netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x: extensions/libip6t_LOG.c
extensions/libip6t_...
pluto
cvs at pld-linux.org
Sun Jun 26 11:25:39 CEST 2005
Author: pluto
Date: Sun Jun 26 11:25:32 2005
New Revision: 6184
Modified:
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_LOG.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_physdev.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_DNAT.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_LOG.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_SNAT.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_physdev.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/ip6tables.h
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/iptables.h
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/ip6tables.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/iptables.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip4tc.c
netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip6tc.c
Log:
- backport fixe from mainstream.
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_LOG.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_LOG.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_LOG.c Sun Jun 26 11:25:32 2005
@@ -21,7 +21,8 @@
" --log-prefix prefix Prefix log messages with this prefix.\n\n"
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
-" --log-ip-options Log IP options.\n\n",
+" --log-ip-options Log IP options.\n\n"
+" --log-uid Log UID owning the local socket.\n\n",
IPTABLES_VERSION);
}
@@ -31,6 +32,7 @@
{ .name = "log-tcp-sequence", .has_arg = 0, .flag = 0, .val = '1' },
{ .name = "log-tcp-options", .has_arg = 0, .flag = 0, .val = '2' },
{ .name = "log-ip-options", .has_arg = 0, .flag = 0, .val = '3' },
+ { .name = "log-uid", .has_arg = 0, .flag = 0, .val = '4' },
{ .name = 0 }
};
@@ -96,6 +98,7 @@
#define IP6T_LOG_OPT_TCPSEQ 0x04
#define IP6T_LOG_OPT_TCPOPT 0x08
#define IP6T_LOG_OPT_IPOPT 0x10
+#define IP6T_LOG_OPT_UID 0x20
/* Function which parses command options; returns true if it
ate an option */
@@ -134,6 +137,10 @@
"Maximum prefix length %u for --log-prefix",
(unsigned int)sizeof(loginfo->prefix) - 1);
+ if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ exit_error(PARAMETER_PROBLEM,
+ "Newlines not allowed in --log-prefix");
+
strcpy(loginfo->prefix, optarg);
*flags |= IP6T_LOG_OPT_PREFIX;
break;
@@ -166,6 +173,15 @@
*flags |= IP6T_LOG_OPT_IPOPT;
break;
+ case '4':
+ if (*flags & IP6T_LOG_OPT_UID)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --log-uid twice");
+
+ loginfo->logflags |= IP6T_LOG_UID;
+ *flags |= IP6T_LOG_OPT_UID;
+ break;
+
default:
return 0;
}
@@ -209,6 +225,8 @@
printf("tcp-options ");
if (loginfo->logflags & IP6T_LOG_IPOPT)
printf("ip-options ");
+ if (loginfo->logflags & IP6T_LOG_UID)
+ printf("uid ");
if (loginfo->logflags & ~(IP6T_LOG_MASK))
printf("unknown-flags ");
}
@@ -236,6 +254,8 @@
printf("--log-tcp-options ");
if (loginfo->logflags & IP6T_LOG_IPOPT)
printf("--log-ip-options ");
+ if (loginfo->logflags & IP6T_LOG_UID)
+ printf("--log-uid ");
}
static
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_physdev.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_physdev.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libip6t_physdev.c Sun Jun 26 11:25:32 2005
@@ -34,45 +34,6 @@
{0}
};
-/* copied from iptables.c */
-static void
-parse_interface(const char *arg, char *vianame, unsigned char *mask)
-{
- int vialen = strlen(arg);
- unsigned int i;
-
- memset(mask, 0, IFNAMSIZ);
- memset(vianame, 0, IFNAMSIZ);
-
- if (vialen + 1 > IFNAMSIZ)
- exit_error(PARAMETER_PROBLEM,
- "interface name `%s' must be shorter than IFNAMSIZ"
- " (%i)", arg, IFNAMSIZ-1);
-
- strcpy(vianame, arg);
- if (vialen == 0)
- memset(mask, 0, IFNAMSIZ);
- else if (vianame[vialen - 1] == '+') {
- memset(mask, 0xFF, vialen - 1);
- memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1);
- /* Don't remove `+' here! -HW */
- } else {
- /* Include nul-terminator in match */
- memset(mask, 0xFF, vialen + 1);
- memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
- for (i = 0; vianame[i]; i++) {
- if (!isalnum(vianame[i])
- && vianame[i] != '_'
- && vianame[i] != '.') {
- printf("Warning: wierd character in interface"
- " `%s' (No aliases, :, ! or *).\n",
- vianame);
- break;
- }
- }
- }
-}
-
static void
init(struct ip6t_entry_match *m, unsigned int *nfcache)
{
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_DNAT.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_DNAT.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_DNAT.c Sun Jun 26 11:25:32 2005
@@ -73,7 +73,7 @@
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
- if (port == 0 || port > 65535)
+ if (port <= 0 || port > 65535)
exit_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
@@ -91,7 +91,7 @@
int maxport;
maxport = atoi(dash + 1);
- if (maxport == 0 || maxport > 65535)
+ if (maxport <= 0 || maxport > 65535)
exit_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_LOG.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_LOG.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_LOG.c Sun Jun 26 11:25:32 2005
@@ -143,6 +143,10 @@
"Maximum prefix length %u for --log-prefix",
(unsigned int)sizeof(loginfo->prefix) - 1);
+ if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ exit_error(PARAMETER_PROBLEM,
+ "Newlines not allowed in --log-prefix");
+
strcpy(loginfo->prefix, optarg);
*flags |= IPT_LOG_OPT_PREFIX;
break;
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_SNAT.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_SNAT.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_SNAT.c Sun Jun 26 11:25:32 2005
@@ -73,7 +73,7 @@
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
- if (port == 0 || port > 65535)
+ if (port <= 0 || port > 65535)
exit_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
@@ -91,7 +91,7 @@
int maxport;
maxport = atoi(dash + 1);
- if (maxport == 0 || maxport > 65535)
+ if (maxport <= 0 || maxport > 65535)
exit_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_physdev.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_physdev.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/extensions/libipt_physdev.c Sun Jun 26 11:25:32 2005
@@ -34,45 +34,6 @@
{0}
};
-/* copied from iptables.c */
-static void
-parse_interface(const char *arg, char *vianame, unsigned char *mask)
-{
- int vialen = strlen(arg);
- unsigned int i;
-
- memset(mask, 0, IFNAMSIZ);
- memset(vianame, 0, IFNAMSIZ);
-
- if (vialen + 1 > IFNAMSIZ)
- exit_error(PARAMETER_PROBLEM,
- "interface name `%s' must be shorter than IFNAMSIZ"
- " (%i)", arg, IFNAMSIZ-1);
-
- strcpy(vianame, arg);
- if (vialen == 0)
- memset(mask, 0, IFNAMSIZ);
- else if (vianame[vialen - 1] == '+') {
- memset(mask, 0xFF, vialen - 1);
- memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1);
- /* Don't remove `+' here! -HW */
- } else {
- /* Include nul-terminator in match */
- memset(mask, 0xFF, vialen + 1);
- memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
- for (i = 0; vianame[i]; i++) {
- if (!isalnum(vianame[i])
- && vianame[i] != '_'
- && vianame[i] != '.') {
- printf("Warning: wierd character in interface"
- " `%s' (No aliases, :, ! or *).\n",
- vianame);
- break;
- }
- }
- }
-}
-
static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/ip6tables.h
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/ip6tables.h (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/ip6tables.h Sun Jun 26 11:25:32 2005
@@ -137,6 +137,8 @@
extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
+extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
+
extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/iptables.h
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/iptables.h (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/include/iptables.h Sun Jun 26 11:25:32 2005
@@ -152,6 +152,7 @@
extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp,
struct in_addr *maskp, unsigned int *naddrs);
extern u_int16_t parse_protocol(const char *s);
+extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
extern int do_command(int argc, char *argv[], char **table,
iptc_handle_t *handle);
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/ip6tables.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/ip6tables.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/ip6tables.c Sun Jun 26 11:25:32 2005
@@ -829,8 +829,7 @@
return (u_int16_t)proto;
}
-static void
-parse_interface(const char *arg, char *vianame, unsigned char *mask)
+void parse_interface(const char *arg, char *vianame, unsigned char *mask)
{
int vialen = strlen(arg);
unsigned int i;
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/iptables.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/iptables.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/iptables.c Sun Jun 26 11:25:32 2005
@@ -769,8 +769,7 @@
return (u_int16_t)proto;
}
-static void
-parse_interface(const char *arg, char *vianame, unsigned char *mask)
+void parse_interface(const char *arg, char *vianame, unsigned char *mask)
{
int vialen = strlen(arg);
unsigned int i;
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip4tc.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip4tc.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip4tc.c Sun Jun 26 11:25:32 2005
@@ -210,6 +210,7 @@
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
+ mptr += IPT_ALIGN(sizeof(struct ipt_entry_target));
return mptr;
}
Modified: netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip6tc.c
==============================================================================
--- netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip6tc.c (original)
+++ netfilter-2.6/iptables/branches/patched-1.3.1-2.6.11.x/libiptc/libip6tc.c Sun Jun 26 11:25:32 2005
@@ -242,6 +242,7 @@
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
+ mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
return mptr;
}
More information about the pld-cvs-commit
mailing list