Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Changed	arptables.changes
@@ -1,4 +1,17 @@ ------------------------------------------------------------------- +Sat Jan 26 10:27:24 UTC 2013 - cs@linux-administrator.com + +- Update to new upstream release 0.0.4 +* also print the -i and -o interface if -v is not specified +* fix handling of inversion flag +* let --proto-type also accept hexadecimal input +* add xtables CLASSIFY target +- Dropped arptables-install.diff and arptables-warnings.diff, + merged upstream +- Switch version number to what upstream uses (1.0.4 -> 0.0.4), + yast/libzypp can handle downgrades for some years now + +------------------------------------------------------------------- Sat Sep 17 12:16:34 UTC 2011 - jengelh@medozas.de - Remove redundant tags/sections from specfile
[-] [+]	Changed	arptables.spec ^
@@ -19,18 +19,15 @@ Url: http://ebtables.sourceforge.net/ Name: arptables -Version: 1.0.3.4 +Version: 0.0.4 Release: 8 -%define oversion v0.0.3-4 +%define oversion v0.0.4 License: GPL-2.0+ Group: Productivity/Networking/Security Summary: User Space Tool to Set Up and Maintain ARP Filtering Tables -#Source: http://downloads.sf.net/ebtables/arptables-v0.0.3-4.tar.gz Source: %name-%oversion.tar.xz Source1: COPYING -Patch1: arptables-install.diff -Patch2: arptables-warnings.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: coreutils perl xz @@ -47,7 +44,6 @@ tar -xf "%{S:0}" --use=xz; %setup -DTqn %name-%oversion %endif -%patch -P 1 -P 2 -p1 %build make %{?_smp_mflags} all LIBDIR=/%{_lib} PREFIX=%_prefix COPT_FLAGS="$RPM_OPT_FLAGS -W -Wall" @@ -55,6 +51,8 @@ %install make install DESTDIR=%{buildroot} LIBDIR=/%{_lib} PREFIX=%_prefix MANDIR=%_mandir +# This is a RH-specific init script +rm -Rf "%buildroot/etc/rc.d" %files %defattr(-,root,root)
[-] [+]	Deleted	arptables-install.diff ^
@@ -1,36 +0,0 @@ ---- - Makefile \| 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -Index: arptables-v0.0.3-4/Makefile -=================================================================== ---- arptables-v0.0.3-4.orig/Makefile -+++ arptables-v0.0.3-4/Makefile -@@ -35,22 +35,22 @@ arptables: arptables-standalone.o arptab - - $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8 - mkdir -p $(@D) -- install -m 0644 -o root -g root $< $@ -+ install -m 0644 $< $@ - - $(DESTDIR)$(BINDIR)/arptables: arptables - mkdir -p $(DESTDIR)$(BINDIR) -- install -m 0755 -o root -g root $< $@ -+ install -m 0755 $< $@ - - tmp1:=$(shell printf $(BINDIR) \| sed 's/\//\\\//g') - tmp2:=$(shell printf $(SYSCONFIGDIR) \| sed 's/\//\\\//g') - .PHONY: scripts - scripts: arptables-save arptables-restore arptables.sysv - cat arptables-save \| sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-save_ -- install -m 0755 -o root -g root arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save -+ install -m 0755 arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save - cat arptables-restore \| sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-restore_ -- install -m 0755 -o root -g root arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore -+ install -m 0755 arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore - cat arptables.sysv \| sed 's/__EXEC_PATH__/$(tmp1)/g' \| sed 's/__SYSCONFIG__/$(tmp2)/g' > arptables.sysv_ -- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi -+ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi - rm -f arptables-save_ arptables-restore_ arptables.sysv_ - - .PHONY: install
[-] [+]	Deleted	arptables-warnings.diff ^
@@ -1,168 +0,0 @@ ---- - arptables.c \| 27 +++++++++++++++------------ - libarptc/libarptc.c \| 6 ++++-- - libarptc/libarptc_incl.c \| 6 ++++-- - 3 files changed, 23 insertions(+), 16 deletions(-) - -Index: arptables-v0.0.3-4/arptables.c -=================================================================== ---- arptables-v0.0.3-4.orig/arptables.c -+++ arptables-v0.0.3-4/arptables.c -@@ -874,7 +874,7 @@ parse_target(const char targetname) - - if (strlen(targetname)+1 > sizeof(arpt_chainlabel)) - exit_error(PARAMETER_PROBLEM, -- "Invalid target name `%s' (%i chars max)", -+ "Invalid target name `%s' (%zu chars max)", - targetname, sizeof(arpt_chainlabel)-1); - - for (ptr = targetname; ptr; ptr++) -@@ -1062,7 +1062,7 @@ register_match(struct arptables_match m - } - - if (me->size != ARPT_ALIGN(me->size)) { -- fprintf(stderr, "%s: match `%s' has invalid size %u.\n", -+ fprintf(stderr, "%s: match `%s' has invalid size %zu.\n", - program_name, me->name, me->size); - exit(1); - } -@@ -1092,7 +1092,7 @@ register_target(struct arptables_target - } - - if (me->size != ARPT_ALIGN(me->size)) { -- fprintf(stderr, "%s: target `%s' has invalid size %u.\n", -+ fprintf(stderr, "%s: target `%s' has invalid size %zu.\n", - program_name, me->name, me->size); - exit(1); - } -@@ -1116,17 +1116,17 @@ print_num(u_int64_t number, unsigned int - number = (number + 500) / 1000; - if (number > 9999) { - number = (number + 500) / 1000; -- printf(FMT("%4lluT ","%lluT "), number); -+ printf(FMT("%4lluT ","%lluT "), (unsigned long long)number); - } -- else printf(FMT("%4lluG ","%lluG "), number); -+ else printf(FMT("%4lluG ","%lluG "), (unsigned long long)number); - } -- else printf(FMT("%4lluM ","%lluM "), number); -+ else printf(FMT("%4lluM ","%lluM "), (unsigned long long)number); - } else -- printf(FMT("%4lluK ","%lluK "), number); -+ printf(FMT("%4lluK ","%lluK "), (unsigned long long)number); - } else -- printf(FMT("%5llu ","%llu "), number); -+ printf(FMT("%5llu ","%llu "), (unsigned long long)number); - } else -- printf(FMT("%8llu ","%llu "), number); -+ printf(FMT("%8llu ","%llu "), (unsigned long long)number); - } - - -@@ -1370,7 +1370,7 @@ after_devdst: - / Print the target information. / - target->print(&fw->arp, t, format & FMT_NUMERIC); - } else if (t->u.target_size != sizeof(t)) -- printf("[%u bytes of unknown target data] ", -+ printf("[%zu bytes of unknown target data] ", - t->u.target_size - sizeof(t)); - - if (!(format & FMT_NOCOUNTS)) { -@@ -1777,6 +1777,7 @@ int do_command(int argc, char argv[], c - const char jumpto = ""; - char protocol = NULL; - const char modprobe = NULL; -+ unsigned long long bpcnt_num; - - / first figure out if this is a 2.6 or a 2.4 kernel / - handle = arptc_init(table); -@@ -2159,15 +2160,17 @@ int do_command(int argc, char argv[], c - "-%c requires packet and byte counter", - opt2char(OPT_COUNTERS)); - -- if (sscanf(pcnt, "%llu", &fw.counters.pcnt) != 1) -+ if (sscanf(pcnt, "%llu", &bpcnt_num) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c packet counter not numeric", - opt2char(OPT_COUNTERS)); -+ fw.counters.pcnt = bpcnt_num; - -- if (sscanf(bcnt, "%llu", &fw.counters.bcnt) != 1) -+ if (sscanf(bcnt, "%llu", &bpcnt_num) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c byte counter not numeric", - opt2char(OPT_COUNTERS)); -+ fw.counters.bcnt = bpcnt_num; - - break; - -Index: arptables-v0.0.3-4/libarptc/libarptc.c -=================================================================== ---- arptables-v0.0.3-4.orig/libarptc/libarptc.c -+++ arptables-v0.0.3-4/libarptc/libarptc.c -@@ -133,7 +133,8 @@ dump_entry(STRUCT_ENTRY e, const TC_HAN - printf("Flags: %02X\n", e->arp.flags); - printf("Invflags: %02X\n", e->arp.invflags); - printf("Counters: %llu packets, %llu bytes\n", -- e->counters.pcnt, e->counters.bcnt); -+ (unsigned long long)e->counters.pcnt, -+ (unsigned long long)e->counters.bcnt); - / - printf("Cache: %08X ", e->nfcache); - if (e->nfcache & NFC_ALTERED) printf("ALTERED "); -@@ -159,7 +160,8 @@ dump_entry(STRUCT_ENTRY e, const TC_HAN - t = GET_TARGET(e); - printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size); - if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) { -- int pos = (int )t->data; -+ const unsigned char data = t->data; -+ int pos = (const int )data; - if (pos < 0) - printf("verdict=%s\n", - pos == -NF_ACCEPT-1 ? "NF_ACCEPT" -Index: arptables-v0.0.3-4/libarptc/libarptc_incl.c -=================================================================== ---- arptables-v0.0.3-4.orig/libarptc/libarptc_incl.c -+++ arptables-v0.0.3-4/libarptc/libarptc_incl.c -@@ -121,7 +121,7 @@ entry2index(const TC_HANDLE_T h, const S - - if (ENTRY_ITERATE(h->entries.entrytable, h->entries.size, - get_number, seek, &pos) == 0) { -- fprintf(stderr, "ERROR: offset %i not an entry!\n", -+ fprintf(stderr, "ERROR: offset %zu not an entry!\n", - (char )seek - (char )h->entries.entrytable); - abort(); - } -@@ -583,6 +583,7 @@ target_name(TC_HANDLE_T handle, const ST - int spos; - unsigned int labelidx; - STRUCT_ENTRY jumpto; -+ const unsigned char data; - - /* To avoid const warnings / - STRUCT_ENTRY e = (STRUCT_ENTRY )ce; -@@ -591,7 +592,8 @@ target_name(TC_HANDLE_T handle, const ST - return GET_TARGET(e)->u.user.name; - - / Standard target: evaluate / -- spos = (int )GET_TARGET(e)->data; -+ data = GET_TARGET(e)->data; -+ spos = (const int *)data; - if (spos < 0) { - if (spos == RETURN) - return LABEL_RETURN; -Index: arptables-v0.0.3-4/Makefile -=================================================================== ---- arptables-v0.0.3-4.orig/Makefile -+++ arptables-v0.0.3-4/Makefile -@@ -10,8 +10,8 @@ INITDIR:=/etc/rc.d/init.d - SYSCONFIGDIR:=/etc/sysconfig - DESTDIR:= - --COPT_FLAGS:=-O2 --CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG -+COPT_FLAGS=-O2 -+CFLAGS=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG - - ifndef ARPT_LIBDIR - ARPT_LIBDIR:=$(LIBDIR)/arptables
[-] [+]	Deleted	arptables-v0.0.3-4.tar.xz/include/arp_tables.h ^
@@ -1,342 +0,0 @@ -/* - * Format of an ARP firewall descriptor - * - * src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in - * network byte order. - * flags are stored in host byte order (of course). - / - -#ifndef _ARPTABLES_H -#define _ARPTABLES_H - -#ifdef __KERNEL__ -#include <linux/if.h> -#include <linux/types.h> -#include <linux/in.h> -#include <linux/if_arp.h> -#include <linux/skbuff.h> -#endif - -#include <linux/netfilter_arp.h> - -#define ARPT_FUNCTION_MAXNAMELEN 30 -#define ARPT_TABLE_MAXNAMELEN 32 - -#define ARPT_DEV_ADDR_LEN_MAX 16 - -struct arpt_devaddr_info { - char addr[ARPT_DEV_ADDR_LEN_MAX]; - char mask[ARPT_DEV_ADDR_LEN_MAX]; -}; - -/ Yes, Virginia, you have to zero the padding. / -struct arpt_arp { - / Source and target IP addr / - struct in_addr src, tgt; - / Mask for src and target IP addr / - struct in_addr smsk, tmsk; - - / Device hw address length, src+target device addresses / - u_int8_t arhln, arhln_mask; - struct arpt_devaddr_info src_devaddr; - struct arpt_devaddr_info tgt_devaddr; - - / ARP operation code. / - u_int16_t arpop, arpop_mask; - - / ARP hardware address and protocol address format. / - u_int16_t arhrd, arhrd_mask; - u_int16_t arpro, arpro_mask; - - / The protocol address length is only accepted if it is 4 - * so there is no use in offering a way to do filtering on it. - / - - char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; - unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; - - / Flags word / - u_int8_t flags; - / Inverse flags / - u_int16_t invflags; -}; - -struct arpt_entry_target -{ - union { - struct { - u_int16_t target_size; - - / Used by userspace / - char name[ARPT_FUNCTION_MAXNAMELEN]; - } user; - struct { - u_int16_t target_size; - - / Used inside the kernel / - struct arpt_target target; - } kernel; - - /* Total length / - u_int16_t target_size; - } u; - - unsigned char data[0]; -}; - -struct arpt_standard_target -{ - struct arpt_entry_target target; - int verdict; -}; - -struct arpt_counters -{ - u_int64_t pcnt, bcnt; / Packet and byte counters / -}; - -/ Values for "flag" field in struct arpt_ip (general arp structure). - * No flags defined yet. - / -#define ARPT_F_MASK 0x00 / All possible flag bits mask. / - -/ Values for "inv" field in struct arpt_arp. / -#define ARPT_INV_VIA_IN 0x0001 / Invert the sense of IN IFACE. / -#define ARPT_INV_VIA_OUT 0x0002 / Invert the sense of OUT IFACE / -#define ARPT_INV_SRCIP 0x0004 / Invert the sense of SRC IP. / -#define ARPT_INV_TGTIP 0x0008 / Invert the sense of TGT IP. / -#define ARPT_INV_SRCDEVADDR 0x0010 / Invert the sense of SRC DEV ADDR. / -#define ARPT_INV_TGTDEVADDR 0x0020 / Invert the sense of TGT DEV ADDR. / -#define ARPT_INV_ARPOP 0x0040 / Invert the sense of ARP OP. / -#define ARPT_INV_ARPHRD 0x0080 / Invert the sense of ARP HRD. / -#define ARPT_INV_ARPPRO 0x0100 / Invert the sense of ARP PRO. / -#define ARPT_INV_ARPHLN 0x0200 / Invert the sense of ARP HLN. / -#define ARPT_INV_MASK 0x03FF / All possible flag bits mask. / - -/ This structure defines each of the firewall rules. Consists of 3 - parts which are 1) general ARP header stuff 2) match specific - stuff 3) the target to perform if the rule matches / -struct arpt_entry -{ - struct arpt_arp arp; - - / Size of arpt_entry + matches / - u_int16_t target_offset; - / Size of arpt_entry + matches + target / - u_int16_t next_offset; - - / Back pointer / - unsigned int comefrom; - - / Packet and byte counters. / - struct arpt_counters counters; - - / The matches (if any), then the target. / - unsigned char elems[0]; -}; - -/ - * New IP firewall options for [gs]etsockopt at the RAW IP level. - * Unlike BSD Linux inherits IP options so you don't have to use a raw - * socket for this. Instead we check rights in the calls. - / -#define ARPT_BASE_CTL 96 / base for firewall socket options / - -#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) -#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) -#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS - -#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) -#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES - -/ CONTINUE verdict for targets / -#define ARPT_CONTINUE 0xFFFFFFFF - -/ For standard target / -#define ARPT_RETURN (-NF_REPEAT - 1) - -/ The argument to ARPT_SO_GET_INFO / -struct arpt_getinfo -{ - / Which table: caller fills this in. / - char name[ARPT_TABLE_MAXNAMELEN]; - - / Kernel fills these in. / - / Which hook entry points are valid: bitmask / - unsigned int valid_hooks; - - / Hook entry points: one per netfilter hook. / - unsigned int hook_entry[3]; - - / Underflow points. / - unsigned int underflow[3]; - - / Number of entries / - unsigned int num_entries; - - / Size of entries. / - unsigned int size; -}; - -/ The argument to ARPT_SO_SET_REPLACE. / -struct arpt_replace -{ - / Which table. / - char name[ARPT_TABLE_MAXNAMELEN]; - - / Which hook entry points are valid: bitmask. You can't - change this. / - unsigned int valid_hooks; - - / Number of entries / - unsigned int num_entries; - - / Total size of new entries / - unsigned int size; - - / Hook entry points. / - unsigned int hook_entry[3]; - - / Underflow points. / - unsigned int underflow[3]; - - / Information about old entries: / - / Number of counters (must be equal to current number of entries). / - unsigned int num_counters; - / The old entries' counters. / - struct arpt_counters counters; - - /* The entries (hang off end: not really an array). / - struct arpt_entry entries[0]; -}; - -/ The argument to ARPT_SO_ADD_COUNTERS. / -struct arpt_counters_info -{ - / Which table. / - char name[ARPT_TABLE_MAXNAMELEN]; - - unsigned int num_counters; - - / The counters (actually `number' of these). / - struct arpt_counters counters[0]; -}; - -/ The argument to ARPT_SO_GET_ENTRIES. / -struct arpt_get_entries -{ - / Which table: user fills this in. / - char name[ARPT_TABLE_MAXNAMELEN]; - - / User fills this in: total entry size. / - unsigned int size; - - / The entries. / - struct arpt_entry entrytable[0]; -}; - -/ Standard return verdict, or do jump. / -#define ARPT_STANDARD_TARGET "" -/ Error verdict. / -#define ARPT_ERROR_TARGET "ERROR" - -/ Helper functions / -static __inline__ struct arpt_entry_target arpt_get_target(struct arpt_entry e) -{ - return (void )e + e->target_offset; -} - -/* fn returns 0 to continue iteration / -#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct arpt_entry __entry; \ - \ - for (__i = 0; __i < (size); __i += __entry->next_offset) { \ - __entry = (void )(entries) + __i; \ - \ - __ret = fn(__entry , ## args); \ - if (__ret != 0) \ - break; \ - } \ - __ret; \ -}) - -/ - * Main firewall chains definitions and global var's definitions. - / -#ifdef __KERNEL__ - -/ Registration hooks for targets. / -struct arpt_target -{ - struct list_head list; - - const char name[ARPT_FUNCTION_MAXNAMELEN]; - - / Returns verdict. / - unsigned int (target)(struct sk_buff *pskb, - unsigned int hooknum, - const struct net_device in, - const struct net_device out, - const void targinfo, - void userdata); - - / Called when user tries to insert an entry of this type: - hook_mask is a bitmask of hooks from which it can be - called. / - / Should return true or false. / - int (checkentry)(const char tablename, - const struct arpt_entry e, - void targinfo, - unsigned int targinfosize, - unsigned int hook_mask); - - / Called when entry of this type deleted. / - void (destroy)(void targinfo, unsigned int targinfosize); - - / Set this to THIS_MODULE if you are a module, otherwise NULL / - struct module me; -}; - -extern int arpt_register_target(struct arpt_target target); -extern void arpt_unregister_target(struct arpt_target target); - -/* Furniture shopping... / -struct arpt_table -{ - struct list_head list; - - / A unique name... / - char name[ARPT_TABLE_MAXNAMELEN]; - - / Seed table: copied in register_table / - struct arpt_replace table; - - /* What hooks you will enter on / - unsigned int valid_hooks; - - / Lock for the curtain / - rwlock_t lock; - - / Man behind the curtain... / - struct arpt_table_info private; - - /* Set this to THIS_MODULE if you are a module, otherwise NULL / - struct module me; -}; - -extern int arpt_register_table(struct arpt_table table); -extern void arpt_unregister_table(struct arpt_table table); -extern unsigned int arpt_do_table(struct sk_buff *pskb, - unsigned int hook, - const struct net_device in, - const struct net_device out, - struct arpt_table table, - void userdata); - -#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) -#endif /__KERNEL__/ -#endif / _ARPTABLES_H */
[-] [+]	Changed	arptables-v0.0.4.tar.xz/Makefile ^
@@ -1,4 +1,4 @@ -ARPTABLES_VERSION:=0.0.3-4 +ARPTABLES_VERSION:=0.0.4 KERNEL_DIR:=./ # default paths @@ -31,26 +31,27 @@ $(CC) $(CFLAGS) -c -o $@ $< arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS) - $(CC) $(CFLAGS) -o $@ $^ + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8 mkdir -p $(@D) - install -m 0644 -o root -g root $< $@ + install -m 0644 $< $@ $(DESTDIR)$(BINDIR)/arptables: arptables mkdir -p $(DESTDIR)$(BINDIR) - install -m 0755 -o root -g root $< $@ + install -m 0755 $< $@ tmp1:=$(shell printf $(BINDIR) \| sed 's/\//\\\//g') tmp2:=$(shell printf $(SYSCONFIGDIR) \| sed 's/\//\\\//g') .PHONY: scripts scripts: arptables-save arptables-restore arptables.sysv cat arptables-save \| sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-save_ - install -m 0755 -o root -g root arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save + install -m 0755 arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save cat arptables-restore \| sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-restore_ - install -m 0755 -o root -g root arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore + install -m 0755 arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore cat arptables.sysv \| sed 's/__EXEC_PATH__/$(tmp1)/g' \| sed 's/__SYSCONFIG__/$(tmp2)/g' > arptables.sysv_ - if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi + if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi + if test -d $(DESTDIR)$(INITDIR); then install -m 0755 arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi rm -f arptables-save_ arptables-restore_ arptables.sysv_ .PHONY: install @@ -65,11 +66,9 @@ rm -f include/~ include/libarptc/~ DIR:=arptables-v$(ARPTABLES_VERSION) -CVSDIRS:=CVS extensions/CVS libarptc/CVS include/CVS include/libarptc/CVS include/linux/CVS include/linux/netfilter_arp/CVS # This is used to make a new userspace release .PHONY: release release: - rm -rf $(CVSDIRS) make clean cd ..;find $(DIR) -exec touch {} \;;find $(DIR) -exec chmod o-r,g-r,o-w,g-w,o-x,g-x {} \;;tar -pc $(DIR) \| gzip >$(DIR).tar.gz
[-] [+]	Changed	arptables-v0.0.4.tar.xz/arptables-save ^
@@ -19,7 +19,7 @@ my $line = ""; foreach $line (split("\n",$_[0])) { - if ($line =~ m/Chain\s(.?)\s$policy\s(.?)\s/) { + if ($line =~ m/Chain\s(.?)\s\(policy\s(.?)$/) { $chains = $chains . ":$1 $2\n"; $chain = $1; next; @@ -32,9 +32,6 @@ if ($line =~ m/^$/) { next; } - # Due to arptables "issues" with displaying device names - # we need to use -v and then do some processing - $line =~ s/\s,\s.*//; $rules = $rules . "-A $chain $line\n"; } @@ -47,7 +44,7 @@ # ======================================================== unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; }; -$table =`$tool -t filter -L -v`; +$table =`$tool -t filter -L -n`; unless ($? == 0) { print $table; exit -1 }; &process_table($table);
[-] [+]	Changed	arptables-v0.0.4.tar.xz/arptables.8 ^
@@ -1,4 +1,4 @@ -.TH ARPTABLES 8 "August 2007" +.TH ARPTABLES 8 "November 2011" .\" .\" Man page originally written by Jochen Friedrich <jochen@scram.de>, .\" maintained by Bart De Schuymer. @@ -22,7 +22,7 @@ .\" .\" .SH NAME -arptables (v.0.0.3-3) \- ARP table administration +arptables \- ARP table administration .SH SYNOPSIS .BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ] .br @@ -297,10 +297,19 @@ .BR "--mangle-target target " Target of ARP mangle operation .BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ). +.SS CLASSIFY +This module allows you to set the skb->priority value (and thus clas- +sify the packet into a specific CBQ class). + +.TP +.BR "--set-class major:minor" + +Set the major and minor class value. The values are always +interpreted as hexadecimal even if no 0x prefix is given. .SH MAILINGLISTS -.I ebtables-user@lists.sourceforge.net -.br -.I ebtables-devel@lists.sourceforge.net +.BR "" "See " http://netfilter.org/mailinglists.html .SH SEE ALSO .BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8) +.PP +.BR "" "See " http://ebtables.sf.net
[-] [+]	Changed	arptables-v0.0.4.tar.xz/arptables.c ^
@@ -34,6 +34,7 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> +#include <inttypes.h> #include <dlfcn.h> #include <ctype.h> #include <stdarg.h> @@ -203,6 +204,7 @@ /* 2 / ARPT_INV_SRCDEVADDR, / 3 / ARPT_INV_TGTDEVADDR, / -l / ARPT_INV_ARPHLN, +/ 8 / 0, / 4 / ARPT_INV_ARPOP, / 5 / ARPT_INV_ARPHRD, / 6 / ARPT_INV_ARPPRO, @@ -874,7 +876,7 @@ if (strlen(targetname)+1 > sizeof(arpt_chainlabel)) exit_error(PARAMETER_PROBLEM, - "Invalid target name `%s' (%i chars max)", + "Invalid target name `%s' (%zu chars max)", targetname, sizeof(arpt_chainlabel)-1); for (ptr = targetname; ptr; ptr++) @@ -1062,7 +1064,7 @@ } if (me->size != ARPT_ALIGN(me->size)) { - fprintf(stderr, "%s: match `%s' has invalid size %u.\n", + fprintf(stderr, "%s: match `%s' has invalid size %zu.\n", program_name, me->name, me->size); exit(1); } @@ -1092,7 +1094,7 @@ } if (me->size != ARPT_ALIGN(me->size)) { - fprintf(stderr, "%s: target `%s' has invalid size %u.\n", + fprintf(stderr, "%s: target `%s' has invalid size %zu.\n", program_name, me->name, me->size); exit(1); } @@ -1116,17 +1118,17 @@ number = (number + 500) / 1000; if (number > 9999) { number = (number + 500) / 1000; - printf(FMT("%4lluT ","%lluT "), number); + printf(FMT("%4"PRIu64"T ","%"PRIu64"T "), number); } - else printf(FMT("%4lluG ","%lluG "), number); + else printf(FMT("%4"PRIu64"G ","%"PRIu64"G "), number); } - else printf(FMT("%4lluM ","%lluM "), number); + else printf(FMT("%4"PRIu64"M ","%"PRIu64"M "), number); } else - printf(FMT("%4lluK ","%lluK "), number); + printf(FMT("%4"PRIu64"K ","%"PRIu64"K "), number); } else - printf(FMT("%5llu ","%llu "), number); + printf(FMT("%5"PRIu64" ","%"PRIu64" "), number); } else - printf(FMT("%8llu ","%llu "), number); + printf(FMT("%8"PRIu64" ","%"PRIu64" "), number); } @@ -1214,9 +1216,10 @@ { struct arptables_target target = NULL; const struct arpt_entry_target t; - u_int8_t flags; char buf[BUFSIZ]; int i; + char iface[IFNAMSIZ+2]; + int print_iface = 0; if (!arptc_is_chain(targname, handle)) target = find_target(targname, TRY_LOAD); @@ -1224,7 +1227,6 @@ target = find_target(ARPT_STANDARD_TARGET, LOAD_MUST_SUCCEED); t = arpt_get_target((struct arpt_entry )fw); - flags = fw->arp.flags; if (format & FMT_LINENUMBERS) printf("%u ", num+1); @@ -1232,35 +1234,34 @@ if (!(format & FMT_NOTARGET) && targname[0] != '\0') printf("-j %s ", targname); - if (format & FMT_VIA) { - char iface[IFNAMSIZ+2]; - - if (fw->arp.invflags & ARPT_INV_VIA_IN) { - iface[0] = '!'; - iface[1] = '\0'; - } - else iface[0] = '\0'; + iface[0] = '\0'; - if (fw->arp.iniface[0] != '\0') { - strcat(iface, fw->arp.iniface); - } - else if (format & FMT_NUMERIC) strcat(iface, ""); + if (fw->arp.iniface[0] != '\0') { + strcat(iface, fw->arp.iniface); + print_iface = 1; + } + else if (format & FMT_VIA) { + print_iface = 1; + if (format & FMT_NUMERIC) strcat(iface, ""); else strcat(iface, "any"); - printf("-i %s ", iface); + } + if (print_iface) + printf("%s-i %s ", fw->arp.invflags & ARPT_INV_VIA_IN ? "! ": "", iface); - if (fw->arp.invflags & ARPT_INV_VIA_OUT) { - iface[0] = '!'; - iface[1] = '\0'; - } - else iface[0] = '\0'; + print_iface = 0; + iface[0] = '\0'; - if (fw->arp.outiface[0] != '\0') { - strcat(iface, fw->arp.outiface); - } - else if (format & FMT_NUMERIC) strcat(iface, ""); + if (fw->arp.outiface[0] != '\0') { + strcat(iface, fw->arp.outiface); + print_iface = 1; + } + else if (format & FMT_VIA) { + print_iface = 1; + if (format & FMT_NUMERIC) strcat(iface, ""); else strcat(iface, "any"); - printf("-o %s ", iface); } + if (print_iface) + printf("%s-o %s ", fw->arp.invflags & ARPT_INV_VIA_OUT ? "! " : "", iface); if (fw->arp.smsk.s_addr != 0L) { printf("%s", fw->arp.invflags & ARPT_INV_SRCIP @@ -1370,7 +1371,7 @@ / Print the target information. / target->print(&fw->arp, t, format & FMT_NUMERIC); } else if (t->u.target_size != sizeof(t)) - printf("[%u bytes of unknown target data] ", + printf("[%zu bytes of unknown target data] ", t->u.target_size - sizeof(*t)); if (!(format & FMT_NOCOUNTS)) { @@ -2039,7 +2040,7 @@ check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_P_TYPE, &fw.arp.invflags, invert); - if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 10)) { + if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 0)) { if (strcasecmp(argv[optind-1], "ipv4")) exit_error(PARAMETER_PROBLEM, "Problem with specified protocol type"); fw.arp.arpro = htons(0x800); @@ -2159,12 +2160,12 @@ "-%c requires packet and byte counter", opt2char(OPT_COUNTERS)); - if (sscanf(pcnt, "%llu", &fw.counters.pcnt) != 1) + if (sscanf(pcnt, "%"PRIu64, &fw.counters.pcnt) != 1) exit_error(PARAMETER_PROBLEM, "-%c packet counter not numeric", opt2char(OPT_COUNTERS)); - if (sscanf(bcnt, "%llu", &fw.counters.bcnt) != 1) + if (sscanf(bcnt, "%"PRIu64, &fw.counters.bcnt) != 1) exit_error(PARAMETER_PROBLEM, "-%c byte counter not numeric", opt2char(OPT_COUNTERS));
[-] [+]	Changed	arptables-v0.0.4.tar.xz/extensions/Makefile ^
@@ -1,6 +1,6 @@ #! /usr/bin/make -EXT_FUNC+=standard mangle +EXT_FUNC+=standard mangle CLASSIFY EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/arpt_$(T).o) extensions/ebt_%.o: extensions/arpt_%.c include/arptables.h include/arptables_common.h
[-] [+]	Added	arptables-v0.0.4.tar.xz/extensions/arpt_CLASSIFY.c ^
@@ -0,0 +1,121 @@ +/* + * (C) 2010 by Frederic Leroy <fredo@starox.org> + * + * arpt_classify.c -- arptables extension to classify arp packet + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + / + +#include <stdio.h> +#include <getopt.h> +#include <arptables.h> +#include <linux/netfilter/xt_CLASSIFY.h> + +#define TC_H_MAJ_MASK (0xFFFF0000U) +#define TC_H_MIN_MASK (0x0000FFFFU) +#define TC_H_MAJ(h) ((h)&TC_H_MAJ_MASK) +#define TC_H_MIN(h) ((h)&TC_H_MIN_MASK) +#define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)\|((min)&TC_H_MIN_MASK)) + +static void +help(void) +{ + printf( +"CLASSIFY target v%s options:\n" +"--set-class major:minor : set the major and minor class value\n", + ARPTABLES_VERSION); +} + +#define CLASSIFY_OPT 1 + +static struct option opts[] = { + { "set-class" , required_argument, 0, CLASSIFY_OPT }, + {0} +}; + +static void +init(struct arpt_entry_target t) +{ + struct xt_classify_target_info classify = (struct xt_classify_target_info ) t->data; + classify->priority = 0; +} + +static int +parse(int c, char *argv, int invert, unsigned int flags, + const struct arpt_entry e, + struct arpt_entry_target t) +{ + struct xt_classify_target_info classify = (struct xt_classify_target_info )(t)->data; + int i,j; + + switch (c) { + case CLASSIFY_OPT: + if (sscanf(argv[optind-1], "%x:%x", &i, &j) != 2) { + exit_error(PARAMETER_PROBLEM, + "Bad class value `%s'", optarg); + return 0; + } + classify->priority = TC_H_MAKE(i<<16, j); + if (flags) + exit_error(PARAMETER_PROBLEM, + "CLASSIFY: Can't specify --set-class twice"); + flags = 1; + break; + default: + return 0; + } + return 1; +} + +static void final_check(unsigned int flags) +{ + if (!flags) + exit_error(PARAMETER_PROBLEM, "CLASSIFY: Parameter --set-class is required"); +} + +static void print(const struct arpt_arp ip, + const struct arpt_entry_target target, int numeric) +{ + struct xt_classify_target_info t = (struct xt_classify_target_info )(target->data); + + printf("--set-class %x:%x ", TC_H_MAJ(t->priority)>>16, TC_H_MIN(t->priority)); +} + +static void +save(const struct arpt_arp ip, const struct arpt_entry_target target) +{ +} + +static +struct arptables_target classify += { NULL, + "CLASSIFY", + ARPTABLES_VERSION, + ARPT_ALIGN(sizeof(struct xt_classify_target_info)), + ARPT_ALIGN(sizeof(struct xt_classify_target_info)), + &help, + &init, + &parse, + &final_check, + &print, + &save, + opts +}; + +static void _init(void) __attribute__ ((constructor)); +static void _init(void) +{ + register_target(&classify); +}
[-] [+]	Changed	arptables-v0.0.4.tar.xz/libarptc/libarptc.c ^
@@ -15,6 +15,7 @@ #include <string.h> #include <errno.h> #include <stdlib.h> +#include <inttypes.h> #include <stdio.h> #include <unistd.h> @@ -132,7 +133,7 @@ printf("%c", e->arp.outiface_mask[i] ? 'X' : '.'); printf("Flags: %02X\n", e->arp.flags); printf("Invflags: %02X\n", e->arp.invflags); - printf("Counters: %llu packets, %llu bytes\n", + printf("Counters: %"PRIu64" packets, %"PRIu64" bytes\n", e->counters.pcnt, e->counters.bcnt); /* printf("Cache: %08X ", e->nfcache); @@ -159,7 +160,8 @@ t = GET_TARGET(e); printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size); if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) { - int pos = (int )t->data; + const unsigned char data = t->data; + const int pos = (const int *)data; if (pos < 0) printf("verdict=%s\n", pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
[-] [+]	Changed	arptables-v0.0.4.tar.xz/libarptc/libarptc_incl.c ^
@@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.6 $ / +/ Library which manipulates firewall rules. Version $Revision: 1.7 $ / / Architecture of firewall rules is as follows: * @@ -121,7 +121,7 @@ if (ENTRY_ITERATE(h->entries.entrytable, h->entries.size, get_number, seek, &pos) == 0) { - fprintf(stderr, "ERROR: offset %i not an entry!\n", + fprintf(stderr, "ERROR: offset %zu not an entry!\n", (char )seek - (char )h->entries.entrytable); abort(); } @@ -581,6 +581,7 @@ target_name(TC_HANDLE_T handle, const STRUCT_ENTRY ce) { int spos; + const unsigned char data; unsigned int labelidx; STRUCT_ENTRY jumpto; @@ -591,7 +592,8 @@ return GET_TARGET(e)->u.user.name; / Standard target: evaluate / - spos = (int )GET_TARGET(e)->data; + data = GET_TARGET(e)->data; + spos = (const int )data; if (spos < 0) { if (spos == RETURN) return LABEL_RETURN; @@ -1246,7 +1248,6 @@ unsigned int rulenum, TC_HANDLE_T handle) { - STRUCT_ENTRY e; struct chain_cache c; unsigned int chainindex, end; @@ -1266,8 +1267,6 @@ return 0; } - e = index2entry(handle, chainindex + rulenum); - if ((handle)->counter_map[chainindex + rulenum].maptype == COUNTER_MAP_NORMAL_MAP) { (*handle)->counter_map[chainindex + rulenum].maptype