[packages/iptables] - up to 1.4.15

arekm arekm at pld-linux.org
Fri Aug 3 10:53:28 CEST 2012 

commit 2c2ecb602e27f3124436fc3ff580e3c488801b15
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Aug 3 10:53:23 2012 +0200

    - up to 1.4.15

 iptables-git.patch | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 iptables.spec      |   7 +++-
 2 files changed, 111 insertions(+), 2 deletions(-)
---
diff --git a/iptables-git.patch b/iptables-git.patch
new file mode 100644
index 0000000..8679438
--- /dev/null
+++ b/iptables-git.patch
@@ -0,0 +1,106 @@
+From ad8858c0d3ef875e2c118ebcc69487070fb87f72 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo at netfilter.org>
+Date: Fri, 3 Aug 2012 10:41:40 +0200
+Subject: [PATCH] include: add missing linux/netfilter_ipv4/ip_queue.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This patch fixes compilation of libipq with headers from Linux
+kernel 3.5:
+
+ In file included from libipq.c:34:0:
+ ../include/libipq/libipq.h:33:43: fatal error: linux/netfilter_ipv4/ip_queue.h: No such file or directory
+
+ip_queue is gone since Linux kernel 3.5. However, you can still use
+new iptables versions with old Linux kernels. We have to keep libipq
+in this tree for a while (1.5-2 years should be OK).
+
+Reported-by: Arkadiusz Miśkiewicz <arekm at maven.pl>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ include/linux/netfilter_ipv4/ip_queue.h |   72 +++++++++++++++++++++++++++++++
+ 1 files changed, 72 insertions(+), 0 deletions(-)
+ create mode 100644 include/linux/netfilter_ipv4/ip_queue.h
+
+diff --git a/include/linux/netfilter_ipv4/ip_queue.h b/include/linux/netfilter_ipv4/ip_queue.h
+new file mode 100644
+index 0000000..a03507f
+--- /dev/null
++++ b/include/linux/netfilter_ipv4/ip_queue.h
+@@ -0,0 +1,72 @@
++/*
++ * This is a module which is used for queueing IPv4 packets and
++ * communicating with userspace via netlink.
++ *
++ * (C) 2000 James Morris, this code is GPL.
++ */
++#ifndef _IP_QUEUE_H
++#define _IP_QUEUE_H
++
++#ifdef __KERNEL__
++#ifdef DEBUG_IPQ
++#define QDEBUG(x...) printk(KERN_DEBUG ## x)
++#else
++#define QDEBUG(x...)
++#endif  /* DEBUG_IPQ */
++#else
++#include <net/if.h>
++#endif	/* ! __KERNEL__ */
++
++/* Messages sent from kernel */
++typedef struct ipq_packet_msg {
++	unsigned long packet_id;	/* ID of queued packet */
++	unsigned long mark;		/* Netfilter mark value */
++	long timestamp_sec;		/* Packet arrival time (seconds) */
++	long timestamp_usec;		/* Packet arrvial time (+useconds) */
++	unsigned int hook;		/* Netfilter hook we rode in on */
++	char indev_name[IFNAMSIZ];	/* Name of incoming interface */
++	char outdev_name[IFNAMSIZ];	/* Name of outgoing interface */
++	__be16 hw_protocol;		/* Hardware protocol (network order) */
++	unsigned short hw_type;		/* Hardware type */
++	unsigned char hw_addrlen;	/* Hardware address length */
++	unsigned char hw_addr[8];	/* Hardware address */
++	size_t data_len;		/* Length of packet data */
++	unsigned char payload[0];	/* Optional packet data */
++} ipq_packet_msg_t;
++
++/* Messages sent from userspace */
++typedef struct ipq_mode_msg {
++	unsigned char value;		/* Requested mode */
++	size_t range;			/* Optional range of packet requested */
++} ipq_mode_msg_t;
++
++typedef struct ipq_verdict_msg {
++	unsigned int value;		/* Verdict to hand to netfilter */
++	unsigned long id;		/* Packet ID for this verdict */
++	size_t data_len;		/* Length of replacement data */
++	unsigned char payload[0];	/* Optional replacement packet */
++} ipq_verdict_msg_t;
++
++typedef struct ipq_peer_msg {
++	union {
++		ipq_verdict_msg_t verdict;
++		ipq_mode_msg_t mode;
++	} msg;
++} ipq_peer_msg_t;
++
++/* Packet delivery modes */
++enum {
++	IPQ_COPY_NONE,		/* Initial mode, packets are dropped */
++	IPQ_COPY_META,		/* Copy metadata */
++	IPQ_COPY_PACKET		/* Copy metadata + packet (range) */
++};
++#define IPQ_COPY_MAX IPQ_COPY_PACKET
++
++/* Types of messages */
++#define IPQM_BASE	0x10	/* standard netlink messages below this */
++#define IPQM_MODE	(IPQM_BASE + 1)		/* Mode request from peer */
++#define IPQM_VERDICT	(IPQM_BASE + 2)		/* Verdict from peer */ 
++#define IPQM_PACKET	(IPQM_BASE + 3)		/* Packet from kernel */
++#define IPQM_MAX	(IPQM_BASE + 4)
++
++#endif /*_IP_QUEUE_H*/
+-- 
+1.7.2.5
+
diff --git a/iptables.spec b/iptables.spec
index 53de299..59106ce 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -32,12 +32,12 @@ Summary(ru.UTF-8):	Утилиты для управления пакетными
 Summary(uk.UTF-8):	Утиліти для керування пакетними фільтрами ядра Linux
 Summary(zh_CN.UTF-8):	Linux内核包过滤管理工具
 Name:		iptables
-Version:	1.4.14
+Version:	1.4.15
 Release:	1
 License:	GPL v2
 Group:		Networking/Admin
 Source0:	ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
-# Source0-md5:	5ab24ad683f76689cfe7e0c73f44855d
+# Source0-md5:	8bf564ea8348522fc1db727868828def
 Source1:	cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
 # Source1-md5:	2ed2b452daefe70ededd75dc0061fd07
 Source2:	%{name}.init
@@ -48,6 +48,7 @@ Source6:	%{name}-config
 Source7:	%{name6}-config
 Source8:	%{name}.service
 Source9:	%{name6}.service
+Patch100:	%{name}-git.patch
 # --- GENERAL CHANGES (patches<10):
 Patch0:		%{name}-man.patch
 # additional utils; off by default
@@ -188,6 +189,7 @@ iptables(8).
 
 %prep
 %setup -q -a1
+%patch100 -p1
 %patch0 -p1
 %if %{with batch}
 %patch1 -p1
@@ -332,6 +334,7 @@ fi
 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_HMARK.so
 %attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so

More information about the pld-cvs-commit mailing list