diff --git a/backport-q_cake-allow-changing-to-diffserv3.patch b/backport-q_cake-allow-changing-to-diffserv3.patch
new file mode 100644
index 0000000..f7fd6f8
--- /dev/null
+++ b/backport-q_cake-allow-changing-to-diffserv3.patch
@@ -0,0 +1,49 @@
+From eb4206ecd0342ff92b1a85b7dae3d4fd1b5be1c6 Mon Sep 17 00:00:00 2001
+From: Kevin Bracey <kevin@bracey.fi>
+Date: Thu, 6 Jan 2022 13:16:04 +0200
+Subject: [PATCH] q_cake: allow changing to diffserv3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+A diffserv3 option (enum value 0) was never sent to the kernel, so it
+was not possible to use "tc qdisc change" to select it.
+
+This also meant that were also relying on the kernel's default being
+diffserv3 when adding. If the default were to change, we wouldn't have
+been able to request diffserv3 explicitly.
+
+Signed-off-by: Kevin Bracey <kevin@bracey.fi>
+Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Conflict: remove fwmark variable declaration
+Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=eb4206ecd0342ff92b1a85b7dae3d4fd1b5be1c6
+---
+ tc/q_cake.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tc/q_cake.c b/tc/q_cake.c
+index 4cfc1c0..c438b76 100644
+--- a/tc/q_cake.c
++++ b/tc/q_cake.c
+@@ -95,7 +95,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv,
+ 	bool overhead_override = false;
+ 	bool overhead_set = false;
+ 	unsigned int interval = 0;
+-	unsigned int diffserv = 0;
++	int diffserv = -1;
+ 	unsigned int memlimit = 0;
+ 	unsigned int target = 0;
+ 	__u64 bandwidth = 0;
+@@ -360,7 +360,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv,
+ 	if (bandwidth || unlimited)
+ 		addattr_l(n, 1024, TCA_CAKE_BASE_RATE64, &bandwidth,
+ 			  sizeof(bandwidth));
+-	if (diffserv)
++	if (diffserv != -1)
+ 		addattr_l(n, 1024, TCA_CAKE_DIFFSERV_MODE, &diffserv,
+ 			  sizeof(diffserv));
+ 	if (atm != -1)
+-- 
+1.8.3.1
+
diff --git a/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch b/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch
new file mode 100644
index 0000000..9421a41
--- /dev/null
+++ b/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch
@@ -0,0 +1,38 @@
+From 73590d9573148804034a88ceb2f6b7ca1545561f Mon Sep 17 00:00:00 2001
+From: Paul Blakey <paulb@nvidia.com>
+Date: Sun, 5 Dec 2021 15:20:25 +0200
+Subject: [PATCH] tc: flower: Fix buffer overflow on large labels
+
+Buffer is 64bytes, but label printing can take 66bytes printing
+in hex, and will overflow when setting the string delimiter ('\0').
+
+Fix that by increasing the print buffer size.
+
+Example of overflowing ct_label:
+ct_label 11111111111111111111111111111111/11111111111111111111111111111111
+
+Fixes: 2fffb1c03056 ("tc: flower: Add matching on conntrack info")
+Signed-off-by: Paul Blakey <paulb@nvidia.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Conflict: NA
+Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=73590d9573148804034a88ceb2f6b7ca1545561f
+---
+ tc/f_flower.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/f_flower.c b/tc/f_flower.c
+index 7f78195..6d70b92 100644
+--- a/tc/f_flower.c
++++ b/tc/f_flower.c
+@@ -2195,7 +2195,7 @@ static void flower_print_ct_label(struct rtattr *attr,
+ 	const unsigned char *str;
+ 	bool print_mask = false;
+ 	int data_len, i;
+-	SPRINT_BUF(out);
++	char out[128];
+ 	char *p;
+ 
+ 	if (!attr)
+-- 
+1.8.3.1
+
diff --git a/iproute.spec b/iproute.spec
index c3bb891..18dde40 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -1,6 +1,6 @@
 Name:		iproute
 Version:	5.5.0
-Release:	9
+Release:	10
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -18,6 +18,8 @@ Patch9:         backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.pa
 Patch10:        backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch
 Patch11:        backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
 Patch12:        backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch
+Patch13:        backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch
+Patch14:        backport-q_cake-allow-changing-to-diffserv3.patch
 
 Patch9002:	feature-iproute-limit-operation-ip-netns-del.patch
 Patch9003:	feature-iproute-add-support-for-ipvlan-l2e-mode.patch
@@ -92,6 +94,13 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Tue Jan 25 2022 wuchangsheng <wuchangsheng2@huawei.com> - 5.5.0-10
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:tc flowerr Fix buffer overflow on large labels
+       q_cake allow changing to diffserv3
+
 * Tue Nov 16 2021 jiangheng <jiangheng12@huawei.com> - 5.5.0-9
 - Type:bugfix
 - Id:NA