-diff -Naurw iptables-1.4.1/extensions/.IMQ-testx iptables-1.4.1.imq/extensions/.IMQ-testx
---- iptables-1.4.3/extensions/.IMQ-testx 1969-12-31 21:00:00.000000000 -0300
-+++ iptables-1.4.3.imq/extensions/.IMQ-testx 2008-06-24 22:20:06.000000000 -0300
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ
-diff -Naurw iptables-1.4.1/extensions/libxt_IMQ.c iptables-1.4.1.imq/extensions/libxt_IMQ.c
---- iptables-1.4.3/extensions/libxt_IMQ.c 1969-12-31 21:00:00.000000000 -0300
-+++ iptables-1.4.3.imq/extensions/libxt_IMQ.c 2008-06-24 22:31:02.000000000 -0300
+diff -Naurw /dev/null extensions/libxt_IMQ.c
+--- /dev/null 1969-12-31 21:00:00.000000000 -0300
++++ extensions/libxt_IMQ.c 2008-06-24 22:31:02.000000000 -0300
@@ -0,0 +1,103 @@
+/* Shared library add-on to iptables to add IMQ target support. */
+#include <stdio.h>
+static void IMQ_help(void)
+{
+ printf(
-+"IMQ target v%s options:\n"
-+" --todev <N> enqueue to imq<N>, defaults to 0\n",
-+XTABLES_VERSION);
++"IMQ target options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n");
++
+}
+
+static struct option IMQ_opts[] = {
+
+ switch(c) {
+ case '1':
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --todev");
+ mr->todev=atoi(optarg);
+static struct xtables_target imq_target = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
-+ .family = AF_INET,
++ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+static struct xtables_target imq_target6 = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
-+ .family = AF_INET6,
++ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .extra_opts = IMQ_opts,
+};
+
-+void __attribute((constructor)) nf_ext_init(void)
-+{
++// void __attribute((constructor)) nf_ext_init(void){
++void _init(void){
+ xtables_register_target(&imq_target);
+ xtables_register_target(&imq_target6);
+}
---- iptables-1.4.3/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200
-+++ iptables-1.4.3.imq/include/linux/netfilter/xt_IMQ.h 2008-08-05 00:41:28.000000000 +0300
+diff -Naurw /dev/null extensions/libxt_IMQ.c
+--- /dev/null 1970-01-01 02:00:00.000000000 +0200
++++ include/linux/netfilter/xt_IMQ.h 2008-08-05 00:41:28.000000000 +0300
@@ -0,0 +1,9 @@
+#ifndef _XT_IMQ_H
+#define _XT_IMQ_H
+
+ switch (c) {
+ case '1':
-+ xtables_check_inverse(optarg, &invert, &optind, 0);
++ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ parse_layer7_protocol(argv[optind-1], layer7info);
+ if (invert)
+ layer7info->invert = 1;
+
+ case '2':
+ /* not going to use this, but maybe we need to strip a ! anyway (?) */
-+ xtables_check_inverse(optarg, &invert, &optind, 0);
++ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+
+ if(strlen(argv[optind-1]) >= MAX_FN_LEN)
+ xtables_error(PARAMETER_PROBLEM, "directory name too long\n");
+ xtables_error(PARAMETER_PROBLEM,
+ "Can't use --oif and --iif together");
+
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --oif");
+
+ xtables_error(PARAMETER_PROBLEM,
+ "Can't use --iif and --oif together");
+
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --iif");
+
+ xtables_error(PARAMETER_PROBLEM,
+ "Can't specify --gw twice");
+
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --gw");
+
+ xtables_error(PARAMETER_PROBLEM,
+ "Can't specify --oif twice");
+
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --oif");
+
+ xtables_error(PARAMETER_PROBLEM,
+ "Can't specify --gw twice");
+
-+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --gw");
+
-diff -NurpP --minimal iptables-1.4.1.1.orig/include/linux/netfilter/xt_owner.h iptables-1.4.1.1.mod/include/linux/netfilter/xt_owner.h
---- iptables-1.4.1.1.orig/include/linux/netfilter/xt_owner.h 2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1.mod/include/linux/netfilter/xt_owner.h 2008-08-06 14:54:05.000000000 +0200
-@@ -5,12 +5,16 @@ enum {
- XT_OWNER_UID = 1 << 0,
- XT_OWNER_GID = 1 << 1,
- XT_OWNER_SOCKET = 1 << 2,
-+ XT_OWNER_XID = 1 << 3,
-+ XT_OWNER_NID = 1 << 4,
+--- iptables-1.4.8/extensions/libxt_owner.c.org 2010-06-07 21:59:55.086564655 +0200
++++ iptables-1.4.8/extensions/libxt_owner.c 2010-06-07 22:06:25.259858702 +0200
+@@ -24,11 +24,15 @@
+ IPT_OWNER_PID = 0x04,
+ IPT_OWNER_SID = 0x08,
+ IPT_OWNER_COMM = 0x10,
++ IPT_OWNER_NID = 0x20,
++ IPT_OWNER_XID = 0x40,
+ IP6T_OWNER_UID = IPT_OWNER_UID,
+ IP6T_OWNER_GID = IPT_OWNER_GID,
+ IP6T_OWNER_PID = IPT_OWNER_PID,
+ IP6T_OWNER_SID = IPT_OWNER_SID,
+ IP6T_OWNER_COMM = IPT_OWNER_COMM,
++ IP6T_OWNER_NID = IPT_OWNER_NID,
++ IP6T_OWNER_XID = IPT_OWNER_XID,
};
- struct xt_owner_match_info {
- u_int32_t uid_min, uid_max;
- u_int32_t gid_min, gid_max;
- u_int8_t match, invert;
+ struct ipt_owner_info {
+@@ -38,6 +42,8 @@
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+ u_int32_t nid;
+ u_int32_t xid;
};
- #endif /* _XT_OWNER_MATCH_H */
-diff -NurpP --minimal iptables-1.4.1.1.orig/include/linux/netfilter_ipv4/ipt_owner.h iptables-1.4.1.1.mod/include/linux/netfilter_ipv4/ipt_owner.h
---- iptables-1.4.1.1.orig/include/linux/netfilter_ipv4/ipt_owner.h 2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1.mod/include/linux/netfilter_ipv4/ipt_owner.h 2008-08-06 14:56:05.000000000 +0200
-@@ -7,6 +7,9 @@
- #define IPT_OWNER_PID 0x04
- #define IPT_OWNER_SID 0x08
- #define IPT_OWNER_COMM 0x10
-+#define IPT_OWNER_NID 0x20
-+#define IPT_OWNER_XID 0x40
-+
-
- struct ipt_owner_info {
- uid_t uid;
-@@ -15,6 +18,8 @@ struct ipt_owner_info {
- pid_t sid;
- char comm[16];
- u_int8_t match, invert; /* flags */
-+ u_int32_t nid;
-+ u_int32_t xid;
- };
-
- #endif /*_IPT_OWNER_H*/
-diff -NurpP --minimal iptables-1.4.1.1.orig/include/linux/netfilter_ipv6/ip6t_owner.h iptables-1.4.1.1.mod/include/linux/netfilter_ipv6/ip6t_owner.h
---- iptables-1.4.1.1.orig/include/linux/netfilter_ipv6/ip6t_owner.h 2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1.mod/include/linux/netfilter_ipv6/ip6t_owner.h 2008-08-06 14:57:23.000000000 +0200
-@@ -6,6 +6,8 @@
- #define IP6T_OWNER_GID 0x02
- #define IP6T_OWNER_PID 0x04
- #define IP6T_OWNER_SID 0x08
-+#define IP6T_OWNER_NID 0x20
-+#define IP6T_OWNER_XID 0x40
-
struct ip6t_owner_info {
- uid_t uid;
-@@ -13,6 +15,8 @@ struct ip6t_owner_info {
- pid_t pid;
- pid_t sid;
- u_int8_t match, invert; /* flags */
-+ u_int32_t nid;
-+ u_int32_t xid;
+@@ -47,6 +53,8 @@
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
++ u_int32_t nid;
++ u_int32_t xid;
};
- #endif /*_IPT_OWNER_H*/
+ /*
%bcond_without doc # without documentation (HOWTOS) which needed TeX
%bcond_without dist_kernel # without distribution kernel
%bcond_without vserver # kernel build without vserver
-%bcond_without batch # build iptables-batch
+%bcond_with batch # build iptables-batch
+%bcond_with static
#
%define netfilter_snap 20070806
%define llh_version 7:2.6.22.1
Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
Name: iptables
-Version: 1.4.4
-Release: 2
+Version: 1.4.8
+Release: 1
License: GPL
Group: Networking/Admin
Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
-# Source0-md5: 08cd9196881657ea0615d926334cb7e9
+# Source0-md5: 697ed89f37af4473a5f6349ba2700f2d
Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
# Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
Source2: %{name}.init
Source3: %{name6}.init
Patch0: %{name}-%{netfilter_snap}.patch
Patch1: %{name}-man.patch
-# based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
+# based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
Patch2: %{name}-imq.patch
# http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
Patch3: %{name}-tproxy.patch
%setup -q -a1
%patch0 -p1
%patch1 -p1
-%patch2 -p1
+%patch2 -p0
#%patch3 -p0
%patch4 -p1
%patch5 -p1
--with-ksource=%{_kernelsrcdir} \
--enable-devel \
--enable-libipq \
+ %{?with_static:--enable-static} \
--enable-shared
%{__make} -j1 all \
CC="%{__cc}" \
- CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
+ CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
KERNEL_DIR="%{_kernelsrcdir}" \
LIBDIR="%{_libdir}" \
DO_SELINUX=1 \
%endif
# Make a library, needed for OpenVCP
-ar rcs libiptables.a iptables.o
-ar rcs libip6tables.a ip6tables.o
+ar rcs libiptables.a iptables*.o
+ar rcs libip6tables.a ip6tables*.o
%install
rm -rf $RPM_BUILD_ROOT
%attr(755,root,root) %{_sbindir}/iptables-batch
%attr(755,root,root) %{_sbindir}/ip6tables-batch
%endif
+%attr(755,root,root) %{_sbindir}/nfnl_osf
%dir %{_libdir}/xtables
+%{_datadir}/xtables
%if %{with dist_kernel}
%attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
%attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
%attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
%attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
%attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
%attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
%attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
%attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
%attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
%attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
%attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
%attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
%attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
%files libs
%defattr(644,root,root,755)
+%attr(755,root,root) %ghost %{_libdir}/libipq.so.0
+%attr(755,root,root) %{_libdir}/libipq.so.*.*
%attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
%attr(755,root,root) %{_libdir}/libiptc.so.*.*
-%attr(755,root,root) %ghost %{_libdir}/libxtables.so.2
+%attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
+%attr(755,root,root) %{_libdir}/libip4tc.so.*.*
+%attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
+%attr(755,root,root) %{_libdir}/libip6tc.so.*.*
+%attr(755,root,root) %ghost %{_libdir}/libxtables.so.4
%attr(755,root,root) %{_libdir}/libxtables.so.*.*
%files devel
%{_pkgconfigdir}/*.pc
%{_mandir}/man3/*
+%if %{with static}
%files static
%defattr(644,root,root,755)
%{_libdir}/lib*.a
+%endif
%files init
%defattr(644,root,root,755)
projects / packages / iptables.git / commitdiff