[netfilter-cvslog] r3826 - trunk/ipset

Tue Apr 5 10:03:34 CEST 2005

Author: kadlec at netfilter.org
Date: 2005-04-05 10:03:33 +0200 (Tue, 05 Apr 2005)
New Revision: 3826

Modified:
   trunk/ipset/ChangeLog
   trunk/ipset/Makefile
   trunk/ipset/ipset.8
   trunk/ipset/ipset.c
Log:
ipset 2.1.1 released


Modified: trunk/ipset/ChangeLog
===================================================================

--- trunk/ipset/ChangeLog	2005-04-05 07:57:19 UTC (rev 3825)
+++ trunk/ipset/ChangeLog	2005-04-05 08:03:33 UTC (rev 3826)
@@ -1,3 +1,12 @@
+2.1.1
+ - Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson)
+ - Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford
+   Wolf)
+ - Safety checkings of restore in ipset was incomplete (Robin H. Johnson)
+ - More careful resizing by avoiding locking completely
+ - stdin stored internally in a temporary file, so we can feed 'ipset -R'
+   from a pipe
+
 2.1
  - Lock debugging used with debugless lock definiton (Piotr Chytla and
    others).

Modified: trunk/ipset/Makefile
===================================================================
--- trunk/ipset/Makefile	2005-04-05 07:57:19 UTC (rev 3825)
+++ trunk/ipset/Makefile	2005-04-05 08:03:33 UTC (rev 3826)
@@ -8,14 +8,14 @@
 KERNEL_DIR=/usr/src/linux
 endif
 
-IPSET_VERSION:=2.1.0
+IPSET_VERSION:=2.1.1
 
 PREFIX:=/usr/local
 LIBDIR:=$(PREFIX)/lib
 BINDIR:=$(PREFIX)/sbin
 MANDIR:=$(PREFIX)/man
 INCDIR:=$(PREFIX)/include
-IPSET_LIB_DIR:=$(DESTDIR)$(LIBDIR)/ipset
+IPSET_LIB_DIR:=$(LIBDIR)/ipset
 
 # directory for new iptables releases
 RELEASE_DIR:=/tmp
@@ -35,7 +35,7 @@
 install: all $(INSTALL)
 
 clean: $(EXTRA_CLEANS)
-	rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o
+	rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~
 
 #The ipset(8) self
 ipset.o: ipset.c

Modified: trunk/ipset/ipset.8
===================================================================
--- trunk/ipset/ipset.8	2005-04-05 07:57:19 UTC (rev 3825)
+++ trunk/ipset/ipset.8	2005-04-05 08:03:33 UTC (rev 3826)
@@ -117,7 +117,7 @@
 .TP
 .BI "-R, --restore "
 Restore a saved session generated by --save. The saved session
-is read from stdin which is required to be rewindable.
+can be fed from stdin.
 .TP
 .BI "-A, --add " "\fIsetname\fP \fIIP\fP"
 Add an IP to a set.

Modified: trunk/ipset/ipset.c
===================================================================
--- trunk/ipset/ipset.c	2005-04-05 07:57:19 UTC (rev 3825)
+++ trunk/ipset/ipset.c	2005-04-05 08:03:33 UTC (rev 3826)
@@ -11,9 +11,12 @@
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#include <sys/socket.h>
 #include <ctype.h>
 #include <stdlib.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <arpa/inet.h>
 #include <stdarg.h>
 #include <netdb.h>
@@ -42,6 +45,8 @@
 size_t restore_offset = 0, restore_size;
 unsigned line = 0;
 
+#define TEMPFILE_PATTERN	"/ipsetXXXXXX"
+
 #ifdef IPSET_DEBUG
 int option_debug = 0;
 #endif
@@ -1220,10 +1225,44 @@
 	}
 }
 
+static FILE *create_tempfile(void)
+{
+	char buffer[1024];	
+	char *tmpdir = NULL;
+	char *filename;
+	int fd;
+	FILE *file;
+	
+	if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP")))
+		tmpdir = "/tmp";
+	filename = malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1);
+	if (!filename)
+		exit_error(OTHER_PROBLEM, "Could not malloc temporary filename.");
+	strcpy(filename, tmpdir);
+	strcpy(filename, TEMPFILE_PATTERN);
+	
+	(void) umask(077);	/* Create with restrictive permissions */
+	fd = mkstemp(filename);
+	if (fd == -1)
+		exit_error(OTHER_PROBLEM, "Could not create temporary file.");
+	if (!(file = fdopen(fd, "r+")))
+		exit_error(OTHER_PROBLEM, "Could not open temporary file.");
+	if (unlink(filename) == -1)
+		exit_error(OTHER_PROBLEM, "Could not unlink temporary file.");
+	free(filename);
+
+	while (fgets(buffer, sizeof(buffer), stdin)) {
+		fputs(buffer, file);
+	}
+	fseek(file, 0L, SEEK_SET);
+
+	return file;
+}
+
 /*
  * Performs a restore from a file
  */
-static void set_restore(FILE *in, char *argv0)
+static void set_restore(char *argv0)
 {
 	char buffer[1024];	
 	char *ptr, *name = NULL;
@@ -1232,8 +1271,12 @@
 	struct settype *settype = NULL;
 	struct ip_set_req_setnames *header;
 	ip_set_id_t index;
+	FILE *in;
 	int res;
 	
+	/* Create and store stdin in temporary file */
+	in = create_tempfile();
+	
 	/* Load existing sets from kernel */
 	load_set_list(IPSET_TOKEN_ALL, &index,
 		      IP_SET_OP_LIST_SIZE, CMD_RESTORE);
@@ -1286,7 +1329,7 @@
 			        exit_error(PARAMETER_PROBLEM,
 			        	   "Missing settype in line %u\n",
 		        		   line);
-			if (restore)
+			if (bindings)
 			        exit_error(PARAMETER_PROBLEM,
 			        	   "Invalid line %u: create must precede bindings\n",
 		        		   line);
@@ -1297,12 +1340,13 @@
 			break; 
 		}
 		case 'A': {
-			if (strncmp(name, ptr, sizeof(name)) != 0)
+			if (name == NULL
+			    || strncmp(name, ptr, sizeof(name)) != 0)
 			        exit_error(PARAMETER_PROBLEM,
 			        	   "Add IP to set %s in line %u without "
 					   "preceding corresponding create set line\n",
 		        		   ptr, line);
-			if (restore)
+			if (bindings)
 			        exit_error(PARAMETER_PROBLEM,
 			        	   "Invalid line %u: adding entries must precede bindings\n",
 		        		   line);
@@ -1335,10 +1379,7 @@
 	restore_offset = sizeof(struct ip_set_req_setnames);
 
 	/* Rewind to scan the file again */
-	res = fseek(in, 0L, SEEK_SET);
-	if (res)
-		exit_error(PARAMETER_PROBLEM,
-			   "Cannot rewind stdin: %s", strerror(errno));
+	fseek(in, 0L, SEEK_SET);
 	first_pass = line;
 	line = 0;
 	
@@ -1848,8 +1889,6 @@
 	unsigned options = 0;
 	int c;
 	
-	FILE *in = stdin;		/* -R */
-
 	char *name = NULL;		/* All except -H, -R */
 	char *newname = NULL;		/* -E, -W */
 	char *adt = NULL;		/* -A, -D, -T, -B, -U */
@@ -2110,7 +2149,7 @@
 		break;
 
 	case CMD_RESTORE:
-		set_restore(in, argv[0]);
+		set_restore(argv[0]);
 		break;
 
 	case CMD_ADD:


