* [ANNOUNCE] Release of iptables 1.4.0rc1
@ 2007-10-15 16:52 Pablo Neira Ayuso
[not found] ` <slrnfh7f7l.crr.petr.pisar@album.ics.muni.cz>
0 siblings, 1 reply; 6+ messages in thread
From: Pablo Neira Ayuso @ 2007-10-15 16:52 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel, lwn
[-- Attachment #1.1: Type: text/plain, Size: 585 bytes --]
Hi!
The netfilter coreteam proudly presents:
iptables version 1.4.0rc1
This is the first release candidate of the new iptables branch 1.4. This
release candidate adds support for the generic xtables infrastructure
that strongly improves IPv6 support. Also several accumulated bugfixed
are included. Test it!
Version 1.4.0rc1 can be obtained from:
http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
On behalf of the Netfilter Core Team.
Happy testing!
--
"Los honestos son inadaptados sociales" -- Les Luthiers
[-- Attachment #1.2: ChangeLog --]
[-- Type: text/plain, Size: 1033 bytes --]
iptables v1.4.0rc1 Changelog
======================================================================
Changes from 1.3.8:
- Add support for generic xtables infrastructure (improved IPv6 support!)
[ Yasuyuki Kozakai ]
- Deletes empty ->final_check() functions
[ Jan Engelhardt ]
- Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
[ Patrick McHardy ]
- Remove last vestiges of NFC
[ Peter Riley ]
- Make @msg argument a const char *, just like printf
[ Jan Engelhardt ]
- Makes it possible to omit extra_opts of matches/targets if unnecessary
[ Jan Engelhardt ]
- Fix "iptables getsockopt failed strangely" when querying revisions for non-existant matches and targets
[ Patrick McHardy]
- Introduces DEST_IPT_LIBDIR in Makefile
[ Yasuyuki Kozakai ]
- Change default KERNEL_DIR location and add KBUILD_OUTPUT
[ Sven Wegener ]
- Removes obsolete KERNEL_64_USERSPACE_32 definitions
[ Yasuyuki Kozakai ]
- Fix unused function warning
[ Patrick McHardy ]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
[not found] ` <slrnfh7f7l.crr.petr.pisar@album.ics.muni.cz>
@ 2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
2007-10-16 15:01 ` Jan Engelhardt
0 siblings, 2 replies; 6+ messages in thread
From: Patrick McHardy @ 2007-10-16 8:44 UTC (permalink / raw)
To: Petr Pisar; +Cc: netfilter, Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 482 bytes --]
Please CC netfilter-devel on bugreports.
Petr Pisar wrote:
> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> The netfilter coreteam proudly presents:
>>
>> iptables version 1.4.0rc1
>>
> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
> versions either. The problem is that these two makefile targets are in
> *_EXP veriable.
>
> It is bug or a feature?
I would say its a bug. I've added this patch, please test if it works
for you.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1547 bytes --]
Index: ip6tables-restore.c
===================================================================
--- ip6tables-restore.c (Revision 7068)
+++ ip6tables-restore.c (Arbeitskopie)
@@ -77,7 +77,11 @@
static int parse_counters(char *string, struct ip6t_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *pcnt, *bcnt;
+
+ pcnt = &ctr->pcnt;
+ bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
}
/* global new argv and argc */
Index: Makefile
===================================================================
--- Makefile (Revision 7068)
+++ Makefile (Arbeitskopie)
@@ -61,8 +61,8 @@
ifeq ($(DO_IPV6), 1)
EXTRAS+=ip6tables ip6tables.o ip6tables.8
EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
-EXTRAS_EXP+=ip6tables-save ip6tables-restore
-EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
+EXTRAS+=ip6tables-save ip6tables-restore
+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
endif
ifndef IPT_LIBDIR
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 8:44 ` Patrick McHardy
@ 2007-10-16 14:30 ` Petr Pisar
2007-10-17 8:48 ` Patrick McHardy
2007-10-16 15:01 ` Jan Engelhardt
1 sibling, 1 reply; 6+ messages in thread
From: Petr Pisar @ 2007-10-16 14:30 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel
On 2007-10-16, Patrick McHardy <kaber@trash.net> wrote:
> Petr Pisar wrote:
>> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>>> The netfilter coreteam proudly presents:
>>>
>>> iptables version 1.4.0rc1
>>>
>> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
>> versions either. The problem is that these two makefile targets are in
>> *_EXP veriable.
>>
>> It is bug or a feature?
>
> I would say its a bug. I've added this patch, please test if it works
> for you.
>
Yes, it works.
Probably you forgot on manual pages:
--- Makefile.old 2007-10-16 16:05:07.000000000 +0200
+++ Makefile 2007-10-16 16:07:37.000000000 +0200
@@ -62,7 +62,7 @@
EXTRAS+=ip6tables ip6tables.o ip6tables.8
EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
EXTRAS+=ip6tables-save ip6tables-restore
-EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
endif
ifndef IPT_LIBDIR
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
@ 2007-10-16 15:01 ` Jan Engelhardt
2007-10-17 8:38 ` Patrick McHardy
1 sibling, 1 reply; 6+ messages in thread
From: Jan Engelhardt @ 2007-10-16 15:01 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Petr Pisar, netfilter, Netfilter Development Mailinglist
On Oct 16 2007 10:44, Patrick McHardy wrote:
> Please CC netfilter-devel on bugreports.
>
> Petr Pisar wrote:
>> On 2007-10-15, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> > The netfilter coreteam proudly presents:
>> >
>> > iptables version 1.4.0rc1
>> >
>> Great to hear it. But it doesn't build ip6tables-{save,restore} as older
>> versions either. The problem is that these two makefile targets are in
>> *_EXP veriable.
>>
>> It is bug or a feature?
>
>
> I would say its a bug. I've added this patch, please test if it works
> for you.
>
>Index: ip6tables-restore.c
>===================================================================
>--- ip6tables-restore.c (Revision 7068)
>+++ ip6tables-restore.c (Arbeitskopie)
>@@ -77,7 +77,11 @@
>
> static int parse_counters(char *string, struct ip6t_counters *ctr)
> {
>- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
>+ u_int64_t *pcnt, *bcnt;
>+
>+ pcnt = &ctr->pcnt;
>+ bcnt = &ctr->bcnt;
>+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
> }
This is also wrong (even though it may work in practice), since unsigned long
long does not necessarily need to be 64 bit (it may be larger, and if so,
you'll smash the stack).
What you want is:
static int parse_counters(const char *string, struct ip6t_counter *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret;
}
>
> /* global new argv and argc */
>Index: Makefile
>===================================================================
>--- Makefile (Revision 7068)
>+++ Makefile (Arbeitskopie)
>@@ -61,8 +61,8 @@
> ifeq ($(DO_IPV6), 1)
> EXTRAS+=ip6tables ip6tables.o ip6tables.8
> EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
>-EXTRAS_EXP+=ip6tables-save ip6tables-restore
>-EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
>+EXTRAS+=ip6tables-save ip6tables-restore
>+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> endif
>
> ifndef IPT_LIBDIR
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 15:01 ` Jan Engelhardt
@ 2007-10-17 8:38 ` Patrick McHardy
0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2007-10-17 8:38 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Petr Pisar, netfilter, Netfilter Development Mailinglist
Jan Engelhardt wrote:
> On Oct 16 2007 10:44, Patrick McHardy wrote:
>>
>> static int parse_counters(char *string, struct ip6t_counters *ctr)
>> {
>> - return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
>> + u_int64_t *pcnt, *bcnt;
>> +
>> + pcnt = &ctr->pcnt;
>> + bcnt = &ctr->bcnt;
>> + return (sscanf(string, "[%llu:%llu]", (unsigned long long *)pcnt, (unsigned long long *)bcnt) == 2);
>> }
>
> This is also wrong (even though it may work in practice), since unsigned long
> long does not necessarily need to be 64 bit (it may be larger, and if so,
> you'll smash the stack).
> What you want is:
Indeed, that is obviously wrong. I'll fix that and the other occurences.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ANNOUNCE] Release of iptables 1.4.0rc1
2007-10-16 14:30 ` Petr Pisar
@ 2007-10-17 8:48 ` Patrick McHardy
0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2007-10-17 8:48 UTC (permalink / raw)
To: Petr Pisar; +Cc: netfilter, netfilter-devel
Petr Pisar wrote:
> Probably you forgot on manual pages:
>
> --- Makefile.old 2007-10-16 16:05:07.000000000 +0200
> +++ Makefile 2007-10-16 16:07:37.000000000 +0200
> @@ -62,7 +62,7 @@
> EXTRAS+=ip6tables ip6tables.o ip6tables.8
> EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
> EXTRAS+=ip6tables-save ip6tables-restore
> -EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> +EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
> endif
Fixed, thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-10-17 8:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-15 16:52 [ANNOUNCE] Release of iptables 1.4.0rc1 Pablo Neira Ayuso
[not found] ` <slrnfh7f7l.crr.petr.pisar@album.ics.muni.cz>
2007-10-16 8:44 ` Patrick McHardy
2007-10-16 14:30 ` Petr Pisar
2007-10-17 8:48 ` Patrick McHardy
2007-10-16 15:01 ` Jan Engelhardt
2007-10-17 8:38 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).