mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-21 12:04:56 +02:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1b4b4347c5 | ||
|
|
2f37af43c5 | ||
|
|
56e5970c64 | ||
|
|
2b76b68c65 | ||
|
|
d2eeac4c32 | ||
|
|
0e9037b000 | ||
|
|
0a6091b64a | ||
|
|
b565a85fb6 | ||
|
|
89c80f5981 | ||
|
|
8579fd2b3b | ||
|
|
0a836e9677 |
@@ -1,4 +1,4 @@
|
|||||||
AC_INIT([xtables-addons], [2.13])
|
AC_INIT([xtables-addons], [2.14])
|
||||||
AC_CONFIG_AUX_DIR([build-aux])
|
AC_CONFIG_AUX_DIR([build-aux])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
AC_CONFIG_MACRO_DIR([m4])
|
AC_CONFIG_MACRO_DIR([m4])
|
||||||
|
|||||||
@@ -1,6 +1,16 @@
|
|||||||
|
|
||||||
HEAD
|
HEAD
|
||||||
====
|
====
|
||||||
|
Enhancements:
|
||||||
|
- support for Linux up to 4.15
|
||||||
|
|
||||||
|
|
||||||
|
v2.14 (2017-11-22)
|
||||||
|
==================
|
||||||
|
Enhancements:
|
||||||
|
- support for Linux up to 4.14
|
||||||
|
Fixes:
|
||||||
|
- xt_DNETMAP: fix some reports from PVSStudio (a static checker)
|
||||||
|
|
||||||
|
|
||||||
v2.13 (2017-06-29)
|
v2.13 (2017-06-29)
|
||||||
|
|||||||
@@ -93,4 +93,8 @@ static inline struct net *par_net(const struct xt_action_param *par)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef NF_CT_ASSERT
|
||||||
|
# define NF_CT_ASSERT(x) WARN_ON(!(x))
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* _XTABLES_COMPAT_H */
|
#endif /* _XTABLES_COMPAT_H */
|
||||||
|
|||||||
@@ -357,11 +357,18 @@ has_logged_during_this_minute(const struct peer *peer)
|
|||||||
*
|
*
|
||||||
* @r: rule
|
* @r: rule
|
||||||
*/
|
*/
|
||||||
static void
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
|
||||||
peer_gc(unsigned long r)
|
static void peer_gc(struct timer_list *tl)
|
||||||
|
#else
|
||||||
|
static void peer_gc(unsigned long r)
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
|
||||||
|
struct xt_pknock_rule *rule = from_timer(rule, tl, timer);
|
||||||
|
#else
|
||||||
struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r;
|
struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r;
|
||||||
|
#endif
|
||||||
struct peer *peer;
|
struct peer *peer;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
|
|
||||||
@@ -469,9 +476,13 @@ add_rule(struct xt_pknock_mtinfo *info)
|
|||||||
if (rule->peer_head == NULL)
|
if (rule->peer_head == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
|
||||||
|
timer_setup(&rule->timer, peer_gc, 0);
|
||||||
|
#else
|
||||||
init_timer(&rule->timer);
|
init_timer(&rule->timer);
|
||||||
rule->timer.function = peer_gc;
|
rule->timer.function = peer_gc;
|
||||||
rule->timer.data = (unsigned long)rule;
|
rule->timer.data = (unsigned long)rule;
|
||||||
|
#endif
|
||||||
|
|
||||||
rule->status_proc = proc_create_data(info->rule_name, 0, pde,
|
rule->status_proc = proc_create_data(info->rule_name, 0, pde,
|
||||||
&pknock_proc_ops, rule);
|
&pknock_proc_ops, rule);
|
||||||
@@ -619,8 +630,9 @@ static void add_peer(struct peer *peer, struct xt_pknock_rule *rule)
|
|||||||
*/
|
*/
|
||||||
static void remove_peer(struct peer *peer)
|
static void remove_peer(struct peer *peer)
|
||||||
{
|
{
|
||||||
|
if (peer == NULL)
|
||||||
|
return;
|
||||||
list_del(&peer->head);
|
list_del(&peer->head);
|
||||||
if (peer != NULL)
|
|
||||||
kfree(peer);
|
kfree(peer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -79,7 +79,7 @@ static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
|
|||||||
tcph->doff = sizeof(struct tcphdr) / 4;
|
tcph->doff = sizeof(struct tcphdr) / 4;
|
||||||
|
|
||||||
/* DELUDE essential part */
|
/* DELUDE essential part */
|
||||||
if (oth->syn && !oth->ack && !oth->rst && !oth->fin) {
|
if (oth->syn && !oth->ack && !oth->fin) {
|
||||||
tcph->syn = true;
|
tcph->syn = true;
|
||||||
tcph->seq = 0;
|
tcph->seq = 0;
|
||||||
tcph->ack = true;
|
tcph->ack = true;
|
||||||
|
|||||||
@@ -376,10 +376,6 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|||||||
#else
|
#else
|
||||||
unsigned int hooknum = par->hooknum;
|
unsigned int hooknum = par->hooknum;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING ||
|
|
||||||
hooknum == NF_INET_LOCAL_OUT ||
|
|
||||||
hooknum == NF_INET_PRE_ROUTING);
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
|
jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
|
||||||
@@ -398,7 +394,7 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|||||||
/* if prefix is specified, we check if
|
/* if prefix is specified, we check if
|
||||||
it matches lookedup entry */
|
it matches lookedup entry */
|
||||||
if (tginfo->flags & XT_DNETMAP_PREFIX)
|
if (tginfo->flags & XT_DNETMAP_PREFIX)
|
||||||
if (memcmp(mr, &e->prefix, sizeof(*mr)))
|
if (memcmp(mr, &e->prefix->prefix, sizeof(*mr)))
|
||||||
goto no_rev_map;
|
goto no_rev_map;
|
||||||
/* don't reset ttl if flag is set */
|
/* don't reset ttl if flag is set */
|
||||||
if (jttl >= 0 && (! (e->flags & XT_DNETMAP_STATIC) ) ) {
|
if (jttl >= 0 && (! (e->flags & XT_DNETMAP_STATIC) ) ) {
|
||||||
|
|||||||
@@ -511,7 +511,7 @@ search_bittorrent(const unsigned char *payload, const unsigned int plen)
|
|||||||
* but *must have* one (or more) of strings listed below (true for scrape and announce)
|
* but *must have* one (or more) of strings listed below (true for scrape and announce)
|
||||||
*/
|
*/
|
||||||
if (memcmp(payload, "GET /", 5) == 0) {
|
if (memcmp(payload, "GET /", 5) == 0) {
|
||||||
if (HX_memmem(payload, plen, "info_hash=", 9) != NULL)
|
if (HX_memmem(payload, plen, "info_hash=", 10) != NULL)
|
||||||
return IPP2P_BIT * 100 + 1;
|
return IPP2P_BIT * 100 + 1;
|
||||||
if (HX_memmem(payload, plen, "peer_id=", 8) != NULL)
|
if (HX_memmem(payload, plen, "peer_id=", 8) != NULL)
|
||||||
return IPP2P_BIT * 100 + 2;
|
return IPP2P_BIT * 100 + 2;
|
||||||
|
|||||||
@@ -8,23 +8,45 @@ use IO::Handle;
|
|||||||
use Text::CSV_XS; # or trade for Text::CSV
|
use Text::CSV_XS; # or trade for Text::CSV
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
|
my $le32 = pack("V", 0x10000000);
|
||||||
|
my $be32 = pack("N", 0x10000000);
|
||||||
|
my $u32 = undef;
|
||||||
|
|
||||||
|
sub wantBE { return !$u32 || $u32 eq $be32; }
|
||||||
|
sub wantLE { return !$u32 || $u32 eq $le32; }
|
||||||
|
|
||||||
my $csv = Text::CSV_XS->new({
|
my $csv = Text::CSV_XS->new({
|
||||||
allow_whitespace => 1,
|
allow_whitespace => 1,
|
||||||
binary => 1,
|
binary => 1,
|
||||||
eol => $/,
|
eol => $/,
|
||||||
}); # or Text::CSV
|
}); # or Text::CSV
|
||||||
my $target_dir = ".";
|
my $target_dir = ".";
|
||||||
|
my $native_only = 0;
|
||||||
|
|
||||||
&Getopt::Long::Configure(qw(bundling));
|
&Getopt::Long::Configure(qw(bundling));
|
||||||
&GetOptions(
|
&GetOptions(
|
||||||
"D=s" => \$target_dir,
|
"D=s" => \$target_dir,
|
||||||
|
"n" => \$native_only,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!-d $target_dir) {
|
if (!-d $target_dir) {
|
||||||
print STDERR "Target directory $target_dir does not exist.\n";
|
print STDERR "Target directory $target_dir does not exist.\n";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
foreach (qw(LE BE)) {
|
my @dbs = qw(LE BE);
|
||||||
|
if ($native_only) {
|
||||||
|
$u32 = pack("L", 0x10000000);
|
||||||
|
if ($u32 eq $le32) {
|
||||||
|
@dbs = qw(LE);
|
||||||
|
} elsif ($u32 eq $be32) {
|
||||||
|
@dbs = qw(BE);
|
||||||
|
} else {
|
||||||
|
print STDERRR "Cannot determine endianness.\n";
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach (@dbs) {
|
||||||
my $dir = "$target_dir/$_";
|
my $dir = "$target_dir/$_";
|
||||||
if (!-e $dir && !mkdir($dir)) {
|
if (!-e $dir && !mkdir($dir)) {
|
||||||
print STDERR "Could not mkdir $dir: $!\n";
|
print STDERR "Could not mkdir $dir: $!\n";
|
||||||
@@ -80,11 +102,18 @@ sub dump_one
|
|||||||
scalar(@{$country->{pool_v6}}),
|
scalar(@{$country->{pool_v6}}),
|
||||||
$iso_code, $country->{name};
|
$iso_code, $country->{name};
|
||||||
|
|
||||||
|
if (wantLE) {
|
||||||
$file = "$target_dir/LE/".uc($iso_code).".iv6";
|
$file = "$target_dir/LE/".uc($iso_code).".iv6";
|
||||||
if (!open($fh_le, "> $file")) {
|
if (!open($fh_le, "> $file")) {
|
||||||
print STDERR "Error opening $file: $!\n";
|
print STDERR "Error opening $file: $!\n";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
foreach my $range (@{$country->{pool_v6}}) {
|
||||||
|
print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]);
|
||||||
|
}
|
||||||
|
close $fh_le;
|
||||||
|
}
|
||||||
|
if (wantBE) {
|
||||||
$file = "$target_dir/BE/".uc($iso_code).".iv6";
|
$file = "$target_dir/BE/".uc($iso_code).".iv6";
|
||||||
if (!open($fh_be, "> $file")) {
|
if (!open($fh_be, "> $file")) {
|
||||||
print STDERR "Error opening $file: $!\n";
|
print STDERR "Error opening $file: $!\n";
|
||||||
@@ -92,32 +121,37 @@ sub dump_one
|
|||||||
}
|
}
|
||||||
foreach my $range (@{$country->{pool_v6}}) {
|
foreach my $range (@{$country->{pool_v6}}) {
|
||||||
print $fh_be $range->[0], $range->[1];
|
print $fh_be $range->[0], $range->[1];
|
||||||
print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]);
|
|
||||||
}
|
}
|
||||||
close $fh_le;
|
|
||||||
close $fh_be;
|
close $fh_be;
|
||||||
|
}
|
||||||
|
|
||||||
printf "%5u IPv4 ranges for %s %s\n",
|
printf "%5u IPv4 ranges for %s %s\n",
|
||||||
scalar(@{$country->{pool_v4}}),
|
scalar(@{$country->{pool_v4}}),
|
||||||
$iso_code, $country->{name};
|
$iso_code, $country->{name};
|
||||||
|
|
||||||
|
if (wantLE) {
|
||||||
$file = "$target_dir/LE/".uc($iso_code).".iv4";
|
$file = "$target_dir/LE/".uc($iso_code).".iv4";
|
||||||
if (!open($fh_le, "> $file")) {
|
if (!open($fh_le, "> $file")) {
|
||||||
print STDERR "Error opening $file: $!\n";
|
print STDERR "Error opening $file: $!\n";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
foreach my $range (@{$country->{pool_v4}}) {
|
||||||
|
print $fh_le pack("VV", $range->[0], $range->[1]);
|
||||||
|
}
|
||||||
|
close $fh_le;
|
||||||
|
}
|
||||||
|
if (wantBE) {
|
||||||
$file = "$target_dir/BE/".uc($iso_code).".iv4";
|
$file = "$target_dir/BE/".uc($iso_code).".iv4";
|
||||||
if (!open($fh_be, "> $file")) {
|
if (!open($fh_be, "> $file")) {
|
||||||
print STDERR "Error opening $file: $!\n";
|
print STDERR "Error opening $file: $!\n";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
foreach my $range (@{$country->{pool_v4}}) {
|
foreach my $range (@{$country->{pool_v4}}) {
|
||||||
print $fh_le pack("VV", $range->[0], $range->[1]);
|
|
||||||
print $fh_be pack("NN", $range->[0], $range->[1]);
|
print $fh_be pack("NN", $range->[0], $range->[1]);
|
||||||
}
|
}
|
||||||
close $fh_le;
|
|
||||||
close $fh_be;
|
close $fh_be;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
sub ip6_pack
|
sub ip6_pack
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
.TH xtables-addons 8 "" "" "v2.13 (2017-06-27)"
|
.TH xtables-addons 8 "" "" "v2.14 (2017-11-22)"
|
||||||
.SH Name
|
.SH Name
|
||||||
Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
|
Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
|
||||||
.SH Targets
|
.SH Targets
|
||||||
|
|||||||
Reference in New Issue
Block a user