switch to submodule build

and omit the 1.9 and 1.10 cherry-picks directly by checking out the
submodule already at the v1.10 tag

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/.gitmodules b/.gitmodules
new file mode 100644 (file)
index 0000000..1b90eab
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "upstream"]
+       path = upstream
+       url = ../mirror_kronosnet

diff --git a/Makefile b/Makefile
index ceae23577c112286ba33c8ba7a603418e34fce5b..953f4b37314f3fa19f0d29bd4c00663b04990425 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ DEBRELEASE=0+really1.8-2
 PVERELEASE=pve2
 
 BUILDDIR=kronosnet-${VERSION}
-SRCARCHIVE=kronosnet_${VERSION}.orig.tar.xz
+SRC_SUBMODULE=upstream
 
 ARCH:=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
 
@@ -22,11 +22,9 @@ DSC=kronosnet-${VERSION}-${PVERELEASE}.dsc
 all:
        ls -1 ${DEBS}
 
-${BUILDDIR}: upstream/${SRCARCHIVE} patches/*
+${BUILDDIR}: upstream/README patches/*
        rm -rf ${BUILDDIR}
-       mkdir ${BUILDDIR}
-       ln -sf upstream/${SRCARCHIVE} ${SRCARCHIVE}
-       tar -x -C ${BUILDDIR} --strip-components=1 -f upstream/${SRCARCHIVE}
+       cp -a upstream ${BUILDDIR}
        cp -a debian/ ${BUILDDIR}
        cd ${BUILDDIR}; ln -s ../patches patches
        cd ${BUILDDIR}; quilt push -a
@@ -42,11 +40,10 @@ dsc: ${DSC}
 ${DSC}: ${BUILDDIR}
        cd ${BUILDDIR}; dpkg-buildpackage -S -us -uc -d -nc
 
-download:
-       rm -rf upstream/
-       mkdir upstream
-       cd upstream; dget https://deb.debian.org/debian/pool/main/k/kronosnet/kronosnet_${VERSION}-${DEBRELEASE}.dsc
-       cd upstream; rm -rf *.asc *.dsc ${BUILDDIR}
+# make sure submodules were initialized
+.PHONY: submodule
+submodule:
+       test -f "${SRC_SUBMODULE}/README" || git submodule update --init ${SRC_SUBMODULE}
 
 .PHONY: upload
 upload: ${DEBS}

diff --git a/patches/0002-cherry-pick-1.9-as-patches.patch b/patches/0002-cherry-pick-1.9-as-patches.patch
deleted file mode 100644 (file)
index adcf1ee..0000000
--- a/patches/0002-cherry-pick-1.9-as-patches.patch
+++ /dev/null
@@ -1,776 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Wed, 19 Jun 2019 09:17:04 +0200
-Subject: [PATCH kronosnet] cherry-pick 1.9 as patches
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
----
- ...ther-exception-to-valgrind-nss-combo.patch |  35 +++
- .../crypto-remove-libnss-3des-support.patch   |  74 +++++
- debian/patches/man-Tidy-manpages-215.patch    | 297 ++++++++++++++++++
- debian/patches/man-Tidy-more-man-pages.patch  |  47 +++
- ...net_host_set_policy-parameters-order.patch |  27 ++
- ...-errors-detected-by-newly-added-test.patch |  41 +++
- ...e-minimum-crypto-key-size-to-1024bit.patch |  35 +++
- ...eck-to-verify-doxy-header-order-and-.patch |  37 +++
- ...or-message-decoding-from-ICMP-errors.patch |  38 +++
- ...udp-use-defines-vs-hardcoded-numbers.patch |  36 +++
- debian/patches/series                         |  10 +
- 11 files changed, 677 insertions(+)
- create mode 100644 debian/patches/build-add-another-exception-to-valgrind-nss-combo.patch
- create mode 100644 debian/patches/crypto-remove-libnss-3des-support.patch
- create mode 100644 debian/patches/man-Tidy-manpages-215.patch
- create mode 100644 debian/patches/man-Tidy-more-man-pages.patch
- create mode 100644 debian/patches/man-fix-knet_host_set_policy-parameters-order.patch
- create mode 100644 debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
- create mode 100644 debian/patches/reduce-minimum-crypto-key-size-to-1024bit.patch
- create mode 100644 debian/patches/tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
- create mode 100644 debian/patches/udp-improve-error-message-decoding-from-ICMP-errors.patch
- create mode 100644 debian/patches/udp-use-defines-vs-hardcoded-numbers.patch
-
-diff --git a/debian/patches/build-add-another-exception-to-valgrind-nss-combo.patch b/debian/patches/build-add-another-exception-to-valgrind-nss-combo.patch
-new file mode 100644
-index 0000000..4b60b6b
---- /dev/null
-+++ b/debian/patches/build-add-another-exception-to-valgrind-nss-combo.patch
-@@ -0,0 +1,35 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 29 Jan 2019 05:33:51 +0100
-+Subject: [build] add another exception to valgrind nss combo
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a6746007986b9324760822aa0190d035b8da7352)
-+---
-+ build-aux/knet_valgrind_memcheck.supp | 17 +++++++++++++++++
-+ 1 file changed, 17 insertions(+)
-+
-+diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
-+index 8b3f95f..e0f49d0 100644
-+--- a/build-aux/knet_valgrind_memcheck.supp
-++++ b/build-aux/knet_valgrind_memcheck.supp
-+@@ -588,3 +588,20 @@
-+    obj:/usr/lib64/libnss3.so
-+    obj:/usr/lib64/libnss3.so
-+ }
-++{
-++   nss internal leak (3.41) non recurring (spotted on f29)
-++   Memcheck:Leak
-++   match-leak-kinds: definite
-++   fun:malloc
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:*
-++   obj:/usr/lib64/libnss3.so
-++}
-diff --git a/debian/patches/crypto-remove-libnss-3des-support.patch b/debian/patches/crypto-remove-libnss-3des-support.patch
-new file mode 100644
-index 0000000..c8d1123
---- /dev/null
-+++ b/debian/patches/crypto-remove-libnss-3des-support.patch
-@@ -0,0 +1,74 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 11 Apr 2019 13:36:56 +0200
-+Subject: [crypto] remove libnss 3des support
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit acb5adb7f3ea6eaaf858d86e064a9b3fe477ea11)
-+---
-+ libknet/libknet.h    |  2 +-
-+ libknet/crypto_nss.c | 14 ++++----------
-+ 2 files changed, 5 insertions(+), 11 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 0331b1f..d0c90e4 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -617,7 +617,7 @@ struct knet_handle_crypto_cfg {
-+  *                         It can be set to "none" to disable
-+  *                         encryption.
-+  *                         Currently supported by "nss" model:
-+- *                         "3des", "aes128", "aes192" and "aes256".
-++ *                         "aes128", "aes192" and "aes256".
-+  *                         "openssl" model supports more modes and it strictly
-+  *                         depends on the openssl build. See: EVP_get_cipherbyname
-+  *                         openssl API call for details.
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index 35afa0f..a17ff62 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -64,32 +64,28 @@ enum nsscrypto_crypt_t {
-+      CRYPTO_CIPHER_TYPE_NONE = 0,
-+      CRYPTO_CIPHER_TYPE_AES256 = 1,
-+      CRYPTO_CIPHER_TYPE_AES192 = 2,
-+-     CRYPTO_CIPHER_TYPE_AES128 = 3,
-+-     CRYPTO_CIPHER_TYPE_3DES = 4
-++     CRYPTO_CIPHER_TYPE_AES128 = 3
-+ };
-+ 
-+ CK_MECHANISM_TYPE cipher_to_nss[] = {
-+      0,                              /* CRYPTO_CIPHER_TYPE_NONE */
-+      CKM_AES_CBC_PAD,                /* CRYPTO_CIPHER_TYPE_AES256 */
-+      CKM_AES_CBC_PAD,                /* CRYPTO_CIPHER_TYPE_AES192 */
-+-     CKM_AES_CBC_PAD,                /* CRYPTO_CIPHER_TYPE_AES128 */
-+-     CKM_DES3_CBC_PAD                /* CRYPTO_CIPHER_TYPE_3DES */
-++     CKM_AES_CBC_PAD                 /* CRYPTO_CIPHER_TYPE_AES128 */
-+ };
-+ 
-+ size_t nsscipher_key_len[] = {
-+      0,                              /* CRYPTO_CIPHER_TYPE_NONE */
-+      AES_256_KEY_LENGTH,             /* CRYPTO_CIPHER_TYPE_AES256 */
-+      AES_192_KEY_LENGTH,             /* CRYPTO_CIPHER_TYPE_AES192 */
-+-     AES_128_KEY_LENGTH,             /* CRYPTO_CIPHER_TYPE_AES128 */
-+-     24                              /* CRYPTO_CIPHER_TYPE_3DES */
-++     AES_128_KEY_LENGTH              /* CRYPTO_CIPHER_TYPE_AES128 */
-+ };
-+ 
-+ size_t nsscypher_block_len[] = {
-+      0,                              /* CRYPTO_CIPHER_TYPE_NONE */
-+      AES_BLOCK_SIZE,                 /* CRYPTO_CIPHER_TYPE_AES256 */
-+      AES_BLOCK_SIZE,                 /* CRYPTO_CIPHER_TYPE_AES192 */
-+-     AES_BLOCK_SIZE,                 /* CRYPTO_CIPHER_TYPE_AES128 */
-+-     0                               /* CRYPTO_CIPHER_TYPE_3DES */
-++     AES_BLOCK_SIZE                  /* CRYPTO_CIPHER_TYPE_AES128 */
-+ };
-+ 
-+ /*
-+@@ -155,8 +151,6 @@ static int nssstring_to_crypto_cipher_type(const char* crypto_cipher_type)
-+              return CRYPTO_CIPHER_TYPE_AES192;
-+      } else if (strcmp(crypto_cipher_type, "aes128") == 0) {
-+              return CRYPTO_CIPHER_TYPE_AES128;
-+-     } else if (strcmp(crypto_cipher_type, "3des") == 0) {
-+-             return CRYPTO_CIPHER_TYPE_3DES;
-+      }
-+      return -1;
-+ }
-diff --git a/debian/patches/man-Tidy-manpages-215.patch b/debian/patches/man-Tidy-manpages-215.patch
-new file mode 100644
-index 0000000..f0b5b37
---- /dev/null
-+++ b/debian/patches/man-Tidy-manpages-215.patch
-@@ -0,0 +1,297 @@
-+From: Chrissie Caulfield <ccaulfie@redhat.com>
-+Date: Tue, 16 Apr 2019 14:46:01 +0100
-+Subject: man: Tidy manpages (#215)
-+
-+* man: Tidy manpages for libnozzle
-+
-+doxygen works in mysterious ways, adding a blank line before
-+@brief makes the lines following that much tidier.
-+
-+So now instead of
-+
-+nozzle_close nozzle - pointer to the nozzle struct to destroy
-+
-+we get:
-+
-+nozzle_close
-+
-+       nozzle - pointer to the nozzle struct to destroy
-+
-+* doxyxml: Cope with pointers-to-pointers passed as params
-+
-+Double pointers showed as ' * *name' when they should be '  **name'.
-+
-+Also tidy STRUCTURES display so that they are not indented too much,
-+
-+* man: Similar @brief fixes for libknet.h
-+
-+* doxyxml: Tidy descriptions of functions as parameters
-+
-+If a complex function pointer was passed as a parameter then doxyxml
-+tryied to line up all the other parameters with it - making a mess
-+by having lots of blank space between the type and the name.
-+
-+Now we enforce a maximum type length (a line-ish) so that shorter
-+tyopes will line up OK and the really long ones will be left to their
-+own devices.
-+
-+(cherry picked from commit 652e355252adf6d248123d564c607c338e899f98)
-+---
-+ libknet/libknet.h     |  3 +++
-+ libnozzle/libnozzle.h | 24 +++++++++++++++++++++---
-+ man/doxyxml.c         | 30 ++++++++++++++++++++----------
-+ 3 files changed, 44 insertions(+), 13 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index d0c90e4..181724a 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -275,6 +275,7 @@ int knet_handle_add_datafd(knet_handle_t knet_h, int *datafd, int8_t *channel);
-+ 
-+ /**
-+  * knet_handle_remove_datafd
-++ *
-+  * @brief Remove a file descriptor from knet
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+@@ -293,6 +294,7 @@ int knet_handle_remove_datafd(knet_handle_t knet_h, int datafd);
-+ 
-+ /**
-+  * knet_handle_get_channel
-++ *
-+  * @brief Get the channel associated with a file descriptor
-+  *
-+  * knet_h  - pointer to knet_handle_t
-+@@ -313,6 +315,7 @@ int knet_handle_get_channel(knet_handle_t knet_h, const int datafd, int8_t *chan
-+ 
-+ /**
-+  * knet_handle_get_datafd
-++ *
-+  * @brief Get the file descriptor associated with a channel
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+diff --git a/libnozzle/libnozzle.h b/libnozzle/libnozzle.h
-+index 82ca74d..b8ab7d6 100644
-+--- a/libnozzle/libnozzle.h
-++++ b/libnozzle/libnozzle.h
-+@@ -25,6 +25,7 @@ typedef struct nozzle_iface *nozzle_t;
-+ 
-+ /**
-+  * nozzle_open
-++ *
-+  * @brief create a new tap device on the system.
-+  *
-+  * devname - pointer to device name of at least size IFNAMSIZ.
-+@@ -55,6 +56,7 @@ nozzle_t nozzle_open(char *devname, size_t devname_size, const char *updownpath)
-+ 
-+ /**
-+  * nozzle_close
-++ *
-+  * @brief deconfigure and destroy a nozzle device
-+  *
-+  * nozzle - pointer to the nozzle struct to destroy
-+@@ -74,9 +76,8 @@ int nozzle_close(nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_run_updown
-+- * @brief execute updown commands associated with a nozzle device. It is
-+- *        the application responsibility to call helper scripts
-+- *        before or after creating/destroying interfaces or IP addresses.
-++ *
-++ * @brief execute updown commands associated with a nozzle device.
-+  *
-+  * nozzle - pointer to the nozzle struct
-+  *
-+@@ -86,6 +87,9 @@ int nozzle_close(nozzle_t nozzle);
-+  *               The string is malloc'ed, the caller needs to free the buffer.
-+  *               If the script generates no output this string might be NULL.
-+  *
-++ * It is the application responsibility to call helper scripts
-++ * before or after creating/destroying interfaces or IP addresses.
-++ *
-+  * @return
-+  * 0 on success
-+  * -1 on error and errno is set (sanity checks and internal calls.
-+@@ -96,6 +100,7 @@ int nozzle_run_updown(const nozzle_t nozzle, uint8_t action, char **exec_string)
-+ 
-+ /**
-+  * nozzle_set_up
-++ *
-+  * @brief equivalent of ifconfig up
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -109,6 +114,7 @@ int nozzle_set_up(nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_set_down
-++ *
-+  * @brief equivalent of ifconfig down
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -122,6 +128,7 @@ int nozzle_set_down(nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_add_ip
-++ *
-+  * @brief equivalent of ip addr or ifconfig <ipaddress/prefix>
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -142,6 +149,7 @@ int nozzle_add_ip(nozzle_t nozzle, const char *ipaddr, const char *prefix);
-+ 
-+ /**
-+  * nozzle_del_ip
-++ *
-+  * @brief equivalent of ip addr del or ifconfig del <ipaddress/prefix>
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -170,6 +178,7 @@ struct nozzle_ip {
-+ 
-+ /**
-+  * nozzle_get_ips
-++ *
-+  * @brief retrieve the list of all configured ips for a given interface
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -191,6 +200,7 @@ int nozzle_get_ips(const nozzle_t nozzle, struct nozzle_ip **nozzle_ip);
-+ 
-+ /**
-+  * nozzle_get_mtu
-++ *
-+  * @brief retrieve mtu on a given nozzle interface
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -204,6 +214,7 @@ int nozzle_get_mtu(const nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_set_mtu
-++ *
-+  * @brief set mtu on a given nozzle interface
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -219,6 +230,7 @@ int nozzle_set_mtu(nozzle_t nozzle, const int mtu);
-+ 
-+ /**
-+  * nozzle_reset_mtu
-++ *
-+  * @brief reset mtu on a given nozzle interface to the system default
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -232,6 +244,7 @@ int nozzle_reset_mtu(nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_get_mac
-++ *
-+  * @brief retrieve mac address on a given nozzle interface
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -247,6 +260,7 @@ int nozzle_get_mac(const nozzle_t nozzle, char **ether_addr);
-+ 
-+ /**
-+  * nozzle_set_mac
-++ *
-+  * @brief set mac address on a given nozzle interface
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -262,6 +276,7 @@ int nozzle_set_mac(nozzle_t nozzle, const char *ether_addr);
-+ 
-+ /**
-+  * nozzle_reset_mac
-++ *
-+  * @brief reset mac address on a given nozzle interface to system default
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -275,6 +290,7 @@ int nozzle_reset_mac(nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_get_handle_by_name
-++ *
-+  * @brief find a nozzle handle by device name
-+  *
-+  * devname - string containing the name of the interface
-+@@ -288,6 +304,7 @@ nozzle_t nozzle_get_handle_by_name(const char *devname);
-+ 
-+ /**
-+  * nozzle_get_name_by_handle
-++ *
-+  * @brief retrieve nozzle interface name by handle
-+  *
-+  * nozzle - pointer to the nozzle struct
-+@@ -301,6 +318,7 @@ const char *nozzle_get_name_by_handle(const nozzle_t nozzle);
-+ 
-+ /**
-+  * nozzle_get_fd
-++ *
-+  * @brief
-+  *
-+  * nozzle - pointer to the nozzle struct
-+diff --git a/man/doxyxml.c b/man/doxyxml.c
-+index b4b49a9..b623711 100644
-+--- a/man/doxyxml.c
-++++ b/man/doxyxml.c
-+@@ -34,6 +34,14 @@
-+ #define XML_DIR "../man/xml-knet"
-+ #define XML_FILE "libknet_8h.xml"
-+ 
-++/*
-++ * This isn't a maximum size, it just defines how long a parameter
-++ * type can get before we decide it's not worth lining everything up to.
-++ * it's mainly to stop function pointer types (which can get VERY long because
-++ * of all *their* parameters) making everything else 'line-up' over separate lines
-++ */
-++#define LINE_LENGTH 80
-++
-+ static int print_ascii = 1;
-+ static int print_man = 0;
-+ static int print_params = 0;
-+@@ -332,19 +340,25 @@ static int read_structure_from_xml(char *refid, char *name)
-+ 
-+ static void print_param(FILE *manfile, struct param_info *pi, int field_width, int bold, const char *delimiter)
-+ {
-+-     char asterisk = ' ';
-++     char *asterisks = "  ";
-+      char *type = pi->paramtype;
-+ 
-+      /* Reformat pointer params so they look nicer */
-+      if (pi->paramtype[strlen(pi->paramtype)-1] == '*') {
-+-             asterisk='*';
-++             asterisks=" *";
-+              type = strdup(pi->paramtype);
-+              type[strlen(type)-1] = '\0';
-++
-++             /* Cope with double pointers */
-++             if (pi->paramtype[strlen(type)-1] == '*') {
-++                     asterisks="**";
-++                     type[strlen(type)-1] = '\0';
-++             }
-+      }
-+ 
-+-     fprintf(manfile, "    %s%-*s%c%s\\fI%s\\fP%s\n",
-++     fprintf(manfile, "    %s%-*s%s%s\\fI%s\\fP%s\n",
-+              bold?"\\fB":"", field_width, type,
-+-             asterisk, bold?"\\fP":"", pi->paramname, delimiter);
-++             asterisks, bold?"\\fP":"", pi->paramname, delimiter);
-+ 
-+      if (type != pi->paramtype) {
-+              free(type);
-+@@ -504,7 +518,8 @@ static void print_manpage(char *name, char *def, char *brief, char *args, char *
-+      qb_list_for_each(iter, &params_list) {
-+              pi = qb_list_entry(iter, struct param_info, list);
-+ 
-+-             if (strlen(pi->paramtype) > max_param_type_len) {
-++             if ((strlen(pi->paramtype) < LINE_LENGTH) &&
-++                 (strlen(pi->paramtype) > max_param_type_len)) {
-+                      max_param_type_len = strlen(pi->paramtype);
-+              }
-+              if (strlen(pi->paramname) > max_param_name_len) {
-+@@ -559,11 +574,6 @@ static void print_manpage(char *name, char *def, char *brief, char *args, char *
-+ 
-+              map_iter = qb_map_iter_create(used_structures_map);
-+              for (p = qb_map_iter_next(map_iter, &data); p; p = qb_map_iter_next(map_iter, &data)) {
-+-                     fprintf(manfile, ".SS \"\"\n");
-+-                     fprintf(manfile, ".PP\n");
-+-                     fprintf(manfile, ".sp\n");
-+-                     fprintf(manfile, ".sp\n");
-+-                     fprintf(manfile, ".RS\n");
-+                      fprintf(manfile, ".nf\n");
-+                      fprintf(manfile, "\\fB\n");
-+ 
-diff --git a/debian/patches/man-Tidy-more-man-pages.patch b/debian/patches/man-Tidy-more-man-pages.patch
-new file mode 100644
-index 0000000..21c6e04
---- /dev/null
-+++ b/debian/patches/man-Tidy-more-man-pages.patch
-@@ -0,0 +1,47 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Mon, 29 Apr 2019 15:16:27 +0100
-+Subject: man: Tidy more man pages
-+
-+Followup to previous 'tidy'
-+
-+(cherry picked from commit 4ff309b82bbd11300e761ecdcafde596115fc7f7)
-+---
-+ libknet/libknet.h | 4 ++++
-+ 1 file changed, 4 insertions(+)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 181724a..7b5a9e3 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -151,6 +151,7 @@ knet_handle_t knet_handle_new(knet_node_id_t host_id,
-+ 
-+ /**
-+  * knet_handle_free
-++ *
-+  * @brief Destroy a knet handle, free all resources
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+@@ -165,6 +166,7 @@ int knet_handle_free(knet_handle_t knet_h);
-+ 
-+ /**
-+  * knet_handle_enable_sock_notify
-++ *
-+  * @brief Register a callback to receive socket events
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+@@ -336,6 +338,7 @@ int knet_handle_get_datafd(knet_handle_t knet_h, const int8_t channel, int *data
-+ 
-+ /**
-+  * knet_recv
-++ *
-+  * @brief Receive data from knet nodes
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+@@ -358,6 +361,7 @@ ssize_t knet_recv(knet_handle_t knet_h,
-+ 
-+ /**
-+  * knet_send
-++ *
-+  * @brief Send data to knet nodes
-+  *
-+  * knet_h   - pointer to knet_handle_t
-diff --git a/debian/patches/man-fix-knet_host_set_policy-parameters-order.patch b/debian/patches/man-fix-knet_host_set_policy-parameters-order.patch
-new file mode 100644
-index 0000000..5d50b61
---- /dev/null
-+++ b/debian/patches/man-fix-knet_host_set_policy-parameters-order.patch
-@@ -0,0 +1,27 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 30 Apr 2019 05:06:47 +0200
-+Subject: [man] fix knet_host_set_policy parameters order
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 73e1b520482cef7ced995423aa3f6f53d16b66c4)
-+---
-+ libknet/libknet.h | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 7b5a9e3..7c0c440 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1027,10 +1027,10 @@ int knet_host_get_host_list(knet_handle_t knet_h,
-+ /**
-+  * knet_host_set_policy
-+  *
-+- * knet_h   - pointer to knet_handle_t
-+- *
-+  * @brief Set the switching policy for a host's links
-+  *
-++ * knet_h   - pointer to knet_handle_t
-++ *
-+  * host_id  - see knet_host_add(3)
-+  *
-+  * policy   - there are currently 3 kind of simple switching policies
-diff --git a/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
-new file mode 100644
-index 0000000..79925df
---- /dev/null
-+++ b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
-@@ -0,0 +1,41 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 30 Apr 2019 05:42:48 +0200
-+Subject: [man] fix libknet.h for errors detected by newly added test
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8e00c883883f0ee183aa3472e5ee72210318ce14)
-+---
-+ libknet/libknet.h | 6 +++---
-+ 1 file changed, 3 insertions(+), 3 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 7c0c440..c7f44d7 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1144,7 +1144,7 @@ struct knet_host_status {
-+ };
-+ 
-+ /**
-+- * knet_host_status_get
-++ * knet_host_get_status
-+  *
-+  * @brief Get the status of a host
-+  *
-+@@ -1939,7 +1939,7 @@ struct knet_log_msg {
-+ };
-+ 
-+ /**
-+- * knet_log_set_log_level
-++ * knet_log_set_loglevel
-+  *
-+  * @brief Set the logging level for a subsystem
-+  *
-+@@ -1962,7 +1962,7 @@ int knet_log_set_loglevel(knet_handle_t knet_h, uint8_t subsystem,
-+                        uint8_t level);
-+ 
-+ /**
-+- * knet_log_get_log_level
-++ * knet_log_get_loglevel
-+  *
-+  * @brief Get the logging level for a subsystem
-+  *
-diff --git a/debian/patches/reduce-minimum-crypto-key-size-to-1024bit.patch b/debian/patches/reduce-minimum-crypto-key-size-to-1024bit.patch
-new file mode 100644
-index 0000000..065a53b
---- /dev/null
-+++ b/debian/patches/reduce-minimum-crypto-key-size-to-1024bit.patch
-@@ -0,0 +1,35 @@
-+From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-+Date: Wed, 3 Apr 2019 14:28:50 +0200
-+Subject: reduce minimum crypto key size to 1024bit
-+MIME-Version: 1.0
-+Content-Type: text/plain; charset="utf-8"
-+Content-Transfer-Encoding: 8bit
-+
-+Since the key is used for AES/3DES and HMAC operations only, this is
-+safe. AES/3DES use keys in the 128- to 256-bit range, HMAC with
-+MD5/SHA1/SHA2 should use keys with a minimum of 128- to 512-bit (in both
-+cases, depending on the actual algorithm used).
-+
-+This reduction also keeps knet compatible with existing Corosync 2.x
-+keyfiles, which are 1024-bit.
-+
-+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
-+(cherry picked from commit 4e648f76930af8c376a833677d940b2b0efc3c86)
-+---
-+ libknet/libknet.h | 3 +--
-+ 1 file changed, 1 insertion(+), 2 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 36fefa5..0331b1f 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -587,8 +587,7 @@ int knet_handle_pmtud_get(knet_handle_t knet_h,
-+                              unsigned int *data_mtu);
-+ 
-+ 
-+-
-+-#define KNET_MIN_KEY_LEN  256
-++#define KNET_MIN_KEY_LEN  128
-+ #define KNET_MAX_KEY_LEN 4096
-+ 
-+ struct knet_handle_crypto_cfg {
-diff --git a/debian/patches/tests-add-man-page-check-to-verify-doxy-header-order-and-.patch b/debian/patches/tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
-new file mode 100644
-index 0000000..2ac3e8a
---- /dev/null
-+++ b/debian/patches/tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
-@@ -0,0 +1,37 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 30 Apr 2019 05:42:16 +0200
-+Subject: [tests] add man page check to verify doxy header order and
-+ definitions
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8b73fbca799114ed579acb73ce0bbcdf45b1f171)
-+---
-+ man/api-to-man-page-coverage | 15 +++++++++++++++
-+ 1 file changed, 15 insertions(+)
-+
-+diff --git a/man/api-to-man-page-coverage b/man/api-to-man-page-coverage
-+index 92e60a5..b9dc18f 100755
-+--- a/man/api-to-man-page-coverage
-++++ b/man/api-to-man-page-coverage
-+@@ -14,6 +14,21 @@ target="$2"
-+ headerapicalls="$(grep ${target}_ "$srcdir"/lib${target}/lib${target}.h | grep -v "^ \*" | grep -v ^struct | grep -v "^[[:space:]]" | grep -v typedef | sed -e 's/(.*//g' -e 's/^const //g' -e 's/\*//g' | awk '{print $2}')"
-+ manpages="$(grep ${target}_ "$srcdir"/man/Makefile.am |grep -v man3 |grep -v xml | sed -e 's/\.3.*//g')"
-+ 
-++echo "Checking for header format errors"
-++
-++for i in $headerapicalls; do
-++     echo "Checking $i"
-++     header="$(grep " \* ${i}$" "$srcdir"/lib${target}/lib${target}.h -A2)"
-++     brief="$(echo "$header" | tail -n 1 |grep "@brief")"
-++     if [ -z "$brief" ]; then
-++             echo "Error found in $i doxy header section"
-++             echo "$header"
-++             echo ""
-++             echo "$brief"
-++             exit 1
-++     fi
-++done
-++
-+ echo "Checking for symbols in header file NOT distributed as manpages"
-+ 
-+ for i in $headerapicalls; do
-diff --git a/debian/patches/udp-improve-error-message-decoding-from-ICMP-errors.patch b/debian/patches/udp-improve-error-message-decoding-from-ICMP-errors.patch
-new file mode 100644
-index 0000000..876bdd3
---- /dev/null
-+++ b/debian/patches/udp-improve-error-message-decoding-from-ICMP-errors.patch
-@@ -0,0 +1,38 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 1 May 2019 06:51:19 +0200
-+Subject: [udp] improve error message decoding from ICMP errors
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c8522bfa627045932c0bd2c1b31005534efbc495)
-+---
-+ libknet/transport_udp.c | 10 +++++++++-
-+ 1 file changed, 9 insertions(+), 1 deletion(-)
-+
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 3decb66..e4f6fdb 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -296,6 +296,8 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+      struct sockaddr_storage *origin;
-+      char addr_str[KNET_MAX_HOST_LEN];
-+      char port_str[KNET_MAX_PORT_LEN];
-++     char addr_remote_str[KNET_MAX_HOST_LEN];
-++     char port_remote_str[KNET_MAX_PORT_LEN];
-+ 
-+      iov.iov_base = &icmph;
-+      iov.iov_len = sizeof(icmph);
-+@@ -367,7 +369,13 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                                                              log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from unknown source: %s", strerror(sock_err->ee_errno));
-+ 
-+                                                      } else {
-+-                                                             log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s", addr_str, strerror(sock_err->ee_errno));
-++                                                             if (knet_addrtostr(&remote, sizeof(remote),
-++                                                                            addr_remote_str, KNET_MAX_HOST_LEN,
-++                                                                            port_remote_str, KNET_MAX_PORT_LEN) < 0) {
-++                                                                     log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s destination unknown", addr_str, strerror(sock_err->ee_errno));
-++                                                             } else {
-++                                                                     log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s %s", addr_str, strerror(sock_err->ee_errno), addr_remote_str);
-++                                                             }
-+                                                      }
-+                                                      break;
-+                                      }
-diff --git a/debian/patches/udp-use-defines-vs-hardcoded-numbers.patch b/debian/patches/udp-use-defines-vs-hardcoded-numbers.patch
-new file mode 100644
-index 0000000..65a5d88
---- /dev/null
-+++ b/debian/patches/udp-use-defines-vs-hardcoded-numbers.patch
-@@ -0,0 +1,36 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 1 May 2019 06:39:53 +0200
-+Subject: [udp] use defines vs hardcoded numbers
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 77adcf11ee390cfc7158f3f05617beef980429d8)
-+---
-+ libknet/transport_udp.c | 8 ++++----
-+ 1 file changed, 4 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index acfbab4..3decb66 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -325,8 +325,8 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                              sock_err = (struct sock_extended_err*)(void *)CMSG_DATA(cmsg);
-+                              if (sock_err) {
-+                                      switch (sock_err->ee_origin) {
-+-                                             case 0: /* no origin */
-+-                                             case 1: /* local source (EMSGSIZE) */
-++                                             case SO_EE_ORIGIN_NONE: /* no origin */
-++                                             case SO_EE_ORIGIN_LOCAL: /* local source (EMSGSIZE) */
-+                                                      if (sock_err->ee_errno == EMSGSIZE) {
-+                                                              if (pthread_mutex_lock(&knet_h->kmtu_mutex) != 0) {
-+                                                                      log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Unable to get mutex lock");
-+@@ -358,8 +358,8 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                                                       * those errors are way too noisy
-+                                                       */
-+                                                      break;
-+-                                             case 2: /* ICMP */
-+-                                             case 3: /* ICMP6 */
-++                                             case SO_EE_ORIGIN_ICMP:  /* ICMP */
-++                                             case SO_EE_ORIGIN_ICMP6: /* ICMP6 */
-+                                                      origin = (struct sockaddr_storage *)(void *)SO_EE_OFFENDER(sock_err);
-+                                                      if (knet_addrtostr(origin, sizeof(origin),
-+                                                                         addr_str, KNET_MAX_HOST_LEN,
-diff --git a/debian/patches/series b/debian/patches/series
-index 7fbd139..c16ea6e 100644
---- a/debian/patches/series
-+++ b/debian/patches/series
-@@ -1 +1,11 @@
- send-test-skip-the-SCTP-test-if-SCTP-is-not-supported-by-.patch
-+build-add-another-exception-to-valgrind-nss-combo.patch
-+reduce-minimum-crypto-key-size-to-1024bit.patch
-+crypto-remove-libnss-3des-support.patch
-+man-Tidy-manpages-215.patch
-+man-Tidy-more-man-pages.patch
-+man-fix-knet_host_set_policy-parameters-order.patch
-+tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
-+man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
-+udp-use-defines-vs-hardcoded-numbers.patch
-+udp-improve-error-message-decoding-from-ICMP-errors.patch

diff --git a/patches/0003-cherry-pick-1.10-as-patches.patch b/patches/0003-cherry-pick-1.10-as-patches.patch
deleted file mode 100644 (file)
index ec886d6..0000000
--- a/patches/0003-cherry-pick-1.10-as-patches.patch
+++ /dev/null
@@ -1,14716 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Wed, 19 Jun 2019 09:31:57 +0200
-Subject: [PATCH kronosnet] cherry-pick 1.10 as patches
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
----
- ...e-entry-per-file-to-match-README.lic.patch | 2928 +++++++++++++++++
- ...n-shared-code-to-trigger-PMTUd-rerun.patch |   79 +
- ...-rerun-API-to-allow-full-PMTUd-reset.patch |   74 +
- ...sts-add-access-lists-support-to-sctp.patch |   96 +
- ...documentation-for-enable_access_list.patch |   58 +
- ...dd-errno-around-and-start-using-them.patch |  195 ++
- ...rnal-API-calls-to-manage-access-list.patch |  746 +++++
- ...more-extensive-test-for-links_acl_ip.patch |  717 ++++
- .../access-lists-add-public-API-tests.patch   | 1019 ++++++
- ...s-add-tests-for-default-access-lists.patch |   63 +
- ...et_bench-to-enable-disable-access-li.patch |   61 +
- ...cally-add-and-remove-point-to-point-.patch |  283 ++
- .../access-lists-cleanup-API-a-bit.patch      |   98 +
- ...access-lists-data-structs-within-the.patch |  226 ++
- ...ccess-lists-for-GENERIC_ACL-protocol.patch |   80 +
- ...eneric-access-lists-only-for-protoco.patch |   55 +
- ...d-on-BSD-and-add-some-include-files-.patch |   64 +
- .../access-lists-fix-build-on-freebsd.patch   |   54 +
- ...improve-checks-on-various-data-types.patch |   74 +
- ...e-more-generic-to-accept-more-than-I.patch |  436 +++
- ...s-lists-make-internal-API-consistent.patch |   73 +
- ...-of-generic-wrappers-and-remove-dupl.patch |   72 +
- ...ess-lists-structs-and-data-types-to-.patch |  168 +
- ...-acl-wrappers-to-links_acl-and-split.patch | 1025 ++++++
- ...-lists-remove-2-unnecessary-wrappers.patch |   70 +
- ...p1-2-to-ss1-2-to-keep-it-more-generi.patch |  219 ++
- ...licit-access-lists-management-for-UD.patch |   50 +
- ...ays-to-access-per-protocol-functions.patch |  309 ++
- ...better-name-for-fd_tracker-structure.patch |   95 +
- .../acl-Fix-English-in-commments.patch        |  106 +
- ..._handle_enable_access_lists-api-call.patch |  235 ++
- ...o-libknet-dir-and-rename-to-links_ac.patch |  186 ++
- ...ump-soname-to-indicate-new-API-calls.patch |   23 +
- .../compress-add-support-for-libzstd.patch    |  342 ++
- ...o-fix-openssl1.0-initialization-code.patch |   98 +
- ...e-errors-generated-by-openssl-1.1.1c.patch |  137 +
- ...lear-all-security-info-on-crypto_fin.patch |   51 +
- ...rigger-a-PMTUd-rerun-on-each-good-cr.patch |   25 +
- ...alls-to-RAND_seed-as-they-don-t-real.patch |   65 +
- ...crypto-openssl-error-strings-release.patch |   28 +
- ...ndle_crypto-external-API-to-be-more-.patch |  598 ++++
- ...ight-from-541d7faf9068d10e12b4278c35.patch |   23 +
- ...al-update-copyright-across-the-board.patch |  129 +
- debian/patches/global-update-copyrights.patch |   21 +
- ...operly-initialize-fd-tracker-buffers.patch |   26 +
- ..._type-to-transport-to-avoid-confusio.patch |   77 +
- ...t_type-to-transport-to-avoid-confusi.patch |  196 ++
- ...g-target-of-recently-added-API-calls.patch |   52 +
- ...rrors-detected-by-newly-added-test-1.patch |   50 +
- .../patches/manpages-Document-enums-206.patch |   39 +
- .../misc-Fix-more-covscan-warnings.patch      |  191 ++
- debian/patches/misc-some-coverity-fixes.patch |  224 ++
- ...bout-plugins-version-and-architectur.patch |  167 +
- ...-up-useless-conditionals-and-defines.patch |  376 +++
- .../spec-drop-support-for-init-scripts.patch  |  108 +
- .../spec-fix-a-bunch-of-rpmlint-errors.patch  |   51 +
- ...s-to-point-to-https-and-official-rel.patch |   30 +
- ...ora-spec-file-into-upstream-spec-fil.patch |  374 +++
- ...ditionals-to-determine-BuildRequires.patch |   59 +
- ...dconfig_scriptlets-only-when-defined.patch |   40 +
- ...m-internal-memory-leak-non-recurring.patch |   25 +
- ...r-packet-implementation-to-flush-log.patch |  135 +
- .../patches/tests-remove-stray-comment.patch  |   22 +
- ...t-add-internal-API-to-gather-which-f.patch |  161 +
- ...ation-about-the-nature-of-the-transp.patch |  115 +
- ...ect-merge-when-cherry-picking-7033dd.patch |   29 +
- debian/patches/series                         |   66 +
- 67 files changed, 14167 insertions(+)
- create mode 100644 debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
- create mode 100644 debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
- create mode 100644 debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
- create mode 100644 debian/patches/access-lists-add-access-lists-support-to-sctp.patch
- create mode 100644 debian/patches/access-lists-add-documentation-for-enable_access_list.patch
- create mode 100644 debian/patches/access-lists-add-errno-around-and-start-using-them.patch
- create mode 100644 debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
- create mode 100644 debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
- create mode 100644 debian/patches/access-lists-add-public-API-tests.patch
- create mode 100644 debian/patches/access-lists-add-tests-for-default-access-lists.patch
- create mode 100644 debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
- create mode 100644 debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
- create mode 100644 debian/patches/access-lists-cleanup-API-a-bit.patch
- create mode 100644 debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
- create mode 100644 debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
- create mode 100644 debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
- create mode 100644 debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
- create mode 100644 debian/patches/access-lists-fix-build-on-freebsd.patch
- create mode 100644 debian/patches/access-lists-improve-checks-on-various-data-types.patch
- create mode 100644 debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
- create mode 100644 debian/patches/access-lists-make-internal-API-consistent.patch
- create mode 100644 debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
- create mode 100644 debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
- create mode 100644 debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
- create mode 100644 debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
- create mode 100644 debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
- create mode 100644 debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
- create mode 100644 debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
- create mode 100644 debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
- create mode 100644 debian/patches/acl-Fix-English-in-commments.patch
- create mode 100644 debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
- create mode 100644 debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
- create mode 100644 debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
- create mode 100644 debian/patches/compress-add-support-for-libzstd.patch
- create mode 100644 debian/patches/crypto-fix-openssl1.0-initialization-code.patch
- create mode 100644 debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
- create mode 100644 debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
- create mode 100644 debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
- create mode 100644 debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
- create mode 100644 debian/patches/crypto-openssl-error-strings-release.patch
- create mode 100644 debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
- create mode 100644 debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
- create mode 100644 debian/patches/global-update-copyright-across-the-board.patch
- create mode 100644 debian/patches/global-update-copyrights.patch
- create mode 100644 debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
- create mode 100644 debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
- create mode 100644 debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
- create mode 100644 debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
- create mode 100644 debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
- create mode 100644 debian/patches/manpages-Document-enums-206.patch
- create mode 100644 debian/patches/misc-Fix-more-covscan-warnings.patch
- create mode 100644 debian/patches/misc-some-coverity-fixes.patch
- create mode 100644 debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
- create mode 100644 debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
- create mode 100644 debian/patches/spec-drop-support-for-init-scripts.patch
- create mode 100644 debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
- create mode 100644 debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
- create mode 100644 debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
- create mode 100644 debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
- create mode 100644 debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
- create mode 100644 debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
- create mode 100644 debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
- create mode 100644 debian/patches/tests-remove-stray-comment.patch
- create mode 100644 debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
- create mode 100644 debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
- create mode 100644 debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-
-diff --git a/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch b/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
-new file mode 100644
-index 0000000..ba15cf0
---- /dev/null
-+++ b/debian/patches/global-clarify-license-entry-per-file-to-match-README.lic.patch
-@@ -0,0 +1,2928 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 12 Jun 2019 05:21:24 +0200
-+Subject: [global] clarify license entry per file to match README.licence
-+
-+libraries code: LGPL-2.0+
-+binaries code and other files: GPL-2.0+
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dd52554d5dfc0c5c37697842092cd3b99d6d40a4)
-+---
-+ README                                                           | 2 +-
-+ autogen.sh                                                       | 2 +-
-+ configure.ac                                                     | 2 +-
-+ Makefile.am                                                      | 2 +-
-+ init/Makefile.am                                                 | 2 +-
-+ kronosnetd/Makefile.am                                           | 2 +-
-+ libknet/Makefile.am                                              | 2 +-
-+ libknet/tests/Makefile.am                                        | 2 +-
-+ libnozzle/Makefile.am                                            | 2 +-
-+ libnozzle/tests/Makefile.am                                      | 2 +-
-+ man/Makefile.am                                                  | 2 +-
-+ poc-code/Makefile.am                                             | 2 +-
-+ poc-code/iov-hash/Makefile.am                                    | 2 +-
-+ kronosnetd/cfg.h                                                 | 2 +-
-+ kronosnetd/etherfilter.h                                         | 2 +-
-+ kronosnetd/logging.h                                             | 2 +-
-+ kronosnetd/vty.h                                                 | 2 +-
-+ kronosnetd/vty_auth.h                                            | 2 +-
-+ kronosnetd/vty_cli.h                                             | 2 +-
-+ kronosnetd/vty_cli_cmds.h                                        | 2 +-
-+ kronosnetd/vty_utils.h                                           | 2 +-
-+ libknet/common.h                                                 | 2 +-
-+ libknet/compat.h                                                 | 2 +-
-+ libknet/compress.h                                               | 2 +-
-+ libknet/compress_model.h                                         | 2 +-
-+ libknet/crypto.h                                                 | 2 +-
-+ libknet/crypto_model.h                                           | 2 +-
-+ libknet/host.h                                                   | 2 +-
-+ libknet/internals.h                                              | 2 +-
-+ libknet/libknet.h                                                | 2 +-
-+ libknet/links.h                                                  | 2 +-
-+ libknet/links_acl.h                                              | 2 +-
-+ libknet/links_acl_ip.h                                           | 2 +-
-+ libknet/links_acl_loopback.h                                     | 2 +-
-+ libknet/logging.h                                                | 2 +-
-+ libknet/netutils.h                                               | 2 +-
-+ libknet/onwire.h                                                 | 2 +-
-+ libknet/tests/test-common.h                                      | 2 +-
-+ libknet/threads_common.h                                         | 2 +-
-+ libknet/threads_dsthandler.h                                     | 2 +-
-+ libknet/threads_heartbeat.h                                      | 2 +-
-+ libknet/threads_pmtud.h                                          | 2 +-
-+ libknet/threads_rx.h                                             | 2 +-
-+ libknet/threads_tx.h                                             | 2 +-
-+ libknet/transport_common.h                                       | 2 +-
-+ libknet/transport_loopback.h                                     | 2 +-
-+ libknet/transport_sctp.h                                         | 2 +-
-+ libknet/transport_udp.h                                          | 2 +-
-+ libknet/transports.h                                             | 2 +-
-+ libnozzle/internals.h                                            | 2 +-
-+ libnozzle/libnozzle.h                                            | 2 +-
-+ libnozzle/tests/test-common.h                                    | 2 +-
-+ init/kronosnetd.in                                               | 2 +-
-+ init/kronosnetd.service.in                                       | 2 +-
-+ kronosnetd/kronosnetd.logrotate.in                               | 2 +-
-+ libknet/libknet.pc.in                                            | 2 +-
-+ libnozzle/libnozzle.pc.in                                        | 2 +-
-+ man/Doxyfile-knet.in                                             | 2 +-
-+ man/Doxyfile-nozzle.in                                           | 2 +-
-+ kronosnetd/cfg.c                                                 | 2 +-
-+ kronosnetd/etherfilter.c                                         | 2 +-
-+ kronosnetd/keygen.c                                              | 2 +-
-+ kronosnetd/logging.c                                             | 2 +-
-+ kronosnetd/main.c                                                | 2 +-
-+ kronosnetd/vty.c                                                 | 2 +-
-+ kronosnetd/vty_auth.c                                            | 2 +-
-+ kronosnetd/vty_cli.c                                             | 2 +-
-+ kronosnetd/vty_cli_cmds.c                                        | 2 +-
-+ kronosnetd/vty_utils.c                                           | 2 +-
-+ libknet/common.c                                                 | 2 +-
-+ libknet/compat.c                                                 | 2 +-
-+ libknet/compress.c                                               | 2 +-
-+ libknet/compress_bzip2.c                                         | 2 +-
-+ libknet/compress_lz4.c                                           | 2 +-
-+ libknet/compress_lz4hc.c                                         | 2 +-
-+ libknet/compress_lzma.c                                          | 2 +-
-+ libknet/compress_lzo2.c                                          | 2 +-
-+ libknet/compress_zlib.c                                          | 2 +-
-+ libknet/compress_zstd.c                                          | 2 +-
-+ libknet/crypto.c                                                 | 2 +-
-+ libknet/crypto_nss.c                                             | 2 +-
-+ libknet/crypto_openssl.c                                         | 2 +-
-+ libknet/handle.c                                                 | 2 +-
-+ libknet/host.c                                                   | 2 +-
-+ libknet/links.c                                                  | 2 +-
-+ libknet/links_acl.c                                              | 2 +-
-+ libknet/links_acl_ip.c                                           | 2 +-
-+ libknet/links_acl_loopback.c                                     | 2 +-
-+ libknet/logging.c                                                | 2 +-
-+ libknet/netutils.c                                               | 2 +-
-+ libknet/tests/api_knet_addrtostr.c                               | 2 +-
-+ libknet/tests/api_knet_get_compress_list.c                       | 2 +-
-+ libknet/tests/api_knet_get_crypto_list.c                         | 2 +-
-+ libknet/tests/api_knet_get_transport_id_by_name.c                | 2 +-
-+ libknet/tests/api_knet_get_transport_list.c                      | 2 +-
-+ libknet/tests/api_knet_get_transport_name_by_id.c                | 2 +-
-+ libknet/tests/api_knet_handle_add_datafd.c                       | 2 +-
-+ libknet/tests/api_knet_handle_clear_stats.c                      | 2 +-
-+ libknet/tests/api_knet_handle_compress.c                         | 2 +-
-+ libknet/tests/api_knet_handle_crypto.c                           | 2 +-
-+ libknet/tests/api_knet_handle_enable_access_lists.c              | 2 +-
-+ libknet/tests/api_knet_handle_enable_filter.c                    | 2 +-
-+ libknet/tests/api_knet_handle_enable_pmtud_notify.c              | 2 +-
-+ libknet/tests/api_knet_handle_enable_sock_notify.c               | 2 +-
-+ libknet/tests/api_knet_handle_free.c                             | 2 +-
-+ libknet/tests/api_knet_handle_get_channel.c                      | 2 +-
-+ libknet/tests/api_knet_handle_get_datafd.c                       | 2 +-
-+ libknet/tests/api_knet_handle_get_stats.c                        | 2 +-
-+ libknet/tests/api_knet_handle_get_transport_reconnect_interval.c | 2 +-
-+ libknet/tests/api_knet_handle_new.c                              | 2 +-
-+ libknet/tests/api_knet_handle_new_limit.c                        | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_get.c                        | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_getfreq.c                    | 2 +-
-+ libknet/tests/api_knet_handle_pmtud_setfreq.c                    | 2 +-
-+ libknet/tests/api_knet_handle_remove_datafd.c                    | 2 +-
-+ libknet/tests/api_knet_handle_set_transport_reconnect_interval.c | 2 +-
-+ libknet/tests/api_knet_handle_setfwd.c                           | 2 +-
-+ libknet/tests/api_knet_host_add.c                                | 2 +-
-+ libknet/tests/api_knet_host_enable_status_change_notify.c        | 2 +-
-+ libknet/tests/api_knet_host_get_host_list.c                      | 2 +-
-+ libknet/tests/api_knet_host_get_id_by_host_name.c                | 2 +-
-+ libknet/tests/api_knet_host_get_name_by_host_id.c                | 2 +-
-+ libknet/tests/api_knet_host_get_policy.c                         | 2 +-
-+ libknet/tests/api_knet_host_get_status.c                         | 2 +-
-+ libknet/tests/api_knet_host_remove.c                             | 2 +-
-+ libknet/tests/api_knet_host_set_name.c                           | 2 +-
-+ libknet/tests/api_knet_host_set_policy.c                         | 2 +-
-+ libknet/tests/api_knet_link_add_acl.c                            | 2 +-
-+ libknet/tests/api_knet_link_clear_acl.c                          | 2 +-
-+ libknet/tests/api_knet_link_clear_config.c                       | 2 +-
-+ libknet/tests/api_knet_link_get_config.c                         | 2 +-
-+ libknet/tests/api_knet_link_get_enable.c                         | 2 +-
-+ libknet/tests/api_knet_link_get_link_list.c                      | 2 +-
-+ libknet/tests/api_knet_link_get_ping_timers.c                    | 2 +-
-+ libknet/tests/api_knet_link_get_pong_count.c                     | 2 +-
-+ libknet/tests/api_knet_link_get_priority.c                       | 2 +-
-+ libknet/tests/api_knet_link_get_status.c                         | 2 +-
-+ libknet/tests/api_knet_link_insert_acl.c                         | 2 +-
-+ libknet/tests/api_knet_link_rm_acl.c                             | 2 +-
-+ libknet/tests/api_knet_link_set_config.c                         | 2 +-
-+ libknet/tests/api_knet_link_set_enable.c                         | 2 +-
-+ libknet/tests/api_knet_link_set_ping_timers.c                    | 2 +-
-+ libknet/tests/api_knet_link_set_pong_count.c                     | 2 +-
-+ libknet/tests/api_knet_link_set_priority.c                       | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel.c                        | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel_id.c                     | 2 +-
-+ libknet/tests/api_knet_log_get_loglevel_name.c                   | 2 +-
-+ libknet/tests/api_knet_log_get_subsystem_id.c                    | 2 +-
-+ libknet/tests/api_knet_log_get_subsystem_name.c                  | 2 +-
-+ libknet/tests/api_knet_log_set_loglevel.c                        | 2 +-
-+ libknet/tests/api_knet_recv.c                                    | 2 +-
-+ libknet/tests/api_knet_send.c                                    | 2 +-
-+ libknet/tests/api_knet_send_compress.c                           | 2 +-
-+ libknet/tests/api_knet_send_crypto.c                             | 2 +-
-+ libknet/tests/api_knet_send_loopback.c                           | 2 +-
-+ libknet/tests/api_knet_send_sync.c                               | 2 +-
-+ libknet/tests/api_knet_strtoaddr.c                               | 2 +-
-+ libknet/tests/int_links_acl_ip.c                                 | 2 +-
-+ libknet/tests/int_timediff.c                                     | 2 +-
-+ libknet/tests/knet_bench.c                                       | 2 +-
-+ libknet/tests/pckt_test.c                                        | 2 +-
-+ libknet/tests/test-common.c                                      | 2 +-
-+ libknet/threads_common.c                                         | 2 +-
-+ libknet/threads_dsthandler.c                                     | 2 +-
-+ libknet/threads_heartbeat.c                                      | 2 +-
-+ libknet/threads_pmtud.c                                          | 2 +-
-+ libknet/threads_rx.c                                             | 2 +-
-+ libknet/threads_tx.c                                             | 2 +-
-+ libknet/transport_common.c                                       | 2 +-
-+ libknet/transport_loopback.c                                     | 2 +-
-+ libknet/transport_sctp.c                                         | 2 +-
-+ libknet/transport_udp.c                                          | 2 +-
-+ libknet/transports.c                                             | 2 +-
-+ libnozzle/internals.c                                            | 2 +-
-+ libnozzle/libnozzle.c                                            | 2 +-
-+ libnozzle/tests/api_nozzle_add_ip.c                              | 2 +-
-+ libnozzle/tests/api_nozzle_close.c                               | 2 +-
-+ libnozzle/tests/api_nozzle_del_ip.c                              | 2 +-
-+ libnozzle/tests/api_nozzle_get_fd.c                              | 2 +-
-+ libnozzle/tests/api_nozzle_get_handle_by_name.c                  | 2 +-
-+ libnozzle/tests/api_nozzle_get_ips.c                             | 2 +-
-+ libnozzle/tests/api_nozzle_get_mac.c                             | 2 +-
-+ libnozzle/tests/api_nozzle_get_mtu.c                             | 2 +-
-+ libnozzle/tests/api_nozzle_get_name_by_handle.c                  | 2 +-
-+ libnozzle/tests/api_nozzle_open.c                                | 2 +-
-+ libnozzle/tests/api_nozzle_run_updown.c                          | 2 +-
-+ libnozzle/tests/api_nozzle_set_down.c                            | 2 +-
-+ libnozzle/tests/api_nozzle_set_mac.c                             | 2 +-
-+ libnozzle/tests/api_nozzle_set_mtu.c                             | 2 +-
-+ libnozzle/tests/api_nozzle_set_up.c                              | 2 +-
-+ libnozzle/tests/int_execute_bin_sh_command.c                     | 2 +-
-+ libnozzle/tests/test-common.c                                    | 2 +-
-+ man/doxyxml.c                                                    | 2 +-
-+ poc-code/iov-hash/main.c                                         | 2 +-
-+ build-aux/check.mk                                               | 2 +-
-+ build-aux/release.mk                                             | 2 +-
-+ build-aux/update-copyright.sh                                    | 4 ++--
-+ init/kronosnetd.default                                          | 2 +-
-+ libknet/libknet_exported_syms                                    | 2 +-
-+ libknet/tests/api-check.mk                                       | 2 +-
-+ libknet/tests/api-test-coverage                                  | 2 +-
-+ libnozzle/libnozzle_exported_syms                                | 2 +-
-+ libnozzle/tests/api-test-coverage                                | 2 +-
-+ libnozzle/tests/nozzle_run_updown_exit_false                     | 2 +-
-+ libnozzle/tests/nozzle_run_updown_exit_true                      | 2 +-
-+ man/api-to-man-page-coverage                                     | 2 +-
-+ man/knet-keygen.8                                                | 2 +-
-+ man/kronosnetd.8                                                 | 2 +-
-+ 208 files changed, 209 insertions(+), 209 deletions(-)
-+
-+diff --git a/README b/README
-+index 7b5e7ce..f8f3ea6 100644
-+--- a/README
-++++ b/README
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ Upstream resources
-+diff --git a/autogen.sh b/autogen.sh
-+index 8fb1e58..92e9483 100755
-+--- a/autogen.sh
-++++ b/autogen.sh
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ # Run this to generate all the initial makefiles, etc.
-+diff --git a/configure.ac b/configure.ac
-+index 501053e..e962592 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #          Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ #                                               -*- Autoconf -*-
-+diff --git a/Makefile.am b/Makefile.am
-+index 82cb1f5..dc5f8a5 100644
-+--- a/Makefile.am
-++++ b/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in aclocal.m4 configure depcomp \
-+diff --git a/init/Makefile.am b/init/Makefile.am
-+index 4d59a9e..fe0d9b0 100644
-+--- a/init/Makefile.am
-++++ b/init/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/kronosnetd/Makefile.am b/kronosnetd/Makefile.am
-+index 0b6f673..5ce8fa5 100644
-+--- a/kronosnetd/Makefile.am
-++++ b/kronosnetd/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in kronostnetd.logrotate
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 8adcc40..d080732 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #          Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 015587c..3346596 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libnozzle/Makefile.am b/libnozzle/Makefile.am
-+index 2ffbd08..8ac438a 100644
-+--- a/libnozzle/Makefile.am
-++++ b/libnozzle/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/libnozzle/tests/Makefile.am b/libnozzle/tests/Makefile.am
-+index b9e16ae..cdc42a3 100644
-+--- a/libnozzle/tests/Makefile.am
-++++ b/libnozzle/tests/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/man/Makefile.am b/man/Makefile.am
-+index 0ad12f6..a473e90 100644
-+--- a/man/Makefile.am
-++++ b/man/Makefile.am
-+@@ -4,7 +4,7 @@
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #          Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/poc-code/Makefile.am b/poc-code/Makefile.am
-+index 15d12f7..ddbea08 100644
-+--- a/poc-code/Makefile.am
-++++ b/poc-code/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/poc-code/iov-hash/Makefile.am b/poc-code/iov-hash/Makefile.am
-+index a41ed99..acd6b51 100644
-+--- a/poc-code/iov-hash/Makefile.am
-++++ b/poc-code/iov-hash/Makefile.am
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ MAINTAINERCLEANFILES = Makefile.in
-+diff --git a/kronosnetd/cfg.h b/kronosnetd/cfg.h
-+index 0260bff..56fa4d5 100644
-+--- a/kronosnetd/cfg.h
-++++ b/kronosnetd/cfg.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_CFG_H__
-+diff --git a/kronosnetd/etherfilter.h b/kronosnetd/etherfilter.h
-+index d805dd6..63e18b6 100644
-+--- a/kronosnetd/etherfilter.h
-++++ b/kronosnetd/etherfilter.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_ETHERFILTER_H__
-+diff --git a/kronosnetd/logging.h b/kronosnetd/logging.h
-+index e4d5ce2..1bc12b9 100644
-+--- a/kronosnetd/logging.h
-++++ b/kronosnetd/logging.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_LOGGING_H__
-+diff --git a/kronosnetd/vty.h b/kronosnetd/vty.h
-+index 86bd821..3c3e6e0 100644
-+--- a/kronosnetd/vty.h
-++++ b/kronosnetd/vty.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_VTY_H__
-+diff --git a/kronosnetd/vty_auth.h b/kronosnetd/vty_auth.h
-+index c42989b..58d75cb 100644
-+--- a/kronosnetd/vty_auth.h
-++++ b/kronosnetd/vty_auth.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_VTY_AUTH_H__
-+diff --git a/kronosnetd/vty_cli.h b/kronosnetd/vty_cli.h
-+index 9bbdcc7..0d7e515 100644
-+--- a/kronosnetd/vty_cli.h
-++++ b/kronosnetd/vty_cli.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_VTY_CLI_H__
-+diff --git a/kronosnetd/vty_cli_cmds.h b/kronosnetd/vty_cli_cmds.h
-+index ac07573..ba40ddf 100644
-+--- a/kronosnetd/vty_cli_cmds.h
-++++ b/kronosnetd/vty_cli_cmds.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_VTY_CLI_CMDS_H__
-+diff --git a/kronosnetd/vty_utils.h b/kronosnetd/vty_utils.h
-+index 07e339b..7ac318a 100644
-+--- a/kronosnetd/vty_utils.h
-++++ b/kronosnetd/vty_utils.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNETD_VTY_UTILS_H__
-+diff --git a/libknet/common.h b/libknet/common.h
-+index ddea7fc..6128b16 100644
-+--- a/libknet/common.h
-++++ b/libknet/common.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "internals.h"
-+diff --git a/libknet/compat.h b/libknet/compat.h
-+index e9af804..903fdfb 100644
-+--- a/libknet/compat.h
-++++ b/libknet/compat.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Jan Friesse <jfriesse@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_COMPAT_H__
-+diff --git a/libknet/compress.h b/libknet/compress.h
-+index 47edddf..d43a9d5 100644
-+--- a/libknet/compress.h
-++++ b/libknet/compress.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_COMPRESS_H__
-+diff --git a/libknet/compress_model.h b/libknet/compress_model.h
-+index 909f5a1..e69e491 100644
-+--- a/libknet/compress_model.h
-++++ b/libknet/compress_model.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_COMPRESS_MODEL_H__
-+diff --git a/libknet/crypto.h b/libknet/crypto.h
-+index 707de32..f80cb43 100644
-+--- a/libknet/crypto.h
-++++ b/libknet/crypto.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_CRYPTO_H__
-+diff --git a/libknet/crypto_model.h b/libknet/crypto_model.h
-+index 9bb4f17..70f6238 100644
-+--- a/libknet/crypto_model.h
-++++ b/libknet/crypto_model.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_CRYPTO_MODEL_H__
-+diff --git a/libknet/host.h b/libknet/host.h
-+index 4336b17..307b6e7 100644
-+--- a/libknet/host.h
-++++ b/libknet/host.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_HOST_H__
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 12f613c..3f105a1 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_INTERNALS_H__
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 907213f..acd1c86 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __LIBKNET_H__
-+diff --git a/libknet/links.h b/libknet/links.h
-+index 7c0250d..e14958d 100644
-+--- a/libknet/links.h
-++++ b/libknet/links.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_LINK_H__
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 60f7812..4617c9b 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_LINKS_ACL_H__
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index b33ffb1..f566c1e 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_LINKS_ACL_IP_H__
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index b51d2bf..d10764c 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_LINKS_ACL_LOOPBACK_H__
-+diff --git a/libknet/logging.h b/libknet/logging.h
-+index bdcd85e..01dcaf1 100644
-+--- a/libknet/logging.h
-++++ b/libknet/logging.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_LOGGING_H__
-+diff --git a/libknet/netutils.h b/libknet/netutils.h
-+index bdc605e..b293115 100644
-+--- a/libknet/netutils.h
-++++ b/libknet/netutils.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_NETUTILS_H__
-+diff --git a/libknet/onwire.h b/libknet/onwire.h
-+index ea45bfb..9815bc3 100644
-+--- a/libknet/onwire.h
-++++ b/libknet/onwire.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_ONWIRE_H__
-+diff --git a/libknet/tests/test-common.h b/libknet/tests/test-common.h
-+index a498a09..f1375ab 100644
-+--- a/libknet/tests/test-common.h
-++++ b/libknet/tests/test-common.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_TEST_COMMON_H__
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index cff7691..596de14 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_COMMON_H__
-+diff --git a/libknet/threads_dsthandler.h b/libknet/threads_dsthandler.h
-+index 0c968ff..db9117c 100644
-+--- a/libknet/threads_dsthandler.h
-++++ b/libknet/threads_dsthandler.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_DSTHANDLER_H__
-+diff --git a/libknet/threads_heartbeat.h b/libknet/threads_heartbeat.h
-+index 2fcc9a0..b2580d1 100644
-+--- a/libknet/threads_heartbeat.h
-++++ b/libknet/threads_heartbeat.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_HEARTBEAT_H__
-+diff --git a/libknet/threads_pmtud.h b/libknet/threads_pmtud.h
-+index 2cdcdbc..5ed3155 100644
-+--- a/libknet/threads_pmtud.h
-++++ b/libknet/threads_pmtud.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_PMTUD_H__
-+diff --git a/libknet/threads_rx.h b/libknet/threads_rx.h
-+index ff8bd6e..b88c098 100644
-+--- a/libknet/threads_rx.h
-++++ b/libknet/threads_rx.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_RX_H__
-+diff --git a/libknet/threads_tx.h b/libknet/threads_tx.h
-+index 7c4b2c0..28c4958 100644
-+--- a/libknet/threads_tx.h
-++++ b/libknet/threads_tx.h
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_THREADS_TX_H__
-+diff --git a/libknet/transport_common.h b/libknet/transport_common.h
-+index 778af8b..0ca21d0 100644
-+--- a/libknet/transport_common.h
-++++ b/libknet/transport_common.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_TRANSPORT_COMMON_H__
-+diff --git a/libknet/transport_loopback.h b/libknet/transport_loopback.h
-+index 6ce3ed3..a848ff8 100644
-+--- a/libknet/transport_loopback.h
-++++ b/libknet/transport_loopback.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_sctp.h b/libknet/transport_sctp.h
-+index 83a638b..0b8f320 100644
-+--- a/libknet/transport_sctp.h
-++++ b/libknet/transport_sctp.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_udp.h b/libknet/transport_udp.h
-+index 6de18e3..1dec863 100644
-+--- a/libknet/transport_udp.h
-++++ b/libknet/transport_udp.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index 38f69ba..3a29ce6 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __KNET_TRANSPORTS_H__
-+diff --git a/libnozzle/internals.h b/libnozzle/internals.h
-+index 853e14e..c9192a8 100644
-+--- a/libnozzle/internals.h
-++++ b/libnozzle/internals.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __NOZZLE_INTERNALS_H__
-+diff --git a/libnozzle/libnozzle.h b/libnozzle/libnozzle.h
-+index b8ab7d6..ad7c474 100644
-+--- a/libnozzle/libnozzle.h
-++++ b/libnozzle/libnozzle.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #ifndef __LIBNOZZLE_H__
-+diff --git a/libnozzle/tests/test-common.h b/libnozzle/tests/test-common.h
-+index 4562ea2..fcfafef 100644
-+--- a/libnozzle/tests/test-common.h
-++++ b/libnozzle/tests/test-common.h
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #ifndef __NOZZLE_TEST_COMMON_H__
-+diff --git a/init/kronosnetd.in b/init/kronosnetd.in
-+index 1823a3b..1da3273 100644
-+--- a/init/kronosnetd.in
-++++ b/init/kronosnetd.in
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ # chkconfig: - 20 80
-+diff --git a/init/kronosnetd.service.in b/init/kronosnetd.service.in
-+index 4d2a32a..cfc80f7 100644
-+--- a/init/kronosnetd.service.in
-++++ b/init/kronosnetd.service.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ [Unit]
-+diff --git a/kronosnetd/kronosnetd.logrotate.in b/kronosnetd/kronosnetd.logrotate.in
-+index 4ed1fd2..a8a6969 100644
-+--- a/kronosnetd/kronosnetd.logrotate.in
-++++ b/kronosnetd/kronosnetd.logrotate.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ @LOGDIR@kronosnetd.log {
-+diff --git a/libknet/libknet.pc.in b/libknet/libknet.pc.in
-+index bb7b25c..021b2c4 100644
-+--- a/libknet/libknet.pc.in
-++++ b/libknet/libknet.pc.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Federico Simoncelli <fsimon@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+ 
-+ prefix=@prefix@
-+diff --git a/libnozzle/libnozzle.pc.in b/libnozzle/libnozzle.pc.in
-+index d6b2a15..9df0918 100644
-+--- a/libnozzle/libnozzle.pc.in
-++++ b/libnozzle/libnozzle.pc.in
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+ 
-+ prefix=@prefix@
-+diff --git a/man/Doxyfile-knet.in b/man/Doxyfile-knet.in
-+index f78e313..4750c9a 100644
-+--- a/man/Doxyfile-knet.in
-++++ b/man/Doxyfile-knet.in
-+@@ -4,7 +4,7 @@
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #         Christine Caulfield <ccaulfie@redhat.com>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ PROJECT_NAME        = @PACKAGE_NAME@
-+ PROJECT_NUMBER         = @PACKAGE_VERSION@
-+diff --git a/man/Doxyfile-nozzle.in b/man/Doxyfile-nozzle.in
-+index 2855e50..793d49d 100644
-+--- a/man/Doxyfile-nozzle.in
-++++ b/man/Doxyfile-nozzle.in
-+@@ -4,7 +4,7 @@
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #         Christine Caulfield <ccaulfie@redhat.com>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ PROJECT_NAME        = @PACKAGE_NAME@
-+ PROJECT_NUMBER         = @PACKAGE_VERSION@
-+diff --git a/kronosnetd/cfg.c b/kronosnetd/cfg.c
-+index 69d209a..406532a 100644
-+--- a/kronosnetd/cfg.c
-++++ b/kronosnetd/cfg.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/etherfilter.c b/kronosnetd/etherfilter.c
-+index 8542061..5f0d9fb 100644
-+--- a/kronosnetd/etherfilter.c
-++++ b/kronosnetd/etherfilter.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/keygen.c b/kronosnetd/keygen.c
-+index eb91473..42706ad 100644
-+--- a/kronosnetd/keygen.c
-++++ b/kronosnetd/keygen.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/logging.c b/kronosnetd/logging.c
-+index b3ef0d1..9c141cd 100644
-+--- a/kronosnetd/logging.c
-++++ b/kronosnetd/logging.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/main.c b/kronosnetd/main.c
-+index c1a8c2b..ec43871 100644
-+--- a/kronosnetd/main.c
-++++ b/kronosnetd/main.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/vty.c b/kronosnetd/vty.c
-+index d624bf4..2c5d4d3 100644
-+--- a/kronosnetd/vty.c
-++++ b/kronosnetd/vty.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_auth.c b/kronosnetd/vty_auth.c
-+index cf997f9..30e0929 100644
-+--- a/kronosnetd/vty_auth.c
-++++ b/kronosnetd/vty_auth.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_cli.c b/kronosnetd/vty_cli.c
-+index 68ff0da..95e4c8f 100644
-+--- a/kronosnetd/vty_cli.c
-++++ b/kronosnetd/vty_cli.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_cli_cmds.c b/kronosnetd/vty_cli_cmds.c
-+index 18b11a0..e5ad496 100644
-+--- a/kronosnetd/vty_cli_cmds.c
-++++ b/kronosnetd/vty_cli_cmds.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/kronosnetd/vty_utils.c b/kronosnetd/vty_utils.c
-+index 3c5cc86..2cf5117 100644
-+--- a/kronosnetd/vty_utils.c
-++++ b/kronosnetd/vty_utils.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/common.c b/libknet/common.c
-+index be46f23..30e537e 100644
-+--- a/libknet/common.c
-++++ b/libknet/common.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/compat.c b/libknet/compat.c
-+index a60bca2..e808f33 100644
-+--- a/libknet/compat.c
-++++ b/libknet/compat.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Jan Friesse <jfriesse@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 864828f..24755c7 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/compress_bzip2.c b/libknet/compress_bzip2.c
-+index 521e206..5a972ff 100644
-+--- a/libknet/compress_bzip2.c
-++++ b/libknet/compress_bzip2.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_lz4.c b/libknet/compress_lz4.c
-+index 22b926f..60aa196 100644
-+--- a/libknet/compress_lz4.c
-++++ b/libknet/compress_lz4.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_lz4hc.c b/libknet/compress_lz4hc.c
-+index 9a69ab4..781bf12 100644
-+--- a/libknet/compress_lz4hc.c
-++++ b/libknet/compress_lz4hc.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_lzma.c b/libknet/compress_lzma.c
-+index e9ba2e3..7fdd178 100644
-+--- a/libknet/compress_lzma.c
-++++ b/libknet/compress_lzma.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_lzo2.c b/libknet/compress_lzo2.c
-+index e66d3dc..12066ed 100644
-+--- a/libknet/compress_lzo2.c
-++++ b/libknet/compress_lzo2.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_zlib.c b/libknet/compress_zlib.c
-+index 8807bb4..2fb12f5 100644
-+--- a/libknet/compress_zlib.c
-++++ b/libknet/compress_zlib.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+index 6f9b499..f76ea5f 100644
-+--- a/libknet/compress_zstd.c
-++++ b/libknet/compress_zstd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 6c340f5..9f05fba 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index 5c3a437..330b40c 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 999ed93..0cbc6f5 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ #define KNET_MODULE
-+ 
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 251d332..4835e99 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/host.c b/libknet/host.c
-+index 66826c1..abb1f89 100644
-+--- a/libknet/host.c
-++++ b/libknet/host.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 8011a6d..4ec308c 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 776408a..eb77e7b 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 9310f21..e479bbd 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 044a51c..0a0adec 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/logging.c b/libknet/logging.c
-+index 5c91257..2efee1b 100644
-+--- a/libknet/logging.c
-++++ b/libknet/logging.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/netutils.c b/libknet/netutils.c
-+index 72bc659..e37f4fe 100644
-+--- a/libknet/netutils.c
-++++ b/libknet/netutils.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_addrtostr.c b/libknet/tests/api_knet_addrtostr.c
-+index 9adbf31..9cdf502 100644
-+--- a/libknet/tests/api_knet_addrtostr.c
-++++ b/libknet/tests/api_knet_addrtostr.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_compress_list.c b/libknet/tests/api_knet_get_compress_list.c
-+index 230e203..53e4192 100644
-+--- a/libknet/tests/api_knet_get_compress_list.c
-++++ b/libknet/tests/api_knet_get_compress_list.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_crypto_list.c b/libknet/tests/api_knet_get_crypto_list.c
-+index 4121aa4..760adab 100644
-+--- a/libknet/tests/api_knet_get_crypto_list.c
-++++ b/libknet/tests/api_knet_get_crypto_list.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_id_by_name.c b/libknet/tests/api_knet_get_transport_id_by_name.c
-+index 973814f..9bcd673 100644
-+--- a/libknet/tests/api_knet_get_transport_id_by_name.c
-++++ b/libknet/tests/api_knet_get_transport_id_by_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_list.c b/libknet/tests/api_knet_get_transport_list.c
-+index c748901..9ab5c10 100644
-+--- a/libknet/tests/api_knet_get_transport_list.c
-++++ b/libknet/tests/api_knet_get_transport_list.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_get_transport_name_by_id.c b/libknet/tests/api_knet_get_transport_name_by_id.c
-+index a797cec..3233a1d 100644
-+--- a/libknet/tests/api_knet_get_transport_name_by_id.c
-++++ b/libknet/tests/api_knet_get_transport_name_by_id.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_add_datafd.c b/libknet/tests/api_knet_handle_add_datafd.c
-+index 7159399..3088797 100644
-+--- a/libknet/tests/api_knet_handle_add_datafd.c
-++++ b/libknet/tests/api_knet_handle_add_datafd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_clear_stats.c b/libknet/tests/api_knet_handle_clear_stats.c
-+index 07f059a..0867b13 100644
-+--- a/libknet/tests/api_knet_handle_clear_stats.c
-++++ b/libknet/tests/api_knet_handle_clear_stats.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_compress.c b/libknet/tests/api_knet_handle_compress.c
-+index 1525e6a..40b6f39 100644
-+--- a/libknet/tests/api_knet_handle_compress.c
-++++ b/libknet/tests/api_knet_handle_compress.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_crypto.c b/libknet/tests/api_knet_handle_crypto.c
-+index 9dbf5bc..1eed96e 100644
-+--- a/libknet/tests/api_knet_handle_crypto.c
-++++ b/libknet/tests/api_knet_handle_crypto.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+index d08f175..be54bc4 100644
-+--- a/libknet/tests/api_knet_handle_enable_access_lists.c
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_filter.c b/libknet/tests/api_knet_handle_enable_filter.c
-+index 63b2166..e518b42 100644
-+--- a/libknet/tests/api_knet_handle_enable_filter.c
-++++ b/libknet/tests/api_knet_handle_enable_filter.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_pmtud_notify.c b/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-+index 726c2cc..f11abc3 100644
-+--- a/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-++++ b/libknet/tests/api_knet_handle_enable_pmtud_notify.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_enable_sock_notify.c b/libknet/tests/api_knet_handle_enable_sock_notify.c
-+index 9c90600..adefb5a 100644
-+--- a/libknet/tests/api_knet_handle_enable_sock_notify.c
-++++ b/libknet/tests/api_knet_handle_enable_sock_notify.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_free.c b/libknet/tests/api_knet_handle_free.c
-+index 75319fc..53b6dc6 100644
-+--- a/libknet/tests/api_knet_handle_free.c
-++++ b/libknet/tests/api_knet_handle_free.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_channel.c b/libknet/tests/api_knet_handle_get_channel.c
-+index 3ade302..0196136 100644
-+--- a/libknet/tests/api_knet_handle_get_channel.c
-++++ b/libknet/tests/api_knet_handle_get_channel.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_datafd.c b/libknet/tests/api_knet_handle_get_datafd.c
-+index 8838b69..57aedf5 100644
-+--- a/libknet/tests/api_knet_handle_get_datafd.c
-++++ b/libknet/tests/api_knet_handle_get_datafd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_stats.c b/libknet/tests/api_knet_handle_get_stats.c
-+index e8a83b4..38a0c97 100644
-+--- a/libknet/tests/api_knet_handle_get_stats.c
-++++ b/libknet/tests/api_knet_handle_get_stats.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c b/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-+index 7a43823..f013a5b 100644
-+--- a/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-++++ b/libknet/tests/api_knet_handle_get_transport_reconnect_interval.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_new.c b/libknet/tests/api_knet_handle_new.c
-+index b7af566..9559d4a 100644
-+--- a/libknet/tests/api_knet_handle_new.c
-++++ b/libknet/tests/api_knet_handle_new.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_new_limit.c b/libknet/tests/api_knet_handle_new_limit.c
-+index d51db97..fc3bdcd 100644
-+--- a/libknet/tests/api_knet_handle_new_limit.c
-++++ b/libknet/tests/api_knet_handle_new_limit.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_get.c b/libknet/tests/api_knet_handle_pmtud_get.c
-+index a1b1d12..803a288 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_get.c
-++++ b/libknet/tests/api_knet_handle_pmtud_get.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_getfreq.c b/libknet/tests/api_knet_handle_pmtud_getfreq.c
-+index 5c5c7e0..23e3239 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_getfreq.c
-++++ b/libknet/tests/api_knet_handle_pmtud_getfreq.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_pmtud_setfreq.c b/libknet/tests/api_knet_handle_pmtud_setfreq.c
-+index b4eebda..2a720c3 100644
-+--- a/libknet/tests/api_knet_handle_pmtud_setfreq.c
-++++ b/libknet/tests/api_knet_handle_pmtud_setfreq.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_remove_datafd.c b/libknet/tests/api_knet_handle_remove_datafd.c
-+index 08a42ab..ace5df7 100644
-+--- a/libknet/tests/api_knet_handle_remove_datafd.c
-++++ b/libknet/tests/api_knet_handle_remove_datafd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c b/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-+index 80bbacb..c561559 100644
-+--- a/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-++++ b/libknet/tests/api_knet_handle_set_transport_reconnect_interval.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_handle_setfwd.c b/libknet/tests/api_knet_handle_setfwd.c
-+index 9658075..21a5c9f 100644
-+--- a/libknet/tests/api_knet_handle_setfwd.c
-++++ b/libknet/tests/api_knet_handle_setfwd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_add.c b/libknet/tests/api_knet_host_add.c
-+index 762d0df..65104f5 100644
-+--- a/libknet/tests/api_knet_host_add.c
-++++ b/libknet/tests/api_knet_host_add.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_enable_status_change_notify.c b/libknet/tests/api_knet_host_enable_status_change_notify.c
-+index 96d133d..b0467a5 100644
-+--- a/libknet/tests/api_knet_host_enable_status_change_notify.c
-++++ b/libknet/tests/api_knet_host_enable_status_change_notify.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_host_list.c b/libknet/tests/api_knet_host_get_host_list.c
-+index 76fb23b..fc573bb 100644
-+--- a/libknet/tests/api_knet_host_get_host_list.c
-++++ b/libknet/tests/api_knet_host_get_host_list.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_id_by_host_name.c b/libknet/tests/api_knet_host_get_id_by_host_name.c
-+index 81ad504..745dbfa 100644
-+--- a/libknet/tests/api_knet_host_get_id_by_host_name.c
-++++ b/libknet/tests/api_knet_host_get_id_by_host_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_name_by_host_id.c b/libknet/tests/api_knet_host_get_name_by_host_id.c
-+index d239821..4604525 100644
-+--- a/libknet/tests/api_knet_host_get_name_by_host_id.c
-++++ b/libknet/tests/api_knet_host_get_name_by_host_id.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_policy.c b/libknet/tests/api_knet_host_get_policy.c
-+index 3160503..8511815 100644
-+--- a/libknet/tests/api_knet_host_get_policy.c
-++++ b/libknet/tests/api_knet_host_get_policy.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_get_status.c b/libknet/tests/api_knet_host_get_status.c
-+index b13c57a..3b46f0c 100644
-+--- a/libknet/tests/api_knet_host_get_status.c
-++++ b/libknet/tests/api_knet_host_get_status.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_remove.c b/libknet/tests/api_knet_host_remove.c
-+index 12d1f8f..36dd47c 100644
-+--- a/libknet/tests/api_knet_host_remove.c
-++++ b/libknet/tests/api_knet_host_remove.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_set_name.c b/libknet/tests/api_knet_host_set_name.c
-+index 88d6ce9..c899d33 100644
-+--- a/libknet/tests/api_knet_host_set_name.c
-++++ b/libknet/tests/api_knet_host_set_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_host_set_policy.c b/libknet/tests/api_knet_host_set_policy.c
-+index 41102d2..2583114 100644
-+--- a/libknet/tests/api_knet_host_set_policy.c
-++++ b/libknet/tests/api_knet_host_set_policy.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+index ff7a2e2..52d6022 100644
-+--- a/libknet/tests/api_knet_link_add_acl.c
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+index 234a76b..3516b4d 100644
-+--- a/libknet/tests/api_knet_link_clear_acl.c
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_clear_config.c b/libknet/tests/api_knet_link_clear_config.c
-+index 8d7800d..ff9c473 100644
-+--- a/libknet/tests/api_knet_link_clear_config.c
-++++ b/libknet/tests/api_knet_link_clear_config.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_config.c b/libknet/tests/api_knet_link_get_config.c
-+index 111b406..60a56fd 100644
-+--- a/libknet/tests/api_knet_link_get_config.c
-++++ b/libknet/tests/api_knet_link_get_config.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_enable.c b/libknet/tests/api_knet_link_get_enable.c
-+index 410c017..b0e1348 100644
-+--- a/libknet/tests/api_knet_link_get_enable.c
-++++ b/libknet/tests/api_knet_link_get_enable.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_link_list.c b/libknet/tests/api_knet_link_get_link_list.c
-+index e3dd73e..6114f83 100644
-+--- a/libknet/tests/api_knet_link_get_link_list.c
-++++ b/libknet/tests/api_knet_link_get_link_list.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_ping_timers.c b/libknet/tests/api_knet_link_get_ping_timers.c
-+index 5f0e9b1..414619f 100644
-+--- a/libknet/tests/api_knet_link_get_ping_timers.c
-++++ b/libknet/tests/api_knet_link_get_ping_timers.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_pong_count.c b/libknet/tests/api_knet_link_get_pong_count.c
-+index bbc993d..e032b96 100644
-+--- a/libknet/tests/api_knet_link_get_pong_count.c
-++++ b/libknet/tests/api_knet_link_get_pong_count.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_priority.c b/libknet/tests/api_knet_link_get_priority.c
-+index 29d7d2e..80538fe 100644
-+--- a/libknet/tests/api_knet_link_get_priority.c
-++++ b/libknet/tests/api_knet_link_get_priority.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_get_status.c b/libknet/tests/api_knet_link_get_status.c
-+index fe56734..5139692 100644
-+--- a/libknet/tests/api_knet_link_get_status.c
-++++ b/libknet/tests/api_knet_link_get_status.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+index 79d04df..2f55c16 100644
-+--- a/libknet/tests/api_knet_link_insert_acl.c
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+index d132c54..7217a4f 100644
-+--- a/libknet/tests/api_knet_link_rm_acl.c
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index b96c628..c43a4de 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_enable.c b/libknet/tests/api_knet_link_set_enable.c
-+index f48f1c0..17e6e03 100644
-+--- a/libknet/tests/api_knet_link_set_enable.c
-++++ b/libknet/tests/api_knet_link_set_enable.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_ping_timers.c b/libknet/tests/api_knet_link_set_ping_timers.c
-+index d823a81..46170f6 100644
-+--- a/libknet/tests/api_knet_link_set_ping_timers.c
-++++ b/libknet/tests/api_knet_link_set_ping_timers.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_pong_count.c b/libknet/tests/api_knet_link_set_pong_count.c
-+index 70fc57f..b8974e3 100644
-+--- a/libknet/tests/api_knet_link_set_pong_count.c
-++++ b/libknet/tests/api_knet_link_set_pong_count.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_link_set_priority.c b/libknet/tests/api_knet_link_set_priority.c
-+index a89392e..aac0ea2 100644
-+--- a/libknet/tests/api_knet_link_set_priority.c
-++++ b/libknet/tests/api_knet_link_set_priority.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel.c b/libknet/tests/api_knet_log_get_loglevel.c
-+index 4a62ead..4d4a52c 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel.c
-++++ b/libknet/tests/api_knet_log_get_loglevel.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel_id.c b/libknet/tests/api_knet_log_get_loglevel_id.c
-+index 1053dff..379ba71 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel_id.c
-++++ b/libknet/tests/api_knet_log_get_loglevel_id.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_loglevel_name.c b/libknet/tests/api_knet_log_get_loglevel_name.c
-+index 317ebb1..ef19af2 100644
-+--- a/libknet/tests/api_knet_log_get_loglevel_name.c
-++++ b/libknet/tests/api_knet_log_get_loglevel_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_subsystem_id.c b/libknet/tests/api_knet_log_get_subsystem_id.c
-+index 0b47805..cff9e8a 100644
-+--- a/libknet/tests/api_knet_log_get_subsystem_id.c
-++++ b/libknet/tests/api_knet_log_get_subsystem_id.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_get_subsystem_name.c b/libknet/tests/api_knet_log_get_subsystem_name.c
-+index 1b11fe6..0384730 100644
-+--- a/libknet/tests/api_knet_log_get_subsystem_name.c
-++++ b/libknet/tests/api_knet_log_get_subsystem_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_log_set_loglevel.c b/libknet/tests/api_knet_log_set_loglevel.c
-+index e729113..7a9232a 100644
-+--- a/libknet/tests/api_knet_log_set_loglevel.c
-++++ b/libknet/tests/api_knet_log_set_loglevel.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_recv.c b/libknet/tests/api_knet_recv.c
-+index 6e23353..99bd7bc 100644
-+--- a/libknet/tests/api_knet_recv.c
-++++ b/libknet/tests/api_knet_recv.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index ca16e3d..ab9715a 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_compress.c b/libknet/tests/api_knet_send_compress.c
-+index b03f4e7..6d5f445 100644
-+--- a/libknet/tests/api_knet_send_compress.c
-++++ b/libknet/tests/api_knet_send_compress.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_crypto.c b/libknet/tests/api_knet_send_crypto.c
-+index e33a808..11de857 100644
-+--- a/libknet/tests/api_knet_send_crypto.c
-++++ b/libknet/tests/api_knet_send_crypto.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 2feca68..741b51d 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_send_sync.c b/libknet/tests/api_knet_send_sync.c
-+index f2718c9..96cb716 100644
-+--- a/libknet/tests/api_knet_send_sync.c
-++++ b/libknet/tests/api_knet_send_sync.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/api_knet_strtoaddr.c b/libknet/tests/api_knet_strtoaddr.c
-+index 57a8a0a..a0be1da 100644
-+--- a/libknet/tests/api_knet_strtoaddr.c
-++++ b/libknet/tests/api_knet_strtoaddr.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+index 93dff63..41e7d59 100644
-+--- a/libknet/tests/int_links_acl_ip.c
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/int_timediff.c b/libknet/tests/int_timediff.c
-+index 12735d8..a878a31 100644
-+--- a/libknet/tests/int_timediff.c
-++++ b/libknet/tests/int_timediff.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/knet_bench.c b/libknet/tests/knet_bench.c
-+index 00cd58b..dfe5238 100644
-+--- a/libknet/tests/knet_bench.c
-++++ b/libknet/tests/knet_bench.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/tests/pckt_test.c b/libknet/tests/pckt_test.c
-+index 56cf018..f3e2100 100644
-+--- a/libknet/tests/pckt_test.c
-++++ b/libknet/tests/pckt_test.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include <stdio.h>
-+diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-+index a4ff297..cd3f6c4 100644
-+--- a/libknet/tests/test-common.c
-++++ b/libknet/tests/test-common.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index 53a6f9f..1f3e1e3 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_dsthandler.c b/libknet/threads_dsthandler.c
-+index 2633188..0776107 100644
-+--- a/libknet/threads_dsthandler.c
-++++ b/libknet/threads_dsthandler.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 8def9b8..8f8a7ec 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index b4ee632..603f595 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 626cbc4..b2a5dad 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index 8096906..32d65d5 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -4,7 +4,7 @@
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *          Federico Simoncelli <fsimon@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_common.c b/libknet/transport_common.c
-+index fe40ad8..7286643 100644
-+--- a/libknet/transport_common.c
-++++ b/libknet/transport_common.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_loopback.c b/libknet/transport_loopback.c
-+index 54129d7..17253f5 100644
-+--- a/libknet/transport_loopback.c
-++++ b/libknet/transport_loopback.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 2c1cdcc..d97d6f9 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 1537438..53d2ba0 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 51712df..93119c5 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/internals.c b/libnozzle/internals.c
-+index f056e3b..53c0cdb 100644
-+--- a/libnozzle/internals.c
-++++ b/libnozzle/internals.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/libnozzle.c b/libnozzle/libnozzle.c
-+index b6e9566..15863ec 100644
-+--- a/libnozzle/libnozzle.c
-++++ b/libnozzle/libnozzle.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under LGPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_add_ip.c b/libnozzle/tests/api_nozzle_add_ip.c
-+index bb81ba7..a9d76c6 100644
-+--- a/libnozzle/tests/api_nozzle_add_ip.c
-++++ b/libnozzle/tests/api_nozzle_add_ip.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_close.c b/libnozzle/tests/api_nozzle_close.c
-+index f1cbc77..7ba17c4 100644
-+--- a/libnozzle/tests/api_nozzle_close.c
-++++ b/libnozzle/tests/api_nozzle_close.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_del_ip.c b/libnozzle/tests/api_nozzle_del_ip.c
-+index 0178bb0..625484f 100644
-+--- a/libnozzle/tests/api_nozzle_del_ip.c
-++++ b/libnozzle/tests/api_nozzle_del_ip.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_fd.c b/libnozzle/tests/api_nozzle_get_fd.c
-+index 9b29faf..5dc5b4c 100644
-+--- a/libnozzle/tests/api_nozzle_get_fd.c
-++++ b/libnozzle/tests/api_nozzle_get_fd.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_handle_by_name.c b/libnozzle/tests/api_nozzle_get_handle_by_name.c
-+index 83c39bb..1fa5a0a 100644
-+--- a/libnozzle/tests/api_nozzle_get_handle_by_name.c
-++++ b/libnozzle/tests/api_nozzle_get_handle_by_name.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_ips.c b/libnozzle/tests/api_nozzle_get_ips.c
-+index c41024f..446a79a 100644
-+--- a/libnozzle/tests/api_nozzle_get_ips.c
-++++ b/libnozzle/tests/api_nozzle_get_ips.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_mac.c b/libnozzle/tests/api_nozzle_get_mac.c
-+index 1318ba5..f4c72cc 100644
-+--- a/libnozzle/tests/api_nozzle_get_mac.c
-++++ b/libnozzle/tests/api_nozzle_get_mac.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_mtu.c b/libnozzle/tests/api_nozzle_get_mtu.c
-+index 07b05ee..1b1f85e 100644
-+--- a/libnozzle/tests/api_nozzle_get_mtu.c
-++++ b/libnozzle/tests/api_nozzle_get_mtu.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_get_name_by_handle.c b/libnozzle/tests/api_nozzle_get_name_by_handle.c
-+index 5b8152b..0fe9eb4 100644
-+--- a/libnozzle/tests/api_nozzle_get_name_by_handle.c
-++++ b/libnozzle/tests/api_nozzle_get_name_by_handle.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_open.c b/libnozzle/tests/api_nozzle_open.c
-+index ee15316..413f2c2 100644
-+--- a/libnozzle/tests/api_nozzle_open.c
-++++ b/libnozzle/tests/api_nozzle_open.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_run_updown.c b/libnozzle/tests/api_nozzle_run_updown.c
-+index c80216a..1536b5b 100644
-+--- a/libnozzle/tests/api_nozzle_run_updown.c
-++++ b/libnozzle/tests/api_nozzle_run_updown.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_down.c b/libnozzle/tests/api_nozzle_set_down.c
-+index 90623ba..9466bdb 100644
-+--- a/libnozzle/tests/api_nozzle_set_down.c
-++++ b/libnozzle/tests/api_nozzle_set_down.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_mac.c b/libnozzle/tests/api_nozzle_set_mac.c
-+index dba7d49..244e866 100644
-+--- a/libnozzle/tests/api_nozzle_set_mac.c
-++++ b/libnozzle/tests/api_nozzle_set_mac.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_mtu.c b/libnozzle/tests/api_nozzle_set_mtu.c
-+index fc8ee1c..ce4ccbb 100644
-+--- a/libnozzle/tests/api_nozzle_set_mtu.c
-++++ b/libnozzle/tests/api_nozzle_set_mtu.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/api_nozzle_set_up.c b/libnozzle/tests/api_nozzle_set_up.c
-+index d8de39d..d258b6a 100644
-+--- a/libnozzle/tests/api_nozzle_set_up.c
-++++ b/libnozzle/tests/api_nozzle_set_up.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/int_execute_bin_sh_command.c b/libnozzle/tests/int_execute_bin_sh_command.c
-+index 87531c0..97422a2 100644
-+--- a/libnozzle/tests/int_execute_bin_sh_command.c
-++++ b/libnozzle/tests/int_execute_bin_sh_command.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/libnozzle/tests/test-common.c b/libnozzle/tests/test-common.c
-+index c84aac1..b36be79 100644
-+--- a/libnozzle/tests/test-common.c
-++++ b/libnozzle/tests/test-common.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ #include "config.h"
-+diff --git a/man/doxyxml.c b/man/doxyxml.c
-+index 7d9a60c..2f28976 100644
-+--- a/man/doxyxml.c
-++++ b/man/doxyxml.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ 
-+diff --git a/poc-code/iov-hash/main.c b/poc-code/iov-hash/main.c
-+index 61d2e12..fa407a2 100644
-+--- a/poc-code/iov-hash/main.c
-++++ b/poc-code/iov-hash/main.c
-+@@ -3,7 +3,7 @@
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-++ * This software licensed under GPL-2.0+
-+  */
-+ 
-+ /* Example code to illustrate DES enccryption/decryption using NSS.
-+diff --git a/build-aux/check.mk b/build-aux/check.mk
-+index 6da4417..f42e552 100644
-+--- a/build-aux/check.mk
-++++ b/build-aux/check.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ VALGRIND = $(VALGRIND_EXEC) -q --error-exitcode=127 --gen-suppressions=all
-+diff --git a/build-aux/release.mk b/build-aux/release.mk
-+index de3599d..003125d 100644
-+--- a/build-aux/release.mk
-++++ b/build-aux/release.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ # to build official release tarballs, handle tagging and publish.
-+diff --git a/build-aux/update-copyright.sh b/build-aux/update-copyright.sh
-+index fd50f8e..62c449c 100755
-+--- a/build-aux/update-copyright.sh
-++++ b/build-aux/update-copyright.sh
-+@@ -1,10 +1,10 @@
-+ #!/bin/sh
-+ #
-+-# Copyright (C) 2017 Red Hat, Inc.  All rights reserved.
-++# Copyright (C) 2017-2019 Red Hat, Inc.  All rights reserved.
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ # script to update copyright dates across the tree
-+diff --git a/init/kronosnetd.default b/init/kronosnetd.default
-+index ed94648..9f6755c 100644
-+--- a/init/kronosnetd.default
-++++ b/init/kronosnetd.default
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ 
-+diff --git a/libknet/libknet_exported_syms b/libknet/libknet_exported_syms
-+index d8a55e2..1d8bddb 100644
-+--- a/libknet/libknet_exported_syms
-++++ b/libknet/libknet_exported_syms
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+ 
-+ LIBKNET {
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 427c388..102ec52 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -3,7 +3,7 @@
-+ #
-+ # Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ api_checks           = \
-+diff --git a/libknet/tests/api-test-coverage b/libknet/tests/api-test-coverage
-+index bf0ccc3..e988ab1 100755
-+--- a/libknet/tests/api-test-coverage
-++++ b/libknet/tests/api-test-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ srcdir="$1"/libknet/tests
-+diff --git a/libnozzle/libnozzle_exported_syms b/libnozzle/libnozzle_exported_syms
-+index 934b204..f6f62d2 100644
-+--- a/libnozzle/libnozzle_exported_syms
-++++ b/libnozzle/libnozzle_exported_syms
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under LGPL-2.0+
-+ #
-+ 
-+ LIBNOZZLE {
-+diff --git a/libnozzle/tests/api-test-coverage b/libnozzle/tests/api-test-coverage
-+index cd99edf..4049ad9 100755
-+--- a/libnozzle/tests/api-test-coverage
-++++ b/libnozzle/tests/api-test-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ srcdir="$1"/libnozzle/tests
-+diff --git a/libnozzle/tests/nozzle_run_updown_exit_false b/libnozzle/tests/nozzle_run_updown_exit_false
-+index 3f03ff6..795456a 100755
-+--- a/libnozzle/tests/nozzle_run_updown_exit_false
-++++ b/libnozzle/tests/nozzle_run_updown_exit_false
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ exit 1
-+diff --git a/libnozzle/tests/nozzle_run_updown_exit_true b/libnozzle/tests/nozzle_run_updown_exit_true
-+index bbdcdd6..7b6e355 100755
-+--- a/libnozzle/tests/nozzle_run_updown_exit_true
-++++ b/libnozzle/tests/nozzle_run_updown_exit_true
-+@@ -5,7 +5,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ exit 0
-+diff --git a/man/api-to-man-page-coverage b/man/api-to-man-page-coverage
-+index b9dc18f..a1f54a3 100755
-+--- a/man/api-to-man-page-coverage
-++++ b/man/api-to-man-page-coverage
-+@@ -4,7 +4,7 @@
-+ #
-+ # Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ #
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-++# This software licensed under GPL-2.0+
-+ #
-+ 
-+ err=0
-+diff --git a/man/knet-keygen.8 b/man/knet-keygen.8
-+index 67ecf1f..96109c6 100644
-+--- a/man/knet-keygen.8
-++++ b/man/knet-keygen.8
-+@@ -5,7 +5,7 @@
-+ .\" *
-+ .\" * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ .\" *
-+-.\" * This software licensed under GPL-2.0+, LGPL-2.0+
-++.\" * This software licensed under GPL-2.0+
-+ .\" */
-+ .TH "KRONOSNETD" "8" "November 2012" "kronosnetd key generator." "System Administration Utilities"
-+ 
-+diff --git a/man/kronosnetd.8 b/man/kronosnetd.8
-+index 5661e1c..f4480be 100644
-+--- a/man/kronosnetd.8
-++++ b/man/kronosnetd.8
-+@@ -5,7 +5,7 @@
-+ .\" *
-+ .\" * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+ .\" *
-+-.\" * This software licensed under GPL-2.0+, LGPL-2.0+
-++.\" * This software licensed under GPL-2.0+
-+ .\" */
-+ .TH "KRONOSNETD" "8" "November 2012" "kronosnetd Usage:" "System Administration Utilities"
-+ 
-diff --git a/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch b/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-new file mode 100644
-index 0000000..2404d7a
---- /dev/null
-+++ b/debian/patches/PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-@@ -0,0 +1,79 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:37:15 +0200
-+Subject: [PMTUd] create common/shared code to trigger PMTUd rerun
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5b02bef11afda959dc8cea4adc383f80ff0e9273)
-+---
-+ libknet/threads_common.h |  1 +
-+ libknet/threads_common.c | 20 ++++++++++++++++++++
-+ libknet/transport_udp.c  | 17 +----------------
-+ 3 files changed, 22 insertions(+), 16 deletions(-)
-+
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index 79aaed2..19336ce 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -45,5 +45,6 @@ int shutdown_in_progress(knet_handle_t knet_h);
-+ int get_global_wrlock(knet_handle_t knet_h);
-+ int set_thread_status(knet_handle_t knet_h, uint8_t thread_id, uint8_t status);
-+ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status);
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem);
-+ 
-+ #endif
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index b6012a2..61ffd82 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -156,3 +156,23 @@ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status)
-+ 
-+      return 0;
-+ }
-++
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem)
-++{
-++     /*
-++      * we can only try to take a lock here. This part of the code
-++      * can be invoked by any thread, including PMTUd that is already
-++      * holding a lock at that stage.
-++      * If PMTUd is holding the lock, most likely it is already running
-++      * and we don't need to notify it back.
-++      */
-++     if (!pthread_mutex_trylock(&knet_h->pmtud_mutex)) {
-++             if (!knet_h->pmtud_running) {
-++                     if (!knet_h->pmtud_forcerun) {
-++                             log_debug(knet_h, subsystem, "Notifying PMTUd to rerun");
-++                             knet_h->pmtud_forcerun = 1;
-++                     }
-++             }
-++             pthread_mutex_unlock(&knet_h->pmtud_mutex);
-++     }
-++}
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 3fd69ee..232dbcb 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -340,22 +340,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                                                                      pthread_mutex_unlock(&knet_h->kmtu_mutex);
-+                                                              }
-+ 
-+-                                                             /*
-+-                                                              * we can only try to take a lock here. This part of the code
-+-                                                              * can be invoked by any thread, including PMTUd that is already
-+-                                                              * holding a lock at that stage.
-+-                                                              * If PMTUd is holding the lock, most likely it is already running
-+-                                                              * and we don't need to notify it back.
-+-                                                              */
-+-                                                             if (!pthread_mutex_trylock(&knet_h->pmtud_mutex)) {
-+-                                                                     if (!knet_h->pmtud_running) {
-+-                                                                             if (!knet_h->pmtud_forcerun) {
-+-                                                                                     log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Notifying PMTUd to rerun");
-+-                                                                                     knet_h->pmtud_forcerun = 1;
-+-                                                                             }
-+-                                                                     }
-+-                                                                     pthread_mutex_unlock(&knet_h->pmtud_mutex);
-+-                                                             }
-++                                                             force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP);
-+                                                      }
-+                                                      /*
-+                                                       * those errors are way too noisy
-diff --git a/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch b/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-new file mode 100644
-index 0000000..31f4550
---- /dev/null
-+++ b/debian/patches/PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-@@ -0,0 +1,74 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 05:35:24 +0200
-+Subject: [PMTUd] extend internal rerun API to allow full PMTUd reset
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6542aa98cccb2c9bc2c201ef47538a787a5e05fd)
-+---
-+ libknet/threads_common.h |  2 +-
-+ libknet/handle.c         |  2 +-
-+ libknet/threads_common.c | 11 ++++++++++-
-+ libknet/transport_udp.c  |  2 +-
-+ 4 files changed, 13 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/threads_common.h b/libknet/threads_common.h
-+index 19336ce..cff7691 100644
-+--- a/libknet/threads_common.h
-++++ b/libknet/threads_common.h
-+@@ -45,6 +45,6 @@ int shutdown_in_progress(knet_handle_t knet_h);
-+ int get_global_wrlock(knet_handle_t knet_h);
-+ int set_thread_status(knet_handle_t knet_h, uint8_t thread_id, uint8_t status);
-+ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status);
-+-void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem);
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem, uint8_t reset_mtu);
-+ 
-+ #endif
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index e95c6c1..251d332 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1408,7 +1408,7 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+ 
-+ exit_unlock:
-+      if (!err) {
-+-             force_pmtud_run(knet_h, KNET_SUB_CRYPTO);
-++             force_pmtud_run(knet_h, KNET_SUB_CRYPTO, 1);
-+      }
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+      errno = err ? savederrno : 0;
-+diff --git a/libknet/threads_common.c b/libknet/threads_common.c
-+index 61ffd82..53a6f9f 100644
-+--- a/libknet/threads_common.c
-++++ b/libknet/threads_common.c
-+@@ -157,8 +157,17 @@ int wait_all_threads_status(knet_handle_t knet_h, uint8_t status)
-+      return 0;
-+ }
-+ 
-+-void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem)
-++void force_pmtud_run(knet_handle_t knet_h, uint8_t subsystem, uint8_t reset_mtu)
-+ {
-++     if (reset_mtu) {
-++             log_debug(knet_h, subsystem, "PMTUd has been reset to default");
-++             knet_h->data_mtu = KNET_PMTUD_MIN_MTU_V4 - KNET_HEADER_ALL_SIZE - knet_h->sec_header_size;
-++             if (knet_h->pmtud_notify_fn) {
-++                     knet_h->pmtud_notify_fn(knet_h->pmtud_notify_fn_private_data,
-++                                             knet_h->data_mtu);
-++             }
-++     }
-++
-+      /*
-+       * we can only try to take a lock here. This part of the code
-+       * can be invoked by any thread, including PMTUd that is already
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index 232dbcb..1537438 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -340,7 +340,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                                                                      pthread_mutex_unlock(&knet_h->kmtu_mutex);
-+                                                              }
-+ 
-+-                                                             force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP);
-++                                                             force_pmtud_run(knet_h, KNET_SUB_TRANSP_UDP, 0);
-+                                                      }
-+                                                      /*
-+                                                       * those errors are way too noisy
-diff --git a/debian/patches/access-lists-add-access-lists-support-to-sctp.patch b/debian/patches/access-lists-add-access-lists-support-to-sctp.patch
-new file mode 100644
-index 0000000..d962193
---- /dev/null
-+++ b/debian/patches/access-lists-add-access-lists-support-to-sctp.patch
-@@ -0,0 +1,96 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 07:49:13 +0100
-+Subject: [access lists] add access lists support to sctp
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d2333aab530d06ec502131aea03281ac13263d99)
-+---
-+ libknet/transport_sctp.c | 33 +++++++++++++++++++++++++++++++++
-+ 1 file changed, 33 insertions(+)
-+
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index cb64a32..0d69a33 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -19,6 +19,7 @@
-+ #include "compat.h"
-+ #include "host.h"
-+ #include "links.h"
-++#include "links_acl.h"
-+ #include "logging.h"
-+ #include "common.h"
-+ #include "transport_common.h"
-+@@ -728,6 +729,15 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+ 
-+      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+                                              addr_str, port_str);
-++     if (knet_h->use_access_lists) {
-++             if (!ipcheck_validate(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry, &ss)) {
-++                     savederrno = EINVAL;
-++                     err = -1;
-++                     log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-++                     close(new_fd);
-++                     goto exit_error;
-++             }
-++     }
-+ 
-+      /*
-+       * Keep a track of all accepted FDs
-+@@ -936,6 +946,11 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+       */
-+      knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+              if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-++                                         &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++                     if (err) {
-++                             return NULL;
-++                     }
-+                      return info;
-+              }
-+      }
-+@@ -990,6 +1005,15 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+              goto exit_error;
-+      }
-+ 
-++     if (ipcheck_addip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-++                       &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++             savederrno = errno;
-++             err = -1;
-++             log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-++                     strerror(savederrno));
-++             goto exit_error;
-++     }
-++
-+      memset(&ev, 0, sizeof(struct epoll_event));
-+      ev.events = EPOLLIN;
-+      ev.data.fd = listen_sock;
-+@@ -1012,6 +1036,8 @@ exit_error:
-+              if (info->on_listener_epoll) {
-+                      epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+              }
-++             ipcheck_rmip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-++                          &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+              if (listen_sock >= 0) {
-+                      close(listen_sock);
-+              }
-+@@ -1050,6 +1076,11 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+              }
-+      }
-+ 
-++     if (ipcheck_rmip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-++                      &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++             log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-++     }
-++
-+      if (found) {
-+              this_link_info->listener = NULL;
-+              log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "SCTP listener socket %d still in use", info->listen_sock);
-+@@ -1080,6 +1111,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+              goto exit_error;
-+      }
-+ 
-++     check_rmall(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry);
-++
-+      close(info->listen_sock);
-+ 
-+      for (i=0; i< MAX_ACCEPTED_SOCKS; i++) {
-diff --git a/debian/patches/access-lists-add-documentation-for-enable_access_list.patch b/debian/patches/access-lists-add-documentation-for-enable_access_list.patch
-new file mode 100644
-index 0000000..e07e54a
---- /dev/null
-+++ b/debian/patches/access-lists-add-documentation-for-enable_access_list.patch
-@@ -0,0 +1,58 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 2 Mar 2019 07:49:19 +0100
-+Subject: [access lists] add documentation for enable_access_list
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 21cf1a648999774053a9c7386b13eb5a64c1c7db)
-+---
-+ libknet/libknet.h | 28 ++++++++++++++++++++++------
-+ 1 file changed, 22 insertions(+), 6 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 4283afe..03bbd97 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -505,21 +505,37 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+ /**
-+  * knet_handle_enable_access_lists
-+  *
-+- * @brief Start packet forwarding
-++ * @brief Enable or disable usage of access lists (default: off)
-+  *
-+  * knet_h   - pointer to knet_handle_t
-+  *
-+- * enable   - set to 1 to use ip access lists, 0 to disable ip access_lists.
-++ * enable   - set to 1 to use access lists, 0 to disable access_lists.
-+  *
-+  * @return
-+  * knet_handle_enable_access_lists returns
-+  * 0 on success
-+  * -1 on error and errno is set.
-+  *
-+- * By default access lists usage is off, but default internal access lists
-+- * will be populated regardless, but not enforced. TODO add long explanation
-+- * on internal access lists for point to point connections vs global
-+- * listeners etc.
-++ * access lists are bound to links. There are 2 types of links:
-++ * 1) point to point, where both source and destinations are well known
-++ *    at configuration time.
-++ * 2) open links, where only the source is known at configuration time.
-++ *
-++ * knet will automatically generate access lists for point to point links.
-++ *
-++ * For open links, knet provides 3 API calls to manipulate access lists:
-++ * knet_link_add_acl, knet_link_rm_acl and knet_link_clear_acl.
-++ * Those API calls will work only and exclusively on open links as they
-++ * provide no use for point to point links.
-++ *
-++ * knet will not enforce any access list unless specifically enabled by
-++ * knet_handle_enable_access_lists.
-++ *
-++ * From a security / programming perspective we recommend to:
-++ * - create the knet handle
-++ * - enable access lists
-++ * - configure hosts and links
-++ * - configure access lists for open links
-+  */
-+ 
-+ int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled);
-diff --git a/debian/patches/access-lists-add-errno-around-and-start-using-them.patch b/debian/patches/access-lists-add-errno-around-and-start-using-them.patch
-new file mode 100644
-index 0000000..12c0f24
---- /dev/null
-+++ b/debian/patches/access-lists-add-errno-around-and-start-using-them.patch
-@@ -0,0 +1,195 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 10:43:04 +0100
-+Subject: [access lists] add errno around and start using them
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 9a5babce2066ecb61a5647345792675c2f9f416b)
-+---
-+ libknet/links.c          | 14 +++++++-------
-+ libknet/links_acl.c      |  9 +++++++++
-+ libknet/links_acl_ip.c   | 12 ++++++++++--
-+ libknet/transport_sctp.c | 16 +++++++---------
-+ 4 files changed, 33 insertions(+), 18 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index dd64a15..1d21d05 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,9 +245,9 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+              log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+                        host_id, link_id, link->outsock);
-+-             if (check_add(knet_h, link->outsock, transport,
-+-                           &link->dst_addr, &link->dst_addr,
-+-                           CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             if ((check_add(knet_h, link->outsock, transport,
-++                            &link->dst_addr, &link->dst_addr,
-++                            CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+                      log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+                      savederrno = errno;
-+                      err = -1;
-+@@ -428,11 +428,11 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       */
-+      if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+-             if (check_rm(knet_h, link->outsock, link->transport,
-+-                          &link->dst_addr, &link->dst_addr,
-+-                          CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             if ((check_rm(knet_h, link->outsock, link->transport,
-++                           &link->dst_addr, &link->dst_addr,
-++                           CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != ENOENT)) {
-+                      err = -1;
-+-                     savederrno = EBUSY;
-++                     savederrno = errno;
-+                      log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-+                              host_id, link_id);
-+                      goto exit_unlock;
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index cfcc1fd..7605fe9 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -8,6 +8,7 @@
-+ 
-+ #include "config.h"
-+ 
-++#include <errno.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+@@ -19,6 +20,11 @@
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-+ 
-++/*
-++ * all those functions will return errno from the
-++ * protocol specific functions
-++ */
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+            struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+            check_type_t type, check_acceptreject_t acceptreject)
-+@@ -27,6 +33,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+ 
-+      switch(transport_get_proto(knet_h, transport)) {
-+              case LOOPBACK:
-++                     errno = 0;
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+@@ -47,6 +54,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ 
-+      switch(transport_get_proto(knet_h, transport)) {
-+              case LOOPBACK:
-++                     errno = 0;
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+@@ -80,6 +88,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+ {
-+      switch(transport_get_proto(knet_h, transport)) {
-+              case LOOPBACK:
-++                     errno = 0;
-+                      return 1;
-+                      break;
-+              case IP_PROTO:
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index ffd18a4..58c7b28 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -8,6 +8,7 @@
-+ 
-+ #include "config.h"
-+ 
-++#include <errno.h>
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+@@ -202,6 +203,7 @@ int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+ 
-+      rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+      if (!rm_match_entry) {
-++             errno = ENOENT;
-+              return -1;
-+      }
-+ 
-+@@ -237,24 +239,30 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+      struct acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      if (!ip1) {
-++             errno = EINVAL;
-+              return -1;
-+      }
-+ 
-+      if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++             errno = EINVAL;
-+              return -1;
-+      }
-+ 
-+      if (type == CHECK_TYPE_RANGE &&
-+-         (ip1->ss_family != ip2->ss_family))
-++         (ip1->ss_family != ip2->ss_family)) {
-++             errno = EINVAL;
-+              return -1;
-++     }
-+ 
-+      if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++             errno = EEXIST;
-+              return -1;
-+      }
-+ 
-+      new_match_entry = malloc(sizeof(struct acl_match_entry));
-+-     if (!new_match_entry)
-++     if (!new_match_entry) {
-+              return -1;
-++     }
-+ 
-+      memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+      memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index ff7903c..aa0de9d 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -948,9 +948,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+       */
-+      knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+              if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+-                     err = check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-+-                                     &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-                     if (err) {
-++                     if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++                                    &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+                              return NULL;
-+                      }
-+                      return info;
-+@@ -1007,8 +1006,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+              goto exit_error;
-+      }
-+ 
-+-     if (check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-+-                   &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++     if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++                    &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+              savederrno = errno;
-+              err = -1;
-+              log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-+@@ -1038,8 +1037,7 @@ exit_error:
-+              if (info->on_listener_epoll) {
-+                      epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+              }
-+-             check_rm(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-+-                      &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++             check_rmall(knet_h, listen_sock, KNET_TRANSPORT_SCTP);
-+              if (listen_sock >= 0) {
-+                      close(listen_sock);
-+              }
-+@@ -1078,8 +1076,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+              }
-+      }
-+ 
-+-     if (check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-+-                  &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++     if ((check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++                   &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != ENOENT)) {
-+              log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-+      }
-+ 
-diff --git a/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch b/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
-new file mode 100644
-index 0000000..e872279
---- /dev/null
-+++ b/debian/patches/access-lists-add-external-API-calls-to-manage-access-list.patch
-@@ -0,0 +1,746 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 4 Mar 2019 13:07:04 +0100
-+Subject: [access lists] add external API calls to manage access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6373dd2358b816beab2cc87bdf8ff196480b60cc)
-+---
-+ man/Makefile.am               |   7 +-
-+ libknet/libknet.h             | 157 +++++++++++++++++++++-
-+ libknet/links_acl.h           |  15 +--
-+ libknet/links_acl_ip.h        |   2 +-
-+ libknet/links_acl_loopback.h  |   2 +-
-+ libknet/links.c               | 306 +++++++++++++++++++++++++++++++++++++++++-
-+ libknet/links_acl.c           |   4 +-
-+ libknet/links_acl_ip.c        |  49 ++++---
-+ libknet/links_acl_loopback.c  |   2 +-
-+ libknet/tests/int_links_acl.c |   4 +-
-+ libknet/transport_sctp.c      |   4 +-
-+ 11 files changed, 504 insertions(+), 48 deletions(-)
-+
-+diff --git a/man/Makefile.am b/man/Makefile.am
-+index 6c15f0d..0ad12f6 100644
-+--- a/man/Makefile.am
-++++ b/man/Makefile.am
-+@@ -95,7 +95,12 @@ knet_man3_MANS = \
-+              knet_recv.3 \
-+              knet_send.3 \
-+              knet_send_sync.3 \
-+-             knet_strtoaddr.3
-++             knet_strtoaddr.3 \
-++             knet_handle_enable_access_lists.3 \
-++             knet_link_add_acl.3 \
-++             knet_link_insert_acl.3 \
-++             knet_link_rm_acl.3 \
-++             knet_link_clear_acl.3
-+ 
-+ if BUILD_LIBNOZZLE
-+ nozzle_man3_MANS = \
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 03bbd97..d616e11 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -524,12 +524,12 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+  * knet will automatically generate access lists for point to point links.
-+  *
-+  * For open links, knet provides 3 API calls to manipulate access lists:
-+- * knet_link_add_acl, knet_link_rm_acl and knet_link_clear_acl.
-++ * knet_link_add_acl(3), knet_link_rm_acl(3) and knet_link_clear_acl(3).
-+  * Those API calls will work only and exclusively on open links as they
-+  * provide no use for point to point links.
-+  *
-+  * knet will not enforce any access list unless specifically enabled by
-+- * knet_handle_enable_access_lists.
-++ * knet_handle_enable_access_lists(3).
-+  *
-+  * From a security / programming perspective we recommend to:
-+  * - create the knet handle
-+@@ -1477,6 +1477,159 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ 
-+ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-+ 
-++/*
-++ * access lists management for open links
-++ * see also knet_handle_enable_access_lists(3)
-++ */
-++
-++/*
-++ * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-++ *                    for example: 10.1.9.3/32
-++ *                    and the entry is stored in ss1. ss2 can be NULL.
-++ *
-++ * CHECK_TYPE_MASK    is used to configure network/netmask.
-++ *                    for example: 192.168.0.0/24
-++ *                    the network is stored in ss1 and the netmask in ss2.
-++ *
-++ * CHECK_TYPE_RANGE   defines a value / range of ip addresses.
-++ *                    for example: 172.16.0.1-172.16.0.10
-++ *                    the start is stored in ss1 and the end in ss2.
-++ *
-++ * Please be aware that the above examples refers only to IP based protocols.
-++ * Other protocols might use ss1 and ss2 in slightly different ways.
-++ * At the moment knet only supports IP based protocol and that might change
-++ * in the future.
-++ */
-++
-++typedef enum {
-++     CHECK_TYPE_ADDRESS,
-++     CHECK_TYPE_MASK,
-++     CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++/*
-++ * accept or reject incoming packets defined in the access list entry
-++ */
-++
-++typedef enum {
-++     CHECK_ACCEPT,
-++     CHECK_REJECT
-++} check_acceptreject_t;
-++
-++/**
-++ * knet_link_add_acl
-++ *
-++ * @brief Add access list entry to an open link
-++ *
-++ * knet_h    - pointer to knet_handle_t
-++ *
-++ * host_id   - see knet_host_add(3)
-++ *
-++ * link_id   - see knet_link_set_config(3)
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * IMPORTANT: the order in which access lists are added is critical and it
-++ *            is left to the user to add them in the right order. knet
-++ *            will do no attempt to logically sort them.
-++ *
-++ *            For example:
-++ *            1 - accept from 10.0.0.0/8
-++ *            2 - reject from 10.0.0.1/32
-++ *
-++ *            is not the same as:
-++ *
-++ *            1 - reject from 10.0.0.1/32
-++ *            2 - accept from 10.0.0.0/8
-++ *
-++ *            In the first example, rule number 2 will never match because
-++ *            packets from 10.0.0.1 will be accepted by rule number 1.
-++ *
-++ * @return
-++ * knet_link_add_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                   struct sockaddr_storage *ss1,
-++                   struct sockaddr_storage *ss2,
-++                   check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_insert_acl
-++ *
-++ * @brief Insert access list entry to an open link at given index
-++ *
-++ * knet_h    - pointer to knet_handle_t
-++ *
-++ * host_id   - see knet_host_add(3)
-++ *
-++ * link_id   - see knet_link_set_config(3)
-++ *
-++ * index     - insert at position "index" where 0 is the first entry and -1
-++ *             append to the current list.
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * @return
-++ * knet_link_insert_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                      int index,
-++                      struct sockaddr_storage *ss1,
-++                      struct sockaddr_storage *ss2,
-++                      check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_rm_acl
-++ *
-++ * @brief Remove access list entry from an open link
-++ *
-++ * knet_h    - pointer to knet_handle_t
-++ *
-++ * host_id   - see knet_host_add(3)
-++ *
-++ * link_id   - see knet_link_set_config(3)
-++ *
-++ * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-++ *
-++ * IMPORTANT: the data passed to this API call must match exactly the ones used
-++ *            in knet_link_add_acl(3).
-++ *
-++ * @return
-++ * knet_link_rm_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                  struct sockaddr_storage *ss1,
-++                  struct sockaddr_storage *ss2,
-++                  check_type_t type, check_acceptreject_t acceptreject);
-++
-++/**
-++ * knet_link_clear_acl
-++ *
-++ * @brief Remove all access list entries from an open link
-++ *
-++ * knet_h    - pointer to knet_handle_t
-++ *
-++ * host_id   - see knet_host_add(3)
-++ *
-++ * link_id   - see knet_link_set_config(3)
-++ *
-++ * @return
-++ * knet_link_clear_acl
-++ * 0 on success.
-++ * -1 on error and errno is set.
-++ */
-++
-++int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-++
-+ /**
-+  * knet_link_set_enable
-+  *
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index a64faa1..60f7812 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,23 +11,12 @@
-+ 
-+ #include "internals.h"
-+ 
-+-typedef enum {
-+-     CHECK_TYPE_ADDRESS,
-+-     CHECK_TYPE_MASK,
-+-     CHECK_TYPE_RANGE
-+-} check_type_t;
-+-
-+-typedef enum {
-+-     CHECK_ACCEPT,
-+-     CHECK_REJECT
-+-} check_acceptreject_t;
-+-
-+ typedef struct {
-+      uint8_t                         transport_proto;
-+ 
-+      int (*protocheck_validate)      (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+-     int (*protocheck_add)           (void *fd_tracker_match_entry_head,
-++     int (*protocheck_add)           (void *fd_tracker_match_entry_head, int index,
-+                                       struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                                       check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+@@ -38,7 +27,7 @@ typedef struct {
-+      void (*protocheck_rmall)        (void *fd_tracker_match_entry_head);
-+ } check_ops_t;
-+ 
-+-int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport, int index,
-+            struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+            check_type_t type, check_acceptreject_t acceptreject);
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index e069b99..fac58e2 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -14,7 +14,7 @@
-+ 
-+ int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+-int ipcheck_addip(void *fd_tracker_match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
-+                struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index 73a9704..e75c4a4 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -14,7 +14,7 @@
-+ 
-+ int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+-int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
-+                    struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                    check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 1d21d05..0f02006 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,7 +245,7 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+              log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+                        host_id, link_id, link->outsock);
-+-             if ((check_add(knet_h, link->outsock, transport,
-++             if ((check_add(knet_h, link->outsock, transport, -1,
-+                             &link->dst_addr, &link->dst_addr,
-+                             CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+                      log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+@@ -1148,3 +1148,307 @@ exit_unlock:
-+      errno = err ? savederrno : 0;
-+      return err;
-+ }
-++
-++int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                   struct sockaddr_storage *ss1,
-++                   struct sockaddr_storage *ss2,
-++                   check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     int savederrno = 0, err = 0;
-++     struct knet_host *host;
-++     struct knet_link *link;
-++
-++     if (!knet_h) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if (!ss1) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type == CHECK_TYPE_RANGE) &&
-++         (ss1->ss_family != ss2->ss_family)) {
-++                     errno = EINVAL;
-++                     return -1;
-++     }
-++
-++     if (link_id >= KNET_MAX_LINK) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     savederrno = get_global_wrlock(knet_h);
-++     if (savederrno) {
-++             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++                     strerror(savederrno));
-++             errno = savederrno;
-++             return -1;
-++     }
-++
-++     host = knet_h->host_index[host_id];
-++     if (!host) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++                     host_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     link = &host->link[link_id];
-++
-++     if (!link->configured) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     if (link->dynamic != KNET_LINK_DYNIP) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     err = check_add(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport, -1,
-++                     ss1, ss2, type, acceptreject);
-++     savederrno = errno;
-++
-++exit_unlock:
-++     pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++     errno = savederrno;
-++     return err;
-++}
-++
-++int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                      int index,
-++                      struct sockaddr_storage *ss1,
-++                      struct sockaddr_storage *ss2,
-++                      check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     int savederrno = 0, err = 0;
-++     struct knet_host *host;
-++     struct knet_link *link;
-++
-++     if (!knet_h) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if (!ss1) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type == CHECK_TYPE_RANGE) &&
-++         (ss1->ss_family != ss2->ss_family)) {
-++                     errno = EINVAL;
-++                     return -1;
-++     }
-++
-++     if (link_id >= KNET_MAX_LINK) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     savederrno = get_global_wrlock(knet_h);
-++     if (savederrno) {
-++             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++                     strerror(savederrno));
-++             errno = savederrno;
-++             return -1;
-++     }
-++
-++     host = knet_h->host_index[host_id];
-++     if (!host) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++                     host_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     link = &host->link[link_id];
-++
-++     if (!link->configured) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     if (link->dynamic != KNET_LINK_DYNIP) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     err = check_add(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport, index,
-++                     ss1, ss2, type, acceptreject);
-++     savederrno = errno;
-++
-++exit_unlock:
-++     pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++     errno = savederrno;
-++     return err;
-++}
-++
-++int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-++                  struct sockaddr_storage *ss1,
-++                  struct sockaddr_storage *ss2,
-++                  check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     int savederrno = 0, err = 0;
-++     struct knet_host *host;
-++     struct knet_link *link;
-++
-++     if (!knet_h) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if (!ss1) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((type == CHECK_TYPE_RANGE) &&
-++         (ss1->ss_family != ss2->ss_family)) {
-++                     errno = EINVAL;
-++                     return -1;
-++     }
-++
-++     if (link_id >= KNET_MAX_LINK) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     savederrno = get_global_wrlock(knet_h);
-++     if (savederrno) {
-++             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++                     strerror(savederrno));
-++             errno = savederrno;
-++             return -1;
-++     }
-++
-++     host = knet_h->host_index[host_id];
-++     if (!host) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++                     host_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     link = &host->link[link_id];
-++
-++     if (!link->configured) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     if (link->dynamic != KNET_LINK_DYNIP) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     err = check_rm(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport,
-++                    ss1, ss2, type, acceptreject);
-++     savederrno = errno;
-++
-++exit_unlock:
-++     pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++     errno = savederrno;
-++     return err;
-++}
-++
-++int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id)
-++{
-++     int savederrno = 0, err = 0;
-++     struct knet_host *host;
-++     struct knet_link *link;
-++
-++     if (!knet_h) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if (link_id >= KNET_MAX_LINK) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     savederrno = get_global_wrlock(knet_h);
-++     if (savederrno) {
-++             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++                     strerror(savederrno));
-++             errno = savederrno;
-++             return -1;
-++     }
-++
-++     host = knet_h->host_index[host_id];
-++     if (!host) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to find host %u: %s",
-++                     host_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     link = &host->link[link_id];
-++
-++     if (!link->configured) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is not configured: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     if (link->dynamic != KNET_LINK_DYNIP) {
-++             err = -1;
-++             savederrno = EINVAL;
-++             log_err(knet_h, KNET_SUB_LINK, "host %u link %u is a point to point connection: %s",
-++                     host_id, link_id, strerror(savederrno));
-++             goto exit_unlock;
-++     }
-++
-++     check_rmall(knet_h, transport_link_get_acl_fd(knet_h, link), link->transport);
-++
-++exit_unlock:
-++     pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++     errno = savederrno;
-++     return err;
-++}
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 0b1fcd0..776408a 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -31,12 +31,12 @@ static check_ops_t proto_check_modules_cmds[] = {
-+  * protocol specific functions
-+  */
-+ 
-+-int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport, int index,
-+            struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+            check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-+-                     &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++                     &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, index,
-+                      ss1, ss2, type, acceptreject);
-+ }
-+ 
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 2682a70..642027b 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -242,29 +242,14 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+      return 0;
-+ }
-+ 
-+-int ipcheck_addip(void *fd_tracker_match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
-+                struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+      struct ip_acl_match_entry *new_match_entry;
-+      struct ip_acl_match_entry *match_entry = *match_entry_head;
-+-
-+-     if (!ss1) {
-+-             errno = EINVAL;
-+-             return -1;
-+-     }
-+-
-+-     if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+-             errno = EINVAL;
-+-             return -1;
-+-     }
-+-
-+-     if (type == CHECK_TYPE_RANGE &&
-+-         (ss1->ss_family != ss2->ss_family)) {
-+-             errno = EINVAL;
-+-             return -1;
-+-     }
-++     int i = 0;
-+ 
-+      if (ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject) != NULL) {
-+              errno = EEXIST;
-+@@ -283,12 +268,32 @@ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+      new_match_entry->next = NULL;
-+ 
-+      if (match_entry) {
-+-             /* Find the end of the list */
-+-             /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+-             while (match_entry->next) {
-+-                     match_entry = match_entry->next;
-++             /*
-++              * special case for index 0, since we need to update
-++              * the head of the list
-++              */
-++             if (index == 0) {
-++                     *match_entry_head = new_match_entry;
-++                     new_match_entry->next = match_entry;
-++             } else {
-++                     /*
-++                      * find the end of the list or stop at "index"
-++                      */
-++                     while ((match_entry->next) || (i < index)) {
-++                             match_entry = match_entry->next;
-++                             i++;
-++                     }
-++                     /*
-++                      * insert if there are more entries in the list
-++                      */
-++                     if (match_entry->next) {
-++                             new_match_entry->next = match_entry->next;
-++                     }
-++                     /*
-++                      * add if we are at the end
-++                      */
-++                     match_entry->next = new_match_entry;
-+              }
-+-             match_entry->next = new_match_entry;
-+      } else {
-+              /*
-+               * first entry in the list
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index bb69130..97f8198 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -33,7 +33,7 @@ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+      return 0;
-+ }
-+ 
-+-int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
-+                    struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                    check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 05bd829..15e8e07 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -165,9 +165,9 @@ static int load_file(void)
-+              }
-+              else {
-+                      if (addr1.ss_family == AF_INET) {
-+-                             ipcheck_addip(&match_entry_v4, &addr1, &addr2, type, acceptreject);
-++                             ipcheck_addip(&match_entry_v4, -1, &addr1, &addr2, type, acceptreject);
-+                      } else {
-+-                             ipcheck_addip(&match_entry_v6, &addr1, &addr2, type, acceptreject);
-++                             ipcheck_addip(&match_entry_v6, -1, &addr1, &addr2, type, acceptreject);
-+                      }
-+              }
-+      next_record: {} /* empty statement to mollify the compiler */
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 819bc9a..bdfc98d 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -948,7 +948,7 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+       */
-+      knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+              if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+-                     if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++                     if ((check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP, -1,
-+                                     &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+                              return NULL;
-+                      }
-+@@ -1006,7 +1006,7 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+              goto exit_error;
-+      }
-+ 
-+-     if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++     if ((check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP, -1,
-+                     &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) && (errno != EEXIST)) {
-+              savederrno = errno;
-+              err = -1;
-diff --git a/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch b/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
-new file mode 100644
-index 0000000..30639fd
---- /dev/null
-+++ b/debian/patches/access-lists-add-more-extensive-test-for-links_acl_ip.patch
-@@ -0,0 +1,717 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 7 Mar 2019 15:31:28 +0100
-+Subject: [access lists] add more extensive test for links_acl_ip
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8d42be74c7fdb58b8082c4a4d369d2facca467a9)
-+---
-+ libknet/tests/int_links_acl.txt  |   8 -
-+ libknet/tests/Makefile.am        |  33 ++--
-+ libknet/tests/int_links_acl.c    | 211 ---------------------
-+ libknet/tests/int_links_acl_ip.c | 399 +++++++++++++++++++++++++++++++++++++++
-+ 4 files changed, 415 insertions(+), 236 deletions(-)
-+ delete mode 100644 libknet/tests/int_links_acl.txt
-+ delete mode 100644 libknet/tests/int_links_acl.c
-+ create mode 100644 libknet/tests/int_links_acl_ip.c
-+
-+diff --git a/libknet/tests/int_links_acl.txt b/libknet/tests/int_links_acl.txt
-+deleted file mode 100644
-+index 5776d54..0000000
-+--- a/libknet/tests/int_links_acl.txt
-++++ /dev/null
-+@@ -1,8 +0,0 @@
-+-AA192.168.1.1
-+-AA192.168.1.2
-+-RA192.168.0.3
-+-AR192.168.0.0-192.168.0.250
-+-AM192.168.2.0/255.255.255.0
-+-AM1740::0/FFF0::0
-+-RA1000::666
-+-AR1000::1-2000::7FF
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index eae5c80..3e74ea8 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -13,8 +13,7 @@ include $(top_srcdir)/libknet/tests/api-check.mk
-+ 
-+ EXTRA_DIST           = \
-+                        api-test-coverage \
-+-                       api-check.mk \
-+-                       int_links_acl.txt
-++                       api-check.mk
-+ 
-+ AM_CPPFLAGS          = -I$(top_srcdir)/libknet
-+ AM_CFLAGS            += $(PTHREAD_CFLAGS)
-+@@ -34,6 +33,7 @@ check_PROGRAMS              = \
-+                        $(fun_checks)
-+ 
-+ int_checks           = \
-++                       int_links_acl_ip_test \
-+                        int_timediff_test
-+ 
-+ fun_checks           =
-+@@ -45,7 +45,6 @@ benchmarks          = \
-+ noinst_PROGRAMS              = \
-+                        api_knet_handle_new_limit_test \
-+                        pckt_test \
-+-                       int_links_acl_test \
-+                        $(benchmarks) \
-+                        $(check_PROGRAMS)
-+ 
-+@@ -67,20 +66,20 @@ check-api-test-coverage:
-+ 
-+ pckt_test_SOURCES    = pckt_test.c
-+ 
-+-int_links_acl_test_SOURCES = int_links_acl.c \
-+-                          ../common.c \
-+-                          ../compat.c \
-+-                          ../logging.c \
-+-                          ../netutils.c \
-+-                          ../threads_common.c \
-+-                          ../transports.c \
-+-                          ../transport_common.c \
-+-                          ../transport_loopback.c \
-+-                          ../transport_sctp.c \
-+-                          ../transport_udp.c \
-+-                          ../links_acl.c \
-+-                          ../links_acl_ip.c \
-+-                          ../links_acl_loopback.c
-++int_links_acl_ip_test_SOURCES = int_links_acl_ip.c \
-++                             ../common.c \
-++                             ../compat.c \
-++                             ../logging.c \
-++                             ../netutils.c \
-++                             ../threads_common.c \
-++                             ../transports.c \
-++                             ../transport_common.c \
-++                             ../transport_loopback.c \
-++                             ../transport_sctp.c \
-++                             ../transport_udp.c \
-++                             ../links_acl.c \
-++                             ../links_acl_ip.c \
-++                             ../links_acl_loopback.c
-+ 
-+ int_timediff_test_SOURCES = int_timediff.c
-+ 
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+deleted file mode 100644
-+index 15e8e07..0000000
-+--- a/libknet/tests/int_links_acl.c
-++++ /dev/null
-+@@ -1,211 +0,0 @@
-+-/*
-+- * Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+- *
-+- * Author: Christine Caulfield <ccaulfie@redhat.com>
-+- *
-+- * This software licensed under GPL-2.0+, LGPL-2.0+
-+- */
-+-
-+-#include "config.h"
-+-
-+-#include <sys/types.h>
-+-#include <sys/socket.h>
-+-#include <netinet/in.h>
-+-#include <stdio.h>
-+-#include <stdlib.h>
-+-#include <string.h>
-+-#include <netdb.h>
-+-
-+-#include "internals.h"
-+-#include "links_acl.h"
-+-#include "links_acl_ip.h"
-+-
-+-static struct acl_match_entry *match_entry_v4;
-+-static struct acl_match_entry *match_entry_v6;
-+-
-+-/* This is a test program .. remember! */
-+-#define BUFLEN 1024
-+-
-+-static int get_ipaddress(char *buf, struct sockaddr_storage *addr)
-+-{
-+-     struct addrinfo *info;
-+-     struct addrinfo hints;
-+-     int res;
-+-
-+-     memset(&hints, 0, sizeof(hints));
-+-     hints.ai_family = AF_UNSPEC;
-+-
-+-     res = getaddrinfo(buf, NULL, &hints, &info);
-+-     if (!res) {
-+-             memmove(addr, info->ai_addr, info->ai_addrlen);
-+-             freeaddrinfo(info);
-+-     }
-+-     return res;
-+-}
-+-
-+-static int read_address(char *buf, struct sockaddr_storage *addr)
-+-{
-+-     return get_ipaddress(buf, addr);
-+-}
-+-
-+-static int read_mask(char *buf, struct sockaddr_storage *addr, struct sockaddr_storage *addr2)
-+-{
-+-     char tmpbuf[BUFLEN];
-+-     char *slash;
-+-     int ret;
-+-
-+-     slash = strchr(buf, '/');
-+-     if (!slash)
-+-             return 1;
-+-
-+-     strncpy(tmpbuf, buf, slash-buf);
-+-     tmpbuf[slash-buf] = '\0';
-+-
-+-     ret = get_ipaddress(tmpbuf, addr);
-+-        if (ret)
-+-             return ret;
-+-
-+-     ret = get_ipaddress(slash+1, addr2);
-+-        if (ret)
-+-             return ret;
-+-
-+-     return 0;
-+-}
-+-
-+-static int read_range(char *buf, struct sockaddr_storage *addr1, struct sockaddr_storage *addr2)
-+-{
-+-     char tmpbuf[BUFLEN];
-+-     char *hyphen;
-+-     int ret;
-+-
-+-     hyphen = strchr(buf, '-');
-+-     if (!hyphen)
-+-             return 1;
-+-
-+-     strncpy(tmpbuf, buf, hyphen-buf);
-+-     tmpbuf[hyphen-buf] = '\0';
-+-
-+-     ret = get_ipaddress(tmpbuf, addr1);
-+-        if (ret)
-+-             return ret;
-+-
-+-     ret = get_ipaddress(hyphen+1, addr2);
-+-        if (ret)
-+-             return ret;
-+-
-+-     return 0;
-+-}
-+-
-+-
-+-static int load_file(void)
-+-{
-+-     FILE *filterfile;
-+-     char filebuf[BUFLEN];
-+-     int line = 0;
-+-     int ret;
-+-     check_type_t type;
-+-     check_acceptreject_t acceptreject;
-+-     struct sockaddr_storage addr1;
-+-     struct sockaddr_storage addr2;
-+-
-+-     ipcheck_rmall(&match_entry_v4);
-+-     ipcheck_rmall(&match_entry_v6);
-+-
-+-     filterfile = fopen("int_links_acl.txt", "r");
-+-     if (!filterfile) {
-+-             fprintf(stderr, "Cannot open int_links_acl.txt\n");
-+-             return 1;
-+-     }
-+-
-+-     while (fgets(filebuf, sizeof(filebuf), filterfile)) {
-+-             filebuf[strlen(filebuf)-1] = '\0'; /* remove trailing LF */
-+-             line++;
-+-
-+-             /*
-+-              * First char is A (accept) or R (Reject)
-+-              */
-+-             switch(filebuf[0] & 0x5F) {
-+-             case 'A':
-+-                     acceptreject = CHECK_ACCEPT;
-+-                     break;
-+-             case 'R':
-+-                     acceptreject = CHECK_REJECT;
-+-                     break;
-+-             default:
-+-                     fprintf(stderr, "Unknown record type on line %d: %s\n", line, filebuf);
-+-                     goto next_record;
-+-             }
-+-
-+-             /*
-+-              * Second char is the filter type:
-+-              * A Address
-+-              * M Mask
-+-              * R Range
-+-              */
-+-             switch(filebuf[1] & 0x5F) {
-+-             case 'A':
-+-                     type = CHECK_TYPE_ADDRESS;
-+-                     ret = read_address(filebuf+2, &addr1);
-+-                     break;
-+-             case 'M':
-+-                     type = CHECK_TYPE_MASK;
-+-                     ret = read_mask(filebuf+2, &addr1, &addr2);
-+-                     break;
-+-             case 'R':
-+-                     type = CHECK_TYPE_RANGE;
-+-                     ret = read_range(filebuf+2, &addr1, &addr2);
-+-                     break;
-+-             default:
-+-                     fprintf(stderr, "Unknown filter type on line %d: %s\n", line, filebuf);
-+-                     goto next_record;
-+-                     break;
-+-             }
-+-             if (ret) {
-+-                     fprintf(stderr, "Failed to parse address on line %d: %s\n", line, filebuf);
-+-             }
-+-             else {
-+-                     if (addr1.ss_family == AF_INET) {
-+-                             ipcheck_addip(&match_entry_v4, -1, &addr1, &addr2, type, acceptreject);
-+-                     } else {
-+-                             ipcheck_addip(&match_entry_v6, -1, &addr1, &addr2, type, acceptreject);
-+-                     }
-+-             }
-+-     next_record: {} /* empty statement to mollify the compiler */
-+-     }
-+-     fclose(filterfile);
-+-
-+-     return 0;
-+-}
-+-
-+-int main(int argc, char *argv[])
-+-{
-+-     struct sockaddr_storage saddr;
-+-     struct acl_match_entry *match_entry;
-+-     int ret;
-+-     int i;
-+-
-+-     if (load_file())
-+-             return 1;
-+-
-+-     for (i=1; i<argc; i++) {
-+-             ret = get_ipaddress(argv[i], &saddr);
-+-             if (ret) {
-+-                     fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-+-             } else {
-+-                     if (saddr.ss_family == AF_INET) {
-+-                             match_entry = match_entry_v4;
-+-                     } else {
-+-                             match_entry = match_entry_v6;
-+-                     }
-+-                     if (ipcheck_validate(&match_entry, &saddr)) {
-+-                             printf("%s is VALID\n", argv[i]);
-+-                     } else {
-+-                             printf("%s is not allowed\n", argv[i]);
-+-                     }
-+-             }
-+-     }
-+-
-+-     ipcheck_rmall(&match_entry_v4);
-+-     ipcheck_rmall(&match_entry_v6);
-+-     return 0;
-+-}
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+new file mode 100644
-+index 0000000..a7d2aed
-+--- /dev/null
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -0,0 +1,399 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <sys/types.h>
-++#include <sys/socket.h>
-++#include <netinet/in.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <netdb.h>
-++#include <errno.h>
-++
-++#include "internals.h"
-++#include "links_acl.h"
-++#include "links_acl_ip.h"
-++
-++#include "test-common.h"
-++
-++static struct acl_match_entry *match_entry_v4;
-++static struct acl_match_entry *match_entry_v6;
-++
-++/* This is a test program .. remember! */
-++#define BUFLEN 1024
-++
-++static int get_ipaddress(const char *buf, struct sockaddr_storage *addr)
-++{
-++     struct addrinfo *info;
-++     struct addrinfo hints;
-++
-++     memset(&hints, 0, sizeof(hints));
-++     hints.ai_family = AF_UNSPEC;
-++
-++     if (getaddrinfo(buf, NULL, &hints, &info)) {
-++             return -1;
-++     }
-++
-++     memmove(addr, info->ai_addr, info->ai_addrlen);
-++     freeaddrinfo(info);
-++     return 0;
-++}
-++
-++static int read_2ip(const char *buf, const char *delim, struct sockaddr_storage *addr, struct sockaddr_storage *addr2)
-++{
-++     char tmpbuf[BUFLEN];
-++     char *deli;
-++
-++     deli = strstr(buf, delim);
-++     if (!deli) {
-++             return -1;
-++     }
-++
-++     strncpy(tmpbuf, buf, deli-buf);
-++     tmpbuf[deli-buf] = '\0';
-++
-++     if (get_ipaddress(tmpbuf, addr)) {
-++             return -1;
-++     }
-++
-++     if (get_ipaddress(deli+1, addr2)) {
-++             return -1;
-++     }
-++
-++     return 0;
-++}
-++
-++/*
-++ * be aware that ordering is important
-++ * so we can test all the rules with few
-++ * ipcheck_validate calls
-++ */
-++
-++const char *rules[100] = {
-++     /*
-++      * ipv4
-++      */
-++     "RA192.168.0.3",                /* reject address */
-++     "AA192.168.0.1",                /* accept address */
-++     "RR192.168.0.10-192.168.0.20",  /* reject range */
-++     "AR192.168.0.0-192.168.0.255",  /* accept range */
-++     "RM192.168.2.0/255.255.255.0",  /* reject mask */
-++     "AM192.168.2.0/255.255.254.0",  /* accept mask */
-++     /*
-++      * ipv6
-++      */
-++     "RA3ffe::3",
-++     "AA3ffe::1",
-++     "RR3ffe::10-3ffe::20",
-++     "AR3ffe::0-3ffe::ff",
-++     "RM3ffe:1::0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:0",
-++     "AM3ffe:1::0/ffff:ffff:ffff:ffff::0"
-++};
-++
-++static int _ipcheck_addip(void *fd_tracker_match_entry_head,
-++                       struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-++                       check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     return ipcheck_addip(fd_tracker_match_entry_head, -1, ss1, ss2, type, acceptreject);
-++}
-++
-++static int default_rules(int load)
-++{
-++     int ret;
-++     check_type_t type;
-++     check_acceptreject_t acceptreject;
-++     struct sockaddr_storage addr1;
-++     struct sockaddr_storage addr2;
-++     int i = 0;
-++     int (*loadfn)(void *fd_tracker_match_entry_head, struct sockaddr_storage *ss1, struct sockaddr_storage *ss2, check_type_t type, check_acceptreject_t acceptreject);
-++
-++     if (load) {
-++             loadfn = _ipcheck_addip;
-++     } else {
-++             loadfn = ipcheck_rmip;
-++     }
-++
-++     while (rules[i] != NULL) {
-++             printf("Parsing rule: %s\n", rules[i]);
-++             memset(&addr1, 0, sizeof(struct sockaddr_storage));
-++             memset(&addr2, 0, sizeof(struct sockaddr_storage));
-++             /*
-++              * First char is A (accept) or R (Reject)
-++              */
-++             switch(rules[i][0] & 0x5F) {
-++                     case 'A':
-++                             acceptreject = CHECK_ACCEPT;
-++                             break;
-++                     case 'R':
-++                             acceptreject = CHECK_REJECT;
-++                             break;
-++                     default:
-++                             fprintf(stderr, "Unknown record type on line %d: %s\n", i, rules[i]);
-++                             goto next_record;
-++             }
-++
-++             /*
-++              * Second char is the filter type:
-++              * A Address
-++              * M Mask
-++              * R Range
-++              */
-++             switch(rules[i][1] & 0x5F) {
-++                     case 'A':
-++                             type = CHECK_TYPE_ADDRESS;
-++                             ret = get_ipaddress(rules[i]+2, &addr1);
-++                             break;
-++                     case 'M':
-++                             type = CHECK_TYPE_MASK;
-++                             ret = read_2ip(rules[i]+2, "/", &addr1, &addr2);
-++                             break;
-++                     case 'R':
-++                             type = CHECK_TYPE_RANGE;
-++                             ret = read_2ip(rules[i]+2, "-", &addr1, &addr2);
-++                             break;
-++                     default:
-++                             fprintf(stderr, "Unknown filter type on line %d: %s\n", i, rules[i]);
-++                             goto next_record;
-++                             break;
-++             }
-++
-++             if (ret) {
-++                     fprintf(stderr, "Failed to parse address on line %d: %s\n", i, rules[i]);
-++                     return -1;
-++             } else {
-++                     if (addr1.ss_family == AF_INET) {
-++                             if (loadfn(&match_entry_v4, &addr1, &addr2, type, acceptreject) < 0) {
-++                                     fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
-++                                     return -1;
-++                             }
-++                     } else {
-++                             if (loadfn(&match_entry_v6, &addr1, &addr2, type, acceptreject) < 0) {
-++                                     fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
-++                                     return -1;
-++                             }
-++                     }
-++             }
-++
-++     next_record:
-++             i++;
-++     }
-++
-++     return 0;
-++}
-++
-++const char *tests[100] = {
-++     /*
-++      * ipv4
-++      */
-++     "R192.168.0.3",         /* reject address */
-++     "A192.168.0.1",         /* accept address */
-++     "R192.168.0.11",        /* reject range */
-++     "A192.168.0.8",         /* accept range */
-++     "R192.168.2.1",         /* reject mask */
-++     "A192.168.3.1",         /* accept mask */
-++     /*
-++      * ipv6
-++      */
-++     "R3ffe::3",
-++     "A3ffe::1",
-++     "R3ffe::11",
-++     "A3ffe::8",
-++     "R3ffe:1::1",
-++     "A3ffe:1::1:1"
-++};
-++
-++const char *after_insert_tests[100] = {
-++     /*
-++      * ipv4
-++      */
-++     "R192.168.0.3",         /* reject address */
-++     "A192.168.0.1",         /* accept address */
-++     "R192.168.0.11",        /* reject range */
-++     "A192.168.0.8",         /* accept range */
-++     "A192.168.2.1",         /* reject mask */
-++     "A192.168.3.1",         /* accept mask */
-++     /*
-++      * ipv6
-++      */
-++     "R3ffe::3",
-++     "A3ffe::1",
-++     "R3ffe::11",
-++     "A3ffe::8",
-++     "A3ffe:1::1",
-++     "A3ffe:1::1:1"
-++};
-++
-++int test(void)
-++{
-++     int i = 0;
-++     int expected;
-++     struct sockaddr_storage saddr;
-++     struct acl_match_entry *match_entry;
-++
-++     /*
-++      * default tests
-++      */
-++     while (tests[i] != NULL) {
-++             /*
-++              * First char is A (accept) or R (Reject)
-++              */
-++             switch(tests[i][0] & 0x5F) {
-++                     case 'A':
-++                             expected = 1;
-++                             break;
-++                     case 'R':
-++                             expected = 0;
-++                             break;
-++                     default:
-++                             fprintf(stderr, "Unknown record type on line %d: %s\n", i, tests[i]);
-++                             return FAIL;
-++                             break;
-++             }
-++
-++             if (get_ipaddress(tests[i]+1, &saddr)) {
-++                             fprintf(stderr, "Cannot parse address %s\n", tests[i]+1);
-++                             return FAIL;
-++             }
-++
-++             if (saddr.ss_family == AF_INET) {
-++                     match_entry = match_entry_v4;
-++             } else {
-++                     match_entry = match_entry_v6;
-++             }
-++
-++             if (ipcheck_validate(&match_entry, &saddr) != expected) {
-++                     fprintf(stderr, "Failed to check access list for ip: %s\n", tests[i]);
-++                     return FAIL;
-++             }
-++             i++;
-++     }
-++
-++     /*
-++      * insert tests
-++      */
-++
-++     if (get_ipaddress("192.168.2.1", &saddr)) {
-++             fprintf(stderr, "Cannot parse address 192.168.2.1\n");
-++             return FAIL;
-++     }
-++
-++     if (ipcheck_addip(&match_entry_v4, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             fprintf(stderr, "Unable to insert address in position 3 192.168.2.1\n");
-++             return FAIL;
-++     }
-++
-++     if (get_ipaddress("3ffe:1::1", &saddr)) {
-++             fprintf(stderr, "Cannot parse address 3ffe:1::1\n");
-++             return FAIL;
-++     }
-++
-++     if (ipcheck_addip(&match_entry_v6, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             fprintf(stderr, "Unable to insert address in position 3 3ffe:1::1\n");
-++             return FAIL;
-++     }
-++
-++     while (after_insert_tests[i] != NULL) {
-++             /*
-++              * First char is A (accept) or R (Reject)
-++              */
-++             switch(after_insert_tests[i][0] & 0x5F) {
-++                     case 'A':
-++                             expected = 1;
-++                             break;
-++                     case 'R':
-++                             expected = 0;
-++                             break;
-++                     default:
-++                             fprintf(stderr, "Unknown record type on line %d: %s\n", i, after_insert_tests[i]);
-++                             return FAIL;
-++                             break;
-++             }
-++
-++             if (get_ipaddress(after_insert_tests[i]+1, &saddr)) {
-++                             fprintf(stderr, "Cannot parse address %s\n", after_insert_tests[i]+1);
-++                             return FAIL;
-++             }
-++
-++             if (saddr.ss_family == AF_INET) {
-++                     match_entry = match_entry_v4;
-++             } else {
-++                     match_entry = match_entry_v6;
-++             }
-++
-++             if (ipcheck_validate(&match_entry, &saddr) != expected) {
-++                     fprintf(stderr, "Failed to check access list for ip: %s\n", after_insert_tests[i]);
-++                     return FAIL;
-++             }
-++             i++;
-++     }
-++     return PASS;
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     struct sockaddr_storage saddr;
-++     struct acl_match_entry *match_entry;
-++     int ret = PASS;
-++     int i;
-++
-++     if (default_rules(1) < 0) {
-++             return -1;
-++     }
-++
-++     if (argc > 1) {
-++             /*
-++              * run manual check against default access lists
-++              */
-++             for (i=1; i<argc; i++) {
-++                     if (get_ipaddress(argv[i], &saddr)) {
-++                             fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-++                             ret = FAIL;
-++                             goto out;
-++                     } else {
-++                             if (saddr.ss_family == AF_INET) {
-++                                     match_entry = match_entry_v4;
-++                             } else {
-++                                     match_entry = match_entry_v6;
-++                             }
-++                             if (ipcheck_validate(&match_entry, &saddr)) {
-++                                     printf("%s is VALID\n", argv[i]);
-++                                     ret = PASS;
-++                             } else {
-++                                     printf("%s is not allowed\n", argv[i]);
-++                                     ret = FAIL;
-++                             }
-++                     }
-++             }
-++     } else {
-++             /*
-++              * run automatic tests
-++              */
-++             ret = test();
-++     }
-++
-++     /*
-++      * test memory leaks with ipcheck_rmip
-++      */
-++     if (default_rules(0) < 0) {
-++             return FAIL;
-++     }
-++
-++     /*
-++      * test memory leaks with ipcheck_rmall
-++      */
-++     if (default_rules(1) < 0) {
-++             return FAIL;
-++     }
-++out:
-++     ipcheck_rmall(&match_entry_v4);
-++     ipcheck_rmall(&match_entry_v6);
-++
-++     return ret;
-++}
-diff --git a/debian/patches/access-lists-add-public-API-tests.patch b/debian/patches/access-lists-add-public-API-tests.patch
-new file mode 100644
-index 0000000..2be97b8
---- /dev/null
-+++ b/debian/patches/access-lists-add-public-API-tests.patch
-@@ -0,0 +1,1019 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 6 Mar 2019 13:08:34 +0100
-+Subject: [access lists] add public API tests
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 31da8fa7b5d034980c38c2f5dcc6e3730f2031fa)
-+---
-+ libknet/tests/api_knet_link_add_acl.c    | 246 +++++++++++++++++++++++++++++
-+ libknet/tests/api_knet_link_clear_acl.c  | 196 +++++++++++++++++++++++
-+ libknet/tests/api_knet_link_insert_acl.c | 246 +++++++++++++++++++++++++++++
-+ libknet/tests/api_knet_link_rm_acl.c     | 256 +++++++++++++++++++++++++++++++
-+ libknet/tests/api-check.mk               |  18 ++-
-+ 5 files changed, 961 insertions(+), 1 deletion(-)
-+ create mode 100644 libknet/tests/api_knet_link_add_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_clear_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_insert_acl.c
-+ create mode 100644 libknet/tests/api_knet_link_rm_acl.c
-+
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+new file mode 100644
-+index 0000000..b018165
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -0,0 +1,246 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++     knet_handle_t knet_h;
-++     int logfds[2];
-++     struct knet_host *host;
-++     struct knet_link *link;
-++     struct sockaddr_storage lo, lo6;
-++
-++     if (make_local_sockaddr(&lo, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     if (make_local_sockaddr6(&lo6, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     printf("Test knet_link_add_acl incorrect knet_h\n");
-++
-++     if ((!knet_link_add_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     setup_logpipes(logfds);
-++
-++     knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++     printf("Test knet_link_add_acl with unconfigured host\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with unconfigured link\n");
-++
-++     if (knet_host_add(knet_h, 1) < 0) {
-++             printf("knet_host_add failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with invalid link\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with invalid ss1\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with invalid ss2\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with non matching families\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with wrong check_type\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with wrong acceptreject\n");
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_add_acl with point to point link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_add_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     knet_link_clear_config(knet_h, 1, 0);
-++
-++     printf("Test knet_link_add_acl with dynamic link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list not empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             printf("knet_link_add_acl did not accept dynamic link error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++     knet_link_clear_config(knet_h, 1, 0);
-++     knet_host_remove(knet_h, 1);
-++     knet_handle_free(knet_h);
-++     flush_logs(logfds[0], stdout);
-++     close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     test();
-++
-++     return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+new file mode 100644
-+index 0000000..78b7d79
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -0,0 +1,196 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++     knet_handle_t knet_h;
-++     int logfds[2];
-++     struct knet_host *host;
-++     struct knet_link *link;
-++     struct sockaddr_storage lo;
-++
-++     if (make_local_sockaddr(&lo, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     printf("Test knet_link_clear_acl incorrect knet_h\n");
-++
-++     if ((!knet_link_clear_acl(NULL, 1, 0)) || (errno != EINVAL)) {
-++             printf("knet_link_clear_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     setup_logpipes(logfds);
-++
-++     knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++     printf("Test knet_link_clear_acl with unconfigured host\n");
-++
-++     if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++             printf("knet_link_clear_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_clear_acl with unconfigured link\n");
-++
-++     if (knet_host_add(knet_h, 1) < 0) {
-++             printf("knet_host_add failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++             printf("knet_link_clear_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_clear_acl with invalid link\n");
-++
-++     if ((!knet_link_clear_acl(knet_h, 1, KNET_MAX_LINK)) || (errno != EINVAL)) {
-++             printf("knet_link_clear_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_clear_acl with point to point link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
-++             printf("knet_link_clear_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     knet_link_clear_config(knet_h, 1, 0);
-++
-++     printf("Test knet_link_clear_acl with dynamic link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list NOT empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             printf("knet_link_clear_acl did not accept dynamic link error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_clear_acl(knet_h, 1, 0) < 0) {
-++             printf("knet_link_clear_acl failed to clear. error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list NOT empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++     knet_link_clear_config(knet_h, 1, 0);
-++     knet_host_remove(knet_h, 1);
-++     knet_handle_free(knet_h);
-++     flush_logs(logfds[0], stdout);
-++     close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     test();
-++
-++     return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+new file mode 100644
-+index 0000000..547f92b
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -0,0 +1,246 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++     knet_handle_t knet_h;
-++     int logfds[2];
-++     struct knet_host *host;
-++     struct knet_link *link;
-++     struct sockaddr_storage lo, lo6;
-++
-++     if (make_local_sockaddr(&lo, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     if (make_local_sockaddr6(&lo6, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     printf("Test knet_link_insert_acl incorrect knet_h\n");
-++
-++     if ((!knet_link_insert_acl(NULL, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     setup_logpipes(logfds);
-++
-++     knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++     printf("Test knet_link_insert_acl with unconfigured host\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with unconfigured link\n");
-++
-++     if (knet_host_add(knet_h, 1) < 0) {
-++             printf("knet_host_add failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with invalid link\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, KNET_MAX_LINK, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with invalid ss1\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with invalid ss2\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with non matching families\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with wrong check_type\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with wrong acceptreject\n");
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_insert_acl with point to point link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_insert_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     knet_link_clear_config(knet_h, 1, 0);
-++
-++     printf("Test knet_link_insert_acl with dynamic link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list not empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             printf("knet_link_insert_acl did not accept dynamic link error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++     knet_link_clear_config(knet_h, 1, 0);
-++     knet_host_remove(knet_h, 1);
-++     knet_handle_free(knet_h);
-++     flush_logs(logfds[0], stdout);
-++     close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     test();
-++
-++     return PASS;
-++}
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+new file mode 100644
-+index 0000000..49a82d9
-+--- /dev/null
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -0,0 +1,256 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++#include <inttypes.h>
-++
-++#include "libknet.h"
-++
-++#include "internals.h"
-++#include "netutils.h"
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++     knet_handle_t knet_h;
-++     int logfds[2];
-++     struct knet_host *host;
-++     struct knet_link *link;
-++     struct sockaddr_storage lo, lo6;
-++
-++     if (make_local_sockaddr(&lo, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     if (make_local_sockaddr6(&lo6, 0) < 0) {
-++             printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     printf("Test knet_link_rm_acl incorrect knet_h\n");
-++
-++     if ((!knet_link_rm_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-++     setup_logpipes(logfds);
-++
-++     knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++     printf("Test knet_link_rm_acl with unconfigured host\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with unconfigured link\n");
-++
-++     if (knet_host_add(knet_h, 1) < 0) {
-++             printf("knet_host_add failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with invalid link\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with invalid ss1\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with invalid ss2\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with non matching families\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with wrong check_type\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with wrong acceptreject\n");
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_link_rm_acl with point to point link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
-++             printf("knet_link_rm_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     knet_link_clear_config(knet_h, 1, 0);
-++
-++     printf("Test knet_link_rm_acl with dynamic link\n");
-++
-++     if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
-++             printf("Unable to configure link: %s\n", strerror(errno));
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list not empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             printf("Failed to add an access list: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-++             printf("knet_link_rm_acl did not accept dynamic link error: %s\n", strerror(errno));
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-++             printf("match list NOT empty!");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++     knet_link_clear_config(knet_h, 1, 0);
-++     knet_host_remove(knet_h, 1);
-++     knet_handle_free(knet_h);
-++     flush_logs(logfds[0], stdout);
-++     close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     test();
-++
-++     return PASS;
-++}
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 247ed58..427c388 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -68,7 +68,11 @@ api_checks         = \
-+                        api_knet_link_set_enable_test \
-+                        api_knet_link_get_enable_test \
-+                        api_knet_link_get_link_list_test \
-+-                       api_knet_link_get_status_test
-++                       api_knet_link_get_status_test \
-++                       api_knet_link_add_acl_test \
-++                       api_knet_link_insert_acl_test \
-++                       api_knet_link_rm_acl_test \
-++                       api_knet_link_clear_acl_test
-+ 
-+ api_knet_handle_new_test_SOURCES = api_knet_handle_new.c \
-+                                 test-common.c
-+@@ -256,3 +260,15 @@ api_knet_link_get_link_list_test_SOURCES = api_knet_link_get_link_list.c \
-+ 
-+ api_knet_link_get_status_test_SOURCES = api_knet_link_get_status.c \
-+                                      test-common.c
-++
-++api_knet_link_add_acl_test_SOURCES = api_knet_link_add_acl.c \
-++                                  test-common.c
-++
-++api_knet_link_insert_acl_test_SOURCES = api_knet_link_insert_acl.c \
-++                                     test-common.c
-++
-++api_knet_link_rm_acl_test_SOURCES = api_knet_link_rm_acl.c \
-++                                 test-common.c
-++
-++api_knet_link_clear_acl_test_SOURCES = api_knet_link_clear_acl.c \
-++                                    test-common.c
-diff --git a/debian/patches/access-lists-add-tests-for-default-access-lists.patch b/debian/patches/access-lists-add-tests-for-default-access-lists.patch
-new file mode 100644
-index 0000000..24d97e5
---- /dev/null
-+++ b/debian/patches/access-lists-add-tests-for-default-access-lists.patch
-@@ -0,0 +1,63 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 06:47:41 +0100
-+Subject: [access lists] add tests for default access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c48b048e3b340ea7696c3300fb64928b22018233)
-+---
-+ libknet/tests/api_knet_link_set_config.c | 28 ++++++++++++++++++++++++++++
-+ 1 file changed, 28 insertions(+)
-+
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index 8679428..5fed9be 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -24,6 +24,8 @@
-+ static void test(void)
-+ {
-+      knet_handle_t knet_h;
-++     struct knet_host *host;
-++     struct knet_link *link;
-+      int logfds[2];
-+      char src_portstr[32];
-+      char dst_portstr[32];
-+@@ -140,6 +142,19 @@ static void test(void)
-+              exit(FAIL);
-+      }
-+ 
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++             printf("found access lists for dynamic dst_addr!\n");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-+      if (knet_link_get_status(knet_h, 1, 0, &link_status, sizeof(struct knet_link_status)) < 0) {
-+              printf("Unable to get link status: %s\n", strerror(errno));
-+              knet_link_clear_config(knet_h, 1, 0);
-+@@ -244,6 +259,19 @@ static void test(void)
-+              exit(FAIL);
-+      }
-+ 
-++     host = knet_h->host_index[1];
-++     link = &host->link[0];
-++
-++     if (!knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++             printf("Unable to find default access lists for static dst_addr!\n");
-++             knet_link_clear_config(knet_h, 1, 0);
-++             knet_host_remove(knet_h, 1);
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-+      if (knet_link_get_status(knet_h, 1, 0, &link_status, sizeof(struct knet_link_status)) < 0) {
-+              printf("Unable to get link status: %s\n", strerror(errno));
-+              knet_link_clear_config(knet_h, 1, 0);
-diff --git a/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch b/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-new file mode 100644
-index 0000000..a9b0ea7
---- /dev/null
-+++ b/debian/patches/access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-@@ -0,0 +1,61 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 07:23:09 +0100
-+Subject: [access lists] allow knet_bench to enable/disable access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a7fa047d1bdae266cfef18fc31d87072b7dfd6d3)
-+---
-+ libknet/tests/knet_bench.c | 12 +++++++++++-
-+ 1 file changed, 11 insertions(+), 1 deletion(-)
-+
-+diff --git a/libknet/tests/knet_bench.c b/libknet/tests/knet_bench.c
-+index b208b3e..00cd58b 100644
-+--- a/libknet/tests/knet_bench.c
-++++ b/libknet/tests/knet_bench.c
-+@@ -46,6 +46,7 @@ static int wait_for_perf_rx = 0;
-+ static char *compresscfg = NULL;
-+ static char *cryptocfg = NULL;
-+ static int machine_output = 0;
-++static int use_access_lists = 0;
-+ 
-+ static int bench_shutdown_in_progress = 0;
-+ static pthread_mutex_t shutdown_mutex = PTHREAD_MUTEX_INITIALIZER;
-+@@ -78,6 +79,7 @@ static void print_help(void)
-+      printf("knet_bench usage:\n");
-+      printf(" -h                                        print this help (no really)\n");
-+      printf(" -d                                        enable debug logs (default INFO)\n");
-++     printf(" -f                                        enable use of access lists (default: off)\n");
-+      printf(" -c [implementation]:[crypto]:[hashing]    crypto configuration. (default disabled)\n");
-+      printf("                                           Example: -c nss:aes128:sha1\n");
-+      printf(" -z [implementation]:[level]:[threshold]   compress configuration. (default disabled)\n");
-+@@ -248,7 +250,7 @@ static void setup_knet(int argc, char *argv[])
-+ 
-+      memset(nodes, 0, sizeof(nodes));
-+ 
-+-     while ((rv = getopt(argc, argv, "aCT:S:s:ldom:wb:t:n:c:p:X::P:z:h")) != EOF) {
-++     while ((rv = getopt(argc, argv, "aCT:S:s:ldfom:wb:t:n:c:p:X::P:z:h")) != EOF) {
-+              switch(rv) {
-+                      case 'h':
-+                              print_help();
-+@@ -260,6 +262,9 @@ static void setup_knet(int argc, char *argv[])
-+                      case 'd':
-+                              debug = KNET_LOG_DEBUG;
-+                              break;
-++                     case 'f':
-++                             use_access_lists = 1;
-++                             break;
-+                      case 'c':
-+                              if (cryptocfg) {
-+                                      printf("Error: -c can only be specified once\n");
-+@@ -456,6 +461,11 @@ static void setup_knet(int argc, char *argv[])
-+              exit(FAIL);
-+      }
-+ 
-++     if (knet_handle_enable_access_lists(knet_h, use_access_lists) < 0) {
-++             printf("Unable to knet_handle_enable_access_lists: %s\n", strerror(errno));
-++             exit(FAIL);
-++     }
-++
-+      if (cryptocfg) {
-+              memset(&knet_handle_crypto_cfg, 0, sizeof(knet_handle_crypto_cfg));
-+              cryptomodel = strtok(cryptocfg, ":");
-diff --git a/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch b/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
-new file mode 100644
-index 0000000..5c0c247
---- /dev/null
-+++ b/debian/patches/access-lists-automatically-add-and-remove-point-to-point-.patch
-@@ -0,0 +1,283 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 14 Feb 2019 06:32:42 +0100
-+Subject: [access lists] automatically add and remove point to point access
-+ lists
-+
-+those are not used just yet.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a08389d536726927f2438a7e0bfe6b86244779ab)
-+---
-+ libknet/links_acl.h           |  7 +++-
-+ libknet/links.c               | 96 +++++++++++++++++++++++++++++++++++++++++++
-+ libknet/links_acl.c           | 62 +++++++++++++++++++++++++++-
-+ libknet/tests/int_links_acl.c |  8 ++--
-+ 4 files changed, 166 insertions(+), 7 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 26b0f36..f4713d6 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -13,10 +13,13 @@
-+ 
-+ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+-void ipcheck_clear(struct acl_match_entry **match_entry_head);
-+-
-+ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+                struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+                check_type_t type, check_acceptreject_t acceptreject);
-+ 
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject);
-++
-++void check_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 010aeb6..6c75c35 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -20,6 +20,56 @@
-+ #include "transports.h"
-+ #include "host.h"
-+ #include "threads_common.h"
-++#include "links_acl.h"
-++
-++static void _link_del_all_acl(knet_handle_t knet_h, int sock)
-++{
-++     check_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++}
-++
-++static int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++     int err = -1;
-++
-++     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++             case LOOPBACK:
-++                     /*
-++                      * loopback does not require access lists
-++                      */
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                                         &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++                     break;
-++             default:
-++                     break;
-++     }
-++
-++     return err;
-++}
-++
-++static int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++     int err = -1;
-++
-++     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++             case LOOPBACK:
-++                     /*
-++                      * loopback does not require access lists
-++                      */
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                                        &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++                     break;
-++             default:
-++                     break;
-++     }
-++
-++     return err;
-++}
-+ 
-+ int _link_updown(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-+               unsigned int enabled, unsigned int connected)
-+@@ -234,6 +284,21 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+              err = -1;
-+              goto exit_unlock;
-+      }
-++
-++     /*
-++      * we can only configure default access lists if we know both endpoints
-++      */
-++     if (link->dynamic == KNET_LINK_STATIC) {
-++             log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u",
-++                       host_id, link_id);
-++             if (_link_add_default_acl(knet_h, link) < 0) {
-++                     log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-++                     savederrno = errno;
-++                     err = -1;
-++                     goto exit_unlock;
-++             }
-++     }
-++
-+      link->configured = 1;
-+      log_debug(knet_h, KNET_SUB_LINK, "host: %u link: %u is configured",
-+                host_id, link_id);
-+@@ -351,6 +416,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+      int savederrno = 0, err = 0;
-+      struct knet_host *host;
-+      struct knet_link *link;
-++     int sock;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -397,6 +463,28 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+              goto exit_unlock;
-+      }
-+ 
-++     /*
-++      * remove well known access lists here.
-++      * After the transport has done clearing the config,
-++      * then we can remove any leftover access lists if the link
-++      * is no longer in use.
-++      */
-++     if (link->dynamic == KNET_LINK_STATIC) {
-++             if (_link_rm_default_acl(knet_h, link) < 0) {
-++                     err = -1;
-++                     savederrno = EBUSY;
-++                     log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-++                             host_id, link_id);
-++                     goto exit_unlock;
-++             }
-++     }
-++
-++     /*
-++      * cache it for later as we don't know if the transport
-++      * will clear link info during clear_config.
-++      */
-++     sock = link->outsock;
-++
-+      if ((transport_link_clear_config(knet_h, link) < 0)  &&
-+          (errno != EBUSY)) {
-+              savederrno = errno;
-+@@ -404,6 +492,14 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+              goto exit_unlock;
-+      }
-+ 
-++     /*
-++      * remove any other access lists when the socket is no
-++      * longer in use by the transport.
-++      */
-++     if (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS) {
-++             _link_del_all_acl(knet_h, sock);
-++     }
-++
-+      memset(link, 0, sizeof(struct knet_link));
-+      link->link_id = link_id;
-+ 
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index fe84088..2ad3e90 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -150,7 +150,7 @@ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_
-+  * Routines to manuipulate access lists
-+  */
-+ 
-+-void ipcheck_clear(struct acl_match_entry **match_entry_head)
-++void check_rmall(struct acl_match_entry **match_entry_head)
-+ {
-+      struct acl_match_entry *next_match_entry;
-+      struct acl_match_entry *match_entry = *match_entry_head;
-+@@ -163,6 +163,62 @@ void ipcheck_clear(struct acl_match_entry **match_entry_head)
-+      *match_entry_head = NULL;
-+ }
-+ 
-++static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++                                              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                              check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     while (match_entry) {
-++             if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-++                 (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++                 (match_entry->type == type) &&
-++                 (match_entry->acceptreject == acceptreject)) {
-++                     return match_entry;
-++             }
-++             match_entry = match_entry->next;
-++     }
-++
-++     return NULL;
-++}
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++              check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     struct acl_match_entry *next_match_entry = NULL;
-++     struct acl_match_entry *rm_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++     if (!rm_match_entry) {
-++             return -1;
-++     }
-++
-++     while (match_entry) {
-++             next_match_entry = match_entry->next;
-++             /*
-++              * we are removing the list head, be careful
-++              */
-++             if (rm_match_entry == match_entry) {
-++                     *match_entry_head = next_match_entry;
-++                     free(match_entry);
-++                     break;
-++             }
-++             /*
-++              * the next one is the one we need to remove
-++              */
-++             if (rm_match_entry == next_match_entry) {
-++                     match_entry->next = next_match_entry->next;
-++                     free(next_match_entry);
-++                     break;
-++             }
-++             match_entry = next_match_entry;
-++     }
-++
-++     return 0;
-++}
-++
-+ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+                struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+                check_type_t type, check_acceptreject_t acceptreject)
-+@@ -182,6 +238,10 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+          (ip1->ss_family != ip2->ss_family))
-+              return -1;
-+ 
-++     if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++             return -1;
-++     }
-++
-+      new_match_entry = malloc(sizeof(struct acl_match_entry));
-+      if (!new_match_entry)
-+              return -1;
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 1e7f426..129aabe 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -106,8 +106,8 @@ static int load_file(void)
-+      struct sockaddr_storage addr1;
-+      struct sockaddr_storage addr2;
-+ 
-+-     ipcheck_clear(&match_entry_v4);
-+-     ipcheck_clear(&match_entry_v6);
-++     check_rmall(&match_entry_v4);
-++     check_rmall(&match_entry_v6);
-+ 
-+      filterfile = fopen("int_links_acl.txt", "r");
-+      if (!filterfile) {
-+@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
-+              }
-+      }
-+ 
-+-     ipcheck_clear(&match_entry_v4);
-+-     ipcheck_clear(&match_entry_v6);
-++     check_rmall(&match_entry_v4);
-++     check_rmall(&match_entry_v6);
-+      return 0;
-+ }
-diff --git a/debian/patches/access-lists-cleanup-API-a-bit.patch b/debian/patches/access-lists-cleanup-API-a-bit.patch
-new file mode 100644
-index 0000000..b88c2b5
---- /dev/null
-+++ b/debian/patches/access-lists-cleanup-API-a-bit.patch
-@@ -0,0 +1,98 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:21:29 +0100
-+Subject: [access lists] cleanup API a bit
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 34d87fab04c1e1329f0066adf595d575dac3d0de)
-+---
-+ libknet/links_acl.h      |  3 ++-
-+ libknet/links_acl.c      | 26 +++++++++++++-------------
-+ libknet/threads_rx.c     |  2 +-
-+ libknet/transport_sctp.c |  2 +-
-+ 4 files changed, 17 insertions(+), 16 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 020ec05..0ad50e6 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -37,8 +37,9 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+           check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-++int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-++
-+ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+ 
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 85a792d..520a934 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -71,22 +71,10 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+      }
-+ }
-+ 
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-+-                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-+-                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+ /*
-+  * return 0 to reject and 1 to accept a packet
-+  */
-+-int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-++int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+      switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-+              case LOOPBACK:
-+@@ -103,3 +91,15 @@ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct socka
-+       */
-+      return 0;
-+ }
-++
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++     return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-++                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++}
-++
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-++{
-++     return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-++                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++}
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 06a0168..5fa51c4 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -808,7 +808,7 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+                               */
-+                              if ((knet_h->use_access_lists) &&
-+                                  (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+-                                     if (!_generic_filter_packet_by_acl(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-++                                     if (!check_validate(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-+                                              char src_ipaddr[KNET_MAX_HOST_LEN];
-+                                              char src_port[KNET_MAX_PORT_LEN];
-+ 
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index ce3e98e..50a237b 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -731,7 +731,7 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+                                              addr_str, port_str);
-+      if (knet_h->use_access_lists) {
-+-             if (!_generic_filter_packet_by_acl(knet_h, listen_sock, &ss)) {
-++             if (!check_validate(knet_h, listen_sock, &ss)) {
-+                      savederrno = EINVAL;
-+                      err = -1;
-+                      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-diff --git a/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch b/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
-new file mode 100644
-index 0000000..219cd34
---- /dev/null
-+++ b/debian/patches/access-lists-confine-access-lists-data-structs-within-the.patch
-@@ -0,0 +1,226 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 11:37:49 +0100
-+Subject: [access lists] confine access lists data structs within the protocol
-+ itself
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6abcbf579695dd050da0b5262f1e0a63325bbe52)
-+---
-+ libknet/links_acl.h    |  8 --------
-+ libknet/links_acl_ip.h | 13 +++++++------
-+ libknet/links_acl.c    |  8 ++++----
-+ libknet/links_acl_ip.c | 48 ++++++++++++++++++++++++++++++------------------
-+ 4 files changed, 41 insertions(+), 36 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index f871403..84ae6b9 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -22,14 +22,6 @@ typedef enum {
-+      CHECK_REJECT
-+ } check_acceptreject_t;
-+ 
-+-struct acl_match_entry {
-+-     check_type_t type;
-+-     check_acceptreject_t acceptreject;
-+-     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+-     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+-     struct acl_match_entry *next;
-+-};
-+-
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+            struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+            check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index 9e21e00..c475db9 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -12,15 +12,16 @@
-+ #include "internals.h"
-+ #include "links_acl.h"
-+ 
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head,
-+                struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+                check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               check_type_t type, check_acceptreject_t acceptreject);
-++int ipcheck_rmip(void *fd_tracker_match_entry_head,
-++              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++              check_type_t type, check_acceptreject_t acceptreject);
-++
-++void ipcheck_rmall(void *fd_tracker_match_entry_head);
-+ 
-+-void ipcheck_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 7605fe9..b1d7ab4 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -37,7 +37,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+                                          ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -58,7 +58,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+                                         ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -74,7 +74,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+                      return;
-+                      break;
-+              case IP_PROTO:
-+-                     ipcheck_rmall((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+                      break;
-+              default:
-+                      break;
-+@@ -92,7 +92,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+                      return 1;
-+                      break;
-+              case IP_PROTO:
-+-                     return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-++                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-+                      break;
-+              default:
-+                      break;
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 58c7b28..e72a382 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -21,6 +21,14 @@
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-+ 
-++struct ip_acl_match_entry {
-++     check_type_t type;
-++     check_acceptreject_t acceptreject;
-++     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++     struct ip_acl_match_entry *next;
-++};
-++
-+ /*
-+  * s6_addr32 is not defined in BSD userland, only kernel.
-+  * definition is the same as linux and it works fine for
-+@@ -34,7 +42,7 @@
-+  * IPv4 See if the address we have matches the current match entry
-+  */
-+ 
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
-+ {
-+      struct sockaddr_in *ip_to_check;
-+      struct sockaddr_in *match1;
-+@@ -96,7 +104,7 @@ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+  * IPv6 See if the address we have matches the current match entry
-+  */
-+ 
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
-+ {
-+      struct sockaddr_in6 *ip_to_check;
-+      struct sockaddr_in6 *match1;
-+@@ -134,10 +142,11 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entr
-+ }
-+ 
-+ 
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
-+ {
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-     int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++     struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++     struct ip_acl_match_entry *match_entry = *match_entry_head;
-++     int (*match_fn)(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry);
-+ 
-+      if (checkip->ss_family == AF_INET){
-+              match_fn = ip_matches_v4;
-+@@ -161,10 +170,11 @@ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_
-+  * Routines to manuipulate access lists
-+  */
-+ 
-+-void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-++void ipcheck_rmall(void *fd_tracker_match_entry_head)
-+ {
-+-     struct acl_match_entry *next_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-++     struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++     struct ip_acl_match_entry *next_match_entry;
-++     struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      while (match_entry) {
-+              next_match_entry = match_entry->next;
-+@@ -174,11 +184,11 @@ void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-+      *match_entry_head = NULL;
-+ }
-+ 
-+-static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **match_entry_head,
-+                                               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+                                               check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-++     struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      while (match_entry) {
-+              if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+@@ -193,13 +203,14 @@ static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_
-+      return NULL;
-+ }
-+ 
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+               check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     struct acl_match_entry *next_match_entry = NULL;
-+-     struct acl_match_entry *rm_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-++     struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++     struct ip_acl_match_entry *next_match_entry = NULL;
-++     struct ip_acl_match_entry *rm_match_entry;
-++     struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+      if (!rm_match_entry) {
-+@@ -231,12 +242,13 @@ int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+      return 0;
-+ }
-+ 
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++int ipcheck_addip(void *fd_tracker_match_entry_head,
-+                struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+                check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     struct acl_match_entry *new_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-++     struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-++     struct ip_acl_match_entry *new_match_entry;
-++     struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      if (!ip1) {
-+              errno = EINVAL;
-+@@ -259,7 +271,7 @@ int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+              return -1;
-+      }
-+ 
-+-     new_match_entry = malloc(sizeof(struct acl_match_entry));
-++     new_match_entry = malloc(sizeof(struct ip_acl_match_entry));
-+      if (!new_match_entry) {
-+              return -1;
-+      }
-diff --git a/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch b/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-new file mode 100644
-index 0000000..636f0ab
---- /dev/null
-+++ b/debian/patches/access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-@@ -0,0 +1,80 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 15 Feb 2019 10:57:45 +0100
-+Subject: [access lists] enable access lists for GENERIC_ACL protocols (udp
-+ for example)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit fe077a47ad551d6dcc9f136a1f29b2b98b718beb)
-+---
-+ libknet/threads_rx.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
-+ 1 file changed, 44 insertions(+)
-+
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 8435d13..833938d 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -20,6 +20,7 @@
-+ #include "crypto.h"
-+ #include "host.h"
-+ #include "links.h"
-++#include "links_acl.h"
-+ #include "logging.h"
-+ #include "transports.h"
-+ #include "transport_common.h"
-+@@ -720,6 +721,27 @@ out_pmtud:
-+      }
-+ }
-+ 
-++/*
-++ * return 0 to reject and 1 to accept a packet
-++ */
-++static int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, const struct knet_mmsghdr *msg)
-++{
-++     switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++             case LOOPBACK:
-++                     return 1;
-++                     break;
-++             case IP_PROTO:
-++                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, msg->msg_hdr.msg_name);
-++                     break;
-++             default:
-++                     break;
-++     }
-++     /*
-++      * reject by default
-++      */
-++     return 0;
-++}
-++
-+ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg)
-+ {
-+      int err, savederrno;
-+@@ -802,6 +824,28 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+                              goto exit_unlock;
-+                              break;
-+                      case 2: /* packet is data and should be parsed as such */
-++                             /*
-++                              * processing incoming packets vs access lists
-++                              */
-++                             if ((knet_h->use_access_lists) &&
-++                                 (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-++                                     if (!_generic_filter_packet_by_acl(knet_h, sockfd, &msg[i])) {
-++                                             char src_ipaddr[KNET_MAX_HOST_LEN];
-++                                             char src_port[KNET_MAX_PORT_LEN];
-++
-++                                             memset(src_ipaddr, 0, KNET_MAX_HOST_LEN);
-++                                             memset(src_port, 0, KNET_MAX_PORT_LEN);
-++                                             knet_addrtostr(msg->msg_hdr.msg_name, sockaddr_len(msg->msg_hdr.msg_name),
-++                                                            src_ipaddr, KNET_MAX_HOST_LEN,
-++                                                            src_port, KNET_MAX_PORT_LEN);
-++
-++                                             log_debug(knet_h, KNET_SUB_RX, "Packet rejected from %s/%s", src_ipaddr, src_port);
-++                                             /*
-++                                              * continue processing the other packets
-++                                              */
-++                                             continue;
-++                                     }
-++                             }
-+                              _parse_recv_from_links(knet_h, sockfd, &msg[i]);
-+                              break;
-+              }
-diff --git a/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch b/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
-new file mode 100644
-index 0000000..a27bd22
---- /dev/null
-+++ b/debian/patches/access-lists-enable-generic-access-lists-only-for-protoco.patch
-@@ -0,0 +1,55 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 07:32:59 +0100
-+Subject: [access lists] enable generic access lists only for protocols that
-+ use them
-+
-+protocols such as SCTP that use their own access list tracking will
-+need to setup access lists in transport_link_set/clear_config
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 862446dbc84165963b34f05e2157d3361b5b8f8a)
-+---
-+ libknet/links.c | 15 ++++++++++-----
-+ 1 file changed, 10 insertions(+), 5 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 6c75c35..85b50e5 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -287,10 +287,13 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ 
-+      /*
-+       * we can only configure default access lists if we know both endpoints
-++      * and the protocol uses GENERIC_ACL, otherwise the protocol has
-++      * to setup their own access lists above in transport_link_set_config.
-+       */
-+-     if (link->dynamic == KNET_LINK_STATIC) {
-+-             log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u",
-+-                       host_id, link_id);
-++     if ((transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL) &&
-++         (link->dynamic == KNET_LINK_STATIC)) {
-++             log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-++                       host_id, link_id, link->outsock);
-+              if (_link_add_default_acl(knet_h, link) < 0) {
-+                      log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+                      savederrno = errno;
-+@@ -469,7 +472,8 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * then we can remove any leftover access lists if the link
-+       * is no longer in use.
-+       */
-+-     if (link->dynamic == KNET_LINK_STATIC) {
-++     if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++         (link->dynamic == KNET_LINK_STATIC)) {
-+              if (_link_rm_default_acl(knet_h, link) < 0) {
-+                      err = -1;
-+                      savederrno = EBUSY;
-+@@ -496,7 +500,8 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * remove any other access lists when the socket is no
-+       * longer in use by the transport.
-+       */
-+-     if (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS) {
-++     if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++         (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+              _link_del_all_acl(knet_h, sock);
-+      }
-+ 
-diff --git a/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch b/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-new file mode 100644
-index 0000000..27b0e57
---- /dev/null
-+++ b/debian/patches/access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-@@ -0,0 +1,64 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 07:08:29 +0100
-+Subject: [access lists] fix build on BSD and add some include files around
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f1919ce88831032c123bb28771ef2cabf03a148e)
-+---
-+ libknet/tests/Makefile.am     | 1 +
-+ libknet/links_acl.c           | 2 ++
-+ libknet/links_acl_ip.c        | 2 ++
-+ libknet/tests/int_links_acl.c | 2 ++
-+ 4 files changed, 7 insertions(+)
-+
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index d46553a..2f22293 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -69,6 +69,7 @@ pckt_test_SOURCES   = pckt_test.c
-+ 
-+ int_links_acl_test_SOURCES = int_links_acl.c \
-+                           ../common.c \
-++                          ../compat.c \
-+                           ../logging.c \
-+                           ../netutils.c \
-+                           ../threads_common.c \
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 8592f1f..cfcc1fd 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -6,6 +6,8 @@
-+  * This software licensed under GPL-2.0+, LGPL-2.0+
-+  */
-+ 
-++#include "config.h"
-++
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 2aef14b..ffd18a4 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -6,6 +6,8 @@
-+  * This software licensed under GPL-2.0+, LGPL-2.0+
-+  */
-+ 
-++#include "config.h"
-++
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 8d9f4e0..05bd829 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -6,6 +6,8 @@
-+  * This software licensed under GPL-2.0+, LGPL-2.0+
-+  */
-+ 
-++#include "config.h"
-++
-+ #include <sys/types.h>
-+ #include <sys/socket.h>
-+ #include <netinet/in.h>
-diff --git a/debian/patches/access-lists-fix-build-on-freebsd.patch b/debian/patches/access-lists-fix-build-on-freebsd.patch
-new file mode 100644
-index 0000000..385cc85
---- /dev/null
-+++ b/debian/patches/access-lists-fix-build-on-freebsd.patch
-@@ -0,0 +1,54 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 17 Feb 2019 09:49:06 +0100
-+Subject: [access lists] fix build on freebsd
-+
-+don't use malloc.h, obsoleted by stdlib.h
-+define s6_addr32 that's only available in kernel space
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 12ee796ceca832c18054e87a0e310dcd9a6c16c6)
-+---
-+ libknet/links_acl.c           | 11 ++++++++++-
-+ libknet/tests/int_links_acl.c |  1 -
-+ 2 files changed, 10 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 2ad3e90..854f273 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -10,13 +10,22 @@
-+ #include <netinet/in.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+-#include <malloc.h>
-++#include <stdlib.h>
-+ 
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-+ #include "links_acl.h"
-+ 
-++/*
-++ * s6_addr32 is not defined in BSD userland, only kernel.
-++ * definition is the same as linux and it works fine for
-++ * what we need.
-++ */
-++#ifndef s6_addr32
-++#define s6_addr32 __u6_addr.__u6_addr32
-++#endif
-++
-+ /*
-+  * IPv4 See if the address we have matches the current match entry
-+  */
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 129aabe..133cd5a 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -13,7 +13,6 @@
-+ #include <stdlib.h>
-+ #include <string.h>
-+ #include <netdb.h>
-+-#include <malloc.h>
-+ 
-+ #include "internals.h"
-+ #include "links_acl.h"
-diff --git a/debian/patches/access-lists-improve-checks-on-various-data-types.patch b/debian/patches/access-lists-improve-checks-on-various-data-types.patch
-new file mode 100644
-index 0000000..1a8d531
---- /dev/null
-+++ b/debian/patches/access-lists-improve-checks-on-various-data-types.patch
-@@ -0,0 +1,74 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 6 Mar 2019 09:43:10 +0100
-+Subject: [access lists] improve checks on various data types
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f6f08c08179a051aa51fadc48a1acfb71a6f55b4)
-+---
-+ libknet/links.c | 39 +++++++++++++++++++++++++++++++++++++++
-+ 1 file changed, 39 insertions(+)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 0f02006..038a8a4 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -1168,6 +1168,19 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+              return -1;
-+      }
-+ 
-++     if ((type != CHECK_TYPE_ADDRESS) &&
-++         (type != CHECK_TYPE_MASK) &&
-++         (type != CHECK_TYPE_RANGE)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((acceptreject != CHECK_ACCEPT) &&
-++         (acceptreject != CHECK_REJECT)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-+      if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+              errno = EINVAL;
-+              return -1;
-+@@ -1250,6 +1263,19 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+              return -1;
-+      }
-+ 
-++     if ((type != CHECK_TYPE_ADDRESS) &&
-++         (type != CHECK_TYPE_MASK) &&
-++         (type != CHECK_TYPE_RANGE)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((acceptreject != CHECK_ACCEPT) &&
-++         (acceptreject != CHECK_REJECT)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-+      if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+              errno = EINVAL;
-+              return -1;
-+@@ -1331,6 +1357,19 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+              return -1;
-+      }
-+ 
-++     if ((type != CHECK_TYPE_ADDRESS) &&
-++         (type != CHECK_TYPE_MASK) &&
-++         (type != CHECK_TYPE_RANGE)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if ((acceptreject != CHECK_ACCEPT) &&
-++         (acceptreject != CHECK_REJECT)) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-+      if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+              errno = EINVAL;
-+              return -1;
-diff --git a/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch b/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
-new file mode 100644
-index 0000000..30cafa3
---- /dev/null
-+++ b/debian/patches/access-lists-make-code-more-generic-to-accept-more-than-I.patch
-@@ -0,0 +1,436 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 12 Feb 2019 07:21:20 +0100
-+Subject: [access lists] make code more generic to accept more than IP
-+ protocol and start to bind it to each fd
-+
-+access lists are unique per file descriptor, each fd can have its own protocol and list.
-+
-+remane around ipcheck* with check* to be more generic.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 45b1d526876aa89986e7bd379c45f8856056fe68)
-+---
-+ libknet/internals.h           |  24 +++++++++
-+ libknet/links_acl.h           |  18 ++++---
-+ libknet/links_acl.c           | 114 ++++++++++++++++++++----------------------
-+ libknet/tests/int_links_acl.c |  46 +++++++++++------
-+ 4 files changed, 120 insertions(+), 82 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 106b49d..78e718d 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -129,11 +129,35 @@ struct knet_sock {
-+                        * and socket has been removed from epoll */
-+ };
-+ 
-++/*
-++ * access lists
-++ */
-++
-++typedef enum {
-++     CHECK_TYPE_ADDRESS,
-++     CHECK_TYPE_MASK,
-++     CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++typedef      enum {
-++     CHECK_ACCEPT,
-++     CHECK_REJECT
-++} check_acceptreject_t;
-++
-++struct acl_match_entry {
-++     check_type_t type;
-++     check_acceptreject_t acceptreject;
-++     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++     struct acl_match_entry *next;
-++};
-++
-+ struct knet_fd_trackers {
-+      uint8_t transport; /* transport type (UDP/SCTP...) */
-+      uint8_t data_type; /* internal use for transport to define what data are associated
-+                          * to this fd */
-+      void *data;        /* pointer to the data */
-++     struct acl_match_entry *match_entry;
-+ };
-+ 
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index eca4566..26b0f36 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -6,11 +6,17 @@
-+  * This software licensed under GPL-2.0+, LGPL-2.0+
-+  */
-+ 
-+-typedef enum {IPCHECK_TYPE_ADDRESS, IPCHECK_TYPE_MASK, IPCHECK_TYPE_RANGE} ipcheck_type_t;
-+-typedef      enum {IPCHECK_ACCEPT, IPCHECK_REJECT} ipcheck_acceptreject_t;
-++#ifndef __KNET_LINKS_ACL_H__
-++#define __KNET_LINKS_ACL_H__
-+ 
-+-int ipcheck_validate(struct sockaddr_storage *checkip);
-++#include "internals.h"
-+ 
-+-void ipcheck_clear(void);
-+-int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               ipcheck_type_t type, ipcheck_acceptreject_t acceptreject);
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++
-++void ipcheck_clear(struct acl_match_entry **match_entry_head);
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject);
-++
-++#endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index e7b5602..fe84088 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -11,26 +11,17 @@
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <malloc.h>
-+-#include "links_acl.h"
-+-
-+-struct ip_match_entry {
-+-     ipcheck_type_t type;
-+-     ipcheck_acceptreject_t acceptreject;
-+-     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+-     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+-     struct ip_match_entry *next;
-+-};
-+ 
-+-
-+-/* Lists of things to match against. These are dummy structs to provide a quick list head */
-+-static struct ip_match_entry match_entry_head_v4;
-+-static struct ip_match_entry match_entry_head_v6;
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl.h"
-+ 
-+ /*
-+  * IPv4 See if the address we have matches the current match entry
-+- *
-+  */
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry)
-++
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+ {
-+      struct sockaddr_in *ip_to_check;
-+      struct sockaddr_in *match1;
-+@@ -41,16 +32,16 @@ static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry
-+      match2 = (struct sockaddr_in *)&match_entry->addr2;
-+ 
-+      switch(match_entry->type) {
-+-     case IPCHECK_TYPE_ADDRESS:
-++     case CHECK_TYPE_ADDRESS:
-+              if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-+                      return 1;
-+              break;
-+-     case IPCHECK_TYPE_MASK:
-++     case CHECK_TYPE_MASK:
-+              if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-+                  match1->sin_addr.s_addr)
-+                      return 1;
-+              break;
-+-     case IPCHECK_TYPE_RANGE:
-++     case CHECK_TYPE_RANGE:
-+              if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-+                  (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-+                      return 1;
-+@@ -60,7 +51,10 @@ static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_match_entry
-+      return 0;
-+ }
-+ 
-+-/* Compare two IPv6 addresses */
-++/*
-++ * Compare two IPv6 addresses
-++ */
-++
-+ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+ {
-+      uint64_t a_high, a_low;
-+@@ -89,9 +83,9 @@ static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-+ 
-+ /*
-+  * IPv6 See if the address we have matches the current match entry
-+- *
-+  */
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry)
-++
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+ {
-+      struct sockaddr_in6 *ip_to_check;
-+      struct sockaddr_in6 *match1;
-+@@ -103,12 +97,12 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+      match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-+ 
-+      switch(match_entry->type) {
-+-     case IPCHECK_TYPE_ADDRESS:
-++     case CHECK_TYPE_ADDRESS:
-+              if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-+                      return 1;
-+              break;
-+ 
-+-     case IPCHECK_TYPE_MASK:
-++     case CHECK_TYPE_MASK:
-+              /*
-+               * Note that this little loop will quit early if there is a non-match so the
-+               * comparison might look backwards compared to the IPv4 one
-+@@ -119,7 +113,7 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+                              return 0;
-+              }
-+              return 1;
-+-     case IPCHECK_TYPE_RANGE:
-++     case CHECK_TYPE_RANGE:
-+              if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-+                  (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-+                      return 1;
-+@@ -129,24 +123,20 @@ static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_match_entry
-+ }
-+ 
-+ 
-+-/*
-+- * YOU ARE HERE
-+- */
-+-int ipcheck_validate(struct sockaddr_storage *checkip)
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-+ {
-+-     struct ip_match_entry *match_entry;
-+-     int (*match_fn)(struct sockaddr_storage *checkip, struct ip_match_entry *match_entry);
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++     int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-+ 
-+      if (checkip->ss_family == AF_INET){
-+-             match_entry = match_entry_head_v4.next;
-+              match_fn = ip_matches_v4;
-+      } else {
-+-             match_entry = match_entry_head_v6.next;
-+              match_fn = ip_matches_v6;
-+      }
-++
-+      while (match_entry) {
-+              if (match_fn(checkip, match_entry)) {
-+-                     if (match_entry->acceptreject == IPCHECK_ACCEPT)
-++                     if (match_entry->acceptreject == CHECK_ACCEPT)
-+                              return 1;
-+                      else
-+                              return 0;
-+@@ -157,47 +147,42 @@ int ipcheck_validate(struct sockaddr_storage *checkip)
-+ }
-+ 
-+ /*
-+- * Routines to manuipulate the lists
-++ * Routines to manuipulate access lists
-+  */
-+ 
-+-void ipcheck_clear(void)
-++void ipcheck_clear(struct acl_match_entry **match_entry_head)
-+ {
-+-     struct ip_match_entry *match_entry;
-+-     struct ip_match_entry *next_match_entry;
-++     struct acl_match_entry *next_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-+ 
-+-     match_entry = match_entry_head_v4.next;
-+-     while (match_entry) {
-+-             next_match_entry = match_entry->next;
-+-             free(match_entry);
-+-             match_entry = next_match_entry;
-+-     }
-+-
-+-     match_entry = match_entry_head_v6.next;
-+      while (match_entry) {
-+              next_match_entry = match_entry->next;
-+              free(match_entry);
-+              match_entry = next_match_entry;
-+      }
-++     *match_entry_head = NULL;
-+ }
-+ 
-+-int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               ipcheck_type_t type, ipcheck_acceptreject_t acceptreject)
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     struct ip_match_entry *match_entry;
-+-     struct ip_match_entry *new_match_entry;
-++     struct acl_match_entry *new_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-+ 
-+-     if (type == IPCHECK_TYPE_RANGE &&
-+-         (ip1->ss_family != ip2->ss_family))
-++     if (!ip1) {
-+              return -1;
-++     }
-+ 
-+-     if (ip1->ss_family == AF_INET){
-+-             match_entry = &match_entry_head_v4;
-+-     } else {
-+-             match_entry = &match_entry_head_v6;
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++             return -1;
-+      }
-+ 
-++     if (type == CHECK_TYPE_RANGE &&
-++         (ip1->ss_family != ip2->ss_family))
-++             return -1;
-+ 
-+-     new_match_entry = malloc(sizeof(struct ip_match_entry));
-++     new_match_entry = malloc(sizeof(struct acl_match_entry));
-+      if (!new_match_entry)
-+              return -1;
-+ 
-+@@ -207,12 +192,19 @@ int ipcheck_addip(struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+      new_match_entry->acceptreject = acceptreject;
-+      new_match_entry->next = NULL;
-+ 
-+-     /* Find the end of the list */
-+-     /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+-     while (match_entry->next) {
-+-             match_entry = match_entry->next;
-++     if (match_entry) {
-++             /* Find the end of the list */
-++             /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-++             while (match_entry->next) {
-++                     match_entry = match_entry->next;
-++             }
-++             match_entry->next = new_match_entry;
-++     } else {
-++             /*
-++              * first entry in the list
-++              */
-++             *match_entry_head = new_match_entry;
-+      }
-+-     match_entry->next = new_match_entry;
-+ 
-+      return 0;
-+ }
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 27ac545..1e7f426 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -14,8 +14,13 @@
-+ #include <string.h>
-+ #include <netdb.h>
-+ #include <malloc.h>
-++
-++#include "internals.h"
-+ #include "links_acl.h"
-+ 
-++static struct acl_match_entry *match_entry_v4;
-++static struct acl_match_entry *match_entry_v6;
-++
-+ /* This is a test program .. remember! */
-+ #define BUFLEN 1024
-+ 
-+@@ -31,7 +36,7 @@ static int get_ipaddress(char *buf, struct sockaddr_storage *addr)
-+      res = getaddrinfo(buf, NULL, &hints, &info);
-+      if (!res) {
-+              memmove(addr, info->ai_addr, info->ai_addrlen);
-+-             free(info);
-++             freeaddrinfo(info);
-+      }
-+      return res;
-+ }
-+@@ -96,12 +101,13 @@ static int load_file(void)
-+      char filebuf[BUFLEN];
-+      int line = 0;
-+      int ret;
-+-     ipcheck_type_t type;
-+-     ipcheck_acceptreject_t acceptreject;
-++     check_type_t type;
-++     check_acceptreject_t acceptreject;
-+      struct sockaddr_storage addr1;
-+      struct sockaddr_storage addr2;
-+ 
-+-     ipcheck_clear();
-++     ipcheck_clear(&match_entry_v4);
-++     ipcheck_clear(&match_entry_v6);
-+ 
-+      filterfile = fopen("int_links_acl.txt", "r");
-+      if (!filterfile) {
-+@@ -118,10 +124,10 @@ static int load_file(void)
-+               */
-+              switch(filebuf[0] & 0x5F) {
-+              case 'A':
-+-                     acceptreject = IPCHECK_ACCEPT;
-++                     acceptreject = CHECK_ACCEPT;
-+                      break;
-+              case 'R':
-+-                     acceptreject = IPCHECK_REJECT;
-++                     acceptreject = CHECK_REJECT;
-+                      break;
-+              default:
-+                      fprintf(stderr, "Unknown record type on line %d: %s\n", line, filebuf);
-+@@ -136,15 +142,15 @@ static int load_file(void)
-+               */
-+              switch(filebuf[1] & 0x5F) {
-+              case 'A':
-+-                     type = IPCHECK_TYPE_ADDRESS;
-++                     type = CHECK_TYPE_ADDRESS;
-+                      ret = read_address(filebuf+2, &addr1);
-+                      break;
-+              case 'M':
-+-                     type = IPCHECK_TYPE_MASK;
-++                     type = CHECK_TYPE_MASK;
-+                      ret = read_mask(filebuf+2, &addr1, &addr2);
-+                      break;
-+              case 'R':
-+-                     type = IPCHECK_TYPE_RANGE;
-++                     type = CHECK_TYPE_RANGE;
-+                      ret = read_range(filebuf+2, &addr1, &addr2);
-+                      break;
-+              default:
-+@@ -156,7 +162,11 @@ static int load_file(void)
-+                      fprintf(stderr, "Failed to parse address on line %d: %s\n", line, filebuf);
-+              }
-+              else {
-+-                     ipcheck_addip(&addr1, &addr2, type, acceptreject);
-++                     if (addr1.ss_family == AF_INET) {
-++                             ipcheck_addip(&match_entry_v4, &addr1, &addr2, type, acceptreject);
-++                     } else {
-++                             ipcheck_addip(&match_entry_v6, &addr1, &addr2, type, acceptreject);
-++                     }
-+              }
-+      next_record: {} /* empty statement to mollify the compiler */
-+      }
-+@@ -168,6 +178,7 @@ static int load_file(void)
-+ int main(int argc, char *argv[])
-+ {
-+      struct sockaddr_storage saddr;
-++     struct acl_match_entry *match_entry;
-+      int ret;
-+      int i;
-+ 
-+@@ -178,16 +189,21 @@ int main(int argc, char *argv[])
-+              ret = get_ipaddress(argv[i], &saddr);
-+              if (ret) {
-+                      fprintf(stderr, "Cannot parse address %s\n", argv[i]);
-+-             }
-+-             else {
-+-                     if (ipcheck_validate(&saddr)) {
-+-                             printf("%s is VALID\n", argv[i]);
-++             } else {
-++                     if (saddr.ss_family == AF_INET) {
-++                             match_entry = match_entry_v4;
-++                     } else {
-++                             match_entry = match_entry_v6;
-+                      }
-+-                     else {
-++                     if (ipcheck_validate(&match_entry, &saddr)) {
-++                             printf("%s is VALID\n", argv[i]);
-++                     } else {
-+                              printf("%s is not allowed\n", argv[i]);
-+                      }
-+              }
-+      }
-+ 
-++     ipcheck_clear(&match_entry_v4);
-++     ipcheck_clear(&match_entry_v6);
-+      return 0;
-+ }
-diff --git a/debian/patches/access-lists-make-internal-API-consistent.patch b/debian/patches/access-lists-make-internal-API-consistent.patch
-new file mode 100644
-index 0000000..a5d000c
---- /dev/null
-+++ b/debian/patches/access-lists-make-internal-API-consistent.patch
-@@ -0,0 +1,73 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 06:53:48 +0100
-+Subject: [access lists] make internal API consistent
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit fb462d4f238b98ab685f9efae945a0e527f399ba)
-+---
-+ libknet/links_acl.h      | 2 +-
-+ libknet/links_acl.c      | 6 +++---
-+ libknet/threads_rx.c     | 2 +-
-+ libknet/transport_sctp.c | 2 +-
-+ 4 files changed, 6 insertions(+), 6 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index b083753..f871403 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -37,6 +37,6 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+           check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+-int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-++int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip);
-+ 
-+ #endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 93cc5af..8592f1f 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -74,14 +74,14 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ /*
-+  * return 0 to reject and 1 to accept a packet
-+  */
-+-int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-++int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip)
-+ {
-+-     switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++     switch(transport_get_proto(knet_h, transport)) {
-+              case LOOPBACK:
-+                      return 1;
-+                      break;
-+              case IP_PROTO:
-+-                     return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++                     return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-+                      break;
-+              default:
-+                      break;
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 6417261..ae39b38 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -808,7 +808,7 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+                               */
-+                              if ((knet_h->use_access_lists) &&
-+                                  (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+-                                     if (!check_validate(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-++                                     if (!check_validate(knet_h, sockfd, transport, msg[i].msg_hdr.msg_name)) {
-+                                              char src_ipaddr[KNET_MAX_HOST_LEN];
-+                                              char src_port[KNET_MAX_PORT_LEN];
-+ 
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 50a237b..ff7903c 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -731,7 +731,7 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+                                              addr_str, port_str);
-+      if (knet_h->use_access_lists) {
-+-             if (!check_validate(knet_h, listen_sock, &ss)) {
-++             if (!check_validate(knet_h, listen_sock, KNET_TRANSPORT_SCTP, &ss)) {
-+                      savederrno = EINVAL;
-+                      err = -1;
-+                      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-diff --git a/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch b/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-new file mode 100644
-index 0000000..b69fa50
---- /dev/null
-+++ b/debian/patches/access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-@@ -0,0 +1,72 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:17:57 +0100
-+Subject: [access lists] more use of generic wrappers and remove duplicate code
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit be01691050bea1aabe0d8736d2017974d966a1c0)
-+---
-+ libknet/links_acl.c | 44 ++++++--------------------------------------
-+ 1 file changed, 6 insertions(+), 38 deletions(-)
-+
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 32763de..85a792d 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -73,51 +73,19 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ 
-+ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+-             case LOOPBACK:
-+-                     /*
-+-                      * loopback does not require access lists
-+-                      */
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+-                                         &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-
-+-     return err;
-++     return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-++                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ }
-+ 
-+ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+-             case LOOPBACK:
-+-                     /*
-+-                      * loopback does not require access lists
-+-                      */
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+-                                        &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-
-+-     return err;
-++     return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-++                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+ }
-+ 
-+ /*
-+- *  * return 0 to reject and 1 to accept a packet
-+- *   */
-++ * return 0 to reject and 1 to accept a packet
-++ */
-+ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+      switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-diff --git a/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch b/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
-new file mode 100644
-index 0000000..a96ab6b
---- /dev/null
-+++ b/debian/patches/access-lists-move-access-lists-structs-and-data-types-to-.patch
-@@ -0,0 +1,168 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:04:20 +0100
-+Subject: [access lists] move access lists structs and data types to
-+ links_acl.*
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c374aef3fda1c01b282a5baf193e0ac7870d1eb2)
-+---
-+ libknet/internals.h    | 25 +------------------------
-+ libknet/links_acl.h    | 19 +++++++++++++++++++
-+ libknet/links_acl_ip.h |  1 +
-+ libknet/links_acl.c    | 12 ++++++------
-+ libknet/links_acl_ip.c |  1 +
-+ 5 files changed, 28 insertions(+), 30 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 78e718d..0d6ee3f 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -129,35 +129,12 @@ struct knet_sock {
-+                        * and socket has been removed from epoll */
-+ };
-+ 
-+-/*
-+- * access lists
-+- */
-+-
-+-typedef enum {
-+-     CHECK_TYPE_ADDRESS,
-+-     CHECK_TYPE_MASK,
-+-     CHECK_TYPE_RANGE
-+-} check_type_t;
-+-
-+-typedef      enum {
-+-     CHECK_ACCEPT,
-+-     CHECK_REJECT
-+-} check_acceptreject_t;
-+-
-+-struct acl_match_entry {
-+-     check_type_t type;
-+-     check_acceptreject_t acceptreject;
-+-     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-+-     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-+-     struct acl_match_entry *next;
-+-};
-+-
-+ struct knet_fd_trackers {
-+      uint8_t transport; /* transport type (UDP/SCTP...) */
-+      uint8_t data_type; /* internal use for transport to define what data are associated
-+                          * to this fd */
-+      void *data;        /* pointer to the data */
-+-     struct acl_match_entry *match_entry;
-++     void *match_entry; /* pointer to access list match_entry list head */
-+ };
-+ 
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 9a20754..020ec05 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,6 +11,25 @@
-+ 
-+ #include "internals.h"
-+ 
-++typedef enum {
-++     CHECK_TYPE_ADDRESS,
-++     CHECK_TYPE_MASK,
-++     CHECK_TYPE_RANGE
-++} check_type_t;
-++
-++typedef enum {
-++     CHECK_ACCEPT,
-++     CHECK_REJECT
-++} check_acceptreject_t;
-++
-++struct acl_match_entry {
-++     check_type_t type;
-++     check_acceptreject_t acceptreject;
-++     struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
-++     struct sockaddr_storage addr2; /* high IP address or address bitmask */
-++     struct acl_match_entry *next;
-++};
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+            struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+            check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index 575b5ff..9e21e00 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -10,6 +10,7 @@
-+ #define __KNET_LINKS_ACL_IP_H__
-+ 
-+ #include "internals.h"
-++#include "links_acl.h"
-+ 
-+ int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 34bcce3..32763de 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -28,7 +28,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+                                          ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -48,7 +48,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry,
-+                                         ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -64,7 +64,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+                      return;
-+                      break;
-+              case IP_PROTO:
-+-                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++                     ipcheck_rmall((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+                      break;
-+              default:
-+                      break;
-+@@ -83,7 +83,7 @@ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                     err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+                                          &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+                      break;
-+              default:
-+@@ -105,7 +105,7 @@ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                     err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+                                         &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+                      break;
-+              default:
-+@@ -125,7 +125,7 @@ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct socka
-+                      return 1;
-+                      break;
-+              case IP_PROTO:
-+-                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++                     return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-+                      break;
-+              default:
-+                      break;
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index edc3ae1..2aef14b 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -15,6 +15,7 @@
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-++#include "links_acl.h"
-+ #include "links_acl_ip.h"
-+ 
-+ /*
-diff --git a/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch b/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-new file mode 100644
-index 0000000..6f3b9d3
---- /dev/null
-+++ b/debian/patches/access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-@@ -0,0 +1,1025 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 04:53:23 +0100
-+Subject: [access lists] move all acl wrappers to links_acl* and split
-+ links_acl_ip to their own files
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 0cb8e8bab46b30487a4821004ee757ee8f9eb91e)
-+---
-+ libknet/Makefile.am           |   2 +
-+ libknet/tests/Makefile.am     |  12 +-
-+ libknet/links_acl.h           |  20 +--
-+ libknet/links_acl_ip.h        |  25 ++++
-+ libknet/links.c               |  53 +------
-+ libknet/links_acl.c           | 322 ++++++++++++------------------------------
-+ libknet/links_acl_ip.c        | 277 ++++++++++++++++++++++++++++++++++++
-+ libknet/tests/int_links_acl.c |   9 +-
-+ libknet/threads_rx.c          |  25 +---
-+ libknet/transport_sctp.c      |  24 ++--
-+ 10 files changed, 438 insertions(+), 331 deletions(-)
-+ create mode 100644 libknet/links_acl_ip.h
-+ create mode 100644 libknet/links_acl_ip.c
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 4ea42d9..b60427c 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -32,6 +32,7 @@ sources                     = \
-+                        host.c \
-+                        links.c \
-+                        links_acl.c \
-++                       links_acl_ip.c \
-+                        logging.c \
-+                        netutils.c \
-+                        threads_common.c \
-+@@ -63,6 +64,7 @@ noinst_HEADERS              = \
-+                        internals.h \
-+                        links.h \
-+                        links_acl.h \
-++                       links_acl_ip.h \
-+                        logging.h \
-+                        netutils.h \
-+                        onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index f74cb04..d46553a 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -68,7 +68,17 @@ check-api-test-coverage:
-+ pckt_test_SOURCES    = pckt_test.c
-+ 
-+ int_links_acl_test_SOURCES = int_links_acl.c \
-+-                          ../links_acl.c
-++                          ../common.c \
-++                          ../logging.c \
-++                          ../netutils.c \
-++                          ../threads_common.c \
-++                          ../transports.c \
-++                          ../transport_common.c \
-++                          ../transport_loopback.c \
-++                          ../transport_sctp.c \
-++                          ../transport_udp.c \
-++                          ../links_acl.c \
-++                          ../links_acl_ip.c
-+ 
-+ int_timediff_test_SOURCES = int_timediff.c
-+ 
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index f4713d6..9a20754 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -11,15 +11,15 @@
-+ 
-+ #include "internals.h"
-+ 
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++           check_type_t type, check_acceptreject_t acceptreject);
-++int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-++          struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++          check_type_t type, check_acceptreject_t acceptreject);
-++void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-++int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+ 
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               check_type_t type, check_acceptreject_t acceptreject);
-+-
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               check_type_t type, check_acceptreject_t acceptreject);
-+-
-+-void check_rmall(struct acl_match_entry **match_entry_head);
-+ #endif
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+new file mode 100644
-+index 0000000..575b5ff
-+--- /dev/null
-++++ b/libknet/links_acl_ip.h
-+@@ -0,0 +1,25 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#ifndef __KNET_LINKS_ACL_IP_H__
-++#define __KNET_LINKS_ACL_IP_H__
-++
-++#include "internals.h"
-++
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject);
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject);
-++
-++void ipcheck_rmall(struct acl_match_entry **match_entry_head);
-++#endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 85b50e5..07ef26e 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -22,55 +22,6 @@
-+ #include "threads_common.h"
-+ #include "links_acl.h"
-+ 
-+-static void _link_del_all_acl(knet_handle_t knet_h, int sock)
-+-{
-+-     check_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-+-}
-+-
-+-static int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+-             case LOOPBACK:
-+-                     /*
-+-                      * loopback does not require access lists
-+-                      */
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+-                                         &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-
-+-     return err;
-+-}
-+-
-+-static int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-+-             case LOOPBACK:
-+-                     /*
-+-                      * loopback does not require access lists
-+-                      */
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-+-                                        &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-
-+-     return err;
-+-}
-+-
-+ int _link_updown(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
-+               unsigned int enabled, unsigned int connected)
-+ {
-+@@ -420,6 +371,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+      struct knet_host *host;
-+      struct knet_link *link;
-+      int sock;
-++     uint8_t transport;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -488,6 +440,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * will clear link info during clear_config.
-+       */
-+      sock = link->outsock;
-++     transport = link->transport_type;
-+ 
-+      if ((transport_link_clear_config(knet_h, link) < 0)  &&
-+          (errno != EBUSY)) {
-+@@ -502,7 +455,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       */
-+      if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-+          (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+-             _link_del_all_acl(knet_h, sock);
-++             check_rmall(knet_h, sock, transport);
-+      }
-+ 
-+      memset(link, 0, sizeof(struct knet_link));
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 854f273..34bcce3 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -6,8 +6,6 @@
-+  * This software licensed under GPL-2.0+, LGPL-2.0+
-+  */
-+ 
-+-#include <sys/socket.h>
-+-#include <netinet/in.h>
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <stdlib.h>
-+@@ -15,265 +13,125 @@
-+ #include "internals.h"
-+ #include "logging.h"
-+ #include "transports.h"
-++#include "transport_common.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+ 
-+-/*
-+- * s6_addr32 is not defined in BSD userland, only kernel.
-+- * definition is the same as linux and it works fine for
-+- * what we need.
-+- */
-+-#ifndef s6_addr32
-+-#define s6_addr32 __u6_addr.__u6_addr32
-+-#endif
-+-
-+-/*
-+- * IPv4 See if the address we have matches the current match entry
-+- */
-+-
-+-static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+-{
-+-     struct sockaddr_in *ip_to_check;
-+-     struct sockaddr_in *match1;
-+-     struct sockaddr_in *match2;
-+-
-+-     ip_to_check = (struct sockaddr_in *)checkip;
-+-     match1 = (struct sockaddr_in *)&match_entry->addr1;
-+-     match2 = (struct sockaddr_in *)&match_entry->addr2;
-+-
-+-     switch(match_entry->type) {
-+-     case CHECK_TYPE_ADDRESS:
-+-             if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-+-                     return 1;
-+-             break;
-+-     case CHECK_TYPE_MASK:
-+-             if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-+-                 match1->sin_addr.s_addr)
-+-                     return 1;
-+-             break;
-+-     case CHECK_TYPE_RANGE:
-+-             if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-+-                 (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-+-                     return 1;
-+-             break;
-+-
-+-     }
-+-     return 0;
-+-}
-+-
-+-/*
-+- * Compare two IPv6 addresses
-+- */
-+-
-+-static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-++int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-++           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++           check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     uint64_t a_high, a_low;
-+-     uint64_t b_high, b_low;
-++     int err = -1;
-+ 
-+-     /* Not sure why '&' doesn't work below, so I used '+' instead which is effectively
-+-        the same thing because the bottom 32bits are always zero and the value unsigned */
-+-     a_high = ((uint64_t)htonl(a->s6_addr32[0]) << 32) + (uint64_t)htonl(a->s6_addr32[1]);
-+-     a_low  = ((uint64_t)htonl(a->s6_addr32[2]) << 32) + (uint64_t)htonl(a->s6_addr32[3]);
-+-
-+-     b_high = ((uint64_t)htonl(b->s6_addr32[0]) << 32) + (uint64_t)htonl(b->s6_addr32[1]);
-+-     b_low  = ((uint64_t)htonl(b->s6_addr32[2]) << 32) + (uint64_t)htonl(b->s6_addr32[3]);
-+-
-+-     if (a_high > b_high)
-+-             return 1;
-+-     if (a_high < b_high)
-+-             return -1;
-+-
-+-     if (a_low > b_low)
-+-             return 1;
-+-     if (a_low < b_low)
-+-             return -1;
-+-
-+-     return 0;
-+-}
-+-
-+-/*
-+- * IPv6 See if the address we have matches the current match entry
-+- */
-+-
-+-static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-+-{
-+-     struct sockaddr_in6 *ip_to_check;
-+-     struct sockaddr_in6 *match1;
-+-     struct sockaddr_in6 *match2;
-+-     int i;
-+-
-+-     ip_to_check = (struct sockaddr_in6 *)checkip;
-+-     match1 = (struct sockaddr_in6 *)&match_entry->addr1;
-+-     match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-+-
-+-     switch(match_entry->type) {
-+-     case CHECK_TYPE_ADDRESS:
-+-             if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-+-                     return 1;
-+-             break;
-+-
-+-     case CHECK_TYPE_MASK:
-+-             /*
-+-              * Note that this little loop will quit early if there is a non-match so the
-+-              * comparison might look backwards compared to the IPv4 one
-+-              */
-+-             for (i=sizeof(struct in6_addr)/4-1; i>=0; i--) {
-+-                     if ((ip_to_check->sin6_addr.s6_addr32[i] & match2->sin6_addr.s6_addr32[i]) !=
-+-                         match1->sin6_addr.s6_addr32[i])
-+-                             return 0;
-+-             }
-+-             return 1;
-+-     case CHECK_TYPE_RANGE:
-+-             if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-+-                 (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-+-                     return 1;
-+-             break;
-++     switch(transport_get_proto(knet_h, transport)) {
-++             case LOOPBACK:
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                                         ip1, ip2, type, acceptreject);
-++                     break;
-++             default:
-++                     break;
-+      }
-+-     return 0;
-++     return err;
-+ }
-+ 
-+-
-+-int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-++          struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++          check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-     int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++     int err = -1;
-+ 
-+-     if (checkip->ss_family == AF_INET){
-+-             match_fn = ip_matches_v4;
-+-     } else {
-+-             match_fn = ip_matches_v6;
-+-     }
-+-
-+-     while (match_entry) {
-+-             if (match_fn(checkip, match_entry)) {
-+-                     if (match_entry->acceptreject == CHECK_ACCEPT)
-+-                             return 1;
-+-                     else
-+-                             return 0;
-+-             }
-+-             match_entry = match_entry->next;
-++     switch(transport_get_proto(knet_h, transport)) {
-++             case LOOPBACK:
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                                        ip1, ip2, type, acceptreject);
-++                     break;
-++             default:
-++                     break;
-+      }
-+-     return 0; /* Default reject */
-++     return err;
-+ }
-+ 
-+-/*
-+- * Routines to manuipulate access lists
-+- */
-+-
-+-void check_rmall(struct acl_match_entry **match_entry_head)
-++void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ {
-+-     struct acl_match_entry *next_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+-     while (match_entry) {
-+-             next_match_entry = match_entry->next;
-+-             free(match_entry);
-+-             match_entry = next_match_entry;
-++     switch(transport_get_proto(knet_h, transport)) {
-++             case LOOPBACK:
-++                     return;
-++                     break;
-++             case IP_PROTO:
-++                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++                     break;
-++             default:
-++                     break;
-+      }
-+-     *match_entry_head = NULL;
-+ }
-+ 
-+-static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-+-                                              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-                                              check_type_t type, check_acceptreject_t acceptreject)
-++int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+-     while (match_entry) {
-+-             if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+-                 (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-+-                 (match_entry->type == type) &&
-+-                 (match_entry->acceptreject == acceptreject)) {
-+-                     return match_entry;
-+-             }
-+-             match_entry = match_entry->next;
-++     int err = -1;
-++
-++     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++             case LOOPBACK:
-++                     /*
-++                      * loopback does not require access lists
-++                      */
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                                         &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++                     break;
-++             default:
-++                     break;
-+      }
-+ 
-+-     return NULL;
-++     return err;
-+ }
-+ 
-+-int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-+-              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-              check_type_t type, check_acceptreject_t acceptreject)
-++int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+ {
-+-     struct acl_match_entry *next_match_entry = NULL;
-+-     struct acl_match_entry *rm_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+-     rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-+-     if (!rm_match_entry) {
-+-             return -1;
-+-     }
-+-
-+-     while (match_entry) {
-+-             next_match_entry = match_entry->next;
-+-             /*
-+-              * we are removing the list head, be careful
-+-              */
-+-             if (rm_match_entry == match_entry) {
-+-                     *match_entry_head = next_match_entry;
-+-                     free(match_entry);
-++     int err = -1;
-++
-++     switch(transport_get_proto(knet_h, kh_link->transport_type)) {
-++             case LOOPBACK:
-++                     /*
-++                      * loopback does not require access lists
-++                      */
-++                     err = 0;
-++                     break;
-++             case IP_PROTO:
-++                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry,
-++                                        &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+                      break;
-+-             }
-+-             /*
-+-              * the next one is the one we need to remove
-+-              */
-+-             if (rm_match_entry == next_match_entry) {
-+-                     match_entry->next = next_match_entry->next;
-+-                     free(next_match_entry);
-++             default:
-+                      break;
-+-             }
-+-             match_entry = next_match_entry;
-+      }
-+ 
-+-     return 0;
-++     return err;
-+ }
-+ 
-+-int ipcheck_addip(struct acl_match_entry **match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+-               check_type_t type, check_acceptreject_t acceptreject)
-++/*
-++ *  * return 0 to reject and 1 to accept a packet
-++ *   */
-++int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip)
-+ {
-+-     struct acl_match_entry *new_match_entry;
-+-     struct acl_match_entry *match_entry = *match_entry_head;
-+-
-+-     if (!ip1) {
-+-             return -1;
-+-     }
-+-
-+-     if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-+-             return -1;
-+-     }
-+-
-+-     if (type == CHECK_TYPE_RANGE &&
-+-         (ip1->ss_family != ip2->ss_family))
-+-             return -1;
-+-
-+-     if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-+-             return -1;
-+-     }
-+-
-+-     new_match_entry = malloc(sizeof(struct acl_match_entry));
-+-     if (!new_match_entry)
-+-             return -1;
-+-
-+-     memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+-     memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-+-     new_match_entry->type = type;
-+-     new_match_entry->acceptreject = acceptreject;
-+-     new_match_entry->next = NULL;
-+-
-+-     if (match_entry) {
-+-             /* Find the end of the list */
-+-             /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-+-             while (match_entry->next) {
-+-                     match_entry = match_entry->next;
-+-             }
-+-             match_entry->next = new_match_entry;
-+-     } else {
-+-             /*
-+-              * first entry in the list
-+-              */
-+-             *match_entry_head = new_match_entry;
-++     switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-++             case LOOPBACK:
-++                     return 1;
-++                     break;
-++             case IP_PROTO:
-++                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip);
-++                     break;
-++             default:
-++                     break;
-+      }
-+-
-++     /*
-++      * reject by default
-++      */
-+      return 0;
-+ }
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+new file mode 100644
-+index 0000000..edc3ae1
-+--- /dev/null
-++++ b/libknet/links_acl_ip.c
-+@@ -0,0 +1,277 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include <sys/socket.h>
-++#include <netinet/in.h>
-++#include <stdint.h>
-++#include <string.h>
-++#include <stdlib.h>
-++
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl_ip.h"
-++
-++/*
-++ * s6_addr32 is not defined in BSD userland, only kernel.
-++ * definition is the same as linux and it works fine for
-++ * what we need.
-++ */
-++#ifndef s6_addr32
-++#define s6_addr32 __u6_addr.__u6_addr32
-++#endif
-++
-++/*
-++ * IPv4 See if the address we have matches the current match entry
-++ */
-++
-++static int ip_matches_v4(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++{
-++     struct sockaddr_in *ip_to_check;
-++     struct sockaddr_in *match1;
-++     struct sockaddr_in *match2;
-++
-++     ip_to_check = (struct sockaddr_in *)checkip;
-++     match1 = (struct sockaddr_in *)&match_entry->addr1;
-++     match2 = (struct sockaddr_in *)&match_entry->addr2;
-++
-++     switch(match_entry->type) {
-++     case CHECK_TYPE_ADDRESS:
-++             if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
-++                     return 1;
-++             break;
-++     case CHECK_TYPE_MASK:
-++             if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
-++                 match1->sin_addr.s_addr)
-++                     return 1;
-++             break;
-++     case CHECK_TYPE_RANGE:
-++             if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
-++                 (ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
-++                     return 1;
-++             break;
-++
-++     }
-++     return 0;
-++}
-++
-++/*
-++ * Compare two IPv6 addresses
-++ */
-++
-++static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
-++{
-++     uint64_t a_high, a_low;
-++     uint64_t b_high, b_low;
-++
-++     a_high = ((uint64_t)htonl(a->s6_addr32[0]) << 32) | (uint64_t)htonl(a->s6_addr32[1]);
-++     a_low  = ((uint64_t)htonl(a->s6_addr32[2]) << 32) | (uint64_t)htonl(a->s6_addr32[3]);
-++
-++     b_high = ((uint64_t)htonl(b->s6_addr32[0]) << 32) | (uint64_t)htonl(b->s6_addr32[1]);
-++     b_low  = ((uint64_t)htonl(b->s6_addr32[2]) << 32) | (uint64_t)htonl(b->s6_addr32[3]);
-++
-++     if (a_high > b_high)
-++             return 1;
-++     if (a_high < b_high)
-++             return -1;
-++
-++     if (a_low > b_low)
-++             return 1;
-++     if (a_low < b_low)
-++             return -1;
-++
-++     return 0;
-++}
-++
-++/*
-++ * IPv6 See if the address we have matches the current match entry
-++ */
-++
-++static int ip_matches_v6(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry)
-++{
-++     struct sockaddr_in6 *ip_to_check;
-++     struct sockaddr_in6 *match1;
-++     struct sockaddr_in6 *match2;
-++     int i;
-++
-++     ip_to_check = (struct sockaddr_in6 *)checkip;
-++     match1 = (struct sockaddr_in6 *)&match_entry->addr1;
-++     match2 = (struct sockaddr_in6 *)&match_entry->addr2;
-++
-++     switch(match_entry->type) {
-++     case CHECK_TYPE_ADDRESS:
-++             if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
-++                     return 1;
-++             break;
-++
-++     case CHECK_TYPE_MASK:
-++             /*
-++              * Note that this little loop will quit early if there is a non-match so the
-++              * comparison might look backwards compared to the IPv4 one
-++              */
-++             for (i=sizeof(struct in6_addr)/4-1; i>=0; i--) {
-++                     if ((ip_to_check->sin6_addr.s6_addr32[i] & match2->sin6_addr.s6_addr32[i]) !=
-++                         match1->sin6_addr.s6_addr32[i])
-++                             return 0;
-++             }
-++             return 1;
-++     case CHECK_TYPE_RANGE:
-++             if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
-++                 (ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
-++                     return 1;
-++             break;
-++     }
-++     return 0;
-++}
-++
-++
-++int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip)
-++{
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++     int (*match_fn)(struct sockaddr_storage *checkip, struct acl_match_entry *match_entry);
-++
-++     if (checkip->ss_family == AF_INET){
-++             match_fn = ip_matches_v4;
-++     } else {
-++             match_fn = ip_matches_v6;
-++     }
-++
-++     while (match_entry) {
-++             if (match_fn(checkip, match_entry)) {
-++                     if (match_entry->acceptreject == CHECK_ACCEPT)
-++                             return 1;
-++                     else
-++                             return 0;
-++             }
-++             match_entry = match_entry->next;
-++     }
-++     return 0; /* Default reject */
-++}
-++
-++/*
-++ * Routines to manuipulate access lists
-++ */
-++
-++void ipcheck_rmall(struct acl_match_entry **match_entry_head)
-++{
-++     struct acl_match_entry *next_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     while (match_entry) {
-++             next_match_entry = match_entry->next;
-++             free(match_entry);
-++             match_entry = next_match_entry;
-++     }
-++     *match_entry_head = NULL;
-++}
-++
-++static struct acl_match_entry *ipcheck_findmatch(struct acl_match_entry **match_entry_head,
-++                                              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                              check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     while (match_entry) {
-++             if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-++                 (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++                 (match_entry->type == type) &&
-++                 (match_entry->acceptreject == acceptreject)) {
-++                     return match_entry;
-++             }
-++             match_entry = match_entry->next;
-++     }
-++
-++     return NULL;
-++}
-++
-++int ipcheck_rmip(struct acl_match_entry **match_entry_head,
-++              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++              check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     struct acl_match_entry *next_match_entry = NULL;
-++     struct acl_match_entry *rm_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++     if (!rm_match_entry) {
-++             return -1;
-++     }
-++
-++     while (match_entry) {
-++             next_match_entry = match_entry->next;
-++             /*
-++              * we are removing the list head, be careful
-++              */
-++             if (rm_match_entry == match_entry) {
-++                     *match_entry_head = next_match_entry;
-++                     free(match_entry);
-++                     break;
-++             }
-++             /*
-++              * the next one is the one we need to remove
-++              */
-++             if (rm_match_entry == next_match_entry) {
-++                     match_entry->next = next_match_entry->next;
-++                     free(next_match_entry);
-++                     break;
-++             }
-++             match_entry = next_match_entry;
-++     }
-++
-++     return 0;
-++}
-++
-++int ipcheck_addip(struct acl_match_entry **match_entry_head,
-++               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     struct acl_match_entry *new_match_entry;
-++     struct acl_match_entry *match_entry = *match_entry_head;
-++
-++     if (!ip1) {
-++             return -1;
-++     }
-++
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++             return -1;
-++     }
-++
-++     if (type == CHECK_TYPE_RANGE &&
-++         (ip1->ss_family != ip2->ss_family))
-++             return -1;
-++
-++     if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++             return -1;
-++     }
-++
-++     new_match_entry = malloc(sizeof(struct acl_match_entry));
-++     if (!new_match_entry)
-++             return -1;
-++
-++     memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-++     memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-++     new_match_entry->type = type;
-++     new_match_entry->acceptreject = acceptreject;
-++     new_match_entry->next = NULL;
-++
-++     if (match_entry) {
-++             /* Find the end of the list */
-++             /* is this OK, or should we use a doubly-linked list or bulk-load API call? */
-++             while (match_entry->next) {
-++                     match_entry = match_entry->next;
-++             }
-++             match_entry->next = new_match_entry;
-++     } else {
-++             /*
-++              * first entry in the list
-++              */
-++             *match_entry_head = new_match_entry;
-++     }
-++
-++     return 0;
-++}
-+diff --git a/libknet/tests/int_links_acl.c b/libknet/tests/int_links_acl.c
-+index 133cd5a..8d9f4e0 100644
-+--- a/libknet/tests/int_links_acl.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -16,6 +16,7 @@
-+ 
-+ #include "internals.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+ 
-+ static struct acl_match_entry *match_entry_v4;
-+ static struct acl_match_entry *match_entry_v6;
-+@@ -105,8 +106,8 @@ static int load_file(void)
-+      struct sockaddr_storage addr1;
-+      struct sockaddr_storage addr2;
-+ 
-+-     check_rmall(&match_entry_v4);
-+-     check_rmall(&match_entry_v6);
-++     ipcheck_rmall(&match_entry_v4);
-++     ipcheck_rmall(&match_entry_v6);
-+ 
-+      filterfile = fopen("int_links_acl.txt", "r");
-+      if (!filterfile) {
-+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
-+              }
-+      }
-+ 
-+-     check_rmall(&match_entry_v4);
-+-     check_rmall(&match_entry_v6);
-++     ipcheck_rmall(&match_entry_v4);
-++     ipcheck_rmall(&match_entry_v6);
-+      return 0;
-+ }
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 833938d..06a0168 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -721,27 +721,6 @@ out_pmtud:
-+      }
-+ }
-+ 
-+-/*
-+- * return 0 to reject and 1 to accept a packet
-+- */
-+-static int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, const struct knet_mmsghdr *msg)
-+-{
-+-     switch(transport_get_proto(knet_h, knet_h->knet_transport_fd_tracker[sockfd].transport)) {
-+-             case LOOPBACK:
-+-                     return 1;
-+-                     break;
-+-             case IP_PROTO:
-+-                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, msg->msg_hdr.msg_name);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-     /*
-+-      * reject by default
-+-      */
-+-     return 0;
-+-}
-+-
-+ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg)
-+ {
-+      int err, savederrno;
-+@@ -829,13 +808,13 @@ static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd, struct kne
-+                               */
-+                              if ((knet_h->use_access_lists) &&
-+                                  (transport_get_acl_type(knet_h, transport) == USE_GENERIC_ACL)) {
-+-                                     if (!_generic_filter_packet_by_acl(knet_h, sockfd, &msg[i])) {
-++                                     if (!_generic_filter_packet_by_acl(knet_h, sockfd, msg[i].msg_hdr.msg_name)) {
-+                                              char src_ipaddr[KNET_MAX_HOST_LEN];
-+                                              char src_port[KNET_MAX_PORT_LEN];
-+ 
-+                                              memset(src_ipaddr, 0, KNET_MAX_HOST_LEN);
-+                                              memset(src_port, 0, KNET_MAX_PORT_LEN);
-+-                                             knet_addrtostr(msg->msg_hdr.msg_name, sockaddr_len(msg->msg_hdr.msg_name),
-++                                             knet_addrtostr(msg[i].msg_hdr.msg_name, sockaddr_len(msg[i].msg_hdr.msg_name),
-+                                                             src_ipaddr, KNET_MAX_HOST_LEN,
-+                                                             src_port, KNET_MAX_PORT_LEN);
-+ 
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index 0d69a33..ce3e98e 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -20,6 +20,7 @@
-+ #include "host.h"
-+ #include "links.h"
-+ #include "links_acl.h"
-++#include "links_acl_ip.h"
-+ #include "logging.h"
-+ #include "common.h"
-+ #include "transport_common.h"
-+@@ -730,12 +731,13 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Incoming: received connection from: %s port: %s",
-+                                              addr_str, port_str);
-+      if (knet_h->use_access_lists) {
-+-             if (!ipcheck_validate(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry, &ss)) {
-++             if (!_generic_filter_packet_by_acl(knet_h, listen_sock, &ss)) {
-+                      savederrno = EINVAL;
-+                      err = -1;
-+                      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-+                      close(new_fd);
-+-                     goto exit_error;
-++                     errno = savederrno;
-++                     return;
-+              }
-+      }
-+ 
-+@@ -946,8 +948,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+       */
-+      knet_list_for_each_entry(info, &handle_info->listen_links_list, list) {
-+              if (memcmp(&info->src_address, &kn_link->src_addr, sizeof(struct sockaddr_storage)) == 0) {
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-+-                                         &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++                     err = check_add(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++                                     &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+                      if (err) {
-+                              return NULL;
-+                      }
-+@@ -1005,8 +1007,8 @@ static sctp_listen_link_info_t *sctp_link_listener_start(knet_handle_t knet_h, s
-+              goto exit_error;
-+      }
-+ 
-+-     if (ipcheck_addip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-+-                       &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++     if (check_add(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++                   &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-+              savederrno = errno;
-+              err = -1;
-+              log_err(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to configure default access lists: %s",
-+@@ -1036,8 +1038,8 @@ exit_error:
-+              if (info->on_listener_epoll) {
-+                      epoll_ctl(handle_info->listen_epollfd, EPOLL_CTL_DEL, listen_sock, &ev);
-+              }
-+-             ipcheck_rmip(&knet_h->knet_transport_fd_tracker[listen_sock].match_entry,
-+-                          &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-++             check_rm(knet_h, listen_sock, KNET_TRANSPORT_SCTP,
-++                      &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+              if (listen_sock >= 0) {
-+                      close(listen_sock);
-+              }
-+@@ -1076,8 +1078,8 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+              }
-+      }
-+ 
-+-     if (ipcheck_rmip(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry,
-+-                      &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-++     if (check_rm(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP,
-++                  &kn_link->dst_addr, &kn_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) {
-+              log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Unable to remove default access lists for %d", info->listen_sock);
-+      }
-+ 
-+@@ -1111,7 +1113,7 @@ static int sctp_link_listener_stop(knet_handle_t knet_h, struct knet_link *kn_li
-+              goto exit_error;
-+      }
-+ 
-+-     check_rmall(&knet_h->knet_transport_fd_tracker[info->listen_sock].match_entry);
-++     check_rmall(knet_h, info->listen_sock, KNET_TRANSPORT_SCTP);
-+ 
-+      close(info->listen_sock);
-+ 
-diff --git a/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch b/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
-new file mode 100644
-index 0000000..7fd5b1c
---- /dev/null
-+++ b/debian/patches/access-lists-remove-2-unnecessary-wrappers.patch
-@@ -0,0 +1,70 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:29:07 +0100
-+Subject: [access lists] remove 2 unnecessary wrappers
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit f5cba0f7608bed1e142f30c9e04e05b4ba56606c)
-+---
-+ libknet/links_acl.h |  3 ---
-+ libknet/links.c     |  8 ++++++--
-+ libknet/links_acl.c | 12 ------------
-+ 3 files changed, 6 insertions(+), 17 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 0ad50e6..b083753 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -39,7 +39,4 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+ int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *checkip);
-+ 
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link);
-+-
-+ #endif
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 07ef26e..1693df6 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -245,7 +245,9 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+              log_debug(knet_h, KNET_SUB_LINK, "Configuring default access lists for host: %u link: %u socket: %d",
-+                        host_id, link_id, link->outsock);
-+-             if (_link_add_default_acl(knet_h, link) < 0) {
-++             if (check_add(knet_h, link->outsock, transport,
-++                           &link->dst_addr, &link->dst_addr,
-++                           CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+                      log_warn(knet_h, KNET_SUB_LINK, "Failed to configure default access lists for host: %u link: %u", host_id, link_id);
-+                      savederrno = errno;
-+                      err = -1;
-+@@ -426,7 +428,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       */
-+      if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+-             if (_link_rm_default_acl(knet_h, link) < 0) {
-++             if (check_rm(knet_h, link->outsock, link->transport_type,
-++                          &link->dst_addr, &link->dst_addr,
-++                          CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+                      err = -1;
-+                      savederrno = EBUSY;
-+                      log_err(knet_h, KNET_SUB_LINK, "Host %u link %u: unable to remove default access list",
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index 520a934..93cc5af 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -91,15 +91,3 @@ int check_validate(knet_handle_t knet_h, int sockfd, struct sockaddr_storage *ch
-+       */
-+      return 0;
-+ }
-+-
-+-int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     return check_add(knet_h, kh_link->outsock, kh_link->transport_type,
-+-                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-+-
-+-int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link)
-+-{
-+-     return check_rm(knet_h, kh_link->outsock, kh_link->transport_type,
-+-                     &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT);
-+-}
-diff --git a/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch b/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-new file mode 100644
-index 0000000..a4628d7
---- /dev/null
-+++ b/debian/patches/access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-@@ -0,0 +1,219 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 28 Feb 2019 08:22:43 +0100
-+Subject: [access lists] rename ip1/2 to ss1/2 to keep it more generic
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 118c7c415fbe9e47137c34607f26ac9b5b42fbf4)
-+---
-+ libknet/links_acl.h          |  8 ++++----
-+ libknet/links_acl_ip.h       |  4 ++--
-+ libknet/links_acl_loopback.h |  4 ++--
-+ libknet/links_acl.c          |  8 ++++----
-+ libknet/links_acl_ip.c       | 24 ++++++++++++------------
-+ libknet/links_acl_loopback.c |  4 ++--
-+ 6 files changed, 26 insertions(+), 26 deletions(-)
-+
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index cc4fdaf..a64faa1 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -28,21 +28,21 @@ typedef struct {
-+      int (*protocheck_validate)      (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+      int (*protocheck_add)           (void *fd_tracker_match_entry_head,
-+-                                      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                      struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                                       check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+      int (*protocheck_rm)            (void *fd_tracker_match_entry_head,
-+-                                      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                      struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                                       check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+      void (*protocheck_rmall)        (void *fd_tracker_match_entry_head);
-+ } check_ops_t;
-+ 
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+-           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++           struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+            check_type_t type, check_acceptreject_t acceptreject);
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+-          struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++          struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+           check_type_t type, check_acceptreject_t acceptreject);
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport);
-+ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip);
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index c475db9..e069b99 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -15,11 +15,11 @@
-+ int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+-              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++              struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+               check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+ void ipcheck_rmall(void *fd_tracker_match_entry_head);
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index 0f86222..73a9704 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -15,11 +15,11 @@
-+ int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-+ 
-+ int loopbackcheck_add(void *fd_tracker_match_entry_head,
-+-                   struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                   struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                    check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+-                  struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                  struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                   check_type_t type, check_acceptreject_t acceptreject);
-+ 
-+ void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index a941dde..0b1fcd0 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -32,21 +32,21 @@ static check_ops_t proto_check_modules_cmds[] = {
-+  */
-+ 
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+-           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++           struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+            check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-+                      &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+-                     ip1, ip2, type, acceptreject);
-++                     ss1, ss2, type, acceptreject);
-+ }
-+ 
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+-          struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++          struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+           check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rm(
-+                      &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+-                     ip1, ip2, type, acceptreject);
-++                     ss1, ss2, type, acceptreject);
-+ }
-+ 
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index e72a382..2682a70 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -185,14 +185,14 @@ void ipcheck_rmall(void *fd_tracker_match_entry_head)
-+ }
-+ 
-+ static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **match_entry_head,
-+-                                              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                              struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                                               check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+      while (match_entry) {
-+-             if ((!memcmp(&match_entry->addr1, ip1, sizeof(struct sockaddr_storage))) &&
-+-                 (!memcmp(&match_entry->addr2, ip2, sizeof(struct sockaddr_storage))) &&
-++             if ((!memcmp(&match_entry->addr1, ss1, sizeof(struct sockaddr_storage))) &&
-++                 (!memcmp(&match_entry->addr2, ss2, sizeof(struct sockaddr_storage))) &&
-+                  (match_entry->type == type) &&
-+                  (match_entry->acceptreject == acceptreject)) {
-+                      return match_entry;
-+@@ -204,7 +204,7 @@ static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **
-+ }
-+ 
-+ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+-              struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++              struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+               check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+@@ -212,7 +212,7 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+      struct ip_acl_match_entry *rm_match_entry;
-+      struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+-     rm_match_entry = ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject);
-++     rm_match_entry = ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject);
-+      if (!rm_match_entry) {
-+              errno = ENOENT;
-+              return -1;
-+@@ -243,30 +243,30 @@ int ipcheck_rmip(void *fd_tracker_match_entry_head,
-+ }
-+ 
-+ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+-               struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++               struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
-+      struct ip_acl_match_entry *new_match_entry;
-+      struct ip_acl_match_entry *match_entry = *match_entry_head;
-+ 
-+-     if (!ip1) {
-++     if (!ss1) {
-+              errno = EINVAL;
-+              return -1;
-+      }
-+ 
-+-     if ((type != CHECK_TYPE_ADDRESS) && (!ip2)) {
-++     if ((type != CHECK_TYPE_ADDRESS) && (!ss2)) {
-+              errno = EINVAL;
-+              return -1;
-+      }
-+ 
-+      if (type == CHECK_TYPE_RANGE &&
-+-         (ip1->ss_family != ip2->ss_family)) {
-++         (ss1->ss_family != ss2->ss_family)) {
-+              errno = EINVAL;
-+              return -1;
-+      }
-+ 
-+-     if (ipcheck_findmatch(match_entry_head, ip1, ip2, type, acceptreject) != NULL) {
-++     if (ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject) != NULL) {
-+              errno = EEXIST;
-+              return -1;
-+      }
-+@@ -276,8 +276,8 @@ int ipcheck_addip(void *fd_tracker_match_entry_head,
-+              return -1;
-+      }
-+ 
-+-     memmove(&new_match_entry->addr1, ip1, sizeof(struct sockaddr_storage));
-+-     memmove(&new_match_entry->addr2, ip2, sizeof(struct sockaddr_storage));
-++     memmove(&new_match_entry->addr1, ss1, sizeof(struct sockaddr_storage));
-++     memmove(&new_match_entry->addr2, ss2, sizeof(struct sockaddr_storage));
-+      new_match_entry->type = type;
-+      new_match_entry->acceptreject = acceptreject;
-+      new_match_entry->next = NULL;
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 42559f3..bb69130 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -27,14 +27,14 @@ void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
-+ }
-+ 
-+ int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-+-                  struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                  struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                   check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      return 0;
-+ }
-+ 
-+ int loopbackcheck_add(void *fd_tracker_match_entry_head,
-+-                   struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                   struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
-+                    check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+      return 0;
-diff --git a/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch b/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
-new file mode 100644
-index 0000000..91c2bb8
---- /dev/null
-+++ b/debian/patches/access-lists-test-implicit-access-lists-management-for-UD.patch
-@@ -0,0 +1,50 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 5 Mar 2019 05:16:29 +0100
-+Subject: [access lists] test implicit access lists management for UDP,
-+ SCTP and LOOPBACK
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dc7731abeff323785291207b91d23173bf0bb458)
-+---
-+ libknet/tests/api_knet_send.c          | 8 ++++++++
-+ libknet/tests/api_knet_send_loopback.c | 8 ++++++++
-+ 2 files changed, 16 insertions(+)
-+
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index 1c55db1..9e81d03 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -145,6 +145,14 @@ static void test(uint8_t transport)
-+ 
-+      printf("Test knet_send with valid data\n");
-+ 
-++     if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++             printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-+      if (knet_handle_enable_sock_notify(knet_h, &private_data, sock_notify) < 0) {
-+              printf("knet_handle_enable_sock_notify failed: %s\n", strerror(errno));
-+              knet_handle_free(knet_h);
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 16a4624..0cfd29f 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -168,6 +168,14 @@ static void test(void)
-+      flush_logs(logfds[0], stdout);
-+      printf("Test knet_send with valid data\n");
-+ 
-++     if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++             printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-+      if (knet_link_clear_config(knet_h, 1, 0) < 0) {
-+              printf("Failed to clear existing UDP link: %s\n", strerror(errno));
-+              knet_host_remove(knet_h, 1);
-diff --git a/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch b/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
-new file mode 100644
-index 0000000..bb00a3f
---- /dev/null
-+++ b/debian/patches/access-lists-use-arrays-to-access-per-protocol-functions.patch
-@@ -0,0 +1,309 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 13:34:11 +0100
-+Subject: [access lists] use arrays to access per-protocol functions
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ce8b773ed76102719c1e4a8859854e01a250b482)
-+---
-+ libknet/Makefile.am          |  2 ++
-+ libknet/tests/Makefile.am    |  3 +-
-+ libknet/internals.h          |  8 ++---
-+ libknet/links_acl.h          | 16 ++++++++++
-+ libknet/links_acl_loopback.h | 27 +++++++++++++++++
-+ libknet/links_acl.c          | 71 ++++++++++----------------------------------
-+ libknet/links_acl_loopback.c | 41 +++++++++++++++++++++++++
-+ libknet/transports.c         |  6 ++--
-+ 8 files changed, 110 insertions(+), 64 deletions(-)
-+ create mode 100644 libknet/links_acl_loopback.h
-+ create mode 100644 libknet/links_acl_loopback.c
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index b60427c..0be4fff 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -33,6 +33,7 @@ sources                     = \
-+                        links.c \
-+                        links_acl.c \
-+                        links_acl_ip.c \
-++                       links_acl_loopback.c \
-+                        logging.c \
-+                        netutils.c \
-+                        threads_common.c \
-+@@ -65,6 +66,7 @@ noinst_HEADERS              = \
-+                        links.h \
-+                        links_acl.h \
-+                        links_acl_ip.h \
-++                       links_acl_loopback.h \
-+                        logging.h \
-+                        netutils.h \
-+                        onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 2f22293..eae5c80 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -79,7 +79,8 @@ int_links_acl_test_SOURCES = int_links_acl.c \
-+                           ../transport_sctp.c \
-+                           ../transport_udp.c \
-+                           ../links_acl.c \
-+-                          ../links_acl_ip.c
-++                          ../links_acl_ip.c \
-++                          ../links_acl_loopback.c
-+ 
-+ int_timediff_test_SOURCES = int_timediff.c
-+ 
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 27eea2a..d482674 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -265,10 +265,8 @@ extern pthread_rwlock_t shlib_rwlock;       /* global shared lib load lock */
-+  * to use for access lists and other operations
-+  */
-+ 
-+-typedef enum {
-+-     LOOPBACK,
-+-     IP_PROTO
-+-} transport_proto;
-++#define TRANSPORT_PROTO_LOOPBACK 0
-++#define TRANSPORT_PROTO_IP_PROTO 1
-+ 
-+ /*
-+  * some transports like SCTP can filter incoming
-+@@ -299,7 +297,7 @@ typedef struct knet_transport_ops {
-+      const uint8_t transport_id;
-+      const uint8_t built_in;
-+ 
-+-     transport_proto transport_protocol;
-++     uint8_t transport_protocol;
-+      transport_acl transport_acl_type;
-+ 
-+ /*
-+diff --git a/libknet/links_acl.h b/libknet/links_acl.h
-+index 84ae6b9..cc4fdaf 100644
-+--- a/libknet/links_acl.h
-++++ b/libknet/links_acl.h
-+@@ -22,6 +22,22 @@ typedef enum {
-+      CHECK_REJECT
-+ } check_acceptreject_t;
-+ 
-++typedef struct {
-++     uint8_t                         transport_proto;
-++
-++     int (*protocheck_validate)      (void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-++
-++     int (*protocheck_add)           (void *fd_tracker_match_entry_head,
-++                                      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                      check_type_t type, check_acceptreject_t acceptreject);
-++
-++     int (*protocheck_rm)            (void *fd_tracker_match_entry_head,
-++                                      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                                      check_type_t type, check_acceptreject_t acceptreject);
-++
-++     void (*protocheck_rmall)        (void *fd_tracker_match_entry_head);
-++} check_ops_t;
-++
-+ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+            struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+            check_type_t type, check_acceptreject_t acceptreject);
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+new file mode 100644
-+index 0000000..0f86222
-+--- /dev/null
-++++ b/libknet/links_acl_loopback.h
-+@@ -0,0 +1,27 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#ifndef __KNET_LINKS_ACL_LOOPBACK_H__
-++#define __KNET_LINKS_ACL_LOOPBACK_H__
-++
-++#include "internals.h"
-++#include "links_acl.h"
-++
-++int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
-++
-++int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++                   struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                   check_type_t type, check_acceptreject_t acceptreject);
-++
-++int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-++                  struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                  check_type_t type, check_acceptreject_t acceptreject);
-++
-++void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
-++
-++#endif
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index f2c772d..a941dde 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -19,6 +19,12 @@
-+ #include "transport_common.h"
-+ #include "links_acl.h"
-+ #include "links_acl_ip.h"
-++#include "links_acl_loopback.h"
-++
-++static check_ops_t proto_check_modules_cmds[] = {
-++     { TRANSPORT_PROTO_LOOPBACK, loopbackcheck_validate, loopbackcheck_add, loopbackcheck_rm, loopbackcheck_rmall },
-++     { TRANSPORT_PROTO_IP_PROTO, ipcheck_validate, ipcheck_addip, ipcheck_rmip, ipcheck_rmall }
-++};
-+ 
-+ /*
-+  * all those functions will return errno from the
-+@@ -29,56 +35,24 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+            struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+            check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, transport)) {
-+-             case LOOPBACK:
-+-                     errno = 0;
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+-                                         ip1, ip2, type, acceptreject);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-     return err;
-++     return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
-++                     &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++                     ip1, ip2, type, acceptreject);
-+ }
-+ 
-+ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+           struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-+           check_type_t type, check_acceptreject_t acceptreject)
-+ {
-+-     int err = -1;
-+-
-+-     switch(transport_get_proto(knet_h, transport)) {
-+-             case LOOPBACK:
-+-                     errno = 0;
-+-                     err = 0;
-+-                     break;
-+-             case IP_PROTO:
-+-                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+-                                        ip1, ip2, type, acceptreject);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-     return err;
-++     return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rm(
-++                     &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-++                     ip1, ip2, type, acceptreject);
-+ }
-+ 
-+ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+ {
-+-     switch(transport_get_proto(knet_h, transport)) {
-+-             case LOOPBACK:
-+-                     return;
-+-                     break;
-+-             case IP_PROTO:
-+-                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-++     proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rmall(
-++             &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+ }
-+ 
-+ /*
-+@@ -86,19 +60,6 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+  */
-+ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip)
-+ {
-+-     switch(transport_get_proto(knet_h, transport)) {
-+-             case LOOPBACK:
-+-                     errno = 0;
-+-                     return 1;
-+-                     break;
-+-             case IP_PROTO:
-+-                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+-                     break;
-+-             default:
-+-                     break;
-+-     }
-+-     /*
-+-      * reject by default
-+-      */
-+-     return 0;
-++     return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_validate(
-++                     &knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+ }
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+new file mode 100644
-+index 0000000..42559f3
-+--- /dev/null
-++++ b/libknet/links_acl_loopback.c
-+@@ -0,0 +1,41 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Christine Caulfield <ccaulfie@redhat.com>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++
-++#include "internals.h"
-++#include "logging.h"
-++#include "transports.h"
-++#include "links_acl.h"
-++#include "links_acl_loopback.h"
-++
-++int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
-++{
-++     return 1;
-++}
-++
-++void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
-++{
-++     return;
-++}
-++
-++int loopbackcheck_rm(void *fd_tracker_match_entry_head,
-++                  struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                  check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     return 0;
-++}
-++
-++int loopbackcheck_add(void *fd_tracker_match_entry_head,
-++                   struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
-++                   check_type_t type, check_acceptreject_t acceptreject)
-++{
-++     return 0;
-++}
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 69ea091..6ded675 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -30,11 +30,11 @@
-+ #define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+ 
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+-     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+-     { "UDP", KNET_TRANSPORT_UDP, 1, IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+      { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+-                                    1, IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++                                    1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-diff --git a/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch b/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
-new file mode 100644
-index 0000000..cbba12f
---- /dev/null
-+++ b/debian/patches/access-lists-use-better-name-for-fd_tracker-structure.patch
-@@ -0,0 +1,95 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Feb 2019 12:12:09 +0100
-+Subject: [access lists] use better name for fd_tracker structure
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit bc25626d5585ac267029470cf518852017d3740b)
-+---
-+ libknet/internals.h                      | 10 +++++-----
-+ libknet/links_acl.c                      |  8 ++++----
-+ libknet/tests/api_knet_link_set_config.c |  4 ++--
-+ 3 files changed, 11 insertions(+), 11 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 2135fb8..27eea2a 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -130,11 +130,11 @@ struct knet_sock {
-+ };
-+ 
-+ struct knet_fd_trackers {
-+-     uint8_t transport; /* transport type (UDP/SCTP...) */
-+-     uint8_t data_type; /* internal use for transport to define what data are associated
-+-                         * to this fd */
-+-     void *data;        /* pointer to the data */
-+-     void *match_entry; /* pointer to access list match_entry list head */
-++     uint8_t transport;                  /* transport type (UDP/SCTP...) */
-++     uint8_t data_type;                  /* internal use for transport to define what data are associated
-++                                          * to this fd */
-++     void *data;                         /* pointer to the data */
-++     void *access_list_match_entry_head; /* pointer to access list match_entry list head */
-+ };
-+ 
-+ #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4
-+diff --git a/libknet/links_acl.c b/libknet/links_acl.c
-+index b1d7ab4..f2c772d 100644
-+--- a/libknet/links_acl.c
-++++ b/libknet/links_acl.c
-+@@ -37,7 +37,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+                                          ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -58,7 +58,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
-+                      err = 0;
-+                      break;
-+              case IP_PROTO:
-+-                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry,
-++                     err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-+                                         ip1, ip2, type, acceptreject);
-+                      break;
-+              default:
-+@@ -74,7 +74,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
-+                      return;
-+                      break;
-+              case IP_PROTO:
-+-                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry);
-++                     ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-+                      break;
-+              default:
-+                      break;
-+@@ -92,7 +92,7 @@ int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct soc
-+                      return 1;
-+                      break;
-+              case IP_PROTO:
-+-                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].match_entry, checkip);
-++                     return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-+                      break;
-+              default:
-+                      break;
-+diff --git a/libknet/tests/api_knet_link_set_config.c b/libknet/tests/api_knet_link_set_config.c
-+index 5fed9be..b96c628 100644
-+--- a/libknet/tests/api_knet_link_set_config.c
-++++ b/libknet/tests/api_knet_link_set_config.c
-+@@ -145,7 +145,7 @@ static void test(void)
-+      host = knet_h->host_index[1];
-+      link = &host->link[0];
-+ 
-+-     if (knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++     if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-+              printf("found access lists for dynamic dst_addr!\n");
-+              knet_link_clear_config(knet_h, 1, 0);
-+              knet_host_remove(knet_h, 1);
-+@@ -262,7 +262,7 @@ static void test(void)
-+      host = knet_h->host_index[1];
-+      link = &host->link[0];
-+ 
-+-     if (!knet_h->knet_transport_fd_tracker[link->outsock].match_entry) {
-++     if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
-+              printf("Unable to find default access lists for static dst_addr!\n");
-+              knet_link_clear_config(knet_h, 1, 0);
-+              knet_host_remove(knet_h, 1);
-diff --git a/debian/patches/acl-Fix-English-in-commments.patch b/debian/patches/acl-Fix-English-in-commments.patch
-new file mode 100644
-index 0000000..7e55364
---- /dev/null
-+++ b/debian/patches/acl-Fix-English-in-commments.patch
-@@ -0,0 +1,106 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Thu, 7 Mar 2019 10:04:41 +0000
-+Subject: acl: Fix English in commments
-+
-+(cherry picked from commit e9b656bebb0615c2b2419929cadfb71e3941af34)
-+---
-+ libknet/internals.h |  2 +-
-+ libknet/libknet.h   | 27 ++++++++++++++-------------
-+ 2 files changed, 15 insertions(+), 14 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 8976a8c..12f613c 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -132,7 +132,7 @@ struct knet_sock {
-+ struct knet_fd_trackers {
-+      uint8_t transport;                  /* transport type (UDP/SCTP...) */
-+      uint8_t data_type;                  /* internal use for transport to define what data are associated
-+-                                          * to this fd */
-++                                          * with this fd */
-+      void *data;                         /* pointer to the data */
-+      void *access_list_match_entry_head; /* pointer to access list match_entry list head */
-+ };
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index d616e11..50ed70d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -523,15 +523,16 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+  *
-+  * knet will automatically generate access lists for point to point links.
-+  *
-+- * For open links, knet provides 3 API calls to manipulate access lists:
-+- * knet_link_add_acl(3), knet_link_rm_acl(3) and knet_link_clear_acl(3).
-+- * Those API calls will work only and exclusively on open links as they
-+- * provide no use for point to point links.
-++ * For open links, knet provides 4 API calls to manipulate access lists:
-++ * knet_link_add_acl(3), knet_link_rm_acl(3), knet_link_insert_acl(3)
-++ * and knet_link_clear_acl(3).
-++ * Those API calls will work exclusively on open links as they
-++ * are of no use on point to point links.
-+  *
-+  * knet will not enforce any access list unless specifically enabled by
-+  * knet_handle_enable_access_lists(3).
-+  *
-+- * From a security / programming perspective we recommend to:
-++ * From a security / programming perspective we recommend:
-+  * - create the knet handle
-+  * - enable access lists
-+  * - configure hosts and links
-+@@ -1478,13 +1479,13 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id);
-+ 
-+ /*
-+- * access lists management for open links
-++ * Access lists management for open links
-+  * see also knet_handle_enable_access_lists(3)
-+  */
-+ 
-+ /*
-+  * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-+- *                    for example: 10.1.9.3/32
-++ *                    for example: 10.1.9.3
-+  *                    and the entry is stored in ss1. ss2 can be NULL.
-+  *
-+  * CHECK_TYPE_MASK    is used to configure network/netmask.
-+@@ -1495,9 +1496,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+  *                    for example: 172.16.0.1-172.16.0.10
-+  *                    the start is stored in ss1 and the end in ss2.
-+  *
-+- * Please be aware that the above examples refers only to IP based protocols.
-++ * Please be aware that the above examples refer only to IP based protocols.
-+  * Other protocols might use ss1 and ss2 in slightly different ways.
-+- * At the moment knet only supports IP based protocol and that might change
-++ * At the moment knet only supports IP based protocol, though that might change
-+  * in the future.
-+  */
-+ 
-+@@ -1531,7 +1532,7 @@ typedef enum {
-+  *
-+  * IMPORTANT: the order in which access lists are added is critical and it
-+  *            is left to the user to add them in the right order. knet
-+- *            will do no attempt to logically sort them.
-++ *            will not attempt to logically sort them.
-+  *
-+  *            For example:
-+  *            1 - accept from 10.0.0.0/8
-+@@ -1568,7 +1569,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+  * link_id   - see knet_link_set_config(3)
-+  *
-+  * index     - insert at position "index" where 0 is the first entry and -1
-+- *             append to the current list.
-++ *             appends to the current list.
-+  *
-+  * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+  *
-+@@ -1597,8 +1598,8 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+  *
-+  * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+  *
-+- * IMPORTANT: the data passed to this API call must match exactly the ones used
-+- *            in knet_link_add_acl(3).
-++ * IMPORTANT: the data passed to this API call must match exactly that passed
-++ *            to knet_link_add_acl(3).
-+  *
-+  * @return
-+  * knet_link_rm_acl
-diff --git a/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch b/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
-new file mode 100644
-index 0000000..683d8e6
---- /dev/null
-+++ b/debian/patches/acl-add-knet_handle_enable_access_lists-api-call.patch
-@@ -0,0 +1,235 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 8 Feb 2019 14:29:50 +0100
-+Subject: [acl] add knet_handle_enable_access_lists api call
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 2a325c9fc388c91fd9969378d5822db87b9d364b)
-+---
-+ libknet/internals.h                                |   1 +
-+ libknet/libknet.h                                  |  22 +++++
-+ libknet/handle.c                                   |  36 ++++++++
-+ .../tests/api_knet_handle_enable_access_lists.c    | 100 +++++++++++++++++++++
-+ libknet/tests/api-check.mk                         |   4 +
-+ 5 files changed, 163 insertions(+)
-+ create mode 100644 libknet/tests/api_knet_handle_enable_access_lists.c
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 57da5b4..d33646f 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -158,6 +158,7 @@ struct knet_handle {
-+      int send_to_links_epollfd;
-+      int recv_from_links_epollfd;
-+      int dst_link_handler_epollfd;
-++     uint8_t use_access_lists; /* set to 0 for disable, 1 for enable */
-+      unsigned int pmtud_interval;
-+      unsigned int data_mtu;  /* contains the max data size that we can send onwire
-+                               * without frags */
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index c7f44d7..4283afe 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -502,6 +502,28 @@ int knet_handle_enable_filter(knet_handle_t knet_h,
-+ 
-+ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
-+ 
-++/**
-++ * knet_handle_enable_access_lists
-++ *
-++ * @brief Start packet forwarding
-++ *
-++ * knet_h   - pointer to knet_handle_t
-++ *
-++ * enable   - set to 1 to use ip access lists, 0 to disable ip access_lists.
-++ *
-++ * @return
-++ * knet_handle_enable_access_lists returns
-++ * 0 on success
-++ * -1 on error and errno is set.
-++ *
-++ * By default access lists usage is off, but default internal access lists
-++ * will be populated regardless, but not enforced. TODO add long explanation
-++ * on internal access lists for point to point connections vs global
-++ * listeners etc.
-++ */
-++
-++int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled);
-++
-+ #define KNET_PMTUD_DEFAULT_INTERVAL 60
-+ 
-+ /**
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index b7aa2fd..6cd49f5 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1186,6 +1186,42 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled)
-+      return 0;
-+ }
-+ 
-++int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled)
-++{
-++     int savederrno = 0;
-++
-++     if (!knet_h) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     if (enabled > 1) {
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     savederrno = get_global_wrlock(knet_h);
-++     if (savederrno) {
-++             log_err(knet_h, KNET_SUB_HANDLE, "Unable to get write lock: %s",
-++                     strerror(savederrno));
-++             errno = savederrno;
-++             return -1;
-++     }
-++
-++     knet_h->use_access_lists = enabled;
-++
-++     if (enabled) {
-++             log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are enabled");
-++     } else {
-++             log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are disabled");
-++     }
-++
-++     pthread_rwlock_unlock(&knet_h->global_rwlock);
-++
-++     errno = 0;
-++     return 0;
-++}
-++
-+ int knet_handle_pmtud_getfreq(knet_handle_t knet_h, unsigned int *interval)
-+ {
-+      int savederrno = 0;
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+new file mode 100644
-+index 0000000..fc3bcc1
-+--- /dev/null
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -0,0 +1,100 @@
-++/*
-++ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdio.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <unistd.h>
-++
-++#include "libknet.h"
-++#include "internals.h"
-++
-++#include "test-common.h"
-++
-++static void test(void)
-++{
-++     knet_handle_t knet_h;
-++     int logfds[2];
-++
-++     printf("Test knet_handle_enable_access_lists with invalid knet_h\n");
-++
-++     if ((!knet_handle_enable_access_lists(NULL, 0)) || (errno != EINVAL)) {
-++             printf("knet_handle_enable_access_lists accepted invalid knet_h parameter\n");
-++             exit(FAIL);
-++     }
-++
-++     setup_logpipes(logfds);
-++
-++     printf("Test knet_handle_enable_access_lists with invalid param (2) \n");
-++
-++     knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
-++
-++     if ((!knet_handle_enable_access_lists(knet_h, 2)) || (errno != EINVAL)) {
-++             printf("knet_handle_enable_access_lists accepted invalid param for enabled: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_handle_enable_access_lists with valid param (1) \n");
-++
-++     if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
-++             printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_h->use_access_lists != 1) {
-++             printf("knet_handle_enable_access_lists failed to set correct value");
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_handle_enable_access_lists with valid param (0) \n");
-++
-++     if (knet_handle_enable_access_lists(knet_h, 0) < 0) {
-++             printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     if (knet_h->use_access_lists != 0) {
-++             printf("knet_handle_enable_access_lists failed to set correct value");
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     knet_handle_free(knet_h);
-++     flush_logs(logfds[0], stdout);
-++     close_logpipes(logfds);
-++}
-++
-++int main(int argc, char *argv[])
-++{
-++     test();
-++
-++     return PASS;
-++}
-+diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
-+index 7beba53..247ed58 100644
-+--- a/libknet/tests/api-check.mk
-++++ b/libknet/tests/api-check.mk
-+@@ -12,6 +12,7 @@ api_checks          = \
-+                        api_knet_handle_compress_test \
-+                        api_knet_handle_crypto_test \
-+                        api_knet_handle_setfwd_test \
-++                       api_knet_handle_enable_access_lists_test \
-+                        api_knet_handle_enable_filter_test \
-+                        api_knet_handle_enable_sock_notify_test \
-+                        api_knet_handle_add_datafd_test \
-+@@ -87,6 +88,9 @@ api_knet_handle_crypto_test_SOURCES = api_knet_handle_crypto.c \
-+ api_knet_handle_setfwd_test_SOURCES = api_knet_handle_setfwd.c \
-+                                    test-common.c
-+ 
-++api_knet_handle_enable_access_lists_test_SOURCES = api_knet_handle_enable_access_lists.c \
-++                                                test-common.c
-++
-+ api_knet_handle_enable_filter_test_SOURCES = api_knet_handle_enable_filter.c \
-+                                           test-common.c
-+ 
-diff --git a/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch b/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-new file mode 100644
-index 0000000..c9a98b3
---- /dev/null
-+++ b/debian/patches/acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-@@ -0,0 +1,186 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 5 Jan 2019 09:04:38 +0100
-+Subject: [acl] move poc-code into libknet dir and rename to links_acl.*
-+MIME-Version: 1.0
-+Content-Type: text/plain; charset="utf-8"
-+Content-Transfer-Encoding: 8bit
-+
-+code is not integrated yet and test suite can´t run standalone
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d7fb8af3a8be37f12e0149d49280762e2bdb9b16)
-+---
-+ .../tests/int_links_acl.txt                        |  0
-+ configure.ac                                       |  1 -
-+ libknet/Makefile.am                                |  2 ++
-+ libknet/tests/Makefile.am                          |  8 +++++++-
-+ poc-code/Makefile.am                               |  2 +-
-+ poc-code/access-list/Makefile.am                   | 22 ----------------------
-+ .../access-list/ipcheck.h => libknet/links_acl.h   |  0
-+ .../access-list/ipcheck.c => libknet/links_acl.c   |  2 +-
-+ .../tests/int_links_acl.c                          |  6 +++---
-+ 9 files changed, 14 insertions(+), 29 deletions(-)
-+ rename poc-code/access-list/test_ipcheck.txt => libknet/tests/int_links_acl.txt (100%)
-+ delete mode 100644 poc-code/access-list/Makefile.am
-+ rename poc-code/access-list/ipcheck.h => libknet/links_acl.h (100%)
-+ rename poc-code/access-list/ipcheck.c => libknet/links_acl.c (99%)
-+ rename poc-code/access-list/test_ipcheck.c => libknet/tests/int_links_acl.c (96%)
-+
-+diff --git a/poc-code/access-list/test_ipcheck.txt b/libknet/tests/int_links_acl.txt
-+similarity index 100%
-+rename from poc-code/access-list/test_ipcheck.txt
-+rename to libknet/tests/int_links_acl.txt
-+diff --git a/configure.ac b/configure.ac
-+index 9df6831..30c57f0 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -463,7 +463,6 @@ AC_CONFIG_FILES([
-+              man/Doxyfile-nozzle
-+              poc-code/Makefile
-+              poc-code/iov-hash/Makefile
-+-             poc-code/access-list/Makefile
-+              ])
-+ 
-+ if test "x$VERSION" = "xUNKNOWN"; then
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 906fd01..4ea42d9 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -31,6 +31,7 @@ sources                     = \
-+                        handle.c \
-+                        host.c \
-+                        links.c \
-++                       links_acl.c \
-+                        logging.c \
-+                        netutils.c \
-+                        threads_common.c \
-+@@ -61,6 +62,7 @@ noinst_HEADERS              = \
-+                        host.h \
-+                        internals.h \
-+                        links.h \
-++                       links_acl.h \
-+                        logging.h \
-+                        netutils.h \
-+                        onwire.h \
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index c00e624..f74cb04 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -13,7 +13,8 @@ include $(top_srcdir)/libknet/tests/api-check.mk
-+ 
-+ EXTRA_DIST           = \
-+                        api-test-coverage \
-+-                       api-check.mk
-++                       api-check.mk \
-++                       int_links_acl.txt
-+ 
-+ AM_CPPFLAGS          = -I$(top_srcdir)/libknet
-+ AM_CFLAGS            += $(PTHREAD_CFLAGS)
-+@@ -40,9 +41,11 @@ fun_checks         =
-+ benchmarks           = \
-+                        knet_bench_test
-+ 
-++# int_links_acl_test can´t run yet standalone
-+ noinst_PROGRAMS              = \
-+                        api_knet_handle_new_limit_test \
-+                        pckt_test \
-++                       int_links_acl_test \
-+                        $(benchmarks) \
-+                        $(check_PROGRAMS)
-+ 
-+@@ -64,6 +67,9 @@ check-api-test-coverage:
-+ 
-+ pckt_test_SOURCES    = pckt_test.c
-+ 
-++int_links_acl_test_SOURCES = int_links_acl.c \
-++                          ../links_acl.c
-++
-+ int_timediff_test_SOURCES = int_timediff.c
-+ 
-+ knet_bench_test_SOURCES      = knet_bench.c \
-+diff --git a/poc-code/Makefile.am b/poc-code/Makefile.am
-+index e1b1a73..15d12f7 100644
-+--- a/poc-code/Makefile.am
-++++ b/poc-code/Makefile.am
-+@@ -10,4 +10,4 @@ MAINTAINERCLEANFILES        = Makefile.in
-+ 
-+ include $(top_srcdir)/build-aux/check.mk
-+ 
-+-SUBDIRS                      = access-list iov-hash
-++SUBDIRS                      = iov-hash
-+diff --git a/poc-code/access-list/Makefile.am b/poc-code/access-list/Makefile.am
-+deleted file mode 100644
-+index 80c49c2..0000000
-+--- a/poc-code/access-list/Makefile.am
-++++ /dev/null
-+@@ -1,22 +0,0 @@
-+-#
-+-# Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+-#
-+-# Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+-#
-+-# This software licensed under GPL-2.0+, LGPL-2.0+
-+-#
-+-
-+-MAINTAINERCLEANFILES = Makefile.in
-+-
-+-include $(top_srcdir)/build-aux/check.mk
-+-
-+-# override global LIBS that pulls in lots of craft we don't need here
-+-LIBS                 =
-+-
-+-EXTRA_DIST           = test_ipcheck.txt
-+-
-+-noinst_PROGRAMS              = test_ipcheck
-+-
-+-noinst_HEADERS               = ipcheck.h
-+-
-+-test_ipcheck_SOURCES = ipcheck.c test_ipcheck.c
-+diff --git a/poc-code/access-list/ipcheck.h b/libknet/links_acl.h
-+similarity index 100%
-+rename from poc-code/access-list/ipcheck.h
-+rename to libknet/links_acl.h
-+diff --git a/poc-code/access-list/ipcheck.c b/libknet/links_acl.c
-+similarity index 99%
-+rename from poc-code/access-list/ipcheck.c
-+rename to libknet/links_acl.c
-+index 9774a46..e7b5602 100644
-+--- a/poc-code/access-list/ipcheck.c
-++++ b/libknet/links_acl.c
-+@@ -11,7 +11,7 @@
-+ #include <stdint.h>
-+ #include <string.h>
-+ #include <malloc.h>
-+-#include "ipcheck.h"
-++#include "links_acl.h"
-+ 
-+ struct ip_match_entry {
-+      ipcheck_type_t type;
-+diff --git a/poc-code/access-list/test_ipcheck.c b/libknet/tests/int_links_acl.c
-+similarity index 96%
-+rename from poc-code/access-list/test_ipcheck.c
-+rename to libknet/tests/int_links_acl.c
-+index 46a750b..27ac545 100644
-+--- a/poc-code/access-list/test_ipcheck.c
-++++ b/libknet/tests/int_links_acl.c
-+@@ -14,7 +14,7 @@
-+ #include <string.h>
-+ #include <netdb.h>
-+ #include <malloc.h>
-+-#include "ipcheck.h"
-++#include "links_acl.h"
-+ 
-+ /* This is a test program .. remember! */
-+ #define BUFLEN 1024
-+@@ -103,9 +103,9 @@ static int load_file(void)
-+ 
-+      ipcheck_clear();
-+ 
-+-     filterfile = fopen("test_ipcheck.txt", "r");
-++     filterfile = fopen("int_links_acl.txt", "r");
-+      if (!filterfile) {
-+-             fprintf(stderr, "Cannot open test_ipcheck.txt\n");
-++             fprintf(stderr, "Cannot open int_links_acl.txt\n");
-+              return 1;
-+      }
-+ 
-diff --git a/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch b/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
-new file mode 100644
-index 0000000..a5aabe1
---- /dev/null
-+++ b/debian/patches/build-bump-soname-to-indicate-new-API-calls.patch
-@@ -0,0 +1,23 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 9 May 2019 16:36:07 +0200
-+Subject: [build] bump soname to indicate new API calls
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 460fca5e33d52c560e34b1edf60f350efb6023a5)
-+---
-+ libknet/Makefile.am | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 90ddfba..8adcc40 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -18,7 +18,7 @@ EXTRA_DIST          = $(SYMFILE)
-+ SUBDIRS                      = . tests
-+ 
-+ # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-+-libversion           = 2:0:1
-++libversion           = 3:0:2
-+ 
-+ # override global LIBS that pulls in lots of craft we don't need here
-+ LIBS                 =
-diff --git a/debian/patches/compress-add-support-for-libzstd.patch b/debian/patches/compress-add-support-for-libzstd.patch
-new file mode 100644
-index 0000000..78b54fb
---- /dev/null
-+++ b/debian/patches/compress-add-support-for-libzstd.patch
-@@ -0,0 +1,342 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 10 Apr 2019 08:40:50 +0200
-+Subject: [compress] add support for libzstd
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 592d0451494e815c4c8c74b914aaff69b640d1a2)
-+---
-+ configure.ac            |   2 +
-+ Makefile.am             |   5 ++
-+ libknet/Makefile.am     |   7 +++
-+ libknet/libknet.h       |   1 +
-+ kronosnet.spec.in       |  29 +++++++++
-+ libknet/compress.c      |   1 +
-+ libknet/compress_zstd.c | 160 ++++++++++++++++++++++++++++++++++++++++++++++++
-+ libknet/logging.c       |   1 +
-+ 8 files changed, 206 insertions(+)
-+ create mode 100644 libknet/compress_zstd.c
-+
-+diff --git a/configure.ac b/configure.ac
-+index 30c57f0..501053e 100644
-+--- a/configure.ac
-++++ b/configure.ac
-+@@ -124,6 +124,8 @@ AC_ARG_ENABLE([compress-all],
-+      [AS_HELP_STRING([--disable-compress-all],[disable libknet all compress modules support])],,
-+      [ enable_compress_all="yes" ])
-+ 
-++KNET_OPTION_DEFINES([zstd],[compress],[PKG_CHECK_MODULES([libzstd], [libzstd])])
-++
-+ KNET_OPTION_DEFINES([zlib],[compress],[PKG_CHECK_MODULES([zlib], [zlib])])
-+ KNET_OPTION_DEFINES([lz4],[compress],[PKG_CHECK_MODULES([liblz4], [liblz4])])
-+ KNET_OPTION_DEFINES([lzo2],[compress],[
-+diff --git a/Makefile.am b/Makefile.am
-+index 24a13a6..82cb1f5 100644
-+--- a/Makefile.am
-++++ b/Makefile.am
-+@@ -138,6 +138,11 @@ if BUILD_COMPRESS_BZIP2
-+ else
-+      sed -i -e "s#@bzip2@#bcond_with#g" $@-t
-+ endif
-++if BUILD_COMPRESS_ZSTD
-++     sed -i -e "s#@zstd@#bcond_without#g" $@-t
-++else
-++     sed -i -e "s#@zstd@#bcond_with#g" $@-t
-++endif
-+ if BUILD_KRONOSNETD
-+      sed -i -e "s#@kronosnetd@#bcond_without#g" $@-t
-+ else
-+diff --git a/libknet/Makefile.am b/libknet/Makefile.am
-+index 0be4fff..90ddfba 100644
-+--- a/libknet/Makefile.am
-++++ b/libknet/Makefile.am
-+@@ -103,6 +103,13 @@ pkglib_LTLIBRARIES       =
-+ # MODULE_LDFLAGS would mean a target-specific variable for Automake
-+ MODULELDFLAGS                = $(AM_LDFLAGS) -module -avoid-version -export-dynamic
-+ 
-++if BUILD_COMPRESS_ZSTD
-++pkglib_LTLIBRARIES   += compress_zstd.la
-++compress_zstd_la_LDFLAGS = $(MODULELDFLAGS)
-++compress_zstd_la_CFLAGS      = $(AM_CFLAGS) $(libzstd_CFLAGS)
-++compress_zstd_la_LIBADD      = $(libzstd_LIBS)
-++endif
-++
-+ if BUILD_COMPRESS_ZLIB
-+ pkglib_LTLIBRARIES   += compress_zlib.la
-+ compress_zlib_la_LDFLAGS = $(MODULELDFLAGS)
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index d16eb5d..3098eab 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -2053,6 +2053,7 @@ int knet_link_get_status(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ #define KNET_SUB_LZO2COMP      73 /* compress_lzo.c */
-+ #define KNET_SUB_LZMACOMP      74 /* compress_lzma.c */
-+ #define KNET_SUB_BZIP2COMP     75 /* compress_bzip2.c */
-++#define KNET_SUB_ZSTDCOMP      76 /* compress_zstd.c */
-+ 
-+ #define KNET_SUB_UNKNOWN       UINT8_MAX - 1
-+ #define KNET_MAX_SUBSYSTEMS    UINT8_MAX
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 2d4d059..442f3ae 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -24,6 +24,7 @@
-+ %@lzo2@ lzo2
-+ %@lzma@ lzma
-+ %@bzip2@ bzip2
-++%@zstd@ zstd
-+ %@kronosnetd@ kronosnetd
-+ %@libnozzle@ libnozzle
-+ %@runautogen@ runautogen
-+@@ -60,6 +61,9 @@
-+ %if %{with bzip2}
-+ %global buildcompressbzip2 1
-+ %endif
-++%if %{with zstd}
-++%global buildcompresszstd 1
-++%endif
-+ %if %{with libnozzle}
-+ %global buildlibnozzle 1
-+ %endif
-+@@ -123,6 +127,9 @@ BuildRequires: xz-devel
-+ %if %{defined buildcompressbzip2}
-+ BuildRequires: /usr/include/bzlib.h
-+ %endif
-++%if %{defined buildcompresszstd}
-++BuildRequires: libzstd-devel
-++%endif
-+ %if %{defined buildkronosnetd}
-+ BuildRequires: pam-devel
-+ %endif
-+@@ -194,6 +201,11 @@ BuildRequires: libtool
-+ %else
-+      --disable-compress-bzip2 \
-+ %endif
-++%if %{defined buildcompresszstd}
-++     --enable-compress-zstd \
-++%else
-++     --disable-compress-zstd \
-++%endif
-+ %if %{defined buildkronosnetd}
-+      --enable-kronosnetd \
-+ %endif
-+@@ -490,6 +502,20 @@ Requires: libknet1 = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+ 
-++%if %{defined buildcompresszstd}
-++%package -n libknet1-compress-zstd-plugin
-++Group: System Environment/Libraries
-++Summary: libknet1 zstd support
-++Requires: libknet1 = %{version}-%{release}
-++
-++%description -n libknet1-compress-zstd-plugin
-++ zstd compression support for libknet1.
-++
-++%files -n libknet1-compress-zstd-plugin
-++%defattr(-,root,root,-)
-++%{_libdir}/kronosnet/compress_zstd.so
-++%endif
-++
-+ %package -n libknet1-crypto-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+@@ -523,6 +549,9 @@ Requires: libknet1-compress-lzma-plugin
-+ %if %{defined buildcompressbzip2}
-+ Requires: libknet1-compress-bzip2-plugin
-+ %endif
-++%if %{defined buildcompresszstd}
-++Requires: libknet1-compress-zstd-plugin
-++%endif
-+ 
-+ %description -n libknet1-compress-plugins-all
-+  meta package to install all of libknet1 compress plugins
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 278ff44..7eab454 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -40,6 +40,7 @@ static compress_model_t compress_modules_cmds[] = {
-+      { "lzo2" , 4, WITH_COMPRESS_LZO2 , 0, NULL },
-+      { "lzma" , 5, WITH_COMPRESS_LZMA , 0, NULL },
-+      { "bzip2", 6, WITH_COMPRESS_BZIP2, 0, NULL },
-++     { "zstd" , 7, WITH_COMPRESS_ZSTD, 0, NULL },
-+      { NULL, 255, 0, 0, NULL }
-+ };
-+ 
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+new file mode 100644
-+index 0000000..6f9b499
-+--- /dev/null
-++++ b/libknet/compress_zstd.c
-+@@ -0,0 +1,160 @@
-++/*
-++ * Copyright (C) 2017-2019 Red Hat, Inc.  All rights reserved.
-++ *
-++ * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-++ *
-++ * This software licensed under GPL-2.0+, LGPL-2.0+
-++ */
-++#define KNET_MODULE
-++
-++#include "config.h"
-++
-++#include <errno.h>
-++#include <stdlib.h>
-++#include <string.h>
-++#include <zstd.h>
-++
-++#include "logging.h"
-++#include "compress_model.h"
-++
-++struct zstd_ctx {
-++     ZSTD_CCtx* cctx;
-++     ZSTD_DCtx* dctx;
-++};
-++
-++static int zstd_is_init(
-++     knet_handle_t knet_h,
-++     int method_idx)
-++{
-++     if (knet_h->compress_int_data[method_idx]) {
-++             return 1;
-++     }
-++     return 0;
-++}
-++
-++static void zstd_fini(
-++     knet_handle_t knet_h,
-++     int method_idx)
-++{
-++     struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++
-++     if (zstd_ctx) {
-++             if (zstd_ctx->cctx) {
-++                     ZSTD_freeCCtx(zstd_ctx->cctx);
-++             }
-++             if (zstd_ctx->dctx) {
-++                     ZSTD_freeDCtx(zstd_ctx->dctx);
-++             }
-++             free(knet_h->compress_int_data[method_idx]);
-++             knet_h->compress_int_data[method_idx] = NULL;
-++     }
-++     return;
-++}
-++
-++static int zstd_init(
-++     knet_handle_t knet_h,
-++     int method_idx)
-++{
-++     struct zstd_ctx *zstd_ctx;
-++     int err = 0;
-++
-++     if (!knet_h->compress_int_data[method_idx]) {
-++             zstd_ctx = malloc(sizeof(struct zstd_ctx));
-++             if (!zstd_ctx) {
-++                     errno = ENOMEM;
-++                     return -1;
-++             }
-++             memset(zstd_ctx, 0, sizeof(struct zstd_ctx));
-++
-++             zstd_ctx->cctx = ZSTD_createCCtx();
-++             if (!zstd_ctx->cctx) {
-++                     log_err(knet_h, KNET_SUB_ZSTDCOMP, "Unable to create compression context");
-++                     err = -1;
-++                     goto out_err;
-++             }
-++
-++             zstd_ctx->dctx = ZSTD_createDCtx();
-++             if (!zstd_ctx->dctx) {
-++                     log_err(knet_h, KNET_SUB_ZSTDCOMP, "Unable to create decompression context");
-++                     err = -1;
-++                     goto out_err;
-++             }
-++
-++             knet_h->compress_int_data[method_idx] = zstd_ctx;
-++     }
-++
-++out_err:
-++     if (err) {
-++             zstd_fini(knet_h, method_idx);
-++     }
-++     return err;
-++}
-++
-++static int zstd_compress(
-++     knet_handle_t knet_h,
-++     const unsigned char *buf_in,
-++     const ssize_t buf_in_len,
-++     unsigned char *buf_out,
-++     ssize_t *buf_out_len)
-++{
-++     struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++     size_t compress_size;
-++
-++     compress_size = ZSTD_compressCCtx(zstd_ctx->cctx,
-++                                       buf_out, *buf_out_len,
-++                                       buf_in, buf_in_len,
-++                                       knet_h->compress_level);
-++
-++     if (ZSTD_isError(compress_size)) {
-++             log_err(knet_h, KNET_SUB_ZSTDCOMP, "error compressing packet: %s", ZSTD_getErrorName(compress_size));
-++             /*
-++              * ZSTD has lots of internal errors that are not easy to map
-++              * to standard errnos. Use a generic one for now
-++              */
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     *buf_out_len = compress_size;
-++
-++     return 0;
-++}
-++
-++static int zstd_decompress(
-++     knet_handle_t knet_h,
-++     const unsigned char *buf_in,
-++     const ssize_t buf_in_len,
-++     unsigned char *buf_out,
-++     ssize_t *buf_out_len)
-++{
-++     struct zstd_ctx *zstd_ctx = knet_h->compress_int_data[knet_h->compress_model];
-++     size_t decompress_size;
-++
-++     decompress_size = ZSTD_decompressDCtx(zstd_ctx->dctx,
-++                                           buf_out, *buf_out_len,
-++                                           buf_in, buf_in_len);
-++
-++     if (ZSTD_isError(decompress_size)) {
-++             log_err(knet_h, KNET_SUB_ZSTDCOMP, "error decompressing packet: %s", ZSTD_getErrorName(decompress_size));
-++             /*
-++              * ZSTD has lots of internal errors that are not easy to map
-++              * to standard errnos. Use a generic one for now
-++              */
-++             errno = EINVAL;
-++             return -1;
-++     }
-++
-++     *buf_out_len = decompress_size;
-++
-++     return 0;
-++}
-++
-++compress_ops_t compress_model = {
-++     KNET_COMPRESS_MODEL_ABI,
-++     zstd_is_init,
-++     zstd_init,
-++     zstd_fini,
-++     NULL,
-++     zstd_compress,
-++     zstd_decompress
-++};
-+diff --git a/libknet/logging.c b/libknet/logging.c
-+index 98bcfd1..5c91257 100644
-+--- a/libknet/logging.c
-++++ b/libknet/logging.c
-+@@ -47,6 +47,7 @@ static struct pretty_names subsystem_names[] =
-+      { "lzo2comp", KNET_SUB_LZO2COMP },
-+      { "lzmacomp", KNET_SUB_LZMACOMP },
-+      { "bzip2comp", KNET_SUB_BZIP2COMP },
-++     { "zstdcomp", KNET_SUB_ZSTDCOMP },
-+      { "unknown", KNET_SUB_UNKNOWN }         /* unknown MUST always be last in this array */
-+ };
-+ 
-diff --git a/debian/patches/crypto-fix-openssl1.0-initialization-code.patch b/debian/patches/crypto-fix-openssl1.0-initialization-code.patch
-new file mode 100644
-index 0000000..e01d382
---- /dev/null
-+++ b/debian/patches/crypto-fix-openssl1.0-initialization-code.patch
-@@ -0,0 +1,98 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 06:14:29 +0200
-+Subject: [crypto] fix openssl1.0 initialization code
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 0b20488500e8d13f17b7f584bdc7a301f44dbfe1)
-+---
-+ libknet/crypto_openssl.c | 28 ++++++++++++++++------------
-+ 1 file changed, 16 insertions(+), 12 deletions(-)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 5c7a74a..26acea8 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -12,6 +12,7 @@
-+ #include <string.h>
-+ #include <errno.h>
-+ #include <dlfcn.h>
-++#include <stdlib.h>
-+ #include <openssl/conf.h>
-+ #include <openssl/evp.h>
-+ #include <openssl/hmac.h>
-+@@ -43,6 +44,8 @@ struct opensslcrypto_instance {
-+      const EVP_MD *crypto_hash_type;
-+ };
-+ 
-++static int openssl_is_init = 0;
-++
-+ /*
-+  * crypt/decrypt functions openssl1.0
-+  */
-+@@ -438,6 +441,11 @@ static void openssl_internal_lock_cleanup(void)
-+      return;
-+ }
-+ 
-++static void openssl_atexit_handler(void)
-++{
-++     openssl_internal_lock_cleanup();
-++}
-++
-+ static int openssl_internal_lock_setup(void)
-+ {
-+      int savederrno = 0, err = 0;
-+@@ -461,6 +469,9 @@ static int openssl_internal_lock_setup(void)
-+      CRYPTO_set_id_callback((void *)openssl_internal_thread_id);
-+      CRYPTO_set_locking_callback((void *)&openssl_internal_locking_callback);
-+ 
-++     if (atexit(openssl_atexit_handler)) {
-++             err = -1;
-++     }
-+ out:
-+      if (err) {
-+              openssl_internal_lock_cleanup();
-+@@ -477,9 +488,6 @@ static void opensslcrypto_fini(
-+      struct opensslcrypto_instance *opensslcrypto_instance = crypto_instance->model_instance;
-+ 
-+      if (opensslcrypto_instance) {
-+-#ifdef BUILDCRYPTOOPENSSL10
-+-             openssl_internal_lock_cleanup();
-+-#endif
-+              if (opensslcrypto_instance->private_key) {
-+                      free(opensslcrypto_instance->private_key);
-+                      opensslcrypto_instance->private_key = NULL;
-+@@ -496,7 +504,6 @@ static int opensslcrypto_init(
-+      struct crypto_instance *crypto_instance,
-+      struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+-     static int openssl_is_init = 0;
-+      struct opensslcrypto_instance *opensslcrypto_instance = NULL;
-+      int savederrno;
-+ 
-+@@ -509,6 +516,11 @@ static int opensslcrypto_init(
-+ #ifdef BUILDCRYPTOOPENSSL10
-+              ERR_load_crypto_strings();
-+              OPENSSL_add_all_algorithms_noconf();
-++             if (openssl_internal_lock_setup() < 0) {
-++                     log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to init openssl");
-++                     errno = EAGAIN;
-++                     return -1;
-++             }
-+ #endif
-+ #ifdef BUILDCRYPTOOPENSSL11
-+              if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
-+@@ -521,14 +533,6 @@ static int opensslcrypto_init(
-+              openssl_is_init = 1;
-+      }
-+ 
-+-#ifdef BUILDCRYPTOOPENSSL10
-+-     if (openssl_internal_lock_setup() < 0) {
-+-             log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to init openssl");
-+-             errno = EAGAIN;
-+-             return -1;
-+-     }
-+-#endif
-+-
-+      crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-+      if (!crypto_instance->model_instance) {
-+              log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to allocate memory for openssl model instance");
-diff --git a/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch b/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-new file mode 100644
-index 0000000..5818833
---- /dev/null
-+++ b/debian/patches/crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-@@ -0,0 +1,137 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 11:54:08 +0200
-+Subject: [crypto] hide errors generated by openssl 1.1.1c
-+
-+see also:
-+https://github.com/kronosnet/kronosnet/issues/226
-+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930061#12
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5333de6a056af75d12eb0a2cc2e46e7b2bbf9082)
-+---
-+ build-aux/knet_valgrind_memcheck.supp | 115 ++++++++++++++++++++++++++++++++++
-+ 1 file changed, 115 insertions(+)
-+
-+diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
-+index a34ab93..92eabba 100644
-+--- a/build-aux/knet_valgrind_memcheck.supp
-++++ b/build-aux/knet_valgrind_memcheck.supp
-+@@ -612,3 +612,118 @@
-+    fun:malloc
-+    fun:dl_open_worker
-+ }
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Cond
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_generate
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_instantiate
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_get0_public
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:encrypt_openssl
-++   fun:opensslcrypto_encrypt_and_signv
-++   fun:opensslcrypto_encrypt_and_sign
-++   fun:_handle_check_each
-++   fun:_send_pings
-++   fun:_handle_heartbt_thread
-++   fun:start_thread
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Cond
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_generate
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_instantiate
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_get0_public
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:encrypt_openssl
-++   fun:opensslcrypto_encrypt_and_signv
-++   fun:opensslcrypto_encrypt_and_sign
-++   fun:_handle_check_each
-++   fun:_send_pings
-++   fun:_handle_heartbt_thread
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Cond
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_generate
-++   fun:RAND_DRBG_bytes
-++   fun:encrypt_openssl
-++   fun:opensslcrypto_encrypt_and_signv
-++   fun:opensslcrypto_encrypt_and_sign
-++   fun:_handle_check_each
-++   fun:_send_pings
-++   fun:_handle_heartbt_thread
-++   fun:start_thread
-++   fun:clone
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Cond
-++   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
-++   fun:RAND_DRBG_generate
-++   fun:RAND_DRBG_bytes
-++   fun:encrypt_openssl
-++   fun:opensslcrypto_encrypt_and_signv
-++   fun:opensslcrypto_encrypt_and_sign
-++   fun:_handle_check_each
-++   fun:_send_pings
-++   fun:_handle_heartbt_thread
-++   fun:start_thread
-++   fun:clone
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Param
-++   socketcall.sendto(msg)
-++   fun:sendto
-++   fun:_handle_check_each
-++   fun:_send_pings
-++   fun:_handle_heartbt_thread
-++   fun:start_thread
-++   fun:clone
-++}
-++{
-++
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Param
-++   socketcall.sendto(msg)
-++   fun:sendto
-++   fun:_parse_recv_from_links
-++   fun:_handle_recv_from_links
-++   fun:_handle_recv_from_links_thread
-++   fun:start_thread
-++   fun:clone
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Param
-++   socketcall.sendto(msg)
-++   fun:sendto
-++   fun:_handle_check_link_pmtud
-++   fun:_handle_check_pmtud
-++   fun:_handle_pmtud_link_thread
-++   fun:start_thread
-++   fun:clone
-++}
-++{
-++   openssl 1.1.1c missing fix from master
-++   Memcheck:Param
-++   sendmsg(msg.msg_iov[0])
-++   fun:__libc_sendmsg
-++   fun:sendmsg
-++   fun:_sendmmsg
-++   fun:_dispatch_to_links
-++   fun:_parse_recv_from_sock
-++   fun:_handle_send_to_links
-++   fun:_handle_send_to_links_thread
-++   fun:start_thread
-++   fun:clone
-++}
-diff --git a/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch b/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-new file mode 100644
-index 0000000..0d373a8
---- /dev/null
-+++ b/debian/patches/crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-@@ -0,0 +1,51 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:25:55 +0200
-+Subject: [crypto] make sure to clear all security info on crypto_fini
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 6888d04108a7eff36f4c562d464190e9886a073a)
-+---
-+ libknet/crypto.c         | 4 ++++
-+ libknet/crypto_nss.c     | 1 -
-+ libknet/crypto_openssl.c | 1 -
-+ 3 files changed, 4 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 41d67c9..5d39048 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -178,6 +178,10 @@ void crypto_fini(
-+                      crypto_modules_cmds[model].ops->fini(knet_h);
-+              }
-+              free(knet_h->crypto_instance);
-++             knet_h->sec_header_size = 0;
-++             knet_h->sec_block_size = 0;
-++             knet_h->sec_hash_size = 0;
-++             knet_h->sec_salt_size = 0;
-+              knet_h->crypto_instance = NULL;
-+      }
-+ 
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index 640b560..cc83827 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -740,7 +740,6 @@ static void nsscrypto_fini(
-+              }
-+              free(nsscrypto_instance);
-+              knet_h->crypto_instance->model_instance = NULL;
-+-             knet_h->sec_header_size = 0;
-+      }
-+ 
-+      return;
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 03d1014..73058cc 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -485,7 +485,6 @@ static void opensslcrypto_fini(
-+              }
-+              free(opensslcrypto_instance);
-+              knet_h->crypto_instance->model_instance = NULL;
-+-             knet_h->sec_header_size = 0;
-+      }
-+ 
-+      return;
-diff --git a/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch b/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-new file mode 100644
-index 0000000..8c99023
---- /dev/null
-+++ b/debian/patches/crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-@@ -0,0 +1,25 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 27 May 2019 12:42:33 +0200
-+Subject: [crypto] make sure to trigger a PMTUd rerun on each good crypto
-+ config change
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c9edaa7b632ee853351730ad4dcad7471919bb91)
-+---
-+ libknet/handle.c | 3 +++
-+ 1 file changed, 3 insertions(+)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index fd26bea..7009cc3 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1408,6 +1408,9 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+      }
-+ 
-+ exit_unlock:
-++     if (!err) {
-++             force_pmtud_run(knet_h, KNET_SUB_CRYPTO);
-++     }
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+      errno = err ? savederrno : 0;
-+      return err;
-diff --git a/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch b/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-new file mode 100644
-index 0000000..cf918e1
---- /dev/null
-+++ b/debian/patches/crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-@@ -0,0 +1,65 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 09:26:02 +0200
-+Subject: =?utf-8?q?=5Bcrypto=5D_openssl=3A_drop_calls_to_RAND=5Fseed_as_th?=
-+ =?utf-8?q?ey_don=C2=B4t_really_help_RNG?=
-+
-+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930061#12 for reference
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit a3c5adee1d30a751e76386ef31c1a817595bfd1b)
-+---
-+ libknet/crypto_openssl.c | 20 --------------------
-+ 1 file changed, 20 deletions(-)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 615a9e5..999ed93 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -69,11 +69,6 @@ static int encrypt_openssl(
-+ 
-+      EVP_CIPHER_CTX_init(&ctx);
-+ 
-+-     /*
-+-      * contribute to PRNG for each packet we send/receive
-+-      */
-+-     RAND_seed((unsigned char *)iov[iovcnt - 1].iov_base, iov[iovcnt - 1].iov_len);
-+-
-+      if (!RAND_bytes(salt, SALT_SIZE)) {
-+              ERR_error_string_n(ERR_get_error(), sslerr, sizeof(sslerr));
-+              log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to get random salt data: %s", sslerr);
-+@@ -130,11 +125,6 @@ static int decrypt_openssl (
-+ 
-+      EVP_CIPHER_CTX_init(&ctx);
-+ 
-+-     /*
-+-      * contribute to PRNG for each packet we send/receive
-+-      */
-+-     RAND_seed(buf_in, buf_in_len);
-+-
-+      /*
-+       * add warning re keylength
-+       */
-+@@ -181,11 +171,6 @@ static int encrypt_openssl(
-+ 
-+      ctx = EVP_CIPHER_CTX_new();
-+ 
-+-     /*
-+-      * contribute to PRNG for each packet we send/receive
-+-      */
-+-     RAND_seed((unsigned char *)iov[iovcnt - 1].iov_base, iov[iovcnt - 1].iov_len);
-+-
-+      if (!RAND_bytes(salt, SALT_SIZE)) {
-+              ERR_error_string_n(ERR_get_error(), sslerr, sizeof(sslerr));
-+              log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to get random salt data: %s", sslerr);
-+@@ -248,11 +233,6 @@ static int decrypt_openssl (
-+ 
-+      ctx = EVP_CIPHER_CTX_new();
-+ 
-+-     /*
-+-      * contribute to PRNG for each packet we send/receive
-+-      */
-+-     RAND_seed(buf_in, buf_in_len);
-+-
-+      /*
-+       * add warning re keylength
-+       */
-diff --git a/debian/patches/crypto-openssl-error-strings-release.patch b/debian/patches/crypto-openssl-error-strings-release.patch
-new file mode 100644
-index 0000000..6bcd03a
---- /dev/null
-+++ b/debian/patches/crypto-openssl-error-strings-release.patch
-@@ -0,0 +1,28 @@
-+From: yuan ren <yren@suse.com>
-+Date: Thu, 6 Jun 2019 13:46:01 +0800
-+Subject: [crypto]openssl error strings release
-+
-+In versions prior to OpenSSL 1.1.0, ERR_free_strings() releases
-+any resources created by ERR_load_crypto_strings.
-+
-+Signed-off-by: yuan ren <yren@suse.com>
-+(cherry picked from commit 80b7d93723e779b914f73ec2e8cd2ac632972eda)
-+---
-+ libknet/crypto_openssl.c | 4 ++++
-+ 1 file changed, 4 insertions(+)
-+
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 26acea8..615a9e5 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -496,6 +496,10 @@ static void opensslcrypto_fini(
-+              crypto_instance->model_instance = NULL;
-+      }
-+ 
-++#ifdef BUILDCRYPTOOPENSSL10
-++     ERR_free_strings();
-++#endif
-++
-+      return;
-+ }
-+ 
-diff --git a/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch b/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-new file mode 100644
-index 0000000..a555595
---- /dev/null
-+++ b/debian/patches/crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-@@ -0,0 +1,598 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 28 May 2019 05:24:47 +0200
-+Subject: [crypto] rework knet_handle_crypto external API to be more solid
-+
-+the API was rather weak and could potentially leave traffic uncrypted
-+in case of certain, corner case, failures.
-+
-+this patch is a subset of a bigger rework of the crypto layer that
-+will in future allow runtime reconfiguration without traffic disruption
-+of the crypto config.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 50b998f37c9285bf334eb578319030c06af141e0)
-+---
-+ libknet/crypto_model.h                 | 10 +++-
-+ libknet/libknet.h                      |  4 +-
-+ libknet/crypto.c                       | 63 ++++++++++++++--------
-+ libknet/crypto_nss.c                   | 56 +++++++++++---------
-+ libknet/crypto_openssl.c               | 30 ++++++-----
-+ libknet/handle.c                       |  3 +-
-+ libknet/tests/api_knet_handle_crypto.c | 96 +++++++++++++++++++++++++++++++++-
-+ 7 files changed, 190 insertions(+), 72 deletions(-)
-+
-+diff --git a/libknet/crypto_model.h b/libknet/crypto_model.h
-+index f11299a..9bb4f17 100644
-+--- a/libknet/crypto_model.h
-++++ b/libknet/crypto_model.h
-+@@ -14,9 +14,13 @@
-+ struct crypto_instance {
-+      int     model;
-+      void    *model_instance;
-++     size_t  sec_header_size;
-++     size_t  sec_block_size;
-++     size_t  sec_hash_size;
-++     size_t  sec_salt_size;
-+ };
-+ 
-+-#define KNET_CRYPTO_MODEL_ABI 1
-++#define KNET_CRYPTO_MODEL_ABI 2
-+ 
-+ /*
-+  * see compress_model.h for explanation of the various lib related functions
-+@@ -24,8 +28,10 @@ struct crypto_instance {
-+ typedef struct {
-+      uint8_t abi_ver;
-+      int (*init)     (knet_handle_t knet_h,
-++                      struct crypto_instance *crypto_instance,
-+                       struct knet_handle_crypto_cfg *knet_handle_crypto_cfg);
-+-     void (*fini)    (knet_handle_t knet_h);
-++     void (*fini)    (knet_handle_t knet_h,
-++                      struct crypto_instance *crypto_instance);
-+      int (*crypt)    (knet_handle_t knet_h,
-+                       const unsigned char *buf_in,
-+                       const ssize_t buf_in_len,
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 183c92d..85c06cc 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -700,9 +700,7 @@ struct knet_handle_crypto_cfg {
-+  *              1) failure to obtain locking
-+  *              2) errors to initializing the crypto level.
-+  *   This can happen even in subsequent calls to knet_handle_crypto.
-+- *   A failure in crypto init, might leave your traffic unencrypted!
-+- *   It's best to stop data forwarding (see knet_handle_setfwd(3)), change crypto config,
-+- *   start forward again.
-++ *   A failure in crypto init will restore the previous crypto configuration.
-+  *
-+  * @return
-+  * knet_handle_crypto returns:
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 5d39048..6c340f5 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -80,8 +80,11 @@ int crypto_init(
-+      knet_handle_t knet_h,
-+      struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+-     int savederrno = 0;
-++     int err = 0, savederrno = 0;
-+      int model = 0;
-++     struct crypto_instance *current = NULL, *new = NULL;
-++
-++     current = knet_h->crypto_instance;
-+ 
-+      model = crypto_get_model(knet_handle_crypto_cfg->crypto_model);
-+      if (model < 0) {
-+@@ -105,16 +108,18 @@ int crypto_init(
-+              crypto_modules_cmds[model].ops = load_module (knet_h, "crypto", crypto_modules_cmds[model].model_name);
-+              if (!crypto_modules_cmds[model].ops) {
-+                      savederrno = errno;
-++                     err = -1;
-+                      log_err(knet_h, KNET_SUB_CRYPTO, "Unable to load %s lib", crypto_modules_cmds[model].model_name);
-+-                     goto out_err;
-++                     goto out;
-+              }
-+              if (crypto_modules_cmds[model].ops->abi_ver != KNET_CRYPTO_MODEL_ABI) {
-++                     savederrno = EINVAL;
-++                     err = -1;
-+                      log_err(knet_h, KNET_SUB_CRYPTO,
-+                              "ABI mismatch loading module %s. knet ver: %d, module ver: %d",
-+                              crypto_modules_cmds[model].model_name, KNET_CRYPTO_MODEL_ABI,
-+                              crypto_modules_cmds[model].ops->abi_ver);
-+-                     savederrno = EINVAL;
-+-                     goto out_err;
-++                     goto out;
-+              }
-+              crypto_modules_cmds[model].loaded = 1;
-+      }
-+@@ -125,12 +130,13 @@ int crypto_init(
-+                knet_handle_crypto_cfg->crypto_cipher_type,
-+                knet_handle_crypto_cfg->crypto_hash_type);
-+ 
-+-     knet_h->crypto_instance = malloc(sizeof(struct crypto_instance));
-++     new = malloc(sizeof(struct crypto_instance));
-+ 
-+-     if (!knet_h->crypto_instance) {
-+-             log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-++     if (!new) {
-+              savederrno = ENOMEM;
-+-             goto out_err;
-++             err = -1;
-++             log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-++             goto out;
-+      }
-+ 
-+      /*
-+@@ -138,32 +144,44 @@ int crypto_init(
-+       * it will clean everything by itself.
-+       * crypto_modules_cmds.ops->fini is not invoked on error.
-+       */
-+-     knet_h->crypto_instance->model = model;
-+-     if (crypto_modules_cmds[knet_h->crypto_instance->model].ops->init(knet_h, knet_handle_crypto_cfg)) {
-++     new->model = model;
-++     if (crypto_modules_cmds[model].ops->init(knet_h, new, knet_handle_crypto_cfg)) {
-+              savederrno = errno;
-+-             goto out_err;
-++             err = -1;
-++             goto out;
-+      }
-+ 
-+      log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size);
-+-     pthread_rwlock_unlock(&shlib_rwlock);
-+-     return 0;
-+ 
-+-out_err:
-+-     if (knet_h->crypto_instance) {
-+-             free(knet_h->crypto_instance);
-+-             knet_h->crypto_instance = NULL;
-++out:
-++     if (!err) {
-++             knet_h->crypto_instance = new;
-++             knet_h->sec_header_size = new->sec_header_size;
-++             knet_h->sec_block_size = new->sec_block_size;
-++             knet_h->sec_hash_size = new->sec_hash_size;
-++             knet_h->sec_salt_size = new->sec_salt_size;
-++
-++             if (current) {
-++                     if (crypto_modules_cmds[current->model].ops->fini != NULL) {
-++                             crypto_modules_cmds[current->model].ops->fini(knet_h, current);
-++                     }
-++                     free(current);
-++             }
-++     } else {
-++             if (new) {
-++                     free(new);
-++             }
-+      }
-+ 
-+      pthread_rwlock_unlock(&shlib_rwlock);
-+-     errno = savederrno;
-+-     return -1;
-++     errno = err ? savederrno : 0;
-++     return err;
-+ }
-+ 
-+ void crypto_fini(
-+      knet_handle_t knet_h)
-+ {
-+      int savederrno = 0;
-+-     int model = 0;
-+ 
-+      savederrno = pthread_rwlock_wrlock(&shlib_rwlock);
-+      if (savederrno) {
-+@@ -173,9 +191,8 @@ void crypto_fini(
-+      }
-+ 
-+      if (knet_h->crypto_instance) {
-+-             model = knet_h->crypto_instance->model;
-+-             if (crypto_modules_cmds[model].ops->fini != NULL) {
-+-                     crypto_modules_cmds[model].ops->fini(knet_h);
-++             if (crypto_modules_cmds[knet_h->crypto_instance->model].ops->fini != NULL) {
-++                     crypto_modules_cmds[knet_h->crypto_instance->model].ops->fini(knet_h, knet_h->crypto_instance);
-+              }
-+              free(knet_h->crypto_instance);
-+              knet_h->sec_header_size = 0;
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index cc83827..5c3a437 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -155,9 +155,11 @@ static int nssstring_to_crypto_cipher_type(const char* crypto_cipher_type)
-+      return -1;
-+ }
-+ 
-+-static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h, enum sym_key_type key_type)
-++static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h,
-++                                        struct crypto_instance *crypto_instance,
-++                                        enum sym_key_type key_type)
-+ {
-+-     struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++     struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+      SECItem key_item;
-+      PK11SlotInfo *slot;
-+      PK11SymKey *res_key;
-+@@ -323,15 +325,15 @@ exit_res_key:
-+      return (res_key);
-+ }
-+ 
-+-static int init_nss_crypto(knet_handle_t knet_h)
-++static int init_nss_crypto(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+-     struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++     struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+ 
-+      if (!cipher_to_nss[instance->crypto_cipher_type]) {
-+              return 0;
-+      }
-+ 
-+-     instance->nss_sym_key = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_CRYPT);
-++     instance->nss_sym_key = nssimport_symmetric_key(knet_h, crypto_instance, SYM_KEY_TYPE_CRYPT);
-+      if (instance->nss_sym_key == NULL) {
-+              errno = ENXIO; /* NSS reported error */
-+              return -1;
-+@@ -512,15 +514,15 @@ static int nssstring_to_crypto_hash_type(const char* crypto_hash_type)
-+      return -1;
-+ }
-+ 
-+-static int init_nss_hash(knet_handle_t knet_h)
-++static int init_nss_hash(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+-     struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
-++     struct nsscrypto_instance *instance = crypto_instance->model_instance;
-+ 
-+      if (!hash_to_nss[instance->crypto_hash_type]) {
-+              return 0;
-+      }
-+ 
-+-     instance->nss_sym_key_sign = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_HASH);
-++     instance->nss_sym_key_sign = nssimport_symmetric_key(knet_h, crypto_instance, SYM_KEY_TYPE_HASH);
-+      if (instance->nss_sym_key_sign == NULL) {
-+              errno = ENXIO; /* NSS reported error */
-+              return -1;
-+@@ -594,7 +596,7 @@ out:
-+  * global/glue nss functions
-+  */
-+ 
-+-static int init_nss(knet_handle_t knet_h)
-++static int init_nss(knet_handle_t knet_h, struct crypto_instance *crypto_instance)
-+ {
-+      static int at_exit_registered = 0;
-+ 
-+@@ -617,11 +619,11 @@ static int init_nss(knet_handle_t knet_h)
-+              nss_db_is_init = 1;
-+      }
-+ 
-+-     if (init_nss_crypto(knet_h) < 0) {
-++     if (init_nss_crypto(knet_h, crypto_instance) < 0) {
-+              return -1;
-+      }
-+ 
-+-     if (init_nss_hash(knet_h) < 0) {
-++     if (init_nss_hash(knet_h, crypto_instance) < 0) {
-+              return -1;
-+      }
-+ 
-+@@ -725,9 +727,10 @@ static int nsscrypto_authenticate_and_decrypt (
-+ }
-+ 
-+ static void nsscrypto_fini(
-+-     knet_handle_t knet_h)
-++     knet_handle_t knet_h,
-++     struct crypto_instance *crypto_instance)
-+ {
-+-     struct nsscrypto_instance *nsscrypto_instance = knet_h->crypto_instance->model_instance;
-++     struct nsscrypto_instance *nsscrypto_instance = crypto_instance->model_instance;
-+ 
-+      if (nsscrypto_instance) {
-+              if (nsscrypto_instance->nss_sym_key) {
-+@@ -739,7 +742,7 @@ static void nsscrypto_fini(
-+                      nsscrypto_instance->nss_sym_key_sign = NULL;
-+              }
-+              free(nsscrypto_instance);
-+-             knet_h->crypto_instance->model_instance = NULL;
-++             crypto_instance->model_instance = NULL;
-+      }
-+ 
-+      return;
-+@@ -747,6 +750,7 @@ static void nsscrypto_fini(
-+ 
-+ static int nsscrypto_init(
-+      knet_handle_t knet_h,
-++     struct crypto_instance *crypto_instance,
-+      struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+      struct nsscrypto_instance *nsscrypto_instance = NULL;
-+@@ -757,14 +761,14 @@ static int nsscrypto_init(
-+                knet_handle_crypto_cfg->crypto_cipher_type,
-+                knet_handle_crypto_cfg->crypto_hash_type);
-+ 
-+-     knet_h->crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-+-     if (!knet_h->crypto_instance->model_instance) {
-++     crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-++     if (!crypto_instance->model_instance) {
-+              log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to allocate memory for nss model instance");
-+              errno = ENOMEM;
-+              return -1;
-+      }
-+ 
-+-     nsscrypto_instance = knet_h->crypto_instance->model_instance;
-++     nsscrypto_instance = crypto_instance->model_instance;
-+ 
-+      memset(nsscrypto_instance, 0, sizeof(struct nsscrypto_instance));
-+ 
-+@@ -792,16 +796,16 @@ static int nsscrypto_init(
-+      nsscrypto_instance->private_key = knet_handle_crypto_cfg->private_key;
-+      nsscrypto_instance->private_key_len = knet_handle_crypto_cfg->private_key_len;
-+ 
-+-     if (init_nss(knet_h) < 0) {
-++     if (init_nss(knet_h, crypto_instance) < 0) {
-+              savederrno = errno;
-+              goto out_err;
-+      }
-+ 
-+-     knet_h->sec_header_size = 0;
-++     crypto_instance->sec_header_size = 0;
-+ 
-+      if (nsscrypto_instance->crypto_hash_type > 0) {
-+-             knet_h->sec_header_size += nsshash_len[nsscrypto_instance->crypto_hash_type];
-+-             knet_h->sec_hash_size = nsshash_len[nsscrypto_instance->crypto_hash_type];
-++             crypto_instance->sec_header_size += nsshash_len[nsscrypto_instance->crypto_hash_type];
-++             crypto_instance->sec_hash_size = nsshash_len[nsscrypto_instance->crypto_hash_type];
-+      }
-+ 
-+      if (nsscrypto_instance->crypto_cipher_type > 0) {
-+@@ -817,16 +821,16 @@ static int nsscrypto_init(
-+                      }
-+              }
-+ 
-+-             knet_h->sec_header_size += (block_size * 2);
-+-             knet_h->sec_header_size += SALT_SIZE;
-+-             knet_h->sec_salt_size = SALT_SIZE;
-+-             knet_h->sec_block_size = block_size;
-++             crypto_instance->sec_header_size += (block_size * 2);
-++             crypto_instance->sec_header_size += SALT_SIZE;
-++             crypto_instance->sec_salt_size = SALT_SIZE;
-++             crypto_instance->sec_block_size = block_size;
-+      }
-+ 
-+      return 0;
-+ 
-+ out_err:
-+-     nsscrypto_fini(knet_h);
-++     nsscrypto_fini(knet_h, crypto_instance);
-+      errno = savederrno;
-+      return -1;
-+ }
-+diff --git a/libknet/crypto_openssl.c b/libknet/crypto_openssl.c
-+index 73058cc..5c7a74a 100644
-+--- a/libknet/crypto_openssl.c
-++++ b/libknet/crypto_openssl.c
-+@@ -471,9 +471,10 @@ out:
-+ #endif
-+ 
-+ static void opensslcrypto_fini(
-+-     knet_handle_t knet_h)
-++     knet_handle_t knet_h,
-++     struct crypto_instance *crypto_instance)
-+ {
-+-     struct opensslcrypto_instance *opensslcrypto_instance = knet_h->crypto_instance->model_instance;
-++     struct opensslcrypto_instance *opensslcrypto_instance = crypto_instance->model_instance;
-+ 
-+      if (opensslcrypto_instance) {
-+ #ifdef BUILDCRYPTOOPENSSL10
-+@@ -484,7 +485,7 @@ static void opensslcrypto_fini(
-+                      opensslcrypto_instance->private_key = NULL;
-+              }
-+              free(opensslcrypto_instance);
-+-             knet_h->crypto_instance->model_instance = NULL;
-++             crypto_instance->model_instance = NULL;
-+      }
-+ 
-+      return;
-+@@ -492,6 +493,7 @@ static void opensslcrypto_fini(
-+ 
-+ static int opensslcrypto_init(
-+      knet_handle_t knet_h,
-++     struct crypto_instance *crypto_instance,
-+      struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
-+ {
-+      static int openssl_is_init = 0;
-+@@ -527,14 +529,14 @@ static int opensslcrypto_init(
-+      }
-+ #endif
-+ 
-+-     knet_h->crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-+-     if (!knet_h->crypto_instance->model_instance) {
-++     crypto_instance->model_instance = malloc(sizeof(struct opensslcrypto_instance));
-++     if (!crypto_instance->model_instance) {
-+              log_err(knet_h, KNET_SUB_OPENSSLCRYPTO, "Unable to allocate memory for openssl model instance");
-+              errno = ENOMEM;
-+              return -1;
-+      }
-+ 
-+-     opensslcrypto_instance = knet_h->crypto_instance->model_instance;
-++     opensslcrypto_instance = crypto_instance->model_instance;
-+ 
-+      memset(opensslcrypto_instance, 0, sizeof(struct opensslcrypto_instance));
-+ 
-+@@ -576,11 +578,11 @@ static int opensslcrypto_init(
-+      memmove(opensslcrypto_instance->private_key, knet_handle_crypto_cfg->private_key, knet_handle_crypto_cfg->private_key_len);
-+      opensslcrypto_instance->private_key_len = knet_handle_crypto_cfg->private_key_len;
-+ 
-+-     knet_h->sec_header_size = 0;
-++     crypto_instance->sec_header_size = 0;
-+ 
-+      if (opensslcrypto_instance->crypto_hash_type) {
-+-             knet_h->sec_hash_size = EVP_MD_size(opensslcrypto_instance->crypto_hash_type);
-+-             knet_h->sec_header_size += knet_h->sec_hash_size;
-++             crypto_instance->sec_hash_size = EVP_MD_size(opensslcrypto_instance->crypto_hash_type);
-++             crypto_instance->sec_header_size += crypto_instance->sec_hash_size;
-+      }
-+ 
-+      if (opensslcrypto_instance->crypto_cipher_type) {
-+@@ -588,16 +590,16 @@ static int opensslcrypto_init(
-+ 
-+              block_size = EVP_CIPHER_block_size(opensslcrypto_instance->crypto_cipher_type);
-+ 
-+-             knet_h->sec_header_size += (block_size * 2);
-+-             knet_h->sec_header_size += SALT_SIZE;
-+-             knet_h->sec_salt_size = SALT_SIZE;
-+-             knet_h->sec_block_size = block_size;
-++             crypto_instance->sec_header_size += (block_size * 2);
-++             crypto_instance->sec_header_size += SALT_SIZE;
-++             crypto_instance->sec_salt_size = SALT_SIZE;
-++             crypto_instance->sec_block_size = block_size;
-+      }
-+ 
-+      return 0;
-+ 
-+ out_err:
-+-     opensslcrypto_fini(knet_h);
-++     opensslcrypto_fini(knet_h, crypto_instance);
-+ 
-+      errno = savederrno;
-+      return -1;
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 7009cc3..e95c6c1 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1374,11 +1374,10 @@ int knet_handle_crypto(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet
-+              return -1;
-+      }
-+ 
-+-     crypto_fini(knet_h);
-+-
-+      if ((!strncmp("none", knet_handle_crypto_cfg->crypto_model, 4)) || 
-+          ((!strncmp("none", knet_handle_crypto_cfg->crypto_cipher_type, 4)) &&
-+           (!strncmp("none", knet_handle_crypto_cfg->crypto_hash_type, 4)))) {
-++             crypto_fini(knet_h);
-+              log_debug(knet_h, KNET_SUB_CRYPTO, "crypto is not enabled");
-+              err = 0;
-+              goto exit_unlock;
-+diff --git a/libknet/tests/api_knet_handle_crypto.c b/libknet/tests/api_knet_handle_crypto.c
-+index 1805909..9dbf5bc 100644
-+--- a/libknet/tests/api_knet_handle_crypto.c
-++++ b/libknet/tests/api_knet_handle_crypto.c
-+@@ -17,13 +17,15 @@
-+ #include "libknet.h"
-+ 
-+ #include "internals.h"
-++#include "crypto_model.h"
-+ #include "test-common.h"
-+ 
-+-static void test(const char *model)
-++static void test(const char *model, const char *model2)
-+ {
-+      knet_handle_t knet_h;
-+      int logfds[2];
-+      struct knet_handle_crypto_cfg knet_handle_crypto_cfg;
-++     struct crypto_instance *current = NULL;
-+ 
-+      memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-+ 
-+@@ -152,6 +154,96 @@ static void test(const char *model)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-++     printf("Test knet_handle_crypto reconfig with %s/aes128/sha1 and normal key\n", model2);
-++
-++     current = knet_h->crypto_instance;
-++
-++     memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++     strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++     knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++     if (knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++             printf("knet_handle_crypto failed with correct config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     if (current == knet_h->crypto_instance) {
-++             printf("knet_handle_crypto failed to install new correct config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_handle_crypto reconfig with %s/aes128/sha1 and normal key\n", model);
-++
-++     current = knet_h->crypto_instance;
-++
-++     memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++     strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++     knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++     if (knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++             printf("knet_handle_crypto failed with correct config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     if (current == knet_h->crypto_instance) {
-++             printf("knet_handle_crypto failed to install new correct config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     printf("Test knet_handle_crypto reconfig with %s/aes129/sha1 and normal key\n", model);
-++
-++     current = knet_h->crypto_instance;
-++
-++     memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-++     strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes129", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
-++     strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
-++     knet_handle_crypto_cfg.private_key_len = 2000;
-++
-++     if (!knet_handle_crypto(knet_h, &knet_handle_crypto_cfg)) {
-++             printf("knet_handle_crypto failed to detect incorrect config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-++     if (current != knet_h->crypto_instance) {
-++             printf("knet_handle_crypto failed to restore correct config: %s\n", strerror(errno));
-++             knet_handle_free(knet_h);
-++             flush_logs(logfds[0], stdout);
-++             close_logpipes(logfds);
-++             exit(FAIL);
-++     }
-++
-++     flush_logs(logfds[0], stdout);
-++
-+      printf("Test knet_handle_crypto with %s/aes128/none and normal key\n", model);
-+ 
-+      memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
-+@@ -233,7 +325,7 @@ int main(int argc, char *argv[])
-+      }
-+ 
-+      for (i=0; i < crypto_list_entries; i++) {
-+-             test(crypto_list[i].name);
-++             test(crypto_list[i].name, crypto_list[0].name);
-+      }
-+ 
-+      return PASS;
-diff --git a/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch b/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-new file mode 100644
-index 0000000..a079030
---- /dev/null
-+++ b/debian/patches/doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-@@ -0,0 +1,23 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 11 Jun 2019 16:09:54 +0200
-+Subject: [doc] fix a merge oversight from
-+ 541d7faf9068d10e12b4278c35825ce1353db081
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ef89e9d900db037c82e03406dcf426ff62649e7d)
-+---
-+ libknet/libknet.h | 1 +
-+ 1 file changed, 1 insertion(+)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 85c06cc..907213f 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1511,6 +1511,7 @@ typedef enum {
-+ 
-+ /**
-+  * check_acceptreject_t
-++ *
-+  * @brief enum for accept/reject in knet access lists
-+  *
-+  * accept or reject incoming packets defined in the access list entry
-diff --git a/debian/patches/global-update-copyright-across-the-board.patch b/debian/patches/global-update-copyright-across-the-board.patch
-new file mode 100644
-index 0000000..9230a7c
---- /dev/null
-+++ b/debian/patches/global-update-copyright-across-the-board.patch
-@@ -0,0 +1,129 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 26 Mar 2019 13:45:52 +0100
-+Subject: [global] update copyright across the board
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 27a7d1cb61bd66d8e36dd663075cf5d0f2d385e4)
-+---
-+ libknet/links_acl_ip.h                              | 2 +-
-+ libknet/links_acl_loopback.h                        | 2 +-
-+ libknet/links_acl_ip.c                              | 2 +-
-+ libknet/links_acl_loopback.c                        | 2 +-
-+ libknet/tests/api_knet_handle_enable_access_lists.c | 2 +-
-+ libknet/tests/api_knet_link_add_acl.c               | 2 +-
-+ libknet/tests/api_knet_link_clear_acl.c             | 2 +-
-+ libknet/tests/api_knet_link_insert_acl.c            | 2 +-
-+ libknet/tests/api_knet_link_rm_acl.c                | 2 +-
-+ libknet/tests/int_links_acl_ip.c                    | 2 +-
-+ 10 files changed, 10 insertions(+), 10 deletions(-)
-+
-+diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
-+index fac58e2..b33ffb1 100644
-+--- a/libknet/links_acl_ip.h
-++++ b/libknet/links_acl_ip.h
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
-+index e75c4a4..b51d2bf 100644
-+--- a/libknet/links_acl_loopback.h
-++++ b/libknet/links_acl_loopback.h
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
-+index 642027b..9310f21 100644
-+--- a/libknet/links_acl_ip.c
-++++ b/libknet/links_acl_ip.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
-+index 97f8198..044a51c 100644
-+--- a/libknet/links_acl_loopback.c
-++++ b/libknet/links_acl_loopback.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-+diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
-+index fc3bcc1..d08f175 100644
-+--- a/libknet/tests/api_knet_handle_enable_access_lists.c
-++++ b/libknet/tests/api_knet_handle_enable_access_lists.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
-+index b018165..ff7a2e2 100644
-+--- a/libknet/tests/api_knet_link_add_acl.c
-++++ b/libknet/tests/api_knet_link_add_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
-+index 78b7d79..234a76b 100644
-+--- a/libknet/tests/api_knet_link_clear_acl.c
-++++ b/libknet/tests/api_knet_link_clear_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2016-2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
-+index 547f92b..79d04df 100644
-+--- a/libknet/tests/api_knet_link_insert_acl.c
-++++ b/libknet/tests/api_knet_link_insert_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
-+index 49a82d9..d132c54 100644
-+--- a/libknet/tests/api_knet_link_rm_acl.c
-++++ b/libknet/tests/api_knet_link_rm_acl.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-+diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
-+index a7d2aed..93dff63 100644
-+--- a/libknet/tests/int_links_acl_ip.c
-++++ b/libknet/tests/int_links_acl_ip.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Christine Caulfield <ccaulfie@redhat.com>
-+  *
-diff --git a/debian/patches/global-update-copyrights.patch b/debian/patches/global-update-copyrights.patch
-new file mode 100644
-index 0000000..4557faf
---- /dev/null
-+++ b/debian/patches/global-update-copyrights.patch
-@@ -0,0 +1,21 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 12 Jun 2019 05:23:47 +0200
-+Subject: [global] update copyrights
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5d6813ecfb9187d031a1195a6670bd174680d478)
-+---
-+ libknet/compress_zstd.c | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/libknet/compress_zstd.c b/libknet/compress_zstd.c
-+index f76ea5f..e234f8d 100644
-+--- a/libknet/compress_zstd.c
-++++ b/libknet/compress_zstd.c
-+@@ -1,5 +1,5 @@
-+ /*
-+- * Copyright (C) 2017-2019 Red Hat, Inc.  All rights reserved.
-++ * Copyright (C) 2019 Red Hat, Inc.  All rights reserved.
-+  *
-+  * Author: Fabio M. Di Nitto <fabbione@kronosnet.org>
-+  *
-diff --git a/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch b/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
-new file mode 100644
-index 0000000..ca34a5d
---- /dev/null
-+++ b/debian/patches/handle-properly-initialize-fd-tracker-buffers.patch
-@@ -0,0 +1,26 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Wed, 13 Feb 2019 09:14:45 +0100
-+Subject: [handle] properly initialize fd tracker buffers
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 4a76e6de56d50c6c4c78af996d0f97d8df34dadd)
-+---
-+ libknet/handle.c | 5 ++++-
-+ 1 file changed, 4 insertions(+), 1 deletion(-)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 6cd49f5..0a2f75a 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -309,7 +309,10 @@ static int _init_buffers(knet_handle_t knet_h)
-+      }
-+      memset(knet_h->send_to_links_buf_compress, 0, KNET_DATABUFSIZE_COMPRESS);
-+ 
-+-     memset(knet_h->knet_transport_fd_tracker, KNET_MAX_TRANSPORTS, sizeof(knet_h->knet_transport_fd_tracker));
-++     memset(knet_h->knet_transport_fd_tracker, 0, sizeof(knet_h->knet_transport_fd_tracker));
-++     for (i = 0; i < KNET_MAX_FDS; i++) {
-++             knet_h->knet_transport_fd_tracker[i].transport = KNET_MAX_TRANSPORTS;
-++     }
-+ 
-+      return 0;
-+ 
-diff --git a/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch b/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-new file mode 100644
-index 0000000..ba846ab
---- /dev/null
-+++ b/debian/patches/links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-@@ -0,0 +1,77 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 9 May 2019 15:44:41 +0200
-+Subject: [links] rename tranport_type to transport to avoid confusion (part 2)
-+
-+complements be9d053efafc822cabd696914d53b5dfe25fb4fd due to early
-+cherry-pick of 7033ddab505a0cf3655115fe5037579b7c882a8c
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit e1345c4f44efd7db79376a3985e4a6aab1461c6f)
-+---
-+ libknet/threads_heartbeat.c | 2 +-
-+ libknet/threads_pmtud.c     | 2 +-
-+ libknet/threads_rx.c        | 4 ++--
-+ libknet/threads_tx.c        | 2 +-
-+ 4 files changed, 5 insertions(+), 5 deletions(-)
-+
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 413b5b7..8def9b8 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -85,7 +85,7 @@ static void _handle_check_each(knet_handle_t knet_h, struct knet_host *dst_host,
-+              }
-+ 
-+ retry:
-+-             if (transport_get_connection_oriented(knet_h, dst_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++             if (transport_get_connection_oriented(knet_h, dst_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+                      len = sendto(dst_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+                                   (struct sockaddr *) &dst_link->dst_addr, sizeof(struct sockaddr_storage));
-+              } else {
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 1a84540..0050557 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -172,7 +172,7 @@ restart:
-+              return -1;
-+      }
-+ retry:
-+-     if (transport_get_connection_oriented(knet_h, dst_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++     if (transport_get_connection_oriented(knet_h, dst_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+              len = sendto(dst_link->outsock, outbuf, data_len, MSG_DONTWAIT | MSG_NOSIGNAL,
-+                           (struct sockaddr *) &dst_link->dst_addr, sizeof(struct sockaddr_storage));
-+      } else {
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 4670829..6417261 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -578,7 +578,7 @@ static void _parse_recv_from_links(knet_handle_t knet_h, int sockfd, const struc
-+              }
-+ 
-+ retry_pong:
-+-             if (transport_get_connection_oriented(knet_h, src_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++             if (transport_get_connection_oriented(knet_h, src_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+                      len = sendto(src_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+                                   (struct sockaddr *) &src_link->dst_addr, sizeof(struct sockaddr_storage));
-+              } else {
-+@@ -674,7 +674,7 @@ retry_pong:
-+                      goto out_pmtud;
-+              }
-+ retry_pmtud:
-+-             if (transport_get_connection_oriented(knet_h, src_link->transport_type) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-++             if (transport_get_connection_oriented(knet_h, src_link->transport) == TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED) {
-+                      len = sendto(src_link->outsock, outbuf, outlen, MSG_DONTWAIT | MSG_NOSIGNAL,
-+                                   (struct sockaddr *) &src_link->dst_addr, sizeof(struct sockaddr_storage));
-+              } else {
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index b904e12..e987eb1 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -68,7 +68,7 @@ retry:
-+              cur = &msg[prev_sent];
-+ 
-+              sent_msgs = _sendmmsg(dst_host->link[dst_host->active_links[link_idx]].outsock,
-+-                                   transport_get_connection_oriented(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport_type),
-++                                   transport_get_connection_oriented(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport),
-+                                    &cur[0], msgs_to_send - prev_sent, MSG_DONTWAIT | MSG_NOSIGNAL);
-+              savederrno = errno;
-+ 
-diff --git a/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch b/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
-new file mode 100644
-index 0000000..48df681
---- /dev/null
-+++ b/debian/patches/links-rename-transport_type-to-transport-to-avoid-confusi.patch
-@@ -0,0 +1,196 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Fri, 22 Feb 2019 05:31:42 +0100
-+Subject: [links] rename transport_type to transport to avoid confusion
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit c02c06feed59b18948d0107d2ec4cc2a9182554a)
-+---
-+ libknet/internals.h         |  2 +-
-+ libknet/links.c             | 10 +++++-----
-+ libknet/threads_heartbeat.c |  6 +++---
-+ libknet/threads_pmtud.c     |  4 ++--
-+ libknet/threads_rx.c        |  4 ++--
-+ libknet/threads_tx.c        |  4 ++--
-+ libknet/transports.c        |  6 +++---
-+ 7 files changed, 18 insertions(+), 18 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index 0d6ee3f..2135fb8 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -62,7 +62,7 @@ struct knet_link {
-+      struct knet_link_status status;
-+      /* internals */
-+      uint8_t link_id;
-+-     uint8_t transport_type;                 /* #defined constant from API */
-++     uint8_t transport;                      /* #defined constant from API */
-+      knet_transport_link_t transport_link;   /* link_info_t from transport */
-+      int outsock;
-+      unsigned int configured:1;              /* set to 1 if src/dst have been configured transport initialized on this link*/
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 1693df6..dd64a15 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -351,7 +351,7 @@ int knet_link_get_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ 
-+      memmove(src_addr, &link->src_addr, sizeof(struct sockaddr_storage));
-+ 
-+-     *transport = link->transport_type;
-++     *transport = link->transport;
-+      *flags = link->flags;
-+ 
-+      if (link->dynamic == KNET_LINK_STATIC) {
-+@@ -426,9 +426,9 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * then we can remove any leftover access lists if the link
-+       * is no longer in use.
-+       */
-+-     if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++     if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+          (link->dynamic == KNET_LINK_STATIC)) {
-+-             if (check_rm(knet_h, link->outsock, link->transport_type,
-++             if (check_rm(knet_h, link->outsock, link->transport,
-+                           &link->dst_addr, &link->dst_addr,
-+                           CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
-+                      err = -1;
-+@@ -444,7 +444,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * will clear link info during clear_config.
-+       */
-+      sock = link->outsock;
-+-     transport = link->transport_type;
-++     transport = link->transport;
-+ 
-+      if ((transport_link_clear_config(knet_h, link) < 0)  &&
-+          (errno != EBUSY)) {
-+@@ -457,7 +457,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+       * remove any other access lists when the socket is no
-+       * longer in use by the transport.
-+       */
-+-     if ((transport_get_acl_type(knet_h, link->transport_type) == USE_GENERIC_ACL) &&
-++     if ((transport_get_acl_type(knet_h, link->transport) == USE_GENERIC_ACL) &&
-+          (knet_h->knet_transport_fd_tracker[sock].transport == KNET_MAX_TRANSPORTS)) {
-+              check_rmall(knet_h, sock, transport);
-+      }
-+diff --git a/libknet/threads_heartbeat.c b/libknet/threads_heartbeat.c
-+index 5d4189f..413b5b7 100644
-+--- a/libknet/threads_heartbeat.c
-++++ b/libknet/threads_heartbeat.c
-+@@ -98,7 +98,7 @@ retry:
-+              dst_link->status.stats.tx_ping_bytes += outlen;
-+ 
-+              if (len != outlen) {
-+-                     err = transport_tx_sock_error(knet_h, dst_link->transport_type, dst_link->outsock, len, savederrno);
-++                     err = transport_tx_sock_error(knet_h, dst_link->transport, dst_link->outsock, len, savederrno);
-+                      switch(err) {
-+                              case -1: /* unrecoverable error */
-+                                      log_debug(knet_h, KNET_SUB_HEARTBEAT,
-+@@ -140,7 +140,7 @@ void _send_pings(knet_handle_t knet_h, int timed)
-+      for (dst_host = knet_h->host_head; dst_host != NULL; dst_host = dst_host->next) {
-+              for (link_idx = 0; link_idx < KNET_MAX_LINK; link_idx++) {
-+                      if ((dst_host->link[link_idx].status.enabled != 1) ||
-+-                         (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK ) ||
-++                         (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK ) ||
-+                          ((dst_host->link[link_idx].dynamic == KNET_LINK_DYNIP) &&
-+                           (dst_host->link[link_idx].status.dynconnected != 1)))
-+                              continue;
-+@@ -166,7 +166,7 @@ static void _adjust_pong_timeouts(knet_handle_t knet_h)
-+      for (dst_host = knet_h->host_head; dst_host != NULL; dst_host = dst_host->next) {
-+              for (link_idx = 0; link_idx < KNET_MAX_LINK; link_idx++) {
-+                      if ((dst_host->link[link_idx].status.enabled != 1) ||
-+-                         (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK ) ||
-++                         (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK ) ||
-+                          ((dst_host->link[link_idx].dynamic == KNET_LINK_DYNIP) &&
-+                           (dst_host->link[link_idx].status.dynconnected != 1)))
-+                              continue;
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 63504d6..1a84540 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -196,7 +196,7 @@ retry:
-+ 
-+      kernel_mtu = 0;
-+ 
-+-     err = transport_tx_sock_error(knet_h, dst_link->transport_type, dst_link->outsock, len, savederrno);
-++     err = transport_tx_sock_error(knet_h, dst_link->transport, dst_link->outsock, len, savederrno);
-+      switch(err) {
-+              case -1: /* unrecoverable error */
-+                      log_debug(knet_h, KNET_SUB_PMTUD, "Unable to send pmtu packet (sendto): %d %s", savederrno, strerror(savederrno));
-+@@ -523,7 +523,7 @@ void *_handle_pmtud_link_thread(void *data)
-+ 
-+                              if ((dst_link->status.enabled != 1) ||
-+                                  (dst_link->status.connected != 1) ||
-+-                                 (dst_host->link[link_idx].transport_type == KNET_TRANSPORT_LOOPBACK) ||
-++                                 (dst_host->link[link_idx].transport == KNET_TRANSPORT_LOOPBACK) ||
-+                                  (!dst_link->last_ping_size) ||
-+                                  ((dst_link->dynamic == KNET_LINK_DYNIP) &&
-+                                   (dst_link->status.dynconnected != 1)))
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index 5fa51c4..4670829 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -586,7 +586,7 @@ retry_pong:
-+              }
-+              savederrno = errno;
-+              if (len != outlen) {
-+-                     err = transport_tx_sock_error(knet_h, src_link->transport_type, src_link->outsock, len, savederrno);
-++                     err = transport_tx_sock_error(knet_h, src_link->transport, src_link->outsock, len, savederrno);
-+                      switch(err) {
-+                              case -1: /* unrecoverable error */
-+                                      log_debug(knet_h, KNET_SUB_RX,
-+@@ -682,7 +682,7 @@ retry_pmtud:
-+              }
-+              savederrno = errno;
-+              if (len != outlen) {
-+-                     err = transport_tx_sock_error(knet_h, src_link->transport_type, src_link->outsock, len, savederrno);
-++                     err = transport_tx_sock_error(knet_h, src_link->transport, src_link->outsock, len, savederrno);
-+                      switch(err) {
-+                              case -1: /* unrecoverable error */
-+                                      log_debug(knet_h, KNET_SUB_RX,
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index fa911dc..b904e12 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -48,7 +48,7 @@ static int _dispatch_to_links(knet_handle_t knet_h, struct knet_host *dst_host,
-+ 
-+              cur_link = &dst_host->link[dst_host->active_links[link_idx]];
-+ 
-+-             if (cur_link->transport_type == KNET_TRANSPORT_LOOPBACK) {
-++             if (cur_link->transport == KNET_TRANSPORT_LOOPBACK) {
-+                      continue;
-+              }
-+ 
-+@@ -72,7 +72,7 @@ retry:
-+                                    &cur[0], msgs_to_send - prev_sent, MSG_DONTWAIT | MSG_NOSIGNAL);
-+              savederrno = errno;
-+ 
-+-             err = transport_tx_sock_error(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport_type, dst_host->link[dst_host->active_links[link_idx]].outsock, sent_msgs, savederrno);
-++             err = transport_tx_sock_error(knet_h, dst_host->link[dst_host->active_links[link_idx]].transport, dst_host->link[dst_host->active_links[link_idx]].outsock, sent_msgs, savederrno);
-+              switch(err) {
-+                      case -1: /* unrecoverable error */
-+                              cur_link->status.stats.tx_data_errors++;
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index ffebe00..69ea091 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -88,19 +88,19 @@ int transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_link, u
-+              return -1;
-+      }
-+      kn_link->transport_connected = 0;
-+-     kn_link->transport_type = transport;
-++     kn_link->transport = transport;
-+      kn_link->proto_overhead = transport_modules_cmd[transport].transport_mtu_overhead;
-+      return transport_modules_cmd[transport].transport_link_set_config(knet_h, kn_link);
-+ }
-+ 
-+ int transport_link_clear_config(knet_handle_t knet_h, struct knet_link *kn_link)
-+ {
-+-     return transport_modules_cmd[kn_link->transport_type].transport_link_clear_config(knet_h, kn_link);
-++     return transport_modules_cmd[kn_link->transport].transport_link_clear_config(knet_h, kn_link);
-+ }
-+ 
-+ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link)
-+ {
-+-     return transport_modules_cmd[kn_link->transport_type].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-++     return transport_modules_cmd[kn_link->transport].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-+ }
-+ 
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno)
-diff --git a/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch b/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
-new file mode 100644
-index 0000000..d4e4494
---- /dev/null
-+++ b/debian/patches/logging-fix-log-target-of-recently-added-API-calls.patch
-@@ -0,0 +1,52 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sat, 9 Mar 2019 07:03:25 +0100
-+Subject: [logging] fix log target of recently added API calls
-+
-+spotted during sctp testing
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit df6f761997d26afc62651f9ff831e0f7327ee41b)
-+---
-+ libknet/links.c | 8 ++++----
-+ 1 file changed, 4 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/links.c b/libknet/links.c
-+index 038a8a4..8011a6d 100644
-+--- a/libknet/links.c
-++++ b/libknet/links.c
-+@@ -1199,7 +1199,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+ 
-+      savederrno = get_global_wrlock(knet_h);
-+      if (savederrno) {
-+-             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+                      strerror(savederrno));
-+              errno = savederrno;
-+              return -1;
-+@@ -1294,7 +1294,7 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+ 
-+      savederrno = get_global_wrlock(knet_h);
-+      if (savederrno) {
-+-             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+                      strerror(savederrno));
-+              errno = savederrno;
-+              return -1;
-+@@ -1388,7 +1388,7 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+ 
-+      savederrno = get_global_wrlock(knet_h);
-+      if (savederrno) {
-+-             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+                      strerror(savederrno));
-+              errno = savederrno;
-+              return -1;
-+@@ -1450,7 +1450,7 @@ int knet_link_clear_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t li
-+ 
-+      savederrno = get_global_wrlock(knet_h);
-+      if (savederrno) {
-+-             log_err(knet_h, KNET_SUB_HOST, "Unable to get write lock: %s",
-++             log_err(knet_h, KNET_SUB_LINK, "Unable to get write lock: %s",
-+                      strerror(savederrno));
-+              errno = savederrno;
-+              return -1;
-diff --git a/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-new file mode 100644
-index 0000000..445238d
---- /dev/null
-+++ b/debian/patches/man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-@@ -0,0 +1,50 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 30 Apr 2019 05:42:48 +0200
-+Subject: [man] fix libknet.h for errors detected by newly added test
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 790b1cb387df9ada2b607c0317a85bab8ec7245b)
-+---
-+ libknet/libknet.h | 8 ++++----
-+ 1 file changed, 4 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 3098eab..183c92d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1553,7 +1553,7 @@ typedef enum {
-+  *            packets from 10.0.0.1 will be accepted by rule number 1.
-+  *
-+  * @return
-+- * knet_link_add_acl
-++ * knet_link_add_acl returns
-+  * 0 on success.
-+  * -1 on error and errno is set.
-+  */
-+@@ -1580,7 +1580,7 @@ int knet_link_add_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link
-+  * ss1 / ss2 / type / acceptreject - see typedef definitions for details
-+  *
-+  * @return
-+- * knet_link_insert_acl
-++ * knet_link_insert_acl returns
-+  * 0 on success.
-+  * -1 on error and errno is set.
-+  */
-+@@ -1608,7 +1608,7 @@ int knet_link_insert_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
-+  *            to knet_link_add_acl(3).
-+  *
-+  * @return
-+- * knet_link_rm_acl
-++ * knet_link_rm_acl returns
-+  * 0 on success.
-+  * -1 on error and errno is set.
-+  */
-+@@ -1630,7 +1630,7 @@ int knet_link_rm_acl(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_
-+  * link_id   - see knet_link_set_config(3)
-+  *
-+  * @return
-+- * knet_link_clear_acl
-++ * knet_link_clear_acl returns
-+  * 0 on success.
-+  * -1 on error and errno is set.
-+  */
-diff --git a/debian/patches/manpages-Document-enums-206.patch b/debian/patches/manpages-Document-enums-206.patch
-new file mode 100644
-index 0000000..5b6c01e
---- /dev/null
-+++ b/debian/patches/manpages-Document-enums-206.patch
-@@ -0,0 +1,39 @@
-+From: Chrissie Caulfield <ccaulfie@redhat.com>
-+Date: Tue, 12 Mar 2019 13:55:25 +0000
-+Subject: manpages: Document enums (#206)
-+
-+And also fix a bug in structure printing that caused it to print the wrong name for a struct.
-+
-+(cherry picked from commit 541d7faf9068d10e12b4278c35825ce1353db081)
-+---
-+ libknet/libknet.h | 10 ++++++++--
-+ 1 file changed, 8 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/libknet.h b/libknet/libknet.h
-+index 50ed70d..d16eb5d 100644
-+--- a/libknet/libknet.h
-++++ b/libknet/libknet.h
-+@@ -1483,7 +1483,10 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
-+  * see also knet_handle_enable_access_lists(3)
-+  */
-+ 
-+-/*
-++/**
-++ * check_type_t
-++ * @brief address type enum for knet access lists
-++ *
-+  * CHECK_TYPE_ADDRESS is the equivalent of a single entry / IP address.
-+  *                    for example: 10.1.9.3
-+  *                    and the entry is stored in ss1. ss2 can be NULL.
-+@@ -1508,7 +1511,10 @@ typedef enum {
-+      CHECK_TYPE_RANGE
-+ } check_type_t;
-+ 
-+-/*
-++/**
-++ * check_acceptreject_t
-++ * @brief enum for accept/reject in knet access lists
-++ *
-+  * accept or reject incoming packets defined in the access list entry
-+  */
-+ 
-diff --git a/debian/patches/misc-Fix-more-covscan-warnings.patch b/debian/patches/misc-Fix-more-covscan-warnings.patch
-new file mode 100644
-index 0000000..1ae8829
---- /dev/null
-+++ b/debian/patches/misc-Fix-more-covscan-warnings.patch
-@@ -0,0 +1,191 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Fri, 24 May 2019 10:09:47 +0100
-+Subject: misc: Fix more covscan warnings
-+
-+The only serious bug here is in transport_udp.c
-+(see bottom of patch), the rest are mostly detail.
-+
-+covscan still reports a lot of errors against doxyxml, most of
-+which are because it doesn't understand the libqb hashtables.
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit ded574d1dd0c53c70a34fbd1eaa0239b3cde59b9)
-+---
-+ libknet/common.c           | 2 +-
-+ libknet/compress.c         | 6 +++---
-+ libknet/crypto.c           | 1 -
-+ libknet/crypto_nss.c       | 2 +-
-+ libknet/handle.c           | 1 -
-+ libknet/threads_pmtud.c    | 1 -
-+ libknet/threads_rx.c       | 1 -
-+ libknet/threads_tx.c       | 1 -
-+ libknet/transport_common.c | 4 ++--
-+ libknet/transport_sctp.c   | 2 +-
-+ libknet/transport_udp.c    | 3 ++-
-+ 11 files changed, 10 insertions(+), 14 deletions(-)
-+
-+diff --git a/libknet/common.c b/libknet/common.c
-+index c908e23..be46f23 100644
-+--- a/libknet/common.c
-++++ b/libknet/common.c
-+@@ -101,7 +101,7 @@ static void *open_lib(knet_handle_t knet_h, const char *libname, int extra_flags
-+              }
-+ 
-+              if (S_ISLNK(sb.st_mode)) {
-+-                     if (readlink(path, link, sizeof(link)) < 0) {
-++                     if (readlink(path, link, sizeof(link)-1) < 0) {
-+                              log_debug(knet_h, KNET_SUB_COMMON, "Unable to readlink %s: %s", path, strerror(errno));
-+                              goto out;
-+                      }
-+diff --git a/libknet/compress.c b/libknet/compress.c
-+index 7eab454..864828f 100644
-+--- a/libknet/compress.c
-++++ b/libknet/compress.c
-+@@ -359,11 +359,11 @@ void compress_fini(
-+      }
-+ 
-+      while (compress_modules_cmds[idx].model_name != NULL) {
-+-             if ((compress_modules_cmds[idx].built_in == 1) &&
-++             if ((idx < KNET_MAX_COMPRESS_METHODS) && /* check idx first so we don't read bad data */
-++                 (compress_modules_cmds[idx].built_in == 1) &&
-+                  (compress_modules_cmds[idx].loaded == 1) &&
-+                  (compress_modules_cmds[idx].model_id > 0) &&
-+-                 (knet_h->compress_int_data[idx] != NULL) &&
-+-                 (idx < KNET_MAX_COMPRESS_METHODS)) {
-++                 (knet_h->compress_int_data[idx] != NULL)) {
-+                      if ((all) || (compress_modules_cmds[idx].model_id == knet_h->compress_model)) {
-+                              if (compress_modules_cmds[idx].ops->fini != NULL) {
-+                                      compress_modules_cmds[idx].ops->fini(knet_h, idx);
-+diff --git a/libknet/crypto.c b/libknet/crypto.c
-+index 419f9cc..41d67c9 100644
-+--- a/libknet/crypto.c
-++++ b/libknet/crypto.c
-+@@ -129,7 +129,6 @@ int crypto_init(
-+ 
-+      if (!knet_h->crypto_instance) {
-+              log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance");
-+-             pthread_rwlock_unlock(&shlib_rwlock);
-+              savederrno = ENOMEM;
-+              goto out_err;
-+      }
-+diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
-+index a17ff62..640b560 100644
-+--- a/libknet/crypto_nss.c
-++++ b/libknet/crypto_nss.c
-+@@ -761,7 +761,7 @@ static int nsscrypto_init(
-+      knet_h->crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
-+      if (!knet_h->crypto_instance->model_instance) {
-+              log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to allocate memory for nss model instance");
-+-             savederrno = ENOMEM;
-++             errno = ENOMEM;
-+              return -1;
-+      }
-+ 
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 268d610..fd26bea 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -1649,4 +1649,3 @@ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+      return 0;
-+ }
-+-
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index c5a2b27..b4ee632 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -44,7 +44,6 @@ static int _handle_check_link_pmtud(knet_handle_t knet_h, struct knet_host *dst_
-+ 
-+      mutex_retry_limit = 0;
-+      failsafe = 0;
-+-     pad_len = 0;
-+ 
-+      dst_link->last_bad_mtu = 0;
-+ 
-+diff --git a/libknet/threads_rx.c b/libknet/threads_rx.c
-+index ae39b38..626cbc4 100644
-+--- a/libknet/threads_rx.c
-++++ b/libknet/threads_rx.c
-+@@ -499,7 +499,6 @@ static void _parse_recv_from_links(knet_handle_t knet_h, int sockfd, const struc
-+              } else { /* HOSTINFO */
-+                      knet_hostinfo = (struct knet_hostinfo *)inbuf->khp_data_userdata;
-+                      if (knet_hostinfo->khi_bcast == KNET_HOSTINFO_UCAST) {
-+-                             bcast = 0;
-+                              knet_hostinfo->khi_dst_node_id = ntohs(knet_hostinfo->khi_dst_node_id);
-+                      }
-+                      if (!_seq_num_lookup(src_host, inbuf->khp_data_seq_num, 0, 0)) {
-+diff --git a/libknet/threads_tx.c b/libknet/threads_tx.c
-+index e987eb1..8096906 100644
-+--- a/libknet/threads_tx.c
-++++ b/libknet/threads_tx.c
-+@@ -42,7 +42,6 @@ static int _dispatch_to_links(knet_handle_t knet_h, struct knet_host *dst_host,
-+      struct knet_link *cur_link;
-+ 
-+      for (link_idx = 0; link_idx < dst_host->active_link_entries; link_idx++) {
-+-             sent_msgs = 0;
-+              prev_sent = 0;
-+              progress = 1;
-+ 
-+diff --git a/libknet/transport_common.c b/libknet/transport_common.c
-+index 3c3c439..fe40ad8 100644
-+--- a/libknet/transport_common.c
-++++ b/libknet/transport_common.c
-+@@ -405,7 +405,7 @@ int _is_valid_fd(knet_handle_t knet_h, int sockfd)
-+              return -1;
-+      }
-+ 
-+-     if (sockfd > KNET_MAX_FDS) {
-++     if (sockfd >= KNET_MAX_FDS) {
-+              errno = EINVAL;
-+              return -1;
-+      }
-+@@ -430,7 +430,7 @@ int _set_fd_tracker(knet_handle_t knet_h, int sockfd, uint8_t transport, uint8_t
-+              return -1;
-+      }
-+ 
-+-     if (sockfd > KNET_MAX_FDS) {
-++     if (sockfd >= KNET_MAX_FDS) {
-+              errno = EINVAL;
-+              return -1;
-+      }
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index bdfc98d..2c1cdcc 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -733,7 +733,6 @@ static void _handle_incoming_sctp(knet_handle_t knet_h, int listen_sock)
-+      if (knet_h->use_access_lists) {
-+              if (!check_validate(knet_h, listen_sock, KNET_TRANSPORT_SCTP, &ss)) {
-+                      savederrno = EINVAL;
-+-                     err = -1;
-+                      log_debug(knet_h, KNET_SUB_TRANSP_SCTP, "Connection rejected from %s/%s", addr_str, port_str);
-+                      close(new_fd);
-+                      errno = savederrno;
-+@@ -871,6 +870,7 @@ static void _handle_listen_sctp_errors(knet_handle_t knet_h)
-+                      info->accepted_socks[i] = -1;
-+                      free(accept_info);
-+                      close(sockfd);
-++                     break; /* Keeps covscan happy */
-+              }
-+      }
-+ }
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index e243a91..3fd69ee 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -71,6 +71,7 @@ int udp_transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_lin
-+              err = -1;
-+              goto exit_error;
-+      }
-++     memset(info, 0, sizeof(udp_link_info_t));
-+ 
-+      sock = socket(kn_link->src_addr.ss_family, SOCK_DGRAM, 0);
-+      if (sock < 0) {
-+@@ -363,7 +364,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
-+                                              case SO_EE_ORIGIN_ICMP:  /* ICMP */
-+                                              case SO_EE_ORIGIN_ICMP6: /* ICMP6 */
-+                                                      origin = (struct sockaddr_storage *)(void *)SO_EE_OFFENDER(sock_err);
-+-                                                     if (knet_addrtostr(origin, sizeof(origin),
-++                                                     if (knet_addrtostr(origin, sizeof(*origin),
-+                                                                         addr_str, KNET_MAX_HOST_LEN,
-+                                                                         port_str, KNET_MAX_PORT_LEN) < 0) {
-+                                                              log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from unknown source: %s", strerror(sock_err->ee_errno));
-diff --git a/debian/patches/misc-some-coverity-fixes.patch b/debian/patches/misc-some-coverity-fixes.patch
-new file mode 100644
-index 0000000..154728f
---- /dev/null
-+++ b/debian/patches/misc-some-coverity-fixes.patch
-@@ -0,0 +1,224 @@
-+From: Christine Caulfield <ccaulfie@redhat.com>
-+Date: Fri, 17 May 2019 08:44:08 +0100
-+Subject: misc: some coverity fixes
-+
-+In rough order of seriousness:
-+
-+1. Fix clock_gettime() in pmtud so that it's always called, as
-+   variable 'clock_now' is always read.
-+2. Allow space for trailing NUL in libnozzle device names
-+3. Fix api_nozzle_run_updown_test so it can run out of the build tree
-+4. Disallow a 0 length prefix in libnozzle
-+5. Fix potential use of NULL pointer on doxyxml
-+6. Free 'name' in doxyxml as it's *not* in the map any more
-+7. Fix dead code in libknet API functions left by code changes
-+
-+(cherry picked from commit eff3f735f19d3ea4c4689a0fa52ff8e29f75808c)
-+---
-+ libknet/handle.c                        | 13 ++++---------
-+ libknet/host.c                          |  5 ++---
-+ libknet/threads_pmtud.c                 | 10 +++++-----
-+ libnozzle/internals.c                   |  2 +-
-+ libnozzle/libnozzle.c                   |  3 ++-
-+ libnozzle/tests/api_nozzle_run_updown.c |  9 +++++++--
-+ man/doxyxml.c                           | 20 ++++++++++----------
-+ 7 files changed, 31 insertions(+), 31 deletions(-)
-+
-+diff --git a/libknet/handle.c b/libknet/handle.c
-+index 0a2f75a..268d610 100644
-+--- a/libknet/handle.c
-++++ b/libknet/handle.c
-+@@ -785,7 +785,7 @@ int knet_handle_enable_sock_notify(knet_handle_t knet_h,
-+                                              int error,
-+                                              int errorno))
-+ {
-+-     int savederrno = 0, err = 0;
-++     int savederrno = 0;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -811,8 +811,7 @@ int knet_handle_enable_sock_notify(knet_handle_t knet_h,
-+ 
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+ 
-+-     errno = err ? savederrno : 0;
-+-     return err;
-++     return 0;
-+ }
-+ 
-+ int knet_handle_add_datafd(knet_handle_t knet_h, int *datafd, int8_t *channel)
-+@@ -1576,7 +1575,6 @@ out_unlock:
-+ int knet_handle_get_stats(knet_handle_t knet_h, struct knet_handle_stats *stats, size_t struct_size)
-+ {
-+      int savederrno = 0;
-+-     int err = 0;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -1616,14 +1614,12 @@ int knet_handle_get_stats(knet_handle_t knet_h, struct knet_handle_stats *stats,
-+      stats->size = sizeof(struct knet_handle_stats);
-+ 
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+-     errno = err ? savederrno : 0;
-+-     return err;
-++     return 0;
-+ }
-+ 
-+ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+ {
-+      int savederrno = 0;
-+-     int err = 0;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -1651,7 +1647,6 @@ int knet_handle_clear_stats(knet_handle_t knet_h, int clear_option)
-+      }
-+ 
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+-     errno = err ? savederrno : 0;
-+-     return err;
-++     return 0;
-+ }
-+ 
-+diff --git a/libknet/host.c b/libknet/host.c
-+index 480db73..66826c1 100644
-+--- a/libknet/host.c
-++++ b/libknet/host.c
-+@@ -331,7 +331,7 @@ int knet_host_get_id_by_host_name(knet_handle_t knet_h, const char *name,
-+ int knet_host_get_host_list(knet_handle_t knet_h,
-+                          knet_node_id_t *host_ids, size_t *host_ids_entries)
-+ {
-+-     int savederrno = 0, err = 0;
-++     int savederrno = 0;
-+ 
-+      if (!knet_h) {
-+              errno = EINVAL;
-+@@ -355,8 +355,7 @@ int knet_host_get_host_list(knet_handle_t knet_h,
-+      *host_ids_entries = knet_h->host_ids_entries;
-+ 
-+      pthread_rwlock_unlock(&knet_h->global_rwlock);
-+-     errno = err ? savederrno : 0;
-+-     return err;
-++     return 0;
-+ }
-+ 
-+ int knet_host_set_policy(knet_handle_t knet_h, knet_node_id_t host_id,
-+diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
-+index 0050557..c5a2b27 100644
-+--- a/libknet/threads_pmtud.c
-++++ b/libknet/threads_pmtud.c
-+@@ -380,14 +380,14 @@ static int _handle_check_pmtud(knet_handle_t knet_h, struct knet_host *dst_host,
-+      struct timespec clock_now;
-+      unsigned long long diff_pmtud, interval;
-+ 
-++     if (clock_gettime(CLOCK_MONOTONIC, &clock_now) != 0) {
-++             log_debug(knet_h, KNET_SUB_PMTUD, "Unable to get monotonic clock");
-++             return 0;
-++     }
-++
-+      if (!force_run) {
-+              interval = knet_h->pmtud_interval * 1000000000llu; /* nanoseconds */
-+ 
-+-             if (clock_gettime(CLOCK_MONOTONIC, &clock_now) != 0) {
-+-                     log_debug(knet_h, KNET_SUB_PMTUD, "Unable to get monotonic clock");
-+-                     return 0;
-+-             }
-+-
-+              timespec_diff(dst_link->pmtud_last, clock_now, &diff_pmtud);
-+ 
-+              if (diff_pmtud < interval) {
-+diff --git a/libnozzle/internals.c b/libnozzle/internals.c
-+index 6e68346..f056e3b 100644
-+--- a/libnozzle/internals.c
-++++ b/libnozzle/internals.c
-+@@ -144,7 +144,7 @@ char *generate_v4_broadcast(const char *ipaddr, const char *prefix)
-+ 
-+      prefix_len = atoi(prefix);
-+ 
-+-     if ((prefix_len > 32) || (prefix_len < 0))
-++     if ((prefix_len > 32) || (prefix_len <= 0))
-+              return NULL;
-+ 
-+      if (inet_pton(AF_INET, ipaddr, &address) <= 0)
-+diff --git a/libnozzle/libnozzle.c b/libnozzle/libnozzle.c
-+index 4e5a2d4..b6e9566 100644
-+--- a/libnozzle/libnozzle.c
-++++ b/libnozzle/libnozzle.c
-+@@ -405,7 +405,8 @@ nozzle_t nozzle_open(char *devname, size_t devname_size, const char *updownpath)
-+              return NULL;
-+      }
-+ 
-+-     if (strlen(devname) > IFNAMSIZ) {
-++     /* Need to allow space for trailing NUL */
-++     if (strlen(devname) >= IFNAMSIZ) {
-+              errno = E2BIG;
-+              return NULL;
-+      }
-+diff --git a/libnozzle/tests/api_nozzle_run_updown.c b/libnozzle/tests/api_nozzle_run_updown.c
-+index a078ad7..c80216a 100644
-+--- a/libnozzle/tests/api_nozzle_run_updown.c
-++++ b/libnozzle/tests/api_nozzle_run_updown.c
-+@@ -29,16 +29,21 @@ static int test(void)
-+      nozzle_t nozzle = NULL;
-+      char *error_string = NULL;
-+      char *tmpdir = NULL;
-+-     char tmpdirsrc[PATH_MAX];
-++     char tmpdirsrc[PATH_MAX*2];
-+      char tmpstr[PATH_MAX*2];
-+      char srcfile[PATH_MAX];
-+      char dstfile[PATH_MAX];
-++     char current_dir[PATH_MAX];
-+ 
-+      /*
-+       * create a tmp dir for storing up/down scripts.
-+       * we cannot create symlinks src dir
-+       */
-+-     strcpy(tmpdirsrc, ABSBUILDDIR "/nozzle_test_XXXXXX");
-++     if (getcwd(current_dir, sizeof(current_dir)) == NULL) {
-++             printf("Unable to get current working directory: %s\n", strerror(errno));
-++             return -1;
-++     }
-++     snprintf(tmpdirsrc, sizeof(tmpdirsrc)-1, "%s/nozzle_test_XXXXXX", current_dir);
-+ 
-+      tmpdir = mkdtemp(tmpdirsrc);
-+      if (!tmpdir) {
-+diff --git a/man/doxyxml.c b/man/doxyxml.c
-+index b623711..7d9a60c 100644
-+--- a/man/doxyxml.c
-++++ b/man/doxyxml.c
-+@@ -695,17 +695,17 @@ static void collect_enums(xmlNode *cur_node, void *arg)
-+                              }
-+                      }
-+ 
-+-                     si = malloc(sizeof(struct struct_info));
-+-                     if (si) {
-+-                             si->kind = STRUCTINFO_ENUM;
-+-                             qb_list_init(&si->params_list);
-+-                             si->structname = strdup(name);
-+-                             traverse_node(cur_node, "enumvalue", read_struct, si);
-+-                             qb_map_put(structures_map, refid, si);
-++                     if (name) {
-++                             si = malloc(sizeof(struct struct_info));
-++                             if (si) {
-++                                     si->kind = STRUCTINFO_ENUM;
-++                                     qb_list_init(&si->params_list);
-++                                     si->structname = strdup(name);
-++                                     traverse_node(cur_node, "enumvalue", read_struct, si);
-++                                     qb_map_put(structures_map, refid, si);
-++                             }
-+                      }
-+-
-+              }
-+-
-+      }
-+ }
-+ 
-+@@ -786,7 +786,7 @@ static void traverse_members(xmlNode *cur_node, void *arg)
-+              free(kind);
-+              free(def);
-+              free(args);
-+-//           free(name); /* don't free, it's in the map */
-++             free(name);
-+      }
-+ }
-+ 
-diff --git a/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch b/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
-new file mode 100644
-index 0000000..7650221
---- /dev/null
-+++ b/debian/patches/spec-be-more-strict-about-plugins-version-and-architectur.patch
-@@ -0,0 +1,167 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 25 Feb 2018 09:08:10 +0100
-+Subject: [spec] be more strict about plugins version and architecture
-+ depedencies
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 851525b90235db236cc4bf88a66ed5f7c54ed9f6)
-+---
-+ kronosnet.spec.in | 42 +++++++++++++++++++++---------------------
-+ 1 file changed, 21 insertions(+), 21 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 3b597d0..de31656 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -363,7 +363,7 @@ Summary: Simple userland wrapper around kernel tap devices
-+ %package -n libnozzle1-devel
-+ Group: Development/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-+-Requires: libnozzle1 = %{version}-%{release}
-++Requires: libnozzle1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+ 
-+ %description -n libnozzle1-devel
-+@@ -402,7 +402,7 @@ Summary: Kronosnet core switching implementation
-+ %package -n libknet1-devel
-+ Group: Development/Libraries
-+ Summary: Kronosnet core switching implementation (developer files)
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+ 
-+ %description -n libknet1-devel
-+@@ -424,7 +424,7 @@ Requires: pkgconfig
-+ %package -n libknet1-crypto-nss-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 nss support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-crypto-nss-plugin
-+  NSS crypto support for libknet1.
-+@@ -438,7 +438,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 openssl support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-crypto-openssl-plugin
-+  OpenSSL crypto support for libknet1.
-+@@ -452,7 +452,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-zlib-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zlib support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-zlib-plugin
-+  zlib compression support for libknet1.
-+@@ -465,7 +465,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lz4-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lz4 and lz4hc support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lz4-plugin
-+  lz4 and lz4hc compression support for libknet1.
-+@@ -480,7 +480,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lzo2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzo2 support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lzo2-plugin
-+  lzo2 compression support for libknet1.
-+@@ -494,7 +494,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-lzma-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzma support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lzma-plugin
-+  lzma compression support for libknet1.
-+@@ -508,7 +508,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-bzip2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 bzip2 support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-bzip2-plugin
-+  bzip2 compression support for libknet1.
-+@@ -522,7 +522,7 @@ Requires: libknet1 = %{version}-%{release}
-+ %package -n libknet1-compress-zstd-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zstd support
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-zstd-plugin
-+  zstd compression support for libknet1.
-+@@ -536,10 +536,10 @@ Requires: libknet1 = %{version}-%{release}
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+ %if %{defined buildcryptonss}
-+-Requires: libknet1-crypto-nss-plugin
-++Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcryptoopenssl}
-+-Requires: libknet1-crypto-openssl-plugin
-++Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+ %description -n libknet1-crypto-plugins-all
-+@@ -551,22 +551,22 @@ Requires: libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 compress plugins meta package
-+ %if %{defined buildcompresszlib}
-+-Requires: libknet1-compress-zlib-plugin
-++Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslz4}
-+-Requires: libknet1-compress-lz4-plugin
-++Requires: libknet1-compress-lz4-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslzo2}
-+-Requires: libknet1-compress-lzo2-plugin
-++Requires: libknet1-compress-lzo2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresslzma}
-+-Requires: libknet1-compress-lzma-plugin
-++Requires: libknet1-compress-lzma-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompressbzip2}
-+-Requires: libknet1-compress-bzip2-plugin
-++Requires: libknet1-compress-bzip2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ %if %{defined buildcompresszstd}
-+-Requires: libknet1-compress-zstd-plugin
-++Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+ %description -n libknet1-compress-plugins-all
-+@@ -577,8 +577,8 @@ Requires: libknet1-compress-zstd-plugin
-+ %package -n libknet1-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 plugins meta package
-+-Requires: libknet1-compress-plugins-all
-+-Requires: libknet1-crypto-plugins-all
-++Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-++Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-plugins-all
-+  meta package to install all of libknet1 plugins
-+@@ -589,7 +589,7 @@ Requires: libknet1-crypto-plugins-all
-+ %package -n kronosnet-tests
-+ Group: System Environment/Libraries
-+ Summary: kronosnet test suite
-+-Requires: libknet1 = %{version}-%{release}
-++Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n kronosnet-tests
-+  this package contains all the libknet and libnozzle test suite
-diff --git a/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch b/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
-new file mode 100644
-index 0000000..3e7dfa5
---- /dev/null
-+++ b/debian/patches/spec-clean-up-useless-conditionals-and-defines.patch
-@@ -0,0 +1,376 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 12 May 2019 07:22:41 +0200
-+Subject: [spec] clean up useless conditionals and defines
-+
-+fix a couple of minor conditionals in the process
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit dd66ce8b6389772de79e576d6eea542633594cf1)
-+---
-+ kronosnet.spec.in | 144 ++++++++++++++++++++----------------------------------
-+ 1 file changed, 52 insertions(+), 92 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index de31656..b5632ae 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -37,50 +37,6 @@
-+ %undefine _enable_debug_packages
-+ %endif
-+ 
-+-%if %{with sctp}
-+-%global buildsctp 1
-+-%endif
-+-%if %{with nss}
-+-%global buildcryptonss 1
-+-%endif
-+-%if %{with openssl}
-+-%global buildcryptoopenssl 1
-+-%endif
-+-%if %{with zlib}
-+-%global buildcompresszlib 1
-+-%endif
-+-%if %{with lz4}
-+-%global buildcompresslz4 1
-+-%endif
-+-%if %{with lzo2}
-+-%global buildcompresslzo2 1
-+-%endif
-+-%if %{with lzma}
-+-%global buildcompresslzma 1
-+-%endif
-+-%if %{with bzip2}
-+-%global buildcompressbzip2 1
-+-%endif
-+-%if %{with zstd}
-+-%global buildcompresszstd 1
-+-%endif
-+-%if %{with libnozzle}
-+-%global buildlibnozzle 1
-+-%endif
-+-%if %{with kronosnetd}
-+-%global buildlibnozzle 1
-+-%global buildkronosnetd 1
-+-%endif
-+-%if %{with runautogen}
-+-%global buildautogen 1
-+-%endif
-+-%if %{with buildman}
-+-%global buildmanpages 1
-+-%endif
-+-%if %{with installtests}
-+-%global installtestsuite 1
-+-%endif
-+-
-+ # main (empty) package
-+ # http://www.rpm.org/max-rpm/s1-rpm-subpack-spec-file-changes.html
-+ 
-+@@ -100,62 +56,60 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-+ # Build dependencies
-+ BuildRequires: gcc
-+ # required to build man pages
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+ BuildRequires: libqb-devel libxml2-devel doxygen
-+ %endif
-+-%if %{defined buildsctp}
-++%if %{with sctp}
-+ BuildRequires: lksctp-tools-devel
-+ %endif
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ %if 0%{?suse_version}
-+ BuildRequires: mozilla-nss-devel
-+ %else
-+ BuildRequires: nss-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ %if 0%{?suse_version}
-+ BuildRequires: libopenssl-devel
-+ %else
-+ BuildRequires: openssl-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ BuildRequires: zlib-devel
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ %if 0%{?suse_version}
-+ BuildRequires: liblz4-devel
-+ %else
-+ BuildRequires: lz4-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ BuildRequires: lzo-devel
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ BuildRequires: xz-devel
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ %if 0%{?suse_version}
-+ BuildRequires: libbz2-devel
-+ %else
-+ BuildRequires: bzip2-devel
-+ %endif
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ BuildRequires: libzstd-devel
-+ %endif
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+ BuildRequires: pam-devel
-+ %endif
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+ BuildRequires: libnl3-devel
-+ %endif
-+-%if %{defined buildautogen}
-+-BuildRequires: autoconf
-+-BuildRequires: automake
-+-BuildRequires: libtool
-++%if %{with runautogen}
-++BuildRequires: autoconf automake libtool
-+ %endif
-+ 
-+ %prep
-+@@ -167,66 +121,70 @@ BuildRequires: libtool
-+ %endif
-+ 
-+ %{configure} \
-+-%if %{defined installtestsuite}
-++%if %{with installtests}
-+      --enable-install-tests \
-+ %else
-+      --disable-install-tests \
-+ %endif
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+      --enable-man \
-+ %else
-+      --disable-man \
-+ %endif
-+-%if %{defined buildsctp}
-++%if %{with sctp}
-+      --enable-libknet-sctp \
-+ %else
-+      --disable-libknet-sctp \
-+ %endif
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+      --enable-crypto-nss \
-+ %else
-+      --disable-crypto-nss \
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+      --enable-crypto-openssl \
-+ %else
-+      --disable-crypto-openssl \
-+ %endif
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+      --enable-compress-zlib \
-+ %else
-+      --disable-compress-zlib \
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+      --enable-compress-lz4 \
-+ %else
-+      --disable-compress-lz4 \
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+      --enable-compress-lzo2 \
-+ %else
-+      --disable-compress-lzo2 \
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+      --enable-compress-lzma \
-+ %else
-+      --disable-compress-lzma \
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+      --enable-compress-bzip2 \
-+ %else
-+      --disable-compress-bzip2 \
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+      --enable-compress-zstd \
-+ %else
-+      --disable-compress-zstd \
-+ %endif
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+      --enable-kronosnetd \
-++%else
-++     --disable-kronosnetd \
-+ %endif
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+      --enable-libnozzle \
-++%else
-++     --disable-libnozzle \
-+ %endif
-+      --with-initdefaultdir=%{_sysconfdir}/sysconfig/ \
-+ %if %{defined _unitdir}
-+@@ -266,7 +224,7 @@ rm -rf %{buildroot}
-+ %description
-+ kronosnet source
-+ 
-+-%if %{defined buildkronosnetd}
-++%if %{with kronosnetd}
-+ ## Runtime and subpackages section
-+ %package -n kronosnetd
-+ Group: System Environment/Base
-+@@ -341,7 +299,7 @@ fi
-+ %{_mandir}/man8/*
-+ %endif
-+ 
-+-%if %{defined buildlibnozzle}
-++%if %{with libnozzle}
-+ %package -n libnozzle1
-+ Group: System Environment/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices
-+@@ -377,8 +335,10 @@ Requires: pkgconfig
-+ %{_libdir}/libnozzle.so
-+ %{_includedir}/libnozzle.h
-+ %{_libdir}/pkgconfig/libnozzle.pc
-++%if %{with buildman}
-+ %{_mandir}/man3/nozzle*.3.gz
-+ %endif
-++%endif
-+ 
-+ %package -n libknet1
-+ Group: System Environment/Libraries
-+@@ -416,11 +376,11 @@ Requires: pkgconfig
-+ %{_libdir}/libknet.so
-+ %{_includedir}/libknet.h
-+ %{_libdir}/pkgconfig/libknet.pc
-+-%if %{defined buildmanpages}
-++%if %{with buildman}
-+ %{_mandir}/man3/knet*.3.gz
-+ %endif
-+ 
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ %package -n libknet1-crypto-nss-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 nss support
-+@@ -434,7 +394,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/crypto_nss.so
-+ %endif
-+ 
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ %package -n libknet1-crypto-openssl-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 openssl support
-+@@ -448,7 +408,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/crypto_openssl.so
-+ %endif
-+ 
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ %package -n libknet1-compress-zlib-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zlib support
-+@@ -461,7 +421,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zlib.so
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ %package -n libknet1-compress-lz4-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lz4 and lz4hc support
-+@@ -476,7 +436,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lz4hc.so
-+ %endif
-+ 
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ %package -n libknet1-compress-lzo2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzo2 support
-+@@ -490,7 +450,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lzo2.so
-+ %endif
-+ 
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ %package -n libknet1-compress-lzma-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 lzma support
-+@@ -504,7 +464,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_lzma.so
-+ %endif
-+ 
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ %package -n libknet1-compress-bzip2-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 bzip2 support
-+@@ -518,7 +478,7 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+ 
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ %package -n libknet1-compress-zstd-plugin
-+ Group: System Environment/Libraries
-+ Summary: libknet1 zstd support
-+@@ -535,10 +495,10 @@ Requires: libknet1%{_isa} = %{version}-%{release}
-+ %package -n libknet1-crypto-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 crypto plugins meta package
-+-%if %{defined buildcryptonss}
-++%if %{with nss}
-+ Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcryptoopenssl}
-++%if %{with openssl}
-+ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+@@ -550,22 +510,22 @@ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %package -n libknet1-compress-plugins-all
-+ Group: System Environment/Libraries
-+ Summary: libknet1 compress plugins meta package
-+-%if %{defined buildcompresszlib}
-++%if %{with zlib}
-+ Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslz4}
-++%if %{with lz4}
-+ Requires: libknet1-compress-lz4-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslzo2}
-++%if %{with lzo2}
-+ Requires: libknet1-compress-lzo2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresslzma}
-++%if %{with lzma}
-+ Requires: libknet1-compress-lzma-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompressbzip2}
-++%if %{with bzip2}
-+ Requires: libknet1-compress-bzip2-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+-%if %{defined buildcompresszstd}
-++%if %{with zstd}
-+ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-diff --git a/debian/patches/spec-drop-support-for-init-scripts.patch b/debian/patches/spec-drop-support-for-init-scripts.patch
-new file mode 100644
-index 0000000..16d60d8
---- /dev/null
-+++ b/debian/patches/spec-drop-support-for-init-scripts.patch
-@@ -0,0 +1,108 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 14 May 2019 05:53:12 +0200
-+Subject: [spec] drop support for init scripts
-+
-+no rpm distros left that support old fashion init scripts
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 1fc28307dc2b537abd30eab8b6920f2b6893e786)
-+---
-+ kronosnet.spec.in | 46 ++--------------------------------------------
-+ 1 file changed, 2 insertions(+), 44 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index ddc3af0..8c60125 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -182,11 +182,7 @@ BuildRequires: autoconf automake libtool
-+      --disable-libnozzle \
-+ %endif
-+      --with-initdefaultdir=%{_sysconfdir}/sysconfig/ \
-+-%if %{defined _unitdir}
-+      --with-systemddir=%{_unitdir}
-+-%else
-+-     --with-initddir=%{_sysconfdir}/rc.d/init.d/
-+-%endif
-+ 
-+ make %{_smp_mflags}
-+ 
-+@@ -200,14 +196,8 @@ find %{buildroot} -name "*.a" -exec rm {} \;
-+ # remove libtools leftovers
-+ find %{buildroot} -name "*.la" -exec rm {} \;
-+ 
-+-# handle systemd vs init script
-+-%if %{defined _unitdir}
-+ # remove init scripts
-+ rm -rf %{buildroot}/etc/init.d
-+-%else
-+-# remove systemd specific bits
-+-find %{buildroot} -name "*.service" -exec rm {} \;
-+-%endif
-+ 
-+ # remove docs
-+ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+@@ -221,16 +211,10 @@ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+ %package -n kronosnetd
-+ Summary: Multipoint-to-Multipoint VPN daemon
-+ License: GPLv2+
-+-%if %{defined _unitdir}
-+-# Needed for systemd unit
-+ Requires(post):   systemd-sysv
-+ Requires(post):   systemd-units
-+ Requires(preun):  systemd-units
-+ Requires(postun): systemd-units
-+-%else
-+-Requires(post): chkconfig
-+-Requires(preun): chkconfig, initscripts
-+-%endif
-+ Requires(post):   shadow-utils
-+ Requires(preun):  shadow-utils
-+ Requires: pam, /etc/pam.d/passwd
-+@@ -246,33 +230,11 @@ Requires: pam, /etc/pam.d/passwd
-+  or service disruption.
-+ 
-+ %post -n kronosnetd
-+-%if %{defined _unitdir}
-+- %if 0%{?systemd_post:1}
-+-  %systemd_post kronosnetd.service
-+- %else
-+-  /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-+- %endif
-+-%else
-+-/sbin/chkconfig --add kronosnetd
-+-%endif
-++%systemd_post kronosnetd.service
-+ getent group @defaultadmgroup@ >/dev/null || groupadd --force --system @defaultadmgroup@
-+ 
-+ %preun -n kronosnetd
-+-%if %{defined _unitdir}
-+- %if 0%{?systemd_preun:1}
-+-  %systemd_preun kronosnetd.service
-+- %else
-+-if [ "$1" -eq 0 ]; then
-+-     /bin/systemctl --no-reload disable kronosnetd.service
-+-     /bin/systemctl stop kronosnetd.service >/dev/null 2>&1
-+-fi
-+-%endif
-+-%else
-+-if [ "$1" = 0 ]; then
-+-     /sbin/service kronosnetd stop >/dev/null 2>&1
-+-     /sbin/chkconfig --del kronosnetd
-+-fi
-+-%endif
-++%systemd_preun kronosnetd.service
-+ 
-+ %files -n kronosnetd
-+ %license COPYING.* COPYRIGHT
-+@@ -281,11 +243,7 @@ fi
-+ %config(noreplace) %{_sysconfdir}/sysconfig/kronosnetd
-+ %config(noreplace) %{_sysconfdir}/pam.d/kronosnetd
-+ %config(noreplace) %{_sysconfdir}/logrotate.d/kronosnetd
-+-%if %{defined _unitdir}
-+ %{_unitdir}/kronosnetd.service
-+-%else
-+-%config(noreplace) %{_sysconfdir}/rc.d/init.d/kronosnetd
-+-%endif
-+ %{_sbindir}/*
-+ %{_mandir}/man8/*
-+ %endif
-diff --git a/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch b/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
-new file mode 100644
-index 0000000..1066070
---- /dev/null
-+++ b/debian/patches/spec-fix-a-bunch-of-rpmlint-errors.patch
-@@ -0,0 +1,51 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 13 May 2019 06:55:36 +0200
-+Subject: [spec] fix a bunch of rpmlint errors
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 95198f0dc5b8a4eefe06b58fa1901740209b42a0)
-+---
-+ kronosnet.spec.in | 9 +++++----
-+ 1 file changed, 5 insertions(+), 4 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index a6c87a0..ddc3af0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -340,6 +340,7 @@ License: LGPLv2+
-+ %license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-++
-+ %ldconfig_scriptlets -n libknet1
-+ 
-+ %package -n libknet1-devel
-+@@ -505,24 +506,24 @@ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+ %description -n libknet1-compress-plugins-all
-+- Provides meta package to install all of libknet1 compress plugins
-++ Meta package to install all of libknet1 compress plugins
-+ 
-+ %files -n libknet1-compress-plugins-all
-+ 
-+ %package -n libknet1-plugins-all
-+-Summary: libknet1 plugins meta package
-++Summary: Provides libknet1 plugins meta package
-+ License: LGPLv2+
-+ Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-+ Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-plugins-all
-+- Provides meta package to install all of libknet1 plugins
-++ Meta package to install all of libknet1 plugins
-+ 
-+ %files -n libknet1-plugins-all
-+ 
-+ %if %{with installtests}
-+ %package -n kronosnet-tests
-+-Summary: kronosnet test suite
-++Summary: Provides kronosnet test suite
-+ License: GPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-diff --git a/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch b/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-new file mode 100644
-index 0000000..d8c82f8
---- /dev/null
-+++ b/debian/patches/spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-@@ -0,0 +1,30 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 12 May 2019 06:59:00 +0200
-+Subject: [spec] fix upstream URLs to point to https and official release repo
-+
-+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1708616
-+
-+also to be noted, the Source0: line is different from upstream and Fedora
-+because upstream can handle tarballs during development
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 5884f8dfc6cf4e648e033da855f8c77eafae84df)
-+---
-+ kronosnet.spec.in | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 442f3ae..e430ad2 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -90,8 +90,8 @@ Version: @version@
-+ Release: 1%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
-+ License: GPLv2+ and LGPLv2+
-+ Group: System Environment/Base
-+-URL: https://github.com/kronosnet/kronosnet/
-+-Source0: https://github.com/kronosnet/kronosnet/archive/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-++URL: https://kronosnet.org
-++Source0: https://kronosnet.org/releases/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-+ 
-+ ## Setup/build bits
-+ 
-diff --git a/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch b/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-new file mode 100644
-index 0000000..00a6b28
---- /dev/null
-+++ b/debian/patches/spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-@@ -0,0 +1,374 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 13 May 2019 06:02:06 +0200
-+Subject: [spec] reconciliate fedora spec file into upstream spec file (part 1)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit d880374fbff2ebe404f2bbae95c988aa21e60280)
-+---
-+ kronosnet.spec.in | 130 ++++++++++++++++++++++--------------------------------
-+ 1 file changed, 52 insertions(+), 78 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index b5632ae..a6c87a0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -45,14 +45,9 @@ Summary: Multipoint-to-Multipoint VPN daemon
-+ Version: @version@
-+ Release: 1%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
-+ License: GPLv2+ and LGPLv2+
-+-Group: System Environment/Base
-+ URL: https://kronosnet.org
-+ Source0: https://kronosnet.org/releases/%{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz
-+ 
-+-## Setup/build bits
-+-
-+-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-+-
-+ # Build dependencies
-+ BuildRequires: gcc
-+ # required to build man pages
-+@@ -117,7 +112,7 @@ BuildRequires: autoconf automake libtool
-+ 
-+ %build
-+ %if %{with runautogen}
-+-    ./autogen.sh
-++./autogen.sh
-+ %endif
-+ 
-+ %{configure} \
-+@@ -217,18 +212,15 @@ find %{buildroot} -name "*.service" -exec rm {} \;
-+ # remove docs
-+ rm -rf %{buildroot}/usr/share/doc/kronosnet
-+ 
-+-%clean
-+-rm -rf %{buildroot}
-+-
-+ # main empty package
-+ %description
-+-kronosnet source
-++ The kronosnet source
-+ 
-+ %if %{with kronosnetd}
-+ ## Runtime and subpackages section
-+ %package -n kronosnetd
-+-Group: System Environment/Base
-+ Summary: Multipoint-to-Multipoint VPN daemon
-++License: GPLv2+
-+ %if %{defined _unitdir}
-+ # Needed for systemd unit
-+ Requires(post):   systemd-sysv
-+@@ -239,8 +231,8 @@ Requires(postun): systemd-units
-+ Requires(post): chkconfig
-+ Requires(preun): chkconfig, initscripts
-+ %endif
-+-Requires(post): shadow-utils
-+-Requires(preun): shadow-utils
-++Requires(post):   shadow-utils
-++Requires(preun):  shadow-utils
-+ Requires: pam, /etc/pam.d/passwd
-+ 
-+ %description -n kronosnetd
-+@@ -263,7 +255,7 @@ Requires: pam, /etc/pam.d/passwd
-+ %else
-+ /sbin/chkconfig --add kronosnetd
-+ %endif
-+-/usr/sbin/groupadd --force --system @defaultadmgroup@
-++getent group @defaultadmgroup@ >/dev/null || groupadd --force --system @defaultadmgroup@
-+ 
-+ %preun -n kronosnetd
-+ %if %{defined _unitdir}
-+@@ -283,8 +275,7 @@ fi
-+ %endif
-+ 
-+ %files -n kronosnetd
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT 
-++%license COPYING.* COPYRIGHT
-+ %dir %{_sysconfdir}/kronosnet
-+ %dir %{_sysconfdir}/kronosnet/*
-+ %config(noreplace) %{_sysconfdir}/sysconfig/kronosnetd
-+@@ -301,8 +292,8 @@ fi
-+ 
-+ %if %{with libnozzle}
-+ %package -n libnozzle1
-+-Group: System Environment/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices
-++License: LGPLv2+
-+ 
-+ %description -n libnozzle1
-+  This is an over-engineered commodity library to manage a pool
-+@@ -310,17 +301,14 @@ Summary: Simple userland wrapper around kernel tap devices
-+  pre-up.d/up.d/down.d/post-down.d infrastructure.
-+ 
-+ %files -n libnozzle1
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so.*
-+ 
-+-%post -n libnozzle1 -p /sbin/ldconfig
-+-
-+-%postun -n libnozzle1 -p /sbin/ldconfig
-++%ldconfig_scriptlets -n libnozzle1
-+ 
-+ %package -n libnozzle1-devel
-+-Group: Development/Libraries
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-++License: LGPLv2+
-+ Requires: libnozzle1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+ 
-+@@ -330,8 +318,7 @@ Requires: pkgconfig
-+  pre-up.d/up.d/down.d/post-down.d infrastructure.
-+ 
-+ %files -n libnozzle1-devel
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so
-+ %{_includedir}/libnozzle.h
-+ %{_libdir}/pkgconfig/libnozzle.pc
-+@@ -341,8 +328,8 @@ Requires: pkgconfig
-+ %endif
-+ 
-+ %package -n libknet1
-+-Group: System Environment/Libraries
-+ Summary: Kronosnet core switching implementation
-++License: LGPLv2+
-+ 
-+ %description -n libknet1
-+  The whole kronosnet core is implemented in this library.
-+@@ -350,18 +337,14 @@ Summary: Kronosnet core switching implementation
-+  information.
-+ 
-+ %files -n libknet1
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-+-
-+-%post -n libknet1 -p /sbin/ldconfig
-+-
-+-%postun -n libknet1 -p /sbin/ldconfig
-++%ldconfig_scriptlets -n libknet1
-+ 
-+ %package -n libknet1-devel
-+-Group: Development/Libraries
-+ Summary: Kronosnet core switching implementation (developer files)
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ Requires: pkgconfig
-+ 
-+@@ -371,8 +354,7 @@ Requires: pkgconfig
-+  information. 
-+ 
-+ %files -n libknet1-devel
-+-%defattr(-,root,root,-)
-+-%doc COPYING.* COPYRIGHT
-++%license COPYING.* COPYRIGHT
-+ %{_libdir}/libknet.so
-+ %{_includedir}/libknet.h
-+ %{_libdir}/pkgconfig/libknet.pc
-+@@ -382,119 +364,112 @@ Requires: pkgconfig
-+ 
-+ %if %{with nss}
-+ %package -n libknet1-crypto-nss-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 nss support
-++Summary: Provides libknet1 nss support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-crypto-nss-plugin
-+- NSS crypto support for libknet1.
-++ Provides NSS crypto support for libknet1.
-+ 
-+ %files -n libknet1-crypto-nss-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/crypto_nss.so
-+ %endif
-+ 
-+ %if %{with openssl}
-+ %package -n libknet1-crypto-openssl-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 openssl support
-++Summary: Provides libknet1 openssl support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-crypto-openssl-plugin
-+- OpenSSL crypto support for libknet1.
-++ Provides OpenSSL crypto support for libknet1.
-+ 
-+ %files -n libknet1-crypto-openssl-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/crypto_openssl.so
-+ %endif
-+ 
-+ %if %{with zlib}
-+ %package -n libknet1-compress-zlib-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 zlib support
-++Summary: Provides libknet1 zlib support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-zlib-plugin
-+- zlib compression support for libknet1.
-++ Provides zlib compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-zlib-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zlib.so
-+ %endif
-++
-+ %if %{with lz4}
-+ %package -n libknet1-compress-lz4-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lz4 and lz4hc support
-++Summary: Provides libknet1 lz4 and lz4hc support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lz4-plugin
-+- lz4 and lz4hc compression support for libknet1.
-++ Provides lz4 and lz4hc compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-lz4-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lz4.so
-+ %{_libdir}/kronosnet/compress_lz4hc.so
-+ %endif
-+ 
-+ %if %{with lzo2}
-+ %package -n libknet1-compress-lzo2-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lzo2 support
-++Summary: Provides libknet1 lzo2 support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lzo2-plugin
-+- lzo2 compression support for libknet1.
-++ Provides lzo2 compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-lzo2-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lzo2.so
-+ %endif
-+ 
-+ %if %{with lzma}
-+ %package -n libknet1-compress-lzma-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 lzma support
-++Summary: Provides libknet1 lzma support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-lzma-plugin
-+- lzma compression support for libknet1.
-++ Provides lzma compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-lzma-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_lzma.so
-+ %endif
-+ 
-+ %if %{with bzip2}
-+ %package -n libknet1-compress-bzip2-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 bzip2 support
-++Summary: Provides libknet1 bzip2 support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-bzip2-plugin
-+- bzip2 compression support for libknet1.
-++ Provides bzip2 compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-bzip2-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_bzip2.so
-+ %endif
-+ 
-+ %if %{with zstd}
-+ %package -n libknet1-compress-zstd-plugin
-+-Group: System Environment/Libraries
-+-Summary: libknet1 zstd support
-++Summary: Provides libknet1 zstd support
-++License: LGPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-compress-zstd-plugin
-+- zstd compression support for libknet1.
-++ Provides zstd compression support for libknet1.
-+ 
-+ %files -n libknet1-compress-zstd-plugin
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/compress_zstd.so
-+ %endif
-+ 
-+ %package -n libknet1-crypto-plugins-all
-+-Group: System Environment/Libraries
-+-Summary: libknet1 crypto plugins meta package
-++Summary: Provides libknet1 crypto plugins meta package
-++License: LGPLv2+
-+ %if %{with nss}
-+ Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+@@ -503,13 +478,13 @@ Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+ %description -n libknet1-crypto-plugins-all
-+- meta package to install all of libknet1 crypto plugins
-++ Provides meta package to install all of libknet1 crypto plugins
-+ 
-+ %files -n libknet1-crypto-plugins-all
-+ 
-+ %package -n libknet1-compress-plugins-all
-+-Group: System Environment/Libraries
-+-Summary: libknet1 compress plugins meta package
-++Summary: Provides libknet1 compress plugins meta package
-++License: LGPLv2+
-+ %if %{with zlib}
-+ Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+@@ -530,32 +505,31 @@ Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release}
-+ %endif
-+ 
-+ %description -n libknet1-compress-plugins-all
-+- meta package to install all of libknet1 compress plugins
-++ Provides meta package to install all of libknet1 compress plugins
-+ 
-+ %files -n libknet1-compress-plugins-all
-+ 
-+ %package -n libknet1-plugins-all
-+-Group: System Environment/Libraries
-+ Summary: libknet1 plugins meta package
-++License: LGPLv2+
-+ Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release}
-+ Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release}
-+ 
-+ %description -n libknet1-plugins-all
-+- meta package to install all of libknet1 plugins
-++ Provides meta package to install all of libknet1 plugins
-+ 
-+ %files -n libknet1-plugins-all
-+ 
-+ %if %{with installtests}
-+ %package -n kronosnet-tests
-+-Group: System Environment/Libraries
-+ Summary: kronosnet test suite
-++License: GPLv2+
-+ Requires: libknet1%{_isa} = %{version}-%{release}
-+ 
-+ %description -n kronosnet-tests
-+- this package contains all the libknet and libnozzle test suite
-++ This package contains all the libknet and libnozzle test suite.
-+ 
-+ %files -n kronosnet-tests
-+-%defattr(-,root,root,-)
-+ %{_libdir}/kronosnet/tests/*
-+ %endif
-+ 
-diff --git a/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch b/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
-new file mode 100644
-index 0000000..500dd1f
---- /dev/null
-+++ b/debian/patches/spec-use-distro-conditionals-to-determine-BuildRequires.patch
-@@ -0,0 +1,59 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 25 Feb 2018 08:42:55 +0100
-+Subject: [spec] use distro conditionals to determine BuildRequires
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 3a5332772250c1adf2340503ac8903ea07f2d394)
-+---
-+ kronosnet.spec.in | 24 ++++++++++++++++++++----
-+ 1 file changed, 20 insertions(+), 4 deletions(-)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index e430ad2..3b597d0 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -107,16 +107,28 @@ BuildRequires: libqb-devel libxml2-devel doxygen
-+ BuildRequires: lksctp-tools-devel
-+ %endif
-+ %if %{defined buildcryptonss}
-+-BuildRequires: /usr/include/nss3/nss.h /usr/include/nspr4/nspr.h
-++%if 0%{?suse_version}
-++BuildRequires: mozilla-nss-devel
-++%else
-++BuildRequires: nss-devel
-++%endif
-+ %endif
-+ %if %{defined buildcryptoopenssl}
-+-BuildRequires: /usr/include/openssl/conf.h
-++%if 0%{?suse_version}
-++BuildRequires: libopenssl-devel
-++%else
-++BuildRequires: openssl-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresszlib}
-+ BuildRequires: zlib-devel
-+ %endif
-+ %if %{defined buildcompresslz4}
-+-BuildRequires: /usr/include/lz4hc.h
-++%if 0%{?suse_version}
-++BuildRequires: liblz4-devel
-++%else
-++BuildRequires: lz4-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresslzo2}
-+ BuildRequires: lzo-devel
-+@@ -125,7 +137,11 @@ BuildRequires: lzo-devel
-+ BuildRequires: xz-devel
-+ %endif
-+ %if %{defined buildcompressbzip2}
-+-BuildRequires: /usr/include/bzlib.h
-++%if 0%{?suse_version}
-++BuildRequires: libbz2-devel
-++%else
-++BuildRequires: bzip2-devel
-++%endif
-+ %endif
-+ %if %{defined buildcompresszstd}
-+ BuildRequires: libzstd-devel
-diff --git a/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch b/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
-new file mode 100644
-index 0000000..46a0fee
---- /dev/null
-+++ b/debian/patches/spec-use-ldconfig_scriptlets-only-when-defined.patch
-@@ -0,0 +1,40 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Tue, 14 May 2019 06:57:36 +0200
-+Subject: [spec] use ldconfig_scriptlets only when defined
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 8a823aa3bf291fe8c7407fd957d71897895e1aec)
-+---
-+ kronosnet.spec.in | 10 ++++++++++
-+ 1 file changed, 10 insertions(+)
-+
-+diff --git a/kronosnet.spec.in b/kronosnet.spec.in
-+index 8c60125..094090b 100644
-+--- a/kronosnet.spec.in
-++++ b/kronosnet.spec.in
-+@@ -262,7 +262,12 @@ License: LGPLv2+
-+ %license COPYING.* COPYRIGHT
-+ %{_libdir}/libnozzle.so.*
-+ 
-++%if 0%{?ldconfig_scriptlets}
-+ %ldconfig_scriptlets -n libnozzle1
-++%else
-++%post -n libnozzle1 -p /sbin/ldconfig
-++%postun -n libnozzle1 -p /sbin/ldconfig
-++%endif
-+ 
-+ %package -n libnozzle1-devel
-+ Summary: Simple userland wrapper around kernel tap devices (developer files)
-+@@ -299,7 +304,12 @@ License: LGPLv2+
-+ %{_libdir}/libknet.so.*
-+ %dir %{_libdir}/kronosnet
-+ 
-++%if 0%{?ldconfig_scriptlets}
-+ %ldconfig_scriptlets -n libknet1
-++%else
-++%post -n libknet1 -p /sbin/ldconfig
-++%postun -n libknet1 -p /sbin/ldconfig
-++%endif
-+ 
-+ %package -n libknet1-devel
-+ Summary: Kronosnet core switching implementation (developer files)
-diff --git a/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch b/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-new file mode 100644
-index 0000000..76b42da
---- /dev/null
-+++ b/debian/patches/tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-@@ -0,0 +1,25 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 11 Apr 2019 09:30:27 +0200
-+Subject: [tests] hide an arm internal memory leak (non-recurring)
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 43b3f05da8736e7bb286e81f96e7514977541bef)
-+---
-+ build-aux/knet_valgrind_memcheck.supp | 7 +++++++
-+ 1 file changed, 7 insertions(+)
-+
-+diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
-+index e0f49d0..a34ab93 100644
-+--- a/build-aux/knet_valgrind_memcheck.supp
-++++ b/build-aux/knet_valgrind_memcheck.supp
-+@@ -605,3 +605,10 @@
-+    obj:*
-+    obj:/usr/lib64/libnss3.so
-+ }
-++{
-++   arm internal memory leak
-++   Memcheck:Leak
-++   match-leak-kinds: definite
-++   fun:malloc
-++   fun:dl_open_worker
-++}
-diff --git a/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch b/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
-new file mode 100644
-index 0000000..458da67
---- /dev/null
-+++ b/debian/patches/tests-improve-wait-for-packet-implementation-to-flush-log.patch
-@@ -0,0 +1,135 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 11 Apr 2019 09:31:00 +0200
-+Subject: [tests] improve wait for packet implementation to flush logs during
-+ wait
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit e7825127477c756b4d0d9311c9907e140575e490)
-+---
-+ libknet/tests/test-common.h                 | 2 +-
-+ libknet/tests/api_knet_handle_clear_stats.c | 2 +-
-+ libknet/tests/api_knet_send.c               | 2 +-
-+ libknet/tests/api_knet_send_compress.c      | 2 +-
-+ libknet/tests/api_knet_send_crypto.c        | 2 +-
-+ libknet/tests/api_knet_send_loopback.c      | 4 ++--
-+ libknet/tests/test-common.c                 | 7 ++++---
-+ 7 files changed, 11 insertions(+), 10 deletions(-)
-+
-+diff --git a/libknet/tests/test-common.h b/libknet/tests/test-common.h
-+index 8742f8d..a498a09 100644
-+--- a/libknet/tests/test-common.h
-++++ b/libknet/tests/test-common.h
-+@@ -70,6 +70,6 @@ int stop_logthread(void);
-+ int make_local_sockaddr(struct sockaddr_storage *lo, uint16_t offset);
-+ int make_local_sockaddr6(struct sockaddr_storage *lo, uint16_t offset);
-+ int wait_for_host(knet_handle_t knet_h, uint16_t host_id, int seconds, int logfd, FILE *std);
-+-int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd);
-++int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd, int logfd, FILE *std);
-+ 
-+ #endif
-+diff --git a/libknet/tests/api_knet_handle_clear_stats.c b/libknet/tests/api_knet_handle_clear_stats.c
-+index 8e64235..07f059a 100644
-+--- a/libknet/tests/api_knet_handle_clear_stats.c
-++++ b/libknet/tests/api_knet_handle_clear_stats.c
-+@@ -160,7 +160,7 @@ static void test(void)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send.c b/libknet/tests/api_knet_send.c
-+index 9e81d03..ca16e3d 100644
-+--- a/libknet/tests/api_knet_send.c
-++++ b/libknet/tests/api_knet_send.c
-+@@ -247,7 +247,7 @@ static void test(uint8_t transport)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_compress.c b/libknet/tests/api_knet_send_compress.c
-+index 6de4674..b03f4e7 100644
-+--- a/libknet/tests/api_knet_send_compress.c
-++++ b/libknet/tests/api_knet_send_compress.c
-+@@ -170,7 +170,7 @@ static void test(const char *model)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_crypto.c b/libknet/tests/api_knet_send_crypto.c
-+index f2ca366..e33a808 100644
-+--- a/libknet/tests/api_knet_send_crypto.c
-++++ b/libknet/tests/api_knet_send_crypto.c
-+@@ -171,7 +171,7 @@ static void test(const char *model)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/api_knet_send_loopback.c b/libknet/tests/api_knet_send_loopback.c
-+index 0cfd29f..2feca68 100644
-+--- a/libknet/tests/api_knet_send_loopback.c
-++++ b/libknet/tests/api_knet_send_loopback.c
-+@@ -251,7 +251,7 @@ static void test(void)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+@@ -352,7 +352,7 @@ static void test(void)
-+ 
-+      flush_logs(logfds[0], stdout);
-+ 
-+-     if (wait_for_packet(knet_h, 10, datafd)) {
-++     if (wait_for_packet(knet_h, 10, datafd, logfds[0], stdout)) {
-+              printf("Error waiting for packet: %s\n", strerror(errno));
-+              knet_link_set_enable(knet_h, 1, 0, 0);
-+              knet_link_clear_config(knet_h, 1, 0);
-+diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-+index d0ea1ef..a4ff297 100644
-+--- a/libknet/tests/test-common.c
-++++ b/libknet/tests/test-common.c
-+@@ -485,7 +485,7 @@ int wait_for_host(knet_handle_t knet_h, uint16_t host_id, int seconds, int logfd
-+      return -1;
-+ }
-+ 
-+-int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd)
-++int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd, int logfd, FILE *std)
-+ {
-+      fd_set rfds;
-+      struct timeval tv;
-+@@ -500,7 +500,7 @@ try_again:
-+      FD_ZERO(&rfds);
-+      FD_SET(datafd, &rfds);
-+ 
-+-     tv.tv_sec = seconds;
-++     tv.tv_sec = 1;
-+      tv.tv_usec = 0;
-+ 
-+      err = select(datafd+1, &rfds, NULL, NULL, &tv);
-+@@ -509,7 +509,8 @@ try_again:
-+       * pick an arbitrary 10 times loop (multiplied by waiting seconds)
-+       * before failing.
-+       */
-+-     if ((!err) && (i < 10)) {
-++     if ((!err) && (i < seconds)) {
-++             flush_logs(logfd, std);
-+              i++;
-+              goto try_again;
-+      }
-diff --git a/debian/patches/tests-remove-stray-comment.patch b/debian/patches/tests-remove-stray-comment.patch
-new file mode 100644
-index 0000000..dce4422
---- /dev/null
-+++ b/debian/patches/tests-remove-stray-comment.patch
-@@ -0,0 +1,22 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 7 Mar 2019 18:42:20 +0100
-+Subject: [tests] remove stray comment
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 3f426c317d41c93cefc7735607ec166539223283)
-+---
-+ libknet/tests/Makefile.am | 1 -
-+ 1 file changed, 1 deletion(-)
-+
-+diff --git a/libknet/tests/Makefile.am b/libknet/tests/Makefile.am
-+index 3e74ea8..015587c 100644
-+--- a/libknet/tests/Makefile.am
-++++ b/libknet/tests/Makefile.am
-+@@ -41,7 +41,6 @@ fun_checks          =
-+ benchmarks           = \
-+                        knet_bench_test
-+ 
-+-# int_links_acl_test can´t run yet standalone
-+ noinst_PROGRAMS              = \
-+                        api_knet_handle_new_limit_test \
-+                        pckt_test \
-diff --git a/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch b/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
-new file mode 100644
-index 0000000..3d23858
---- /dev/null
-+++ b/debian/patches/transports-access-list-add-internal-API-to-gather-which-f.patch
-@@ -0,0 +1,161 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Thu, 28 Feb 2019 14:55:27 +0100
-+Subject: [transports / access list] add internal API to gather which fd to
-+ use for access lists given a certain link struct
-+
-+this is required for the external API that has to be transport indepedent
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 2eb0040c7b5c99f3157b3922f6400a6c09c80e7e)
-+---
-+ libknet/internals.h          |  6 ++++++
-+ libknet/transport_loopback.h |  1 +
-+ libknet/transport_sctp.h     |  1 +
-+ libknet/transport_udp.h      |  1 +
-+ libknet/transports.h         |  1 +
-+ libknet/transport_loopback.c |  5 +++++
-+ libknet/transport_sctp.c     |  7 +++++++
-+ libknet/transport_udp.c      |  5 +++++
-+ libknet/transports.c         | 13 +++++++++----
-+ 9 files changed, 36 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index d482674..8976a8c 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -338,6 +338,12 @@ typedef struct knet_transport_ops {
-+  */
-+      int (*transport_link_dyn_connect)(knet_handle_t knet_h, int sockfd, struct knet_link *link);
-+ 
-++
-++/*
-++ * return the fd to use for access lists
-++ */
-++     int (*transport_link_get_acl_fd)(knet_handle_t knet_h, struct knet_link *link);
-++
-+ /*
-+  * per transport error handling of recvmmsg
-+  * (see _handle_recv_from_links comments for details)
-+diff --git a/libknet/transport_loopback.h b/libknet/transport_loopback.h
-+index 3d072e8..6ce3ed3 100644
-+--- a/libknet/transport_loopback.h
-++++ b/libknet/transport_loopback.h
-+@@ -23,5 +23,6 @@ int loopback_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_
-+ int loopback_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int loopback_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int loopback_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int loopback_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+ 
-+ #endif
-+diff --git a/libknet/transport_sctp.h b/libknet/transport_sctp.h
-+index f27bcf1..83a638b 100644
-+--- a/libknet/transport_sctp.h
-++++ b/libknet/transport_sctp.h
-+@@ -31,6 +31,7 @@ int sctp_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err,
-+ int sctp_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int sctp_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int sctp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int sctp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+ 
-+ #endif
-+ 
-+diff --git a/libknet/transport_udp.h b/libknet/transport_udp.h
-+index bbb6ec9..6de18e3 100644
-+--- a/libknet/transport_udp.h
-++++ b/libknet/transport_udp.h
-+@@ -23,5 +23,6 @@ int udp_transport_rx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err,
-+ int udp_transport_tx_sock_error(knet_handle_t knet_h, int sockfd, int recv_err, int recv_errno);
-+ int udp_transport_rx_is_data(knet_handle_t knet_h, int sockfd, struct knet_mmsghdr *msg);
-+ int udp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int udp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+ 
-+ #endif
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index 6338140..38f69ba 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -15,6 +15,7 @@ void stop_all_transports(knet_handle_t knet_h);
-+ int transport_link_set_config(knet_handle_t knet_h, struct knet_link *kn_link, uint8_t transport);
-+ int transport_link_clear_config(knet_handle_t knet_h, struct knet_link *kn_link);
-+ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_link *kn_link);
-++int transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link);
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_tx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, struct knet_mmsghdr *msg);
-+diff --git a/libknet/transport_loopback.c b/libknet/transport_loopback.c
-+index bf48bb9..54129d7 100644
-+--- a/libknet/transport_loopback.c
-++++ b/libknet/transport_loopback.c
-+@@ -73,3 +73,8 @@ int loopback_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct
-+ {
-+      return 0;
-+ }
-++
-++int loopback_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++     return 0;
-++}
-+diff --git a/libknet/transport_sctp.c b/libknet/transport_sctp.c
-+index aa0de9d..819bc9a 100644
-+--- a/libknet/transport_sctp.c
-++++ b/libknet/transport_sctp.c
-+@@ -1537,4 +1537,11 @@ int sctp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct kne
-+      kn_link->transport_connected = 1;
-+      return 0;
-+ }
-++
-++int sctp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++     sctp_connect_link_info_t *this_link_info = kn_link->transport_link;
-++     sctp_listen_link_info_t *info = this_link_info->listener;
-++     return info->listen_sock;
-++}
-+ #endif
-+diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
-+index e4f6fdb..e243a91 100644
-+--- a/libknet/transport_udp.c
-++++ b/libknet/transport_udp.c
-+@@ -438,3 +438,8 @@ int udp_transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet
-+      kn_link->status.dynconnected = 1;
-+      return 0;
-+ }
-++
-++int udp_transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++     return kn_link->outsock;
-++}
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 6ded675..5181db9 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,14 +27,14 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+ 
-+-#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+ 
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+-     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+-     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_link_get_acl_fd, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED,KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+      { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+-                                    1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++                                    1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_link_get_acl_fd, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-+@@ -103,6 +103,11 @@ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_lin
-+      return transport_modules_cmd[kn_link->transport].transport_link_dyn_connect(knet_h, sockfd, kn_link);
-+ }
-+ 
-++int transport_link_get_acl_fd(knet_handle_t knet_h, struct knet_link *kn_link)
-++{
-++     return transport_modules_cmd[kn_link->transport].transport_link_get_acl_fd(knet_h, kn_link);
-++}
-++
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno)
-+ {
-+      return transport_modules_cmd[transport].transport_rx_sock_error(knet_h, sockfd, recv_err, recv_errno);
-diff --git a/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch b/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
-new file mode 100644
-index 0000000..64e7124
---- /dev/null
-+++ b/debian/patches/transports-add-information-about-the-nature-of-the-transp.patch
-@@ -0,0 +1,115 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Sun, 10 Feb 2019 08:52:22 +0100
-+Subject: [transports] add information about the nature of the transport and
-+ supported access lists
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 7cb7619d9222e09e65c3ec46a9d79a1806c44a25)
-+---
-+ libknet/internals.h  | 31 +++++++++++++++++++++++++++++++
-+ libknet/transports.h |  2 ++
-+ libknet/transports.c | 18 ++++++++++++++----
-+ 3 files changed, 47 insertions(+), 4 deletions(-)
-+
-+diff --git a/libknet/internals.h b/libknet/internals.h
-+index d33646f..106b49d 100644
-+--- a/libknet/internals.h
-++++ b/libknet/internals.h
-+@@ -256,6 +256,34 @@ extern pthread_rwlock_t shlib_rwlock;       /* global shared lib load lock */
-+  *       for every protocol.
-+  */
-+ 
-++/*
-++ * for now knet supports only IP protocols (udp/sctp)
-++ * in future there might be others like ARP
-++ * or TIPC.
-++ * keep this around as transport information
-++ * to use for access lists and other operations
-++ */
-++
-++typedef enum {
-++     LOOPBACK,
-++     IP_PROTO
-++} transport_proto;
-++
-++/*
-++ * some transports like SCTP can filter incoming
-++ * connections before knet has to process
-++ * any packets.
-++ * GENERIC_ACL -> packet has to be read and filterted
-++ * PROTO_ACL -> transport provides filtering at lower levels
-++ *              and packet does not need to be processed
-++ */
-++
-++typedef enum {
-++     USE_NO_ACL,
-++     USE_GENERIC_ACL,
-++     USE_PROTO_ACL
-++} transport_acl;
-++
-+ /*
-+  * make it easier to map values in transports.c
-+  */
-+@@ -270,6 +298,9 @@ typedef struct knet_transport_ops {
-+      const uint8_t transport_id;
-+      const uint8_t built_in;
-+ 
-++     transport_proto transport_protocol;
-++     transport_acl transport_acl_type;
-++
-+ /*
-+  * connection oriented protocols like SCTP
-+  * don´t need dst_addr in sendto calls and
-+diff --git a/libknet/transports.h b/libknet/transports.h
-+index d58b7a3..6338140 100644
-+--- a/libknet/transports.h
-++++ b/libknet/transports.h
-+@@ -18,6 +18,8 @@ int transport_link_dyn_connect(knet_handle_t knet_h, int sockfd, struct knet_lin
-+ int transport_rx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_tx_sock_error(knet_handle_t knet_h, uint8_t transport, int sockfd, int recv_err, int recv_errno);
-+ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, struct knet_mmsghdr *msg);
-++int transport_get_proto(knet_handle_t knet_h, uint8_t transport);
-++int transport_get_acl_type(knet_handle_t knet_h, uint8_t transport);
-+ int transport_get_connection_oriented(knet_handle_t knet_h, uint8_t transport);
-+ 
-+ #endif
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index b6f3b64..ffebe00 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,14 +27,14 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+ 
-+-#define empty_module 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+ 
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+-     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+-     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++     { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-++     { "UDP", KNET_TRANSPORT_UDP, 1, IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+      { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+-                                    1, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-++                                    1, IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-+ #else
-+ empty_module
-+ #endif
-+@@ -118,6 +118,16 @@ int transport_rx_is_data(knet_handle_t knet_h, uint8_t transport, int sockfd, st
-+      return transport_modules_cmd[transport].transport_rx_is_data(knet_h, sockfd, msg);
-+ }
-+ 
-++int transport_get_proto(knet_handle_t knet_h, uint8_t transport)
-++{
-++     return transport_modules_cmd[transport].transport_protocol;
-++}
-++
-++int transport_get_acl_type(knet_handle_t knet_h, uint8_t transport)
-++{
-++     return transport_modules_cmd[transport].transport_acl_type;
-++}
-++
-+ int transport_get_connection_oriented(knet_handle_t knet_h, uint8_t transport)
-+ {
-+      return transport_modules_cmd[transport].transport_is_connection_oriented;
-diff --git a/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch b/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-new file mode 100644
-index 0000000..d3b6e32
---- /dev/null
-+++ b/debian/patches/transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-@@ -0,0 +1,29 @@
-+From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
-+Date: Mon, 3 Jun 2019 18:13:04 +0200
-+Subject: [transports] fix incorrect merge when cherry-picking
-+ 7033ddab505a0cf3655115fe5037579b7c882a8c
-+
-+Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
-+(cherry picked from commit 02097c450e14afe1f5b34e7fd22a93f7d253b614)
-+---
-+ libknet/transports.c | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/libknet/transports.c b/libknet/transports.c
-+index 5181db9..51712df 100644
-+--- a/libknet/transports.c
-++++ b/libknet/transports.c
-+@@ -27,11 +27,11 @@
-+ #include "transport_sctp.h"
-+ #include "threads_common.h"
-+ 
-+-#define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-++#define empty_module 0, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
-+ 
-+ static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-+      { "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_link_get_acl_fd, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-+-     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED,KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-++     { "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_link_get_acl_fd, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
-+      { "SCTP", KNET_TRANSPORT_SCTP,
-+ #ifdef HAVE_NETINET_SCTP_H
-+                                     1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_link_get_acl_fd, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
-diff --git a/debian/patches/series b/debian/patches/series
-index c16ea6e..e58890e 100644
---- a/debian/patches/series
-+++ b/debian/patches/series
-@@ -9,3 +9,69 @@ tests-add-man-page-check-to-verify-doxy-header-order-and-.patch
- man-fix-libknet.h-for-errors-detected-by-newly-added-test.patch
- udp-use-defines-vs-hardcoded-numbers.patch
- udp-improve-error-message-decoding-from-ICMP-errors.patch
-+acl-move-poc-code-into-libknet-dir-and-rename-to-links_ac.patch
-+acl-add-knet_handle_enable_access_lists-api-call.patch
-+transports-add-information-about-the-nature-of-the-transp.patch
-+access-lists-make-code-more-generic-to-accept-more-than-I.patch
-+handle-properly-initialize-fd-tracker-buffers.patch
-+access-lists-automatically-add-and-remove-point-to-point-.patch
-+access-lists-add-tests-for-default-access-lists.patch
-+access-lists-allow-knet_bench-to-enable-disable-access-li.patch
-+access-lists-enable-access-lists-for-GENERIC_ACL-protocol.patch
-+access-lists-enable-generic-access-lists-only-for-protoco.patch
-+access-lists-add-access-lists-support-to-sctp.patch
-+access-lists-fix-build-on-freebsd.patch
-+access-lists-move-all-acl-wrappers-to-links_acl-and-split.patch
-+access-lists-move-access-lists-structs-and-data-types-to-.patch
-+access-lists-more-use-of-generic-wrappers-and-remove-dupl.patch
-+access-lists-cleanup-API-a-bit.patch
-+access-lists-remove-2-unnecessary-wrappers.patch
-+links-rename-transport_type-to-transport-to-avoid-confusi.patch
-+links-rename-tranport_type-to-transport-to-avoid-confusio.patch
-+access-lists-make-internal-API-consistent.patch
-+access-lists-fix-build-on-BSD-and-add-some-include-files-.patch
-+access-lists-add-errno-around-and-start-using-them.patch
-+access-lists-confine-access-lists-data-structs-within-the.patch
-+access-lists-use-better-name-for-fd_tracker-structure.patch
-+access-lists-use-arrays-to-access-per-protocol-functions.patch
-+access-lists-rename-ip1-2-to-ss1-2-to-keep-it-more-generi.patch
-+transports-access-list-add-internal-API-to-gather-which-f.patch
-+access-lists-add-documentation-for-enable_access_list.patch
-+access-lists-add-external-API-calls-to-manage-access-list.patch
-+access-lists-test-implicit-access-lists-management-for-UD.patch
-+access-lists-improve-checks-on-various-data-types.patch
-+access-lists-add-public-API-tests.patch
-+acl-Fix-English-in-commments.patch
-+access-lists-add-more-extensive-test-for-links_acl_ip.patch
-+logging-fix-log-target-of-recently-added-API-calls.patch
-+tests-remove-stray-comment.patch
-+manpages-Document-enums-206.patch
-+compress-add-support-for-libzstd.patch
-+tests-hide-an-arm-internal-memory-leak-non-recurring.patch
-+tests-improve-wait-for-packet-implementation-to-flush-log.patch
-+man-fix-libknet.h-for-errors-detected-by-newly-added-test-1.patch
-+global-update-copyright-across-the-board.patch
-+build-bump-soname-to-indicate-new-API-calls.patch
-+spec-fix-upstream-URLs-to-point-to-https-and-official-rel.patch
-+spec-use-distro-conditionals-to-determine-BuildRequires.patch
-+spec-be-more-strict-about-plugins-version-and-architectur.patch
-+spec-clean-up-useless-conditionals-and-defines.patch
-+spec-reconciliate-fedora-spec-file-into-upstream-spec-fil.patch
-+spec-fix-a-bunch-of-rpmlint-errors.patch
-+spec-drop-support-for-init-scripts.patch
-+spec-use-ldconfig_scriptlets-only-when-defined.patch
-+misc-some-coverity-fixes.patch
-+misc-Fix-more-covscan-warnings.patch
-+crypto-make-sure-to-clear-all-security-info-on-crypto_fin.patch
-+PMTUd-create-common-shared-code-to-trigger-PMTUd-rerun.patch
-+crypto-make-sure-to-trigger-a-PMTUd-rerun-on-each-good-cr.patch
-+crypto-rework-knet_handle_crypto-external-API-to-be-more-.patch
-+PMTUd-extend-internal-rerun-API-to-allow-full-PMTUd-reset.patch
-+crypto-fix-openssl1.0-initialization-code.patch
-+transports-fix-incorrect-merge-when-cherry-picking-7033dd.patch
-+crypto-openssl-error-strings-release.patch
-+crypto-openssl-drop-calls-to-RAND_seed-as-they-don-t-real.patch
-+crypto-hide-errors-generated-by-openssl-1.1.1c.patch
-+doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
-+global-clarify-license-entry-per-file-to-match-README.lic.patch
-+global-update-copyrights.patch

diff --git a/patches/0006-cherry-pick-pmtud-fixes.patch b/patches/0006-cherry-pick-pmtud-fixes.patch
index 9653db7cc7359fdc409f58b7a554d96631ba953d..92c28a047271e533dd50040033489772e6ebdbed 100644 (file)
--- a/patches/0006-cherry-pick-pmtud-fixes.patch
+++ b/patches/0006-cherry-pick-pmtud-fixes.patch
@@ -246,10 +246,8 @@ diff --git a/debian/patches/series b/debian/patches/series
 index e58890e..c5950b7 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
-@@ -75,3 +75,7 @@ crypto-hide-errors-generated-by-openssl-1.1.1c.patch
- doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
- global-clarify-license-entry-per-file-to-match-README.lic.patch
- global-update-copyrights.patch
+@@ -1,1 +1,5 @@ crypto-hide-errors-generated-by-openssl-1.1.1c.patch
+ send-test-skip-the-SCTP-test-if-SCTP-is-not-supported-by-.patch
 +crypto-fix-log-information.patch
 +udp-log-information-about-detected-kernel-MTU.patch
 +docs-add-knet-packet-layout.patch

diff --git a/patches/series b/patches/series
index ede59da641f6c07b715ad9880806c92cbd0a1500..f3241cb6a2b1c812e6929a0cb3ae1430c048b58d 100644 (file)
--- a/patches/series
+++ b/patches/series
@@ -1,3 +1 @@
-0002-cherry-pick-1.9-as-patches.patch
-0003-cherry-pick-1.10-as-patches.patch
 0006-cherry-pick-pmtud-fixes.patch

diff --git a/upstream b/upstream
new file mode 160000 (submodule)
index 0000000..fce6957
--- /dev/null
+++ b/upstream
@@ -0,0 +1 @@
+Subproject commit fce69571d6564cf2955381e71ecc8bc5a7b2bed5

diff --git a/upstream/kronosnet_1.10.orig.tar.xz b/upstream/kronosnet_1.10.orig.tar.xz
deleted file mode 100644 (file)
index f03a606..0000000
Binary files a/upstream/kronosnet_1.10.orig.tar.xz and /dev/null differ