Hello community,
here is the log from the commit of package xtables-addons for openSUSE:Factory
checked in at Mon Apr 26 23:48:14 CEST 2010.
--------
--- xtables-addons/xtables-addons.changes 2010-03-20 01:41:28.000000000 +0100
+++ xtables-addons/xtables-addons.changes 2010-04-26 14:22:13.000000000 +0200
@@ -1,0 +2,11 @@
+Mon Apr 26 12:15:08 UTC 2010 - jengelh@medozas.de
+
+- new upstream release 1.25
+ * incorporated changes from upstream review into xt_TEE:
+ (rechecksumming in PREROUTING, decrease TTL on cloned packet, set
+ dont-fragment on cloned packets, free skb when route lookup
+ failed, do not limit use to mangle table, do not retain iif and
+ mark on cloned packet, new loop detection logic, use less
+ expensive pskb_copy)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
xtables-addons-1.24.tar.bz2
New:
----
xtables-addons-1.25.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xtables-addons.spec ++++++
--- /var/tmp/diff_new_pack.EjFK7p/_old 2010-04-26 23:47:41.000000000 +0200
+++ /var/tmp/diff_new_pack.EjFK7p/_new 2010-04-26 23:47:41.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package xtables-addons (Version 1.24)
+# spec file for package xtables-addons (Version 1.25)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -18,7 +18,7 @@
Name: xtables-addons
-Version: 1.24
+Version: 1.25
Release: 1
Group: Productivity/Networking/Security
Summary: IP Packet Filter Administration Extensions
++++++ xtables-addons-1.24.tar.bz2 -> xtables-addons-1.25.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/INSTALL new/xtables-addons-1.25/INSTALL
--- old/xtables-addons-1.24/INSTALL 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/INSTALL 2010-04-26 14:12:03.000000000 +0200
@@ -4,7 +4,7 @@
Xtables-addons uses the well-known configure(autotools) infrastructure
in combination with the kernel's Kbuild system.
- $ ./configure
+ $ ./configure --with-xtlibdir=SEE_BELOW
$ make
# make install
@@ -55,7 +55,10 @@
Specifies the path to where the newly built extensions should
be installed when `make install` is run. It uses the same
- default as the Xtables/iptables package, ${libexecdir}/xtables.
+ default as the Xtables/iptables package, ${libexecdir}/xtables,
+ but you may need to specify this nevertheless, as autotools
+ defaults to using /usr/local as prefix, and distributions put
+ the files in differing locations.
If you want to enable debugging, use
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/doc/changelog.txt new/xtables-addons-1.25/doc/changelog.txt
--- old/xtables-addons-1.24/doc/changelog.txt 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/doc/changelog.txt 2010-04-26 14:12:03.000000000 +0200
@@ -1,6 +1,15 @@
HEAD
====
+- TEE: do rechecksumming in PREROUTING too
+- TEE: decrease TTL on cloned packet
+- TEE: set dont-fragment on cloned packets
+- TEE: free skb when route lookup failed
+- TEE: do not limit use to mangle table
+- TEE: do not retain iif and mark on cloned packet
+- TEE: new loop detection logic
+- TEE: use less expensive pskb_copy
+- condition: remove unnecessary RCU protection
Xtables-addons 1.24 (March 17 2010)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/ACCOUNT/xt_ACCOUNT.c new/xtables-addons-1.25/extensions/ACCOUNT/xt_ACCOUNT.c
--- old/xtables-addons-1.24/extensions/ACCOUNT/xt_ACCOUNT.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/ACCOUNT/xt_ACCOUNT.c 2010-04-26 14:12:03.000000000 +0200
@@ -264,7 +264,7 @@
return -1;
}
-static bool ipt_acc_checkentry(const struct xt_tgchk_param *par)
+static int ipt_acc_checkentry(const struct xt_tgchk_param *par)
{
struct ipt_acc_info *info = par->targinfo;
int table_nr;
@@ -276,13 +276,13 @@
if (table_nr == -1) {
printk("ACCOUNT: Table insert problem. Aborting\n");
- return false;
+ return -EINVAL;
}
/* Table nr caching so we don't have to do an extra string compare
for every packet */
info->table_nr = table_nr;
- return true;
+ return 0;
}
static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/Makefile.am new/xtables-addons-1.25/extensions/Makefile.am
--- old/xtables-addons-1.24/extensions/Makefile.am 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/Makefile.am 2010-04-26 14:12:03.000000000 +0200
@@ -7,6 +7,8 @@
_kcall = -C ${kbuilddir} M=${abs_srcdir}
modules:
+ @echo -n "Xtables-addons ${PACKAGE_VERSION} - Linux "
+ @if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} --no-print-directory -s kernelrelease; fi;
${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} modules; fi;
modules_install:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/Makefile.in new/xtables-addons-1.25/extensions/Makefile.in
--- old/xtables-addons-1.24/extensions/Makefile.in 2010-03-17 02:53:26.000000000 +0100
+++ new/xtables-addons-1.25/extensions/Makefile.in 2010-04-26 14:13:55.000000000 +0200
@@ -374,6 +374,8 @@
.PHONY: modules modules_install clean_modules
modules:
+ @echo -n "Xtables-addons ${PACKAGE_VERSION} - Linux "
+ @if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} --no-print-directory -s kernelrelease; fi;
${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} modules; fi;
modules_install:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/compat_xtables.c new/xtables-addons-1.25/extensions/compat_xtables.c
--- old/xtables-addons-1.24/extensions/compat_xtables.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/compat_xtables.c 2010-04-26 14:12:03.000000000 +0200
@@ -84,6 +84,19 @@
return nm->checkentry(&local_par);
}
#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \
+ LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
+static bool xtnu_match_check(const struct xt_mtchk_param *par)
+{
+ struct xtnu_match *nm = xtcompat_numatch(par->match);
+
+ if (nm == NULL)
+ return false;
+ if (nm->checkentry == NULL)
+ return true;
+ return nm->checkentry(par) == 0 ? true : false;
+}
+#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
@@ -105,7 +118,7 @@
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
int xtnu_register_match(struct xtnu_match *nt)
{
struct xt_match *ct;
@@ -127,9 +140,15 @@
ct->table = (char *)nt->table;
ct->hooks = nt->hooks;
ct->proto = nt->proto;
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
ct->match = xtnu_match_run;
ct->checkentry = xtnu_match_check;
ct->destroy = xtnu_match_destroy;
+#else
+ ct->match = nt->match;
+ ct->checkentry = xtnu_match_check;
+ ct->destroy = nt->destroy;
+#endif
ct->matchsize = nt->matchsize;
ct->me = nt->me;
@@ -250,6 +269,20 @@
}
#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \
+ LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34)
+static bool xtnu_target_check(const struct xt_tgchk_param *par)
+{
+ struct xtnu_target *nt = xtcompat_nutarget(par->target);
+
+ if (nt == NULL)
+ return false;
+ if (nt->checkentry == NULL)
+ return true;
+ return nt->checkentry(par) == 0 ? true : false;
+}
+#endif
+
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
unsigned int targinfosize)
@@ -295,6 +328,9 @@
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
ct->checkentry = xtnu_target_check;
ct->destroy = xtnu_target_destroy;
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
+ ct->checkentry = xtnu_target_check;
+ ct->destroy = nt->destroy;
#else
ct->checkentry = nt->checkentry;
ct->destroy = nt->destroy;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/compat_xtables.h new/xtables-addons-1.25/extensions/compat_xtables.h
--- old/xtables-addons-1.24/extensions/compat_xtables.h 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/compat_xtables.h 2010-04-26 14:12:03.000000000 +0200
@@ -60,7 +60,7 @@
# define init_net__proc_net init_net.proc_net
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
# define xt_match xtnu_match
# define xt_register_match xtnu_register_match
# define xt_unregister_match xtnu_unregister_match
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/compat_xtnu.h new/xtables-addons-1.25/extensions/compat_xtnu.h
--- old/xtables-addons-1.24/extensions/compat_xtnu.h 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/compat_xtnu.h 2010-04-26 14:12:03.000000000 +0200
@@ -85,7 +85,7 @@
struct list_head list;
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
bool (*match)(const struct sk_buff *, const struct xt_match_param *);
- bool (*checkentry)(const struct xt_mtchk_param *);
+ int (*checkentry)(const struct xt_mtchk_param *);
void (*destroy)(const struct xt_mtdtor_param *);
struct module *me;
const char *table;
@@ -101,7 +101,7 @@
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
unsigned int (*target)(struct sk_buff **,
const struct xt_target_param *);
- bool (*checkentry)(const struct xt_tgchk_param *);
+ int (*checkentry)(const struct xt_tgchk_param *);
void (*destroy)(const struct xt_tgdtor_param *);
struct module *me;
const char *table;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/ipset/ipt_SET.c new/xtables-addons-1.25/extensions/ipset/ipt_SET.c
--- old/xtables-addons-1.24/extensions/ipset/ipt_SET.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/ipset/ipt_SET.c 2010-04-26 14:12:03.000000000 +0200
@@ -45,7 +45,7 @@
return XT_CONTINUE;
}
-static bool
+static int
checkentry(const struct xt_tgchk_param *par)
{
struct ipt_set_info_target *info = par->targinfo;
@@ -54,7 +54,7 @@
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targinfosize != IPT_ALIGN(sizeof(*info))) {
DP("bad target info size %u", targinfosize);
- return 0;
+ return -EINVAL;
}
#endif
@@ -63,7 +63,7 @@
if (index == IP_SET_INVALID_ID) {
ip_set_printk("cannot find add_set index %u as target",
info->add_set.index);
- return 0; /* error */
+ return -EINVAL;
}
}
@@ -72,16 +72,16 @@
if (index == IP_SET_INVALID_ID) {
ip_set_printk("cannot find del_set index %u as target",
info->del_set.index);
- return 0; /* error */
+ return -EINVAL;
}
}
if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0
|| info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) {
ip_set_printk("That's nasty!");
- return 0; /* error */
+ return -EINVAL;
}
- return 1;
+ return 0;
}
static void destroy(const struct xt_tgdtor_param *par)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/ipset/ipt_set.c new/xtables-addons-1.25/extensions/ipset/ipt_set.c
--- old/xtables-addons-1.24/extensions/ipset/ipt_set.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/ipset/ipt_set.c 2010-04-26 14:12:03.000000000 +0200
@@ -47,7 +47,7 @@
info->match_set.flags[0] & IPSET_MATCH_INV);
}
-static bool
+static int
checkentry(const struct xt_mtchk_param *par)
{
struct ipt_set_info_match *info = par->matchinfo;
@@ -56,7 +56,7 @@
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
- return 0;
+ return -EINVAL;
}
#endif
@@ -65,14 +65,14 @@
if (index == IP_SET_INVALID_ID) {
ip_set_printk("Cannot find set indentified by id %u to match",
info->match_set.index);
- return 0; /* error */
+ return -ENOENT;
}
if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) {
ip_set_printk("That's nasty!");
- return 0; /* error */
+ return -EINVAL;
}
- return 1;
+ return 0;
}
static void destroy(const struct xt_mtdtor_param *par)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/pknock/xt_pknock.c new/xtables-addons-1.25/extensions/pknock/xt_pknock.c
--- old/xtables-addons-1.24/extensions/pknock/xt_pknock.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/pknock/xt_pknock.c 2010-04-26 14:12:03.000000000 +0200
@@ -1064,9 +1064,9 @@
return ret;
}
-#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (false)
+#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return -EINVAL; } while (false)
-static bool pknock_mt_check(const struct xt_mtchk_param *par)
+static int pknock_mt_check(const struct xt_mtchk_param *par)
{
struct xt_pknock_mtinfo *info = par->matchinfo;
@@ -1124,9 +1124,10 @@
}
if (!add_rule(info))
+ /* should ENOMEM here */
RETURN_ERR("add_rule() error in checkentry() function.\n");
- return true;
+ return 0;
}
static void pknock_mt_destroy(const struct xt_mtdtor_param *par)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/xt_CHAOS.c new/xtables-addons-1.25/extensions/xt_CHAOS.c
--- old/xtables-addons-1.24/extensions/xt_CHAOS.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/xt_CHAOS.c 2010-04-26 14:12:03.000000000 +0200
@@ -141,22 +141,22 @@
return NF_DROP;
}
-static bool chaos_tg_check(const struct xt_tgchk_param *par)
+static int chaos_tg_check(const struct xt_tgchk_param *par)
{
const struct xt_chaos_tginfo *info = par->targinfo;
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
"DELUDE module not available\n");
- return false;
+ return -EINVAL;
}
if (info->variant == XTCHAOS_TARPIT && !have_tarpit) {
printk(KERN_WARNING PFX "Error: Cannot use --tarpit when "
"TARPIT module not available\n");
- return false;
+ return -EINVAL;
}
- return true;
+ return 0;
}
static struct xt_target chaos_tg_reg = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/xt_LOGMARK.c new/xtables-addons-1.25/extensions/xt_LOGMARK.c
--- old/xtables-addons-1.24/extensions/xt_LOGMARK.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/xt_LOGMARK.c 2010-04-26 14:12:03.000000000 +0200
@@ -81,17 +81,17 @@
return XT_CONTINUE;
}
-static bool
+static int
logmark_tg_check(const struct xt_tgchk_param *par)
{
const struct xt_logmark_tginfo *info = par->targinfo;
if (info->level >= 8) {
pr_debug("LOGMARK: level %u >= 8\n", info->level);
- return false;
+ return -EINVAL;
}
- return true;
+ return 0;
}
static struct xt_target logmark_tg_reg[] __read_mostly = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/xt_RAWNAT.c new/xtables-addons-1.25/extensions/xt_RAWNAT.c
--- old/xtables-addons-1.24/extensions/xt_RAWNAT.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/xt_RAWNAT.c 2010-04-26 14:12:03.000000000 +0200
@@ -283,15 +283,15 @@
}
#endif
-static bool rawnat_tg_check(const struct xt_tgchk_param *par)
+static int rawnat_tg_check(const struct xt_tgchk_param *par)
{
if (strcmp(par->table, "raw") == 0 ||
strcmp(par->table, "rawpost") == 0)
- return true;
+ return 0;
printk(KERN_ERR KBUILD_MODNAME " may only be used in the \"raw\" or "
"\"rawpost\" table.\n");
- return false;
+ return -EINVAL;
}
static struct xt_target rawnat_tg_reg[] __read_mostly = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/xt_SYSRQ.c new/xtables-addons-1.25/extensions/xt_SYSRQ.c
--- old/xtables-addons-1.24/extensions/xt_SYSRQ.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/xt_SYSRQ.c 2010-04-26 14:12:03.000000000 +0200
@@ -253,9 +253,8 @@
}
#endif
-static bool sysrq_tg_check(const struct xt_tgchk_param *par)
+static int sysrq_tg_check(const struct xt_tgchk_param *par)
{
-
if (par->target->family == NFPROTO_IPV4) {
const struct ipt_entry *entry = par->entryinfo;
@@ -272,11 +271,11 @@
goto out;
}
- return true;
+ return 0;
out:
printk(KERN_ERR KBUILD_MODNAME ": only available for UDP and UDP-Lite");
- return false;
+ return -EINVAL;
}
static struct xt_target sysrq_tg_reg[] __read_mostly = {
@@ -332,23 +331,14 @@
sysrq_digest_size = crypto_hash_digestsize(sysrq_tfm);
sysrq_digest = kmalloc(sysrq_digest_size, GFP_KERNEL);
ret = -ENOMEM;
- if (sysrq_digest == NULL) {
- printk(KERN_WARNING KBUILD_MODNAME
- ": Cannot allocate digest\n");
+ if (sysrq_digest == NULL)
goto fail;
- }
sysrq_hexdigest = kmalloc(2 * sysrq_digest_size + 1, GFP_KERNEL);
- if (sysrq_hexdigest == NULL) {
- printk(KERN_WARNING KBUILD_MODNAME
- ": Cannot allocate hexdigest\n");
+ if (sysrq_hexdigest == NULL)
goto fail;
- }
sysrq_digest_password = kmalloc(sizeof(sysrq_password), GFP_KERNEL);
- if (sysrq_digest_password == NULL) {
- printk(KERN_WARNING KBUILD_MODNAME
- ": Cannot allocate password digest space\n");
+ if (sysrq_digest_password == NULL)
goto fail;
- }
do_gettimeofday(&now);
sysrq_seqno = now.tv_sec;
ret = xt_register_targets(sysrq_tg_reg, ARRAY_SIZE(sysrq_tg_reg));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-1.24/extensions/xt_TEE.c new/xtables-addons-1.25/extensions/xt_TEE.c
--- old/xtables-addons-1.24/extensions/xt_TEE.c 2010-03-17 02:50:23.000000000 +0100
+++ new/xtables-addons-1.25/extensions/xt_TEE.c 2010-04-26 14:12:03.000000000 +0200
@@ -24,7 +24,6 @@
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
# define WITH_CONNTRACK 1
# include