Patches: don't call modprobe, ipv4/ipv6 flag support, xtables-multi unification.

Patches: don't call modprobe, ipv4/ipv6 flag support, xtables-multi unification.

[Maciej Żenczykowski]

Hi,

The following changes are available in the git repository at:
  git://github.com/zenczykowski/iptables.git for-upstream

The first two patches are standalone, the fifth builds on the fourth
which builds on the third.
It's not clear to me if you'll be willing to merge all of them.

Maciej Zenczykowski (5):
  Don't load ip6?_tables module when already loaded.
  Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
  Move common parts of libext{4,6}.a into libext.a
  combine ip6?tables-multi into xtables-multi
  add xtables-multi{32,64} recognition

Thanks,
Maciej

[PATCH 1/5] Don't load ip6?_tables module when already loaded.

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 xshared.h |    2 ++
 xtables.c |   34 +++++++++++++++++++++++++++++-----
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/xshared.h b/xshared.h
index be53535..34f3265 100644
--- a/xshared.h
+++ b/xshared.h
@@ -29,6 +29,7 @@ struct xtables_target;
 /**
  * xtables_afinfo - protocol family dependent information
  * @kmod:		kernel module basename (e.g. "ip_tables")
+ * @proc_exists:	file which exists in procfs when module already loaded
  * @libprefix:		prefix of .so library name (e.g. "libipt_")
  * @family:		nfproto family
  * @ipproto:		used by setsockopt (e.g. IPPROTO_IP)
@@ -37,6 +38,7 @@ struct xtables_target;
  */
 struct xtables_afinfo {
 	const char *kmod;
+	const char *proc_exists;
 	const char *libprefix;
 	uint8_t family;
 	uint8_t ipproto;
diff --git a/xtables.c b/xtables.c
index a260c7b..e424c28 100644
--- a/xtables.c
+++ b/xtables.c
@@ -27,9 +27,11 @@
 #include <unistd.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/statfs.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <arpa/inet.h>
+#include <linux/magic.h> /* for PROC_SUPER_MAGIC */
 
 #include <xtables.h>
 #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
@@ -139,6 +141,7 @@ struct option *xtables_merge_options(struct option *orig_opts,
 
 static const struct xtables_afinfo afinfo_ipv4 = {
 	.kmod          = "ip_tables",
+	.proc_exists   = "/proc/net/ip_tables_names",
 	.libprefix     = "libipt_",
 	.family	       = NFPROTO_IPV4,
 	.ipproto       = IPPROTO_IP,
@@ -148,6 +151,7 @@ static const struct xtables_afinfo afinfo_ipv4 = {
 
 static const struct xtables_afinfo afinfo_ipv6 = {
 	.kmod          = "ip6_tables",
+	.proc_exists   = "/proc/net/ip6_tables_names",
 	.libprefix     = "libip6t_",
 	.family        = NFPROTO_IPV6,
 	.ipproto       = IPPROTO_IPV6,
@@ -369,15 +373,35 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
 	return -1;
 }
 
+/* return true if a given file exists within procfs */
+static bool proc_file_exists(const char *filename)
+{
+	struct stat s;
+	struct statfs f;
+
+	if (lstat(filename, &s)) return false;
+	if (!S_ISREG(s.st_mode)) return false;
+	if (statfs(filename, &f)) return false;
+	if (f.f_type != PROC_SUPER_MAGIC) return false;
+	return true;
+}
+
 int xtables_load_ko(const char *modprobe, bool quiet)
 {
 	static bool loaded = false;
-	static int ret = -1;
+	int ret;
 
-	if (!loaded) {
-		ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
-		loaded = (ret == 0);
-	}
+	if (loaded)
+		return 0;
+
+	if (proc_file_exists(afinfo->proc_exists)) {
+		loaded = true;
+		return 0;
+	};
+
+	ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
+	if (ret == 0)
+		loaded = true;
 
 	return ret;
 }
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/5] Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

This enables one to have a single configuration file for both ipv4 and ipv6
firewall rules.

Example:
  iptables-restore config
  ip6tables-restore config

Where the file 'config' contains:
  *filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  :ssh - [0:0]

  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  -A INPUT -m state --state INVALID -j DROP
  -A INPUT -i lo -j ACCEPT
  -A INPUT -4 -p icmp -j ACCEPT
  -A INPUT -6 -p icmpv6 -j ACCEPT
  -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh
  -A ssh -j ACCEPT

  COMMIT

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 ip6tables.c |   16 +++++++++++++++-
 iptables.c  |   15 ++++++++++++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/ip6tables.c b/ip6tables.c
index f9909f1..8d73641 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -124,6 +124,8 @@ static struct option original_opts[] = {
 	{.name = "modprobe",      .has_arg = 1, .val = 'M'},
 	{.name = "set-counters",  .has_arg = 1, .val = 'c'},
 	{.name = "goto",          .has_arg = 1, .val = 'g'},
+	{.name = "ipv4",          .has_arg = 0, .val = '4'},
+	{.name = "ipv6",          .has_arg = 0, .val = '6'},
 	{NULL},
 };
 
@@ -248,6 +250,8 @@ exit_printhelp(const struct xtables_rule_match *matches)
 "				Change chain name, (moving any references)\n"
 
 "Options:\n"
+"    --ipv4	-4		Error (line is ignored by ip6tables-restore)\n"
+"    --ipv6	-6		Nothing (line is ignored by iptables-restore)\n"
 "[!] --proto	-p proto	protocol: by number or name, eg. `tcp'\n"
 "[!] --source	-s address[/mask][,...]\n"
 "				source specification\n"
@@ -1439,7 +1443,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 	opts = xt_params->orig_opts;
 	while ((cs.c = getopt_long(argc, argv,
-	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:",
+	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:46",
 					   opts, NULL)) != -1) {
 		switch (cs.c) {
 			/*
@@ -1756,6 +1760,16 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			cs.fw6.counters.bcnt = cnt;
 			break;
 
+		case '4':
+			/* This is not the IPv4 iptables */
+			if (line != -1) return 1; /* success: line ignored */
+			fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
+			exit_tryhelp(2);
+
+		case '6':
+			/* This is indeed the IPv6 ip6tables */
+			break;
+
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
 				if (cs.invert)
diff --git a/iptables.c b/iptables.c
index 0441dce..523454d 100644
--- a/iptables.c
+++ b/iptables.c
@@ -123,6 +123,8 @@ static struct option original_opts[] = {
 	{.name = "modprobe",      .has_arg = 1, .val = 'M'},
 	{.name = "set-counters",  .has_arg = 1, .val = 'c'},
 	{.name = "goto",          .has_arg = 1, .val = 'g'},
+	{.name = "ipv4",          .has_arg = 0, .val = '4'},
+	{.name = "ipv6",          .has_arg = 0, .val = '6'},
 	{NULL},
 };
 
@@ -261,6 +263,8 @@ exit_printhelp(const struct xtables_rule_match *matches)
 "				Change chain name, (moving any references)\n"
 
 "Options:\n"
+"    --ipv4	-4		Nothing (line is ignored by ip6tables-restore)\n"
+"    --ipv6	-6		Error (line is ignored by iptables-restore)\n"
 "[!] --proto	-p proto	protocol: by number or name, eg. `tcp'\n"
 "[!] --source	-s address[/mask][...]\n"
 "				source specification\n"
@@ -1467,7 +1471,7 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 
 	opts = xt_params->orig_opts;
 	while ((cs.c = getopt_long(argc, argv,
-	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:",
+	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46",
 					   opts, NULL)) != -1) {
 		switch (cs.c) {
 			/*
@@ -1782,6 +1786,15 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 			cs.fw.counters.bcnt = cnt;
 			break;
 
+		case '4':
+			/* This is indeed the IPv4 iptables */
+			break;
+
+		case '6':
+			/* This is not the IPv6 ip6tables */
+			if (line != -1) return 1; /* success: line ignored */
+			fprintf(stderr, "This is the IPv4 version of iptables.\n");
+			exit_tryhelp(2);
 
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/5] Move common parts of libext{4,6}.a into libext.a

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 .gitignore                |    1 +
 Makefile.am               |    8 +++++-
 extensions/GNUmakefile.in |   53 ++++++++++++++++++++++++++++++++++-----------
 include/xtables.h.in      |    1 +
 ip6tables-restore.c       |    1 +
 ip6tables-save.c          |    1 +
 ip6tables-standalone.c    |    1 +
 iptables-restore.c        |    1 +
 iptables-save.c           |    1 +
 iptables-standalone.c     |    1 +
 10 files changed, 54 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index e5d3099..9b59e6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ Makefile
 Makefile.in
 
 /extensions/GNUmakefile
+/extensions/initext.c
 /extensions/initext?.c
 /extensions/matches?.man
 /extensions/targets?.man
diff --git a/Makefile.am b/Makefile.am
index fbed41f..6affcac 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,7 +45,9 @@ if ENABLE_STATIC
 iptables_multi_CFLAGS    += -DALL_INCLUSIVE
 endif
 iptables_multi_LDFLAGS    = -rdynamic
-iptables_multi_LDADD      = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
+iptables_multi_LDADD      = libiptc/libip4tc.la \
+                            extensions/libext.a extensions/libext4.a \
+                            libxtables.la -lm
 
 ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
                             ip6tables-restore.c ip6tables-standalone.c \
@@ -55,7 +57,9 @@ if ENABLE_STATIC
 ip6tables_multi_CFLAGS   += -DALL_INCLUSIVE
 endif
 ip6tables_multi_LDFLAGS   = -rdynamic
-ip6tables_multi_LDADD     = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
+ip6tables_multi_LDADD     = libiptc/libip6tc.la \
+                            extensions/libext.a extensions/libext6.a \
+                            libxtables.la -lm
 
 sbin_PROGRAMS    =
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 0e562fb..a511a39 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -51,11 +51,13 @@ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
 #
 # Building blocks
 #
-targets := libext4.a libext6.a matches4.man matches6.man \
+targets := libext.a libext4.a libext6.a \
+           matches4.man matches6.man \
            targets4.man targets6.man
 targets_install :=
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
+@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
 @ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 @ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 
@@ -70,7 +72,7 @@ install: ${targets_install}
 	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
 
 clean:
-	rm -f *.o *.oo *.so *.a {matches,targets}[46].man initext4.c initext6.c;
+	rm -f *.o *.oo *.so *.a {matches,targets}[46].man initext.c initext4.c initext6.c;
 
 distclean: clean
 	rm -f .*.d .*.dd;
@@ -101,36 +103,61 @@ lib%.oo: ${srcdir}/lib%.c
 lib%.o: ${srcdir}/lib%.c
 	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<;
 
+libext.a: initext.o ${libext_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
 libext4.a: initext4.o ${libext4_objs}
 	${AM_VERBOSE_AR} ${AR} crs $@ $^;
 
 libext6.a: initext6.o ${libext6_objs}
 	${AM_VERBOSE_AR} ${AR} crs $@ $^;
 
-initext_func  := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
+initext_func  := $(addprefix xt_,${pfx_build_mod})
+initext4_func := $(addprefix ipt_,${pf4_build_mod})
+initext6_func := $(addprefix ip6t_,${pf6_build_mod})
 
-.initext4.dd: FORCE
+.initext.dd: FORCE
 	@echo "${initext_func}" >$@.tmp; \
 	cmp -s $@ $@.tmp || mv $@.tmp $@; \
 	rm -f $@.tmp;
 
+.initext4.dd: FORCE
+	@echo "${initext4_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
 .initext6.dd: FORCE
 	@echo "${initext6_func}" >$@.tmp; \
 	cmp -s $@ $@.tmp || mv $@.tmp $@; \
 	rm -f $@.tmp;
 
-initext4.c: .initext4.dd
+initext.c: .initext.dd
 	${AM_VERBOSE_GEN}
 	@( \
 	echo "" >$@; \
 	for i in ${initext_func}; do \
 		echo "extern void lib$${i}_init(void);" >>$@; \
 	done; \
+	echo "void init_extensions(void);" >>$@; \
+	echo "void init_extensions(void)" >>$@; \
+	echo "{" >>$@; \
+	for i in ${initext_func}; do \
+		echo  " ""lib$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+initext4.c: .initext4.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext4_func}; do \
+		echo "extern void lib$${i}_init(void);" >>$@; \
+	done; \
 	echo "void init_extensions4(void);" >>$@; \
 	echo "void init_extensions4(void)" >>$@; \
 	echo "{" >>$@; \
-	for i in ${initext_func}; do \
+	for i in ${initext4_func}; do \
 		echo  " ""lib$${i}_init();" >>$@; \
 	done; \
 	echo "}" >>$@; \
@@ -177,14 +204,14 @@ man_run    = \
 		fi; \
 	done >$@;
 
-matches4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
+matches4.man: .initext.dd .initext4.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
 
-matches6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
+matches6.man: .initext.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
 
-targets4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
+targets4.man: .initext.dd .initext4.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
 
-targets6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
+targets6.man: .initext.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
diff --git a/include/xtables.h.in b/include/xtables.h.in
index b4915c4..7bf2994 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -387,6 +387,7 @@ extern void xtables_save_string(const char *value);
 #		undef _init
 #		define _init _INIT
 #	endif
+	extern void init_extensions(void);
 	extern void init_extensions4(void);
 	extern void init_extensions6(void);
 #else
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 5531d6e..420bc52 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -137,6 +137,7 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/ip6tables-save.c b/ip6tables-save.c
index d9ecc62..39a3325 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -149,6 +149,7 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c
index 7d34684..9d8d5a0 100644
--- a/ip6tables-standalone.c
+++ b/ip6tables-standalone.c
@@ -59,6 +59,7 @@ main(int argc, char *argv[])
 	}
 
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/iptables-restore.c b/iptables-restore.c
index e4f0604..2624599 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -140,6 +140,7 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
diff --git a/iptables-save.c b/iptables-save.c
index dee1752..7542bdc 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -149,6 +149,7 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
diff --git a/iptables-standalone.c b/iptables-standalone.c
index b085946..87f1d31 100644
--- a/iptables-standalone.c
+++ b/iptables-standalone.c
@@ -59,6 +59,7 @@ main(int argc, char *argv[])
 				exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/5] combine ip6?tables-multi into xtables-multi

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 .gitignore        |    3 +--
 Makefile.am       |   44 ++++++++++++++++++++------------------------
 ip6tables-multi.c |   20 --------------------
 iptables-multi.c  |   22 ----------------------
 xtables-multi.c   |   39 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 60 insertions(+), 68 deletions(-)
 delete mode 100644 ip6tables-multi.c
 delete mode 100644 iptables-multi.c
 create mode 100644 xtables-multi.c

diff --git a/.gitignore b/.gitignore
index 9b59e6a..9d24ce0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,14 +41,13 @@ Makefile.in
 
 /ip6tables
 /ip6tables.8
-/ip6tables-multi
 /ip6tables-save
 /ip6tables-restore
 /ip6tables-static
 /iptables
 /iptables.8
-/iptables-multi
 /iptables-save
 /iptables-restore
 /iptables-static
 /iptables-xml
+/xtables-multi
diff --git a/Makefile.am b/Makefile.am
index 6affcac..13e144e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,7 +17,7 @@ endif
 lib_LTLIBRARIES =
 
 # libiptc
-lib_LTLIBRARIES           += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
+lib_LTLIBRARIES            += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
 libiptc_libiptc_la_SOURCES  =
 libiptc_libiptc_la_LIBADD   = libiptc/libip4tc.la libiptc/libip6tc.la
 libiptc_libiptc_la_LDFLAGS  = -version-info 0:0:0 ${libiptc_LDFLAGS2}
@@ -37,43 +37,39 @@ libxtables_la_CFLAGS  = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
 libxtables_la_LIBADD  =
 endif
 
-iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
-                            iptables-restore.c iptables-xml.c \
-                            iptables-standalone.c iptables.c xshared.c
-iptables_multi_CFLAGS     = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_SOURCES  = xtables-multi.c
+xtables_multi_CFLAGS   = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_LDFLAGS  = -rdynamic
+xtables_multi_LDADD    = extensions/libext.a
 if ENABLE_STATIC
-iptables_multi_CFLAGS    += -DALL_INCLUSIVE
+xtables_multi_CFLAGS  += -DALL_INCLUSIVE
 endif
-iptables_multi_LDFLAGS    = -rdynamic
-iptables_multi_LDADD      = libiptc/libip4tc.la \
-                            extensions/libext.a extensions/libext4.a \
-                            libxtables.la -lm
-
-ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
-                            ip6tables-restore.c ip6tables-standalone.c \
-                            ip6tables.c xshared.c
-ip6tables_multi_CFLAGS    = ${AM_CFLAGS} -DIPTABLES_MULTI
-if ENABLE_STATIC
-ip6tables_multi_CFLAGS   += -DALL_INCLUSIVE
+if ENABLE_IPV4
+xtables_multi_SOURCES += iptables-save.c iptables-restore.c iptables-xml.c \
+                         iptables-standalone.c iptables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV4
+xtables_multi_LDADD   += libiptc/libip4tc.la extensions/libext4.a
+endif
+if ENABLE_IPV6
+xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \
+                          ip6tables-standalone.c ip6tables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV6
+xtables_multi_LDADD   += libiptc/libip6tc.la extensions/libext6.a
 endif
-ip6tables_multi_LDFLAGS   = -rdynamic
-ip6tables_multi_LDADD     = libiptc/libip6tc.la \
-                            extensions/libext.a extensions/libext6.a \
-                            libxtables.la -lm
+xtables_multi_SOURCES += xshared.c
+xtables_multi_LDADD   += libxtables.la -lm
 
-sbin_PROGRAMS    =
+sbin_PROGRAMS    = xtables-multi
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
                    ip6tables-save.8
 CLEANFILES       = iptables.8 ip6tables.8
 
 if ENABLE_IPV4
-sbin_PROGRAMS += iptables-multi
 v4_bin_links   = iptables-xml
 v4_sbin_links  = iptables iptables-restore iptables-save
 endif
 if ENABLE_IPV6
-sbin_PROGRAMS += ip6tables-multi
 v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
 endif
 
diff --git a/ip6tables-multi.c b/ip6tables-multi.c
deleted file mode 100644
index 40ce37b..0000000
--- a/ip6tables-multi.c
+++ /dev/null
@@ -1,20 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "ip6tables-multi.h"
-
-static const struct subcommand multi6_subcommands[] = {
-	{"ip6tables",         ip6tables_main},
-	{"main",              ip6tables_main},
-	{"ip6tables-save",    ip6tables_save_main},
-	{"save",              ip6tables_save_main},
-	{"ip6tables-restore", ip6tables_restore_main},
-	{"restore",           ip6tables_restore_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi6_subcommands);
-}
diff --git a/iptables-multi.c b/iptables-multi.c
deleted file mode 100644
index 14579e0..0000000
--- a/iptables-multi.c
+++ /dev/null
@@ -1,22 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "iptables-multi.h"
-
-static const struct subcommand multi4_subcommands[] = {
-	{"iptables",         iptables_main},
-	{"main",             iptables_main},
-	{"iptables-save",    iptables_save_main},
-	{"save",             iptables_save_main},
-	{"iptables-restore", iptables_restore_main},
-	{"restore",          iptables_restore_main},
-	{"iptables-xml",     iptables_xml_main},
-	{"xml",              iptables_xml_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi4_subcommands);
-}
diff --git a/xtables-multi.c b/xtables-multi.c
new file mode 100644
index 0000000..f8d56ce
--- /dev/null
+++ b/xtables-multi.c
@@ -0,0 +1,39 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+
+#ifdef ENABLE_IPV4
+#include "iptables-multi.h"
+#endif
+
+#ifdef ENABLE_IPV6
+#include "ip6tables-multi.h"
+#endif
+
+static const struct subcommand multi_subcommands[] = {
+#ifdef ENABLE_IPV4
+	{"iptables",            iptables_main},
+	{"main4",               iptables_main},
+	{"iptables-save",       iptables_save_main},
+	{"save4",               iptables_save_main},
+	{"iptables-restore",    iptables_restore_main},
+	{"restore4",            iptables_restore_main},
+	{"iptables-xml",        iptables_xml_main},
+	{"xml4",                iptables_xml_main},
+#endif
+#ifdef ENABLE_IPV6
+	{"ip6tables",           ip6tables_main},
+	{"main6",               ip6tables_main},
+	{"ip6tables-save",      ip6tables_save_main},
+	{"save6",               ip6tables_save_main},
+	{"ip6tables-restore",   ip6tables_restore_main},
+	{"restore6",            ip6tables_restore_main},
+#endif
+	{NULL},
+};
+
+int main(int argc, char **argv)
+{
+	return subcmd_main(argc, argv, multi_subcommands);
+}
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 5/5] add xtables-multi{32,64} recognition

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 xtables-multi.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/xtables-multi.c b/xtables-multi.c
index f8d56ce..7f98286 100644
--- a/xtables-multi.c
+++ b/xtables-multi.c
@@ -14,20 +14,34 @@
 static const struct subcommand multi_subcommands[] = {
 #ifdef ENABLE_IPV4
 	{"iptables",            iptables_main},
+	{"iptables32",          iptables_main},
+	{"iptables64",          iptables_main},
 	{"main4",               iptables_main},
 	{"iptables-save",       iptables_save_main},
+	{"iptables-save32",     iptables_save_main},
+	{"iptables-save64",     iptables_save_main},
 	{"save4",               iptables_save_main},
 	{"iptables-restore",    iptables_restore_main},
+	{"iptables-restore32",  iptables_restore_main},
+	{"iptables-restore64",  iptables_restore_main},
 	{"restore4",            iptables_restore_main},
 	{"iptables-xml",        iptables_xml_main},
+	{"iptables-xml32",      iptables_xml_main},
+	{"iptables-xml64",      iptables_xml_main},
 	{"xml4",                iptables_xml_main},
 #endif
 #ifdef ENABLE_IPV6
 	{"ip6tables",           ip6tables_main},
+	{"ip6tables32",         ip6tables_main},
+	{"ip6tables64",         ip6tables_main},
 	{"main6",               ip6tables_main},
 	{"ip6tables-save",      ip6tables_save_main},
+	{"ip6tables-save32",    ip6tables_save_main},
+	{"ip6tables-save64",    ip6tables_save_main},
 	{"save6",               ip6tables_save_main},
 	{"ip6tables-restore",   ip6tables_restore_main},
+	{"ip6tables-restore32", ip6tables_restore_main},
+	{"ip6tables-restore64", ip6tables_restore_main},
 	{"restore6",            ip6tables_restore_main},
 #endif
 	{NULL},
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/5] Don't load ip6?_tables module when already loaded.

[Patrick McHardy]

On 19.04.2011 03:23, Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski <maze@google.com>
> 
> Signed-off-by: Maciej Zenczykowski <maze@google.com>
> ---
>  xshared.h |    2 ++
>  xtables.c |   34 +++++++++++++++++++++++++++++-----
>  2 files changed, 31 insertions(+), 5 deletions(-)
> 

> +/* return true if a given file exists within procfs */
> +static bool proc_file_exists(const char *filename)
> +{
> +	struct stat s;
> +	struct statfs f;
> +
> +	if (lstat(filename, &s)) return false;

Please put these return statements on lines of their own.

> +	if (!S_ISREG(s.st_mode)) return false;
> +	if (statfs(filename, &f)) return false;
> +	if (f.f_type != PROC_SUPER_MAGIC) return false;
> +	return true;
> +}
> +
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] Don't load ip6?_tables module when already loaded.

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 xshared.h |    2 ++
 xtables.c |   38 +++++++++++++++++++++++++++++++++-----
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/xshared.h b/xshared.h
index be53535..34f3265 100644
--- a/xshared.h
+++ b/xshared.h
@@ -29,6 +29,7 @@ struct xtables_target;
 /**
  * xtables_afinfo - protocol family dependent information
  * @kmod:		kernel module basename (e.g. "ip_tables")
+ * @proc_exists:	file which exists in procfs when module already loaded
  * @libprefix:		prefix of .so library name (e.g. "libipt_")
  * @family:		nfproto family
  * @ipproto:		used by setsockopt (e.g. IPPROTO_IP)
@@ -37,6 +38,7 @@ struct xtables_target;
  */
 struct xtables_afinfo {
 	const char *kmod;
+	const char *proc_exists;
 	const char *libprefix;
 	uint8_t family;
 	uint8_t ipproto;
diff --git a/xtables.c b/xtables.c
index a260c7b..fab1d79 100644
--- a/xtables.c
+++ b/xtables.c
@@ -27,9 +27,11 @@
 #include <unistd.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/statfs.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <arpa/inet.h>
+#include <linux/magic.h> /* for PROC_SUPER_MAGIC */
 
 #include <xtables.h>
 #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
@@ -139,6 +141,7 @@ struct option *xtables_merge_options(struct option *orig_opts,
 
 static const struct xtables_afinfo afinfo_ipv4 = {
 	.kmod          = "ip_tables",
+	.proc_exists   = "/proc/net/ip_tables_names",
 	.libprefix     = "libipt_",
 	.family	       = NFPROTO_IPV4,
 	.ipproto       = IPPROTO_IP,
@@ -148,6 +151,7 @@ static const struct xtables_afinfo afinfo_ipv4 = {
 
 static const struct xtables_afinfo afinfo_ipv6 = {
 	.kmod          = "ip6_tables",
+	.proc_exists   = "/proc/net/ip6_tables_names",
 	.libprefix     = "libip6t_",
 	.family        = NFPROTO_IPV6,
 	.ipproto       = IPPROTO_IPV6,
@@ -369,15 +373,39 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
 	return -1;
 }
 
+/* return true if a given file exists within procfs */
+static bool proc_file_exists(const char *filename)
+{
+	struct stat s;
+	struct statfs f;
+
+	if (lstat(filename, &s))
+		return false;
+	if (!S_ISREG(s.st_mode))
+		return false;
+	if (statfs(filename, &f))
+		return false;
+	if (f.f_type != PROC_SUPER_MAGIC)
+		return false;
+	return true;
+}
+
 int xtables_load_ko(const char *modprobe, bool quiet)
 {
 	static bool loaded = false;
-	static int ret = -1;
+	int ret;
 
-	if (!loaded) {
-		ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
-		loaded = (ret == 0);
-	}
+	if (loaded)
+		return 0;
+
+	if (proc_file_exists(afinfo->proc_exists)) {
+		loaded = true;
+		return 0;
+	};
+
+	ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
+	if (ret == 0)
+		loaded = true;
 
 	return ret;
 }
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Don't load ip6?_tables module when already loaded.

[Patrick McHardy]

On 19.04.2011 09:10, Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski <maze@google.com>
> 
> Signed-off-by: Maciej Zenczykowski <maze@google.com>
> ---
>  xshared.h |    2 ++
>  xtables.c |   38 +++++++++++++++++++++++++++++++++-----
>  2 files changed, 35 insertions(+), 5 deletions(-)

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/5] Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

[Patrick McHardy]

On 19.04.2011 03:23, Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski <maze@google.com>
> ´
> +		case '4':
> +			/* This is not the IPv4 iptables */
> +			if (line != -1) return 1; /* success: line ignored */

Please use separate lines for statements after conditions
everywhere.

> +			fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
> +			exit_tryhelp(2);
> +
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/5] add xtables-multi{32,64} recognition

[Patrick McHardy]

On 19.04.2011 03:23, Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski <maze@google.com>
> 
> Signed-off-by: Maciej Zenczykowski <maze@google.com>
> ---
>  xtables-multi.c |   14 ++++++++++++++
>  1 files changed, 14 insertions(+), 0 deletions(-)
> 
> diff --git a/xtables-multi.c b/xtables-multi.c
> index f8d56ce..7f98286 100644
> --- a/xtables-multi.c
> +++ b/xtables-multi.c
> @@ -14,20 +14,34 @@
>  static const struct subcommand multi_subcommands[] = {
>  #ifdef ENABLE_IPV4
>  	{"iptables",            iptables_main},
> +	{"iptables32",          iptables_main},
> +	{"iptables64",          iptables_main},

What is the purpose of this?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/5] add xtables-multi{32,64} recognition

[Maciej Żenczykowski]

> What is the purpose of this?

Unfortunately not every 64-bit kernel version has had fully functional
32 bit backwards compatibility with userspace.  As such, it is
sometimes necessary to ship a 32-bit userspace iptables for 32-bit
kernels and a 64-bit binary for 64-bit kernels - sometimes in the same
OS image.

The way I've done this is ship both binaries, one named *32 and one
*64 and then have a launcher at * launch the appropriate one for the
running kernel.

To be fair, these kernels are pretty old at this point, OTOH, the
patch is rather trivial and harmless.

- Maciej

Re: [PATCH 2/5] Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

[Maciej Żenczykowski]

> Please use separate lines for statements after conditions
> everywhere.

I'll fix that and will resend when I get in to work tomorrow.
Are you otherwise OK with these changes?

- Maciej

Re: [PATCH 5/5] add xtables-multi{32,64} recognition

[Patrick McHardy]

On 19.04.2011 09:29, Maciej Żenczykowski wrote:
>> What is the purpose of this?
> 
> Unfortunately not every 64-bit kernel version has had fully functional
> 32 bit backwards compatibility with userspace.  As such, it is
> sometimes necessary to ship a 32-bit userspace iptables for 32-bit
> kernels and a 64-bit binary for 64-bit kernels - sometimes in the same
> OS image.
> 
> The way I've done this is ship both binaries, one named *32 and one
> *64 and then have a launcher at * launch the appropriate one for the
> running kernel.
> 
> To be fair, these kernels are pretty old at this point, OTOH, the
> patch is rather trivial and harmless.

Sure, but if you upgrade iptables on those systems, you can simply
replace the wrapper script. I don't think it makes much sense to
put this into the upstream version to handle compatibility for your
specific case.

The other patches look good to me.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/5] Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

[Patrick McHardy]

On 19.04.2011 09:32, Maciej Żenczykowski wrote:
>> Please use separate lines for statements after conditions
>> everywhere.
> 
> I'll fix that and will resend when I get in to work tomorrow.
> Are you otherwise OK with these changes?

Yes, they look fine to me. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/5] add xtables-multi{32,64} recognition

[Jan Engelhardt]

On Tuesday 2011-04-19 03:23, Maciej Żenczykowski wrote:
>diff --git a/xtables-multi.c b/xtables-multi.c
>index f8d56ce..7f98286 100644
>--- a/xtables-multi.c
>+++ b/xtables-multi.c
>@@ -14,20 +14,34 @@
> static const struct subcommand multi_subcommands[] = {
> #ifdef ENABLE_IPV4
> 	{"iptables",            iptables_main},
>+	{"iptables32",          iptables_main},
>+	{"iptables64",          iptables_main},

I do not see a reason to having these names added. If you do have
more than one iptables program with different configuration installed
in your custom environment, use some custom shell scripts to readout $0 
and pass control to whatever instance.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/5] add xtables-multi{32,64} recognition

[Maciej Żenczykowski]

> I do not see a reason to having these names added. If you do have
> more than one iptables program with different configuration installed
> in your custom environment, use some custom shell scripts to readout $0
> and pass control to whatever instance.

Fair enough, I can easily keep this change locally.

(FYI, in this particular case the wrapper is actually a generic
arch-based dispatch binary used for many other binaries as well: you
symlink /bin/prog to /bin/arch_dispatch, and then /bin/prog32 or
/bin/prog64 gets called,
ultimately probably the dispatcher should be fixed to pass 'prog'
instead of 'prog32' or 'prog64' as argv[0].)

- Maciej

Re: Patches: don't call modprobe, ipv4/ipv6 flag support, xtables-multi unification.

[Maciej Żenczykowski]

Here's version 2.

Since the first patch was already applied, and the last isn't wanted,
we're down to 3 patches.

The following changes are available in the git repository at:
  git://github.com/zenczykowski/iptables.git for-upstream

The first patch is standalone, the third builds on the second.
Only the first patch was changed, and then only by adding
'enter,tab,tab,tab,tab' in two spots to fixup formatting.

Maciej Zenczykowski (5):
  Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
  Move common parts of libext{4,6}.a into libext.a
  combine ip6?tables-multi into xtables-multi

Thanks,
Maciej

[PATCH 1/3] Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

This enables one to have a single configuration file for both ipv4 and ipv6
firewall rules.

Example:
  iptables-restore config
  ip6tables-restore config

Where the file 'config' contains:
  *filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  :ssh - [0:0]

  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  -A INPUT -m state --state INVALID -j DROP
  -A INPUT -i lo -j ACCEPT
  -A INPUT -4 -p icmp -j ACCEPT
  -A INPUT -6 -p icmpv6 -j ACCEPT
  -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh
  -A ssh -j ACCEPT

  COMMIT

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 ip6tables.c |   17 ++++++++++++++++-
 iptables.c  |   16 +++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/ip6tables.c b/ip6tables.c
index f9909f1..967a5f8 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -124,6 +124,8 @@ static struct option original_opts[] = {
 	{.name = "modprobe",      .has_arg = 1, .val = 'M'},
 	{.name = "set-counters",  .has_arg = 1, .val = 'c'},
 	{.name = "goto",          .has_arg = 1, .val = 'g'},
+	{.name = "ipv4",          .has_arg = 0, .val = '4'},
+	{.name = "ipv6",          .has_arg = 0, .val = '6'},
 	{NULL},
 };
 
@@ -248,6 +250,8 @@ exit_printhelp(const struct xtables_rule_match *matches)
 "				Change chain name, (moving any references)\n"
 
 "Options:\n"
+"    --ipv4	-4		Error (line is ignored by ip6tables-restore)\n"
+"    --ipv6	-6		Nothing (line is ignored by iptables-restore)\n"
 "[!] --proto	-p proto	protocol: by number or name, eg. `tcp'\n"
 "[!] --source	-s address[/mask][,...]\n"
 "				source specification\n"
@@ -1439,7 +1443,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 	opts = xt_params->orig_opts;
 	while ((cs.c = getopt_long(argc, argv,
-	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:",
+	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:46",
 					   opts, NULL)) != -1) {
 		switch (cs.c) {
 			/*
@@ -1756,6 +1760,17 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			cs.fw6.counters.bcnt = cnt;
 			break;
 
+		case '4':
+			/* This is not the IPv4 iptables */
+			if (line != -1)
+				return 1; /* success: line ignored */
+			fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
+			exit_tryhelp(2);
+
+		case '6':
+			/* This is indeed the IPv6 ip6tables */
+			break;
+
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
 				if (cs.invert)
diff --git a/iptables.c b/iptables.c
index 0441dce..cc7525a 100644
--- a/iptables.c
+++ b/iptables.c
@@ -123,6 +123,8 @@ static struct option original_opts[] = {
 	{.name = "modprobe",      .has_arg = 1, .val = 'M'},
 	{.name = "set-counters",  .has_arg = 1, .val = 'c'},
 	{.name = "goto",          .has_arg = 1, .val = 'g'},
+	{.name = "ipv4",          .has_arg = 0, .val = '4'},
+	{.name = "ipv6",          .has_arg = 0, .val = '6'},
 	{NULL},
 };
 
@@ -261,6 +263,8 @@ exit_printhelp(const struct xtables_rule_match *matches)
 "				Change chain name, (moving any references)\n"
 
 "Options:\n"
+"    --ipv4	-4		Nothing (line is ignored by ip6tables-restore)\n"
+"    --ipv6	-6		Error (line is ignored by iptables-restore)\n"
 "[!] --proto	-p proto	protocol: by number or name, eg. `tcp'\n"
 "[!] --source	-s address[/mask][...]\n"
 "				source specification\n"
@@ -1467,7 +1471,7 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 
 	opts = xt_params->orig_opts;
 	while ((cs.c = getopt_long(argc, argv,
-	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:",
+	   "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46",
 					   opts, NULL)) != -1) {
 		switch (cs.c) {
 			/*
@@ -1782,6 +1786,16 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 			cs.fw.counters.bcnt = cnt;
 			break;
 
+		case '4':
+			/* This is indeed the IPv4 iptables */
+			break;
+
+		case '6':
+			/* This is not the IPv6 ip6tables */
+			if (line != -1)
+				return 1; /* success: line ignored */
+			fprintf(stderr, "This is the IPv4 version of iptables.\n");
+			exit_tryhelp(2);
 
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/3] Move common parts of libext{4,6}.a into libext.a

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 .gitignore                |    1 +
 Makefile.am               |    8 +++++-
 extensions/GNUmakefile.in |   53 ++++++++++++++++++++++++++++++++++-----------
 include/xtables.h.in      |    1 +
 ip6tables-restore.c       |    1 +
 ip6tables-save.c          |    1 +
 ip6tables-standalone.c    |    1 +
 iptables-restore.c        |    1 +
 iptables-save.c           |    1 +
 iptables-standalone.c     |    1 +
 10 files changed, 54 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index e5d3099..9b59e6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ Makefile
 Makefile.in
 
 /extensions/GNUmakefile
+/extensions/initext.c
 /extensions/initext?.c
 /extensions/matches?.man
 /extensions/targets?.man
diff --git a/Makefile.am b/Makefile.am
index fbed41f..6affcac 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,7 +45,9 @@ if ENABLE_STATIC
 iptables_multi_CFLAGS    += -DALL_INCLUSIVE
 endif
 iptables_multi_LDFLAGS    = -rdynamic
-iptables_multi_LDADD      = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
+iptables_multi_LDADD      = libiptc/libip4tc.la \
+                            extensions/libext.a extensions/libext4.a \
+                            libxtables.la -lm
 
 ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
                             ip6tables-restore.c ip6tables-standalone.c \
@@ -55,7 +57,9 @@ if ENABLE_STATIC
 ip6tables_multi_CFLAGS   += -DALL_INCLUSIVE
 endif
 ip6tables_multi_LDFLAGS   = -rdynamic
-ip6tables_multi_LDADD     = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
+ip6tables_multi_LDADD     = libiptc/libip6tc.la \
+                            extensions/libext.a extensions/libext6.a \
+                            libxtables.la -lm
 
 sbin_PROGRAMS    =
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 0e562fb..a511a39 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -51,11 +51,13 @@ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
 #
 # Building blocks
 #
-targets := libext4.a libext6.a matches4.man matches6.man \
+targets := libext.a libext4.a libext6.a \
+           matches4.man matches6.man \
            targets4.man targets6.man
 targets_install :=
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
+@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
 @ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 @ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 
@@ -70,7 +72,7 @@ install: ${targets_install}
 	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
 
 clean:
-	rm -f *.o *.oo *.so *.a {matches,targets}[46].man initext4.c initext6.c;
+	rm -f *.o *.oo *.so *.a {matches,targets}[46].man initext.c initext4.c initext6.c;
 
 distclean: clean
 	rm -f .*.d .*.dd;
@@ -101,36 +103,61 @@ lib%.oo: ${srcdir}/lib%.c
 lib%.o: ${srcdir}/lib%.c
 	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<;
 
+libext.a: initext.o ${libext_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
 libext4.a: initext4.o ${libext4_objs}
 	${AM_VERBOSE_AR} ${AR} crs $@ $^;
 
 libext6.a: initext6.o ${libext6_objs}
 	${AM_VERBOSE_AR} ${AR} crs $@ $^;
 
-initext_func  := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
+initext_func  := $(addprefix xt_,${pfx_build_mod})
+initext4_func := $(addprefix ipt_,${pf4_build_mod})
+initext6_func := $(addprefix ip6t_,${pf6_build_mod})
 
-.initext4.dd: FORCE
+.initext.dd: FORCE
 	@echo "${initext_func}" >$@.tmp; \
 	cmp -s $@ $@.tmp || mv $@.tmp $@; \
 	rm -f $@.tmp;
 
+.initext4.dd: FORCE
+	@echo "${initext4_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
 .initext6.dd: FORCE
 	@echo "${initext6_func}" >$@.tmp; \
 	cmp -s $@ $@.tmp || mv $@.tmp $@; \
 	rm -f $@.tmp;
 
-initext4.c: .initext4.dd
+initext.c: .initext.dd
 	${AM_VERBOSE_GEN}
 	@( \
 	echo "" >$@; \
 	for i in ${initext_func}; do \
 		echo "extern void lib$${i}_init(void);" >>$@; \
 	done; \
+	echo "void init_extensions(void);" >>$@; \
+	echo "void init_extensions(void)" >>$@; \
+	echo "{" >>$@; \
+	for i in ${initext_func}; do \
+		echo  " ""lib$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+initext4.c: .initext4.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext4_func}; do \
+		echo "extern void lib$${i}_init(void);" >>$@; \
+	done; \
 	echo "void init_extensions4(void);" >>$@; \
 	echo "void init_extensions4(void)" >>$@; \
 	echo "{" >>$@; \
-	for i in ${initext_func}; do \
+	for i in ${initext4_func}; do \
 		echo  " ""lib$${i}_init();" >>$@; \
 	done; \
 	echo "}" >>$@; \
@@ -177,14 +204,14 @@ man_run    = \
 		fi; \
 	done >$@;
 
-matches4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
+matches4.man: .initext.dd .initext4.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
 
-matches6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
+matches6.man: .initext.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
 
-targets4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
+targets4.man: .initext.dd .initext4.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
 
-targets6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
+targets6.man: .initext.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
 	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
diff --git a/include/xtables.h.in b/include/xtables.h.in
index b080285..1d91d4d 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -422,6 +422,7 @@ extern void xtables_save_string(const char *value);
 #		undef _init
 #		define _init _INIT
 #	endif
+	extern void init_extensions(void);
 	extern void init_extensions4(void);
 	extern void init_extensions6(void);
 #else
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 5531d6e..420bc52 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -137,6 +137,7 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/ip6tables-save.c b/ip6tables-save.c
index d9ecc62..39a3325 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -149,6 +149,7 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c
index 7d34684..9d8d5a0 100644
--- a/ip6tables-standalone.c
+++ b/ip6tables-standalone.c
@@ -59,6 +59,7 @@ main(int argc, char *argv[])
 	}
 
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions6();
 #endif
 
diff --git a/iptables-restore.c b/iptables-restore.c
index e4f0604..2624599 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -140,6 +140,7 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
diff --git a/iptables-save.c b/iptables-save.c
index dee1752..7542bdc 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -149,6 +149,7 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
diff --git a/iptables-standalone.c b/iptables-standalone.c
index b085946..87f1d31 100644
--- a/iptables-standalone.c
+++ b/iptables-standalone.c
@@ -59,6 +59,7 @@ main(int argc, char *argv[])
 				exit(1);
 	}
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensions();
 	init_extensions4();
 #endif
 
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/3] combine ip6?tables-multi into xtables-multi

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 .gitignore        |    3 +--
 Makefile.am       |   44 ++++++++++++++++++++------------------------
 ip6tables-multi.c |   20 --------------------
 iptables-multi.c  |   22 ----------------------
 xtables-multi.c   |   39 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 60 insertions(+), 68 deletions(-)
 delete mode 100644 ip6tables-multi.c
 delete mode 100644 iptables-multi.c
 create mode 100644 xtables-multi.c

diff --git a/.gitignore b/.gitignore
index 9b59e6a..9d24ce0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,14 +41,13 @@ Makefile.in
 
 /ip6tables
 /ip6tables.8
-/ip6tables-multi
 /ip6tables-save
 /ip6tables-restore
 /ip6tables-static
 /iptables
 /iptables.8
-/iptables-multi
 /iptables-save
 /iptables-restore
 /iptables-static
 /iptables-xml
+/xtables-multi
diff --git a/Makefile.am b/Makefile.am
index 6affcac..13e144e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,7 +17,7 @@ endif
 lib_LTLIBRARIES =
 
 # libiptc
-lib_LTLIBRARIES           += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
+lib_LTLIBRARIES            += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
 libiptc_libiptc_la_SOURCES  =
 libiptc_libiptc_la_LIBADD   = libiptc/libip4tc.la libiptc/libip6tc.la
 libiptc_libiptc_la_LDFLAGS  = -version-info 0:0:0 ${libiptc_LDFLAGS2}
@@ -37,43 +37,39 @@ libxtables_la_CFLAGS  = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
 libxtables_la_LIBADD  =
 endif
 
-iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
-                            iptables-restore.c iptables-xml.c \
-                            iptables-standalone.c iptables.c xshared.c
-iptables_multi_CFLAGS     = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_SOURCES  = xtables-multi.c
+xtables_multi_CFLAGS   = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_LDFLAGS  = -rdynamic
+xtables_multi_LDADD    = extensions/libext.a
 if ENABLE_STATIC
-iptables_multi_CFLAGS    += -DALL_INCLUSIVE
+xtables_multi_CFLAGS  += -DALL_INCLUSIVE
 endif
-iptables_multi_LDFLAGS    = -rdynamic
-iptables_multi_LDADD      = libiptc/libip4tc.la \
-                            extensions/libext.a extensions/libext4.a \
-                            libxtables.la -lm
-
-ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
-                            ip6tables-restore.c ip6tables-standalone.c \
-                            ip6tables.c xshared.c
-ip6tables_multi_CFLAGS    = ${AM_CFLAGS} -DIPTABLES_MULTI
-if ENABLE_STATIC
-ip6tables_multi_CFLAGS   += -DALL_INCLUSIVE
+if ENABLE_IPV4
+xtables_multi_SOURCES += iptables-save.c iptables-restore.c iptables-xml.c \
+                         iptables-standalone.c iptables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV4
+xtables_multi_LDADD   += libiptc/libip4tc.la extensions/libext4.a
+endif
+if ENABLE_IPV6
+xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \
+                          ip6tables-standalone.c ip6tables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV6
+xtables_multi_LDADD   += libiptc/libip6tc.la extensions/libext6.a
 endif
-ip6tables_multi_LDFLAGS   = -rdynamic
-ip6tables_multi_LDADD     = libiptc/libip6tc.la \
-                            extensions/libext.a extensions/libext6.a \
-                            libxtables.la -lm
+xtables_multi_SOURCES += xshared.c
+xtables_multi_LDADD   += libxtables.la -lm
 
-sbin_PROGRAMS    =
+sbin_PROGRAMS    = xtables-multi
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
                    ip6tables-save.8
 CLEANFILES       = iptables.8 ip6tables.8
 
 if ENABLE_IPV4
-sbin_PROGRAMS += iptables-multi
 v4_bin_links   = iptables-xml
 v4_sbin_links  = iptables iptables-restore iptables-save
 endif
 if ENABLE_IPV6
-sbin_PROGRAMS += ip6tables-multi
 v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
 endif
 
diff --git a/ip6tables-multi.c b/ip6tables-multi.c
deleted file mode 100644
index 40ce37b..0000000
--- a/ip6tables-multi.c
+++ /dev/null
@@ -1,20 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "ip6tables-multi.h"
-
-static const struct subcommand multi6_subcommands[] = {
-	{"ip6tables",         ip6tables_main},
-	{"main",              ip6tables_main},
-	{"ip6tables-save",    ip6tables_save_main},
-	{"save",              ip6tables_save_main},
-	{"ip6tables-restore", ip6tables_restore_main},
-	{"restore",           ip6tables_restore_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi6_subcommands);
-}
diff --git a/iptables-multi.c b/iptables-multi.c
deleted file mode 100644
index 14579e0..0000000
--- a/iptables-multi.c
+++ /dev/null
@@ -1,22 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "iptables-multi.h"
-
-static const struct subcommand multi4_subcommands[] = {
-	{"iptables",         iptables_main},
-	{"main",             iptables_main},
-	{"iptables-save",    iptables_save_main},
-	{"save",             iptables_save_main},
-	{"iptables-restore", iptables_restore_main},
-	{"restore",          iptables_restore_main},
-	{"iptables-xml",     iptables_xml_main},
-	{"xml",              iptables_xml_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi4_subcommands);
-}
diff --git a/xtables-multi.c b/xtables-multi.c
new file mode 100644
index 0000000..f8d56ce
--- /dev/null
+++ b/xtables-multi.c
@@ -0,0 +1,39 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+
+#ifdef ENABLE_IPV4
+#include "iptables-multi.h"
+#endif
+
+#ifdef ENABLE_IPV6
+#include "ip6tables-multi.h"
+#endif
+
+static const struct subcommand multi_subcommands[] = {
+#ifdef ENABLE_IPV4
+	{"iptables",            iptables_main},
+	{"main4",               iptables_main},
+	{"iptables-save",       iptables_save_main},
+	{"save4",               iptables_save_main},
+	{"iptables-restore",    iptables_restore_main},
+	{"restore4",            iptables_restore_main},
+	{"iptables-xml",        iptables_xml_main},
+	{"xml4",                iptables_xml_main},
+#endif
+#ifdef ENABLE_IPV6
+	{"ip6tables",           ip6tables_main},
+	{"main6",               ip6tables_main},
+	{"ip6tables-save",      ip6tables_save_main},
+	{"save6",               ip6tables_save_main},
+	{"ip6tables-restore",   ip6tables_restore_main},
+	{"restore6",            ip6tables_restore_main},
+#endif
+	{NULL},
+};
+
+int main(int argc, char **argv)
+{
+	return subcmd_main(argc, argv, multi_subcommands);
+}
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Patches: don't call modprobe, ipv4/ipv6 flag support, xtables-multi unification.

[Patrick McHardy]

On 20.04.2011 03:44, Maciej Żenczykowski wrote:
> Here's version 2.
> 
> Since the first patch was already applied, and the last isn't wanted,
> we're down to 3 patches.
> 
> The following changes are available in the git repository at:
>   git://github.com/zenczykowski/iptables.git for-upstream
> 
> The first patch is standalone, the third builds on the second.
> Only the first patch was changed, and then only by adding
> 'enter,tab,tab,tab,tab' in two spots to fixup formatting.
> 
> Maciej Zenczykowski (5):
>   Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
>   Move common parts of libext{4,6}.a into libext.a
>   combine ip6?tables-multi into xtables-multi

Pulled, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html