Hello community, here is the log from the commit of package iptables for openSUSE:Factory checked in at 2012-05-29 11:39:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iptables (Old) and /work/SRC/openSUSE:Factory/.iptables.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables", Maintainer is "vci...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2012-03-29 07:45:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.iptables.new/iptables.changes 2012-05-29 11:39:04.000000000 +0200 @@ -1,0 +2,7 @@ +Sat May 26 19:35:38 UTC 2012 - jeng...@inai.de + +- Update to new upstream release 1.4.14 +* Support for the new cttimeout infrastructure. This allows you to + attach specific timeout policies to flow via iptables CT target. + +------------------------------------------------------------------- Old: ---- iptables-1.4.13.tar.bz2 iptables-1.4.13.tar.bz2.sig New: ---- iptables-1.4.14.tar.bz2 iptables-1.4.14.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iptables.spec ++++++ --- /var/tmp/diff_new_pack.MLlMZ9/_old 2012-05-29 11:39:06.000000000 +0200 +++ /var/tmp/diff_new_pack.MLlMZ9/_new 2012-05-29 11:39:06.000000000 +0200 @@ -20,7 +20,7 @@ %define lname_ipq libipq0 %define lname_iptc libiptc0 %define lname_xt libxtables7 -Version: 1.4.13 +Version: 1.4.14 Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0+ @@ -30,8 +30,8 @@ #DL-URL: ftp://ftp.netfilter.org/pub/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables -Source: %name-%version.tar.bz2 -Source2: %name-%version.tar.bz2.sig +Source: ftp://ftp.netfilter.org/pub/iptables/%name-%version.tar.bz2 +Source2: ftp://ftp.netfilter.org/pub/iptables/%name-%version.tar.bz2.sig Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -41,8 +41,7 @@ %if 0%{?fedora_version} || 0%{?centos_version} BuildRequires: sgml-common %endif -BuildRequires: autoconf -BuildRequires: automake +#git#BuildRequires: autoconf, automake >= 1.10 BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} ++++++ iptables-1.4.13.tar.bz2 -> iptables-1.4.14.tar.bz2 ++++++ ++++ 5078 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/build-aux/compile new/iptables-1.4.14/build-aux/compile --- old/iptables-1.4.13/build-aux/compile 2012-03-27 13:33:49.000000000 +0200 +++ new/iptables-1.4.14/build-aux/compile 2012-05-26 18:45:19.000000000 +0200 @@ -1,10 +1,10 @@ #! /bin/sh -# Wrapper for compilers which do not understand `-c -o'. +# Wrapper for compilers which do not understand '-c -o'. -scriptversion=2009-10-06.20; # UTC +scriptversion=2012-01-04.17; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software -# Foundation, Inc. +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free +# Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -29,21 +29,186 @@ # bugs to <bug-autom...@gnu.org> or send patches to # <automake-patc...@gnu.org>. +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l*) + lib=${1#-l} + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + set x "$@" "$dir/$lib.dll.lib" + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + set x "$@" "$dir/$lib.lib" + break + fi + done + IFS=$save_IFS + + test "$found" != yes && set x "$@" "$lib.lib" + shift + ;; + -L*) + func_file_conv "${1#-L}" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + case $1 in '') - echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] -Wrapper for compilers which do not understand `-c -o'. -Remove `-o dest.o' from ARGS, run PROGRAM with the remaining +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the -right script to run: please start by reading the file `INSTALL'. +right script to run: please start by reading the file 'INSTALL'. Report bugs to <bug-autom...@gnu.org>. EOF @@ -53,11 +218,13 @@ echo "compile $scriptversion" exit $? ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; esac ofile= cfile= -eat= for arg do @@ -66,8 +233,8 @@ else case $1 in -o) - # configure might choose to run compile as `compile cc -o foo foo.c'. - # So we strip `-o arg' only if arg is an object. + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) @@ -94,10 +261,10 @@ done if test -z "$ofile" || test -z "$cfile"; then - # If no `-o' option was seen then we might have been invoked from a + # If no '-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no - # `.c' file was seen then we are probably linking. That is also + # '.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi @@ -106,7 +273,7 @@ cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. -# Note: use `[/\\:.-]' here to ensure that we don't use the same name +# Note: use '[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/build-aux/missing new/iptables-1.4.14/build-aux/missing --- old/iptables-1.4.13/build-aux/missing 2012-03-27 13:33:49.000000000 +0200 +++ new/iptables-1.4.14/build-aux/missing 2012-05-26 18:45:19.000000000 +0200 @@ -1,10 +1,10 @@ #! /bin/sh # Common stub for a few missing GNU programs while installing. -scriptversion=2009-04-28.21; # UTC +scriptversion=2012-01-06.13; # UTC # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009 Free Software Foundation, Inc. +# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. # Originally by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify @@ -84,7 +84,6 @@ help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and @@ -122,15 +121,6 @@ # Not GNU programs, they don't have --version. ;; - tar*) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; - *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. @@ -226,7 +216,7 @@ \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then - eval LASTARG="\${$#}" + eval LASTARG=\${$#} case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` @@ -256,7 +246,7 @@ \`Flex' from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then - eval LASTARG="\${$#}" + eval LASTARG=\${$#} case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` @@ -318,41 +308,6 @@ touch $file ;; - tar*) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case $firstarg in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case $firstarg in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - *) echo 1>&2 "\ WARNING: \`$1' is needed, and is $msg. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/configure.ac new/iptables-1.4.14/configure.ac --- old/iptables-1.4.13/configure.ac 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/configure.ac 2012-05-26 18:44:33.000000000 +0200 @@ -1,5 +1,5 @@ -AC_INIT([iptables], [1.4.13]) +AC_INIT([iptables], [1.4.14]) # See libtool.info "Libtool's versioning system" libxtables_vcurrent=7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/extensions/libipt_ULOG.c new/iptables-1.4.14/extensions/libipt_ULOG.c --- old/iptables-1.4.13/extensions/libipt_ULOG.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/extensions/libipt_ULOG.c 2012-05-26 18:44:33.000000000 +0200 @@ -37,9 +37,9 @@ {.name = "ulog-prefix", .id = O_ULOG_PREFIX, .type = XTTYPE_STRING, .flags = XTOPT_PUT, XTOPT_POINTER(struct ipt_ulog_info, prefix), .min = 1}, - {.name = "ulog-cprange", .id = O_ULOG_CPRANGE, .type = XTTYPE_UINT64, + {.name = "ulog-cprange", .id = O_ULOG_CPRANGE, .type = XTTYPE_UINT64}, + {.name = "ulog-qthreshold", .id = O_ULOG_QTHR, .type = XTTYPE_UINT64, .min = 1, .max = ULOG_MAX_QLEN}, - {.name = "ulog-qthreshold", .id = O_ULOG_QTHR, .type = XTTYPE_UINT64}, XTOPT_TABLEEND, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/extensions/libxt_CT.c new/iptables-1.4.14/extensions/libxt_CT.c --- old/iptables-1.4.13/extensions/libxt_CT.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/extensions/libxt_CT.c 2012-05-26 18:44:33.000000000 +0200 @@ -16,9 +16,23 @@ ); } +static void ct_help_v1(void) +{ + printf( +"CT target options:\n" +" --notrack Don't track connection\n" +" --helper name Use conntrack helper 'name' for connection\n" +" --timeout name Use timeout policy 'name' for connection\n" +" --ctevents event[,event...] Generate specified conntrack events for connection\n" +" --expevents event[,event...] Generate specified expectation events for connection\n" +" --zone ID Assign/Lookup connection in zone ID\n" + ); +} + enum { O_NOTRACK = 0, O_HELPER, + O_TIMEOUT, O_CTEVENTS, O_EXPEVENTS, O_ZONE, @@ -37,6 +51,21 @@ }; #undef s +#define s struct xt_ct_target_info_v1 +static const struct xt_option_entry ct_opts_v1[] = { + {.name = "notrack", .id = O_NOTRACK, .type = XTTYPE_NONE}, + {.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING, + .flags = XTOPT_PUT, XTOPT_POINTER(s, helper)}, + {.name = "timeout", .id = O_TIMEOUT, .type = XTTYPE_STRING, + .flags = XTOPT_PUT, XTOPT_POINTER(s, timeout)}, + {.name = "ctevents", .id = O_CTEVENTS, .type = XTTYPE_STRING}, + {.name = "expevents", .id = O_EXPEVENTS, .type = XTTYPE_STRING}, + {.name = "zone", .id = O_ZONE, .type = XTTYPE_UINT16, + .flags = XTOPT_PUT, XTOPT_POINTER(s, zone)}, + XTOPT_TABLEEND, +}; +#undef s + struct event_tbl { const char *name; unsigned int event; @@ -114,6 +143,28 @@ } } +static void ct_parse_v1(struct xt_option_call *cb) +{ + struct xt_ct_target_info_v1 *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_NOTRACK: + info->flags |= XT_CT_NOTRACK; + break; + case O_CTEVENTS: + info->ct_events = ct_parse_events(ct_event_tbl, + ARRAY_SIZE(ct_event_tbl), + cb->arg); + break; + case O_EXPEVENTS: + info->exp_events = ct_parse_events(exp_event_tbl, + ARRAY_SIZE(exp_event_tbl), + cb->arg); + break; + } +} + static void ct_print(const void *ip, const struct xt_entry_target *target, int numeric) { const struct xt_ct_target_info *info = @@ -134,6 +185,29 @@ printf("zone %u ", info->zone); } +static void +ct_print_v1(const void *ip, const struct xt_entry_target *target, int numeric) +{ + const struct xt_ct_target_info_v1 *info = + (const struct xt_ct_target_info_v1 *)target->data; + + printf(" CT"); + if (info->flags & XT_CT_NOTRACK) + printf(" notrack"); + if (info->helper[0]) + printf(" helper %s", info->helper); + if (info->timeout[0]) + printf(" timeout %s", info->timeout); + if (info->ct_events) + ct_print_events("ctevents", ct_event_tbl, + ARRAY_SIZE(ct_event_tbl), info->ct_events); + if (info->exp_events) + ct_print_events("expevents", exp_event_tbl, + ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf("zone %u ", info->zone); +} + static void ct_save(const void *ip, const struct xt_entry_target *target) { const struct xt_ct_target_info *info = @@ -153,20 +227,56 @@ printf(" --zone %u", info->zone); } -static struct xtables_target ct_target = { - .family = NFPROTO_UNSPEC, - .name = "CT", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_ct_target_info)), - .userspacesize = offsetof(struct xt_ct_target_info, ct), - .help = ct_help, - .print = ct_print, - .save = ct_save, - .x6_parse = ct_parse, - .x6_options = ct_opts, +static void ct_save_v1(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_ct_target_info_v1 *info = + (const struct xt_ct_target_info_v1 *)target->data; + + if (info->flags & XT_CT_NOTRACK) + printf(" --notrack"); + if (info->helper[0]) + printf(" --helper %s", info->helper); + if (info->timeout[0]) + printf(" --timeout %s", info->timeout); + if (info->ct_events) + ct_print_events("--ctevents", ct_event_tbl, + ARRAY_SIZE(ct_event_tbl), info->ct_events); + if (info->exp_events) + ct_print_events("--expevents", exp_event_tbl, + ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf(" --zone %u", info->zone); +} + +static struct xtables_target ct_target_reg[] = { + { + .family = NFPROTO_UNSPEC, + .name = "CT", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info)), + .userspacesize = offsetof(struct xt_ct_target_info, ct), + .help = ct_help, + .print = ct_print, + .save = ct_save, + .x6_parse = ct_parse, + .x6_options = ct_opts, + }, + { + .family = NFPROTO_UNSPEC, + .name = "CT", + .revision = 1, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)), + .userspacesize = offsetof(struct xt_ct_target_info_v1, ct), + .help = ct_help_v1, + .print = ct_print_v1, + .save = ct_save_v1, + .x6_parse = ct_parse_v1, + .x6_options = ct_opts_v1, + }, }; void _init(void) { - xtables_register_target(&ct_target); + xtables_register_targets(ct_target_reg, ARRAY_SIZE(ct_target_reg)); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/extensions/libxt_CT.man new/iptables-1.4.14/extensions/libxt_CT.man --- old/iptables-1.4.13/extensions/libxt_CT.man 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/extensions/libxt_CT.man 2012-05-26 18:44:33.000000000 +0200 @@ -23,3 +23,8 @@ \fB\-\-zone\fP \fIid\fP Assign this packet to zone \fIid\fP and only have lookups done in that zone. By default, packets have zone 0. +.TP +\fB\-\-timeout\fP \fIname\fP +Use the timeout policy identified by \fIname\fP for the connection. This is +provides more flexible timeout policy definition than global timeout values +available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/extensions/libxt_rateest.c new/iptables-1.4.14/extensions/libxt_rateest.c --- old/iptables-1.4.13/extensions/libxt_rateest.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/extensions/libxt_rateest.c 2012-05-26 18:44:33.000000000 +0200 @@ -348,8 +348,8 @@ if (info->flags & XT_RATEEST_MATCH_DELTA) rateest_print_rate(info->bps1, numeric); if (info->flags & XT_RATEEST_MATCH_ABS) { - rateest_print_mode(info, ""); rateest_print_rate(info->bps2, numeric); + rateest_print_mode(info, ""); } } if (info->flags & XT_RATEEST_MATCH_PPS) { @@ -366,8 +366,6 @@ rateest_print_mode(info, ""); printf(" %s", info->name2); - if (info->flags & XT_RATEEST_MATCH_DELTA) - printf(" delta"); if (info->flags & XT_RATEEST_MATCH_BPS) { printf(" bps"); @@ -382,33 +380,48 @@ } } +static void __rateest_save_rate(const struct xt_rateest_match_info *info, + const char *name, uint32_t r1, uint32_t r2, + int numeric) +{ + if (info->flags & XT_RATEEST_MATCH_DELTA) { + printf(" --rateest-%s1", name); + rateest_print_rate(r1, numeric); + rateest_print_mode(info, "--rateest-"); + printf(" --rateest-%s2", name); + } else { + rateest_print_mode(info, "--rateest-"); + printf(" --rateest-%s", name); + } + + if (info->flags & (XT_RATEEST_MATCH_ABS|XT_RATEEST_MATCH_DELTA)) + rateest_print_rate(r2, numeric); +} + +static void rateest_save_rates(const struct xt_rateest_match_info *info) +{ + if (info->flags & XT_RATEEST_MATCH_BPS) + __rateest_save_rate(info, "bps", info->bps1, info->bps2, 0); + if (info->flags & XT_RATEEST_MATCH_PPS) + __rateest_save_rate(info, "pps", info->pps1, info->pps2, 1); +} + + static void rateest_save(const void *ip, const struct xt_entry_match *match) { const struct xt_rateest_match_info *info = (const void *)match->data; + if (info->flags & XT_RATEEST_MATCH_DELTA) + printf(" --rateest-delta"); + if (info->flags & XT_RATEEST_MATCH_REL) { printf(" --rateest1 %s", info->name1); - if (info->flags & XT_RATEEST_MATCH_BPS) - printf(" --rateest-bps"); - if (info->flags & XT_RATEEST_MATCH_PPS) - printf(" --rateest-pps"); - rateest_print_mode(info, " --rateest-"); + rateest_save_rates(info); printf(" --rateest2 %s", info->name2); - } else { + } else { /* XT_RATEEST_MATCH_ABS */ printf(" --rateest %s", info->name1); - if (info->flags & XT_RATEEST_MATCH_BPS) { - printf(" --rateest-bps1"); - rateest_print_rate(info->bps1, 0); - printf(" --rateest-bps2"); - rateest_print_rate(info->bps2, 0); - rateest_print_mode(info, "--rateest-"); - } - if (info->flags & XT_RATEEST_MATCH_PPS) { - printf(" --rateest-pps"); - rateest_print_mode(info, "--rateest-"); - printf(" %u", info->pps2); - } + rateest_save_rates(info); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/include/linux/netfilter/xt_CT.h new/iptables-1.4.14/include/linux/netfilter/xt_CT.h --- old/iptables-1.4.13/include/linux/netfilter/xt_CT.h 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/include/linux/netfilter/xt_CT.h 2012-05-26 18:44:33.000000000 +0200 @@ -16,4 +16,16 @@ struct nf_conn *ct __attribute__((aligned(8))); }; +struct xt_ct_target_info_v1 { + __u16 flags; + __u16 zone; + __u32 ct_events; + __u32 exp_events; + char helper[16]; + char timeout[32]; + + /* Used internally by the kernel */ + struct nf_conn *ct __attribute__((aligned(8))); +}; + #endif /* _XT_CT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/iptables/ip6tables-restore.c new/iptables-1.4.14/iptables/ip6tables-restore.c --- old/iptables-1.4.13/iptables/ip6tables-restore.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/iptables/ip6tables-restore.c 2012-05-26 18:44:33.000000000 +0200 @@ -98,7 +98,7 @@ DEBUGP("add_argv: %s\n", what); if (what && newargc + 1 < ARRAY_SIZE(newargv)) { newargv[newargc] = strdup(what); - newargc++; + newargv[++newargc] = NULL; return 1; } else { xtables_error(PARAMETER_PROBLEM, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/iptables/iptables-restore.c new/iptables-1.4.14/iptables/iptables-restore.c --- old/iptables-1.4.13/iptables/iptables-restore.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/iptables/iptables-restore.c 2012-05-26 18:44:33.000000000 +0200 @@ -97,7 +97,7 @@ DEBUGP("add_argv: %s\n", what); if (what && newargc + 1 < ARRAY_SIZE(newargv)) { newargv[newargc] = strdup(what); - newargc++; + newargv[++newargc] = NULL; return 1; } else { xtables_error(PARAMETER_PROBLEM, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/libiptc/libiptc.c new/iptables-1.4.14/libiptc/libiptc.c --- old/iptables-1.4.13/libiptc/libiptc.c 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/libiptc/libiptc.c 2012-05-26 18:44:33.000000000 +0200 @@ -1307,6 +1307,7 @@ socklen_t s; int sockfd; +retry: iptc_fn = TC_INIT; if (strlen(tablename) >= TABLE_MAXNAMELEN) { @@ -1324,7 +1325,6 @@ abort(); } -retry: s = sizeof(info); strcpy(info.name, tablename); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.13/tests/options-most.rules new/iptables-1.4.14/tests/options-most.rules --- old/iptables-1.4.13/tests/options-most.rules 2012-03-27 13:33:02.000000000 +0200 +++ new/iptables-1.4.14/tests/options-most.rules 2012-05-26 18:44:33.000000000 +0200 @@ -54,8 +54,7 @@ -A INPUT -p tcp -m tcpmss --mss 1:2 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -A INPUT --A INPUT -p mobility --A INPUT -p mobility -m mh --mh-type 3 +-A INPUT -p ipv6-mh -m mh --mh-type 3 -A OUTPUT -m owner --socket-exists --uid-owner 1-2 --gid-owner 2-3 -A OUTPUT -m owner ! --socket-exists ! --uid-owner 0 ! --gid-owner 0 -A matches -m connbytes --connbytes 1 --connbytes-mode bytes --connbytes-dir both @@ -184,20 +183,17 @@ -A ntarg -A ntarg -j RATEEST --rateest-name RE2 --rateest-interval 250.0ms --rateest-ewmalog 500.0ms -A ntarg -#-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit -#-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-bps 8bit -#-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-bps 8bit -#-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-pps 5 -#-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-pps 5 -#-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-pps 5 -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-lt --rateest-bps2 16bit -#-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest2 RE2 --bytes -#-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest2 RE2 --packets -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-eq --rateest-bps2 16bit -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-gt --rateest-bps2 16bit -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-lt --rateest-pps2 9 -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-eq --rateest-pps2 9 -#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-gt --rateest-pps2 9 +-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit +-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-pps 5 +-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-bps 5kbit +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-lt --rateest-bps2 16bit +-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest-bps --rateest2 RE2 +-A zmatches -m rateest --rateest-delta --rateest1 RE1 --rateest-lt --rateest2 RE2 --rateest-pps2 42 +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-eq --rateest-bps2 16bit +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-gt --rateest-bps2 16bit +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-lt --rateest-pps2 9 +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-eq --rateest-pps2 9 +-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-gt --rateest-pps2 9 COMMIT *mangle :PREROUTING ACCEPT [0:0] -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org