Hello community, here is the log from the commit of package ipset for openSUSE:Factory checked in at 2018-03-08 10:41:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipset (Old) and /work/SRC/openSUSE:Factory/.ipset.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset" Thu Mar 8 10:41:34 2018 rev:29 rq:582293 version:6.36 Changes: -------- --- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2018-02-12 10:13:18.881614029 +0100 +++ /work/SRC/openSUSE:Factory/.ipset.new/ipset.changes 2018-03-08 10:41:36.699656549 +0100 @@ -1,0 +2,8 @@ +Sat Mar 3 23:27:51 UTC 2018 - [email protected] + +- Update to new upstream release 6.36 + * Adding a IPv4 range x.x.x.x–255.255.255.255 could lead to + memory exhaustion, which has been fixed. +- Drop 0001-build-do-install-libipset-args.h.patch (merged) + +------------------------------------------------------------------- Old: ---- 0001-build-do-install-libipset-args.h.patch ipset-6.35.tar.bz2 New: ---- ipset-6.36.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ --- /var/tmp/diff_new_pack.NIKP9p/_old 2018-03-08 10:41:37.587624576 +0100 +++ /var/tmp/diff_new_pack.NIKP9p/_new 2018-03-08 10:41:37.591624432 +0100 @@ -25,10 +25,10 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 6.35 +Version: 6.36 Release: 0 Summary: Netfilter ipset administration utility -License: GPL-2.0 +License: GPL-2.0-only Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset @@ -36,7 +36,6 @@ Source: http://ipset.netfilter.org/%name-%version.tar.bz2 Source3: %name-preamble Patch1: ipset-destdir.diff -Patch2: 0001-build-do-install-libipset-args.h.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -105,7 +104,7 @@ %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -p1 %build # build wants to call modinfo at some point ++++++ ipset-6.35.tar.bz2 -> ipset-6.36.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/ChangeLog new/ipset-6.36/ChangeLog --- old/ipset-6.35/ChangeLog 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/ChangeLog 2018-03-03 14:04:02.000000000 +0100 @@ -1,3 +1,9 @@ +6.36 + - Use 'ss' in runtest.sh but fall back to deprecated 'net-tools' + command (bugzilla id #1209) + - build: do install libipset/args.h (Jan Engelhardt) + - Add test to verify wraparound fix + 6.35 - Userspace revision handling is reworked - Replace the last reference to u_int8_t with uint8_t. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/configure new/ipset-6.36/configure --- old/ipset-6.35/configure 2018-01-06 17:03:03.000000000 +0100 +++ new/ipset-6.36/configure 2018-03-03 14:06:45.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ipset 6.35. +# Generated by GNU Autoconf 2.69 for ipset 6.36. # # Report bugs to <[email protected]>. # @@ -594,8 +594,8 @@ # Identity of this package. PACKAGE_NAME='ipset' PACKAGE_TARNAME='ipset' -PACKAGE_VERSION='6.35' -PACKAGE_STRING='ipset 6.35' +PACKAGE_VERSION='6.36' +PACKAGE_STRING='ipset 6.36' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1415,7 +1415,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ipset 6.35 to adapt to many kinds of systems. +\`configure' configures ipset 6.36 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1485,7 +1485,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ipset 6.35:";; + short | recursive ) echo "Configuration of ipset 6.36:";; esac cat <<\_ACEOF @@ -1618,7 +1618,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ipset configure 6.35 +ipset configure 6.36 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1996,7 +1996,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ipset $as_me 6.35, which was +It was created by ipset $as_me 6.36, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2933,7 +2933,7 @@ # Define the identity of the package. PACKAGE='ipset' - VERSION='6.35' + VERSION='6.36' cat >>confdefs.h <<_ACEOF @@ -17367,7 +17367,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ipset $as_me 6.35, which was +This file was extended by ipset $as_me 6.36, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17433,7 +17433,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ipset config.status 6.35 +ipset config.status 6.36 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/configure.ac new/ipset-6.36/configure.ac --- old/ipset-6.35/configure.ac 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/configure.ac 2018-03-03 14:04:02.000000000 +0100 @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [6.35], [[email protected]]) +AC_INIT([ipset], [6.36], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/include/libipset/Makefile.am new/ipset-6.36/include/libipset/Makefile.am --- old/ipset-6.35/include/libipset/Makefile.am 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/include/libipset/Makefile.am 2018-03-03 14:04:02.000000000 +0100 @@ -1,5 +1,6 @@ pkgincludedir = ${includedir}/libipset pkginclude_HEADERS = \ + args.h \ data.h \ errcode.h \ linux_ip_set_bitmap.h \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/include/libipset/Makefile.in new/ipset-6.36/include/libipset/Makefile.in --- old/ipset-6.35/include/libipset/Makefile.in 2018-01-06 17:03:04.000000000 +0100 +++ new/ipset-6.36/include/libipset/Makefile.in 2018-03-03 14:06:46.000000000 +0100 @@ -342,6 +342,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ pkginclude_HEADERS = \ + args.h \ data.h \ errcode.h \ linux_ip_set_bitmap.h \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/ChangeLog new/ipset-6.36/kernel/ChangeLog --- old/ipset-6.35/kernel/ChangeLog 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/ChangeLog 2018-03-03 14:04:02.000000000 +0100 @@ -1,3 +1,10 @@ +6.36 + - Remove duplicate module description + - netfilter: remove messages print and boot/module load time + (Pablo Neira Ayuso) + - Fix wraparound bug introduced in commit 48596a8ddc46 in v6.34 + (reported by Thomas Schwark) + 6.35 - netfilter: mark expected switch fall-throughs (Gustavo A. R. Silva) - License cleanup: add SPDX GPL-2.0 license identifier to files with no diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_core.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_core.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_core.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_core.c 2018-03-03 14:04:02.000000000 +0100 @@ -48,16 +48,11 @@ static unsigned int max_sets; -#define _IP_SET_CORE_MODULE_DESC(a) \ - MODULE_DESCRIPTION("core IP set support (v" a ")") -#define IP_SET_CORE_MODULE_DESC(a) \ - _IP_SET_CORE_MODULE_DESC(__stringify(a)) - module_param(max_sets, int, 0600); MODULE_PARM_DESC(max_sets, "maximal number of sets"); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik <[email protected]>"); -IP_SET_CORE_MODULE_DESC(PACKAGE_VERSION); +MODULE_DESCRIPTION("ip_set: protocol " __stringify(IPSET_PROTOCOL)); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET); /* When the nfnl mutex is held: */ @@ -2192,7 +2187,6 @@ return ret; } - pr_info("ip_set: protocol %u\n", IPSET_PROTOCOL); return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2018-03-03 14:04:02.000000000 +0100 @@ -168,7 +168,7 @@ struct hash_ipportnet4_elem e = { .cidr = HOST_MASK - 1 }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); u32 ip = 0, ip_to = 0, p = 0, port, port_to; - u32 ip2_from = 0, ip2_to = 0, ip2_last, ip2; + u32 ip2_from = 0, ip2_to = 0, ip2; bool with_ports = false; u8 cidr; int ret; @@ -269,22 +269,21 @@ ip_set_mask_from_to(ip2_from, ip2_to, e.cidr + 1); } - if (retried) + if (retried) { ip = ntohl(h->next.ip); + p = ntohs(h->next.port); + ip2 = ntohl(h->next.ip2); + } else { + p = port; + ip2 = ip2_from; + } for (; ip <= ip_to; ip++) { e.ip = htonl(ip); - p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) - : port; for (; p <= port_to; p++) { e.port = htons(p); - ip2 = retried && - ip == ntohl(h->next.ip) && - p == ntohs(h->next.port) - ? ntohl(h->next.ip2) : ip2_from; - while (ip2 <= ip2_to) { + do { e.ip2 = htonl(ip2); - ip2_last = ip_set_range_to_cidr(ip2, ip2_to, - &cidr); + ip2 = ip_set_range_to_cidr(ip2, ip2_to, &cidr); e.cidr = cidr - 1; ret = adtfn(set, &e, &ext, &ext, flags); @@ -292,9 +291,10 @@ return ret; ret = 0; - ip2 = ip2_last + 1; - } + } while (ip2++ < ip2_to); + ip2 = ip2_from; } + p = port; } return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_net.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_net.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_net.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_net.c 2018-03-03 14:04:02.000000000 +0100 @@ -143,7 +143,7 @@ ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_net4_elem e = { .cidr = HOST_MASK }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); - u32 ip = 0, ip_to = 0, last; + u32 ip = 0, ip_to = 0; int ret; if (tb[IPSET_ATTR_LINENO]) @@ -193,16 +193,15 @@ } if (retried) ip = ntohl(h->next.ip); - while (ip <= ip_to) { + do { e.ip = htonl(ip); - last = ip_set_range_to_cidr(ip, ip_to, &e.cidr); + ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr); ret = adtfn(set, &e, &ext, &ext, flags); if (ret && !ip_set_eexist(ret, flags)) return ret; ret = 0; - ip = last + 1; - } + } while (ip++ < ip_to); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netiface.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netiface.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2018-03-03 14:04:02.000000000 +0100 @@ -200,7 +200,7 @@ ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_netiface4_elem e = { .cidr = HOST_MASK, .elem = 1 }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); - u32 ip = 0, ip_to = 0, last; + u32 ip = 0, ip_to = 0; int ret; if (tb[IPSET_ATTR_LINENO]) @@ -255,17 +255,16 @@ if (retried) ip = ntohl(h->next.ip); - while (ip <= ip_to) { + do { e.ip = htonl(ip); - last = ip_set_range_to_cidr(ip, ip_to, &e.cidr); + ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr); ret = adtfn(set, &e, &ext, &ext, flags); if (ret && !ip_set_eexist(ret, flags)) return ret; ret = 0; - ip = last + 1; - } + } while (ip++ < ip_to); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netnet.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netnet.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netnet.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netnet.c 2018-03-03 14:04:02.000000000 +0100 @@ -169,8 +169,8 @@ ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_netnet4_elem e = { }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); - u32 ip = 0, ip_to = 0, last; - u32 ip2 = 0, ip2_from = 0, ip2_to = 0, last2; + u32 ip = 0, ip_to = 0; + u32 ip2 = 0, ip2_from = 0, ip2_to = 0; int ret; if (tb[IPSET_ATTR_LINENO]) @@ -247,27 +247,27 @@ ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]); } - if (retried) + if (retried) { ip = ntohl(h->next.ip[0]); + ip2 = ntohl(h->next.ip[1]); + } else { + ip2 = ip2_from; + } - while (ip <= ip_to) { + do { e.ip[0] = htonl(ip); - last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); - ip2 = (retried && - ip == ntohl(h->next.ip[0])) ? ntohl(h->next.ip[1]) - : ip2_from; - while (ip2 <= ip2_to) { + ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); + do { e.ip[1] = htonl(ip2); - last2 = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]); + ip2 = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]); ret = adtfn(set, &e, &ext, &ext, flags); if (ret && !ip_set_eexist(ret, flags)) return ret; ret = 0; - ip2 = last2 + 1; - } - ip = last + 1; - } + } while (ip2++ < ip2_to); + ip2 = ip2_from; + } while (ip++ < ip_to); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netport.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netport.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2018-03-03 14:04:02.000000000 +0100 @@ -161,7 +161,7 @@ ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_netport4_elem e = { .cidr = HOST_MASK - 1 }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); - u32 port, port_to, p = 0, ip = 0, ip_to = 0, last; + u32 port, port_to, p = 0, ip = 0, ip_to = 0; bool with_ports = false; u8 cidr; int ret; @@ -239,25 +239,26 @@ ip_set_mask_from_to(ip, ip_to, e.cidr + 1); } - if (retried) + if (retried) { ip = ntohl(h->next.ip); - while (ip <= ip_to) { + p = ntohs(h->next.port); + } else { + p = port; + } + do { e.ip = htonl(ip); - last = ip_set_range_to_cidr(ip, ip_to, &cidr); + ip = ip_set_range_to_cidr(ip, ip_to, &cidr); e.cidr = cidr - 1; - p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) - : port; for (; p <= port_to; p++) { e.port = htons(p); ret = adtfn(set, &e, &ext, &ext, flags); - if (ret && !ip_set_eexist(ret, flags)) return ret; ret = 0; } - ip = last + 1; - } + p = port; + } while (ip++ < ip_to); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c --- old/ipset-6.35/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2018-03-03 14:04:02.000000000 +0100 @@ -184,8 +184,8 @@ ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_netportnet4_elem e = { }; struct ip_set_ext ext = IP_SET_INIT_UEXT(set); - u32 ip = 0, ip_to = 0, ip_last, p = 0, port, port_to; - u32 ip2_from = 0, ip2_to = 0, ip2_last, ip2; + u32 ip = 0, ip_to = 0, p = 0, port, port_to; + u32 ip2_from = 0, ip2_to = 0, ip2; bool with_ports = false; int ret; @@ -288,33 +288,34 @@ ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]); } - if (retried) + if (retried) { ip = ntohl(h->next.ip[0]); + p = ntohs(h->next.port); + ip2 = ntohl(h->next.ip[1]); + } else { + p = port; + ip2 = ip2_from; + } - while (ip <= ip_to) { + do { e.ip[0] = htonl(ip); - ip_last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); - p = retried && ip == ntohl(h->next.ip[0]) ? ntohs(h->next.port) - : port; + ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); for (; p <= port_to; p++) { e.port = htons(p); - ip2 = (retried && ip == ntohl(h->next.ip[0]) && - p == ntohs(h->next.port)) ? ntohl(h->next.ip[1]) - : ip2_from; - while (ip2 <= ip2_to) { + do { e.ip[1] = htonl(ip2); - ip2_last = ip_set_range_to_cidr(ip2, ip2_to, - &e.cidr[1]); + ip2 = ip_set_range_to_cidr(ip2, ip2_to, + &e.cidr[1]); ret = adtfn(set, &e, &ext, &ext, flags); if (ret && !ip_set_eexist(ret, flags)) return ret; ret = 0; - ip2 = ip2_last + 1; - } + } while (ip2++ < ip2_to); + ip2 = ip2_from; } - ip = ip_last + 1; - } + p = port; + } while (ip++ < ip_to); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/tests/hash:net,port.t new/ipset-6.36/tests/hash:net,port.t --- old/ipset-6.35/tests/hash:net,port.t 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/tests/hash:net,port.t 2018-03-03 14:04:02.000000000 +0100 @@ -74,6 +74,12 @@ 0 ipset add test 10.0.0.0-10.0.2.255,tcp:80-1105 # Check that correct number of elements are added 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 2052 +# Flush set +0 ipset flush test +# Add range to verify wraparound does not happen +0 ipset add test 255.255.255.253-255.255.255.255,tcp:65534-65535 +# Check that correct number of elements are added +0 n=`ipset list test|grep '^255.255.255'|wc -l` && test $n -eq 4 # Destroy set 0 ipset -X test # Create test set with timeout support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.35/tests/runtest.sh new/ipset-6.36/tests/runtest.sh --- old/ipset-6.35/tests/runtest.sh 2018-01-06 17:00:25.000000000 +0100 +++ new/ipset-6.36/tests/runtest.sh 2018-03-03 14:04:02.000000000 +0100 @@ -45,12 +45,22 @@ `$cmd -t filter | grep ACCEPT | wc -l` -eq 3 ]; then if [ -z "`which sendip`" ]; then echo "sendip utility is missig: skipping $1 match and target tests" - elif [ -n "`netstat --protocol $1 -n | grep $2`" ]; then - echo "Our test network $2 in use: skipping $1 match and target tests" + return + elif [ -n "`which ss`" ]; then + if [ -n "`ss -f $1 -t -u -a | grep $2`" ]; then + echo "Our test network $2 in use: skipping $1 match and target tests" + return + fi + elif [ -n "`which netstat`" ]; then + if [ -n "`netstat --protocol $1 -n | grep $2`" ]; then + echo "Our test network $2 in use: skipping $1 match and target tests" + return + fi else - tests="$tests $add" + echo "Cannot check test network, skipping $1 match and target tests" + return fi - : + tests="$tests $add" else echo "You have got iptables rules: skipping $1 match and target tests" fi
