Hello community, here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2018-02-13 10:31:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old) and /work/SRC/openSUSE:Factory/.xtables-addons.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtables-addons" Tue Feb 13 10:31:32 2018 rev:56 rq:575806 version:3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes 2018-02-06 16:49:39.750641160 +0100 +++ /work/SRC/openSUSE:Factory/.xtables-addons.new/xtables-addons.changes 2018-02-13 10:31:33.764425313 +0100 @@ -1,0 +2,8 @@ +Mon Feb 12 14:18:55 UTC 2018 - [email protected] + +- Update to new upstream release 3.0 + * Support for Linux 4.16 + * Dropped support for Linux kernels older than 4.15 +- Remove init_timer.patch + +------------------------------------------------------------------- Old: ---- init_timer.patch xtables-addons-2.14.tar.asc xtables-addons-2.14.tar.xz New: ---- xtables-addons-3.0.tar.asc xtables-addons-3.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xtables-addons.spec ++++++ --- /var/tmp/diff_new_pack.iEIJzZ/_old 2018-02-13 10:31:34.432401244 +0100 +++ /var/tmp/diff_new_pack.iEIJzZ/_new 2018-02-13 10:31:34.436401100 +0100 @@ -17,7 +17,7 @@ Name: xtables-addons -Version: 2.14 +Version: 3.0 Release: 0 Summary: IP Packet Filter Administration Extensions License: GPL-2.0 and GPL-2.0+ @@ -30,14 +30,12 @@ Source2: http://downloads.sf.net/%name/%name-%version.tar.asc Source3: %name-preamble Source4: %name.keyring -Patch: init_timer.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: %kernel_module_package_buildreqs -BuildRequires: kernel-syms >= 3.7 +BuildRequires: kernel-syms >= 4.15 BuildRequires: pkg-config >= 0.21 BuildRequires: xz -BuildRequires: pkgconfig(xtables) >= 1.4.5 +BuildRequires: pkgconfig(xtables) >= 1.6.0 Recommends: %name-kmp Recommends: xtables-geoip @@ -67,7 +65,6 @@ %prep %setup -q -%patch -p1 %build pushd ../ ++++++ xtables-addons-2.14.tar.xz -> xtables-addons-3.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/INSTALL new/xtables-addons-3.0/INSTALL --- old/xtables-addons-2.14/INSTALL 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/INSTALL 2018-02-12 15:17:10.000000000 +0100 @@ -12,16 +12,17 @@ Supported configurations for this release ========================================= - * iptables >= 1.4.5 + * iptables >= 1.6.0 - * kernel-devel >= 3.7 + * kernel-devel >= 4.15 with prepared build/output directory - CONFIG_NF_CONNTRACK - CONFIG_NF_CONNTRACK_MARK enabled =y or as module (=m) - CONFIG_CONNECTOR y/m if you wish to receive userspace notifications from pknock through netlink/connector -(Use xtables-addons-1.x if you need support for Linux < 3.7.) +(Use xtables-addons-1.x if you need support for Linux < 3.7. +Use xtables-addons-2.x if you need support for Linux < 4.15.) Selecting extensions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/configure new/xtables-addons-3.0/configure --- old/xtables-addons-2.14/configure 2017-11-22 18:30:05.394677252 +0100 +++ new/xtables-addons-3.0/configure 2018-02-12 15:17:19.084319822 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xtables-addons 2.14. +# Generated by GNU Autoconf 2.69 for xtables-addons 3.0. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='xtables-addons' PACKAGE_TARNAME='xtables-addons' -PACKAGE_VERSION='2.14' -PACKAGE_STRING='xtables-addons 2.14' +PACKAGE_VERSION='3.0' +PACKAGE_STRING='xtables-addons 3.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1325,7 +1325,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xtables-addons 2.14 to adapt to many kinds of systems. +\`configure' configures xtables-addons 3.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1395,7 +1395,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xtables-addons 2.14:";; + short | recursive ) echo "Configuration of xtables-addons 3.0:";; esac cat <<\_ACEOF @@ -1519,7 +1519,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xtables-addons configure 2.14 +xtables-addons configure 3.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1884,7 +1884,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xtables-addons $as_me 2.14, which was +It was created by xtables-addons $as_me 3.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2750,7 +2750,7 @@ # Define the identity of the package. PACKAGE='xtables-addons' - VERSION='2.14' + VERSION='3.0' cat >>confdefs.h <<_ACEOF @@ -12439,12 +12439,10 @@ echo "WARNING: Version detection did not succeed. Continue at own luck."; else echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; - if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 12; then + if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 16; then echo "WARNING: That kernel version is not officially supported yet. Continue at own luck."; - elif test "$kmajor" -eq 4 -a "$kminor" -le 10; then - :; - elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then - :; + elif test "$kmajor" -eq 4 -a "$kminor" -ge 15; then + : else echo "WARNING: That kernel version is not officially supported."; fi; @@ -12987,7 +12985,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xtables-addons $as_me 2.14, which was +This file was extended by xtables-addons $as_me 3.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13053,7 +13051,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xtables-addons config.status 2.14 +xtables-addons config.status 3.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/configure.ac new/xtables-addons-3.0/configure.ac --- old/xtables-addons-2.14/configure.ac 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/configure.ac 2018-02-12 15:17:10.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([xtables-addons], [2.14]) +AC_INIT([xtables-addons], [3.0]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) @@ -57,12 +57,10 @@ echo "WARNING: Version detection did not succeed. Continue at own luck."; else echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; - if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 12; then + if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 16; then echo "WARNING: That kernel version is not officially supported yet. Continue at own luck."; - elif test "$kmajor" -eq 4 -a "$kminor" -le 10; then - :; - elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then - :; + elif test "$kmajor" -eq 4 -a "$kminor" -ge 15; then + : else echo "WARNING: That kernel version is not officially supported."; fi; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/doc/changelog.txt new/xtables-addons-3.0/doc/changelog.txt --- old/xtables-addons-2.14/doc/changelog.txt 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/doc/changelog.txt 2018-02-12 15:17:10.000000000 +0100 @@ -1,6 +1,10 @@ HEAD ==== +Enhancements: +- support for Linux 4.15, 4.16 +Changes: +- remove support for Linux 3.7--4.14 v2.14 (2017-11-22) @@ -127,5 +131,5 @@ Enhancements: - Support for Linux 3.7 -If you want to use Xtables-addons with kernels older than 3.7, -use the addons 1.x series (maintained but without new features). +If you want to use Xtables-addons with kernels older than 4.15, +use the addons 2.x series. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/ACCOUNT/xt_ACCOUNT.c new/xtables-addons-3.0/extensions/ACCOUNT/xt_ACCOUNT.c --- old/xtables-addons-2.14/extensions/ACCOUNT/xt_ACCOUNT.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/ACCOUNT/xt_ACCOUNT.c 2018-02-12 15:17:10.000000000 +0100 @@ -482,16 +482,7 @@ static unsigned int ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) struct ipt_acc_net *ian = net_generic(par->state->net, ipt_acc_net_id); -#else -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) - struct ipt_acc_net *ian = net_generic(par->net, ipt_acc_net_id); -#else - struct net *net = dev_net(par->in ? par->in : par->out); - struct ipt_acc_net *ian = net_generic(net, ipt_acc_net_id); -#endif -#endif struct ipt_acc_table *ipt_acc_tables = ian->ipt_acc_tables; const struct ipt_acc_info *info = par->targinfo; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/compat_xtables.h new/xtables-addons-3.0/extensions/compat_xtables.h --- old/xtables-addons-2.14/extensions/compat_xtables.h 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/compat_xtables.h 2018-02-12 15:17:10.000000000 +0100 @@ -8,12 +8,8 @@ #define DEBUGP Use__pr_debug__instead -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0) -# warning Kernels below 3.7 not supported. -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0) -# define prandom_u32() random32() +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0) +# warning Kernels below 4.15 not supported. #endif #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) @@ -46,51 +42,13 @@ # define NIPQUAD_FMT "%hhu.%hhu.%hhu.%hhu" #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0) -static inline struct inode *file_inode(struct file *f) -{ - return f->f_path.dentry->d_inode; -} -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0) -static inline void proc_set_user(struct proc_dir_entry *de, - typeof(de->uid) uid, typeof(de->gid) gid) -{ - de->uid = uid; - de->gid = gid; -} - -static inline void *PDE_DATA(struct inode *inode) -{ - return PDE(inode)->data; -} - -static inline void proc_remove(struct proc_dir_entry *de) -{ - if (de != NULL) - remove_proc_entry(de->name, de->parent); -} -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) -# define ip6_local_out(xnet, xsk, xskb) ip6_local_out(xskb) -# define ip6_route_me_harder(xnet, xskb) ip6_route_me_harder(xskb) -# define ip_local_out(xnet, xsk, xskb) ip_local_out(xskb) -# define ip_route_me_harder(xnet, xskb, xaddrtype) ip_route_me_harder((xskb), (xaddrtype)) -#endif - static inline struct net *par_net(const struct xt_action_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0) return par->state->net; -#else -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) - return par->net; -#else - return dev_net((par->in != NULL) ? par->in : par->out); -#endif -#endif } +#ifndef NF_CT_ASSERT +# define NF_CT_ASSERT(x) WARN_ON(!(x)) +#endif + #endif /* _XTABLES_COMPAT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/pknock/xt_pknock.c new/xtables-addons-3.0/extensions/pknock/xt_pknock.c --- old/xtables-addons-2.14/extensions/pknock/xt_pknock.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/pknock/xt_pknock.c 2018-02-12 15:17:10.000000000 +0100 @@ -357,11 +357,10 @@ * * @r: rule */ -static void -peer_gc(unsigned long r) +static void peer_gc(struct timer_list *tl) { unsigned int i; - struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r; + struct xt_pknock_rule *rule = from_timer(rule, tl, timer); struct peer *peer; struct list_head *pos, *n; @@ -468,11 +467,7 @@ rule->peer_head = alloc_hashtable(peer_hashsize); if (rule->peer_head == NULL) goto out; - - init_timer(&rule->timer); - rule->timer.function = peer_gc; - rule->timer.data = (unsigned long)rule; - + timer_setup(&rule->timer, peer_gc, 0); rule->status_proc = proc_create_data(info->rule_name, 0, pde, &pknock_proc_ops, rule); if (rule->status_proc == NULL) @@ -699,13 +694,7 @@ scnprintf(msg.rule_name, info->rule_name_len + 1, info->rule_name); memcpy(m + 1, &msg, m->len); - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0) cn_netlink_send(m, 0, multicast_group, GFP_ATOMIC); -#else - cn_netlink_send(m, multicast_group, GFP_ATOMIC); -#endif - kfree(m); #endif return true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_CHAOS.c new/xtables-addons-3.0/extensions/xt_CHAOS.c --- old/xtables-addons-2.14/extensions/xt_CHAOS.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_CHAOS.c 2018-02-12 15:17:10.000000000 +0100 @@ -58,12 +58,7 @@ { struct xt_action_param local_par; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) local_par.state = par->state; -#else - local_par.in = par->in, - local_par.out = par->out, -#endif local_par.match = xm_tcp; local_par.matchinfo = &tcp_params; local_par.fragoff = fragoff; @@ -78,14 +73,7 @@ destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude; { struct xt_action_param local_par; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) local_par.state = par->state; -#else - local_par.in = par->in; - local_par.out = par->out; - local_par.hooknum = par->hooknum; - local_par.family = par->family; -#endif local_par.target = destiny; local_par.targinfo = par->targinfo; destiny->target(skb, &local_par); @@ -108,27 +96,15 @@ if ((unsigned int)prandom_u32() <= reject_percentage) { struct xt_action_param local_par; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) local_par.state = par->state; -#else - local_par.in = par->in; - local_par.out = par->out; - local_par.hooknum = par->hooknum; -#endif local_par.target = xt_reject; local_par.targinfo = &reject_params; return xt_reject->target(skb, &local_par); } /* TARPIT/DELUDE may not be called from the OUTPUT chain */ - if (iph->protocol == IPPROTO_TCP && - info->variant != XTCHAOS_NORMAL && -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) - par->state->hook -#else - par->hooknum -#endif - != NF_INET_LOCAL_OUT) + if (iph->protocol == IPPROTO_TCP && info->variant != XTCHAOS_NORMAL && + par->state->hook != NF_INET_LOCAL_OUT) xt_chaos_total(skb, par); return NF_DROP; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_DELUDE.c new/xtables-addons-3.0/extensions/xt_DELUDE.c --- old/xtables-addons-2.14/extensions/xt_DELUDE.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_DELUDE.c 2018-02-12 15:17:10.000000000 +0100 @@ -107,14 +107,9 @@ addr_type = RTN_UNSPEC; #ifdef CONFIG_BRIDGE_NETFILTER -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && nskb->nf_bridge->physoutdev)) #else - if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && - nskb->nf_bridge->mask & BRNF_BRIDGED)) -#endif -#else if (hook != NF_INET_FORWARD) #endif addr_type = RTN_LOCAL; @@ -151,13 +146,7 @@ * a problem, as that is supported since Linux 2.6.35. But since we do not * actually want to have a connection open, we are still going to drop it. */ - delude_send_reset(par_net(par), skb, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) - par->state->hook -#else - par->hooknum -#endif - ); + delude_send_reset(par_net(par), skb, par->state->hook); return NF_DROP; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_DNETMAP.c new/xtables-addons-3.0/extensions/xt_DNETMAP.c --- old/xtables-addons-2.14/extensions/xt_DNETMAP.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_DNETMAP.c 2018-02-12 15:17:10.000000000 +0100 @@ -356,11 +356,7 @@ static unsigned int dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) struct net *net = dev_net(par->state->in ? par->state->in : par->state->out); -#else - struct net *net = dev_net(par->in ? par->in : par->out); -#endif struct dnetmap_net *dnetmap_net = dnetmap_pernet(net); struct nf_conn *ct; enum ip_conntrack_info ctinfo; @@ -371,11 +367,7 @@ struct dnetmap_entry *e; struct dnetmap_prefix *p; __s32 jttl; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) unsigned int hooknum = par->state->hook; -#else - unsigned int hooknum = par->hooknum; -#endif ct = nf_ct_get(skb, &ctinfo); jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout; @@ -500,12 +492,7 @@ newrange.max_addr.ip = postnat_ip; newrange.min_proto = mr->min_proto; newrange.max_proto = mr->max_proto; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->state->hook)); -#else - return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum)); -#endif - no_rev_map: no_free_ip: spin_unlock_bh(&dnetmap_lock); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_ECHO.c new/xtables-addons-3.0/extensions/xt_ECHO.c --- old/xtables-addons-2.14/extensions/xt_ECHO.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_ECHO.c 2018-02-12 15:17:10.000000000 +0100 @@ -35,11 +35,7 @@ void *payload; struct flowi6 fl; struct dst_entry *dst = NULL; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) struct net *net = dev_net((par->state->in != NULL) ? par->state->in : par->state->out); -#else - struct net *net = dev_net((par->in != NULL) ? par->in : par->out); -#endif /* This allows us to do the copy operation in fewer lines of code. */ if (skb_linearize(oldskb) < 0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_LOGMARK.c new/xtables-addons-3.0/extensions/xt_LOGMARK.c --- old/xtables-addons-2.14/extensions/xt_LOGMARK.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_LOGMARK.c 2018-02-12 15:17:10.000000000 +0100 @@ -64,12 +64,7 @@ printk("%s""CONFIRMED", prev ? "," : ""); prev = true; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,9,0) printk(" lifetime=%lus", nf_ct_expires(ct) / HZ); -#else - printk(" lifetime=%lus", - (jiffies - ct->timeout.expires) / HZ); -#endif } static unsigned int @@ -82,21 +77,13 @@ printk("<%u>%.*s""iif=%d hook=%s nfmark=0x%x " "secmark=0x%x classify=0x%x", info->level, (unsigned int)sizeof(info->prefix), info->prefix, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) skb_ifindex(skb), hook_names[par->state->hook], -#else - skb_ifindex(skb), hook_names[par->hooknum], -#endif skb_nfmark(skb), skb_secmark(skb), skb->priority); ct = nf_ct_get(skb, &ctinfo); printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]); if (ct == NULL) printk(" ct=NULL ctmark=NULL ctstate=INVALID ctstatus=NONE"); -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0) - else if (nf_ct_is_untracked(ct)) - printk(" ct=UNTRACKED ctmark=NULL ctstate=UNTRACKED ctstatus=NONE"); -#endif else logmark_ct(ct, ctinfo); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_TARPIT.c new/xtables-addons-3.0/extensions/xt_TARPIT.c --- old/xtables-addons-2.14/extensions/xt_TARPIT.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_TARPIT.c 2018-02-12 15:17:10.000000000 +0100 @@ -249,14 +249,9 @@ niph->id = ~oldhdr->id + 1; #ifdef CONFIG_BRIDGE_NETFILTER -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && nskb->nf_bridge->physoutdev != NULL)) #else - if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && - nskb->nf_bridge->mask & BRNF_BRIDGED)) -#endif -#else if (hook != NF_INET_FORWARD) #endif addr_type = RTN_LOCAL; @@ -283,17 +278,8 @@ goto free_nskb; nf_ct_attach(nskb, oldskb); - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, skb_dst(nskb)->dev, dst_output); -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) - NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL, - skb_dst(nskb)->dev, dst_output_sk); -#else - NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL, - skb_dst(nskb)->dev, dst_output); -#endif return; free_nskb: @@ -406,17 +392,8 @@ nskb->ip_summed = CHECKSUM_NONE; nf_ct_attach(nskb, oldskb); - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, skb_dst(nskb)->dev, dst_output); -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) - NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL, - skb_dst(nskb)->dev, dst_output_sk); -#else - NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb, NULL, - skb_dst(nskb)->dev, dst_output); -#endif return; free_nskb: @@ -454,12 +431,7 @@ /* We are not interested in fragments */ if (iph->frag_off & htons(IP_OFFSET)) return NF_DROP; - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant); -#else - tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant); -#endif return NF_DROP; } @@ -500,12 +472,7 @@ pr_debug("addr is not unicast.\n"); return NF_DROP; } - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant); -#else - tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant); -#endif return NF_DROP; } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_iface.c new/xtables-addons-3.0/extensions/xt_iface.c --- old/xtables-addons-2.14/extensions/xt_iface.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_iface.c 2018-02-12 15:17:10.000000000 +0100 @@ -45,17 +45,9 @@ const struct xt_action_param *par, struct net_device **put) { if (info->flags & XT_IFACE_DEV_IN) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) return par->state->in; -#else - return par->in; -#endif else if (info->flags & XT_IFACE_DEV_OUT) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) return par->state->out; -#else - return par->out; -#endif return *put = dev_get_by_name(&init_net, info->ifname); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/extensions/xt_lscan.c new/xtables-addons-3.0/extensions/xt_lscan.c --- old/xtables-addons-2.14/extensions/xt_lscan.c 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/extensions/xt_lscan.c 2018-02-12 15:17:10.000000000 +0100 @@ -204,11 +204,7 @@ unsigned int n; n = lscan_mt_full(ctdata->mark & connmark_mask, ctstate, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0) par->state->in == init_net.loopback_dev, tcph, -#else - par->in == init_net.loopback_dev, tcph, -#endif skb->len - par->thoff - 4 * tcph->doff); ctdata->mark = (ctdata->mark & ~connmark_mask) | n; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/geoip/xt_geoip_build new/xtables-addons-3.0/geoip/xt_geoip_build --- old/xtables-addons-2.14/geoip/xt_geoip_build 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/geoip/xt_geoip_build 2018-02-12 15:17:10.000000000 +0100 @@ -8,23 +8,45 @@ use Text::CSV_XS; # or trade for Text::CSV use strict; +my $le32 = pack("V", 0x10000000); +my $be32 = pack("N", 0x10000000); +my $u32 = undef; + +sub wantBE { return !$u32 || $u32 eq $be32; } +sub wantLE { return !$u32 || $u32 eq $le32; } + my $csv = Text::CSV_XS->new({ allow_whitespace => 1, binary => 1, eol => $/, }); # or Text::CSV my $target_dir = "."; +my $native_only = 0; &Getopt::Long::Configure(qw(bundling)); &GetOptions( "D=s" => \$target_dir, + "n" => \$native_only, ); if (!-d $target_dir) { print STDERR "Target directory $target_dir does not exist.\n"; exit 1; } -foreach (qw(LE BE)) { +my @dbs = qw(LE BE); +if ($native_only) { + $u32 = pack("L", 0x10000000); + if ($u32 eq $le32) { + @dbs = qw(LE); + } elsif ($u32 eq $be32) { + @dbs = qw(BE); + } else { + print STDERRR "Cannot determine endianness.\n"; + exit 1; + } +} + +foreach (@dbs) { my $dir = "$target_dir/$_"; if (!-e $dir && !mkdir($dir)) { print STDERR "Could not mkdir $dir: $!\n"; @@ -80,43 +102,55 @@ scalar(@{$country->{pool_v6}}), $iso_code, $country->{name}; - $file = "$target_dir/LE/".uc($iso_code).".iv6"; - if (!open($fh_le, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - $file = "$target_dir/BE/".uc($iso_code).".iv6"; - if (!open($fh_be, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; + if (wantLE) { + $file = "$target_dir/LE/".uc($iso_code).".iv6"; + if (!open($fh_le, "> $file")) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + foreach my $range (@{$country->{pool_v6}}) { + print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]); + } + close $fh_le; } - foreach my $range (@{$country->{pool_v6}}) { - print $fh_be $range->[0], $range->[1]; - print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]); + if (wantBE) { + $file = "$target_dir/BE/".uc($iso_code).".iv6"; + if (!open($fh_be, "> $file")) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + foreach my $range (@{$country->{pool_v6}}) { + print $fh_be $range->[0], $range->[1]; + } + close $fh_be; } - close $fh_le; - close $fh_be; printf "%5u IPv4 ranges for %s %s\n", scalar(@{$country->{pool_v4}}), $iso_code, $country->{name}; - $file = "$target_dir/LE/".uc($iso_code).".iv4"; - if (!open($fh_le, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - $file = "$target_dir/BE/".uc($iso_code).".iv4"; - if (!open($fh_be, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; + if (wantLE) { + $file = "$target_dir/LE/".uc($iso_code).".iv4"; + if (!open($fh_le, "> $file")) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + foreach my $range (@{$country->{pool_v4}}) { + print $fh_le pack("VV", $range->[0], $range->[1]); + } + close $fh_le; } - foreach my $range (@{$country->{pool_v4}}) { - print $fh_le pack("VV", $range->[0], $range->[1]); - print $fh_be pack("NN", $range->[0], $range->[1]); + if (wantBE) { + $file = "$target_dir/BE/".uc($iso_code).".iv4"; + if (!open($fh_be, "> $file")) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + foreach my $range (@{$country->{pool_v4}}) { + print $fh_be pack("NN", $range->[0], $range->[1]); + } + close $fh_be; } - close $fh_le; - close $fh_be; } sub ip6_pack diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xtables-addons-2.14/xtables-addons.8.in new/xtables-addons-3.0/xtables-addons.8.in --- old/xtables-addons-2.14/xtables-addons.8.in 2017-11-22 18:29:25.000000000 +0100 +++ new/xtables-addons-3.0/xtables-addons.8.in 2018-02-12 15:17:10.000000000 +0100 @@ -1,4 +1,4 @@ -.TH xtables-addons 8 "" "" "v2.14 (2017-11-22)" +.TH xtables-addons 8 "Lilac" "" "v3.0 (2018-02-12)" .SH Name Xtables-addons \(em additional extensions for iptables, ip6tables, etc. .SH Targets
