Hello community, here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2018-08-15 10:38:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old) and /work/SRC/openSUSE:Factory/.xtables-addons.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtables-addons" Wed Aug 15 10:38:33 2018 rev:58 rq:629221 version:3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes 2018-06-20 15:34:14.559794014 +0200 +++ /work/SRC/openSUSE:Factory/.xtables-addons.new/xtables-addons.changes 2018-08-15 10:38:37.160316259 +0200 @@ -1,0 +2,6 @@ +Tue Aug 14 12:46:24 UTC 2018 - [email protected] + +- Update to new upstream release 3.1 [boo#1104749] + * Support for Linux 4.18 + +------------------------------------------------------------------- Old: ---- xtables-addons-3.0.tar.asc xtables-addons-3.0.tar.xz New: ---- xtables-addons-3.1.tar.asc xtables-addons-3.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xtables-addons.spec ++++++ --- /var/tmp/diff_new_pack.cm2J6J/_old 2018-08-15 10:38:37.812317448 +0200 +++ /var/tmp/diff_new_pack.cm2J6J/_new 2018-08-15 10:38:37.816317456 +0200 @@ -17,7 +17,7 @@ Name: xtables-addons -Version: 3.0 +Version: 3.1 Release: 0 Summary: IP Packet Filter Administration Extensions License: GPL-2.0-only AND GPL-2.0-or-later ++++++ xtables-addons-3.0.tar.xz -> xtables-addons-3.1.tar.xz ++++++ ++++ 4364 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/.gitignore new/xtables-addons-3.1/.gitignore --- old/xtables-addons-3.0/.gitignore 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/.gitignore 2018-08-14 14:31:10.000000000 +0200 @@ -3,6 +3,7 @@ *.lo *.loT *.o +.cache.mk .deps/ .dirstamp .libs/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/build-aux/ar-lib new/xtables-addons-3.1/build-aux/ar-lib --- old/xtables-addons-3.0/build-aux/ar-lib 2018-02-12 15:17:20.132313822 +0100 +++ new/xtables-addons-3.1/build-aux/ar-lib 2018-08-14 14:31:24.136120229 +0200 @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2017 Free Software Foundation, Inc. +# Copyright (C) 2010-2018 Free Software Foundation, Inc. # Written by Peter Rosin <[email protected]>. # # This program is free software; you can redistribute it and/or modify @@ -18,7 +18,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/build-aux/compile new/xtables-addons-3.1/build-aux/compile --- old/xtables-addons-3.0/build-aux/compile 2018-02-12 15:17:20.136313799 +0100 +++ new/xtables-addons-3.1/build-aux/compile 2018-08-14 14:31:24.140120184 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2016-01-11.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2017 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -340,7 +340,7 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/build-aux/missing new/xtables-addons-3.1/build-aux/missing --- old/xtables-addons-3.0/build-aux/missing 2018-02-12 15:17:20.148313731 +0100 +++ new/xtables-addons-3.1/build-aux/missing 2018-08-14 14:31:24.148120095 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2016-01-11.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2017 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -101,9 +101,9 @@ exit $st fi -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software program_details () { @@ -207,7 +207,7 @@ exit $st # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/configure.ac new/xtables-addons-3.1/configure.ac --- old/xtables-addons-3.0/configure.ac 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/configure.ac 2018-08-14 14:31:10.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([xtables-addons], [3.0]) +AC_INIT([xtables-addons], [3.1]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) @@ -26,7 +26,7 @@ AC_CHECK_HEADERS([linux/netfilter/x_tables.h], [], [AC_MSG_ERROR([You need to have linux/netfilter/x_tables.h, see INSTALL file for details])]) -PKG_CHECK_MODULES([libxtables], [xtables >= 1.4.5]) +PKG_CHECK_MODULES([libxtables], [xtables >= 1.6.0]) xtlibdir="$(pkg-config --variable=xtlibdir xtables)" AC_ARG_WITH([xtlibdir], @@ -57,9 +57,9 @@ echo "WARNING: Version detection did not succeed. Continue at own luck."; else echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; - if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 16; then + if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 18; then echo "WARNING: That kernel version is not officially supported yet. Continue at own luck."; - elif test "$kmajor" -eq 4 -a "$kminor" -ge 15; then + elif test "$kmajor" -eq 4 -a "$kminor" -ge 18; then : else echo "WARNING: That kernel version is not officially supported."; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/doc/changelog.txt new/xtables-addons-3.1/doc/changelog.txt --- old/xtables-addons-3.0/doc/changelog.txt 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/doc/changelog.txt 2018-08-14 14:31:10.000000000 +0200 @@ -1,6 +1,16 @@ HEAD ==== + + +v3.1 (2018-08-14) +================= +Enhancements: +- support for Linux 4.17, 4.18 + + +v3.0 (2018-02-12) +================= Enhancements: - support for Linux 4.15, 4.16 Changes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/extensions/libxt_geoip.c new/xtables-addons-3.1/extensions/libxt_geoip.c --- old/xtables-addons-3.0/extensions/libxt_geoip.c 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/extensions/libxt_geoip.c 2018-08-14 14:31:10.000000000 +0200 @@ -49,6 +49,38 @@ {NULL}, }; +#if __BYTE_ORDER == __LITTLE_ENDIAN +static void geoip_swap_le16(uint16_t *buf) +{ + unsigned char *p = (void *)buf; + uint16_t n= p[0] + (p[1] << 8); + p[0] = (n >> 8) & 0xff; + p[1] = n & 0xff; +} + +static void geoip_swap_in6(struct in6_addr *in6) +{ + geoip_swap_le16(&in6->s6_addr16[0]); + geoip_swap_le16(&in6->s6_addr16[1]); + geoip_swap_le16(&in6->s6_addr16[2]); + geoip_swap_le16(&in6->s6_addr16[3]); + geoip_swap_le16(&in6->s6_addr16[4]); + geoip_swap_le16(&in6->s6_addr16[5]); + geoip_swap_le16(&in6->s6_addr16[6]); + geoip_swap_le16(&in6->s6_addr16[7]); +} + +static void geoip_swap_le32(uint32_t *buf) +{ + unsigned char *p = (void *)buf; + uint32_t n = p[0] + (p[1] << 8) + (p[2] << 16) + (p[3] << 24); + p[0] = (n >> 24) & 0xff; + p[1] = (n >> 16) & 0xff; + p[2] = (n >> 8) & 0xff; + p[3] = n & 0xff; +} +#endif + static void * geoip_get_subnets(const char *code, uint32_t *count, uint8_t nfproto) { @@ -56,21 +88,15 @@ struct stat sb; char buf[256]; int fd; +#if __BYTE_ORDER == __LITTLE_ENDIAN + unsigned int n; +#endif /* Use simple integer vector files */ - if (nfproto == NFPROTO_IPV6) { -#if __BYTE_ORDER == _BIG_ENDIAN - snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code); -#else - snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code); -#endif - } else { -#if __BYTE_ORDER == _BIG_ENDIAN - snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code); -#else - snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code); -#endif - } + if (nfproto == NFPROTO_IPV6) + snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/%s.iv6", code); + else + snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/%s.iv4", code); if ((fd = open(buf, O_RDONLY)) < 0) { fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno)); @@ -98,6 +124,25 @@ xtables_error(OTHER_PROBLEM, "geoip: insufficient memory"); read(fd, subnets, sb.st_size); close(fd); + +#if __BYTE_ORDER == __LITTLE_ENDIAN + for (n = 0; n < *count; ++n) { + switch (nfproto) { + case NFPROTO_IPV6: { + struct geoip_subnet6 *gs6 = &(((struct geoip_subnet6 *)subnets)[n]); + geoip_swap_in6(&gs6->begin); + geoip_swap_in6(&gs6->end); + break; + } + case NFPROTO_IPV4: { + struct geoip_subnet4 *gs4 = &(((struct geoip_subnet4 *)subnets)[n]); + geoip_swap_le32(&gs4->begin); + geoip_swap_le32(&gs4->end); + break; + } + } + } +#endif return subnets; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/extensions/xt_DNETMAP.c new/xtables-addons-3.1/extensions/xt_DNETMAP.c --- old/xtables-addons-3.0/extensions/xt_DNETMAP.c 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/extensions/xt_DNETMAP.c 2018-08-14 14:31:10.000000000 +0200 @@ -363,7 +363,11 @@ __be32 prenat_ip, postnat_ip, prenat_ip_prev; const struct xt_DNETMAP_tginfo *tginfo = par->targinfo; const struct nf_nat_range *mr = &tginfo->prefix; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 18, 0) + struct nf_nat_range2 newrange; +#else struct nf_nat_range newrange; +#endif struct dnetmap_entry *e; struct dnetmap_prefix *p; __s32 jttl; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/geoip/xt_geoip_build new/xtables-addons-3.1/geoip/xt_geoip_build --- old/xtables-addons-3.0/geoip/xt_geoip_build 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/geoip/xt_geoip_build 2018-08-14 14:31:10.000000000 +0200 @@ -1,86 +1,234 @@ #!/usr/bin/perl # # Converter for MaxMind CSV database to binary, for xt_geoip -# Copyright © Jan Engelhardt, 2008-2011 +# Copyright Jan Engelhardt, 2008-2011 +# Copyright Philip Prindeville, 2018 # use Getopt::Long; -use IO::Handle; +use Net::CIDR::Lite; +use Socket qw(AF_INET AF_INET6 inet_pton); +use warnings; use Text::CSV_XS; # or trade for Text::CSV use strict; -my $le32 = pack("V", 0x10000000); -my $be32 = pack("N", 0x10000000); -my $u32 = undef; - -sub wantBE { return !$u32 || $u32 eq $be32; } -sub wantLE { return !$u32 || $u32 eq $le32; } - my $csv = Text::CSV_XS->new({ allow_whitespace => 1, binary => 1, eol => $/, }); # or Text::CSV my $target_dir = "."; -my $native_only = 0; &Getopt::Long::Configure(qw(bundling)); &GetOptions( "D=s" => \$target_dir, - "n" => \$native_only, ); if (!-d $target_dir) { print STDERR "Target directory $target_dir does not exist.\n"; exit 1; } -my @dbs = qw(LE BE); -if ($native_only) { - $u32 = pack("L", 0x10000000); - if ($u32 eq $le32) { - @dbs = qw(LE); - } elsif ($u32 eq $be32) { - @dbs = qw(BE); - } else { - print STDERRR "Cannot determine endianness.\n"; - exit 1; + +my %countryId; +my %countryName; + +my $dir = findVersion(); + +&loadCountries(); + +&dump(&collect()); + +sub findVersion +{ + my @dirs = (); + + opendir(my $dh, '.') || die "Can't open .: $!\n"; + + while (readdir $dh) { + if ($_ =~ m/^GeoLite2-Country-CSV_\d{8}$/) { + push(@dirs, $_); + } } + closedir $dh; + + @dirs = sort @dirs; + return pop(@dirs); } -foreach (@dbs) { - my $dir = "$target_dir/$_"; - if (!-e $dir && !mkdir($dir)) { - print STDERR "Could not mkdir $dir: $!\n"; - exit 1; +sub loadCountries +{ + my $file = "$dir/GeoLite2-Country-Locations-en.csv"; + + sub id; sub cc; sub long; sub ct; sub cn; + + %countryId = (); + %countryName = (); + + open(my $fh, '<', $file) || die "Couldn't open list country names\n"; + + # first line is headers + my $row = $csv->getline($fh); + + my %header = map { ($row->[$_], $_); } (0..$#{$row}); + + my %pairs = ( + country_iso_code => 'ISO Country Code', + geoname_id => 'ID', + country_name => 'Country Name', + continent_code => 'Continent Code', + continent_name => 'Continent Name', + ); + + # verify that the columns we need are present + map { die "Table has no $pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + my %remapping = ( + id => 'geoname_id', + cc => 'country_iso_code', + long => 'country_name', + ct => 'continent_code', + cn => 'continent_name', + ); + + # now create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while (my $row = $csv->getline($fh)) { + if ($row->[cc] eq '' && $row->[long] eq '') { + $countryId{$row->[id]} = $row->[ct]; + $countryName{$row->[ct]} = $row->[cn]; + } else { + $countryId{$row->[id]} = $row->[cc]; + $countryName{$row->[cc]} = $row->[long]; + } } + + $countryName{A1} = 'Anonymous Proxy'; + $countryName{A2} = 'Satellite Provider'; + $countryName{O1} = 'Other Country'; + + close($fh); + + # clean up the namespace + undef &id; undef &cc; undef &long; undef &ct; undef &cn; } -&dump(&collect()); +sub lookupCountry +{ + my ($id, $rid, $proxy, $sat) = @_; + + if ($proxy) { + return 'A1'; + } elsif ($sat) { + return 'A2'; + } + $id ||= $rid; + if ($id eq '') { + return 'O1'; + } + die "Unknown id: $id line $.\n" unless (exists $countryId{$id}); + return $countryId{$id}; +} sub collect { - my %country; + my ($file, $fh, $row); + my (%country, %header); - while (my $row = $csv->getline(*ARGV)) { - if (!defined($country{$row->[4]})) { - $country{$row->[4]} = { - name => $row->[5], - pool_v4 => [], - pool_v6 => [], - }; - } - my $c = $country{$row->[4]}; - if ($row->[0] =~ /:/) { - push(@{$c->{pool_v6}}, - [&ip6_pack($row->[0]), &ip6_pack($row->[1])]); - } else { - push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]); + sub net; sub id; sub rid; sub proxy; sub sat; + + my %pairs = ( + network => 'Network', + registered_country_geoname_id => 'Registered Country ID', + geoname_id => 'Country ID', + is_anonymous_proxy => 'Anonymous Proxy', + is_satellite_provider => 'Satellite', + ); + + foreach (sort keys %countryName) { + $country{$_} = { + name => $countryName{$_}, + pool_v4 => Net::CIDR::Lite->new(), + pool_v6 => Net::CIDR::Lite->new(), + }; + } + + $file = "$dir/GeoLite2-Country-Blocks-IPv4.csv"; + + open($fh, '<', $file) || die "Can't open IPv4 database\n"; + + # first line is headers + $row = $csv->getline($fh); + + %header = map { ($row->[$_], $_); } (0..$#{$row}); + + # verify that the columns we need are present + map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + my %remapping = ( + net => 'network', + id => 'geoname_id', + rid => 'registered_country_geoname_id', + proxy => 'is_anonymous_proxy', + sat => 'is_satellite_provider', + ); + + # now create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while ($row = $csv->getline($fh)) { + my ($cc, $cidr); + + $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); + $cidr = $row->[net]; + $country{$cc}->{pool_v4}->add($cidr); + + if ($. % 4096 == 0) { + print STDERR "\r\e[2K$. entries"; } + } + + print STDERR "\r\e[2K$. entries total\n"; + + close($fh); + + # clean up the namespace + undef &net; undef &id; undef &rid; undef &proxy; undef &sat; + + $file = "$dir/GeoLite2-Country-Blocks-IPv6.csv"; + + open($fh, '<', $file) || die "Can't open IPv6 database\n"; + + # first line is headers + $row = $csv->getline($fh); + + %header = map { ($row->[$_], $_); } (0..$#{$row}); + + # verify that the columns we need are present + map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; + + # unlikely the IPv6 table has different columns, but just to be sure + # create a function which returns the value of that column # + map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; + + while ($row = $csv->getline($fh)) { + my ($cc, $cidr); + + $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); + $cidr = $row->[net]; + $country{$cc}->{pool_v6}->add($cidr); + if ($. % 4096 == 0) { print STDERR "\r\e[2K$. entries"; } } print STDERR "\r\e[2K$. entries total\n"; + + close($fh); + + # clean up the namespace + undef &net; undef &id; undef &rid; undef &proxy; undef &sat; + return \%country; } @@ -88,7 +236,7 @@ { my $country = shift @_; - foreach my $iso_code (sort keys %$country) { + foreach my $iso_code (sort keys %{$country}) { &dump_one($iso_code, $country->{$iso_code}); } } @@ -96,80 +244,41 @@ sub dump_one { my($iso_code, $country) = @_; - my($file, $fh_le, $fh_be); + my @ranges; - printf "%5u IPv6 ranges for %s %s\n", - scalar(@{$country->{pool_v6}}), - $iso_code, $country->{name}; - - if (wantLE) { - $file = "$target_dir/LE/".uc($iso_code).".iv6"; - if (!open($fh_le, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - foreach my $range (@{$country->{pool_v6}}) { - print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]); - } - close $fh_le; - } - if (wantBE) { - $file = "$target_dir/BE/".uc($iso_code).".iv6"; - if (!open($fh_be, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - foreach my $range (@{$country->{pool_v6}}) { - print $fh_be $range->[0], $range->[1]; - } - close $fh_be; - } + @ranges = $country->{pool_v4}->list_range(); - printf "%5u IPv4 ranges for %s %s\n", - scalar(@{$country->{pool_v4}}), - $iso_code, $country->{name}; - - if (wantLE) { - $file = "$target_dir/LE/".uc($iso_code).".iv4"; - if (!open($fh_le, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - foreach my $range (@{$country->{pool_v4}}) { - print $fh_le pack("VV", $range->[0], $range->[1]); - } - close $fh_le; - } - if (wantBE) { - $file = "$target_dir/BE/".uc($iso_code).".iv4"; - if (!open($fh_be, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - foreach my $range (@{$country->{pool_v4}}) { - print $fh_be pack("NN", $range->[0], $range->[1]); - } - close $fh_be; - } + writeCountry($iso_code, $country->{name}, AF_INET, @ranges); + + @ranges = $country->{pool_v6}->list_range(); + + writeCountry($iso_code, $country->{name}, AF_INET6, @ranges); } -sub ip6_pack +sub writeCountry { - my $addr = shift @_; - $addr =~ s{::}{:!:}; - my @addr = split(/:/, $addr); - my @e = (0) x 8; - foreach (@addr) { - if ($_ eq "!") { - $_ = join(':', @e[0..(8-scalar(@addr))]); - } + my ($iso_code, $name, $family, @ranges) = @_; + my $fh; + + printf "%5u IPv%s ranges for %s %s\n", + scalar(@ranges), + ($family == AF_INET ? '4' : '6'), + $iso_code, $name; + + my $file = "$target_dir/".uc($iso_code).".iv".($family == AF_INET ? '4' : '6'); + if (!open($fh, '>', $file)) { + print STDERR "Error opening $file: $!\n"; + exit 1; } - @addr = split(/:/, join(':', @addr)); - $_ = hex($_) foreach @addr; - return pack("n*", @addr); -} -sub ip6_swap -{ - return pack("V*", unpack("N*", shift @_)); + binmode($fh); + + foreach my $range (@ranges) { + my ($start, $end) = split('-', $range); + $start = inet_pton($family, $start); + $end = inet_pton($family, $end); + print $fh $start, $end; + } + close $fh; } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/geoip/xt_geoip_build.1 new/xtables-addons-3.1/geoip/xt_geoip_build.1 --- old/xtables-addons-3.0/geoip/xt_geoip_build.1 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/geoip/xt_geoip_build.1 2018-08-14 14:31:10.000000000 +0200 @@ -5,7 +5,7 @@ .SH Syntax .PP \fI/usr/libexec/xt_geoip/\fP\fBxt_geoip_build\fP [\fB\-D\fP -\fItarget_dir\fP] [\fIfile\fP...] +\fItarget_dir\fP] .SH Description .PP xt_geoip_build is used to build packed raw representations of the range @@ -16,7 +16,12 @@ also ordered, as xt_geoip relies on this property for its bisection approach to work. .PP -Input is processed from the listed files, or if none is given, from stdin. +It expects to find a directory named +.IR GeoLite2-Country-CSV_YYYYMMDD +in the current directory, and will select the most recent if multiple +instances are found. The +.IR xt_geoip_dl +script can be used to populate this directory. .PP Since the script is usually installed to the libexec directory of the xtables-addons package and this is outside $PATH (on purpose), invoking the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/geoip/xt_geoip_dl new/xtables-addons-3.1/geoip/xt_geoip_dl --- old/xtables-addons-3.0/geoip/xt_geoip_dl 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/geoip/xt_geoip_dl 2018-08-14 14:31:10.000000000 +0200 @@ -1,8 +1,7 @@ #!/bin/sh -rm -f GeoIPv6.csv GeoIPv6.csv.gz GeoIPCountryCSV.zip GeoIPCountryWhois.csv; -wget \ - http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz \ - http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip; -gzip -d GeoIPv6.csv.gz; -unzip GeoIPCountryCSV.zip; +rm -rf GeoLite2-Country-CSV_* + +wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip +unzip -q GeoLite2-Country-CSV.zip +rm -f GeoLite2-Country-CSV.zip diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/geoip/xt_geoip_fetch new/xtables-addons-3.1/geoip/xt_geoip_fetch --- old/xtables-addons-3.0/geoip/xt_geoip_fetch 1970-01-01 01:00:00.000000000 +0100 +++ new/xtables-addons-3.1/geoip/xt_geoip_fetch 2018-08-14 14:31:10.000000000 +0200 @@ -0,0 +1,93 @@ +#!/usr/bin/perl +# +# Utility to query GeoIP database +# Copyright Philip Prindeville, 2018 +# +use Getopt::Long; +use Socket qw(AF_INET AF_INET6 inet_ntop); +use warnings; +use strict; + +sub AF_INET_SIZE() { 4 } +sub AF_INET6_SIZE() { 16 } + +my $target_dir = "."; +my $ipv4 = 0; +my $ipv6 = 0; + +&Getopt::Long::Configure(qw(bundling)); +&GetOptions( + "D=s" => \$target_dir, + "4" => \$ipv4, + "6" => \$ipv6, +); + +if (!-d $target_dir) { + print STDERR "Target directory $target_dir does not exit.\n"; + exit 1; +} + +# if neither specified, assume both +if (! $ipv4 && ! $ipv6) { + $ipv4 = $ipv6 = 1; +} + +foreach my $cc (@ARGV) { + if ($cc !~ m/^([a-z]{2}|a[12]|o1)$/i) { + print STDERR "Invalid country code '$cc'\n"; + exit 1; + } + + my $file = $target_dir . '/' . uc($cc) . '.iv4'; + + if (! -f $file) { + printf STDERR "Can't find data for country '$cc'\n"; + exit 1; + } + + my ($contents, $buffer, $bytes, $fh); + + if ($ipv4) { + open($fh, '<', $file) || die "Couldn't open file for '$cc'\n"; + + binmode($fh); + + while (($bytes = read($fh, $buffer, AF_INET_SIZE * 2)) == AF_INET_SIZE * 2) { + my $start = inet_ntop(AF_INET, substr($buffer, 0, AF_INET_SIZE)); + my $end = inet_ntop(AF_INET, substr($buffer, AF_INET_SIZE)); + print $start, '-', $end, "\n"; + } + close($fh); + if (! defined $bytes) { + printf STDERR "Error reading file for '$cc'\n"; + exit 1; + } elsif ($bytes != 0) { + printf STDERR "Short read on file for '$cc'\n"; + exit 1; + } + } + + substr($file, -1) = '6'; + + if ($ipv6) { + open($fh, '<', $file) || die "Couldn't open file for '$cc'\n"; + + binmode($fh); + + while (($bytes = read($fh, $buffer, AF_INET6_SIZE * 2)) == AF_INET6_SIZE * 2) { + my $start = inet_ntop(AF_INET6, substr($buffer, 0, AF_INET6_SIZE)); + my $end = inet_ntop(AF_INET6, substr($buffer, AF_INET6_SIZE)); + print $start, '-', $end, "\n"; + } + close($fh); + if (! defined $bytes) { + printf STDERR "Error reading file for '$cc'\n"; + exit 1; + } elsif ($bytes != 0) { + printf STDERR "Short read on file for '$cc'\n"; + exit 1; + } + } +} + +exit 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xtables-addons-3.0/xtables-addons.8.in new/xtables-addons-3.1/xtables-addons.8.in --- old/xtables-addons-3.0/xtables-addons.8.in 2018-02-12 15:17:10.000000000 +0100 +++ new/xtables-addons-3.1/xtables-addons.8.in 2018-08-14 14:31:10.000000000 +0200 @@ -1,4 +1,4 @@ -.TH xtables-addons 8 "Lilac" "" "v3.0 (2018-02-12)" +.TH xtables-addons 8 "Windows" "" "v3.1 (2018-08-14)" .SH Name Xtables-addons \(em additional extensions for iptables, ip6tables, etc. .SH Targets
