* [PATCH 1/4] iptables-xml: resolve compiler warnings
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
@ 2010-09-15 18:53 ` Jan Engelhardt
2010-09-15 18:53 ` [PATCH 2/4] iptables: limit chain name length to be consistent with targets Jan Engelhardt
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Jan Engelhardt @ 2010-09-15 18:53 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
iptables-xml.c: In function "parse_counters":
iptables-xml.c:70:8: warning: assignment from incompatible pointer type
iptables-xml.c:71:8: warning: assignment from incompatible pointer type
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
iptables-xml.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/iptables-xml.c b/iptables-xml.c
index daf4208..32d996a 100644
--- a/iptables-xml.c
+++ b/iptables-xml.c
@@ -64,7 +64,7 @@ print_usage(const char *name, const char *version)
static int
parse_counters(char *string, struct ipt_counters *ctr)
{
- u_int64_t *pcnt, *bcnt;
+ __u64 *pcnt, *bcnt;
if (string != NULL) {
pcnt = &ctr->pcnt;
--
1.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/4] iptables: limit chain name length to be consistent with targets
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
2010-09-15 18:53 ` [PATCH 1/4] iptables-xml: resolve compiler warnings Jan Engelhardt
@ 2010-09-15 18:53 ` Jan Engelhardt
2010-09-16 0:29 ` Stig Thormodsrud
2010-09-15 18:53 ` [PATCH 3/4] libiptc: build with -Wl,--no-as-needed Jan Engelhardt
` (2 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Jan Engelhardt @ 2010-09-15 18:53 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Creationg of chain names longer than the ones being able to jump to
should be inhibited for consistency.
References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
Cc: Stig Thormodsrud <stig@vyatta.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 6 +++---
iptables.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 6c5d124..15067da 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
generic_opt_check(command, options);
- if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
+ if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
- "chain name `%s' too long (must be under %i chars)",
- chain, IP6T_FUNCTION_MAXNAMELEN);
+ "chain name `%s' too long (must be under %u chars)",
+ chain, XT_EXTENSION_MAXNAMELEN);
/* only allocate handle if we weren't called with a handle */
if (!*handle)
diff --git a/iptables.c b/iptables.c
index 19f6d4f..840dd3e 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
generic_opt_check(command, options);
- if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
+ if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
- "chain name `%s' too long (must be under %i chars)",
- chain, IPT_FUNCTION_MAXNAMELEN);
+ "chain name `%s' too long (must be under %u chars)",
+ chain, XT_EXTENSION_MAXNAMELEN);
/* only allocate handle if we weren't called with a handle */
if (!*handle)
--
1.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/4] iptables: limit chain name length to be consistent with targets
2010-09-15 18:53 ` [PATCH 2/4] iptables: limit chain name length to be consistent with targets Jan Engelhardt
@ 2010-09-16 0:29 ` Stig Thormodsrud
2010-09-16 9:45 ` Jan Engelhardt
0 siblings, 1 reply; 8+ messages in thread
From: Stig Thormodsrud @ 2010-09-16 0:29 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: pablo, kaber, netfilter-devel
On 09/15/2010 11:53 AM, Jan Engelhardt wrote:
> Creationg of chain names longer than the ones being able to jump to
> should be inhibited for consistency.
>
> References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
> Cc: Stig Thormodsrud <stig@vyatta.com>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> ip6tables.c | 6 +++---
> iptables.c | 6 +++---
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/ip6tables.c b/ip6tables.c
> index 6c5d124..15067da 100644
> --- a/ip6tables.c
> +++ b/ip6tables.c
> @@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
>
> generic_opt_check(command, options);
>
> - if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
> + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
> xtables_error(PARAMETER_PROBLEM,
> - "chain name `%s' too long (must be under %i chars)",
> - chain, IP6T_FUNCTION_MAXNAMELEN);
> + "chain name `%s' too long (must be under %u chars)",
> + chain, XT_EXTENSION_MAXNAMELEN);
>
> /* only allocate handle if we weren't called with a handle */
> if (!*handle)
> diff --git a/iptables.c b/iptables.c
> index 19f6d4f..840dd3e 100644
> --- a/iptables.c
> +++ b/iptables.c
> @@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
>
> generic_opt_check(command, options);
>
> - if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
> + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
> xtables_error(PARAMETER_PROBLEM,
> - "chain name `%s' too long (must be under %i chars)",
> - chain, IPT_FUNCTION_MAXNAMELEN);
> + "chain name `%s' too long (must be under %u chars)",
> + chain, XT_EXTENSION_MAXNAMELEN);
>
> /* only allocate handle if we weren't called with a handle */
> if (!*handle)
Thanks for the fix. I guess my original question was if the change in
max name length from 29 to 28 characters was intentional or required by
some other data structure change?
iptables -t filter --new-chain A234567890123456789012345678901
iptables v1.4.4: chain name `A234567890123456789012345678901' too long
(must be under 30 chars)
iptables -t filter --new-chain A234567890123456789012345678901
iptables v1.4.9: chain name `A234567890123456789012345678901' too long
(must be under 29 chars)
I know you're probably thinking it's just 1 character who cares, but we
have checks for that max in a lot of places and our log tag is based on
the chain name and the log tag has a max size and blah blah...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/4] iptables: limit chain name length to be consistent with targets
2010-09-16 0:29 ` Stig Thormodsrud
@ 2010-09-16 9:45 ` Jan Engelhardt
0 siblings, 0 replies; 8+ messages in thread
From: Jan Engelhardt @ 2010-09-16 9:45 UTC (permalink / raw)
To: Stig Thormodsrud; +Cc: pablo, kaber, netfilter-devel
On Thursday 2010-09-16 02:29, Stig Thormodsrud wrote:
>> - if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
>> + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
>> xtables_error(PARAMETER_PROBLEM,
>> - "chain name `%s' too long (must be under %i chars)",
>> - chain, IPT_FUNCTION_MAXNAMELEN);
>> + "chain name `%s' too long (must be under %u chars)",
>> + chain, XT_EXTENSION_MAXNAMELEN);
>>
>> /* only allocate handle if we weren't called with a handle */
>> if (!*handle)
>
>Thanks for the fix. I guess my original question was if the change in
>max name length from 29 to 28 characters was intentional or required by
>some other data structure change?
struct xt_entry_match simply just has space for 28+1 bytes for the
name+'\0'. Chain names could be 31+1, but it is unknown in advance
whether a name whose length is to be checked is going to be a target
or a chain, so it is safer to just use 29 for now.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 3/4] libiptc: build with -Wl,--no-as-needed
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
2010-09-15 18:53 ` [PATCH 1/4] iptables-xml: resolve compiler warnings Jan Engelhardt
2010-09-15 18:53 ` [PATCH 2/4] iptables: limit chain name length to be consistent with targets Jan Engelhardt
@ 2010-09-15 18:53 ` Jan Engelhardt
2010-09-15 18:53 ` [PATCH 4/4] libiptc: add Libs.private to pkgconfig files Jan Engelhardt
2010-09-15 19:26 ` pull: misc nf bugfixes Patrick McHardy
4 siblings, 0 replies; 8+ messages in thread
From: Jan Engelhardt @ 2010-09-15 18:53 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Since libiptc does not reference any symbols in libip(4|6)tc, the linker
may ignore the dependencies. Use --no-as-needed to explicitly force a
DT_NEEDED entry.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=674
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Makefile.am | 4 +-
configure.ac | 5 +++
m4/ax_check_linker_flags.m4 | 78 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 85 insertions(+), 2 deletions(-)
create mode 100644 m4/ax_check_linker_flags.m4
diff --git a/Makefile.am b/Makefile.am
index 2a63cc7..7f0eb2f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,11 +20,11 @@ lib_LTLIBRARIES =
lib_LTLIBRARIES += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
libiptc_libiptc_la_SOURCES =
libiptc_libiptc_la_LIBADD = libiptc/libip4tc.la libiptc/libip6tc.la
-libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
libiptc_libip4tc_la_SOURCES = libiptc/libip4tc.c
libiptc_libip4tc_la_LDFLAGS = -version-info 0:0:0
libiptc_libip6tc_la_SOURCES = libiptc/libip6tc.c
-libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
lib_LTLIBRARIES += libxtables.la
libxtables_la_SOURCES = xtables.c
diff --git a/configure.ac b/configure.ac
index 3b26f54..6010afd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -52,6 +52,11 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
+libiptc_LDFLAGS2="";
+AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+ [libiptc_LDFLAGS2="-Wl,--no-as-needed"])
+AC_SUBST([libiptc_LDFLAGS2])
+
blacklist_modules="";
AC_CHECK_HEADER([linux/dccp.h])
diff --git a/m4/ax_check_linker_flags.m4 b/m4/ax_check_linker_flags.m4
new file mode 100644
index 0000000..ba7bf3c
--- /dev/null
+++ b/m4/ax_check_linker_flags.m4
@@ -0,0 +1,78 @@
+#http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_check_linker_flags.m4
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_linker_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_LINKER_FLAGS(FLAGS, [ACTION-SUCCESS], [ACTION-FAILURE])
+#
+# DESCRIPTION
+#
+# Check whether the given linker FLAGS work with the current language's
+# linker, or whether they give an error.
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# NOTE: Based on AX_CHECK_COMPILER_FLAGS.
+#
+# LICENSE
+#
+# Copyright (c) 2009 Mike Frysinger <vapier@gentoo.org>
+# Copyright (c) 2009 Steven G. Johnson <stevenj@alum.mit.edu>
+# Copyright (c) 2009 Matteo Frigo
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 6
+
+AC_DEFUN([AX_CHECK_LINKER_FLAGS],
+[AC_MSG_CHECKING([whether the linker accepts $1])
+dnl Some hackery here since AC_CACHE_VAL can't handle a non-literal varname:
+AS_LITERAL_IF([$1],
+ [AC_CACHE_VAL(AS_TR_SH(ax_cv_linker_flags_[$1]), [
+ ax_save_FLAGS=$LDFLAGS
+ LDFLAGS="$1"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()],
+ AS_TR_SH(ax_cv_linker_flags_[$1])=yes,
+ AS_TR_SH(ax_cv_linker_flags_[$1])=no)
+ LDFLAGS=$ax_save_FLAGS])],
+ [ax_save_FLAGS=$LDFLAGS
+ LDFLAGS="$1"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()],
+ eval AS_TR_SH(ax_cv_linker_flags_[$1])=yes,
+ eval AS_TR_SH(ax_cv_linker_flags_[$1])=no)
+ LDFLAGS=$ax_save_FLAGS])
+eval ax_check_linker_flags=$AS_TR_SH(ax_cv_linker_flags_[$1])
+AC_MSG_RESULT($ax_check_linker_flags)
+if test "x$ax_check_linker_flags" = xyes; then
+ m4_default([$2], :)
+else
+ m4_default([$3], :)
+fi
+])dnl AX_CHECK_LINKER_FLAGS
--
1.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/4] libiptc: add Libs.private to pkgconfig files
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
` (2 preceding siblings ...)
2010-09-15 18:53 ` [PATCH 3/4] libiptc: build with -Wl,--no-as-needed Jan Engelhardt
@ 2010-09-15 18:53 ` Jan Engelhardt
2010-09-15 19:26 ` pull: misc nf bugfixes Patrick McHardy
4 siblings, 0 replies; 8+ messages in thread
From: Jan Engelhardt @ 2010-09-15 18:53 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
This is needed when doing static linking.
(pkg-config --static --libs libiptc)
References: http://bugzilla.netfilter.org/show_bug.cgi?id=675
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
libiptc.pc.in | 1 +
xtables.pc.in | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/libiptc.pc.in b/libiptc.pc.in
index 63a459a..99a3544 100644
--- a/libiptc.pc.in
+++ b/libiptc.pc.in
@@ -8,4 +8,5 @@ Name: libiptc
Description: iptables ruleset ADT and kernel interface
Version: @PACKAGE_VERSION@
Libs: -L${libdir} -liptc
+Libs.private: -lip4tc -lip6tc
Cflags: -I${includedir}
diff --git a/xtables.pc.in b/xtables.pc.in
index fa6f33b..43f35d5 100644
--- a/xtables.pc.in
+++ b/xtables.pc.in
@@ -10,3 +10,4 @@ Description: Shared Xtables code for extensions and iproute2
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lxtables
+Libs.private: -ldl
--
1.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: pull: misc nf bugfixes
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
` (3 preceding siblings ...)
2010-09-15 18:53 ` [PATCH 4/4] libiptc: add Libs.private to pkgconfig files Jan Engelhardt
@ 2010-09-15 19:26 ` Patrick McHardy
4 siblings, 0 replies; 8+ messages in thread
From: Patrick McHardy @ 2010-09-15 19:26 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: pablo, netfilter-devel
Am 15.09.2010 20:53, schrieb Jan Engelhardt:
> git://dev.medozas.de/iptables master
Pulled, thanks Jan.
^ permalink raw reply [flat|nested] 8+ messages in thread