iptables fixes for 2011-05-30

iptables fixes for 2011-05-30

[Jan Engelhardt]

The following changes since commit 874b76221f74a00520a712ef89b5254a1ed896f8:

  libxt_owner: restore inversion support (2011-05-29 16:43:25 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables next

Jan Engelhardt (5):
      build: remove dead code parts
      build: fix installation of symlinks
      build: fix absence of xml translator in IPv6-only builds
      doc: update GPL license text
      doc: iptables-xml should be in manpage section 1

 COPYING                          |   42 +++++++++++++++++++-------------------
 Makefile.am                      |   10 ++++----
 ip6tables.c                      |    2 -
 iptables-xml.8 => iptables-xml.1 |    0
 iptables-xml.c                   |    3 --
 libiptc/libiptc.c                |    7 +----
 6 files changed, 28 insertions(+), 36 deletions(-)
 rename iptables-xml.8 => iptables-xml.1 (100%)

[PATCH 1/5] build: remove dead code parts

[Jan Engelhardt]

gcc-4.6 has a new warning, -Wunused-but-set-variable, which flags
no-op code.

  CC     libiptc/libip4tc.lo
In file included from libiptc/libip4tc.c:118:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
  CC     libiptc/libip6tc.lo
In file included from libiptc/libip6tc.c:113:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
  CC     xtables_multi-iptables-xml.o
iptables-xml.c: In function "do_rule_part":
iptables-xml.c:376:8: warning: variable "thisChain" set but not used
  CC     xtables_multi-ip6tables.o
ip6tables.c: In function "print_firewall":
ip6tables.c:552:10: warning: variable "flags" set but not used

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 ip6tables.c       |    2 --
 iptables-xml.c    |    3 ---
 libiptc/libiptc.c |    7 ++-----
 3 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/ip6tables.c b/ip6tables.c
index a74238c..4df73b8 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -549,7 +549,6 @@ print_firewall(const struct ip6t_entry *fw,
 {
 	const struct xtables_target *target = NULL;
 	const struct ip6t_entry_target *t;
-	uint8_t flags;
 	char buf[BUFSIZ];
 
 	if (!ip6tc_is_chain(targname, handle))
@@ -559,7 +558,6 @@ print_firewall(const struct ip6t_entry *fw,
 		         XTF_LOAD_MUST_SUCCEED);
 
 	t = ip6t_get_target((struct ip6t_entry *)fw);
-	flags = fw->ipv6.flags;
 
 	if (format & FMT_LINENUMBERS)
 		printf(FMT("%-4u ", "%u "), num);
diff --git a/iptables-xml.c b/iptables-xml.c
index dc3cd4f..aa98f75 100644
--- a/iptables-xml.c
+++ b/iptables-xml.c
@@ -373,7 +373,6 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
 {
 	int arg = 1;		// ignore leading -A
 	char invert_next = 0;
-	char *thisChain = NULL;
 	char *spacer = "";	// space when needed to assemble arguments
 	char *level1 = NULL;
 	char *level2 = NULL;
@@ -397,8 +396,6 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
 		} else printf("%s<%s ", (leveli ## LEVEL), (level ## LEVEL)); \
 	} while(0)
 
-	thisChain = argv[arg++];
-
 	if (part == 1) {	/* skip */
 		/* use argvattr to tell which arguments were quoted 
 		   to avoid comparing quoted arguments, like comments, to -j, */
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index d3b1c51..0b6d5e3 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -608,7 +608,7 @@ static int iptcc_chain_index_rebuild(struct xtc_handle *h)
  */
 static int iptcc_chain_index_delete_chain(struct chain_head *c, struct xtc_handle *h)
 {
-	struct list_head *index_ptr, *index_ptr2, *next;
+	struct list_head *index_ptr, *next;
 	struct chain_head *c2;
 	unsigned int idx, idx2;
 
@@ -628,7 +628,7 @@ static int iptcc_chain_index_delete_chain(struct chain_head *c, struct xtc_handl
 		 * is located in the same index bucket.
 		 */
 		c2         = list_entry(next, struct chain_head, list);
-		index_ptr2 = iptcc_bsearch_chain_index(c2->name, &idx2, h);
+		iptcc_bsearch_chain_index(c2->name, &idx2, h);
 		if (idx != idx2) {
 			/* Rebuild needed */
 			return iptcc_chain_index_rebuild(h);
@@ -1279,11 +1279,8 @@ static int iptcc_compile_table(struct xtc_handle *h, STRUCT_REPLACE *repl)
 static struct xtc_handle *
 alloc_handle(const char *tablename, unsigned int size, unsigned int num_rules)
 {
-	size_t len;
 	struct xtc_handle *h;
 
-	len = sizeof(STRUCT_TC_HANDLE) + size;
-
 	h = malloc(sizeof(STRUCT_TC_HANDLE));
 	if (!h) {
 		errno = ENOMEM;
-- 
1.7.3.4

[PATCH 2/5] build: fix installation of symlinks

[Jan Engelhardt]

Commit v1.4.11~20 forgot to change the symlink target names to the new
executable name.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 Makefile.am |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 13e144e..741729b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -96,6 +96,6 @@ config.status: extensions/GNUmakefile.in \
 install-exec-hook:
 	-if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
 	${INSTALL} -dm0755 "${DESTDIR}${bindir}";
-	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done;
-	for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done;
-	for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done;
+	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
+	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
-- 
1.7.3.4

[PATCH 3/5] build: fix absence of xml translator in IPv6-only builds

[Jan Engelhardt]

Due to iptables-xml being listed under IPV4 only, its symlink was not
created on `./configure --disable-ipv4 && make install`.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 Makefile.am |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 741729b..cc2b83b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -65,8 +65,8 @@ man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                    ip6tables-save.8
 CLEANFILES       = iptables.8 ip6tables.8
 
+vx_bin_links   = iptables-xml
 if ENABLE_IPV4
-v4_bin_links   = iptables-xml
 v4_sbin_links  = iptables iptables-restore iptables-save
 endif
 if ENABLE_IPV6
@@ -96,6 +96,6 @@ config.status: extensions/GNUmakefile.in \
 install-exec-hook:
 	-if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
 	${INSTALL} -dm0755 "${DESTDIR}${bindir}";
-	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
+	for i in ${vx_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
 	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
 	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
-- 
1.7.3.4

[PATCH 4/5] doc: update GPL license text

[Jan Engelhardt]

The Open Build Service/rpmlint flagged the outdated address in the
license text :-)

iptables.x86_64: W: incorrect-fsf-address
/usr/share/doc/packages/iptables/COPYING
The Free Software Foundation address in this file seems to be outdated
or misspelled.  Ask upstream to update the address, or if this is a
license file, possibly the entire file with a new copy available from
the FSF.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 COPYING |   42 +++++++++++++++++++++---------------------
 1 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/COPYING b/COPYING
index a43ea21..d159169 100644
--- a/COPYING
+++ b/COPYING
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-\f

-		    GNU GENERAL PUBLIC LICENSE
+
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-\f

+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-\f

+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-\f

+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
-\f

-	Appendix: How to Apply These Terms to Your New Programs
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -303,16 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 Also add information on how to contact you by electronic and paper mail.
 
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
 
-    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision version 69, Copyright (C) year name of author
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -335,5 +335,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-- 
1.7.3.4

[PATCH 5/5] doc: iptables-xml should be in manpage section 1

[Jan Engelhardt]

References: http://bugs.debian.org/623112
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 Makefile.am    |    2 +-
 iptables-xml.1 |   87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 iptables-xml.8 |   87 --------------------------------------------------------
 3 files changed, 88 insertions(+), 88 deletions(-)
 create mode 100644 iptables-xml.1
 delete mode 100644 iptables-xml.8

diff --git a/Makefile.am b/Makefile.am
index cc2b83b..ae7923f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -61,7 +61,7 @@ xtables_multi_LDADD   += libxtables.la -lm
 
 sbin_PROGRAMS    = xtables-multi
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
-                   iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
+                   iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
                    ip6tables-save.8
 CLEANFILES       = iptables.8 ip6tables.8
 
diff --git a/iptables-xml.1 b/iptables-xml.1
new file mode 100644
index 0000000..048c2cb
--- /dev/null
+++ b/iptables-xml.1
@@ -0,0 +1,87 @@
+.TH IPTABLES-XML 8 "Jul 16, 2007" "" ""
+.\"
+.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
+.\" It is based on the iptables-save man page.
+.\"
+.\"	This program is free software; you can redistribute it and/or modify
+.\"	it under the terms of the GNU General Public License as published by
+.\"	the Free Software Foundation; either version 2 of the License, or
+.\"	(at your option) any later version.
+.\"
+.\"	This program is distributed in the hope that it will be useful,
+.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\"	GNU General Public License for more details.
+.\"
+.\"	You should have received a copy of the GNU General Public License
+.\"	along with this program; if not, write to the Free Software
+.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\"
+.SH NAME
+iptables-xml \(em Convert iptables-save format to XML
+.SH SYNOPSIS
+\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
+.SH DESCRIPTION
+.PP
+.B iptables-xml
+is used to convert the output of iptables-save into an easily manipulatable
+XML format to STDOUT.  Use I/O-redirection provided by your shell to write to 
+a file.
+.TP
+\fB\-c\fR, \fB\-\-combine\fR
+combine consecutive rules with the same matches but different targets. iptables
+does not currently support more than one target per match, so this simulates 
+that by collecting the targets from consecutive iptables rules into one action
+tag, but only when the rule matches are identical. Terminating actions like
+RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Output xml comments containing the iptables line from which the XML is derived
+
+.PP
+iptables-xml does a mechanistic conversion to a very expressive xml
+format; the only semantic considerations are for \-g and \-j targets in
+order to discriminate between <call> <goto> and <nane-of-target> as it
+helps xml processing scripts if they can tell the difference between a
+target like SNAT and another chain.
+
+Some sample output is:
+
+<iptables-rules>
+  <table name="mangle">
+    <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
+byte-count="7137573">
+      <rule>
+       <conditions>
+        <match>
+          <p>tcp</p>
+        </match>
+        <tcp>
+          <sport>8443</sport>
+        </tcp>
+       </conditions>
+       <actions>
+        <call>
+          <check_ip/>
+        </call>
+        <ACCEPT/>
+       </actions>
+      </rule>
+    </chain>
+  </table>
+</iptables-rules>
+
+.PP
+Conversion from XML to iptables-save format may be done using the 
+iptables.xslt script and xsltproc, or a custom program using
+libxsltproc or similar; in this fashion:
+
+xsltproc iptables.xslt my-iptables.xml | iptables-restore
+
+.SH BUGS
+None known as of iptables-1.3.7 release
+.SH AUTHOR
+Sam Liddicott <azez@ufomechanic.net>
+.SH SEE ALSO
+\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
diff --git a/iptables-xml.8 b/iptables-xml.8
deleted file mode 100644
index 048c2cb..0000000
--- a/iptables-xml.8
+++ /dev/null
@@ -1,87 +0,0 @@
-.TH IPTABLES-XML 8 "Jul 16, 2007" "" ""
-.\"
-.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
-.\" It is based on the iptables-save man page.
-.\"
-.\"	This program is free software; you can redistribute it and/or modify
-.\"	it under the terms of the GNU General Public License as published by
-.\"	the Free Software Foundation; either version 2 of the License, or
-.\"	(at your option) any later version.
-.\"
-.\"	This program is distributed in the hope that it will be useful,
-.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\"	GNU General Public License for more details.
-.\"
-.\"	You should have received a copy of the GNU General Public License
-.\"	along with this program; if not, write to the Free Software
-.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-iptables-xml \(em Convert iptables-save format to XML
-.SH SYNOPSIS
-\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
-.SH DESCRIPTION
-.PP
-.B iptables-xml
-is used to convert the output of iptables-save into an easily manipulatable
-XML format to STDOUT.  Use I/O-redirection provided by your shell to write to 
-a file.
-.TP
-\fB\-c\fR, \fB\-\-combine\fR
-combine consecutive rules with the same matches but different targets. iptables
-does not currently support more than one target per match, so this simulates 
-that by collecting the targets from consecutive iptables rules into one action
-tag, but only when the rule matches are identical. Terminating actions like
-RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-.TP
-\fB\-v\fR, \fB\-\-verbose\fR
-Output xml comments containing the iptables line from which the XML is derived
-
-.PP
-iptables-xml does a mechanistic conversion to a very expressive xml
-format; the only semantic considerations are for \-g and \-j targets in
-order to discriminate between <call> <goto> and <nane-of-target> as it
-helps xml processing scripts if they can tell the difference between a
-target like SNAT and another chain.
-
-Some sample output is:
-
-<iptables-rules>
-  <table name="mangle">
-    <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
-byte-count="7137573">
-      <rule>
-       <conditions>
-        <match>
-          <p>tcp</p>
-        </match>
-        <tcp>
-          <sport>8443</sport>
-        </tcp>
-       </conditions>
-       <actions>
-        <call>
-          <check_ip/>
-        </call>
-        <ACCEPT/>
-       </actions>
-      </rule>
-    </chain>
-  </table>
-</iptables-rules>
-
-.PP
-Conversion from XML to iptables-save format may be done using the 
-iptables.xslt script and xsltproc, or a custom program using
-libxsltproc or similar; in this fashion:
-
-xsltproc iptables.xslt my-iptables.xml | iptables-restore
-
-.SH BUGS
-None known as of iptables-1.3.7 release
-.SH AUTHOR
-Sam Liddicott <azez@ufomechanic.net>
-.SH SEE ALSO
-\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
-- 
1.7.3.4

Re: [PATCH 2/5] build: fix installation of symlinks

[Maciej Żenczykowski]

ACK.  Sorry.

Re: [PATCH 3/5] build: fix absence of xml translator in IPv6-only builds

[Maciej Żenczykowski]

ie. this commit, in xtables-multi.c should probably change:

       {"iptables-xml",        iptables_xml_main},
       {"xml4",                iptables_xml_main},
#endif

to

#endif
       {"iptables-xml",        iptables_xml_main},
       {"xml",                 iptables_xml_main},

(and maybe add an ip6tables-xml alias as well?)


2011/5/30 Maciej Żenczykowski <zenczykowski@gmail.com>:
> ACK.
>
> Never used it, didn't realize it was useful for ipv6 as well.
> Perhaps in xtables-multi some changes should be made as well?
> (change xml4, and change the #ifdef ENABLE_IPV4 wrapper).
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/5] build: fix absence of xml translator in IPv6-only builds

[Jan Engelhardt]

On Monday 2011-05-30 13:57, Maciej Żenczykowski wrote:

>ie. this commit, in xtables-multi.c should probably change:
>
>       {"iptables-xml",        iptables_xml_main},
>       {"xml4",                iptables_xml_main},
>#endif
>
>to
>
>#endif
>       {"iptables-xml",        iptables_xml_main},
>       {"xml",                 iptables_xml_main},
>
>(and maybe add an ip6tables-xml alias as well?)

nope, the xml subcomponent is a nfproto-independent text-to-text 
translator IIRC.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/5] build: fix absence of xml translator in IPv6-only builds

[Maciej Żenczykowski]

Uhm, if it's ip proto independent then it shouldn't be defined in
xtables-multi in the #ifdef ENABLE_IPV4 section... right?
Or I'm missing something?  It should be usable if you're creating a
static build of xtables-multi with only ipv6 support, correct?

2011/5/30 Jan Engelhardt <jengelh@medozas.de>:
> On Monday 2011-05-30 13:57, Maciej Żenczykowski wrote:
>
>>ie. this commit, in xtables-multi.c should probably change:
>>
>>       {"iptables-xml",        iptables_xml_main},
>>       {"xml4",                iptables_xml_main},
>>#endif
>>
>>to
>>
>>#endif
>>       {"iptables-xml",        iptables_xml_main},
>>       {"xml",                 iptables_xml_main},
>>
>>(and maybe add an ip6tables-xml alias as well?)
>
> nope, the xml subcomponent is a nfproto-independent text-to-text
> translator IIRC.
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html