[ANNOUNCE]: Release of iptables-1.4.3

[ANNOUNCE]: Release of iptables-1.4.3

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 1405 bytes --]

The netfilter coreteam presents:

     iptables version 1.4.3

the iptables release for the 2.6.29 kernel. It has been some time
since the last release and we've had a lot of changes all over the
place. Besides the usual fixes and cleanups, we have:

- numerous documentation updates from Jan Engelhardt and others

- a set of changes to move some of the iptables functionality to
   a shared library for tc and m_ipt from Jan and Jamal Hadi Salim

- another patch to make libiptc available as shared library. Some
   distributions have been carrying patches for this despite being
   explicitly unsupported. The library does not guarantee a stable
   API, but it should make life for distributors a bit easier.

- IPv6 support for the recent match from Jan

- TPROXY support by Krisztian Kovacs

- SCTP/DCCP NAT support by myself

And lots of smallish changes, almost 90% of which are from Jan.
Check out the Changelog for more details.

This release starts enforcing the deprecation of NAT filtering that
was added in 1.4.2-rc1, filtering rules in the NAT tables will cause
an error instead of a warning from now on. Please make sure your
rulesets are update appropriately.

Version 1.4.3 can be obtained from:

http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
git://git.netfilter.org/iptables.git

On behalf of the Netfilter Core Team.
Happy firewalling!

[-- Attachment #2: changes-iptables-1.4.3.txt --]
[-- Type: text/plain, Size: 6594 bytes --]

Bart De Schuymer (1):
      man: fix physdev manpage

Christian Perle (1):
      libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff

Christoph Paasch (1):
      libiptc: avoid compile warnings for iptc_insert_chain

Daniel Drake (1):
      libxt_owner: add more spaces to output

Eric Leblond (1):
      xt_NFLOG: Set default NFLOG qthreshold to 0

Jamal Hadi Salim (12):
      libxtables: Introduce global params structuring
      libxtables: define xtables_free_opts()
      libxtables: Add exit_error cb to xtables_globals
      libxtables: Make ip6tables, iptables and iptables-xml use xtables_globals
      libxtables: Replace direct exit_error() calls inside libxtables
      libxtables: simple aliasing macro for exit_error
      libxtables: set names of programs
      libxtables: add xtables_set_revision
      libxtables: make iptables and ip6tables use xtables_free_opts
      libxtables: consolidate merge_options into xtables_merge_options
      libxtables: consolidate init calls into one function
      libxtables: general follow-up cleanup

Jan Engelhardt (84):
      Move libipt_recent to libxt_recent
      libxt_recent: add IPv6 support
      manpage: use separate paragraphs for command syntax
      manpage: explain what rule-specification is
      libiptc: remove typedef indirection
      libiptc: remove indirections
      libiptc: remove unused iptc_get_raw_socket and iptc_check_packet
      libiptc: use hex output for hookmask
      libxt_conntrack: respect -n option during ruledump
      libiptc: make sockfd a per-handle thing
      libxt_conntrack: dump ctdir
      src: reuse the global modprobe_program variable
      src: use NFPROTO_ constants
      src: remove inclusion of iptables.h
      doc: fix a typo in libip6t_REJECT.man
      libiptc: guard chain index allocation for different malloc implementations
      src: remove unused include files
      iptables-save: output ! in position according to manpage
      rateest: guard against segfault
      env: augment deprecation notice
      build: resolve autotools suggestions
      doc: put iptables version into manpage
      doc: resynchronize markup in iptables,ip6tables.8.in
      doc: escape minus sign in manpages
      build: use regular = assignments in Makefile
      build: remove non-portable rule
      doc: escape minus sign in manpage (2)
      doc: augment ICMP manpage by type/code syntax
      src: remove redundant returns at end of void-returning functions
      src: remove redundant casts
      libxt_owner: use correct UID/GID boundaries
      extensions: use UINT_MAX constants over open-coded bits (1/2)
      extensions: use UINT_MAX constants over open-coded numbers (2/2)
      libxtables: prefix/order - fw_xalloc
      libxtables: prefix/order - modprobe and xtables.ko loading
      libxtables: prefix/order - match/target loading
      libxtables: prefix/order - libdir
      libxtables: prefix/order - strtoui
      libxtables: prefix/order - program_name
      libxtables: prefix/order - param_act
      libxtables: prefix/order - ipaddr/ipmask to ascii output
      libxtables: prefix/order - ascii to ipaddr/ipmask input
      libxtables: prefix - misc functions
      libxtables: prefix - parse and escaped output func
      libxtables: prefix/order - move check_inverse to xtables.c
      libxtables: prefix/order - move parse_protocol to xtables.c
      libbxtables: prefix names and order it #1
      libxtables: prefix names and order it #2
      libxtables: prefix names and order #3
      libxtables: move afinfo around
      Merge branch 'origin/master'
      libxtables: recognize IP6TABLES_LIB_DIR old-style environment variable
      build: move -ldl to proper LDADD
      libxtables: remove unused XT_LIB_DIR macro
      libxtables: decouple non-xtables parts from header
      src: remove iptables_rule_match indirection macro
      src: remove unused ipt_tryload macro
      libxtables: move compat defines to xtables.c
      src: consolidate duplicate code in iptables/internal.h
      libxtables: use const for vars holding literals
      libxt_string: fix undefined behavior/incorrect patlen calculation
      libxtables: flush before fork
      libipq: add missing doc for NF_ values
      build: restructure Makefile for include/ directory
      libipq: fix compile error
      build: remove unneeded -ldl from iptables_xml_LDADD
      libiptc: make library available as a shared library
      build: trigger reconfigure when extensions/GNUmakefile.in changes
      doc: do not put IPv4 doc into ip6tables.8
      doc: resynchronize manpage with in-code help
      libxtables: inline and remove unused OPTION_OFFSET macro
      libxtables: prefix exit_error to xtables_error
      extensions: remove unwanted/add needed includes for IPv6 exts
      extensions: remove unwanted/add needed includes for IPv4 exts
      libxt_policy: use bounded strtoui
      include: resynchronize headers with 2.6.29-rc5
      extensions: add missing limits.h include
      iptables: turn deprecation warning into enforcing mode
      Merge commit 'nf/master'
      libxt_connbytes: minor manpage adustments
      libxt_connbytes: document nf_ct_acct behavior
      libxtables: add -I/-L flags to pkgconfig files
      libxt_comment: output quotes must be escaped in
      iptables-save: module loading corrections

Jesper Dangaard Brouer (3):
      libiptc: fix chain rename bug in libiptc
      libiptc: fix whitespaces and typos
      libiptc: give credits to my self

Jirí Moravec (1):
      libxt_TOS: fix compilation error

KOVACS Krisztian (2):
      Add iptables support for the TPROXY target
      Add iptables support for the socket match

Marc Fournier (1):
      doc: fix option typo in libxt_multiport

Pablo Neira Ayuso (5):
      iptables: fix error reporting with wrong/missing arguments
      state: report spaces in the state list parsing
      iptables: refer to dmesg when we hit error
      string: fix wrong pattern length calculation
      iptables: fix broken options-merging during libxtables rework

Patrick McHardy (5):
      Add SCTP/DCCP support to NAT targets
      Bump version to 1.4.3-rc1
      Merge branch 'master' of git://dev.medozas.de/iptables
      Merge branch 'master' of git://dev.medozas.de/iptables
      Bump version to 1.4.3

Shaul Karl (1):
      doc: fix one layout issue in iptables-restore.8

Stephen Hemminger (1):
      iptables: Add limits.h to get INT_MIN, INT_MAX, ...

Thomas Jarosch (2):
      Fix compile error in libxt_iprange.c using gcc 4.3.2
      Fix compile warnings using gcc 4.3.2

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Robby Workman]

On Mon, 23 Mar 2009 15:28:32 +0100
Patrick McHardy <kaber@trash.net> wrote:

> The netfilter coreteam presents:
> 
>      iptables version 1.4.3


Jan,

Is this a problem locally here, or can you reproduce?
Seems to be introduced with iptables-1.4.3, as xtables-addons-1.12
builds fine with iptables-1.4.2 installed.

make[3]: Leaving directory
`/tmp/xtables-addons-1.12/extensions/ipset' CC
libxt_DHCPADDR.oo In file included from libxt_DHCPADDR.c:19:
mac.c: In function ‘mac_parse’:
mac.c:22: warning: implicit declaration of function ‘strtonum’
libxt_DHCPADDR.c: In function ‘dhcpaddr_tg_parse’:
libxt_DHCPADDR.c:45: warning: implicit declaration of function
‘param_act’ libxt_DHCPADDR.c:45: error: ‘P_ONLY_ONCE’ undeclared (first
use in this function) libxt_DHCPADDR.c:45: error: (Each undeclared
identifier is reported only once libxt_DHCPADDR.c:45: error: for each
function it appears in.) libxt_DHCPADDR.c:46: error: ‘P_NO_INVERT’
undeclared (first use in this function) libxt_DHCPADDR.c:48: error:
‘P_BAD_VALUE’ undeclared (first use in this function) libxt_DHCPADDR.c:
In function ‘dhcpaddr_tg_check’: libxt_DHCPADDR.c:59: warning: implicit
declaration of function ‘exit_error’ make[2]: *** [libxt_DHCPADDR.oo]
Error 1 make[2]: Leaving directory
`/tmp/xtables-addons-1.12/extensions' make[1]: *** [all-recursive]
Error 1 make[1]: Leaving directory `/tmp/xtables-addons-1.12'
make: *** [all] Error 2


-RW
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Jan Engelhardt]

On Monday 2009-03-23 17:38, Robby Workman wrote:
>On Mon, 23 Mar 2009 15:28:32 +0100
>Patrick McHardy <kaber@trash.net> wrote:
>
>> The netfilter coreteam presents:
>> 
>>      iptables version 1.4.3
>
>
>Jan,
>
>Is this a problem locally here, or can you reproduce?
>Seems to be introduced with iptables-1.4.3, as xtables-addons-1.12
>builds fine with iptables-1.4.2 installed.

That is well known, and was expected. Wait for 1.13 - TBA shortly.

http://marc.info/?l=netfilter-devel&m=123745760217514&w=2

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Jan Engelhardt]

On Monday 2009-03-23 15:28, Patrick McHardy wrote:

> The netfilter coreteam presents:
>
>    iptables version 1.4.3
>
> the iptables release for the 2.6.29 kernel. It has been some time
> since the last release and we've had a lot of changes all over the
> place.[...]

Can you update the freshmeat entry? (Or be courteous to add me to the
FM project.)



Jan

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Patrick McHardy]

Jan Engelhardt wrote:
> On Monday 2009-03-23 15:28, Patrick McHardy wrote:
>
>   
>> The netfilter coreteam presents:
>>
>>    iptables version 1.4.3
>>
>> the iptables release for the 2.6.29 kernel. It has been some time
>> since the last release and we've had a lot of changes all over the
>> place.[...]
>>     
>
> Can you update the freshmeat entry? (Or be courteous to add me to the
> FM project.)

I'll add you to the project when I'm near the password again :)

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Jan Engelhardt]

On Monday 2009-03-23 20:19, Patrick McHardy wrote:
>>   
>>> The netfilter coreteam presents:
>>>
>>>    iptables version 1.4.3
>>>
>>> the iptables release for the 2.6.29 kernel. It has been some time
>>> since the last release and we've had a lot of changes all over the
>>> place.[...]
>>>     
>>
>> Can you update the freshmeat entry? (Or be courteous to add me to the
>> FM project.)
>
>I'll add you to the project when I'm near the password again :)

Try asking Pablo. Someone ought to have the password, because the 
1.4.2 entry has been made, and there are not that many people
being many release managers.

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Patrick McHardy]

Jan Engelhardt wrote:
> On Monday 2009-03-23 20:19, Patrick McHardy wrote:
>   
>>>   
>>>       
>>>> The netfilter coreteam presents:
>>>>
>>>>    iptables version 1.4.3
>>>>
>>>> the iptables release for the 2.6.29 kernel. It has been some time
>>>> since the last release and we've had a lot of changes all over the
>>>> place.[...]
>>>>     
>>>>         
>>> Can you update the freshmeat entry? (Or be courteous to add me to the
>>> FM project.)
>>>       
>> I'll add you to the project when I'm near the password again :)
>>     
>
> Try asking Pablo. Someone ought to have the password, because the 
> 1.4.2 entry has been made, and there are not that many people
> being many release managers.
>   

I do have it, just not in reach right now.

Re: [ANNOUNCE]: Release of iptables-1.4.3

[Pablo Neira Ayuso]

Patrick McHardy wrote:
> Jan Engelhardt wrote:
>> On Monday 2009-03-23 20:19, Patrick McHardy wrote:
>>   
>>>>   
>>>>       
>>>>> The netfilter coreteam presents:
>>>>>
>>>>>    iptables version 1.4.3
>>>>>
>>>>> the iptables release for the 2.6.29 kernel. It has been some time
>>>>> since the last release and we've had a lot of changes all over the
>>>>> place.[...]
>>>>>     
>>>>>         
>>>> Can you update the freshmeat entry? (Or be courteous to add me to the
>>>> FM project.)
>>>>       
>>> I'll add you to the project when I'm near the password again :)
>>>     
>> Try asking Pablo. Someone ought to have the password, because the 
>> 1.4.2 entry has been made, and there are not that many people
>> being many release managers.
>>   
> 
> I do have it, just not in reach right now.

JFYI, I have just submitted the new release to freshmeat.

http://freshmeat.net/projects/iptables/releases/296630

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Some iptables-1.4.3 issues (was: Release of iptables-1.4.3)

[Peter Volkov]

[-- Attachment #1.1: Type: text/plain, Size: 1421 bytes --]

Hi, Patrick. Thank you for new itpables release. There are some issues I
experience with it:

1. build fails:

if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
xtables.c: In function 'xtables_find_target':
xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)

The following simple sed fixes this issue:
sed -e 's:\<\(LOAD_MUST_SUCCEED\)\>:XTF_\1:' -i xtables.c

2. build fails with --as-needed. Patch in attachment
(iptables-1.4.3--as-needed.patch) fixes this issue.

3. http://bugzilla.netfilter.org/show_bug.cgi?id=568 is still there,
although proposed patch fixes the issue.

Could you apply this changes?

-- 
Peter.

[-- Attachment #1.2: iptables-1.4.3--as-needed.patch --]
[-- Type: text/x-patch, Size: 1801 bytes --]

=== modified file 'Makefile.am'
--- Makefile.am	2009-03-23 20:36:12 +0000
+++ Makefile.am	2009-03-23 20:37:05 +0000
@@ -26,7 +26,7 @@
 # iptables, dynamic
 iptables_SOURCES          = iptables-standalone.c iptables.c
 iptables_LDFLAGS          = -rdynamic
-iptables_LDADD            = -lm libiptc/libiptc.la extensions/libext4.a libxtables.la
+iptables_LDADD            = libiptc/libiptc.la extensions/libext4.a libxtables.la -lm
 
 iptables_xml_LDADD        = libxtables.la
 iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
@@ -47,14 +47,14 @@
 # iptables-multi, semi-static
 iptables_static_SOURCES   = ${iptables_multi_SOURCES} xtables.c
 iptables_static_CFLAGS    = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-iptables_static_LDADD     = -lm libiptc/libiptc.la extensions/libext4.a
+iptables_static_LDADD     = libiptc/libiptc.la extensions/libext4.a -lm
 
 iptables_xml_SOURCES      = iptables-xml.c
 
 # ip6tables, dynamic
 ip6tables_SOURCES         = ip6tables-standalone.c ip6tables.c
 ip6tables_LDFLAGS         = -rdynamic
-ip6tables_LDADD           = -lm libiptc/libiptc.la extensions/libext6.a libxtables.la
+ip6tables_LDADD           = libiptc/libiptc.la extensions/libext6.a libxtables.la -lm
 
 ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
                             ip6tables-restore.c ip6tables-standalone.c \
@@ -74,7 +74,7 @@
 # iptables-multi, semi-static
 ip6tables_static_SOURCES    = ${ip6tables_multi_SOURCES} xtables.c
 ip6tables_static_CFLAGS     = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-ip6tables_static_LDADD      = -lm libiptc/libiptc.la extensions/libext6.a
+ip6tables_static_LDADD      = libiptc/libiptc.la extensions/libext6.a -lm
 
 bin_PROGRAMS     = iptables-xml
 sbin_PROGRAMS    =


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: Some iptables-1.4.3 issues (was: Release of iptables-1.4.3)

[Jan Engelhardt]

On Tuesday 2009-03-24 09:09, Peter Volkov wrote:

>There are some issues I experience with [the new iptables release]:
>
>1. build fails:
>
>if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
>        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
>xtables.c: In function 'xtables_find_target':
>xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)

Patrick,

There is a bit of a bigger issue here, I'll fix/queue and send pull req 
asap.

Re: Some iptables-1.4.3 issues

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> On Tuesday 2009-03-24 09:09, Peter Volkov wrote:
> 
>> There are some issues I experience with [the new iptables release]:
>>
>> 1. build fails:
>>
>> if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
>>        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
>> xtables.c: In function 'xtables_find_target':
>> xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)
> 
> Patrick,
> 
> There is a bit of a bigger issue here, I'll fix/queue and send pull req 
> asap.

I can apply Peter Volkov patches now. Is there anything that Peter did
not cover?

BTW, we can release a 1.4.3.1 asap that includes these fixes.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: Some iptables-1.4.3 issues

[Jan Engelhardt]

On Tuesday 2009-03-24 12:17, Pablo Neira Ayuso wrote:
>Jan Engelhardt wrote:
>> On Tuesday 2009-03-24 09:09, Peter Volkov wrote:
>> 
>>> There are some issues I experience with [the new iptables release]:
>>>
>>> 1. build fails:
>>>
>>> if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
>>>        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
>>> xtables.c: In function 'xtables_find_target':
>>> xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)
>> 
>> Patrick,
>> 
>> There is a bit of a bigger issue here, I'll fix/queue and send pull req 
>> asap.
>
>I can apply Peter Volkov patches now. Is there anything that Peter did
>not cover?

Nope, it is complete as far as posted. But no patches were supplied
for issue (1) and (3)  :-)

Please pull from  git://dev.medozas.de/iptables master

to recive

Jan Engelhardt (2):
      iptables-save: minor corrections to the manpage markup
      libxt_hashlimit: add missing space for iptables-save output

Peter Volkov (2):
      libxtables: fix compile error due to incomplete change
      build: fix linker issue when LDFLAGS contains --as-needed

Updating c9477d0..1288bf7
Fast forward
 Makefile.am                  |    8 ++++----
 extensions/libxt_hashlimit.c |    2 +-
 ip6tables-save.8             |    9 ++++-----
 iptables-save.8              |    9 ++++-----
 xtables.c                    |    2 +-
 5 files changed, 14 insertions(+), 16 deletions(-)

Re: Some iptables-1.4.3 issues

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> On Tuesday 2009-03-24 12:17, Pablo Neira Ayuso wrote:
>> Jan Engelhardt wrote:
>>> On Tuesday 2009-03-24 09:09, Peter Volkov wrote:
>>>
>>>> There are some issues I experience with [the new iptables release]:
>>>>
>>>> 1. build fails:
>>>>
>>>> if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
>>>>        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
>>>> xtables.c: In function 'xtables_find_target':
>>>> xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)
>>> Patrick,
>>>
>>> There is a bit of a bigger issue here, I'll fix/queue and send pull req 
>>> asap.
>> I can apply Peter Volkov patches now. Is there anything that Peter did
>> not cover?
> 
> Nope, it is complete as far as posted. But no patches were supplied
> for issue (1) and (3)  :-)
> 
> Please pull from  git://dev.medozas.de/iptables master

Pulled and pushed. Thanks. If there's no more complains, we can release
the 1.4.3.1.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: Some iptables-1.4.3 issues

[Pablo Neira Ayuso]

Pablo Neira Ayuso wrote:
> Jan Engelhardt wrote:
>> On Tuesday 2009-03-24 12:17, Pablo Neira Ayuso wrote:
>>> Jan Engelhardt wrote:
>>>> On Tuesday 2009-03-24 09:09, Peter Volkov wrote:
>>>>
>>>>> There are some issues I experience with [the new iptables release]:
>>>>>
>>>>> 1. build fails:
>>>>>
>>>>> if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.    -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64     -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations     -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe   -DXTABLES_LIBDIR=\"/lib/xtables\" -DXTABLES_INTERNAL -I./include -I./include -I no/include -I no/include -DIPTABLES_MULTI -DNO_SHARED_LIBS=1 -O2 -march=i686 -pipe -mtune=i686 -march=pentium-m -ggdb -U_FORTIFY_SOURCE -MT iptables_static-xtables.o -MD -MP -MF ".deps/iptables_static-xtables.Tpo" -c -o iptables_static-xtables.o `test -f 'xtables.c' || echo './'`xtables.c; \
>>>>>        then mv -f ".deps/iptables_static-xtables.Tpo" ".deps/iptables_static-xtables.Po"; else rm -f ".deps/iptables_static-xtables.Tpo"; exit 1; fi
>>>>> xtables.c: In function 'xtables_find_target':
>>>>> xtables.c:641: error: 'LOAD_MUST_SUCCEED' undeclared (first use in this function)
>>>> Patrick,
>>>>
>>>> There is a bit of a bigger issue here, I'll fix/queue and send pull req 
>>>> asap.
>>> I can apply Peter Volkov patches now. Is there anything that Peter did
>>> not cover?
>> Nope, it is complete as far as posted. But no patches were supplied
>> for issue (1) and (3)  :-)
>>
>> Please pull from  git://dev.medozas.de/iptables master
> 
> Pulled and pushed. Thanks. If there's no more complains, we can release
> the 1.4.3.1.

We seem to have more problems :(. I'm going to check what's wrong.

  CC       libipt_CLUSTERIP.oo
  CCLD     libipt_CLUSTERIP.so
make[2]: *** No rule to make target
`../include/linux/netfilter/nf_nat.h', needed by `libipt_DNAT.oo'.  Stop.
make[2]: Leaving directory
`/home/pablo/devel/scm/git-netfilter/iptables/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/pablo/devel/scm/git-netfilter/iptables'
make: *** [all] Error 2

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: Some iptables-1.4.3 issues

[Jan Engelhardt]

On Tuesday 2009-03-24 12:46, Pablo Neira Ayuso wrote:
>> Pulled and pushed. Thanks. If there's no more complains, we can release
>> the 1.4.3.1.
>
>We seem to have more problems :(. I'm going to check what's wrong.

Patrick already ran this. This is due to outdated dependency
information; `git clean -dfx` will solve this.

>  CC       libipt_CLUSTERIP.oo
>  CCLD     libipt_CLUSTERIP.so
>make[2]: *** No rule to make target
>`../include/linux/netfilter/nf_nat.h', needed by `libipt_DNAT.oo'.  Stop.
>make[2]: Leaving directory
>`/home/pablo/devel/scm/git-netfilter/iptables/extensions'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/home/pablo/devel/scm/git-netfilter/iptables'
>make: *** [all] Error 2

Re: Some iptables-1.4.3 issues

[Jan Engelhardt]

On Tuesday 2009-03-24 12:38, Pablo Neira Ayuso wrote:
>> Nope, it is complete as far as posted. But no patches were supplied
>> for issue (1) and (3)  :-)
>> 
>> Please pull from  git://dev.medozas.de/iptables master
>
>Pulled and pushed. Thanks. If there's no more complains, we can release
>the 1.4.3.1.

Right now there are no complaints, as most next-level developers
will most likely only update within the next week.

Re: Some iptables-1.4.3 issues

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> On Tuesday 2009-03-24 12:38, Pablo Neira Ayuso wrote:
>>> Nope, it is complete as far as posted. But no patches were supplied
>>> for issue (1) and (3)  :-)
>>>
>>> Please pull from  git://dev.medozas.de/iptables master
>> Pulled and pushed. Thanks. If there's no more complains, we can release
>> the 1.4.3.1.
> 
> Right now there are no complaints, as most next-level developers
> will most likely only update within the next week.

Oh, still one minor nitpick. Patrick forgot to bump the version in
configure.ac :)

http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commitdiff;h=ca6ccdb172b1846152dea421c215122759b84d29;hp=1288bf7e5c39af3ca690a12f419dde507c5a556d

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: Some iptables-1.4.3 issues

[Jan Engelhardt]

On Tuesday 2009-03-24 12:48, Jan Engelhardt wrote:

>
>On Tuesday 2009-03-24 12:46, Pablo Neira Ayuso wrote:
>>> Pulled and pushed. Thanks. If there's no more complains, we can release
>>> the 1.4.3.1.
>>
>>We seem to have more problems :(. I'm going to check what's wrong.
>
>Patrick already ran this. This is due to outdated dependency
>information; `git clean -dfx` will solve this.

FYI, reference: http://marc.info/?l=netfilter-devel&m=123174141705175&w=2

>>  CC       libipt_CLUSTERIP.oo
>>  CCLD     libipt_CLUSTERIP.so
>>make[2]: *** No rule to make target
>>`../include/linux/netfilter/nf_nat.h', needed by `libipt_DNAT.oo'.  Stop.
>>make[2]: Leaving directory
>>`/home/pablo/devel/scm/git-netfilter/iptables/extensions'
>>make[1]: *** [all-recursive] Error 1
>>make[1]: Leaving directory `/home/pablo/devel/scm/git-netfilter/iptables'
>>make: *** [all] Error 2

Re: Some iptables-1.4.3 issues

[Patrick McHardy]

Pablo Neira Ayuso wrote:
> Jan Engelhardt wrote:
>> On Tuesday 2009-03-24 12:38, Pablo Neira Ayuso wrote:
>>>> Nope, it is complete as far as posted. But no patches were supplied
>>>> for issue (1) and (3)  :-)
>>>>
>>>> Please pull from  git://dev.medozas.de/iptables master
>>> Pulled and pushed. Thanks. If there's no more complains, we can release
>>> the 1.4.3.1.
>> Right now there are no complaints, as most next-level developers
>> will most likely only update within the next week.
> 
> Oh, still one minor nitpick. Patrick forgot to bump the version in
> configure.ac :)
> 
> http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commitdiff;h=ca6ccdb172b1846152dea421c215122759b84d29;hp=1288bf7e5c39af3ca690a12f419dde507c5a556d

D'oh. I did this two or three times since other things went wrong,
I must have forgotten the last time.

Are you releasing a .1 version?

Re: Some iptables-1.4.3 issues

[Pablo Neira Ayuso]

Patrick McHardy wrote:
> Are you releasing a .1 version?

Yes :), I'm about to finish it. The files are already in the FTP
repository. Updating the website now.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers