From 657e514e9961a942eb28c3e5592c46e742329aad32e510ead89f6393175d3922 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 4 Jan 2007 00:56:28 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + iptables-1.3.7-batch.diff | 472 ++++++++ iptables-1.3.7-debian-docs.tar.bz2 | 3 + iptables-1.3.7-makefile.diff | 11 + iptables-1.3.7-shlibs.diff | 1428 +++++++++++++++++++++++ iptables-1.3.7-strict-aliasing-fix.diff | 81 ++ iptables-1.3.7.tar.bz2 | 3 + iptables.changes | 234 ++++ iptables.spec | 212 ++++ ready | 0 11 files changed, 2468 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 iptables-1.3.7-batch.diff create mode 100644 iptables-1.3.7-debian-docs.tar.bz2 create mode 100644 iptables-1.3.7-makefile.diff create mode 100644 iptables-1.3.7-shlibs.diff create mode 100644 iptables-1.3.7-strict-aliasing-fix.diff create mode 100644 iptables-1.3.7.tar.bz2 create mode 100644 iptables.changes create mode 100644 iptables.spec create mode 100644 ready diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/iptables-1.3.7-batch.diff b/iptables-1.3.7-batch.diff new file mode 100644 index 0000000..27c06eb --- /dev/null +++ b/iptables-1.3.7-batch.diff @@ -0,0 +1,472 @@ +--- /dev/null ++++ iptables-batch.c +@@ -0,0 +1,454 @@ ++/* ++ * Author: Ludwig Nussel ++ * ++ * Based on the ipchains code by Paul Russell and Michael Neuling ++ * ++ * (C) 2000-2002 by the netfilter coreteam : ++ * Paul 'Rusty' Russell ++ * Marc Boucher ++ * James Morris ++ * Harald Welte ++ * Jozsef Kadlecsik ++ * ++ * iptables-batch -- iptables batch processor ++ * ++ * See the accompanying manual page iptables(8) for information ++ * about proper usage of this program. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ */ ++ ++#define _GNU_SOURCE ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef IP6T_LIB_DIR ++#include ++#else ++#include ++#endif ++ ++static char* errstr = NULL; ++ ++static unsigned current_line = 0; ++ ++static char* ++skipspace(char* ptr) ++{ ++ while(*ptr && isspace(*ptr)) ++ ++ptr; ++ return ptr; ++} ++ ++static char* ++getliteral(char** ptr) ++{ ++ char* start = *ptr; ++ char* p = start; ++ ++ while(*p && !isspace(*p)) ++ ++p; ++ ++ if(*p) ++ { ++ *p = '\0'; ++ ++p; ++ } ++ ++ *ptr = p; ++ return start; ++} ++ ++static char* ++getstring(char** ptr) ++{ ++ char* start = *ptr+1; // skip leading " ++ char* p = start; ++ char* o = start; ++ int backslash = 0; ++ int done = 0; ++ ++ while(*p && !done) ++ { ++ if(backslash) ++ { ++ backslash = 0; ++ // no escapes supported, just eat the backslash ++ *o++ = *p++; ++ } ++ else if(*p == '\\') ++ { ++ backslash = 1; ++ p++; ++ } ++ else if(*p == '"') ++ { ++ done = 1; ++ } ++ else ++ { ++ *o++ = *p++; ++ } ++ } ++ ++ if(done) ++ { ++ *o = '\0'; ++ *p = '\0'; ++ ++p; ++ *ptr = p; ++ } ++ else ++ { ++ errstr = "missing \" at end of string"; ++ start = NULL; ++ } ++ return start; ++} ++ ++// this is just a very basic method, not 100% shell compatible ++static char* ++getword(char** ptr) ++{ ++ *ptr = skipspace(*ptr); ++ if(**ptr == '"') ++ return getstring(ptr); ++ return getliteral(ptr); ++} ++ ++// destructive ++static int ++tokenize(int* argc, char* argv[], size_t nargvsize, char* line) ++{ ++ char* ptr = skipspace(line); ++ int ret = 0; ++ char* word; ++ ++ while(ptr && *ptr) ++ { ++ if(*ptr == '#') ++ break; ++ if(*argc >= nargvsize) ++ { ++ errstr = "too many arguments"; ++ ret = -1; ++ break; ++ } ++ word = getword(&ptr); ++ if(!word) ++ { ++ ret = -1; ++ break; ++ } ++ argv[(*argc)++] = word; ++ ++ret; ++ } ++ return ret; ++} ++ ++#ifdef DEBUG ++static void ++dumpargv(int argc, char* argv[]) ++{ ++ int i; ++ for(i=0; i < argc; ++i) ++ { ++ printf("%s\"%s\"",i?" ":"", argv[i]); ++ } ++ puts(""); ++} ++#endif ++ ++struct table_handle ++{ ++ char* name; ++#ifdef IP6T_LIB_DIR ++ ip6tc_handle_t handle; ++#else ++ iptc_handle_t handle; ++#endif ++}; ++ ++static struct table_handle* tables = NULL; ++static unsigned num_tables; ++struct table_handle* current_table; ++ ++static void ++alloc_tables() ++{ ++ tables = realloc(tables, sizeof(struct table_handle) * num_tables); ++} ++ ++static void ++set_current_table(const char* name) ++{ ++ unsigned i; ++ ++ if(!strcmp(name, current_table->name)) // same as last time? ++ return; ++ ++ for(i = 0; i < num_tables; ++i) // find already known table ++ { ++ if(!strcmp(name, tables[i].name)) ++ { ++ current_table = &tables[i]; ++ return; ++ } ++ } ++ ++ // table name not known, create new ++ i = num_tables++; ++ alloc_tables(); ++ current_table = &tables[i]; ++ current_table->name = strdup(name); ++ current_table->handle = NULL; ++} ++ ++static int ++find_table(int argc, char* argv[]) ++{ ++ int i; ++ for(i = 0; i < argc; ++i) ++ { ++ if(!strcmp(argv[i], "-t") || !strcmp(argv[i], "--table")) ++ { ++ ++i; ++ if(i >= argc) ++ { ++ fprintf(stderr, "line %d: missing table name after %s\n", ++ current_line, argv[i]); ++ return 0; ++ } ++ set_current_table(argv[i]); ++ return 1; ++ } ++ } ++ ++ // no -t specified ++ set_current_table("filter"); ++ ++ return 1; ++} ++ ++static int ++do_iptables(int argc, char* argv[]) ++{ ++ char *table = "filter"; ++ int ret = 0; ++ ++ if(!find_table(argc, argv)) ++ return 0; ++ ++#ifdef IP6T_LIB_DIR ++ ret = do_command6(argc, argv, &table, ¤t_table->handle); ++ ++ if (!ret) ++ { ++ fprintf(stderr, "line %d: %s\n", current_line, ip6tc_strerror(errno)); ++ } ++ else ++ { ++ if(!table || strcmp(table, current_table->name)) ++ { ++ fprintf(stderr, "line %d: expected table %s, got %s\n", ++ current_line, current_table->name, table); ++ exit(1); ++ } ++ } ++#else ++ ret = do_command(argc, argv, &table, ¤t_table->handle); ++ ++ if (!ret) ++ { ++ fprintf(stderr, "line %d: %s\n", current_line, iptc_strerror(errno)); ++ } ++ else ++ { ++ if(!table || strcmp(table, current_table->name)) ++ { ++ fprintf(stderr, "line %d: expected table %s, got %s\n", ++ current_line, current_table->name, table); ++ exit(1); ++ } ++ } ++#endif ++ ++ return ret; ++} ++ ++static int ++do_commit() ++{ ++ unsigned i; ++ int ret = 1; ++ ++ for(i = 0; i < num_tables; ++i) ++ { ++ if(tables[i].handle) ++ { ++#ifdef IP6T_LIB_DIR ++ if(!ip6tc_commit(&tables[i].handle)) ++ { ++ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, ip6tc_strerror(errno)); ++ ret = 0; ++ } ++#else ++ if(!iptc_commit(&tables[i].handle)) ++ { ++ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, iptc_strerror(errno)); ++ ret = 0; ++ } ++#endif ++ } ++ } ++ ++ return ret; ++} ++ ++static void ++help() ++{ ++ fprintf(stderr, "Usage: %s [FILE]\n\n", program_name); ++ puts("Read iptables commands from FILE, commit them at EOF\n"); ++ puts("In addition to normal iptables calls the commands"); ++ puts("'commit' and 'exit' are understood."); ++ exit(0); ++} ++ ++int ++main(int argc, char *argv[]) ++{ ++ int ret = 1; ++ int numtok; ++ size_t llen = 0; ++ char* line = NULL; ++ ssize_t r = -1; ++ int nargc = 0; ++ char* nargv[256]; ++ FILE* fp = stdin; ++ ++#ifdef IP6T_LIB_DIR ++ program_name = "ip6tables-batch"; ++ ++ lib_dir = getenv("IP6TABLES_LIB_DIR"); ++ if (!lib_dir) ++ lib_dir = IP6T_LIB_DIR; ++#else ++ program_name = "iptables-batch"; ++ ++ lib_dir = getenv("IPTABLES_LIB_DIR"); ++ if (!lib_dir) ++ lib_dir = IPT_LIB_DIR; ++#endif ++ program_version = IPTABLES_VERSION; ++ ++#ifdef NO_SHARED_LIBS ++ init_extensions(); ++#endif ++ if(argc > 1) ++ { ++ if(!strcmp(argv[1], "--help") || !strcmp(argv[1], "-h")) ++ { ++ help(); ++ } ++ else if(strcmp(argv[1], "-")) ++ { ++ fp = fopen(argv[1], "r"); ++ if(!fp) ++ { ++ perror("fopen"); ++ exit(1); ++ } ++ } ++ } ++ ++ num_tables = 4; ++ alloc_tables(); ++ tables[0].name = "filter"; ++ tables[0].handle = NULL; ++ tables[1].name = "mangle"; ++ tables[1].handle = NULL; ++ tables[2].name = "nat"; ++ tables[2].handle = NULL; ++ tables[3].name = "raw"; ++ tables[3].handle = NULL; ++ current_table = &tables[0]; ++ ++ while((r = getline(&line, &llen, fp)) != -1) ++ { ++ if(llen < 1 || !*line) ++ continue; ++ if(line[strlen(line)-1] == '\n') ++ line[strlen(line) -1 ] = '\0'; ++ ++ ++current_line; ++ nargc = 0; ++ errstr = NULL; ++ numtok = tokenize(&nargc, nargv, (sizeof(nargv)/sizeof(nargv[0])), line); ++ if(numtok == -1) ++ { ++ } ++ else if (numtok == 0) ++ { ++ continue; ++ } ++ else if(nargc < 1) ++ { ++ errstr = "insufficient number of arguments"; ++ } ++ ++ if(errstr) ++ { ++ fprintf(stderr, "parse error in line %d: %s\n", current_line, errstr); ++ ret = 0; ++ break; ++ } ++ ++#ifdef DEBUG ++ dumpargv(nargc, nargv); ++#endif ++ ++#ifdef IP6T_LIB_DIR ++ if(!strcmp(nargv[0], "ip6tables")) ++#else ++ if(!strcmp(nargv[0], "iptables")) ++#endif ++ { ++ ret = do_iptables(nargc, nargv); ++ if(!ret) break; ++ } ++ else if(!strcmp(nargv[0], "exit")) ++ { ++ break; ++ } ++ else if(!strcmp(nargv[0], "commit")) ++ { ++ ret = do_commit(); ++ if(!ret) break; ++ } ++ else ++ { ++ fprintf(stderr, "line %d: invalid command '%s'\n", current_line, nargv[0]); ++ } ++ } ++ ++ if(ret) ++ ret = do_commit(); ++ ++ exit(!ret); ++} +--- Makefile ++++ Makefile +@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables + $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) + endif + ++iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a ++ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) ++ ++ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a ++ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) ++ + $(DESTDIR)$(BINDIR)/iptables: iptables + @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + cp $< $@ diff --git a/iptables-1.3.7-debian-docs.tar.bz2 b/iptables-1.3.7-debian-docs.tar.bz2 new file mode 100644 index 0000000..3810dbd --- /dev/null +++ b/iptables-1.3.7-debian-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af04502f869b92350aebd5ecbb2d27a59eea3c45233da2951e0852f9a2ce278d +size 24322 diff --git a/iptables-1.3.7-makefile.diff b/iptables-1.3.7-makefile.diff new file mode 100644 index 0000000..8df6910 --- /dev/null +++ b/iptables-1.3.7-makefile.diff @@ -0,0 +1,11 @@ +--- Makefile ++++ Makefile +@@ -37,7 +37,7 @@ + endif + + COPT_FLAGS:=-O2 +-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG ++CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG + + ifdef NO_SHARED_LIBS + CFLAGS += -DNO_SHARED_LIBS=1 diff --git a/iptables-1.3.7-shlibs.diff b/iptables-1.3.7-shlibs.diff new file mode 100644 index 0000000..3273e55 --- /dev/null +++ b/iptables-1.3.7-shlibs.diff @@ -0,0 +1,1428 @@ +--- extensions/libip6t_HL.c ++++ extensions/libip6t_HL.c +@@ -160,7 +160,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&HL); + } +--- extensions/libip6t_LOG.c ++++ extensions/libip6t_LOG.c +@@ -284,7 +284,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&log); + } +--- extensions/libip6t_MARK.c ++++ extensions/libip6t_MARK.c +@@ -125,7 +125,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&mark); + } +--- extensions/libip6t_NFLOG.c ++++ extensions/libip6t_NFLOG.c +@@ -155,7 +155,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&nflog); + } +--- extensions/libip6t_NFQUEUE.c ++++ extensions/libip6t_NFQUEUE.c +@@ -108,7 +108,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&nfqueue); + } +--- extensions/libip6t_REJECT.c ++++ extensions/libip6t_REJECT.c +@@ -164,7 +164,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&reject); + } +--- extensions/libip6t_ROUTE.c ++++ extensions/libip6t_ROUTE.c +@@ -234,7 +234,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&route); + } +--- extensions/libip6t_SECMARK.c ++++ extensions/libip6t_SECMARK.c +@@ -119,7 +119,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&secmark); + } +--- extensions/libip6t_TRACE.c ++++ extensions/libip6t_TRACE.c +@@ -57,7 +57,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&trace); + } +--- extensions/libip6t_ah.c ++++ extensions/libip6t_ah.c +@@ -220,7 +220,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&ah); +--- extensions/libip6t_condition.c ++++ extensions/libip6t_condition.c +@@ -99,7 +99,7 @@ + }; + + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&condition); +--- extensions/libip6t_dst.c ++++ extensions/libip6t_dst.c +@@ -262,7 +262,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&optstruct); +--- extensions/libip6t_esp.c ++++ extensions/libip6t_esp.c +@@ -178,7 +178,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&esp); +--- extensions/libip6t_eui64.c ++++ extensions/libip6t_eui64.c +@@ -70,7 +70,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&eui64); + } +--- extensions/libip6t_frag.c ++++ extensions/libip6t_frag.c +@@ -265,7 +265,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&frag); +--- extensions/libip6t_fuzzy.c ++++ extensions/libip6t_fuzzy.c +@@ -150,7 +150,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&fuzzy_match); + } +--- extensions/libip6t_hashlimit.c ++++ extensions/libip6t_hashlimit.c +@@ -363,7 +363,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&hashlimit); + } +--- extensions/libip6t_hbh.c ++++ extensions/libip6t_hbh.c +@@ -255,7 +255,7 @@ + .extra_opts = opts, + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&optstruct); +--- extensions/libip6t_hl.c ++++ extensions/libip6t_hl.c +@@ -143,7 +143,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&hl); + } +--- extensions/libip6t_icmp6.c ++++ extensions/libip6t_icmp6.c +@@ -272,7 +272,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&icmpv6); + } +--- extensions/libip6t_ipv6header.c ++++ extensions/libip6t_ipv6header.c +@@ -310,7 +310,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&ipv6header); + } +--- extensions/libip6t_length.c ++++ extensions/libip6t_length.c +@@ -146,7 +146,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&length); + } +--- extensions/libip6t_limit.c ++++ extensions/libip6t_limit.c +@@ -189,7 +189,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&limit); + } +--- extensions/libip6t_mac.c ++++ extensions/libip6t_mac.c +@@ -133,7 +133,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&mac); + } +--- extensions/libip6t_mark.c ++++ extensions/libip6t_mark.c +@@ -136,7 +136,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&mark); + } +--- extensions/libip6t_multiport.c ++++ extensions/libip6t_multiport.c +@@ -450,7 +450,7 @@ + .extra_opts = opts, + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&multiport); +--- extensions/libip6t_nth.c ++++ extensions/libip6t_nth.c +@@ -223,7 +223,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&nth); + } +--- extensions/libip6t_owner.c ++++ extensions/libip6t_owner.c +@@ -242,7 +242,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&owner); + } +--- extensions/libip6t_physdev.c ++++ extensions/libip6t_physdev.c +@@ -186,7 +186,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&physdev); + } +--- extensions/libip6t_policy.c ++++ extensions/libip6t_policy.c +@@ -472,7 +472,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&policy); + } +--- extensions/libip6t_random.c ++++ extensions/libip6t_random.c +@@ -144,7 +144,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&rand_match); + } +--- extensions/libip6t_rt.c ++++ extensions/libip6t_rt.c +@@ -355,7 +355,7 @@ + .extra_opts = opts, + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&rt); +--- extensions/libip6t_sctp.c ++++ extensions/libip6t_sctp.c +@@ -543,7 +543,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&standard); + } +--- extensions/libip6t_standard.c ++++ extensions/libip6t_standard.c +@@ -60,7 +60,7 @@ + .extra_opts = opts, + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&standard); + } +--- extensions/libip6t_state.c ++++ extensions/libip6t_state.c +@@ -157,7 +157,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&state); + } +--- extensions/libip6t_tcp.c ++++ extensions/libip6t_tcp.c +@@ -409,7 +409,7 @@ + .extra_opts = opts, + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&tcp); +--- extensions/libip6t_udp.c ++++ extensions/libip6t_udp.c +@@ -221,7 +221,7 @@ + .extra_opts = opts, + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match6(&udp); +--- extensions/libipt_BALANCE.c ++++ extensions/libipt_BALANCE.c +@@ -144,7 +144,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&balance); + } +--- extensions/libipt_CLASSIFY.c ++++ extensions/libipt_CLASSIFY.c +@@ -123,7 +123,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&classify); + } +--- extensions/libipt_CLUSTERIP.c ++++ extensions/libipt_CLUSTERIP.c +@@ -262,7 +262,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&clusterip); + } +--- extensions/libipt_CONNMARK.c ++++ extensions/libipt_CONNMARK.c +@@ -214,7 +214,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&connmark_target); + } +--- extensions/libipt_CONNSECMARK.c ++++ extensions/libipt_CONNSECMARK.c +@@ -120,7 +120,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&connsecmark); + } +--- extensions/libipt_DNAT.c ++++ extensions/libipt_DNAT.c +@@ -243,7 +243,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&dnat); + } +--- extensions/libipt_DSCP.c ++++ extensions/libipt_DSCP.c +@@ -158,7 +158,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&dscp); + } +--- extensions/libipt_ECN.c ++++ extensions/libipt_ECN.c +@@ -179,7 +179,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&ecn); + } +--- extensions/libipt_FTOS.c ++++ extensions/libipt_FTOS.c +@@ -127,7 +127,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&ftos); + } +--- extensions/libipt_IPMARK.c ++++ extensions/libipt_IPMARK.c +@@ -162,7 +162,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&ipmark); + } +--- extensions/libipt_IPV4OPTSSTRIP.c ++++ extensions/libipt_IPV4OPTSSTRIP.c +@@ -68,7 +68,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&IPV4OPTSSTRIP); + } +--- extensions/libipt_LOG.c ++++ extensions/libipt_LOG.c +@@ -284,7 +284,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&log); + } +--- extensions/libipt_MARK.c ++++ extensions/libipt_MARK.c +@@ -236,7 +236,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&mark_v0); + register_target(&mark_v1); +--- extensions/libipt_MASQUERADE.c ++++ extensions/libipt_MASQUERADE.c +@@ -159,7 +159,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&masq); + } +--- extensions/libipt_MIRROR.c ++++ extensions/libipt_MIRROR.c +@@ -56,7 +56,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&mirror); + } +--- extensions/libipt_NETLINK.c ++++ extensions/libipt_NETLINK.c +@@ -150,7 +150,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&netlink); + } +--- extensions/libipt_NETMAP.c ++++ extensions/libipt_NETMAP.c +@@ -192,7 +192,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&target_module); + } +--- extensions/libipt_NFLOG.c ++++ extensions/libipt_NFLOG.c +@@ -155,7 +155,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&nflog); + } +--- extensions/libipt_NFQUEUE.c ++++ extensions/libipt_NFQUEUE.c +@@ -108,7 +108,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&nfqueue); + } +--- extensions/libipt_NOTRACK.c ++++ extensions/libipt_NOTRACK.c +@@ -57,7 +57,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(¬rack); + } +--- extensions/libipt_REDIRECT.c ++++ extensions/libipt_REDIRECT.c +@@ -164,7 +164,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&redir); + } +--- extensions/libipt_REJECT.c ++++ extensions/libipt_REJECT.c +@@ -183,7 +183,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&reject); + } +--- extensions/libipt_ROUTE.c ++++ extensions/libipt_ROUTE.c +@@ -258,7 +258,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&route); + } +--- extensions/libipt_SAME.c ++++ extensions/libipt_SAME.c +@@ -202,7 +202,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&same); + } +--- extensions/libipt_SECMARK.c ++++ extensions/libipt_SECMARK.c +@@ -119,7 +119,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&secmark); + } +--- extensions/libipt_SET.c ++++ extensions/libipt_SET.c +@@ -174,7 +174,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&ipt_set_target); + } +--- extensions/libipt_SNAT.c ++++ extensions/libipt_SNAT.c +@@ -243,7 +243,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&snat); + } +--- extensions/libipt_TARPIT.c ++++ extensions/libipt_TARPIT.c +@@ -52,7 +52,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&tarpit); + } +--- extensions/libipt_TCPLAG.c ++++ extensions/libipt_TCPLAG.c +@@ -212,4 +212,5 @@ + * so have to go ahead and use it. This registers your target into + * the list of available targets so that your options become available. + */ +-void _init( void ) { register_target( &targ ); } ++static void __attribute__((constructor)) _init(void) ++{ register_target( &targ ); } +--- extensions/libipt_TCPMSS.c ++++ extensions/libipt_TCPMSS.c +@@ -128,7 +128,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&mss); + } +--- extensions/libipt_TOS.c ++++ extensions/libipt_TOS.c +@@ -168,7 +168,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&tos); + } +--- extensions/libipt_TRACE.c ++++ extensions/libipt_TRACE.c +@@ -57,7 +57,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&trace); + } +--- extensions/libipt_TTL.c ++++ extensions/libipt_TTL.c +@@ -160,7 +160,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&TTL); + } +--- extensions/libipt_ULOG.c ++++ extensions/libipt_ULOG.c +@@ -231,7 +231,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&ulog); + } +--- extensions/libipt_XOR.c ++++ extensions/libipt_XOR.c +@@ -108,7 +108,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&XOR); + } +--- extensions/libipt_account.c ++++ extensions/libipt_account.c +@@ -270,7 +270,7 @@ + }; + + /* Function which registers match */ +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&account); + } +--- extensions/libipt_addrtype.c ++++ extensions/libipt_addrtype.c +@@ -201,7 +201,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&addrtype); + } +--- extensions/libipt_ah.c ++++ extensions/libipt_ah.c +@@ -183,7 +183,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&ah); +--- extensions/libipt_childlevel.c ++++ extensions/libipt_childlevel.c +@@ -109,7 +109,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&childlevel); + } +--- extensions/libipt_comment.c ++++ extensions/libipt_comment.c +@@ -113,7 +113,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&comment); + } +--- extensions/libipt_condition.c ++++ extensions/libipt_condition.c +@@ -99,7 +99,7 @@ + }; + + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&condition); +--- extensions/libipt_connbytes.c ++++ extensions/libipt_connbytes.c +@@ -199,7 +199,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&state); + } +--- extensions/libipt_connlimit.c ++++ extensions/libipt_connlimit.c +@@ -126,7 +126,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&connlimit); + } +--- extensions/libipt_connmark.c ++++ extensions/libipt_connmark.c +@@ -145,7 +145,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&connmark_match); + } +--- extensions/libipt_connrate.c ++++ extensions/libipt_connrate.c +@@ -173,7 +173,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&state); + } +--- extensions/libipt_conntrack.c ++++ extensions/libipt_conntrack.c +@@ -544,7 +544,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&conntrack); + } +--- extensions/libipt_dccp.c ++++ extensions/libipt_dccp.c +@@ -367,7 +367,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&dccp); + } +--- extensions/libipt_dscp.c ++++ extensions/libipt_dscp.c +@@ -166,7 +166,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&dscp); + } +--- extensions/libipt_dstlimit.c ++++ extensions/libipt_dstlimit.c +@@ -334,7 +334,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&dstlimit); + } +--- extensions/libipt_ecn.c ++++ extensions/libipt_ecn.c +@@ -165,7 +165,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&ecn); + } +--- extensions/libipt_esp.c ++++ extensions/libipt_esp.c +@@ -186,7 +186,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&esp); +--- extensions/libipt_fuzzy.c ++++ extensions/libipt_fuzzy.c +@@ -152,7 +152,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&fuzzy_match); + } +--- extensions/libipt_hashlimit.c ++++ extensions/libipt_hashlimit.c +@@ -363,7 +363,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&hashlimit); + } +--- extensions/libipt_helper.c ++++ extensions/libipt_helper.c +@@ -95,7 +95,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&helper); + } +--- extensions/libipt_icmp.c ++++ extensions/libipt_icmp.c +@@ -301,7 +301,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&icmp); + } +--- extensions/libipt_iprange.c ++++ extensions/libipt_iprange.c +@@ -178,7 +178,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&iprange); + } +--- extensions/libipt_ipv4options.c ++++ extensions/libipt_ipv4options.c +@@ -305,7 +305,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&ipv4options_struct); + } +--- extensions/libipt_length.c ++++ extensions/libipt_length.c +@@ -145,7 +145,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&length); + } +--- extensions/libipt_limit.c ++++ extensions/libipt_limit.c +@@ -190,7 +190,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&limit); + } +--- extensions/libipt_mac.c ++++ extensions/libipt_mac.c +@@ -134,7 +134,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&mac); + } +--- extensions/libipt_mark.c ++++ extensions/libipt_mark.c +@@ -137,7 +137,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&mark); + } +--- extensions/libipt_mport.c ++++ extensions/libipt_mport.c +@@ -280,7 +280,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&mport); +--- extensions/libipt_multiport.c ++++ extensions/libipt_multiport.c +@@ -456,7 +456,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&multiport); +--- extensions/libipt_nth.c ++++ extensions/libipt_nth.c +@@ -224,7 +224,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&nth); + } +--- extensions/libipt_osf.c ++++ extensions/libipt_osf.c +@@ -159,7 +159,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&osf_match); + } +--- extensions/libipt_owner.c ++++ extensions/libipt_owner.c +@@ -244,7 +244,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&owner); + } +--- extensions/libipt_physdev.c ++++ extensions/libipt_physdev.c +@@ -187,7 +187,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&physdev); + } +--- extensions/libipt_pkttype.c ++++ extensions/libipt_pkttype.c +@@ -161,7 +161,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&pkttype); + } +--- extensions/libipt_policy.c ++++ extensions/libipt_policy.c +@@ -430,7 +430,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&policy); + } +--- extensions/libipt_psd.c ++++ extensions/libipt_psd.c +@@ -188,7 +188,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&psd); + } +--- extensions/libipt_quota.c ++++ extensions/libipt_quota.c +@@ -100,7 +100,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match("a); +--- extensions/libipt_random.c ++++ extensions/libipt_random.c +@@ -144,7 +144,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&rand_match); + } +--- extensions/libipt_realm.c ++++ extensions/libipt_realm.c +@@ -264,7 +264,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&realm); + } +--- extensions/libipt_recent.c ++++ extensions/libipt_recent.c +@@ -234,7 +234,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&recent); + } +--- extensions/libipt_record_rpc.c ++++ extensions/libipt_record_rpc.c +@@ -59,7 +59,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&record_rpc); + } +--- extensions/libipt_rpc.c ++++ extensions/libipt_rpc.c +@@ -366,7 +366,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&rpcstruct); + } +--- extensions/libipt_sctp.c ++++ extensions/libipt_sctp.c +@@ -543,7 +543,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&sctp); + } +--- extensions/libipt_set.c ++++ extensions/libipt_set.c +@@ -161,7 +161,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&set); + } +--- extensions/libipt_standard.c ++++ extensions/libipt_standard.c +@@ -63,7 +63,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target(&standard); + } +--- extensions/libipt_state.c ++++ extensions/libipt_state.c +@@ -157,7 +157,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&state); + } +--- extensions/libipt_statistic.c ++++ extensions/libipt_statistic.c +@@ -169,7 +169,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&statistic); + } +--- extensions/libipt_string.c ++++ extensions/libipt_string.c +@@ -348,7 +348,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&string); + } +--- extensions/libipt_tcp.c ++++ extensions/libipt_tcp.c +@@ -409,7 +409,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&tcp); +--- extensions/libipt_tcpmss.c ++++ extensions/libipt_tcpmss.c +@@ -146,7 +146,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&tcpmss); + } +--- extensions/libipt_time.c ++++ extensions/libipt_time.c +@@ -543,7 +543,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(×truct); + } +--- extensions/libipt_tos.c ++++ extensions/libipt_tos.c +@@ -166,7 +166,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&tos); + } +--- extensions/libipt_ttl.c ++++ extensions/libipt_ttl.c +@@ -166,7 +166,7 @@ + }; + + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&ttl); + } +--- extensions/libipt_u32.c ++++ extensions/libipt_u32.c +@@ -257,7 +257,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&u32); +--- extensions/libipt_udp.c ++++ extensions/libipt_udp.c +@@ -223,7 +223,7 @@ + .extra_opts = opts + }; + +-void ++static void __attribute__((constructor)) + _init(void) + { + register_match(&udp); +--- extensions/libipt_unclean.c ++++ extensions/libipt_unclean.c +@@ -48,7 +48,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match(&unclean); + } +--- extensions/libip6t_CONNMARK.c ++++ extensions/libip6t_CONNMARK.c +@@ -214,7 +214,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&connmark_target); + } +--- extensions/libip6t_CONNSECMARK.c ++++ extensions/libip6t_CONNSECMARK.c +@@ -118,7 +118,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_target6(&connsecmark); + } +--- extensions/libip6t_connmark.c ++++ extensions/libip6t_connmark.c +@@ -145,7 +145,7 @@ + .extra_opts = opts + }; + +-void _init(void) ++static void __attribute__((constructor)) _init(void) + { + register_match6(&connmark_match); + } diff --git a/iptables-1.3.7-strict-aliasing-fix.diff b/iptables-1.3.7-strict-aliasing-fix.diff new file mode 100644 index 0000000..f72412f --- /dev/null +++ b/iptables-1.3.7-strict-aliasing-fix.diff @@ -0,0 +1,81 @@ +--- ip6tables-restore.c ++++ ip6tables-restore.c +@@ -76,7 +76,9 @@ + + int parse_counters(char *string, struct ip6t_counters *ctr) + { +- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); ++ u_int64_t *p_pcnt = &ctr->pcnt; ++ u_int64_t *p_bcnt = &ctr->bcnt; ++ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2); + } + + /* global new argv and argc */ +--- ip6tables.c ++++ ip6tables.c +@@ -1874,5 +1874,6 @@ + char *protocol = NULL; + int proto_used = 0; ++ u_int64_t *p_cnt; + + memset(&fw, 0, sizeof(fw)); + +@@ -2185,13 +2186,15 @@ + exit_error(PARAMETER_PROBLEM, + "-%c requires packet and byte counter", + opt2char(OPT_COUNTERS)); +- +- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1) ++ ++ p_cnt = &fw.counters.pcnt; ++ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1) + exit_error(PARAMETER_PROBLEM, + "-%c packet counter not numeric", + opt2char(OPT_COUNTERS)); + +- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1) ++ p_cnt = &fw.counters.bcnt; ++ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1) + exit_error(PARAMETER_PROBLEM, + "-%c byte counter not numeric", + opt2char(OPT_COUNTERS)); +--- iptables-restore.c ++++ iptables-restore.c +@@ -73,7 +73,9 @@ + + int parse_counters(char *string, struct ipt_counters *ctr) + { +- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); ++ u_int64_t *p_pcnt = &ctr->pcnt; ++ u_int64_t *p_bcnt = &ctr->bcnt; ++ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2); + } + + /* global new argv and argc */ +--- iptables.c ++++ iptables.c +@@ -1956,6 +1956,7 @@ + char *protocol = NULL; + int proto_used = 0; ++ u_int64_t *p_cnt; + + memset(&fw, 0, sizeof(fw)); + + /* re-set optind to 0 in case do_command gets called +@@ -2279,12 +2279,14 @@ + "-%c requires packet and byte counter", + opt2char(OPT_COUNTERS)); + +- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1) ++ p_cnt = &fw.counters.pcnt; ++ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1) + exit_error(PARAMETER_PROBLEM, + "-%c packet counter not numeric", + opt2char(OPT_COUNTERS)); + +- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1) ++ p_cnt = &fw.counters.bcnt; ++ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1) + exit_error(PARAMETER_PROBLEM, + "-%c byte counter not numeric", + opt2char(OPT_COUNTERS)); diff --git a/iptables-1.3.7.tar.bz2 b/iptables-1.3.7.tar.bz2 new file mode 100644 index 0000000..1e49ec1 --- /dev/null +++ b/iptables-1.3.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0e00cea0029eaf7923a4a901265d5aa8159804b520fda9c12df54d350073ce02 +size 196205 diff --git a/iptables.changes b/iptables.changes new file mode 100644 index 0000000..5c8f3aa --- /dev/null +++ b/iptables.changes @@ -0,0 +1,234 @@ +------------------------------------------------------------------- +Wed Jan 3 17:58:09 CET 2007 - prusnak@suse.cz + +- updated to 1.3.7 + * Add revision support for ip6tables + * Add port range support for ip6tables multiport match + * Add sctp match extension for ip6tables + * Add iptables-xml tool + * Add hashlimit support for ip6tables (needs kernel > 2.6.19) + * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19) + * Bugfixes +- updated debian-docs and moved into tar.bz2 + +------------------------------------------------------------------- +Thu Nov 16 11:06:55 CET 2006 - mjancar@suse.cz + +- allow setting KERNEL_DIR on commandline for build (#220851) + +------------------------------------------------------------------- +Tue Oct 17 17:47:47 CEST 2006 - anosek@suse.cz + +- updated to version 1.3.6 + * Support multiple matches of the same type within a single rule + * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18) + * SELinux SECMARK target (needs kernel >= 2.6.18) + * SELinux CONNSECMARK target (needs kernel >= 2.6.18) + * Add support for statistic match (needs kernel >= 2.6.18) + * Optionally read realm values from /etc/iproute2/rt_realms + * Bugfixes + +------------------------------------------------------------------- +Wed Feb 1 15:26:39 CET 2006 - lnussel@suse.de + +- updated to version 1.3.5 + * supports ip6tables state and conntrack \o/ (#145758) + +------------------------------------------------------------------- +Fri Jan 27 01:50:25 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 24 15:00:31 CET 2006 - schwab@suse.de + +- Fix building of shared libraries. + +------------------------------------------------------------------- +Tue Jan 17 15:11:43 CET 2006 - postadal@suse.cz + +- updated policy extension from upstream (policy-1.3.4.patch) + * ported for changes in kernel + +------------------------------------------------------------------- +Tue Nov 15 17:09:38 CET 2005 - postadal@suse.cz + +- updated to version 1.3.4 +- added RPM_OPT_FLAGS to CFLAGS +- fixed strict aliasing (strict-aliasing-fix.patch) + +------------------------------------------------------------------- +Mon Aug 1 16:36:26 CEST 2005 - lnussel@suse.de + +- add iptables-batch and ip6tables-batch + +------------------------------------------------------------------- +Mon Aug 1 10:14:00 CEST 2005 - postadal@suse.cz + +- updated to version 1.3.3 + +------------------------------------------------------------------- +Wed Jul 27 15:38:26 CEST 2005 - postadal@suse.cz + +- updated to version 1.3.2 + +------------------------------------------------------------------- +Wed Mar 9 11:28:10 CET 2005 - postadal@suse.cz + +- updated to version 1.3.1 (bug fixes) + +------------------------------------------------------------------- +Thu Feb 17 10:02:14 CET 2005 - postadal@suse.cz + +- updated to version 1.3.0 +- removed obsoleted patch modules-secfix + +------------------------------------------------------------------- +Tue Nov 02 17:00:05 CET 2004 - postadal@suse.cz + +- fixed uninitialised variable [#47850] - CAN-2004-0986 + +------------------------------------------------------------------- +Tue Aug 17 15:15:44 CEST 2004 - mludvig@suse.cz + +- Fixed mode for extensions/.policy-test6 + +------------------------------------------------------------------- +Thu Aug 05 14:15:52 CEST 2004 - mludvig@suse.cz + +- Added IPv6 support to the 'policy' match. + +------------------------------------------------------------------- +Wed Aug 04 15:44:06 CEST 2004 - postadal@suse.cz + +- updated to version 1.2.11 +- removed obsoleted patch clusterip + +------------------------------------------------------------------- +Sat Apr 24 08:45:00 CEST 2004 - lmb@suse.de + +- Add support for Cluster IP functionality. + +------------------------------------------------------------------- +Wed Apr 21 16:51:03 CEST 2004 - mludvig@suse.cz + +- Added module for IPv6 conntrack from USAGI. + +------------------------------------------------------------------- +Wed Mar 24 15:47:24 CET 2004 - mludvig@suse.cz + +- Added policy module from patch-o-matic + +------------------------------------------------------------------- +Fri Feb 06 18:09:42 CET 2004 - postadal@suse.cz + +- updated to version 1.2.9. + +------------------------------------------------------------------- +Sat Jan 10 20:33:48 CET 2004 - adrian@suse.de + +- add %defattr + +------------------------------------------------------------------- +Wed Jul 23 15:08:45 CEST 2003 - postadal@suse.cz + +- updated to 1.2.8 + +------------------------------------------------------------------- +Tue Apr 8 21:33:42 CEST 2003 - schwab@suse.de + +- Prefer sanitized kernel headers. + +------------------------------------------------------------------- +Thu Sep 05 11:13:51 CEST 2002 - postadal@suse.cz + +- updated to bugfixed 1.2.7a version + +------------------------------------------------------------------- +Wed Aug 28 18:20:07 CEST 2002 - postadal@suse.cz + +- added Requires %{name} = %{version} to devel package + +------------------------------------------------------------------- +Thu Aug 08 13:03:46 CEST 2002 - nadvornik@suse.cz + +- updated to 1.2.7 + +------------------------------------------------------------------- +Wed Mar 27 11:10:32 CET 2002 - postadal@suse.cz + +- revert to compile it with kernel headers (#15448) + +------------------------------------------------------------------- +Fri Feb 1 14:14:49 CET 2002 - nadvornik@suse.cz + +- compiled with kernel headers from glibc + +------------------------------------------------------------------- +Tue Jan 15 15:30:31 CET 2002 - nadvornik@suse.cz + +- update to 1.2.5 + +------------------------------------------------------------------- +Wed Nov 14 13:51:38 CET 2001 - nadvornik@suse.cz + +- updated to 1.2.4 [bug #12104] + - fixed problems with iptables-save/restore +- iptables-1.2.4.debian.diff.bz2 contains documentation only, + Makefile changes moved to separate patch + +------------------------------------------------------------------- +Sat Sep 22 02:04:31 MEST 2001 - garloff@suse.de + +- Fix ipt_string support (compile fix). + +------------------------------------------------------------------- +Tue Jul 17 10:55:30 MEST 2001 - garloff@suse.de + +- Update to iptables-1.2.2 +- Appply debian patch: mostly docu stuff +- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM + .spec file to compile and install ip(6)tables-save/restore apps. + +------------------------------------------------------------------- +Fri Apr 6 15:28:00 CEST 2001 - kukuk@suse.de + +- changed neededforbuild from lx_suse to kernel-source + +------------------------------------------------------------------- +Tue Mar 27 23:24:15 CEST 2001 - lmuelle@suse.de + +- update to 1.2.1a +- add devel package with libipq stuff +- minor spec file cleanup + +------------------------------------------------------------------- +Sun Jan 28 16:40:08 CET 2001 - olh@suse.de + +- update to 1.2, needed for ppc and sparc + +------------------------------------------------------------------- +Tue Dec 19 09:33:37 CET 2000 - nadvornik@suse.cz + +- compiled with lx_suse + +------------------------------------------------------------------- +Tue Oct 17 16:15:51 CEST 2000 - nadvornik@suse.cz + +- update to 1.1.2 + +------------------------------------------------------------------- +Fri Sep 22 02:34:07 CEST 2000 - ro@suse.de + +- up to 1.1.1 + +------------------------------------------------------------------- +Fri Jun 9 08:58:25 CEST 2000 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Wed Jun 7 08:33:45 CEST 2000 - nadvornik@suse.cz + +- new package 1.1.0 + diff --git a/iptables.spec b/iptables.spec new file mode 100644 index 0000000..ecdbd7a --- /dev/null +++ b/iptables.spec @@ -0,0 +1,212 @@ +# +# spec file for package iptables (Version 1.3.7) +# +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: iptables +BuildRequires: kernel-source +License: GNU General Public License (GPL) +Group: Productivity/Networking/Security +Autoreqprov: on +Version: 1.3.7 +Release: 1 +Summary: IP Packet Filter Administration +Source0: %{name}-%{version}.tar.bz2 +Source1: %{name}-%{version}-debian-docs.tar.bz2 +Patch2: %{name}-%{version}-makefile.diff +Patch20: %{name}-%{version}-batch.diff +Patch21: %{name}-%{version}-strict-aliasing-fix.diff +Patch22: %{name}-%{version}-shlibs.diff +URL: http://www.iptables.org +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Iptables is used to set up, maintain, and inspect the tables of IP +packet filter rules in the Linux kernel. This version requires kernel +2.4.0 or newer. + + + +Authors: +-------- + Netfilter Core Team + +%package devel +Summary: Libraries, Headers and Development Man Pages for libipq +Group: Development/Libraries/C and C++ +Autoreqprov: on +Requires: %{name} = %{version} + +%description devel +These libraries are needed to compile programs against libipq. + + + +Authors: +-------- + Netfilter Core Team + +%prep +%setup -q -a 1 +%patch2 +%patch20 +%patch21 +%patch22 +chmod +x extensions/.CLUSTERIP-test + +%build +[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"; +CFLAGS="$RPM_OPT_FLAGS" \ +make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" +# +# iptables-batch +CFLAGS="$RPM_OPT_FLAGS" \ +make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" \ + iptables-batch ip6tables-batch + +%install +CFLAGS="$RPM_OPT_FLAGS" \ +make IPT_LIBDIR=%{_libdir}/iptables \ + BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \ + LIBDIR=$RPM_BUILD_ROOT%{_libdir} \ + INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \ + MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel KERNEL_DIR="$KERNEL_DIR" +install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir} + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%doc COPYING +%{_prefix}/sbin/iptables* +%{_prefix}/sbin/ip6tables* +%{_libdir}/iptables +%doc %{_mandir}/man8/* +%doc doc/*.html + +%files devel +%defattr(-,root,root) +%doc %{_mandir}/man3/* +%{_libdir}/*.a +%{_prefix}/include/* + +%changelog -n iptables +* Wed Jan 03 2007 - prusnak@suse.cz +- updated to 1.3.7 + * Add revision support for ip6tables + * Add port range support for ip6tables multiport match + * Add sctp match extension for ip6tables + * Add iptables-xml tool + * Add hashlimit support for ip6tables (needs kernel > 2.6.19) + * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19) + * Bugfixes +- updated debian-docs and moved into tar.bz2 +* Thu Nov 16 2006 - mjancar@suse.cz +- allow setting KERNEL_DIR on commandline for build (#220851) +* Tue Oct 17 2006 - anosek@suse.cz +- updated to version 1.3.6 + * Support multiple matches of the same type within a single rule + * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18) + * SELinux SECMARK target (needs kernel >= 2.6.18) + * SELinux CONNSECMARK target (needs kernel >= 2.6.18) + * Add support for statistic match (needs kernel >= 2.6.18) + * Optionally read realm values from /etc/iproute2/rt_realms + * Bugfixes +* Wed Feb 01 2006 - lnussel@suse.de +- updated to version 1.3.5 + * supports ip6tables state and conntrack \o/ (#145758) +* Fri Jan 27 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Tue Jan 24 2006 - schwab@suse.de +- Fix building of shared libraries. +* Tue Jan 17 2006 - postadal@suse.cz +- updated policy extension from upstream (policy-1.3.4.patch) + * ported for changes in kernel +* Tue Nov 15 2005 - postadal@suse.cz +- updated to version 1.3.4 +- added RPM_OPT_FLAGS to CFLAGS +- fixed strict aliasing (strict-aliasing-fix.patch) +* Mon Aug 01 2005 - lnussel@suse.de +- add iptables-batch and ip6tables-batch +* Mon Aug 01 2005 - postadal@suse.cz +- updated to version 1.3.3 +* Wed Jul 27 2005 - postadal@suse.cz +- updated to version 1.3.2 +* Wed Mar 09 2005 - postadal@suse.cz +- updated to version 1.3.1 (bug fixes) +* Thu Feb 17 2005 - postadal@suse.cz +- updated to version 1.3.0 +- removed obsoleted patch modules-secfix +* Tue Nov 02 2004 - postadal@suse.cz +- fixed uninitialised variable [#47850] - CAN-2004-0986 +* Tue Aug 17 2004 - mludvig@suse.cz +- Fixed mode for extensions/.policy-test6 +* Thu Aug 05 2004 - mludvig@suse.cz +- Added IPv6 support to the 'policy' match. +* Wed Aug 04 2004 - postadal@suse.cz +- updated to version 1.2.11 +- removed obsoleted patch clusterip +* Sat Apr 24 2004 - lmb@suse.de +- Add support for Cluster IP functionality. +* Wed Apr 21 2004 - mludvig@suse.cz +- Added module for IPv6 conntrack from USAGI. +* Wed Mar 24 2004 - mludvig@suse.cz +- Added policy module from patch-o-matic +* Fri Feb 06 2004 - postadal@suse.cz +- updated to version 1.2.9. +* Sat Jan 10 2004 - adrian@suse.de +- add %%defattr +* Wed Jul 23 2003 - postadal@suse.cz +- updated to 1.2.8 +* Tue Apr 08 2003 - schwab@suse.de +- Prefer sanitized kernel headers. +* Thu Sep 05 2002 - postadal@suse.cz +- updated to bugfixed 1.2.7a version +* Wed Aug 28 2002 - postadal@suse.cz +- added Requires %%{name} = %%{version} to devel package +* Thu Aug 08 2002 - nadvornik@suse.cz +- updated to 1.2.7 +* Wed Mar 27 2002 - postadal@suse.cz +- revert to compile it with kernel headers (#15448) +* Fri Feb 01 2002 - nadvornik@suse.cz +- compiled with kernel headers from glibc +* Tue Jan 15 2002 - nadvornik@suse.cz +- update to 1.2.5 +* Wed Nov 14 2001 - nadvornik@suse.cz +- updated to 1.2.4 [bug #12104] + - fixed problems with iptables-save/restore +- iptables-1.2.4.debian.diff.bz2 contains documentation only, + Makefile changes moved to separate patch +* Sat Sep 22 2001 - garloff@suse.de +- Fix ipt_string support (compile fix). +* Tue Jul 17 2001 - garloff@suse.de +- Update to iptables-1.2.2 +- Appply debian patch: mostly docu stuff +- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM + .spec file to compile and install ip(6)tables-save/restore apps. +* Fri Apr 06 2001 - kukuk@suse.de +- changed neededforbuild from lx_suse to kernel-source +* Tue Mar 27 2001 - lmuelle@suse.de +- update to 1.2.1a +- add devel package with libipq stuff +- minor spec file cleanup +* Sun Jan 28 2001 - olh@suse.de +- update to 1.2, needed for ppc and sparc +* Tue Dec 19 2000 - nadvornik@suse.cz +- compiled with lx_suse +* Tue Oct 17 2000 - nadvornik@suse.cz +- update to 1.1.2 +* Fri Sep 22 2000 - ro@suse.de +- up to 1.1.1 +* Fri Jun 09 2000 - ro@suse.de +- fixed neededforbuild +* Wed Jun 07 2000 - nadvornik@suse.cz +- new package 1.1.0 diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4