conntrack-tools: update to 1.4.7

Release Notes:
https://marc.info/?l=netfilter&m=166506855929074&w=2

Remove upstreamed:
- 001-endianness_fix.patch (upstreamed: conntrackd: fix endianness bug
  in IPv4 and IPv6 address)
- 002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>

net/conntrack-tools/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=conntrack-tools
-PKG_VERSION:=1.4.6
-PKG_RELEASE:=3
+PKG_VERSION:=1.4.7
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.netfilter.org/projects/conntrack-tools/files
-PKG_HASH:=590859cc848245dbfd9c6487761dd303b3a1771e007f4f42213063ca56205d5f
+PKG_HASH:=099debcf57e81690ced57f516b493588a73518f48c14d656f823b29b4fc24b5d
 
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0-or-later

net/conntrack-tools/patches/001-endianness_fix.patch

@@ -1,101 +0,0 @@
---- a/src/build.c
-+++ b/src/build.c
-@@ -66,7 +66,14 @@ ct_build_u32(const struct nf_conntrack *
- }
- 
- static inline void
--ct_build_u128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
-+ct_build_be32(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
-+{
-+	uint32_t data = nfct_get_attr_u32(ct, a);
-+	addattr(n, b, &data, sizeof(uint32_t));
-+}
-+
-+static inline void
-+ct_build_be128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
- {
- 	const char *data = nfct_get_attr(ct, a);
- 	addattr(n, b, data, sizeof(uint32_t) * 4);
-@@ -279,18 +286,18 @@ void ct2msg(const struct nf_conntrack *c
- 	switch (nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO)) {
- 	case AF_INET:
- 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
--			ct_build_u32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
-+			ct_build_be32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
- 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
--			ct_build_u32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
-+			ct_build_be32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
- 		break;
- 	case AF_INET6:
- 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
--			ct_build_u128(ct, ATTR_REPL_IPV6_DST, n,
--				      NTA_SNAT_IPV6);
-+			ct_build_be128(ct, ATTR_REPL_IPV6_DST, n,
-+				       NTA_SNAT_IPV6);
- 		}
- 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
--			ct_build_u128(ct, ATTR_REPL_IPV6_SRC, n,
--				      NTA_DNAT_IPV6);
-+			ct_build_be128(ct, ATTR_REPL_IPV6_SRC, n,
-+				       NTA_DNAT_IPV6);
- 		}
- 		break;
- 	default:
---- a/src/parse.c
-+++ b/src/parse.c
-@@ -29,7 +29,8 @@
- static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data);
--static void ct_parse_u128(struct nf_conntrack *ct, int attr, void *data);
-+static void ct_parse_be32(struct nf_conntrack *ct, int attr, void *data);
-+static void ct_parse_be128(struct nf_conntrack *ct, int attr, void *data);
- static void ct_parse_str(struct nf_conntrack *ct,
- 			 const struct netattr *, void *data);
- static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data);
-@@ -108,12 +109,12 @@ static struct ct_parser h[NTA_MAX] = {
- 		.size	= NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
- 	},
- 	[NTA_SNAT_IPV4]	= {
--		.parse	= ct_parse_u32,
-+		.parse	= ct_parse_be32,
- 		.attr	= ATTR_SNAT_IPV4,
- 		.size	= NTA_SIZE(sizeof(uint32_t)),
- 	},
- 	[NTA_DNAT_IPV4] = {
--		.parse	= ct_parse_u32,
-+		.parse	= ct_parse_be32,
- 		.attr	= ATTR_DNAT_IPV4,
- 		.size	= NTA_SIZE(sizeof(uint32_t)),
- 	},
-@@ -192,12 +193,12 @@ static struct ct_parser h[NTA_MAX] = {
- 		.max_size = NTA_SIZE(NTA_LABELS_MAX_SIZE),
- 	},
- 	[NTA_SNAT_IPV6]	= {
--		.parse	= ct_parse_u128,
-+		.parse	= ct_parse_be128,
- 		.attr	= ATTR_SNAT_IPV6,
- 		.size	= NTA_SIZE(sizeof(uint32_t) * 4),
- 	},
- 	[NTA_DNAT_IPV6] = {
--		.parse	= ct_parse_u128,
-+		.parse	= ct_parse_be128,
- 		.attr	= ATTR_DNAT_IPV6,
- 		.size	= NTA_SIZE(sizeof(uint32_t) * 4),
- 	},
-@@ -229,7 +230,14 @@ ct_parse_u32(struct nf_conntrack *ct, in
- }
- 
- static void
--ct_parse_u128(struct nf_conntrack *ct, int attr, void *data)
-+ct_parse_be32(struct nf_conntrack *ct, int attr, void *data)
-+{
-+	uint32_t *value = (uint32_t *) data;
-+	nfct_set_attr_u32(ct, h[attr].attr, *value);
-+}
-+
-+static void
-+ct_parse_be128(struct nf_conntrack *ct, int attr, void *data)
- {
- 	nfct_set_attr(ct, h[attr].attr, data);
- }

net/conntrack-tools/patches/002-conntrackd-do-not-include-conntrack-ID-in-hashtable-cmp.patch

@@ -1,40 +0,0 @@
-From ed875ee2dc98fe8fd7f5d171ec33a96606682495 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Mon, 8 Nov 2021 12:26:55 +0100
-Subject: conntrackd: do not include conntrack ID in hashtable cmp
-
-Depending on your conntrackd configuration, events might get lost,
-leaving stuck entries in the cache forever. Skip checking the conntrack
-ID to allow for lazy cleanup by when a new entry that is represented by
-the same tuple is added.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- src/cache-ct.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/src/cache-ct.c
-+++ b/src/cache-ct.c
-@@ -88,21 +88,12 @@ cache_ct_hash(const void *data, const st
- 	return ret;
- }
- 
--/* master conntrack of expectations have no ID */
--static inline int
--cache_ct_cmp_id(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2)
--{
--	return nfct_attr_is_set(ct2, ATTR_ID) ?
--	       nfct_get_attr_u32(ct1, ATTR_ID) == nfct_get_attr_u32(ct2, ATTR_ID) : 1;
--}
--
- static int cache_ct_cmp(const void *data1, const void *data2)
- {
- 	const struct cache_object *obj = data1;
- 	const struct nf_conntrack *ct = data2;
- 
--	return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG) &&
--	       cache_ct_cmp_id(obj->ptr, ct);
-+	return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG);
- }
- 
- static void *cache_ct_alloc(void)