Hello community, here is the log from the commit of package ipset for openSUSE:Factory checked in at 2017-09-25 13:59:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipset (Old) and /work/SRC/openSUSE:Factory/.ipset.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset" Mon Sep 25 13:59:41 2017 rev:25 rq:528438 version:6.34 Changes: -------- --- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2017-09-20 17:07:51.846323671 +0200 +++ /work/SRC/openSUSE:Factory/.ipset.new/ipset.changes 2017-09-25 13:59:46.899751470 +0200 @@ -1,0 +2,11 @@ +Sat Sep 23 19:10:12 UTC 2017 - [email protected] + +- Update to new upstream release 6.34 + * Reset state after a command failed, when multiple ones + are issued. + * Handle padding attribute properly in userspace. + * Test to check the fix to add an IPv4 range containing more + than 2^31 addresses. +- Remove ipset-6.33-export-func.diff (merged) + +------------------------------------------------------------------- Old: ---- ipset-6.33-export-func.diff ipset-6.33.tar.bz2 New: ---- ipset-6.34.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ --- /var/tmp/diff_new_pack.2GTwxo/_old 2017-09-25 13:59:47.547660312 +0200 +++ /var/tmp/diff_new_pack.2GTwxo/_new 2017-09-25 13:59:47.547660312 +0200 @@ -25,7 +25,7 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 6.33 +Version: 6.34 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -36,7 +36,6 @@ Source: http://ipset.netfilter.org/%name-%version.tar.bz2 Source3: %name-preamble Patch1: ipset-destdir.diff -Patch2: ipset-6.33-export-func.diff BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -105,7 +104,7 @@ %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -p1 %build # build wants to call modinfo at some point ++++++ ipset-6.33.tar.bz2 -> ipset-6.34.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/ChangeLog new/ipset-6.34/ChangeLog --- old/ipset-6.33/ChangeLog 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/ChangeLog 2017-09-23 20:44:37.000000000 +0200 @@ -1,3 +1,15 @@ +6.34 + - testsuite: Make sure it can be run over ssh :-) + - Reset state after a command failed, when multiple ones are issued + (bugzilla id #1158, reported by Dimitri Grischin) + - Handle padding attribute properly in userspace. + - Test to check the fix to add an IPv4 range containing more than 2^31 + addresses + - Fix the include guards on the include/libipset/linux_ip_set*.h + (bugzilla id #1139, suggested by Quentin Armitage) + - New function added in commit 54802b2c is missing from libipset.map + (bugzilla id #1182, reported by [email protected]) + 6.33 - Report if the option is supported by a newer kernel release - ipset: Fix ipset command replacement in runtest.sh (Neutron Soutmun) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/Makefile.am new/ipset-6.34/Makefile.am --- old/ipset-6.33/Makefile.am 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/Makefile.am 2017-09-23 20:44:37.000000000 +0200 @@ -88,8 +88,10 @@ update_includes: for x in ip_set.h ip_set_bitmap.h ip_set_hash.h ip_set_list.h; do \ - cp kernel/include/uapi/linux/netfilter/ipset/$$x \ - include/libipset/linux_$$x; \ + sed -r -e 's@#(ifndef|define|endif[ \t]*/[*])[ \t]*_UAPI@#\1 @' \ + -e 's@^#include <linux/netfilter/ipset/ip_set.h>@@' \ + kernel/include/uapi/linux/netfilter/ipset/$$x \ + > include/libipset/linux_$$x; \ done update_utils: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/Makefile.in new/ipset-6.34/Makefile.in --- old/ipset-6.33/Makefile.in 2017-09-12 19:16:07.000000000 +0200 +++ new/ipset-6.34/Makefile.in 2017-09-23 20:48:28.000000000 +0200 @@ -1017,8 +1017,10 @@ update_includes: for x in ip_set.h ip_set_bitmap.h ip_set_hash.h ip_set_list.h; do \ - cp kernel/include/uapi/linux/netfilter/ipset/$$x \ - include/libipset/linux_$$x; \ + sed -r -e 's@#(ifndef|define|endif[ \t]*/[*])[ \t]*_UAPI@#\1 @' \ + -e 's@^#include <linux/netfilter/ipset/ip_set.h>@@' \ + kernel/include/uapi/linux/netfilter/ipset/$$x \ + > include/libipset/linux_$$x; \ done update_utils: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/configure new/ipset-6.34/configure --- old/ipset-6.33/configure 2017-09-12 19:16:06.000000000 +0200 +++ new/ipset-6.34/configure 2017-09-23 20:48:27.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ipset 6.33. +# Generated by GNU Autoconf 2.69 for ipset 6.34. # # Report bugs to <[email protected]>. # @@ -594,8 +594,8 @@ # Identity of this package. PACKAGE_NAME='ipset' PACKAGE_TARNAME='ipset' -PACKAGE_VERSION='6.33' -PACKAGE_STRING='ipset 6.33' +PACKAGE_VERSION='6.34' +PACKAGE_STRING='ipset 6.34' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1413,7 +1413,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ipset 6.33 to adapt to many kinds of systems. +\`configure' configures ipset 6.34 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1483,7 +1483,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ipset 6.33:";; + short | recursive ) echo "Configuration of ipset 6.34:";; esac cat <<\_ACEOF @@ -1616,7 +1616,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ipset configure 6.33 +ipset configure 6.34 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1994,7 +1994,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ipset $as_me 6.33, which was +It was created by ipset $as_me 6.34, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2931,7 +2931,7 @@ # Define the identity of the package. PACKAGE='ipset' - VERSION='6.33' + VERSION='6.34' cat >>confdefs.h <<_ACEOF @@ -17335,7 +17335,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ipset $as_me 6.33, which was +This file was extended by ipset $as_me 6.34, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17401,7 +17401,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ipset config.status 6.33 +ipset config.status 6.34 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/configure.ac new/ipset-6.34/configure.ac --- old/ipset-6.33/configure.ac 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/configure.ac 2017-09-23 20:44:37.000000000 +0200 @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [6.33], [[email protected]]) +AC_INIT([ipset], [6.34], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/include/libipset/linux_ip_set.h new/ipset-6.34/include/libipset/linux_ip_set.h --- old/ipset-6.33/include/libipset/linux_ip_set.h 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/include/libipset/linux_ip_set.h 2017-09-23 20:44:37.000000000 +0200 @@ -7,8 +7,8 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#ifndef _UAPI_IP_SET_H -#define _UAPI_IP_SET_H +#ifndef _IP_SET_H +#define _IP_SET_H #include <linux/types.h> @@ -118,6 +118,7 @@ IPSET_ATTR_SKBMARK, IPSET_ATTR_SKBPRIO, IPSET_ATTR_SKBQUEUE, + IPSET_ATTR_PAD, __IPSET_ATTR_ADT_MAX, }; #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) @@ -300,4 +301,4 @@ unsigned int version; }; -#endif /* _UAPI_IP_SET_H */ +#endif /* _IP_SET_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/include/libipset/linux_ip_set_bitmap.h new/ipset-6.34/include/libipset/linux_ip_set_bitmap.h --- old/ipset-6.33/include/libipset/linux_ip_set_bitmap.h 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/include/libipset/linux_ip_set_bitmap.h 2017-09-23 20:44:37.000000000 +0200 @@ -1,5 +1,7 @@ -#ifndef _UAPI__IP_SET_BITMAP_H -#define _UAPI__IP_SET_BITMAP_H +#ifndef __IP_SET_BITMAP_H +#define __IP_SET_BITMAP_H + + /* Bitmap type specific error codes */ enum { @@ -10,4 +12,4 @@ }; -#endif /* _UAPI__IP_SET_BITMAP_H */ +#endif /* __IP_SET_BITMAP_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/include/libipset/linux_ip_set_hash.h new/ipset-6.34/include/libipset/linux_ip_set_hash.h --- old/ipset-6.33/include/libipset/linux_ip_set_hash.h 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/include/libipset/linux_ip_set_hash.h 2017-09-23 20:44:37.000000000 +0200 @@ -1,5 +1,7 @@ -#ifndef _UAPI__IP_SET_HASH_H -#define _UAPI__IP_SET_HASH_H +#ifndef __IP_SET_HASH_H +#define __IP_SET_HASH_H + + /* Hash type specific error codes */ enum { @@ -18,4 +20,4 @@ }; -#endif /* _UAPI__IP_SET_HASH_H */ +#endif /* __IP_SET_HASH_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/include/libipset/linux_ip_set_list.h new/ipset-6.34/include/libipset/linux_ip_set_list.h --- old/ipset-6.33/include/libipset/linux_ip_set_list.h 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/include/libipset/linux_ip_set_list.h 2017-09-23 20:44:37.000000000 +0200 @@ -1,5 +1,7 @@ -#ifndef _UAPI__IP_SET_LIST_H -#define _UAPI__IP_SET_LIST_H +#ifndef __IP_SET_LIST_H +#define __IP_SET_LIST_H + + /* List type specific error codes */ enum { @@ -18,4 +20,4 @@ }; -#endif /* _UAPI__IP_SET_LIST_H */ +#endif /* __IP_SET_LIST_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/ChangeLog new/ipset-6.34/kernel/ChangeLog --- old/ipset-6.33/kernel/ChangeLog 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/ChangeLog 2017-09-23 20:44:37.000000000 +0200 @@ -1,3 +1,7 @@ +6.34 + - Fix adding an IPv4 range containing more than 2^31 addresses + (bugzilla id #1005, reported by Oleg Serditov and Oliver Ford) + 6.33 - Backport patch: sctp: remove the typedef sctp_sctphdr_t - Backport patch: netfilter: nfnetlink: extended ACK reporting diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ip.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ip.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ip.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ip.c 2017-09-23 20:44:37.000000000 +0200 @@ -123,13 +123,12 @@ return ret; ip &= ip_set_hostmask(h->netmask); + e.ip = htonl(ip); + if (e.ip == 0) + return -IPSET_ERR_HASH_ELEM; - if (adt == IPSET_TEST) { - e.ip = htonl(ip); - if (e.ip == 0) - return -IPSET_ERR_HASH_ELEM; + if (adt == IPSET_TEST) return adtfn(set, &e, &ext, &ext, flags); - } ip_to = ip; if (tb[IPSET_ATTR_IP_TO]) { @@ -148,17 +147,20 @@ hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1); - if (retried) + if (retried) { ip = ntohl(h->next.ip); - for (; !before(ip_to, ip); ip += hosts) { e.ip = htonl(ip); - if (e.ip == 0) - return -IPSET_ERR_HASH_ELEM; + } + for (; ip <= ip_to;) { ret = adtfn(set, &e, &ext, &ext, flags); - if (ret && !ip_set_eexist(ret, flags)) return ret; + ip += hosts; + e.ip = htonl(ip); + if (e.ip == 0) + return 0; + ret = 0; } return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c 2017-09-23 20:44:37.000000000 +0200 @@ -149,7 +149,7 @@ if (retried) ip = ntohl(h->next.ip); - for (; !before(ip_to, ip); ip++) { + for (; ip <= ip_to; ip++) { e.ip = htonl(ip); ret = adtfn(set, &e, &ext, &ext, flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipport.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipport.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipport.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipport.c 2017-09-23 20:44:37.000000000 +0200 @@ -178,7 +178,7 @@ if (retried) ip = ntohl(h->next.ip); - for (; !before(ip_to, ip); ip++) { + for (; ip <= ip_to; ip++) { p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) : port; for (; p <= port_to; p++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c 2017-09-23 20:44:37.000000000 +0200 @@ -185,7 +185,7 @@ if (retried) ip = ntohl(h->next.ip); - for (; !before(ip_to, ip); ip++) { + for (; ip <= ip_to; ip++) { p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) : port; for (; p <= port_to; p++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2017-09-23 20:44:37.000000000 +0200 @@ -271,7 +271,7 @@ if (retried) ip = ntohl(h->next.ip); - for (; !before(ip_to, ip); ip++) { + for (; ip <= ip_to; ip++) { e.ip = htonl(ip); p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) : port; @@ -281,7 +281,7 @@ ip == ntohl(h->next.ip) && p == ntohs(h->next.port) ? ntohl(h->next.ip2) : ip2_from; - while (!after(ip2, ip2_to)) { + while (ip2 <= ip2_to) { e.ip2 = htonl(ip2); ip2_last = ip_set_range_to_cidr(ip2, ip2_to, &cidr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_net.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_net.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_net.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_net.c 2017-09-23 20:44:37.000000000 +0200 @@ -193,7 +193,7 @@ } if (retried) ip = ntohl(h->next.ip); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &e.cidr); ret = adtfn(set, &e, &ext, &ext, flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netiface.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netiface.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2017-09-23 20:44:37.000000000 +0200 @@ -255,7 +255,7 @@ if (retried) ip = ntohl(h->next.ip); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &e.cidr); ret = adtfn(set, &e, &ext, &ext, flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netnet.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netnet.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netnet.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netnet.c 2017-09-23 20:44:37.000000000 +0200 @@ -250,13 +250,13 @@ if (retried) ip = ntohl(h->next.ip[0]); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip[0] = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); ip2 = (retried && ip == ntohl(h->next.ip[0])) ? ntohl(h->next.ip[1]) : ip2_from; - while (!after(ip2, ip2_to)) { + while (ip2 <= ip2_to) { e.ip[1] = htonl(ip2); last2 = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]); ret = adtfn(set, &e, &ext, &ext, flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netport.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netport.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2017-09-23 20:44:37.000000000 +0200 @@ -241,7 +241,7 @@ if (retried) ip = ntohl(h->next.ip); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &cidr); e.cidr = cidr - 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c --- old/ipset-6.33/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2017-09-23 20:44:37.000000000 +0200 @@ -291,7 +291,7 @@ if (retried) ip = ntohl(h->next.ip[0]); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip[0] = htonl(ip); ip_last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); p = retried && ip == ntohl(h->next.ip[0]) ? ntohs(h->next.port) @@ -301,7 +301,7 @@ ip2 = (retried && ip == ntohl(h->next.ip[0]) && p == ntohs(h->next.port)) ? ntohl(h->next.ip[1]) : ip2_from; - while (!after(ip2, ip2_to)) { + while (ip2 <= ip2_to) { e.ip[1] = htonl(ip2); ip2_last = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/lib/debug.c new/ipset-6.34/lib/debug.c --- old/ipset-6.33/lib/debug.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/lib/debug.c 2017-09-23 20:44:37.000000000 +0200 @@ -87,6 +87,9 @@ if (!nla[i]) continue; switch (policy[i].type) { + case MNL_TYPE_UNSPEC: + fprintf(stderr,"\t\tpadding\n"); + break; case MNL_TYPE_U8: v = *(uint8_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/lib/libipset.map new/ipset-6.34/lib/libipset.map --- old/ipset-6.33/lib/libipset.map 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/lib/libipset.map 2017-09-23 20:44:37.000000000 +0200 @@ -158,3 +158,8 @@ ipset_parse_tcp_udp_port; ipset_parse_uint16; } LIBIPSET_4.3; + +LIBIPSET_4.5 { +global: + ipset_type_higher_rev; +} LIBIPSET_4.4; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/lib/session.c new/ipset-6.34/lib/session.c --- old/ipset-6.33/lib/session.c 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/lib/session.c 2017-09-23 20:44:37.000000000 +0200 @@ -231,6 +231,7 @@ if (type == IPSET_ERROR) { session->errmsg = session->report; session->warnmsg = NULL; + ipset_data_reset(ipset_session_data(session)); } else { session->errmsg = NULL; session->warnmsg = session->report; @@ -514,6 +515,10 @@ .type = MNL_TYPE_U16, .opt = IPSET_OPT_SKBQUEUE, }, + [IPSET_ATTR_PAD] = { + .type = MNL_TYPE_UNSPEC, + .len = 0, + }, }; static const struct ipset_attr_policy ipaddr_attrs[] = { @@ -593,6 +598,8 @@ attr = &attrs[type]; d = mnl_attr_get_payload(nla[type]); + if (attr->type == MNL_TYPE_UNSPEC) + return 0; if (attr->type == MNL_TYPE_NESTED && attr->opt) { /* IP addresses */ struct nlattr *ipattr[IPSET_ATTR_IPADDR_MAX+1] = {}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/check_klog.sh new/ipset-6.34/tests/check_klog.sh --- old/ipset-6.33/tests/check_klog.sh 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/check_klog.sh 2017-09-23 20:44:37.000000000 +0200 @@ -5,6 +5,12 @@ # arguments: ipaddr proto port setname ... +test -f .loglines || exit 1 +loglines=$(<.loglines) +if [ $loglines -ne 0 ]; then + loglines=$((loglines - 1)) +fi + expand_ipv6() { # incomplete, but for our addresses it's OK addr= @@ -37,7 +43,7 @@ port=$1; shift for setname in $@; do - match=`dmesg| tail -n 2 | grep -e "in set $setname: .* SRC=$ipaddr .* PROTO=$proto SPT=$port .*"` + match=`tail -n +$loglines /var/log/kern.log | grep -e "in set $setname: .* SRC=$ipaddr .* PROTO=$proto SPT=$port .*"` if [ -z "$match" ]; then echo "no match!" exit 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/hash:net.t new/ipset-6.34/tests/hash:net.t --- old/ipset-6.33/tests/hash:net.t 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/hash:net.t 2017-09-23 20:44:37.000000000 +0200 @@ -120,6 +120,16 @@ 0 ./resizet.sh -4 net # Nomatch: Check that resizing keeps the nomatch flag 0 ./resizen.sh -4 net +# Create set without timeout support +0 ipset n test hash:net +# Add more than 2^31 elements in a range +0 ipset a test 0.0.0.0-128.0.0.1 +# List set +0 ipset -L test 2>/dev/null | grep -v Revision: > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -u -I 'Size in memory.*' .foo hash:net.t.list3 +# Delete test set +0 ipset destroy test # Counters: create set 0 ipset n test hash:net counters # Counters: add element with packet, byte counters diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/hash:net.t.list3 new/ipset-6.34/tests/hash:net.t.list3 --- old/ipset-6.33/tests/hash:net.t.list3 1970-01-01 01:00:00.000000000 +0100 +++ new/ipset-6.34/tests/hash:net.t.list3 2017-09-23 20:44:37.000000000 +0200 @@ -0,0 +1,9 @@ +Name: test +Type: hash:net +Header: family inet hashsize 1024 maxelem 65536 +Size in memory: 504 +References: 0 +Number of entries: 2 +Members: +0.0.0.0/1 +128.0.0.0/31 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/iptables.sh new/ipset-6.34/tests/iptables.sh --- old/ipset-6.33/tests/iptables.sh 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/iptables.sh 2017-09-23 20:44:37.000000000 +0200 @@ -36,7 +36,6 @@ ;; esac - case "$2" in start) $ipset n ip1 hash:ip $family 2>/dev/null @@ -93,16 +92,16 @@ ;; del) $cmd -F INPUT - $cmd -A INPUT -j SET --del-set ipport src,src + $cmd -A INPUT -s $NET -j SET --del-set ipport src,src ;; add) $ipset n test hash:net $family 2>/dev/null $cmd -F INPUT - $cmd -A INPUT -j SET --add-set test src + $cmd -A INPUT -s $NET -j SET --add-set test src ;; timeout) $ipset n test hash:ip,port timeout 2 - $cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist + $cmd -A INPUT -s $NET -j SET --add-set test src,src --timeout 10 --exist ;; mangle) $ipset n test hash:net $family skbinfo 2>/dev/null diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/match_flags.t new/ipset-6.34/tests/match_flags.t --- old/ipset-6.33/tests/match_flags.t 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/match_flags.t 2017-09-23 20:44:37.000000000 +0200 @@ -1,23 +1,23 @@ # Create sets and inet rules which call set match 0 ./iptables.sh inet start_flags # Send probe packet from 10.0.0.0,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.0 tcp 1025 test-nomatch # Send probe packet from 10.0.0.1,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched 0 ./check_klog.sh 10.0.0.1 tcp 1025 test # Send probe packet from 10.0.0.2,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.2 tcp 1025 test-nomatch # Send probe packet from 10.0.0.255,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.255 tcp 1025 test-nomatch # Send probe packet from 10.0.1.0,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched 0 ./check_klog.sh 10.0.1.0 tcp 1025 test # Destroy sets and rules @@ -25,23 +25,23 @@ # Create sets and inet rules which call set match, reversed rule order 0 ./iptables.sh inet start_flags_reversed # Send probe packet from 10.0.0.0,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.0 tcp 1025 test-nomatch # Send probe packet from 10.0.0.1,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched 0 ./check_klog.sh 10.0.0.1 tcp 1025 test # Send probe packet from 10.0.0.2,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.2 tcp 1025 test-nomatch # Send probe packet from 10.0.0.255,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched with --return-nomatch 0 ./check_klog.sh 10.0.0.255 tcp 1025 test-nomatch # Send probe packet from 10.0.1.0,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that test set matched 0 ./check_klog.sh 10.0.1.0 tcp 1025 test # Destroy sets and rules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/match_target.t new/ipset-6.34/tests/match_target.t --- old/ipset-6.33/tests/match_target.t 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/match_target.t 2017-09-23 20:44:37.000000000 +0200 @@ -15,7 +15,7 @@ # Check that 10.255.255.64,tcp:1025 is not in ipport set 1 ipset test ipport 10.255.255.64,tcp:1025 # Send probe packet from 10.255.255.64,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.64 tcp 1025 ipport list # Check that 10.255.255.64,tcp:1025 is in ipport set now @@ -23,7 +23,7 @@ # Check that 10.255.255.64,udp:1025 is not in ipport set 1 ipset test ipport 10.255.255.64,udp:1025 # Send probe packet from 10.255.255.64,udp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.64 udp 1025 ipport list # Check that 10.255.255.64,udp:1025 is in ipport set now @@ -31,7 +31,7 @@ # Check that 10.255.255.1,tcp:1025 is not in ipport set 1 ipset test ipport 10.255.255.1,tcp:1025 # Send probe packet from 10.255.255.1,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.1 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.1 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.1 tcp 1025 ip1 list # Check that 10.255.255.1,tcp:1025 is not in ipport set @@ -39,7 +39,7 @@ # Check that 10.255.255.32,tcp:1025 is not in ipport set 1 ipset test ipport 10.255.255.32,tcp:1025 # Send probe packet from 10.255.255.32,tcp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.32 -p tcp -td 80 -ts 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.32 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.32 tcp 1025 ip2 # Check that 10.255.255.32,tcp:1025 is not in ipport set @@ -47,13 +47,13 @@ # Check that 10.255.255.64,icmp:host-prohibited is not in ipport set 1 ipset test ipport 10.255.255.64,icmp:host-prohibited # Send probe packet 10.255.255.64,icmp:host-prohibited -0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +0 ./sendip.sh -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 # Check that 10.255.255.64,icmp:3/10 is in ipport set now 0 ipset test ipport 10.255.255.64,icmp:host-prohibited # Modify rules to check target and deletion 0 ./iptables.sh inet del # Send probe packet 10.255.255.64,icmp:host-prohibited -0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +0 ./sendip.sh -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 # Check that 10.255.255.64,icmp:3/10 isn't in ipport 1 ipset test ipport 10.255.255.64,icmp:host-prohibited # Destroy sets and rules @@ -73,7 +73,7 @@ # Sleep 1s 0 sleep 1s # Send probe packet 10.255.255.64,icmp:host-prohibited -0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +0 ./sendip.sh -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 # Sleep 5s, so original entry could time out 0 sleep 5s # Check that 10.255.255.64,icmp:3/10 is not in ipport set @@ -83,7 +83,7 @@ # Create test set and iptables rules 0 ./iptables.sh inet mangle # Send probe packet from 10.255.255.64,udp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.64 udp 1025 mark # Destroy sets and rules @@ -91,7 +91,7 @@ # Create test set and iptables rules 0 ./iptables.sh inet add # Send probe packet from 10.255.255.64,udp:1025 -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 # Check that 10.255.255.64 is added to the set 0 ipset t test 10.255.255.64 # Flush set @@ -99,7 +99,7 @@ # Add a /24 network to the set 0 ipset a test 1.1.1.0/24 # Send probe packet from 10.255.255.64,udp:1025 again -0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 +0 ./sendip.sh -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 # Check that 10.255.255.0/24 is added to the set 0 ipset t test 10.255.255.0/24 # Destroy sets and rules @@ -107,7 +107,7 @@ # Create set and rules for 0.0.0.0/0 check in hash:net,iface 0 ./iptables.sh inet netiface # Send probe packet -0 sendip -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 +0 ./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 # Check kernel log that the packet matched the set 0 ./check_klog.sh 10.255.255.64 udp 1025 netiface # Destroy sets and rules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/match_target6.t new/ipset-6.34/tests/match_target6.t --- old/ipset-6.33/tests/match_target6.t 2017-09-12 07:26:58.000000000 +0200 +++ new/ipset-6.34/tests/match_target6.t 2017-09-23 20:44:37.000000000 +0200 @@ -15,7 +15,7 @@ # Check that 1002:1002:1002:1002::64,tcp:1025 is not in ipport set 1 ipset test ipport 1002:1002:1002:1002::64,tcp:1025 # Send probe packet from 1002:1002:1002:1002::64,tcp:1025 -0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p tcp -td 80 -ts 1025 ::1 +0 ./sendip.sh -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p tcp -td 80 -ts 1025 ::1 # Check that proper sets matched and target worked 0 ./check_klog.sh 1002:1002:1002:1002::64 tcp 1025 ipport list # Check that 1002:1002:1002:1002::64,tcp:1025 is in ipport set now @@ -23,7 +23,7 @@ # Check that 1002:1002:1002:1002::64,udp:1025 is not in ipport set 1 ipset test ipport 1002:1002:1002:1002::64,udp:1025 # Send probe packet from 1002:1002:1002:1002::64,udp:1025 -0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p udp -ud 80 -us 1025 ::1 +0 ./sendip.sh -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p udp -ud 80 -us 1025 ::1 # Check that proper sets matched and target worked 0 ./check_klog.sh 1002:1002:1002:1002::64 udp 1025 ipport list # Check that 1002:1002:1002:1002::64,udp:1025 is in ipport set now @@ -31,7 +31,7 @@ # Check that 1002:1002:1002:1002::1,tcp:1025 is not in ipport set 1 ipset test ipport 1002:1002:1002:1002::1,tcp:1025 # Send probe packet from 1002:1002:1002:1002::1,tcp:1025 -0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::1 -p tcp -td 80 -ts 1025 ::1 +0 ./sendip.sh -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::1 -p tcp -td 80 -ts 1025 ::1 # Check that proper sets matched and target worked 0 ./check_klog.sh 1002:1002:1002:1002::1 tcp 1025 ip1 list # Check that 1002:1002:1002:1002::1,tcp:1025 is not in ipport set @@ -39,7 +39,7 @@ # Check that 1002:1002:1002:1002::32,tcp:1025 is not in ipport set 1 ipset test ipport 1002:1002:1002:1002::32,tcp:1025 # Send probe packet from 1002:1002:1002:1002::32,tcp:1025 -0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::32 -p tcp -td 80 -ts 1025 ::1 +0 ./sendip.sh -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::32 -p tcp -td 80 -ts 1025 ::1 # Check that proper sets matched and target worked 0 ./check_klog.sh 1002:1002:1002:1002::32 tcp 1025 ip2 # Check that 1002:1002:1002:1002::32,tcp:1025 is not in ipport set @@ -47,13 +47,13 @@ # Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly is not in ipport set 1 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly # Send probe packet from 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly -0 sendip -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1 +0 ./sendip.sh -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1 # Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly is in ipport set now 0 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly # Modify rules to check target and deletion 0 ./iptables.sh inet6 del # Send probe packet from 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly -0 sendip -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1 +0 ./sendip.sh -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1 # Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly isn't in ipport set 1 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly # Destroy sets and rules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.33/tests/sendip.sh new/ipset-6.34/tests/sendip.sh --- old/ipset-6.33/tests/sendip.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/ipset-6.34/tests/sendip.sh 2017-09-23 20:44:37.000000000 +0200 @@ -0,0 +1,6 @@ +#!/bin/bash + +# Save lineno for checking +wc -l /var/log/kern.log | cut -d ' ' -f 1 > .loglines +sendip "$@" +
