[RELEASE] ebtables v2.0.10-1

[RELEASE] ebtables v2.0.10-1

[Bart De Schuymer]

Hi all,

I just released a new version of the ebtables tool.
Changes:
* fix --among-dst-file, which translated to --among-src (reported by 
Thierry Watelet)
* fix bug in test_ulog.c example
* Makefile: respect LDFLAGS during ebtables build (Peter Volkov)
* Makefile: create directories to avoid build failure when DESTDIR is 
supplied (Peter Volkov)
* incorporate fixes for possible issues found by Coverity analysis 
(thanks to Jiri Popelka)
* define __EXPORTED_HEADERS__ to get access to the Linux kernel headers
* extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian 
Westphal)
* Print a more useful error message when an update of the kernel table 
failed.
* Add --concurrent option, which enables using a file lock to support 
concurrent scripts updating the ebtables kernel tables


Have fun,
Bart

-- 
Bart De Schuymer
www.artinalgorithms.be

Re: [RELEASE] ebtables v2.0.10-1

[Jan Engelhardt]

On Sunday 2011-07-10 20:23, Bart De Schuymer wrote:

> Hi all,
>
> I just released a new version of the ebtables tool.

Oh BTW, please avoid release numbers (the -1 in 2.0.10-1) as they are 
reserved for distributions. (And creating a 2.0.10-1-1, you can agree, 
is weird in a distro. Just use 2.0.10.1 for example.)

Re: [RELEASE] ebtables v2.0.10-1

[Jan Engelhardt]

On Sunday 2011-07-10 21:53, Jan Engelhardt wrote:

>On Sunday 2011-07-10 20:23, Bart De Schuymer wrote:
>
>> Hi all,
>>
>> I just released a new version of the ebtables tool.

I had produced this patch in response to a gcc warning. Compiles, but 
not tested.

--->8---
From: Jan Engelhardt <jengelh@medozas.de>
Date: 2011-07-11 01:11 +0200

libebt_among: fix undefined behavior on dereference of typepunned ptr

extensions/ebt_among.c: In function ‘create_wormhash’:
extensions/ebt_among.c:250:4: warning: dereferencing type-punned pointer will break strict-aliasing rules
extensions/ebt_among.c:261:3: warning: dereferencing type-punned pointer will break strict-aliasing rules

---
 extensions/ebt_among.c |   18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

Index: ebtables-v2.0.10-1/extensions/ebt_among.c
===================================================================
--- ebtables-v2.0.10-1.orig/extensions/ebt_among.c
+++ ebtables-v2.0.10-1/extensions/ebt_among.c
@@ -183,7 +183,7 @@ static struct ebt_mac_wormhash *create_w
 	char *endptr;
 	struct ebt_mac_wormhash *workcopy, *result, *h;
 	unsigned char mac[6];
-	unsigned char ip[4];
+	uint32_t ip;
 	int nmacs = 0;
 	int i;
 	char token[4];
@@ -222,16 +222,18 @@ static struct ebt_mac_wormhash *create_w
 			ebt_print_error("MAC parse error: %.20s", anchor);
 			return NULL;
 		}
+		ip = 0;
 		if (*pc == '=') {
 			/* an IP follows the MAC; collect similarly to MAC */
 			pc++;
 			anchor = pc;
-			for (i = 0; i < 3; i++) {
+			for (i = 3; i > 0; --i) {
 				if (read_until(&pc, ".", token, 3) < 0 || token[0] == 0) {
 					ebt_print_error("IP parse error: %.20s", anchor);
 					return NULL;
 				}
-				ip[i] = strtol(token, &endptr, 10);
+				/* 0xFF warrants using 8 - not CHAR_BIT. */
+				ip |= (strtoul(token, &endptr, 10) & 0xFF) << (8 * i);
 				if (*endptr) {
 					ebt_print_error("IP parse error: %.20s", anchor);
 					return NULL;
@@ -242,23 +244,21 @@ static struct ebt_mac_wormhash *create_w
 				ebt_print_error("IP parse error: %.20s", anchor);
 				return NULL;
 			}
-			ip[3] = strtol(token, &endptr, 10);
+			ip |= strtoul(token, &endptr, 10) & 0xFF;
 			if (*endptr) {
 				ebt_print_error("IP parse error: %.20s", anchor);
 				return NULL;
 			}
-			if (*(uint32_t*)ip == 0) {
+			ip = htonl(ip);
+			if (ip == 0) {
 				ebt_print_error("Illegal IP 0.0.0.0");
 				return NULL;
 			}
-		} else {
-			/* no IP, we set it to 0.0.0.0 */
-			memset(ip, 0, 4);
 		}
 
 		/* we have collected MAC and IP, so we add an entry */
 		memcpy(((char *) workcopy->pool[nmacs].cmp) + 2, mac, 6);
-		workcopy->pool[nmacs].ip = *(const uint32_t *) ip;
+		workcopy->pool[nmacs].ip = ip;
 		nmacs++;
 
 		/* re-allocate memory if needed */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RELEASE] ebtables v2.0.10-1

[Bart De Schuymer]

On 19-07-11 22:54, Jan Engelhardt wrote:
> On Sunday 2011-07-10 21:53, Jan Engelhardt wrote:
>
>> On Sunday 2011-07-10 20:23, Bart De Schuymer wrote:
>>
>>> Hi all,
>>>
>>> I just released a new version of the ebtables tool.
> I had produced this patch in response to a gcc warning. Compiles, but
> not tested.
>
>
Thanks, I applied Peter's patches instead...

cheers,
Bart

-- 
Bart De Schuymer
www.artinalgorithms.be