Xtables-addons 2.2

A PPC system has been observed where "char" is unsigned; with that,
the getopt loop will never terminate because optchar != -1 could not
happen.

INSTALL

@@ -16,12 +16,13 @@ Supported configurations for this release
 
 	* kernel-devel >= 3.7
 	  with prepared build/output directory
-	  - CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
+	  - CONFIG_NF_CONNTRACK
-	  - CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
+	  - CONFIG_NF_CONNTRACK_MARK enabled =y or as module (=m)
-	    enabled =y or as module (=m)
 	  - CONFIG_CONNECTOR y/m if you wish to receive userspace
 	    notifications from pknock through netlink/connector
 
+(Use xtables-addons-1.x if you need support for Linux < 3.7.)
+
 
 Selecting extensions
 ====================

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [2.0])
+AC_INIT([xtables-addons], [2.2])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
@@ -63,8 +63,8 @@ if test -n "$kbuilddir"; then
 		echo "WARNING: Version detection did not succeed. Continue at own luck.";
 	else
 		echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 7; then
+		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 9; then
-			echo "WARNING: That kernel version is not officially supported.";
+			echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
 		elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
 			:;
 		else

doc/changelog.txt

@@ -3,6 +3,21 @@ HEAD
 ====
 
 
+v2.2 (2013-03-31)
+=================
+Enhancements:
+- Support for Linux 3.9
+- iptaccount: fix entire program being erroneously optimized away on PPC
+
+
+v2.1 (2012-11-27)
+=================
+Fixes:
+- DNETMAP: fix compile error with Linux 3.7
+Enhancements:
+- Support for Linux 3.8
+
+
 v2.0 (2012-11-12)
 =================
 Changes:

extensions/ACCOUNT/iptaccount.c

@@ -64,7 +64,7 @@ int main(int argc, char *argv[])
 	struct ipt_ACCOUNT_context ctx;
 	struct ipt_acc_handle_ip *entry;
 	int i;
-	char optchar;
+	int optchar;
 	bool doHandleUsage = false, doHandleFree = false, doTableNames = false;
 	bool doFlush = false, doContinue = false, doCSV = false;
 

extensions/xt_DELUDE.c

@@ -140,9 +140,11 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
 static unsigned int
 delude_tg(struct sk_buff **pskb, const struct xt_action_param *par)
 {
-	/* WARNING: This code causes reentry within iptables.
+	/*
-	   This means that the iptables jump stack is now crap.  We
+	 * Sending the reset causes reentrancy within iptables - and should not pose
-	   must return an absolute verdict. --RR */
+	 * a problem, as that is supported since Linux 2.6.35. But since we do not
+	 * actually want to have a connection open, we are still going to drop it.
+	 */
 	delude_send_reset(*pskb, par->hooknum);
 	return NF_DROP;
 }

extensions/xt_DNETMAP.c

@@ -27,10 +27,9 @@
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/version.h>
-#include <net/netfilter/nf_nat_rule.h>
 #include <net/net_namespace.h>
 #include <net/netns/generic.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
 #include "compat_xtables.h"
 #include "xt_DNETMAP.h"
 
@@ -836,7 +835,7 @@ static int __net_init dnetmap_proc_net_init(struct net *net)
 
 static void __net_exit dnetmap_proc_net_exit(struct net *net)
 {
-	proc_net_remove(net, "xt_DNETMAP");
+	remove_proc_entry("xt_DNETMAP", net->proc_net);
 }
 
 #else

extensions/xt_SYSRQ.c

@@ -1,6 +1,6 @@
 /*
  *	"SYSRQ" target extension for Xtables
- *	Copyright © Jan Engelhardt, 2008 - 2010
+ *	Copyright © Jan Engelhardt, 2008 - 2012
  *
  *	Based upon the ipt_SYSRQ idea by Marek Zalem <marek [at] terminus sk>
  *
@@ -24,6 +24,7 @@
 #include <linux/crypto.h>
 #include <linux/scatterlist.h>
 #include <net/ip.h>
+#include <net/ipv6.h>
 #include "compat_xtables.h"
 
 #if defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE)

mconfig

@@ -4,7 +4,7 @@ build_ACCOUNT=m
 build_CHAOS=m
 build_DELUDE=m
 build_DHCPMAC=m
-build_DNETMAP=
+build_DNETMAP=m
 build_ECHO=m
 build_IPMARK=m
 build_LOGMARK=m

xtables-addons.8.in

@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "v2.0 (2012-11-12)" "" "v2.0 (2012-11-12)"
+.TH xtables-addons 8 "Continuous Snow Edition" "" "v2.2 (2013-03-31)"
 .SH Name
 Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
 .SH Targets