$ git diff --patch-with-stat --summary 6d99c9007d6b85bf338a982ae4d9c0742e18165f..28f8642a617453a1e545d35baa75d373be089239
.abf.yml | 2 +-
...lowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch | 38 ++
...ng-local-function-as-one-of-printf-family.patch | 625 ++++++++++++++++++
...ix-memleak-in-error-path-of-nftnl_flowtab.patch | 30 +
...emleak-in-error-path-of-nftnl_chain_parse.patch | 30 +
0004-flowtable-Correctly-check-realloc-call.patch | 52 ++
0005-chain-Correctly-check-realloc-call.patch | 52 ++
libnftnl-1.0.7-clang.patch | 735 ---------------------
libnftnl.spec | 22 +-
9 files changed, 844 insertions(+), 742 deletions(-)
create mode 100644 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
create mode 100644 0002-avoid-naming-local-function-as-one-of-printf-family.patch
create mode 100644 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
create mode 100644 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
create mode 100644 0004-flowtable-Correctly-check-realloc-call.patch
create mode 100644 0005-chain-Correctly-check-realloc-call.patch
delete mode 100644 libnftnl-1.0.7-clang.patch
diff --git a/.abf.yml b/.abf.yml
index fd637e1..b0f91c9 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,2 @@
sources:
- libnftnl-1.1.3.tar.bz2: d000e7d07b36fae73ddc3a1aa09e6d7918924eab
+ libnftnl-1.1.5.tar.bz2: a923bae5b028a30c5c8aa4c0f71445885867274b
diff --git a/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch b/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
new file mode 100644
index 0000000..a3b4126
--- /dev/null
+++ b/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
@@ -0,0 +1,38 @@
+From b2388765e0c4405442faa13845419f6a35d0134c Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Mon, 2 Dec 2019 18:29:56 +0100
+Subject: [libnftnl PATCH] tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE
+
+Marshalling code around that attribute has been dropped by commit
+d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is
+lost during the test.
+
+Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a
+later point, leave the test code in place but just comment it out.
+
+Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ tests/nft-flowtable-test.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c
+index 3edb00ddf3196..8ab8d4c5347a4 100644
+--- a/tests/nft-flowtable-test.c
++++ b/tests/nft-flowtable-test.c
+@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE))
+ print_err("Flowtable use mismatches");
++#if 0
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE))
+ print_err("Flowtable size mismatches");
++#endif
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS))
+ print_err("Flowtable flags mismatches");
+--
+2.24.0
+
diff --git a/0002-avoid-naming-local-function-as-one-of-printf-family.patch b/0002-avoid-naming-local-function-as-one-of-printf-family.patch
new file mode 100644
index 0000000..358bd7a
--- /dev/null
+++ b/0002-avoid-naming-local-function-as-one-of-printf-family.patch
@@ -0,0 +1,625 @@
+From 9e2c810ebc3c917ea7483205178416e9eaf952fe Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Wed, 7 Nov 2018 19:41:54 +0000
+Subject: [PATCH] avoid naming local function as one of printf family
+
+Fixes build issues with clang
+error: no member named '__builtin___snprintf_chk' in 'struct expr_ops'
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ include/expr_ops.h | 2 +-
+ include/obj.h | 2 +-
+ src/expr.c | 4 ++--
+ src/expr/bitwise.c | 2 +-
+ src/expr/byteorder.c | 2 +-
+ src/expr/cmp.c | 2 +-
+ src/expr/connlimit.c | 2 +-
+ src/expr/counter.c | 2 +-
+ src/expr/ct.c | 2 +-
+ src/expr/dup.c | 2 +-
+ src/expr/dynset.c | 2 +-
+ src/expr/exthdr.c | 2 +-
+ src/expr/fib.c | 2 +-
+ src/expr/flow_offload.c | 2 +-
+ src/expr/fwd.c | 2 +-
+ src/expr/hash.c | 2 +-
+ src/expr/immediate.c | 2 +-
+ src/expr/limit.c | 2 +-
+ src/expr/log.c | 2 +-
+ src/expr/lookup.c | 2 +-
+ src/expr/masq.c | 2 +-
+ src/expr/match.c | 2 +-
+ src/expr/meta.c | 2 +-
+ src/expr/nat.c | 2 +-
+ src/expr/numgen.c | 2 +-
+ src/expr/objref.c | 2 +-
+ src/expr/osf.c | 2 +-
+ src/expr/payload.c | 2 +-
+ src/expr/queue.c | 2 +-
+ src/expr/quota.c | 2 +-
+ src/expr/range.c | 2 +-
+ src/expr/redir.c | 2 +-
+ src/expr/reject.c | 2 +-
+ src/expr/rt.c | 2 +-
+ src/expr/socket.c | 2 +-
+ src/expr/target.c | 2 +-
+ src/expr/tproxy.c | 2 +-
+ src/expr/tunnel.c | 2 +-
+ src/expr/xfrm.c | 2 +-
+ src/obj/counter.c | 2 +-
+ src/obj/ct_helper.c | 2 +-
+ src/obj/ct_timeout.c | 2 +-
+ src/obj/limit.c | 2 +-
+ src/obj/quota.c | 2 +-
+ src/obj/secmark.c | 2 +-
+ src/obj/tunnel.c | 2 +-
+ src/object.c | 2 +-
+ 47 files changed, 48 insertions(+), 48 deletions(-)
+
+diff --git a/include/expr_ops.h b/include/expr_ops.h
+index a7f1b9a..d2946de 100644
+--- a/include/expr_ops.h
++++ b/include/expr_ops.h
+@@ -17,7 +17,7 @@ struct expr_ops {
+ const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len);
+ int (*parse)(struct nftnl_expr *e, struct nlattr *attr);
+ void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e);
+- int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e);
++ int (*snprintf_)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e);
+ };
+
+ struct expr_ops *nftnl_expr_ops_lookup(const char *name);
+diff --git a/include/obj.h b/include/obj.h
+index 35b5c40..decd1ce 100644
+--- a/include/obj.h
++++ b/include/obj.h
+@@ -92,7 +92,7 @@ struct obj_ops {
+ const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len);
+ int (*parse)(struct nftnl_obj *e, struct nlattr *attr);
+ void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e);
+- int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e);
++ int (*snprintf_)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e);
+ };
+
+ extern struct obj_ops obj_ops_counter;
+diff --git a/src/expr.c b/src/expr.c
+index 80c4c36..b698a60 100644
+--- a/src/expr.c
++++ b/src/expr.c
+@@ -275,10 +275,10 @@ int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr,
+ if (size)
+ buf[0] = '\0';
+
+- if (!expr->ops->snprintf)
++ if (!expr->ops->snprintf_)
+ return 0;
+
+- ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr);
++ ret = expr->ops->snprintf_(buf + offset, remain, type, flags, expr);
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+
+ return offset;
+diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
+index c9d40df..27d644b 100644
+--- a/src/expr/bitwise.c
++++ b/src/expr/bitwise.c
+@@ -219,5 +219,5 @@ struct expr_ops expr_ops_bitwise = {
+ .get = nftnl_expr_bitwise_get,
+ .parse = nftnl_expr_bitwise_parse,
+ .build = nftnl_expr_bitwise_build,
+- .snprintf = nftnl_expr_bitwise_snprintf,
++ .snprintf_ = nftnl_expr_bitwise_snprintf,
+ };
+diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
+index efdfa2b..7ae9dfb 100644
+--- a/src/expr/byteorder.c
++++ b/src/expr/byteorder.c
+@@ -234,5 +234,5 @@ struct expr_ops expr_ops_byteorder = {
+ .get = nftnl_expr_byteorder_get,
+ .parse = nftnl_expr_byteorder_parse,
+ .build = nftnl_expr_byteorder_build,
+- .snprintf = nftnl_expr_byteorder_snprintf,
++ .snprintf_ = nftnl_expr_byteorder_snprintf,
+ };
+diff --git a/src/expr/cmp.c b/src/expr/cmp.c
+index 86d7842..e3be442 100644
+--- a/src/expr/cmp.c
++++ b/src/expr/cmp.c
+@@ -216,5 +216,5 @@ struct expr_ops expr_ops_cmp = {
+ .get = nftnl_expr_cmp_get,
+ .parse = nftnl_expr_cmp_parse,
+ .build = nftnl_expr_cmp_build,
+- .snprintf = nftnl_expr_cmp_snprintf,
++ .snprintf_ = nftnl_expr_cmp_snprintf,
+ };
+diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c
+index 53af93b..6c8bc40 100644
+--- a/src/expr/connlimit.c
++++ b/src/expr/connlimit.c
+@@ -149,5 +149,5 @@ struct expr_ops expr_ops_connlimit = {
+ .get = nftnl_expr_connlimit_get,
+ .parse = nftnl_expr_connlimit_parse,
+ .build = nftnl_expr_connlimit_build,
+- .snprintf = nftnl_expr_connlimit_snprintf,
++ .snprintf_ = nftnl_expr_connlimit_snprintf,
+ };
+diff --git a/src/expr/counter.c b/src/expr/counter.c
+index 89a602e..a32a69e 100644
+--- a/src/expr/counter.c
++++ b/src/expr/counter.c
+@@ -147,5 +147,5 @@ struct expr_ops expr_ops_counter = {
+ .get = nftnl_expr_counter_get,
+ .parse = nftnl_expr_counter_parse,
+ .build = nftnl_expr_counter_build,
+- .snprintf = nftnl_expr_counter_snprintf,
++ .snprintf_ = nftnl_expr_counter_snprintf,
+ };
+diff --git a/src/expr/ct.c b/src/expr/ct.c
+index b9ca2dc..6fbed1d 100644
+--- a/src/expr/ct.c
++++ b/src/expr/ct.c
+@@ -272,5 +272,5 @@ struct expr_ops expr_ops_ct = {
+ .get = nftnl_expr_ct_get,
+ .parse = nftnl_expr_ct_parse,
+ .build = nftnl_expr_ct_build,
+- .snprintf = nftnl_expr_ct_snprintf,
++ .snprintf_ = nftnl_expr_ct_snprintf,
+ };
+diff --git a/src/expr/dup.c b/src/expr/dup.c
+index 2bb35e5..d9bd4b1 100644
+--- a/src/expr/dup.c
++++ b/src/expr/dup.c
+@@ -154,5 +154,5 @@ struct expr_ops expr_ops_dup = {
+ .get = nftnl_expr_dup_get,
+ .parse = nftnl_expr_dup_parse,
+ .build = nftnl_expr_dup_build,
+- .snprintf = nftnl_expr_dup_snprintf,
++ .snprintf_ = nftnl_expr_dup_snprintf,
+ };
+diff --git a/src/expr/dynset.c b/src/expr/dynset.c
+index 68115ba..6e43bb4 100644
+--- a/src/expr/dynset.c
++++ b/src/expr/dynset.c
+@@ -288,5 +288,5 @@ struct expr_ops expr_ops_dynset = {
+ .get = nftnl_expr_dynset_get,
+ .parse = nftnl_expr_dynset_parse,
+ .build = nftnl_expr_dynset_build,
+- .snprintf = nftnl_expr_dynset_snprintf,
++ .snprintf_ = nftnl_expr_dynset_snprintf,
+ };
+diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
+index bef453e..f2696d6 100644
+--- a/src/expr/exthdr.c
++++ b/src/expr/exthdr.c
+@@ -271,5 +271,5 @@ struct expr_ops expr_ops_exthdr = {
+ .get = nftnl_expr_exthdr_get,
+ .parse = nftnl_expr_exthdr_parse,
+ .build = nftnl_expr_exthdr_build,
+- .snprintf = nftnl_expr_exthdr_snprintf,
++ .snprintf_ = nftnl_expr_exthdr_snprintf,
+ };
+diff --git a/src/expr/fib.c b/src/expr/fib.c
+index 9475af4..8e7090d 100644
+--- a/src/expr/fib.c
++++ b/src/expr/fib.c
+@@ -213,5 +213,5 @@ struct expr_ops expr_ops_fib = {
+ .get = nftnl_expr_fib_get,
+ .parse = nftnl_expr_fib_parse,
+ .build = nftnl_expr_fib_build,
+- .snprintf = nftnl_expr_fib_snprintf,
++ .snprintf_ = nftnl_expr_fib_snprintf,
+ };
+diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c
+index 6ccec9a..c2f2478 100644
+--- a/src/expr/flow_offload.c
++++ b/src/expr/flow_offload.c
+@@ -134,5 +134,5 @@ struct expr_ops expr_ops_flow = {
+ .get = nftnl_expr_flow_get,
+ .parse = nftnl_expr_flow_parse,
+ .build = nftnl_expr_flow_build,
+- .snprintf = nftnl_expr_flow_snprintf,
++ .snprintf_ = nftnl_expr_flow_snprintf,
+ };
+diff --git a/src/expr/fwd.c b/src/expr/fwd.c
+index cff8235..bcd7d3f 100644
+--- a/src/expr/fwd.c
++++ b/src/expr/fwd.c
+@@ -174,5 +174,5 @@ struct expr_ops expr_ops_fwd = {
+ .get = nftnl_expr_fwd_get,
+ .parse = nftnl_expr_fwd_parse,
+ .build = nftnl_expr_fwd_build,
+- .snprintf = nftnl_expr_fwd_snprintf,
++ .snprintf_ = nftnl_expr_fwd_snprintf,
+ };
+diff --git a/src/expr/hash.c b/src/expr/hash.c
+index 2c801d2..a9f6e7e 100644
+--- a/src/expr/hash.c
++++ b/src/expr/hash.c
+@@ -241,5 +241,5 @@ struct expr_ops expr_ops_hash = {
+ .get = nftnl_expr_hash_get,
+ .parse = nftnl_expr_hash_parse,
+ .build = nftnl_expr_hash_build,
+- .snprintf = nftnl_expr_hash_snprintf,
++ .snprintf_ = nftnl_expr_hash_snprintf,
+ };
+diff --git a/src/expr/immediate.c b/src/expr/immediate.c
+index 47106ae..ea86c88 100644
+--- a/src/expr/immediate.c
++++ b/src/expr/immediate.c
+@@ -235,5 +235,5 @@ struct expr_ops expr_ops_immediate = {
+ .get = nftnl_expr_immediate_get,
+ .parse = nftnl_expr_immediate_parse,
+ .build = nftnl_expr_immediate_build,
+- .snprintf = nftnl_expr_immediate_snprintf,
++ .snprintf_ = nftnl_expr_immediate_snprintf,
+ };
+diff --git a/src/expr/limit.c b/src/expr/limit.c
+index 5872e27..0ce482f 100644
+--- a/src/expr/limit.c
++++ b/src/expr/limit.c
+@@ -216,5 +216,5 @@ struct expr_ops expr_ops_limit = {
+ .get = nftnl_expr_limit_get,
+ .parse = nftnl_expr_limit_parse,
+ .build = nftnl_expr_limit_build,
+- .snprintf = nftnl_expr_limit_snprintf,
++ .snprintf_ = nftnl_expr_limit_snprintf,
+ };
+diff --git a/src/expr/log.c b/src/expr/log.c
+index bbe43d2..5506bc2 100644
+--- a/src/expr/log.c
++++ b/src/expr/log.c
+@@ -267,5 +267,5 @@ struct expr_ops expr_ops_log = {
+ .get = nftnl_expr_log_get,
+ .parse = nftnl_expr_log_parse,
+ .build = nftnl_expr_log_build,
+- .snprintf = nftnl_expr_log_snprintf,
++ .snprintf_ = nftnl_expr_log_snprintf,
+ };
+diff --git a/src/expr/lookup.c b/src/expr/lookup.c
+index a495ac0..678868c 100644
+--- a/src/expr/lookup.c
++++ b/src/expr/lookup.c
+@@ -221,5 +221,5 @@ struct expr_ops expr_ops_lookup = {
+ .get = nftnl_expr_lookup_get,
+ .parse = nftnl_expr_lookup_parse,
+ .build = nftnl_expr_lookup_build,
+- .snprintf = nftnl_expr_lookup_snprintf,
++ .snprintf_ = nftnl_expr_lookup_snprintf,
+ };
+diff --git a/src/expr/masq.c b/src/expr/masq.c
+index f6f3ceb..88292a6 100644
+--- a/src/expr/masq.c
++++ b/src/expr/masq.c
+@@ -169,5 +169,5 @@ struct expr_ops expr_ops_masq = {
+ .get = nftnl_expr_masq_get,
+ .parse = nftnl_expr_masq_parse,
+ .build = nftnl_expr_masq_build,
+- .snprintf = nftnl_expr_masq_snprintf,
++ .snprintf_ = nftnl_expr_masq_snprintf,
+ };
+diff --git a/src/expr/match.c b/src/expr/match.c
+index 4fa74b2..249c6b5 100644
+--- a/src/expr/match.c
++++ b/src/expr/match.c
+@@ -198,5 +198,5 @@ struct expr_ops expr_ops_match = {
+ .get = nftnl_expr_match_get,
+ .parse = nftnl_expr_match_parse,
+ .build = nftnl_expr_match_build,
+- .snprintf = nftnl_expr_match_snprintf,
++ .snprintf_ = nftnl_expr_match_snprintf,
+ };
+diff --git a/src/expr/meta.c b/src/expr/meta.c
+index ffcc896..5eaeb68 100644
+--- a/src/expr/meta.c
++++ b/src/expr/meta.c
+@@ -222,5 +222,5 @@ struct expr_ops expr_ops_meta = {
+ .get = nftnl_expr_meta_get,
+ .parse = nftnl_expr_meta_parse,
+ .build = nftnl_expr_meta_build,
+- .snprintf = nftnl_expr_meta_snprintf,
++ .snprintf_ = nftnl_expr_meta_snprintf,
+ };
+diff --git a/src/expr/nat.c b/src/expr/nat.c
+index 6b7d50e..be4a579 100644
+--- a/src/expr/nat.c
++++ b/src/expr/nat.c
+@@ -279,5 +279,5 @@ struct expr_ops expr_ops_nat = {
+ .get = nftnl_expr_nat_get,
+ .parse = nftnl_expr_nat_parse,
+ .build = nftnl_expr_nat_build,
+- .snprintf = nftnl_expr_nat_snprintf,
++ .snprintf_ = nftnl_expr_nat_snprintf,
+ };
+diff --git a/src/expr/numgen.c b/src/expr/numgen.c
+index 4e0d541..5995ee3 100644
+--- a/src/expr/numgen.c
++++ b/src/expr/numgen.c
+@@ -195,5 +195,5 @@ struct expr_ops expr_ops_ng = {
+ .get = nftnl_expr_ng_get,
+ .parse = nftnl_expr_ng_parse,
+ .build = nftnl_expr_ng_build,
+- .snprintf = nftnl_expr_ng_snprintf,
++ .snprintf_ = nftnl_expr_ng_snprintf,
+ };
+diff --git a/src/expr/objref.c b/src/expr/objref.c
+index 7388b18..e673ffd 100644
+--- a/src/expr/objref.c
++++ b/src/expr/objref.c
+@@ -210,5 +210,5 @@ struct expr_ops expr_ops_objref = {
+ .get = nftnl_expr_objref_get,
+ .parse = nftnl_expr_objref_parse,
+ .build = nftnl_expr_objref_build,
+- .snprintf = nftnl_expr_objref_snprintf,
++ .snprintf_ = nftnl_expr_objref_snprintf,
+ };
+diff --git a/src/expr/osf.c b/src/expr/osf.c
+index 98d0df9..618b46e 100644
+--- a/src/expr/osf.c
++++ b/src/expr/osf.c
+@@ -161,5 +161,5 @@ struct expr_ops expr_ops_osf = {
+ .get = nftnl_expr_osf_get,
+ .parse = nftnl_expr_osf_parse,
+ .build = nftnl_expr_osf_build,
+- .snprintf = nftnl_expr_osf_snprintf,
++ .snprintf_ = nftnl_expr_osf_snprintf,
+ };
+diff --git a/src/expr/payload.c b/src/expr/payload.c
+index 2192dad..37aacc4 100644
+--- a/src/expr/payload.c
++++ b/src/expr/payload.c
+@@ -266,5 +266,5 @@ struct expr_ops expr_ops_payload = {
+ .get = nftnl_expr_payload_get,
+ .parse = nftnl_expr_payload_parse,
+ .build = nftnl_expr_payload_build,
+- .snprintf = nftnl_expr_payload_snprintf,
++ .snprintf_ = nftnl_expr_payload_snprintf,
+ };
+diff --git a/src/expr/queue.c b/src/expr/queue.c
+index 051ef71..b06feff 100644
+--- a/src/expr/queue.c
++++ b/src/expr/queue.c
+@@ -207,5 +207,5 @@ struct expr_ops expr_ops_queue = {
+ .get = nftnl_expr_queue_get,
+ .parse = nftnl_expr_queue_parse,
+ .build = nftnl_expr_queue_build,
+- .snprintf = nftnl_expr_queue_snprintf,
++ .snprintf_ = nftnl_expr_queue_snprintf,
+ };
+diff --git a/src/expr/quota.c b/src/expr/quota.c
+index 39a92e6..41797be 100644
+--- a/src/expr/quota.c
++++ b/src/expr/quota.c
+@@ -161,5 +161,5 @@ struct expr_ops expr_ops_quota = {
+ .get = nftnl_expr_quota_get,
+ .parse = nftnl_expr_quota_parse,
+ .build = nftnl_expr_quota_build,
+- .snprintf = nftnl_expr_quota_snprintf,
++ .snprintf_ = nftnl_expr_quota_snprintf,
+ };
+diff --git a/src/expr/range.c b/src/expr/range.c
+index d1d5083..b619cdf 100644
+--- a/src/expr/range.c
++++ b/src/expr/range.c
+@@ -227,5 +227,5 @@ struct expr_ops expr_ops_range = {
+ .get = nftnl_expr_range_get,
+ .parse = nftnl_expr_range_parse,
+ .build = nftnl_expr_range_build,
+- .snprintf = nftnl_expr_range_snprintf,
++ .snprintf_ = nftnl_expr_range_snprintf,
+ };
+diff --git a/src/expr/redir.c b/src/expr/redir.c
+index 477659a..5c4ebeb 100644
+--- a/src/expr/redir.c
++++ b/src/expr/redir.c
+@@ -181,5 +181,5 @@ struct expr_ops expr_ops_redir = {
+ .get = nftnl_expr_redir_get,
+ .parse = nftnl_expr_redir_parse,
+ .build = nftnl_expr_redir_build,
+- .snprintf = nftnl_expr_redir_snprintf,
++ .snprintf_ = nftnl_expr_redir_snprintf,
+ };
+diff --git a/src/expr/reject.c b/src/expr/reject.c
+index 141942e..a98990d 100644
+--- a/src/expr/reject.c
++++ b/src/expr/reject.c
+@@ -148,5 +148,5 @@ struct expr_ops expr_ops_reject = {
+ .get = nftnl_expr_reject_get,
+ .parse = nftnl_expr_reject_parse,
+ .build = nftnl_expr_reject_build,
+- .snprintf = nftnl_expr_reject_snprintf,
++ .snprintf_ = nftnl_expr_reject_snprintf,
+ };
+diff --git a/src/expr/rt.c b/src/expr/rt.c
+index 0fce72d..32ace19 100644
+--- a/src/expr/rt.c
++++ b/src/expr/rt.c
+@@ -177,5 +177,5 @@ struct expr_ops expr_ops_rt = {
+ .get = nftnl_expr_rt_get,
+ .parse = nftnl_expr_rt_parse,
+ .build = nftnl_expr_rt_build,
+- .snprintf = nftnl_expr_rt_snprintf,
++ .snprintf_ = nftnl_expr_rt_snprintf,
+ };
+diff --git a/src/expr/socket.c b/src/expr/socket.c
+index 96550d5..2394dbf 100644
+--- a/src/expr/socket.c
++++ b/src/expr/socket.c
+@@ -174,5 +174,5 @@ struct expr_ops expr_ops_socket = {
+ .get = nftnl_expr_socket_get,
+ .parse = nftnl_expr_socket_parse,
+ .build = nftnl_expr_socket_build,
+- .snprintf = nftnl_expr_socket_snprintf,
++ .snprintf_ = nftnl_expr_socket_snprintf,
+ };
+diff --git a/src/expr/target.c b/src/expr/target.c
+index 9100038..7180085 100644
+--- a/src/expr/target.c
++++ b/src/expr/target.c
+@@ -198,5 +198,5 @@ struct expr_ops expr_ops_target = {
+ .get = nftnl_expr_target_get,
+ .parse = nftnl_expr_target_parse,
+ .build = nftnl_expr_target_build,
+- .snprintf = nftnl_expr_target_snprintf,
++ .snprintf_ = nftnl_expr_target_snprintf,
+ };
+diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c
+index 3827b75..feabbbe 100644
+--- a/src/expr/tproxy.c
++++ b/src/expr/tproxy.c
+@@ -183,5 +183,5 @@ struct expr_ops expr_ops_tproxy = {
+ .get = nftnl_expr_tproxy_get,
+ .parse = nftnl_expr_tproxy_parse,
+ .build = nftnl_expr_tproxy_build,
+- .snprintf = nftnl_expr_tproxy_snprintf,
++ .snprintf_ = nftnl_expr_tproxy_snprintf,
+ };
+diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c
+index b2b8d72..1ed46d3 100644
+--- a/src/expr/tunnel.c
++++ b/src/expr/tunnel.c
+@@ -173,5 +173,5 @@ struct expr_ops expr_ops_tunnel = {
+ .get = nftnl_expr_tunnel_get,
+ .parse = nftnl_expr_tunnel_parse,
+ .build = nftnl_expr_tunnel_build,
+- .snprintf = nftnl_expr_tunnel_snprintf,
++ .snprintf_ = nftnl_expr_tunnel_snprintf,
+ };
+diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c
+index 8fe5438..b6b2772 100644
+--- a/src/expr/xfrm.c
++++ b/src/expr/xfrm.c
+@@ -239,5 +239,5 @@ struct expr_ops expr_ops_xfrm = {
+ .get = nftnl_expr_xfrm_get,
+ .parse = nftnl_expr_xfrm_parse,
+ .build = nftnl_expr_xfrm_build,
+- .snprintf = nftnl_expr_xfrm_snprintf,
++ .snprintf_ = nftnl_expr_xfrm_snprintf,
+ };
+diff --git a/src/obj/counter.c b/src/obj/counter.c
+index 1baba4e..3710bce 100644
+--- a/src/obj/counter.c
++++ b/src/obj/counter.c
+@@ -145,5 +145,5 @@ struct obj_ops obj_ops_counter = {
+ .get = nftnl_obj_counter_get,
+ .parse = nftnl_obj_counter_parse,
+ .build = nftnl_obj_counter_build,
+- .snprintf = nftnl_obj_counter_snprintf,
++ .snprintf_ = nftnl_obj_counter_snprintf,
+ };
+diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c
+index d91f636..2037461 100644
+--- a/src/obj/ct_helper.c
++++ b/src/obj/ct_helper.c
+@@ -166,5 +166,5 @@ struct obj_ops obj_ops_ct_helper = {
+ .get = nftnl_obj_ct_helper_get,
+ .parse = nftnl_obj_ct_helper_parse,
+ .build = nftnl_obj_ct_helper_build,
+- .snprintf = nftnl_obj_ct_helper_snprintf,
++ .snprintf_ = nftnl_obj_ct_helper_snprintf,
+ };
+diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
+index e2e9991..a4f2dd2 100644
+--- a/src/obj/ct_timeout.c
++++ b/src/obj/ct_timeout.c
+@@ -330,5 +330,5 @@ struct obj_ops obj_ops_ct_timeout = {
+ .get = nftnl_obj_ct_timeout_get,
+ .parse = nftnl_obj_ct_timeout_parse,
+ .build = nftnl_obj_ct_timeout_build,
+- .snprintf = nftnl_obj_ct_timeout_snprintf,
++ .snprintf_ = nftnl_obj_ct_timeout_snprintf,
+ };
+diff --git a/src/obj/limit.c b/src/obj/limit.c
+index 60b0159..538f37a 100644
+--- a/src/obj/limit.c
++++ b/src/obj/limit.c
+@@ -185,5 +185,5 @@ struct obj_ops obj_ops_limit = {
+ .get = nftnl_obj_limit_get,
+ .parse = nftnl_obj_limit_parse,
+ .build = nftnl_obj_limit_build,
+- .snprintf = nftnl_obj_limit_snprintf,
++ .snprintf_ = nftnl_obj_limit_snprintf,
+ };
+diff --git a/src/obj/quota.c b/src/obj/quota.c
+index 1914037..585a088 100644
+--- a/src/obj/quota.c
++++ b/src/obj/quota.c
+@@ -161,5 +161,5 @@ struct obj_ops obj_ops_quota = {
+ .get = nftnl_obj_quota_get,
+ .parse = nftnl_obj_quota_parse,
+ .build = nftnl_obj_quota_build,
+- .snprintf = nftnl_obj_quota_snprintf,
++ .snprintf_ = nftnl_obj_quota_snprintf,
+ };
+diff --git a/src/obj/secmark.c b/src/obj/secmark.c
+index e27b5fa..6241bee 100644
+--- a/src/obj/secmark.c
++++ b/src/obj/secmark.c
+@@ -133,5 +133,5 @@ struct obj_ops obj_ops_secmark = {
+ .get = nftnl_obj_secmark_get,
+ .parse = nftnl_obj_secmark_parse,
+ .build = nftnl_obj_secmark_build,
+- .snprintf = nftnl_obj_secmark_snprintf,
++ .snprintf_ = nftnl_obj_secmark_snprintf,
+ };
+diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c
+index 7ffade8..800eb3e 100644
+--- a/src/obj/tunnel.c
++++ b/src/obj/tunnel.c
+@@ -564,5 +564,5 @@ struct obj_ops obj_ops_tunnel = {
+ .get = nftnl_obj_tunnel_get,
+ .parse = nftnl_obj_tunnel_parse,
+ .build = nftnl_obj_tunnel_build,
+- .snprintf = nftnl_obj_tunnel_snprintf,
++ .snprintf_ = nftnl_obj_tunnel_snprintf,
+ };
+diff --git a/src/object.c b/src/object.c
+index 5c8d183..d489cdd 100644
+--- a/src/object.c
++++ b/src/object.c
+@@ -369,7 +369,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t size,
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+
+ if (obj->ops) {
+- ret = obj->ops->snprintf(buf + offset, offset, type, flags,
++ ret = obj->ops->snprintf_(buf + offset, offset, type, flags,
+ obj);
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+ }
+--
+2.17.1
+
+diff --git a/src/expr/synproxy.c b/src/expr/synproxy.c
+index 245f4fb..9721029 100644
+--- a/src/expr/synproxy.c
++++ b/src/expr/synproxy.c
+@@ -166,5 +166,5 @@ struct expr_ops expr_ops_synproxy = {
+ .get = nftnl_expr_synproxy_get,
+ .parse = nftnl_expr_synproxy_parse,
+ .build = nftnl_expr_synproxy_build,
+- .snprintf = nftnl_expr_synproxy_snprintf,
++ .snprintf_ = nftnl_expr_synproxy_snprintf,
+ };
+diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c
+index c0bb5ba..953c08c 100644
+--- a/src/obj/ct_expect.c
++++ b/src/obj/ct_expect.c
+@@ -209,5 +209,5 @@ struct obj_ops obj_ops_ct_expect = {
+ .get = nftnl_obj_ct_expect_get,
+ .parse = nftnl_obj_ct_expect_parse,
+ .build = nftnl_obj_ct_expect_build,
+- .snprintf = nftnl_obj_ct_expect_snprintf,
++ .snprintf_ = nftnl_obj_ct_expect_snprintf,
+ };
+diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c
+index 56ebc85..ea01a28 100644
+--- a/src/obj/synproxy.c
++++ b/src/obj/synproxy.c
+@@ -157,5 +157,5 @@ struct obj_ops obj_ops_synproxy = {
+ .get = nftnl_obj_synproxy_get,
+ .parse = nftnl_obj_synproxy_parse,
+ .build = nftnl_obj_synproxy_build,
+- .snprintf = nftnl_obj_synproxy_snprintf,
++ .snprintf_ = nftnl_obj_synproxy_snprintf,
+ };
diff --git a/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch b/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
new file mode 100644
index 0000000..cc56cef
--- /dev/null
+++ b/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
@@ -0,0 +1,30 @@
+From ba1b02594e8d05e4c791925a50f9309f89b55c80 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Mon, 2 Dec 2019 22:57:40 +0100
+Subject: [libnftnl PATCH] flowtable: Fix memleak in error path of
+ nftnl_flowtable_parse_devs()
+
+In error case, allocated dev_array is not freed.
+
+Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/flowtable.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/flowtable.c b/src/flowtable.c
+index 324e80f7e6ad6..db319434b51c0 100644
+--- a/src/flowtable.c
++++ b/src/flowtable.c
+@@ -419,6 +419,7 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ err:
+ while (len--)
+ xfree(dev_array[len]);
++ xfree(dev_array);
+ return -1;
+ }
+
+--
+2.24.0
+
diff --git a/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch b/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
new file mode 100644
index 0000000..d147038
--- /dev/null
+++ b/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
@@ -0,0 +1,30 @@
+From 32a8c5f52355ef69bf74c28e27345b2e03d948e7 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Mon, 2 Dec 2019 23:00:20 +0100
+Subject: [libnftnl PATCH] chain: Fix memleak in error path of
+ nftnl_chain_parse_devs()
+
+In error case, dev_array is not freed when it should.
+
+Fixes: e3ac19b5ec162 ("chain: multi-device support")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/chain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/chain.c b/src/chain.c
+index d4050d28e77d0..9cc8735a4936f 100644
+--- a/src/chain.c
++++ b/src/chain.c
+@@ -636,6 +636,7 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ err:
+ while (len--)
+ xfree(dev_array[len]);
++ xfree(dev_array);
+ return -1;
+ }
+
+--
+2.24.0
+
diff --git a/0004-flowtable-Correctly-check-realloc-call.patch b/0004-flowtable-Correctly-check-realloc-call.patch
new file mode 100644
index 0000000..96a0d01
--- /dev/null
+++ b/0004-flowtable-Correctly-check-realloc-call.patch
@@ -0,0 +1,52 @@
+From 835d645f4052551c5c1829c37a07c882f2260f65 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Mon, 2 Dec 2019 23:08:07 +0100
+Subject: [libnftnl PATCH] flowtable: Correctly check realloc() call
+
+If realloc() fails, it returns NULL but the original pointer is
+untouchted and therefore still has to be freed. Unconditionally
+overwriting the old pointer is therefore a bad idea, use a temporary
+variable instead.
+
+Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/flowtable.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/src/flowtable.c b/src/flowtable.c
+index db319434b51c0..9ba3b6d9a3404 100644
+--- a/src/flowtable.c
++++ b/src/flowtable.c
+@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data)
+ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ struct nftnl_flowtable *c)
+ {
+- const char **dev_array;
++ const char **dev_array, **tmp;
+ int len = 0, size = 8;
+ struct nlattr *attr;
+
+@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ goto err;
+ dev_array[len++] = strdup(mnl_attr_get_str(attr));
+ if (len >= size) {
+- dev_array = realloc(dev_array,
+- size * 2 * sizeof(char *));
+- if (!dev_array)
++ tmp = realloc(dev_array, size * 2 * sizeof(char *));
++ if (!tmp)
+ goto err;
+
+ size *= 2;
+- memset(&dev_array[len], 0,
+- (size - len) * sizeof(char *));
++ memset(&tmp[len], 0, (size - len) * sizeof(char *));
++ dev_array = tmp;
+ }
+ }
+
+--
+2.24.0
+
diff --git a/0005-chain-Correctly-check-realloc-call.patch b/0005-chain-Correctly-check-realloc-call.patch
new file mode 100644
index 0000000..8da29c9
--- /dev/null
+++ b/0005-chain-Correctly-check-realloc-call.patch
@@ -0,0 +1,52 @@
+From d95a703746d5394d56a9f464e343594e4882da0d Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Mon, 2 Dec 2019 23:12:34 +0100
+Subject: [libnftnl PATCH] chain: Correctly check realloc() call
+
+If realloc() fails, it returns NULL but the original pointer is
+untouchted and therefore still has to be freed. Unconditionally
+overwriting the old pointer is therefore a bad idea, use a temporary
+variable instead.
+
+Fixes: e3ac19b5ec162 ("chain: multi-device support")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/chain.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/src/chain.c b/src/chain.c
+index 9cc8735a4936f..b9a16fc9b42df 100644
+--- a/src/chain.c
++++ b/src/chain.c
+@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data)
+
+ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ {
+- const char **dev_array;
++ const char **dev_array, **tmp;
+ int len = 0, size = 8;
+ struct nlattr *attr;
+
+@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ goto err;
+ dev_array[len++] = strdup(mnl_attr_get_str(attr));
+ if (len >= size) {
+- dev_array = realloc(dev_array,
+- size * 2 * sizeof(char *));
+- if (!dev_array)
++ tmp = realloc(dev_array, size * 2 * sizeof(char *));
++ if (!tmp)
+ goto err;
+
+ size *= 2;
+- memset(&dev_array[len], 0,
+- (size - len) * sizeof(char *));
++ memset(&tmp[len], 0, (size - len) * sizeof(char *));
++ dev_array = tmp;
+ }
+ }
+
+--
+2.24.0
+
diff --git a/libnftnl-1.0.7-clang.patch b/libnftnl-1.0.7-clang.patch
deleted file mode 100644
index c7e38f0..0000000
--- a/libnftnl-1.0.7-clang.patch
+++ /dev/null
@@ -1,735 +0,0 @@
---- libnftnl-1.0.7/src/expr.c.omv~ 2017-01-30 18:11:37.605990011 +0100
-+++ libnftnl-1.0.7/src/expr.c 2017-01-30 18:13:48.885019686 +0100
-@@ -24,7 +24,9 @@
-
- #include <libnftnl/expr.h>
-
--struct nftnl_expr *nftnl_expr_alloc(const char *name)
-+#undef snprintf
-+
-+__visible struct nftnl_expr *nftnl_expr_alloc(const char *name)
- {
- struct nftnl_expr *expr;
- struct expr_ops *ops;
-@@ -45,7 +47,7 @@ struct nftnl_expr *nftnl_expr_alloc(cons
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_alloc, nft_rule_expr_alloc);
-
--void nftnl_expr_free(const struct nftnl_expr *expr)
-+__visible void nftnl_expr_free(const struct nftnl_expr *expr)
- {
- if (expr->ops->free)
- expr->ops->free(expr);
-@@ -54,13 +56,13 @@ void nftnl_expr_free(const struct nftnl_
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_free, nft_rule_expr_free);
-
--bool nftnl_expr_is_set(const struct nftnl_expr *expr, uint16_t type)
-+__visible bool nftnl_expr_is_set(const struct nftnl_expr *expr, uint16_t type)
- {
- return expr->flags & (1 << type);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_is_set, nft_rule_expr_is_set);
-
--int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type,
-+__visible int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type,
- const void *data, uint32_t data_len)
- {
- switch(type) {
-@@ -75,41 +77,41 @@ int nftnl_expr_set(struct nftnl_expr *ex
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set, nft_rule_expr_set);
-
--void
-+__visible void
- nftnl_expr_set_u8(struct nftnl_expr *expr, uint16_t type, uint8_t data)
- {
- nftnl_expr_set(expr, type, &data, sizeof(uint8_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set_u8, nft_rule_expr_set_u8);
-
--void
-+__visible void
- nftnl_expr_set_u16(struct nftnl_expr *expr, uint16_t type, uint16_t data)
- {
- nftnl_expr_set(expr, type, &data, sizeof(uint16_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set_u16, nft_rule_expr_set_u16);
-
--void
-+__visible void
- nftnl_expr_set_u32(struct nftnl_expr *expr, uint16_t type, uint32_t data)
- {
- nftnl_expr_set(expr, type, &data, sizeof(uint32_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set_u32, nft_rule_expr_set_u32);
-
--void
-+__visible void
- nftnl_expr_set_u64(struct nftnl_expr *expr, uint16_t type, uint64_t data)
- {
- nftnl_expr_set(expr, type, &data, sizeof(uint64_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set_u64, nft_rule_expr_set_u64);
-
--int nftnl_expr_set_str(struct nftnl_expr *expr, uint16_t type, const char *str)
-+__visible int nftnl_expr_set_str(struct nftnl_expr *expr, uint16_t type, const char *str)
- {
- return nftnl_expr_set(expr, type, str, strlen(str) + 1);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_set_str, nft_rule_expr_set_str);
-
--const void *nftnl_expr_get(const struct nftnl_expr *expr,
-+__visible const void *nftnl_expr_get(const struct nftnl_expr *expr,
- uint16_t type, uint32_t *data_len)
- {
- const void *ret;
-@@ -131,7 +133,7 @@ const void *nftnl_expr_get(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get, nft_rule_expr_get);
-
--uint8_t nftnl_expr_get_u8(const struct nftnl_expr *expr, uint16_t type)
-+__visible uint8_t nftnl_expr_get_u8(const struct nftnl_expr *expr, uint16_t type)
- {
- const void *data;
- uint32_t data_len;
-@@ -147,7 +149,7 @@ uint8_t nftnl_expr_get_u8(const struct n
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get_u8, nft_rule_expr_get_u8);
-
--uint16_t nftnl_expr_get_u16(const struct nftnl_expr *expr, uint16_t type)
-+__visible uint16_t nftnl_expr_get_u16(const struct nftnl_expr *expr, uint16_t type)
- {
- const void *data;
- uint32_t data_len;
-@@ -163,7 +165,7 @@ uint16_t nftnl_expr_get_u16(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get_u16, nft_rule_expr_get_u16);
-
--uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type)
-+__visible uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type)
- {
- const void *data;
- uint32_t data_len;
-@@ -179,7 +181,7 @@ uint32_t nftnl_expr_get_u32(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get_u32, nft_rule_expr_get_u32);
-
--uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type)
-+__visible uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type)
- {
- const void *data;
- uint32_t data_len;
-@@ -195,7 +197,7 @@ uint64_t nftnl_expr_get_u64(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get_u64, nft_rule_expr_get_u64);
-
--const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type)
-+__visible const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type)
- {
- uint32_t data_len;
-
-@@ -203,7 +205,7 @@ const char *nftnl_expr_get_str(const str
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_get_str, nft_rule_expr_get_str);
-
--bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2)
-+__visible bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2)
- {
- if (e1->flags != e2->flags ||
- strcmp(e1->ops->name, e2->ops->name) != 0)
-@@ -213,7 +215,7 @@ bool nftnl_expr_cmp(const struct nftnl_e
- }
- EXPORT_SYMBOL(nftnl_expr_cmp);
-
--void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr)
-+__visible void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr)
- {
- struct nlattr *nest;
-
-@@ -275,7 +277,7 @@ err1:
- return NULL;
- }
-
--int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr,
-+__visible int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr,
- uint32_t type, uint32_t flags)
- {
- int ret;
---- libnftnl-1.0.7/src/object.c.omv~ 2017-01-30 18:00:01.275961441 +0100
-+++ libnftnl-1.0.7/src/object.c 2017-01-30 18:05:26.546937696 +0100
-@@ -25,6 +25,9 @@
- #include <buffer.h>
- #include "obj.h"
-
-+// __builtin__snprintf_chk isn't in the structs...
-+#undef snprintf
-+
- static struct obj_ops *obj_ops[] = {
- [NFT_OBJECT_COUNTER] = &obj_ops_counter,
- [NFT_OBJECT_QUOTA] = &obj_ops_quota,
-@@ -38,13 +41,13 @@ static struct obj_ops *nftnl_obj_ops_loo
- return obj_ops[type];
- }
-
--struct nftnl_obj *nftnl_obj_alloc(void)
-+__visible struct nftnl_obj *nftnl_obj_alloc(void)
- {
- return calloc(1, sizeof(struct nftnl_obj));
- }
- EXPORT_SYMBOL(nftnl_obj_alloc);
-
--void nftnl_obj_free(const struct nftnl_obj *obj)
-+__visible void nftnl_obj_free(const struct nftnl_obj *obj)
- {
- if (obj->flags & (1 << NFTNL_OBJ_TABLE))
- xfree(obj->table);
-@@ -55,7 +58,7 @@ void nftnl_obj_free(const struct nftnl_o
- }
- EXPORT_SYMBOL(nftnl_obj_free);
-
--bool nftnl_obj_is_set(const struct nftnl_obj *obj, uint16_t attr)
-+__visible bool nftnl_obj_is_set(const struct nftnl_obj *obj, uint16_t attr)
- {
- return obj->flags & (1 << attr);
- }
-@@ -66,7 +69,7 @@ static uint32_t nftnl_obj_validate[NFTNL
- [NFTNL_OBJ_USE] = sizeof(uint32_t),
- };
-
--void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
-+__visible void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
- const void *data, uint32_t data_len)
- {
- if (attr < NFTNL_OBJ_MAX)
-@@ -99,31 +102,31 @@ void nftnl_obj_set_data(struct nftnl_obj
- }
- EXPORT_SYMBOL(nftnl_obj_set_data);
-
--void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data)
-+__visible void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data)
- {
- nftnl_obj_set_data(obj, attr, data, nftnl_obj_validate[attr]);
- }
- EXPORT_SYMBOL(nftnl_obj_set);
-
--void nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val)
-+__visible void nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val)
- {
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint32_t));
- }
- EXPORT_SYMBOL(nftnl_obj_set_u32);
-
--void nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val)
-+__visible void nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val)
- {
- nftnl_obj_set_data(obj, attr, &val, sizeof(uint64_t));
- }
- EXPORT_SYMBOL(nftnl_obj_set_u64);
-
--void nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str)
-+__visible void nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str)
- {
- nftnl_obj_set_data(obj, attr, str, 0);
- }
- EXPORT_SYMBOL(nftnl_obj_set_str);
-
--const void *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr,
-+__visible const void *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr,
- uint32_t *data_len)
- {
- if (!(obj->flags & (1 << attr)))
-@@ -155,34 +158,34 @@ const void *nftnl_obj_get_data(struct nf
- }
- EXPORT_SYMBOL(nftnl_obj_get_data);
-
--const void *nftnl_obj_get(struct nftnl_obj *obj, uint16_t attr)
-+__visible const void *nftnl_obj_get(struct nftnl_obj *obj, uint16_t attr)
- {
- uint32_t data_len;
- return nftnl_obj_get_data(obj, attr, &data_len);
- }
- EXPORT_SYMBOL(nftnl_obj_get);
-
--uint32_t nftnl_obj_get_u32(struct nftnl_obj *obj, uint16_t attr)
-+__visible uint32_t nftnl_obj_get_u32(struct nftnl_obj *obj, uint16_t attr)
- {
- const void *ret = nftnl_obj_get(obj, attr);
- return ret == NULL ? 0 : *((uint32_t *)ret);
- }
- EXPORT_SYMBOL(nftnl_obj_get_u32);
-
--uint64_t nftnl_obj_get_u64(struct nftnl_obj *obj, uint16_t attr)
-+__visible uint64_t nftnl_obj_get_u64(struct nftnl_obj *obj, uint16_t attr)
- {
- const void *ret = nftnl_obj_get(obj, attr);
- return ret == NULL ? 0 : *((uint64_t *)ret);
- }
- EXPORT_SYMBOL(nftnl_obj_get_u64);
-
--const char *nftnl_obj_get_str(struct nftnl_obj *obj, uint16_t attr)
-+__visible const char *nftnl_obj_get_str(struct nftnl_obj *obj, uint16_t attr)
- {
- return nftnl_obj_get(obj, attr);
- }
- EXPORT_SYMBOL(nftnl_obj_get_str);
-
--void nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh,
-+__visible void nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh,
- const struct nftnl_obj *obj)
- {
- if (obj->flags & (1 << NFTNL_OBJ_TABLE))
-@@ -229,7 +232,7 @@ static int nftnl_obj_parse_attr_cb(const
- return MNL_CB_OK;
- }
-
--int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj)
-+__visible int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj)
- {
- struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
- struct nlattr *tb[NFTA_OBJ_MAX + 1] = {};
-@@ -347,14 +350,14 @@ static int nftnl_obj_do_parse(struct nft
- return ret;
- }
-
--int nftnl_obj_parse(struct nftnl_obj *obj, enum nftnl_parse_type type,
-+__visible int nftnl_obj_parse(struct nftnl_obj *obj, enum nftnl_parse_type type,
- const char *data, struct nftnl_parse_err *err)
- {
- return nftnl_obj_do_parse(obj, type, data, err, NFTNL_PARSE_BUFFER);
- }
- EXPORT_SYMBOL(nftnl_obj_parse);
-
--int nftnl_obj_parse_file(struct nftnl_obj *obj, enum nftnl_parse_type type,
-+__visible int nftnl_obj_parse_file(struct nftnl_obj *obj, enum nftnl_parse_type type,
- FILE *fp, struct nftnl_parse_err *err)
- {
- return nftnl_obj_do_parse(obj, type, fp, err, NFTNL_PARSE_FILE);
-@@ -438,7 +441,7 @@ static int nftnl_obj_cmd_snprintf(char *
- return offset;
- }
-
--int nftnl_obj_snprintf(char *buf, size_t size, const struct nftnl_obj *obj,
-+__visible int nftnl_obj_snprintf(char *buf, size_t size, const struct nftnl_obj *obj,
- uint32_t type, uint32_t flags)
- {
- return nftnl_obj_cmd_snprintf(buf, size, obj, nftnl_flag2cmd(flags),
-@@ -452,7 +455,7 @@ static int nftnl_obj_do_snprintf(char *b
- return nftnl_obj_snprintf(buf, size, obj, type, flags);
- }
-
--int nftnl_obj_fprintf(FILE *fp, const struct nftnl_obj *obj, uint32_t type,
-+__visible int nftnl_obj_fprintf(FILE *fp, const struct nftnl_obj *obj, uint32_t type,
- uint32_t flags)
- {
- return nftnl_fprintf(fp, obj, NFT_CMD_UNSPEC, type, flags,
-@@ -464,7 +467,7 @@ struct nftnl_obj_list {
- struct list_head list;
- };
-
--struct nftnl_obj_list *nftnl_obj_list_alloc(void)
-+__visible struct nftnl_obj_list *nftnl_obj_list_alloc(void)
- {
- struct nftnl_obj_list *list;
-
-@@ -478,7 +481,7 @@ struct nftnl_obj_list *nftnl_obj_list_al
- }
- EXPORT_SYMBOL(nftnl_obj_list_alloc);
-
--void nftnl_obj_list_free(struct nftnl_obj_list *list)
-+__visible void nftnl_obj_list_free(struct nftnl_obj_list *list)
- {
- struct nftnl_obj *r, *tmp;
-
-@@ -490,32 +493,32 @@ void nftnl_obj_list_free(struct nftnl_ob
- }
- EXPORT_SYMBOL(nftnl_obj_list_free);
-
--int nftnl_obj_list_is_empty(struct nftnl_obj_list *list)
-+__visible int nftnl_obj_list_is_empty(struct nftnl_obj_list *list)
- {
- return list_empty(&list->list);
- }
- EXPORT_SYMBOL(nftnl_obj_list_is_empty);
-
--void nftnl_obj_list_add(struct nftnl_obj *r, struct nftnl_obj_list *list)
-+__visible void nftnl_obj_list_add(struct nftnl_obj *r, struct nftnl_obj_list *list)
- {
- list_add(&r->head, &list->list);
- }
- EXPORT_SYMBOL(nftnl_obj_list_add);
-
--void nftnl_obj_list_add_tail(struct nftnl_obj *r,
-+__visible void nftnl_obj_list_add_tail(struct nftnl_obj *r,
- struct nftnl_obj_list *list)
- {
- list_add_tail(&r->head, &list->list);
- }
- EXPORT_SYMBOL(nftnl_obj_list_add_tail);
-
--void nftnl_obj_list_del(struct nftnl_obj *t)
-+__visible void nftnl_obj_list_del(struct nftnl_obj *t)
- {
- list_del(&t->head);
- }
- EXPORT_SYMBOL(nftnl_obj_list_del);
-
--int nftnl_obj_list_foreach(struct nftnl_obj_list *table_list,
-+__visible int nftnl_obj_list_foreach(struct nftnl_obj_list *table_list,
- int (*cb)(struct nftnl_obj *t, void *data),
- void *data)
- {
-@@ -536,7 +539,7 @@ struct nftnl_obj_list_iter {
- struct nftnl_obj *cur;
- };
-
--struct nftnl_obj_list_iter *
-+__visible struct nftnl_obj_list_iter *
- nftnl_obj_list_iter_create(struct nftnl_obj_list *l)
- {
- struct nftnl_obj_list_iter *iter;
-@@ -555,7 +558,7 @@ nftnl_obj_list_iter_create(struct nftnl_
- }
- EXPORT_SYMBOL(nftnl_obj_list_iter_create);
-
--struct nftnl_obj *nftnl_obj_list_iter_next(struct nftnl_obj_list_iter *iter)
-+__visible struct nftnl_obj *nftnl_obj_list_iter_next(struct nftnl_obj_list_iter *iter)
- {
- struct nftnl_obj *r = iter->cur;
-
-@@ -571,7 +574,7 @@ struct nftnl_obj *nftnl_obj_list_iter_ne
- }
- EXPORT_SYMBOL(nftnl_obj_list_iter_next);
-
--void nftnl_obj_list_iter_destroy(struct nftnl_obj_list_iter *iter)
-+__visible void nftnl_obj_list_iter_destroy(struct nftnl_obj_list_iter *iter)
- {
- xfree(iter);
- }
---- libnftnl-1.0.7/src/rule.c.omv~ 2017-01-30 18:05:48.987130355 +0100
-+++ libnftnl-1.0.7/src/rule.c 2017-01-30 18:11:06.963746701 +0100
-@@ -29,6 +29,8 @@
- #include <libnftnl/set.h>
- #include <libnftnl/expr.h>
-
-+#undef snprintf
-+
- struct nftnl_rule {
- struct list_head head;
-
-@@ -50,7 +52,7 @@ struct nftnl_rule {
- struct list_head expr_list;
- };
-
--struct nftnl_rule *nftnl_rule_alloc(void)
-+__visible struct nftnl_rule *nftnl_rule_alloc(void)
- {
- struct nftnl_rule *r;
-
-@@ -64,7 +66,7 @@ struct nftnl_rule *nftnl_rule_alloc(void
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_alloc, nft_rule_alloc);
-
--void nftnl_rule_free(const struct nftnl_rule *r)
-+__visible void nftnl_rule_free(const struct nftnl_rule *r)
- {
- struct nftnl_expr *e, *tmp;
-
-@@ -82,13 +84,13 @@ void nftnl_rule_free(const struct nftnl_
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_free, nft_rule_free);
-
--bool nftnl_rule_is_set(const struct nftnl_rule *r, uint16_t attr)
-+__visible bool nftnl_rule_is_set(const struct nftnl_rule *r, uint16_t attr)
- {
- return r->flags & (1 << attr);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_is_set, nft_rule_attr_is_set);
-
--void nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr)
-+__visible void nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr)
- {
- if (!(r->flags & (1 << attr)))
- return;
-@@ -123,7 +125,7 @@ static uint32_t nftnl_rule_validate[NFTN
- [NFTNL_RULE_POSITION] = sizeof(uint64_t),
- };
-
--int nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
-+__visible int nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
- const void *data, uint32_t data_len)
- {
- nftnl_assert_attr_exists(attr, NFTNL_RULE_MAX);
-@@ -178,31 +180,31 @@ int nftnl_rule_set_data(struct nftnl_rul
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_set_data, nft_rule_attr_set_data);
-
--int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data)
-+__visible int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data)
- {
- return nftnl_rule_set_data(r, attr, data, nftnl_rule_validate[attr]);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_set, nft_rule_attr_set);
-
--void nftnl_rule_set_u32(struct nftnl_rule *r, uint16_t attr, uint32_t val)
-+__visible void nftnl_rule_set_u32(struct nftnl_rule *r, uint16_t attr, uint32_t val)
- {
- nftnl_rule_set_data(r, attr, &val, sizeof(uint32_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_set_u32, nft_rule_attr_set_u32);
-
--void nftnl_rule_set_u64(struct nftnl_rule *r, uint16_t attr, uint64_t val)
-+__visible void nftnl_rule_set_u64(struct nftnl_rule *r, uint16_t attr, uint64_t val)
- {
- nftnl_rule_set_data(r, attr, &val, sizeof(uint64_t));
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_set_u64, nft_rule_attr_set_u64);
-
--int nftnl_rule_set_str(struct nftnl_rule *r, uint16_t attr, const char *str)
-+__visible int nftnl_rule_set_str(struct nftnl_rule *r, uint16_t attr, const char *str)
- {
- return nftnl_rule_set_data(r, attr, str, strlen(str) + 1);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_set_str, nft_rule_attr_set_str);
-
--const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
-+__visible const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
- uint32_t *data_len)
- {
- if (!(r->flags & (1 << attr)))
-@@ -238,20 +240,20 @@ const void *nftnl_rule_get_data(const st
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get_data, nft_rule_attr_get_data);
-
--const void *nftnl_rule_get(const struct nftnl_rule *r, uint16_t attr)
-+__visible const void *nftnl_rule_get(const struct nftnl_rule *r, uint16_t attr)
- {
- uint32_t data_len;
- return nftnl_rule_get_data(r, attr, &data_len);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get, nft_rule_attr_get);
-
--const char *nftnl_rule_get_str(const struct nftnl_rule *r, uint16_t attr)
-+__visible const char *nftnl_rule_get_str(const struct nftnl_rule *r, uint16_t attr)
- {
- return nftnl_rule_get(r, attr);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get_str, nft_rule_attr_get_str);
-
--uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr)
-+__visible uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr)
- {
- uint32_t data_len;
- const uint32_t *val = nftnl_rule_get_data(r, attr, &data_len);
-@@ -262,7 +264,7 @@ uint32_t nftnl_rule_get_u32(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get_u32, nft_rule_attr_get_u32);
-
--uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr)
-+__visible uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr)
- {
- uint32_t data_len;
- const uint64_t *val = nftnl_rule_get_data(r, attr, &data_len);
-@@ -273,7 +275,7 @@ uint64_t nftnl_rule_get_u64(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get_u64, nft_rule_attr_get_u64);
-
--uint8_t nftnl_rule_get_u8(const struct nftnl_rule *r, uint16_t attr)
-+__visible uint8_t nftnl_rule_get_u8(const struct nftnl_rule *r, uint16_t attr)
- {
- uint32_t data_len;
- const uint8_t *val = nftnl_rule_get_data(r, attr, &data_len);
-@@ -284,7 +286,7 @@ uint8_t nftnl_rule_get_u8(const struct n
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_get_u8, nft_rule_attr_get_u8);
-
--void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r)
-+__visible void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r)
- {
- struct nftnl_expr *expr;
- struct nlattr *nest, *nest2;
-@@ -325,7 +327,7 @@ void nftnl_rule_nlmsg_build_payload(stru
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_nlmsg_build_payload, nft_rule_nlmsg_build_payload);
-
--void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr)
-+__visible void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr)
- {
- list_add_tail(&expr->head, &r->expr_list);
- }
-@@ -425,7 +427,7 @@ static int nftnl_rule_parse_compat(struc
- return 0;
- }
-
--int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r)
-+__visible int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r)
- {
- struct nlattr *tb[NFTA_RULE_MAX+1] = {};
- struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
-@@ -631,14 +633,14 @@ static int nftnl_rule_do_parse(struct nf
-
- return ret;
- }
--int nftnl_rule_parse(struct nftnl_rule *r, enum nftnl_parse_type type,
-+__visible int nftnl_rule_parse(struct nftnl_rule *r, enum nftnl_parse_type type,
- const char *data, struct nftnl_parse_err *err)
- {
- return nftnl_rule_do_parse(r, type, data, err, NFTNL_PARSE_BUFFER);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_parse, nft_rule_parse);
-
--int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
-+__visible int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
- FILE *fp, struct nftnl_parse_err *err)
- {
- return nftnl_rule_do_parse(r, type, fp, err, NFTNL_PARSE_FILE);
-@@ -829,7 +831,7 @@ static int nftnl_rule_cmd_snprintf(char
- return offset;
- }
-
--int nftnl_rule_snprintf(char *buf, size_t size, const struct nftnl_rule *r,
-+__visible int nftnl_rule_snprintf(char *buf, size_t size, const struct nftnl_rule *r,
- uint32_t type, uint32_t flags)
- {
- return nftnl_rule_cmd_snprintf(buf, size, r, nftnl_flag2cmd(flags), type,
-@@ -843,7 +845,7 @@ static int nftnl_rule_do_snprintf(char *
- return nftnl_rule_snprintf(buf, size, r, type, flags);
- }
-
--int nftnl_rule_fprintf(FILE *fp, const struct nftnl_rule *r, uint32_t type,
-+__visible int nftnl_rule_fprintf(FILE *fp, const struct nftnl_rule *r, uint32_t type,
- uint32_t flags)
- {
- return nftnl_fprintf(fp, r, NFTNL_CMD_UNSPEC, type, flags,
-@@ -851,7 +853,7 @@ int nftnl_rule_fprintf(FILE *fp, const s
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_fprintf, nft_rule_fprintf);
-
--int nftnl_expr_foreach(struct nftnl_rule *r,
-+__visible int nftnl_expr_foreach(struct nftnl_rule *r,
- int (*cb)(struct nftnl_expr *e, void *data),
- void *data)
- {
-@@ -883,7 +885,7 @@ static void nftnl_expr_iter_init(const s
- head);
- }
-
--struct nftnl_expr_iter *nftnl_expr_iter_create(const struct nftnl_rule *r)
-+__visible struct nftnl_expr_iter *nftnl_expr_iter_create(const struct nftnl_rule *r)
- {
- struct nftnl_expr_iter *iter;
-
-@@ -897,7 +899,7 @@ struct nftnl_expr_iter *nftnl_expr_iter_
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_iter_create, nft_rule_expr_iter_create);
-
--struct nftnl_expr *nftnl_expr_iter_next(struct nftnl_expr_iter *iter)
-+__visible struct nftnl_expr *nftnl_expr_iter_next(struct nftnl_expr_iter *iter)
- {
- struct nftnl_expr *expr = iter->cur;
-
-@@ -913,13 +915,13 @@ struct nftnl_expr *nftnl_expr_iter_next(
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_iter_next, nft_rule_expr_iter_next);
-
--void nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter)
-+__visible void nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter)
- {
- xfree(iter);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_expr_iter_destroy, nft_rule_expr_iter_destroy);
-
--bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2)
-+__visible bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2)
- {
- struct nftnl_expr_iter it1, it2;
- struct nftnl_expr *e1, *e2;
-@@ -954,7 +956,7 @@ struct nftnl_rule_list {
- struct list_head list;
- };
-
--struct nftnl_rule_list *nftnl_rule_list_alloc(void)
-+__visible struct nftnl_rule_list *nftnl_rule_list_alloc(void)
- {
- struct nftnl_rule_list *list;
-
-@@ -968,7 +970,7 @@ struct nftnl_rule_list *nftnl_rule_list_
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_alloc, nft_rule_list_alloc);
-
--void nftnl_rule_list_free(struct nftnl_rule_list *list)
-+__visible void nftnl_rule_list_free(struct nftnl_rule_list *list)
- {
- struct nftnl_rule *r, *tmp;
-
-@@ -980,31 +982,31 @@ void nftnl_rule_list_free(struct nftnl_r
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_free, nft_rule_list_free);
-
--int nftnl_rule_list_is_empty(const struct nftnl_rule_list *list)
-+__visible int nftnl_rule_list_is_empty(const struct nftnl_rule_list *list)
- {
- return list_empty(&list->list);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_is_empty, nft_rule_list_is_empty);
-
--void nftnl_rule_list_add(struct nftnl_rule *r, struct nftnl_rule_list *list)
-+__visible void nftnl_rule_list_add(struct nftnl_rule *r, struct nftnl_rule_list *list)
- {
- list_add(&r->head, &list->list);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_add, nft_rule_list_add);
-
--void nftnl_rule_list_add_tail(struct nftnl_rule *r, struct nftnl_rule_list *list)
-+__visible void nftnl_rule_list_add_tail(struct nftnl_rule *r, struct nftnl_rule_list *list)
- {
- list_add_tail(&r->head, &list->list);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_add_tail, nft_rule_list_add_tail);
-
--void nftnl_rule_list_del(struct nftnl_rule *r)
-+__visible void nftnl_rule_list_del(struct nftnl_rule *r)
- {
- list_del(&r->head);
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_del, nft_rule_list_del);
-
--int nftnl_rule_list_foreach(struct nftnl_rule_list *rule_list,
-+__visible int nftnl_rule_list_foreach(struct nftnl_rule_list *rule_list,
- int (*cb)(struct nftnl_rule *r, void *data),
- void *data)
- {
-@@ -1025,7 +1027,7 @@ struct nftnl_rule_list_iter {
- struct nftnl_rule *cur;
- };
-
--struct nftnl_rule_list_iter *
-+__visible struct nftnl_rule_list_iter *
- nftnl_rule_list_iter_create(const struct nftnl_rule_list *l)
- {
- struct nftnl_rule_list_iter *iter;
-@@ -1044,13 +1046,13 @@ nftnl_rule_list_iter_create(const struct
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_iter_create, nft_rule_list_iter_create);
-
--struct nftnl_rule *nftnl_rule_list_iter_cur(struct nftnl_rule_list_iter *iter)
-+__visible struct nftnl_rule *nftnl_rule_list_iter_cur(struct nftnl_rule_list_iter *iter)
- {
- return iter->cur;
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_iter_cur, nft_rule_list_iter_cur);
-
--struct nftnl_rule *nftnl_rule_list_iter_next(struct nftnl_rule_list_iter *iter)
-+__visible struct nftnl_rule *nftnl_rule_list_iter_next(struct nftnl_rule_list_iter *iter)
- {
- struct nftnl_rule *r = iter->cur;
-
-@@ -1066,7 +1068,7 @@ struct nftnl_rule *nftnl_rule_list_iter_
- }
- EXPORT_SYMBOL_ALIAS(nftnl_rule_list_iter_next, nft_rule_list_iter_next);
-
--void nftnl_rule_list_iter_destroy(const struct nftnl_rule_list_iter *iter)
-+__visible void nftnl_rule_list_iter_destroy(const struct nftnl_rule_list_iter *iter)
- {
- xfree(iter);
- }
diff --git a/libnftnl.spec b/libnftnl.spec
index 5a84a77..5f16b7c 100644
--- a/libnftnl.spec
+++ b/libnftnl.spec
@@ -4,13 +4,19 @@
Summary: Userspace library for handling of netfilter netlink messages
Name: libnftnl
-Version: 1.1.3
+Version: 1.1.5
Release: 1
Group: System/Libraries
License: GPLv2
URL: http://netfilter.org/projects/libnftnl/index.html
Source0: http://netfilter.org/projects/libnftnl/files/libnftnl-%{version}.tar.bz2
-#Patch0: libnftnl-1.0.7-clang.patch
+Patch1: 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
+Patch2: 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
+Patch3: 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
+Patch4: 0004-flowtable-Correctly-check-realloc-call.patch
+Patch5: 0005-chain-Correctly-check-realloc-call.patch
+Patch6: 0002-avoid-naming-local-function-as-one-of-printf-family.patch
+
BuildRequires: pkgconfig(libmnl)
BuildRequires: pkgconfig(jansson)
@@ -49,10 +55,7 @@ sed -i 's!examples/Makefile!!g' configure.ac
sed -i 's!tests/Makefile!!g' configure.ac
%build
-# (tpg) 2019-05-29
-# BUILDSTDERR: object.c:372:19: error: no member named '__builtin___snprintf_chk' in 'struct obj_ops'
-export CC=gcc
-%configure --disable-static
+%configure --disable-static --disable-silent-rules --with-json-parsing
%make_build
%install
@@ -60,6 +63,13 @@ export CC=gcc
rm -f %{buildroot}%{_libdir}/*.la
+%check
+make %{?_smp_mflags} check
+# JSON parsing is broken on big endian, causing tests to fail. Fixes awaiting
+# upstream acceptance: https://marc.info/?l=netfilter-devel&m=152968610931720&w=2
+#cd tests
+#sh ./test-script.sh
+
%files -n %{libname}
%{_libdir}/*.so.%{major}*