anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 05:05:12 +02:00
Code Issues Releases Wiki Activity
1,093 Commits 5 Branches 85 Tags
42a9b5c6c325231af3f14ba2ad9c28d4f1a8bbd7
Commit Graph

1093 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew S. Johnson
42a9b5c6c3 xt_pknock: cure NULL dereference 
The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.
 2021-02-28 17:50:36 +01:00
Jan Engelhardt
3233a0ed2c Xtables-addons 3.16 v3.16 2021-02-24 01:16:22 +01:00
Jan Engelhardt
97808473f9 xt_quota2: silence a compiler warning 
libxt_quota2.c:73:3: warning: ‘strncpy’ specified bound 15 equals destination size [-Wstringop-truncation]
   73 |   strncpy(info->name, optarg, sizeof(info->name));
 2021-02-24 01:12:28 +01:00
Andrew S. Johnson
3aa4ca3eaf xt_pknock: use do_div for long division 2021-02-24 01:10:18 +01:00
Jan Engelhardt
5104269605 Xtables-addons 3.15 v3.15 2021-02-05 21:56:26 +01:00
Jan Engelhardt
4ee209416f xt_pknock: replace obsolete function get_seconds 
get_seconds is removed in 5.11; its replacement ktime_get_real_seconds
is available since 3.19. The timestamps should not be affected by clock
resets, so will be switched to ktime_get_seconds.
 2021-02-05 21:55:46 +01:00
Jan Engelhardt
43df040e05 xt_lscan: add --mirai option 2021-02-05 18:58:55 +01:00
Jan Engelhardt
f59a4eb9d9 xt_lscan: extend info struct to support more flags (without size change) 2021-01-20 02:50:01 +01:00
Jan Engelhardt
a238253509 xt_ECHO: support new function signature of security_skb_classify_flow 2021-01-20 02:44:25 +01:00
Jan Engelhardt
4547e4c5cc Xtables-addons 3.14 v3.14 2020-11-24 18:41:52 +01:00
Jeremy Sowden
5d94a36d22 geoip: use correct download URL for MaxMind DBs 
The download URL for the GeoLite2 DBs has changed and includes a
licence key. Update the download script to read the key from file or
stdin and use the correct URL.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-11-24 18:39:00 +01:00
Jan Engelhardt
9d5b2e2e0e extensions: reduce number of arguments to send_reset functions 2020-11-23 23:14:46 +01:00
Jan Engelhardt
f973577ec0 extensions: call send_reset with xtables state socket 
Reported-by: Minqiang Chen <ptpt52@gmail.com>
 2020-11-23 23:06:25 +01:00
Jan Engelhardt
a35feefa0f build: cure overall build failure when CONFIG_NF_NAT=n 2020-11-22 17:45:37 +01:00
Jan Engelhardt
a1b3d81ccb geoip: rename xt_geoip_fetch to xt_geoip_query 
"fetch" sounds a bit like "download", but that is not what this
utility does. Calling it "query" seems more appropriate.
 2020-11-22 17:44:51 +01:00
Jeremy Sowden
6504f251c6 geoip: add man pages for MaxMind scripts 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-11-22 17:27:51 +01:00
Jeremy Sowden
1c67775d10 doc: fix man page typos 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-11-22 17:27:40 +01:00
Jeremy Sowden
7327cd725b geoip: remove superfluous xt_geoip_fetch_maxmind script 
xt_geoip_fetch and xt_geoip_fetch_maxmind are identical. Remove the
latter.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-11-22 17:27:31 +01:00
Jan Engelhardt
5c8aecdd56 Xtables-addons 3.13 v3.13 2020-11-20 13:13:52 +01:00
Jan Engelhardt
5ad9de75d4 compat_xtables: employ route_me_harder define for 4.19 and 5.4 too 
The API change found its way into some more Linux stable series.
 2020-11-20 13:11:38 +01:00
Jan Engelhardt
9e84e8f13d Xtables-addons 3.12 v3.12 2020-11-19 22:11:19 +01:00
Jan Engelhardt
50153ffdb9 compat_xtables: fix a spello near route_me_harder 2020-11-19 22:11:19 +01:00
Jan Engelhardt
9c4aeea422 xt_DNETMAP: compaction of variable declarations 2020-11-19 21:53:15 +01:00
Philip Prindeville
c09d0704af geoip: re-add Maxmind scripts 2020-11-19 13:03:42 +01:00
Jan Engelhardt
0021003dc7 extensions: abolish NIPQUAD/NIP6 
Support for Linux 2.6.28 is long gone.
 2020-11-19 12:54:36 +01:00
Jan Engelhardt
0ab3247900 build: adjust for changed signature of ip_route_me_harder 
(Cf. commit 46d6c5ae953cc0be38efd0e469284df7c4328cf8 in Linux.)
 2020-11-19 12:28:55 +01:00
Jeremy Sowden
d3f7dc1f55 pknlusr: mention the group ID command-line paramater in the man page 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-26 11:08:20 +01:00
Jan Engelhardt
87d3aab175 pknock: trim some blank lines 2020-10-26 11:06:57 +01:00
Jan Engelhardt
bfb0516c79 extensions: split assignments and if-exprs 2020-10-25 15:41:24 +01:00
Jeremy Sowden
939d3ee0d3 xt_pknock: remove DEBUG definition and disable debug output 
The DEBUG definition in xt_pknock.h causes a compiler warning if one
adds a DEBUG define to xt_pknock.c to enable pr_debug. Since it only
controls some debugging output in libxt_pknock.c, it would make sense to
move the definition there, but let's just disable the debugging instead.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:17:40 +01:00
Jeremy Sowden
5df71f8741 xt_pknock: use pr_err 
Replace some instances of `printk(KERN_ERR PKNOCK ...)`. We define
`pr_fmt`, so `pr_err` is equivalent.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:14:31 +01:00
Jeremy Sowden
82379e8ec1 xt_pknock: use kzalloc 
Replace some instances of kmalloc + memset.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:14:27 +01:00
Jeremy Sowden
b3a3f2e91b xt_pknock: use IS_ENABLED 
It is more succinct than checking whether CONFIG_BLAH or
CONFIG_BLAH_MODULE are defined.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:06:11 +01:00
Jeremy Sowden
63fb5d3490 pknlusr: fix hard-coded netlink multicast group ID 
The group ID used by xt_pknock is configurable, but pknlusr hard-codes
it. Modify pknlusr to accept an optional ID from the command line.
Group IDs range from 1 to 32 and each ID appears in the group bitmask
at position `group_id - 1`.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:06:10 +01:00
Jeremy Sowden
05cacbe84c pknlusr: always close socket 
On some error paths, the socket was not being closed before exit.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:02:39 +01:00
Jeremy Sowden
3c120ef5f1 pknlusr: do not treat recv return value of zero as an error 
A return-value of zero is not an error, so there is no point calling
perror, but since we have not requested and do not expect a zero-length
datagram, we treat it as EOF and exit.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:01:50 +01:00
Jeremy Sowden
b0a1aacd4b pknlusr: use macro to define inet_ntop buffer size 
POSIX provides a macro to define the minimum length required, so let's
use it.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:01:18 +01:00
Jeremy Sowden
c3bd1c61d1 pknlusr: use NLMSG macros and proper types, rather than arithmetic on char pointers 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 15:00:45 +01:00
Jeremy Sowden
9cd0b44c81 pknlusr: tidy up initialization of local address 
Use struct initialization and drop memset. We do not need to set the port
ID, since the kernel will do it for us.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 14:54:40 +01:00
Jeremy Sowden
b4faa4de65 pknock: pknlusr: tighten up variable scopes 
Make global variables local, and move variables local to while-loop into
the loop.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 14:54:10 +01:00
Jeremy Sowden
b05ea5644c pknock: pknlusr: remove dest_addr and rename src_addr 
We only need to specify the address at our end, and given that we are
receiving messages, not sending them, calling it `src_addr` is
misleading.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 14:53:34 +01:00
Jeremy Sowden
b052ec0f7d pknock: pknlusr: ensure man-page is included by make dist 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-10-25 14:50:17 +01:00
Jeremy Sowden
249df831b0 pknlusr: add man page 
Since pknlusr is now being installed, let's give it a man page.
 2020-10-23 11:22:41 +02:00
Jeremy Sowden
86112194da pknlusr: fix formatting of a line 2020-10-22 19:59:06 +02:00
Jan Engelhardt
20e1b669fc Xtables-addons 3.11 v3.11 2020-09-06 16:35:13 +02:00
Jeremy Sowden
e4784832ed build: bump supported kernel version to 5.9 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-08-31 15:04:54 +02:00
Jeremy Sowden
48e30a0990 xt_ACCOUNT: update prototype of nf_sockopt_ops::set callback 
In 5.9, the `void __user` parameter has been replaced by a `sockptr`.
Update `ipt_acc_set_ctl` appropriately.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-08-31 15:04:43 +02:00
Helmut Grohne
ea588d0b9c build: do not hard-code pkg-config 
Use $PKG_CONFIG in configure.ac in order to allow it to be overridden.
Fixes cross-compilation.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-08-31 13:03:48 +02:00
Jeremy Sowden
96460646e9 build: clean some extra build artifacts. 
Makefile.mans creates .manpages.lst, but does not remove it. Add
it to the `clean` target.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2020-08-30 13:39:53 +02:00
Jan Engelhardt
2cb4b2bec6 build: do build & install userspace programs for xt_ACCOUNT and xt_pknock 2020-08-30 13:36:10 +02:00