forked from pool/iptables
This commit is contained in:
commit
657e514e99
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
472
iptables-1.3.7-batch.diff
Normal file
472
iptables-1.3.7-batch.diff
Normal file
@ -0,0 +1,472 @@
|
||||
--- /dev/null
|
||||
+++ iptables-batch.c
|
||||
@@ -0,0 +1,454 @@
|
||||
+/*
|
||||
+ * Author: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
+ *
|
||||
+ * Based on the ipchains code by Paul Russell and Michael Neuling
|
||||
+ *
|
||||
+ * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
|
||||
+ * Paul 'Rusty' Russell <rusty@rustcorp.com.au>
|
||||
+ * Marc Boucher <marc+nf@mbsi.ca>
|
||||
+ * James Morris <jmorris@intercode.com.au>
|
||||
+ * Harald Welte <laforge@gnumonks.org>
|
||||
+ * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
+ *
|
||||
+ * iptables-batch -- iptables batch processor
|
||||
+ *
|
||||
+ * See the accompanying manual page iptables(8) for information
|
||||
+ * about proper usage of this program.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 2 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License
|
||||
+ * along with this program; if not, write to the Free Software
|
||||
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+ */
|
||||
+
|
||||
+#define _GNU_SOURCE
|
||||
+#include <stdio.h>
|
||||
+#include <ctype.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <errno.h>
|
||||
+#include <string.h>
|
||||
+
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+#include <ip6tables.h>
|
||||
+#else
|
||||
+#include <iptables.h>
|
||||
+#endif
|
||||
+
|
||||
+static char* errstr = NULL;
|
||||
+
|
||||
+static unsigned current_line = 0;
|
||||
+
|
||||
+static char*
|
||||
+skipspace(char* ptr)
|
||||
+{
|
||||
+ while(*ptr && isspace(*ptr))
|
||||
+ ++ptr;
|
||||
+ return ptr;
|
||||
+}
|
||||
+
|
||||
+static char*
|
||||
+getliteral(char** ptr)
|
||||
+{
|
||||
+ char* start = *ptr;
|
||||
+ char* p = start;
|
||||
+
|
||||
+ while(*p && !isspace(*p))
|
||||
+ ++p;
|
||||
+
|
||||
+ if(*p)
|
||||
+ {
|
||||
+ *p = '\0';
|
||||
+ ++p;
|
||||
+ }
|
||||
+
|
||||
+ *ptr = p;
|
||||
+ return start;
|
||||
+}
|
||||
+
|
||||
+static char*
|
||||
+getstring(char** ptr)
|
||||
+{
|
||||
+ char* start = *ptr+1; // skip leading "
|
||||
+ char* p = start;
|
||||
+ char* o = start;
|
||||
+ int backslash = 0;
|
||||
+ int done = 0;
|
||||
+
|
||||
+ while(*p && !done)
|
||||
+ {
|
||||
+ if(backslash)
|
||||
+ {
|
||||
+ backslash = 0;
|
||||
+ // no escapes supported, just eat the backslash
|
||||
+ *o++ = *p++;
|
||||
+ }
|
||||
+ else if(*p == '\\')
|
||||
+ {
|
||||
+ backslash = 1;
|
||||
+ p++;
|
||||
+ }
|
||||
+ else if(*p == '"')
|
||||
+ {
|
||||
+ done = 1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ *o++ = *p++;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if(done)
|
||||
+ {
|
||||
+ *o = '\0';
|
||||
+ *p = '\0';
|
||||
+ ++p;
|
||||
+ *ptr = p;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ errstr = "missing \" at end of string";
|
||||
+ start = NULL;
|
||||
+ }
|
||||
+ return start;
|
||||
+}
|
||||
+
|
||||
+// this is just a very basic method, not 100% shell compatible
|
||||
+static char*
|
||||
+getword(char** ptr)
|
||||
+{
|
||||
+ *ptr = skipspace(*ptr);
|
||||
+ if(**ptr == '"')
|
||||
+ return getstring(ptr);
|
||||
+ return getliteral(ptr);
|
||||
+}
|
||||
+
|
||||
+// destructive
|
||||
+static int
|
||||
+tokenize(int* argc, char* argv[], size_t nargvsize, char* line)
|
||||
+{
|
||||
+ char* ptr = skipspace(line);
|
||||
+ int ret = 0;
|
||||
+ char* word;
|
||||
+
|
||||
+ while(ptr && *ptr)
|
||||
+ {
|
||||
+ if(*ptr == '#')
|
||||
+ break;
|
||||
+ if(*argc >= nargvsize)
|
||||
+ {
|
||||
+ errstr = "too many arguments";
|
||||
+ ret = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+ word = getword(&ptr);
|
||||
+ if(!word)
|
||||
+ {
|
||||
+ ret = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+ argv[(*argc)++] = word;
|
||||
+ ++ret;
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+#ifdef DEBUG
|
||||
+static void
|
||||
+dumpargv(int argc, char* argv[])
|
||||
+{
|
||||
+ int i;
|
||||
+ for(i=0; i < argc; ++i)
|
||||
+ {
|
||||
+ printf("%s\"%s\"",i?" ":"", argv[i]);
|
||||
+ }
|
||||
+ puts("");
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
+struct table_handle
|
||||
+{
|
||||
+ char* name;
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+ ip6tc_handle_t handle;
|
||||
+#else
|
||||
+ iptc_handle_t handle;
|
||||
+#endif
|
||||
+};
|
||||
+
|
||||
+static struct table_handle* tables = NULL;
|
||||
+static unsigned num_tables;
|
||||
+struct table_handle* current_table;
|
||||
+
|
||||
+static void
|
||||
+alloc_tables()
|
||||
+{
|
||||
+ tables = realloc(tables, sizeof(struct table_handle) * num_tables);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+set_current_table(const char* name)
|
||||
+{
|
||||
+ unsigned i;
|
||||
+
|
||||
+ if(!strcmp(name, current_table->name)) // same as last time?
|
||||
+ return;
|
||||
+
|
||||
+ for(i = 0; i < num_tables; ++i) // find already known table
|
||||
+ {
|
||||
+ if(!strcmp(name, tables[i].name))
|
||||
+ {
|
||||
+ current_table = &tables[i];
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ // table name not known, create new
|
||||
+ i = num_tables++;
|
||||
+ alloc_tables();
|
||||
+ current_table = &tables[i];
|
||||
+ current_table->name = strdup(name);
|
||||
+ current_table->handle = NULL;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+find_table(int argc, char* argv[])
|
||||
+{
|
||||
+ int i;
|
||||
+ for(i = 0; i < argc; ++i)
|
||||
+ {
|
||||
+ if(!strcmp(argv[i], "-t") || !strcmp(argv[i], "--table"))
|
||||
+ {
|
||||
+ ++i;
|
||||
+ if(i >= argc)
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: missing table name after %s\n",
|
||||
+ current_line, argv[i]);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ set_current_table(argv[i]);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ // no -t specified
|
||||
+ set_current_table("filter");
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_iptables(int argc, char* argv[])
|
||||
+{
|
||||
+ char *table = "filter";
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ if(!find_table(argc, argv))
|
||||
+ return 0;
|
||||
+
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+ ret = do_command6(argc, argv, &table, ¤t_table->handle);
|
||||
+
|
||||
+ if (!ret)
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: %s\n", current_line, ip6tc_strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if(!table || strcmp(table, current_table->name))
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: expected table %s, got %s\n",
|
||||
+ current_line, current_table->name, table);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+#else
|
||||
+ ret = do_command(argc, argv, &table, ¤t_table->handle);
|
||||
+
|
||||
+ if (!ret)
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: %s\n", current_line, iptc_strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if(!table || strcmp(table, current_table->name))
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: expected table %s, got %s\n",
|
||||
+ current_line, current_table->name, table);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_commit()
|
||||
+{
|
||||
+ unsigned i;
|
||||
+ int ret = 1;
|
||||
+
|
||||
+ for(i = 0; i < num_tables; ++i)
|
||||
+ {
|
||||
+ if(tables[i].handle)
|
||||
+ {
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+ if(!ip6tc_commit(&tables[i].handle))
|
||||
+ {
|
||||
+ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, ip6tc_strerror(errno));
|
||||
+ ret = 0;
|
||||
+ }
|
||||
+#else
|
||||
+ if(!iptc_commit(&tables[i].handle))
|
||||
+ {
|
||||
+ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, iptc_strerror(errno));
|
||||
+ ret = 0;
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+help()
|
||||
+{
|
||||
+ fprintf(stderr, "Usage: %s [FILE]\n\n", program_name);
|
||||
+ puts("Read iptables commands from FILE, commit them at EOF\n");
|
||||
+ puts("In addition to normal iptables calls the commands");
|
||||
+ puts("'commit' and 'exit' are understood.");
|
||||
+ exit(0);
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+main(int argc, char *argv[])
|
||||
+{
|
||||
+ int ret = 1;
|
||||
+ int numtok;
|
||||
+ size_t llen = 0;
|
||||
+ char* line = NULL;
|
||||
+ ssize_t r = -1;
|
||||
+ int nargc = 0;
|
||||
+ char* nargv[256];
|
||||
+ FILE* fp = stdin;
|
||||
+
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+ program_name = "ip6tables-batch";
|
||||
+
|
||||
+ lib_dir = getenv("IP6TABLES_LIB_DIR");
|
||||
+ if (!lib_dir)
|
||||
+ lib_dir = IP6T_LIB_DIR;
|
||||
+#else
|
||||
+ program_name = "iptables-batch";
|
||||
+
|
||||
+ lib_dir = getenv("IPTABLES_LIB_DIR");
|
||||
+ if (!lib_dir)
|
||||
+ lib_dir = IPT_LIB_DIR;
|
||||
+#endif
|
||||
+ program_version = IPTABLES_VERSION;
|
||||
+
|
||||
+#ifdef NO_SHARED_LIBS
|
||||
+ init_extensions();
|
||||
+#endif
|
||||
+ if(argc > 1)
|
||||
+ {
|
||||
+ if(!strcmp(argv[1], "--help") || !strcmp(argv[1], "-h"))
|
||||
+ {
|
||||
+ help();
|
||||
+ }
|
||||
+ else if(strcmp(argv[1], "-"))
|
||||
+ {
|
||||
+ fp = fopen(argv[1], "r");
|
||||
+ if(!fp)
|
||||
+ {
|
||||
+ perror("fopen");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ num_tables = 4;
|
||||
+ alloc_tables();
|
||||
+ tables[0].name = "filter";
|
||||
+ tables[0].handle = NULL;
|
||||
+ tables[1].name = "mangle";
|
||||
+ tables[1].handle = NULL;
|
||||
+ tables[2].name = "nat";
|
||||
+ tables[2].handle = NULL;
|
||||
+ tables[3].name = "raw";
|
||||
+ tables[3].handle = NULL;
|
||||
+ current_table = &tables[0];
|
||||
+
|
||||
+ while((r = getline(&line, &llen, fp)) != -1)
|
||||
+ {
|
||||
+ if(llen < 1 || !*line)
|
||||
+ continue;
|
||||
+ if(line[strlen(line)-1] == '\n')
|
||||
+ line[strlen(line) -1 ] = '\0';
|
||||
+
|
||||
+ ++current_line;
|
||||
+ nargc = 0;
|
||||
+ errstr = NULL;
|
||||
+ numtok = tokenize(&nargc, nargv, (sizeof(nargv)/sizeof(nargv[0])), line);
|
||||
+ if(numtok == -1)
|
||||
+ {
|
||||
+ }
|
||||
+ else if (numtok == 0)
|
||||
+ {
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if(nargc < 1)
|
||||
+ {
|
||||
+ errstr = "insufficient number of arguments";
|
||||
+ }
|
||||
+
|
||||
+ if(errstr)
|
||||
+ {
|
||||
+ fprintf(stderr, "parse error in line %d: %s\n", current_line, errstr);
|
||||
+ ret = 0;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+#ifdef DEBUG
|
||||
+ dumpargv(nargc, nargv);
|
||||
+#endif
|
||||
+
|
||||
+#ifdef IP6T_LIB_DIR
|
||||
+ if(!strcmp(nargv[0], "ip6tables"))
|
||||
+#else
|
||||
+ if(!strcmp(nargv[0], "iptables"))
|
||||
+#endif
|
||||
+ {
|
||||
+ ret = do_iptables(nargc, nargv);
|
||||
+ if(!ret) break;
|
||||
+ }
|
||||
+ else if(!strcmp(nargv[0], "exit"))
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
+ else if(!strcmp(nargv[0], "commit"))
|
||||
+ {
|
||||
+ ret = do_commit();
|
||||
+ if(!ret) break;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ fprintf(stderr, "line %d: invalid command '%s'\n", current_line, nargv[0]);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if(ret)
|
||||
+ ret = do_commit();
|
||||
+
|
||||
+ exit(!ret);
|
||||
+}
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables
|
||||
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
endif
|
||||
|
||||
+iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
+ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
|
||||
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
||||
+
|
||||
$(DESTDIR)$(BINDIR)/iptables: iptables
|
||||
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
|
||||
cp $< $@
|
3
iptables-1.3.7-debian-docs.tar.bz2
Normal file
3
iptables-1.3.7-debian-docs.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:af04502f869b92350aebd5ecbb2d27a59eea3c45233da2951e0852f9a2ce278d
|
||||
size 24322
|
11
iptables-1.3.7-makefile.diff
Normal file
11
iptables-1.3.7-makefile.diff
Normal file
@ -0,0 +1,11 @@
|
||||
--- Makefile
|
||||
+++ Makefile
|
||||
@@ -37,7 +37,7 @@
|
||||
endif
|
||||
|
||||
COPT_FLAGS:=-O2
|
||||
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
|
||||
+CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
|
||||
|
||||
ifdef NO_SHARED_LIBS
|
||||
CFLAGS += -DNO_SHARED_LIBS=1
|
1428
iptables-1.3.7-shlibs.diff
Normal file
1428
iptables-1.3.7-shlibs.diff
Normal file
File diff suppressed because it is too large
Load Diff
81
iptables-1.3.7-strict-aliasing-fix.diff
Normal file
81
iptables-1.3.7-strict-aliasing-fix.diff
Normal file
@ -0,0 +1,81 @@
|
||||
--- ip6tables-restore.c
|
||||
+++ ip6tables-restore.c
|
||||
@@ -76,7 +76,9 @@
|
||||
|
||||
int parse_counters(char *string, struct ip6t_counters *ctr)
|
||||
{
|
||||
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
|
||||
+ u_int64_t *p_pcnt = &ctr->pcnt;
|
||||
+ u_int64_t *p_bcnt = &ctr->bcnt;
|
||||
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
|
||||
}
|
||||
|
||||
/* global new argv and argc */
|
||||
--- ip6tables.c
|
||||
+++ ip6tables.c
|
||||
@@ -1874,5 +1874,6 @@
|
||||
char *protocol = NULL;
|
||||
int proto_used = 0;
|
||||
+ u_int64_t *p_cnt;
|
||||
|
||||
memset(&fw, 0, sizeof(fw));
|
||||
|
||||
@@ -2185,13 +2186,15 @@
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c requires packet and byte counter",
|
||||
opt2char(OPT_COUNTERS));
|
||||
-
|
||||
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
|
||||
+
|
||||
+ p_cnt = &fw.counters.pcnt;
|
||||
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c packet counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
|
||||
+ p_cnt = &fw.counters.bcnt;
|
||||
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c byte counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
--- iptables-restore.c
|
||||
+++ iptables-restore.c
|
||||
@@ -73,7 +73,9 @@
|
||||
|
||||
int parse_counters(char *string, struct ipt_counters *ctr)
|
||||
{
|
||||
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
|
||||
+ u_int64_t *p_pcnt = &ctr->pcnt;
|
||||
+ u_int64_t *p_bcnt = &ctr->bcnt;
|
||||
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
|
||||
}
|
||||
|
||||
/* global new argv and argc */
|
||||
--- iptables.c
|
||||
+++ iptables.c
|
||||
@@ -1956,6 +1956,7 @@
|
||||
char *protocol = NULL;
|
||||
int proto_used = 0;
|
||||
+ u_int64_t *p_cnt;
|
||||
|
||||
memset(&fw, 0, sizeof(fw));
|
||||
|
||||
/* re-set optind to 0 in case do_command gets called
|
||||
@@ -2279,12 +2279,14 @@
|
||||
"-%c requires packet and byte counter",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
|
||||
+ p_cnt = &fw.counters.pcnt;
|
||||
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c packet counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
||||
|
||||
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
|
||||
+ p_cnt = &fw.counters.bcnt;
|
||||
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
|
||||
exit_error(PARAMETER_PROBLEM,
|
||||
"-%c byte counter not numeric",
|
||||
opt2char(OPT_COUNTERS));
|
3
iptables-1.3.7.tar.bz2
Normal file
3
iptables-1.3.7.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0e00cea0029eaf7923a4a901265d5aa8159804b520fda9c12df54d350073ce02
|
||||
size 196205
|
234
iptables.changes
Normal file
234
iptables.changes
Normal file
@ -0,0 +1,234 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 17:58:09 CET 2007 - prusnak@suse.cz
|
||||
|
||||
- updated to 1.3.7
|
||||
* Add revision support for ip6tables
|
||||
* Add port range support for ip6tables multiport match
|
||||
* Add sctp match extension for ip6tables
|
||||
* Add iptables-xml tool
|
||||
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
|
||||
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
|
||||
* Bugfixes
|
||||
- updated debian-docs and moved into tar.bz2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 16 11:06:55 CET 2006 - mjancar@suse.cz
|
||||
|
||||
- allow setting KERNEL_DIR on commandline for build (#220851)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 17 17:47:47 CEST 2006 - anosek@suse.cz
|
||||
|
||||
- updated to version 1.3.6
|
||||
* Support multiple matches of the same type within a single rule
|
||||
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
|
||||
* SELinux SECMARK target (needs kernel >= 2.6.18)
|
||||
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
|
||||
* Add support for statistic match (needs kernel >= 2.6.18)
|
||||
* Optionally read realm values from /etc/iproute2/rt_realms
|
||||
* Bugfixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 1 15:26:39 CET 2006 - lnussel@suse.de
|
||||
|
||||
- updated to version 1.3.5
|
||||
* supports ip6tables state and conntrack \o/ (#145758)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 27 01:50:25 CET 2006 - mls@suse.de
|
||||
|
||||
- converted neededforbuild to BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 24 15:00:31 CET 2006 - schwab@suse.de
|
||||
|
||||
- Fix building of shared libraries.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 17 15:11:43 CET 2006 - postadal@suse.cz
|
||||
|
||||
- updated policy extension from upstream (policy-1.3.4.patch)
|
||||
* ported for changes in kernel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 17:09:38 CET 2005 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.3.4
|
||||
- added RPM_OPT_FLAGS to CFLAGS
|
||||
- fixed strict aliasing (strict-aliasing-fix.patch)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 1 16:36:26 CEST 2005 - lnussel@suse.de
|
||||
|
||||
- add iptables-batch and ip6tables-batch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 1 10:14:00 CEST 2005 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.3.3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 27 15:38:26 CEST 2005 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.3.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 9 11:28:10 CET 2005 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.3.1 (bug fixes)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 17 10:02:14 CET 2005 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.3.0
|
||||
- removed obsoleted patch modules-secfix
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 02 17:00:05 CET 2004 - postadal@suse.cz
|
||||
|
||||
- fixed uninitialised variable [#47850] - CAN-2004-0986
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 17 15:15:44 CEST 2004 - mludvig@suse.cz
|
||||
|
||||
- Fixed mode for extensions/.policy-test6
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 05 14:15:52 CEST 2004 - mludvig@suse.cz
|
||||
|
||||
- Added IPv6 support to the 'policy' match.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 04 15:44:06 CEST 2004 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.2.11
|
||||
- removed obsoleted patch clusterip
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 24 08:45:00 CEST 2004 - lmb@suse.de
|
||||
|
||||
- Add support for Cluster IP functionality.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 21 16:51:03 CEST 2004 - mludvig@suse.cz
|
||||
|
||||
- Added module for IPv6 conntrack from USAGI.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 24 15:47:24 CET 2004 - mludvig@suse.cz
|
||||
|
||||
- Added policy module from patch-o-matic
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 06 18:09:42 CET 2004 - postadal@suse.cz
|
||||
|
||||
- updated to version 1.2.9.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 10 20:33:48 CET 2004 - adrian@suse.de
|
||||
|
||||
- add %defattr
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 23 15:08:45 CEST 2003 - postadal@suse.cz
|
||||
|
||||
- updated to 1.2.8
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 8 21:33:42 CEST 2003 - schwab@suse.de
|
||||
|
||||
- Prefer sanitized kernel headers.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 05 11:13:51 CEST 2002 - postadal@suse.cz
|
||||
|
||||
- updated to bugfixed 1.2.7a version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 28 18:20:07 CEST 2002 - postadal@suse.cz
|
||||
|
||||
- added Requires %{name} = %{version} to devel package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 08 13:03:46 CEST 2002 - nadvornik@suse.cz
|
||||
|
||||
- updated to 1.2.7
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 27 11:10:32 CET 2002 - postadal@suse.cz
|
||||
|
||||
- revert to compile it with kernel headers (#15448)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 1 14:14:49 CET 2002 - nadvornik@suse.cz
|
||||
|
||||
- compiled with kernel headers from glibc
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 15 15:30:31 CET 2002 - nadvornik@suse.cz
|
||||
|
||||
- update to 1.2.5
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 14 13:51:38 CET 2001 - nadvornik@suse.cz
|
||||
|
||||
- updated to 1.2.4 [bug #12104]
|
||||
- fixed problems with iptables-save/restore
|
||||
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
|
||||
Makefile changes moved to separate patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 22 02:04:31 MEST 2001 - garloff@suse.de
|
||||
|
||||
- Fix ipt_string support (compile fix).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 17 10:55:30 MEST 2001 - garloff@suse.de
|
||||
|
||||
- Update to iptables-1.2.2
|
||||
- Appply debian patch: mostly docu stuff
|
||||
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
|
||||
.spec file to compile and install ip(6)tables-save/restore apps.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 6 15:28:00 CEST 2001 - kukuk@suse.de
|
||||
|
||||
- changed neededforbuild from lx_suse to kernel-source
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 27 23:24:15 CEST 2001 - lmuelle@suse.de
|
||||
|
||||
- update to 1.2.1a
|
||||
- add devel package with libipq stuff
|
||||
- minor spec file cleanup
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jan 28 16:40:08 CET 2001 - olh@suse.de
|
||||
|
||||
- update to 1.2, needed for ppc and sparc
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 09:33:37 CET 2000 - nadvornik@suse.cz
|
||||
|
||||
- compiled with lx_suse
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 17 16:15:51 CEST 2000 - nadvornik@suse.cz
|
||||
|
||||
- update to 1.1.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 22 02:34:07 CEST 2000 - ro@suse.de
|
||||
|
||||
- up to 1.1.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 9 08:58:25 CEST 2000 - ro@suse.de
|
||||
|
||||
- fixed neededforbuild
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 7 08:33:45 CEST 2000 - nadvornik@suse.cz
|
||||
|
||||
- new package 1.1.0
|
||||
|
212
iptables.spec
Normal file
212
iptables.spec
Normal file
@ -0,0 +1,212 @@
|
||||
#
|
||||
# spec file for package iptables (Version 1.3.7)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
|
||||
Name: iptables
|
||||
BuildRequires: kernel-source
|
||||
License: GNU General Public License (GPL)
|
||||
Group: Productivity/Networking/Security
|
||||
Autoreqprov: on
|
||||
Version: 1.3.7
|
||||
Release: 1
|
||||
Summary: IP Packet Filter Administration
|
||||
Source0: %{name}-%{version}.tar.bz2
|
||||
Source1: %{name}-%{version}-debian-docs.tar.bz2
|
||||
Patch2: %{name}-%{version}-makefile.diff
|
||||
Patch20: %{name}-%{version}-batch.diff
|
||||
Patch21: %{name}-%{version}-strict-aliasing-fix.diff
|
||||
Patch22: %{name}-%{version}-shlibs.diff
|
||||
URL: http://www.iptables.org
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
Iptables is used to set up, maintain, and inspect the tables of IP
|
||||
packet filter rules in the Linux kernel. This version requires kernel
|
||||
2.4.0 or newer.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
Netfilter Core Team <netfilter-core@linuxcare.com.au>
|
||||
|
||||
%package devel
|
||||
Summary: Libraries, Headers and Development Man Pages for libipq
|
||||
Group: Development/Libraries/C and C++
|
||||
Autoreqprov: on
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
These libraries are needed to compile programs against libipq.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
Netfilter Core Team <netfilter-core@linuxcare.com.au>
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch2
|
||||
%patch20
|
||||
%patch21
|
||||
%patch22
|
||||
chmod +x extensions/.CLUSTERIP-test
|
||||
|
||||
%build
|
||||
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
|
||||
#
|
||||
# iptables-batch
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" \
|
||||
iptables-batch ip6tables-batch
|
||||
|
||||
%install
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
make IPT_LIBDIR=%{_libdir}/iptables \
|
||||
BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \
|
||||
LIBDIR=$RPM_BUILD_ROOT%{_libdir} \
|
||||
INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \
|
||||
MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel KERNEL_DIR="$KERNEL_DIR"
|
||||
install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir}
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc COPYING
|
||||
%{_prefix}/sbin/iptables*
|
||||
%{_prefix}/sbin/ip6tables*
|
||||
%{_libdir}/iptables
|
||||
%doc %{_mandir}/man8/*
|
||||
%doc doc/*.html
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%doc %{_mandir}/man3/*
|
||||
%{_libdir}/*.a
|
||||
%{_prefix}/include/*
|
||||
|
||||
%changelog -n iptables
|
||||
* Wed Jan 03 2007 - prusnak@suse.cz
|
||||
- updated to 1.3.7
|
||||
* Add revision support for ip6tables
|
||||
* Add port range support for ip6tables multiport match
|
||||
* Add sctp match extension for ip6tables
|
||||
* Add iptables-xml tool
|
||||
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
|
||||
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
|
||||
* Bugfixes
|
||||
- updated debian-docs and moved into tar.bz2
|
||||
* Thu Nov 16 2006 - mjancar@suse.cz
|
||||
- allow setting KERNEL_DIR on commandline for build (#220851)
|
||||
* Tue Oct 17 2006 - anosek@suse.cz
|
||||
- updated to version 1.3.6
|
||||
* Support multiple matches of the same type within a single rule
|
||||
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
|
||||
* SELinux SECMARK target (needs kernel >= 2.6.18)
|
||||
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
|
||||
* Add support for statistic match (needs kernel >= 2.6.18)
|
||||
* Optionally read realm values from /etc/iproute2/rt_realms
|
||||
* Bugfixes
|
||||
* Wed Feb 01 2006 - lnussel@suse.de
|
||||
- updated to version 1.3.5
|
||||
* supports ip6tables state and conntrack \o/ (#145758)
|
||||
* Fri Jan 27 2006 - mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Tue Jan 24 2006 - schwab@suse.de
|
||||
- Fix building of shared libraries.
|
||||
* Tue Jan 17 2006 - postadal@suse.cz
|
||||
- updated policy extension from upstream (policy-1.3.4.patch)
|
||||
* ported for changes in kernel
|
||||
* Tue Nov 15 2005 - postadal@suse.cz
|
||||
- updated to version 1.3.4
|
||||
- added RPM_OPT_FLAGS to CFLAGS
|
||||
- fixed strict aliasing (strict-aliasing-fix.patch)
|
||||
* Mon Aug 01 2005 - lnussel@suse.de
|
||||
- add iptables-batch and ip6tables-batch
|
||||
* Mon Aug 01 2005 - postadal@suse.cz
|
||||
- updated to version 1.3.3
|
||||
* Wed Jul 27 2005 - postadal@suse.cz
|
||||
- updated to version 1.3.2
|
||||
* Wed Mar 09 2005 - postadal@suse.cz
|
||||
- updated to version 1.3.1 (bug fixes)
|
||||
* Thu Feb 17 2005 - postadal@suse.cz
|
||||
- updated to version 1.3.0
|
||||
- removed obsoleted patch modules-secfix
|
||||
* Tue Nov 02 2004 - postadal@suse.cz
|
||||
- fixed uninitialised variable [#47850] - CAN-2004-0986
|
||||
* Tue Aug 17 2004 - mludvig@suse.cz
|
||||
- Fixed mode for extensions/.policy-test6
|
||||
* Thu Aug 05 2004 - mludvig@suse.cz
|
||||
- Added IPv6 support to the 'policy' match.
|
||||
* Wed Aug 04 2004 - postadal@suse.cz
|
||||
- updated to version 1.2.11
|
||||
- removed obsoleted patch clusterip
|
||||
* Sat Apr 24 2004 - lmb@suse.de
|
||||
- Add support for Cluster IP functionality.
|
||||
* Wed Apr 21 2004 - mludvig@suse.cz
|
||||
- Added module for IPv6 conntrack from USAGI.
|
||||
* Wed Mar 24 2004 - mludvig@suse.cz
|
||||
- Added policy module from patch-o-matic
|
||||
* Fri Feb 06 2004 - postadal@suse.cz
|
||||
- updated to version 1.2.9.
|
||||
* Sat Jan 10 2004 - adrian@suse.de
|
||||
- add %%defattr
|
||||
* Wed Jul 23 2003 - postadal@suse.cz
|
||||
- updated to 1.2.8
|
||||
* Tue Apr 08 2003 - schwab@suse.de
|
||||
- Prefer sanitized kernel headers.
|
||||
* Thu Sep 05 2002 - postadal@suse.cz
|
||||
- updated to bugfixed 1.2.7a version
|
||||
* Wed Aug 28 2002 - postadal@suse.cz
|
||||
- added Requires %%{name} = %%{version} to devel package
|
||||
* Thu Aug 08 2002 - nadvornik@suse.cz
|
||||
- updated to 1.2.7
|
||||
* Wed Mar 27 2002 - postadal@suse.cz
|
||||
- revert to compile it with kernel headers (#15448)
|
||||
* Fri Feb 01 2002 - nadvornik@suse.cz
|
||||
- compiled with kernel headers from glibc
|
||||
* Tue Jan 15 2002 - nadvornik@suse.cz
|
||||
- update to 1.2.5
|
||||
* Wed Nov 14 2001 - nadvornik@suse.cz
|
||||
- updated to 1.2.4 [bug #12104]
|
||||
- fixed problems with iptables-save/restore
|
||||
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
|
||||
Makefile changes moved to separate patch
|
||||
* Sat Sep 22 2001 - garloff@suse.de
|
||||
- Fix ipt_string support (compile fix).
|
||||
* Tue Jul 17 2001 - garloff@suse.de
|
||||
- Update to iptables-1.2.2
|
||||
- Appply debian patch: mostly docu stuff
|
||||
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
|
||||
.spec file to compile and install ip(6)tables-save/restore apps.
|
||||
* Fri Apr 06 2001 - kukuk@suse.de
|
||||
- changed neededforbuild from lx_suse to kernel-source
|
||||
* Tue Mar 27 2001 - lmuelle@suse.de
|
||||
- update to 1.2.1a
|
||||
- add devel package with libipq stuff
|
||||
- minor spec file cleanup
|
||||
* Sun Jan 28 2001 - olh@suse.de
|
||||
- update to 1.2, needed for ppc and sparc
|
||||
* Tue Dec 19 2000 - nadvornik@suse.cz
|
||||
- compiled with lx_suse
|
||||
* Tue Oct 17 2000 - nadvornik@suse.cz
|
||||
- update to 1.1.2
|
||||
* Fri Sep 22 2000 - ro@suse.de
|
||||
- up to 1.1.1
|
||||
* Fri Jun 09 2000 - ro@suse.de
|
||||
- fixed neededforbuild
|
||||
* Wed Jun 07 2000 - nadvornik@suse.cz
|
||||
- new package 1.1.0
|
Loading…
Reference in New Issue
Block a user