iptables branch, master, updated. v1.4.11.1-23-g411b390
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Thu Jun 30 13:37:40 CEST 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "iptables".
The branch, master has been updated
via 411b390f3ffcd4708a0dfc0f2824a637de511cea (commit)
via 1c9508e1f3f853f33683eb7118e19b193a6c80b7 (commit)
via 358650c0e280dad8c1292efbf856ac310004a52b (commit)
via 3c871010888e1479ef8fca2048485b979ec2661a (commit)
via 447ddfbfb3ed16ad0059f4559334670e9b9806ec (commit)
via 622abc73b097e7e778b432e422fd3c1f035bcfd3 (commit)
via f53710b16c2bae1843c3f5fee390f496dfa82526 (commit)
via d0101690d9ae347d8a8ee9e340c5db72480046a3 (commit)
via ee80faf4438102395bc4034894b6468453181be9 (commit)
via 474c18d7982407246dd724c6fa3939f78466620a (commit)
via 96d0d0130a9a08803406c5c18681903446088ebf (commit)
via f6677b5bcae125af28d227b9073426bddbd9190e (commit)
via 68146dad91611bd8d6d12c8ba27219130d99607b (commit)
via 70cb0a6d3e09f64f9a05870d694ac0160319de9a (commit)
via 017e7b7e1cf4fb63208e46592d06cc030f6d552d (commit)
via 12bc22a9d3e4ae4a3276dbae1cf3bd50ef5dbe9d (commit)
via 4a96d2e2c9d8c43b58d9490cd1d2ae2d1b3e0bef (commit)
via 2dba676b68ef842025f3afecba26cb0b2ae4c09b (commit)
via 14190986f87301b18bcc473c842bd82d778d87a2 (commit)
via 68818f746bf9c68de04a75fbe756bf2c73e0fb32 (commit)
via 4e98e81ecdcc321d232edc42fac168d257e712ff (commit)
via 931d388ff33dee589bc00e4f9033be5ca7c43786 (commit)
from 3b7a22b44d74b9b05d5e4b0529ebf72c49dcbff5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 411b390f3ffcd4708a0dfc0f2824a637de511cea
Merge: 3b7a22b44d74b9b05d5e4b0529ebf72c49dcbff5 1c9508e1f3f853f33683eb7118e19b193a6c80b7
Author: Patrick McHardy <kaber at trash.net>
Date: Thu Jun 30 13:35:56 2011 +0200
Merge branch 'master' of git://dev.medozas.de/iptables
commit 1c9508e1f3f853f33683eb7118e19b193a6c80b7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Jun 30 13:19:15 2011 +0200
doc: mention multiple verbosity flags
"-vv" can be used to further increase the verbosity level. Document
this.
References: http://bugs.debian.org/616037
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 358650c0e280dad8c1292efbf856ac310004a52b
Author: Martin F. Krafft <madduck at debian.org>
Date: Tue Sep 22 21:07:13 2009 +0200
iptables-apply: select default rule file depending on call name
ip6tables-apply points to iptables-apply (which is good). Since
iptables/ip6tables rule files are different, the reporter suggests
that the DEFAULT_FILE variable should depend on whether iptables-apply
or ip6tables-apply is run.
References: http://bugs.debian.org/547734
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3c871010888e1479ef8fca2048485b979ec2661a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Jun 24 20:16:48 2011 +0200
build: attempt to fix building under Linux 2.4
iptables no longer compiles for Linux 2.4 because it uses
linux/magic.h. This header and the PROC_SUPER_MAGIC macro are only for
Linux 2.6.
xtables.c:35:52: error: linux/magic.h: No such file or directory
xtables.c: In function 'proc_file_exists':
xtables.c:389: error: 'PROC_SUPER_MAGIC' undeclared (first use in
this function)
xtables.c:389: error: (Each undeclared identifier is reported only
once for each function it appears in.)
References: http://bugzilla.netfilter.org/show_bug.cgi?id=720
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 447ddfbfb3ed16ad0059f4559334670e9b9806ec
Author: Jakub Zawadzki <darkjames at darkjames.ath.cx>
Date: Mon Jun 13 13:54:33 2011 +0200
doc: fix group range in libxt_NFLOG's man
References: http://bugzilla.netfilter.org/show_bug.cgi?id=723
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 622abc73b097e7e778b432e422fd3c1f035bcfd3
Author: Massimo Maggi <massimo at mmmm.it>
Date: Wed Jun 15 02:52:00 2011 +0200
libxt_RATEEST: fix userspacesize field
I cannot delete a rule by matching it if the target of the rule is
RATEEST.
Copy-paste from terminal:
# iptables -t mangle -A PREROUTING -j RATEEST
--rateest-name somename --rateest-interval 250ms
--rateest-ewmalog 4s
# iptables -t mangle -D PREROUTING -j RATEEST
--rateest-name somename --rateest-interval 250ms
--rateest-ewmalog 4s
iptables: No chain/target/match by that name.
I saw in comments of the kernel code that the last part of the struct
xt_rateest_target_info is used only by kernel:
struct xt_rateest_target_info {
char name[IFNAMSIZ];
__s8 interval;
__u8 ewma_log;
/* Used internally by the kernel */
struct xt_rateest *est __attribute__((aligned(8)));
};
but in struct xtables_target, .size and .userspacesize are equal.
Simply correcting this solved the problem.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=724
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f53710b16c2bae1843c3f5fee390f496dfa82526
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jun 10 15:26:02 2011 +0200
iptables: Coverity: RESOURCE_LEAK
xtables.c:320: alloc_fn: Calling allocation function "get_modprobe".
xtables.c:294: alloc_fn: Storage is returned from allocation function "malloc".
xtables.c:294: var_assign: Assigning: "ret" = "malloc(1024UL)".
xtables.c:304: return_alloc: Returning allocated memory "ret".
xtables.c:320: var_assign: Assigning: "buf" = storage returned from "get_modprobe()".
xtables.c:323: var_assign: Assigning: "modprobe" = "buf".
xtables.c:348: leaked_storage: Variable "buf" going out of scope
leaks the storage it points to.
xtables.c:348: leaked_storage: Returning without freeing "modprobe"
leaks the storage that it points to.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d0101690d9ae347d8a8ee9e340c5db72480046a3
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jun 10 15:26:00 2011 +0200
iptables: Coverity: VARARGS
xtables.c:931: va_init: Initializing va_list "args".
xtables.c:938: missing_va_end: va_end was not called for "args".
xtables.c:947: missing_va_end: va_end was not called for "args".
xtables.c:961: missing_va_end: va_end was not called for "args".
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ee80faf4438102395bc4034894b6468453181be9
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jun 10 15:25:58 2011 +0200
iptables: Coverity: REVERSE_INULL
ip6tables-restore.c:186: deref_ptr_in_call: Dereferencing pointer "in".
ip6tables-restore.c:463: check_after_deref: Dereferencing "in"
before a null check.
iptables-restore.c:192: deref_ptr_in_call: Dereferencing pointer "in".
iptables-restore.c:468: check_after_deref: Dereferencing "in" before a
null check.
iptables-xml.c:671: deref_ptr_in_call: Dereferencing pointer "in".
iptables-xml.c:873: check_after_deref: Dereferencing "in" before a
null check.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 474c18d7982407246dd724c6fa3939f78466620a
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jun 10 15:25:57 2011 +0200
iptables: Coverity: NEGATIVE_RETURNS
libipq.c:232: var_tested_neg: Variable "h->fd" tests negative.
libipq.c:234: negative_returns: "h->fd" is passed to a parameter that
cannot be negative.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 96d0d0130a9a08803406c5c18681903446088ebf
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jun 10 15:25:55 2011 +0200
iptables: Coverity: DEADCODE
libiptc.c:407: dead_error_condition: On this path, the condition
"res > 0" cannot be false.
libiptc.c:396: at_least: After this line, the value of "res" is at
least 1.
libiptc.c:393: equality_cond: Condition "res == 0" is evaluated as
false.
libiptc.c:396: new_values: Noticing condition "res < 0".
libiptc.c:425: new_values: Noticing condition "res < 0".
libiptc.c:407: new_values: Noticing condition "res > 0".
libiptc.c:435: dead_error_line: Execution cannot reach this statement
"return list_pos;".
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f6677b5bcae125af28d227b9073426bddbd9190e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 22 15:42:48 2011 +0200
build: bump soversion for recent data structure change
Cf. commit v1.4.11.1-5-g2dba676.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 68146dad91611bd8d6d12c8ba27219130d99607b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 22 11:18:19 2011 +0200
libxt_hashlimit: use a more obvious expiry value by default
Due to the previous default expiry of 10 sec, "--hashlimit 1/min"
would allow matching up to 6/min if a properly timed. To do what the
user expects, the minimum expiry must equal the selected time quantum
however.
Cc: Jan Rovner <jan.rovner at diadema.cz>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 70cb0a6d3e09f64f9a05870d694ac0160319de9a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 22 11:15:34 2011 +0200
libxt_state: fix regression about inversion of main option
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 017e7b7e1cf4fb63208e46592d06cc030f6d552d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 22 10:15:07 2011 +0200
libip6t_HL: fix option names from ttl -> hl
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 12bc22a9d3e4ae4a3276dbae1cf3bd50ef5dbe9d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 21 14:22:20 2011 +0200
libxt_RATEEST: abolish global variables
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4a96d2e2c9d8c43b58d9490cd1d2ae2d1b3e0bef
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 21 09:54:31 2011 +0200
libxt_rateest: abolish global variables
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2dba676b68ef842025f3afecba26cb0b2ae4c09b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jun 18 21:34:25 2011 +0200
extensions: support for per-extension instance "global" variable space
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 14190986f87301b18bcc473c842bd82d778d87a2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jun 18 21:18:29 2011 +0200
iptables: consolidate target/match init call
This is useful for the upcoming patch about per-instance auxiliary
data.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 68818f746bf9c68de04a75fbe756bf2c73e0fb32
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 21 14:20:15 2011 +0200
libxt_RATEEST: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4e98e81ecdcc321d232edc42fac168d257e712ff
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 21 17:00:45 2011 +0200
libipt_LOG: fix ignoring all but last flags
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 931d388ff33dee589bc00e4f9033be5ca7c43786
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Jun 9 15:24:49 2011 +0200
doc: include matches/targets in manpage again
Evil sed did not throw any warning whatsoever when it cannot find the
file.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 6 +--
extensions/libip6t_HL.c | 6 +-
extensions/libip6t_LOG.c | 10 ++--
extensions/libipt_LOG.c | 10 ++--
extensions/libxt_NFLOG.man | 2 +-
extensions/libxt_RATEEST.c | 109 +++++++++++++++--------------------------
extensions/libxt_hashlimit.c | 57 ++++++++++++++++------
extensions/libxt_rateest.c | 12 +----
extensions/libxt_state.c | 2 +-
include/xtables.h.in | 18 ++++++-
iptables/Makefile.am | 4 +-
iptables/ip6tables-restore.c | 3 +-
iptables/ip6tables.8.in | 3 +-
iptables/ip6tables.c | 9 +--
iptables/iptables-apply | 25 +++++-----
iptables/iptables-restore.c | 3 +-
iptables/iptables-xml.c | 3 +-
iptables/iptables.8.in | 3 +-
iptables/iptables.c | 10 ++--
iptables/xshared.c | 33 ++++++++++++-
iptables/xshared.h | 2 +
iptables/xtables.c | 20 ++++++--
iptables/xtoptions.c | 4 ++
libipq/libipq.c | 1 -
libiptc/libiptc.c | 4 +-
tests/options-most.rules | 25 +++++++++-
26 files changed, 222 insertions(+), 162 deletions(-)
hooks/post-receive
--
iptables
More information about the netfilter-cvslog
mailing list