Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2022-02-09 20:39:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old) and /work/SRC/openSUSE:Factory/.xtables-addons.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtables-addons" Wed Feb 9 20:39:30 2022 rev:75 rq:952791 version:3.19 Changes: -------- --- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes 2021-03-19 16:43:37.774149880 +0100 +++ /work/SRC/openSUSE:Factory/.xtables-addons.new.1898/xtables-addons.changes 2022-02-09 20:40:43.098593868 +0100 @@ -1,0 +2,6 @@ +Tue Feb 1 17:28:50 UTC 2022 - Jan Engelhardt <[email protected]> + +- Update to release 3.19 + * xt_ipp2p: add IPv6 support + +------------------------------------------------------------------- Old: ---- xtables-addons-3.18.tar.asc xtables-addons-3.18.tar.xz New: ---- xtables-addons-3.19.tar.asc xtables-addons-3.19.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xtables-addons.spec ++++++ --- /var/tmp/diff_new_pack.hhvHOW/_old 2022-02-09 20:40:43.590595045 +0100 +++ /var/tmp/diff_new_pack.hhvHOW/_new 2022-02-09 20:40:43.594595054 +0100 @@ -1,7 +1,7 @@ # # spec file for package xtables-addons # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: xtables-addons -Version: 3.18 +Version: 3.19 Release: 0 Summary: IP Packet Filter Administration Extensions License: GPL-2.0-only AND GPL-2.0-or-later @@ -32,7 +32,7 @@ Patch1: sle-kernels.patch BuildRequires: %kernel_module_package_buildreqs BuildRequires: automake -BuildRequires: kernel-syms >= 4.15 +BuildRequires: kernel-syms >= 4.16 BuildRequires: libtool BuildRequires: pkg-config >= 0.21 BuildRequires: xz @@ -84,7 +84,7 @@ cp -a "%name-%version" "%name-$flavor-%version" pushd "%name-$flavor-%version/" %configure --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" - make %{?linux_make_arch} %{?_smp_mflags} V=1 + %make_build %{?linux_make_arch} V=1 popd done @@ -95,7 +95,7 @@ pushd ../ for flavor in %flavors_to_build; do pushd "%name-$flavor-%version/" - make %{?linux_make_arch} install DESTDIR="$b" V=1 + %make_install %{?linux_make_arch} V=1 popd done # There is no -devel package. So no need for these files. ++++++ xtables-addons-3.18.tar.xz -> xtables-addons-3.19.tar.xz ++++++ ++++ 4292 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/.gitignore new/xtables-addons-3.19/.gitignore --- old/xtables-addons-3.18/.gitignore 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/.gitignore 2022-02-01 18:24:03.000000000 +0100 @@ -1,3 +1,4 @@ +*.dwo *.gcno *.la *.lo diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/INSTALL new/xtables-addons-3.19/INSTALL --- old/xtables-addons-3.18/INSTALL 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/INSTALL 2022-02-01 18:24:03.000000000 +0100 @@ -14,7 +14,7 @@ * iptables >= 1.6.0 - * kernel-devel >= 4.15 + * kernel-devel >= 4.16 with prepared build/output directory - CONFIG_NF_CONNTRACK - CONFIG_NF_CONNTRACK_MARK enabled =y or as module (=m) @@ -22,7 +22,11 @@ notifications from pknock through netlink/connector (Use xtables-addons-1.x if you need support for Linux < 3.7. -Use xtables-addons-2.x if you need support for Linux < 4.15.) +Use xtables-addons-2.x if you need support for Linux < 4.15. +Use xtables-addons<3.19 if you need support for Linux <=4.16.) +Note: xtables-addons regularly fails to build with patched-to-death +kernels like on RHEL or SLES because the API does not match +LINUX_KERNEL_VERSION anymore. Selecting extensions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/build-aux/ar-lib new/xtables-addons-3.19/build-aux/ar-lib --- old/xtables-addons-3.18/build-aux/ar-lib 2021-03-11 17:13:37.654755879 +0100 +++ new/xtables-addons-3.19/build-aux/ar-lib 2022-02-01 18:24:30.353365834 +0100 @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2019-07-04.01; # UTC -# Copyright (C) 2010-2020 Free Software Foundation, Inc. +# Copyright (C) 2010-2021 Free Software Foundation, Inc. # Written by Peter Rosin <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/build-aux/compile new/xtables-addons-3.19/build-aux/compile --- old/xtables-addons-3.18/build-aux/compile 2021-03-11 17:13:37.654755879 +0100 +++ new/xtables-addons-3.19/build-aux/compile 2022-02-01 18:24:30.357365841 +0100 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/build-aux/missing new/xtables-addons-3.19/build-aux/missing --- old/xtables-addons-3.18/build-aux/missing 2021-03-11 17:13:37.670755904 +0100 +++ new/xtables-addons-3.19/build-aux/missing 2022-02-01 18:24:30.369365866 +0100 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/configure.ac new/xtables-addons-3.19/configure.ac --- old/xtables-addons-3.18/configure.ac 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/configure.ac 2022-02-01 18:24:03.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([xtables-addons], [3.18]) +AC_INIT([xtables-addons], [3.19]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) @@ -20,9 +20,7 @@ # # check for --without-kbuild # -if [[ "$kbuilddir" == no ]]; then - kbuilddir=""; -fi +AS_IF([test "$kbuilddir" = no], [kbuilddir=""]) AC_CHECK_HEADERS([linux/netfilter/x_tables.h], [], [AC_MSG_ERROR([You need to have linux/netfilter/x_tables.h, see INSTALL file for details])]) @@ -42,7 +40,7 @@ -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ -Winline -pipe"; -if test -n "$kbuilddir"; then +AS_IF([test -n "$kbuilddir"], [ AC_MSG_CHECKING([kernel version that we will build against]) krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')" save_IFS="$IFS" @@ -53,21 +51,29 @@ kminor="$(($3+0))" kmicro="$(($4+0))" kstable="$(($5+0))" - if test -z "$kmajor" -o -z "$kminor" -o -z "$kmicro"; then + m4_define([yon], [AS_IF([test -t 1], [echo -en "\033\0133\063\063m"])]) + m4_define([yoff], [AS_IF([test -t 1], [echo -en "\033\0133\060m"])]) + AS_IF([test -z "$kmajor" -o -z "$kminor" -o -z "$kmicro"], [ + yon echo "WARNING: Version detection did not succeed. Continue at own luck."; - else + yoff + ], [ echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; - if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 11; then + if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 16; then + yon echo "WARNING: That kernel version is not officially supported yet. Continue at own luck."; + yoff elif test "$kmajor" -eq 5 -a "$kminor" -ge 0; then : - elif test "$kmajor" -eq 4 -a "$kminor" -ge 15; then + elif test "$kmajor" -eq 4 -a "$kminor" -ge 16; then : else + yon echo "WARNING: That kernel version is not officially supported."; + yoff fi; - fi; -fi; + ]) +]) AC_SUBST([regular_CPPFLAGS]) AC_SUBST([regular_CFLAGS]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/doc/changelog.txt new/xtables-addons-3.19/doc/changelog.txt --- old/xtables-addons-3.18/doc/changelog.txt 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/doc/changelog.txt 2022-02-01 18:24:03.000000000 +0100 @@ -1,3 +1,12 @@ +v3.19 (2022-02-01) +================== +- bumped minimum supported kernel version from 4.15 to 4.16 +- xt_condition: make mutex per-net +- xt_ipp2p: add IPv6 support +- xt_ECHO, xt_TARPIT: do not build IPv6 parts if kernel has + IPv6 build-time disabled + + v3.18 (2021-03-11) ================== - xt_pknock: fix a build failure on ARM 32-bit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/ACCOUNT/Makefile.am new/xtables-addons-3.19/extensions/ACCOUNT/Makefile.am --- old/xtables-addons-3.18/extensions/ACCOUNT/Makefile.am 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/ACCOUNT/Makefile.am 2022-02-01 18:24:03.000000000 +0100 @@ -9,5 +9,6 @@ iptaccount_LDADD = libxt_ACCOUNT_cl.la lib_LTLIBRARIES = libxt_ACCOUNT_cl.la +libxt_ACCOUNT_cl_la_LDFLAGS = -version-info 1:0:0 man_MANS = iptaccount.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/ACCOUNT/libxt_ACCOUNT_cl.h new/xtables-addons-3.19/extensions/ACCOUNT/libxt_ACCOUNT_cl.h --- old/xtables-addons-3.18/extensions/ACCOUNT/libxt_ACCOUNT_cl.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/ACCOUNT/libxt_ACCOUNT_cl.h 2022-02-01 18:24:03.000000000 +0100 @@ -7,10 +7,7 @@ * version 2.1 as published by the Free Software Foundation; * * * ***************************************************************************/ - -#ifndef _xt_ACCOUNT_cl_H -#define _xt_ACCOUNT_cl_H - +#pragma once #include <xt_ACCOUNT.h> #define LIBXT_ACCOUNT_VERSION "1.3" @@ -23,9 +20,8 @@ int sockfd; struct ipt_acc_handle_sockopt handle; - unsigned int data_size; + unsigned int data_size, pos; void *data; - unsigned int pos; char *error_str; }; @@ -55,6 +51,3 @@ #ifdef __cplusplus } #endif - - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/ACCOUNT/xt_ACCOUNT.h new/xtables-addons-3.19/extensions/ACCOUNT/xt_ACCOUNT.h --- old/xtables-addons-3.18/extensions/ACCOUNT/xt_ACCOUNT.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/ACCOUNT/xt_ACCOUNT.h 2022-02-01 18:24:03.000000000 +0100 @@ -7,9 +7,7 @@ * version 2 as published by the Free Software Foundation; * * * ***************************************************************************/ - -#ifndef _IPT_ACCOUNT_H -#define _IPT_ACCOUNT_H +#pragma once /* * Socket option interface shared between kernel (xt_ACCOUNT) and userspace @@ -39,8 +37,7 @@ /* Structure for the userspace part of ipt_ACCOUNT */ struct ipt_acc_info { - __be32 net_ip; - __be32 net_mask; + __be32 net_ip, net_mask; char table_name[ACCOUNT_TABLE_NAME_LEN]; int32_t table_nr; }; @@ -59,10 +56,5 @@ */ struct ipt_acc_handle_ip { __be32 ip, __dummy; - uint64_t src_packets; - uint64_t src_bytes; - uint64_t dst_packets; - uint64_t dst_bytes; + uint64_t src_packets, src_bytes, dst_packets, dst_bytes; }; - -#endif /* _IPT_ACCOUNT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/compat_skbuff.h new/xtables-addons-3.19/extensions/compat_skbuff.h --- old/xtables-addons-3.18/extensions/compat_skbuff.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/compat_skbuff.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,6 +1,4 @@ -#ifndef COMPAT_SKBUFF_H -#define COMPAT_SKBUFF_H 1 - +#pragma once struct tcphdr; struct udphdr; @@ -12,5 +10,3 @@ #else # define skb_secmark(skb) 0 #endif - -#endif /* COMPAT_SKBUFF_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/compat_user.h new/xtables-addons-3.19/extensions/compat_user.h --- old/xtables-addons-3.18/extensions/compat_user.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/compat_user.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,12 +1,8 @@ /* * Userspace-level compat hacks */ -#ifndef _XTABLES_COMPAT_USER_H -#define _XTABLES_COMPAT_USER_H 1 - +#pragma once /* linux-glibc-devel 2.6.34 header screwup */ #ifndef ALIGN # define ALIGN(s, n) (((s) + ((n) - 1)) & ~((n) - 1)) #endif - -#endif /* _XTABLES_COMPAT_USER_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/compat_xtables.c new/xtables-addons-3.19/extensions/compat_xtables.c --- old/xtables-addons-3.18/extensions/compat_xtables.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/compat_xtables.c 2022-02-01 18:24:03.000000000 +0100 @@ -23,7 +23,6 @@ #include <net/route.h> #include <linux/export.h> #include "compat_skbuff.h" -#include "compat_xtnu.h" #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) # define WITH_IPV6 1 #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/compat_xtables.h new/xtables-addons-3.19/extensions/compat_xtables.h --- old/xtables-addons-3.18/extensions/compat_xtables.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/compat_xtables.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,15 +1,12 @@ -#ifndef _XTABLES_COMPAT_H -#define _XTABLES_COMPAT_H 1 - +#pragma once #include <linux/kernel.h> #include <linux/version.h> #include "compat_skbuff.h" -#include "compat_xtnu.h" #define DEBUGP Use__pr_debug__instead -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0) -# warning Kernels below 4.15 not supported. +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0) +# warning Kernels below 4.16 not supported. #endif #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) @@ -48,4 +45,4 @@ # define proc_release release #endif -#endif /* _XTABLES_COMPAT_H */ +extern void *HX_memmem(const void *, size_t, const void *, size_t); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/compat_xtnu.h new/xtables-addons-3.19/extensions/compat_xtnu.h --- old/xtables-addons-3.18/extensions/compat_xtnu.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/compat_xtnu.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,67 +0,0 @@ -#ifndef _COMPAT_XTNU_H -#define _COMPAT_XTNU_H 1 - -#include <linux/netfilter/x_tables.h> - -struct module; -struct sk_buff; - -struct xtnu_match { - /* - * Making it smaller by sizeof(void *) on purpose to catch - * lossy translation, if any. - */ - char name[sizeof(((struct xt_match *)NULL)->name) - 1 - sizeof(void *)]; - uint8_t revision; - bool (*match)(const struct sk_buff *, struct xt_action_param *); - int (*checkentry)(const struct xt_mtchk_param *); - void (*destroy)(const struct xt_mtdtor_param *); - struct module *me; - const char *table; - unsigned int matchsize, hooks; - unsigned short proto, family; - - void *__compat_match; -}; - -struct xtnu_target { - char name[sizeof(((struct xt_target *)NULL)->name) - 1 - sizeof(void *)]; - uint8_t revision; - unsigned int (*target)(struct sk_buff **, - const struct xt_action_param *); - int (*checkentry)(const struct xt_tgchk_param *); - void (*destroy)(const struct xt_tgdtor_param *); - struct module *me; - const char *table; - unsigned int targetsize, hooks; - unsigned short proto, family; - - void *__compat_target; -}; - -static inline struct xtnu_match *xtcompat_numatch(const struct xt_match *m) -{ - void *q; - memcpy(&q, m->name + sizeof(m->name) - sizeof(void *), sizeof(void *)); - return q; -} - -static inline struct xtnu_target *xtcompat_nutarget(const struct xt_target *t) -{ - void *q; - memcpy(&q, t->name + sizeof(t->name) - sizeof(void *), sizeof(void *)); - return q; -} - -extern int xtnu_register_match(struct xtnu_match *); -extern void xtnu_unregister_match(struct xtnu_match *); -extern int xtnu_register_matches(struct xtnu_match *, unsigned int); -extern void xtnu_unregister_matches(struct xtnu_match *, unsigned int); -extern int xtnu_register_target(struct xtnu_target *); -extern void xtnu_unregister_target(struct xtnu_target *); -extern int xtnu_register_targets(struct xtnu_target *, unsigned int); -extern void xtnu_unregister_targets(struct xtnu_target *, unsigned int); - -extern void *HX_memmem(const void *, size_t, const void *, size_t); - -#endif /* _COMPAT_XTNU_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/libxt_ipp2p.c new/xtables-addons-3.19/extensions/libxt_ipp2p.c --- old/xtables-addons-3.18/extensions/libxt_ipp2p.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/libxt_ipp2p.c 2022-02-01 18:24:03.000000000 +0100 @@ -230,7 +230,7 @@ .version = XTABLES_VERSION, .name = "ipp2p", .revision = 1, - .family = NFPROTO_IPV4, + .family = NFPROTO_UNSPEC, .size = XT_ALIGN(sizeof(struct ipt_p2p_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_p2p_info)), .help = ipp2p_mt_help, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/pknock/libxt_pknock.c new/xtables-addons-3.19/extensions/pknock/libxt_pknock.c --- old/xtables-addons-3.18/extensions/pknock/libxt_pknock.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/pknock/libxt_pknock.c 2022-02-01 18:24:03.000000000 +0100 @@ -33,18 +33,23 @@ static void pknock_mt_help(void) { printf("pknock match options:\n" - " --knockports port[,port,port,...] " - "Matches destination port(s).\n" - " --time seconds\n" + " --knockports port[,port[,port[,...]]]\n" + "\t\t\t\tMatches destination port(s).\n" + " --time seconds " "Max allowed time between knocks.\n" - " --autoclose minutes\n" + " --autoclose minutes " "Time after which to automatically close opened\n" - "\t\t\t\t\tport(s).\n" - " --strict " - "Knocks sequence must be exact.\n" - " --name rule_name " + "\t\t\t\tport(s).\n" + " --name rule_name " "Rule name.\n" - " --checkip " + " --opensecret secret " + "(UDP only) Secret to activate the rule.\n" + " --closesecret secret " + "(UDP only) Secret to deactivate the\n" + "\t\t\t\trule.\n" + " --strict " + "Knocks sequence must be exact.\n" + " --checkip " "Matches if the source ip is in the list.\n" ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/pknock/xt_pknock.h new/xtables-addons-3.19/extensions/pknock/xt_pknock.h --- old/xtables-addons-3.18/extensions/pknock/xt_pknock.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/pknock/xt_pknock.h 2022-02-01 18:24:03.000000000 +0100 @@ -8,9 +8,7 @@ * * This program is released under the terms of GNU GPL version 2. */ -#ifndef _XT_PKNOCK_H -#define _XT_PKNOCK_H - +#pragma once #define PKNOCK "xt_pknock: " enum { @@ -47,5 +45,3 @@ char rule_name[XT_PKNOCK_MAX_BUF_LEN+1]; __be32 peer_ip; }; - -#endif /* _XT_PKNOCK_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_CHAOS.h new/xtables-addons-3.19/extensions/xt_CHAOS.h --- old/xtables-addons-3.18/extensions/xt_CHAOS.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_CHAOS.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,6 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_CHAOS_H -#define _LINUX_NETFILTER_XT_CHAOS_H 1 - +#pragma once enum xt_chaos_target_variant { XTCHAOS_NORMAL, XTCHAOS_TARPIT, @@ -10,5 +8,3 @@ struct xt_chaos_tginfo { uint8_t variant; }; - -#endif /* _LINUX_NETFILTER_XT_CHAOS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_DHCPMAC.h new/xtables-addons-3.19/extensions/xt_DHCPMAC.h --- old/xtables-addons-3.18/extensions/xt_DHCPMAC.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_DHCPMAC.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,6 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_DHCPMAC_H -#define _LINUX_NETFILTER_XT_DHCPMAC_H 1 - +#pragma once #define DH_MAC_FMT "%02X:%02X:%02X:%02X:%02X:%02X" #define DH_MAC_HEX(z) z[0], z[1], z[2], z[3], z[4], z[5] @@ -8,5 +6,3 @@ unsigned char addr[ETH_ALEN]; uint8_t mask, invert; }; - -#endif /* _LINUX_NETFILTER_XT_DHCPMAC_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_DNETMAP.h new/xtables-addons-3.19/extensions/xt_DNETMAP.h --- old/xtables-addons-3.18/extensions/xt_DNETMAP.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_DNETMAP.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,6 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_DNETMAP_H -#define _LINUX_NETFILTER_XT_DNETMAP_H 1 - +#pragma once #define DNETMAP_VERSION 2 enum { @@ -17,5 +15,3 @@ __u8 flags; __s32 ttl; }; - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_ECHO.c new/xtables-addons-3.19/extensions/xt_ECHO.c --- old/xtables-addons-3.18/extensions/xt_ECHO.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_ECHO.c 2022-02-01 18:24:03.000000000 +0100 @@ -22,7 +22,11 @@ #include <net/ip6_route.h> #include <net/route.h> #include "compat_xtables.h" +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) +# define WITH_IPV6 1 +#endif +#ifdef WITH_IPV6 static unsigned int echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par) { @@ -124,6 +128,7 @@ kfree_skb(newskb); return NF_DROP; } +#endif static unsigned int echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par) @@ -216,6 +221,7 @@ } static struct xt_target echo_tg_reg[] __read_mostly = { +#ifdef WITH_IPV6 { .name = "ECHO", .revision = 0, @@ -225,6 +231,7 @@ .target = echo_tg6, .me = THIS_MODULE, }, +#endif { .name = "ECHO", .revision = 0, @@ -251,5 +258,7 @@ MODULE_AUTHOR("Jan Engelhardt "); MODULE_DESCRIPTION("Xtables: ECHO diagnosis target"); MODULE_LICENSE("GPL"); +#ifdef WITH_IPV6 MODULE_ALIAS("ip6t_ECHO"); +#endif MODULE_ALIAS("ipt_ECHO"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_IPMARK.h new/xtables-addons-3.19/extensions/xt_IPMARK.h --- old/xtables-addons-3.18/extensions/xt_IPMARK.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_IPMARK.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_IPMARK_H -#define _LINUX_NETFILTER_XT_IPMARK_H 1 +#pragma once enum { XT_IPMARK_SRC, @@ -7,10 +6,6 @@ }; struct xt_ipmark_tginfo { - __u32 andmask; - __u32 ormask; - __u8 selector; - __u8 shift; + __u32 andmask, ormask; + __u8 selector, shift; }; - -#endif /* _LINUX_NETFILTER_XT_IPMARK_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_LOGMARK.h new/xtables-addons-3.19/extensions/xt_LOGMARK.h --- old/xtables-addons-3.18/extensions/xt_LOGMARK.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_LOGMARK.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,9 +1,5 @@ -#ifndef _LINUX_NETFILTER_XT_LOGMARK_TARGET_H -#define _LINUX_NETFILTER_XT_LOGMARK_TARGET_H 1 - +#pragma once struct xt_logmark_tginfo { char prefix[14]; u_int8_t level; }; - -#endif /* _LINUX_NETFILTER_XT_LOGMARK_TARGET_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_PROTO.h new/xtables-addons-3.19/extensions/xt_PROTO.h --- old/xtables-addons-3.18/extensions/xt_PROTO.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_PROTO.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,9 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ /* Protocol modification module for IP tables */ - -#ifndef _XT_PROTO_H -#define _XT_PROTO_H - +#pragma once #include <linux/types.h> enum { @@ -13,8 +10,5 @@ }; struct xt_PROTO_info { - __u8 mode; - __u8 proto; + __u8 mode, proto; }; - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_TARPIT.c new/xtables-addons-3.19/extensions/xt_TARPIT.c --- old/xtables-addons-3.18/extensions/xt_TARPIT.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_TARPIT.c 2022-02-01 18:24:03.000000000 +0100 @@ -532,4 +532,6 @@ MODULE_AUTHOR("Jan Engelhardt "); MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_TARPIT"); +#ifdef WITH_IPV6 MODULE_ALIAS("ip6t_TARPIT"); +#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_TARPIT.h new/xtables-addons-3.19/extensions/xt_TARPIT.h --- old/xtables-addons-3.18/extensions/xt_TARPIT.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_TARPIT.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_TARPIT_H -#define _LINUX_NETFILTER_XT_TARPIT_H 1 +#pragma once enum xt_tarpit_target_variant { XTTARPIT_TARPIT, @@ -10,5 +9,3 @@ struct xt_tarpit_tginfo { uint8_t variant; }; - -#endif /* _LINUX_NETFILTER_XT_TARPIT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_condition.c new/xtables-addons-3.19/extensions/xt_condition.c --- old/xtables-addons-3.18/extensions/xt_condition.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_condition.c 2022-02-01 18:24:03.000000000 +0100 @@ -55,17 +55,15 @@ struct proc_dir_entry *status_proc; unsigned int refcount; bool enabled; - char name[sizeof(((struct xt_condition_mtinfo *)NULL)->name)]; + char name[sizeof_field(struct xt_condition_mtinfo, name)]; }; -/* proc_lock is a user context only semaphore used for write access */ -/* to the conditions' list. */ -static DEFINE_MUTEX(proc_lock); - struct condition_net { + /* proc_lock is a user context only semaphore used for write access */ + /* to the conditions' list. */ + struct mutex proc_lock; struct list_head conditions_list; struct proc_dir_entry *proc_net_condition; - bool after_clear; }; static int condition_net_id; @@ -135,9 +133,7 @@ struct condition_net *condition_net = condition_pernet(par->net); /* Forbid certain names */ - if (*info->name == '\0' || *info->name == '.' || - info->name[sizeof(info->name)-1] != '\0' || - memchr(info->name, '/', sizeof(info->name)) != NULL) { + if (xt_check_proc_name(info->name, sizeof(info->name))) { printk(KERN_INFO KBUILD_MODNAME ": name not allowed or too " "long: \"%.*s\"\n", (unsigned int)sizeof(info->name), info->name); @@ -147,11 +143,11 @@ * Let's acquire the lock, check for the condition and add it * or increase the reference counter. */ - mutex_lock(&proc_lock); + mutex_lock(&condition_net->proc_lock); list_for_each_entry(var, &condition_net->conditions_list, list) { if (strcmp(info->name, var->name) == 0) { var->refcount++; - mutex_unlock(&proc_lock); + mutex_unlock(&condition_net->proc_lock); info->condvar = var; return 0; } @@ -160,7 +156,7 @@ /* At this point, we need to allocate a new condition variable. */ var = kmalloc(sizeof(struct condition_variable), GFP_KERNEL); if (var == NULL) { - mutex_unlock(&proc_lock); + mutex_unlock(&condition_net->proc_lock); return -ENOMEM; } @@ -170,7 +166,7 @@ condition_net->proc_net_condition, &condition_proc_fops, var); if (var->status_proc == NULL) { kfree(var); - mutex_unlock(&proc_lock); + mutex_unlock(&condition_net->proc_lock); return -ENOMEM; } @@ -179,9 +175,9 @@ make_kgid(&init_user_ns, condition_gid_perms)); var->refcount = 1; var->enabled = false; - wmb(); + list_add(&var->list, &condition_net->conditions_list); - mutex_unlock(&proc_lock); + mutex_unlock(&condition_net->proc_lock); info->condvar = var; return 0; } @@ -192,18 +188,14 @@ struct condition_variable *var = info->condvar; struct condition_net *cnet = condition_pernet(par->net); - if (cnet->after_clear) - return; - - mutex_lock(&proc_lock); + mutex_lock(&cnet->proc_lock); if (--var->refcount == 0) { list_del(&var->list); - remove_proc_entry(var->name, cnet->proc_net_condition); - mutex_unlock(&proc_lock); + if (cnet->proc_net_condition) + remove_proc_entry(var->name, cnet->proc_net_condition); kfree(var); - return; } - mutex_unlock(&proc_lock); + mutex_unlock(&cnet->proc_lock); } static struct xt_match condition_mt_reg[] __read_mostly = { @@ -234,29 +226,21 @@ static int __net_init condition_net_init(struct net *net) { struct condition_net *condition_net = condition_pernet(net); + + mutex_init(&condition_net->proc_lock); INIT_LIST_HEAD(&condition_net->conditions_list); condition_net->proc_net_condition = proc_mkdir(dir_name, net->proc_net); if (condition_net->proc_net_condition == NULL) return -EACCES; - condition_net->after_clear = 0; return 0; } static void __net_exit condition_net_exit(struct net *net) { struct condition_net *condition_net = condition_pernet(net); - struct list_head *pos, *q; - struct condition_variable *var = NULL; remove_proc_subtree(dir_name, net->proc_net); - mutex_lock(&proc_lock); - list_for_each_safe(pos, q, &condition_net->conditions_list) { - var = list_entry(pos, struct condition_variable, list); - list_del(pos); - kfree(var); - } - mutex_unlock(&proc_lock); - condition_net->after_clear = true; + condition_net->proc_net_condition = NULL; } static struct pernet_operations condition_net_ops = { @@ -266,12 +250,10 @@ .size = sizeof(struct condition_net), }; - static int __init condition_mt_init(void) { int ret; - mutex_init(&proc_lock); ret = register_pernet_subsys(&condition_net_ops); if (ret != 0) return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_condition.h new/xtables-addons-3.19/extensions/xt_condition.h --- old/xtables-addons-3.18/extensions/xt_condition.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_condition.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _XT_CONDITION_H -#define _XT_CONDITION_H +#pragma once enum { CONDITION_NAME_LEN = 31, @@ -12,5 +11,3 @@ /* Used internally by the kernel */ void *condvar __attribute__((aligned(8))); }; - -#endif /* _XT_CONDITION_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_fuzzy.h new/xtables-addons-3.19/extensions/xt_fuzzy.h --- old/xtables-addons-3.18/extensions/xt_fuzzy.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_fuzzy.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_FUZZY_H -#define _LINUX_NETFILTER_XT_FUZZY_H 1 +#pragma once enum { FUZZY_MIN_RATE = 3, @@ -7,14 +6,9 @@ }; struct xt_fuzzy_mtinfo { - uint32_t minimum_rate; - uint32_t maximum_rate; - uint32_t packets_total; - uint32_t bytes_total; - uint32_t previous_time; - uint32_t present_time; + uint32_t minimum_rate, maximum_rate; + uint32_t packets_total, bytes_total; + uint32_t previous_time, present_time; uint32_t mean_rate; uint8_t acceptance_rate; }; - -#endif /* _LINUX_NETFILTER_XT_FUZZY_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_geoip.h new/xtables-addons-3.19/extensions/xt_geoip.h --- old/xtables-addons-3.18/extensions/xt_geoip.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_geoip.h 2022-02-01 18:24:03.000000000 +0100 @@ -10,8 +10,7 @@ * Samuel Jean * Nicolas Bouliane */ -#ifndef _LINUX_NETFILTER_XT_GEOIP_H -#define _LINUX_NETFILTER_XT_GEOIP_H 1 +#pragma once enum { XT_GEOIP_SRC = 1 << 0, /* Perform check on Source IP */ @@ -23,8 +22,7 @@ /* Yup, an address range will be passed in with host-order */ struct geoip_subnet4 { - __u32 begin; - __u32 end; + __u32 begin, end; }; struct geoip_subnet6 { @@ -45,8 +43,7 @@ }; struct xt_geoip_match_info { - __u8 flags; - __u8 count; + __u8 flags, count; __u16 cc[XT_GEOIP_MAX]; /* Used internally by the kernel */ @@ -54,5 +51,3 @@ }; #define COUNTRY(cc) ((cc) >> 8), ((cc) & 0x00FF) - -#endif /* _LINUX_NETFILTER_XT_GEOIP_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_gradm.h new/xtables-addons-3.19/extensions/xt_gradm.h --- old/xtables-addons-3.18/extensions/xt_gradm.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_gradm.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,9 +1,4 @@ -#ifndef _XT_GRADM_H -#define _XT_GRADM_H - +#pragma once struct xt_gradm_mtinfo { - __u16 flags; - __u16 invflags; + __u16 flags, invflags; }; - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_iface.h new/xtables-addons-3.19/extensions/xt_iface.h --- old/xtables-addons-3.18/extensions/xt_iface.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_iface.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_IFACE_H -#define _LINUX_NETFILTER_XT_IFACE_H 1 +#pragma once enum { XT_IFACE_UP = 1 << 0, @@ -19,8 +18,5 @@ struct xt_iface_mtinfo { char ifname[IFNAMSIZ]; - __u16 flags; - __u16 invflags; + __u16 flags, invflags; }; - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_ipp2p.c new/xtables-addons-3.19/extensions/xt_ipp2p.c --- old/xtables-addons-3.18/extensions/xt_ipp2p.c 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_ipp2p.c 2022-02-01 18:24:03.000000000 +0100 @@ -19,6 +19,35 @@ MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); MODULE_LICENSE("GPL"); +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) +static inline unsigned int +ip_transport_len(const struct sk_buff *skb) +{ + return ntohs(ip_hdr(skb)->tot_len) - skb_network_header_len(skb); +} +static inline unsigned int +ipv6_transport_len(const struct sk_buff *skb) +{ + return ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr) - + skb_network_header_len(skb); +} +#endif + +struct ipp2p_result_printer { + const union nf_inet_addr *saddr, *daddr; + short sport, dport; + void (*print)(const union nf_inet_addr *, short, const union nf_inet_addr *, short, bool, unsigned int); +}; + +static void +print_result(const struct ipp2p_result_printer *rp, bool result, + unsigned int hlen) +{ + rp->print(rp->saddr, rp->sport, + rp->daddr, rp->dport, + result, hlen); +} + /* Search for UDP eDonkey/eMule/Kad commands */ static unsigned int udp_search_edk(const unsigned char *t, const unsigned int packet_len) @@ -807,17 +836,136 @@ {0}, }; +static void +ipp2p_print_result_tcp4(const union nf_inet_addr *saddr, short sport, + const union nf_inet_addr *daddr, short dport, + bool p2p_result, unsigned int hlen) +{ + printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %u\n", + p2p_result, &saddr->ip, sport, &daddr->ip, dport, hlen); +} + +static void +ipp2p_print_result_tcp6(const union nf_inet_addr *saddr, short sport, + const union nf_inet_addr *daddr, short dport, + bool p2p_result, unsigned int hlen) +{ + printk("IPP2P.debug:TCP-match: %d from: %pI6:%hu to: %pI6:%hu Length: %u\n", + p2p_result, &saddr->in6, sport, &daddr->in6, dport, hlen); +} + static bool -ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) +ipp2p_mt_tcp(const struct ipt_p2p_info *info, const struct tcphdr *tcph, + const unsigned char *haystack, unsigned int hlen, + const struct ipp2p_result_printer *rp) { - const struct ipt_p2p_info *info = par->matchinfo; - const unsigned char *haystack; - const struct iphdr *ip = ip_hdr(skb); + size_t tcph_len = tcph->doff * 4; + bool p2p_result = false; + int i = 0; + + if (tcph->fin) return 0; /* if FIN bit is set bail out */ + if (tcph->syn) return 0; /* if SYN bit is set bail out */ + if (tcph->rst) return 0; /* if RST bit is set bail out */ + + if (hlen < tcph_len) { + if (info->debug) + pr_info("TCP header indicated packet larger than it is\n"); + return 0; + } + if (hlen == tcph_len) + return 0; + + haystack += tcph_len; + hlen -= tcph_len; + + while (matchlist[i].command) { + if ((info->cmd & matchlist[i].command) == matchlist[i].command && + hlen > matchlist[i].packet_len) + { + p2p_result = matchlist[i].function_name(haystack, hlen); + if (p2p_result) { + if (info->debug) + print_result(rp, p2p_result, hlen); + return p2p_result; + } + } + i++; + } + return p2p_result; +} + +static void +ipp2p_print_result_udp4(const union nf_inet_addr *saddr, short sport, + const union nf_inet_addr *daddr, short dport, + bool p2p_result, unsigned int hlen) +{ + printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %u\n", + p2p_result, &saddr->ip, sport, &daddr->ip, dport, hlen); +} + +static void +ipp2p_print_result_udp6(const union nf_inet_addr *saddr, short sport, + const union nf_inet_addr *daddr, short dport, + bool p2p_result, unsigned int hlen) +{ + printk("IPP2P.debug:UDP-match: %d from: %pI6:%hu to: %pI6:%hu Length: %u\n", + p2p_result, &saddr->in6, sport, &daddr->in6, dport, hlen); +} + +static bool +ipp2p_mt_udp(const struct ipt_p2p_info *info, const struct udphdr *udph, + const unsigned char *haystack, unsigned int hlen, + const struct ipp2p_result_printer *rp) +{ + size_t udph_len = sizeof(*udph); bool p2p_result = false; int i = 0; - unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */ - /* must not be a fragment */ + if (hlen < udph_len) { + if (info->debug) + pr_info("UDP header indicated packet larger than it is\n"); + return 0; + } + if (hlen == udph_len) + return 0; + + haystack += udph_len; + hlen -= udph_len; + + while (udp_list[i].command) { + if ((info->cmd & udp_list[i].command) == udp_list[i].command && + hlen > udp_list[i].packet_len) + { + p2p_result = udp_list[i].function_name(haystack, hlen); + if (p2p_result) { + if (info->debug) + print_result(rp, p2p_result, hlen); + return p2p_result; + } + } + i++; + } + return p2p_result; +} + +static bool +ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) +{ + const struct ipt_p2p_info *info = par->matchinfo; + struct ipp2p_result_printer printer; + union nf_inet_addr saddr, daddr; + const unsigned char *haystack; /* packet data */ + unsigned int hlen; /* packet data length */ + uint8_t family = xt_family(par); + int protocol; + + /* + * must not be a fragment + * + * NB, `par->fragoff` may be zero for a fragmented IPv6 packet. + * However, in that case the later call to `ipv6_find_hdr` will not find + * a transport protocol, and so we will return 0 there. + */ if (par->fragoff != 0) { if (info->debug) printk("IPP2P.match: offset found %d\n", par->fragoff); @@ -831,103 +979,85 @@ return 0; } - haystack = skb_network_header(skb) + ip_hdrlen(skb); + if (family == NFPROTO_IPV4) { + const struct iphdr *ip = ip_hdr(skb); + saddr.ip = ip->saddr; + daddr.ip = ip->daddr; + protocol = ip->protocol; + hlen = ip_transport_len(skb); + } else { + const struct ipv6hdr *ip = ipv6_hdr(skb); + int thoff = 0; + + saddr.in6 = ip->saddr; + daddr.in6 = ip->daddr; + protocol = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL); + if (protocol < 0) + return 0; + hlen = ipv6_transport_len(skb); + } + + printer.saddr = &saddr; + printer.daddr = &daddr; + haystack = skb_transport_header(skb); - switch (ip->protocol) { + switch (protocol) { case IPPROTO_TCP: /* what to do with a TCP packet */ { - const struct tcphdr *tcph = (const void *)ip + ip_hdrlen(skb); + const struct tcphdr *tcph = tcp_hdr(skb); - if (tcph->fin) return 0; /* if FIN bit is set bail out */ - if (tcph->syn) return 0; /* if SYN bit is set bail out */ - if (tcph->rst) return 0; /* if RST bit is set bail out */ - - haystack += tcph->doff * 4; /* get TCP-Header-Size */ - if (tcph->doff * 4 > hlen) { - if (info->debug) - pr_info("TCP header indicated packet larger than it is\n"); - hlen = 0; - } else { - hlen -= tcph->doff * 4; - } - while (matchlist[i].command) { - if ((info->cmd & matchlist[i].command) == matchlist[i].command && - hlen > matchlist[i].packet_len) - { - p2p_result = matchlist[i].function_name(haystack, hlen); - if (p2p_result) { - if (info->debug) - printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", - p2p_result, &ip->saddr, - ntohs(tcph->source), - &ip->daddr, - ntohs(tcph->dest), hlen); - return p2p_result; - } - } - i++; - } - return p2p_result; + printer.sport = ntohs(tcph->source); + printer.dport = ntohs(tcph->dest); + printer.print = family == NFPROTO_IPV6 ? + ipp2p_print_result_tcp6 : ipp2p_print_result_tcp4; + return ipp2p_mt_tcp(info, tcph, haystack, hlen, &printer); } - - case IPPROTO_UDP: /* what to do with an UDP packet */ + case IPPROTO_UDP: /* what to do with a UDP packet */ case IPPROTO_UDPLITE: { - const struct udphdr *udph = (const void *)ip + ip_hdrlen(skb); + const struct udphdr *udph = udp_hdr(skb); - haystack += sizeof(*udph); - if (sizeof(*udph) > hlen) { - if (info->debug) - pr_info("UDP header indicated packet larger than it is\n"); - hlen = 0; - } else { - hlen -= sizeof(*udph); - } - - while (udp_list[i].command) { - if ((info->cmd & udp_list[i].command) == udp_list[i].command && - hlen > udp_list[i].packet_len) - { - p2p_result = udp_list[i].function_name(haystack, hlen); - if (p2p_result) { - if (info->debug) - printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", - p2p_result, &ip->saddr, - ntohs(udph->source), - &ip->daddr, - ntohs(udph->dest), hlen); - return p2p_result; - } - } - i++; - } - return p2p_result; + printer.sport = ntohs(udph->source); + printer.dport = ntohs(udph->dest); + printer.print = family == NFPROTO_IPV6 ? + ipp2p_print_result_udp6 : ipp2p_print_result_udp4; + return ipp2p_mt_udp(info, udph, haystack, hlen, &printer); } - default: return 0; } } -static struct xt_match ipp2p_mt_reg __read_mostly = { - .name = "ipp2p", - .revision = 1, - .family = NFPROTO_IPV4, - .match = ipp2p_mt, - .matchsize = sizeof(struct ipt_p2p_info), - .me = THIS_MODULE, +static struct xt_match ipp2p_mt_reg[] __read_mostly = { + { + .name = "ipp2p", + .revision = 1, + .family = NFPROTO_IPV4, + .match = ipp2p_mt, + .matchsize = sizeof(struct ipt_p2p_info), + .me = THIS_MODULE, + }, + { + .name = "ipp2p", + .revision = 1, + .family = NFPROTO_IPV6, + .match = ipp2p_mt, + .matchsize = sizeof(struct ipt_p2p_info), + .me = THIS_MODULE, + }, }; static int __init ipp2p_mt_init(void) { - return xt_register_match(&ipp2p_mt_reg); + return xt_register_matches(ipp2p_mt_reg, ARRAY_SIZE(ipp2p_mt_reg)); } static void __exit ipp2p_mt_exit(void) { - xt_unregister_match(&ipp2p_mt_reg); + xt_unregister_matches(ipp2p_mt_reg, ARRAY_SIZE(ipp2p_mt_reg)); } module_init(ipp2p_mt_init); module_exit(ipp2p_mt_exit); MODULE_ALIAS("ipt_ipp2p"); +MODULE_ALIAS("ip6t_ipp2p"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_ipp2p.h new/xtables-addons-3.19/extensions/xt_ipp2p.h --- old/xtables-addons-3.18/extensions/xt_ipp2p.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_ipp2p.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef __IPT_IPP2P_H -#define __IPT_IPP2P_H +#pragma once #define IPP2P_VERSION "0.10" enum { @@ -39,8 +38,5 @@ }; struct ipt_p2p_info { - int cmd; - int debug; + int32_t cmd, debug; }; - -#endif //__IPT_IPP2P_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_ipv4options.h new/xtables-addons-3.19/extensions/xt_ipv4options.h --- old/xtables-addons-3.18/extensions/xt_ipv4options.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_ipv4options.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_IPV4OPTIONS_H -#define _LINUX_NETFILTER_XT_IPV4OPTIONS_H 1 +#pragma once /* IPv4 allows for a 5-bit option number - 32 options */ @@ -18,9 +17,6 @@ * @flags: see above */ struct xt_ipv4options_mtinfo1 { - __u32 map; - __u32 invert; + __u32 map, invert; __u8 flags; }; - -#endif /* _LINUX_NETFILTER_XT_IPV4OPTIONS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_length2.h new/xtables-addons-3.19/extensions/xt_length2.h --- old/xtables-addons-3.18/extensions/xt_length2.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_length2.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_LENGTH2_H -#define _LINUX_NETFILTER_XT_LENGTH2_H +#pragma once enum { XT_LENGTH_INVERT = 1 << 0, @@ -18,5 +17,3 @@ u_int32_t min, max; u_int16_t flags; }; - -#endif /* _LINUX_NETFILTER_XT_LENGTH2_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_lscan.h new/xtables-addons-3.19/extensions/xt_lscan.h --- old/xtables-addons-3.18/extensions/xt_lscan.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_lscan.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_LSCAN_H -#define _LINUX_NETFILTER_XT_LSCAN_H 1 +#pragma once enum { LSCAN_FL1_STEALTH = 1 << 0, @@ -12,5 +11,3 @@ struct xt_lscan_mtinfo { uint8_t match_fl1, match_fl2, match_fl3, match_fl4; }; - -#endif /* _LINUX_NETFILTER_XT_LSCAN_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_psd.h new/xtables-addons-3.19/extensions/xt_psd.h --- old/xtables-addons-3.18/extensions/xt_psd.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_psd.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,6 +1,4 @@ -#ifndef _LINUX_NETFILTER_XT_PSD_H -#define _LINUX_NETFILTER_XT_PSD_H 1 - +#pragma once #include <linux/param.h> #include <linux/types.h> @@ -21,10 +19,6 @@ #define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT struct xt_psd_info { - __u32 weight_threshold; - __u32 delay_threshold; - __u16 lo_ports_weight; - __u16 hi_ports_weight; + __u32 weight_threshold, delay_threshold; + __u16 lo_ports_weight, hi_ports_weight; }; - -#endif /*_LINUX_NETFILTER_XT_PSD_H*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.18/extensions/xt_quota2.h new/xtables-addons-3.19/extensions/xt_quota2.h --- old/xtables-addons-3.18/extensions/xt_quota2.h 2021-03-11 17:13:17.000000000 +0100 +++ new/xtables-addons-3.19/extensions/xt_quota2.h 2022-02-01 18:24:03.000000000 +0100 @@ -1,5 +1,4 @@ -#ifndef _XT_QUOTA_H -#define _XT_QUOTA_H +#pragma once enum xt_quota_flags { XT_QUOTA_INVERT = 1 << 0, @@ -21,5 +20,3 @@ /* Used internally by the kernel */ struct xt_quota_counter *master __attribute__((aligned(8))); }; - -#endif /* _XT_QUOTA_H */ ++++++ xtables-addons.keyring ++++++ --- /var/tmp/diff_new_pack.hhvHOW/_old 2022-02-09 20:40:43.854595676 +0100 +++ /var/tmp/diff_new_pack.hhvHOW/_new 2022-02-09 20:40:43.854595676 +0100 @@ -1,53 +1,26 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBF6oma8BEACXgERXgUrTVTUu1ivWCzo3zUu2VJpEFZulgSklraVs0YZLbiCl -8IKXMAM5B83ZQn8fK0NMF8nzgfOMTeiTOtb5nKUNcHAzAaVEZEpze+CK/dTERlXL -aqOBs3Q8H6vaHV5vtjtovIm+h2J5gpnDe5tFHnk3Z+COVjKm2tfTL/URbvs2qeyY -Dqf/r7rAEdoBQ29XJbQ4MMCafgiIfdL8yja0hbEKZhUeaaxNSASq8zoVyjQsu4PW -QCFYgdBGSzpWjju6zBmZdhQ016KCbOHys+6pj5n4tKJBfs7AnyFhsQA2HuiUECmN -V4S56eKstFtxmX5QARXTQelptzfW17AxhdU/2jQ1ioOD5jl9uw4NMxB89j7WHMw2 -fkKicHZaGJ6TgmUk2b86c6J2WM/77ckdxEUwVdz8iA1rMTkNVDqP74f+rZTiODbQ -sVAZupnBfFISs0Xd31ugSEq3vgA6PbXXTOiLJYgf8aHsic6PgCLGtuzIoq1W5m2D -p4raE06P8ISF2c+nawYYwD+BMlKeM9FpHYtdujc9pN2zDKmghoZYalE8Kbrcegtf -klaSc3PmOmNKdTIENLhiBTuaE878FJryl4Wtdf+tXBjEYMMftEwLlL0pIKQzxdRN -7faVX1wXiD5cFHSCEC84F29IBWJP6CCJ8dK2DOUlW4ZceVUgthLZBL0BMwARAQAB -tCBKYW4gRW5nZWxoYXJkdCA8amVuZ2VsaEBpbmFpLmRlPokCUwQTAQoAPRYhBCNo -bBCkVpG+ekJRCdY4gYHzWgk4BQJeqJmvAhsDBQkJlCYABAsJCAcFFQoJCAsFFgID -AQACHgECF4AACgkQ1jiBgfNaCTgURw/+M+R0KfuVbLUkh1PsXweGYRYnzlNQqK0x -+3dsWG2T6P89T1MBXFfnGcPjkLiUjCZC0x0Jt6W8vtaLsGdSLd81oWE1UaD4gRh2 -tLYO9gw6IheEOwlsrEHOpStYWX6mqtBGwxM222aYnXRq/0ZfCGXEfzXfH5kfucAL -E/dxNlhEcQ6sw0viIWl9Dp40Cno3DdPY5F54s87vvzyTqpW+lWwlBhj35UaCk3Um -wviTZxNBNxP3zhXur1AwE0/oKHF+Q3YTUaNSvd4u/022HGT+tEeEeRAYpd8n0gT1 -8lOcE8OhzKW0jiHZWDvqcA0+tLxpROEmA7pLR+RgMI52gyY3rfAkldzd+SLDQVhz -UGqgSLNAgPrFxUEwd6caf+9uk/CUeVv+3fv4rKul2OQ+65ahl0EYTahQkQLCNKOx -G7xAFfwDFuI5QBQPM1IudQwKcnFNgtwTwqXRJk2sqvqnDy38zkht6Y8se6cYKA6X -d+kVVlaVHs0ia8idTKczpSOhqBkqlpfn1YNVIFbXLOtRtlqu7NO0tLt0Qrf114ly -PcVYlw4f202g7sB1Xtim+kF46tqduoDmVadcDCUzB6yRQWDhmEZ3705sa2d8cQvG -BGWQILCvz/RAKJ3NhbvlDYnTxeU+W18/4Y7B42FxbAjQSe6ETnbjyII++kwM4GeL -tBjlt7M5B3i5Ag0EXqiZrwEQAOJMlaEkNofyV8l0oCfC1WwxYjsMkx37+lAlV9jz -SHwUC9wu0S2mw3rallfAhkQXJcc81AoFQpLlTwTOZZ/tBHElpVcNXQ3GeYaSwNzx -/U5YCgQa40b8xKHK2ADXVE1kRFN9b4qV5r9BSbcSw6wqqX42g5IPJuYuv7eDGneB -0ZG1cTlyOJKNBQF56UnqFvrX3XiUIwaH7O9rpNeFOyXxjqvi5V9l1PAAtWzZcAfp -IE844Bp6e4ANIJHtA+pfpTevYghmkqvaShQJbI+4qRUWGO4gSPpwqI90y0L2fH5q -wXWHUbKweZAkUGXmetjRAsAisX48X2Jf9yqX55kIkHFh07kVUaxe7fHjbzvEaUKZ -svnH8IdOoLRD6JuHiaWVIx7qaHauodjLf5DaHjMHL9djSzXZ3FKVb94FUWO2xJiU -NLCUe4ZJFb4JiPYni5ZlGOWobwnqFhWWLI/mPAIwAhMPl+ufZYYy3xG96y2PqUKp -8Kk3jKGMhBmdGSEZ4Ni81DOJFNSWOElmN6Pm6YA1AVaWBKTJTo50wnTKt7PDrFxW -tbixsqtHCawoSdKSHcqU4JEH5gaM/3nHMXvOIuNqSJOb75uhOkd+pgsJOp1a9LiP -lgNfTJ/JJpM5KD5sTzYtRLtCiyFEwjplYAkBGy2Mka2FggVu/hB3JkNxvBS0fMGJ -ixdfABEBAAGJAjsEGAEKACYWIQQjaGwQpFaRvnpCUQnWOIGB81oJOAUCXqiZrwIb -DAUJCZQmAAAKCRDWOIGB81oJOHorD/Y2O956ujqkT+QVuqFjQ2U5TriatREgIMzV -u7Vl2r+lijYuMi2gmgmJCfJEr0o8bNOmrFpbnXQDkfDir3J6mgRmnxXS1x9s9LaX -+/vxb2qHdG4xrEPJWHiKOsMK900++M9uYSiKG65QUfoaf3URVPe+OL+0AlbL5Oxj -26a7tliJ5BNMYrmO0zGYMDtL/vL6vMydem+81rT/k1Jrldpah8hvRvqGiRLW0sJN -faRMTjzD9F4oltW4pjni95/4tuf0C/oi50dMoX/yo8EDTiCP+ucHo2LoCNQGgVOw -7NegRUV7vmQejDx7SBWFcndyqTijdiu+GLBf12iBAI1MQiyMcntw0WkBPNQsubYW -FPhbIScOjlLi7iSqy3P0XfxvR4zTPrhNf8sFA1ZzaFcE3NL8e9GSMRYwzt8QaSHI -Ha1z85tFAmKegtShgcoWtVYooxAke4KZYrkDSGzKuRASkeBxIdnZZnVc74i6Fcxc -pKt43tWZftpmHNi8Tl3An3PlMBHY+APxEX5BPqhV5a0upkTn4pCgRnbKCRsYgri9 -OhifoVuTluGGN+RGKFzzlGA3OhvzXGGrGhY3ilAy6/5vk5Nj34Gv6jhDNb067yIh -8beeUVDkGzaW/CAAzUYcEarih1+BLnHEpZwADr50M+BwnyEhRhAqYOWMQaNMvucg -NGTT6x12 -=QLsa +mDMEYdM5whYJKwYBBAHaRw8BAQdADytr1kM/qc54vO40yIHht0XeDD7sMe1rw8Xo +Nq/LtMO0IEphbiBFbmdlbGhhcmR0IDxqZW5nZWxoQGluYWkuZGU+iJUEExYKAD0W +IQS8oMXDCcrFaedKkhz3bv5dDCI6jwUCYdM5wgIbAwUJCWYBgAQLCQgHBRUKCQgL +BRYCAwEAAh4FAheAAAoJEPdu/l0MIjqPriUBAPLcct0ekiHZHS/mPDaS0I0mh5zy +zaZFuB5FaMpQQgQ5AP45H+SqGxP7BRlsEDajDmcEyM+IPvn22lOGKyR5OKQxDokC +MwQQAQoAHRYhBCNobBCkVpG+ekJRCdY4gYHzWgk4BQJh0zqPAAoJENY4gYHzWgk4 +F7EP/3ZG6rs4l24k/GOvO1CNPM0rHaOccbB3E8BXzTJ6BsKIG1T3X4cokLHAkhmO +8ffw9NYV/HJ1AJyirvHfYFd6nn55aMakbyjo7RmDpmMmpJH5UpbhtqlJkeRQdMni +3bx+9i9E8QFJG6eFaGz8UhCCyzQvuLhawNcA6mPDumQkIri73NnA9vegw8yyDqpr +14fm4Eh+uERzXQ6JkNTqaZuKfyryb4MSluJ6LEUqNv1vqJeCHoE5iQc0WaDPamiP +Dnd3G/k2KHIFTlYdFVKnow0MYo+kyRKxUUL38x/tZ/WEhSv9oiNUOqTZJhkPOHOv +VaHfRdxOGV3845bWngegkXD6KGQvWT1vlfGa9XbNqxWQFqi59malm/jShnd8XJAK +gZuU9pB70lFwCglc+NQLPPrY16cYwFv1L2xU3owhtdiMydTI38Cw7hPteYPkASpa +/1EHf0pPxRhv01RtrPEsGhroXennooFTHe6U0Ay3Z0yBZbRJhoDv8PvBZ4RatdNR +p05qu2SBUWC+neecIHvbguI9x5G8egJ8WsGgDAuMcvWsW95H9oj/aONAgtL6LcsT +KHaPI9senfBTYI+ak+E9sHi/kaQIl5umvf8+B2CAh4QPhmkYvGtINH+HCZI6WdyE +tIsg+JklBgFwSBus9zHHUwwBfio2PgIlocRL6SL5Q2amcALPuDgEYdM5whIKKwYB +BAGXVQEFAQEHQKpjexO72fM4FUcrTh2r6MCyxmAF0CBUpnTQeIk5nVZ2AwEIB4h+ +BBgWCgAmFiEEvKDFwwnKxWnnSpIc927+XQwiOo8FAmHTOcICGwwFCQlmAYAACgkQ +927+XQwiOo/sOgD9GOjmj2blZGtR5attfY46/9B9bBkb8kDW7LACK007YZUBAJr8 +JCfIUFBfm5b/ev80rscAUSp4uTn4Z/W6ywR5STIH +=NTtt -----END PGP PUBLIC KEY BLOCK-----
