Hello everyone,
I have released Xtables 1.5.2, which is a package of my ongoing
iptables development. It contains a few patches that make it easier
to build (no kernel source required¹!), and... see shortlog below. I
just rebased it on top of the new converted-from-svn iptables git
tree (which still needs to be officially embraced..); once that
happens it will hopefully merge. Still, it is stable and can replace
an older iptables package.
Then there is Xtables-addons 1.5.2 out now, which does not have any
new striking changes; just a fix to let it work with older GNU makes
and that it does not depend on the same Xtables version anymore.
(kernel-source required here, in case you ask.)
I have gotten a number of inquiries regarding Xtables modules, and
yes, I am taking submissions into Xtables-addons.
URLs:
bz2- http://dev.computergmbh.de/files/xtables/
gitweb- http://dev.computergmbh.de/gitweb.cgi?p=xtables-dev
gitweb- http://dev.computergmbh.de/gitweb.cgi?p=xtables-addons
clone- git://dev.computergmbh.de/xtables-dev
clone- git://dev.computergmbh.de/xtables-addons
SRPM for reference how to build it in an automatic environment:
http://ftp.gwdg.de/pub/linux/misc/suser-jengelh/SRPMS/
BRPM:
http://ftp.gwdg.de/pub/linux/misc/suser-jengelh/SUSE-10.3/
¹Unless you cross-compile.
Xtables:
Jan Engelhardt (24):
Update .gitignore
Fix compilation of iptables-static build
Correct the family member value of libxt_mark rev.1
Makefile: add a "tarball" target
Drop -W from CFLAGS and some tiny code cleanups
Fix -Wshadow warnings and clean up xt_sctp.h.
Fix all remaining warnings (missing declarations, missing prototypes)
Add support for xt_hashlimit match revision 1
Update the libxt_owner manpage with the UID/GID-range feature
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
Move libipt_recent to libxt_recent
Add IPv6 support to libxt_recent
Add all necessary header files - compilation fix for various cases
Update package name (Xtables) and documentation
configure: split --enable-libipq from --enable-devel
Install libiptc header files because xtables.h depends on it
Remove support for compilation of conditional extensions
Combine ipt and ip6t manpages
Implement AF_UNSPEC as a wildcard for extensions
Change IPTABLES_VERSION to XTABLES_VERSION
Update spelling and grammar in manpages
Fix broken markup in manpages
Clarify prerequisites of Xtables and update option notes
Xtables 1.5.2
Jan Engelhardt wrote:
> Hello everyone,
>
>
> I have released Xtables 1.5.2, which is a package of my ongoing
> iptables development. It contains a few patches that make it easier
> to build (no kernel source required?!), and... see shortlog below. I
> just rebased it on top of the new converted-from-svn iptables git
> tree (which still needs to be officially embraced..); once that
> happens it will hopefully merge. Still, it is stable and can replace
> an older iptables package.
It would be a lot better if you would post your patches
instead publishing your own versions of iptables.
On Mar 4 2008 15:54, Patrick McHardy wrote:
>
> It would be a lot better if you would post your patches
> instead publishing your own versions of iptables.
>
Give me a break, I was about to do that, just had some
ordering issues :-) (aka how-do-I-sort-this-now)
iptables/Xtables:
git://dev.computergmbh.de/xtables-dev master
Range: 55ad85c12405b61b8c3c082888c75d1559a93c1e(^)..
b567100706830bb8917220d81350edc6623e8189
Response follows in subthread.
Jan Engelhardt (24):
Update .gitignore
Fix compilation of iptables-static build
Correct the family member value of libxt_mark rev.1
Makefile: add a "tarball" target
Drop -W from CFLAGS and some tiny code cleanups
Fix -Wshadow warnings and clean up xt_sctp.h.
Fix all remaining warnings (missing declarations, missing prototypes)
Add support for xt_hashlimit match revision 1
Update the libxt_owner manpage with the UID/GID-range feature
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
Move libipt_recent to libxt_recent
Add IPv6 support to libxt_recent
Add all necessary header files - compilation fix for various cases
Update package name (Xtables) and documentation
configure: split --enable-libipq from --enable-devel
Install libiptc header files because xtables.h depends on it
Remove support for compilation of conditional extensions
Combine ipt and ip6t manpages
Implement AF_UNSPEC as a wildcard for extensions
Change IPTABLES_VERSION to XTABLES_VERSION
Update spelling and grammar in manpages
Fix broken markup in manpages
Clarify prerequisites of Xtables and update option notes
Xtables 1.5.2
---
linux:
git://dev.computergmbh.de/linux master
Range: c95858194ffe1fbe19fa99287c78c10046bb188b(^)..
ba5aecde37b53f3c3853943f33c7def80bca3e38
Response follows in subthread.
Jan Engelhardt (19):
[NETFILTER]: xt_sctp: simplify xt_sctp.h
[NETFILTER]: annotate xtables targets with const and remove casts
[NETFILTER]: annotate {arp,ip,ip6,x}tables with const
[NETFILTER]: annotate rest of nf_conntrack_* with const
[NETFILTER]: annotate rest of nf_nat_* with const
[NETFILTER]: Use unsigned types for hooknum and pf vars
[NETFILTER]: remove arpt_table indirection macro
[NETFILTER]: remove arpt_target indirection macro
[NETFILTER]: remove ARPT_{STANDARD,ERROR}_TARGET indirection macro
[NETFILTER]: remove unused ARPT_ALIGN indirection macros
[NETFILTER]: remove arpt_(un)register_target indirection macros
[NETFILTER]: remove ARPT_{CONTINUE,RETURN} indirection macros
[NETFILTER]: remove ARPT_{CONTINUE,RETURN} indirection macros
[NETFILTER]: rename NF_ARP to AF_ARP and assign a non-clashing value
[NETFILTER]: Implement AF_UNSPEC as a wildcard for extensions
[NETFILTER]: Explicitly initialize .priority in arptable_filter
[NETFILTER]: Give AF-independent extensions an arpt_ alias
[NETFILTER]: Rename ipt_recent to xt_recent
[NETFILTER]: xt_recent: IPv6 support
-W turns on some of the deeply-nitpicky (IMO) warnings like
signed-vs-unsigned, so I judged it was better to remove it,
and be good developers instead.
===
commit 5d60776717f011fbd019a268a3193040aa9ddd4c
Author: Jan Engelhardt <[email protected]>
Date: Mon Mar 3 12:30:41 2008 +0100
Drop -W from CFLAGS and some tiny code cleanups
- change "unsigned" to explicit "unsigned int"
- remove some casts
---
configure.ac | 2 +-
extensions/dscp_helper.c | 2 +-
extensions/libip6t_dst.c | 2 +-
extensions/libip6t_hbh.c | 2 +-
extensions/libip6t_rt.c | 2 +-
extensions/libipt_SAME.c | 6 +++---
extensions/libxt_TCPOPTSTRIP.c | 2 +-
extensions/libxt_quota.c | 2 +-
iptables-xml.c | 14 +++++++-------
xtables.c | 2 +-
10 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/configure.ac b/configure.ac
index a435ae4..004a517 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" == "yes"])
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" == "yes"])
regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \
- -D_REENTRANT -W -Wall -Waggregate-return -Wmissing-declarations \
+ -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
-Winline -pipe -DIPTABLES_VERSION=\\\"$PACKAGE_VERSION\\\" \
-DIPT_LIB_DIR=\\\"\${iptdir}\\\" -DIP6T_LIB_DIR=\\\"\${iptdir}\\\"";
diff --git a/extensions/dscp_helper.c b/extensions/dscp_helper.c
index 9e9a163..217df09 100644
--- a/extensions/dscp_helper.c
+++ b/extensions/dscp_helper.c
@@ -49,7 +49,7 @@ static const struct ds_class
static unsigned int
class_to_dscp(const char *name)
{
- unsigned i;
+ unsigned int i;
for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
if (!strncasecmp(name, ds_classes[i].name,
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index 9e4d870..5b06033 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -168,7 +168,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_options(unsigned optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, u_int16_t *optsp)
{
unsigned int i;
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index 1052575..ad12547 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -162,7 +162,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_options(unsigned optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, u_int16_t *optsp)
{
unsigned int i;
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index a9ced6a..e2ae09f 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -255,7 +255,7 @@ print_nums(const char *name, u_int32_t min, u_int32_t max,
}
static void
-print_addresses(unsigned addrnr, struct in6_addr *addrp)
+print_addresses(unsigned int addrnr, struct in6_addr *addrp)
{
unsigned int i;
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index e03ae80..d1e6903 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -90,7 +90,7 @@ static int SAME_parse(int c, char **argv, int invert, unsigned int *flags,
{
struct ipt_same_info *mr
= (struct ipt_same_info *)(*target)->data;
- unsigned count;
+ unsigned int count;
switch (c) {
case '1':
@@ -146,7 +146,7 @@ static void SAME_check(unsigned int flags)
static void SAME_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- unsigned count;
+ unsigned int count;
struct ipt_same_info *mr
= (struct ipt_same_info *)target->data;
int random = 0;
@@ -180,7 +180,7 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void SAME_save(const void *ip, const struct xt_entry_target *target)
{
- unsigned count;
+ unsigned int count;
struct ipt_same_info *mr
= (struct ipt_same_info *)target->data;
int random = 0;
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index df107f4..bd66435 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -22,7 +22,7 @@ enum {
struct tcp_optionmap {
const char *name, *desc;
- const unsigned option;
+ const unsigned int option;
};
static const struct option tcpoptstrip_tg_opts[] = {
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index 57050f2..b4fb78b 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -43,7 +43,7 @@ quota_save(const void *ip, const struct xt_entry_match *match)
static int
parse_quota(const char *s, u_int64_t * quota)
{
- *quota = strtoull(s, (char **) NULL, 10);
+ *quota = strtoull(s, NULL, 10);
#ifdef DEBUG_XT_QUOTA
printf("Quota: %llu\n", *quota);
diff --git a/iptables-xml.c b/iptables-xml.c
index 087b7c7..404d020 100644
--- a/iptables-xml.c
+++ b/iptables-xml.c
@@ -85,10 +85,10 @@ parse_counters(char *string, struct ipt_counters *ctr)
/* global new argv and argc */
static char *newargv[255];
-static unsigned newargc = 0;
+static unsigned int newargc = 0;
static char *oldargv[255];
-static unsigned oldargc = 0;
+static unsigned int oldargc = 0;
/* arg meta data, were they quoted, frinstance */
static int newargvattr[255];
@@ -129,7 +129,7 @@ add_argv(char *what, int quoted)
static void
free_argv(void)
{
- unsigned i;
+ unsigned int i;
for (i = 0; i < newargc; i++) {
free(newargv[i]);
@@ -149,7 +149,7 @@ free_argv(void)
static void
save_argv(void)
{
- unsigned i;
+ unsigned int i;
for (i = 0; i < oldargc; i++)
free(oldargv[i]);
@@ -545,8 +545,8 @@ compareRules(void)
is the case when processing the ACTUAL output of actual iptables-save
rather than a file merely in a compatable format */
- unsigned old = 0;
- unsigned new = 0;
+ unsigned int old = 0;
+ unsigned int new = 0;
int compare = 0;
@@ -748,7 +748,7 @@ main(int argc, char *argv[])
ret = 1;
} else if (curTable[0]) {
- unsigned a;
+ unsigned int a;
char *ptr = buffer;
char *pcnt = NULL;
char *bcnt = NULL;
diff --git a/xtables.c b/xtables.c
index af4d3dc..dba9081 100644
--- a/xtables.c
+++ b/xtables.c
@@ -257,7 +257,7 @@ int service_to_port(const char *name, const char *proto)
u_int16_t parse_port(const char *port, const char *proto)
{
- unsigned portnum;
+ unsigned int portnum;
if ((string_to_number(port, 0, 65535, &portnum)) != -1 ||
(portnum = service_to_port(port, proto)) != (unsigned)-1)