SOURCES: iptables-pom-ng-branch.diff - refreshed.
pluto
pluto at pld-linux.org
Thu Aug 4 21:50:45 CEST 2005
Author: pluto Date: Thu Aug 4 19:50:45 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- refreshed.
---- Files affected:
SOURCES:
iptables-pom-ng-branch.diff (1.6 -> 1.7)
---- Diffs:
================================================================
Index: SOURCES/iptables-pom-ng-branch.diff
diff -u SOURCES/iptables-pom-ng-branch.diff:1.6 SOURCES/iptables-pom-ng-branch.diff:1.7
--- SOURCES/iptables-pom-ng-branch.diff:1.6 Wed Jun 22 15:43:14 2005
+++ SOURCES/iptables-pom-ng-branch.diff Thu Aug 4 21:50:40 2005
@@ -1,71 +1,55 @@
- extensions/.ULOG-test6 | 2
- extensions/.geoip-test | 3
- extensions/.ipp2p-test | 2
- extensions/.layer7-test | 2
- extensions/.policy-test | 3
- extensions/.policy-test6 | 3
- extensions/Makefile | 2
- extensions/libip6t_ULOG.c | 227 +++++++++++++
- extensions/libip6t_ULOG.man | 27 +
- extensions/libip6t_multiport.man | 9
- extensions/libip6t_physdev.c | 39 --
- extensions/libip6t_policy.c | 471 +++++++++++++++++++++++++++
- extensions/libip6t_policy.man | 46 ++
- extensions/libipt_ACCOUNT.c | 174 +++++++++
- extensions/libipt_ACCOUNT.man | 16
- extensions/libipt_CONNMARK.c | 4
- extensions/libipt_DNAT.c | 4
- extensions/libipt_IPMARK.man | 45 ++
- extensions/libipt_IPV4OPTSSTRIP.man | 5
- extensions/libipt_SAME.man | 11
- extensions/libipt_SNAT.c | 4
- extensions/libipt_TARPIT.man | 34 +
- extensions/libipt_ULOG.c | 2
- extensions/libipt_XOR.man | 7
- extensions/libipt_account.man | 47 ++
- extensions/libipt_comment.man | 6
- extensions/libipt_connbytes.c | 1
- extensions/libipt_connbytes.man | 30 +
- extensions/libipt_connlimit.man | 21 +
- extensions/libipt_geoip.c | 338 +++++++++++++++++++
- extensions/libipt_geoip.man | 15
- extensions/libipt_hashlimit.man | 35 ++
- extensions/libipt_ipp2p.c | 453 +++++++++++++++++++++++++
- extensions/libipt_ipp2p.man | 43 ++
- extensions/libipt_ipv4options.man | 32 +
- extensions/libipt_layer7.c | 357 ++++++++++++++++++++
- extensions/libipt_layer7.man | 13
- extensions/libipt_multiport.man | 13
- extensions/libipt_osf.c | 14
- extensions/libipt_osf.man | 47 ++
- extensions/libipt_physdev.c | 39 --
- extensions/libipt_policy.c | 429 ++++++++++++++++++++++++
- extensions/libipt_policy.man | 46 ++
- extensions/libipt_psd.man | 18 +
- extensions/libipt_quota.man | 7
- extensions/libipt_recent.man | 93 +++++
- extensions/libipt_sctp.man | 28 +
- extensions/libipt_tcp.c | 2
- extensions/libipt_tcp.man | 4
- extensions/libipt_u32.man | 8
- extensions/svn-commit.tmp | 3
- include/ip6tables.h | 2
- include/iptables.h | 1
- include/libipq/libipq.h | 7
- include/linux/netfilter_ipv4/ipt_conntrack.h | 23 +
- ip6tables-restore.c | 23 -
- ip6tables.c | 51 +-
- iptables-restore.c | 23 -
- iptables-save.c | 2
- iptables.8.in | 10
- iptables.c | 32 +
- libipq/libipq.c | 48 ++
- 62 files changed, 3356 insertions(+), 150 deletions(-)
+ extensions/.ULOG-test6 | 2
+ extensions/.geoip-test | 3
+ extensions/.ipp2p-test | 2
+ extensions/.layer7-test | 2
+ extensions/.policy-test | 3
+ extensions/.policy-test6 | 3
+ extensions/Makefile | 4
+ extensions/libip6t_NFQUEUE.c | 113 ++++++
+ extensions/libip6t_NFQUEUE.man | 9
+ extensions/libip6t_ULOG.c | 227 +++++++++++++
+ extensions/libip6t_ULOG.man | 27 +
+ extensions/libip6t_length.c | 2
+ extensions/libip6t_physdev.c | 5
+ extensions/libip6t_policy.c | 471 +++++++++++++++++++++++++++++
+ extensions/libip6t_policy.man | 46 ++
+ extensions/libipt_ACCOUNT.c | 174 ++++++++++
+ extensions/libipt_ACCOUNT.man | 16
+ extensions/libipt_DNAT.c | 3
+ extensions/libipt_DSCP.c | 4
+ extensions/libipt_MASQUERADE.c | 3
+ extensions/libipt_NFQUEUE.c | 113 ++++++
+ extensions/libipt_NFQUEUE.man | 9
+ extensions/libipt_SNAT.c | 3
+ extensions/libipt_TOS.c | 2
+ extensions/libipt_comment.c | 4
+ extensions/libipt_dscp.c | 2
+ extensions/libipt_geoip.c | 338 ++++++++++++++++++++
+ extensions/libipt_geoip.man | 15
+ extensions/libipt_ipp2p.c | 455 ++++++++++++++++++++++++++++
+ extensions/libipt_ipp2p.man | 43 ++
+ extensions/libipt_layer7.c | 357 +++++++++++++++++++++
+ extensions/libipt_layer7.man | 13
+ extensions/libipt_physdev.c | 5
+ extensions/libipt_policy.c | 429 ++++++++++++++++++++++++++
+ extensions/libipt_policy.man | 46 ++
+ extensions/libipt_rpc.c | 2
+ extensions/libipt_tos.c | 4
+ extensions/libipt_ttl.c | 4
+ include/libipq/libipq.h | 7
+ include/linux/netfilter_ipv4/ipt_NFQUEUE.h | 16
+ ip6tables.8.in | 19 -
+ ip6tables.c | 3
+ iptables-save.c | 2
+ iptables.8.in | 33 +-
+ iptables.c | 27 +
+ libipq/libipq.c | 51 +++
+ 46 files changed, 3086 insertions(+), 35 deletions(-)
Index: iptables-save.c
===================================================================
---- iptables-save.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ iptables-save.c (.../trunk) (revision 6172)
+--- iptables-save.c (.../branches/vanilla-1.3.2) (revision 6284)
++++ iptables-save.c (.../trunk) (revision 6284)
@@ -197,7 +197,7 @@
/* Print target name */
target_name = iptc_get_target(e, h);
@@ -77,9 +61,19 @@
t = ipt_get_target((struct ipt_entry *)e);
Index: libipq/libipq.c
===================================================================
---- libipq/libipq.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ libipq/libipq.c (.../trunk) (revision 6172)
-@@ -352,6 +352,54 @@
+--- libipq/libipq.c (.../branches/vanilla-1.3.2) (revision 6284)
++++ libipq/libipq.c (.../trunk) (revision 6284)
+@@ -122,7 +122,8 @@
+ unsigned char *buf, size_t len,
+ int timeout)
+ {
+- int addrlen, status;
++ unsigned int addrlen;
++ int status;
+ struct nlmsghdr *nlh;
+
+ if (len < sizeof(struct nlmsgerr)) {
+@@ -352,6 +353,54 @@
return ipq_netlink_sendmsg(h, &msg, 0);
}
@@ -134,61 +128,31 @@
/* Not implemented yet */
int ipq_ctl(const struct ipq_handle *h, int request, ...)
{
-Index: include/ip6tables.h
+Index: include/linux/netfilter_ipv4/ipt_NFQUEUE.h
===================================================================
---- include/ip6tables.h (.../branches/vanilla-1.3.1) (revision 6172)
-+++ include/ip6tables.h (.../trunk) (revision 6172)
-@@ -137,6 +137,8 @@
- extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
- extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
-
-+extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
+--- include/linux/netfilter_ipv4/ipt_NFQUEUE.h (.../branches/vanilla-1.3.2) (revision 0)
++++ include/linux/netfilter_ipv4/ipt_NFQUEUE.h (.../trunk) (revision 6284)
+@@ -0,0 +1,16 @@
++/* iptables module for using NFQUEUE mechanism
++ *
++ * (C) 2005 Harald Welte <laforge at netfilter.org>
++ *
++ * This software is distributed under GNU GPL v2, 1991
++ *
++*/
++#ifndef _IPT_NFQ_TARGET_H
++#define _IPT_NFQ_TARGET_H
+
- extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
- extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
- extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
-Index: include/linux/netfilter_ipv4/ipt_conntrack.h
-===================================================================
---- include/linux/netfilter_ipv4/ipt_conntrack.h (.../branches/vanilla-1.3.1) (revision 6172)
-+++ include/linux/netfilter_ipv4/ipt_conntrack.h (.../trunk) (revision 6172)
-@@ -22,11 +22,32 @@
- #define IPT_CONNTRACK_STATUS 0x40
- #define IPT_CONNTRACK_EXPIRES 0x80
-
-+/* This is exposed to userspace, so remains frozen in time. */
-+struct ip_conntrack_old_tuple
-+{
-+ struct {
-+ u_int32_t ip;
-+ union {
-+ u_int16_t all;
-+ } u;
-+ } src;
-+
-+ struct {
-+ u_int32_t ip;
-+ union {
-+ u_int16_t all;
-+ } u;
-+
-+ /* The protocol. */
-+ u_int16_t protonum;
-+ } dst;
++/* target info */
++struct ipt_NFQ_info {
++ u_int16_t queuenum;
+};
+
- struct ipt_conntrack_info
- {
- unsigned int statemask, statusmask;
-
-- struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
-+ struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
- struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
-
- #ifdef KERNEL_64_USERSPACE_32
++#endif /* _IPT_DSCP_TARGET_H */
Index: include/libipq/libipq.h
===================================================================
---- include/libipq/libipq.h (.../branches/vanilla-1.3.1) (revision 6172)
-+++ include/libipq/libipq.h (.../trunk) (revision 6172)
+--- include/libipq/libipq.h (.../branches/vanilla-1.3.2) (revision 6284)
++++ include/libipq/libipq.h (.../trunk) (revision 6284)
@@ -79,6 +79,13 @@
size_t data_len,
unsigned char *buf);
@@ -203,282 +167,121 @@
int ipq_ctl(const struct ipq_handle *h, int request, ...);
char *ipq_errstr(void);
-Index: include/iptables.h
-===================================================================
---- include/iptables.h (.../branches/vanilla-1.3.1) (revision 6172)
-+++ include/iptables.h (.../trunk) (revision 6172)
-@@ -152,6 +152,7 @@
- extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp,
- struct in_addr *maskp, unsigned int *naddrs);
- extern u_int16_t parse_protocol(const char *s);
-+extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
-
- extern int do_command(int argc, char *argv[], char **table,
- iptc_handle_t *handle);
Index: iptables.c
===================================================================
---- iptables.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ iptables.c (.../trunk) (revision 6172)
-@@ -101,7 +101,7 @@
- #define OPT_COUNTERS 0x00800U
- #define NUMBER_OF_OPT 12
- static const char optflags[NUMBER_OF_OPT]
--= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', 'f', '3', 'c'};
-+= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', 'f', '0', 'c'};
-
- static struct option original_opts[] = {
- { "append", 1, 0, 'A' },
-@@ -306,6 +306,16 @@
- dst->s_addr = src->s_addr;
- }
-
-+static void free_opts(int reset_offset)
-+{
-+ if (opts != original_opts) {
-+ free(opts);
-+ opts = original_opts;
-+ if (reset_offset)
-+ global_option_offset = 0;
-+ }
-+}
-+
- void
- exit_error(enum exittype status, char *msg, ...)
- {
-@@ -321,6 +331,8 @@
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be upgraded.\n");
-+ /* On error paths, make sure that we don't leak memory */
-+ free_opts(1);
- exit(status);
- }
-
-@@ -331,6 +343,7 @@
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- program_name, program_name );
-+ free_opts(1);
- exit(status);
- }
+--- iptables.c (.../branches/vanilla-1.3.2) (revision 6284)
++++ iptables.c (.../trunk) (revision 6284)
+@@ -134,6 +134,7 @@
+ { "line-numbers", 0, 0, '0' },
+ { "modprobe", 1, 0, 'M' },
+ { "set-counters", 1, 0, 'c' },
++ { "goto", 1, 0, 'g' },
+ { 0 }
+ };
-@@ -756,8 +769,7 @@
- return (u_int16_t)proto;
+@@ -399,6 +400,10 @@
+ " network interface name ([+] for wildcard)\n"
+ " --jump -j target\n"
+ " target for rule (may load target extension)\n"
++#ifdef IPT_F_GOTO
++" --goto -g chain\n"
++" jump to chain with no return\n"
++#endif
+ " --match -m match\n"
+ " extended match (may load extension)\n"
+ " --numeric -n numeric output of addresses and ports\n"
+@@ -484,7 +489,8 @@
}
--static void
--parse_interface(const char *arg, char *vianame, unsigned char *mask)
-+void parse_interface(const char *arg, char *vianame, unsigned char *mask)
+ static void
+-add_command(int *cmd, const int newcmd, const int othercmds, int invert)
++add_command(unsigned int *cmd, const int newcmd, const int othercmds,
++ int invert)
{
- int vialen = strlen(arg);
- unsigned int i;
-@@ -1016,6 +1028,9 @@
- unsigned int num_old, num_new, i;
- struct option *merge;
-
-+ /* Release previous options merged if any */
-+ free_opts(0);
-+
- for (num_old = 0; oldopts[num_old].name; num_old++);
- for (num_new = 0; newopts[num_new].name; num_new++);
-
-@@ -1909,10 +1924,10 @@
+ if (invert)
+ exit_error(PARAMETER_PROBLEM, "unexpected ! flag");
+@@ -1408,6 +1414,9 @@
+ if (format & FMT_NOTABLE)
+ fputs(" ", stdout);
+
++ if(fw->ip.flags & IPT_F_GOTO)
++ printf("[goto] ");
++
+ IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC);
+
+ if (target) {
+@@ -1850,7 +1859,7 @@
+ opterr = 0;
+
+ while ((c = getopt_long(argc, argv,
+- "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:",
++ "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:",
+ opts, NULL)) != -1) {
+ switch (c) {
+ /*
+@@ -2018,6 +2027,15 @@
+ dhostnetworkmask = argv[optind-1];
break;
- case 'N':
-- if (optarg && *optarg == '-')
-+ if (optarg && (*optarg == '-' || *optarg == '!'))
- exit_error(PARAMETER_PROBLEM,
- "chain name not allowed to start "
-- "with `-'\n");
-+ "with `%c'\n", *optarg);
- if (find_target(optarg, TRY_LOAD))
- exit_error(PARAMETER_PROBLEM,
- "chain name may not clash "
-@@ -2443,12 +2458,7 @@
-
- free(saddrs);
- free(daddrs);
-+ free_opts(1);
-
-- if (opts != original_opts) {
-- free(opts);
-- opts = original_opts;
-- global_option_offset = 0;
-- }
--
- return ret;
- }
-Index: ip6tables-restore.c
-===================================================================
---- ip6tables-restore.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ ip6tables-restore.c (.../trunk) (revision 6172)
-@@ -7,7 +7,7 @@
- * Rusty Russell <rusty at linuxcare.com.au>
- * This code is distributed under the terms of GNU GPL v2
- *
-- * $Id$
-+ * $Id$
- */
-
- #include <getopt.h>
-@@ -233,12 +233,21 @@
- }
-
- if (ip6tc_builtin(chain, handle) <= 0) {
-- DEBUGP("Creating new chain '%s'\n", chain);
-- if (!ip6tc_create_chain(chain, &handle))
-- exit_error(PARAMETER_PROBLEM,
-- "error creating chain "
-- "'%s':%s\n", chain,
-- strerror(errno));
-+ if (noflush && ip6tc_is_chain(chain, handle)) {
-+ DEBUGP("Flushing existing user defined chain '%s'\n", chain);
-+ if (!ip6tc_flush_entries(chain, &handle))
-+ exit_error(PARAMETER_PROBLEM,
-+ "error flushing chain "
-+ "'%s':%s\n", chain,
-+ strerror(errno));
-+ } else {
-+ DEBUGP("Creating new chain '%s'\n", chain);
-+ if (!ip6tc_create_chain(chain, &handle))
-+ exit_error(PARAMETER_PROBLEM,
-+ "error creating chain "
-+ "'%s':%s\n", chain,
-+ strerror(errno));
-+ }
- }
-
- policy = strtok(NULL, " \t\n");
-Index: extensions/svn-commit.tmp
-===================================================================
---- extensions/svn-commit.tmp (.../branches/vanilla-1.3.1) (revision 6172)
-+++ extensions/svn-commit.tmp (.../trunk) (revision 6172)
-@@ -1,4 +0,0 @@
--fix cut'n'paste error with SPT/DPT (Closes: #298)
----This line, and those below, will be ignored--
--
--M libipt_hashlimit.c
-Index: extensions/libipt_CONNMARK.c
-===================================================================
---- extensions/libipt_CONNMARK.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ extensions/libipt_CONNMARK.c (.../trunk) (revision 6172)
-@@ -150,7 +150,7 @@
- print_mask(const char *text, unsigned long long mask)
- {
- if (mask != ~0ULL)
-- printf("%s%llx", text, mask);
-+ printf("%s0x%llx", text, mask);
- }
-
- #else
-@@ -165,7 +165,7 @@
- print_mask(const char *text, unsigned long mask)
- {
- if (mask != ~0UL)
-- printf("%s%lx", text, mask);
-+ printf("%s0x%lx", text, mask);
- }
- #endif
-
++#ifdef IPT_F_GOTO
++ case 'g':
++ set_option(&options, OPT_JUMP, &fw.ip.invflags,
++ invert);
++ fw.ip.flags |= IPT_F_GOTO;
++ jumpto = parse_target(optarg);
++ break;
++#endif
++
+ case 'j':
+ set_option(&options, OPT_JUMP, &fw.ip.invflags,
+ invert);
+@@ -2370,6 +2388,11 @@
+ * We cannot know if the plugin is corrupt, non
+ * existant OR if the user just misspelled a
+ * chain. */
++#ifdef IPT_F_GOTO
++ if (fw.ip.flags & IPT_F_GOTO)
++ exit_error(PARAMETER_PROBLEM,
++ "goto '%s' is not a chain\n", jumpto);
++#endif
+ find_target(jumpto, LOAD_MUST_SUCCEED);
+ } else {
+ e = generate_entry(&fw, matches, target->t);
Index: extensions/.geoip-test
===================================================================
---- extensions/.geoip-test (.../branches/vanilla-1.3.1) (revision 0)
-+++ extensions/.geoip-test (.../trunk) (revision 6172)
+--- extensions/.geoip-test (.../branches/vanilla-1.3.2) (revision 0)
++++ extensions/.geoip-test (.../trunk) (revision 6284)
@@ -0,0 +1,3 @@
+#!/bin/sh
+# True if geoip is applied in given kernel tree.
+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_geoip.h ] && echo geoip
-
-Property changes on: extensions/.geoip-test
-___________________________________________________________________
-Name: svn:executable
- + *
-
-Index: extensions/libip6t_multiport.man
-===================================================================
---- extensions/libip6t_multiport.man (.../branches/vanilla-1.3.1) (revision 6172)
-+++ extensions/libip6t_multiport.man (.../trunk) (revision 6172)
-@@ -1,19 +1,20 @@
- This module matches a set of source or destination ports. Up to 15
--ports can be specified. It can only be used in conjunction with
-+ports can be specified. A port range (port:port) counts as two
-+ports. It can only be used in conjunction with
- .B "-p tcp"
- or
- .BR "-p udp" .
- .TP
--.BR "--source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
-+.BR "--source-ports " "\fI[!] port\fP[,\fIport\fP[,\fIport:port\fP...]]"
- Match if the source port is one of the given ports. The flag
- .B --sports
- is a convenient alias for this option.
- .TP
--.BR "--destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
-+.BR "--destination-ports " "\fI[!] port\fP[,\fIport\fP[,\fIport:port\fP...]]"
- Match if the destination port is one of the given ports. The flag
- .B --dports
- is a convenient alias for this option.
- .TP
--.BR "--ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
-+.BR "--ports " "\fI[!] port\fP[,\fIport\fP[,\fIport:port\fP...]]"
- Match if the both the source and destination ports are equal to each
- other and to one of the given ports.
Index: extensions/libipt_physdev.c
===================================================================
---- extensions/libipt_physdev.c (.../branches/vanilla-1.3.1) (revision 6172)
-+++ extensions/libipt_physdev.c (.../trunk) (revision 6172)
-@@ -34,46 +34,7 @@
- {0}
- };
-
--/* copied from iptables.c */
- static void
--parse_interface(const char *arg, char *vianame, unsigned char *mask)
--{
-- int vialen = strlen(arg);
-- unsigned int i;
--
-- memset(mask, 0, IFNAMSIZ);
-- memset(vianame, 0, IFNAMSIZ);
--
-- if (vialen + 1 > IFNAMSIZ)
-- exit_error(PARAMETER_PROBLEM,
-- "interface name `%s' must be shorter than IFNAMSIZ"
-- " (%i)", arg, IFNAMSIZ-1);
--
-- strcpy(vianame, arg);
-- if (vialen == 0)
-- memset(mask, 0, IFNAMSIZ);
-- else if (vianame[vialen - 1] == '+') {
-- memset(mask, 0xFF, vialen - 1);
-- memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1);
-- /* Don't remove `+' here! -HW */
-- } else {
-- /* Include nul-terminator in match */
-- memset(mask, 0xFF, vialen + 1);
-- memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
-- for (i = 0; vianame[i]; i++) {
-- if (!isalnum(vianame[i])
-- && vianame[i] != '_'
-- && vianame[i] != '.') {
-- printf("Warning: wierd character in interface"
-- " `%s' (No aliases, :, ! or *).\n",
-- vianame);
-- break;
-- }
-- }
-- }
--}
--
--static void
- init(struct ipt_entry_match *m, unsigned int *nfcache)
- {
- }
+--- extensions/libipt_physdev.c (.../branches/vanilla-1.3.2) (revision 6284)
++++ extensions/libipt_physdev.c (.../trunk) (revision 6284)
+@@ -53,7 +53,8 @@
+ if (*flags & IPT_PHYSDEV_OP_IN)
+ goto multiple_use;
+ check_inverse(optarg, &invert, &optind, 0);
+- parse_interface(argv[optind-1], info->physindev, info->in_mask);
++ parse_interface(argv[optind-1], info->physindev,
++ (unsigned char *)info->in_mask);
+ if (invert)
+ info->invert |= IPT_PHYSDEV_OP_IN;
+ info->bitmask |= IPT_PHYSDEV_OP_IN;
+@@ -65,7 +66,7 @@
+ goto multiple_use;
+ check_inverse(optarg, &invert, &optind, 0);
+ parse_interface(argv[optind-1], info->physoutdev,
+- info->out_mask);
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/iptables-pom-ng-branch.diff?r1=1.6&r2=1.7&f=u
More information about the pld-cvs-commit
mailing list