Name:           nftables
Version:        0.9.6
Release:        7
Epoch:          1
Summary:        A subsystem of the Linux kernel processing network data
License:        GPLv2
URL:            https://netfilter.org/projects/nftables/
Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
Source1:        nftables.service
Source2:        nftables.conf

Patch6000:      backport-parser_bison-memleak-symbol-redefinition.patch
Patch6001:      backport-segtree-memleaks-in-interval_map_decompose.patch
Patch6002:      backport-json-Combining-terse-with-json-has-no-effect.patch
Patch6003:      backport-evaluate-Reject-quoted-strings-containing-only-wildcard.patch
Patch6004:      backport-Solves-Bug-1462-nft-j-list-set-does-not-show-counters.patch
Patch6005:      backport-json-Fix-memleak-in-set_dtype_json.patch
Patch6006:      backport-mnl-reply-netlink-error-message-might-be-larger-than-MNL_SOCKET_BUFFER_SIZE.patch
Patch6007:      backport-evaluate-disallow-ct-original-s-d-ddr-from-maps.patch
Patch6008:      backport-evaluate-disallow-ct-original-s-d-ddr-from-concatena.patch
Patch6009:      backport-parser_json-fix-device-parsing-in-netdev-family.patch
Patch6010:      backport-src-Don-t-parse-string-as-verdict-in-map.patch
Patch6011:      backport-iptopt-fix-crash-with-invalid-field-type-combo.patch

BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
BuildRequires:  iptables-devel jansson-devel python3-devel chrpath
Requires:       %{name}-help

%description
nftables is a subsystem of the Linux kernel providing filtering and classification of\
network packets/datagrams/frames. 

%package        devel
Summary:        Development library for nftables / libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}  pkgconfig

%description devel
Development tools and static libraries and header files for the libnftables library.

%package_help

%package -n     python3-nftables
Summary:        Python module providing an interface to libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}
%{?python_provide:%python_provide python3-nftables}

%description -n python3-nftables
The nftables python module providing an interface to libnftables via ctypes.

%prep
%autosetup -n %{name}-%{version} -p1

%build
%configure --disable-silent-rules --with-xtables --with-json \
        --enable-python --with-python-bin=%{__python3} CFLAGS="%{optflags} -fPIE -pie"
%make_build

%check
make check

%install
%make_install
chrpath -d %{buildroot}%{_sbindir}/nft

%delete_la

chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*

install -d $RPM_BUILD_ROOT/%{_unitdir}
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/nftables

%post
%systemd_post nftables.service

%preun
%systemd_preun nftables.service

%postun
%systemd_postun_with_restart nftables.service

%ldconfig_scriptlets devel

%files
%defattr(-,root,root)
%license COPYING
%config(noreplace) %{_sysconfdir}/nftables/
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
%{_sbindir}/nft
%{_libdir}/*.so.*
%{_unitdir}/nftables.service
%{_docdir}/nftables/examples/*.nft

%files devel
%defattr(-,root,root)
%{_includedir}/nftables/libnftables.h
%{_libdir}/*.a
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files help
%defattr(-,root,root)
%{_mandir}/man8/nft*
%{_mandir}/man3/libnftables.3*
%{_mandir}/man5/libnftables-json*

%files -n python3-nftables
%{python3_sitelib}/nftables-*.egg-info
%{python3_sitelib}/nftables/

%changelog
* Fri Dec 08 2023 zhanghao <zhanghao383@huawei.com> - 1:0.9.6-7
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix crash with invalid field type combo

* Mon Nov 13 2023 zhangxianting <zhangxianting@uniontech.com> - 1:0.9.6-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:enable fPIE and remove rpath

* Thu Dec 15 2022 huangyu <huangyu106@huawei.com> - 1:0.9.6-5
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:parser_json fix device parsing in netdev family
src don't parse string as verdict in map

* Tue Aug 03 2021 gaihuiying <gaihuiying1@huawei.com> - 0.9.6-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:evaluate disallow ct original s d ddr from maps
       evaluate disallow ct original s d ddr from concatena

* Tue Jul 28 2021 zengwefeng<zwfeng@huawei.com> - 0.9.6-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:enable check while building
       parser_bison memleak symbol redefinition
       segtree memleaks in interval_map_decompose
       json Combining terse with json has no effect
       evaluate Reject quoted strings containing only wildcard
       Solves Bug 1462 nft j list set does not show counters
       json Fix memleak in set_dtype_json
       mnl reply netlink error message might be larger than MNL_SOCKET_BUFFER_SIZE

* Mon Nov 09 2020 xihaochen <xihaochen@huawei.com> - 0.9.6-2
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add nftables-help dependency for nftables

* Tue Aug 25 2020 gaihuiying <gaihuiying1@huawei.com> - 0.9.6-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update nftables version to 0.9.6

* Tue Aug 18 2020 smileknife<jackshan2010@aliyun.com> - 1:0.9.0-4
- update release for rebuilding

* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:0.9.0-3
- Package init