local.family == AF_VSOCK)
++			return s->lport > 1023;
+ 
+ 		return is_ephemeral(s->lport);
+ 	}
+@@ -1515,6 +1550,15 @@ void *parse_devcond(char *name)
+ 	return res;
+ }
+ 
++static void vsock_set_inet_prefix(inet_prefix *a, __u32 cid)
++{
++	*a = (inet_prefix){
++		.bytelen = sizeof(cid),
++		.family = AF_VSOCK,
++	};
++	memcpy(a->data, &cid, sizeof(cid));
++}
++
+ void *parse_hostcond(char *addr, bool is_port)
+ {
+ 	char *port = NULL;
+@@ -1589,6 +1633,37 @@ void *parse_hostcond(char *addr, bool is_port)
+ 		goto out;
+ 	}
+ 
++	if (fam == AF_VSOCK || strncmp(addr, "vsock:", 6) == 0) {
++		__u32 cid = ~(__u32)0;
++
++		a.addr.family = AF_VSOCK;
++		if (strncmp(addr, "vsock:", 6) == 0)
++			addr += 6;
++
++		if (is_port)
++			port = addr;
++		else {
++			port = strchr(addr, ':');
++			if (port) {
++				*port = '\0';
++				port++;
++			}
++		}
++
++		if (port && strcmp(port, "*") &&
++		    get_u32((__u32 *)&a.port, port, 0))
++			return NULL;
++
++		if (addr[0] && strcmp(addr, "*")) {
++			a.addr.bitlen = 32;
++			if (get_u32(&cid, addr, 0))
++				return NULL;
++		}
++		vsock_set_inet_prefix(&a.addr, cid);
++		fam = AF_VSOCK;
++		goto out;
++	}
++
+ 	if (fam == AF_INET || !strncmp(addr, "inet:", 5)) {
+ 		fam = AF_INET;
+ 		if (!strncmp(addr, "inet:", 5))
+@@ -3653,6 +3728,88 @@ static int netlink_show(struct filter *f)
+ 	return 0;
+ }
+ 
++static bool vsock_type_skip(struct sockstat *s, struct filter *f)
++{
++	if (s->type == SOCK_STREAM && !(f->dbs & (1 << VSOCK_ST_DB)))
++		return true;
++	if (s->type == SOCK_DGRAM && !(f->dbs & (1 << VSOCK_DG_DB)))
++		return true;
++	return false;
++}
++
++static void vsock_addr_print(inet_prefix *a, __u32 port)
++{
++	char cid_str[sizeof("4294967295")];
++	char port_str[sizeof("4294967295")];
++	__u32 cid;
++
++	memcpy(&cid, a->data, sizeof(cid));
++
++	if (cid == ~(__u32)0)
++		snprintf(cid_str, sizeof(cid_str), "*");
++	else
++		snprintf(cid_str, sizeof(cid_str), "%u", cid);
++
++	if (port == ~(__u32)0)
++		snprintf(port_str, sizeof(port_str), "*");
++	else
++		snprintf(port_str, sizeof(port_str), "%u", port);
++
++	sock_addr_print(cid_str, ":", port_str, NULL);
++}
++
++static void vsock_stats_print(struct sockstat *s, struct filter *f)
++{
++	sock_state_print(s);
++
++	vsock_addr_print(&s->local, s->lport);
++	vsock_addr_print(&s->remote, s->rport);
++
++	proc_ctx_print(s);
++
++	printf("\n");
++}
++
++static int vsock_show_sock(const struct sockaddr_nl *addr,
++			   struct nlmsghdr *nlh, void *arg)
++{
++	struct filter *f = (struct filter *)arg;
++	struct vsock_diag_msg *r = NLMSG_DATA(nlh);
++	struct sockstat stat = {
++		.type = r->vdiag_type,
++		.lport = r->vdiag_src_port,
++		.rport = r->vdiag_dst_port,
++		.state = r->vdiag_state,
++		.ino = r->vdiag_ino,
++	};
++
++	vsock_set_inet_prefix(&stat.local, r->vdiag_src_cid);
++	vsock_set_inet_prefix(&stat.remote, r->vdiag_dst_cid);
++
++	if (vsock_type_skip(&stat, f))
++		return 0;
++
++	if (f->f && run_ssfilter(f->f, &stat) == 0)
++		return 0;
++
++	vsock_stats_print(&stat, f);
++
++	return 0;
++}
++
++static int vsock_show(struct filter *f)
++{
++	DIAG_REQUEST(req, struct vsock_diag_req r);
++
++	if (!filter_af_get(f, AF_VSOCK))
++		return 0;
++
++	req.r.sdiag_family = AF_VSOCK;
++	req.r.vdiag_states = f->states;
++
++	return handle_netlink_request(f, &req.nlh, sizeof(req), vsock_show_sock);
++}
++
+ struct sock_diag_msg {
+ 	__u8 sdiag_family;
+ };
+@@ -3673,6 +3830,8 @@ static int generic_show_sock(const struct sockaddr_nl *addr,
+ 		return packet_show_sock(addr, nlh, arg);
+ 	case AF_NETLINK:
+ 		return netlink_show_sock(addr, nlh, arg);
++	case AF_VSOCK:
++		return vsock_show_sock(addr, nlh, arg);
+ 	default:
+ 		return -1;
+ 	}
+@@ -3900,14 +4059,15 @@ static void _usage(FILE *dest)
+ "   -d, --dccp          display only DCCP sockets\n"
+ "   -w, --raw           display only RAW sockets\n"
+ "   -x, --unix          display only Unix domain sockets\n"
++"       --vsock         display only vsock sockets\n"
+ "   -f, --family=FAMILY display sockets of type FAMILY\n"
+-"       FAMILY := {inet|inet6|link|unix|netlink|help}\n"
++"       FAMILY := {inet|inet6|link|unix|netlink|vsock|help}\n"
+ "\n"
+ "   -K, --kill          forcibly close sockets, display what was closed\n"
+ "   -H, --no-header     Suppress header line\n"
+ "\n"
+ "   -A, --query=QUERY, --socket=QUERY\n"
+-"       QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]\n"
++"       QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]\n"
+ "\n"
+ "   -D, --diag=FILE     Dump raw information about TCP sockets to FILE\n"
+ "   -F, --filter=FILE   read filter information from FILE\n"
+@@ -3980,6 +4140,9 @@ static int scan_state(const char *state)
+ 	exit(-1);
+ }
+ 
++/* Values 'v' and 'V' are already used so a non-character is used */
++#define OPT_VSOCK 256
++
+ static const struct option long_opts[] = {
+ 	{ "numeric", 0, 0, 'n' },
+ 	{ "resolve", 0, 0, 'r' },
+@@ -3996,6 +4159,7 @@ static const struct option long_opts[] = {
+ 	{ "udp", 0, 0, 'u' },
+ 	{ "raw", 0, 0, 'w' },
+ 	{ "unix", 0, 0, 'x' },
++	{ "vsock", 0, 0, OPT_VSOCK },
+ 	{ "all", 0, 0, 'a' },
+ 	{ "listening", 0, 0, 'l' },
+ 	{ "ipv4", 0, 0, '4' },
+@@ -4081,6 +4245,9 @@ int main(int argc, char *argv[])
+ 		case 'x':
+ 			filter_af_set(&current_filter, AF_UNIX);
+ 			break;
++		case OPT_VSOCK:
++			filter_af_set(&current_filter, AF_VSOCK);
++			break;
+ 		case 'a':
+ 			state_filter = SS_ALL;
+ 			break;
+@@ -4107,6 +4274,8 @@ int main(int argc, char *argv[])
+ 				filter_af_set(&current_filter, AF_UNIX);
+ 			else if (strcmp(optarg, "netlink") == 0)
+ 				filter_af_set(&current_filter, AF_NETLINK);
++			else if (strcmp(optarg, "vsock") == 0)
++				filter_af_set(&current_filter, AF_VSOCK);
+ 			else if (strcmp(optarg, "help") == 0)
+ 				help();
+ 			else {
+@@ -4172,6 +4341,15 @@ int main(int argc, char *argv[])
+ 					filter_db_set(&current_filter, PACKET_DG_DB);
+ 				} else if (strcmp(p, "netlink") == 0) {
+ 					filter_db_set(&current_filter, NETLINK_DB);
++				} else if (strcmp(p, "vsock") == 0) {
++					filter_db_set(&current_filter, VSOCK_ST_DB);
++					filter_db_set(&current_filter, VSOCK_DG_DB);
++				} else if (strcmp(p, "vsock_stream") == 0 ||
++					   strcmp(p, "v_str") == 0) {
++					filter_db_set(&current_filter, VSOCK_ST_DB);
++				} else if (strcmp(p, "vsock_dgram") == 0 ||
++					   strcmp(p, "v_dgr") == 0) {
++					filter_db_set(&current_filter, VSOCK_DG_DB);
+ 				} else {
+ 					fprintf(stderr, "ss: \"%s\" is illegal socket table id\n", p);
+ 					usage();
+@@ -4387,6 +4565,8 @@ int main(int argc, char *argv[])
+ 		dccp_show(&current_filter);
+ 	if (current_filter.dbs & (1<<SCTP_DB))
+ 		sctp_show(&current_filter);
++	if (current_filter.dbs & VSOCK_DBM)
++		vsock_show(&current_filter);
+ 
+ 	if (show_users || show_proc_ctx || show_sock_ctx)
+ 		user_ent_destroy();
+-- 
+1.8.3.1
+

SOURCES/0040-link_gre6-Detect-invalid-encaplimit-values.patch

@@ -0,0 +1,39 @@
+From 90a1430fca8d5165e1909de9f009aa9f4d6430ef Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 29 Nov 2017 18:36:17 +0100
+Subject: [PATCH] link_gre6: Detect invalid encaplimit values
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459600
+Upstream Status: iproute2.git commit 56708ae7c9535
+
+commit 56708ae7c9535859223c5b68097b35bf0fae677c
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Tue Nov 28 16:49:58 2017 +0100
+
+    link_gre6: Detect invalid encaplimit values
+
+    Looks like a typo: get_u8() returns 0 on success and -1 on error, so the
+    error checking here was ineffective.
+
+    Fixes: a11b7b71a6eba ("link_gre6: really support encaplimit option")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ ip/link_gre6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ip/link_gre6.c b/ip/link_gre6.c
+index 932f9ee..a9d18ee 100644
+--- a/ip/link_gre6.c
++++ b/ip/link_gre6.c
+@@ -351,7 +351,7 @@ get_failed:
+ 			} else {
+ 				__u8 uval;
+ 
+-				if (get_u8(&uval, *argv, 0) < -1)
++				if (get_u8(&uval, *argv, 0))
+ 					invarg("invalid ELIM", *argv);
+ 				encap_limit = uval;
+ 				flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
+-- 
+1.8.3.1
+

SOURCES/0041-man-tc-csum.8-Fix-inconsistency-in-example-descripti.patch

@@ -0,0 +1,42 @@
+From f08752c12351c79145e3a6caf346e3d971370a9c Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 6 Dec 2017 13:21:16 +0100
+Subject: [PATCH] man: tc-csum.8: Fix inconsistency in example description
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417162
+Upstream Status: iproute2.git commit 6bf156415a588
+
+commit 6bf156415a588fa1c975be9a18a1579f63a936a2
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Wed Nov 29 18:34:09 2017 +0100
+
+    man: tc-csum.8: Fix inconsistency in example description
+
+    Commit 6bbe5e6290db5 ("man: tc-csum.8: Fix example") changed both source
+    and destination IP addresses in example code but missed to update the
+    example's description accordingly.
+
+    Fixes: 6bbe5e6290db5 ("man: tc-csum.8: Fix example")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ man/man8/tc-csum.8 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8
+index 409ab71..65724b8 100644
+--- a/man/man8/tc-csum.8
++++ b/man/man8/tc-csum.8
+@@ -53,8 +53,8 @@ SCTP header
+ .B SWEETS
+ These are merely syntactic sugar and ignored internally.
+ .SH EXAMPLES
+-The following performs stateless NAT for incoming packets from 192.168.1.100 to
+-new destination 18.52.86.120 (0x12345678 in hex). Assuming these are UDP
++The following performs stateless NAT for incoming packets from 192.0.2.100 to
++new destination 198.51.100.1. Assuming these are UDP
+ packets, both IP and UDP checksums have to be recalculated:
+ 
+ .RS
+-- 
+1.8.3.1
+

SOURCES/0042-tc-fix-command-tc-actions-del-hang-issue.patch

@@ -0,0 +1,42 @@
+From dbc597c9d1e0e65cc9d989d8057f9a083c2f5779 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 15 Dec 2017 16:13:46 +0100
+Subject: [PATCH] tc: fix command "tc actions del" hang issue
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1526394
+Upstream Status: iproute2.git commit 83cf5bc73b858
+
+commit 83cf5bc73b858608d59c3c6126a9f37e793e15dd
+Author: Chris Mi <chrism@mellanox.com>
+Date:   Thu Dec 14 18:09:00 2017 +0900
+
+    tc: fix command "tc actions del" hang issue
+
+    If command is RTM_DELACTION, a non-NULL pointer is passed to rtnl_talk().
+    Then flag NLM_F_ACK is not set on n->nlmsg_flags and netlink_ack() will
+    not be called. Command tc will wait for the reply for ever.
+
+    Fixes: 86bf43c7c2fd ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
+    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
+    Signed-off-by: Chris Mi <chrism@mellanox.com>
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/m_action.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/m_action.c b/tc/m_action.c
+index 90b2a11..7cfd9e0 100644
+--- a/tc/m_action.c
++++ b/tc/m_action.c
+@@ -507,7 +507,7 @@ static int tc_action_gd(int cmd, unsigned int flags, int *argc_p, char ***argv_p
+ 
+ 	req.n.nlmsg_seq = rth.dump = ++rth.seq;
+ 
+-	if (rtnl_talk(&rth, &req.n, &ans) < 0) {
++	if (rtnl_talk(&rth, &req.n, cmd == RTM_DELACTION ? NULL : &ans) < 0) {
+ 		fprintf(stderr, "We have an error talking to the kernel\n");
+ 		return 1;
+ 	}
+-- 
+1.8.3.1
+

SOURCES/0043-ip-link-Fix-use-after-free-in-nl_get_ll_addr_len.patch

@@ -0,0 +1,43 @@
+From dcafeb49b2538cc7118cb64f62c685980c106b48 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Tue, 6 Mar 2018 11:35:28 +0100
+Subject: [PATCH] ip-link: Fix use after free in nl_get_ll_addr_len()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1550097
+Upstream Status: iproute2.git commit 06867c3719587
+
+commit 06867c371958773e39b4ccac07cfe3e2fff2ea55
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Mar 1 10:35:12 2018 +0100
+
+    ip-link: Fix use after free in nl_get_ll_addr_len()
+
+    Immediately after freeing the buffer returned from rtnl_talk(), it is
+    accessed again via pointer in struct rtattr array. This leads to some
+    builds not allowing to set an interface's MAC address because the
+    expected length value is garbage.
+
+    Fixes: 86bf43c7c2fdc ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ ip/iplink.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ip/iplink.c b/ip/iplink.c
+index 193997c..db5b2c9 100644
+--- a/ip/iplink.c
++++ b/ip/iplink.c
+@@ -268,8 +268,9 @@ static int nl_get_ll_addr_len(unsigned int dev_index)
+ 		return -1;
+ 	}
+ 
++	len = RTA_PAYLOAD(tb[IFLA_ADDRESS]);
+ 	free(answer);
+-	return RTA_PAYLOAD(tb[IFLA_ADDRESS]);
++	return len;
+ }
+ 
+ static void iplink_parse_vf_vlan_info(int vf, int *argcp, char ***argvp,
+-- 
+1.8.3.1
+

SOURCES/avpkt

@@ -0,0 +1 @@
+AVPKT=3000

SOURCES/cbq-0000.example

@@ -0,0 +1,5 @@
+DEVICE=eth0,10Mbit,1Mbit
+RATE=128Kbit
+WEIGHT=10Kbit
+PRIO=5
+RULE=192.168.1.0/24

SOURCES/rt_dsfield.deprecated

@@ -0,0 +1,17 @@
+
+# Deprecated values dropped upstream
+# Kept in RHEL for backwards-compatibility
+0x00   default
+0x10   lowdelay
+0x08   throughput
+0x04   reliability
+# This value overlap with ECT, do not use it!
+0x02   mincost
+# These values seems do not want to die, Cisco likes them by a strange reason.
+0x20   priority
+0x40   immediate
+0x60   flash
+0x80   flash-override
+0xa0   critical
+0xc0   internet
+0xe0   network