From 40fd41dc44cf5714cee257d9d08e23de4825286a Mon Sep 17 00:00:00 2001
From: Francesco Colista <fcolista@alpinelinux.org>
Date: Thu, 3 Oct 2024 09:00:22 +0000
Subject: [PATCH] main/libnftnl: upgrade to 1.2.8
---
main/libnftnl/APKBUILD | 4 +-
...ycle-existing-cache-with-incremental.patch | 65 -------------------
2 files changed, 2 insertions(+), 67 deletions(-)
delete mode 100644 main/nftables/Revert-cache-recycle-existing-cache-with-incremental.patch
diff --git a/main/libnftnl/APKBUILD b/main/libnftnl/APKBUILD
index 6211a4b83bbf..8037bef0b395 100644
--- a/main/libnftnl/APKBUILD
+++ b/main/libnftnl/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=libnftnl
-pkgver=1.2.7
+pkgver=1.2.8
pkgrel=0
pkgdesc="Netfilter library providing interface to the nf_tables subsystem"
url="https://netfilter.org/projects/libnftnl"
@@ -39,5 +39,5 @@ package() {
}
sha512sums="
-24ff3e7e97f51cb5dfda2fbd2f5e175abcec0dd58f94936022800ec356ff004a531f0915df72278b867769ba71473d407b01d52cc33a3cafb043d9a90b051f9d libnftnl-1.2.7.tar.xz
+c57030f34c50b09ae2fbf8dac5d9cf431eaaa5a5a08098e3e4c146a8bd4ae9b7753f5d2de5f2d0a6c15e5ba0c39f51275c9d8b03bdedeaadbafa6c96f9a972b6 libnftnl-1.2.8.tar.xz
"
diff --git a/main/nftables/Revert-cache-recycle-existing-cache-with-incremental.patch b/main/nftables/Revert-cache-recycle-existing-cache-with-incremental.patch
deleted file mode 100644
index 087fc9dd1e3f..000000000000
--- a/main/nftables/Revert-cache-recycle-existing-cache-with-incremental.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 93560d0117639c8685fc287128ab06dec9950fbd Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Wed, 24 Jul 2024 09:38:33 +0200
-Subject: Revert "cache: recycle existing cache with incremental updates"
-
-This reverts commit e791dbe109b6dd891a63a4236df5dc29d7a4b863.
-
-Eric Garver reported two issues:
-
-- index with rule breaks, because NFT_CACHE_REFRESH is missing.
-- simple set updates.
-
-Moreover, the current process could populate the cache with objects for
-listing commands (no generation ID is bumped), while another process
-could update the ruleset. Leading to a inconsistent cache due to the
-genid + 1 check.
-
-This optimization needs more work and more tests for -i/--interactive,
-revert it.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- src/cache.c | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/src/cache.c b/src/cache.c
-index 4b797ec7..e88cbae2 100644
---- a/src/cache.c
-+++ b/src/cache.c
-@@ -1184,21 +1184,9 @@ static bool nft_cache_needs_refresh(struct nft_cache *cache, unsigned int flags)
- (flags & NFT_CACHE_REFRESH);
- }
-
--static bool nft_cache_is_updated(struct nft_cache *cache, unsigned int flags,
-- uint16_t genid)
-+static bool nft_cache_is_updated(struct nft_cache *cache, uint16_t genid)
- {
-- if (!genid)
-- return false;
--
-- if (genid == cache->genid)
-- return true;
--
-- if (genid == cache->genid + 1) {
-- cache->genid++;
-- return true;
-- }
--
-- return false;
-+ return genid && genid == cache->genid;
- }
-
- bool nft_cache_needs_update(struct nft_cache *cache)
-@@ -1223,7 +1211,7 @@ replay:
- genid = mnl_genid_get(&ctx);
- if (!nft_cache_needs_refresh(cache, flags) &&
- nft_cache_is_complete(cache, flags) &&
-- nft_cache_is_updated(cache, flags, genid))
-+ nft_cache_is_updated(cache, genid))
- return 0;
-
- if (cache->genid)
---
-cgit v1.2.3
-
--
GitLab