jengelh/iptables
SHA256
1
0
Fork 1
forked from pool/iptables
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=7

Browse Source
This commit is contained in:
OBS User unknown 2008-01-10 00:54:33 +00:00 committed by Git OBS Bridge
parent 25869d9ed2
commit 476a8ba6e1
9 changed files with 158 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
iptables-1.3.8-makefile.diff
View File

@ -1,11 +0,0 @@
--- Makefile
+++ Makefile
@@ -37,7 +37,7 @@
endif
COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
+CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
ifdef NO_SHARED_LIBS
CFLAGS += -DNO_SHARED_LIBS=1

81
iptables-1.3.8-strict-aliasing-fix.diff
View File

@ -1,81 +0,0 @@
--- ip6tables-restore.c
+++ ip6tables-restore.c
@@ -76,7 +76,9 @@
int parse_counters(char *string, struct ip6t_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *p_pcnt = &ctr->pcnt;
+ u_int64_t *p_bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
}
/* global new argv and argc */
--- ip6tables.c
+++ ip6tables.c
@@ -1874,5 +1874,6 @@
char *protocol = NULL;
int proto_used = 0;
+ u_int64_t *p_cnt;
memset(&fw, 0, sizeof(fw));
@@ -2185,13 +2186,15 @@
exit_error(PARAMETER_PROBLEM,
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
-
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
+
+ p_cnt = &fw.counters.pcnt;
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
+ p_cnt = &fw.counters.bcnt;
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
--- iptables-restore.c
+++ iptables-restore.c
@@ -73,7 +73,9 @@
int parse_counters(char *string, struct ipt_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *p_pcnt = &ctr->pcnt;
+ u_int64_t *p_bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
}
/* global new argv and argc */
--- iptables.c
+++ iptables.c
@@ -1956,6 +1956,7 @@
char *protocol = NULL;
int proto_used = 0;
+ u_int64_t *p_cnt;
memset(&fw, 0, sizeof(fw));
/* re-set optind to 0 in case do_command gets called
@@ -2279,12 +2279,14 @@
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
+ p_cnt = &fw.counters.pcnt;
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
+ p_cnt = &fw.counters.bcnt;
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));

3
iptables-1.3.8.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c5c8a091ed9a1fa2dab86b4d87719064b50c202e8503046f50f299a361e6211c
size 172584

32
iptables-1.3.8-batch.diff → iptables-1.4.0-batch.diff
View File

@ -1,4 +1,19 @@
--- /dev/null
--- Makefile
+++ Makefile
@@ -107,6 +107,12 @@
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
endif
+iptables-batch: iptables-batch.c iptables.o xtables.o $(STATIC_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ip6tables-batch: iptables-batch.c ip6tables.o xtables.o $(STATIC6_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
$(DESTDIR)$(BINDIR)/iptables: iptables
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
cp $< $@
--- iptables-batch.c
+++ iptables-batch.c
@@ -0,0 +1,454 @@
+/*
@ -455,18 +470,3 @@
+
+ exit(!ret);
+}
--- Makefile
+++ Makefile
@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
endif
+iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
$(DESTDIR)$(BINDIR)/iptables: iptables
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
cp $< $@

0
iptables-1.3.8-debian-docs.tar.bz2 → iptables-1.4.0-debian-docs.tar.bz2
View File

29
iptables-1.4.0-makefile.diff Normal file
View File

@ -0,0 +1,29 @@
--- Makefile
+++ Makefile
@@ -11,15 +11,9 @@
# Standard part of Makefile for topdir.
TOPLEVEL_INCLUDED=YES
-# For recent kernels we only need the source in KERNEL_DIR to build. Older
-# kernels have a bug, where linux/netfilter_ipv4.h includes linux/config.h,
-# which includes linux/autoconf.h, which is placed into KBUILD_OUTPUT.
ifndef KERNEL_DIR
KERNEL_DIR="/lib/modules/$(shell uname -r)/source"
endif
-ifndef KBUILD_OUTPUT
-KBUILD_OUTPUT="/lib/modules/$(shell uname -r)/build"
-endif
IPTABLES_VERSION:=1.4.0
OLD_IPTABLES_VERSION:=1.4.0rc1
@@ -42,8 +36,8 @@
DO_SELINUX=0
endif
-COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KBUILD_OUTPUT)/include -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
+COPT_FLAGS:=$(CFLAGS)
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\"
ifdef NO_SHARED_LIBS
CFLAGS += -DNO_SHARED_LIBS=1

3
iptables-1.4.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52
size 181610

45
iptables.changes
View File

@ -1,3 +1,48 @@
-------------------------------------------------------------------
Tue Jan 8 17:10:54 CET 2008 - prusnak@suse.cz
- updated to 1.4.0:
* Add support for generic xtables infrastructure (improved IPv6 support!)
* Deletes empty ->final_check() functions
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
* Remove last vestiges of NFC
* Make @msg argument a const char *, just like printf
* Makes it possible to omit extra_opts of matches/targets if unnecessary
* Fix "iptables getsockopt failed strangely" when querying revisions
for non-existant matches and targets
* Introduces DEST_IPT_LIBDIR in Makefile
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
* Fix unused function warning
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
* Fix showing help text for matches/targets with revision as user
* Print warnings to stderr
* Fix sscanf type errors
* Always print mask in iptables-save
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
* Adds --table to iptables-restore
* Make DO_MULTI=1 work for ip6tables* binaries
* Add ip6tables-{save,restore} to non-experimental target,
fix strict aliasing warnings
* Introducing libxt_*.man files. Sorted matches and modules
* Install ip6tables-{save,restore} manpages
* Performance optimization in sorting chain during pull-out
* Fix sockfd use accounting for kernels without autoloading
* use <linux/types.h>
* Fix make/compile error for iptables-1.4.0rc1
* Fix for --random option in DNAT and REDIRECT
* Document xt_statistic
* sctp: fix - mistake to pass a pointer where array is required
* Fix connlimit output for inverted --connlimit-above:
! > is <=, not <
* Add NFLOG manpage
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
* fix check_inverse() call
- removed obsolete patch:
* strict-aliasing-fix.diff (included in update)
-------------------------------------------------------------------
Tue Jul 31 13:10:56 CEST 2007 - prusnak@suse.cz

94
iptables.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package iptables (Version 1.3.8)
# spec file for package iptables (Version 1.4.0)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -14,16 +14,15 @@ Name: iptables
BuildRequires: kernel-source
License: GPL v2 or later
Group: Productivity/Networking/Security
Autoreqprov: on
Version: 1.3.8
Release: 4
AutoReqProv: on
Version: 1.4.0
Release: 1
Summary: IP Packet Filter Administration
Source0: %{name}-%{version}.tar.bz2
Source1: %{name}-%{version}-debian-docs.tar.bz2
Patch0: %{name}-%{version}-makefile.diff
Patch1: %{name}-%{version}-batch.diff
Patch2: %{name}-%{version}-strict-aliasing-fix.diff
URL: http://www.iptables.org
Url: http://www.iptables.org
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -40,7 +39,7 @@ Authors:
%package devel
Summary: Libraries, Headers and Development Man Pages for libipq
Group: Development/Libraries/C and C++
Autoreqprov: on
AutoReqProv: on
Requires: %{name} = %{version}
%description devel
@ -56,48 +55,85 @@ Authors:
%setup -q -a 1
%patch0
%patch1
%patch2
%build
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
CFLAGS="$RPM_OPT_FLAGS" \
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
CFLAGS="$RPM_OPT_FLAGS" \
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental
#
# iptables-batch
CFLAGS="$RPM_OPT_FLAGS" \
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch
%install
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
CFLAGS="$RPM_OPT_FLAGS" \
make IPT_LIBDIR=%{_libdir}/iptables \
BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \
BINDIR=$RPM_BUILD_ROOT%{_sbindir} \
LIBDIR=$RPM_BUILD_ROOT%{_libdir} \
INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \
MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel install-experimental KERNEL_DIR="$KERNEL_DIR"
install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir}
INCDIR=$RPM_BUILD_ROOT%{_includedir} \
MANDIR=$RPM_BUILD_ROOT%{_mandir} \
KERNEL_DIR="$KERNEL_DIR" \
install install-devel install-experimental
install -m755 iptables-batch ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc COPYING
%{_prefix}/sbin/iptables*
%{_prefix}/sbin/ip6tables*
%{_libdir}/iptables
%doc COPYING doc/*.html
%doc %{_mandir}/man8/*
%doc doc/*.html
%{_sbindir}/iptables*
%{_sbindir}/ip6tables*
%{_libdir}/iptables
%files devel
%defattr(-,root,root)
%doc %{_mandir}/man3/*
%{_libdir}/*.a
%{_prefix}/include/*
%{_includedir}/*
%changelog
* Tue Jan 08 2008 - prusnak@suse.cz
- updated to 1.4.0:
* Add support for generic xtables infrastructure (improved IPv6 support!)
* Deletes empty ->final_check() functions
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
* Remove last vestiges of NFC
* Make @msg argument a const char *, just like printf
* Makes it possible to omit extra_opts of matches/targets if unnecessary
* Fix "iptables getsockopt failed strangely" when querying revisions
for non-existant matches and targets
* Introduces DEST_IPT_LIBDIR in Makefile
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
* Fix unused function warning
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
* Fix showing help text for matches/targets with revision as user
* Print warnings to stderr
* Fix sscanf type errors
* Always print mask in iptables-save
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
* Adds --table to iptables-restore
* Make DO_MULTI=1 work for ip6tables* binaries
* Add ip6tables-{save,restore} to non-experimental target,
fix strict aliasing warnings
* Introducing libxt_*.man files. Sorted matches and modules
* Install ip6tables-{save,restore} manpages
* Performance optimization in sorting chain during pull-out
* Fix sockfd use accounting for kernels without autoloading
* use <linux/types.h>
* Fix make/compile error for iptables-1.4.0rc1
* Fix for --random option in DNAT and REDIRECT
* Document xt_statistic
* sctp: fix - mistake to pass a pointer where array is required
* Fix connlimit output for inverted --connlimit-above:
! > is <=, not <
* Add NFLOG manpage
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
* fix check_inverse() call
- removed obsolete patch:
* strict-aliasing-fix.diff (included in update)
* Tue Jul 31 2007 - prusnak@suse.cz
- removed sed scripts in %%prep section from last update
* not needed anymore