* [ANNOUNCE] Release of iptables 1.4.0rc1
@ 2007-10-15 16:52 Pablo Neira Ayuso
2007-10-15 19:18 ` Petr Pisar
0 siblings, 1 reply; 8+ messages in thread
From: Pablo Neira Ayuso @ 2007-10-15 16:52 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel, lwn
[-- Attachment #1.1: Type: text/plain, Size: 585 bytes --]
Hi!
The netfilter coreteam proudly presents:
iptables version 1.4.0rc1
This is the first release candidate of the new iptables branch 1.4. This
release candidate adds support for the generic xtables infrastructure
that strongly improves IPv6 support. Also several accumulated bugfixed
are included. Test it!
Version 1.4.0rc1 can be obtained from:
http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
On behalf of the Netfilter Core Team.
Happy testing!
--
"Los honestos son inadaptados sociales" -- Les Luthiers
[-- Attachment #1.2: ChangeLog --]
[-- Type: text/plain, Size: 1033 bytes --]
iptables v1.4.0rc1 Changelog
======================================================================
Changes from 1.3.8:
- Add support for generic xtables infrastructure (improved IPv6 support!)
[ Yasuyuki Kozakai ]
- Deletes empty ->final_check() functions
[ Jan Engelhardt ]
- Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
[ Patrick McHardy ]
- Remove last vestiges of NFC
[ Peter Riley ]
- Make @msg argument a const char *, just like printf
[ Jan Engelhardt ]
- Makes it possible to omit extra_opts of matches/targets if unnecessary
[ Jan Engelhardt ]
- Fix "iptables getsockopt failed strangely" when querying revisions for non-existant matches and targets
[ Patrick McHardy]
- Introduces DEST_IPT_LIBDIR in Makefile
[ Yasuyuki Kozakai ]
- Change default KERNEL_DIR location and add KBUILD_OUTPUT
[ Sven Wegener ]
- Removes obsolete KERNEL_64_USERSPACE_32 definitions
[ Yasuyuki Kozakai ]
- Fix unused function warning
[ Patrick McHardy ]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-15 16:52 [ANNOUNCE] Release of iptables 1.4.0rc1 Pablo Neira Ayuso
@ 2007-10-15 19:18 ` Petr Pisar
2007-10-15 21:35 ` Robby Workman
2007-10-16 8:44 ` Patrick McHardy
0 siblings, 2 replies; 8+ messages in thread
From: Petr Pisar @ 2007-10-15 19:18 UTC (permalink / raw)
To: netfilter
On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> The netfilter coreteam proudly presents:
>
> iptables version 1.4.0rc1
>
Great to hear it. But it doesn't build ip6tables-{save,restore} as older
versions either. The problem is that these two makefile targets are in
*_EXP veriable.
It is bug or a feature?
PS: http://bugzilla.netfilter.org/ doesn't work.
-- Petr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-15 19:18 ` Petr Pisar
@ 2007-10-15 21:35 ` Robby Workman
2007-10-16 8:44 ` Patrick McHardy
1 sibling, 0 replies; 8+ messages in thread
From: Robby Workman @ 2007-10-15 21:35 UTC (permalink / raw)
To: Petr Pisar; +Cc: netfilter
Petr Pisar wrote:
> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> The netfilter coreteam proudly presents:
>>
>> iptables version 1.4.0rc1
>>
> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
> versions either. The problem is that these two makefile targets are in
> *_EXP veriable.
>
> It is bug or a feature?
If I remember correctly (and I may not), the iptables-{save,restore}
were marked as experimental earlier, then at some point they were
not. As of 1.3.8, iptables-{save,restore} are not experimental,
while ip6tables-{save,restore} are. I would expect that they will
have the same fate sooner or later. In the meantime, if you want
them, just use make experimental and make install-experimental
to get them...
-RW
--
http://rlworkman.net
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-15 19:18 ` Petr Pisar
2007-10-15 21:35 ` Robby Workman
@ 2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
2007-10-16 15:01 ` Jan Engelhardt
1 sibling, 2 replies; 8+ messages in thread
From: Patrick McHardy @ 2007-10-16 8:44 UTC (permalink / raw)
To: Petr Pisar; +Cc: netfilter, Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 482 bytes --]
Please CC netfilter-devel on bugreports.
Petr Pisar wrote:
> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> The netfilter coreteam proudly presents:
>>
>> iptables version 1.4.0rc1
>>
> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
> versions either. The problem is that these two makefile targets are in
> *_EXP veriable.
>
> It is bug or a feature?
I would say its a bug. I've added this patch, please test if it works
for you.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1547 bytes --]
Index: ip6tables-restore.c
===================================================================
--- ip6tables-restore.c (Revision 7068)
+++ ip6tables-restore.c (Arbeitskopie)
@@ -77,7 +77,11 @@
static int parse_counters(char *string, struct ip6t_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *pcnt, *bcnt;
+
+ pcnt = &ctr->pcnt;
+ bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
}
/* global new argv and argc */
Index: Makefile
===================================================================
--- Makefile (Revision 7068)
+++ Makefile (Arbeitskopie)
@@ -61,8 +61,8 @@
ifeq ($(DO_IPV6), 1)
EXTRAS+=ip6tables ip6tables.o ip6tables.8
EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
-EXTRAS_EXP+=ip6tables-save ip6tables-restore
-EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
+EXTRAS+=ip6tables-save ip6tables-restore
+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
endif
ifndef IPT_LIBDIR
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 8:44 ` Patrick McHardy
@ 2007-10-16 14:30 ` Petr Pisar
2007-10-17 8:48 ` Patrick McHardy
2007-10-16 15:01 ` Jan Engelhardt
1 sibling, 1 reply; 8+ messages in thread
From: Petr Pisar @ 2007-10-16 14:30 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel
On 2007-10-16, Patrick McHardy <kaber@trash.net> wrote:
> Petr Pisar wrote:
>> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>>> The netfilter coreteam proudly presents:
>>>
>>> iptables version 1.4.0rc1
>>>
>> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
>> versions either. The problem is that these two makefile targets are in
>> *_EXP veriable.
>>
>> It is bug or a feature?
>
> I would say its a bug. I've added this patch, please test if it works
> for you.
>
Yes, it works.
Probably you forgot on manual pages:
--- Makefile.old 2007-10-16 16:05:07.000000000 +0200
+++ Makefile 2007-10-16 16:07:37.000000000 +0200
@@ -62,7 +62,7 @@
EXTRAS+=ip6tables ip6tables.o ip6tables.8
EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
EXTRAS+=ip6tables-save ip6tables-restore
-EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
endif
ifndef IPT_LIBDIR
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
@ 2007-10-16 15:01 ` Jan Engelhardt
2007-10-17 8:38 ` Patrick McHardy
1 sibling, 1 reply; 8+ messages in thread
From: Jan Engelhardt @ 2007-10-16 15:01 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Petr Pisar, netfilter, Netfilter Development Mailinglist
On Oct 16 2007 10:44, Patrick McHardy wrote:
> Please CC netfilter-devel on bugreports.
>
> Petr Pisar wrote:
>> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> > The netfilter coreteam proudly presents:
>> >
>> > iptables version 1.4.0rc1
>> >
>> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
>> versions either. The problem is that these two makefile targets are in
>> *_EXP veriable.
>>
>> It is bug or a feature?
>
>
> I would say its a bug. I've added this patch, please test if it works
> for you.
>
>Index: ip6tables-restore.c
>===================================================================
>--- ip6tables-restore.c (Revision 7068)
>+++ ip6tables-restore.c (Arbeitskopie)
>@@ -77,7 +77,11 @@
>
> static int parse_counters(char *string, struct ip6t_counters *ctr)
> {
>- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
>+ u_int64_t *pcnt, *bcnt;
>+
>+ pcnt = &ctr->pcnt;
>+ bcnt = &ctr->bcnt;
>+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
> }
This is also wrong (even though it may work in practice), since unsigned long
long does not necessarily need to be 64 bit (it may be larger, and if so,
you'll smash the stack).
What you want is:
static int parse_counters(const char *string, struct ip6t_counter *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret;
}
>
> /* global new argv and argc */
>Index: Makefile
>===================================================================
>--- Makefile (Revision 7068)
>+++ Makefile (Arbeitskopie)
>@@ -61,8 +61,8 @@
> ifeq ($(DO_IPV6), 1)
> EXTRAS+=ip6tables ip6tables.o ip6tables.8
> EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
>-EXTRAS_EXP+=ip6tables-save ip6tables-restore
>-EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
>+EXTRAS+=ip6tables-save ip6tables-restore
>+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> endif
>
> ifndef IPT_LIBDIR
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 15:01 ` Jan Engelhardt
@ 2007-10-17 8:38 ` Patrick McHardy
0 siblings, 0 replies; 8+ messages in thread
From: Patrick McHardy @ 2007-10-17 8:38 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Petr Pisar, netfilter, Netfilter Development Mailinglist
Jan Engelhardt wrote:
> On Oct 16 2007 10:44, Patrick McHardy wrote:
>>
>> static int parse_counters(char *string, struct ip6t_counters *ctr)
>> {
>> - return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
>> + u_int64_t *pcnt, *bcnt;
>> +
>> + pcnt = &ctr->pcnt;
>> + bcnt = &ctr->bcnt;
>> + return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
>> }
>
> This is also wrong (even though it may work in practice), since unsigned long
> long does not necessarily need to be 64 bit (it may be larger, and if so,
> you'll smash the stack).
> What you want is:
Indeed, that is obviously wrong. I'll fix that and the other occurences.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 14:30 ` Petr Pisar
@ 2007-10-17 8:48 ` Patrick McHardy
0 siblings, 0 replies; 8+ messages in thread
From: Patrick McHardy @ 2007-10-17 8:48 UTC (permalink / raw)
To: Petr Pisar; +Cc: netfilter, netfilter-devel
Petr Pisar wrote:
> Probably you forgot on manual pages:
>
> --- Makefile.old 2007-10-16 16:05:07.000000000 +0200
> +++ Makefile 2007-10-16 16:07:37.000000000 +0200
> @@ -62,7 +62,7 @@
> EXTRAS+=ip6tables ip6tables.o ip6tables.8
> EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
> EXTRAS+=ip6tables-save ip6tables-restore
> -EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> +EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> endif
Fixed, thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-10-17 8:48 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-15 16:52 [ANNOUNCE] Release of iptables 1.4.0rc1 Pablo Neira Ayuso
2007-10-15 19:18 ` Petr Pisar
2007-10-15 21:35 ` Robby Workman
2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
2007-10-17 8:48 ` Patrick McHardy
2007-10-16 15:01 ` Jan Engelhardt
2007-10-17 8:38 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.