Accepting request 312261 from home:kstreitova:branches:security:netfilter
- add ebtables-v2.0.10-4-audit.patch needed for CC certification [bnc#934680] OBS-URL: https://build.opensuse.org/request/show/312261 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ebtables?expand=0&rev=35
This commit is contained in:
parent
c44bb59bb0
commit
4122804c4b
157
ebtables-v2.0.10-4-audit.patch
Normal file
157
ebtables-v2.0.10-4-audit.patch
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
--- ebtables2.orig/extensions/ebt_AUDIT.c 1970-01-01 01:00:00.000000000 +0100
|
||||||
|
+++ ebtables2.orig/extensions/ebt_AUDIT.c 2011-01-07 10:53:46.680329228 +0100
|
||||||
|
@@ -0,0 +1,110 @@
|
||||||
|
+
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <getopt.h>
|
||||||
|
+#include "../include/ebtables_u.h"
|
||||||
|
+#include <linux/netfilter/xt_AUDIT.h>
|
||||||
|
+
|
||||||
|
+#define AUDIT_TYPE '1'
|
||||||
|
+static struct option opts[] =
|
||||||
|
+{
|
||||||
|
+ { "audit-type" , required_argument, 0, AUDIT_TYPE },
|
||||||
|
+ { 0 }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static void print_help()
|
||||||
|
+{
|
||||||
|
+ printf(
|
||||||
|
+ "AUDIT target options:\n"
|
||||||
|
+ " --audit-type TYPE : Set action type to record.\n");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void init(struct ebt_entry_target *target)
|
||||||
|
+{
|
||||||
|
+ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data;
|
||||||
|
+
|
||||||
|
+ info->type = 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int parse(int c, char **argv, int argc,
|
||||||
|
+ const struct ebt_u_entry *entry, unsigned int *flags,
|
||||||
|
+ struct ebt_entry_target **target)
|
||||||
|
+{
|
||||||
|
+ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data;
|
||||||
|
+
|
||||||
|
+ switch (c) {
|
||||||
|
+ case AUDIT_TYPE:
|
||||||
|
+ ebt_check_option2(flags, AUDIT_TYPE);
|
||||||
|
+
|
||||||
|
+ if (!strcasecmp(optarg, "accept"))
|
||||||
|
+ info->type = XT_AUDIT_TYPE_ACCEPT;
|
||||||
|
+ else if (!strcasecmp(optarg, "drop"))
|
||||||
|
+ info->type = XT_AUDIT_TYPE_DROP;
|
||||||
|
+ else if (!strcasecmp(optarg, "reject"))
|
||||||
|
+ info->type = XT_AUDIT_TYPE_REJECT;
|
||||||
|
+ else
|
||||||
|
+ ebt_print_error2("Bad action type value `%s'", optarg);
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void final_check(const struct ebt_u_entry *entry,
|
||||||
|
+ const struct ebt_entry_match *match, const char *name,
|
||||||
|
+ unsigned int hookmask, unsigned int time)
|
||||||
|
+{
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void print(const struct ebt_u_entry *entry,
|
||||||
|
+ const struct ebt_entry_target *target)
|
||||||
|
+{
|
||||||
|
+ const struct xt_AUDIT_info *info =
|
||||||
|
+ (const struct xt_AUDIT_info *) target->data;
|
||||||
|
+
|
||||||
|
+ printf("--audit-type ");
|
||||||
|
+
|
||||||
|
+ switch(info->type) {
|
||||||
|
+ case XT_AUDIT_TYPE_ACCEPT:
|
||||||
|
+ printf("accept");
|
||||||
|
+ break;
|
||||||
|
+ case XT_AUDIT_TYPE_DROP:
|
||||||
|
+ printf("drop");
|
||||||
|
+ break;
|
||||||
|
+ case XT_AUDIT_TYPE_REJECT:
|
||||||
|
+ printf("reject");
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int compare(const struct ebt_entry_target *t1,
|
||||||
|
+ const struct ebt_entry_target *t2)
|
||||||
|
+{
|
||||||
|
+ const struct xt_AUDIT_info *info1 =
|
||||||
|
+ (const struct xt_AUDIT_info *) t1->data;
|
||||||
|
+ const struct xt_AUDIT_info *info2 =
|
||||||
|
+ (const struct xt_AUDIT_info *) t2->data;
|
||||||
|
+
|
||||||
|
+ return info1->type == info2->type;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static struct ebt_u_target AUDIT_target =
|
||||||
|
+{
|
||||||
|
+ .name = "AUDIT",
|
||||||
|
+ .size = sizeof(struct xt_AUDIT_info),
|
||||||
|
+ .help = print_help,
|
||||||
|
+ .init = init,
|
||||||
|
+ .parse = parse,
|
||||||
|
+ .final_check = final_check,
|
||||||
|
+ .print = print,
|
||||||
|
+ .compare = compare,
|
||||||
|
+ .extra_ops = opts,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+void _init(void)
|
||||||
|
+{
|
||||||
|
+ ebt_register_target(&AUDIT_target);
|
||||||
|
+}
|
||||||
|
--- ebtables2.orig/extensions/Makefile 2011-01-07 10:55:28.077246240 +0100
|
||||||
|
+++ ebtables2.orig/extensions/Makefile 2011-01-07 10:53:46.686329230 +0100
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
#! /usr/bin/make
|
||||||
|
|
||||||
|
EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \
|
||||||
|
- pkttype stp among limit ulog nflog
|
||||||
|
+ pkttype stp among limit ulog nflog AUDIT
|
||||||
|
EXT_TABLES+=filter nat broute
|
||||||
|
EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)
|
||||||
|
EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)
|
||||||
|
--- a/include/linux/netfilter/xt_AUDIT.h
|
||||||
|
+++ a/include/linux/netfilter/xt_AUDIT.h
|
||||||
|
@@ -0,0 +1,30 @@
|
||||||
|
+/*
|
||||||
|
+ * Header file for iptables xt_AUDIT target
|
||||||
|
+ *
|
||||||
|
+ * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
|
||||||
|
+ * (C) 2010-2011 Red Hat, Inc.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License version 2 as
|
||||||
|
+ * published by the Free Software Foundation.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef _XT_AUDIT_TARGET_H
|
||||||
|
+#define _XT_AUDIT_TARGET_H
|
||||||
|
+
|
||||||
|
+#include <linux/types.h>
|
||||||
|
+
|
||||||
|
+enum {
|
||||||
|
+ XT_AUDIT_TYPE_ACCEPT = 0,
|
||||||
|
+ XT_AUDIT_TYPE_DROP,
|
||||||
|
+ XT_AUDIT_TYPE_REJECT,
|
||||||
|
+ __XT_AUDIT_TYPE_MAX,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
|
||||||
|
+
|
||||||
|
+struct xt_AUDIT_info {
|
||||||
|
+ __u8 type; /* XT_AUDIT_TYPE_* */
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+#endif /* _XT_AUDIT_TARGET_H */
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 16 11:19:33 UTC 2015 - kstreitova@suse.com
|
||||||
|
|
||||||
|
- add ebtables-v2.0.10-4-audit.patch needed for CC certification
|
||||||
|
[bnc#934680]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org
|
Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package ebtables
|
# spec file for package ebtables
|
||||||
#
|
#
|
||||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -28,6 +28,8 @@ Url: http://ebtables.sf.net/
|
|||||||
Source: %name-v2.0.10-4.tar.xz
|
Source: %name-v2.0.10-4.tar.xz
|
||||||
Patch0: %name-v2.0.8-makefile.diff
|
Patch0: %name-v2.0.8-makefile.diff
|
||||||
Patch1: %name-v2.0.8-initscript.diff
|
Patch1: %name-v2.0.8-initscript.diff
|
||||||
|
# PATCH-FIX-UPSTREAM bnc#934680 kstreitova@suse.com -- audit patch for CC certification
|
||||||
|
Patch2: ebtables-v2.0.10-4-audit.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: linux-glibc-devel >= 2.6.20
|
BuildRequires: linux-glibc-devel >= 2.6.20
|
||||||
BuildRequires: sed
|
BuildRequires: sed
|
||||||
@ -43,6 +45,7 @@ iptables. There are no incompatibility issues.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %name-v2.0.10-4
|
%setup -q -n %name-v2.0.10-4
|
||||||
%patch -P 0 -P 1 -p0
|
%patch -P 0 -P 1 -p0
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267]
|
# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267]
|
||||||
|
Loading…
Reference in New Issue
Block a user