Hello community, here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2020-11-21 12:43:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old) and /work/SRC/openSUSE:Factory/.xtables-addons.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtables-addons" Sat Nov 21 12:43:01 2020 rev:69 rq:849494 version:3.12 Changes: -------- --- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes 2020-09-17 15:08:22.076910955 +0200 +++ /work/SRC/openSUSE:Factory/.xtables-addons.new.5913/xtables-addons.changes 2020-11-23 10:54:20.402833295 +0100 @@ -1,0 +2,6 @@ +Thu Nov 19 21:24:50 UTC 2020 - Jan Engelhardt <[email protected]> + +- Update to release 3.12 + * Support for Linux 5.10 and the API/ABI change in 5.9.9 + +------------------------------------------------------------------- Old: ---- xtables-addons-3.11.tar.asc xtables-addons-3.11.tar.xz New: ---- xtables-addons-3.12.tar.asc xtables-addons-3.12.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xtables-addons.spec ++++++ --- /var/tmp/diff_new_pack.1DhuHG/_old 2020-11-23 10:54:21.014833907 +0100 +++ /var/tmp/diff_new_pack.1DhuHG/_new 2020-11-23 10:54:21.018833911 +0100 @@ -17,7 +17,7 @@ Name: xtables-addons -Version: 3.11 +Version: 3.12 Release: 0 Summary: IP Packet Filter Administration Extensions License: GPL-2.0-only AND GPL-2.0-or-later @@ -96,7 +96,7 @@ %postun -p /sbin/ldconfig %files -%_bindir/xt_geoip_fetch +%_bindir/xt_geoip_fetch* %_mandir/man*/* %_sbindir/* %_libdir/*.so.* ++++++ xtables-addons-3.11.tar.xz -> xtables-addons-3.12.tar.xz ++++++ ++++ 1880 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/configure.ac new/xtables-addons-3.12/configure.ac --- old/xtables-addons-3.11/configure.ac 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/configure.ac 2020-11-19 22:11:19.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([xtables-addons], [3.11]) +AC_INIT([xtables-addons], [3.12]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) @@ -57,7 +57,7 @@ echo "WARNING: Version detection did not succeed. Continue at own luck."; else echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; - if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 9; then + if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 10; then echo "WARNING: That kernel version is not officially supported yet. Continue at own luck."; elif test "$kmajor" -eq 5 -a "$kminor" -ge 0; then : diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/doc/changelog.txt new/xtables-addons-3.12/doc/changelog.txt --- old/xtables-addons-3.11/doc/changelog.txt 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/doc/changelog.txt 2020-11-19 22:11:19.000000000 +0100 @@ -1,3 +1,9 @@ +v3.12 (2020-11-19) +================== +- Support for Linux 5.10 and 5.9.9 API + (changes to ip_route_me_harder there) + + v3.11 (2020-09-06) ================== - Support for up to Linux 5.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/ACCOUNT/libxt_ACCOUNT_cl.c new/xtables-addons-3.12/extensions/ACCOUNT/libxt_ACCOUNT_cl.c --- old/xtables-addons-3.11/extensions/ACCOUNT/libxt_ACCOUNT_cl.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/ACCOUNT/libxt_ACCOUNT_cl.c 2020-11-19 22:11:19.000000000 +0100 @@ -34,7 +34,8 @@ // 4096 bytes default buffer should save us from reallocations // as it fits 200 concurrent active clients - if ((ctx->data = malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { + ctx->data = malloc(IPT_ACCOUNT_MIN_BUFSIZE); + if (ctx->data == NULL) { close(ctx->sockfd); ctx->sockfd = -1; ctx->error_str = "Out of memory for data buffer"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/ACCOUNT/xt_ACCOUNT.c new/xtables-addons-3.12/extensions/ACCOUNT/xt_ACCOUNT.c --- old/xtables-addons-3.11/extensions/ACCOUNT/xt_ACCOUNT.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/ACCOUNT/xt_ACCOUNT.c 2020-11-19 22:11:19.000000000 +0100 @@ -187,24 +187,22 @@ { unsigned int i; - pr_debug("ACCOUNT: ipt_acc_table_insert: %s, %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ip), NIPQUAD(netmask)); + pr_debug("ACCOUNT: ipt_acc_table_insert: %s, %pI4/%pI4\n", + name, &ip, &netmask); /* Look for existing table */ for (i = 0; i < max_tables_limit; i++) { if (strncmp(ipt_acc_tables[i].name, name, ACCOUNT_TABLE_NAME_LEN) == 0) { - pr_debug("ACCOUNT: Found existing slot: %d - " - "%u.%u.%u.%u/%u.%u.%u.%u\n", i, - NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + pr_debug("ACCOUNT: Found existing slot: %d - %pI4/%pI4\n", + i, &ipt_acc_tables[i].ip, &ipt_acc_tables[i].netmask); if (ipt_acc_tables[i].ip != ip || ipt_acc_tables[i].netmask != netmask) { printk("ACCOUNT: Table %s found, but IP/netmask mismatch. " - "IP/netmask found: %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + "IP/netmask found: %pI4/%pI4\n", + name, &ipt_acc_tables[i].ip, + &ipt_acc_tables[i].netmask); return -1; } @@ -343,9 +341,8 @@ /* Check if this entry is new */ bool is_src_new_ip = false, is_dst_new_ip = false; - pr_debug("ACCOUNT: ipt_acc_depth0_insert: %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u, size: %u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask), size); + pr_debug("ACCOUNT: ipt_acc_depth0_insert: %pI4/%pI4 for net %pI4/%pI4," + " size: %u\n", &src_ip, &dst_ip, &net_ip, &netmask, size); /* Check if src/dst is inside our network. */ /* Special: net_ip = 0.0.0.0/0 gets stored as src in slot 0 */ @@ -357,9 +354,8 @@ is_dst = true; if (!is_src && !is_dst) { - pr_debug("ACCOUNT: Skipping packet %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask)); + pr_debug("ACCOUNT: Skipping packet %pI4/%pI4 for net %pI4/%pI4\n", + &src_ip, &dst_ip, &net_ip, &netmask); return; } @@ -398,11 +394,11 @@ } } else { if (is_src_new_ip) { - pr_debug("ACCOUNT: New src_ip: %u.%u.%u.%u\n", NIPQUAD(src_ip)); + pr_debug("ACCOUNT: New src_ip: %pI4\n", &src_ip); ++*itemcount; } if (is_dst_new_ip) { - pr_debug("ACCOUNT: New dst_ip: %u.%u.%u.%u\n", NIPQUAD(dst_ip)); + pr_debug("ACCOUNT: New dst_ip: %pI4\n", &dst_ip); ++*itemcount; } } @@ -501,8 +497,7 @@ if (ipt_acc_tables[info->table_nr].name[0] == 0) { printk("ACCOUNT: ipt_acc_target: Invalid table id %u. " - "IPs %u.%u.%u.%u/%u.%u.%u.%u\n", info->table_nr, - NIPQUAD(src_ip), NIPQUAD(dst_ip)); + "IPs %pI4/%pI4\n", info->table_nr, &src_ip, &dst_ip); spin_unlock_bh(&ian->ipt_acc_lock); return XT_CONTINUE; } @@ -541,10 +536,8 @@ return XT_CONTINUE; } - printk("ACCOUNT: ipt_acc_target: Unable to process packet. " - "Table id %u. IPs %u.%u.%u.%u/%u.%u.%u.%u\n", - info->table_nr, NIPQUAD(src_ip), NIPQUAD(dst_ip)); - + printk("ACCOUNT: ipt_acc_target: Unable to process packet. Table id " + "%u. IPs %pI4/%pI4\n", info->table_nr, &src_ip, &dst_ip); spin_unlock_bh(&ian->ipt_acc_lock); return XT_CONTINUE; } @@ -627,7 +620,8 @@ dest->itemcount = ipt_acc_tables[table_nr].itemcount; /* allocate "root" table */ - if ((dest->data = ipt_acc_zalloc_page()) == NULL) { + dest->data = ipt_acc_zalloc_page(); + if (dest->data == NULL) { printk("ACCOUNT: out of memory for root table " "in ipt_acc_handle_prepare_read()\n"); return -1; @@ -725,7 +719,8 @@ } /* Try to allocate memory */ - if (!(new_data_page = ipt_acc_zalloc_page())) { + new_data_page = ipt_acc_zalloc_page(); + if (new_data_page == NULL) { printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): " "Out of memory!\n"); return -1; @@ -979,7 +974,8 @@ /* Allocate a userspace handle */ down(&ian->ipt_acc_userspace_mutex); - if ((handle.handle_nr = ipt_acc_handle_find_slot(ian->ipt_acc_handles)) == -1) { + handle.handle_nr = ipt_acc_handle_find_slot(ian->ipt_acc_handles); + if (handle.handle_nr == -1) { ipt_acc_data_free(dest.data, dest.depth); up(&ian->ipt_acc_userspace_mutex); return -EINVAL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/compat_xtables.h new/xtables-addons-3.12/extensions/compat_xtables.h --- old/xtables-addons-3.11/extensions/compat_xtables.h 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/compat_xtables.h 2020-11-19 22:11:19.000000000 +0100 @@ -21,25 +21,11 @@ # warning You need CONFIG_NF_CONNTRACK. #endif -#if !defined(NIP6) && !defined(NIP6_FMT) -# define NIP6(addr) \ - ntohs((addr).s6_addr16[0]), \ - ntohs((addr).s6_addr16[1]), \ - ntohs((addr).s6_addr16[2]), \ - ntohs((addr).s6_addr16[3]), \ - ntohs((addr).s6_addr16[4]), \ - ntohs((addr).s6_addr16[5]), \ - ntohs((addr).s6_addr16[6]), \ - ntohs((addr).s6_addr16[7]) -# define NIP6_FMT "%04hx:%04hx:%04hx:%04hx:%04hx:%04hx:%04hx:%04hx" -#endif -#if !defined(NIPQUAD) && !defined(NIPQUAD_FMT) -# define NIPQUAD(addr) \ - ((const unsigned char *)&addr)[0], \ - ((const unsigned char *)&addr)[1], \ - ((const unsigned char *)&addr)[2], \ - ((const unsigned char *)&addr)[3] -# define NIPQUAD_FMT "%hhu.%hhu.%hhu.%hhu" +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0) || \ + LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 9) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 10, 0) +#else +# define ip_route_me_harder(xnet, xsk, xskb, xaddrtype) ip_route_me_harder((xnet), (xskb), (xaddrtype)) +# define ip6_route_me_harder(xnet, xsk, xskb) ip6_route_me_harder((xnet), (xskb)) #endif static inline struct net *par_net(const struct xt_action_param *par) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/libxt_geoip.c new/xtables-addons-3.12/extensions/libxt_geoip.c --- old/xtables-addons-3.11/extensions/libxt_geoip.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/libxt_geoip.c 2020-11-19 22:11:19.000000000 +0100 @@ -75,7 +75,6 @@ void *subnets; struct stat sb; char buf[256]; - int fd; #if __BYTE_ORDER == __LITTLE_ENDIAN unsigned int n; #endif @@ -86,7 +85,8 @@ else snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/%s.iv4", code); - if ((fd = open(buf, O_RDONLY)) < 0) { + int fd = open(buf, O_RDONLY); + if (fd < 0) { fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno)); xtables_error(OTHER_PROBLEM, "Could not read geoip database"); } @@ -203,7 +203,8 @@ next = strchr(cp, ','); if (next) *next++ = '\0'; - if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) { + cctmp = check_geoip_cc(cp, cc, count); + if (cctmp != 0) { if ((mem[count++].user = (unsigned long)geoip_load_cc(cp, cctmp, nfproto)) == 0) xtables_error(OTHER_PROBLEM, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/Makefile.am new/xtables-addons-3.12/extensions/pknock/Makefile.am --- old/xtables-addons-3.11/extensions/pknock/Makefile.am 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/pknock/Makefile.am 2020-11-19 22:11:19.000000000 +0100 @@ -6,3 +6,4 @@ include ../../Makefile.extra sbin_PROGRAMS = pknlusr +dist_man_MANS = pknlusr.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/libxt_pknock.c new/xtables-addons-3.12/extensions/pknock/libxt_pknock.c --- old/xtables-addons-3.11/extensions/pknock/libxt_pknock.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/pknock/libxt_pknock.c 2020-11-19 22:11:19.000000000 +0100 @@ -11,7 +11,6 @@ #include <stdio.h> #include <string.h> #include <stdlib.h> - #include <xtables.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4/ip_tables.h> @@ -70,7 +69,6 @@ if (cp != NULL) xtables_error(PARAMETER_PROBLEM, "too many ports specified"); - free(buffer); return i; } @@ -91,12 +89,11 @@ static const char * check_proto(uint16_t pnum, uint8_t invflags) { - char *proto; - if (invflags & XT_INV_PROTO) xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP."); - if ((proto = proto_to_name(pnum)) != NULL) + const char *proto = proto_to_name(pnum); + if (proto != NULL) return proto; else if (pnum == 0) xtables_error(PARAMETER_PROBLEM, PKNOCK "needs `-p tcp' or `-p udp'"); @@ -123,7 +120,7 @@ info->ports_count = parse_ports(optarg, info->port, proto); info->option |= XT_PKNOCK_KNOCKPORT; *flags |= XT_PKNOCK_KNOCKPORT; -#if DEBUG +#ifdef DEBUG printf("ports_count: %d\n", info->ports_count); #endif break; @@ -162,7 +159,7 @@ info->rule_name_len = strlen(info->rule_name); info->option |= XT_PKNOCK_NAME; *flags |= XT_PKNOCK_NAME; -#if DEBUG +#ifdef DEBUG printf("info->rule_name: %s\n", info->rule_name); #endif break; @@ -213,7 +210,6 @@ if (invert) xtables_error(PARAMETER_PROBLEM, PKNOCK "does not support invert."); - return 1; } @@ -267,7 +263,7 @@ } static void pknock_mt_print(const void *ip, - const struct xt_entry_match *match, int numeric) + const struct xt_entry_match *match, int numeric) { const struct xt_pknock_mtinfo *info = (void *)match->data; int i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/pknlusr.8 new/xtables-addons-3.12/extensions/pknock/pknlusr.8 --- old/xtables-addons-3.11/extensions/pknock/pknlusr.8 1970-01-01 01:00:00.000000000 +0100 +++ new/xtables-addons-3.12/extensions/pknock/pknlusr.8 2020-11-19 22:11:19.000000000 +0100 @@ -0,0 +1,18 @@ +.TH pknlusr 8 "2020-10-22" "xtables-addons" "xtables-addons" +.SH NAME +.PP +pknlusr \(em userspace monitor for successful xt_pknock matches +.SH Synopsis +.PP +\fBpknlusr\fP [\fIgroup-id\fP] +.SH Description +\fIxt_pknock\fP is an xtables match extension that implements so-called \fIport +knocking\fP. It can be configured to send information about each successful +match via a netlink socket to userspace. \fBpknluser\fP listens for these +notifications. +.PP +By default, \fBpknlusr\fP listens for messages sent to netlink multicast group +1. Another group ID may be passed as a command-line argument. +.SH See also +.PP +xtables-addons(8) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/pknlusr.c new/xtables-addons-3.12/extensions/pknock/pknlusr.c --- old/xtables-addons-3.11/extensions/pknock/pknlusr.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/pknock/pknlusr.c 2020-11-19 22:11:19.000000000 +0100 @@ -7,85 +7,94 @@ #include <arpa/inet.h> #include <linux/netlink.h> #include <linux/connector.h> +#include <errno.h> +#include <libgen.h> +#include <limits.h> #include "xt_pknock.h" -#define GROUP 1 +#define DEFAULT_GROUP_ID 1 +#define MIN_GROUP_ID DEFAULT_GROUP_ID +#define MAX_GROUP_ID \ + (sizeof((struct sockaddr_nl){0}.nl_groups) * CHAR_BIT) -static struct sockaddr_nl src_addr, dest_addr; -static int sock_fd; - -static unsigned char *buf; - -static struct xt_pknock_nl_msg *nlmsg; - -int main(void) +int main(int argc, char **argv) { - socklen_t addrlen; int status; - int group = GROUP; - - int buf_size; + unsigned int group_id = DEFAULT_GROUP_ID; + struct sockaddr_nl local_addr = {.nl_family = AF_NETLINK}; + int sock_fd; + size_t nlmsg_size; + struct nlmgrhdr *nlmsg; + struct cn_msg *cn_msg; + struct xt_pknock_nl_msg *pknock_msg; + + if (argc > 2) { + char *prog = strdup(argv[0]); + if (prog == NULL) { + perror("strdup()"); + } else { + fprintf(stderr, "%s [ group-id ]\n", basename(prog)); + free(prog); + } + exit(EXIT_FAILURE); + } - const char *ip; - char ipbuf[48]; + if (argc == 2) { + long n; + char *end; + + errno = 0; + n = strtol(argv[1], &end, 10); + if (*end || (errno && (n == LONG_MIN || n == LONG_MAX)) || + n < MIN_GROUP_ID || n > MAX_GROUP_ID) { + fputs("Group ID invalid.\n", stderr); + exit(EXIT_FAILURE); + } + group_id = n; + } sock_fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); - if (sock_fd == -1) { perror("socket()"); - return 1; + exit(EXIT_FAILURE); } - memset(&src_addr, 0, sizeof(src_addr)); - src_addr.nl_family = AF_NETLINK; - src_addr.nl_pid = getpid(); - src_addr.nl_groups = group; - - status = bind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr)); - + local_addr.nl_groups = 1U << (group_id - 1); + status = bind(sock_fd, (struct sockaddr *)&local_addr, sizeof(local_addr)); if (status == -1) { - close(sock_fd); perror("bind()"); - return 1; + goto err_close_sock; } - memset(&dest_addr, 0, sizeof(dest_addr)); - dest_addr.nl_family = AF_NETLINK; - dest_addr.nl_pid = 0; - dest_addr.nl_groups = group; - - buf_size = sizeof(struct xt_pknock_nl_msg) + sizeof(struct cn_msg) + sizeof(struct nlmsghdr); - buf = malloc(buf_size); - - if (!buf) { + nlmsg_size = NLMSG_SPACE(sizeof(*cn_msg) + sizeof(*pknock_msg)); + nlmsg = malloc(nlmsg_size); + if (!nlmsg) { perror("malloc()"); - return 1; + goto err_close_sock; } - addrlen = sizeof(dest_addr); - while(1) { + const char *ip; + char ipbuf[INET_ADDRSTRLEN]; - memset(buf, 0, buf_size); - - status = recvfrom(sock_fd, buf, buf_size, 0, (struct sockaddr *)&dest_addr, &addrlen); - - if (status <= 0) { - perror("recvfrom()"); - return 1; + memset(nlmsg, 0, nlmsg_size); + status = recv(sock_fd, nlmsg, nlmsg_size, 0); + if (status < 0) { + perror("recv()"); + goto err_free_msg; } - - nlmsg = (struct xt_pknock_nl_msg *) (buf + sizeof(struct cn_msg) + sizeof(struct nlmsghdr)); - - ip = inet_ntop(AF_INET, &nlmsg->peer_ip, ipbuf, sizeof(ipbuf)); - printf("rule_name: %s - ip %s\n", nlmsg->rule_name, ip); - + if (status == 0) + break; + cn_msg = NLMSG_DATA(nlmsg); + pknock_msg = (struct xt_pknock_nl_msg *)(cn_msg->data); + ip = inet_ntop(AF_INET, &pknock_msg->peer_ip, ipbuf, sizeof(ipbuf)); + printf("rule_name: %s - ip %s\n", pknock_msg->rule_name, ip); } +err_free_msg: + free(nlmsg); +err_close_sock: close(sock_fd); - - free(buf); - - return 0; + exit(status == -1 ? EXIT_FAILURE : EXIT_SUCCESS); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/xt_pknock.c new/xtables-addons-3.12/extensions/pknock/xt_pknock.c --- old/xtables-addons-3.11/extensions/pknock/xt_pknock.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/pknock/xt_pknock.c 2020-11-19 22:11:19.000000000 +0100 @@ -90,21 +90,15 @@ #define hashtable_for_each_safe(pos, n, head, size, i) \ for ((i) = 0; (i) < (size); ++(i)) \ list_for_each_safe((pos), (n), (&head[(i)])) - -#define pk_debug(msg, peer) pr_debug( \ - "(S) peer: " NIPQUAD_FMT " - %s.\n", \ - NIPQUAD((peer)->ip), msg) +#define pk_debug(msg, peer) pr_debug("(S) peer: %pI4 - %s.\n", &((peer)->ip), msg) static uint32_t ipt_pknock_hash_rnd; - static unsigned int rule_hashsize = DEFAULT_RULE_HASH_SIZE; static unsigned int peer_hashsize = DEFAULT_PEER_HASH_SIZE; static unsigned int gc_expir_time = DEFAULT_GC_EXPIRATION_TIME; static int nl_multicast_group = -1; - static struct list_head *rule_hashtable; static struct proc_dir_entry *pde; - static DEFINE_SPINLOCK(list_lock); static struct { @@ -159,7 +153,6 @@ return NULL; for (i = 0; i < size; ++i) INIT_LIST_HEAD(&hash[i]); - return hash; } @@ -191,10 +184,8 @@ const struct xt_pknock_rule *rule = s->private; spin_lock_bh(&list_lock); - if (*pos >= peer_hashsize) return NULL; - return rule->peer_head + *pos; } @@ -212,7 +203,6 @@ ++*pos; if (*pos >= peer_hashsize) return NULL; - return rule->peer_head + *pos; } @@ -238,13 +228,11 @@ const struct peer *peer; unsigned long time; const struct list_head *peer_head = v; - const struct xt_pknock_rule *rule = s->private; list_for_each_safe(pos, n, peer_head) { peer = list_entry(pos, struct peer, head); - - seq_printf(s, "src=" NIPQUAD_FMT " ", NIPQUAD(peer->ip)); + seq_printf(s, "src=%pI4 ", &peer->ip); seq_printf(s, "proto=%s ", (peer->proto == IPPROTO_TCP) ? "TCP" : "UDP"); seq_printf(s, "status=%s ", status_itoa(peer->status)); @@ -311,7 +299,6 @@ { if (timer_pending(&rule->timer)) del_timer(&rule->timer); - rule->timer.expires = jiffies + msecs_to_jiffies(gc_expir_time); add_timer(&rule->timer); } @@ -433,7 +420,6 @@ list_for_each_safe(pos, n, &rule_hashtable[hash]) { rule = list_entry(pos, struct xt_pknock_rule, head); - if (!rulecmp(info, rule)) continue; ++rule->ref_count; @@ -442,7 +428,6 @@ rule->max_time = info->max_time; rule->autoclose_time = info->autoclose_time; } - if (info->option & XT_PKNOCK_CHECKIP) pr_debug("add_rule() (AC) rule found: %s - " "ref_count: %d\n", @@ -450,16 +435,13 @@ return true; } - rule = kmalloc(sizeof(*rule), GFP_KERNEL); + rule = kzalloc(sizeof(*rule), GFP_KERNEL); if (rule == NULL) return false; INIT_LIST_HEAD(&rule->head); - - memset(rule->rule_name, 0, sizeof(rule->rule_name)); strncpy(rule->rule_name, info->rule_name, info->rule_name_len); rule->rule_name_len = info->rule_name_len; - rule->ref_count = 1; rule->max_time = info->max_time; rule->autoclose_time = info->autoclose_time; @@ -502,7 +484,6 @@ list_for_each_safe(pos, n, &rule_hashtable[hash]) { rule = list_entry(pos, struct xt_pknock_rule, head); - if (rulecmp(info, rule)) { found = 1; rule->ref_count--; @@ -528,7 +509,6 @@ pr_debug("(D) rule deleted: %s.\n", rule->rule_name); if (timer_pending(&rule->timer)) del_timer(&rule->timer); - list_del(&rule->head); kfree(rule->peer_head); kfree(rule); @@ -548,7 +528,6 @@ unsigned int hash; hash = pknock_hash(&ip, sizeof(ip), ipt_pknock_hash_rnd, peer_hashsize); - list_for_each_safe(pos, n, &rule->peer_head[hash]) { peer = list_entry(pos, struct peer, head); if (peer->ip == ip) @@ -582,14 +561,12 @@ if (peer == NULL) return NULL; - INIT_LIST_HEAD(&peer->head); peer->ip = ip; peer->proto = proto; peer->timestamp = jiffies/HZ; peer->login_sec = 0; reset_knock_status(peer); - return peer; } @@ -677,21 +654,17 @@ msg_to_userspace_nl(const struct xt_pknock_mtinfo *info, const struct peer *peer, int multicast_group) { -#if defined(CONFIG_CONNECTOR) || defined(CONFIG_CONNECTOR_MODULE) +#if IS_ENABLED(CONFIG_CONNECTOR) struct cn_msg *m; struct xt_pknock_nl_msg msg; - m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC); + m = kzalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC); if (m == NULL) return false; - - memset(m, 0, sizeof(*m) + sizeof(msg)); - m->seq = 0; m->len = sizeof(msg); msg.peer_ip = peer->ip; scnprintf(msg.rule_name, info->rule_name_len + 1, info->rule_name); - memcpy(m + 1, &msg, m->len); cn_netlink_send(m, 0, multicast_group, GFP_ATOMIC); kfree(m); @@ -731,7 +704,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc, const unsigned char *payload, unsigned int payload_len) { - char result[64]; // 64 bytes * 8 = 512 bits + char result[64] = ""; // 64 bytes * 8 = 512 bits char *hexresult; unsigned int hexa_size; int ret; @@ -751,14 +724,9 @@ /* + 1 cause we MUST add NULL in the payload */ if (payload_len != hexa_size + 1) return false; - - hexresult = kmalloc(hexa_size, GFP_ATOMIC); + hexresult = kzalloc(hexa_size, GFP_ATOMIC); if (hexresult == NULL) return false; - - memset(result, 0, sizeof(result)); - memset(hexresult, 0, hexa_size); - epoch_min = get_seconds() / 60; ret = crypto_shash_setkey(crypto.tfm, secret, secret_len); @@ -778,14 +746,11 @@ printk("crypto_shash_update/final() failed ret=%d\n", ret); goto out; } - crypt_to_hex(hexresult, result, crypto.size); - if (memcmp(hexresult, payload, hexa_size) != 0) pr_debug("secret match failed\n"); else fret = true; - out: kfree(hexresult); return fret; @@ -817,7 +782,6 @@ info->open_secret_len, peer->ip, payload, payload_len)) return true; - return false; } @@ -844,7 +808,6 @@ /* Peer must start the sequence from scratch. */ if (info->option & XT_PKNOCK_STRICT) remove_peer(peer); - return false; } @@ -852,25 +815,20 @@ if (info->option & XT_PKNOCK_OPENSECRET ) { if (hdr->proto != IPPROTO_UDP && hdr->proto != IPPROTO_UDPLITE) return false; - if (!pass_security(peer, info, hdr->payload, hdr->payload_len)) return false; } /* Update the gc timer when there is a state change. */ update_rule_gc_timer(rule); - ++peer->accepted_knock_count; if (is_last_knock(peer, info)) { peer->status = ST_ALLOWED; - pk_debug("ALLOWED", peer); peer->login_sec = get_seconds(); - if (nl_multicast_group > 0) msg_to_userspace_nl(info, peer, nl_multicast_group); - return true; } @@ -947,7 +905,6 @@ switch (hdr.proto) { case IPPROTO_TCP: break; - case IPPROTO_UDP: case IPPROTO_UDPLITE: hdr_len = (iph->ihl * 4) + sizeof(struct udphdr); @@ -969,12 +926,10 @@ /* Gives the peer matching status added to rule depending on ip src. */ peer = get_peer(rule, iph->saddr); - if (info->option & XT_PKNOCK_CHECKIP) { ret = is_allowed(peer); goto out; } - if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_UDPLITE) { hdr.payload = (void *)iph + hdr_len; hdr.payload_len = skb->len - hdr_len; @@ -982,7 +937,8 @@ /* Sets, updates, removes or checks the peer matching status. */ if (info->option & XT_PKNOCK_KNOCKPORT) { - if ((ret = is_allowed(peer))) { + ret = is_allowed(peer); + if (ret != 0) { if (info->option & XT_PKNOCK_CLOSESECRET && (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_UDPLITE)) @@ -1000,10 +956,8 @@ peer = new_peer(iph->saddr, iph->protocol); add_peer(peer, rule); } - if (peer == NULL) goto out; - update_peer(peer, info, rule, &hdr); } @@ -1023,7 +977,7 @@ return ret; } -#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return -EINVAL; } while (false) +#define RETURN_ERR(err) do { pr_err(err); return -EINVAL; } while (false) static int pknock_mt_check(const struct xt_mtchk_param *par) { @@ -1073,11 +1027,9 @@ memcmp(info->open_secret, info->close_secret, info->open_secret_len) == 0) RETURN_ERR("opensecret & closesecret cannot be equal.\n"); - if (!add_rule(info)) /* should ENOMEM here */ RETURN_ERR("add_rule() error in checkentry() function.\n"); - return 0; } @@ -1101,7 +1053,7 @@ static int __init xt_pknock_mt_init(void) { -#if !defined(CONFIG_CONNECTOR) && !defined(CONFIG_CONNECTOR_MODULE) +#if !IS_ENABLED(CONFIG_CONNECTOR) if (nl_multicast_group != -1) pr_info("CONFIG_CONNECTOR not present; " "netlink messages disabled\n"); @@ -1110,14 +1062,14 @@ if (gc_expir_time < DEFAULT_GC_EXPIRATION_TIME) gc_expir_time = DEFAULT_GC_EXPIRATION_TIME; if (request_module(crypto.algo) < 0) { - printk(KERN_ERR PKNOCK "request_module('%s') error.\n", + pr_err("request_module('%s') error.\n", crypto.algo); return -ENXIO; } crypto.tfm = crypto_alloc_shash(crypto.algo, 0, 0); if (IS_ERR(crypto.tfm)) { - printk(KERN_ERR PKNOCK "failed to load transform for %s\n", + pr_err("failed to load transform for %s\n", crypto.algo); return PTR_ERR(crypto.tfm); } @@ -1127,7 +1079,7 @@ pde = proc_mkdir("xt_pknock", init_net.proc_net); if (pde == NULL) { - printk(KERN_ERR PKNOCK "proc_mkdir() error in _init().\n"); + pr_err("proc_mkdir() error in _init().\n"); return -ENXIO; } return xt_register_match(&xt_pknock_mt_reg); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/pknock/xt_pknock.h new/xtables-addons-3.12/extensions/pknock/xt_pknock.h --- old/xtables-addons-3.11/extensions/pknock/xt_pknock.h 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/pknock/xt_pknock.h 2020-11-19 22:11:19.000000000 +0100 @@ -29,8 +29,6 @@ XT_PKNOCK_MAX_PASSWD_LEN = 31, }; -#define DEBUG 1 - struct xt_pknock_mtinfo { char rule_name[XT_PKNOCK_MAX_BUF_LEN+1]; uint32_t rule_name_len; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_CHAOS.c new/xtables-addons-3.12/extensions/xt_CHAOS.c --- old/xtables-addons-3.11/extensions/xt_CHAOS.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_CHAOS.c 2020-11-19 22:11:19.000000000 +0100 @@ -171,7 +171,8 @@ printk(KERN_WARNING PFX "Warning: Could not find or load " "\"DELUDE\" target\n"); - if ((ret = xt_register_target(&chaos_tg_reg)) != 0) { + ret = xt_register_target(&chaos_tg_reg); + if (ret != 0) { printk(KERN_WARNING PFX "xt_register_target returned " "error %d\n", ret); goto out3; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_DELUDE.c new/xtables-addons-3.12/extensions/xt_DELUDE.c --- old/xtables-addons-3.11/extensions/xt_DELUDE.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_DELUDE.c 2020-11-19 22:11:19.000000000 +0100 @@ -121,8 +121,7 @@ /* ip_route_me_harder expects skb->dst to be set */ skb_dst_set(nskb, dst_clone(skb_dst(oldskb))); - - if (ip_route_me_harder(net, nskb, addr_type)) + if (ip_route_me_harder(net, nskb->sk, nskb, addr_type)) goto free_nskb; else niph = ip_hdr(nskb); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_DNETMAP.c new/xtables-addons-3.12/extensions/xt_DNETMAP.c --- old/xtables-addons-3.11/extensions/xt_DNETMAP.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_DNETMAP.c 2020-11-19 22:11:19.000000000 +0100 @@ -66,14 +66,8 @@ static unsigned int jtimeout; struct dnetmap_entry { - struct list_head list; - /* priv2entry */ - struct list_head glist; - /* pub2entry */ - struct list_head grlist; - struct list_head lru_list; - __be32 prenat_addr; - __be32 postnat_addr; + struct list_head list, glist, grlist, lru_list; + __be32 prenat_addr, postnat_addr; __u8 flags; unsigned long stamp; struct dnetmap_prefix *prefix; @@ -83,8 +77,7 @@ struct nf_nat_range prefix; char prefix_str[20]; #ifdef CONFIG_PROC_FS - char proc_str_data[20]; - char proc_str_stat[25]; + char proc_str_data[20], proc_str_stat[25]; #endif struct list_head elist; // element list head struct list_head list; // prefix list @@ -127,9 +120,7 @@ dnetmap_entry_lookup(struct dnetmap_net *dnetmap_net, const __be32 addr) { struct dnetmap_entry *e; - unsigned int h; - - h = dnetmap_entry_hash(addr); + unsigned int h = dnetmap_entry_hash(addr); list_for_each_entry(e, &dnetmap_net->dnetmap_iphash[h], glist) if (memcmp(&e->prenat_addr, &addr, sizeof(addr)) == 0) @@ -141,9 +132,7 @@ dnetmap_entry_rlookup(struct dnetmap_net *dnetmap_net, const __be32 addr) { struct dnetmap_entry *e; - unsigned int h; - - h = dnetmap_entry_hash(addr); + unsigned int h = dnetmap_entry_hash(addr); list_for_each_entry(e, &dnetmap_net->dnetmap_iphash[hash_size + h], grlist) @@ -293,12 +282,12 @@ ip_min = ntohl(mr->min_addr.ip) + (whole_prefix == 0); ip_max = ntohl(mr->max_addr.ip) - (whole_prefix == 0); - sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip), + sprintf(p->prefix_str, "%pI4/%u", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); #ifdef CONFIG_PROC_FS - sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->min_addr.ip), + sprintf(p->proc_str_data, "%pI4_%u", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); - sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->min_addr.ip), + sprintf(p->proc_str_stat, "%pI4_%u_stat", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); #endif printk(KERN_INFO KBUILD_MODNAME ": new prefix %s\n", p->prefix_str); @@ -358,7 +347,6 @@ { struct net *net = dev_net(par->state->in ? par->state->in : par->state->out); struct dnetmap_net *dnetmap_net = dnetmap_pernet(net); - struct nf_conn *ct; enum ip_conntrack_info ctinfo; __be32 prenat_ip, postnat_ip, prenat_ip_prev; const struct xt_DNETMAP_tginfo *tginfo = par->targinfo; @@ -370,11 +358,9 @@ #endif struct dnetmap_entry *e; struct dnetmap_prefix *p; - __s32 jttl; unsigned int hooknum = par->state->hook; - ct = nf_ct_get(skb, &ctinfo); - - jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout; + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); + __s32 jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout; /* in prerouting we try to map postnat-ip to prenat-ip */ if (hooknum == NF_INET_PRE_ROUTING) { @@ -429,8 +415,8 @@ if (e->prenat_addr != 0 && time_before(jiffies, e->stamp)) { if (!disable_log && ! (p->flags & XT_DNETMAP_FULL) ){ printk(KERN_INFO KBUILD_MODNAME - ": ip " NIPQUAD_FMT " - no free adresses in prefix %s\n", - NIPQUAD(prenat_ip), p->prefix_str); + ": ip %pI4 - no free adresses in prefix %s\n", + &prenat_ip, p->prefix_str); p->flags |= XT_DNETMAP_FULL; } goto no_free_ip; @@ -443,8 +429,8 @@ prenat_ip_prev = e->prenat_addr; if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(prenat_ip_prev), NIPQUAD(postnat_ip) ); + ": timeout binding %pI4 -> %pI4\n", + &prenat_ip_prev, &postnat_ip); list_del(&e->glist); list_del(&e->grlist); } @@ -461,18 +447,16 @@ (postnat_ip)]); if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": add binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(prenat_ip),NIPQUAD(postnat_ip)); - + ": add binding %pI4 -> %pI4\n", + &prenat_ip, &postnat_ip); } else { if (!(tginfo->flags & XT_DNETMAP_REUSE) && !(e->flags & XT_DNETMAP_STATIC)) if (time_before(e->stamp, jiffies) && p != e->prefix) { if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), - NIPQUAD(e->postnat_addr)); + ": timeout binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); e->prenat_addr = 0; @@ -571,12 +555,13 @@ const struct dnetmap_entry *e = v; if((e->flags & XT_DNETMAP_STATIC) == 0){ - seq_printf(seq, NIPQUAD_FMT " -> " NIPQUAD_FMT " --- ttl: %d lasthit: %lu\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr), - (int)(e->stamp - jiffies) / HZ, (e->stamp - jtimeout) / HZ); + seq_printf(seq, "%pI4 -> %pI4 --- ttl: %d lasthit: %lu\n", + &e->prenat_addr, &e->postnat_addr, + (int)(e->stamp - jiffies) / HZ, + (e->stamp - jtimeout) / HZ); }else{ - seq_printf(seq, NIPQUAD_FMT " -> " NIPQUAD_FMT " --- ttl: S lasthit: S\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr)); + seq_printf(seq, "%pI4 -> %pI4 --- ttl: S lasthit: S\n", + &e->prenat_addr, &e->postnat_addr); } return 0; } @@ -698,8 +683,8 @@ if(e != NULL){ if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr) ); + ": timeout binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); }else{ @@ -721,7 +706,7 @@ (e->postnat_addr)]); list_del(&e->lru_list); - sprintf(str, NIPQUAD_FMT ":" NIPQUAD_FMT, NIPQUAD(addr1),NIPQUAD(addr2)); + sprintf(str, "%pI4:%pI4", &addr1, &addr2); printk(KERN_INFO KBUILD_MODNAME ": adding static binding %s\n", str); // case of removing binding @@ -737,8 +722,8 @@ if(e != NULL){ if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": remove binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr) ); + ": remove binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); if(e->flags & XT_DNETMAP_STATIC){ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_ECHO.c new/xtables-addons-3.12/extensions/xt_ECHO.c --- old/xtables-addons-3.11/extensions/xt_ECHO.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_ECHO.c 2020-11-19 22:11:19.000000000 +0100 @@ -191,8 +191,7 @@ /* ip_route_me_harder expects the skb's dst to be set */ skb_dst_set(newskb, dst_clone(skb_dst(oldskb))); - - if (ip_route_me_harder(par_net(par), newskb, RTN_UNSPEC) != 0) + if (ip_route_me_harder(par_net(par), newskb->sk, newskb, RTN_UNSPEC) != 0) goto free_nskb; newip->ttl = ip4_dst_hoplimit(skb_dst(newskb)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_SYSRQ.c new/xtables-addons-3.12/extensions/xt_SYSRQ.c --- old/xtables-addons-3.11/extensions/xt_SYSRQ.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_SYSRQ.c 2020-11-19 22:11:19.000000000 +0100 @@ -204,12 +204,11 @@ if (sysrq_debug) printk(KERN_INFO KBUILD_MODNAME - ": " NIPQUAD_FMT ":%u -> :%u len=%u\n", - NIPQUAD(iph->saddr), htons(udph->source), + ": %pI4:%hu -> :%hu len=%u\n", + &iph->saddr, htons(udph->source), htons(udph->dest), len); #ifdef WITH_CRYPTO - sprintf(sysrq_digest_password, NIPQUAD_FMT ",%s", - NIPQUAD(iph->daddr), sysrq_password); + sprintf(sysrq_digest_password, "%pI4,%s", &iph->daddr, sysrq_password); #endif return sysrq_tg((void *)udph + sizeof(struct udphdr), len); } @@ -238,13 +237,11 @@ len = ntohs(udph->len) - sizeof(struct udphdr); if (sysrq_debug) - printk(KERN_INFO KBUILD_MODNAME - ": " NIP6_FMT ":%hu -> :%hu len=%u\n", - NIP6(iph->saddr), ntohs(udph->source), + printk(KERN_INFO KBUILD_MODNAME ": %pI6:%hu -> :%hu len=%u\n", + &iph->saddr, ntohs(udph->source), ntohs(udph->dest), len); #ifdef WITH_CRYPTO - sprintf(sysrq_digest_password, NIP6_FMT ",%s", - NIP6(iph->daddr), sysrq_password); + sprintf(sysrq_digest_password, "%pI6,%s", &iph->daddr, sysrq_password); #endif return sysrq_tg((void *)udph + sizeof(struct udphdr), len); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_TARPIT.c new/xtables-addons-3.12/extensions/xt_TARPIT.c --- old/xtables-addons-3.11/extensions/xt_TARPIT.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_TARPIT.c 2020-11-19 22:11:19.000000000 +0100 @@ -265,7 +265,7 @@ #endif addr_type = RTN_LOCAL; - if (ip_route_me_harder(net, nskb, addr_type)) + if (ip_route_me_harder(net, nskb->sk, nskb, addr_type)) goto free_nskb; else niph = ip_hdr(nskb); @@ -398,8 +398,7 @@ &ipv6_hdr(nskb)->daddr, sizeof(struct tcphdr), IPPROTO_TCP, csum_partial(tcph, sizeof(struct tcphdr), 0)); - - if (ip6_route_me_harder(net, nskb)) + if (ip6_route_me_harder(net, nskb->sk, nskb)) goto free_nskb; nskb->ip_summed = CHECKSUM_NONE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_ipp2p.c new/xtables-addons-3.12/extensions/xt_ipp2p.c --- old/xtables-addons-3.11/extensions/xt_ipp2p.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_ipp2p.c 2020-11-19 22:11:19.000000000 +0100 @@ -857,8 +857,11 @@ p2p_result = matchlist[i].function_name(haystack, hlen); if (p2p_result) { if (info->debug) - printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", - p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen); + printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", + p2p_result, &ip->saddr, + ntohs(tcph->source), + &ip->daddr, + ntohs(tcph->dest), hlen); return p2p_result; } } @@ -888,8 +891,11 @@ p2p_result = udp_list[i].function_name(haystack, hlen); if (p2p_result) { if (info->debug) - printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", - p2p_result, NIPQUAD(ip->saddr), ntohs(udph->source), NIPQUAD(ip->daddr), ntohs(udph->dest), hlen); + printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", + p2p_result, &ip->saddr, + ntohs(udph->source), + &ip->daddr, + ntohs(udph->dest), hlen); return p2p_result; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/extensions/xt_lscan.c new/xtables-addons-3.12/extensions/xt_lscan.c --- old/xtables-addons-3.11/extensions/xt_lscan.c 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/extensions/xt_lscan.c 2020-11-19 22:11:19.000000000 +0100 @@ -184,7 +184,8 @@ return false; /* Check for invalid packets: -m conntrack --ctstate INVALID */ - if ((ctdata = nf_ct_get(skb, &ctstate)) == NULL) { + ctdata = nf_ct_get(skb, &ctstate); + if (ctdata == NULL) { if (info->match_stealth) return lscan_mt_stealth(tcph); /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/geoip/Makefile.am new/xtables-addons-3.12/geoip/Makefile.am --- old/xtables-addons-3.11/geoip/Makefile.am 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/geoip/Makefile.am 2020-11-19 22:11:19.000000000 +0100 @@ -1,7 +1,7 @@ # -*- Makefile -*- -bin_SCRIPTS = xt_geoip_fetch +bin_SCRIPTS = xt_geoip_fetch xt_geoip_fetch_maxmind -pkglibexec_SCRIPTS = xt_geoip_build xt_geoip_dl +pkglibexec_SCRIPTS = xt_geoip_build xt_geoip_build_maxmind xt_geoip_dl xt_geoip_dl_maxmind man1_MANS = xt_geoip_build.1 xt_geoip_dl.1 xt_geoip_fetch.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/geoip/xt_geoip_build_maxmind new/xtables-addons-3.12/geoip/xt_geoip_build_maxmind --- old/xtables-addons-3.11/geoip/xt_geoip_build_maxmind 1970-01-01 01:00:00.000000000 +0100 +++ new/xtables-addons-3.12/geoip/xt_geoip_build_maxmind 2020-11-19 22:11:19.000000000 +0100 @@ -0,0 +1,268 @@ +#!/usr/bin/perl +# +# Converter for MaxMind (GeoLite2) CSV database to binary, for xt_geoip +# Copyright Jan Engelhardt, 2008-2011 +# Copyright Philip Prindeville, 2018 +# +use Getopt::Long; +use Net::CIDR::Lite; +use Socket qw(AF_INET AF_INET6 inet_pton); +use warnings; +use Text::CSV_XS; # or trade for Text::CSV +use strict; + +my $csv = Text::CSV_XS->new({ + allow_whitespace => 1, + binary => 1, + eol => $/, +}); # or Text::CSV +my $source_dir = "."; +my $quiet = 0; +my $target_dir = "."; + +&Getopt::Long::Configure(qw(bundling)); +&GetOptions( + "D=s" => \$target_dir, + "S=s" => \$source_dir, + "q" => \$quiet, + "s" => sub { $target_dir = "/usr/share/xt_geoip"; }, +); + +if (!-d $source_dir) { + print STDERR "Source directory \"$source_dir\" does not exist.\n"; + exit 1; +} +if (!-d $target_dir) { + print STDERR "Target directory \"$target_dir\" does not exist.\n"; + exit 1; +} + +my %countryId; +my %countryName; +&loadCountries(); +&dump(&collect()); + +sub loadCountries +{ + sub id; sub cc; sub long; sub ct; sub cn; + + %countryId = (); + %countryName = (); + + my $file = "$source_dir/GeoLite2-Country-Locations-en.csv"; + open(my $fh, '<', $file) || die "Couldn't open list country names\n"; + + # first line is headers + my $row = $csv->getline($fh); + + my %header = map { ($row->[$_], $_); } (0..$#{$row}); + + my %pairs = ( + country_iso_code => 'ISO Country Code', + geoname_id => 'ID', + country_name => 'Country Name', + continent_code => 'Continent Code', + continent_name => 'Continent Name', + ); + + # verify that the columns we need are present + map { die "Table has no $pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + my %remapping = ( + id => 'geoname_id', + cc => 'country_iso_code', + long => 'country_name', + ct => 'continent_code', + cn => 'continent_name', + ); + + # now create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while (my $row = $csv->getline($fh)) { + if ($row->[cc] eq '' && $row->[long] eq '') { + $countryId{$row->[id]} = $row->[ct]; + $countryName{$row->[ct]} = $row->[cn]; + } else { + $countryId{$row->[id]} = $row->[cc]; + $countryName{$row->[cc]} = $row->[long]; + } + } + + $countryName{A1} = 'Anonymous Proxy'; + $countryName{A2} = 'Satellite Provider'; + $countryName{O1} = 'Other Country'; + + close($fh); + + # clean up the namespace + undef &id; undef &cc; undef &long; undef &ct; undef &cn; +} + +sub lookupCountry +{ + my ($id, $rid, $proxy, $sat) = @_; + + if ($proxy) { + return 'A1'; + } elsif ($sat) { + return 'A2'; + } + $id ||= $rid; + if ($id eq '') { + return 'O1'; + } + die "Unknown id: $id line $.\n" unless (exists $countryId{$id}); + return $countryId{$id}; +} + +sub collect +{ + my ($file, $fh, $row); + my (%country, %header); + + sub net; sub id; sub rid; sub proxy; sub sat; + + my %pairs = ( + network => 'Network', + registered_country_geoname_id => 'Registered Country ID', + geoname_id => 'Country ID', + is_anonymous_proxy => 'Anonymous Proxy', + is_satellite_provider => 'Satellite', + ); + + foreach (sort keys %countryName) { + $country{$_} = { + name => $countryName{$_}, + pool_v4 => Net::CIDR::Lite->new(), + pool_v6 => Net::CIDR::Lite->new(), + }; + } + + $file = "$source_dir/GeoLite2-Country-Blocks-IPv4.csv"; + open($fh, '<', $file) || die "Can't open IPv4 database\n"; + + # first line is headers + $row = $csv->getline($fh); + + %header = map { ($row->[$_], $_); } (0..$#{$row}); + + # verify that the columns we need are present + map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + my %remapping = ( + net => 'network', + id => 'geoname_id', + rid => 'registered_country_geoname_id', + proxy => 'is_anonymous_proxy', + sat => 'is_satellite_provider', + ); + + # now create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while ($row = $csv->getline($fh)) { + my ($cc, $cidr); + + $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); + $cidr = $row->[net]; + $country{$cc}->{pool_v4}->add($cidr); + + if ($. % 4096 == 0) { + print STDERR "\r\e[2K$. entries"; + } + } + + print STDERR "\r\e[2K$. entries total\n"; + + close($fh); + + # clean up the namespace + undef &net; undef &id; undef &rid; undef &proxy; undef &sat; + + $file = "$source_dir/GeoLite2-Country-Blocks-IPv6.csv"; + open($fh, '<', $file) || die "Can't open IPv6 database\n"; + + # first line is headers + $row = $csv->getline($fh); + + %header = map { ($row->[$_], $_); } (0..$#{$row}); + + # verify that the columns we need are present + map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + # unlikely the IPv6 table has different columns, but just to be sure + # create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while ($row = $csv->getline($fh)) { + my ($cc, $cidr); + + $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); + $cidr = $row->[net]; + $country{$cc}->{pool_v6}->add($cidr); + + if (!$quiet && $. % 4096 == 0) { + print STDERR "\r\e[2K$. entries"; + } + } + + print STDERR "\r\e[2K$. entries total\n" unless ($quiet); + + close($fh); + + # clean up the namespace + undef &net; undef &id; undef &rid; undef &proxy; undef &sat; + + return \%country; +} + +sub dump +{ + my $country = shift @_; + + foreach my $iso_code (sort keys %{$country}) { + &dump_one($iso_code, $country->{$iso_code}); + } +} + +sub dump_one +{ + my($iso_code, $country) = @_; + my @ranges; + + @ranges = $country->{pool_v4}->list_range(); + + writeCountry($iso_code, $country->{name}, AF_INET, @ranges); + + @ranges = $country->{pool_v6}->list_range(); + + writeCountry($iso_code, $country->{name}, AF_INET6, @ranges); +} + +sub writeCountry +{ + my ($iso_code, $name, $family, @ranges) = @_; + my $fh; + + printf "%5u IPv%s ranges for %s %s\n", + scalar(@ranges), + ($family == AF_INET ? '4' : '6'), + $iso_code, $name unless ($quiet); + + my $file = "$target_dir/".uc($iso_code).".iv".($family == AF_INET ? '4' : '6'); + if (!open($fh, '>', $file)) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + + binmode($fh); + + foreach my $range (@ranges) { + my ($start, $end) = split('-', $range); + $start = inet_pton($family, $start); + $end = inet_pton($family, $end); + print $fh $start, $end; + } + close $fh; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/geoip/xt_geoip_dl.1 new/xtables-addons-3.12/geoip/xt_geoip_dl.1 --- old/xtables-addons-3.11/geoip/xt_geoip_dl.1 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/geoip/xt_geoip_dl.1 2020-11-19 22:11:19.000000000 +0100 @@ -7,8 +7,9 @@ \fI/usr/libexec/xt_geoip/\fP\fBxt_geoip_dl\fP .SH Description .PP -Downloads and unpacks the MaxMind GeoIP Country Lite databases for IPv4 and -IPv6 and unpacks them to the current directory. +Downloads the DB-IP Country Lite databases for IPv4 and IPv6 and unpacks them +to the current directory. The alternate \fBxt_geoip_dl_maxmind\fP script can be +used for MaxMind formatted CSV databases. .PP Since the script is usually installed to the libexec directory of the xtables-addons package and this is outside $PATH (on purpose), invoking the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/geoip/xt_geoip_dl_maxmind new/xtables-addons-3.12/geoip/xt_geoip_dl_maxmind --- old/xtables-addons-3.11/geoip/xt_geoip_dl_maxmind 1970-01-01 01:00:00.000000000 +0100 +++ new/xtables-addons-3.12/geoip/xt_geoip_dl_maxmind 2020-11-19 22:11:19.000000000 +0100 @@ -0,0 +1,7 @@ +#!/bin/sh + +rm -rf GeoLite2-Country-CSV_* + +wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip +unzip -q GeoLite2-Country-CSV.zip +rm -f GeoLite2-Country-CSV.zip diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/geoip/xt_geoip_fetch_maxmind new/xtables-addons-3.12/geoip/xt_geoip_fetch_maxmind --- old/xtables-addons-3.11/geoip/xt_geoip_fetch_maxmind 1970-01-01 01:00:00.000000000 +0100 +++ new/xtables-addons-3.12/geoip/xt_geoip_fetch_maxmind 2020-11-19 22:11:19.000000000 +0100 @@ -0,0 +1,95 @@ +#!/usr/bin/perl +# +# Utility to query GeoIP database +# Copyright Philip Prindeville, 2018 +# +use Getopt::Long; +use Socket qw(AF_INET AF_INET6 inet_ntop); +use warnings; +use strict; + +sub AF_INET_SIZE() { 4 } +sub AF_INET6_SIZE() { 16 } + +my $target_dir = "."; +my $ipv4 = 0; +my $ipv6 = 0; + +&Getopt::Long::Configure(qw(bundling)); +&GetOptions( + "D=s" => \$target_dir, + "4" => \$ipv4, + "6" => \$ipv6, +); + +if (!-d $target_dir) { + print STDERR "Target directory $target_dir does not exit.\n"; + exit 1; +} + +# if neither specified, assume both +if (! $ipv4 && ! $ipv6) { + $ipv4 = $ipv6 = 1; +} + +foreach my $cc (@ARGV) { + if ($cc !~ m/^([a-z]{2}|a[12]|o1)$/i) { + print STDERR "Invalid country code '$cc'\n"; + exit 1; + } + + my $file = $target_dir . '/' . uc($cc) . '.iv4'; + + if (! -f $file) { + printf STDERR "Can't find data for country '$cc'\n"; + exit 1; + } + + my ($contents, $buffer, $bytes, $fh); + + if ($ipv4) { + open($fh, '<', $file) || die "Couldn't open file for '$cc'\n"; + + binmode($fh); + + while (($bytes = read($fh, $buffer, AF_INET_SIZE * 2)) == AF_INET_SIZE * 2) { + my ($start, $end) = unpack('a4a4', $buffer); + $start = inet_ntop(AF_INET, $start); + $end = inet_ntop(AF_INET, $end); + print $start, '-', $end, "\n"; + } + close($fh); + if (! defined $bytes) { + printf STDERR "Error reading file for '$cc'\n"; + exit 1; + } elsif ($bytes != 0) { + printf STDERR "Short read on file for '$cc'\n"; + exit 1; + } + } + + substr($file, -1) = '6'; + + if ($ipv6) { + open($fh, '<', $file) || die "Couldn't open file for '$cc'\n"; + + binmode($fh); + + while (($bytes = read($fh, $buffer, AF_INET6_SIZE * 2)) == AF_INET6_SIZE * 2) { + my ($start, $end) = unpack('a16a16', $buffer); + $start = inet_ntop(AF_INET6, $start); + $end = inet_ntop(AF_INET6, $end); + print $start, '-', $end, "\n"; + } + close($fh); + if (! defined $bytes) { + printf STDERR "Error reading file for '$cc'\n"; + exit 1; + } elsif ($bytes != 0) { + printf STDERR "Short read on file for '$cc'\n"; + exit 1; + } + } +} + +exit 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.11/xtables-addons.8.in new/xtables-addons-3.12/xtables-addons.8.in --- old/xtables-addons-3.11/xtables-addons.8.in 2020-09-06 16:35:13.000000000 +0200 +++ new/xtables-addons-3.12/xtables-addons.8.in 2020-11-19 22:11:19.000000000 +0100 @@ -1,4 +1,4 @@ -.TH xtables-addons 8 "" "" "v3.11 (2020-09-06)" +.TH xtables-addons 8 "" "" "v3.12 (2020-11-19)" .SH Name Xtables-addons \(em additional extensions for iptables, ip6tables, etc. .SH Targets _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
