forked from jengelh/iptables
This commit is contained in:
parent
25869d9ed2
commit
476a8ba6e1
@ -1,11 +0,0 @@
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -37,7 +37,7 @@
|
||||
endif
|
||||
|
||||
COPT_FLAGS:=-O2
|
||||
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
|
||||
+CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
|
||||
|
||||
ifdef NO_SHARED_LIBS
|
||||
CFLAGS += -DNO_SHARED_LIBS=1
|
@ -1,81 +0,0 @@
|
||||
--- ip6tables-restore.c
|
||||
+++ ip6tables-restore.c
|
||||
@@ -76,7 +76,9 @@
|
||||
|
||||
int parse_counters(char *string, struct ip6t_counters *ctr)
|
||||
{
|
||||
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
|
||||
+ u_int64_t *p_pcnt = &ctr->pcnt;
|
||||
+ u_int64_t *p_bcnt = &ctr->bcnt;
|
||||
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
|
||||
}
|
||||
|
||||
/* global new argv and argc */
|
||||
--- ip6tables.c
|
||||
+++ ip6tables.c
|
||||
@@ -1874,5 +1874,6 @@
|
||||
char *protocol = NULL;
|
||||
int proto_used = 0;
|
||||
+ u_int64_t *p_cnt;
|
||||
|
||||
memset(&fw, 0, sizeof(fw));
|
||||
|
||||
@@ -2185,13 +2186,15 @@
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c requires packet and byte counter",
|
||||
opt2char(OPT_COUNTERS));
|
||||
-
|
||||
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
|
||||
+
|
||||
+ p_cnt = &fw.counters.pcnt;
|
||||
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c packet counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
|
||||
+ p_cnt = &fw.counters.bcnt;
|
||||
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c byte counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
--- iptables-restore.c
|
||||
+++ iptables-restore.c
|
||||
@@ -73,7 +73,9 @@
|
||||
|
||||
int parse_counters(char *string, struct ipt_counters *ctr)
|
||||
{
|
||||
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
|
||||
+ u_int64_t *p_pcnt = &ctr->pcnt;
|
||||
+ u_int64_t *p_bcnt = &ctr->bcnt;
|
||||
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
|
||||
}
|
||||
|
||||
/* global new argv and argc */
|
||||
--- iptables.c
|
||||
+++ iptables.c
|
||||
@@ -1956,6 +1956,7 @@
|
||||
char *protocol = NULL;
|
||||
int proto_used = 0;
|
||||
+ u_int64_t *p_cnt;
|
||||
|
||||
memset(&fw, 0, sizeof(fw));
|
||||
|
||||
/* re-set optind to 0 in case do_command gets called
|
||||
@@ -2279,12 +2279,14 @@
|
||||
"-%c requires packet and byte counter",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
|
||||
+ p_cnt = &fw.counters.pcnt;
|
||||
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c packet counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
|
||||
+ p_cnt = &fw.counters.bcnt;
|
||||
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c byte counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c5c8a091ed9a1fa2dab86b4d87719064b50c202e8503046f50f299a361e6211c
|
||||
size 172584
|
@ -1,4 +1,19 @@
|
||||
--- /dev/null
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -107,6 +107,12 @@
|
||||
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
endif
|
||||
|
||||
+iptables-batch: iptables-batch.c iptables.o xtables.o $(STATIC_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
+ip6tables-batch: iptables-batch.c ip6tables.o xtables.o $(STATIC6_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
$(DESTDIR)$(BINDIR)/iptables: iptables
|
||||
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
|
||||
cp $< $@
|
||||
--- iptables-batch.c
|
||||
+++ iptables-batch.c
|
||||
@@ -0,0 +1,454 @@
|
||||
+/*
|
||||
@ -455,18 +470,3 @@
|
||||
+
|
||||
+ exit(!ret);
|
||||
+}
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables
|
||||
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
endif
|
||||
|
||||
+iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
+ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
$(DESTDIR)$(BINDIR)/iptables: iptables
|
||||
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
|
||||
cp $< $@
|
29
iptables-1.4.0-makefile.diff
Normal file
29
iptables-1.4.0-makefile.diff
Normal file
@ -0,0 +1,29 @@
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -11,15 +11,9 @@
|
||||
# Standard part of Makefile for topdir.
|
||||
TOPLEVEL_INCLUDED=YES
|
||||
|
||||
-# For recent kernels we only need the source in KERNEL_DIR to build. Older
|
||||
-# kernels have a bug, where linux/netfilter_ipv4.h includes linux/config.h,
|
||||
-# which includes linux/autoconf.h, which is placed into KBUILD_OUTPUT.
|
||||
ifndef KERNEL_DIR
|
||||
KERNEL_DIR="/lib/modules/$(shell uname -r)/source"
|
||||
endif
|
||||
-ifndef KBUILD_OUTPUT
|
||||
-KBUILD_OUTPUT="/lib/modules/$(shell uname -r)/build"
|
||||
-endif
|
||||
IPTABLES_VERSION:=1.4.0
|
||||
OLD_IPTABLES_VERSION:=1.4.0rc1
|
||||
|
||||
@@ -42,8 +36,8 @@
|
||||
DO_SELINUX=0
|
||||
endif
|
||||
|
||||
-COPT_FLAGS:=-O2
|
||||
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KBUILD_OUTPUT)/include -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
|
||||
+COPT_FLAGS:=$(CFLAGS)
|
||||
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\"
|
||||
|
||||
ifdef NO_SHARED_LIBS
|
||||
CFLAGS += -DNO_SHARED_LIBS=1
|
3
iptables-1.4.0.tar.bz2
Normal file
3
iptables-1.4.0.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52
|
||||
size 181610
|
@ -1,3 +1,48 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 8 17:10:54 CET 2008 - prusnak@suse.cz
|
||||
|
||||
- updated to 1.4.0:
|
||||
* Add support for generic xtables infrastructure (improved IPv6 support!)
|
||||
* Deletes empty ->final_check() functions
|
||||
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
|
||||
* Remove last vestiges of NFC
|
||||
* Make @msg argument a const char *, just like printf
|
||||
* Makes it possible to omit extra_opts of matches/targets if unnecessary
|
||||
* Fix "iptables getsockopt failed strangely" when querying revisions
|
||||
for non-existant matches and targets
|
||||
* Introduces DEST_IPT_LIBDIR in Makefile
|
||||
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
|
||||
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
|
||||
* Fix unused function warning
|
||||
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
|
||||
* Fix showing help text for matches/targets with revision as user
|
||||
* Print warnings to stderr
|
||||
* Fix sscanf type errors
|
||||
* Always print mask in iptables-save
|
||||
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
|
||||
* Adds --table to iptables-restore
|
||||
* Make DO_MULTI=1 work for ip6tables* binaries
|
||||
* Add ip6tables-{save,restore} to non-experimental target,
|
||||
fix strict aliasing warnings
|
||||
* Introducing libxt_*.man files. Sorted matches and modules
|
||||
* Install ip6tables-{save,restore} manpages
|
||||
* Performance optimization in sorting chain during pull-out
|
||||
* Fix sockfd use accounting for kernels without autoloading
|
||||
* use <linux/types.h>
|
||||
* Fix make/compile error for iptables-1.4.0rc1
|
||||
* Fix for --random option in DNAT and REDIRECT
|
||||
* Document xt_statistic
|
||||
* sctp: fix - mistake to pass a pointer where array is required
|
||||
* Fix connlimit output for inverted --connlimit-above:
|
||||
! > is <=, not <
|
||||
* Add NFLOG manpage
|
||||
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
|
||||
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
|
||||
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
|
||||
* fix check_inverse() call
|
||||
- removed obsolete patch:
|
||||
* strict-aliasing-fix.diff (included in update)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 31 13:10:56 CEST 2007 - prusnak@suse.cz
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package iptables (Version 1.3.8)
|
||||
# spec file for package iptables (Version 1.4.0)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -14,16 +14,15 @@ Name: iptables
|
||||
BuildRequires: kernel-source
|
||||
License: GPL v2 or later
|
||||
Group: Productivity/Networking/Security
|
||||
Autoreqprov: on
|
||||
Version: 1.3.8
|
||||
Release: 4
|
||||
AutoReqProv: on
|
||||
Version: 1.4.0
|
||||
Release: 1
|
||||
Summary: IP Packet Filter Administration
|
||||
Source0: %{name}-%{version}.tar.bz2
|
||||
Source1: %{name}-%{version}-debian-docs.tar.bz2
|
||||
Patch0: %{name}-%{version}-makefile.diff
|
||||
Patch1: %{name}-%{version}-batch.diff
|
||||
Patch2: %{name}-%{version}-strict-aliasing-fix.diff
|
||||
URL: http://www.iptables.org
|
||||
Url: http://www.iptables.org
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -40,7 +39,7 @@ Authors:
|
||||
%package devel
|
||||
Summary: Libraries, Headers and Development Man Pages for libipq
|
||||
Group: Development/Libraries/C and C++
|
||||
Autoreqprov: on
|
||||
AutoReqProv: on
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
@ -56,48 +55,85 @@ Authors:
|
||||
%setup -q -a 1
|
||||
%patch0
|
||||
%patch1
|
||||
%patch2
|
||||
|
||||
%build
|
||||
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental
|
||||
#
|
||||
# iptables-batch
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch
|
||||
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
|
||||
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
|
||||
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental
|
||||
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch
|
||||
|
||||
%install
|
||||
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
|
||||
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make IPT_LIBDIR=%{_libdir}/iptables \
|
||||
BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \
|
||||
BINDIR=$RPM_BUILD_ROOT%{_sbindir} \
|
||||
LIBDIR=$RPM_BUILD_ROOT%{_libdir} \
|
||||
INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \
|
||||
MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel install-experimental KERNEL_DIR="$KERNEL_DIR"
|
||||
install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir}
|
||||
INCDIR=$RPM_BUILD_ROOT%{_includedir} \
|
||||
MANDIR=$RPM_BUILD_ROOT%{_mandir} \
|
||||
KERNEL_DIR="$KERNEL_DIR" \
|
||||
install install-devel install-experimental
|
||||
install -m755 iptables-batch ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc COPYING
|
||||
%{_prefix}/sbin/iptables*
|
||||
%{_prefix}/sbin/ip6tables*
|
||||
%{_libdir}/iptables
|
||||
%doc COPYING doc/*.html
|
||||
%doc %{_mandir}/man8/*
|
||||
%doc doc/*.html
|
||||
%{_sbindir}/iptables*
|
||||
%{_sbindir}/ip6tables*
|
||||
%{_libdir}/iptables
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%doc %{_mandir}/man3/*
|
||||
%{_libdir}/*.a
|
||||
%{_prefix}/include/*
|
||||
%{_includedir}/*
|
||||
|
||||
%changelog
|
||||
* Tue Jan 08 2008 - prusnak@suse.cz
|
||||
- updated to 1.4.0:
|
||||
* Add support for generic xtables infrastructure (improved IPv6 support!)
|
||||
* Deletes empty ->final_check() functions
|
||||
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
|
||||
* Remove last vestiges of NFC
|
||||
* Make @msg argument a const char *, just like printf
|
||||
* Makes it possible to omit extra_opts of matches/targets if unnecessary
|
||||
* Fix "iptables getsockopt failed strangely" when querying revisions
|
||||
for non-existant matches and targets
|
||||
* Introduces DEST_IPT_LIBDIR in Makefile
|
||||
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
|
||||
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
|
||||
* Fix unused function warning
|
||||
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
|
||||
* Fix showing help text for matches/targets with revision as user
|
||||
* Print warnings to stderr
|
||||
* Fix sscanf type errors
|
||||
* Always print mask in iptables-save
|
||||
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
|
||||
* Adds --table to iptables-restore
|
||||
* Make DO_MULTI=1 work for ip6tables* binaries
|
||||
* Add ip6tables-{save,restore} to non-experimental target,
|
||||
fix strict aliasing warnings
|
||||
* Introducing libxt_*.man files. Sorted matches and modules
|
||||
* Install ip6tables-{save,restore} manpages
|
||||
* Performance optimization in sorting chain during pull-out
|
||||
* Fix sockfd use accounting for kernels without autoloading
|
||||
* use <linux/types.h>
|
||||
* Fix make/compile error for iptables-1.4.0rc1
|
||||
* Fix for --random option in DNAT and REDIRECT
|
||||
* Document xt_statistic
|
||||
* sctp: fix - mistake to pass a pointer where array is required
|
||||
* Fix connlimit output for inverted --connlimit-above:
|
||||
! > is <=, not <
|
||||
* Add NFLOG manpage
|
||||
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
|
||||
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
|
||||
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
|
||||
* fix check_inverse() call
|
||||
- removed obsolete patch:
|
||||
* strict-aliasing-fix.diff (included in update)
|
||||
* Tue Jul 31 2007 - prusnak@suse.cz
|
||||
- removed sed scripts in %%prep section from last update
|
||||
* not needed anymore
|
||||
|
Loading…
Reference in New Issue
Block a user