+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Wed, 19 Jun 2019 09:31:57 +0200
-Subject: [PATCH kronosnet] cherry-pick 1.10 as patches
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
----
- ...e-entry-per-file-to-match-README.lic.patch | 2928 +++++++++++++++++
- ...n-shared-code-to-trigger-PMTUd-rerun.patch | 79 +
- ...-rerun-API-to-allow-full-PMTUd-reset.patch | 74 +
- ...sts-add-access-lists-support-to-sctp.patch | 96 +
- ...documentation-for-enable_access_list.patch | 58 +
- ...dd-errno-around-and-start-using-them.patch | 195 ++
- ...rnal-API-calls-to-manage-access-list.patch | 746 +++++
- ...more-extensive-test-for-links_acl_ip.patch | 717 ++++
- .../access-lists-add-public-API-tests.patch | 1019 ++++++
- ...s-add-tests-for-default-access-lists.patch | 63 +
- ...et_bench-to-enable-disable-access-li.patch | 61 +
- ...cally-add-and-remove-point-to-point-.patch | 283 ++
- .../access-lists-cleanup-API-a-bit.patch | 98 +
- ...access-lists-data-structs-within-the.patch | 226 ++
- ...ccess-lists-for-GENERIC_ACL-protocol.patch | 80 +
- ...eneric-access-lists-only-for-protoco.patch | 55 +
- ...d-on-BSD-and-add-some-include-files-.patch | 64 +
- .../access-lists-fix-build-on-freebsd.patch | 54 +
- ...improve-checks-on-various-data-types.patch | 74 +
- ...e-more-generic-to-accept-more-than-I.patch | 436 +++
- ...s-lists-make-internal-API-consistent.patch | 73 +
- ...-of-generic-wrappers-and-remove-dupl.patch | 72 +
- ...ess-lists-structs-and-data-types-to-.patch | 168 +
- ...-acl-wrappers-to-links_acl-and-split.patch | 1025 ++++++
- ...-lists-remove-2-unnecessary-wrappers.patch | 70 +
- ...p1-2-to-ss1-2-to-keep-it-more-generi.patch | 219 ++
- ...licit-access-lists-management-for-UD.patch | 50 +
- ...ays-to-access-per-protocol-functions.patch | 309 ++
- ...better-name-for-fd_tracker-structure.patch | 95 +
- .../acl-Fix-English-in-commments.patch | 106 +
- ..._handle_enable_access_lists-api-call.patch | 235 ++
- ...o-libknet-dir-and-rename-to-links_ac.patch | 186 ++
- ...ump-soname-to-indicate-new-API-calls.patch | 23 +
- .../compress-add-support-for-libzstd.patch | 342 ++
- ...o-fix-openssl1.0-initialization-code.patch | 98 +
- ...e-errors-generated-by-openssl-1.1.1c.patch | 137 +
- ...lear-all-security-info-on-crypto_fin.patch | 51 +
- ...rigger-a-PMTUd-rerun-on-each-good-cr.patch | 25 +
- ...alls-to-RAND_seed-as-they-don-t-real.patch | 65 +
- ...crypto-openssl-error-strings-release.patch | 28 +
- ...ndle_crypto-external-API-to-be-more-.patch | 598 ++++
- ...ight-from-541d7faf9068d10e12b4278c35.patch | 23 +
- ...al-update-copyright-across-the-board.patch | 129 +
- debian/patches/global-update-copyrights.patch | 21 +
- ...operly-initialize-fd-tracker-buffers.patch | 26 +
- ..._type-to-transport-to-avoid-confusio.patch | 77 +
- ...t_type-to-transport-to-avoid-confusi.patch | 196 ++
- ...g-target-of-recently-added-API-calls.patch | 52 +
- ...rrors-detected-by-newly-added-test-1.patch | 50 +
- .../patches/manpages-Document-enums-206.patch | 39 +
- .../misc-Fix-more-covscan-warnings.patch | 191 ++
- debian/patches/misc-some-coverity-fixes.patch | 224 ++
- ...bout-plugins-version-and-architectur.patch | 167 +
- ...-up-useless-conditionals-and-defines.patch | 376 +++
- .../spec-drop-support-for-init-scripts.patch | 108 +
- .../spec-fix-a-bunch-of-rpmlint-errors.patch | 51 +
- ...s-to-point-to-https-and-official-rel.patch | 30 +
- ...ora-spec-file-into-upstream-spec-fil.patch | 374 +++
- ...ditionals-to-determine-BuildRequires.patch | 59 +
- ...dconfig_scriptlets-only-when-defined.patch | 40 +
- ...m-internal-memory-leak-non-recurring.patch | 25 +
- ...r-packet-implementation-to-flush-log.patch | 135 +
- .../patches/tests-remove-stray-comment.patch | 22 +
- ...t-add-internal-API-to-gather-which-f.patch | 161 +
- ...ation-about-the-nature-of-the-transp.patch | 115 +
- ...ect-merge-when-cherry-picking-7033dd.patch | 29 +
- debian/patches/series | 66 +
- 67 files changed, 14167 insertions(+)
- create mode 100644 debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
- create mode 100644 debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
- create mode 100644 debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
- create mode 100644 debian/patches/access-lists-add-access-lists-support-to-sctp.patch
- create mode 100644 debian/patches/access-lists-add-documentation-for-enable_access_list.patch
- create mode 100644 debian/patches/access-lists-add-errno-around-and-start-using-them.patch
- create mode 100644 debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
- create mode 100644 debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
- create mode 100644 debian/patches/access-lists-add-public-API-tests.patch
- create mode 100644 debian/patches/access-lists-add-tests-for-default-access-lists.patch
- create mode 100644 debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
- create mode 100644 debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
- create mode 100644 debian/patches/access-lists-cleanup-API-a-bit.patch
- create mode 100644 debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
- create mode 100644 debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
- create mode 100644 debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
- create mode 100644 debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
- create mode 100644 debian/patches/access-lists-fix-build-on-freebsd.patch
- create mode 100644 debian/patches/access-lists-improve-checks-on-various-data-types.patch
- create mode 100644 debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
- create mode 100644 debian/patches/access-lists-make-internal-API-consistent.patch
- create mode 100644 debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
- create mode 100644 debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
- create mode 100644 debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
- create mode 100644 debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
- create mode 100644 debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
- create mode 100644 debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
- create mode 100644 debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
- create mode 100644 debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
- create mode 100644 debian/patches/acl-Fix-English-in-commments.patch
- create mode 100644 debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
- create mode 100644 debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
- create mode 100644 debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
- create mode 100644 debian/patches/compress-add-support-for-libzstd.patch
- create mode 100644 debian/patches/crypto-fix-openssl1.0-initialization-code.patch
- create mode 100644 debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
- create mode 100644 debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
- create mode 100644 debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
- create mode 100644 debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
- create mode 100644 debian/patches/crypto-openssl-error-strings-release.patch
- create mode 100644 debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
- create mode 100644 debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
- create mode 100644 debian/patches/global-update-copyright-across-the-board.patch
- create mode 100644 debian/patches/global-update-copyrights.patch
- create mode 100644 debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
- create mode 100644 debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
- create mode 100644 debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
- create mode 100644 debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
- create mode 100644 debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
- create mode 100644 debian/patches/manpages-Document-enums-206.patch
- create mode 100644 debian/patches/misc-Fix-more-covscan-warnings.patch
- create mode 100644 debian/patches/misc-some-coverity-fixes.patch
- create mode 100644 debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
- create mode 100644 debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
- create mode 100644 debian/patches/spec-drop-support-for-init-scripts.patch
- create mode 100644 debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
- create mode 100644 debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
- create mode 100644 debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
- create mode 100644 debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
- create mode 100644 debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
- create mode 100644 debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
- create mode 100644 debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
- create mode 100644 debian/patches/tests-remove-stray-comment.patch
- create mode 100644 debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
- create mode 100644 debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
- create mode 100644 debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-
-diff --git a/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch b/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
-new file mode 100644
-index 0000000..ba15cf0
---- /dev/null
-+++ b/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
-@@ -0,0 +1,2928 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 12 Jun 2019 05:21:24 +0200
-+Subject: [global] clarify license entry per file to match README.licence
-+
-+libraries code: LGPL-2.0+
-+binaries code and other files: GPL-2.0+
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dd52554d5dfc0c5c37697842092cd3b99d6d40a4)
-+---
-+ README | 2 +-
-+ autogen.sh | 2 +-
-+ configure.ac | 2 +-
-+ Makefile.am | 2 +-
-+ init/Makefile.am | 2 +-
-+ kronosnetd/Makefile.am | 2 +-
-+ libknet/Makefile.am | 2 +-
-+ libknet/tests/Makefile.am | 2 +-
-+ libnozzle/Makefile.am | 2 +-
-+ libnozzle/tests/Makefile.am | 2 +-
-+ man/Makefile.am | 2 +-
-+ poc-code/Makefile.am | 2 +-
-+ poc-code/iov-hash/Makefile.am | 2 +-
-+ kronosnetd/cfg.h | 2 +-
-+ kronosnetd/etherfilter.h | 2 +-
-+ kronosnetd/logging.h | 2 +-
-+ kronosnetd/vty.h | 2 +-
-+ kronosnetd/vty_auth.h | 2 +-
-+ kronosnetd/vty_cli.h | 2 +-
-+ kronosnetd/vty_cli_cmds.h | 2 +-
-+ kronosnetd/vty_utils.h | 2 +-
-+ libknet/common.h | 2 +-
-+ libknet/compat.h | 2 +-
-+ libknet/compress.h | 2 +-
-+ libknet/compress_model.h | 2 +-
-+ libknet/crypto.h | 2 +-
-+ libknet/crypto_model.h | 2 +-
-+ libknet/host.h | 2 +-
-+ libknet/internals.h | 2 +-
-+ libknet/libknet.h | 2 +-
-+ libknet/links.h | 2 +-
-+ libknet/links_acl.h | 2 +-
-+ libknet/links_acl_ip.h | 2 +-
-+ libknet/links_acl_loopback.h | 2 +-
-+ libknet/logging.h | 2 +-
-+ libknet/netutils.h | 2 +-
-+ libknet/onwire.h | 2 +-
-+ libknet/tests/test-common.h | 2 +-
-+ libknet/threads_common.h | 2 +-
-+ libknet/threads_dsthandler.h | 2 +-
-+ libknet/threads_heartbeat.h | 2 +-
-+ libknet/threads_pmtud.h | 2 +-
-+ libknet/threads_rx.h | 2 +-
-+ libknet/threads_tx.h | 2 +-
-+ libknet/transport_common.h | 2 +-
-+ libknet/transport_loopback.h | 2 +-
-+ libknet/transport_sctp.h | 2 +-
-+ libknet/transport_udp.h | 2 +-
-+ libknet/transports.h | 2 +-
-+ libnozzle/internals.h | 2 +-
-+ libnozzle/libnozzle.h | 2 +-
-+ libnozzle/tests/test-common.h | 2 +-
-+ init/kronosnetd.in | 2 +-
-+ init/kronosnetd.service.in | 2 +-
-+ kronosnetd/kronosnetd.logrotate.in | 2 +-
-+ libknet/libknet.pc.in | 2 +-
-+ libnozzle/libnozzle.pc.in | 2 +-
-+ man/Doxyfile-knet.in | 2 +-
-+ man/Doxyfile-nozzle.in | 2 +-
-+ kronosnetd/cfg.c | 2 +-
-+ kronosnetd/etherfilter.c | 2 +-
-+ kronosnetd/keygen.c | 2 +-
-+ kronosnetd/logging.c | 2 +-
-+ kronosnetd/main.c | 2 +-
-+ kronosnetd/vty.c | 2 +-
-+ kronosnetd/vty_auth.c | 2 +-
-+ kronosnetd/vty_cli.c | 2 +-
-+ kronosnetd/vty_cli_cmds.c | 2 +-
-+ kronosnetd/vty_utils.c | 2 +-
-+ libknet/common.c | 2 +-
-+ libknet/compat.c | 2 +-
-+ libknet/compress.c | 2 +-
-+ libknet/compress_bzip2.c | 2 +-
-+ libknet/compress_lz4.c | 2 +-
-+ libknet/compress_lz4hc.c | 2 +-
-+ libknet/compress_lzma.c | 2 +-
-+ libknet/compress_lzo2.c | 2 +-
-+ libknet/compress_zlib.c | 2 +-
-+ libknet/compress_zstd.c | 2 +-
-+ libknet/crypto.c | 2 +-
-+ libknet/crypto_nss.c | 2 +-
-+ libknet/crypto_openssl.c | 2 +-
-+ libknet/handle.c | 2 +-
-+ libknet/host.c | 2 +-
-+ libknet/links.c | 2 +-
-+ libknet/links_acl.c | 2 +-
-+ libknet/links_acl_ip.c | 2 +-
-+ libknet/links_acl_loopback.c | 2 +-
-+ libknet/logging.c | 2 +-
-+ libknet/netutils.c | 2 +-
-+ libknet/tests/api_knet_addrtostr.c | 2 +-
-+ libknet/tests/api_knet_get_compress_list.c | 2 +-
-+ libknet/tests/api_knet_get_crypto_list.c | 2 +-
-+ libknet/tests/api_knet_get_transport_id_by_name.c | 2 +-
-+ libknet/tests/api_knet_get_transport_list.c | 2 +-
-+ libknet/tests/api_knet_get_transport_name_by_id.c | 2 +-
-+ libknet/tests/api_knet_handle_add_datafd.c | 2 +-
-+ libknet/tests/api_knet_handle_clear_stats.c | 2 +-
-+ libknet/tests/api_knet_handle_compress.c | 2 +-
-+ libknet/tests/api_knet_handle_crypto.c | 2 +-
-+ libknet/tests/api_knet_handle_enable_access_lists.c | 2 +-
-+ libknet/tests/api_knet_handle_enable_filter.c | 2 +-
-+ libknet/tests/api_knet_handle_enable_pmtud_notify.c | 2 +-
-+ libknet/tests/api_knet_handle_enable_sock_notify.c | 2 +-
-+ libknet/tests/api_knet_handle_free.c | 2 +-
-+ libknet/tests/api_knet_handle_get_channel.c | 2 +-
-+ libknet/tests/api_knet_handle_get_datafd.c | 2 +-
-+ libknet/tests/api_knet_handle_get_stats.c | 2 +-
-+ libknet/tests/api_knet_handle_get_transport_reconnect_interval.c | 2 +-
-+ libknet/tests/api_knet_handle_new.c | 2 +-
-+ libknet/tests/api_knet_handle_new_limit.c | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_get.c | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_getfreq.c | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_setfreq.c | 2 +-
-+ libknet/tests/api_knet_handle_remove_datafd.c | 2 +-
-+ libknet/tests/api_knet_handle_set_transport_reconnect_interval.c | 2 +-
-+ libknet/tests/api_knet_handle_setfwd.c | 2 +-
-+ libknet/tests/api_knet_host_add.c | 2 +-
-+ libknet/tests/api_knet_host_enable_status_change_notify.c | 2 +-
-+ libknet/tests/api_knet_host_get_host_list.c | 2 +-
-+ libknet/tests/api_knet_host_get_id_by_host_name.c | 2 +-
-+ libknet/tests/api_knet_host_get_name_by_host_id.c | 2 +-
-+ libknet/tests/api_knet_host_get_policy.c | 2 +-
-+ libknet/tests/api_knet_host_get_status.c | 2 +-
-+ libknet/tests/api_knet_host_remove.c | 2 +-
-+ libknet/tests/api_knet_host_set_name.c | 2 +-
-+ libknet/tests/api_knet_host_set_policy.c | 2 +-
-+ libknet/tests/api_knet_link_add_acl.c | 2 +-
-+ libknet/tests/api_knet_link_clear_acl.c | 2 +-
-+ libknet/tests/api_knet_link_clear_config.c | 2 +-
-+ libknet/tests/api_knet_link_get_config.c | 2 +-
-+ libknet/tests/api_knet_link_get_enable.c | 2 +-
-+ libknet/tests/api_knet_link_get_link_list.c | 2 +-
-+ libknet/tests/api_knet_link_get_ping_timers.c | 2 +-
-+ libknet/tests/api_knet_link_get_pong_count.c | 2 +-
-+ libknet/tests/api_knet_link_get_priority.c | 2 +-
-+ libknet/tests/api_knet_link_get_status.c | 2 +-
-+ libknet/tests/api_knet_link_insert_acl.c | 2 +-
-+ libknet/tests/api_knet_link_rm_acl.c | 2 +-
-+ libknet/tests/api_knet_link_set_config.c | 2 +-
-+ libknet/tests/api_knet_link_set_enable.c | 2 +-
-+ libknet/tests/api_knet_link_set_ping_timers.c | 2 +-
-+ libknet/tests/api_knet_link_set_pong_count.c | 2 +-
-+ libknet/tests/api_knet_link_set_priority.c | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel.c | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel_id.c | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel_name.c | 2 +-
-+ libknet/tests/api_knet_log_get_subsystem_id.c | 2 +-
-+ libknet/tests/api_knet_log_get_subsystem_name.c | 2 +-
-+ libknet/tests/api_knet_log_set_loglevel.c | 2 +-
-+ libknet/tests/api_knet_recv.c | 2 +-
-+ libknet/tests/api_knet_send.c | 2 +-
-+ libknet/tests/api_knet_send_compress.c | 2 +-
-+ libknet/tests/api_knet_send_crypto.c | 2 +-
-+ libknet/tests/api_knet_send_loopback.c | 2 +-
-+ libknet/tests/api_knet_send_sync.c | 2 +-
-+ libknet/tests/api_knet_strtoaddr.c | 2 +-
-+ libknet/tests/int_links_acl_ip.c | 2 +-
-+ libknet/tests/int_timediff.c | 2 +-
-+ libknet/tests/knet_bench.c | 2 +-
-+ libknet/tests/pckt_test.c | 2 +-
-+ libknet/tests/test-common.c | 2 +-
-+ libknet/threads_common.c | 2 +-
-+ libknet/threads_dsthandler.c | 2 +-
-+ libknet/threads_heartbeat.c | 2 +-
-+ libknet/threads_pmtud.c | 2 +-
-+ libknet/threads_rx.c | 2 +-
-+ libknet/threads_tx.c | 2 +-
-+ libknet/transport_common.c | 2 +-
-+ libknet/transport_loopback.c | 2 +-
-+ libknet/transport_sctp.c | 2 +-
-+ libknet/transport_udp.c | 2 +-
-+ libknet/transports.c | 2 +-
-+ libnozzle/internals.c | 2 +-
-+ libnozzle/libnozzle.c | 2 +-
-+ libnozzle/tests/api_nozzle_add_ip.c | 2 +-
-+ libnozzle/tests/api_nozzle_close.c | 2 +-
-+ libnozzle/tests/api_nozzle_del_ip.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_fd.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_handle_by_name.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_ips.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_mac.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_mtu.c | 2 +-
-+ libnozzle/tests/api_nozzle_get_name_by_handle.c | 2 +-
-+ libnozzle/tests/api_nozzle_open.c | 2 +-
-+ libnozzle/tests/api_nozzle_run_updown.c | 2 +-
-+ libnozzle/tests/api_nozzle_set_down.c | 2 +-
-+ libnozzle/tests/api_nozzle_set_mac.c | 2 +-
-+ libnozzle/tests/api_nozzle_set_mtu.c | 2 +-
-+ libnozzle/tests/api_nozzle_set_up.c | 2 +-
-+ libnozzle/tests/int_execute_bin_sh_command.c | 2 +-
-+ libnozzle/tests/test-common.c | 2 +-
-+ man/doxyxml.c | 2 +-
-+ poc-code/iov-hash/main.c | 2 +-
-+ build-aux/check.mk | 2 +-
-+ build-aux/release.mk | 2 +-
-+ build-aux/update-copyright.sh | 4 ++--
-+ init/kronosnetd.default | 2 +-
-+ libknet/libknet_exported_syms | 2 +-
-+ libknet/tests/api-check.mk | 2 +-
-+ libknet/tests/api-test-coverage | 2 +-
-+ libnozzle/libnozzle_exported_syms | 2 +-
-+ libnozzle/tests/api-test-coverage | 2 +-
-+ libnozzle/tests/nozzle_run_updown_exit_false | 2 +-
-+ libnozzle/tests/nozzle_run_updown_exit_true | 2 +-
-+ man/api-to-man-page-coverage | 2 +-
-+ man/knet-keygen.8 | 2 +-
-+ man/kronosnetd.8 | 2 +-
-+ 208 files changed, 209 insertions(+), 209 deletions(-)
-+
-+diff --git a/README b/README
-+index 7b5e7ce..f8f3ea6 100644
-+--- a/README
-++++ b/README
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ Upstream resources
-+diff --git a/autogen.sh b/autogen.sh
-+index 8fb1e58..92e9483 100755
-+--- a/autogen.sh
-++++ b/autogen.sh
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ # Run this to generate all the initial makefiles, etc.
-+diff --git a/configure.ac b/configure.ac
-+index 501053e..e962592 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ # Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ # -*- Autoconf -*-
-+diff --git a/Makefile.am b/Makefile.am
-+index 82cb1f5..dc5f8a5 100644
-+--- a/Makefile.am
-++++ b/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in aclocal.m4 configure depcomp \
-+diff --git a/init/Makefile.am b/init/Makefile.am
-+index 4d59a9e..fe0d9b0 100644
-+--- a/init/Makefile.am
-++++ b/init/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/kronosnetd/Makefile.am b/kronosnetd/Makefile.am
-+index 0b6f673..5ce8fa5 100644
-+--- a/kronosnetd/Makefile.am
-++++ b/kronosnetd/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in kronostnetd.logrotate
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 8adcc40..d080732 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ # Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 015587c..3346596 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libnozzle/Makefile.am b/libnozzle/Makefile.am
-+index 2ffbd08..8ac438a 100644
-+--- a/libnozzle/Makefile.am
-++++ b/libnozzle/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libnozzle/tests/Makefile.am b/libnozzle/tests/Makefile.am
-+index b9e16ae..cdc42a3 100644
-+--- a/libnozzle/tests/Makefile.am
-++++ b/libnozzle/tests/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/man/Makefile.am b/man/Makefile.am
-+index 0ad12f6..a473e90 100644
-+--- a/man/Makefile.am
-++++ b/man/Makefile.am
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ # Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/poc-code/Makefile.am b/poc-code/Makefile.am
-+index 15d12f7..ddbea08 100644
-+--- a/poc-code/Makefile.am
-++++ b/poc-code/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/poc-code/iov-hash/Makefile.am b/poc-code/iov-hash/Makefile.am
-+index a41ed99..acd6b51 100644
-+--- a/poc-code/iov-hash/Makefile.am
-++++ b/poc-code/iov-hash/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/kronosnetd/cfg.h b/kronosnetd/cfg.h
-+index 0260bff..56fa4d5 100644
-+--- a/kronosnetd/cfg.h
-++++ b/kronosnetd/cfg.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_CFG_H__
-+diff --git a/kronosnetd/etherfilter.h b/kronosnetd/etherfilter.h
-+index d805dd6..63e18b6 100644
-+--- a/kronosnetd/etherfilter.h
-++++ b/kronosnetd/etherfilter.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_ETHERFILTER_H__
-+diff --git a/kronosnetd/logging.h b/kronosnetd/logging.h
-+index e4d5ce2..1bc12b9 100644
-+--- a/kronosnetd/logging.h
-++++ b/kronosnetd/logging.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_LOGGING_H__
-+diff --git a/kronosnetd/vty.h b/kronosnetd/vty.h
-+index 86bd821..3c3e6e0 100644
-+--- a/kronosnetd/vty.h
-++++ b/kronosnetd/vty.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_VTY_H__
-+diff --git a/kronosnetd/vty_auth.h b/kronosnetd/vty_auth.h
-+index c42989b..58d75cb 100644
-+--- a/kronosnetd/vty_auth.h
-++++ b/kronosnetd/vty_auth.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_VTY_AUTH_H__
-+diff --git a/kronosnetd/vty_cli.h b/kronosnetd/vty_cli.h
-+index 9bbdcc7..0d7e515 100644
-+--- a/kronosnetd/vty_cli.h
-++++ b/kronosnetd/vty_cli.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_VTY_CLI_H__
-+diff --git a/kronosnetd/vty_cli_cmds.h b/kronosnetd/vty_cli_cmds.h
-+index ac07573..ba40ddf 100644
-+--- a/kronosnetd/vty_cli_cmds.h
-++++ b/kronosnetd/vty_cli_cmds.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_VTY_CLI_CMDS_H__
-+diff --git a/kronosnetd/vty_utils.h b/kronosnetd/vty_utils.h
-+index 07e339b..7ac318a 100644
-+--- a/kronosnetd/vty_utils.h
-++++ b/kronosnetd/vty_utils.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNETD_VTY_UTILS_H__
-+diff --git a/libknet/common.h b/libknet/common.h
-+index ddea7fc..6128b16 100644
-+--- a/libknet/common.h
-++++ b/libknet/common.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "internals.h"
-+diff --git a/libknet/compat.h b/libknet/compat.h
-+index e9af804..903fdfb 100644
-+--- a/libknet/compat.h
-++++ b/libknet/compat.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Jan Friesse <jfriesse@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_COMPAT_H__
-+diff --git a/libknet/compress.h b/libknet/compress.h
-+index 47edddf..d43a9d5 100644
-+--- a/libknet/compress.h
-++++ b/libknet/compress.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_COMPRESS_H__
-+diff --git a/libknet/compress_model.h b/libknet/compress_model.h
-+index 909f5a1..e69e491 100644
-+--- a/libknet/compress_model.h
-++++ b/libknet/compress_model.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_COMPRESS_MODEL_H__
-+diff --git a/libknet/crypto.h b/libknet/crypto.h
-+index 707de32..f80cb43 100644
-+--- a/libknet/crypto.h
-++++ b/libknet/crypto.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_CRYPTO_H__
-+diff --git a/libknet/crypto_model.h b/libknet/crypto_model.h
-+index 9bb4f17..70f6238 100644
-+--- a/libknet/crypto_model.h
-++++ b/libknet/crypto_model.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_CRYPTO_MODEL_H__
-+diff --git a/libknet/host.h b/libknet/host.h
-+index 4336b17..307b6e7 100644
-+--- a/libknet/host.h
-++++ b/libknet/host.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_HOST_H__
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 12f613c..3f105a1 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_INTERNALS_H__
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 907213f..acd1c86 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __LIBKNET_H__
-+diff --git a/libknet/links.h b/libknet/links.h
-+index 7c0250d..e14958d 100644
-+--- a/libknet/links.h
-++++ b/libknet/links.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_LINK_H__
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 60f7812..4617c9b 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_LINKS_ACL_H__
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index b33ffb1..f566c1e 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_LINKS_ACL_IP_H__
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index b51d2bf..d10764c 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_LINKS_ACL_LOOPBACK_H__
-+diff --git a/libknet/logging.h b/libknet/logging.h
-+index bdcd85e..01dcaf1 100644
-+--- a/libknet/logging.h
-++++ b/libknet/logging.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_LOGGING_H__
-+diff --git a/libknet/netutils.h b/libknet/netutils.h
-+index bdc605e..b293115 100644
-+--- a/libknet/netutils.h
-++++ b/libknet/netutils.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_NETUTILS_H__
-+diff --git a/libknet/onwire.h b/libknet/onwire.h
-+index ea45bfb..9815bc3 100644
-+--- a/libknet/onwire.h
-++++ b/libknet/onwire.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_ONWIRE_H__
-+diff --git a/libknet/tests/test-common.h b/libknet/tests/test-common.h
-+index a498a09..f1375ab 100644
-+--- a/libknet/tests/test-common.h
-++++ b/libknet/tests/test-common.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __KNET_TEST_COMMON_H__
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index cff7691..596de14 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_COMMON_H__
-+diff --git a/libknet/threads_dsthandler.h b/libknet/threads_dsthandler.h
-+index 0c968ff..db9117c 100644
-+--- a/libknet/threads_dsthandler.h
-++++ b/libknet/threads_dsthandler.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_DSTHANDLER_H__
-+diff --git a/libknet/threads_heartbeat.h b/libknet/threads_heartbeat.h
-+index 2fcc9a0..b2580d1 100644
-+--- a/libknet/threads_heartbeat.h
-++++ b/libknet/threads_heartbeat.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_HEARTBEAT_H__
-+diff --git a/libknet/threads_pmtud.h b/libknet/threads_pmtud.h
-+index 2cdcdbc..5ed3155 100644
-+--- a/libknet/threads_pmtud.h
-++++ b/libknet/threads_pmtud.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_PMTUD_H__
-+diff --git a/libknet/threads_rx.h b/libknet/threads_rx.h
-+index ff8bd6e..b88c098 100644
-+--- a/libknet/threads_rx.h
-++++ b/libknet/threads_rx.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_RX_H__
-+diff --git a/libknet/threads_tx.h b/libknet/threads_tx.h
-+index 7c4b2c0..28c4958 100644
-+--- a/libknet/threads_tx.h
-++++ b/libknet/threads_tx.h
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_THREADS_TX_H__
-+diff --git a/libknet/transport_common.h b/libknet/transport_common.h
-+index 778af8b..0ca21d0 100644
-+--- a/libknet/transport_common.h
-++++ b/libknet/transport_common.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_TRANSPORT_COMMON_H__
-+diff --git a/libknet/transport_loopback.h b/libknet/transport_loopback.h
-+index 6ce3ed3..a848ff8 100644
-+--- a/libknet/transport_loopback.h
-++++ b/libknet/transport_loopback.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_sctp.h b/libknet/transport_sctp.h
-+index 83a638b..0b8f320 100644
-+--- a/libknet/transport_sctp.h
-++++ b/libknet/transport_sctp.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_udp.h b/libknet/transport_udp.h
-+index 6de18e3..1dec863 100644
-+--- a/libknet/transport_udp.h
-++++ b/libknet/transport_udp.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index 38f69ba..3a29ce6 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __KNET_TRANSPORTS_H__
-+diff --git a/libnozzle/internals.h b/libnozzle/internals.h
-+index 853e14e..c9192a8 100644
-+--- a/libnozzle/internals.h
-++++ b/libnozzle/internals.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __NOZZLE_INTERNALS_H__
-+diff --git a/libnozzle/libnozzle.h b/libnozzle/libnozzle.h
-+index b8ab7d6..ad7c474 100644
-+--- a/libnozzle/libnozzle.h
-++++ b/libnozzle/libnozzle.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #ifndef __LIBNOZZLE_H__
-+diff --git a/libnozzle/tests/test-common.h b/libnozzle/tests/test-common.h
-+index 4562ea2..fcfafef 100644
-+--- a/libnozzle/tests/test-common.h
-++++ b/libnozzle/tests/test-common.h
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #ifndef __NOZZLE_TEST_COMMON_H__
-+diff --git a/init/kronosnetd.in b/init/kronosnetd.in
-+index 1823a3b..1da3273 100644
-+--- a/init/kronosnetd.in
-++++ b/init/kronosnetd.in
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ # chkconfig: - 20 80
-+diff --git a/init/kronosnetd.service.in b/init/kronosnetd.service.in
-+index 4d2a32a..cfc80f7 100644
-+--- a/init/kronosnetd.service.in
-++++ b/init/kronosnetd.service.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ [Unit]
-+diff --git a/kronosnetd/kronosnetd.logrotate.in b/kronosnetd/kronosnetd.logrotate.in
-+index 4ed1fd2..a8a6969 100644
-+--- a/kronosnetd/kronosnetd.logrotate.in
-++++ b/kronosnetd/kronosnetd.logrotate.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ @LOGDIR@kronosnetd.log {
-+diff --git a/libknet/libknet.pc.in b/libknet/libknet.pc.in
-+index bb7b25c..021b2c4 100644
-+--- a/libknet/libknet.pc.in
-++++ b/libknet/libknet.pc.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+
-+ prefix=@prefix@
-+diff --git a/libnozzle/libnozzle.pc.in b/libnozzle/libnozzle.pc.in
-+index d6b2a15..9df0918 100644
-+--- a/libnozzle/libnozzle.pc.in
-++++ b/libnozzle/libnozzle.pc.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+
-+ prefix=@prefix@
-+diff --git a/man/Doxyfile-knet.in b/man/Doxyfile-knet.in
-+index f78e313..4750c9a 100644
-+--- a/man/Doxyfile-knet.in
-++++ b/man/Doxyfile-knet.in
-+@@ -4,7 +4,7 @@
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ # Christine Caulfield <ccaulfie@redhat.com>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ PROJECT_NAME = @PACKAGE_NAME@
-+ PROJECT_NUMBER = @PACKAGE_VERSION@
-+diff --git a/man/Doxyfile-nozzle.in b/man/Doxyfile-nozzle.in
-+index 2855e50..793d49d 100644
-+--- a/man/Doxyfile-nozzle.in
-++++ b/man/Doxyfile-nozzle.in
-+@@ -4,7 +4,7 @@
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ # Christine Caulfield <ccaulfie@redhat.com>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ PROJECT_NAME = @PACKAGE_NAME@
-+ PROJECT_NUMBER = @PACKAGE_VERSION@
-+diff --git a/kronosnetd/cfg.c b/kronosnetd/cfg.c
-+index 69d209a..406532a 100644
-+--- a/kronosnetd/cfg.c
-++++ b/kronosnetd/cfg.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/etherfilter.c b/kronosnetd/etherfilter.c
-+index 8542061..5f0d9fb 100644
-+--- a/kronosnetd/etherfilter.c
-++++ b/kronosnetd/etherfilter.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/keygen.c b/kronosnetd/keygen.c
-+index eb91473..42706ad 100644
-+--- a/kronosnetd/keygen.c
-++++ b/kronosnetd/keygen.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/logging.c b/kronosnetd/logging.c
-+index b3ef0d1..9c141cd 100644
-+--- a/kronosnetd/logging.c
-++++ b/kronosnetd/logging.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/main.c b/kronosnetd/main.c
-+index c1a8c2b..ec43871 100644
-+--- a/kronosnetd/main.c
-++++ b/kronosnetd/main.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/vty.c b/kronosnetd/vty.c
-+index d624bf4..2c5d4d3 100644
-+--- a/kronosnetd/vty.c
-++++ b/kronosnetd/vty.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_auth.c b/kronosnetd/vty_auth.c
-+index cf997f9..30e0929 100644
-+--- a/kronosnetd/vty_auth.c
-++++ b/kronosnetd/vty_auth.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_cli.c b/kronosnetd/vty_cli.c
-+index 68ff0da..95e4c8f 100644
-+--- a/kronosnetd/vty_cli.c
-++++ b/kronosnetd/vty_cli.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_cli_cmds.c b/kronosnetd/vty_cli_cmds.c
-+index 18b11a0..e5ad496 100644
-+--- a/kronosnetd/vty_cli_cmds.c
-++++ b/kronosnetd/vty_cli_cmds.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_utils.c b/kronosnetd/vty_utils.c
-+index 3c5cc86..2cf5117 100644
-+--- a/kronosnetd/vty_utils.c
-++++ b/kronosnetd/vty_utils.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/common.c b/libknet/common.c
-+index be46f23..30e537e 100644
-+--- a/libknet/common.c
-++++ b/libknet/common.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/compat.c b/libknet/compat.c
-+index a60bca2..e808f33 100644
-+--- a/libknet/compat.c
-++++ b/libknet/compat.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Jan Friesse <jfriesse@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 864828f..24755c7 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/compress_bzip2.c b/libknet/compress_bzip2.c
-+index 521e206..5a972ff 100644
-+--- a/libknet/compress_bzip2.c
-++++ b/libknet/compress_bzip2.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_lz4.c b/libknet/compress_lz4.c
-+index 22b926f..60aa196 100644
-+--- a/libknet/compress_lz4.c
-++++ b/libknet/compress_lz4.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_lz4hc.c b/libknet/compress_lz4hc.c
-+index 9a69ab4..781bf12 100644
-+--- a/libknet/compress_lz4hc.c
-++++ b/libknet/compress_lz4hc.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_lzma.c b/libknet/compress_lzma.c
-+index e9ba2e3..7fdd178 100644
-+--- a/libknet/compress_lzma.c
-++++ b/libknet/compress_lzma.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_lzo2.c b/libknet/compress_lzo2.c
-+index e66d3dc..12066ed 100644
-+--- a/libknet/compress_lzo2.c
-++++ b/libknet/compress_lzo2.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_zlib.c b/libknet/compress_zlib.c
-+index 8807bb4..2fb12f5 100644
-+--- a/libknet/compress_zlib.c
-++++ b/libknet/compress_zlib.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+index 6f9b499..f76ea5f 100644
-+--- a/libknet/compress_zstd.c
-++++ b/libknet/compress_zstd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 6c340f5..9f05fba 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index 5c3a437..330b40c 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 999ed93..0cbc6f5 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+ #define KNET_MODULE
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 251d332..4835e99 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/host.c b/libknet/host.c
-+index 66826c1..abb1f89 100644
-+--- a/libknet/host.c
-++++ b/libknet/host.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 8011a6d..4ec308c 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 776408a..eb77e7b 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 9310f21..e479bbd 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 044a51c..0a0adec 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/logging.c b/libknet/logging.c
-+index 5c91257..2efee1b 100644
-+--- a/libknet/logging.c
-++++ b/libknet/logging.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/netutils.c b/libknet/netutils.c
-+index 72bc659..e37f4fe 100644
-+--- a/libknet/netutils.c
-++++ b/libknet/netutils.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_addrtostr.c b/libknet/tests/api_knet_addrtostr.c
-+index 9adbf31..9cdf502 100644
-+--- a/libknet/tests/api_knet_addrtostr.c
-++++ b/libknet/tests/api_knet_addrtostr.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_compress_list.c b/libknet/tests/api_knet_get_compress_list.c
-+index 230e203..53e4192 100644
-+--- a/libknet/tests/api_knet_get_compress_list.c
-++++ b/libknet/tests/api_knet_get_compress_list.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_crypto_list.c b/libknet/tests/api_knet_get_crypto_list.c
-+index 4121aa4..760adab 100644
-+--- a/libknet/tests/api_knet_get_crypto_list.c
-++++ b/libknet/tests/api_knet_get_crypto_list.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_id_by_name.c b/libknet/tests/api_knet_get_transport_id_by_name.c
-+index 973814f..9bcd673 100644
-+--- a/libknet/tests/api_knet_get_transport_id_by_name.c
-++++ b/libknet/tests/api_knet_get_transport_id_by_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_list.c b/libknet/tests/api_knet_get_transport_list.c
-+index c748901..9ab5c10 100644
-+--- a/libknet/tests/api_knet_get_transport_list.c
-++++ b/libknet/tests/api_knet_get_transport_list.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_name_by_id.c b/libknet/tests/api_knet_get_transport_name_by_id.c
-+index a797cec..3233a1d 100644
-+--- a/libknet/tests/api_knet_get_transport_name_by_id.c
-++++ b/libknet/tests/api_knet_get_transport_name_by_id.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_add_datafd.c b/libknet/tests/api_knet_handle_add_datafd.c
-+index 7159399..3088797 100644
-+--- a/libknet/tests/api_knet_handle_add_datafd.c
-++++ b/libknet/tests/api_knet_handle_add_datafd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_clear_stats.c b/libknet/tests/api_knet_handle_clear_stats.c
-+index 07f059a..0867b13 100644
-+--- a/libknet/tests/api_knet_handle_clear_stats.c
-++++ b/libknet/tests/api_knet_handle_clear_stats.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_compress.c b/libknet/tests/api_knet_handle_compress.c
-+index 1525e6a..40b6f39 100644
-+--- a/libknet/tests/api_knet_handle_compress.c
-++++ b/libknet/tests/api_knet_handle_compress.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_crypto.c b/libknet/tests/api_knet_handle_crypto.c
-+index 9dbf5bc..1eed96e 100644
-+--- a/libknet/tests/api_knet_handle_crypto.c
-++++ b/libknet/tests/api_knet_handle_crypto.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+index d08f175..be54bc4 100644
-+--- a/libknet/tests/api_knet_handle_enable_access_lists.c
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_filter.c b/libknet/tests/api_knet_handle_enable_filter.c
-+index 63b2166..e518b42 100644
-+--- a/libknet/tests/api_knet_handle_enable_filter.c
-++++ b/libknet/tests/api_knet_handle_enable_filter.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_pmtud_notify.c b/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-+index 726c2cc..f11abc3 100644
-+--- a/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-++++ b/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_sock_notify.c b/libknet/tests/api_knet_handle_enable_sock_notify.c
-+index 9c90600..adefb5a 100644
-+--- a/libknet/tests/api_knet_handle_enable_sock_notify.c
-++++ b/libknet/tests/api_knet_handle_enable_sock_notify.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_free.c b/libknet/tests/api_knet_handle_free.c
-+index 75319fc..53b6dc6 100644
-+--- a/libknet/tests/api_knet_handle_free.c
-++++ b/libknet/tests/api_knet_handle_free.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_channel.c b/libknet/tests/api_knet_handle_get_channel.c
-+index 3ade302..0196136 100644
-+--- a/libknet/tests/api_knet_handle_get_channel.c
-++++ b/libknet/tests/api_knet_handle_get_channel.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_datafd.c b/libknet/tests/api_knet_handle_get_datafd.c
-+index 8838b69..57aedf5 100644
-+--- a/libknet/tests/api_knet_handle_get_datafd.c
-++++ b/libknet/tests/api_knet_handle_get_datafd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_stats.c b/libknet/tests/api_knet_handle_get_stats.c
-+index e8a83b4..38a0c97 100644
-+--- a/libknet/tests/api_knet_handle_get_stats.c
-++++ b/libknet/tests/api_knet_handle_get_stats.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c b/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-+index 7a43823..f013a5b 100644
-+--- a/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-++++ b/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_new.c b/libknet/tests/api_knet_handle_new.c
-+index b7af566..9559d4a 100644
-+--- a/libknet/tests/api_knet_handle_new.c
-++++ b/libknet/tests/api_knet_handle_new.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_new_limit.c b/libknet/tests/api_knet_handle_new_limit.c
-+index d51db97..fc3bdcd 100644
-+--- a/libknet/tests/api_knet_handle_new_limit.c
-++++ b/libknet/tests/api_knet_handle_new_limit.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_get.c b/libknet/tests/api_knet_handle_pmtud_get.c
-+index a1b1d12..803a288 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_get.c
-++++ b/libknet/tests/api_knet_handle_pmtud_get.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_getfreq.c b/libknet/tests/api_knet_handle_pmtud_getfreq.c
-+index 5c5c7e0..23e3239 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_getfreq.c
-++++ b/libknet/tests/api_knet_handle_pmtud_getfreq.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_setfreq.c b/libknet/tests/api_knet_handle_pmtud_setfreq.c
-+index b4eebda..2a720c3 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_setfreq.c
-++++ b/libknet/tests/api_knet_handle_pmtud_setfreq.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_remove_datafd.c b/libknet/tests/api_knet_handle_remove_datafd.c
-+index 08a42ab..ace5df7 100644
-+--- a/libknet/tests/api_knet_handle_remove_datafd.c
-++++ b/libknet/tests/api_knet_handle_remove_datafd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c b/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-+index 80bbacb..c561559 100644
-+--- a/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-++++ b/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_setfwd.c b/libknet/tests/api_knet_handle_setfwd.c
-+index 9658075..21a5c9f 100644
-+--- a/libknet/tests/api_knet_handle_setfwd.c
-++++ b/libknet/tests/api_knet_handle_setfwd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_add.c b/libknet/tests/api_knet_host_add.c
-+index 762d0df..65104f5 100644
-+--- a/libknet/tests/api_knet_host_add.c
-++++ b/libknet/tests/api_knet_host_add.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_enable_status_change_notify.c b/libknet/tests/api_knet_host_enable_status_change_notify.c
-+index 96d133d..b0467a5 100644
-+--- a/libknet/tests/api_knet_host_enable_status_change_notify.c
-++++ b/libknet/tests/api_knet_host_enable_status_change_notify.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_host_list.c b/libknet/tests/api_knet_host_get_host_list.c
-+index 76fb23b..fc573bb 100644
-+--- a/libknet/tests/api_knet_host_get_host_list.c
-++++ b/libknet/tests/api_knet_host_get_host_list.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_id_by_host_name.c b/libknet/tests/api_knet_host_get_id_by_host_name.c
-+index 81ad504..745dbfa 100644
-+--- a/libknet/tests/api_knet_host_get_id_by_host_name.c
-++++ b/libknet/tests/api_knet_host_get_id_by_host_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_name_by_host_id.c b/libknet/tests/api_knet_host_get_name_by_host_id.c
-+index d239821..4604525 100644
-+--- a/libknet/tests/api_knet_host_get_name_by_host_id.c
-++++ b/libknet/tests/api_knet_host_get_name_by_host_id.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_policy.c b/libknet/tests/api_knet_host_get_policy.c
-+index 3160503..8511815 100644
-+--- a/libknet/tests/api_knet_host_get_policy.c
-++++ b/libknet/tests/api_knet_host_get_policy.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_status.c b/libknet/tests/api_knet_host_get_status.c
-+index b13c57a..3b46f0c 100644
-+--- a/libknet/tests/api_knet_host_get_status.c
-++++ b/libknet/tests/api_knet_host_get_status.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_remove.c b/libknet/tests/api_knet_host_remove.c
-+index 12d1f8f..36dd47c 100644
-+--- a/libknet/tests/api_knet_host_remove.c
-++++ b/libknet/tests/api_knet_host_remove.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_set_name.c b/libknet/tests/api_knet_host_set_name.c
-+index 88d6ce9..c899d33 100644
-+--- a/libknet/tests/api_knet_host_set_name.c
-++++ b/libknet/tests/api_knet_host_set_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_set_policy.c b/libknet/tests/api_knet_host_set_policy.c
-+index 41102d2..2583114 100644
-+--- a/libknet/tests/api_knet_host_set_policy.c
-++++ b/libknet/tests/api_knet_host_set_policy.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+index ff7a2e2..52d6022 100644
-+--- a/libknet/tests/api_knet_link_add_acl.c
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+index 234a76b..3516b4d 100644
-+--- a/libknet/tests/api_knet_link_clear_acl.c
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_clear_config.c b/libknet/tests/api_knet_link_clear_config.c
-+index 8d7800d..ff9c473 100644
-+--- a/libknet/tests/api_knet_link_clear_config.c
-++++ b/libknet/tests/api_knet_link_clear_config.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_config.c b/libknet/tests/api_knet_link_get_config.c
-+index 111b406..60a56fd 100644
-+--- a/libknet/tests/api_knet_link_get_config.c
-++++ b/libknet/tests/api_knet_link_get_config.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_enable.c b/libknet/tests/api_knet_link_get_enable.c
-+index 410c017..b0e1348 100644
-+--- a/libknet/tests/api_knet_link_get_enable.c
-++++ b/libknet/tests/api_knet_link_get_enable.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_link_list.c b/libknet/tests/api_knet_link_get_link_list.c
-+index e3dd73e..6114f83 100644
-+--- a/libknet/tests/api_knet_link_get_link_list.c
-++++ b/libknet/tests/api_knet_link_get_link_list.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_ping_timers.c b/libknet/tests/api_knet_link_get_ping_timers.c
-+index 5f0e9b1..414619f 100644
-+--- a/libknet/tests/api_knet_link_get_ping_timers.c
-++++ b/libknet/tests/api_knet_link_get_ping_timers.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_pong_count.c b/libknet/tests/api_knet_link_get_pong_count.c
-+index bbc993d..e032b96 100644
-+--- a/libknet/tests/api_knet_link_get_pong_count.c
-++++ b/libknet/tests/api_knet_link_get_pong_count.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_priority.c b/libknet/tests/api_knet_link_get_priority.c
-+index 29d7d2e..80538fe 100644
-+--- a/libknet/tests/api_knet_link_get_priority.c
-++++ b/libknet/tests/api_knet_link_get_priority.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_status.c b/libknet/tests/api_knet_link_get_status.c
-+index fe56734..5139692 100644
-+--- a/libknet/tests/api_knet_link_get_status.c
-++++ b/libknet/tests/api_knet_link_get_status.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+index 79d04df..2f55c16 100644
-+--- a/libknet/tests/api_knet_link_insert_acl.c
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+index d132c54..7217a4f 100644
-+--- a/libknet/tests/api_knet_link_rm_acl.c
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index b96c628..c43a4de 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_enable.c b/libknet/tests/api_knet_link_set_enable.c
-+index f48f1c0..17e6e03 100644
-+--- a/libknet/tests/api_knet_link_set_enable.c
-++++ b/libknet/tests/api_knet_link_set_enable.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_ping_timers.c b/libknet/tests/api_knet_link_set_ping_timers.c
-+index d823a81..46170f6 100644
-+--- a/libknet/tests/api_knet_link_set_ping_timers.c
-++++ b/libknet/tests/api_knet_link_set_ping_timers.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_pong_count.c b/libknet/tests/api_knet_link_set_pong_count.c
-+index 70fc57f..b8974e3 100644
-+--- a/libknet/tests/api_knet_link_set_pong_count.c
-++++ b/libknet/tests/api_knet_link_set_pong_count.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_priority.c b/libknet/tests/api_knet_link_set_priority.c
-+index a89392e..aac0ea2 100644
-+--- a/libknet/tests/api_knet_link_set_priority.c
-++++ b/libknet/tests/api_knet_link_set_priority.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel.c b/libknet/tests/api_knet_log_get_loglevel.c
-+index 4a62ead..4d4a52c 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel.c
-++++ b/libknet/tests/api_knet_log_get_loglevel.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel_id.c b/libknet/tests/api_knet_log_get_loglevel_id.c
-+index 1053dff..379ba71 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel_id.c
-++++ b/libknet/tests/api_knet_log_get_loglevel_id.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel_name.c b/libknet/tests/api_knet_log_get_loglevel_name.c
-+index 317ebb1..ef19af2 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel_name.c
-++++ b/libknet/tests/api_knet_log_get_loglevel_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_subsystem_id.c b/libknet/tests/api_knet_log_get_subsystem_id.c
-+index 0b47805..cff9e8a 100644
-+--- a/libknet/tests/api_knet_log_get_subsystem_id.c
-++++ b/libknet/tests/api_knet_log_get_subsystem_id.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_subsystem_name.c b/libknet/tests/api_knet_log_get_subsystem_name.c
-+index 1b11fe6..0384730 100644
-+--- a/libknet/tests/api_knet_log_get_subsystem_name.c
-++++ b/libknet/tests/api_knet_log_get_subsystem_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_set_loglevel.c b/libknet/tests/api_knet_log_set_loglevel.c
-+index e729113..7a9232a 100644
-+--- a/libknet/tests/api_knet_log_set_loglevel.c
-++++ b/libknet/tests/api_knet_log_set_loglevel.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_recv.c b/libknet/tests/api_knet_recv.c
-+index 6e23353..99bd7bc 100644
-+--- a/libknet/tests/api_knet_recv.c
-++++ b/libknet/tests/api_knet_recv.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index ca16e3d..ab9715a 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_compress.c b/libknet/tests/api_knet_send_compress.c
-+index b03f4e7..6d5f445 100644
-+--- a/libknet/tests/api_knet_send_compress.c
-++++ b/libknet/tests/api_knet_send_compress.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_crypto.c b/libknet/tests/api_knet_send_crypto.c
-+index e33a808..11de857 100644
-+--- a/libknet/tests/api_knet_send_crypto.c
-++++ b/libknet/tests/api_knet_send_crypto.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 2feca68..741b51d 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_sync.c b/libknet/tests/api_knet_send_sync.c
-+index f2718c9..96cb716 100644
-+--- a/libknet/tests/api_knet_send_sync.c
-++++ b/libknet/tests/api_knet_send_sync.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_strtoaddr.c b/libknet/tests/api_knet_strtoaddr.c
-+index 57a8a0a..a0be1da 100644
-+--- a/libknet/tests/api_knet_strtoaddr.c
-++++ b/libknet/tests/api_knet_strtoaddr.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+index 93dff63..41e7d59 100644
-+--- a/libknet/tests/int_links_acl_ip.c
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/int_timediff.c b/libknet/tests/int_timediff.c
-+index 12735d8..a878a31 100644
-+--- a/libknet/tests/int_timediff.c
-++++ b/libknet/tests/int_timediff.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/knet_bench.c b/libknet/tests/knet_bench.c
-+index 00cd58b..dfe5238 100644
-+--- a/libknet/tests/knet_bench.c
-++++ b/libknet/tests/knet_bench.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/tests/pckt_test.c b/libknet/tests/pckt_test.c
-+index 56cf018..f3e2100 100644
-+--- a/libknet/tests/pckt_test.c
-++++ b/libknet/tests/pckt_test.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include <stdio.h>
-+diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-+index a4ff297..cd3f6c4 100644
-+--- a/libknet/tests/test-common.c
-++++ b/libknet/tests/test-common.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index 53a6f9f..1f3e1e3 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_dsthandler.c b/libknet/threads_dsthandler.c
-+index 2633188..0776107 100644
-+--- a/libknet/threads_dsthandler.c
-++++ b/libknet/threads_dsthandler.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 8def9b8..8f8a7ec 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index b4ee632..603f595 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 626cbc4..b2a5dad 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index 8096906..32d65d5 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -4,7 +4,7 @@
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ * Federico Simoncelli <fsimon@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_common.c b/libknet/transport_common.c
-+index fe40ad8..7286643 100644
-+--- a/libknet/transport_common.c
-++++ b/libknet/transport_common.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_loopback.c b/libknet/transport_loopback.c
-+index 54129d7..17253f5 100644
-+--- a/libknet/transport_loopback.c
-++++ b/libknet/transport_loopback.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 2c1cdcc..d97d6f9 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 1537438..53d2ba0 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 51712df..93119c5 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/internals.c b/libnozzle/internals.c
-+index f056e3b..53c0cdb 100644
-+--- a/libnozzle/internals.c
-++++ b/libnozzle/internals.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/libnozzle.c b/libnozzle/libnozzle.c
-+index b6e9566..15863ec 100644
-+--- a/libnozzle/libnozzle.c
-++++ b/libnozzle/libnozzle.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_add_ip.c b/libnozzle/tests/api_nozzle_add_ip.c
-+index bb81ba7..a9d76c6 100644
-+--- a/libnozzle/tests/api_nozzle_add_ip.c
-++++ b/libnozzle/tests/api_nozzle_add_ip.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_close.c b/libnozzle/tests/api_nozzle_close.c
-+index f1cbc77..7ba17c4 100644
-+--- a/libnozzle/tests/api_nozzle_close.c
-++++ b/libnozzle/tests/api_nozzle_close.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_del_ip.c b/libnozzle/tests/api_nozzle_del_ip.c
-+index 0178bb0..625484f 100644
-+--- a/libnozzle/tests/api_nozzle_del_ip.c
-++++ b/libnozzle/tests/api_nozzle_del_ip.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_fd.c b/libnozzle/tests/api_nozzle_get_fd.c
-+index 9b29faf..5dc5b4c 100644
-+--- a/libnozzle/tests/api_nozzle_get_fd.c
-++++ b/libnozzle/tests/api_nozzle_get_fd.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_handle_by_name.c b/libnozzle/tests/api_nozzle_get_handle_by_name.c
-+index 83c39bb..1fa5a0a 100644
-+--- a/libnozzle/tests/api_nozzle_get_handle_by_name.c
-++++ b/libnozzle/tests/api_nozzle_get_handle_by_name.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_ips.c b/libnozzle/tests/api_nozzle_get_ips.c
-+index c41024f..446a79a 100644
-+--- a/libnozzle/tests/api_nozzle_get_ips.c
-++++ b/libnozzle/tests/api_nozzle_get_ips.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_mac.c b/libnozzle/tests/api_nozzle_get_mac.c
-+index 1318ba5..f4c72cc 100644
-+--- a/libnozzle/tests/api_nozzle_get_mac.c
-++++ b/libnozzle/tests/api_nozzle_get_mac.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_mtu.c b/libnozzle/tests/api_nozzle_get_mtu.c
-+index 07b05ee..1b1f85e 100644
-+--- a/libnozzle/tests/api_nozzle_get_mtu.c
-++++ b/libnozzle/tests/api_nozzle_get_mtu.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_name_by_handle.c b/libnozzle/tests/api_nozzle_get_name_by_handle.c
-+index 5b8152b..0fe9eb4 100644
-+--- a/libnozzle/tests/api_nozzle_get_name_by_handle.c
-++++ b/libnozzle/tests/api_nozzle_get_name_by_handle.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_open.c b/libnozzle/tests/api_nozzle_open.c
-+index ee15316..413f2c2 100644
-+--- a/libnozzle/tests/api_nozzle_open.c
-++++ b/libnozzle/tests/api_nozzle_open.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_run_updown.c b/libnozzle/tests/api_nozzle_run_updown.c
-+index c80216a..1536b5b 100644
-+--- a/libnozzle/tests/api_nozzle_run_updown.c
-++++ b/libnozzle/tests/api_nozzle_run_updown.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_down.c b/libnozzle/tests/api_nozzle_set_down.c
-+index 90623ba..9466bdb 100644
-+--- a/libnozzle/tests/api_nozzle_set_down.c
-++++ b/libnozzle/tests/api_nozzle_set_down.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_mac.c b/libnozzle/tests/api_nozzle_set_mac.c
-+index dba7d49..244e866 100644
-+--- a/libnozzle/tests/api_nozzle_set_mac.c
-++++ b/libnozzle/tests/api_nozzle_set_mac.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_mtu.c b/libnozzle/tests/api_nozzle_set_mtu.c
-+index fc8ee1c..ce4ccbb 100644
-+--- a/libnozzle/tests/api_nozzle_set_mtu.c
-++++ b/libnozzle/tests/api_nozzle_set_mtu.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_up.c b/libnozzle/tests/api_nozzle_set_up.c
-+index d8de39d..d258b6a 100644
-+--- a/libnozzle/tests/api_nozzle_set_up.c
-++++ b/libnozzle/tests/api_nozzle_set_up.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/int_execute_bin_sh_command.c b/libnozzle/tests/int_execute_bin_sh_command.c
-+index 87531c0..97422a2 100644
-+--- a/libnozzle/tests/int_execute_bin_sh_command.c
-++++ b/libnozzle/tests/int_execute_bin_sh_command.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/libnozzle/tests/test-common.c b/libnozzle/tests/test-common.c
-+index c84aac1..b36be79 100644
-+--- a/libnozzle/tests/test-common.c
-++++ b/libnozzle/tests/test-common.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ #include "config.h"
-+diff --git a/man/doxyxml.c b/man/doxyxml.c
-+index 7d9a60c..2f28976 100644
-+--- a/man/doxyxml.c
-++++ b/man/doxyxml.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+
-+diff --git a/poc-code/iov-hash/main.c b/poc-code/iov-hash/main.c
-+index 61d2e12..fa407a2 100644
-+--- a/poc-code/iov-hash/main.c
-++++ b/poc-code/iov-hash/main.c
-+@@ -3,7 +3,7 @@
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+ */
-+
-+ /* Example code to illustrate DES enccryption/decryption using NSS.
-+diff --git a/build-aux/check.mk b/build-aux/check.mk
-+index 6da4417..f42e552 100644
-+--- a/build-aux/check.mk
-++++ b/build-aux/check.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ VALGRIND = $(VALGRIND_EXEC) -q --error-exitcode=127 --gen-suppressions=all
-+diff --git a/build-aux/release.mk b/build-aux/release.mk
-+index de3599d..003125d 100644
-+--- a/build-aux/release.mk
-++++ b/build-aux/release.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ # to build official release tarballs, handle tagging and publish.
-+diff --git a/build-aux/update-copyright.sh b/build-aux/update-copyright.sh
-+index fd50f8e..62c449c 100755
-+--- a/build-aux/update-copyright.sh
-++++ b/build-aux/update-copyright.sh
-+@@ -1,10 +1,10 @@
-+ #!/bin/sh
-+ #
-+-# Copyright (C) 2017 Red Hat, Inc. All rights reserved.
-++# Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ # script to update copyright dates across the tree
-+diff --git a/init/kronosnetd.default b/init/kronosnetd.default
-+index ed94648..9f6755c 100644
-+--- a/init/kronosnetd.default
-++++ b/init/kronosnetd.default
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+
-+diff --git a/libknet/libknet_exported_syms b/libknet/libknet_exported_syms
-+index d8a55e2..1d8bddb 100644
-+--- a/libknet/libknet_exported_syms
-++++ b/libknet/libknet_exported_syms
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+
-+ LIBKNET {
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 427c388..102ec52 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ api_checks = \
-+diff --git a/libknet/tests/api-test-coverage b/libknet/tests/api-test-coverage
-+index bf0ccc3..e988ab1 100755
-+--- a/libknet/tests/api-test-coverage
-++++ b/libknet/tests/api-test-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ srcdir="$1"/libknet/tests
-+diff --git a/libnozzle/libnozzle_exported_syms b/libnozzle/libnozzle_exported_syms
-+index 934b204..f6f62d2 100644
-+--- a/libnozzle/libnozzle_exported_syms
-++++ b/libnozzle/libnozzle_exported_syms
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+
-+ LIBNOZZLE {
-+diff --git a/libnozzle/tests/api-test-coverage b/libnozzle/tests/api-test-coverage
-+index cd99edf..4049ad9 100755
-+--- a/libnozzle/tests/api-test-coverage
-++++ b/libnozzle/tests/api-test-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ srcdir="$1"/libnozzle/tests
-+diff --git a/libnozzle/tests/nozzle_run_updown_exit_false b/libnozzle/tests/nozzle_run_updown_exit_false
-+index 3f03ff6..795456a 100755
-+--- a/libnozzle/tests/nozzle_run_updown_exit_false
-++++ b/libnozzle/tests/nozzle_run_updown_exit_false
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ exit 1
-+diff --git a/libnozzle/tests/nozzle_run_updown_exit_true b/libnozzle/tests/nozzle_run_updown_exit_true
-+index bbdcdd6..7b6e355 100755
-+--- a/libnozzle/tests/nozzle_run_updown_exit_true
-++++ b/libnozzle/tests/nozzle_run_updown_exit_true
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ exit 0
-+diff --git a/man/api-to-man-page-coverage b/man/api-to-man-page-coverage
-+index b9dc18f..a1f54a3 100755
-+--- a/man/api-to-man-page-coverage
-++++ b/man/api-to-man-page-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+
-+ err=0
-+diff --git a/man/knet-keygen.8 b/man/knet-keygen.8
-+index 67ecf1f..96109c6 100644
-+--- a/man/knet-keygen.8
-++++ b/man/knet-keygen.8
-+@@ -5,7 +5,7 @@
-+ .\" *
-+ .\" * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ .\" *
-+-.\" * This software licensed under GPL-2.0+, LGPL-2.0+
-++.\" * This software licensed under GPL-2.0+
-+ .\" */
-+ .TH "KRONOSNETD" "8" "November 2012" "kronosnetd key generator." "System Administration Utilities"
-+
-+diff --git a/man/kronosnetd.8 b/man/kronosnetd.8
-+index 5661e1c..f4480be 100644
-+--- a/man/kronosnetd.8
-++++ b/man/kronosnetd.8
-+@@ -5,7 +5,7 @@
-+ .\" *
-+ .\" * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ .\" *
-+-.\" * This software licensed under GPL-2.0+, LGPL-2.0+
-++.\" * This software licensed under GPL-2.0+
-+ .\" */
-+ .TH "KRONOSNETD" "8" "November 2012" "kronosnetd Usage:" "System Administration Utilities"
-+
-diff --git a/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch b/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-new file mode 100644
-index 0000000..2404d7a
---- /dev/null
-+++ b/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-@@ -0,0 +1,79 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:37:15 +0200
-+Subject: [PMTUd] create common/shared code to trigger PMTUd rerun
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5b02bef11afda959dc8cea4adc383f80ff0e9273)
-+---
-+ libknet/threads_common.h | 1 +
-+ libknet/threads_common.c | 20 ++++++++++++++++++++
-+ libknet/transport_udp.c | 17 +----------------
-+ 3 files changed, 22 insertions(+), 16 deletions(-)
-+
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index 79aaed2..19336ce 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -45,5 +45,6 @@ int shutdown_in_progress(knet_handle_t knet_h);
-+ int get_global_wrlock(knet_handle_t knet_h);
-+ int set_thread_status(knet_handle_t knet_h, uint8_t thread_id, uint8_t status);
-+ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status);
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem);
-+
-+ #endif
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index b6012a2..61ffd82 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -156,3 +156,23 @@ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status)
-+
-+ return 0;
-+ }
-++
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem)
-++{
-++ /*
-++ * we can only try to take a lock here. This part of the code
-++ * can be invoked by any thread, including PMTUd that is already
-++ * holding a lock at that stage.
-++ * If PMTUd is holding the lock, most likely it is already running
-++ * and we don't need to notify it back.
-++ */
-++ if (!pthread_mutex_trylock(&knet_h->pmtud_mutex)) {
-++ if (!knet_h->pmtud_running) {
-++ if (!knet_h->pmtud_forcerun) {
-++ log_debug(knet_h, subsystem, "Notifying PMTUd to rerun");
-++ knet_h->pmtud_forcerun = 1;
-++ }
-++ }
-++ pthread_mutex_unlock(&knet_h->pmtud_mutex);
-++ }
-++}
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 3fd69ee..232dbcb 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -340,22 +340,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+ pthread_mutex_unlock(&knet_h->kmtu_mutex);
-+ }
-+
-+- /*
-+- * we can only try to take a lock here. This part of the code
-+- * can be invoked by any thread, including PMTUd that is already
-+- * holding a lock at that stage.
-+- * If PMTUd is holding the lock, most likely it is already running
-+- * and we don't need to notify it back.
-+- */
-+- if (!pthread_mutex_trylock(&knet_h->pmtud_mutex)) {
-+- if (!knet_h->pmtud_running) {
-+- if (!knet_h->pmtud_forcerun) {
-+- log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Notifying PMTUd to rerun");
-+- knet_h->pmtud_forcerun = 1;
-+- }
-+- }
-+- pthread_mutex_unlock(&knet_h->pmtud_mutex);
-+- }
-++ force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP);
-+ }
-+ /*
-+ * those errors are way too noisy
-diff --git a/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch b/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-new file mode 100644
-index 0000000..31f4550
---- /dev/null
-+++ b/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-@@ -0,0 +1,74 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 05:35:24 +0200
-+Subject: [PMTUd] extend internal rerun API to allow full PMTUd reset
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6542aa98cccb2c9bc2c201ef47538a787a5e05fd)
-+---
-+ libknet/threads_common.h | 2 +-
-+ libknet/handle.c | 2 +-
-+ libknet/threads_common.c | 11 ++++++++++-
-+ libknet/transport_udp.c | 2 +-
-+ 4 files changed, 13 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index 19336ce..cff7691 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -45,6 +45,6 @@ int shutdown_in_progress(knet_handle_t knet_h);
-+ int get_global_wrlock(knet_handle_t knet_h);
-+ int set_thread_status(knet_handle_t knet_h, uint8_t thread_id, uint8_t status);
-+ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status);
-+-void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem);
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem, uint8_t reset_mtu);
-+
-+ #endif
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index e95c6c1..251d332 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1408,7 +1408,7 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+
-+ exit_unlock:
-+ if (!err) {
-+- force_pmtud_run(knet_h, KNET_SUB_CRYPTO);
-++ force_pmtud_run(knet_h, KNET_SUB_CRYPTO, 1);
-+ }
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+ errno = err ? savederrno : 0;
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index 61ffd82..53a6f9f 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -157,8 +157,17 @@ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status)
-+ return 0;
-+ }
-+
-+-void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem)
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem, uint8_t reset_mtu)
-+ {
-++ if (reset_mtu) {
-++ log_debug(knet_h, subsystem, "PMTUd has been reset to default");
-++ knet_h->data_mtu = KNET_PMTUD_MIN_MTU_V4 - KNET_HEADER_ALL_SIZE - knet_h->sec_header_size;
-++ if (knet_h->pmtud_notify_fn) {
-++ knet_h->pmtud_notify_fn(knet_h->pmtud_notify_fn_private_data,
-++ knet_h->data_mtu);
-++ }
-++ }
-++
-+ /*
-+ * we can only try to take a lock here. This part of the code
-+ * can be invoked by any thread, including PMTUd that is already
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 232dbcb..1537438 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -340,7 +340,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+ pthread_mutex_unlock(&knet_h->kmtu_mutex);
-+ }
-+
-+- force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP);
-++ force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP, 0);
-+ }
-+ /*
-+ * those errors are way too noisy
-diff --git a/debian/patches/access-lists-add-access-lists-support-to-sctp.patch b/debian/patches/access-lists-add-access-lists-support-to-sctp.patch
-new file mode 100644
-index 0000000..d962193
---- /dev/null
-+++ b/debian/patches/access-lists-add-access-lists-support-to-sctp.patch
-@@ -0,0 +1,96 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 07:49:13 +0100
-+Subject: [access lists] add access lists support to sctp
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d2333aab530d06ec502131aea03281ac13263d99)
-+---
-+ libknet/transport_sctp.c | 33 +++++++++++++++++++++++++++++++++
-+ 1 file changed, 33 insertions(+)
-+
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index cb64a32..0d69a33 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -19,6 +19,7 @@
-+ #include "compat.h"
-+ #include "host.h"
-+ #include "links.h"
-++#include "links_acl.h"
-+ #include "logging.h"
-+ #include "common.h"
-+ #include "transport_common.h"
-+@@ -728,6 +729,15 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+ addr_str, port_str);
-++ if (knet_h->use_access_lists) {
-++ if (!ipcheck_validate(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry, &ss)) {
-++ savederrno = EINVAL;
-++ err = -1;
-++ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-++ close(new_fd);
-++ goto exit_error;
-++ }
-++ }
-+
-+ /*
-+ * Keep a track of all accepted FDs
-+@@ -936,6 +946,11 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ */
-+ knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+ if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ if (err) {
-++ return NULL;
-++ }
-+ return info;
-+ }
-+ }
-+@@ -990,6 +1005,15 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ goto exit_error;
-+ }
-+
-++ if (ipcheck_addip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ savederrno = errno;
-++ err = -1;
-++ log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-++ strerror(savederrno));
-++ goto exit_error;
-++ }
-++
-+ memset(&ev, 0, sizeof(struct epoll_event));
-+ ev.events = EPOLLIN;
-+ ev.data.fd = listen_sock;
-+@@ -1012,6 +1036,8 @@ exit_error:
-+ if (info->on_listener_epoll) {
-+ epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+ }
-++ ipcheck_rmip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ if (listen_sock >= 0) {
-+ close(listen_sock);
-+ }
-+@@ -1050,6 +1076,11 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+ }
-+ }
-+
-++ if (ipcheck_rmip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-++ }
-++
-+ if (found) {
-+ this_link_info->listener = NULL;
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "SCTP listener socket %d still in use", info->listen_sock);
-+@@ -1080,6 +1111,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+ goto exit_error;
-+ }
-+
-++ check_rmall(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry);
-++
-+ close(info->listen_sock);
-+
-+ for (i=0; i< MAX_ACCEPTED_SOCKS; i++) {
-diff --git a/debian/patches/access-lists-add-documentation-for-enable_access_list.patch b/debian/patches/access-lists-add-documentation-for-enable_access_list.patch
-new file mode 100644
-index 0000000..e07e54a
---- /dev/null
-+++ b/debian/patches/access-lists-add-documentation-for-enable_access_list.patch
-@@ -0,0 +1,58 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 2 Mar 2019 07:49:19 +0100
-+Subject: [access lists] add documentation for enable_access_list
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 21cf1a648999774053a9c7386b13eb5a64c1c7db)
-+---
-+ libknet/libknet.h | 28 ++++++++++++++++++++++------
-+ 1 file changed, 22 insertions(+), 6 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 4283afe..03bbd97 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -505,21 +505,37 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+ /**
-+ * knet_handle_enable_access_lists
-+ *
-+- * @brief Start packet forwarding
-++ * @brief Enable or disable usage of access lists (default: off)
-+ *
-+ * knet_h - pointer to knet_handle_t
-+ *
-+- * enable - set to 1 to use ip access lists, 0 to disable ip access_lists.
-++ * enable - set to 1 to use access lists, 0 to disable access_lists.
-+ *
-+ * @return
-+ * knet_handle_enable_access_lists returns
-+ * 0 on success
-+ * -1 on error and errno is set.
-+ *
-+- * By default access lists usage is off, but default internal access lists
-+- * will be populated regardless, but not enforced. TODO add long explanation
-+- * on internal access lists for point to point connections vs global
-+- * listeners etc.
-++ * access lists are bound to links. There are 2 types of links:
-++ * 1) point to point, where both source and destinations are well known
-++ * at configuration time.
-++ * 2) open links, where only the source is known at configuration time.
-++ *
-++ * knet will automatically generate access lists for point to point links.
-++ *
-++ * For open links, knet provides 3 API calls to manipulate access lists:
-++ * knet_link_add_acl, knet_link_rm_acl and knet_link_clear_acl.
-++ * Those API calls will work only and exclusively on open links as they
-++ * provide no use for point to point links.
-++ *
-++ * knet will not enforce any access list unless specifically enabled by
-++ * knet_handle_enable_access_lists.
-++ *
-++ * From a security / programming perspective we recommend to:
-++ * - create the knet handle
-++ * - enable access lists
-++ * - configure hosts and links
-++ * - configure access lists for open links
-+ */
-+
-+ int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled);
-diff --git a/debian/patches/access-lists-add-errno-around-and-start-using-them.patch b/debian/patches/access-lists-add-errno-around-and-start-using-them.patch
-new file mode 100644
-index 0000000..12c0f24
---- /dev/null
-+++ b/debian/patches/access-lists-add-errno-around-and-start-using-them.patch
-@@ -0,0 +1,195 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 10:43:04 +0100
-+Subject: [access lists] add errno around and start using them
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 9a5babce2066ecb61a5647345792675c2f9f416b)
-+---
-+ libknet/links.c | 14 +++++++-------
-+ libknet/links_acl.c | 9 +++++++++
-+ libknet/links_acl_ip.c | 12 ++++++++++--
-+ libknet/transport_sctp.c | 16 +++++++---------
-+ 4 files changed, 33 insertions(+), 18 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index dd64a15..1d21d05 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,9 +245,9 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+ log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+ host_id, link_id, link->outsock);
-+- if (check_add(knet_h, link->outsock, transport,
-+- &link->dst_addr, &link->dst_addr,
-+- CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ if ((check_add(knet_h, link->outsock, transport,
-++ &link->dst_addr, &link->dst_addr,
-++ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+ savederrno = errno;
-+ err = -1;
-+@@ -428,11 +428,11 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ */
-+ if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+- if (check_rm(knet_h, link->outsock, link->transport,
-+- &link->dst_addr, &link->dst_addr,
-+- CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ if ((check_rm(knet_h, link->outsock, link->transport,
-++ &link->dst_addr, &link->dst_addr,
-++ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != ENOENT)) {
-+ err = -1;
-+- savederrno = EBUSY;
-++ savederrno = errno;
-+ log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-+ host_id, link_id);
-+ goto exit_unlock;
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index cfcc1fd..7605fe9 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -8,6 +8,7 @@
-+
-+ #include "config.h"
-+
-++#include <errno.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+@@ -19,6 +20,11 @@
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-+
-++/*
-++ * all those functions will return errno from the
-++ * protocol specific functions
-++ */
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+@@ -27,6 +33,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+
-+ switch(transport_get_proto(knet_h, transport)) {
-+ case LOOPBACK:
-++ errno = 0;
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+@@ -47,6 +54,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+
-+ switch(transport_get_proto(knet_h, transport)) {
-+ case LOOPBACK:
-++ errno = 0;
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+@@ -80,6 +88,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+ {
-+ switch(transport_get_proto(knet_h, transport)) {
-+ case LOOPBACK:
-++ errno = 0;
-+ return 1;
-+ break;
-+ case IP_PROTO:
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index ffd18a4..58c7b28 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -8,6 +8,7 @@
-+
-+ #include "config.h"
-+
-++#include <errno.h>
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+@@ -202,6 +203,7 @@ int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+
-+ rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+ if (!rm_match_entry) {
-++ errno = ENOENT;
-+ return -1;
-+ }
-+
-+@@ -237,24 +239,30 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+ struct acl_match_entry *match_entry = *match_entry_head;
-+
-+ if (!ip1) {
-++ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (type == CHECK_TYPE_RANGE &&
-+- (ip1->ss_family != ip2->ss_family))
-++ (ip1->ss_family != ip2->ss_family)) {
-++ errno = EINVAL;
-+ return -1;
-++ }
-+
-+ if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++ errno = EEXIST;
-+ return -1;
-+ }
-+
-+ new_match_entry = malloc(sizeof(struct acl_match_entry));
-+- if (!new_match_entry)
-++ if (!new_match_entry) {
-+ return -1;
-++ }
-+
-+ memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+ memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index ff7903c..aa0de9d 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -948,9 +948,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ */
-+ knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+ if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+- err = check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+- if (err) {
-++ if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ return NULL;
-+ }
-+ return info;
-+@@ -1007,8 +1006,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ goto exit_error;
-+ }
-+
-+- if (check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ savederrno = errno;
-+ err = -1;
-+ log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-+@@ -1038,8 +1037,7 @@ exit_error:
-+ if (info->on_listener_epoll) {
-+ epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+ }
-+- check_rm(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ check_rmall(knet_h, listen_sock, KNET_TRANSPORT_SCTP);
-+ if (listen_sock >= 0) {
-+ close(listen_sock);
-+ }
-+@@ -1078,8 +1076,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+ }
-+ }
-+
-+- if (check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ if ((check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != ENOENT)) {
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-+ }
-+
-diff --git a/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch b/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
-new file mode 100644
-index 0000000..e872279
---- /dev/null
-+++ b/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
-@@ -0,0 +1,746 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 4 Mar 2019 13:07:04 +0100
-+Subject: [access lists] add external API calls to manage access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6373dd2358b816beab2cc87bdf8ff196480b60cc)
-+---
-+ man/Makefile.am | 7 +-
-+ libknet/libknet.h | 157 +++++++++++++++++++++-
-+ libknet/links_acl.h | 15 +--
-+ libknet/links_acl_ip.h | 2 +-
-+ libknet/links_acl_loopback.h | 2 +-
-+ libknet/links.c | 306 +++++++++++++++++++++++++++++++++++++++++-
-+ libknet/links_acl.c | 4 +-
-+ libknet/links_acl_ip.c | 49 ++++---
-+ libknet/links_acl_loopback.c | 2 +-
-+ libknet/tests/int_links_acl.c | 4 +-
-+ libknet/transport_sctp.c | 4 +-
-+ 11 files changed, 504 insertions(+), 48 deletions(-)
-+
-+diff --git a/man/Makefile.am b/man/Makefile.am
-+index 6c15f0d..0ad12f6 100644
-+--- a/man/Makefile.am
-++++ b/man/Makefile.am
-+@@ -95,7 +95,12 @@ knet_man3_MANS = \
-+ knet_recv.3 \
-+ knet_send.3 \
-+ knet_send_sync.3 \
-+- knet_strtoaddr.3
-++ knet_strtoaddr.3 \
-++ knet_handle_enable_access_lists.3 \
-++ knet_link_add_acl.3 \
-++ knet_link_insert_acl.3 \
-++ knet_link_rm_acl.3 \
-++ knet_link_clear_acl.3
-+
-+ if BUILD_LIBNOZZLE
-+ nozzle_man3_MANS = \
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 03bbd97..d616e11 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -524,12 +524,12 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+ * knet will automatically generate access lists for point to point links.
-+ *
-+ * For open links, knet provides 3 API calls to manipulate access lists:
-+- * knet_link_add_acl, knet_link_rm_acl and knet_link_clear_acl.
-++ * knet_link_add_acl(3), knet_link_rm_acl(3) and knet_link_clear_acl(3).
-+ * Those API calls will work only and exclusively on open links as they
-+ * provide no use for point to point links.
-+ *
-+ * knet will not enforce any access list unless specifically enabled by
-+- * knet_handle_enable_access_lists.
-++ * knet_handle_enable_access_lists(3).
-+ *
-+ * From a security / programming perspective we recommend to:
-+ * - create the knet handle
-+@@ -1477,6 +1477,159 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+
-+ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-+
-++/*
-++ * access lists management for open links
-++ * see also knet_handle_enable_access_lists(3)
-++ */
-++
-++/*
-++ * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-++ * for example: 10.1.9.3/32
-++ * and the entry is stored in ss1. ss2 can be NULL.
-++ *
-++ * CHECK_TYPE_MASK is used to configure network/netmask.
-++ * for example: 192.168.0.0/24
-++ * the network is stored in ss1 and the netmask in ss2.
-++ *
-++ * CHECK_TYPE_RANGE defines a value / range of ip addresses.
-++ * for example: 172.16.0.1-172.16.0.10
-++ * the start is stored in ss1 and the end in ss2.
-++ *
-++ * Please be aware that the above examples refers only to IP based protocols.
-++ * Other protocols might use ss1 and ss2 in slightly different ways.
-++ * At the moment knet only supports IP based protocol and that might change
-++ * in the future.
-++ */
-++
-++typedef enum {
-++ CHECK_TYPE_ADDRESS,
-++ CHECK_TYPE_MASK,
-++ CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++/*
-++ * accept or reject incoming packets defined in the access list entry
-++ */
-++
-++typedef enum {
-++ CHECK_ACCEPT,
-++ CHECK_REJECT
-++} check_acceptreject_t;
-++
-++/**
-++ * knet_link_add_acl
-++ *
-++ * @brief Add access list entry to an open link
-++ *
-++ * knet_h - pointer to knet_handle_t
-++ *
-++ * host_id - see knet_host_add(3)
-++ *
-++ * link_id - see knet_link_set_config(3)
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * IMPORTANT: the order in which access lists are added is critical and it
-++ * is left to the user to add them in the right order. knet
-++ * will do no attempt to logically sort them.
-++ *
-++ * For example:
-++ * 1 - accept from 10.0.0.0/8
-++ * 2 - reject from 10.0.0.1/32
-++ *
-++ * is not the same as:
-++ *
-++ * 1 - reject from 10.0.0.1/32
-++ * 2 - accept from 10.0.0.0/8
-++ *
-++ * In the first example, rule number 2 will never match because
-++ * packets from 10.0.0.1 will be accepted by rule number 1.
-++ *
-++ * @return
-++ * knet_link_add_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_insert_acl
-++ *
-++ * @brief Insert access list entry to an open link at given index
-++ *
-++ * knet_h - pointer to knet_handle_t
-++ *
-++ * host_id - see knet_host_add(3)
-++ *
-++ * link_id - see knet_link_set_config(3)
-++ *
-++ * index - insert at position "index" where 0 is the first entry and -1
-++ * append to the current list.
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * @return
-++ * knet_link_insert_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ int index,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_rm_acl
-++ *
-++ * @brief Remove access list entry from an open link
-++ *
-++ * knet_h - pointer to knet_handle_t
-++ *
-++ * host_id - see knet_host_add(3)
-++ *
-++ * link_id - see knet_link_set_config(3)
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * IMPORTANT: the data passed to this API call must match exactly the ones used
-++ * in knet_link_add_acl(3).
-++ *
-++ * @return
-++ * knet_link_rm_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_clear_acl
-++ *
-++ * @brief Remove all access list entries from an open link
-++ *
-++ * knet_h - pointer to knet_handle_t
-++ *
-++ * host_id - see knet_host_add(3)
-++ *
-++ * link_id - see knet_link_set_config(3)
-++ *
-++ * @return
-++ * knet_link_clear_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-++
-+ /**
-+ * knet_link_set_enable
-+ *
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index a64faa1..60f7812 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,23 +11,12 @@
-+
-+ #include "internals.h"
-+
-+-typedef enum {
-+- CHECK_TYPE_ADDRESS,
-+- CHECK_TYPE_MASK,
-+- CHECK_TYPE_RANGE
-+-} check_type_t;
-+-
-+-typedef enum {
-+- CHECK_ACCEPT,
-+- CHECK_REJECT
-+-} check_acceptreject_t;
-+-
-+ typedef struct {
-+ uint8_t transport_proto;
-+
-+ int (*protocheck_validate) (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+- int (*protocheck_add) (void *fd_tracker_match_entry_head,
-++ int (*protocheck_add) (void *fd_tracker_match_entry_head, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+@@ -38,7 +27,7 @@ typedef struct {
-+ void (*protocheck_rmall) (void *fd_tracker_match_entry_head);
-+ } check_ops_t;
-+
-+-int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index e069b99..fac58e2 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -14,7 +14,7 @@
-+
-+ int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+-int ipcheck_addip(void *fd_tracker_match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index 73a9704..e75c4a4 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -14,7 +14,7 @@
-+
-+ int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+-int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 1d21d05..0f02006 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,7 +245,7 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+ log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+ host_id, link_id, link->outsock);
-+- if ((check_add(knet_h, link->outsock, transport,
-++ if ((check_add(knet_h, link->outsock, transport, -1,
-+ &link->dst_addr, &link->dst_addr,
-+ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+@@ -1148,3 +1148,307 @@ exit_unlock:
-+ errno = err ? savederrno : 0;
-+ return err;
-+ }
-++
-++int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ int savederrno = 0, err = 0;
-++ struct knet_host *host;
-++ struct knet_link *link;
-++
-++ if (!knet_h) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (!ss1) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type == CHECK_TYPE_RANGE) &&
-++ (ss1->ss_family != ss2->ss_family)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (link_id >= KNET_MAX_LINK) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ savederrno = get_global_wrlock(knet_h);
-++ if (savederrno) {
-++ log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ strerror(savederrno));
-++ errno = savederrno;
-++ return -1;
-++ }
-++
-++ host = knet_h->host_index[host_id];
-++ if (!host) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++ host_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ link = &host->link[link_id];
-++
-++ if (!link->configured) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ if (link->dynamic != KNET_LINK_DYNIP) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ err = check_add(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport, -1,
-++ ss1, ss2, type, acceptreject);
-++ savederrno = errno;
-++
-++exit_unlock:
-++ pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++ errno = savederrno;
-++ return err;
-++}
-++
-++int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ int index,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ int savederrno = 0, err = 0;
-++ struct knet_host *host;
-++ struct knet_link *link;
-++
-++ if (!knet_h) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (!ss1) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type == CHECK_TYPE_RANGE) &&
-++ (ss1->ss_family != ss2->ss_family)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (link_id >= KNET_MAX_LINK) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ savederrno = get_global_wrlock(knet_h);
-++ if (savederrno) {
-++ log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ strerror(savederrno));
-++ errno = savederrno;
-++ return -1;
-++ }
-++
-++ host = knet_h->host_index[host_id];
-++ if (!host) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++ host_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ link = &host->link[link_id];
-++
-++ if (!link->configured) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ if (link->dynamic != KNET_LINK_DYNIP) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ err = check_add(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport, index,
-++ ss1, ss2, type, acceptreject);
-++ savederrno = errno;
-++
-++exit_unlock:
-++ pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++ errno = savederrno;
-++ return err;
-++}
-++
-++int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++ struct sockaddr_storage *ss1,
-++ struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ int savederrno = 0, err = 0;
-++ struct knet_host *host;
-++ struct knet_link *link;
-++
-++ if (!knet_h) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (!ss1) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((type == CHECK_TYPE_RANGE) &&
-++ (ss1->ss_family != ss2->ss_family)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (link_id >= KNET_MAX_LINK) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ savederrno = get_global_wrlock(knet_h);
-++ if (savederrno) {
-++ log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ strerror(savederrno));
-++ errno = savederrno;
-++ return -1;
-++ }
-++
-++ host = knet_h->host_index[host_id];
-++ if (!host) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++ host_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ link = &host->link[link_id];
-++
-++ if (!link->configured) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ if (link->dynamic != KNET_LINK_DYNIP) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ err = check_rm(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport,
-++ ss1, ss2, type, acceptreject);
-++ savederrno = errno;
-++
-++exit_unlock:
-++ pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++ errno = savederrno;
-++ return err;
-++}
-++
-++int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id)
-++{
-++ int savederrno = 0, err = 0;
-++ struct knet_host *host;
-++ struct knet_link *link;
-++
-++ if (!knet_h) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (link_id >= KNET_MAX_LINK) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ savederrno = get_global_wrlock(knet_h);
-++ if (savederrno) {
-++ log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ strerror(savederrno));
-++ errno = savederrno;
-++ return -1;
-++ }
-++
-++ host = knet_h->host_index[host_id];
-++ if (!host) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++ host_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ link = &host->link[link_id];
-++
-++ if (!link->configured) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ if (link->dynamic != KNET_LINK_DYNIP) {
-++ err = -1;
-++ savederrno = EINVAL;
-++ log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++ host_id, link_id, strerror(savederrno));
-++ goto exit_unlock;
-++ }
-++
-++ check_rmall(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport);
-++
-++exit_unlock:
-++ pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++ errno = savederrno;
-++ return err;
-++}
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 0b1fcd0..776408a 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -31,12 +31,12 @@ static check_ops_t proto_check_modules_cmds[] = {
-+ * protocol specific functions
-+ */
-+
-+-int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-+- &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, index,
-+ ss1, ss2, type, acceptreject);
-+ }
-+
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 2682a70..642027b 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -242,29 +242,14 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+ return 0;
-+ }
-+
-+-int ipcheck_addip(void *fd_tracker_match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+ struct ip_acl_match_entry *new_match_entry;
-+ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+-
-+- if (!ss1) {
-+- errno = EINVAL;
-+- return -1;
-+- }
-+-
-+- if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+- errno = EINVAL;
-+- return -1;
-+- }
-+-
-+- if (type == CHECK_TYPE_RANGE &&
-+- (ss1->ss_family != ss2->ss_family)) {
-+- errno = EINVAL;
-+- return -1;
-+- }
-++ int i = 0;
-+
-+ if (ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject) != NULL) {
-+ errno = EEXIST;
-+@@ -283,12 +268,32 @@ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+ new_match_entry->next = NULL;
-+
-+ if (match_entry) {
-+- /* Find the end of the list */
-+- /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+- while (match_entry->next) {
-+- match_entry = match_entry->next;
-++ /*
-++ * special case for index 0, since we need to update
-++ * the head of the list
-++ */
-++ if (index == 0) {
-++ *match_entry_head = new_match_entry;
-++ new_match_entry->next = match_entry;
-++ } else {
-++ /*
-++ * find the end of the list or stop at "index"
-++ */
-++ while ((match_entry->next) || (i < index)) {
-++ match_entry = match_entry->next;
-++ i++;
-++ }
-++ /*
-++ * insert if there are more entries in the list
-++ */
-++ if (match_entry->next) {
-++ new_match_entry->next = match_entry->next;
-++ }
-++ /*
-++ * add if we are at the end
-++ */
-++ match_entry->next = new_match_entry;
-+ }
-+- match_entry->next = new_match_entry;
-+ } else {
-+ /*
-+ * first entry in the list
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index bb69130..97f8198 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -33,7 +33,7 @@ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+ return 0;
-+ }
-+
-+-int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
-+ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 05bd829..15e8e07 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -165,9 +165,9 @@ static int load_file(void)
-+ }
-+ else {
-+ if (addr1.ss_family == AF_INET) {
-+- ipcheck_addip(&match_entry_v4, &addr1, &addr2, type, acceptreject);
-++ ipcheck_addip(&match_entry_v4, -1, &addr1, &addr2, type, acceptreject);
-+ } else {
-+- ipcheck_addip(&match_entry_v6, &addr1, &addr2, type, acceptreject);
-++ ipcheck_addip(&match_entry_v6, -1, &addr1, &addr2, type, acceptreject);
-+ }
-+ }
-+ next_record: {} /* empty statement to mollify the compiler */
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 819bc9a..bdfc98d 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -948,7 +948,7 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ */
-+ knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+ if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+- if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++ if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP, -1,
-+ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ return NULL;
-+ }
-+@@ -1006,7 +1006,7 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ goto exit_error;
-+ }
-+
-+- if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++ if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP, -1,
-+ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+ savederrno = errno;
-+ err = -1;
-diff --git a/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch b/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
-new file mode 100644
-index 0000000..30639fd
---- /dev/null
-+++ b/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
-@@ -0,0 +1,717 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 7 Mar 2019 15:31:28 +0100
-+Subject: [access lists] add more extensive test for links_acl_ip
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8d42be74c7fdb58b8082c4a4d369d2facca467a9)
-+---
-+ libknet/tests/int_links_acl.txt | 8 -
-+ libknet/tests/Makefile.am | 33 ++--
-+ libknet/tests/int_links_acl.c | 211 ---------------------
-+ libknet/tests/int_links_acl_ip.c | 399 +++++++++++++++++++++++++++++++++++++++
-+ 4 files changed, 415 insertions(+), 236 deletions(-)
-+ delete mode 100644 libknet/tests/int_links_acl.txt
-+ delete mode 100644 libknet/tests/int_links_acl.c
-+ create mode 100644 libknet/tests/int_links_acl_ip.c
-+
-+diff --git a/libknet/tests/int_links_acl.txt b/libknet/tests/int_links_acl.txt
-+deleted file mode 100644
-+index 5776d54..0000000
-+--- a/libknet/tests/int_links_acl.txt
-++++ /dev/null
-+@@ -1,8 +0,0 @@
-+-AA192.168.1.1
-+-AA192.168.1.2
-+-RA192.168.0.3
-+-AR192.168.0.0-192.168.0.250
-+-AM192.168.2.0/255.255.255.0
-+-AM1740::0/FFF0::0
-+-RA1000::666
-+-AR1000::1-2000::7FF
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index eae5c80..3e74ea8 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -13,8 +13,7 @@ include $(top_srcdir)/libknet/tests/api-check.mk
-+
-+ EXTRA_DIST = \
-+ api-test-coverage \
-+- api-check.mk \
-+- int_links_acl.txt
-++ api-check.mk
-+
-+ AM_CPPFLAGS = -I$(top_srcdir)/libknet
-+ AM_CFLAGS += $(PTHREAD_CFLAGS)
-+@@ -34,6 +33,7 @@ check_PROGRAMS = \
-+ $(fun_checks)
-+
-+ int_checks = \
-++ int_links_acl_ip_test \
-+ int_timediff_test
-+
-+ fun_checks =
-+@@ -45,7 +45,6 @@ benchmarks = \
-+ noinst_PROGRAMS = \
-+ api_knet_handle_new_limit_test \
-+ pckt_test \
-+- int_links_acl_test \
-+ $(benchmarks) \
-+ $(check_PROGRAMS)
-+
-+@@ -67,20 +66,20 @@ check-api-test-coverage:
-+
-+ pckt_test_SOURCES = pckt_test.c
-+
-+-int_links_acl_test_SOURCES = int_links_acl.c \
-+- ../common.c \
-+- ../compat.c \
-+- ../logging.c \
-+- ../netutils.c \
-+- ../threads_common.c \
-+- ../transports.c \
-+- ../transport_common.c \
-+- ../transport_loopback.c \
-+- ../transport_sctp.c \
-+- ../transport_udp.c \
-+- ../links_acl.c \
-+- ../links_acl_ip.c \
-+- ../links_acl_loopback.c
-++int_links_acl_ip_test_SOURCES = int_links_acl_ip.c \
-++ ../common.c \
-++ ../compat.c \
-++ ../logging.c \
-++ ../netutils.c \
-++ ../threads_common.c \
-++ ../transports.c \
-++ ../transport_common.c \
-++ ../transport_loopback.c \
-++ ../transport_sctp.c \
-++ ../transport_udp.c \
-++ ../links_acl.c \
-++ ../links_acl_ip.c \
-++ ../links_acl_loopback.c
-+
-+ int_timediff_test_SOURCES = int_timediff.c
-+
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+deleted file mode 100644
-+index 15e8e07..0000000
-+--- a/libknet/tests/int_links_acl.c
-++++ /dev/null
-+@@ -1,211 +0,0 @@
-+-/*
-+- * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+- *
-+- * Author: Christine Caulfield <ccaulfie@redhat.com>
-+- *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-+- */
-+-
-+-#include "config.h"
-+-
-+-#include <sys/types.h>
-+-#include <sys/socket.h>
-+-#include <netinet/in.h>
-+-#include <stdio.h>
-+-#include <stdlib.h>
-+-#include <string.h>
-+-#include <netdb.h>
-+-
-+-#include "internals.h"
-+-#include "links_acl.h"
-+-#include "links_acl_ip.h"
-+-
-+-static struct acl_match_entry *match_entry_v4;
-+-static struct acl_match_entry *match_entry_v6;
-+-
-+-/* This is a test program .. remember! */
-+-#define BUFLEN 1024
-+-
-+-static int get_ipaddress(char *buf, struct sockaddr_storage *addr)
-+-{
-+- struct addrinfo *info;
-+- struct addrinfo hints;
-+- int res;
-+-
-+- memset(&hints, 0, sizeof(hints));
-+- hints.ai_family = AF_UNSPEC;
-+-
-+- res = getaddrinfo(buf, NULL, &hints, &info);
-+- if (!res) {
-+- memmove(addr, info->ai_addr, info->ai_addrlen);
-+- freeaddrinfo(info);
-+- }
-+- return res;
-+-}
-+-
-+-static int read_address(char *buf, struct sockaddr_storage *addr)
-+-{
-+- return get_ipaddress(buf, addr);
-+-}
-+-
-+-static int read_mask(char *buf, struct sockaddr_storage *addr, struct sockaddr_storage *addr2)
-+-{
-+- char tmpbuf[BUFLEN];
-+- char *slash;
-+- int ret;
-+-
-+- slash = strchr(buf, '/');
-+- if (!slash)
-+- return 1;
-+-
-+- strncpy(tmpbuf, buf, slash-buf);
-+- tmpbuf[slash-buf] = '\0';
-+-
-+- ret = get_ipaddress(tmpbuf, addr);
-+- if (ret)
-+- return ret;
-+-
-+- ret = get_ipaddress(slash+1, addr2);
-+- if (ret)
-+- return ret;
-+-
-+- return 0;
-+-}
-+-
-+-static int read_range(char *buf, struct sockaddr_storage *addr1, struct sockaddr_storage *addr2)
-+-{
-+- char tmpbuf[BUFLEN];
-+- char *hyphen;
-+- int ret;
-+-
-+- hyphen = strchr(buf, '-');
-+- if (!hyphen)
-+- return 1;
-+-
-+- strncpy(tmpbuf, buf, hyphen-buf);
-+- tmpbuf[hyphen-buf] = '\0';
-+-
-+- ret = get_ipaddress(tmpbuf, addr1);
-+- if (ret)
-+- return ret;
-+-
-+- ret = get_ipaddress(hyphen+1, addr2);
-+- if (ret)
-+- return ret;
-+-
-+- return 0;
-+-}
-+-
-+-
-+-static int load_file(void)
-+-{
-+- FILE *filterfile;
-+- char filebuf[BUFLEN];
-+- int line = 0;
-+- int ret;
-+- check_type_t type;
-+- check_acceptreject_t acceptreject;
-+- struct sockaddr_storage addr1;
-+- struct sockaddr_storage addr2;
-+-
-+- ipcheck_rmall(&match_entry_v4);
-+- ipcheck_rmall(&match_entry_v6);
-+-
-+- filterfile = fopen("int_links_acl.txt", "r");
-+- if (!filterfile) {
-+- fprintf(stderr, "Cannot open int_links_acl.txt\n");
-+- return 1;
-+- }
-+-
-+- while (fgets(filebuf, sizeof(filebuf), filterfile)) {
-+- filebuf[strlen(filebuf)-1] = '\0'; /* remove trailing LF */
-+- line++;
-+-
-+- /*
-+- * First char is A (accept) or R (Reject)
-+- */
-+- switch(filebuf[0] & 0x5F) {
-+- case 'A':
-+- acceptreject = CHECK_ACCEPT;
-+- break;
-+- case 'R':
-+- acceptreject = CHECK_REJECT;
-+- break;
-+- default:
-+- fprintf(stderr, "Unknown record type on line %d: %s\n", line, filebuf);
-+- goto next_record;
-+- }
-+-
-+- /*
-+- * Second char is the filter type:
-+- * A Address
-+- * M Mask
-+- * R Range
-+- */
-+- switch(filebuf[1] & 0x5F) {
-+- case 'A':
-+- type = CHECK_TYPE_ADDRESS;
-+- ret = read_address(filebuf+2, &addr1);
-+- break;
-+- case 'M':
-+- type = CHECK_TYPE_MASK;
-+- ret = read_mask(filebuf+2, &addr1, &addr2);
-+- break;
-+- case 'R':
-+- type = CHECK_TYPE_RANGE;
-+- ret = read_range(filebuf+2, &addr1, &addr2);
-+- break;
-+- default:
-+- fprintf(stderr, "Unknown filter type on line %d: %s\n", line, filebuf);
-+- goto next_record;
-+- break;
-+- }
-+- if (ret) {
-+- fprintf(stderr, "Failed to parse address on line %d: %s\n", line, filebuf);
-+- }
-+- else {
-+- if (addr1.ss_family == AF_INET) {
-+- ipcheck_addip(&match_entry_v4, -1, &addr1, &addr2, type, acceptreject);
-+- } else {
-+- ipcheck_addip(&match_entry_v6, -1, &addr1, &addr2, type, acceptreject);
-+- }
-+- }
-+- next_record: {} /* empty statement to mollify the compiler */
-+- }
-+- fclose(filterfile);
-+-
-+- return 0;
-+-}
-+-
-+-int main(int argc, char *argv[])
-+-{
-+- struct sockaddr_storage saddr;
-+- struct acl_match_entry *match_entry;
-+- int ret;
-+- int i;
-+-
-+- if (load_file())
-+- return 1;
-+-
-+- for (i=1; i<argc; i++) {
-+- ret = get_ipaddress(argv[i], &saddr);
-+- if (ret) {
-+- fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-+- } else {
-+- if (saddr.ss_family == AF_INET) {
-+- match_entry = match_entry_v4;
-+- } else {
-+- match_entry = match_entry_v6;
-+- }
-+- if (ipcheck_validate(&match_entry, &saddr)) {
-+- printf("%s is VALID\n", argv[i]);
-+- } else {
-+- printf("%s is not allowed\n", argv[i]);
-+- }
-+- }
-+- }
-+-
-+- ipcheck_rmall(&match_entry_v4);
-+- ipcheck_rmall(&match_entry_v6);
-+- return 0;
-+-}
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+new file mode 100644
-+index 0000000..a7d2aed
-+--- /dev/null
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -0,0 +1,399 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <sys/types.h>
-++#include <sys/socket.h>
-++#include <netinet/in.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <netdb.h>
-++#include <errno.h>
-++
-++#include "internals.h"
-++#include "links_acl.h"
-++#include "links_acl_ip.h"
-++
-++#include "test-common.h"
-++
-++static struct acl_match_entry *match_entry_v4;
-++static struct acl_match_entry *match_entry_v6;
-++
-++/* This is a test program .. remember! */
-++#define BUFLEN 1024
-++
-++static int get_ipaddress(const char *buf, struct sockaddr_storage *addr)
-++{
-++ struct addrinfo *info;
-++ struct addrinfo hints;
-++
-++ memset(&hints, 0, sizeof(hints));
-++ hints.ai_family = AF_UNSPEC;
-++
-++ if (getaddrinfo(buf, NULL, &hints, &info)) {
-++ return -1;
-++ }
-++
-++ memmove(addr, info->ai_addr, info->ai_addrlen);
-++ freeaddrinfo(info);
-++ return 0;
-++}
-++
-++static int read_2ip(const char *buf, const char *delim, struct sockaddr_storage *addr, struct sockaddr_storage *addr2)
-++{
-++ char tmpbuf[BUFLEN];
-++ char *deli;
-++
-++ deli = strstr(buf, delim);
-++ if (!deli) {
-++ return -1;
-++ }
-++
-++ strncpy(tmpbuf, buf, deli-buf);
-++ tmpbuf[deli-buf] = '\0';
-++
-++ if (get_ipaddress(tmpbuf, addr)) {
-++ return -1;
-++ }
-++
-++ if (get_ipaddress(deli+1, addr2)) {
-++ return -1;
-++ }
-++
-++ return 0;
-++}
-++
-++/*
-++ * be aware that ordering is important
-++ * so we can test all the rules with few
-++ * ipcheck_validate calls
-++ */
-++
-++const char *rules[100] = {
-++ /*
-++ * ipv4
-++ */
-++ "RA192.168.0.3", /* reject address */
-++ "AA192.168.0.1", /* accept address */
-++ "RR192.168.0.10-192.168.0.20", /* reject range */
-++ "AR192.168.0.0-192.168.0.255", /* accept range */
-++ "RM192.168.2.0/255.255.255.0", /* reject mask */
-++ "AM192.168.2.0/255.255.254.0", /* accept mask */
-++ /*
-++ * ipv6
-++ */
-++ "RA3ffe::3",
-++ "AA3ffe::1",
-++ "RR3ffe::10-3ffe::20",
-++ "AR3ffe::0-3ffe::ff",
-++ "RM3ffe:1::0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:0",
-++ "AM3ffe:1::0/ffff:ffff:ffff:ffff::0"
-++};
-++
-++static int _ipcheck_addip(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ return ipcheck_addip(fd_tracker_match_entry_head, -1, ss1, ss2, type, acceptreject);
-++}
-++
-++static int default_rules(int load)
-++{
-++ int ret;
-++ check_type_t type;
-++ check_acceptreject_t acceptreject;
-++ struct sockaddr_storage addr1;
-++ struct sockaddr_storage addr2;
-++ int i = 0;
-++ int (*loadfn)(void *fd_tracker_match_entry_head, struct sockaddr_storage *ss1, struct sockaddr_storage *ss2, check_type_t type, check_acceptreject_t acceptreject);
-++
-++ if (load) {
-++ loadfn = _ipcheck_addip;
-++ } else {
-++ loadfn = ipcheck_rmip;
-++ }
-++
-++ while (rules[i] != NULL) {
-++ printf("Parsing rule: %s\n", rules[i]);
-++ memset(&addr1, 0, sizeof(struct sockaddr_storage));
-++ memset(&addr2, 0, sizeof(struct sockaddr_storage));
-++ /*
-++ * First char is A (accept) or R (Reject)
-++ */
-++ switch(rules[i][0] & 0x5F) {
-++ case 'A':
-++ acceptreject = CHECK_ACCEPT;
-++ break;
-++ case 'R':
-++ acceptreject = CHECK_REJECT;
-++ break;
-++ default:
-++ fprintf(stderr, "Unknown record type on line %d: %s\n", i, rules[i]);
-++ goto next_record;
-++ }
-++
-++ /*
-++ * Second char is the filter type:
-++ * A Address
-++ * M Mask
-++ * R Range
-++ */
-++ switch(rules[i][1] & 0x5F) {
-++ case 'A':
-++ type = CHECK_TYPE_ADDRESS;
-++ ret = get_ipaddress(rules[i]+2, &addr1);
-++ break;
-++ case 'M':
-++ type = CHECK_TYPE_MASK;
-++ ret = read_2ip(rules[i]+2, "/", &addr1, &addr2);
-++ break;
-++ case 'R':
-++ type = CHECK_TYPE_RANGE;
-++ ret = read_2ip(rules[i]+2, "-", &addr1, &addr2);
-++ break;
-++ default:
-++ fprintf(stderr, "Unknown filter type on line %d: %s\n", i, rules[i]);
-++ goto next_record;
-++ break;
-++ }
-++
-++ if (ret) {
-++ fprintf(stderr, "Failed to parse address on line %d: %s\n", i, rules[i]);
-++ return -1;
-++ } else {
-++ if (addr1.ss_family == AF_INET) {
-++ if (loadfn(&match_entry_v4, &addr1, &addr2, type, acceptreject) < 0) {
-++ fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
-++ return -1;
-++ }
-++ } else {
-++ if (loadfn(&match_entry_v6, &addr1, &addr2, type, acceptreject) < 0) {
-++ fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
-++ return -1;
-++ }
-++ }
-++ }
-++
-++ next_record:
-++ i++;
-++ }
-++
-++ return 0;
-++}
-++
-++const char *tests[100] = {
-++ /*
-++ * ipv4
-++ */
-++ "R192.168.0.3", /* reject address */
-++ "A192.168.0.1", /* accept address */
-++ "R192.168.0.11", /* reject range */
-++ "A192.168.0.8", /* accept range */
-++ "R192.168.2.1", /* reject mask */
-++ "A192.168.3.1", /* accept mask */
-++ /*
-++ * ipv6
-++ */
-++ "R3ffe::3",
-++ "A3ffe::1",
-++ "R3ffe::11",
-++ "A3ffe::8",
-++ "R3ffe:1::1",
-++ "A3ffe:1::1:1"
-++};
-++
-++const char *after_insert_tests[100] = {
-++ /*
-++ * ipv4
-++ */
-++ "R192.168.0.3", /* reject address */
-++ "A192.168.0.1", /* accept address */
-++ "R192.168.0.11", /* reject range */
-++ "A192.168.0.8", /* accept range */
-++ "A192.168.2.1", /* reject mask */
-++ "A192.168.3.1", /* accept mask */
-++ /*
-++ * ipv6
-++ */
-++ "R3ffe::3",
-++ "A3ffe::1",
-++ "R3ffe::11",
-++ "A3ffe::8",
-++ "A3ffe:1::1",
-++ "A3ffe:1::1:1"
-++};
-++
-++int test(void)
-++{
-++ int i = 0;
-++ int expected;
-++ struct sockaddr_storage saddr;
-++ struct acl_match_entry *match_entry;
-++
-++ /*
-++ * default tests
-++ */
-++ while (tests[i] != NULL) {
-++ /*
-++ * First char is A (accept) or R (Reject)
-++ */
-++ switch(tests[i][0] & 0x5F) {
-++ case 'A':
-++ expected = 1;
-++ break;
-++ case 'R':
-++ expected = 0;
-++ break;
-++ default:
-++ fprintf(stderr, "Unknown record type on line %d: %s\n", i, tests[i]);
-++ return FAIL;
-++ break;
-++ }
-++
-++ if (get_ipaddress(tests[i]+1, &saddr)) {
-++ fprintf(stderr, "Cannot parse address %s\n", tests[i]+1);
-++ return FAIL;
-++ }
-++
-++ if (saddr.ss_family == AF_INET) {
-++ match_entry = match_entry_v4;
-++ } else {
-++ match_entry = match_entry_v6;
-++ }
-++
-++ if (ipcheck_validate(&match_entry, &saddr) != expected) {
-++ fprintf(stderr, "Failed to check access list for ip: %s\n", tests[i]);
-++ return FAIL;
-++ }
-++ i++;
-++ }
-++
-++ /*
-++ * insert tests
-++ */
-++
-++ if (get_ipaddress("192.168.2.1", &saddr)) {
-++ fprintf(stderr, "Cannot parse address 192.168.2.1\n");
-++ return FAIL;
-++ }
-++
-++ if (ipcheck_addip(&match_entry_v4, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ fprintf(stderr, "Unable to insert address in position 3 192.168.2.1\n");
-++ return FAIL;
-++ }
-++
-++ if (get_ipaddress("3ffe:1::1", &saddr)) {
-++ fprintf(stderr, "Cannot parse address 3ffe:1::1\n");
-++ return FAIL;
-++ }
-++
-++ if (ipcheck_addip(&match_entry_v6, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ fprintf(stderr, "Unable to insert address in position 3 3ffe:1::1\n");
-++ return FAIL;
-++ }
-++
-++ while (after_insert_tests[i] != NULL) {
-++ /*
-++ * First char is A (accept) or R (Reject)
-++ */
-++ switch(after_insert_tests[i][0] & 0x5F) {
-++ case 'A':
-++ expected = 1;
-++ break;
-++ case 'R':
-++ expected = 0;
-++ break;
-++ default:
-++ fprintf(stderr, "Unknown record type on line %d: %s\n", i, after_insert_tests[i]);
-++ return FAIL;
-++ break;
-++ }
-++
-++ if (get_ipaddress(after_insert_tests[i]+1, &saddr)) {
-++ fprintf(stderr, "Cannot parse address %s\n", after_insert_tests[i]+1);
-++ return FAIL;
-++ }
-++
-++ if (saddr.ss_family == AF_INET) {
-++ match_entry = match_entry_v4;
-++ } else {
-++ match_entry = match_entry_v6;
-++ }
-++
-++ if (ipcheck_validate(&match_entry, &saddr) != expected) {
-++ fprintf(stderr, "Failed to check access list for ip: %s\n", after_insert_tests[i]);
-++ return FAIL;
-++ }
-++ i++;
-++ }
-++ return PASS;
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ struct sockaddr_storage saddr;
-++ struct acl_match_entry *match_entry;
-++ int ret = PASS;
-++ int i;
-++
-++ if (default_rules(1) < 0) {
-++ return -1;
-++ }
-++
-++ if (argc > 1) {
-++ /*
-++ * run manual check against default access lists
-++ */
-++ for (i=1; i<argc; i++) {
-++ if (get_ipaddress(argv[i], &saddr)) {
-++ fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-++ ret = FAIL;
-++ goto out;
-++ } else {
-++ if (saddr.ss_family == AF_INET) {
-++ match_entry = match_entry_v4;
-++ } else {
-++ match_entry = match_entry_v6;
-++ }
-++ if (ipcheck_validate(&match_entry, &saddr)) {
-++ printf("%s is VALID\n", argv[i]);
-++ ret = PASS;
-++ } else {
-++ printf("%s is not allowed\n", argv[i]);
-++ ret = FAIL;
-++ }
-++ }
-++ }
-++ } else {
-++ /*
-++ * run automatic tests
-++ */
-++ ret = test();
-++ }
-++
-++ /*
-++ * test memory leaks with ipcheck_rmip
-++ */
-++ if (default_rules(0) < 0) {
-++ return FAIL;
-++ }
-++
-++ /*
-++ * test memory leaks with ipcheck_rmall
-++ */
-++ if (default_rules(1) < 0) {
-++ return FAIL;
-++ }
-++out:
-++ ipcheck_rmall(&match_entry_v4);
-++ ipcheck_rmall(&match_entry_v6);
-++
-++ return ret;
-++}
-diff --git a/debian/patches/access-lists-add-public-API-tests.patch b/debian/patches/access-lists-add-public-API-tests.patch
-new file mode 100644
-index 0000000..2be97b8
---- /dev/null
-+++ b/debian/patches/access-lists-add-public-API-tests.patch
-@@ -0,0 +1,1019 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 6 Mar 2019 13:08:34 +0100
-+Subject: [access lists] add public API tests
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 31da8fa7b5d034980c38c2f5dcc6e3730f2031fa)
-+---
-+ libknet/tests/api_knet_link_add_acl.c | 246 +++++++++++++++++++++++++++++
-+ libknet/tests/api_knet_link_clear_acl.c | 196 +++++++++++++++++++++++
-+ libknet/tests/api_knet_link_insert_acl.c | 246 +++++++++++++++++++++++++++++
-+ libknet/tests/api_knet_link_rm_acl.c | 256 +++++++++++++++++++++++++++++++
-+ libknet/tests/api-check.mk | 18 ++-
-+ 5 files changed, 961 insertions(+), 1 deletion(-)
-+ create mode 100644 libknet/tests/api_knet_link_add_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_clear_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_insert_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_rm_acl.c
-+
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+new file mode 100644
-+index 0000000..b018165
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -0,0 +1,246 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++ knet_handle_t knet_h;
-++ int logfds[2];
-++ struct knet_host *host;
-++ struct knet_link *link;
-++ struct sockaddr_storage lo, lo6;
-++
-++ if (make_local_sockaddr(&lo, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ if (make_local_sockaddr6(&lo6, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ printf("Test knet_link_add_acl incorrect knet_h\n");
-++
-++ if ((!knet_link_add_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ setup_logpipes(logfds);
-++
-++ knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++ printf("Test knet_link_add_acl with unconfigured host\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with unconfigured link\n");
-++
-++ if (knet_host_add(knet_h, 1) < 0) {
-++ printf("knet_host_add failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with invalid link\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with invalid ss1\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with invalid ss2\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with non matching families\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with wrong check_type\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with wrong acceptreject\n");
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_add_acl with point to point link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_add_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ knet_link_clear_config(knet_h, 1, 0);
-++
-++ printf("Test knet_link_add_acl with dynamic link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list not empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ printf("knet_link_add_acl did not accept dynamic link error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ test();
-++
-++ return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+new file mode 100644
-+index 0000000..78b7d79
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -0,0 +1,196 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++ knet_handle_t knet_h;
-++ int logfds[2];
-++ struct knet_host *host;
-++ struct knet_link *link;
-++ struct sockaddr_storage lo;
-++
-++ if (make_local_sockaddr(&lo, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ printf("Test knet_link_clear_acl incorrect knet_h\n");
-++
-++ if ((!knet_link_clear_acl(NULL, 1, 0)) || (errno != EINVAL)) {
-++ printf("knet_link_clear_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ setup_logpipes(logfds);
-++
-++ knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++ printf("Test knet_link_clear_acl with unconfigured host\n");
-++
-++ if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++ printf("knet_link_clear_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_clear_acl with unconfigured link\n");
-++
-++ if (knet_host_add(knet_h, 1) < 0) {
-++ printf("knet_host_add failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++ printf("knet_link_clear_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_clear_acl with invalid link\n");
-++
-++ if ((!knet_link_clear_acl(knet_h, 1, KNET_MAX_LINK)) || (errno != EINVAL)) {
-++ printf("knet_link_clear_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_clear_acl with point to point link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++ printf("knet_link_clear_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ knet_link_clear_config(knet_h, 1, 0);
-++
-++ printf("Test knet_link_clear_acl with dynamic link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list NOT empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ printf("knet_link_clear_acl did not accept dynamic link error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_clear_acl(knet_h, 1, 0) < 0) {
-++ printf("knet_link_clear_acl failed to clear. error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list NOT empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ test();
-++
-++ return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+new file mode 100644
-+index 0000000..547f92b
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -0,0 +1,246 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++ knet_handle_t knet_h;
-++ int logfds[2];
-++ struct knet_host *host;
-++ struct knet_link *link;
-++ struct sockaddr_storage lo, lo6;
-++
-++ if (make_local_sockaddr(&lo, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ if (make_local_sockaddr6(&lo6, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ printf("Test knet_link_insert_acl incorrect knet_h\n");
-++
-++ if ((!knet_link_insert_acl(NULL, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ setup_logpipes(logfds);
-++
-++ knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++ printf("Test knet_link_insert_acl with unconfigured host\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with unconfigured link\n");
-++
-++ if (knet_host_add(knet_h, 1) < 0) {
-++ printf("knet_host_add failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with invalid link\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, KNET_MAX_LINK, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with invalid ss1\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with invalid ss2\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with non matching families\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with wrong check_type\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with wrong acceptreject\n");
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_insert_acl with point to point link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_insert_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ knet_link_clear_config(knet_h, 1, 0);
-++
-++ printf("Test knet_link_insert_acl with dynamic link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list not empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ printf("knet_link_insert_acl did not accept dynamic link error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ test();
-++
-++ return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+new file mode 100644
-+index 0000000..49a82d9
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -0,0 +1,256 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++ knet_handle_t knet_h;
-++ int logfds[2];
-++ struct knet_host *host;
-++ struct knet_link *link;
-++ struct sockaddr_storage lo, lo6;
-++
-++ if (make_local_sockaddr(&lo, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ if (make_local_sockaddr6(&lo6, 0) < 0) {
-++ printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ printf("Test knet_link_rm_acl incorrect knet_h\n");
-++
-++ if ((!knet_link_rm_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-++ setup_logpipes(logfds);
-++
-++ knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++ printf("Test knet_link_rm_acl with unconfigured host\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with unconfigured link\n");
-++
-++ if (knet_host_add(knet_h, 1) < 0) {
-++ printf("knet_host_add failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with invalid link\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with invalid ss1\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with invalid ss2\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with non matching families\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with wrong check_type\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with wrong acceptreject\n");
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_link_rm_acl with point to point link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++ printf("knet_link_rm_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ knet_link_clear_config(knet_h, 1, 0);
-++
-++ printf("Test knet_link_rm_acl with dynamic link\n");
-++
-++ if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++ printf("Unable to configure link: %s\n", strerror(errno));
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list not empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ printf("Failed to add an access list: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++ printf("knet_link_rm_acl did not accept dynamic link error: %s\n", strerror(errno));
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++ printf("match list NOT empty!");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ test();
-++
-++ return PASS;
-++}
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 247ed58..427c388 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -68,7 +68,11 @@ api_checks = \
-+ api_knet_link_set_enable_test \
-+ api_knet_link_get_enable_test \
-+ api_knet_link_get_link_list_test \
-+- api_knet_link_get_status_test
-++ api_knet_link_get_status_test \
-++ api_knet_link_add_acl_test \
-++ api_knet_link_insert_acl_test \
-++ api_knet_link_rm_acl_test \
-++ api_knet_link_clear_acl_test
-+
-+ api_knet_handle_new_test_SOURCES = api_knet_handle_new.c \
-+ test-common.c
-+@@ -256,3 +260,15 @@ api_knet_link_get_link_list_test_SOURCES = api_knet_link_get_link_list.c \
-+
-+ api_knet_link_get_status_test_SOURCES = api_knet_link_get_status.c \
-+ test-common.c
-++
-++api_knet_link_add_acl_test_SOURCES = api_knet_link_add_acl.c \
-++ test-common.c
-++
-++api_knet_link_insert_acl_test_SOURCES = api_knet_link_insert_acl.c \
-++ test-common.c
-++
-++api_knet_link_rm_acl_test_SOURCES = api_knet_link_rm_acl.c \
-++ test-common.c
-++
-++api_knet_link_clear_acl_test_SOURCES = api_knet_link_clear_acl.c \
-++ test-common.c
-diff --git a/debian/patches/access-lists-add-tests-for-default-access-lists.patch b/debian/patches/access-lists-add-tests-for-default-access-lists.patch
-new file mode 100644
-index 0000000..24d97e5
---- /dev/null
-+++ b/debian/patches/access-lists-add-tests-for-default-access-lists.patch
-@@ -0,0 +1,63 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 06:47:41 +0100
-+Subject: [access lists] add tests for default access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c48b048e3b340ea7696c3300fb64928b22018233)
-+---
-+ libknet/tests/api_knet_link_set_config.c | 28 ++++++++++++++++++++++++++++
-+ 1 file changed, 28 insertions(+)
-+
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index 8679428..5fed9be 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -24,6 +24,8 @@
-+ static void test(void)
-+ {
-+ knet_handle_t knet_h;
-++ struct knet_host *host;
-++ struct knet_link *link;
-+ int logfds[2];
-+ char src_portstr[32];
-+ char dst_portstr[32];
-+@@ -140,6 +142,19 @@ static void test(void)
-+ exit(FAIL);
-+ }
-+
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++ printf("found access lists for dynamic dst_addr!\n");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-+ if (knet_link_get_status(knet_h, 1, 0, &link_status, sizeof(struct knet_link_status)) < 0) {
-+ printf("Unable to get link status: %s\n", strerror(errno));
-+ knet_link_clear_config(knet_h, 1, 0);
-+@@ -244,6 +259,19 @@ static void test(void)
-+ exit(FAIL);
-+ }
-+
-++ host = knet_h->host_index[1];
-++ link = &host->link[0];
-++
-++ if (!knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++ printf("Unable to find default access lists for static dst_addr!\n");
-++ knet_link_clear_config(knet_h, 1, 0);
-++ knet_host_remove(knet_h, 1);
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-+ if (knet_link_get_status(knet_h, 1, 0, &link_status, sizeof(struct knet_link_status)) < 0) {
-+ printf("Unable to get link status: %s\n", strerror(errno));
-+ knet_link_clear_config(knet_h, 1, 0);
-diff --git a/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch b/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-new file mode 100644
-index 0000000..a9b0ea7
---- /dev/null
-+++ b/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-@@ -0,0 +1,61 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 07:23:09 +0100
-+Subject: [access lists] allow knet_bench to enable/disable access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a7fa047d1bdae266cfef18fc31d87072b7dfd6d3)
-+---
-+ libknet/tests/knet_bench.c | 12 +++++++++++-
-+ 1 file changed, 11 insertions(+), 1 deletion(-)
-+
-+diff --git a/libknet/tests/knet_bench.c b/libknet/tests/knet_bench.c
-+index b208b3e..00cd58b 100644
-+--- a/libknet/tests/knet_bench.c
-++++ b/libknet/tests/knet_bench.c
-+@@ -46,6 +46,7 @@ static int wait_for_perf_rx = 0;
-+ static char *compresscfg = NULL;
-+ static char *cryptocfg = NULL;
-+ static int machine_output = 0;
-++static int use_access_lists = 0;
-+
-+ static int bench_shutdown_in_progress = 0;
-+ static pthread_mutex_t shutdown_mutex = PTHREAD_MUTEX_INITIALIZER;
-+@@ -78,6 +79,7 @@ static void print_help(void)
-+ printf("knet_bench usage:\n");
-+ printf(" -h print this help (no really)\n");
-+ printf(" -d enable debug logs (default INFO)\n");
-++ printf(" -f enable use of access lists (default: off)\n");
-+ printf(" -c [implementation]:[crypto]:[hashing] crypto configuration. (default disabled)\n");
-+ printf(" Example: -c nss:aes128:sha1\n");
-+ printf(" -z [implementation]:[level]:[threshold] compress configuration. (default disabled)\n");
-+@@ -248,7 +250,7 @@ static void setup_knet(int argc, char *argv[])
-+
-+ memset(nodes, 0, sizeof(nodes));
-+
-+- while ((rv = getopt(argc, argv, "aCT:S:s:ldom:wb:t:n:c:p:X::P:z:h")) != EOF) {
-++ while ((rv = getopt(argc, argv, "aCT:S:s:ldfom:wb:t:n:c:p:X::P:z:h")) != EOF) {
-+ switch(rv) {
-+ case 'h':
-+ print_help();
-+@@ -260,6 +262,9 @@ static void setup_knet(int argc, char *argv[])
-+ case 'd':
-+ debug = KNET_LOG_DEBUG;
-+ break;
-++ case 'f':
-++ use_access_lists = 1;
-++ break;
-+ case 'c':
-+ if (cryptocfg) {
-+ printf("Error: -c can only be specified once\n");
-+@@ -456,6 +461,11 @@ static void setup_knet(int argc, char *argv[])
-+ exit(FAIL);
-+ }
-+
-++ if (knet_handle_enable_access_lists(knet_h, use_access_lists) < 0) {
-++ printf("Unable to knet_handle_enable_access_lists: %s\n", strerror(errno));
-++ exit(FAIL);
-++ }
-++
-+ if (cryptocfg) {
-+ memset(&knet_handle_crypto_cfg, 0, sizeof(knet_handle_crypto_cfg));
-+ cryptomodel = strtok(cryptocfg, ":");
-diff --git a/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch b/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
-new file mode 100644
-index 0000000..5c0c247
---- /dev/null
-+++ b/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
-@@ -0,0 +1,283 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 06:32:42 +0100
-+Subject: [access lists] automatically add and remove point to point access
-+ lists
-+
-+those are not used just yet.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a08389d536726927f2438a7e0bfe6b86244779ab)
-+---
-+ libknet/links_acl.h | 7 +++-
-+ libknet/links.c | 96 +++++++++++++++++++++++++++++++++++++++++++
-+ libknet/links_acl.c | 62 +++++++++++++++++++++++++++-
-+ libknet/tests/int_links_acl.c | 8 ++--
-+ 4 files changed, 166 insertions(+), 7 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 26b0f36..f4713d6 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -13,10 +13,13 @@
-+
-+ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-+
-+-void ipcheck_clear(struct acl_match_entry **match_entry_head);
-+-
-+ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++void check_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 010aeb6..6c75c35 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -20,6 +20,56 @@
-+ #include "transports.h"
-+ #include "host.h"
-+ #include "threads_common.h"
-++#include "links_acl.h"
-++
-++static void _link_del_all_acl(knet_handle_t knet_h, int sock)
-++{
-++ check_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++}
-++
-++static int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++ int err = -1;
-++
-++ switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++ case LOOPBACK:
-++ /*
-++ * loopback does not require access lists
-++ */
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ break;
-++ default:
-++ break;
-++ }
-++
-++ return err;
-++}
-++
-++static int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++ int err = -1;
-++
-++ switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++ case LOOPBACK:
-++ /*
-++ * loopback does not require access lists
-++ */
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ break;
-++ default:
-++ break;
-++ }
-++
-++ return err;
-++}
-+
-+ int _link_updown(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-+ unsigned int enabled, unsigned int connected)
-+@@ -234,6 +284,21 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ err = -1;
-+ goto exit_unlock;
-+ }
-++
-++ /*
-++ * we can only configure default access lists if we know both endpoints
-++ */
-++ if (link->dynamic == KNET_LINK_STATIC) {
-++ log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u",
-++ host_id, link_id);
-++ if (_link_add_default_acl(knet_h, link) < 0) {
-++ log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-++ savederrno = errno;
-++ err = -1;
-++ goto exit_unlock;
-++ }
-++ }
-++
-+ link->configured = 1;
-+ log_debug(knet_h, KNET_SUB_LINK, "host: %u link: %u is configured",
-+ host_id, link_id);
-+@@ -351,6 +416,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ int savederrno = 0, err = 0;
-+ struct knet_host *host;
-+ struct knet_link *link;
-++ int sock;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -397,6 +463,28 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ goto exit_unlock;
-+ }
-+
-++ /*
-++ * remove well known access lists here.
-++ * After the transport has done clearing the config,
-++ * then we can remove any leftover access lists if the link
-++ * is no longer in use.
-++ */
-++ if (link->dynamic == KNET_LINK_STATIC) {
-++ if (_link_rm_default_acl(knet_h, link) < 0) {
-++ err = -1;
-++ savederrno = EBUSY;
-++ log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-++ host_id, link_id);
-++ goto exit_unlock;
-++ }
-++ }
-++
-++ /*
-++ * cache it for later as we don't know if the transport
-++ * will clear link info during clear_config.
-++ */
-++ sock = link->outsock;
-++
-+ if ((transport_link_clear_config(knet_h, link) < 0) &&
-+ (errno != EBUSY)) {
-+ savederrno = errno;
-+@@ -404,6 +492,14 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ goto exit_unlock;
-+ }
-+
-++ /*
-++ * remove any other access lists when the socket is no
-++ * longer in use by the transport.
-++ */
-++ if (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS) {
-++ _link_del_all_acl(knet_h, sock);
-++ }
-++
-+ memset(link, 0, sizeof(struct knet_link));
-+ link->link_id = link_id;
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index fe84088..2ad3e90 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -150,7 +150,7 @@ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_
-+ * Routines to manuipulate access lists
-+ */
-+
-+-void ipcheck_clear(struct acl_match_entry **match_entry_head)
-++void check_rmall(struct acl_match_entry **match_entry_head)
-+ {
-+ struct acl_match_entry *next_match_entry;
-+ struct acl_match_entry *match_entry = *match_entry_head;
-+@@ -163,6 +163,62 @@ void ipcheck_clear(struct acl_match_entry **match_entry_head)
-+ *match_entry_head = NULL;
-+ }
-+
-++static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ while (match_entry) {
-++ if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-++ (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++ (match_entry->type == type) &&
-++ (match_entry->acceptreject == acceptreject)) {
-++ return match_entry;
-++ }
-++ match_entry = match_entry->next;
-++ }
-++
-++ return NULL;
-++}
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ struct acl_match_entry *next_match_entry = NULL;
-++ struct acl_match_entry *rm_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++ if (!rm_match_entry) {
-++ return -1;
-++ }
-++
-++ while (match_entry) {
-++ next_match_entry = match_entry->next;
-++ /*
-++ * we are removing the list head, be careful
-++ */
-++ if (rm_match_entry == match_entry) {
-++ *match_entry_head = next_match_entry;
-++ free(match_entry);
-++ break;
-++ }
-++ /*
-++ * the next one is the one we need to remove
-++ */
-++ if (rm_match_entry == next_match_entry) {
-++ match_entry->next = next_match_entry->next;
-++ free(next_match_entry);
-++ break;
-++ }
-++ match_entry = next_match_entry;
-++ }
-++
-++ return 0;
-++}
-++
-+ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+@@ -182,6 +238,10 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+ (ip1->ss_family != ip2->ss_family))
-+ return -1;
-+
-++ if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++ return -1;
-++ }
-++
-+ new_match_entry = malloc(sizeof(struct acl_match_entry));
-+ if (!new_match_entry)
-+ return -1;
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 1e7f426..129aabe 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -106,8 +106,8 @@ static int load_file(void)
-+ struct sockaddr_storage addr1;
-+ struct sockaddr_storage addr2;
-+
-+- ipcheck_clear(&match_entry_v4);
-+- ipcheck_clear(&match_entry_v6);
-++ check_rmall(&match_entry_v4);
-++ check_rmall(&match_entry_v6);
-+
-+ filterfile = fopen("int_links_acl.txt", "r");
-+ if (!filterfile) {
-+@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
-+ }
-+ }
-+
-+- ipcheck_clear(&match_entry_v4);
-+- ipcheck_clear(&match_entry_v6);
-++ check_rmall(&match_entry_v4);
-++ check_rmall(&match_entry_v6);
-+ return 0;
-+ }
-diff --git a/debian/patches/access-lists-cleanup-API-a-bit.patch b/debian/patches/access-lists-cleanup-API-a-bit.patch
-new file mode 100644
-index 0000000..b88c2b5
---- /dev/null
-+++ b/debian/patches/access-lists-cleanup-API-a-bit.patch
-@@ -0,0 +1,98 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:21:29 +0100
-+Subject: [access lists] cleanup API a bit
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 34d87fab04c1e1329f0066adf595d575dac3d0de)
-+---
-+ libknet/links_acl.h | 3 ++-
-+ libknet/links_acl.c | 26 +++++++++++++-------------
-+ libknet/threads_rx.c | 2 +-
-+ libknet/transport_sctp.c | 2 +-
-+ 4 files changed, 17 insertions(+), 16 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 020ec05..0ad50e6 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -37,8 +37,9 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-++int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-++
-+ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 85a792d..520a934 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -71,22 +71,10 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ }
-+ }
-+
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+ /*
-+ * return 0 to reject and 1 to accept a packet
-+ */
-+-int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-++int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+ switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-+ case LOOPBACK:
-+@@ -103,3 +91,15 @@ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct socka
-+ */
-+ return 0;
-+ }
-++
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++ return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++}
-++
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++ return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++}
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 06a0168..5fa51c4 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -808,7 +808,7 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+ */
-+ if ((knet_h->use_access_lists) &&
-+ (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+- if (!_generic_filter_packet_by_acl(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-++ if (!check_validate(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-+ char src_ipaddr[KNET_MAX_HOST_LEN];
-+ char src_port[KNET_MAX_PORT_LEN];
-+
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index ce3e98e..50a237b 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -731,7 +731,7 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+ addr_str, port_str);
-+ if (knet_h->use_access_lists) {
-+- if (!_generic_filter_packet_by_acl(knet_h, listen_sock, &ss)) {
-++ if (!check_validate(knet_h, listen_sock, &ss)) {
-+ savederrno = EINVAL;
-+ err = -1;
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-diff --git a/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch b/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
-new file mode 100644
-index 0000000..219cd34
---- /dev/null
-+++ b/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
-@@ -0,0 +1,226 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 11:37:49 +0100
-+Subject: [access lists] confine access lists data structs within the protocol
-+ itself
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6abcbf579695dd050da0b5262f1e0a63325bbe52)
-+---
-+ libknet/links_acl.h | 8 --------
-+ libknet/links_acl_ip.h | 13 +++++++------
-+ libknet/links_acl.c | 8 ++++----
-+ libknet/links_acl_ip.c | 48 ++++++++++++++++++++++++++++++------------------
-+ 4 files changed, 41 insertions(+), 36 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index f871403..84ae6b9 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -22,14 +22,6 @@ typedef enum {
-+ CHECK_REJECT
-+ } check_acceptreject_t;
-+
-+-struct acl_match_entry {
-+- check_type_t type;
-+- check_acceptreject_t acceptreject;
-+- struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+- struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+- struct acl_match_entry *next;
-+-};
-+-
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index 9e21e00..c475db9 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -12,15 +12,16 @@
-+ #include "internals.h"
-+ #include "links_acl.h"
-+
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject);
-++int ipcheck_rmip(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++void ipcheck_rmall(void *fd_tracker_match_entry_head);
-+
-+-void ipcheck_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 7605fe9..b1d7ab4 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -37,7 +37,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -58,7 +58,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -74,7 +74,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ return;
-+ break;
-+ case IP_PROTO:
-+- ipcheck_rmall((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++ ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+ break;
-+ default:
-+ break;
-+@@ -92,7 +92,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+ return 1;
-+ break;
-+ case IP_PROTO:
-+- return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-++ return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-+ break;
-+ default:
-+ break;
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 58c7b28..e72a382 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -21,6 +21,14 @@
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-+
-++struct ip_acl_match_entry {
-++ check_type_t type;
-++ check_acceptreject_t acceptreject;
-++ struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++ struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++ struct ip_acl_match_entry *next;
-++};
-++
-+ /*
-+ * s6_addr32 is not defined in BSD userland, only kernel.
-+ * definition is the same as linux and it works fine for
-+@@ -34,7 +42,7 @@
-+ * IPv4 See if the address we have matches the current match entry
-+ */
-+
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
-+ {
-+ struct sockaddr_in *ip_to_check;
-+ struct sockaddr_in *match1;
-+@@ -96,7 +104,7 @@ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+ * IPv6 See if the address we have matches the current match entry
-+ */
-+
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
-+ {
-+ struct sockaddr_in6 *ip_to_check;
-+ struct sockaddr_in6 *match1;
-+@@ -134,10 +142,11 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entr
-+ }
-+
-+
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
-+ {
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+- int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++ struct ip_acl_match_entry *match_entry = *match_entry_head;
-++ int (*match_fn)(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry);
-+
-+ if (checkip->ss_family == AF_INET){
-+ match_fn = ip_matches_v4;
-+@@ -161,10 +170,11 @@ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_
-+ * Routines to manuipulate access lists
-+ */
-+
-+-void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-++void ipcheck_rmall(void *fd_tracker_match_entry_head)
-+ {
-+- struct acl_match_entry *next_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-++ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++ struct ip_acl_match_entry *next_match_entry;
-++ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+ while (match_entry) {
-+ next_match_entry = match_entry->next;
-+@@ -174,11 +184,11 @@ void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-+ *match_entry_head = NULL;
-+ }
-+
-+-static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- struct acl_match_entry *match_entry = *match_entry_head;
-++ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+ while (match_entry) {
-+ if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+@@ -193,13 +203,14 @@ static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_
-+ return NULL;
-+ }
-+
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- struct acl_match_entry *next_match_entry = NULL;
-+- struct acl_match_entry *rm_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-++ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++ struct ip_acl_match_entry *next_match_entry = NULL;
-++ struct ip_acl_match_entry *rm_match_entry;
-++ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+ rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+ if (!rm_match_entry) {
-+@@ -231,12 +242,13 @@ int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+ return 0;
-+ }
-+
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- struct acl_match_entry *new_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-++ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++ struct ip_acl_match_entry *new_match_entry;
-++ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+ if (!ip1) {
-+ errno = EINVAL;
-+@@ -259,7 +271,7 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+ return -1;
-+ }
-+
-+- new_match_entry = malloc(sizeof(struct acl_match_entry));
-++ new_match_entry = malloc(sizeof(struct ip_acl_match_entry));
-+ if (!new_match_entry) {
-+ return -1;
-+ }
-diff --git a/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch b/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-new file mode 100644
-index 0000000..636f0ab
---- /dev/null
-+++ b/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-@@ -0,0 +1,80 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 15 Feb 2019 10:57:45 +0100
-+Subject: [access lists] enable access lists for GENERIC_ACL protocols (udp
-+ for example)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit fe077a47ad551d6dcc9f136a1f29b2b98b718beb)
-+---
-+ libknet/threads_rx.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
-+ 1 file changed, 44 insertions(+)
-+
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 8435d13..833938d 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -20,6 +20,7 @@
-+ #include "crypto.h"
-+ #include "host.h"
-+ #include "links.h"
-++#include "links_acl.h"
-+ #include "logging.h"
-+ #include "transports.h"
-+ #include "transport_common.h"
-+@@ -720,6 +721,27 @@ out_pmtud:
-+ }
-+ }
-+
-++/*
-++ * return 0 to reject and 1 to accept a packet
-++ */
-++static int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, const struct knet_mmsghdr *msg)
-++{
-++ switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++ case LOOPBACK:
-++ return 1;
-++ break;
-++ case IP_PROTO:
-++ return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, msg->msg_hdr.msg_name);
-++ break;
-++ default:
-++ break;
-++ }
-++ /*
-++ * reject by default
-++ */
-++ return 0;
-++}
-++
-+ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg)
-+ {
-+ int err, savederrno;
-+@@ -802,6 +824,28 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+ goto exit_unlock;
-+ break;
-+ case 2: /* packet is data and should be parsed as such */
-++ /*
-++ * processing incoming packets vs access lists
-++ */
-++ if ((knet_h->use_access_lists) &&
-++ (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-++ if (!_generic_filter_packet_by_acl(knet_h, sockfd, &msg[i])) {
-++ char src_ipaddr[KNET_MAX_HOST_LEN];
-++ char src_port[KNET_MAX_PORT_LEN];
-++
-++ memset(src_ipaddr, 0, KNET_MAX_HOST_LEN);
-++ memset(src_port, 0, KNET_MAX_PORT_LEN);
-++ knet_addrtostr(msg->msg_hdr.msg_name, sockaddr_len(msg->msg_hdr.msg_name),
-++ src_ipaddr, KNET_MAX_HOST_LEN,
-++ src_port, KNET_MAX_PORT_LEN);
-++
-++ log_debug(knet_h, KNET_SUB_RX, "Packet rejected from %s/%s", src_ipaddr, src_port);
-++ /*
-++ * continue processing the other packets
-++ */
-++ continue;
-++ }
-++ }
-+ _parse_recv_from_links(knet_h, sockfd, &msg[i]);
-+ break;
-+ }
-diff --git a/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch b/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
-new file mode 100644
-index 0000000..a27bd22
---- /dev/null
-+++ b/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
-@@ -0,0 +1,55 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 07:32:59 +0100
-+Subject: [access lists] enable generic access lists only for protocols that
-+ use them
-+
-+protocols such as SCTP that use their own access list tracking will
-+need to setup access lists in transport_link_set/clear_config
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 862446dbc84165963b34f05e2157d3361b5b8f8a)
-+---
-+ libknet/links.c | 15 ++++++++++-----
-+ 1 file changed, 10 insertions(+), 5 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 6c75c35..85b50e5 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -287,10 +287,13 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+
-+ /*
-+ * we can only configure default access lists if we know both endpoints
-++ * and the protocol uses GENERIC_ACL, otherwise the protocol has
-++ * to setup their own access lists above in transport_link_set_config.
-+ */
-+- if (link->dynamic == KNET_LINK_STATIC) {
-+- log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u",
-+- host_id, link_id);
-++ if ((transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL) &&
-++ (link->dynamic == KNET_LINK_STATIC)) {
-++ log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-++ host_id, link_id, link->outsock);
-+ if (_link_add_default_acl(knet_h, link) < 0) {
-+ log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+ savederrno = errno;
-+@@ -469,7 +472,8 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * then we can remove any leftover access lists if the link
-+ * is no longer in use.
-+ */
-+- if (link->dynamic == KNET_LINK_STATIC) {
-++ if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++ (link->dynamic == KNET_LINK_STATIC)) {
-+ if (_link_rm_default_acl(knet_h, link) < 0) {
-+ err = -1;
-+ savederrno = EBUSY;
-+@@ -496,7 +500,8 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * remove any other access lists when the socket is no
-+ * longer in use by the transport.
-+ */
-+- if (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS) {
-++ if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++ (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+ _link_del_all_acl(knet_h, sock);
-+ }
-+
-diff --git a/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch b/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-new file mode 100644
-index 0000000..27b0e57
---- /dev/null
-+++ b/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-@@ -0,0 +1,64 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 07:08:29 +0100
-+Subject: [access lists] fix build on BSD and add some include files around
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f1919ce88831032c123bb28771ef2cabf03a148e)
-+---
-+ libknet/tests/Makefile.am | 1 +
-+ libknet/links_acl.c | 2 ++
-+ libknet/links_acl_ip.c | 2 ++
-+ libknet/tests/int_links_acl.c | 2 ++
-+ 4 files changed, 7 insertions(+)
-+
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index d46553a..2f22293 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -69,6 +69,7 @@ pckt_test_SOURCES = pckt_test.c
-+
-+ int_links_acl_test_SOURCES = int_links_acl.c \
-+ ../common.c \
-++ ../compat.c \
-+ ../logging.c \
-+ ../netutils.c \
-+ ../threads_common.c \
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 8592f1f..cfcc1fd 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -6,6 +6,8 @@
-+ * This software licensed under GPL-2.0+, LGPL-2.0+
-+ */
-+
-++#include "config.h"
-++
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 2aef14b..ffd18a4 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -6,6 +6,8 @@
-+ * This software licensed under GPL-2.0+, LGPL-2.0+
-+ */
-+
-++#include "config.h"
-++
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 8d9f4e0..05bd829 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -6,6 +6,8 @@
-+ * This software licensed under GPL-2.0+, LGPL-2.0+
-+ */
-+
-++#include "config.h"
-++
-+ #include <sys/types.h>
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-diff --git a/debian/patches/access-lists-fix-build-on-freebsd.patch b/debian/patches/access-lists-fix-build-on-freebsd.patch
-new file mode 100644
-index 0000000..385cc85
---- /dev/null
-+++ b/debian/patches/access-lists-fix-build-on-freebsd.patch
-@@ -0,0 +1,54 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 09:49:06 +0100
-+Subject: [access lists] fix build on freebsd
-+
-+don't use malloc.h, obsoleted by stdlib.h
-+define s6_addr32 that's only available in kernel space
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 12ee796ceca832c18054e87a0e310dcd9a6c16c6)
-+---
-+ libknet/links_acl.c | 11 ++++++++++-
-+ libknet/tests/int_links_acl.c | 1 -
-+ 2 files changed, 10 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 2ad3e90..854f273 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -10,13 +10,22 @@
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+-#include <malloc.h>
-++#include <stdlib.h>
-+
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-+ #include "links_acl.h"
-+
-++/*
-++ * s6_addr32 is not defined in BSD userland, only kernel.
-++ * definition is the same as linux and it works fine for
-++ * what we need.
-++ */
-++#ifndef s6_addr32
-++#define s6_addr32 __u6_addr.__u6_addr32
-++#endif
-++
-+ /*
-+ * IPv4 See if the address we have matches the current match entry
-+ */
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 129aabe..133cd5a 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -13,7 +13,6 @@
-+ #include <stdlib.h>
-+ #include <string.h>
-+ #include <netdb.h>
-+-#include <malloc.h>
-+
-+ #include "internals.h"
-+ #include "links_acl.h"
-diff --git a/debian/patches/access-lists-improve-checks-on-various-data-types.patch b/debian/patches/access-lists-improve-checks-on-various-data-types.patch
-new file mode 100644
-index 0000000..1a8d531
---- /dev/null
-+++ b/debian/patches/access-lists-improve-checks-on-various-data-types.patch
-@@ -0,0 +1,74 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 6 Mar 2019 09:43:10 +0100
-+Subject: [access lists] improve checks on various data types
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f6f08c08179a051aa51fadc48a1acfb71a6f55b4)
-+---
-+ libknet/links.c | 39 +++++++++++++++++++++++++++++++++++++++
-+ 1 file changed, 39 insertions(+)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 0f02006..038a8a4 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -1168,6 +1168,19 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+ return -1;
-+ }
-+
-++ if ((type != CHECK_TYPE_ADDRESS) &&
-++ (type != CHECK_TYPE_MASK) &&
-++ (type != CHECK_TYPE_RANGE)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((acceptreject != CHECK_ACCEPT) &&
-++ (acceptreject != CHECK_REJECT)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-+ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+ errno = EINVAL;
-+ return -1;
-+@@ -1250,6 +1263,19 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ return -1;
-+ }
-+
-++ if ((type != CHECK_TYPE_ADDRESS) &&
-++ (type != CHECK_TYPE_MASK) &&
-++ (type != CHECK_TYPE_RANGE)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((acceptreject != CHECK_ACCEPT) &&
-++ (acceptreject != CHECK_REJECT)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-+ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+ errno = EINVAL;
-+ return -1;
-+@@ -1331,6 +1357,19 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+ return -1;
-+ }
-+
-++ if ((type != CHECK_TYPE_ADDRESS) &&
-++ (type != CHECK_TYPE_MASK) &&
-++ (type != CHECK_TYPE_RANGE)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if ((acceptreject != CHECK_ACCEPT) &&
-++ (acceptreject != CHECK_REJECT)) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-+ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+ errno = EINVAL;
-+ return -1;
-diff --git a/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch b/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
-new file mode 100644
-index 0000000..30cafa3
---- /dev/null
-+++ b/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
-@@ -0,0 +1,436 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 12 Feb 2019 07:21:20 +0100
-+Subject: [access lists] make code more generic to accept more than IP
-+ protocol and start to bind it to each fd
-+
-+access lists are unique per file descriptor, each fd can have its own protocol and list.
-+
-+remane around ipcheck* with check* to be more generic.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 45b1d526876aa89986e7bd379c45f8856056fe68)
-+---
-+ libknet/internals.h | 24 +++++++++
-+ libknet/links_acl.h | 18 ++++---
-+ libknet/links_acl.c | 114 ++++++++++++++++++++----------------------
-+ libknet/tests/int_links_acl.c | 46 +++++++++++------
-+ 4 files changed, 120 insertions(+), 82 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 106b49d..78e718d 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -129,11 +129,35 @@ struct knet_sock {
-+ * and socket has been removed from epoll */
-+ };
-+
-++/*
-++ * access lists
-++ */
-++
-++typedef enum {
-++ CHECK_TYPE_ADDRESS,
-++ CHECK_TYPE_MASK,
-++ CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++typedef enum {
-++ CHECK_ACCEPT,
-++ CHECK_REJECT
-++} check_acceptreject_t;
-++
-++struct acl_match_entry {
-++ check_type_t type;
-++ check_acceptreject_t acceptreject;
-++ struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++ struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++ struct acl_match_entry *next;
-++};
-++
-+ struct knet_fd_trackers {
-+ uint8_t transport; /* transport type (UDP/SCTP...) */
-+ uint8_t data_type; /* internal use for transport to define what data are associated
-+ * to this fd */
-+ void *data; /* pointer to the data */
-++ struct acl_match_entry *match_entry;
-+ };
-+
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index eca4566..26b0f36 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -6,11 +6,17 @@
-+ * This software licensed under GPL-2.0+, LGPL-2.0+
-+ */
-+
-+-typedef enum {IPCHECK_TYPE_ADDRESS, IPCHECK_TYPE_MASK, IPCHECK_TYPE_RANGE} ipcheck_type_t;
-+-typedef enum {IPCHECK_ACCEPT, IPCHECK_REJECT} ipcheck_acceptreject_t;
-++#ifndef __KNET_LINKS_ACL_H__
-++#define __KNET_LINKS_ACL_H__
-+
-+-int ipcheck_validate(struct sockaddr_storage *checkip);
-++#include "internals.h"
-+
-+-void ipcheck_clear(void);
-+-int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- ipcheck_type_t type, ipcheck_acceptreject_t acceptreject);
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++
-++void ipcheck_clear(struct acl_match_entry **match_entry_head);
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++#endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index e7b5602..fe84088 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -11,26 +11,17 @@
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <malloc.h>
-+-#include "links_acl.h"
-+-
-+-struct ip_match_entry {
-+- ipcheck_type_t type;
-+- ipcheck_acceptreject_t acceptreject;
-+- struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+- struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+- struct ip_match_entry *next;
-+-};
-+
-+-
-+-/* Lists of things to match against. These are dummy structs to provide a quick list head */
-+-static struct ip_match_entry match_entry_head_v4;
-+-static struct ip_match_entry match_entry_head_v6;
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl.h"
-+
-+ /*
-+ * IPv4 See if the address we have matches the current match entry
-+- *
-+ */
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry)
-++
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+ {
-+ struct sockaddr_in *ip_to_check;
-+ struct sockaddr_in *match1;
-+@@ -41,16 +32,16 @@ static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry
-+ match2 = (struct sockaddr_in *)&match_entry->addr2;
-+
-+ switch(match_entry->type) {
-+- case IPCHECK_TYPE_ADDRESS:
-++ case CHECK_TYPE_ADDRESS:
-+ if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-+ return 1;
-+ break;
-+- case IPCHECK_TYPE_MASK:
-++ case CHECK_TYPE_MASK:
-+ if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-+ match1->sin_addr.s_addr)
-+ return 1;
-+ break;
-+- case IPCHECK_TYPE_RANGE:
-++ case CHECK_TYPE_RANGE:
-+ if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-+ (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-+ return 1;
-+@@ -60,7 +51,10 @@ static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry
-+ return 0;
-+ }
-+
-+-/* Compare two IPv6 addresses */
-++/*
-++ * Compare two IPv6 addresses
-++ */
-++
-+ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+ {
-+ uint64_t a_high, a_low;
-+@@ -89,9 +83,9 @@ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+
-+ /*
-+ * IPv6 See if the address we have matches the current match entry
-+- *
-+ */
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry)
-++
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+ {
-+ struct sockaddr_in6 *ip_to_check;
-+ struct sockaddr_in6 *match1;
-+@@ -103,12 +97,12 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+ match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-+
-+ switch(match_entry->type) {
-+- case IPCHECK_TYPE_ADDRESS:
-++ case CHECK_TYPE_ADDRESS:
-+ if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-+ return 1;
-+ break;
-+
-+- case IPCHECK_TYPE_MASK:
-++ case CHECK_TYPE_MASK:
-+ /*
-+ * Note that this little loop will quit early if there is a non-match so the
-+ * comparison might look backwards compared to the IPv4 one
-+@@ -119,7 +113,7 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+ return 0;
-+ }
-+ return 1;
-+- case IPCHECK_TYPE_RANGE:
-++ case CHECK_TYPE_RANGE:
-+ if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-+ (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-+ return 1;
-+@@ -129,24 +123,20 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+ }
-+
-+
-+-/*
-+- * YOU ARE HERE
-+- */
-+-int ipcheck_validate(struct sockaddr_storage *checkip)
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-+ {
-+- struct ip_match_entry *match_entry;
-+- int (*match_fn)(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry);
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++ int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-+
-+ if (checkip->ss_family == AF_INET){
-+- match_entry = match_entry_head_v4.next;
-+ match_fn = ip_matches_v4;
-+ } else {
-+- match_entry = match_entry_head_v6.next;
-+ match_fn = ip_matches_v6;
-+ }
-++
-+ while (match_entry) {
-+ if (match_fn(checkip, match_entry)) {
-+- if (match_entry->acceptreject == IPCHECK_ACCEPT)
-++ if (match_entry->acceptreject == CHECK_ACCEPT)
-+ return 1;
-+ else
-+ return 0;
-+@@ -157,47 +147,42 @@ int ipcheck_validate(struct sockaddr_storage *checkip)
-+ }
-+
-+ /*
-+- * Routines to manuipulate the lists
-++ * Routines to manuipulate access lists
-+ */
-+
-+-void ipcheck_clear(void)
-++void ipcheck_clear(struct acl_match_entry **match_entry_head)
-+ {
-+- struct ip_match_entry *match_entry;
-+- struct ip_match_entry *next_match_entry;
-++ struct acl_match_entry *next_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-+
-+- match_entry = match_entry_head_v4.next;
-+- while (match_entry) {
-+- next_match_entry = match_entry->next;
-+- free(match_entry);
-+- match_entry = next_match_entry;
-+- }
-+-
-+- match_entry = match_entry_head_v6.next;
-+ while (match_entry) {
-+ next_match_entry = match_entry->next;
-+ free(match_entry);
-+ match_entry = next_match_entry;
-+ }
-++ *match_entry_head = NULL;
-+ }
-+
-+-int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- ipcheck_type_t type, ipcheck_acceptreject_t acceptreject)
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- struct ip_match_entry *match_entry;
-+- struct ip_match_entry *new_match_entry;
-++ struct acl_match_entry *new_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-+
-+- if (type == IPCHECK_TYPE_RANGE &&
-+- (ip1->ss_family != ip2->ss_family))
-++ if (!ip1) {
-+ return -1;
-++ }
-+
-+- if (ip1->ss_family == AF_INET){
-+- match_entry = &match_entry_head_v4;
-+- } else {
-+- match_entry = &match_entry_head_v6;
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++ return -1;
-+ }
-+
-++ if (type == CHECK_TYPE_RANGE &&
-++ (ip1->ss_family != ip2->ss_family))
-++ return -1;
-+
-+- new_match_entry = malloc(sizeof(struct ip_match_entry));
-++ new_match_entry = malloc(sizeof(struct acl_match_entry));
-+ if (!new_match_entry)
-+ return -1;
-+
-+@@ -207,12 +192,19 @@ int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ new_match_entry->acceptreject = acceptreject;
-+ new_match_entry->next = NULL;
-+
-+- /* Find the end of the list */
-+- /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+- while (match_entry->next) {
-+- match_entry = match_entry->next;
-++ if (match_entry) {
-++ /* Find the end of the list */
-++ /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-++ while (match_entry->next) {
-++ match_entry = match_entry->next;
-++ }
-++ match_entry->next = new_match_entry;
-++ } else {
-++ /*
-++ * first entry in the list
-++ */
-++ *match_entry_head = new_match_entry;
-+ }
-+- match_entry->next = new_match_entry;
-+
-+ return 0;
-+ }
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 27ac545..1e7f426 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -14,8 +14,13 @@
-+ #include <string.h>
-+ #include <netdb.h>
-+ #include <malloc.h>
-++
-++#include "internals.h"
-+ #include "links_acl.h"
-+
-++static struct acl_match_entry *match_entry_v4;
-++static struct acl_match_entry *match_entry_v6;
-++
-+ /* This is a test program .. remember! */
-+ #define BUFLEN 1024
-+
-+@@ -31,7 +36,7 @@ static int get_ipaddress(char *buf, struct sockaddr_storage *addr)
-+ res = getaddrinfo(buf, NULL, &hints, &info);
-+ if (!res) {
-+ memmove(addr, info->ai_addr, info->ai_addrlen);
-+- free(info);
-++ freeaddrinfo(info);
-+ }
-+ return res;
-+ }
-+@@ -96,12 +101,13 @@ static int load_file(void)
-+ char filebuf[BUFLEN];
-+ int line = 0;
-+ int ret;
-+- ipcheck_type_t type;
-+- ipcheck_acceptreject_t acceptreject;
-++ check_type_t type;
-++ check_acceptreject_t acceptreject;
-+ struct sockaddr_storage addr1;
-+ struct sockaddr_storage addr2;
-+
-+- ipcheck_clear();
-++ ipcheck_clear(&match_entry_v4);
-++ ipcheck_clear(&match_entry_v6);
-+
-+ filterfile = fopen("int_links_acl.txt", "r");
-+ if (!filterfile) {
-+@@ -118,10 +124,10 @@ static int load_file(void)
-+ */
-+ switch(filebuf[0] & 0x5F) {
-+ case 'A':
-+- acceptreject = IPCHECK_ACCEPT;
-++ acceptreject = CHECK_ACCEPT;
-+ break;
-+ case 'R':
-+- acceptreject = IPCHECK_REJECT;
-++ acceptreject = CHECK_REJECT;
-+ break;
-+ default:
-+ fprintf(stderr, "Unknown record type on line %d: %s\n", line, filebuf);
-+@@ -136,15 +142,15 @@ static int load_file(void)
-+ */
-+ switch(filebuf[1] & 0x5F) {
-+ case 'A':
-+- type = IPCHECK_TYPE_ADDRESS;
-++ type = CHECK_TYPE_ADDRESS;
-+ ret = read_address(filebuf+2, &addr1);
-+ break;
-+ case 'M':
-+- type = IPCHECK_TYPE_MASK;
-++ type = CHECK_TYPE_MASK;
-+ ret = read_mask(filebuf+2, &addr1, &addr2);
-+ break;
-+ case 'R':
-+- type = IPCHECK_TYPE_RANGE;
-++ type = CHECK_TYPE_RANGE;
-+ ret = read_range(filebuf+2, &addr1, &addr2);
-+ break;
-+ default:
-+@@ -156,7 +162,11 @@ static int load_file(void)
-+ fprintf(stderr, "Failed to parse address on line %d: %s\n", line, filebuf);
-+ }
-+ else {
-+- ipcheck_addip(&addr1, &addr2, type, acceptreject);
-++ if (addr1.ss_family == AF_INET) {
-++ ipcheck_addip(&match_entry_v4, &addr1, &addr2, type, acceptreject);
-++ } else {
-++ ipcheck_addip(&match_entry_v6, &addr1, &addr2, type, acceptreject);
-++ }
-+ }
-+ next_record: {} /* empty statement to mollify the compiler */
-+ }
-+@@ -168,6 +178,7 @@ static int load_file(void)
-+ int main(int argc, char *argv[])
-+ {
-+ struct sockaddr_storage saddr;
-++ struct acl_match_entry *match_entry;
-+ int ret;
-+ int i;
-+
-+@@ -178,16 +189,21 @@ int main(int argc, char *argv[])
-+ ret = get_ipaddress(argv[i], &saddr);
-+ if (ret) {
-+ fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-+- }
-+- else {
-+- if (ipcheck_validate(&saddr)) {
-+- printf("%s is VALID\n", argv[i]);
-++ } else {
-++ if (saddr.ss_family == AF_INET) {
-++ match_entry = match_entry_v4;
-++ } else {
-++ match_entry = match_entry_v6;
-+ }
-+- else {
-++ if (ipcheck_validate(&match_entry, &saddr)) {
-++ printf("%s is VALID\n", argv[i]);
-++ } else {
-+ printf("%s is not allowed\n", argv[i]);
-+ }
-+ }
-+ }
-+
-++ ipcheck_clear(&match_entry_v4);
-++ ipcheck_clear(&match_entry_v6);
-+ return 0;
-+ }
-diff --git a/debian/patches/access-lists-make-internal-API-consistent.patch b/debian/patches/access-lists-make-internal-API-consistent.patch
-new file mode 100644
-index 0000000..a5d000c
---- /dev/null
-+++ b/debian/patches/access-lists-make-internal-API-consistent.patch
-@@ -0,0 +1,73 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 06:53:48 +0100
-+Subject: [access lists] make internal API consistent
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit fb462d4f238b98ab685f9efae945a0e527f399ba)
-+---
-+ libknet/links_acl.h | 2 +-
-+ libknet/links_acl.c | 6 +++---
-+ libknet/threads_rx.c | 2 +-
-+ libknet/transport_sctp.c | 2 +-
-+ 4 files changed, 6 insertions(+), 6 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index b083753..f871403 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -37,6 +37,6 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+-int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-++int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip);
-+
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 93cc5af..8592f1f 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -74,14 +74,14 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ /*
-+ * return 0 to reject and 1 to accept a packet
-+ */
-+-int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-++int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip)
-+ {
-+- switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++ switch(transport_get_proto(knet_h, transport)) {
-+ case LOOPBACK:
-+ return 1;
-+ break;
-+ case IP_PROTO:
-+- return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++ return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-+ break;
-+ default:
-+ break;
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 6417261..ae39b38 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -808,7 +808,7 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+ */
-+ if ((knet_h->use_access_lists) &&
-+ (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+- if (!check_validate(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-++ if (!check_validate(knet_h, sockfd, transport, msg[i].msg_hdr.msg_name)) {
-+ char src_ipaddr[KNET_MAX_HOST_LEN];
-+ char src_port[KNET_MAX_PORT_LEN];
-+
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 50a237b..ff7903c 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -731,7 +731,7 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+ addr_str, port_str);
-+ if (knet_h->use_access_lists) {
-+- if (!check_validate(knet_h, listen_sock, &ss)) {
-++ if (!check_validate(knet_h, listen_sock, KNET_TRANSPORT_SCTP, &ss)) {
-+ savederrno = EINVAL;
-+ err = -1;
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-diff --git a/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch b/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-new file mode 100644
-index 0000000..b69fa50
---- /dev/null
-+++ b/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-@@ -0,0 +1,72 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:17:57 +0100
-+Subject: [access lists] more use of generic wrappers and remove duplicate code
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit be01691050bea1aabe0d8736d2017974d966a1c0)
-+---
-+ libknet/links_acl.c | 44 ++++++--------------------------------------
-+ 1 file changed, 6 insertions(+), 38 deletions(-)
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 32763de..85a792d 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -73,51 +73,19 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+
-+ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+- case LOOPBACK:
-+- /*
-+- * loopback does not require access lists
-+- */
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+- break;
-+- default:
-+- break;
-+- }
-+-
-+- return err;
-++ return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ }
-+
-+ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+- case LOOPBACK:
-+- /*
-+- * loopback does not require access lists
-+- */
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+- break;
-+- default:
-+- break;
-+- }
-+-
-+- return err;
-++ return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ }
-+
-+ /*
-+- * * return 0 to reject and 1 to accept a packet
-+- * */
-++ * return 0 to reject and 1 to accept a packet
-++ */
-+ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+ switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-diff --git a/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch b/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
-new file mode 100644
-index 0000000..a96ab6b
---- /dev/null
-+++ b/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
-@@ -0,0 +1,168 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:04:20 +0100
-+Subject: [access lists] move access lists structs and data types to
-+ links_acl.*
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c374aef3fda1c01b282a5baf193e0ac7870d1eb2)
-+---
-+ libknet/internals.h | 25 +------------------------
-+ libknet/links_acl.h | 19 +++++++++++++++++++
-+ libknet/links_acl_ip.h | 1 +
-+ libknet/links_acl.c | 12 ++++++------
-+ libknet/links_acl_ip.c | 1 +
-+ 5 files changed, 28 insertions(+), 30 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 78e718d..0d6ee3f 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -129,35 +129,12 @@ struct knet_sock {
-+ * and socket has been removed from epoll */
-+ };
-+
-+-/*
-+- * access lists
-+- */
-+-
-+-typedef enum {
-+- CHECK_TYPE_ADDRESS,
-+- CHECK_TYPE_MASK,
-+- CHECK_TYPE_RANGE
-+-} check_type_t;
-+-
-+-typedef enum {
-+- CHECK_ACCEPT,
-+- CHECK_REJECT
-+-} check_acceptreject_t;
-+-
-+-struct acl_match_entry {
-+- check_type_t type;
-+- check_acceptreject_t acceptreject;
-+- struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+- struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+- struct acl_match_entry *next;
-+-};
-+-
-+ struct knet_fd_trackers {
-+ uint8_t transport; /* transport type (UDP/SCTP...) */
-+ uint8_t data_type; /* internal use for transport to define what data are associated
-+ * to this fd */
-+ void *data; /* pointer to the data */
-+- struct acl_match_entry *match_entry;
-++ void *match_entry; /* pointer to access list match_entry list head */
-+ };
-+
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 9a20754..020ec05 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,6 +11,25 @@
-+
-+ #include "internals.h"
-+
-++typedef enum {
-++ CHECK_TYPE_ADDRESS,
-++ CHECK_TYPE_MASK,
-++ CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++typedef enum {
-++ CHECK_ACCEPT,
-++ CHECK_REJECT
-++} check_acceptreject_t;
-++
-++struct acl_match_entry {
-++ check_type_t type;
-++ check_acceptreject_t acceptreject;
-++ struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++ struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++ struct acl_match_entry *next;
-++};
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index 575b5ff..9e21e00 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -10,6 +10,7 @@
-+ #define __KNET_LINKS_ACL_IP_H__
-+
-+ #include "internals.h"
-++#include "links_acl.h"
-+
-+ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 34bcce3..32763de 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -28,7 +28,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -48,7 +48,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -64,7 +64,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ return;
-+ break;
-+ case IP_PROTO:
-+- ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++ ipcheck_rmall((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+ break;
-+ default:
-+ break;
-+@@ -83,7 +83,7 @@ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ break;
-+ default:
-+@@ -105,7 +105,7 @@ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ break;
-+ default:
-+@@ -125,7 +125,7 @@ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct socka
-+ return 1;
-+ break;
-+ case IP_PROTO:
-+- return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++ return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-+ break;
-+ default:
-+ break;
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index edc3ae1..2aef14b 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -15,6 +15,7 @@
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-++#include "links_acl.h"
-+ #include "links_acl_ip.h"
-+
-+ /*
-diff --git a/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch b/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-new file mode 100644
-index 0000000..6f3b9d3
---- /dev/null
-+++ b/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-@@ -0,0 +1,1025 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 04:53:23 +0100
-+Subject: [access lists] move all acl wrappers to links_acl* and split
-+ links_acl_ip to their own files
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 0cb8e8bab46b30487a4821004ee757ee8f9eb91e)
-+---
-+ libknet/Makefile.am | 2 +
-+ libknet/tests/Makefile.am | 12 +-
-+ libknet/links_acl.h | 20 +--
-+ libknet/links_acl_ip.h | 25 ++++
-+ libknet/links.c | 53 +------
-+ libknet/links_acl.c | 322 ++++++++++++------------------------------
-+ libknet/links_acl_ip.c | 277 ++++++++++++++++++++++++++++++++++++
-+ libknet/tests/int_links_acl.c | 9 +-
-+ libknet/threads_rx.c | 25 +---
-+ libknet/transport_sctp.c | 24 ++--
-+ 10 files changed, 438 insertions(+), 331 deletions(-)
-+ create mode 100644 libknet/links_acl_ip.h
-+ create mode 100644 libknet/links_acl_ip.c
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 4ea42d9..b60427c 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -32,6 +32,7 @@ sources = \
-+ host.c \
-+ links.c \
-+ links_acl.c \
-++ links_acl_ip.c \
-+ logging.c \
-+ netutils.c \
-+ threads_common.c \
-+@@ -63,6 +64,7 @@ noinst_HEADERS = \
-+ internals.h \
-+ links.h \
-+ links_acl.h \
-++ links_acl_ip.h \
-+ logging.h \
-+ netutils.h \
-+ onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index f74cb04..d46553a 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -68,7 +68,17 @@ check-api-test-coverage:
-+ pckt_test_SOURCES = pckt_test.c
-+
-+ int_links_acl_test_SOURCES = int_links_acl.c \
-+- ../links_acl.c
-++ ../common.c \
-++ ../logging.c \
-++ ../netutils.c \
-++ ../threads_common.c \
-++ ../transports.c \
-++ ../transport_common.c \
-++ ../transport_loopback.c \
-++ ../transport_sctp.c \
-++ ../transport_udp.c \
-++ ../links_acl.c \
-++ ../links_acl_ip.c
-+
-+ int_timediff_test_SOURCES = int_timediff.c
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index f4713d6..9a20754 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,15 +11,15 @@
-+
-+ #include "internals.h"
-+
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-++int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject);
-+-
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject);
-+-
-+-void check_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+new file mode 100644
-+index 0000000..575b5ff
-+--- /dev/null
-++++ b/libknet/links_acl_ip.h
-+@@ -0,0 +1,25 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#ifndef __KNET_LINKS_ACL_IP_H__
-++#define __KNET_LINKS_ACL_IP_H__
-++
-++#include "internals.h"
-++
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++void ipcheck_rmall(struct acl_match_entry **match_entry_head);
-++#endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 85b50e5..07ef26e 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -22,55 +22,6 @@
-+ #include "threads_common.h"
-+ #include "links_acl.h"
-+
-+-static void _link_del_all_acl(knet_handle_t knet_h, int sock)
-+-{
-+- check_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+-}
-+-
-+-static int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+- case LOOPBACK:
-+- /*
-+- * loopback does not require access lists
-+- */
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+- break;
-+- default:
-+- break;
-+- }
-+-
-+- return err;
-+-}
-+-
-+-static int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+- case LOOPBACK:
-+- /*
-+- * loopback does not require access lists
-+- */
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+- break;
-+- default:
-+- break;
-+- }
-+-
-+- return err;
-+-}
-+-
-+ int _link_updown(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-+ unsigned int enabled, unsigned int connected)
-+ {
-+@@ -420,6 +371,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ struct knet_host *host;
-+ struct knet_link *link;
-+ int sock;
-++ uint8_t transport;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -488,6 +440,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * will clear link info during clear_config.
-+ */
-+ sock = link->outsock;
-++ transport = link->transport_type;
-+
-+ if ((transport_link_clear_config(knet_h, link) < 0) &&
-+ (errno != EBUSY)) {
-+@@ -502,7 +455,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ */
-+ if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-+ (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+- _link_del_all_acl(knet_h, sock);
-++ check_rmall(knet_h, sock, transport);
-+ }
-+
-+ memset(link, 0, sizeof(struct knet_link));
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 854f273..34bcce3 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -6,8 +6,6 @@
-+ * This software licensed under GPL-2.0+, LGPL-2.0+
-+ */
-+
-+-#include <sys/socket.h>
-+-#include <netinet/in.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+@@ -15,265 +13,125 @@
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-++#include "transport_common.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+
-+-/*
-+- * s6_addr32 is not defined in BSD userland, only kernel.
-+- * definition is the same as linux and it works fine for
-+- * what we need.
-+- */
-+-#ifndef s6_addr32
-+-#define s6_addr32 __u6_addr.__u6_addr32
-+-#endif
-+-
-+-/*
-+- * IPv4 See if the address we have matches the current match entry
-+- */
-+-
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+-{
-+- struct sockaddr_in *ip_to_check;
-+- struct sockaddr_in *match1;
-+- struct sockaddr_in *match2;
-+-
-+- ip_to_check = (struct sockaddr_in *)checkip;
-+- match1 = (struct sockaddr_in *)&match_entry->addr1;
-+- match2 = (struct sockaddr_in *)&match_entry->addr2;
-+-
-+- switch(match_entry->type) {
-+- case CHECK_TYPE_ADDRESS:
-+- if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-+- return 1;
-+- break;
-+- case CHECK_TYPE_MASK:
-+- if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-+- match1->sin_addr.s_addr)
-+- return 1;
-+- break;
-+- case CHECK_TYPE_RANGE:
-+- if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-+- (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-+- return 1;
-+- break;
-+-
-+- }
-+- return 0;
-+-}
-+-
-+-/*
-+- * Compare two IPv6 addresses
-+- */
-+-
-+-static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- uint64_t a_high, a_low;
-+- uint64_t b_high, b_low;
-++ int err = -1;
-+
-+- /* Not sure why '&' doesn't work below, so I used '+' instead which is effectively
-+- the same thing because the bottom 32bits are always zero and the value unsigned */
-+- a_high = ((uint64_t)htonl(a->s6_addr32[0]) << 32) + (uint64_t)htonl(a->s6_addr32[1]);
-+- a_low = ((uint64_t)htonl(a->s6_addr32[2]) << 32) + (uint64_t)htonl(a->s6_addr32[3]);
-+-
-+- b_high = ((uint64_t)htonl(b->s6_addr32[0]) << 32) + (uint64_t)htonl(b->s6_addr32[1]);
-+- b_low = ((uint64_t)htonl(b->s6_addr32[2]) << 32) + (uint64_t)htonl(b->s6_addr32[3]);
-+-
-+- if (a_high > b_high)
-+- return 1;
-+- if (a_high < b_high)
-+- return -1;
-+-
-+- if (a_low > b_low)
-+- return 1;
-+- if (a_low < b_low)
-+- return -1;
-+-
-+- return 0;
-+-}
-+-
-+-/*
-+- * IPv6 See if the address we have matches the current match entry
-+- */
-+-
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+-{
-+- struct sockaddr_in6 *ip_to_check;
-+- struct sockaddr_in6 *match1;
-+- struct sockaddr_in6 *match2;
-+- int i;
-+-
-+- ip_to_check = (struct sockaddr_in6 *)checkip;
-+- match1 = (struct sockaddr_in6 *)&match_entry->addr1;
-+- match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-+-
-+- switch(match_entry->type) {
-+- case CHECK_TYPE_ADDRESS:
-+- if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-+- return 1;
-+- break;
-+-
-+- case CHECK_TYPE_MASK:
-+- /*
-+- * Note that this little loop will quit early if there is a non-match so the
-+- * comparison might look backwards compared to the IPv4 one
-+- */
-+- for (i=sizeof(struct in6_addr)/4-1; i>=0; i--) {
-+- if ((ip_to_check->sin6_addr.s6_addr32[i] & match2->sin6_addr.s6_addr32[i]) !=
-+- match1->sin6_addr.s6_addr32[i])
-+- return 0;
-+- }
-+- return 1;
-+- case CHECK_TYPE_RANGE:
-+- if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-+- (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-+- return 1;
-+- break;
-++ switch(transport_get_proto(knet_h, transport)) {
-++ case LOOPBACK:
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ ip1, ip2, type, acceptreject);
-++ break;
-++ default:
-++ break;
-+ }
-+- return 0;
-++ return err;
-+ }
-+
-+-
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+- int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++ int err = -1;
-+
-+- if (checkip->ss_family == AF_INET){
-+- match_fn = ip_matches_v4;
-+- } else {
-+- match_fn = ip_matches_v6;
-+- }
-+-
-+- while (match_entry) {
-+- if (match_fn(checkip, match_entry)) {
-+- if (match_entry->acceptreject == CHECK_ACCEPT)
-+- return 1;
-+- else
-+- return 0;
-+- }
-+- match_entry = match_entry->next;
-++ switch(transport_get_proto(knet_h, transport)) {
-++ case LOOPBACK:
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ ip1, ip2, type, acceptreject);
-++ break;
-++ default:
-++ break;
-+ }
-+- return 0; /* Default reject */
-++ return err;
-+ }
-+
-+-/*
-+- * Routines to manuipulate access lists
-+- */
-+-
-+-void check_rmall(struct acl_match_entry **match_entry_head)
-++void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ {
-+- struct acl_match_entry *next_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+- while (match_entry) {
-+- next_match_entry = match_entry->next;
-+- free(match_entry);
-+- match_entry = next_match_entry;
-++ switch(transport_get_proto(knet_h, transport)) {
-++ case LOOPBACK:
-++ return;
-++ break;
-++ case IP_PROTO:
-++ ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++ break;
-++ default:
-++ break;
-+ }
-+- *match_entry_head = NULL;
-+ }
-+
-+-static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject)
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+- while (match_entry) {
-+- if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+- (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-+- (match_entry->type == type) &&
-+- (match_entry->acceptreject == acceptreject)) {
-+- return match_entry;
-+- }
-+- match_entry = match_entry->next;
-++ int err = -1;
-++
-++ switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++ case LOOPBACK:
-++ /*
-++ * loopback does not require access lists
-++ */
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ break;
-++ default:
-++ break;
-+ }
-+
-+- return NULL;
-++ return err;
-+ }
-+
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject)
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+- struct acl_match_entry *next_match_entry = NULL;
-+- struct acl_match_entry *rm_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+- rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+- if (!rm_match_entry) {
-+- return -1;
-+- }
-+-
-+- while (match_entry) {
-+- next_match_entry = match_entry->next;
-+- /*
-+- * we are removing the list head, be careful
-+- */
-+- if (rm_match_entry == match_entry) {
-+- *match_entry_head = next_match_entry;
-+- free(match_entry);
-++ int err = -1;
-++
-++ switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++ case LOOPBACK:
-++ /*
-++ * loopback does not require access lists
-++ */
-++ err = 0;
-++ break;
-++ case IP_PROTO:
-++ err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++ &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ break;
-+- }
-+- /*
-+- * the next one is the one we need to remove
-+- */
-+- if (rm_match_entry == next_match_entry) {
-+- match_entry->next = next_match_entry->next;
-+- free(next_match_entry);
-++ default:
-+ break;
-+- }
-+- match_entry = next_match_entry;
-+ }
-+
-+- return 0;
-++ return err;
-+ }
-+
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+- check_type_t type, check_acceptreject_t acceptreject)
-++/*
-++ * * return 0 to reject and 1 to accept a packet
-++ * */
-++int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+- struct acl_match_entry *new_match_entry;
-+- struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+- if (!ip1) {
-+- return -1;
-+- }
-+-
-+- if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-+- return -1;
-+- }
-+-
-+- if (type == CHECK_TYPE_RANGE &&
-+- (ip1->ss_family != ip2->ss_family))
-+- return -1;
-+-
-+- if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-+- return -1;
-+- }
-+-
-+- new_match_entry = malloc(sizeof(struct acl_match_entry));
-+- if (!new_match_entry)
-+- return -1;
-+-
-+- memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+- memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-+- new_match_entry->type = type;
-+- new_match_entry->acceptreject = acceptreject;
-+- new_match_entry->next = NULL;
-+-
-+- if (match_entry) {
-+- /* Find the end of the list */
-+- /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+- while (match_entry->next) {
-+- match_entry = match_entry->next;
-+- }
-+- match_entry->next = new_match_entry;
-+- } else {
-+- /*
-+- * first entry in the list
-+- */
-+- *match_entry_head = new_match_entry;
-++ switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++ case LOOPBACK:
-++ return 1;
-++ break;
-++ case IP_PROTO:
-++ return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++ break;
-++ default:
-++ break;
-+ }
-+-
-++ /*
-++ * reject by default
-++ */
-+ return 0;
-+ }
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+new file mode 100644
-+index 0000000..edc3ae1
-+--- /dev/null
-++++ b/libknet/links_acl_ip.c
-+@@ -0,0 +1,277 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include <sys/socket.h>
-++#include <netinet/in.h>
-++#include <stdint.h>
-++#include <string.h>
-++#include <stdlib.h>
-++
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl_ip.h"
-++
-++/*
-++ * s6_addr32 is not defined in BSD userland, only kernel.
-++ * definition is the same as linux and it works fine for
-++ * what we need.
-++ */
-++#ifndef s6_addr32
-++#define s6_addr32 __u6_addr.__u6_addr32
-++#endif
-++
-++/*
-++ * IPv4 See if the address we have matches the current match entry
-++ */
-++
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++{
-++ struct sockaddr_in *ip_to_check;
-++ struct sockaddr_in *match1;
-++ struct sockaddr_in *match2;
-++
-++ ip_to_check = (struct sockaddr_in *)checkip;
-++ match1 = (struct sockaddr_in *)&match_entry->addr1;
-++ match2 = (struct sockaddr_in *)&match_entry->addr2;
-++
-++ switch(match_entry->type) {
-++ case CHECK_TYPE_ADDRESS:
-++ if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-++ return 1;
-++ break;
-++ case CHECK_TYPE_MASK:
-++ if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-++ match1->sin_addr.s_addr)
-++ return 1;
-++ break;
-++ case CHECK_TYPE_RANGE:
-++ if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-++ (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-++ return 1;
-++ break;
-++
-++ }
-++ return 0;
-++}
-++
-++/*
-++ * Compare two IPv6 addresses
-++ */
-++
-++static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-++{
-++ uint64_t a_high, a_low;
-++ uint64_t b_high, b_low;
-++
-++ a_high = ((uint64_t)htonl(a->s6_addr32[0]) << 32) | (uint64_t)htonl(a->s6_addr32[1]);
-++ a_low = ((uint64_t)htonl(a->s6_addr32[2]) << 32) | (uint64_t)htonl(a->s6_addr32[3]);
-++
-++ b_high = ((uint64_t)htonl(b->s6_addr32[0]) << 32) | (uint64_t)htonl(b->s6_addr32[1]);
-++ b_low = ((uint64_t)htonl(b->s6_addr32[2]) << 32) | (uint64_t)htonl(b->s6_addr32[3]);
-++
-++ if (a_high > b_high)
-++ return 1;
-++ if (a_high < b_high)
-++ return -1;
-++
-++ if (a_low > b_low)
-++ return 1;
-++ if (a_low < b_low)
-++ return -1;
-++
-++ return 0;
-++}
-++
-++/*
-++ * IPv6 See if the address we have matches the current match entry
-++ */
-++
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++{
-++ struct sockaddr_in6 *ip_to_check;
-++ struct sockaddr_in6 *match1;
-++ struct sockaddr_in6 *match2;
-++ int i;
-++
-++ ip_to_check = (struct sockaddr_in6 *)checkip;
-++ match1 = (struct sockaddr_in6 *)&match_entry->addr1;
-++ match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-++
-++ switch(match_entry->type) {
-++ case CHECK_TYPE_ADDRESS:
-++ if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-++ return 1;
-++ break;
-++
-++ case CHECK_TYPE_MASK:
-++ /*
-++ * Note that this little loop will quit early if there is a non-match so the
-++ * comparison might look backwards compared to the IPv4 one
-++ */
-++ for (i=sizeof(struct in6_addr)/4-1; i>=0; i--) {
-++ if ((ip_to_check->sin6_addr.s6_addr32[i] & match2->sin6_addr.s6_addr32[i]) !=
-++ match1->sin6_addr.s6_addr32[i])
-++ return 0;
-++ }
-++ return 1;
-++ case CHECK_TYPE_RANGE:
-++ if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-++ (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-++ return 1;
-++ break;
-++ }
-++ return 0;
-++}
-++
-++
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++{
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++ int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++
-++ if (checkip->ss_family == AF_INET){
-++ match_fn = ip_matches_v4;
-++ } else {
-++ match_fn = ip_matches_v6;
-++ }
-++
-++ while (match_entry) {
-++ if (match_fn(checkip, match_entry)) {
-++ if (match_entry->acceptreject == CHECK_ACCEPT)
-++ return 1;
-++ else
-++ return 0;
-++ }
-++ match_entry = match_entry->next;
-++ }
-++ return 0; /* Default reject */
-++}
-++
-++/*
-++ * Routines to manuipulate access lists
-++ */
-++
-++void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-++{
-++ struct acl_match_entry *next_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ while (match_entry) {
-++ next_match_entry = match_entry->next;
-++ free(match_entry);
-++ match_entry = next_match_entry;
-++ }
-++ *match_entry_head = NULL;
-++}
-++
-++static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ while (match_entry) {
-++ if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-++ (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++ (match_entry->type == type) &&
-++ (match_entry->acceptreject == acceptreject)) {
-++ return match_entry;
-++ }
-++ match_entry = match_entry->next;
-++ }
-++
-++ return NULL;
-++}
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ struct acl_match_entry *next_match_entry = NULL;
-++ struct acl_match_entry *rm_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++ if (!rm_match_entry) {
-++ return -1;
-++ }
-++
-++ while (match_entry) {
-++ next_match_entry = match_entry->next;
-++ /*
-++ * we are removing the list head, be careful
-++ */
-++ if (rm_match_entry == match_entry) {
-++ *match_entry_head = next_match_entry;
-++ free(match_entry);
-++ break;
-++ }
-++ /*
-++ * the next one is the one we need to remove
-++ */
-++ if (rm_match_entry == next_match_entry) {
-++ match_entry->next = next_match_entry->next;
-++ free(next_match_entry);
-++ break;
-++ }
-++ match_entry = next_match_entry;
-++ }
-++
-++ return 0;
-++}
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ struct acl_match_entry *new_match_entry;
-++ struct acl_match_entry *match_entry = *match_entry_head;
-++
-++ if (!ip1) {
-++ return -1;
-++ }
-++
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++ return -1;
-++ }
-++
-++ if (type == CHECK_TYPE_RANGE &&
-++ (ip1->ss_family != ip2->ss_family))
-++ return -1;
-++
-++ if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++ return -1;
-++ }
-++
-++ new_match_entry = malloc(sizeof(struct acl_match_entry));
-++ if (!new_match_entry)
-++ return -1;
-++
-++ memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-++ memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-++ new_match_entry->type = type;
-++ new_match_entry->acceptreject = acceptreject;
-++ new_match_entry->next = NULL;
-++
-++ if (match_entry) {
-++ /* Find the end of the list */
-++ /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-++ while (match_entry->next) {
-++ match_entry = match_entry->next;
-++ }
-++ match_entry->next = new_match_entry;
-++ } else {
-++ /*
-++ * first entry in the list
-++ */
-++ *match_entry_head = new_match_entry;
-++ }
-++
-++ return 0;
-++}
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 133cd5a..8d9f4e0 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -16,6 +16,7 @@
-+
-+ #include "internals.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+
-+ static struct acl_match_entry *match_entry_v4;
-+ static struct acl_match_entry *match_entry_v6;
-+@@ -105,8 +106,8 @@ static int load_file(void)
-+ struct sockaddr_storage addr1;
-+ struct sockaddr_storage addr2;
-+
-+- check_rmall(&match_entry_v4);
-+- check_rmall(&match_entry_v6);
-++ ipcheck_rmall(&match_entry_v4);
-++ ipcheck_rmall(&match_entry_v6);
-+
-+ filterfile = fopen("int_links_acl.txt", "r");
-+ if (!filterfile) {
-+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
-+ }
-+ }
-+
-+- check_rmall(&match_entry_v4);
-+- check_rmall(&match_entry_v6);
-++ ipcheck_rmall(&match_entry_v4);
-++ ipcheck_rmall(&match_entry_v6);
-+ return 0;
-+ }
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 833938d..06a0168 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -721,27 +721,6 @@ out_pmtud:
-+ }
-+ }
-+
-+-/*
-+- * return 0 to reject and 1 to accept a packet
-+- */
-+-static int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, const struct knet_mmsghdr *msg)
-+-{
-+- switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-+- case LOOPBACK:
-+- return 1;
-+- break;
-+- case IP_PROTO:
-+- return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, msg->msg_hdr.msg_name);
-+- break;
-+- default:
-+- break;
-+- }
-+- /*
-+- * reject by default
-+- */
-+- return 0;
-+-}
-+-
-+ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg)
-+ {
-+ int err, savederrno;
-+@@ -829,13 +808,13 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+ */
-+ if ((knet_h->use_access_lists) &&
-+ (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+- if (!_generic_filter_packet_by_acl(knet_h, sockfd, &msg[i])) {
-++ if (!_generic_filter_packet_by_acl(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-+ char src_ipaddr[KNET_MAX_HOST_LEN];
-+ char src_port[KNET_MAX_PORT_LEN];
-+
-+ memset(src_ipaddr, 0, KNET_MAX_HOST_LEN);
-+ memset(src_port, 0, KNET_MAX_PORT_LEN);
-+- knet_addrtostr(msg->msg_hdr.msg_name, sockaddr_len(msg->msg_hdr.msg_name),
-++ knet_addrtostr(msg[i].msg_hdr.msg_name, sockaddr_len(msg[i].msg_hdr.msg_name),
-+ src_ipaddr, KNET_MAX_HOST_LEN,
-+ src_port, KNET_MAX_PORT_LEN);
-+
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 0d69a33..ce3e98e 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -20,6 +20,7 @@
-+ #include "host.h"
-+ #include "links.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+ #include "logging.h"
-+ #include "common.h"
-+ #include "transport_common.h"
-+@@ -730,12 +731,13 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+ addr_str, port_str);
-+ if (knet_h->use_access_lists) {
-+- if (!ipcheck_validate(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry, &ss)) {
-++ if (!_generic_filter_packet_by_acl(knet_h, listen_sock, &ss)) {
-+ savederrno = EINVAL;
-+ err = -1;
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-+ close(new_fd);
-+- goto exit_error;
-++ errno = savederrno;
-++ return;
-+ }
-+ }
-+
-+@@ -946,8 +948,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ */
-+ knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+ if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ err = check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ if (err) {
-+ return NULL;
-+ }
-+@@ -1005,8 +1007,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+ goto exit_error;
-+ }
-+
-+- if (ipcheck_addip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ if (check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-+ savederrno = errno;
-+ err = -1;
-+ log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-+@@ -1036,8 +1038,8 @@ exit_error:
-+ if (info->on_listener_epoll) {
-+ epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+ }
-+- ipcheck_rmip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++ check_rm(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ if (listen_sock >= 0) {
-+ close(listen_sock);
-+ }
-+@@ -1076,8 +1078,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+ }
-+ }
-+
-+- if (ipcheck_rmip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-+- &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++ if (check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++ &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-+ }
-+
-+@@ -1111,7 +1113,7 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+ goto exit_error;
-+ }
-+
-+- check_rmall(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry);
-++ check_rmall(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP);
-+
-+ close(info->listen_sock);
-+
-diff --git a/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch b/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
-new file mode 100644
-index 0000000..7fd5b1c
---- /dev/null
-+++ b/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
-@@ -0,0 +1,70 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:29:07 +0100
-+Subject: [access lists] remove 2 unnecessary wrappers
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f5cba0f7608bed1e142f30c9e04e05b4ba56606c)
-+---
-+ libknet/links_acl.h | 3 ---
-+ libknet/links.c | 8 ++++++--
-+ libknet/links_acl.c | 12 ------------
-+ 3 files changed, 6 insertions(+), 17 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 0ad50e6..b083753 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -39,7 +39,4 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+ int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-
-+ #endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 07ef26e..1693df6 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,7 +245,9 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+ log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+ host_id, link_id, link->outsock);
-+- if (_link_add_default_acl(knet_h, link) < 0) {
-++ if (check_add(knet_h, link->outsock, transport,
-++ &link->dst_addr, &link->dst_addr,
-++ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+ log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+ savederrno = errno;
-+ err = -1;
-+@@ -426,7 +428,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ */
-+ if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+- if (_link_rm_default_acl(knet_h, link) < 0) {
-++ if (check_rm(knet_h, link->outsock, link->transport_type,
-++ &link->dst_addr, &link->dst_addr,
-++ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+ err = -1;
-+ savederrno = EBUSY;
-+ log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 520a934..93cc5af 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -91,15 +91,3 @@ int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *ch
-+ */
-+ return 0;
-+ }
-+-
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+- return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-+- &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-diff --git a/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch b/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-new file mode 100644
-index 0000000..a4628d7
---- /dev/null
-+++ b/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-@@ -0,0 +1,219 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 28 Feb 2019 08:22:43 +0100
-+Subject: [access lists] rename ip1/2 to ss1/2 to keep it more generic
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 118c7c415fbe9e47137c34607f26ac9b5b42fbf4)
-+---
-+ libknet/links_acl.h | 8 ++++----
-+ libknet/links_acl_ip.h | 4 ++--
-+ libknet/links_acl_loopback.h | 4 ++--
-+ libknet/links_acl.c | 8 ++++----
-+ libknet/links_acl_ip.c | 24 ++++++++++++------------
-+ libknet/links_acl_loopback.c | 4 ++--
-+ 6 files changed, 26 insertions(+), 26 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index cc4fdaf..a64faa1 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -28,21 +28,21 @@ typedef struct {
-+ int (*protocheck_validate) (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+ int (*protocheck_add) (void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ int (*protocheck_rm) (void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ void (*protocheck_rmall) (void *fd_tracker_match_entry_head);
-+ } check_ops_t;
-+
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index c475db9..e069b99 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -15,11 +15,11 @@
-+ int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ void ipcheck_rmall(void *fd_tracker_match_entry_head);
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index 0f86222..73a9704 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -15,11 +15,11 @@
-+ int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+
-+ int loopbackcheck_add(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+
-+ void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index a941dde..0b1fcd0 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -32,21 +32,21 @@ static check_ops_t proto_check_modules_cmds[] = {
-+ */
-+
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-+ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+- ip1, ip2, type, acceptreject);
-++ ss1, ss2, type, acceptreject);
-+ }
-+
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rm(
-+ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+- ip1, ip2, type, acceptreject);
-++ ss1, ss2, type, acceptreject);
-+ }
-+
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index e72a382..2682a70 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -185,14 +185,14 @@ void ipcheck_rmall(void *fd_tracker_match_entry_head)
-+ }
-+
-+ static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+ while (match_entry) {
-+- if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+- (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++ if ((!memcmp(&match_entry->addr1, ss1, sizeof(struct sockaddr_storage))) &&
-++ (!memcmp(&match_entry->addr2, ss2, sizeof(struct sockaddr_storage))) &&
-+ (match_entry->type == type) &&
-+ (match_entry->acceptreject == acceptreject)) {
-+ return match_entry;
-+@@ -204,7 +204,7 @@ static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **
-+ }
-+
-+ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+@@ -212,7 +212,7 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+ struct ip_acl_match_entry *rm_match_entry;
-+ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+- rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++ rm_match_entry = ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject);
-+ if (!rm_match_entry) {
-+ errno = ENOENT;
-+ return -1;
-+@@ -243,30 +243,30 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+ }
-+
-+ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+ struct ip_acl_match_entry *new_match_entry;
-+ struct ip_acl_match_entry *match_entry = *match_entry_head;
-+
-+- if (!ip1) {
-++ if (!ss1) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+- if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++ if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (type == CHECK_TYPE_RANGE &&
-+- (ip1->ss_family != ip2->ss_family)) {
-++ (ss1->ss_family != ss2->ss_family)) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+- if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++ if (ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject) != NULL) {
-+ errno = EEXIST;
-+ return -1;
-+ }
-+@@ -276,8 +276,8 @@ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+ return -1;
-+ }
-+
-+- memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+- memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-++ memmove(&new_match_entry->addr1, ss1, sizeof(struct sockaddr_storage));
-++ memmove(&new_match_entry->addr2, ss2, sizeof(struct sockaddr_storage));
-+ new_match_entry->type = type;
-+ new_match_entry->acceptreject = acceptreject;
-+ new_match_entry->next = NULL;
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 42559f3..bb69130 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -27,14 +27,14 @@ void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
-+ }
-+
-+ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ return 0;
-+ }
-+
-+ int loopbackcheck_add(void *fd_tracker_match_entry_head,
-+- struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+ return 0;
-diff --git a/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch b/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
-new file mode 100644
-index 0000000..91c2bb8
---- /dev/null
-+++ b/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
-@@ -0,0 +1,50 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 5 Mar 2019 05:16:29 +0100
-+Subject: [access lists] test implicit access lists management for UDP,
-+ SCTP and LOOPBACK
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dc7731abeff323785291207b91d23173bf0bb458)
-+---
-+ libknet/tests/api_knet_send.c | 8 ++++++++
-+ libknet/tests/api_knet_send_loopback.c | 8 ++++++++
-+ 2 files changed, 16 insertions(+)
-+
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index 1c55db1..9e81d03 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -145,6 +145,14 @@ static void test(uint8_t transport)
-+
-+ printf("Test knet_send with valid data\n");
-+
-++ if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++ printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-+ if (knet_handle_enable_sock_notify(knet_h, &private_data, sock_notify) < 0) {
-+ printf("knet_handle_enable_sock_notify failed: %s\n", strerror(errno));
-+ knet_handle_free(knet_h);
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 16a4624..0cfd29f 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -168,6 +168,14 @@ static void test(void)
-+ flush_logs(logfds[0], stdout);
-+ printf("Test knet_send with valid data\n");
-+
-++ if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++ printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-+ if (knet_link_clear_config(knet_h, 1, 0) < 0) {
-+ printf("Failed to clear existing UDP link: %s\n", strerror(errno));
-+ knet_host_remove(knet_h, 1);
-diff --git a/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch b/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
-new file mode 100644
-index 0000000..bb00a3f
---- /dev/null
-+++ b/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
-@@ -0,0 +1,309 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 13:34:11 +0100
-+Subject: [access lists] use arrays to access per-protocol functions
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ce8b773ed76102719c1e4a8859854e01a250b482)
-+---
-+ libknet/Makefile.am | 2 ++
-+ libknet/tests/Makefile.am | 3 +-
-+ libknet/internals.h | 8 ++---
-+ libknet/links_acl.h | 16 ++++++++++
-+ libknet/links_acl_loopback.h | 27 +++++++++++++++++
-+ libknet/links_acl.c | 71 ++++++++++----------------------------------
-+ libknet/links_acl_loopback.c | 41 +++++++++++++++++++++++++
-+ libknet/transports.c | 6 ++--
-+ 8 files changed, 110 insertions(+), 64 deletions(-)
-+ create mode 100644 libknet/links_acl_loopback.h
-+ create mode 100644 libknet/links_acl_loopback.c
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index b60427c..0be4fff 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -33,6 +33,7 @@ sources = \
-+ links.c \
-+ links_acl.c \
-+ links_acl_ip.c \
-++ links_acl_loopback.c \
-+ logging.c \
-+ netutils.c \
-+ threads_common.c \
-+@@ -65,6 +66,7 @@ noinst_HEADERS = \
-+ links.h \
-+ links_acl.h \
-+ links_acl_ip.h \
-++ links_acl_loopback.h \
-+ logging.h \
-+ netutils.h \
-+ onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 2f22293..eae5c80 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -79,7 +79,8 @@ int_links_acl_test_SOURCES = int_links_acl.c \
-+ ../transport_sctp.c \
-+ ../transport_udp.c \
-+ ../links_acl.c \
-+- ../links_acl_ip.c
-++ ../links_acl_ip.c \
-++ ../links_acl_loopback.c
-+
-+ int_timediff_test_SOURCES = int_timediff.c
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 27eea2a..d482674 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -265,10 +265,8 @@ extern pthread_rwlock_t shlib_rwlock; /* global shared lib load lock */
-+ * to use for access lists and other operations
-+ */
-+
-+-typedef enum {
-+- LOOPBACK,
-+- IP_PROTO
-+-} transport_proto;
-++#define TRANSPORT_PROTO_LOOPBACK 0
-++#define TRANSPORT_PROTO_IP_PROTO 1
-+
-+ /*
-+ * some transports like SCTP can filter incoming
-+@@ -299,7 +297,7 @@ typedef struct knet_transport_ops {
-+ const uint8_t transport_id;
-+ const uint8_t built_in;
-+
-+- transport_proto transport_protocol;
-++ uint8_t transport_protocol;
-+ transport_acl transport_acl_type;
-+
-+ /*
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 84ae6b9..cc4fdaf 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -22,6 +22,22 @@ typedef enum {
-+ CHECK_REJECT
-+ } check_acceptreject_t;
-+
-++typedef struct {
-++ uint8_t transport_proto;
-++
-++ int (*protocheck_validate) (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-++
-++ int (*protocheck_add) (void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++ int (*protocheck_rm) (void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++ void (*protocheck_rmall) (void *fd_tracker_match_entry_head);
-++} check_ops_t;
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+new file mode 100644
-+index 0000000..0f86222
-+--- /dev/null
-++++ b/libknet/links_acl_loopback.h
-+@@ -0,0 +1,27 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#ifndef __KNET_LINKS_ACL_LOOPBACK_H__
-++#define __KNET_LINKS_ACL_LOOPBACK_H__
-++
-++#include "internals.h"
-++#include "links_acl.h"
-++
-++int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-++
-++int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject);
-++
-++void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
-++
-++#endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index f2c772d..a941dde 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -19,6 +19,12 @@
-+ #include "transport_common.h"
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-++#include "links_acl_loopback.h"
-++
-++static check_ops_t proto_check_modules_cmds[] = {
-++ { TRANSPORT_PROTO_LOOPBACK, loopbackcheck_validate, loopbackcheck_add, loopbackcheck_rm, loopbackcheck_rmall },
-++ { TRANSPORT_PROTO_IP_PROTO, ipcheck_validate, ipcheck_addip, ipcheck_rmip, ipcheck_rmall }
-++};
-+
-+ /*
-+ * all those functions will return errno from the
-+@@ -29,56 +35,24 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, transport)) {
-+- case LOOPBACK:
-+- errno = 0;
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+- ip1, ip2, type, acceptreject);
-+- break;
-+- default:
-+- break;
-+- }
-+- return err;
-++ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-++ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++ ip1, ip2, type, acceptreject);
-+ }
-+
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+ check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+- int err = -1;
-+-
-+- switch(transport_get_proto(knet_h, transport)) {
-+- case LOOPBACK:
-+- errno = 0;
-+- err = 0;
-+- break;
-+- case IP_PROTO:
-+- err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+- ip1, ip2, type, acceptreject);
-+- break;
-+- default:
-+- break;
-+- }
-+- return err;
-++ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rm(
-++ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++ ip1, ip2, type, acceptreject);
-+ }
-+
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ {
-+- switch(transport_get_proto(knet_h, transport)) {
-+- case LOOPBACK:
-+- return;
-+- break;
-+- case IP_PROTO:
-+- ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+- break;
-+- default:
-+- break;
-+- }
-++ proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rmall(
-++ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+ }
-+
-+ /*
-+@@ -86,19 +60,6 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ */
-+ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip)
-+ {
-+- switch(transport_get_proto(knet_h, transport)) {
-+- case LOOPBACK:
-+- errno = 0;
-+- return 1;
-+- break;
-+- case IP_PROTO:
-+- return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+- break;
-+- default:
-+- break;
-+- }
-+- /*
-+- * reject by default
-+- */
-+- return 0;
-++ return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_validate(
-++ &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+ }
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+new file mode 100644
-+index 0000000..42559f3
-+--- /dev/null
-++++ b/libknet/links_acl_loopback.c
-+@@ -0,0 +1,41 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl.h"
-++#include "links_acl_loopback.h"
-++
-++int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
-++{
-++ return 1;
-++}
-++
-++void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
-++{
-++ return;
-++}
-++
-++int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ return 0;
-++}
-++
-++int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++ struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++ check_type_t type, check_acceptreject_t acceptreject)
-++{
-++ return 0;
-++}
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 69ea091..6ded675 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -30,11 +30,11 @@
-+ #define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+- { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+- { "UDP", KNET_TRANSPORT_UDP, 1, IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++ { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++ { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+ { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+- 1, IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++ 1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-diff --git a/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch b/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
-new file mode 100644
-index 0000000..cbba12f
---- /dev/null
-+++ b/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
-@@ -0,0 +1,95 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 12:12:09 +0100
-+Subject: [access lists] use better name for fd_tracker structure
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit bc25626d5585ac267029470cf518852017d3740b)
-+---
-+ libknet/internals.h | 10 +++++-----
-+ libknet/links_acl.c | 8 ++++----
-+ libknet/tests/api_knet_link_set_config.c | 4 ++--
-+ 3 files changed, 11 insertions(+), 11 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 2135fb8..27eea2a 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -130,11 +130,11 @@ struct knet_sock {
-+ };
-+
-+ struct knet_fd_trackers {
-+- uint8_t transport; /* transport type (UDP/SCTP...) */
-+- uint8_t data_type; /* internal use for transport to define what data are associated
-+- * to this fd */
-+- void *data; /* pointer to the data */
-+- void *match_entry; /* pointer to access list match_entry list head */
-++ uint8_t transport; /* transport type (UDP/SCTP...) */
-++ uint8_t data_type; /* internal use for transport to define what data are associated
-++ * to this fd */
-++ void *data; /* pointer to the data */
-++ void *access_list_match_entry_head; /* pointer to access list match_entry list head */
-+ };
-+
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index b1d7ab4..f2c772d 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -37,7 +37,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -58,7 +58,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ err = 0;
-+ break;
-+ case IP_PROTO:
-+- err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++ err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+ ip1, ip2, type, acceptreject);
-+ break;
-+ default:
-+@@ -74,7 +74,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ return;
-+ break;
-+ case IP_PROTO:
-+- ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++ ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+ break;
-+ default:
-+ break;
-+@@ -92,7 +92,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+ return 1;
-+ break;
-+ case IP_PROTO:
-+- return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-++ return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+ break;
-+ default:
-+ break;
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index 5fed9be..b96c628 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -145,7 +145,7 @@ static void test(void)
-+ host = knet_h->host_index[1];
-+ link = &host->link[0];
-+
-+- if (knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++ if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-+ printf("found access lists for dynamic dst_addr!\n");
-+ knet_link_clear_config(knet_h, 1, 0);
-+ knet_host_remove(knet_h, 1);
-+@@ -262,7 +262,7 @@ static void test(void)
-+ host = knet_h->host_index[1];
-+ link = &host->link[0];
-+
-+- if (!knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++ if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-+ printf("Unable to find default access lists for static dst_addr!\n");
-+ knet_link_clear_config(knet_h, 1, 0);
-+ knet_host_remove(knet_h, 1);
-diff --git a/debian/patches/acl-Fix-English-in-commments.patch b/debian/patches/acl-Fix-English-in-commments.patch
-new file mode 100644
-index 0000000..7e55364
---- /dev/null
-+++ b/debian/patches/acl-Fix-English-in-commments.patch
-@@ -0,0 +1,106 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Thu, 7 Mar 2019 10:04:41 +0000
-+Subject: acl: Fix English in commments
-+
-+(cherry picked from commit e9b656bebb0615c2b2419929cadfb71e3941af34)
-+---
-+ libknet/internals.h | 2 +-
-+ libknet/libknet.h | 27 ++++++++++++++-------------
-+ 2 files changed, 15 insertions(+), 14 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 8976a8c..12f613c 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -132,7 +132,7 @@ struct knet_sock {
-+ struct knet_fd_trackers {
-+ uint8_t transport; /* transport type (UDP/SCTP...) */
-+ uint8_t data_type; /* internal use for transport to define what data are associated
-+- * to this fd */
-++ * with this fd */
-+ void *data; /* pointer to the data */
-+ void *access_list_match_entry_head; /* pointer to access list match_entry list head */
-+ };
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index d616e11..50ed70d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -523,15 +523,16 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+ *
-+ * knet will automatically generate access lists for point to point links.
-+ *
-+- * For open links, knet provides 3 API calls to manipulate access lists:
-+- * knet_link_add_acl(3), knet_link_rm_acl(3) and knet_link_clear_acl(3).
-+- * Those API calls will work only and exclusively on open links as they
-+- * provide no use for point to point links.
-++ * For open links, knet provides 4 API calls to manipulate access lists:
-++ * knet_link_add_acl(3), knet_link_rm_acl(3), knet_link_insert_acl(3)
-++ * and knet_link_clear_acl(3).
-++ * Those API calls will work exclusively on open links as they
-++ * are of no use on point to point links.
-+ *
-+ * knet will not enforce any access list unless specifically enabled by
-+ * knet_handle_enable_access_lists(3).
-+ *
-+- * From a security / programming perspective we recommend to:
-++ * From a security / programming perspective we recommend:
-+ * - create the knet handle
-+ * - enable access lists
-+ * - configure hosts and links
-+@@ -1478,13 +1479,13 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-+
-+ /*
-+- * access lists management for open links
-++ * Access lists management for open links
-+ * see also knet_handle_enable_access_lists(3)
-+ */
-+
-+ /*
-+ * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-+- * for example: 10.1.9.3/32
-++ * for example: 10.1.9.3
-+ * and the entry is stored in ss1. ss2 can be NULL.
-+ *
-+ * CHECK_TYPE_MASK is used to configure network/netmask.
-+@@ -1495,9 +1496,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * for example: 172.16.0.1-172.16.0.10
-+ * the start is stored in ss1 and the end in ss2.
-+ *
-+- * Please be aware that the above examples refers only to IP based protocols.
-++ * Please be aware that the above examples refer only to IP based protocols.
-+ * Other protocols might use ss1 and ss2 in slightly different ways.
-+- * At the moment knet only supports IP based protocol and that might change
-++ * At the moment knet only supports IP based protocol, though that might change
-+ * in the future.
-+ */
-+
-+@@ -1531,7 +1532,7 @@ typedef enum {
-+ *
-+ * IMPORTANT: the order in which access lists are added is critical and it
-+ * is left to the user to add them in the right order. knet
-+- * will do no attempt to logically sort them.
-++ * will not attempt to logically sort them.
-+ *
-+ * For example:
-+ * 1 - accept from 10.0.0.0/8
-+@@ -1568,7 +1569,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+ * link_id - see knet_link_set_config(3)
-+ *
-+ * index - insert at position "index" where 0 is the first entry and -1
-+- * append to the current list.
-++ * appends to the current list.
-+ *
-+ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+ *
-+@@ -1597,8 +1598,8 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ *
-+ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+ *
-+- * IMPORTANT: the data passed to this API call must match exactly the ones used
-+- * in knet_link_add_acl(3).
-++ * IMPORTANT: the data passed to this API call must match exactly that passed
-++ * to knet_link_add_acl(3).
-+ *
-+ * @return
-+ * knet_link_rm_acl
-diff --git a/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch b/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
-new file mode 100644
-index 0000000..683d8e6
---- /dev/null
-+++ b/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
-@@ -0,0 +1,235 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 8 Feb 2019 14:29:50 +0100
-+Subject: [acl] add knet_handle_enable_access_lists api call
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 2a325c9fc388c91fd9969378d5822db87b9d364b)
-+---
-+ libknet/internals.h | 1 +
-+ libknet/libknet.h | 22 +++++
-+ libknet/handle.c | 36 ++++++++
-+ .../tests/api_knet_handle_enable_access_lists.c | 100 +++++++++++++++++++++
-+ libknet/tests/api-check.mk | 4 +
-+ 5 files changed, 163 insertions(+)
-+ create mode 100644 libknet/tests/api_knet_handle_enable_access_lists.c
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 57da5b4..d33646f 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -158,6 +158,7 @@ struct knet_handle {
-+ int send_to_links_epollfd;
-+ int recv_from_links_epollfd;
-+ int dst_link_handler_epollfd;
-++ uint8_t use_access_lists; /* set to 0 for disable, 1 for enable */
-+ unsigned int pmtud_interval;
-+ unsigned int data_mtu; /* contains the max data size that we can send onwire
-+ * without frags */
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index c7f44d7..4283afe 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -502,6 +502,28 @@ int knet_handle_enable_filter(knet_handle_t knet_h,
-+
-+ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+
-++/**
-++ * knet_handle_enable_access_lists
-++ *
-++ * @brief Start packet forwarding
-++ *
-++ * knet_h - pointer to knet_handle_t
-++ *
-++ * enable - set to 1 to use ip access lists, 0 to disable ip access_lists.
-++ *
-++ * @return
-++ * knet_handle_enable_access_lists returns
-++ * 0 on success
-++ * -1 on error and errno is set.
-++ *
-++ * By default access lists usage is off, but default internal access lists
-++ * will be populated regardless, but not enforced. TODO add long explanation
-++ * on internal access lists for point to point connections vs global
-++ * listeners etc.
-++ */
-++
-++int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled);
-++
-+ #define KNET_PMTUD_DEFAULT_INTERVAL 60
-+
-+ /**
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index b7aa2fd..6cd49f5 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1186,6 +1186,42 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled)
-+ return 0;
-+ }
-+
-++int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled)
-++{
-++ int savederrno = 0;
-++
-++ if (!knet_h) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ if (enabled > 1) {
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ savederrno = get_global_wrlock(knet_h);
-++ if (savederrno) {
-++ log_err(knet_h, KNET_SUB_HANDLE, "Unable to get write lock: %s",
-++ strerror(savederrno));
-++ errno = savederrno;
-++ return -1;
-++ }
-++
-++ knet_h->use_access_lists = enabled;
-++
-++ if (enabled) {
-++ log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are enabled");
-++ } else {
-++ log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are disabled");
-++ }
-++
-++ pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++ errno = 0;
-++ return 0;
-++}
-++
-+ int knet_handle_pmtud_getfreq(knet_handle_t knet_h, unsigned int *interval)
-+ {
-+ int savederrno = 0;
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+new file mode 100644
-+index 0000000..fc3bcc1
-+--- /dev/null
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -0,0 +1,100 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++
-++#include "libknet.h"
-++#include "internals.h"
-++
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++ knet_handle_t knet_h;
-++ int logfds[2];
-++
-++ printf("Test knet_handle_enable_access_lists with invalid knet_h\n");
-++
-++ if ((!knet_handle_enable_access_lists(NULL, 0)) || (errno != EINVAL)) {
-++ printf("knet_handle_enable_access_lists accepted invalid knet_h parameter\n");
-++ exit(FAIL);
-++ }
-++
-++ setup_logpipes(logfds);
-++
-++ printf("Test knet_handle_enable_access_lists with invalid param (2) \n");
-++
-++ knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++ if ((!knet_handle_enable_access_lists(knet_h, 2)) || (errno != EINVAL)) {
-++ printf("knet_handle_enable_access_lists accepted invalid param for enabled: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_handle_enable_access_lists with valid param (1) \n");
-++
-++ if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++ printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_h->use_access_lists != 1) {
-++ printf("knet_handle_enable_access_lists failed to set correct value");
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_handle_enable_access_lists with valid param (0) \n");
-++
-++ if (knet_handle_enable_access_lists(knet_h, 0) < 0) {
-++ printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ if (knet_h->use_access_lists != 0) {
-++ printf("knet_handle_enable_access_lists failed to set correct value");
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++ test();
-++
-++ return PASS;
-++}
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 7beba53..247ed58 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -12,6 +12,7 @@ api_checks = \
-+ api_knet_handle_compress_test \
-+ api_knet_handle_crypto_test \
-+ api_knet_handle_setfwd_test \
-++ api_knet_handle_enable_access_lists_test \
-+ api_knet_handle_enable_filter_test \
-+ api_knet_handle_enable_sock_notify_test \
-+ api_knet_handle_add_datafd_test \
-+@@ -87,6 +88,9 @@ api_knet_handle_crypto_test_SOURCES = api_knet_handle_crypto.c \
-+ api_knet_handle_setfwd_test_SOURCES = api_knet_handle_setfwd.c \
-+ test-common.c
-+
-++api_knet_handle_enable_access_lists_test_SOURCES = api_knet_handle_enable_access_lists.c \
-++ test-common.c
-++
-+ api_knet_handle_enable_filter_test_SOURCES = api_knet_handle_enable_filter.c \
-+ test-common.c
-+
-diff --git a/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch b/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-new file mode 100644
-index 0000000..c9a98b3
---- /dev/null
-+++ b/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-@@ -0,0 +1,186 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 5 Jan 2019 09:04:38 +0100
-+Subject: [acl] move poc-code into libknet dir and rename to links_acl.*
-+MIME-Version: 1.0
-+Content-Type: text/plain; charset="utf-8"
-+Content-Transfer-Encoding: 8bit
-+
-+code is not integrated yet and test suite can´t run standalone
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d7fb8af3a8be37f12e0149d49280762e2bdb9b16)
-+---
-+ .../tests/int_links_acl.txt | 0
-+ configure.ac | 1 -
-+ libknet/Makefile.am | 2 ++
-+ libknet/tests/Makefile.am | 8 +++++++-
-+ poc-code/Makefile.am | 2 +-
-+ poc-code/access-list/Makefile.am | 22 ----------------------
-+ .../access-list/ipcheck.h => libknet/links_acl.h | 0
-+ .../access-list/ipcheck.c => libknet/links_acl.c | 2 +-
-+ .../tests/int_links_acl.c | 6 +++---
-+ 9 files changed, 14 insertions(+), 29 deletions(-)
-+ rename poc-code/access-list/test_ipcheck.txt => libknet/tests/int_links_acl.txt (100%)
-+ delete mode 100644 poc-code/access-list/Makefile.am
-+ rename poc-code/access-list/ipcheck.h => libknet/links_acl.h (100%)
-+ rename poc-code/access-list/ipcheck.c => libknet/links_acl.c (99%)
-+ rename poc-code/access-list/test_ipcheck.c => libknet/tests/int_links_acl.c (96%)
-+
-+diff --git a/poc-code/access-list/test_ipcheck.txt b/libknet/tests/int_links_acl.txt
-+similarity index 100%
-+rename from poc-code/access-list/test_ipcheck.txt
-+rename to libknet/tests/int_links_acl.txt
-+diff --git a/configure.ac b/configure.ac
-+index 9df6831..30c57f0 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -463,7 +463,6 @@ AC_CONFIG_FILES([
-+ man/Doxyfile-nozzle
-+ poc-code/Makefile
-+ poc-code/iov-hash/Makefile
-+- poc-code/access-list/Makefile
-+ ])
-+
-+ if test "x$VERSION" = "xUNKNOWN"; then
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 906fd01..4ea42d9 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -31,6 +31,7 @@ sources = \
-+ handle.c \
-+ host.c \
-+ links.c \
-++ links_acl.c \
-+ logging.c \
-+ netutils.c \
-+ threads_common.c \
-+@@ -61,6 +62,7 @@ noinst_HEADERS = \
-+ host.h \
-+ internals.h \
-+ links.h \
-++ links_acl.h \
-+ logging.h \
-+ netutils.h \
-+ onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index c00e624..f74cb04 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -13,7 +13,8 @@ include $(top_srcdir)/libknet/tests/api-check.mk
-+
-+ EXTRA_DIST = \
-+ api-test-coverage \
-+- api-check.mk
-++ api-check.mk \
-++ int_links_acl.txt
-+
-+ AM_CPPFLAGS = -I$(top_srcdir)/libknet
-+ AM_CFLAGS += $(PTHREAD_CFLAGS)
-+@@ -40,9 +41,11 @@ fun_checks =
-+ benchmarks = \
-+ knet_bench_test
-+
-++# int_links_acl_test can´t run yet standalone
-+ noinst_PROGRAMS = \
-+ api_knet_handle_new_limit_test \
-+ pckt_test \
-++ int_links_acl_test \
-+ $(benchmarks) \
-+ $(check_PROGRAMS)
-+
-+@@ -64,6 +67,9 @@ check-api-test-coverage:
-+
-+ pckt_test_SOURCES = pckt_test.c
-+
-++int_links_acl_test_SOURCES = int_links_acl.c \
-++ ../links_acl.c
-++
-+ int_timediff_test_SOURCES = int_timediff.c
-+
-+ knet_bench_test_SOURCES = knet_bench.c \
-+diff --git a/poc-code/Makefile.am b/poc-code/Makefile.am
-+index e1b1a73..15d12f7 100644
-+--- a/poc-code/Makefile.am
-++++ b/poc-code/Makefile.am
-+@@ -10,4 +10,4 @@ MAINTAINERCLEANFILES = Makefile.in
-+
-+ include $(top_srcdir)/build-aux/check.mk
-+
-+-SUBDIRS = access-list iov-hash
-++SUBDIRS = iov-hash
-+diff --git a/poc-code/access-list/Makefile.am b/poc-code/access-list/Makefile.am
-+deleted file mode 100644
-+index 80c49c2..0000000
-+--- a/poc-code/access-list/Makefile.am
-++++ /dev/null
-+@@ -1,22 +0,0 @@
-+-#
-+-# Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+-#
-+-# Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+-#
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-+-#
-+-
-+-MAINTAINERCLEANFILES = Makefile.in
-+-
-+-include $(top_srcdir)/build-aux/check.mk
-+-
-+-# override global LIBS that pulls in lots of craft we don't need here
-+-LIBS =
-+-
-+-EXTRA_DIST = test_ipcheck.txt
-+-
-+-noinst_PROGRAMS = test_ipcheck
-+-
-+-noinst_HEADERS = ipcheck.h
-+-
-+-test_ipcheck_SOURCES = ipcheck.c test_ipcheck.c
-+diff --git a/poc-code/access-list/ipcheck.h b/libknet/links_acl.h
-+similarity index 100%
-+rename from poc-code/access-list/ipcheck.h
-+rename to libknet/links_acl.h
-+diff --git a/poc-code/access-list/ipcheck.c b/libknet/links_acl.c
-+similarity index 99%
-+rename from poc-code/access-list/ipcheck.c
-+rename to libknet/links_acl.c
-+index 9774a46..e7b5602 100644
-+--- a/poc-code/access-list/ipcheck.c
-++++ b/libknet/links_acl.c
-+@@ -11,7 +11,7 @@
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <malloc.h>
-+-#include "ipcheck.h"
-++#include "links_acl.h"
-+
-+ struct ip_match_entry {
-+ ipcheck_type_t type;
-+diff --git a/poc-code/access-list/test_ipcheck.c b/libknet/tests/int_links_acl.c
-+similarity index 96%
-+rename from poc-code/access-list/test_ipcheck.c
-+rename to libknet/tests/int_links_acl.c
-+index 46a750b..27ac545 100644
-+--- a/poc-code/access-list/test_ipcheck.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -14,7 +14,7 @@
-+ #include <string.h>
-+ #include <netdb.h>
-+ #include <malloc.h>
-+-#include "ipcheck.h"
-++#include "links_acl.h"
-+
-+ /* This is a test program .. remember! */
-+ #define BUFLEN 1024
-+@@ -103,9 +103,9 @@ static int load_file(void)
-+
-+ ipcheck_clear();
-+
-+- filterfile = fopen("test_ipcheck.txt", "r");
-++ filterfile = fopen("int_links_acl.txt", "r");
-+ if (!filterfile) {
-+- fprintf(stderr, "Cannot open test_ipcheck.txt\n");
-++ fprintf(stderr, "Cannot open int_links_acl.txt\n");
-+ return 1;
-+ }
-+
-diff --git a/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch b/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
-new file mode 100644
-index 0000000..a5aabe1
---- /dev/null
-+++ b/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
-@@ -0,0 +1,23 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 9 May 2019 16:36:07 +0200
-+Subject: [build] bump soname to indicate new API calls
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 460fca5e33d52c560e34b1edf60f350efb6023a5)
-+---
-+ libknet/Makefile.am | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 90ddfba..8adcc40 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -18,7 +18,7 @@ EXTRA_DIST = $(SYMFILE)
-+ SUBDIRS = . tests
-+
-+ # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-+-libversion = 2:0:1
-++libversion = 3:0:2
-+
-+ # override global LIBS that pulls in lots of craft we don't need here
-+ LIBS =
-diff --git a/debian/patches/compress-add-support-for-libzstd.patch b/debian/patches/compress-add-support-for-libzstd.patch
-new file mode 100644
-index 0000000..78b54fb
---- /dev/null
-+++ b/debian/patches/compress-add-support-for-libzstd.patch
-@@ -0,0 +1,342 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 10 Apr 2019 08:40:50 +0200
-+Subject: [compress] add support for libzstd
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 592d0451494e815c4c8c74b914aaff69b640d1a2)
-+---
-+ configure.ac | 2 +
-+ Makefile.am | 5 ++
-+ libknet/Makefile.am | 7 +++
-+ libknet/libknet.h | 1 +
-+ kronosnet.spec.in | 29 +++++++++
-+ libknet/compress.c | 1 +
-+ libknet/compress_zstd.c | 160 ++++++++++++++++++++++++++++++++++++++++++++++++
-+ libknet/logging.c | 1 +
-+ 8 files changed, 206 insertions(+)
-+ create mode 100644 libknet/compress_zstd.c
-+
-+diff --git a/configure.ac b/configure.ac
-+index 30c57f0..501053e 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -124,6 +124,8 @@ AC_ARG_ENABLE([compress-all],
-+ [AS_HELP_STRING([--disable-compress-all],[disable libknet all compress modules support])],,
-+ [ enable_compress_all="yes" ])
-+
-++KNET_OPTION_DEFINES([zstd],[compress],[PKG_CHECK_MODULES([libzstd], [libzstd])])
-++
-+ KNET_OPTION_DEFINES([zlib],[compress],[PKG_CHECK_MODULES([zlib], [zlib])])
-+ KNET_OPTION_DEFINES([lz4],[compress],[PKG_CHECK_MODULES([liblz4], [liblz4])])
-+ KNET_OPTION_DEFINES([lzo2],[compress],[
-+diff --git a/Makefile.am b/Makefile.am
-+index 24a13a6..82cb1f5 100644
-+--- a/Makefile.am
-++++ b/Makefile.am
-+@@ -138,6 +138,11 @@ if BUILD_COMPRESS_BZIP2
-+ else
-+ sed -i -e "s#@bzip2@#bcond_with#g" $@-t
-+ endif
-++if BUILD_COMPRESS_ZSTD
-++ sed -i -e "s#@zstd@#bcond_without#g" $@-t
-++else
-++ sed -i -e "s#@zstd@#bcond_with#g" $@-t
-++endif
-+ if BUILD_KRONOSNETD
-+ sed -i -e "s#@kronosnetd@#bcond_without#g" $@-t
-+ else
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 0be4fff..90ddfba 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -103,6 +103,13 @@ pkglib_LTLIBRARIES =
-+ # MODULE_LDFLAGS would mean a target-specific variable for Automake
-+ MODULELDFLAGS = $(AM_LDFLAGS) -module -avoid-version -export-dynamic
-+
-++if BUILD_COMPRESS_ZSTD
-++pkglib_LTLIBRARIES += compress_zstd.la
-++compress_zstd_la_LDFLAGS = $(MODULELDFLAGS)
-++compress_zstd_la_CFLAGS = $(AM_CFLAGS) $(libzstd_CFLAGS)
-++compress_zstd_la_LIBADD = $(libzstd_LIBS)
-++endif
-++
-+ if BUILD_COMPRESS_ZLIB
-+ pkglib_LTLIBRARIES += compress_zlib.la
-+ compress_zlib_la_LDFLAGS = $(MODULELDFLAGS)
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index d16eb5d..3098eab 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -2053,6 +2053,7 @@ int knet_link_get_status(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ #define KNET_SUB_LZO2COMP 73 /* compress_lzo.c */
-+ #define KNET_SUB_LZMACOMP 74 /* compress_lzma.c */
-+ #define KNET_SUB_BZIP2COMP 75 /* compress_bzip2.c */
-++#define KNET_SUB_ZSTDCOMP 76 /* compress_zstd.c */
-+
-+ #define KNET_SUB_UNKNOWN UINT8_MAX - 1
-+ #define KNET_MAX_SUBSYSTEMS UINT8_MAX
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 2d4d059..442f3ae 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -24,6 +24,7 @@
-+ %@lzo2@ lzo2
-+ %@lzma@ lzma
-+ %@bzip2@ bzip2
-++%@zstd@ zstd
-+ %@kronosnetd@ kronosnetd
-+ %@libnozzle@ libnozzle
-+ %@runautogen@ runautogen
-+@@ -60,6 +61,9 @@
-+ %if %{with bzip2}
-+ %global buildcompressbzip2 1
-+ %endif
-++%if %{with zstd}
-++%global buildcompresszstd 1
-++%endif
-+ %if %{with libnozzle}
-+ %global buildlibnozzle 1
-+ %endif
-+@@ -123,6 +127,9 @@ BuildRequires: xz-devel
-+ %if %{defined buildcompressbzip2}
-+ BuildRequires: /usr/include/bzlib.h
-+ %endif
-++%if %{defined buildcompresszstd}
-++BuildRequires: libzstd-devel
-++%endif
-+ %if %{defined buildkronosnetd}
-+ BuildRequires: pam-devel
-+ %endif
-+@@ -194,6 +201,11 @@ BuildRequires: libtool
-+ %else
-+ --disable-compress-bzip2 \
-+ %endif
-++%if %{defined buildcompresszstd}
-++ --enable-compress-zstd \
-++%else
-++ --disable-compress-zstd \
-++%endif
-+ %if %{defined buildkronosnetd}
-+ --enable-kronosnetd \
-+ %endif
-+@@ -490,6 +502,20 @@ Requires: libknet1 = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+
-++%if %{defined buildcompresszstd}
-++%package -n libknet1-compress-zstd-plugin
-++Group: System Environment/Libraries
-++Summary: libknet1 zstd support
-++Requires: libknet1 = %{version}-%{release}
-++
-++%description -n libknet1-compress-zstd-plugin
-++ zstd compression support for libknet1.
-++
-++%files -n libknet1-compress-zstd-plugin
-++%defattr(-,root,root,-)
-++%{_libdir}/kronosnet/compress_zstd.so
-++%endif
-++
-+ %package -n libknet1-crypto-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+@@ -523,6 +549,9 @@ Requires: libknet1-compress-lzma-plugin
-+ %if %{defined buildcompressbzip2}
-+ Requires: libknet1-compress-bzip2-plugin
-+ %endif
-++%if %{defined buildcompresszstd}
-++Requires: libknet1-compress-zstd-plugin
-++%endif
-+
-+ %description -n libknet1-compress-plugins-all
-+ meta package to install all of libknet1 compress plugins
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 278ff44..7eab454 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -40,6 +40,7 @@ static compress_model_t compress_modules_cmds[] = {
-+ { "lzo2" , 4, WITH_COMPRESS_LZO2 , 0, NULL },
-+ { "lzma" , 5, WITH_COMPRESS_LZMA , 0, NULL },
-+ { "bzip2", 6, WITH_COMPRESS_BZIP2, 0, NULL },
-++ { "zstd" , 7, WITH_COMPRESS_ZSTD, 0, NULL },
-+ { NULL, 255, 0, 0, NULL }
-+ };
-+
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+new file mode 100644
-+index 0000000..6f9b499
-+--- /dev/null
-++++ b/libknet/compress_zstd.c
-+@@ -0,0 +1,160 @@
-++/*
-++ * Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
-++ *
-++ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++#define KNET_MODULE
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <zstd.h>
-++
-++#include "logging.h"
-++#include "compress_model.h"
-++
-++struct zstd_ctx {
-++ ZSTD_CCtx* cctx;
-++ ZSTD_DCtx* dctx;
-++};
-++
-++static int zstd_is_init(
-++ knet_handle_t knet_h,
-++ int method_idx)
-++{
-++ if (knet_h->compress_int_data[method_idx]) {
-++ return 1;
-++ }
-++ return 0;
-++}
-++
-++static void zstd_fini(
-++ knet_handle_t knet_h,
-++ int method_idx)
-++{
-++ struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++
-++ if (zstd_ctx) {
-++ if (zstd_ctx->cctx) {
-++ ZSTD_freeCCtx(zstd_ctx->cctx);
-++ }
-++ if (zstd_ctx->dctx) {
-++ ZSTD_freeDCtx(zstd_ctx->dctx);
-++ }
-++ free(knet_h->compress_int_data[method_idx]);
-++ knet_h->compress_int_data[method_idx] = NULL;
-++ }
-++ return;
-++}
-++
-++static int zstd_init(
-++ knet_handle_t knet_h,
-++ int method_idx)
-++{
-++ struct zstd_ctx *zstd_ctx;
-++ int err = 0;
-++
-++ if (!knet_h->compress_int_data[method_idx]) {
-++ zstd_ctx = malloc(sizeof(struct zstd_ctx));
-++ if (!zstd_ctx) {
-++ errno = ENOMEM;
-++ return -1;
-++ }
-++ memset(zstd_ctx, 0, sizeof(struct zstd_ctx));
-++
-++ zstd_ctx->cctx = ZSTD_createCCtx();
-++ if (!zstd_ctx->cctx) {
-++ log_err(knet_h, KNET_SUB_ZSTDCOMP, "Unable to create compression context");
-++ err = -1;
-++ goto out_err;
-++ }
-++
-++ zstd_ctx->dctx = ZSTD_createDCtx();
-++ if (!zstd_ctx->dctx) {
-++ log_err(knet_h, KNET_SUB_ZSTDCOMP, "Unable to create decompression context");
-++ err = -1;
-++ goto out_err;
-++ }
-++
-++ knet_h->compress_int_data[method_idx] = zstd_ctx;
-++ }
-++
-++out_err:
-++ if (err) {
-++ zstd_fini(knet_h, method_idx);
-++ }
-++ return err;
-++}
-++
-++static int zstd_compress(
-++ knet_handle_t knet_h,
-++ const unsigned char *buf_in,
-++ const ssize_t buf_in_len,
-++ unsigned char *buf_out,
-++ ssize_t *buf_out_len)
-++{
-++ struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++ size_t compress_size;
-++
-++ compress_size = ZSTD_compressCCtx(zstd_ctx->cctx,
-++ buf_out, *buf_out_len,
-++ buf_in, buf_in_len,
-++ knet_h->compress_level);
-++
-++ if (ZSTD_isError(compress_size)) {
-++ log_err(knet_h, KNET_SUB_ZSTDCOMP, "error compressing packet: %s", ZSTD_getErrorName(compress_size));
-++ /*
-++ * ZSTD has lots of internal errors that are not easy to map
-++ * to standard errnos. Use a generic one for now
-++ */
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ *buf_out_len = compress_size;
-++
-++ return 0;
-++}
-++
-++static int zstd_decompress(
-++ knet_handle_t knet_h,
-++ const unsigned char *buf_in,
-++ const ssize_t buf_in_len,
-++ unsigned char *buf_out,
-++ ssize_t *buf_out_len)
-++{
-++ struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++ size_t decompress_size;
-++
-++ decompress_size = ZSTD_decompressDCtx(zstd_ctx->dctx,
-++ buf_out, *buf_out_len,
-++ buf_in, buf_in_len);
-++
-++ if (ZSTD_isError(decompress_size)) {
-++ log_err(knet_h, KNET_SUB_ZSTDCOMP, "error decompressing packet: %s", ZSTD_getErrorName(decompress_size));
-++ /*
-++ * ZSTD has lots of internal errors that are not easy to map
-++ * to standard errnos. Use a generic one for now
-++ */
-++ errno = EINVAL;
-++ return -1;
-++ }
-++
-++ *buf_out_len = decompress_size;
-++
-++ return 0;
-++}
-++
-++compress_ops_t compress_model = {
-++ KNET_COMPRESS_MODEL_ABI,
-++ zstd_is_init,
-++ zstd_init,
-++ zstd_fini,
-++ NULL,
-++ zstd_compress,
-++ zstd_decompress
-++};
-+diff --git a/libknet/logging.c b/libknet/logging.c
-+index 98bcfd1..5c91257 100644
-+--- a/libknet/logging.c
-++++ b/libknet/logging.c
-+@@ -47,6 +47,7 @@ static struct pretty_names subsystem_names[] =
-+ { "lzo2comp", KNET_SUB_LZO2COMP },
-+ { "lzmacomp", KNET_SUB_LZMACOMP },
-+ { "bzip2comp", KNET_SUB_BZIP2COMP },
-++ { "zstdcomp", KNET_SUB_ZSTDCOMP },
-+ { "unknown", KNET_SUB_UNKNOWN } /* unknown MUST always be last in this array */
-+ };
-+
-diff --git a/debian/patches/crypto-fix-openssl1.0-initialization-code.patch b/debian/patches/crypto-fix-openssl1.0-initialization-code.patch
-new file mode 100644
-index 0000000..e01d382
---- /dev/null
-+++ b/debian/patches/crypto-fix-openssl1.0-initialization-code.patch
-@@ -0,0 +1,98 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 06:14:29 +0200
-+Subject: [crypto] fix openssl1.0 initialization code
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 0b20488500e8d13f17b7f584bdc7a301f44dbfe1)
-+---
-+ libknet/crypto_openssl.c | 28 ++++++++++++++++------------
-+ 1 file changed, 16 insertions(+), 12 deletions(-)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 5c7a74a..26acea8 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -12,6 +12,7 @@
-+ #include <string.h>
-+ #include <errno.h>
-+ #include <dlfcn.h>
-++#include <stdlib.h>
-+ #include <openssl/conf.h>
-+ #include <openssl/evp.h>
-+ #include <openssl/hmac.h>
-+@@ -43,6 +44,8 @@ struct opensslcrypto_instance {
-+ const EVP_MD *crypto_hash_type;
-+ };
-+
-++static int openssl_is_init = 0;
-++
-+ /*
-+ * crypt/decrypt functions openssl1.0
-+ */
-+@@ -438,6 +441,11 @@ static void openssl_internal_lock_cleanup(void)
-+ return;
-+ }
-+
-++static void openssl_atexit_handler(void)
-++{
-++ openssl_internal_lock_cleanup();
-++}
-++
-+ static int openssl_internal_lock_setup(void)
-+ {
-+ int savederrno = 0, err = 0;
-+@@ -461,6 +469,9 @@ static int openssl_internal_lock_setup(void)
-+ CRYPTO_set_id_callback((void *)openssl_internal_thread_id);
-+ CRYPTO_set_locking_callback((void *)&openssl_internal_locking_callback);
-+
-++ if (atexit(openssl_atexit_handler)) {
-++ err = -1;
-++ }
-+ out:
-+ if (err) {
-+ openssl_internal_lock_cleanup();
-+@@ -477,9 +488,6 @@ static void opensslcrypto_fini(
-+ struct opensslcrypto_instance *opensslcrypto_instance = crypto_instance->model_instance;
-+
-+ if (opensslcrypto_instance) {
-+-#ifdef BUILDCRYPTOOPENSSL10
-+- openssl_internal_lock_cleanup();
-+-#endif
-+ if (opensslcrypto_instance->private_key) {
-+ free(opensslcrypto_instance->private_key);
-+ opensslcrypto_instance->private_key = NULL;
-+@@ -496,7 +504,6 @@ static int opensslcrypto_init(
-+ struct crypto_instance *crypto_instance,
-+ struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+- static int openssl_is_init = 0;
-+ struct opensslcrypto_instance *opensslcrypto_instance = NULL;
-+ int savederrno;
-+
-+@@ -509,6 +516,11 @@ static int opensslcrypto_init(
-+ #ifdef BUILDCRYPTOOPENSSL10
-+ ERR_load_crypto_strings();
-+ OPENSSL_add_all_algorithms_noconf();
-++ if (openssl_internal_lock_setup() < 0) {
-++ log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to init openssl");
-++ errno = EAGAIN;
-++ return -1;
-++ }
-+ #endif
-+ #ifdef BUILDCRYPTOOPENSSL11
-+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
-+@@ -521,14 +533,6 @@ static int opensslcrypto_init(
-+ openssl_is_init = 1;
-+ }
-+
-+-#ifdef BUILDCRYPTOOPENSSL10
-+- if (openssl_internal_lock_setup() < 0) {
-+- log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to init openssl");
-+- errno = EAGAIN;
-+- return -1;
-+- }
-+-#endif
-+-
-+ crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-+ if (!crypto_instance->model_instance) {
-+ log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to allocate memory for openssl model instance");
-diff --git a/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch b/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-new file mode 100644
-index 0000000..5818833
---- /dev/null
-+++ b/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-@@ -0,0 +1,137 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 11:54:08 +0200
-+Subject: [crypto] hide errors generated by openssl 1.1.1c
-+
-+see also:
-+https://github.com/kronosnet/kronosnet/issues/226
-+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930061#12
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5333de6a056af75d12eb0a2cc2e46e7b2bbf9082)
-+---
-+ build-aux/knet_valgrind_memcheck.supp | 115 ++++++++++++++++++++++++++++++++++
-+ 1 file changed, 115 insertions(+)
-+
-+diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
-+index a34ab93..92eabba 100644
-+--- a/build-aux/knet_valgrind_memcheck.supp
-++++ b/build-aux/knet_valgrind_memcheck.supp
-+@@ -612,3 +612,118 @@
-+ fun:malloc
-+ fun:dl_open_worker
-+ }
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Cond
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_generate
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_instantiate
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_get0_public
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:encrypt_openssl
-++ fun:opensslcrypto_encrypt_and_signv
-++ fun:opensslcrypto_encrypt_and_sign
-++ fun:_handle_check_each
-++ fun:_send_pings
-++ fun:_handle_heartbt_thread
-++ fun:start_thread
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Cond
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_generate
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_instantiate
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_get0_public
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:encrypt_openssl
-++ fun:opensslcrypto_encrypt_and_signv
-++ fun:opensslcrypto_encrypt_and_sign
-++ fun:_handle_check_each
-++ fun:_send_pings
-++ fun:_handle_heartbt_thread
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Cond
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_generate
-++ fun:RAND_DRBG_bytes
-++ fun:encrypt_openssl
-++ fun:opensslcrypto_encrypt_and_signv
-++ fun:opensslcrypto_encrypt_and_sign
-++ fun:_handle_check_each
-++ fun:_send_pings
-++ fun:_handle_heartbt_thread
-++ fun:start_thread
-++ fun:clone
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Cond
-++ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++ fun:RAND_DRBG_generate
-++ fun:RAND_DRBG_bytes
-++ fun:encrypt_openssl
-++ fun:opensslcrypto_encrypt_and_signv
-++ fun:opensslcrypto_encrypt_and_sign
-++ fun:_handle_check_each
-++ fun:_send_pings
-++ fun:_handle_heartbt_thread
-++ fun:start_thread
-++ fun:clone
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Param
-++ socketcall.sendto(msg)
-++ fun:sendto
-++ fun:_handle_check_each
-++ fun:_send_pings
-++ fun:_handle_heartbt_thread
-++ fun:start_thread
-++ fun:clone
-++}
-++{
-++
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Param
-++ socketcall.sendto(msg)
-++ fun:sendto
-++ fun:_parse_recv_from_links
-++ fun:_handle_recv_from_links
-++ fun:_handle_recv_from_links_thread
-++ fun:start_thread
-++ fun:clone
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Param
-++ socketcall.sendto(msg)
-++ fun:sendto
-++ fun:_handle_check_link_pmtud
-++ fun:_handle_check_pmtud
-++ fun:_handle_pmtud_link_thread
-++ fun:start_thread
-++ fun:clone
-++}
-++{
-++ openssl 1.1.1c missing fix from master
-++ Memcheck:Param
-++ sendmsg(msg.msg_iov[0])
-++ fun:__libc_sendmsg
-++ fun:sendmsg
-++ fun:_sendmmsg
-++ fun:_dispatch_to_links
-++ fun:_parse_recv_from_sock
-++ fun:_handle_send_to_links
-++ fun:_handle_send_to_links_thread
-++ fun:start_thread
-++ fun:clone
-++}
-diff --git a/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch b/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-new file mode 100644
-index 0000000..0d373a8
---- /dev/null
-+++ b/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-@@ -0,0 +1,51 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:25:55 +0200
-+Subject: [crypto] make sure to clear all security info on crypto_fini
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6888d04108a7eff36f4c562d464190e9886a073a)
-+---
-+ libknet/crypto.c | 4 ++++
-+ libknet/crypto_nss.c | 1 -
-+ libknet/crypto_openssl.c | 1 -
-+ 3 files changed, 4 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 41d67c9..5d39048 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -178,6 +178,10 @@ void crypto_fini(
-+ crypto_modules_cmds[model].ops->fini(knet_h);
-+ }
-+ free(knet_h->crypto_instance);
-++ knet_h->sec_header_size = 0;
-++ knet_h->sec_block_size = 0;
-++ knet_h->sec_hash_size = 0;
-++ knet_h->sec_salt_size = 0;
-+ knet_h->crypto_instance = NULL;
-+ }
-+
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index 640b560..cc83827 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -740,7 +740,6 @@ static void nsscrypto_fini(
-+ }
-+ free(nsscrypto_instance);
-+ knet_h->crypto_instance->model_instance = NULL;
-+- knet_h->sec_header_size = 0;
-+ }
-+
-+ return;
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 03d1014..73058cc 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -485,7 +485,6 @@ static void opensslcrypto_fini(
-+ }
-+ free(opensslcrypto_instance);
-+ knet_h->crypto_instance->model_instance = NULL;
-+- knet_h->sec_header_size = 0;
-+ }
-+
-+ return;
-diff --git a/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch b/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-new file mode 100644
-index 0000000..8c99023
---- /dev/null
-+++ b/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-@@ -0,0 +1,25 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:42:33 +0200
-+Subject: [crypto] make sure to trigger a PMTUd rerun on each good crypto
-+ config change
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c9edaa7b632ee853351730ad4dcad7471919bb91)
-+---
-+ libknet/handle.c | 3 +++
-+ 1 file changed, 3 insertions(+)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index fd26bea..7009cc3 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1408,6 +1408,9 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+ }
-+
-+ exit_unlock:
-++ if (!err) {
-++ force_pmtud_run(knet_h, KNET_SUB_CRYPTO);
-++ }
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+ errno = err ? savederrno : 0;
-+ return err;
-diff --git a/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch b/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-new file mode 100644
-index 0000000..cf918e1
---- /dev/null
-+++ b/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-@@ -0,0 +1,65 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 09:26:02 +0200
-+Subject: =?utf-8?q?=5Bcrypto=5D_openssl=3A_drop_calls_to_RAND=5Fseed_as_th?=
-+ =?utf-8?q?ey_don=C2=B4t_really_help_RNG?=
-+
-+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930061#12 for reference
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a3c5adee1d30a751e76386ef31c1a817595bfd1b)
-+---
-+ libknet/crypto_openssl.c | 20 --------------------
-+ 1 file changed, 20 deletions(-)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 615a9e5..999ed93 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -69,11 +69,6 @@ static int encrypt_openssl(
-+
-+ EVP_CIPHER_CTX_init(&ctx);
-+
-+- /*
-+- * contribute to PRNG for each packet we send/receive
-+- */
-+- RAND_seed((unsigned char *)iov[iovcnt - 1].iov_base, iov[iovcnt - 1].iov_len);
-+-
-+ if (!RAND_bytes(salt, SALT_SIZE)) {
-+ ERR_error_string_n(ERR_get_error(), sslerr, sizeof(sslerr));
-+ log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to get random salt data: %s", sslerr);
-+@@ -130,11 +125,6 @@ static int decrypt_openssl (
-+
-+ EVP_CIPHER_CTX_init(&ctx);
-+
-+- /*
-+- * contribute to PRNG for each packet we send/receive
-+- */
-+- RAND_seed(buf_in, buf_in_len);
-+-
-+ /*
-+ * add warning re keylength
-+ */
-+@@ -181,11 +171,6 @@ static int encrypt_openssl(
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+
-+- /*
-+- * contribute to PRNG for each packet we send/receive
-+- */
-+- RAND_seed((unsigned char *)iov[iovcnt - 1].iov_base, iov[iovcnt - 1].iov_len);
-+-
-+ if (!RAND_bytes(salt, SALT_SIZE)) {
-+ ERR_error_string_n(ERR_get_error(), sslerr, sizeof(sslerr));
-+ log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to get random salt data: %s", sslerr);
-+@@ -248,11 +233,6 @@ static int decrypt_openssl (
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+
-+- /*
-+- * contribute to PRNG for each packet we send/receive
-+- */
-+- RAND_seed(buf_in, buf_in_len);
-+-
-+ /*
-+ * add warning re keylength
-+ */
-diff --git a/debian/patches/crypto-openssl-error-strings-release.patch b/debian/patches/crypto-openssl-error-strings-release.patch
-new file mode 100644
-index 0000000..6bcd03a
---- /dev/null
-+++ b/debian/patches/crypto-openssl-error-strings-release.patch
-@@ -0,0 +1,28 @@
-+From: yuan ren <yren@suse.com>
-+Date: Thu, 6 Jun 2019 13:46:01 +0800
-+Subject: [crypto]openssl error strings release
-+
-+In versions prior to OpenSSL 1.1.0, ERR_free_strings() releases
-+any resources created by ERR_load_crypto_strings.
-+
-+Signed-off-by: yuan ren <yren@suse.com>
-+(cherry picked from commit 80b7d93723e779b914f73ec2e8cd2ac632972eda)
-+---
-+ libknet/crypto_openssl.c | 4 ++++
-+ 1 file changed, 4 insertions(+)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 26acea8..615a9e5 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -496,6 +496,10 @@ static void opensslcrypto_fini(
-+ crypto_instance->model_instance = NULL;
-+ }
-+
-++#ifdef BUILDCRYPTOOPENSSL10
-++ ERR_free_strings();
-++#endif
-++
-+ return;
-+ }
-+
-diff --git a/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch b/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-new file mode 100644
-index 0000000..a555595
---- /dev/null
-+++ b/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-@@ -0,0 +1,598 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 05:24:47 +0200
-+Subject: [crypto] rework knet_handle_crypto external API to be more solid
-+
-+the API was rather weak and could potentially leave traffic uncrypted
-+in case of certain, corner case, failures.
-+
-+this patch is a subset of a bigger rework of the crypto layer that
-+will in future allow runtime reconfiguration without traffic disruption
-+of the crypto config.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 50b998f37c9285bf334eb578319030c06af141e0)
-+---
-+ libknet/crypto_model.h | 10 +++-
-+ libknet/libknet.h | 4 +-
-+ libknet/crypto.c | 63 ++++++++++++++--------
-+ libknet/crypto_nss.c | 56 +++++++++++---------
-+ libknet/crypto_openssl.c | 30 ++++++-----
-+ libknet/handle.c | 3 +-
-+ libknet/tests/api_knet_handle_crypto.c | 96 +++++++++++++++++++++++++++++++++-
-+ 7 files changed, 190 insertions(+), 72 deletions(-)
-+
-+diff --git a/libknet/crypto_model.h b/libknet/crypto_model.h
-+index f11299a..9bb4f17 100644
-+--- a/libknet/crypto_model.h
-++++ b/libknet/crypto_model.h
-+@@ -14,9 +14,13 @@
-+ struct crypto_instance {
-+ int model;
-+ void *model_instance;
-++ size_t sec_header_size;
-++ size_t sec_block_size;
-++ size_t sec_hash_size;
-++ size_t sec_salt_size;
-+ };
-+
-+-#define KNET_CRYPTO_MODEL_ABI 1
-++#define KNET_CRYPTO_MODEL_ABI 2
-+
-+ /*
-+ * see compress_model.h for explanation of the various lib related functions
-+@@ -24,8 +28,10 @@ struct crypto_instance {
-+ typedef struct {
-+ uint8_t abi_ver;
-+ int (*init) (knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance,
-+ struct knet_handle_crypto_cfg *knet_handle_crypto_cfg);
-+- void (*fini) (knet_handle_t knet_h);
-++ void (*fini) (knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance);
-+ int (*crypt) (knet_handle_t knet_h,
-+ const unsigned char *buf_in,
-+ const ssize_t buf_in_len,
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 183c92d..85c06cc 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -700,9 +700,7 @@ struct knet_handle_crypto_cfg {
-+ * 1) failure to obtain locking
-+ * 2) errors to initializing the crypto level.
-+ * This can happen even in subsequent calls to knet_handle_crypto.
-+- * A failure in crypto init, might leave your traffic unencrypted!
-+- * It's best to stop data forwarding (see knet_handle_setfwd(3)), change crypto config,
-+- * start forward again.
-++ * A failure in crypto init will restore the previous crypto configuration.
-+ *
-+ * @return
-+ * knet_handle_crypto returns:
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 5d39048..6c340f5 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -80,8 +80,11 @@ int crypto_init(
-+ knet_handle_t knet_h,
-+ struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+- int savederrno = 0;
-++ int err = 0, savederrno = 0;
-+ int model = 0;
-++ struct crypto_instance *current = NULL, *new = NULL;
-++
-++ current = knet_h->crypto_instance;
-+
-+ model = crypto_get_model(knet_handle_crypto_cfg->crypto_model);
-+ if (model < 0) {
-+@@ -105,16 +108,18 @@ int crypto_init(
-+ crypto_modules_cmds[model].ops = load_module (knet_h, "crypto", crypto_modules_cmds[model].model_name);
-+ if (!crypto_modules_cmds[model].ops) {
-+ savederrno = errno;
-++ err = -1;
-+ log_err(knet_h, KNET_SUB_CRYPTO, "Unable to load %s lib", crypto_modules_cmds[model].model_name);
-+- goto out_err;
-++ goto out;
-+ }
-+ if (crypto_modules_cmds[model].ops->abi_ver != KNET_CRYPTO_MODEL_ABI) {
-++ savederrno = EINVAL;
-++ err = -1;
-+ log_err(knet_h, KNET_SUB_CRYPTO,
-+ "ABI mismatch loading module %s. knet ver: %d, module ver: %d",
-+ crypto_modules_cmds[model].model_name, KNET_CRYPTO_MODEL_ABI,
-+ crypto_modules_cmds[model].ops->abi_ver);
-+- savederrno = EINVAL;
-+- goto out_err;
-++ goto out;
-+ }
-+ crypto_modules_cmds[model].loaded = 1;
-+ }
-+@@ -125,12 +130,13 @@ int crypto_init(
-+ knet_handle_crypto_cfg->crypto_cipher_type,
-+ knet_handle_crypto_cfg->crypto_hash_type);
-+
-+- knet_h->crypto_instance = malloc(sizeof(struct crypto_instance));
-++ new = malloc(sizeof(struct crypto_instance));
-+
-+- if (!knet_h->crypto_instance) {
-+- log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-++ if (!new) {
-+ savederrno = ENOMEM;
-+- goto out_err;
-++ err = -1;
-++ log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-++ goto out;
-+ }
-+
-+ /*
-+@@ -138,32 +144,44 @@ int crypto_init(
-+ * it will clean everything by itself.
-+ * crypto_modules_cmds.ops->fini is not invoked on error.
-+ */
-+- knet_h->crypto_instance->model = model;
-+- if (crypto_modules_cmds[knet_h->crypto_instance->model].ops->init(knet_h, knet_handle_crypto_cfg)) {
-++ new->model = model;
-++ if (crypto_modules_cmds[model].ops->init(knet_h, new, knet_handle_crypto_cfg)) {
-+ savederrno = errno;
-+- goto out_err;
-++ err = -1;
-++ goto out;
-+ }
-+
-+ log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size);
-+- pthread_rwlock_unlock(&shlib_rwlock);
-+- return 0;
-+
-+-out_err:
-+- if (knet_h->crypto_instance) {
-+- free(knet_h->crypto_instance);
-+- knet_h->crypto_instance = NULL;
-++out:
-++ if (!err) {
-++ knet_h->crypto_instance = new;
-++ knet_h->sec_header_size = new->sec_header_size;
-++ knet_h->sec_block_size = new->sec_block_size;
-++ knet_h->sec_hash_size = new->sec_hash_size;
-++ knet_h->sec_salt_size = new->sec_salt_size;
-++
-++ if (current) {
-++ if (crypto_modules_cmds[current->model].ops->fini != NULL) {
-++ crypto_modules_cmds[current->model].ops->fini(knet_h, current);
-++ }
-++ free(current);
-++ }
-++ } else {
-++ if (new) {
-++ free(new);
-++ }
-+ }
-+
-+ pthread_rwlock_unlock(&shlib_rwlock);
-+- errno = savederrno;
-+- return -1;
-++ errno = err ? savederrno : 0;
-++ return err;
-+ }
-+
-+ void crypto_fini(
-+ knet_handle_t knet_h)
-+ {
-+ int savederrno = 0;
-+- int model = 0;
-+
-+ savederrno = pthread_rwlock_wrlock(&shlib_rwlock);
-+ if (savederrno) {
-+@@ -173,9 +191,8 @@ void crypto_fini(
-+ }
-+
-+ if (knet_h->crypto_instance) {
-+- model = knet_h->crypto_instance->model;
-+- if (crypto_modules_cmds[model].ops->fini != NULL) {
-+- crypto_modules_cmds[model].ops->fini(knet_h);
-++ if (crypto_modules_cmds[knet_h->crypto_instance->model].ops->fini != NULL) {
-++ crypto_modules_cmds[knet_h->crypto_instance->model].ops->fini(knet_h, knet_h->crypto_instance);
-+ }
-+ free(knet_h->crypto_instance);
-+ knet_h->sec_header_size = 0;
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index cc83827..5c3a437 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -155,9 +155,11 @@ static int nssstring_to_crypto_cipher_type(const char* crypto_cipher_type)
-+ return -1;
-+ }
-+
-+-static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h, enum sym_key_type key_type)
-++static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance,
-++ enum sym_key_type key_type)
-+ {
-+- struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++ struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+ SECItem key_item;
-+ PK11SlotInfo *slot;
-+ PK11SymKey *res_key;
-+@@ -323,15 +325,15 @@ exit_res_key:
-+ return (res_key);
-+ }
-+
-+-static int init_nss_crypto(knet_handle_t knet_h)
-++static int init_nss_crypto(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+- struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++ struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+
-+ if (!cipher_to_nss[instance->crypto_cipher_type]) {
-+ return 0;
-+ }
-+
-+- instance->nss_sym_key = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_CRYPT);
-++ instance->nss_sym_key = nssimport_symmetric_key(knet_h, crypto_instance, SYM_KEY_TYPE_CRYPT);
-+ if (instance->nss_sym_key == NULL) {
-+ errno = ENXIO; /* NSS reported error */
-+ return -1;
-+@@ -512,15 +514,15 @@ static int nssstring_to_crypto_hash_type(const char* crypto_hash_type)
-+ return -1;
-+ }
-+
-+-static int init_nss_hash(knet_handle_t knet_h)
-++static int init_nss_hash(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+- struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++ struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+
-+ if (!hash_to_nss[instance->crypto_hash_type]) {
-+ return 0;
-+ }
-+
-+- instance->nss_sym_key_sign = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_HASH);
-++ instance->nss_sym_key_sign = nssimport_symmetric_key(knet_h, crypto_instance, SYM_KEY_TYPE_HASH);
-+ if (instance->nss_sym_key_sign == NULL) {
-+ errno = ENXIO; /* NSS reported error */
-+ return -1;
-+@@ -594,7 +596,7 @@ out:
-+ * global/glue nss functions
-+ */
-+
-+-static int init_nss(knet_handle_t knet_h)
-++static int init_nss(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+ static int at_exit_registered = 0;
-+
-+@@ -617,11 +619,11 @@ static int init_nss(knet_handle_t knet_h)
-+ nss_db_is_init = 1;
-+ }
-+
-+- if (init_nss_crypto(knet_h) < 0) {
-++ if (init_nss_crypto(knet_h, crypto_instance) < 0) {
-+ return -1;
-+ }
-+
-+- if (init_nss_hash(knet_h) < 0) {
-++ if (init_nss_hash(knet_h, crypto_instance) < 0) {
-+ return -1;
-+ }
-+
-+@@ -725,9 +727,10 @@ static int nsscrypto_authenticate_and_decrypt (
-+ }
-+
-+ static void nsscrypto_fini(
-+- knet_handle_t knet_h)
-++ knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance)
-+ {
-+- struct nsscrypto_instance *nsscrypto_instance = knet_h->crypto_instance->model_instance;
-++ struct nsscrypto_instance *nsscrypto_instance = crypto_instance->model_instance;
-+
-+ if (nsscrypto_instance) {
-+ if (nsscrypto_instance->nss_sym_key) {
-+@@ -739,7 +742,7 @@ static void nsscrypto_fini(
-+ nsscrypto_instance->nss_sym_key_sign = NULL;
-+ }
-+ free(nsscrypto_instance);
-+- knet_h->crypto_instance->model_instance = NULL;
-++ crypto_instance->model_instance = NULL;
-+ }
-+
-+ return;
-+@@ -747,6 +750,7 @@ static void nsscrypto_fini(
-+
-+ static int nsscrypto_init(
-+ knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance,
-+ struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+ struct nsscrypto_instance *nsscrypto_instance = NULL;
-+@@ -757,14 +761,14 @@ static int nsscrypto_init(
-+ knet_handle_crypto_cfg->crypto_cipher_type,
-+ knet_handle_crypto_cfg->crypto_hash_type);
-+
-+- knet_h->crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-+- if (!knet_h->crypto_instance->model_instance) {
-++ crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-++ if (!crypto_instance->model_instance) {
-+ log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to allocate memory for nss model instance");
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+- nsscrypto_instance = knet_h->crypto_instance->model_instance;
-++ nsscrypto_instance = crypto_instance->model_instance;
-+
-+ memset(nsscrypto_instance, 0, sizeof(struct nsscrypto_instance));
-+
-+@@ -792,16 +796,16 @@ static int nsscrypto_init(
-+ nsscrypto_instance->private_key = knet_handle_crypto_cfg->private_key;
-+ nsscrypto_instance->private_key_len = knet_handle_crypto_cfg->private_key_len;
-+
-+- if (init_nss(knet_h) < 0) {
-++ if (init_nss(knet_h, crypto_instance) < 0) {
-+ savederrno = errno;
-+ goto out_err;
-+ }
-+
-+- knet_h->sec_header_size = 0;
-++ crypto_instance->sec_header_size = 0;
-+
-+ if (nsscrypto_instance->crypto_hash_type > 0) {
-+- knet_h->sec_header_size += nsshash_len[nsscrypto_instance->crypto_hash_type];
-+- knet_h->sec_hash_size = nsshash_len[nsscrypto_instance->crypto_hash_type];
-++ crypto_instance->sec_header_size += nsshash_len[nsscrypto_instance->crypto_hash_type];
-++ crypto_instance->sec_hash_size = nsshash_len[nsscrypto_instance->crypto_hash_type];
-+ }
-+
-+ if (nsscrypto_instance->crypto_cipher_type > 0) {
-+@@ -817,16 +821,16 @@ static int nsscrypto_init(
-+ }
-+ }
-+
-+- knet_h->sec_header_size += (block_size * 2);
-+- knet_h->sec_header_size += SALT_SIZE;
-+- knet_h->sec_salt_size = SALT_SIZE;
-+- knet_h->sec_block_size = block_size;
-++ crypto_instance->sec_header_size += (block_size * 2);
-++ crypto_instance->sec_header_size += SALT_SIZE;
-++ crypto_instance->sec_salt_size = SALT_SIZE;
-++ crypto_instance->sec_block_size = block_size;
-+ }
-+
-+ return 0;
-+
-+ out_err:
-+- nsscrypto_fini(knet_h);
-++ nsscrypto_fini(knet_h, crypto_instance);
-+ errno = savederrno;
-+ return -1;
-+ }
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 73058cc..5c7a74a 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -471,9 +471,10 @@ out:
-+ #endif
-+
-+ static void opensslcrypto_fini(
-+- knet_handle_t knet_h)
-++ knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance)
-+ {
-+- struct opensslcrypto_instance *opensslcrypto_instance = knet_h->crypto_instance->model_instance;
-++ struct opensslcrypto_instance *opensslcrypto_instance = crypto_instance->model_instance;
-+
-+ if (opensslcrypto_instance) {
-+ #ifdef BUILDCRYPTOOPENSSL10
-+@@ -484,7 +485,7 @@ static void opensslcrypto_fini(
-+ opensslcrypto_instance->private_key = NULL;
-+ }
-+ free(opensslcrypto_instance);
-+- knet_h->crypto_instance->model_instance = NULL;
-++ crypto_instance->model_instance = NULL;
-+ }
-+
-+ return;
-+@@ -492,6 +493,7 @@ static void opensslcrypto_fini(
-+
-+ static int opensslcrypto_init(
-+ knet_handle_t knet_h,
-++ struct crypto_instance *crypto_instance,
-+ struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+ static int openssl_is_init = 0;
-+@@ -527,14 +529,14 @@ static int opensslcrypto_init(
-+ }
-+ #endif
-+
-+- knet_h->crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-+- if (!knet_h->crypto_instance->model_instance) {
-++ crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-++ if (!crypto_instance->model_instance) {
-+ log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to allocate memory for openssl model instance");
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+- opensslcrypto_instance = knet_h->crypto_instance->model_instance;
-++ opensslcrypto_instance = crypto_instance->model_instance;
-+
-+ memset(opensslcrypto_instance, 0, sizeof(struct opensslcrypto_instance));
-+
-+@@ -576,11 +578,11 @@ static int opensslcrypto_init(
-+ memmove(opensslcrypto_instance->private_key, knet_handle_crypto_cfg->private_key, knet_handle_crypto_cfg->private_key_len);
-+ opensslcrypto_instance->private_key_len = knet_handle_crypto_cfg->private_key_len;
-+
-+- knet_h->sec_header_size = 0;
-++ crypto_instance->sec_header_size = 0;
-+
-+ if (opensslcrypto_instance->crypto_hash_type) {
-+- knet_h->sec_hash_size = EVP_MD_size(opensslcrypto_instance->crypto_hash_type);
-+- knet_h->sec_header_size += knet_h->sec_hash_size;
-++ crypto_instance->sec_hash_size = EVP_MD_size(opensslcrypto_instance->crypto_hash_type);
-++ crypto_instance->sec_header_size += crypto_instance->sec_hash_size;
-+ }
-+
-+ if (opensslcrypto_instance->crypto_cipher_type) {
-+@@ -588,16 +590,16 @@ static int opensslcrypto_init(
-+
-+ block_size = EVP_CIPHER_block_size(opensslcrypto_instance->crypto_cipher_type);
-+
-+- knet_h->sec_header_size += (block_size * 2);
-+- knet_h->sec_header_size += SALT_SIZE;
-+- knet_h->sec_salt_size = SALT_SIZE;
-+- knet_h->sec_block_size = block_size;
-++ crypto_instance->sec_header_size += (block_size * 2);
-++ crypto_instance->sec_header_size += SALT_SIZE;
-++ crypto_instance->sec_salt_size = SALT_SIZE;
-++ crypto_instance->sec_block_size = block_size;
-+ }
-+
-+ return 0;
-+
-+ out_err:
-+- opensslcrypto_fini(knet_h);
-++ opensslcrypto_fini(knet_h, crypto_instance);
-+
-+ errno = savederrno;
-+ return -1;
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 7009cc3..e95c6c1 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1374,11 +1374,10 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+ return -1;
-+ }
-+
-+- crypto_fini(knet_h);
-+-
-+ if ((!strncmp("none", knet_handle_crypto_cfg->crypto_model, 4)) ||
-+ ((!strncmp("none", knet_handle_crypto_cfg->crypto_cipher_type, 4)) &&
-+ (!strncmp("none", knet_handle_crypto_cfg->crypto_hash_type, 4)))) {
-++ crypto_fini(knet_h);
-+ log_debug(knet_h, KNET_SUB_CRYPTO, "crypto is not enabled");
-+ err = 0;
-+ goto exit_unlock;
-+diff --git a/libknet/tests/api_knet_handle_crypto.c b/libknet/tests/api_knet_handle_crypto.c
-+index 1805909..9dbf5bc 100644
-+--- a/libknet/tests/api_knet_handle_crypto.c
-++++ b/libknet/tests/api_knet_handle_crypto.c
-+@@ -17,13 +17,15 @@
-+ #include "libknet.h"
-+
-+ #include "internals.h"
-++#include "crypto_model.h"
-+ #include "test-common.h"
-+
-+-static void test(const char *model)
-++static void test(const char *model, const char *model2)
-+ {
-+ knet_handle_t knet_h;
-+ int logfds[2];
-+ struct knet_handle_crypto_cfg knet_handle_crypto_cfg;
-++ struct crypto_instance *current = NULL;
-+
-+ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-+
-+@@ -152,6 +154,96 @@ static void test(const char *model)
-+
-+ flush_logs(logfds[0], stdout);
-+
-++ printf("Test knet_handle_crypto reconfig with %s/aes128/sha1 and normal key\n", model2);
-++
-++ current = knet_h->crypto_instance;
-++
-++ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++ strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++ knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++ if (knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++ printf("knet_handle_crypto failed with correct config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ if (current == knet_h->crypto_instance) {
-++ printf("knet_handle_crypto failed to install new correct config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_handle_crypto reconfig with %s/aes128/sha1 and normal key\n", model);
-++
-++ current = knet_h->crypto_instance;
-++
-++ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++ strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++ knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++ if (knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++ printf("knet_handle_crypto failed with correct config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ if (current == knet_h->crypto_instance) {
-++ printf("knet_handle_crypto failed to install new correct config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ printf("Test knet_handle_crypto reconfig with %s/aes129/sha1 and normal key\n", model);
-++
-++ current = knet_h->crypto_instance;
-++
-++ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++ strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes129", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++ strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++ knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++ if (!knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++ printf("knet_handle_crypto failed to detect incorrect config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-++ if (current != knet_h->crypto_instance) {
-++ printf("knet_handle_crypto failed to restore correct config: %s\n", strerror(errno));
-++ knet_handle_free(knet_h);
-++ flush_logs(logfds[0], stdout);
-++ close_logpipes(logfds);
-++ exit(FAIL);
-++ }
-++
-++ flush_logs(logfds[0], stdout);
-++
-+ printf("Test knet_handle_crypto with %s/aes128/none and normal key\n", model);
-+
-+ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-+@@ -233,7 +325,7 @@ int main(int argc, char *argv[])
-+ }
-+
-+ for (i=0; i < crypto_list_entries; i++) {
-+- test(crypto_list[i].name);
-++ test(crypto_list[i].name, crypto_list[0].name);
-+ }
-+
-+ return PASS;
-diff --git a/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch b/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-new file mode 100644
-index 0000000..a079030
---- /dev/null
-+++ b/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-@@ -0,0 +1,23 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 16:09:54 +0200
-+Subject: [doc] fix a merge oversight from
-+ 541d7faf9068d10e12b4278c35825ce1353db081
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ef89e9d900db037c82e03406dcf426ff62649e7d)
-+---
-+ libknet/libknet.h | 1 +
-+ 1 file changed, 1 insertion(+)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 85c06cc..907213f 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1511,6 +1511,7 @@ typedef enum {
-+
-+ /**
-+ * check_acceptreject_t
-++ *
-+ * @brief enum for accept/reject in knet access lists
-+ *
-+ * accept or reject incoming packets defined in the access list entry
-diff --git a/debian/patches/global-update-copyright-across-the-board.patch b/debian/patches/global-update-copyright-across-the-board.patch
-new file mode 100644
-index 0000000..9230a7c
---- /dev/null
-+++ b/debian/patches/global-update-copyright-across-the-board.patch
-@@ -0,0 +1,129 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Mar 2019 13:45:52 +0100
-+Subject: [global] update copyright across the board
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 27a7d1cb61bd66d8e36dd663075cf5d0f2d385e4)
-+---
-+ libknet/links_acl_ip.h | 2 +-
-+ libknet/links_acl_loopback.h | 2 +-
-+ libknet/links_acl_ip.c | 2 +-
-+ libknet/links_acl_loopback.c | 2 +-
-+ libknet/tests/api_knet_handle_enable_access_lists.c | 2 +-
-+ libknet/tests/api_knet_link_add_acl.c | 2 +-
-+ libknet/tests/api_knet_link_clear_acl.c | 2 +-
-+ libknet/tests/api_knet_link_insert_acl.c | 2 +-
-+ libknet/tests/api_knet_link_rm_acl.c | 2 +-
-+ libknet/tests/int_links_acl_ip.c | 2 +-
-+ 10 files changed, 10 insertions(+), 10 deletions(-)
-+
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index fac58e2..b33ffb1 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index e75c4a4..b51d2bf 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 642027b..9310f21 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 97f8198..044a51c 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+index fc3bcc1..d08f175 100644
-+--- a/libknet/tests/api_knet_handle_enable_access_lists.c
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+index b018165..ff7a2e2 100644
-+--- a/libknet/tests/api_knet_link_add_acl.c
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+index 78b7d79..234a76b 100644
-+--- a/libknet/tests/api_knet_link_clear_acl.c
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+index 547f92b..79d04df 100644
-+--- a/libknet/tests/api_knet_link_insert_acl.c
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+index 49a82d9..d132c54 100644
-+--- a/libknet/tests/api_knet_link_rm_acl.c
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+index a7d2aed..93dff63 100644
-+--- a/libknet/tests/int_links_acl_ip.c
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Christine Caulfield <ccaulfie@redhat.com>
-+ *
-diff --git a/debian/patches/global-update-copyrights.patch b/debian/patches/global-update-copyrights.patch
-new file mode 100644
-index 0000000..4557faf
---- /dev/null
-+++ b/debian/patches/global-update-copyrights.patch
-@@ -0,0 +1,21 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 12 Jun 2019 05:23:47 +0200
-+Subject: [global] update copyrights
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5d6813ecfb9187d031a1195a6670bd174680d478)
-+---
-+ libknet/compress_zstd.c | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+index f76ea5f..e234f8d 100644
-+--- a/libknet/compress_zstd.c
-++++ b/libknet/compress_zstd.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
-+ *
-+ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ *
-diff --git a/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch b/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
-new file mode 100644
-index 0000000..ca34a5d
---- /dev/null
-+++ b/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
-@@ -0,0 +1,26 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 13 Feb 2019 09:14:45 +0100
-+Subject: [handle] properly initialize fd tracker buffers
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 4a76e6de56d50c6c4c78af996d0f97d8df34dadd)
-+---
-+ libknet/handle.c | 5 ++++-
-+ 1 file changed, 4 insertions(+), 1 deletion(-)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 6cd49f5..0a2f75a 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -309,7 +309,10 @@ static int _init_buffers(knet_handle_t knet_h)
-+ }
-+ memset(knet_h->send_to_links_buf_compress, 0, KNET_DATABUFSIZE_COMPRESS);
-+
-+- memset(knet_h->knet_transport_fd_tracker, KNET_MAX_TRANSPORTS, sizeof(knet_h->knet_transport_fd_tracker));
-++ memset(knet_h->knet_transport_fd_tracker, 0, sizeof(knet_h->knet_transport_fd_tracker));
-++ for (i = 0; i < KNET_MAX_FDS; i++) {
-++ knet_h->knet_transport_fd_tracker[i].transport = KNET_MAX_TRANSPORTS;
-++ }
-+
-+ return 0;
-+
-diff --git a/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch b/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-new file mode 100644
-index 0000000..ba846ab
---- /dev/null
-+++ b/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-@@ -0,0 +1,77 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 9 May 2019 15:44:41 +0200
-+Subject: [links] rename tranport_type to transport to avoid confusion (part 2)
-+
-+complements be9d053efafc822cabd696914d53b5dfe25fb4fd due to early
-+cherry-pick of 7033ddab505a0cf3655115fe5037579b7c882a8c
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit e1345c4f44efd7db79376a3985e4a6aab1461c6f)
-+---
-+ libknet/threads_heartbeat.c | 2 +-
-+ libknet/threads_pmtud.c | 2 +-
-+ libknet/threads_rx.c | 4 ++--
-+ libknet/threads_tx.c | 2 +-
-+ 4 files changed, 5 insertions(+), 5 deletions(-)
-+
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 413b5b7..8def9b8 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -85,7 +85,7 @@ static void _handle_check_each(knet_handle_t knet_h, struct knet_host *dst_host,
-+ }
-+
-+ retry:
-+- if (transport_get_connection_oriented(knet_h, dst_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++ if (transport_get_connection_oriented(knet_h, dst_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+ len = sendto(dst_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+ (struct sockaddr *) &dst_link->dst_addr, sizeof(struct sockaddr_storage));
-+ } else {
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 1a84540..0050557 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -172,7 +172,7 @@ restart:
-+ return -1;
-+ }
-+ retry:
-+- if (transport_get_connection_oriented(knet_h, dst_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++ if (transport_get_connection_oriented(knet_h, dst_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+ len = sendto(dst_link->outsock, outbuf, data_len, MSG_DONTWAIT | MSG_NOSIGNAL,
-+ (struct sockaddr *) &dst_link->dst_addr, sizeof(struct sockaddr_storage));
-+ } else {
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 4670829..6417261 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -578,7 +578,7 @@ static void _parse_recv_from_links(knet_handle_t knet_h, int sockfd, const struc
-+ }
-+
-+ retry_pong:
-+- if (transport_get_connection_oriented(knet_h, src_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++ if (transport_get_connection_oriented(knet_h, src_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+ len = sendto(src_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+ (struct sockaddr *) &src_link->dst_addr, sizeof(struct sockaddr_storage));
-+ } else {
-+@@ -674,7 +674,7 @@ retry_pong:
-+ goto out_pmtud;
-+ }
-+ retry_pmtud:
-+- if (transport_get_connection_oriented(knet_h, src_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++ if (transport_get_connection_oriented(knet_h, src_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+ len = sendto(src_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+ (struct sockaddr *) &src_link->dst_addr, sizeof(struct sockaddr_storage));
-+ } else {
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index b904e12..e987eb1 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -68,7 +68,7 @@ retry:
-+ cur = &msg[prev_sent];
-+
-+ sent_msgs = _sendmmsg(dst_host->link[dst_host->active_links[link_idx]].outsock,
-+- transport_get_connection_oriented(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport_type),
-++ transport_get_connection_oriented(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport),
-+ &cur[0], msgs_to_send - prev_sent, MSG_DONTWAIT | MSG_NOSIGNAL);
-+ savederrno = errno;
-+
-diff --git a/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch b/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
-new file mode 100644
-index 0000000..48df681
---- /dev/null
-+++ b/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
-@@ -0,0 +1,196 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:31:42 +0100
-+Subject: [links] rename transport_type to transport to avoid confusion
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c02c06feed59b18948d0107d2ec4cc2a9182554a)
-+---
-+ libknet/internals.h | 2 +-
-+ libknet/links.c | 10 +++++-----
-+ libknet/threads_heartbeat.c | 6 +++---
-+ libknet/threads_pmtud.c | 4 ++--
-+ libknet/threads_rx.c | 4 ++--
-+ libknet/threads_tx.c | 4 ++--
-+ libknet/transports.c | 6 +++---
-+ 7 files changed, 18 insertions(+), 18 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 0d6ee3f..2135fb8 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -62,7 +62,7 @@ struct knet_link {
-+ struct knet_link_status status;
-+ /* internals */
-+ uint8_t link_id;
-+- uint8_t transport_type; /* #defined constant from API */
-++ uint8_t transport; /* #defined constant from API */
-+ knet_transport_link_t transport_link; /* link_info_t from transport */
-+ int outsock;
-+ unsigned int configured:1; /* set to 1 if src/dst have been configured transport initialized on this link*/
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 1693df6..dd64a15 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -351,7 +351,7 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+
-+ memmove(src_addr, &link->src_addr, sizeof(struct sockaddr_storage));
-+
-+- *transport = link->transport_type;
-++ *transport = link->transport;
-+ *flags = link->flags;
-+
-+ if (link->dynamic == KNET_LINK_STATIC) {
-+@@ -426,9 +426,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * then we can remove any leftover access lists if the link
-+ * is no longer in use.
-+ */
-+- if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++ if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+ (link->dynamic == KNET_LINK_STATIC)) {
-+- if (check_rm(knet_h, link->outsock, link->transport_type,
-++ if (check_rm(knet_h, link->outsock, link->transport,
-+ &link->dst_addr, &link->dst_addr,
-+ CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+ err = -1;
-+@@ -444,7 +444,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * will clear link info during clear_config.
-+ */
-+ sock = link->outsock;
-+- transport = link->transport_type;
-++ transport = link->transport;
-+
-+ if ((transport_link_clear_config(knet_h, link) < 0) &&
-+ (errno != EBUSY)) {
-+@@ -457,7 +457,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * remove any other access lists when the socket is no
-+ * longer in use by the transport.
-+ */
-+- if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++ if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+ (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+ check_rmall(knet_h, sock, transport);
-+ }
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 5d4189f..413b5b7 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -98,7 +98,7 @@ retry:
-+ dst_link->status.stats.tx_ping_bytes += outlen;
-+
-+ if (len != outlen) {
-+- err = transport_tx_sock_error(knet_h, dst_link->transport_type, dst_link->outsock, len, savederrno);
-++ err = transport_tx_sock_error(knet_h, dst_link->transport, dst_link->outsock, len, savederrno);
-+ switch(err) {
-+ case -1: /* unrecoverable error */
-+ log_debug(knet_h, KNET_SUB_HEARTBEAT,
-+@@ -140,7 +140,7 @@ void _send_pings(knet_handle_t knet_h, int timed)
-+ for (dst_host = knet_h->host_head; dst_host != NULL; dst_host = dst_host->next) {
-+ for (link_idx = 0; link_idx < KNET_MAX_LINK; link_idx++) {
-+ if ((dst_host->link[link_idx].status.enabled != 1) ||
-+- (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK ) ||
-++ (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK ) ||
-+ ((dst_host->link[link_idx].dynamic == KNET_LINK_DYNIP) &&
-+ (dst_host->link[link_idx].status.dynconnected != 1)))
-+ continue;
-+@@ -166,7 +166,7 @@ static void _adjust_pong_timeouts(knet_handle_t knet_h)
-+ for (dst_host = knet_h->host_head; dst_host != NULL; dst_host = dst_host->next) {
-+ for (link_idx = 0; link_idx < KNET_MAX_LINK; link_idx++) {
-+ if ((dst_host->link[link_idx].status.enabled != 1) ||
-+- (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK ) ||
-++ (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK ) ||
-+ ((dst_host->link[link_idx].dynamic == KNET_LINK_DYNIP) &&
-+ (dst_host->link[link_idx].status.dynconnected != 1)))
-+ continue;
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 63504d6..1a84540 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -196,7 +196,7 @@ retry:
-+
-+ kernel_mtu = 0;
-+
-+- err = transport_tx_sock_error(knet_h, dst_link->transport_type, dst_link->outsock, len, savederrno);
-++ err = transport_tx_sock_error(knet_h, dst_link->transport, dst_link->outsock, len, savederrno);
-+ switch(err) {
-+ case -1: /* unrecoverable error */
-+ log_debug(knet_h, KNET_SUB_PMTUD, "Unable to send pmtu packet (sendto): %d %s", savederrno, strerror(savederrno));
-+@@ -523,7 +523,7 @@ void *_handle_pmtud_link_thread(void *data)
-+
-+ if ((dst_link->status.enabled != 1) ||
-+ (dst_link->status.connected != 1) ||
-+- (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK) ||
-++ (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK) ||
-+ (!dst_link->last_ping_size) ||
-+ ((dst_link->dynamic == KNET_LINK_DYNIP) &&
-+ (dst_link->status.dynconnected != 1)))
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 5fa51c4..4670829 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -586,7 +586,7 @@ retry_pong:
-+ }
-+ savederrno = errno;
-+ if (len != outlen) {
-+- err = transport_tx_sock_error(knet_h, src_link->transport_type, src_link->outsock, len, savederrno);
-++ err = transport_tx_sock_error(knet_h, src_link->transport, src_link->outsock, len, savederrno);
-+ switch(err) {
-+ case -1: /* unrecoverable error */
-+ log_debug(knet_h, KNET_SUB_RX,
-+@@ -682,7 +682,7 @@ retry_pmtud:
-+ }
-+ savederrno = errno;
-+ if (len != outlen) {
-+- err = transport_tx_sock_error(knet_h, src_link->transport_type, src_link->outsock, len, savederrno);
-++ err = transport_tx_sock_error(knet_h, src_link->transport, src_link->outsock, len, savederrno);
-+ switch(err) {
-+ case -1: /* unrecoverable error */
-+ log_debug(knet_h, KNET_SUB_RX,
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index fa911dc..b904e12 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -48,7 +48,7 @@ static int _dispatch_to_links(knet_handle_t knet_h, struct knet_host *dst_host,
-+
-+ cur_link = &dst_host->link[dst_host->active_links[link_idx]];
-+
-+- if (cur_link->transport_type == KNET_TRANSPORT_LOOPBACK) {
-++ if (cur_link->transport == KNET_TRANSPORT_LOOPBACK) {
-+ continue;
-+ }
-+
-+@@ -72,7 +72,7 @@ retry:
-+ &cur[0], msgs_to_send - prev_sent, MSG_DONTWAIT | MSG_NOSIGNAL);
-+ savederrno = errno;
-+
-+- err = transport_tx_sock_error(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport_type, dst_host->link[dst_host->active_links[link_idx]].outsock, sent_msgs, savederrno);
-++ err = transport_tx_sock_error(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport, dst_host->link[dst_host->active_links[link_idx]].outsock, sent_msgs, savederrno);
-+ switch(err) {
-+ case -1: /* unrecoverable error */
-+ cur_link->status.stats.tx_data_errors++;
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index ffebe00..69ea091 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -88,19 +88,19 @@ int transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_link, u
-+ return -1;
-+ }
-+ kn_link->transport_connected = 0;
-+- kn_link->transport_type = transport;
-++ kn_link->transport = transport;
-+ kn_link->proto_overhead = transport_modules_cmd[transport].transport_mtu_overhead;
-+ return transport_modules_cmd[transport].transport_link_set_config(knet_h, kn_link);
-+ }
-+
-+ int transport_link_clear_config(knet_handle_t knet_h, struct knet_link *kn_link)
-+ {
-+- return transport_modules_cmd[kn_link->transport_type].transport_link_clear_config(knet_h, kn_link);
-++ return transport_modules_cmd[kn_link->transport].transport_link_clear_config(knet_h, kn_link);
-+ }
-+
-+ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link)
-+ {
-+- return transport_modules_cmd[kn_link->transport_type].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-++ return transport_modules_cmd[kn_link->transport].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-+ }
-+
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno)
-diff --git a/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch b/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
-new file mode 100644
-index 0000000..d4e4494
---- /dev/null
-+++ b/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
-@@ -0,0 +1,52 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 9 Mar 2019 07:03:25 +0100
-+Subject: [logging] fix log target of recently added API calls
-+
-+spotted during sctp testing
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit df6f761997d26afc62651f9ff831e0f7327ee41b)
-+---
-+ libknet/links.c | 8 ++++----
-+ 1 file changed, 4 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 038a8a4..8011a6d 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -1199,7 +1199,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+
-+ savederrno = get_global_wrlock(knet_h);
-+ if (savederrno) {
-+- log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+ strerror(savederrno));
-+ errno = savederrno;
-+ return -1;
-+@@ -1294,7 +1294,7 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+
-+ savederrno = get_global_wrlock(knet_h);
-+ if (savederrno) {
-+- log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+ strerror(savederrno));
-+ errno = savederrno;
-+ return -1;
-+@@ -1388,7 +1388,7 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+
-+ savederrno = get_global_wrlock(knet_h);
-+ if (savederrno) {
-+- log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+ strerror(savederrno));
-+ errno = savederrno;
-+ return -1;
-+@@ -1450,7 +1450,7 @@ int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t li
-+
-+ savederrno = get_global_wrlock(knet_h);
-+ if (savederrno) {
-+- log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++ log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+ strerror(savederrno));
-+ errno = savederrno;
-+ return -1;
-diff --git a/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-new file mode 100644
-index 0000000..445238d
---- /dev/null
-+++ b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-@@ -0,0 +1,50 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 30 Apr 2019 05:42:48 +0200
-+Subject: [man] fix libknet.h for errors detected by newly added test
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 790b1cb387df9ada2b607c0317a85bab8ec7245b)
-+---
-+ libknet/libknet.h | 8 ++++----
-+ 1 file changed, 4 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 3098eab..183c92d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1553,7 +1553,7 @@ typedef enum {
-+ * packets from 10.0.0.1 will be accepted by rule number 1.
-+ *
-+ * @return
-+- * knet_link_add_acl
-++ * knet_link_add_acl returns
-+ * 0 on success.
-+ * -1 on error and errno is set.
-+ */
-+@@ -1580,7 +1580,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+ *
-+ * @return
-+- * knet_link_insert_acl
-++ * knet_link_insert_acl returns
-+ * 0 on success.
-+ * -1 on error and errno is set.
-+ */
-+@@ -1608,7 +1608,7 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ * to knet_link_add_acl(3).
-+ *
-+ * @return
-+- * knet_link_rm_acl
-++ * knet_link_rm_acl returns
-+ * 0 on success.
-+ * -1 on error and errno is set.
-+ */
-+@@ -1630,7 +1630,7 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+ * link_id - see knet_link_set_config(3)
-+ *
-+ * @return
-+- * knet_link_clear_acl
-++ * knet_link_clear_acl returns
-+ * 0 on success.
-+ * -1 on error and errno is set.
-+ */
-diff --git a/debian/patches/manpages-Document-enums-206.patch b/debian/patches/manpages-Document-enums-206.patch
-new file mode 100644
-index 0000000..5b6c01e
---- /dev/null
-+++ b/debian/patches/manpages-Document-enums-206.patch
-@@ -0,0 +1,39 @@
-+From: Chrissie Caulfield <ccaulfie@redhat.com>
-+Date: Tue, 12 Mar 2019 13:55:25 +0000
-+Subject: manpages: Document enums (#206)
-+
-+And also fix a bug in structure printing that caused it to print the wrong name for a struct.
-+
-+(cherry picked from commit 541d7faf9068d10e12b4278c35825ce1353db081)
-+---
-+ libknet/libknet.h | 10 ++++++++--
-+ 1 file changed, 8 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 50ed70d..d16eb5d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1483,7 +1483,10 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+ * see also knet_handle_enable_access_lists(3)
-+ */
-+
-+-/*
-++/**
-++ * check_type_t
-++ * @brief address type enum for knet access lists
-++ *
-+ * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-+ * for example: 10.1.9.3
-+ * and the entry is stored in ss1. ss2 can be NULL.
-+@@ -1508,7 +1511,10 @@ typedef enum {
-+ CHECK_TYPE_RANGE
-+ } check_type_t;
-+
-+-/*
-++/**
-++ * check_acceptreject_t
-++ * @brief enum for accept/reject in knet access lists
-++ *
-+ * accept or reject incoming packets defined in the access list entry
-+ */
-+
-diff --git a/debian/patches/misc-Fix-more-covscan-warnings.patch b/debian/patches/misc-Fix-more-covscan-warnings.patch
-new file mode 100644
-index 0000000..1ae8829
---- /dev/null
-+++ b/debian/patches/misc-Fix-more-covscan-warnings.patch
-@@ -0,0 +1,191 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Fri, 24 May 2019 10:09:47 +0100
-+Subject: misc: Fix more covscan warnings
-+
-+The only serious bug here is in transport_udp.c
-+(see bottom of patch), the rest are mostly detail.
-+
-+covscan still reports a lot of errors against doxyxml, most of
-+which are because it doesn't understand the libqb hashtables.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ded574d1dd0c53c70a34fbd1eaa0239b3cde59b9)
-+---
-+ libknet/common.c | 2 +-
-+ libknet/compress.c | 6 +++---
-+ libknet/crypto.c | 1 -
-+ libknet/crypto_nss.c | 2 +-
-+ libknet/handle.c | 1 -
-+ libknet/threads_pmtud.c | 1 -
-+ libknet/threads_rx.c | 1 -
-+ libknet/threads_tx.c | 1 -
-+ libknet/transport_common.c | 4 ++--
-+ libknet/transport_sctp.c | 2 +-
-+ libknet/transport_udp.c | 3 ++-
-+ 11 files changed, 10 insertions(+), 14 deletions(-)
-+
-+diff --git a/libknet/common.c b/libknet/common.c
-+index c908e23..be46f23 100644
-+--- a/libknet/common.c
-++++ b/libknet/common.c
-+@@ -101,7 +101,7 @@ static void *open_lib(knet_handle_t knet_h, const char *libname, int extra_flags
-+ }
-+
-+ if (S_ISLNK(sb.st_mode)) {
-+- if (readlink(path, link, sizeof(link)) < 0) {
-++ if (readlink(path, link, sizeof(link)-1) < 0) {
-+ log_debug(knet_h, KNET_SUB_COMMON, "Unable to readlink %s: %s", path, strerror(errno));
-+ goto out;
-+ }
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 7eab454..864828f 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -359,11 +359,11 @@ void compress_fini(
-+ }
-+
-+ while (compress_modules_cmds[idx].model_name != NULL) {
-+- if ((compress_modules_cmds[idx].built_in == 1) &&
-++ if ((idx < KNET_MAX_COMPRESS_METHODS) && /* check idx first so we don't read bad data */
-++ (compress_modules_cmds[idx].built_in == 1) &&
-+ (compress_modules_cmds[idx].loaded == 1) &&
-+ (compress_modules_cmds[idx].model_id > 0) &&
-+- (knet_h->compress_int_data[idx] != NULL) &&
-+- (idx < KNET_MAX_COMPRESS_METHODS)) {
-++ (knet_h->compress_int_data[idx] != NULL)) {
-+ if ((all) || (compress_modules_cmds[idx].model_id == knet_h->compress_model)) {
-+ if (compress_modules_cmds[idx].ops->fini != NULL) {
-+ compress_modules_cmds[idx].ops->fini(knet_h, idx);
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 419f9cc..41d67c9 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -129,7 +129,6 @@ int crypto_init(
-+
-+ if (!knet_h->crypto_instance) {
-+ log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-+- pthread_rwlock_unlock(&shlib_rwlock);
-+ savederrno = ENOMEM;
-+ goto out_err;
-+ }
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index a17ff62..640b560 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -761,7 +761,7 @@ static int nsscrypto_init(
-+ knet_h->crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-+ if (!knet_h->crypto_instance->model_instance) {
-+ log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to allocate memory for nss model instance");
-+- savederrno = ENOMEM;
-++ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 268d610..fd26bea 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1649,4 +1649,3 @@ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+ return 0;
-+ }
-+-
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index c5a2b27..b4ee632 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -44,7 +44,6 @@ static int _handle_check_link_pmtud(knet_handle_t knet_h, struct knet_host *dst_
-+
-+ mutex_retry_limit = 0;
-+ failsafe = 0;
-+- pad_len = 0;
-+
-+ dst_link->last_bad_mtu = 0;
-+
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index ae39b38..626cbc4 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -499,7 +499,6 @@ static void _parse_recv_from_links(knet_handle_t knet_h, int sockfd, const struc
-+ } else { /* HOSTINFO */
-+ knet_hostinfo = (struct knet_hostinfo *)inbuf->khp_data_userdata;
-+ if (knet_hostinfo->khi_bcast == KNET_HOSTINFO_UCAST) {
-+- bcast = 0;
-+ knet_hostinfo->khi_dst_node_id = ntohs(knet_hostinfo->khi_dst_node_id);
-+ }
-+ if (!_seq_num_lookup(src_host, inbuf->khp_data_seq_num, 0, 0)) {
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index e987eb1..8096906 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -42,7 +42,6 @@ static int _dispatch_to_links(knet_handle_t knet_h, struct knet_host *dst_host,
-+ struct knet_link *cur_link;
-+
-+ for (link_idx = 0; link_idx < dst_host->active_link_entries; link_idx++) {
-+- sent_msgs = 0;
-+ prev_sent = 0;
-+ progress = 1;
-+
-+diff --git a/libknet/transport_common.c b/libknet/transport_common.c
-+index 3c3c439..fe40ad8 100644
-+--- a/libknet/transport_common.c
-++++ b/libknet/transport_common.c
-+@@ -405,7 +405,7 @@ int _is_valid_fd(knet_handle_t knet_h, int sockfd)
-+ return -1;
-+ }
-+
-+- if (sockfd > KNET_MAX_FDS) {
-++ if (sockfd >= KNET_MAX_FDS) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+@@ -430,7 +430,7 @@ int _set_fd_tracker(knet_handle_t knet_h, int sockfd, uint8_t transport, uint8_t
-+ return -1;
-+ }
-+
-+- if (sockfd > KNET_MAX_FDS) {
-++ if (sockfd >= KNET_MAX_FDS) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index bdfc98d..2c1cdcc 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -733,7 +733,6 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+ if (knet_h->use_access_lists) {
-+ if (!check_validate(knet_h, listen_sock, KNET_TRANSPORT_SCTP, &ss)) {
-+ savederrno = EINVAL;
-+- err = -1;
-+ log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-+ close(new_fd);
-+ errno = savederrno;
-+@@ -871,6 +870,7 @@ static void _handle_listen_sctp_errors(knet_handle_t knet_h)
-+ info->accepted_socks[i] = -1;
-+ free(accept_info);
-+ close(sockfd);
-++ break; /* Keeps covscan happy */
-+ }
-+ }
-+ }
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index e243a91..3fd69ee 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -71,6 +71,7 @@ int udp_transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_lin
-+ err = -1;
-+ goto exit_error;
-+ }
-++ memset(info, 0, sizeof(udp_link_info_t));
-+
-+ sock = socket(kn_link->src_addr.ss_family, SOCK_DGRAM, 0);
-+ if (sock < 0) {
-+@@ -363,7 +364,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+ case SO_EE_ORIGIN_ICMP: /* ICMP */
-+ case SO_EE_ORIGIN_ICMP6: /* ICMP6 */
-+ origin = (struct sockaddr_storage *)(void *)SO_EE_OFFENDER(sock_err);
-+- if (knet_addrtostr(origin, sizeof(origin),
-++ if (knet_addrtostr(origin, sizeof(*origin),
-+ addr_str, KNET_MAX_HOST_LEN,
-+ port_str, KNET_MAX_PORT_LEN) < 0) {
-+ log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from unknown source: %s", strerror(sock_err->ee_errno));
-diff --git a/debian/patches/misc-some-coverity-fixes.patch b/debian/patches/misc-some-coverity-fixes.patch
-new file mode 100644
-index 0000000..154728f
---- /dev/null
-+++ b/debian/patches/misc-some-coverity-fixes.patch
-@@ -0,0 +1,224 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Fri, 17 May 2019 08:44:08 +0100
-+Subject: misc: some coverity fixes
-+
-+In rough order of seriousness:
-+
-+1. Fix clock_gettime() in pmtud so that it's always called, as
-+ variable 'clock_now' is always read.
-+2. Allow space for trailing NUL in libnozzle device names
-+3. Fix api_nozzle_run_updown_test so it can run out of the build tree
-+4. Disallow a 0 length prefix in libnozzle
-+5. Fix potential use of NULL pointer on doxyxml
-+6. Free 'name' in doxyxml as it's *not* in the map any more
-+7. Fix dead code in libknet API functions left by code changes
-+
-+(cherry picked from commit eff3f735f19d3ea4c4689a0fa52ff8e29f75808c)
-+---
-+ libknet/handle.c | 13 ++++---------
-+ libknet/host.c | 5 ++---
-+ libknet/threads_pmtud.c | 10 +++++-----
-+ libnozzle/internals.c | 2 +-
-+ libnozzle/libnozzle.c | 3 ++-
-+ libnozzle/tests/api_nozzle_run_updown.c | 9 +++++++--
-+ man/doxyxml.c | 20 ++++++++++----------
-+ 7 files changed, 31 insertions(+), 31 deletions(-)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 0a2f75a..268d610 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -785,7 +785,7 @@ int knet_handle_enable_sock_notify(knet_handle_t knet_h,
-+ int error,
-+ int errorno))
-+ {
-+- int savederrno = 0, err = 0;
-++ int savederrno = 0;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -811,8 +811,7 @@ int knet_handle_enable_sock_notify(knet_handle_t knet_h,
-+
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+
-+- errno = err ? savederrno : 0;
-+- return err;
-++ return 0;
-+ }
-+
-+ int knet_handle_add_datafd(knet_handle_t knet_h, int *datafd, int8_t *channel)
-+@@ -1576,7 +1575,6 @@ out_unlock:
-+ int knet_handle_get_stats(knet_handle_t knet_h, struct knet_handle_stats *stats, size_t struct_size)
-+ {
-+ int savederrno = 0;
-+- int err = 0;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -1616,14 +1614,12 @@ int knet_handle_get_stats(knet_handle_t knet_h, struct knet_handle_stats *stats,
-+ stats->size = sizeof(struct knet_handle_stats);
-+
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+- errno = err ? savederrno : 0;
-+- return err;
-++ return 0;
-+ }
-+
-+ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+ {
-+ int savederrno = 0;
-+- int err = 0;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -1651,7 +1647,6 @@ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+ }
-+
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+- errno = err ? savederrno : 0;
-+- return err;
-++ return 0;
-+ }
-+
-+diff --git a/libknet/host.c b/libknet/host.c
-+index 480db73..66826c1 100644
-+--- a/libknet/host.c
-++++ b/libknet/host.c
-+@@ -331,7 +331,7 @@ int knet_host_get_id_by_host_name(knet_handle_t knet_h, const char *name,
-+ int knet_host_get_host_list(knet_handle_t knet_h,
-+ knet_node_id_t *host_ids, size_t *host_ids_entries)
-+ {
-+- int savederrno = 0, err = 0;
-++ int savederrno = 0;
-+
-+ if (!knet_h) {
-+ errno = EINVAL;
-+@@ -355,8 +355,7 @@ int knet_host_get_host_list(knet_handle_t knet_h,
-+ *host_ids_entries = knet_h->host_ids_entries;
-+
-+ pthread_rwlock_unlock(&knet_h->global_rwlock);
-+- errno = err ? savederrno : 0;
-+- return err;
-++ return 0;
-+ }
-+
-+ int knet_host_set_policy(knet_handle_t knet_h, knet_node_id_t host_id,
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 0050557..c5a2b27 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -380,14 +380,14 @@ static int _handle_check_pmtud(knet_handle_t knet_h, struct knet_host *dst_host,
-+ struct timespec clock_now;
-+ unsigned long long diff_pmtud, interval;
-+
-++ if (clock_gettime(CLOCK_MONOTONIC, &clock_now) != 0) {
-++ log_debug(knet_h, KNET_SUB_PMTUD, "Unable to get monotonic clock");
-++ return 0;
-++ }
-++
-+ if (!force_run) {
-+ interval = knet_h->pmtud_interval * 1000000000llu; /* nanoseconds */
-+
-+- if (clock_gettime(CLOCK_MONOTONIC, &clock_now) != 0) {
-+- log_debug(knet_h, KNET_SUB_PMTUD, "Unable to get monotonic clock");
-+- return 0;
-+- }
-+-
-+ timespec_diff(dst_link->pmtud_last, clock_now, &diff_pmtud);
-+
-+ if (diff_pmtud < interval) {
-+diff --git a/libnozzle/internals.c b/libnozzle/internals.c
-+index 6e68346..f056e3b 100644
-+--- a/libnozzle/internals.c
-++++ b/libnozzle/internals.c
-+@@ -144,7 +144,7 @@ char *generate_v4_broadcast(const char *ipaddr, const char *prefix)
-+
-+ prefix_len = atoi(prefix);
-+
-+- if ((prefix_len > 32) || (prefix_len < 0))
-++ if ((prefix_len > 32) || (prefix_len <= 0))
-+ return NULL;
-+
-+ if (inet_pton(AF_INET, ipaddr, &address) <= 0)
-+diff --git a/libnozzle/libnozzle.c b/libnozzle/libnozzle.c
-+index 4e5a2d4..b6e9566 100644
-+--- a/libnozzle/libnozzle.c
-++++ b/libnozzle/libnozzle.c
-+@@ -405,7 +405,8 @@ nozzle_t nozzle_open(char *devname, size_t devname_size, const char *updownpath)
-+ return NULL;
-+ }
-+
-+- if (strlen(devname) > IFNAMSIZ) {
-++ /* Need to allow space for trailing NUL */
-++ if (strlen(devname) >= IFNAMSIZ) {
-+ errno = E2BIG;
-+ return NULL;
-+ }
-+diff --git a/libnozzle/tests/api_nozzle_run_updown.c b/libnozzle/tests/api_nozzle_run_updown.c
-+index a078ad7..c80216a 100644
-+--- a/libnozzle/tests/api_nozzle_run_updown.c
-++++ b/libnozzle/tests/api_nozzle_run_updown.c
-+@@ -29,16 +29,21 @@ static int test(void)
-+ nozzle_t nozzle = NULL;
-+ char *error_string = NULL;
-+ char *tmpdir = NULL;
-+- char tmpdirsrc[PATH_MAX];
-++ char tmpdirsrc[PATH_MAX*2];
-+ char tmpstr[PATH_MAX*2];
-+ char srcfile[PATH_MAX];
-+ char dstfile[PATH_MAX];
-++ char current_dir[PATH_MAX];
-+
-+ /*
-+ * create a tmp dir for storing up/down scripts.
-+ * we cannot create symlinks src dir
-+ */
-+- strcpy(tmpdirsrc, ABSBUILDDIR "/nozzle_test_XXXXXX");
-++ if (getcwd(current_dir, sizeof(current_dir)) == NULL) {
-++ printf("Unable to get current working directory: %s\n", strerror(errno));
-++ return -1;
-++ }
-++ snprintf(tmpdirsrc, sizeof(tmpdirsrc)-1, "%s/nozzle_test_XXXXXX", current_dir);
-+
-+ tmpdir = mkdtemp(tmpdirsrc);
-+ if (!tmpdir) {
-+diff --git a/man/doxyxml.c b/man/doxyxml.c
-+index b623711..7d9a60c 100644
-+--- a/man/doxyxml.c
-++++ b/man/doxyxml.c
-+@@ -695,17 +695,17 @@ static void collect_enums(xmlNode *cur_node, void *arg)
-+ }
-+ }
-+
-+- si = malloc(sizeof(struct struct_info));
-+- if (si) {
-+- si->kind = STRUCTINFO_ENUM;
-+- qb_list_init(&si->params_list);
-+- si->structname = strdup(name);
-+- traverse_node(cur_node, "enumvalue", read_struct, si);
-+- qb_map_put(structures_map, refid, si);
-++ if (name) {
-++ si = malloc(sizeof(struct struct_info));
-++ if (si) {
-++ si->kind = STRUCTINFO_ENUM;
-++ qb_list_init(&si->params_list);
-++ si->structname = strdup(name);
-++ traverse_node(cur_node, "enumvalue", read_struct, si);
-++ qb_map_put(structures_map, refid, si);
-++ }
-+ }
-+-
-+ }
-+-
-+ }
-+ }
-+
-+@@ -786,7 +786,7 @@ static void traverse_members(xmlNode *cur_node, void *arg)
-+ free(kind);
-+ free(def);
-+ free(args);
-+-// free(name); /* don't free, it's in the map */
-++ free(name);
-+ }
-+ }
-+
-diff --git a/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch b/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
-new file mode 100644
-index 0000000..7650221
---- /dev/null
-+++ b/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
-@@ -0,0 +1,167 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 25 Feb 2018 09:08:10 +0100
-+Subject: [spec] be more strict about plugins version and architecture
-+ depedencies
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 851525b90235db236cc4bf88a66ed5f7c54ed9f6)
-+---
-+ kronosnet.spec.in | 42 +++++++++++++++++++++---------------------
-+ 1 file changed, 21 insertions(+), 21 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 3b597d0..de31656 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -363,7 +363,7 @@ Summary: Simple userland wrapper around kernel tap devices
-+ %package -n libnozzle1-devel
-+ Group: Development/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-+-Requires: libnozzle1 = %{version}-%{release}
-++Requires: libnozzle1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+
-+ %description -n libnozzle1-devel
-+@@ -402,7 +402,7 @@ Summary: Kronosnet core switching implementation
-+ %package -n libknet1-devel
-+ Group: Development/Libraries
-+ Summary: Kronosnet core switching implementation (developer files)
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+
-+ %description -n libknet1-devel
-+@@ -424,7 +424,7 @@ Requires: pkgconfig
-+ %package -n libknet1-crypto-nss-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 nss support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-crypto-nss-plugin
-+ NSS crypto support for libknet1.
-+@@ -438,7 +438,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 openssl support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-crypto-openssl-plugin
-+ OpenSSL crypto support for libknet1.
-+@@ -452,7 +452,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-zlib-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zlib support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-zlib-plugin
-+ zlib compression support for libknet1.
-+@@ -465,7 +465,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lz4-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lz4 and lz4hc support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lz4-plugin
-+ lz4 and lz4hc compression support for libknet1.
-+@@ -480,7 +480,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lzo2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzo2 support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lzo2-plugin
-+ lzo2 compression support for libknet1.
-+@@ -494,7 +494,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lzma-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzma support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lzma-plugin
-+ lzma compression support for libknet1.
-+@@ -508,7 +508,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-bzip2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 bzip2 support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-bzip2-plugin
-+ bzip2 compression support for libknet1.
-+@@ -522,7 +522,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-zstd-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zstd support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-zstd-plugin
-+ zstd compression support for libknet1.
-+@@ -536,10 +536,10 @@ Requires: libknet1 = %{version}-%{release}
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+ %if %{defined buildcryptonss}
-+-Requires: libknet1-crypto-nss-plugin
-++Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcryptoopenssl}
-+-Requires: libknet1-crypto-openssl-plugin
-++Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+ %description -n libknet1-crypto-plugins-all
-+@@ -551,22 +551,22 @@ Requires: libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 compress plugins meta package
-+ %if %{defined buildcompresszlib}
-+-Requires: libknet1-compress-zlib-plugin
-++Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslz4}
-+-Requires: libknet1-compress-lz4-plugin
-++Requires: libknet1-compress-lz4-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslzo2}
-+-Requires: libknet1-compress-lzo2-plugin
-++Requires: libknet1-compress-lzo2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslzma}
-+-Requires: libknet1-compress-lzma-plugin
-++Requires: libknet1-compress-lzma-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompressbzip2}
-+-Requires: libknet1-compress-bzip2-plugin
-++Requires: libknet1-compress-bzip2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresszstd}
-+-Requires: libknet1-compress-zstd-plugin
-++Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+ %description -n libknet1-compress-plugins-all
-+@@ -577,8 +577,8 @@ Requires: libknet1-compress-zstd-plugin
-+ %package -n libknet1-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 plugins meta package
-+-Requires: libknet1-compress-plugins-all
-+-Requires: libknet1-crypto-plugins-all
-++Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-++Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-plugins-all
-+ meta package to install all of libknet1 plugins
-+@@ -589,7 +589,7 @@ Requires: libknet1-crypto-plugins-all
-+ %package -n kronosnet-tests
-+ Group: System Environment/Libraries
-+ Summary: kronosnet test suite
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n kronosnet-tests
-+ this package contains all the libknet and libnozzle test suite
-diff --git a/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch b/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
-new file mode 100644
-index 0000000..3e7dfa5
---- /dev/null
-+++ b/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
-@@ -0,0 +1,376 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 12 May 2019 07:22:41 +0200
-+Subject: [spec] clean up useless conditionals and defines
-+
-+fix a couple of minor conditionals in the process
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dd66ce8b6389772de79e576d6eea542633594cf1)
-+---
-+ kronosnet.spec.in | 144 ++++++++++++++++++++----------------------------------
-+ 1 file changed, 52 insertions(+), 92 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index de31656..b5632ae 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -37,50 +37,6 @@
-+ %undefine _enable_debug_packages
-+ %endif
-+
-+-%if %{with sctp}
-+-%global buildsctp 1
-+-%endif
-+-%if %{with nss}
-+-%global buildcryptonss 1
-+-%endif
-+-%if %{with openssl}
-+-%global buildcryptoopenssl 1
-+-%endif
-+-%if %{with zlib}
-+-%global buildcompresszlib 1
-+-%endif
-+-%if %{with lz4}
-+-%global buildcompresslz4 1
-+-%endif
-+-%if %{with lzo2}
-+-%global buildcompresslzo2 1
-+-%endif
-+-%if %{with lzma}
-+-%global buildcompresslzma 1
-+-%endif
-+-%if %{with bzip2}
-+-%global buildcompressbzip2 1
-+-%endif
-+-%if %{with zstd}
-+-%global buildcompresszstd 1
-+-%endif
-+-%if %{with libnozzle}
-+-%global buildlibnozzle 1
-+-%endif
-+-%if %{with kronosnetd}
-+-%global buildlibnozzle 1
-+-%global buildkronosnetd 1
-+-%endif
-+-%if %{with runautogen}
-+-%global buildautogen 1
-+-%endif
-+-%if %{with buildman}
-+-%global buildmanpages 1
-+-%endif
-+-%if %{with installtests}
-+-%global installtestsuite 1
-+-%endif
-+-
-+ # main (empty) package
-+ # http://www.rpm.org/max-rpm/s1-rpm-subpack-spec-file-changes.html
-+
-+@@ -100,62 +56,60 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-+ # Build dependencies
-+ BuildRequires: gcc
-+ # required to build man pages
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+ BuildRequires: libqb-devel libxml2-devel doxygen
-+ %endif
-+-%if %{defined buildsctp}
-++%if %{with sctp}
-+ BuildRequires: lksctp-tools-devel
-+ %endif
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ %if 0%{?suse_version}
-+ BuildRequires: mozilla-nss-devel
-+ %else
-+ BuildRequires: nss-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ %if 0%{?suse_version}
-+ BuildRequires: libopenssl-devel
-+ %else
-+ BuildRequires: openssl-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ BuildRequires: zlib-devel
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ %if 0%{?suse_version}
-+ BuildRequires: liblz4-devel
-+ %else
-+ BuildRequires: lz4-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ BuildRequires: lzo-devel
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ BuildRequires: xz-devel
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ %if 0%{?suse_version}
-+ BuildRequires: libbz2-devel
-+ %else
-+ BuildRequires: bzip2-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ BuildRequires: libzstd-devel
-+ %endif
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+ BuildRequires: pam-devel
-+ %endif
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+ BuildRequires: libnl3-devel
-+ %endif
-+-%if %{defined buildautogen}
-+-BuildRequires: autoconf
-+-BuildRequires: automake
-+-BuildRequires: libtool
-++%if %{with runautogen}
-++BuildRequires: autoconf automake libtool
-+ %endif
-+
-+ %prep
-+@@ -167,66 +121,70 @@ BuildRequires: libtool
-+ %endif
-+
-+ %{configure} \
-+-%if %{defined installtestsuite}
-++%if %{with installtests}
-+ --enable-install-tests \
-+ %else
-+ --disable-install-tests \
-+ %endif
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+ --enable-man \
-+ %else
-+ --disable-man \
-+ %endif
-+-%if %{defined buildsctp}
-++%if %{with sctp}
-+ --enable-libknet-sctp \
-+ %else
-+ --disable-libknet-sctp \
-+ %endif
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ --enable-crypto-nss \
-+ %else
-+ --disable-crypto-nss \
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ --enable-crypto-openssl \
-+ %else
-+ --disable-crypto-openssl \
-+ %endif
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ --enable-compress-zlib \
-+ %else
-+ --disable-compress-zlib \
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ --enable-compress-lz4 \
-+ %else
-+ --disable-compress-lz4 \
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ --enable-compress-lzo2 \
-+ %else
-+ --disable-compress-lzo2 \
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ --enable-compress-lzma \
-+ %else
-+ --disable-compress-lzma \
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ --enable-compress-bzip2 \
-+ %else
-+ --disable-compress-bzip2 \
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ --enable-compress-zstd \
-+ %else
-+ --disable-compress-zstd \
-+ %endif
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+ --enable-kronosnetd \
-++%else
-++ --disable-kronosnetd \
-+ %endif
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+ --enable-libnozzle \
-++%else
-++ --disable-libnozzle \
-+ %endif
-+ --with-initdefaultdir=%{_sysconfdir}/sysconfig/ \
-+ %if %{defined _unitdir}
-+@@ -266,7 +224,7 @@ rm -rf %{buildroot}
-+ %description
-+ kronosnet source
-+
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+ ## Runtime and subpackages section
-+ %package -n kronosnetd
-+ Group: System Environment/Base
-+@@ -341,7 +299,7 @@ fi
-+ %{_mandir}/man8/*
-+ %endif
-+
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+ %package -n libnozzle1
-+ Group: System Environment/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices
-+@@ -377,8 +335,10 @@ Requires: pkgconfig
-+ %{_libdir}/libnozzle.so
-+ %{_includedir}/libnozzle.h
-+ %{_libdir}/pkgconfig/libnozzle.pc
-++%if %{with buildman}
-+ %{_mandir}/man3/nozzle*.3.gz
-+ %endif
-++%endif
-+
-+ %package -n libknet1
-+ Group: System Environment/Libraries
-+@@ -416,11 +376,11 @@ Requires: pkgconfig
-+ %{_libdir}/libknet.so
-+ %{_includedir}/libknet.h
-+ %{_libdir}/pkgconfig/libknet.pc
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+ %{_mandir}/man3/knet*.3.gz
-+ %endif
-+
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ %package -n libknet1-crypto-nss-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 nss support
-+@@ -434,7 +394,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/crypto_nss.so
-+ %endif
-+
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ %package -n libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 openssl support
-+@@ -448,7 +408,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/crypto_openssl.so
-+ %endif
-+
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ %package -n libknet1-compress-zlib-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zlib support
-+@@ -461,7 +421,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zlib.so
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ %package -n libknet1-compress-lz4-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lz4 and lz4hc support
-+@@ -476,7 +436,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lz4hc.so
-+ %endif
-+
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ %package -n libknet1-compress-lzo2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzo2 support
-+@@ -490,7 +450,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lzo2.so
-+ %endif
-+
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ %package -n libknet1-compress-lzma-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzma support
-+@@ -504,7 +464,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lzma.so
-+ %endif
-+
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ %package -n libknet1-compress-bzip2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 bzip2 support
-+@@ -518,7 +478,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ %package -n libknet1-compress-zstd-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zstd support
-+@@ -535,10 +495,10 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %package -n libknet1-crypto-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+@@ -550,22 +510,22 @@ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %package -n libknet1-compress-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 compress plugins meta package
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ Requires: libknet1-compress-lz4-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ Requires: libknet1-compress-lzo2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ Requires: libknet1-compress-lzma-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ Requires: libknet1-compress-bzip2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-diff --git a/debian/patches/spec-drop-support-for-init-scripts.patch b/debian/patches/spec-drop-support-for-init-scripts.patch
-new file mode 100644
-index 0000000..16d60d8
---- /dev/null
-+++ b/debian/patches/spec-drop-support-for-init-scripts.patch
-@@ -0,0 +1,108 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 14 May 2019 05:53:12 +0200
-+Subject: [spec] drop support for init scripts
-+
-+no rpm distros left that support old fashion init scripts
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 1fc28307dc2b537abd30eab8b6920f2b6893e786)
-+---
-+ kronosnet.spec.in | 46 ++--------------------------------------------
-+ 1 file changed, 2 insertions(+), 44 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index ddc3af0..8c60125 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -182,11 +182,7 @@ BuildRequires: autoconf automake libtool
-+ --disable-libnozzle \
-+ %endif
-+ --with-initdefaultdir=%{_sysconfdir}/sysconfig/ \
-+-%if %{defined _unitdir}
-+ --with-systemddir=%{_unitdir}
-+-%else
-+- --with-initddir=%{_sysconfdir}/rc.d/init.d/
-+-%endif
-+
-+ make %{_smp_mflags}
-+
-+@@ -200,14 +196,8 @@ find %{buildroot} -name "*.a" -exec rm {} \;
-+ # remove libtools leftovers
-+ find %{buildroot} -name "*.la" -exec rm {} \;
-+
-+-# handle systemd vs init script
-+-%if %{defined _unitdir}
-+ # remove init scripts
-+ rm -rf %{buildroot}/etc/init.d
-+-%else
-+-# remove systemd specific bits
-+-find %{buildroot} -name "*.service" -exec rm {} \;
-+-%endif
-+
-+ # remove docs
-+ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+@@ -221,16 +211,10 @@ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+ %package -n kronosnetd
-+ Summary: Multipoint-to-Multipoint VPN daemon
-+ License: GPLv2+
-+-%if %{defined _unitdir}
-+-# Needed for systemd unit
-+ Requires(post): systemd-sysv
-+ Requires(post): systemd-units
-+ Requires(preun): systemd-units
-+ Requires(postun): systemd-units
-+-%else
-+-Requires(post): chkconfig
-+-Requires(preun): chkconfig, initscripts
-+-%endif
-+ Requires(post): shadow-utils
-+ Requires(preun): shadow-utils
-+ Requires: pam, /etc/pam.d/passwd
-+@@ -246,33 +230,11 @@ Requires: pam, /etc/pam.d/passwd
-+ or service disruption.
-+
-+ %post -n kronosnetd
-+-%if %{defined _unitdir}
-+- %if 0%{?systemd_post:1}
-+- %systemd_post kronosnetd.service
-+- %else
-+- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-+- %endif
-+-%else
-+-/sbin/chkconfig --add kronosnetd
-+-%endif
-++%systemd_post kronosnetd.service
-+ getent group @defaultadmgroup@ >/dev/null || groupadd --force --system @defaultadmgroup@
-+
-+ %preun -n kronosnetd
-+-%if %{defined _unitdir}
-+- %if 0%{?systemd_preun:1}
-+- %systemd_preun kronosnetd.service
-+- %else
-+-if [ "$1" -eq 0 ]; then
-+- /bin/systemctl --no-reload disable kronosnetd.service
-+- /bin/systemctl stop kronosnetd.service >/dev/null 2>&1
-+-fi
-+-%endif
-+-%else
-+-if [ "$1" = 0 ]; then
-+- /sbin/service kronosnetd stop >/dev/null 2>&1
-+- /sbin/chkconfig --del kronosnetd
-+-fi
-+-%endif
-++%systemd_preun kronosnetd.service
-+
-+ %files -n kronosnetd
-+ %license COPYING.* COPYRIGHT
-+@@ -281,11 +243,7 @@ fi
-+ %config(noreplace) %{_sysconfdir}/sysconfig/kronosnetd
-+ %config(noreplace) %{_sysconfdir}/pam.d/kronosnetd
-+ %config(noreplace) %{_sysconfdir}/logrotate.d/kronosnetd
-+-%if %{defined _unitdir}
-+ %{_unitdir}/kronosnetd.service
-+-%else
-+-%config(noreplace) %{_sysconfdir}/rc.d/init.d/kronosnetd
-+-%endif
-+ %{_sbindir}/*
-+ %{_mandir}/man8/*
-+ %endif
-diff --git a/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch b/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
-new file mode 100644
-index 0000000..1066070
---- /dev/null
-+++ b/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
-@@ -0,0 +1,51 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 13 May 2019 06:55:36 +0200
-+Subject: [spec] fix a bunch of rpmlint errors
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 95198f0dc5b8a4eefe06b58fa1901740209b42a0)
-+---
-+ kronosnet.spec.in | 9 +++++----
-+ 1 file changed, 5 insertions(+), 4 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index a6c87a0..ddc3af0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -340,6 +340,7 @@ License: LGPLv2+
-+ %license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-++
-+ %ldconfig_scriptlets -n libknet1
-+
-+ %package -n libknet1-devel
-+@@ -505,24 +506,24 @@ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+ %description -n libknet1-compress-plugins-all
-+- Provides meta package to install all of libknet1 compress plugins
-++ Meta package to install all of libknet1 compress plugins
-+
-+ %files -n libknet1-compress-plugins-all
-+
-+ %package -n libknet1-plugins-all
-+-Summary: libknet1 plugins meta package
-++Summary: Provides libknet1 plugins meta package
-+ License: LGPLv2+
-+ Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-+ Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-plugins-all
-+- Provides meta package to install all of libknet1 plugins
-++ Meta package to install all of libknet1 plugins
-+
-+ %files -n libknet1-plugins-all
-+
-+ %if %{with installtests}
-+ %package -n kronosnet-tests
-+-Summary: kronosnet test suite
-++Summary: Provides kronosnet test suite
-+ License: GPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-diff --git a/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch b/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-new file mode 100644
-index 0000000..d8c82f8
---- /dev/null
-+++ b/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-@@ -0,0 +1,30 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 12 May 2019 06:59:00 +0200
-+Subject: [spec] fix upstream URLs to point to https and official release repo
-+
-+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1708616
-+
-+also to be noted, the Source0: line is different from upstream and Fedora
-+because upstream can handle tarballs during development
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5884f8dfc6cf4e648e033da855f8c77eafae84df)
-+---
-+ kronosnet.spec.in | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 442f3ae..e430ad2 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -90,8 +90,8 @@ Version: @version@
-+ Release: 1%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
-+ License: GPLv2+ and LGPLv2+
-+ Group: System Environment/Base
-+-URL: https://github.com/kronosnet/kronosnet/
-+-Source0: https://github.com/kronosnet/kronosnet/archive/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-++URL: https://kronosnet.org
-++Source0: https://kronosnet.org/releases/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-+
-+ ## Setup/build bits
-+
-diff --git a/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch b/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-new file mode 100644
-index 0000000..00a6b28
---- /dev/null
-+++ b/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-@@ -0,0 +1,374 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 13 May 2019 06:02:06 +0200
-+Subject: [spec] reconciliate fedora spec file into upstream spec file (part 1)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d880374fbff2ebe404f2bbae95c988aa21e60280)
-+---
-+ kronosnet.spec.in | 130 ++++++++++++++++++++++--------------------------------
-+ 1 file changed, 52 insertions(+), 78 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index b5632ae..a6c87a0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -45,14 +45,9 @@ Summary: Multipoint-to-Multipoint VPN daemon
-+ Version: @version@
-+ Release: 1%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
-+ License: GPLv2+ and LGPLv2+
-+-Group: System Environment/Base
-+ URL: https://kronosnet.org
-+ Source0: https://kronosnet.org/releases/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-+
-+-## Setup/build bits
-+-
-+-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-+-
-+ # Build dependencies
-+ BuildRequires: gcc
-+ # required to build man pages
-+@@ -117,7 +112,7 @@ BuildRequires: autoconf automake libtool
-+
-+ %build
-+ %if %{with runautogen}
-+- ./autogen.sh
-++./autogen.sh
-+ %endif
-+
-+ %{configure} \
-+@@ -217,18 +212,15 @@ find %{buildroot} -name "*.service" -exec rm {} \;
-+ # remove docs
-+ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+
-+-%clean
-+-rm -rf %{buildroot}
-+-
-+ # main empty package
-+ %description
-+-kronosnet source
-++ The kronosnet source
-+
-+ %if %{with kronosnetd}
-+ ## Runtime and subpackages section
-+ %package -n kronosnetd
-+-Group: System Environment/Base
-+ Summary: Multipoint-to-Multipoint VPN daemon
-++License: GPLv2+
-+ %if %{defined _unitdir}
-+ # Needed for systemd unit
-+ Requires(post): systemd-sysv
-+@@ -239,8 +231,8 @@ Requires(postun): systemd-units
-+ Requires(post): chkconfig
-+ Requires(preun): chkconfig, initscripts
-+ %endif
-+-Requires(post): shadow-utils
-+-Requires(preun): shadow-utils
-++Requires(post): shadow-utils
-++Requires(preun): shadow-utils
-+ Requires: pam, /etc/pam.d/passwd
-+
-+ %description -n kronosnetd
-+@@ -263,7 +255,7 @@ Requires: pam, /etc/pam.d/passwd
-+ %else
-+ /sbin/chkconfig --add kronosnetd
-+ %endif
-+-/usr/sbin/groupadd --force --system @defaultadmgroup@
-++getent group @defaultadmgroup@ >/dev/null || groupadd --force --system @defaultadmgroup@
-+
-+ %preun -n kronosnetd
-+ %if %{defined _unitdir}
-+@@ -283,8 +275,7 @@ fi
-+ %endif
-+
-+ %files -n kronosnetd
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %dir %{_sysconfdir}/kronosnet
-+ %dir %{_sysconfdir}/kronosnet/*
-+ %config(noreplace) %{_sysconfdir}/sysconfig/kronosnetd
-+@@ -301,8 +292,8 @@ fi
-+
-+ %if %{with libnozzle}
-+ %package -n libnozzle1
-+-Group: System Environment/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices
-++License: LGPLv2+
-+
-+ %description -n libnozzle1
-+ This is an over-engineered commodity library to manage a pool
-+@@ -310,17 +301,14 @@ Summary: Simple userland wrapper around kernel tap devices
-+ pre-up.d/up.d/down.d/post-down.d infrastructure.
-+
-+ %files -n libnozzle1
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so.*
-+
-+-%post -n libnozzle1 -p /sbin/ldconfig
-+-
-+-%postun -n libnozzle1 -p /sbin/ldconfig
-++%ldconfig_scriptlets -n libnozzle1
-+
-+ %package -n libnozzle1-devel
-+-Group: Development/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-++License: LGPLv2+
-+ Requires: libnozzle1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+
-+@@ -330,8 +318,7 @@ Requires: pkgconfig
-+ pre-up.d/up.d/down.d/post-down.d infrastructure.
-+
-+ %files -n libnozzle1-devel
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so
-+ %{_includedir}/libnozzle.h
-+ %{_libdir}/pkgconfig/libnozzle.pc
-+@@ -341,8 +328,8 @@ Requires: pkgconfig
-+ %endif
-+
-+ %package -n libknet1
-+-Group: System Environment/Libraries
-+ Summary: Kronosnet core switching implementation
-++License: LGPLv2+
-+
-+ %description -n libknet1
-+ The whole kronosnet core is implemented in this library.
-+@@ -350,18 +337,14 @@ Summary: Kronosnet core switching implementation
-+ information.
-+
-+ %files -n libknet1
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-+-
-+-%post -n libknet1 -p /sbin/ldconfig
-+-
-+-%postun -n libknet1 -p /sbin/ldconfig
-++%ldconfig_scriptlets -n libknet1
-+
-+ %package -n libknet1-devel
-+-Group: Development/Libraries
-+ Summary: Kronosnet core switching implementation (developer files)
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+
-+@@ -371,8 +354,7 @@ Requires: pkgconfig
-+ information.
-+
-+ %files -n libknet1-devel
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so
-+ %{_includedir}/libknet.h
-+ %{_libdir}/pkgconfig/libknet.pc
-+@@ -382,119 +364,112 @@ Requires: pkgconfig
-+
-+ %if %{with nss}
-+ %package -n libknet1-crypto-nss-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 nss support
-++Summary: Provides libknet1 nss support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-crypto-nss-plugin
-+- NSS crypto support for libknet1.
-++ Provides NSS crypto support for libknet1.
-+
-+ %files -n libknet1-crypto-nss-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/crypto_nss.so
-+ %endif
-+
-+ %if %{with openssl}
-+ %package -n libknet1-crypto-openssl-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 openssl support
-++Summary: Provides libknet1 openssl support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-crypto-openssl-plugin
-+- OpenSSL crypto support for libknet1.
-++ Provides OpenSSL crypto support for libknet1.
-+
-+ %files -n libknet1-crypto-openssl-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/crypto_openssl.so
-+ %endif
-+
-+ %if %{with zlib}
-+ %package -n libknet1-compress-zlib-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 zlib support
-++Summary: Provides libknet1 zlib support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-zlib-plugin
-+- zlib compression support for libknet1.
-++ Provides zlib compression support for libknet1.
-+
-+ %files -n libknet1-compress-zlib-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zlib.so
-+ %endif
-++
-+ %if %{with lz4}
-+ %package -n libknet1-compress-lz4-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lz4 and lz4hc support
-++Summary: Provides libknet1 lz4 and lz4hc support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lz4-plugin
-+- lz4 and lz4hc compression support for libknet1.
-++ Provides lz4 and lz4hc compression support for libknet1.
-+
-+ %files -n libknet1-compress-lz4-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lz4.so
-+ %{_libdir}/kronosnet/compress_lz4hc.so
-+ %endif
-+
-+ %if %{with lzo2}
-+ %package -n libknet1-compress-lzo2-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lzo2 support
-++Summary: Provides libknet1 lzo2 support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lzo2-plugin
-+- lzo2 compression support for libknet1.
-++ Provides lzo2 compression support for libknet1.
-+
-+ %files -n libknet1-compress-lzo2-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lzo2.so
-+ %endif
-+
-+ %if %{with lzma}
-+ %package -n libknet1-compress-lzma-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lzma support
-++Summary: Provides libknet1 lzma support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-lzma-plugin
-+- lzma compression support for libknet1.
-++ Provides lzma compression support for libknet1.
-+
-+ %files -n libknet1-compress-lzma-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lzma.so
-+ %endif
-+
-+ %if %{with bzip2}
-+ %package -n libknet1-compress-bzip2-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 bzip2 support
-++Summary: Provides libknet1 bzip2 support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-bzip2-plugin
-+- bzip2 compression support for libknet1.
-++ Provides bzip2 compression support for libknet1.
-+
-+ %files -n libknet1-compress-bzip2-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+
-+ %if %{with zstd}
-+ %package -n libknet1-compress-zstd-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 zstd support
-++Summary: Provides libknet1 zstd support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-compress-zstd-plugin
-+- zstd compression support for libknet1.
-++ Provides zstd compression support for libknet1.
-+
-+ %files -n libknet1-compress-zstd-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zstd.so
-+ %endif
-+
-+ %package -n libknet1-crypto-plugins-all
-+-Group: System Environment/Libraries
-+-Summary: libknet1 crypto plugins meta package
-++Summary: Provides libknet1 crypto plugins meta package
-++License: LGPLv2+
-+ %if %{with nss}
-+ Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+@@ -503,13 +478,13 @@ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+ %description -n libknet1-crypto-plugins-all
-+- meta package to install all of libknet1 crypto plugins
-++ Provides meta package to install all of libknet1 crypto plugins
-+
-+ %files -n libknet1-crypto-plugins-all
-+
-+ %package -n libknet1-compress-plugins-all
-+-Group: System Environment/Libraries
-+-Summary: libknet1 compress plugins meta package
-++Summary: Provides libknet1 compress plugins meta package
-++License: LGPLv2+
-+ %if %{with zlib}
-+ Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+@@ -530,32 +505,31 @@ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+
-+ %description -n libknet1-compress-plugins-all
-+- meta package to install all of libknet1 compress plugins
-++ Provides meta package to install all of libknet1 compress plugins
-+
-+ %files -n libknet1-compress-plugins-all
-+
-+ %package -n libknet1-plugins-all
-+-Group: System Environment/Libraries
-+ Summary: libknet1 plugins meta package
-++License: LGPLv2+
-+ Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-+ Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+
-+ %description -n libknet1-plugins-all
-+- meta package to install all of libknet1 plugins
-++ Provides meta package to install all of libknet1 plugins
-+
-+ %files -n libknet1-plugins-all
-+
-+ %if %{with installtests}
-+ %package -n kronosnet-tests
-+-Group: System Environment/Libraries
-+ Summary: kronosnet test suite
-++License: GPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+
-+ %description -n kronosnet-tests
-+- this package contains all the libknet and libnozzle test suite
-++ This package contains all the libknet and libnozzle test suite.
-+
-+ %files -n kronosnet-tests
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/tests/*
-+ %endif
-+
-diff --git a/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch b/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
-new file mode 100644
-index 0000000..500dd1f
---- /dev/null
-+++ b/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
-@@ -0,0 +1,59 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 25 Feb 2018 08:42:55 +0100
-+Subject: [spec] use distro conditionals to determine BuildRequires
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 3a5332772250c1adf2340503ac8903ea07f2d394)
-+---
-+ kronosnet.spec.in | 24 ++++++++++++++++++++----
-+ 1 file changed, 20 insertions(+), 4 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index e430ad2..3b597d0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -107,16 +107,28 @@ BuildRequires: libqb-devel libxml2-devel doxygen
-+ BuildRequires: lksctp-tools-devel
-+ %endif
-+ %if %{defined buildcryptonss}
-+-BuildRequires: /usr/include/nss3/nss.h /usr/include/nspr4/nspr.h
-++%if 0%{?suse_version}
-++BuildRequires: mozilla-nss-devel
-++%else
-++BuildRequires: nss-devel
-++%endif
-+ %endif
-+ %if %{defined buildcryptoopenssl}
-+-BuildRequires: /usr/include/openssl/conf.h
-++%if 0%{?suse_version}
-++BuildRequires: libopenssl-devel
-++%else
-++BuildRequires: openssl-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresszlib}
-+ BuildRequires: zlib-devel
-+ %endif
-+ %if %{defined buildcompresslz4}
-+-BuildRequires: /usr/include/lz4hc.h
-++%if 0%{?suse_version}
-++BuildRequires: liblz4-devel
-++%else
-++BuildRequires: lz4-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresslzo2}
-+ BuildRequires: lzo-devel
-+@@ -125,7 +137,11 @@ BuildRequires: lzo-devel
-+ BuildRequires: xz-devel
-+ %endif
-+ %if %{defined buildcompressbzip2}
-+-BuildRequires: /usr/include/bzlib.h
-++%if 0%{?suse_version}
-++BuildRequires: libbz2-devel
-++%else
-++BuildRequires: bzip2-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresszstd}
-+ BuildRequires: libzstd-devel
-diff --git a/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch b/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
-new file mode 100644
-index 0000000..46a0fee
---- /dev/null
-+++ b/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
-@@ -0,0 +1,40 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 14 May 2019 06:57:36 +0200
-+Subject: [spec] use ldconfig_scriptlets only when defined
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8a823aa3bf291fe8c7407fd957d71897895e1aec)
-+---
-+ kronosnet.spec.in | 10 ++++++++++
-+ 1 file changed, 10 insertions(+)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 8c60125..094090b 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -262,7 +262,12 @@ License: LGPLv2+
-+ %license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so.*
-+
-++%if 0%{?ldconfig_scriptlets}
-+ %ldconfig_scriptlets -n libnozzle1
-++%else
-++%post -n libnozzle1 -p /sbin/ldconfig
-++%postun -n libnozzle1 -p /sbin/ldconfig
-++%endif
-+
-+ %package -n libnozzle1-devel
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-+@@ -299,7 +304,12 @@ License: LGPLv2+
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-+
-++%if 0%{?ldconfig_scriptlets}
-+ %ldconfig_scriptlets -n libknet1
-++%else
-++%post -n libknet1 -p /sbin/ldconfig
-++%postun -n libknet1 -p /sbin/ldconfig
-++%endif
-+
-+ %package -n libknet1-devel
-+ Summary: Kronosnet core switching implementation (developer files)
-diff --git a/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch b/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-new file mode 100644
-index 0000000..76b42da
---- /dev/null
-+++ b/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-@@ -0,0 +1,25 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 11 Apr 2019 09:30:27 +0200
-+Subject: [tests] hide an arm internal memory leak (non-recurring)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 43b3f05da8736e7bb286e81f96e7514977541bef)
-+---
-+ build-aux/knet_valgrind_memcheck.supp | 7 +++++++
-+ 1 file changed, 7 insertions(+)
-+
-+diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
-+index e0f49d0..a34ab93 100644
-+--- a/build-aux/knet_valgrind_memcheck.supp
-++++ b/build-aux/knet_valgrind_memcheck.supp
-+@@ -605,3 +605,10 @@
-+ obj:*
-+ obj:/usr/lib64/libnss3.so
-+ }
-++{
-++ arm internal memory leak
-++ Memcheck:Leak
-++ match-leak-kinds: definite
-++ fun:malloc
-++ fun:dl_open_worker
-++}
-diff --git a/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch b/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
-new file mode 100644
-index 0000000..458da67
---- /dev/null
-+++ b/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
-@@ -0,0 +1,135 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 11 Apr 2019 09:31:00 +0200
-+Subject: [tests] improve wait for packet implementation to flush logs during
-+ wait
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit e7825127477c756b4d0d9311c9907e140575e490)
-+---
-+ libknet/tests/test-common.h | 2 +-
-+ libknet/tests/api_knet_handle_clear_stats.c | 2 +-
-+ libknet/tests/api_knet_send.c | 2 +-
-+ libknet/tests/api_knet_send_compress.c | 2 +-
-+ libknet/tests/api_knet_send_crypto.c | 2 +-
-+ libknet/tests/api_knet_send_loopback.c | 4 ++--
-+ libknet/tests/test-common.c | 7 ++++---
-+ 7 files changed, 11 insertions(+), 10 deletions(-)
-+
-+diff --git a/libknet/tests/test-common.h b/libknet/tests/test-common.h
-+index 8742f8d..a498a09 100644
-+--- a/libknet/tests/test-common.h
-++++ b/libknet/tests/test-common.h
-+@@ -70,6 +70,6 @@ int stop_logthread(void);
-+ int make_local_sockaddr(struct sockaddr_storage *lo, uint16_t offset);
-+ int make_local_sockaddr6(struct sockaddr_storage *lo, uint16_t offset);
-+ int wait_for_host(knet_handle_t knet_h, uint16_t host_id, int seconds, int logfd, FILE *std);
-+-int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd);
-++int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd, int logfd, FILE *std);
-+
-+ #endif
-+diff --git a/libknet/tests/api_knet_handle_clear_stats.c b/libknet/tests/api_knet_handle_clear_stats.c
-+index 8e64235..07f059a 100644
-+--- a/libknet/tests/api_knet_handle_clear_stats.c
-++++ b/libknet/tests/api_knet_handle_clear_stats.c
-+@@ -160,7 +160,7 @@ static void test(void)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index 9e81d03..ca16e3d 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -247,7 +247,7 @@ static void test(uint8_t transport)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_compress.c b/libknet/tests/api_knet_send_compress.c
-+index 6de4674..b03f4e7 100644
-+--- a/libknet/tests/api_knet_send_compress.c
-++++ b/libknet/tests/api_knet_send_compress.c
-+@@ -170,7 +170,7 @@ static void test(const char *model)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_crypto.c b/libknet/tests/api_knet_send_crypto.c
-+index f2ca366..e33a808 100644
-+--- a/libknet/tests/api_knet_send_crypto.c
-++++ b/libknet/tests/api_knet_send_crypto.c
-+@@ -171,7 +171,7 @@ static void test(const char *model)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 0cfd29f..2feca68 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -251,7 +251,7 @@ static void test(void)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+@@ -352,7 +352,7 @@ static void test(void)
-+
-+ flush_logs(logfds[0], stdout);
-+
-+- if (wait_for_packet(knet_h, 10, datafd)) {
-++ if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+ printf("Error waiting for packet: %s\n", strerror(errno));
-+ knet_link_set_enable(knet_h, 1, 0, 0);
-+ knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-+index d0ea1ef..a4ff297 100644
-+--- a/libknet/tests/test-common.c
-++++ b/libknet/tests/test-common.c
-+@@ -485,7 +485,7 @@ int wait_for_host(knet_handle_t knet_h, uint16_t host_id, int seconds, int logfd
-+ return -1;
-+ }
-+
-+-int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd)
-++int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd, int logfd, FILE *std)
-+ {
-+ fd_set rfds;
-+ struct timeval tv;
-+@@ -500,7 +500,7 @@ try_again:
-+ FD_ZERO(&rfds);
-+ FD_SET(datafd, &rfds);
-+
-+- tv.tv_sec = seconds;
-++ tv.tv_sec = 1;
-+ tv.tv_usec = 0;
-+
-+ err = select(datafd+1, &rfds, NULL, NULL, &tv);
-+@@ -509,7 +509,8 @@ try_again:
-+ * pick an arbitrary 10 times loop (multiplied by waiting seconds)
-+ * before failing.
-+ */
-+- if ((!err) && (i < 10)) {
-++ if ((!err) && (i < seconds)) {
-++ flush_logs(logfd, std);
-+ i++;
-+ goto try_again;
-+ }
-diff --git a/debian/patches/tests-remove-stray-comment.patch b/debian/patches/tests-remove-stray-comment.patch
-new file mode 100644
-index 0000000..dce4422
---- /dev/null
-+++ b/debian/patches/tests-remove-stray-comment.patch
-@@ -0,0 +1,22 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 7 Mar 2019 18:42:20 +0100
-+Subject: [tests] remove stray comment
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 3f426c317d41c93cefc7735607ec166539223283)
-+---
-+ libknet/tests/Makefile.am | 1 -
-+ 1 file changed, 1 deletion(-)
-+
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 3e74ea8..015587c 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -41,7 +41,6 @@ fun_checks =
-+ benchmarks = \
-+ knet_bench_test
-+
-+-# int_links_acl_test can´t run yet standalone
-+ noinst_PROGRAMS = \
-+ api_knet_handle_new_limit_test \
-+ pckt_test \
-diff --git a/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch b/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
-new file mode 100644
-index 0000000..3d23858
---- /dev/null
-+++ b/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
-@@ -0,0 +1,161 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 28 Feb 2019 14:55:27 +0100
-+Subject: [transports / access list] add internal API to gather which fd to
-+ use for access lists given a certain link struct
-+
-+this is required for the external API that has to be transport indepedent
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 2eb0040c7b5c99f3157b3922f6400a6c09c80e7e)
-+---
-+ libknet/internals.h | 6 ++++++
-+ libknet/transport_loopback.h | 1 +
-+ libknet/transport_sctp.h | 1 +
-+ libknet/transport_udp.h | 1 +
-+ libknet/transports.h | 1 +
-+ libknet/transport_loopback.c | 5 +++++
-+ libknet/transport_sctp.c | 7 +++++++
-+ libknet/transport_udp.c | 5 +++++
-+ libknet/transports.c | 13 +++++++++----
-+ 9 files changed, 36 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index d482674..8976a8c 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -338,6 +338,12 @@ typedef struct knet_transport_ops {
-+ */
-+ int (*transport_link_dyn_connect)(knet_handle_t knet_h, int sockfd, struct knet_link *link);
-+
-++
-++/*
-++ * return the fd to use for access lists
-++ */
-++ int (*transport_link_get_acl_fd)(knet_handle_t knet_h, struct knet_link *link);
-++
-+ /*
-+ * per transport error handling of recvmmsg
-+ * (see _handle_recv_from_links comments for details)
-+diff --git a/libknet/transport_loopback.h b/libknet/transport_loopback.h
-+index 3d072e8..6ce3ed3 100644
-+--- a/libknet/transport_loopback.h
-++++ b/libknet/transport_loopback.h
-+@@ -23,5 +23,6 @@ int loopback_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_
-+ int loopback_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int loopback_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int loopback_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int loopback_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+
-+ #endif
-+diff --git a/libknet/transport_sctp.h b/libknet/transport_sctp.h
-+index f27bcf1..83a638b 100644
-+--- a/libknet/transport_sctp.h
-++++ b/libknet/transport_sctp.h
-+@@ -31,6 +31,7 @@ int sctp_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err,
-+ int sctp_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int sctp_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int sctp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int sctp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+
-+ #endif
-+
-+diff --git a/libknet/transport_udp.h b/libknet/transport_udp.h
-+index bbb6ec9..6de18e3 100644
-+--- a/libknet/transport_udp.h
-++++ b/libknet/transport_udp.h
-+@@ -23,5 +23,6 @@ int udp_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err,
-+ int udp_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int udp_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int udp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int udp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+
-+ #endif
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index 6338140..38f69ba 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -15,6 +15,7 @@ void stop_all_transports(knet_handle_t knet_h);
-+ int transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_link, uint8_t transport);
-+ int transport_link_clear_config(knet_handle_t knet_h, struct knet_link *kn_link);
-+ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_tx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, struct knet_mmsghdr *msg);
-+diff --git a/libknet/transport_loopback.c b/libknet/transport_loopback.c
-+index bf48bb9..54129d7 100644
-+--- a/libknet/transport_loopback.c
-++++ b/libknet/transport_loopback.c
-+@@ -73,3 +73,8 @@ int loopback_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct
-+ {
-+ return 0;
-+ }
-++
-++int loopback_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++ return 0;
-++}
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index aa0de9d..819bc9a 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -1537,4 +1537,11 @@ int sctp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct kne
-+ kn_link->transport_connected = 1;
-+ return 0;
-+ }
-++
-++int sctp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++ sctp_connect_link_info_t *this_link_info = kn_link->transport_link;
-++ sctp_listen_link_info_t *info = this_link_info->listener;
-++ return info->listen_sock;
-++}
-+ #endif
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index e4f6fdb..e243a91 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -438,3 +438,8 @@ int udp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet
-+ kn_link->status.dynconnected = 1;
-+ return 0;
-+ }
-++
-++int udp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++ return kn_link->outsock;
-++}
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 6ded675..5181db9 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,14 +27,14 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+
-+-#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+- { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+- { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++ { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_link_get_acl_fd, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++ { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED,KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+ { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+- 1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++ 1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_link_get_acl_fd, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-+@@ -103,6 +103,11 @@ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_lin
-+ return transport_modules_cmd[kn_link->transport].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-+ }
-+
-++int transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++ return transport_modules_cmd[kn_link->transport].transport_link_get_acl_fd(knet_h, kn_link);
-++}
-++
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno)
-+ {
-+ return transport_modules_cmd[transport].transport_rx_sock_error(knet_h, sockfd, recv_err, recv_errno);
-diff --git a/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch b/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
-new file mode 100644
-index 0000000..64e7124
---- /dev/null
-+++ b/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
-@@ -0,0 +1,115 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 10 Feb 2019 08:52:22 +0100
-+Subject: [transports] add information about the nature of the transport and
-+ supported access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 7cb7619d9222e09e65c3ec46a9d79a1806c44a25)
-+---
-+ libknet/internals.h | 31 +++++++++++++++++++++++++++++++
-+ libknet/transports.h | 2 ++
-+ libknet/transports.c | 18 ++++++++++++++----
-+ 3 files changed, 47 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index d33646f..106b49d 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -256,6 +256,34 @@ extern pthread_rwlock_t shlib_rwlock; /* global shared lib load lock */
-+ * for every protocol.
-+ */
-+
-++/*
-++ * for now knet supports only IP protocols (udp/sctp)
-++ * in future there might be others like ARP
-++ * or TIPC.
-++ * keep this around as transport information
-++ * to use for access lists and other operations
-++ */
-++
-++typedef enum {
-++ LOOPBACK,
-++ IP_PROTO
-++} transport_proto;
-++
-++/*
-++ * some transports like SCTP can filter incoming
-++ * connections before knet has to process
-++ * any packets.
-++ * GENERIC_ACL -> packet has to be read and filterted
-++ * PROTO_ACL -> transport provides filtering at lower levels
-++ * and packet does not need to be processed
-++ */
-++
-++typedef enum {
-++ USE_NO_ACL,
-++ USE_GENERIC_ACL,
-++ USE_PROTO_ACL
-++} transport_acl;
-++
-+ /*
-+ * make it easier to map values in transports.c
-+ */
-+@@ -270,6 +298,9 @@ typedef struct knet_transport_ops {
-+ const uint8_t transport_id;
-+ const uint8_t built_in;
-+
-++ transport_proto transport_protocol;
-++ transport_acl transport_acl_type;
-++
-+ /*
-+ * connection oriented protocols like SCTP
-+ * don´t need dst_addr in sendto calls and
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index d58b7a3..6338140 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -18,6 +18,8 @@ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_lin
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_tx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, struct knet_mmsghdr *msg);
-++int transport_get_proto(knet_handle_t knet_h, uint8_t transport);
-++int transport_get_acl_type(knet_handle_t knet_h, uint8_t transport);
-+ int transport_get_connection_oriented(knet_handle_t knet_h, uint8_t transport);
-+
-+ #endif
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index b6f3b64..ffebe00 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,14 +27,14 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+
-+-#define empty_module 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+- { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+- { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++ { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++ { "UDP", KNET_TRANSPORT_UDP, 1, IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+ { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+- 1, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++ 1, IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-+@@ -118,6 +118,16 @@ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, st
-+ return transport_modules_cmd[transport].transport_rx_is_data(knet_h, sockfd, msg);
-+ }
-+
-++int transport_get_proto(knet_handle_t knet_h, uint8_t transport)
-++{
-++ return transport_modules_cmd[transport].transport_protocol;
-++}
-++
-++int transport_get_acl_type(knet_handle_t knet_h, uint8_t transport)
-++{
-++ return transport_modules_cmd[transport].transport_acl_type;
-++}
-++
-+ int transport_get_connection_oriented(knet_handle_t knet_h, uint8_t transport)
-+ {
-+ return transport_modules_cmd[transport].transport_is_connection_oriented;
-diff --git a/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch b/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-new file mode 100644
-index 0000000..d3b6e32
---- /dev/null
-+++ b/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-@@ -0,0 +1,29 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 3 Jun 2019 18:13:04 +0200
-+Subject: [transports] fix incorrect merge when cherry-picking
-+ 7033ddab505a0cf3655115fe5037579b7c882a8c
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 02097c450e14afe1f5b34e7fd22a93f7d253b614)
-+---
-+ libknet/transports.c | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 5181db9..51712df 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,11 +27,11 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+
-+-#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module 0, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+ { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_link_get_acl_fd, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+- { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED,KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++ { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+ { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+ 1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_link_get_acl_fd, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-diff --git a/debian/patches/series b/debian/patches/series
-index c16ea6e..e58890e 100644
---- a/debian/patches/series
-+++ b/debian/patches/series
-@@ -9,3 +9,69 @@ tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
- man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
- udp-use-defines-vs-hardcoded-numbers.patch
- udp-improve-error-message-decoding-from-ICMP-errors.patch
-+acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-+acl-add-knet_handle_enable_access_lists-api-call.patch
-+transports-add-information-about-the-nature-of-the-transp.patch
-+access-lists-make-code-more-generic-to-accept-more-than-I.patch
-+handle-properly-initialize-fd-tracker-buffers.patch
-+access-lists-automatically-add-and-remove-point-to-point-.patch
-+access-lists-add-tests-for-default-access-lists.patch
-+access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-+access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-+access-lists-enable-generic-access-lists-only-for-protoco.patch
-+access-lists-add-access-lists-support-to-sctp.patch
-+access-lists-fix-build-on-freebsd.patch
-+access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-+access-lists-move-access-lists-structs-and-data-types-to-.patch
-+access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-+access-lists-cleanup-API-a-bit.patch
-+access-lists-remove-2-unnecessary-wrappers.patch
-+links-rename-transport_type-to-transport-to-avoid-confusi.patch
-+links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-+access-lists-make-internal-API-consistent.patch
-+access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-+access-lists-add-errno-around-and-start-using-them.patch
-+access-lists-confine-access-lists-data-structs-within-the.patch
-+access-lists-use-better-name-for-fd_tracker-structure.patch
-+access-lists-use-arrays-to-access-per-protocol-functions.patch
-+access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-+transports-access-list-add-internal-API-to-gather-which-f.patch
-+access-lists-add-documentation-for-enable_access_list.patch
-+access-lists-add-external-API-calls-to-manage-access-list.patch
-+access-lists-test-implicit-access-lists-management-for-UD.patch
-+access-lists-improve-checks-on-various-data-types.patch
-+access-lists-add-public-API-tests.patch
-+acl-Fix-English-in-commments.patch
-+access-lists-add-more-extensive-test-for-links_acl_ip.patch
-+logging-fix-log-target-of-recently-added-API-calls.patch
-+tests-remove-stray-comment.patch
-+manpages-Document-enums-206.patch
-+compress-add-support-for-libzstd.patch
-+tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-+tests-improve-wait-for-packet-implementation-to-flush-log.patch
-+man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-+global-update-copyright-across-the-board.patch
-+build-bump-soname-to-indicate-new-API-calls.patch
-+spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-+spec-use-distro-conditionals-to-determine-BuildRequires.patch
-+spec-be-more-strict-about-plugins-version-and-architectur.patch
-+spec-clean-up-useless-conditionals-and-defines.patch
-+spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-+spec-fix-a-bunch-of-rpmlint-errors.patch
-+spec-drop-support-for-init-scripts.patch
-+spec-use-ldconfig_scriptlets-only-when-defined.patch
-+misc-some-coverity-fixes.patch
-+misc-Fix-more-covscan-warnings.patch
-+crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-+PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-+crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-+crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-+PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-+crypto-fix-openssl1.0-initialization-code.patch
-+transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-+crypto-openssl-error-strings-release.patch
-+crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-+crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-+doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-+global-clarify-license-entry-per-file-to-match-README.lic.patch
-+global-update-copyrights.patch