[ANNOUNCE]: Release of iptables-1.4.9

[ANNOUNCE]: Release of iptables-1.4.9

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 769 bytes --]

The netfilter coreteam presents:

    iptables version 1.4.9

the iptables release for the 2.6.35 kernel. Changes include:

- support for the LED target, which hadn't been merged so far because
  the kernel module had some bugs

- a new version of the set extension for the upcoming release supporting
  IPv6

- negation support for the quota match

- support for the SACK-IMMEDIATELY SCTP extension and FORWARD_TSN
  chunk type in the sctp match

- documentation updates and various smaller bugfixes

See the Changelog for more details.

Version 1.4.9 can be obtained from:

http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
git://git.netfilter.org/iptables.git

On behalf of the Netfilter Core Team.
Happy firewalling!



[-- Attachment #2: changes-iptables-1.4.9.txt --]
[-- Type: text/plain, Size: 1338 bytes --]

Adam Nielsen (1):
      extensions: add the LED target

Eric Dumazet (1):
      extensions: REDIRECT: add random help

Jan Engelhardt (10):
      utils: add missing include flags to Makefile
      doc: xt_string: correct copy-and-pasting in manpage
      doc: xt_hashlimit: fix a typo
      doc: xt_LED: nroff formatting requirements
      includes: sync header files from Linux 2.6.35-rc1
      xtables: another try at chain name length checking
      xtables: remove xtables_set_revision function
      libxt_hashlimit: always print burst value
      libxt_conntrack: do print netmask
      xt_quota: also document negation

Jozsef Kadlecsik (1):
      libxt_set: new revision added

Luciano Coelho (2):
      extensions: libxt_rateest: fix typo in the man page
      extensions: libxt_rateest: fix bps options for iptables-save

Patrick McHardy (5):
      Revert "Revert "Merge branch 'iptables-next'""
      Merge branch 'master' of git://dev.medozas.de/iptables
      Merge branch 'master' of git://dev.medozas.de/iptables
      Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
      Bump version to 1.4.9

Samuel Ortiz (1):
      extensions: libxt_quota.c: Support option negation

Shan Wei (2):
      xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
      xt_sctp: support FORWARD_TSN chunk type

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Patrick McHardy <kaber@trash.net>:

|     iptables version 1.4.9

make[2]: Entering directory `/home/gzp/src/iptables-1.4.9'
/bin/sh ./libtool --tag=CC   --mode=link gcc -D_LARGEFILE_SOURCE=1
-D_LARGE_FILES -D_FILE_OFFSET_BITS=64        -D_REENTRANT -Wall
-Waggregate-return -Wmissing-declarations  -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include  -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic  -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o libiptc/libip4tc.la
extensions/libext4.a libxtables.la -lm 
libtool: link: gcc -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES
-D_FILE_OFFSET_BITS=64 -D_REENTRANT -Wall -Waggregate-return
-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow
-Wstrict-prototypes -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o
libiptc/.libs/libip4tc.a extensions/libext4.a ./.libs/libxtables.a -lm
collect2: ld terminated with signal 11 [Segmentation fault]
extensions/libext4.a(initext4.o): In function `init_extensions':
/home/gzp/src/iptables-1.4.9/extensions/initext4.c:138: undefined reference to `libxt_TEE_init'
make[2]: *** [iptables-multi] Error 1

[kernel]
Linux gzp1 2.6.32.17-gzp1 #1 SMP PREEMPT Tue Aug 3 17:17:10 CEST 2010
i686 GNU/Linux

[glibc]
GNU C Library stable release version 2.11.2, by Roland McGrath et al.
Compiled by GNU CC version 4.4.4.
Compiled on a Linux 2.6.34 system on 2010-06-01.
        Native POSIX Threads Library by Ulrich Drepper et al

[gcc]
gcc (GCC) 4.4.4

[binutils]
GNU ld (Linux/GNU Binutils) 2.20.51.0.10.20100707

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Patrick McHardy <kaber@trash.net>:

|     iptables version 1.4.9

make[2]: Entering directory `/home/gzp/src/iptables-1.4.9'
/bin/sh ./libtool --tag=CC   --mode=link gcc -D_LARGEFILE_SOURCE=1
-D_LARGE_FILES -D_FILE_OFFSET_BITS=64        -D_REENTRANT -Wall
-Waggregate-return -Wmissing-declarations  -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include  -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic  -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o libiptc/libip4tc.la
extensions/libext4.a libxtables.la -lm 
libtool: link: gcc -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES
-D_FILE_OFFSET_BITS=64 -D_REENTRANT -Wall -Waggregate-return
-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow
-Wstrict-prototypes -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o
libiptc/.libs/libip4tc.a extensions/libext4.a ./.libs/libxtables.a -lm
collect2: ld terminated with signal 11 [Segmentation fault]
extensions/libext4.a(initext4.o): In function `init_extensions':
/home/gzp/src/iptables-1.4.9/extensions/initext4.c:138: undefined reference to `libxt_TEE_init'
make[2]: *** [iptables-multi] Error 1

[kernel]
Linux gzp1 2.6.32.17-gzp1 #1 SMP PREEMPT Tue Aug 3 17:17:10 CEST 2010
i686 GNU/Linux

[glibc]
GNU C Library stable release version 2.11.2, by Roland McGrath et al.
Compiled by GNU CC version 4.4.4.
Compiled on a Linux 2.6.34 system on 2010-06-01.
        Native POSIX Threads Library by Ulrich Drepper et al

[gcc]
gcc (GCC) 4.4.4

[binutils]
GNU ld (Linux/GNU Binutils) 2.20.51.0.10.20100707

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Patrick McHardy]

Am 03.08.2010 18:34, schrieb Gabor Z. Papp:
> * Patrick McHardy <kaber@trash.net>:
> 
> |     iptables version 1.4.9
> 
> ...
> libiptc/.libs/libip4tc.a extensions/libext4.a ./.libs/libxtables.a -lm
> collect2: ld terminated with signal 11 [Segmentation fault]
> extensions/libext4.a(initext4.o): In function `init_extensions':
> /home/gzp/src/iptables-1.4.9/extensions/initext4.c:138: undefined reference to `libxt_TEE_init'
> make[2]: *** [iptables-multi] Error 1

Did you use a git checkout/patch against 1.4.8 or the tar.bz2?
In case its the former, try running make clean, sh autogen.sh and
sh configure again before the build.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Patrick McHardy <kaber@trash.net>:

| Did you use a git checkout/patch against 1.4.8 or the tar.bz2?
| In case its the former, try running make clean, sh autogen.sh and
| sh configure again before the build.

Used the tarball, but tried git also:

/bin/sh ./libtool --tag=CC   --mode=link gcc -D_LARGEFILE_SOURCE=1
-D_LARGE_FILES -D_FILE_OFFSET_BITS=64        -D_REENTRANT -Wall
-Waggregate-return -Wmissing-declarations  -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include  -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic  -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o libiptc/libip4tc.la
extensions/libext4.a libxtables.la -lm 
libtool: link: gcc -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES
-D_FILE_OFFSET_BITS=64 -D_REENTRANT -Wall -Waggregate-return
-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow
-Wstrict-prototypes -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o
libiptc/.libs/libip4tc.a extensions/libext4.a ./.libs/libxtables.a -lm
collect2: ld terminated with signal 11 [Segmentation fault]
extensions/libext4.a(initext4.o): In function `init_extensions':
/home/gzp/src/iptables/extensions/initext4.c:144: undefined reference to `libxt_IDLETIMER_init'
/home/gzp/src/iptables/extensions/initext4.c:145: undefined reference to `libxt_TEE_init'
make[2]: *** [iptables-multi] Error 1

Note the difference, new undefined reference: `libxt_IDLETIMER_init

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Patrick McHardy <kaber@trash.net>:

| Did you use a git checkout/patch against 1.4.8 or the tar.bz2?
| In case its the former, try running make clean, sh autogen.sh and
| sh configure again before the build.

Used the tarball, but tried git also:

/bin/sh ./libtool --tag=CC   --mode=link gcc -D_LARGEFILE_SOURCE=1
-D_LARGE_FILES -D_FILE_OFFSET_BITS=64        -D_REENTRANT -Wall
-Waggregate-return -Wmissing-declarations  -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes     -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include  -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic  -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o libiptc/libip4tc.la
extensions/libext4.a libxtables.la -lm 
libtool: link: gcc -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES
-D_FILE_OFFSET_BITS=64 -D_REENTRANT -Wall -Waggregate-return
-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow
-Wstrict-prototypes -Winline -pipe
-DXTABLES_LIBDIR=\"/pkg/lib/xtables\" -DXTABLES_INTERNAL -I./include
-I./include -DIPTABLES_MULTI -DALL_INCLUSIVE -g -O2 -rdynamic -o
iptables-multi iptables_multi-iptables-multi.o
iptables_multi-iptables-save.o iptables_multi-iptables-restore.o
iptables_multi-iptables-xml.o iptables_multi-iptables-standalone.o
iptables_multi-iptables.o iptables_multi-xshared.o
libiptc/.libs/libip4tc.a extensions/libext4.a ./.libs/libxtables.a -lm
collect2: ld terminated with signal 11 [Segmentation fault]
extensions/libext4.a(initext4.o): In function `init_extensions':
/home/gzp/src/iptables/extensions/initext4.c:144: undefined reference to `libxt_IDLETIMER_init'
/home/gzp/src/iptables/extensions/initext4.c:145: undefined reference to `libxt_TEE_init'
make[2]: *** [iptables-multi] Error 1

Note the difference, new undefined reference: `libxt_IDLETIMER_init

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* "Gabor Z. Papp" <gzp@papp.hu>:

| Note the difference, new undefined reference: `libxt_IDLETIMER_init

--disable-shared --enable-static configure options cause the problems.

--enable-shared --disable-static compiles fine, but I would like to
link against the static libs.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* "Gabor Z. Papp" <gzp@papp.hu>:

| Note the difference, new undefined reference: `libxt_IDLETIMER_init

--disable-shared --enable-static configure options cause the problems.

--enable-shared --disable-static compiles fine, but I would like to
link against the static libs.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Michele Petrazzo - Unipex]

Gabor Z. Papp wrote:
> * Patrick McHardy <kaber@trash.net>:
> 
> | Did you use a git checkout/patch against 1.4.8 or the tar.bz2?
> | In case its the former, try running make clean, sh autogen.sh and
> | sh configure again before the build.
> 
> Used the tarball, but tried git also:
> 

Here git works. Or better, compile but I don't find the "iptables" command.

If I enable static compilation "configure --enable-static", I receive:
extensions/libext4.a(initext4.o): In function `init_extensions':
/home/devel/iptables/extensions/initext4.c:103: undefined reference to
`libxt_IDLETIMER_init'
/home/devel/iptables/extensions/initext4.c:137: undefined reference to
`libxt_TEE_ini


Michele

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Jan Engelhardt]

On Tuesday 2010-08-03 19:25, Gabor Z. Papp wrote:

>* "Gabor Z. Papp" <gzp@papp.hu>:
>
>| Note the difference, new undefined reference: `libxt_IDLETIMER_init
>
>--disable-shared --enable-static configure options cause the problems.
>
>--enable-shared --disable-static compiles fine, but I would like to
>link against the static libs.

(BTW, with --disable-shared you remove the possibility to use any .so
files whatsoever. You can use --enable-static --enable-shared to get
both "all in one binary" and ".so support".)



The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:

  xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables master

Jan Engelhardt (1):
      build: fix static linking

 extensions/libxt_IDLETIMER.c |    2 +-
 extensions/libxt_TEE.c       |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
[Actually there's also the "remove unnecessary cast" patch that is not 
included in this listing, but merging that should be ok.]



parent 371cea299f0b2eb100b9fc9fb99089640d2d606f (v1.4.9-18-g371cea2)
commit 0428e5a6541c3f5eaaf683d8da9ea60c44eac4c7
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Aug 3 19:58:38 2010 +0200

build: fix static linking

Gabor Z. Papp noted this link-time error when configuring with
--enable-static:

extensions/libext4.a(initext4.o): In function "init_extensions":
extensions/initext4.c:144: undefined reference to "libxt_IDLETIMER_init"
extensions/initext4.c:145: undefined reference to "libxt_TEE_init"

Indeed, since the two modules did not use our special macro "_init"
(which expands to libxt_foo_init), initext4.c could not find them by
that name. Correct this.

References: http://marc.info/?l=netfilter&m=128085480927924&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_IDLETIMER.c |    2 +-
 extensions/libxt_TEE.c       |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
index 12573a4..1562e02 100644
--- a/extensions/libxt_IDLETIMER.c
+++ b/extensions/libxt_IDLETIMER.c
@@ -132,7 +132,7 @@ static struct xtables_target idletimer_tg_reg = {
 	.extra_opts    = idletimer_tg_opts,
 };
 
-static __attribute__((constructor)) void idletimer_tg_ldr(void)
+void _init(void)
 {
 	xtables_register_target(&idletimer_tg_reg);
 }
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index f8e7fd1..e4c0607 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -195,7 +195,7 @@ static struct xtables_target tee_tg6_reg = {
 	.extra_opts    = tee_tg_opts,
 };
 
-static __attribute__((constructor)) void tee_tg_ldr(void)
+void _init(void)
 {
 	xtables_register_target(&tee_tg_reg);
 	xtables_register_target(&tee_tg6_reg);
-- 
# Created with git-export-patch

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Jan Engelhardt <jengelh@medozas.de>:

| (BTW, with --disable-shared you remove the possibility to use any .so
| files whatsoever. You can use --enable-static --enable-shared to get
| both "all in one binary" and ".so support".)

And how to force linking the binaries against the static libs?

| The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:

|   xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)

| are available in the git repository at:
|   git://dev.medozas.de/iptables master

Fixed, compiled fine.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Jan Engelhardt <jengelh@medozas.de>:

| (BTW, with --disable-shared you remove the possibility to use any .so
| files whatsoever. You can use --enable-static --enable-shared to get
| both "all in one binary" and ".so support".)

And how to force linking the binaries against the static libs?

| The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:

|   xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)

| are available in the git repository at:
|   git://dev.medozas.de/iptables master

Fixed, compiled fine.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Jan Engelhardt]

On Tuesday 2010-08-03 20:09, Gabor Z. Papp wrote:

>* Jan Engelhardt <jengelh@medozas.de>:
>
>| (BTW, with --disable-shared you remove the possibility to use any .so
>| files whatsoever. You can use --enable-static --enable-shared to get
>| both "all in one binary" and ".so support".)
>
>And how to force linking the binaries against the static libs?

What libs?

snat range not cycling

[Timothy Hayes]

Hi guys I've got a iptables firewall setup and a request came in to not just
snat an address but to make each subsequent connection go to a range of
address.

The firewall doesn't normally handle traffic from this particular
application so I've setup a squid proxy and the app is connecting to the
proxy.


I added the range of addresses with ip addr add x.x.x.# dev eth0

and setup a snat rule:
iptables -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to-source
xx.xx.xx.131-xx.xx.xx.250

translation works fine, but I never seem to get an alternate ip from the
range.



If anyone knows what I need to do to make it so that the source addresses
cycle it would be much appreciated.

Re: snat range not cycling

[Jan Engelhardt]

On Wednesday 2010-08-04 00:06, Timothy Hayes wrote:
>I added the range of addresses with ip addr add x.x.x.# dev eth0
>
>and setup a snat rule:
>iptables -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to-source
>xx.xx.xx.131-xx.xx.xx.250
>
>translation works fine, but I never seem to get an alternate ip from the
>range.

IIRC the algorithm tries to give you the same source address for a given 
source address. (I hear that banking sites and other sensitive stuff can 
get unhappy if your externally visible address suddenly changes.)

Re: snat range not cycling

["Oleg A. Arkhangelsky"]

04.08.2010, 02:09, "Jan Engelhardt" <jengelh@medozas.de>:
> IIRC the algorithm tries to give you the same source address for a given
> source address. (I hear that banking sites and other sensitive stuff can
> get unhappy if your externally visible address suddenly changes.)
>

Only when --persist option is given. Otherwise original source and destination
addresses will be used for selection IP-address from the pool.

Timothy should try connection from different source IP-address or use different 
destination and see how this change situation.

--
wbr, Oleg.

RE: snat range not cycling

[Timothy Hayes]

Thanks I'll give that a try.

Wouldn't it trying to keep 1 to 1 mapping make the SAME target attribute
redundant?

-----Original Message-----
From: netfilter-owner@vger.kernel.org
[mailto:netfilter-owner@vger.kernel.org] On Behalf Of "Oleg A. Arkhangelsky"
Sent: Tuesday, August 03, 2010 10:44 PM
To: Jan Engelhardt; netfilter@vger.kernel.org
Subject: Re: snat range not cycling

04.08.2010, 02:09, "Jan Engelhardt" <jengelh@medozas.de>:
> IIRC the algorithm tries to give you the same source address for a given
> source address. (I hear that banking sites and other sensitive stuff can
> get unhappy if your externally visible address suddenly changes.)
>

Only when --persist option is given. Otherwise original source and
destination
addresses will be used for selection IP-address from the pool.

Timothy should try connection from different source IP-address or use
different 
destination and see how this change situation.

--
wbr, Oleg.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: snat range not cycling

["Oleg A. Arkhangelsky"]

04.08.2010, 10:42, "Timothy Hayes" <morphieus@earthlink.net>:
> Thanks I'll give that a try.
>
> Wouldn't it trying to keep 1 to 1 mapping make the SAME target attribute
> redundant?

As far as I know, the SAME target was removed from kernel two years ago.
The SNAT target with --persist option is the equivalent of SAME.

--
wbr, Oleg.

RE: snat range not cycling

[Jan Engelhardt]

On Wednesday 2010-08-04 08:42, Timothy Hayes wrote:

>Thanks I'll give that a try.
>
>Wouldn't it trying to keep 1 to 1 mapping make the SAME target attribute
>redundant?

SAME has already been removed.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Patrick McHardy]

Am 03.08.2010 20:09, schrieb Gabor Z. Papp:
> * Jan Engelhardt <jengelh@medozas.de>:
> 
> | (BTW, with --disable-shared you remove the possibility to use any .so
> | files whatsoever. You can use --enable-static --enable-shared to get
> | both "all in one binary" and ".so support".)
> 
> And how to force linking the binaries against the static libs?
> 
> | The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:
> 
> |   xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)
> 
> | are available in the git repository at:
> |   git://dev.medozas.de/iptables master
> 
> Fixed, compiled fine.

Thanks, I'll release a .1 with this patch tommorrow.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Jan Engelhardt]

On Wednesday 2010-08-04 18:16, Patrick McHardy wrote:
>Am 03.08.2010 20:09, schrieb Gabor Z. Papp:
>> * Jan Engelhardt <jengelh@medozas.de>:
>> 
>> | (BTW, with --disable-shared you remove the possibility to use any .so
>> | files whatsoever. You can use --enable-static --enable-shared to get
>> | both "all in one binary" and ".so support".)
>> 
>> And how to force linking the binaries against the static libs?
>> 
>> | The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:
>> 
>> |   xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)
>> 
>> | are available in the git repository at:
>> |   git://dev.medozas.de/iptables master
>> 
>> Fixed, compiled fine.
>
>Thanks, I'll release a .1 with this patch tommorrow.

You probably want to add to your personal release script section one 
that testcompiles all configurations before possibly creating a tarball. 
I do so too with Xtables-addons (all kernels from 2.6.17 onwards, 
quite a disk eater).

./configure --enable-static --enable-shared && make

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Jan Engelhardt <jengelh@medozas.de>:

| >| (BTW, with --disable-shared you remove the possibility to use any .so
| >| files whatsoever. You can use --enable-static --enable-shared to get
| >| both "all in one binary" and ".so support".)
| >
| >And how to force linking the binaries against the static libs?

| What libs?

Link iptables-multi against static versions of libip6tc and libxtables.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Gabor Z. Papp]

* Jan Engelhardt <jengelh@medozas.de>:

| >| (BTW, with --disable-shared you remove the possibility to use any .so
| >| files whatsoever. You can use --enable-static --enable-shared to get
| >| both "all in one binary" and ".so support".)
| >
| >And how to force linking the binaries against the static libs?

| What libs?

Link iptables-multi against static versions of libip6tc and libxtables.

Re: [ANNOUNCE]: Release of iptables-1.4.9

[Patrick McHardy]

Am 03.08.2010 20:04, schrieb Jan Engelhardt:
> The following changes since commit 371cea299f0b2eb100b9fc9fb99089640d2d606f:
> 
>   xtables: remove unnecessary cast (2010-08-03 19:56:11 +0200)
> 
> are available in the git repository at:
>   git://dev.medozas.de/iptables master
> 
> Jan Engelhardt (1):
>       build: fix static linking
> 
>  extensions/libxt_IDLETIMER.c |    2 +-
>  extensions/libxt_TEE.c       |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> [Actually there's also the "remove unnecessary cast" patch that is not 
> included in this listing, but merging that should be ok.]

Pulled, thanks Jan.