commit xtables-addons for openSUSE:Factory

25 Oct 2022

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2022-10-25 11:51:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old)
 and      /work/SRC/openSUSE:Factory/.xtables-addons.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "xtables-addons"

Tue Oct 25 11:51:18 2022 rev:78 rq:1031082 version:3.22

Changes:
--------

--- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes	2022-06-20 15:39:31.203056451 +0200
+++ /work/SRC/openSUSE:Factory/.xtables-addons.new.2275/xtables-addons.changes	2022-10-25 11:51:20.461298831 +0200
@@ -1,0 +2,6 @@
+Tue Oct 25 08:44:54 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 3.22
+  * Support for up to Linux 6.1
+
+-------------------------------------------------------------------

Old:
----
  xtables-addons-3.21.tar.asc
  xtables-addons-3.21.tar.xz

New:
----
  xtables-addons-3.22.tar.asc
  xtables-addons-3.22.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xtables-addons.spec ++++++
--- /var/tmp/diff_new_pack.SIO1hn/_old	2022-10-25 11:51:21.025299411 +0200
+++ /var/tmp/diff_new_pack.SIO1hn/_new	2022-10-25 11:51:21.033299420 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           xtables-addons
-Version:        3.21
+Version:        3.22
 Release:        0
 Summary:        IP Packet Filter Administration Extensions
 License:        GPL-2.0-only AND GPL-2.0-or-later

++++++ xtables-addons-3.21.tar.xz -> xtables-addons-3.22.tar.xz ++++++
++++ 2442 lines of diff (skipped)
++++    retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/Makefile.am new/xtables-addons-3.22/Makefile.am
--- old/xtables-addons-3.21/Makefile.am	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/Makefile.am	2022-10-25 10:43:50.000000000 +0200
@@ -1,9 +1,16 @@
 # -*- Makefile -*-
 
 ACLOCAL_AMFLAGS  = -I m4
-SUBDIRS          = extensions extensions/ACCOUNT extensions/pknock geoip
+SUBDIRS          = extensions extensions/ACCOUNT extensions/pknock
 
-man_MANS := xtables-addons.8
+bin_SCRIPTS = geoip/xt_geoip_query
+pkglibexec_SCRIPTS = asn/xt_asn_build asn/xt_asn_dl asn/xt_asn_fetch \
+	geoip/xt_geoip_build geoip/xt_geoip_build_maxmind \
+	geoip/xt_geoip_dl geoip/xt_geoip_dl_maxmind
+man_MANS = xtables-addons.8 asn/xt_asn_build.1 asn/xt_asn_dl.1 \
+	geoip/xt_geoip_build.1 geoip/xt_geoip_dl.1 \
+	geoip/xt_geoip_build_maxmind.1 geoip/xt_geoip_dl_maxmind.1 \
+	geoip/xt_geoip_query.1
 
 .PHONY: FORCE
 FORCE:
@@ -27,6 +34,6 @@
 # do not use mkdir_p here.
 	mkdir ${tmpdir}
 	pushd ${top_srcdir} && git archive --prefix=${PACKAGE_NAME}-${PACKAGE_VERSION}/ HEAD | tar -C ${tmpdir} -x && popd;
-	pushd ${tmpdir}/${PACKAGE_NAME}-${PACKAGE_VERSION} && ./autogen.sh && popd;
+	pushd ${tmpdir}/${PACKAGE_NAME}-${PACKAGE_VERSION} && autoreconf -fi && rm -Rf autom4te*.cache && popd;
 	tar --use=${packer} -C ${tmpdir} -cf ${PACKAGE_NAME}-${PACKAGE_VERSION}${packext} --owner=root --group=root ${PACKAGE_NAME}-${PACKAGE_VERSION}/;
 	rm -Rf ${tmpdir};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/.gitignore new/xtables-addons-3.22/asn/.gitignore
--- old/xtables-addons-3.21/asn/.gitignore	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/.gitignore	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,6 @@
+/BE
+/LE
+/GeoIPCountryCSV.zip
+/GeoIPCountryWhois.csv
+/GeoIPv6.csv
+/GeoIPv6.csv.gz
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/Makefile.am new/xtables-addons-3.22/asn/Makefile.am
--- old/xtables-addons-3.21/asn/Makefile.am	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/Makefile.am	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,5 @@
+# -*- Makefile -*-
+
+pkglibexec_SCRIPTS = xt_asn_build xt_asn_dl
+
+man1_MANS = xt_asn_build.1 xt_asn_dl.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/xt_asn_build new/xtables-addons-3.22/asn/xt_asn_build
--- old/xtables-addons-3.21/asn/xt_asn_build	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/xt_asn_build	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,207 @@
+#!/usr/bin/perl
+#
+#	Converter for MaxMind (GeoLite2) CSV database to binary, for xt_geoip
+#	Copyright Jan Engelhardt, 2008-2011
+#	Copyright Philip Prindeville, 2018
+#	D. Stussy, 2019 - Converted GeoIP module for ASN use
+#	D. Stussy, 2019 - Added -O <filename> output for ASN zone DNS records
+#
+use Getopt::Long;
+use Net::CIDR::Lite;
+use Socket qw(AF_INET AF_INET6 inet_pton);
+use warnings;
+use Text::CSV_XS; # or trade for Text::CSV
+use strict;
+
+my $csv = Text::CSV_XS->new({
+	allow_whitespace => 1,
+	binary => 1,
+	eol => $/,
+}); # or Text::CSV
+my $source_dir = ".";
+my $target_dir = ".";
+my $output_txt;
+
+&Getopt::Long::Configure(qw(bundling));
+&GetOptions(
+	"D=s" => \$target_dir,
+	"S=s" => \$source_dir,
+	"O=s" => \$output_txt,
+);
+
+if (!-d $source_dir) {
+	print STDERR "Source directory \"$source_dir\" does not exist.\n";
+	exit 1;
+}
+if (!-d $target_dir) {
+	print STDERR "Target directory \"$target_dir\" does not exist.\n";
+	exit 1;
+}
+
+&dump(&collect());
+
+sub collect
+{
+	my ($file, $fh, $row, $outfile, %asns, %header, %pairs);
+
+	sub net; sub asn; sub name;
+
+	$file = "$source_dir/GeoLite2-ASN-Blocks-IPv4.csv";
+	open($fh, '<', $file) || die "Can't open IPv4 database\n";
+
+	# first line is headers
+	$row = $csv->getline($fh);
+
+	%header = map { ($row->[$_], $_); } (0..$#{$row});
+
+	# verify that the columns we need are present
+	map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs;
+
+	my %remapping = (
+		net => 'network',
+		asn => 'autonomous_system_number',
+		name => 'autonomous_system_organization',
+	);
+
+	# now create a function which returns the value of that column #
+	map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping;
+
+	if ($output_txt) {
+		open($outfile, '>', $output_txt);
+	}
+
+	while ($row = $csv->getline($fh)) {
+		my ($asn, $cidr, $name);
+
+		$asn = $row->[asn];
+		$cidr = $row->[net];
+
+		if (!exists $asns{$asn}) {
+			$asns{$asn} = {
+				pool_v4 => Net::CIDR::Lite->new(),
+				pool_v6 => Net::CIDR::Lite->new(),
+			};
+		}
+
+		$asns{$asn}->{pool_v4}->add($cidr);
+
+		if ($. % 4096 == 0) {
+			print STDERR "\r\e[2K$. entries";
+		}
+
+		if ($outfile) {
+			print $outfile "$asn\t\tIN\tAPL\t1:$cidr\n";
+			print $outfile "$asn\t\tIN\tTXT\t\"$row->[name]\"\n";
+		}
+	}
+
+	print STDERR "\r\e[2K$. entries total\n";
+
+	close($fh);
+
+	# clean up the namespace
+	undef &net; undef &asn; undef &name;
+
+	$file = "$source_dir/GeoLite2-ASN-Blocks-IPv6.csv";
+	open($fh, '<', $file) || die "Can't open IPv6 database\n";
+
+	# first line is headers
+	$row = $csv->getline($fh);
+
+	%header = map { ($row->[$_], $_); } (0..$#{$row});
+
+	# verify that the columns we need are present
+	map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs;
+
+	# unlikely the IPv6 table has different columns, but just to be sure
+	# create a function which returns the value of that column #
+	map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping;
+
+	while ($row = $csv->getline($fh)) {
+		my ($asn, $cidr, $name);
+
+		$asn = $row->[asn];
+		$cidr = $row->[net];
+
+		if (!exists $asns{$asn}) {
+			$asns{$asn} = {
+				pool_v4 => Net::CIDR::Lite->new(),
+				pool_v6 => Net::CIDR::Lite->new(),
+			};
+		}
+
+		$asns{$asn}->{pool_v6}->add($cidr);
+
+		if ($. % 4096 == 0) {
+			print STDERR "\r\e[2K$. entries";
+		}
+
+		if ($outfile) {
+			print $outfile "$asn\t\tIN\tAPL\t2:$cidr\n";
+			print $outfile "$asn\t\tIN\tTXT\t\"$row->[name]\"\n";
+		}
+	}
+
+	print STDERR "\r\e[2K$. entries total\n";
+
+	close($fh);
+
+	# clean up the namespace
+	undef &net; undef &asn; undef &name;
+
+	if ($outfile) {
+		close($outfile);
+	}
+
+	return \%asns;
+}
+
+sub dump
+{
+	my $asns = shift @_;
+
+	foreach my $asn_number (sort {$a <=> $b} keys %{$asns}) {
+		&dump_one($asn_number, $asns->{$asn_number});
+	}
+}
+
+sub dump_one
+{
+	my($asn_number, $asns) = @_;
+	my @ranges;
+
+	@ranges = $asns->{pool_v4}->list_range();
+
+	writeASN($asn_number, AF_INET, @ranges);
+
+	@ranges = $asns->{pool_v6}->list_range();
+
+	writeASN($asn_number, AF_INET6, @ranges);
+}
+
+sub writeASN
+{
+	my ($asn_number, $family, @ranges) = @_;
+	my $fh;
+
+	printf "%5u IPv%s ranges for %s\n",
+		scalar(@ranges),
+		($family == AF_INET ? '4' : '6'),
+		$asn_number;
+
+	my $file = "$target_dir/".$asn_number.".iv".($family == AF_INET ? '4' : '6');
+	if (!open($fh, '>', $file)) {
+		print STDERR "Error opening $file: $!\n";
+		exit 1;
+	}
+
+	binmode($fh);
+
+	foreach my $range (@ranges) {
+		my ($start, $end) = split('-', $range);
+		$start = inet_pton($family, $start);
+		$end = inet_pton($family, $end);
+		print $fh $start, $end;
+	}
+	close $fh;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/xt_asn_build.1 new/xtables-addons-3.22/asn/xt_asn_build.1
--- old/xtables-addons-3.21/asn/xt_asn_build.1	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/xt_asn_build.1	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,43 @@
+.TH xt_asn_build 1 "2010-12-17" "xtables-addons" "xtables-addons"
+.SH Name
+.PP
+xt_asn_build \(em convert ASN.csv to packed format for xt_asn
+.SH Syntax
+.PP
+\fI/usr/libexec/xt_asn/\fP\fBxt_asn_build\fP [\fB\-D\fP \fItarget_dir\fP]
+[\fB\-S\fP \fIsource_dir\fP] [\fB\-O\fP \fIoutput_file\fP]
+.SH Description
+.PP
+xt_asn_build is used to build packed raw representations of the range
+database that the xt_asn module relies on. Since kernel memory is precious,
+much of the preprocessing is done in userspace by this very building tool. One
+file is produced for each country, so that no more addresses than needed are
+required to be loaded into memory. The ranges in the packed database files are
+also ordered, as xt_asn relies on this property for its bisection approach to
+work.
+.PP
+Since the script is usually installed to the libexec directory of the
+xtables-addons package and this is outside $PATH (on purpose), invoking the
+script requires it to be called with a path.
+.PP Options
+.TP
+\fB\-D\fP \fItarget_dir\fP
+Specifies the target directory into which the files are to be put. Defaults to ".".
+.TP
+\fB\-S\fP \fIsource_dir\fP
+Specifies the source directory from which to read the two files by the name
+of \fBGeoLite2\-ASN\-Blocks\-IPv?.csv\fP,
+.TP
+\fB\-O\fP \fIoutput_file\fP
+Specifies an optioan target file to output DNS records for ASN to name
+(TXT-RRs) and network (APL-RRs).  Defaults to no output.  The file should be
+sorted postprocessing to remove duplicate TXT records and to combine APL-RRs
+into a more compact record set.
+.SH Application
+.PP
+Shell commands to build the databases and put them to where they are expected:
+.PP
+xt_asn_build \-D /usr/share/xt_asn
+.SH See also
+.PP
+xt_asn_dl(1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/xt_asn_dl new/xtables-addons-3.22/asn/xt_asn_dl
--- old/xtables-addons-3.21/asn/xt_asn_dl	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/xt_asn_dl	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,5 @@
+#!/bin/sh
+rm -rf GeoLite2-ASN-CSV_*
+wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN-CSV.zip
+unzip -q GeoLite2-ASN-CSV.zip
+rm -f GeoLite2-ASN-CSV.zip
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/xt_asn_dl.1 new/xtables-addons-3.22/asn/xt_asn_dl.1
--- old/xtables-addons-3.21/asn/xt_asn_dl.1	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/xt_asn_dl.1	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,21 @@
+.TH xt_asn_dl 1 "2010-12-17" "xtables-addons" "xtables-addons"
+.SH Name
+.PP
+xt_asn_dl \(em download ASN database files
+.SH Syntax
+.PP
+\fI/usr/libexec/xt_asn/\fP\fBxt_asn_dl\fP
+.SH Description
+.PP
+Downloads and unpacks the MaxMind ASN Lite databases for IPv4 and
+IPv6 and unpacks them to the current directory.
+.PP
+Since the script is usually installed to the libexec directory of the
+xtables-addons package and this is outside $PATH (on purpose), invoking the
+script requires it to be called with a path.
+.SH Options
+.PP
+None.
+.SH See also
+.PP
+xt_asn_build(1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/asn/xt_asn_fetch new/xtables-addons-3.22/asn/xt_asn_fetch
--- old/xtables-addons-3.21/asn/xt_asn_fetch	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/asn/xt_asn_fetch	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,94 @@
+#!/usr/bin/perl
+#
+#	Utility to query GeoIP database
+#	Copyright Philip Prindeville, 2018
+#	Adapted for ASN database, D. Stussy, 2019
+#
+use Getopt::Long;
+use Socket qw(AF_INET AF_INET6 inet_ntop);
+use warnings;
+use strict;
+
+sub AF_INET_SIZE() { 4 }
+sub AF_INET6_SIZE() { 16 }
+
+my $target_dir = ".";
+my $ipv4 = 0;
+my $ipv6 = 0;
+
+&Getopt::Long::Configure(qw(bundling));
+&GetOptions(
+	"D=s" => \$target_dir,
+	"4"   => \$ipv4,
+	"6"   => \$ipv6,
+);
+
+if (!-d $target_dir) {
+	print STDERR "Target directory $target_dir does not exit.\n";
+	exit 1;
+}
+
+# if neither specified, assume both
+if (! $ipv4 && ! $ipv6) {
+	$ipv4 = $ipv6 = 1;
+}
+
+foreach my $asn (@ARGV) {
+	if ($asn !~ m/^([1-9][0-9]*)$/) {
+		print STDERR "Invalid ASN '$asn'\n";
+		exit 1;
+	}
+
+	my $file = $target_dir . '/' . uc($asn) . '.iv4';
+
+	if (! -f $file) {
+		printf STDERR "Can't find data for ASN '$asn'\n";
+		exit 1;
+	}
+
+	my ($contents, $buffer, $bytes, $fh);
+
+	if ($ipv4) {
+		open($fh, '<', $file) || die "Couldn't open file '$file'\n";
+
+		binmode($fh);
+
+		while (($bytes = read($fh, $buffer, AF_INET_SIZE * 2)) == AF_INET_SIZE * 2) {
+			my $start = inet_ntop(AF_INET, substr($buffer, 0, AF_INET_SIZE));
+			my $end = inet_ntop(AF_INET, substr($buffer, AF_INET_SIZE));
+			print $start, '-', $end, "\n";
+		}
+		close($fh);
+		if (! defined $bytes) {
+			printf STDERR "Error reading file for ASN '$asn'\n";
+			exit 1;
+		} elsif ($bytes != 0) {
+			printf STDERR "Short read on file for ASN '$asn'\n";
+			exit 1;
+		}
+	}
+
+	substr($file, -1) = '6';
+
+	if ($ipv6) {
+		open($fh, '<', $file) || die "Couldn't open file '$file'\n";
+
+		binmode($fh);
+
+		while (($bytes = read($fh, $buffer, AF_INET6_SIZE * 2)) == AF_INET6_SIZE * 2) {
+			my $start = inet_ntop(AF_INET6, substr($buffer, 0, AF_INET6_SIZE));
+			my $end = inet_ntop(AF_INET6, substr($buffer, AF_INET6_SIZE));
+			print $start, '-', $end, "\n";
+		}
+		close($fh);
+		if (! defined $bytes) {
+			printf STDERR "Error reading file for ASN '$asn'\n";
+			exit 1;
+		} elsif ($bytes != 0) {
+			printf STDERR "Short read on file for ASN '$asn'\n";
+			exit 1;
+		}
+	}
+}
+
+exit 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/autogen.sh new/xtables-addons-3.22/autogen.sh
--- old/xtables-addons-3.21/autogen.sh	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/autogen.sh	1970-01-01 01:00:00.000000000 +0100
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-autoreconf -fi;
-rm -Rf autom4te*.cache;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/configure.ac new/xtables-addons-3.22/configure.ac
--- old/xtables-addons-3.21/configure.ac	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/configure.ac	2022-10-25 10:43:50.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [3.21])
+AC_INIT([xtables-addons], [3.22])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
@@ -59,10 +59,12 @@
 		yoff
 	], [
 		echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-		if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 19; then
+		if test "$kmajor" -gt 6 -o "$kmajor" -eq 6 -a "$kminor" -gt 1; then
 			yon
 			echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
 			yoff
+		elif test "$kmajor" -eq 6; then
+			:
 		elif test "$kmajor" -eq 5 -a "$kminor" -ge 0; then
 			:
 		elif test "$kmajor" -eq 4 -a "$kminor" -ge 16; then
@@ -79,7 +81,7 @@
 AC_SUBST([regular_CFLAGS])
 AC_SUBST([kbuilddir])
 AC_SUBST([xtlibdir])
-AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans geoip/Makefile
+AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans
 	extensions/Makefile extensions/ACCOUNT/Makefile
 	extensions/pknock/Makefile])
 AC_OUTPUT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/doc/changelog.rst new/xtables-addons-3.22/doc/changelog.rst
--- old/xtables-addons-3.21/doc/changelog.rst	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/doc/changelog.rst	2022-10-25 10:43:50.000000000 +0200
@@ -1,3 +1,9 @@
+v3.22 (2022-10-25)
+==================
+
+* Support for up to Linux 6.1
+
+
 v3.21 (2022-06-13)
 ==================
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/Kbuild new/xtables-addons-3.22/extensions/Kbuild
--- old/xtables-addons-3.21/extensions/Kbuild	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/extensions/Kbuild	2022-10-25 10:43:50.000000000 +0200
@@ -19,6 +19,7 @@
 obj-${build_condition}   += xt_condition.o
 obj-${build_fuzzy}       += xt_fuzzy.o
 obj-${build_geoip}       += xt_geoip.o
+obj-${build_asn}         += xt_asn.o
 obj-${build_iface}       += xt_iface.o
 obj-${build_ipp2p}       += xt_ipp2p.o
 obj-${build_ipv4options} += xt_ipv4options.o
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/Mbuild new/xtables-addons-3.22/extensions/Mbuild
--- old/xtables-addons-3.21/extensions/Mbuild	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/extensions/Mbuild	2022-10-25 10:43:50.000000000 +0200
@@ -14,6 +14,7 @@
 obj-${build_condition}   += libxt_condition.so
 obj-${build_fuzzy}       += libxt_fuzzy.so
 obj-${build_geoip}       += libxt_geoip.so
+obj-${build_asn}         += libxt_asn.so
 obj-${build_iface}       += libxt_iface.so
 obj-${build_ipp2p}       += libxt_ipp2p.so
 obj-${build_ipv4options} += libxt_ipv4options.so
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/libxt_asn.c new/xtables-addons-3.22/extensions/libxt_asn.c
--- old/xtables-addons-3.21/extensions/libxt_asn.c	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/extensions/libxt_asn.c	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,348 @@
+/*
+ *	"asn" match extension for iptables
+ *	Copyright �� Samuel Jean <peejix [at] people netfilter org>, 2004 - 2008
+ *	Copyright �� Nicolas Bouliane <acidfu [at] people netfilter org>, 2004 - 2008
+ *	Jan Engelhardt, 2008-2011
+ *	D. Stussy, 2019 - Converted libxt_geoip.c to ASN use
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License; either
+ *	version 2 of the License, or any later version, as published by the
+ *	Free Software Foundation.
+ */
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <ctype.h>
+#include <endian.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <xtables.h>
+#include "xt_asn.h"
+#include "compat_user.h"
+#define ASN_DB_DIR "/usr/share/xt_asn"
+
+static void asn_help(void)
+{
+	printf (
+	"asn match options:\n"
+	"[!] --src-asn, --source-number number[,number...]\n"
+	"	Match packet coming from (one of) the specified ASN(s)\n"
+	"[!] --dst-asn, --destination-number number[,number...]\n"
+	"	Match packet going to (one of) the specified ASN(s)\n"
+	"\n"
+	"NOTE: The number is inputed by its ISO3166 code.\n"
+	"\n"
+	);
+}
+
+static struct option asn_opts[] = {
+	{.name = "dst-asn",            .has_arg = true, .val = '2'},
+	{.name = "destination-number", .has_arg = true, .val = '2'},
+	{.name = "src-asn",            .has_arg = true, .val = '1'},
+	{.name = "source-number",      .has_arg = true, .val = '1'},
+	{NULL},
+};
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+static void asn_swap_le16(uint16_t *buf)
+{
+	unsigned char *p = (void *)buf;
+	uint16_t n= p[0] + (p[1] << 8);
+	p[0] = (n >> 8) & 0xff;
+	p[1] = n & 0xff;
+}
+
+static void asn_swap_in6(struct in6_addr *in6)
+{
+	asn_swap_le16(&in6->s6_addr16[0]);
+	asn_swap_le16(&in6->s6_addr16[1]);
+	asn_swap_le16(&in6->s6_addr16[2]);
+	asn_swap_le16(&in6->s6_addr16[3]);
+	asn_swap_le16(&in6->s6_addr16[4]);
+	asn_swap_le16(&in6->s6_addr16[5]);
+	asn_swap_le16(&in6->s6_addr16[6]);
+	asn_swap_le16(&in6->s6_addr16[7]);
+}
+
+static void asn_swap_le32(uint32_t *buf)
+{
+	unsigned char *p = (void *)buf;
+	uint32_t n = p[0] + (p[1] << 8) + (p[2] << 16) + (p[3] << 24);
+	p[0] = (n >> 24) & 0xff;
+	p[1] = (n >> 16) & 0xff;
+	p[2] = (n >> 8) & 0xff;
+	p[3] = n & 0xff;
+}
+#endif
+
+static void *
+asn_get_subnets(const char *code, uint32_t *count, uint8_t nfproto)
+{
+	void *subnets;
+	struct stat sb;
+	char buf[256];
+	int fd;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	unsigned int n;
+#endif
+
+	/* Use simple integer vector files */
+	if (nfproto == NFPROTO_IPV6)
+		snprintf(buf, sizeof(buf), ASN_DB_DIR "/%s.iv6", code);
+	else
+		snprintf(buf, sizeof(buf), ASN_DB_DIR "/%s.iv4", code);
+
+	if ((fd = open(buf, O_RDONLY)) < 0) {
+		fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno));
+		xtables_error(OTHER_PROBLEM, "Could not read asn database");
+	}
+
+	fstat(fd, &sb);
+	*count = sb.st_size;
+	switch (nfproto) {
+	case NFPROTO_IPV6:
+		if (sb.st_size % sizeof(struct asn_subnet6) != 0)
+			xtables_error(OTHER_PROBLEM,
+				"Database file %s seems to be corrupted", buf);
+		*count /= sizeof(struct asn_subnet6);
+		break;
+	case NFPROTO_IPV4:
+		if (sb.st_size % sizeof(struct asn_subnet4) != 0)
+			xtables_error(OTHER_PROBLEM,
+				"Database file %s seems to be corrupted", buf);
+		*count /= sizeof(struct asn_subnet4);
+		break;
+	}
+	subnets = malloc(sb.st_size);
+	if (subnets == NULL)
+		xtables_error(OTHER_PROBLEM, "asn: insufficient memory");
+	read(fd, subnets, sb.st_size);
+	close(fd);
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	for (n = 0; n < *count; ++n) {
+		switch (nfproto) {
+		case NFPROTO_IPV6: {
+			struct asn_subnet6 *gs6 = &(((struct asn_subnet6 *)subnets)[n]);
+			asn_swap_in6(&gs6->begin);
+			asn_swap_in6(&gs6->end);
+			break;
+		}
+		case NFPROTO_IPV4: {
+			struct asn_subnet4 *gs4 = &(((struct asn_subnet4 *)subnets)[n]);
+			asn_swap_le32(&gs4->begin);
+			asn_swap_le32(&gs4->end);
+			break;
+		}
+		}
+	}
+#endif
+	return subnets;
+}
+
+static struct asn_number_user *asn_load_asn(const char *code,
+    unsigned long asn, uint8_t nfproto)
+{
+	struct asn_number_user *ginfo;
+	ginfo = malloc(sizeof(struct asn_number_user));
+
+	if (!ginfo)
+		return NULL;
+
+	ginfo->subnets = (unsigned long)asn_get_subnets(code,
+	                 &ginfo->count, nfproto);
+	ginfo->asn = asn;
+
+	return ginfo;
+}
+
+static u_int32_t
+check_asn_value(char *asn, u_int32_t asn_used[], u_int8_t count)
+{
+	u_int8_t i;
+	u_int32_t tmp_asn = 0;
+
+	for (i = 0; i < strlen(asn); i++)
+		if (!isdigit(asn[i]))
+			xtables_error(PARAMETER_PROBLEM,
+				"asn:  invalid number code '%s'", asn);
+
+	if (i < 1) /* Empty string */
+		xtables_error(PARAMETER_PROBLEM, "asn: missing number code");
+
+	tmp_asn = strtoul(asn, NULL, 10);
+
+	// Check for presence of value in asn_used
+	for (i = 0; i < count; i++)
+		if (tmp_asn == asn_used[i])
+			return 0; // Present, skip it!
+
+	return tmp_asn;
+}
+
+static unsigned int parse_asn_value(const char *asnstr, uint32_t *asn,
+    union asn_number_group *mem, uint8_t nfproto)
+{
+	char *buffer, *cp, *next;
+	u_int8_t i, count = 0;
+	u_int32_t asntmp;
+
+	buffer = strdup(asnstr);
+	if (!buffer)
+		xtables_error(OTHER_PROBLEM,
+			"asn: insufficient memory available");
+
+	for (cp = buffer, i = 0; cp && i < XT_ASN_MAX; cp = next, i++)
+	{
+		next = strchr(cp, ',');
+		if (next) *next++ = '\0';
+
+		if ((asntmp = check_asn_value(cp, asn, count)) != 0) {
+			if ((mem[count++].user =
+			    (unsigned long)asn_load_asn(cp, asntmp, nfproto)) == 0)
+				xtables_error(OTHER_PROBLEM,
+					"asn: insufficient memory available");
+			asn[count-1] = asntmp;
+		} /* ASN 0 is reserved and ignored */
+	}
+
+	if (cp)
+		xtables_error(PARAMETER_PROBLEM,
+			"asn: too many ASNs specified");
+	free(buffer);
+
+	if (count == 0)
+		xtables_error(PARAMETER_PROBLEM,
+			"asn: don't know what happened");
+
+	return count;
+}
+
+static int asn_parse(int c, bool invert, unsigned int *flags,
+    const char *arg, struct xt_asn_match_info *info, uint8_t nfproto)
+{
+	switch (c) {
+	case '1':
+		if (*flags & (XT_ASN_SRC | XT_ASN_DST))
+			xtables_error(PARAMETER_PROBLEM,
+				"asn: Only exactly one of --src-asn "
+				"or --dst-asn must be specified!");
+
+		*flags |= XT_ASN_SRC;
+		if (invert)
+			*flags |= XT_ASN_INV;
+
+		info->count = parse_asn_value(arg, info->asn, info->mem,
+		              nfproto);
+		info->flags = *flags;
+		return true;
+
+	case '2':
+		if (*flags & (XT_ASN_SRC | XT_ASN_DST))
+			xtables_error(PARAMETER_PROBLEM,
+				"asn: Only exactly one of --src-asn "
+				"or --dst-asn must be specified!");
+
+		*flags |= XT_ASN_DST;
+		if (invert)
+			*flags |= XT_ASN_INV;
+
+		info->count = parse_asn_value(arg, info->asn, info->mem,
+		              nfproto);
+		info->flags = *flags;
+		return true;
+	}
+
+	return false;
+}
+
+static int asn_parse6(int c, char **argv, int invert, unsigned int *flags,
+    const void *entry, struct xt_entry_match **match)
+{
+	return asn_parse(c, invert, flags, optarg,
+	       (void *)(*match)->data, NFPROTO_IPV6);
+}
+
+static int asn_parse4(int c, char **argv, int invert, unsigned int *flags,
+    const void *entry, struct xt_entry_match **match)
+{
+	return asn_parse(c, invert, flags, optarg,
+	       (void *)(*match)->data, NFPROTO_IPV4);
+}
+
+static void
+asn_final_check(unsigned int flags)
+{
+	if (!flags)
+		xtables_error(PARAMETER_PROBLEM,
+			"asn: missing arguments");
+}
+
+static void
+asn_save(const void *ip, const struct xt_entry_match *match)
+{
+	const struct xt_asn_match_info *info = (void *)match->data;
+	u_int8_t i;
+
+	if (info->flags & XT_ASN_INV)
+		printf(" !");
+
+	if (info->flags & XT_ASN_SRC)
+		printf(" --src-asn ");
+	else
+		printf(" --dst-asn ");
+
+	for (i = 0; i < info->count; i++)
+		printf("%s%u", i ? "," : "", info->asn[i]);
+}
+
+static void
+asn_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+	printf(" -m asn");
+	asn_save(ip, match);
+}
+
+static struct xtables_match asn_match[] = {
+	{
+		.family        = NFPROTO_IPV6,
+		.name          = "asn",
+		.revision      = 1,
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_asn_match_info)),
+		.userspacesize = offsetof(struct xt_asn_match_info, mem),
+		.help          = asn_help,
+		.parse         = asn_parse6,
+		.final_check   = asn_final_check,
+		.print         = asn_print,
+		.save          = asn_save,
+		.extra_opts    = asn_opts,
+	},
+	{
+		.family        = NFPROTO_IPV4,
+		.name          = "asn",
+		.revision      = 1,
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_asn_match_info)),
+		.userspacesize = offsetof(struct xt_asn_match_info, mem),
+		.help          = asn_help,
+		.parse         = asn_parse4,
+		.final_check   = asn_final_check,
+		.print         = asn_print,
+		.save          = asn_save,
+		.extra_opts    = asn_opts,
+	},
+};
+
+static __attribute__((constructor)) void asn_mt_ldr(void)
+{
+	xtables_register_matches(asn_match,
+		sizeof(asn_match) / sizeof(*asn_match));
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/libxt_asn.man new/xtables-addons-3.22/extensions/libxt_asn.man
--- old/xtables-addons-3.21/extensions/libxt_asn.man	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/extensions/libxt_asn.man	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,21 @@
+.PP
+Match a packet by its source or destination autonomous system number (ASN).
+.TP
+[\fB!\fP] \fB\-\-src\-asn\fP, \fB\-\-source\-number\fP \fInumber\fP[\fB,\fP\fInumber\fP\fB...\fP]
+Match packet coming from (one of) the specified ASN(s)
+.TP
+[\fB!\fP] \fB\-\-dst\-asn\fP, \fB\-\-destination\-number\fP \fIcountry\fP[\fB,\fP\fIcountry\fP\fB...\fP]
+Match packet going to (one of) the specified ASN(s)
+.TP
+.PP
+The extra files you will need are the binary database files. They are generated
+from a ASN-subnet database with the asn_build_db.pl tool that is shipped
+with the source package, and which should be available in compiled packages in
+/usr/lib(exec)/xtables-addons/. The first command retrieves CSV files from
+MaxMind, while the other two build packed bisectable range files:
+.PP
+mkdir \-p /usr/share/xt_asn; cd /tmp; $path/to/xt_asn_dl;
+.PP
+$path/to/xt_asn_build \-D /usr/share/xt_asn
+.PP
+The shared library is hardcoded to look in these paths, so use them.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/xt_CHAOS.c new/xtables-addons-3.22/extensions/xt_CHAOS.c
--- old/xtables-addons-3.21/extensions/xt_CHAOS.c	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/extensions/xt_CHAOS.c	2022-10-25 10:43:50.000000000 +0200
@@ -67,7 +67,7 @@
 		ret = xm_tcp->match(skb, &local_par);
 		hotdrop = local_par.hotdrop;
 	}
-	if (!ret || hotdrop || (unsigned int)prandom_u32() > delude_percentage)
+	if (!ret || hotdrop || (unsigned int)get_random_u32() > delude_percentage)
 		return;
 
 	destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
@@ -94,7 +94,7 @@
 	const struct xt_chaos_tginfo *info = par->targinfo;
 	const struct iphdr *iph = ip_hdr(skb);
 
-	if ((unsigned int)prandom_u32() <= reject_percentage) {
+	if ((unsigned int)get_random_u32() <= reject_percentage) {
 		struct xt_action_param local_par;
 		local_par.state    = par->state;
 		local_par.target   = xt_reject;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/xt_TARPIT.c new/xtables-addons-3.22/extensions/xt_TARPIT.c
--- old/xtables-addons-3.21/extensions/xt_TARPIT.c	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/extensions/xt_TARPIT.c	2022-10-25 10:43:50.000000000 +0200
@@ -107,8 +107,8 @@
 		tcph->syn     = true;
 		tcph->ack     = true;
 		tcph->window  = oth->window &
-			((prandom_u32() & 0x1f) - 0xf);
-		tcph->seq     = htonl(prandom_u32() & ~oth->seq);
+			(prandom_u32_max(0x20) - 0xf);
+		tcph->seq     = htonl(prandom_u32_max(~oth->seq + 1));
 		tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
 	}
 
@@ -117,7 +117,7 @@
 		tcph->syn     = false;
 		tcph->ack     = true;
 		tcph->window  = oth->window &
-			((prandom_u32() & 0x1f) - 0xf);
+			(prandom_u32_max(0x20) - 0xf);
 		tcph->ack_seq = payload > 100 ?
 			htonl(ntohl(oth->seq) + payload) :
 			oth->seq;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/xt_asn.c new/xtables-addons-3.22/extensions/xt_asn.c
--- old/xtables-addons-3.21/extensions/xt_asn.c	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/extensions/xt_asn.c	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,374 @@
+/* iptables kernel module for the asn match
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Copyright (c) 2004, 2005, 2006, 2007, 2008
+ * Samuel Jean & Nicolas Bouliane
+ *
+ * D. Stussy - 2019 - Repurposed xt_geoip.c for ASN match.
+ */
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/kernel.h>
+#include <linux/list.h>
+#include <linux/module.h>
+#include <linux/netdevice.h>
+#include <linux/rcupdate.h>
+#include <linux/skbuff.h>
+#include <linux/version.h>
+#include <linux/vmalloc.h>
+#include <linux/netfilter/x_tables.h>
+#include <asm/atomic.h>
+#include <asm/uaccess.h>
+#include "xt_asn.h"
+#include "compat_xtables.h"
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Nicolas Bouliane");
+MODULE_AUTHOR("Samuel Jean");
+MODULE_DESCRIPTION("xtables module for asn match");
+MODULE_ALIAS("ip6t_asn");
+MODULE_ALIAS("ipt_asn");
+
+enum asn_proto {
+	ASNROTO_IPV6,
+	ASNROTO_IPV4,
+	__ASNROTO_MAX,
+};
+
+/**
+ * @list:	anchor point for asn_head
+ * @subnets:	packed ordered list of ranges (either v6 or v4)
+ * @count:	number of ranges
+ * @asn:	number code
+ */
+struct asn_number_kernel {
+	struct list_head list;
+	void *subnets;
+	atomic_t ref;
+	unsigned int count;
+	unsigned long int asn;
+};
+
+static struct list_head asn_head[__ASNROTO_MAX];
+static DEFINE_SPINLOCK(asn_lock);
+
+static const enum asn_proto nfp2geo[] = {
+	[NFPROTO_IPV6] = ASNROTO_IPV6,
+	[NFPROTO_IPV4] = ASNROTO_IPV4,
+};
+static const size_t asnproto_size[] = {
+	[ASNROTO_IPV6] = sizeof(struct asn_subnet6),
+	[ASNROTO_IPV4] = sizeof(struct asn_subnet4),
+};
+
+static struct asn_number_kernel *
+asn_add_node(const struct asn_number_user __user *umem_ptr,
+               enum asn_proto proto)
+{
+	struct asn_number_user umem;
+	struct asn_number_kernel *p;
+	size_t size;
+	void *subnet;
+	int ret;
+
+	if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0)
+		return ERR_PTR(-EFAULT);
+	if (umem.count > SIZE_MAX / asnproto_size[proto])
+		return ERR_PTR(-E2BIG);
+	p = kmalloc(sizeof(struct asn_number_kernel), GFP_KERNEL);
+	if (p == NULL)
+		return ERR_PTR(-ENOMEM);
+
+	p->count   = umem.count;
+	p->asn     = umem.asn;
+	size = p->count * asnproto_size[proto];
+	if (size == 0) {
+		/*
+		 * Believe it or not, vmalloc prints a warning to dmesg for
+		 * zero-sized allocations :-/
+		 */
+		subnet = NULL;
+	} else {
+		subnet = vmalloc(size);
+		if (subnet == NULL) {
+			ret = -ENOMEM;
+			goto free_p;
+		}
+	}
+	if (copy_from_user(subnet,
+	    (const void __user *)(unsigned long)umem.subnets, size) != 0) {
+		ret = -EFAULT;
+		goto free_s;
+	}
+
+	p->subnets = subnet;
+	atomic_set(&p->ref, 1);
+	INIT_LIST_HEAD(&p->list);
+
+	spin_lock(&asn_lock);
+	list_add_tail_rcu(&p->list, &asn_head[proto]);
+	spin_unlock(&asn_lock);
+
+	return p;
+
+ free_s:
+	vfree(subnet);
+ free_p:
+	kfree(p);
+	return ERR_PTR(ret);
+}
+
+static void asn_try_remove_node(struct asn_number_kernel *p)
+{
+	spin_lock(&asn_lock);
+	if (!atomic_dec_and_test(&p->ref)) {
+		spin_unlock(&asn_lock);
+		return;
+	}
+
+	/* So now am unlinked or the only one alive, right ?
+	 * What are you waiting ? Free up some memory!
+	 */
+	list_del_rcu(&p->list);
+	spin_unlock(&asn_lock);
+
+	synchronize_rcu();
+	vfree(p->subnets);
+	kfree(p);
+}
+
+static struct asn_number_kernel *find_node(unsigned long asn,
+    enum asn_proto proto)
+{
+	struct asn_number_kernel *p;
+	spin_lock(&asn_lock);
+
+	list_for_each_entry_rcu(p, &asn_head[proto], list)
+		if (p->asn == asn) {
+			atomic_inc(&p->ref);
+			spin_unlock(&asn_lock);
+			return p;
+		}
+
+	spin_unlock(&asn_lock);
+	return NULL;
+}
+
+static inline int
+ipv6_cmp(const struct in6_addr *p, const struct in6_addr *q)
+{
+	unsigned int i;
+
+	for (i = 0; i < 4; ++i) {
+		if (p->s6_addr32[i] < q->s6_addr32[i])
+			return -1;
+		else if (p->s6_addr32[i] > q->s6_addr32[i])
+			return 1;
+	}
+
+	return 0;
+}
+
+static bool asn_bsearch6(const struct asn_subnet6 *range,
+    const struct in6_addr *addr, int lo, int hi)
+{
+	int mid;
+
+	while (true) {
+		if (hi <= lo)
+			return false;
+		mid = (lo + hi) / 2;
+		if (ipv6_cmp(&range[mid].begin, addr) <= 0 &&
+		    ipv6_cmp(addr, &range[mid].end) <= 0)
+			return true;
+		if (ipv6_cmp(&range[mid].begin, addr) > 0)
+			hi = mid;
+		else if (ipv6_cmp(&range[mid].end, addr) < 0)
+			lo = mid + 1;
+		else
+			break;
+	}
+
+	WARN_ON(true);
+	return false;
+}
+
+static bool
+xt_asn_mt6(const struct sk_buff *skb, struct xt_action_param *par)
+{
+	const struct xt_asn_match_info *info = par->matchinfo;
+	const struct asn_number_kernel *node;
+	const struct ipv6hdr *iph = ipv6_hdr(skb);
+	unsigned int i;
+	struct in6_addr ip;
+
+	memcpy(&ip, (info->flags & XT_ASN_SRC) ? &iph->saddr : &iph->daddr,
+	       sizeof(ip));
+	for (i = 0; i < 4; ++i)
+		ip.s6_addr32[i] = ntohl(ip.s6_addr32[i]);
+
+	rcu_read_lock();
+	for (i = 0; i < info->count; i++) {
+		if ((node = info->mem[i].kernel) == NULL) {
+			printk(KERN_ERR "xt_asn: what the hell ?? '%u' isn't loaded into memory... skip it!\n",
+					info->asn[i]);
+			continue;
+		}
+		if (asn_bsearch6(node->subnets, &ip, 0, node->count)) {
+			rcu_read_unlock();
+			return !(info->flags & XT_ASN_INV);
+		}
+	}
+
+	rcu_read_unlock();
+	return info->flags & XT_ASN_INV;
+}
+
+static bool asn_bsearch4(const struct asn_subnet4 *range,
+    uint32_t addr, int lo, int hi)
+{
+	int mid;
+
+	while (true) {
+		if (hi <= lo)
+			return false;
+		mid = (lo + hi) / 2;
+		if (range[mid].begin <= addr && addr <= range[mid].end)
+			return true;
+		if (range[mid].begin > addr)
+			hi = mid;
+		else if (range[mid].end < addr)
+			lo = mid + 1;
+		else
+			break;
+	}
+
+	WARN_ON(true);
+	return false;
+}
+
+static bool
+xt_asn_mt4(const struct sk_buff *skb, struct xt_action_param *par)
+{
+	const struct xt_asn_match_info *info = par->matchinfo;
+	const struct asn_number_kernel *node;
+	const struct iphdr *iph = ip_hdr(skb);
+	unsigned int i;
+	uint32_t ip;
+
+	ip = ntohl((info->flags & XT_ASN_SRC) ? iph->saddr : iph->daddr);
+	rcu_read_lock();
+	for (i = 0; i < info->count; i++) {
+		if ((node = info->mem[i].kernel) == NULL) {
+			printk(KERN_ERR "xt_asn: what the hell ?? '%u' isn't loaded into memory... skip it!\n",
+					info->asn[i]);
+			continue;
+		}
+		if (asn_bsearch4(node->subnets, ip, 0, node->count)) {
+			rcu_read_unlock();
+			return !(info->flags & XT_ASN_INV);
+		}
+	}
+
+	rcu_read_unlock();
+	return info->flags & XT_ASN_INV;
+}
+
+static int xt_asn_mt_checkentry(const struct xt_mtchk_param *par)
+{
+	struct xt_asn_match_info *info = par->matchinfo;
+	struct asn_number_kernel *node;
+	unsigned int i;
+
+	for (i = 0; i < info->count; i++) {
+		node = find_node(info->asn[i], nfp2geo[par->family]);
+		if (node == NULL) {
+			node = asn_add_node((const void __user *)(unsigned long)info->mem[i].user,
+			       nfp2geo[par->family]);
+			if (IS_ERR(node)) {
+				printk(KERN_ERR
+						"xt_asn: unable to load '%u' into memory: %ld\n",
+						info->asn[i], PTR_ERR(node));
+				return PTR_ERR(node);
+			}
+		}
+
+		/* Overwrite the now-useless pointer info->mem[i] with
+		 * a pointer to the node's kernelspace structure.
+		 * This avoids searching for a node in the match() and
+		 * destroy() functions.
+		 */
+		info->mem[i].kernel = node;
+	}
+
+	return 0;
+}
+
+static void xt_asn_mt_destroy(const struct xt_mtdtor_param *par)
+{
+	struct xt_asn_match_info *info = par->matchinfo;
+	struct asn_number_kernel *node;
+	unsigned int i;
+
+	/* This entry has been removed from the table so
+	 * decrease the refcount of all countries it is
+	 * using.
+	 */
+
+	for (i = 0; i < info->count; i++)
+		if ((node = info->mem[i].kernel) != NULL) {
+			/* Free up some memory if that node isn't used
+			 * anymore. */
+			asn_try_remove_node(node);
+		}
+		else
+			/* Something strange happened. There's no memory allocated for this
+			 * number.  Please send this bug to the mailing list. */
+			printk(KERN_ERR
+					"xt_asn: What happened peejix ? What happened acidfu ?\n"
+					"xt_asn: please report this bug to the maintainers\n");
+}
+
+static struct xt_match xt_asn_match[] __read_mostly = {
+	{
+		.name       = "asn",
+		.revision   = 1,
+		.family     = NFPROTO_IPV6,
+		.match      = xt_asn_mt6,
+		.checkentry = xt_asn_mt_checkentry,
+		.destroy    = xt_asn_mt_destroy,
+		.matchsize  = sizeof(struct xt_asn_match_info),
+		.me         = THIS_MODULE,
+	},
+	{
+		.name       = "asn",
+		.revision   = 1,
+		.family     = NFPROTO_IPV4,
+		.match      = xt_asn_mt4,
+		.checkentry = xt_asn_mt_checkentry,
+		.destroy    = xt_asn_mt_destroy,
+		.matchsize  = sizeof(struct xt_asn_match_info),
+		.me         = THIS_MODULE,
+	},
+};
+
+static int __init xt_asn_mt_init(void)
+{
+	unsigned int i;
+
+	for (i = 0; i < ARRAY_SIZE(asn_head); ++i)
+		INIT_LIST_HEAD(&asn_head[i]);
+	return xt_register_matches(xt_asn_match, ARRAY_SIZE(xt_asn_match));
+}
+
+static void __exit xt_asn_mt_fini(void)
+{
+	xt_unregister_matches(xt_asn_match, ARRAY_SIZE(xt_asn_match));
+}
+
+module_init(xt_asn_mt_init);
+module_exit(xt_asn_mt_fini);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/extensions/xt_asn.h new/xtables-addons-3.22/extensions/xt_asn.h
--- old/xtables-addons-3.21/extensions/xt_asn.h	1970-01-01 01:00:00.000000000 +0100
+++ new/xtables-addons-3.22/extensions/xt_asn.h	2022-10-25 10:43:50.000000000 +0200
@@ -0,0 +1,58 @@
+/* ipt_asn.h header file for libipt_asn.c and ipt_asn.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Copyright (c) 2004, 2005, 2006, 2007, 2008
+ *
+ * Samuel Jean
+ * Nicolas Bouliane
+ *
+ * D. Stussy - 2019 - Repurposed xt_geoip.h for ASN use.
+ */
+#ifndef _LINUX_NETFILTER_XT_ASN_H
+#define _LINUX_NETFILTER_XT_ASN_H 1
+
+enum {
+	XT_ASN_SRC = 1 << 0,	/* Perform check on Source IP */
+	XT_ASN_DST = 1 << 1,	/* Perform check on Destination IP */
+	XT_ASN_INV = 1 << 2,	/* Negate the condition */
+
+	XT_ASN_MAX = 15,	/* Maximum of countries */
+};
+
+/* Yup, an address range will be passed in with host-order */
+struct asn_subnet4 {
+	__u32 begin;
+	__u32 end;
+};
+
+struct asn_subnet6 {
+	struct in6_addr begin, end;
+};
+
+struct asn_number_user {
+	aligned_u64 subnets;
+	__u32 count;
+	__u32 asn;
+};
+
+struct asn_number_kernel;
+
+union asn_number_group {
+	aligned_u64 user; /* struct asn_number_user * */
+	struct asn_number_kernel *kernel;
+};
+
+struct xt_asn_match_info {
+	__u32 asn[XT_ASN_MAX];
+	__u8 flags;
+	__u8 count;
+
+	/* Used internally by the kernel */
+	union asn_number_group mem[XT_ASN_MAX];
+};
+
+#endif /* _LINUX_NETFILTER_XT_ASN_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/geoip/Makefile.am new/xtables-addons-3.22/geoip/Makefile.am
--- old/xtables-addons-3.21/geoip/Makefile.am	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/geoip/Makefile.am	1970-01-01 01:00:00.000000000 +0100
@@ -1,9 +0,0 @@
-# -*- Makefile -*-
-
-bin_SCRIPTS = xt_geoip_query
-
-pkglibexec_SCRIPTS = xt_geoip_build xt_geoip_build_maxmind xt_geoip_dl xt_geoip_dl_maxmind
-
-man1_MANS = xt_geoip_build.1 xt_geoip_dl.1 \
-	    xt_geoip_build_maxmind.1 xt_geoip_dl_maxmind.1 \
-	    xt_geoip_query.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.21/mconfig new/xtables-addons-3.22/mconfig
--- old/xtables-addons-3.21/mconfig	2022-06-13 12:32:28.000000000 +0200
+++ new/xtables-addons-3.22/mconfig	2022-10-25 10:43:50.000000000 +0200
@@ -11,6 +11,7 @@
 build_PROTO=m
 build_SYSRQ=m
 build_TARPIT=m
+build_asn=m
 build_condition=m
 build_fuzzy=m
 build_geoip=m

    

commit xtables-addons for openSUSE:Factory

Source-Sync