diff --git a/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch b/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
new file mode 100644
index 0000000000000000000000000000000000000000..012a0e24d9103273b42e560ca5a4f854b6d176a8
--- /dev/null
+++ b/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
@@ -0,0 +1,32 @@
+From 225f74761b091e51444cf1f9686547f3c42e44b3 Mon Sep 17 00:00:00 2001
+From: Denis Kirjanov <kirjanov@gmail.com>
+Date: Wed, 13 Nov 2024 13:53:49 +0300
+Subject: [PATCH] lib: names: check calloc return value in db_names_alloc
+
+db_names_load() may crash since it touches the
+hash member. Fix it by checking the return value
+
+Signed-off-by: Denis Kirjanov <kirjanov@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Conflict: NA
+Reference: https://github.com/iproute2/iproute2/commit/225f74761b091e51444cf1f9686547f3c42e44b3
+---
+ lib/names.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/names.c b/lib/names.c
+index cbfa971ff..4ecae92b9 100644
+--- a/lib/names.c
++++ b/lib/names.c
+@@ -55,6 +55,10 @@ struct db_names *db_names_alloc(void)
+ 
+ 	db->size = MAX_ENTRIES;
+ 	db->hash = calloc(db->size, sizeof(struct db_entry *));
++	if (!db->hash) {
++		free(db);
++		return NULL;
++	}
+ 
+ 	return db;
+ }
diff --git a/backport-route-filter-by-interface-on-multipath-routes.patch b/backport-route-filter-by-interface-on-multipath-routes.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1921ab40de8dc94cd9ce8484c3f218ffcc54528b
--- /dev/null
+++ b/backport-route-filter-by-interface-on-multipath-routes.patch
@@ -0,0 +1,88 @@
+From 0ea0699ea01df81750becf742083933a23a95d94 Mon Sep 17 00:00:00 2001
+From: Stephen Hemminger <stephen@networkplumber.org>
+Date: Thu, 4 Jul 2024 17:26:41 -0700
+Subject: [PATCH] route: filter by interface on multipath routes
+
+The ip route command would silently hide multipath routes when filter
+by interface. The problem was it was not looking for interface when
+filter multipath routes.
+
+Example:
+	ip link add name dummy1 up type dummy
+	ip link add name dummy2 up type dummy
+	ip address add 192.0.2.1/28 dev dummy1
+	ip address add 192.0.2.17/28 dev dummy2
+	ip route add 198.51.100.0/24 \
+		nexthop via 192.0.2.2 dev dummy1 \
+		nexthop via 192.0.2.18 dev dummy2
+
+Before:
+ip route show dev dummy1
+192.0.2.0/28 proto kernel scope link src 192.0.2.1
+
+After:
+ip route show dev dummy1
+192.0.2.0/28 proto kernel scope link src 192.0.2.1
+198.51.100.0/24
+	nexthop via 192.0.2.2 dev dummy1 weight 1
+	nexthop via 192.0.2.18 dev dummy2 weight 1
+
+Reported-by: "Muggeridge, Matt" <matt.muggeridge2@hpe.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Conflict: NA
+Reference: https://github.com/iproute2/iproute2/commit/0ea0699ea01df81750becf742083933a23a95d94.patch
+---
+ ip/iproute.c | 31 ++++++++++++++++++++++++++-----
+ 1 file changed, 26 insertions(+), 5 deletions(-)
+
+diff --git a/ip/iproute.c b/ip/iproute.c
+index b53046116..446662404 100644
+--- a/ip/iproute.c
++++ b/ip/iproute.c
+@@ -154,6 +154,24 @@ static int flush_update(void)
+ 	return 0;
+ }
+ 
++static bool filter_multipath(const struct rtattr *rta)
++{
++	const struct rtnexthop *nh = RTA_DATA(rta);
++	int len = RTA_PAYLOAD(rta);
++
++	while (len >= sizeof(*nh)) {
++		if (nh->rtnh_len > len)
++			break;
++
++		if (!((nh->rtnh_ifindex ^ filter.oif) & filter.oifmask))
++			return true;
++
++		len -= NLMSG_ALIGN(nh->rtnh_len);
++		nh = RTNH_NEXT(nh);
++	}
++	return false;
++}
++
+ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
+ {
+ 	struct rtmsg *r = NLMSG_DATA(n);
+@@ -310,12 +328,15 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
+ 			return 0;
+ 	}
+ 	if (filter.oifmask) {
+-		int oif = 0;
++		if (tb[RTA_OIF]) {
++			int oif = rta_getattr_u32(tb[RTA_OIF]);
+ 
+-		if (tb[RTA_OIF])
+-			oif = rta_getattr_u32(tb[RTA_OIF]);
+-		if ((oif^filter.oif)&filter.oifmask)
+-			return 0;
++			if ((oif ^ filter.oif) & filter.oifmask)
++				return 0;
++		} else if (tb[RTA_MULTIPATH]) {
++			if (!filter_multipath(tb[RTA_MULTIPATH]))
++				return 0;
++		}
+ 	}
+ 	if (filter.markmask) {
+ 		int mark = 0;
diff --git a/backport-ss-fix-expired-time-format-of-timer.patch b/backport-ss-fix-expired-time-format-of-timer.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e5e05b4baef7b43169b6d49f67cb7d5a2ce7c733
--- /dev/null
+++ b/backport-ss-fix-expired-time-format-of-timer.patch
@@ -0,0 +1,52 @@
+From 3e807112fdf3d7b89a8295379dd8474f08a38b4b Mon Sep 17 00:00:00 2001
+From: xixiliguo <xixiliguo@foxmail.com>
+Date: Sat, 20 Jul 2024 23:23:27 +0800
+Subject: [PATCH] ss: fix expired time format of timer
+
+When expired time of time-wait timer is less than or equal to 9 seconds,
+as shown below, result that below 1 sec is incorrect.
+Expect output should be show 9 seconds and 373 millisecond, but 9.373ms
+mean only 9 millisecond and 373 microseconds
+
+Before:
+TIME-WAIT 0      0     ...    timer:(timewait,12sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,11sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,10sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,9.373ms,0)
+TIME-WAIT 0      0     ...    timer:(timewait,8.679ms,0)
+TIME-WAIT 0      0     ...    timer:(timewait,1.574ms,0)
+TIME-WAIT 0      0     ...    timer:(timewait,954ms,0)
+TIME-WAIT 0      0     ...    timer:(timewait,303ms,0)
+
+After:
+TIME-WAIT 0      0     ...    timer:(timewait,13sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,12sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,10sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,9.501sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,8.990sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,7.865sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,1.098sec,0)
+TIME-WAIT 0      0     ...    timer:(timewait,476ms,0)
+
+Signed-off-by: xixiliguo <xixiliguo@foxmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Conflict: NA
+Reference: https://github.com/iproute2/iproute2/commit/3e807112fdf3d7b89a8295379dd8474f08a38b4b
+---
+ misc/ss.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index 27f0f20d8..620f4c8fb 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -1516,7 +1516,7 @@ static const char *print_ms_timer(unsigned int timeout)
+ 		sprintf(buf+strlen(buf), "%d%s", secs, msecs ? "." : "sec");
+ 	}
+ 	if (msecs)
+-		sprintf(buf+strlen(buf), "%03dms", msecs);
++		sprintf(buf+strlen(buf), "%03d%s", msecs, secs ? "sec" : "ms");
+ 	return buf;
+ }
+ 
diff --git a/backport-testsuite-fix-testsuite-build-failure-when-iproute-b.patch b/backport-testsuite-fix-testsuite-build-failure-when-iproute-b.patch
deleted file mode 100644
index adfd356ecf766383992a2e69da5b18dd72c24b2c..0000000000000000000000000000000000000000
--- a/backport-testsuite-fix-testsuite-build-failure-when-iproute-b.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From c0a06885b944e1f14440f601a0b5266233814d54 Mon Sep 17 00:00:00 2001
-From: gaoxingwang <gaoxingwang1@huawei.com>
-Date: Fri, 10 Feb 2023 16:45:31 +0800
-Subject: [PATCH] testsuite: fix testsuite build failure when iproute build
- without libcap-devel
-
-iproute allows to build without libcap.The testsuite will fail to
-compile when libcap dose not exists.It was required in 6d68d7f85d.
-
-Fixes: 6d68d7f85d ("testsuite: fix build failure")
-Signed-off-by: gaoxingwang <gaoxingwang1@huawei.com>
-Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
----
- testsuite/tools/Makefile | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/testsuite/tools/Makefile b/testsuite/tools/Makefile
-index e0162ccc..0356ddae 100644
---- a/testsuite/tools/Makefile
-+++ b/testsuite/tools/Makefile
-@@ -1,9 +1,13 @@
- # SPDX-License-Identifier: GPL-2.0
- CFLAGS=
-+LDLIBS=
- include ../../config.mk
-+ifeq ($(HAVE_CAP),y)
-+LDLIBS+= -lcap
-+endif
- 
- generate_nlmsg: generate_nlmsg.c ../../lib/libnetlink.a ../../lib/libutil.a
--	$(QUIET_CC)$(CC) $(CPPFLAGS) $(CFLAGS) $(EXTRA_CFLAGS) -I../../include -I../../include/uapi -include../../include/uapi/linux/netlink.h -o $@ $^ -lmnl -lcap
-+	$(QUIET_CC)$(CC) $(CPPFLAGS) $(CFLAGS) $(EXTRA_CFLAGS) -I../../include -I../../include/uapi -include../../include/uapi/linux/netlink.h -o $@ $^ -lmnl $(LDLIBS)
- 
- clean:
- 	rm -f generate_nlmsg
--- 
-2.27.0
-
diff --git a/iproute.spec b/iproute.spec
index 9b41fd6072dce6bea4d1837d8fddeef0406a7954..78c14bb05c38aadd22ea641bdbc6a02fe786ea15 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -2,7 +2,7 @@
 Name:		iproute
 Version:	6.6.0
 Epoch:      1
-Release:	3
+Release:	4
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -17,6 +17,10 @@ patch6002:	backport-rdma-Fix-the-error-of-accessing-string-variable-outs.patch
 patch6003:	backport-exit-exec-in-child-process-if-setup-fails.patch
 # https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=70ba338cd8314410380b8bdae9e5f302e8e98039
 
+Patch6004:      backport-ss-fix-expired-time-format-of-timer.patch
+Patch6005:      backport-route-filter-by-interface-on-multipath-routes.patch
+Patch6006:      backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
+
 Patch9000:      feature-iproute-add-support-for-ipvlan-l2e-mode.patch
 Patch9001:      bugfix-iproute2-cancel-some-test-cases.patch
 
@@ -93,6 +97,15 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Thu Feb 13 2025 xinghe <xinghe2@h-partners.com> - 1:6.6.0-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:ss: fix expired time format of timer
+       route: filter by interface on multipath routes
+       lib: names: check calloc return value in db_names_alloc
+       remove redundant patches
+
 * Wed May 22 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 1:6.6.0-3
 - Type:feature
 - ID:NA