Xtables-addons 2.9

As well as writing absolute numeric values to the quota file, you
can now also write numbers preceded by a + sign or a - sign, e.g.

* "+30" would increase the quota by 30
* "+-20" would increase the quota by negative 20,
  which is the same as decrease by 20
* "-5" would decrease the quota by 5

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [2.7])
+AC_INIT([xtables-addons], [2.9])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
@@ -63,9 +63,9 @@ if test -n "$kbuilddir"; then
 		echo "WARNING: Version detection did not succeed. Continue at own luck.";
 	else
 		echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-		if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 1; then
+		if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 3; then
 			echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
-		elif test "$kmajor" -eq 4 -a "$kminor" -le 1; then
+		elif test "$kmajor" -eq 4 -a "$kminor" -le 3; then
 			:;
 		elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
 			:;

doc/changelog.txt

@@ -3,6 +3,19 @@ HEAD
 ====
 
 
+v2.9 (2015-10-12)
+=================
+Enhancements:
+- Support for Linux 4.3
+
+
+v2.8 (2015-08-19)
+=================
+Enhancements:
+- Support for Linux 4.2
+- Enable xt_ECHO for Linux 4.0+
+
+
 v2.7 (2015-07-06)
 =================
 Enhancements:

extensions/Kbuild

@@ -10,9 +10,7 @@ obj-${build_CHAOS}       += xt_CHAOS.o
 obj-${build_DELUDE}      += xt_DELUDE.o
 obj-${build_DHCPMAC}     += xt_DHCPMAC.o
 obj-${build_DNETMAP}     += xt_DNETMAP.o
-ifeq (${VERSION},3)
 obj-${build_ECHO}        += xt_ECHO.o
-endif
 obj-${build_IPMARK}      += xt_IPMARK.o
 obj-${build_LOGMARK}     += xt_LOGMARK.o
 obj-${build_SYSRQ}       += xt_SYSRQ.o

extensions/xt_DHCPMAC.c

@@ -34,9 +34,9 @@ static void ether_set(unsigned char *addr, const unsigned char *op,
 	unsigned int i;
 
 	for (i = 0; i < ETH_ALEN && mask > 0; ++i) {
-		lo_mask = mask % 8;
+		lo_mask = (mask >= 8) ? 8 : mask;
 		/* FF << 4 >> 4 = 0F */
-		lo_mask = ~(uint8_t)0U << lo_mask >> lo_mask;
+		lo_mask = (uint8_t)(~0U << lo_mask) >> lo_mask;
 		addr[i] &= lo_mask;
 		addr[i] |= op[i] & ~lo_mask;
 		if (mask >= 8)
@@ -55,9 +55,9 @@ static bool ether_cmp(const unsigned char *lh, const unsigned char *rh,
 #define ZMACHEX(s) s[0], s[1], s[2], s[3], s[4], s[5]
 
 	for (i = 0; i < ETH_ALEN && mask > 0; ++i) {
-		lo_mask = mask % 8;
+		lo_mask = (mask >= 8) ? 8 : mask;
 		/* ~(0xFF << 4 >> 4) = ~0x0F = 0xF0 */
-		lo_mask = ~(~(uint8_t)0U << lo_mask >> lo_mask);
+		lo_mask = ~((uint8_t)(~0U << lo_mask) >> lo_mask);
 		if ((lh[i] ^ rh[i]) & lo_mask)
 			return false;
 		if (mask >= 8)
@@ -110,13 +110,12 @@ dhcpmac_tg(struct sk_buff *skb, const struct xt_action_param *par)
 		return NF_DROP;
 
 	for (i = 0; i < sizeof(dh->chaddr); i += 2)
-		csum_replace2(&udph->check, *(const __be16 *)dh->chaddr, 0);
+		csum_replace2(&udph->check, *(const __be16 *)(dh->chaddr + i), 0);
 
-	memset(dh->chaddr, 0, sizeof(dh->chaddr));
 	ether_set(dh->chaddr, info->addr, info->mask);
 
 	for (i = 0; i < sizeof(dh->chaddr); i += 2)
-		csum_replace2(&udph->check, 0, *(const __be16 *)dh->chaddr);
+		csum_replace2(&udph->check, 0, *(const __be16 *)(dh->chaddr + i));
 
 	return XT_CONTINUE;
 }

extensions/xt_DNETMAP.c

@@ -26,6 +26,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 #include <linux/uidgid.h>
 #include <linux/version.h>

extensions/xt_condition.c

@@ -66,7 +66,8 @@ static int condition_proc_show(struct seq_file *m, void *data)
 {
 	const struct condition_variable *var = m->private;
 
-	return seq_printf(m, var->enabled ? "1\n" : "0\n");
+	seq_printf(m, var->enabled ? "1\n" : "0\n");
+	return 0;
 }
 
 static int condition_proc_open(struct inode *inode, struct file *file)

extensions/xt_quota2.c

@@ -67,9 +67,9 @@ static int quota_proc_show(struct seq_file *m, void *data)
 	int ret;
 
 	spin_lock_bh(&e->lock);
-	ret = seq_printf(m, "%llu\n", e->quota);
+	seq_printf(m, "%llu\n", e->quota);
 	spin_unlock_bh(&e->lock);
-	return ret;
+	return 0;
 }
 
 static int quota_proc_open(struct inode *inode, struct file *file)
@@ -82,7 +82,7 @@ quota_proc_write(struct file *file, const char __user *input,
                  size_t size, loff_t *loff)
 {
 	struct xt_quota_counter *e = PDE_DATA(file_inode(file));
-	char buf[sizeof("18446744073709551616")];
+	char buf[sizeof("+-18446744073709551616")];
 
 	if (size > sizeof(buf))
 		size = sizeof(buf);
@@ -92,9 +92,29 @@ quota_proc_write(struct file *file, const char __user *input,
 	if (size < sizeof(buf))
 		buf[size] = '\0';
 
-	spin_lock_bh(&e->lock);
+	if (*buf == '+') {
-	e->quota = simple_strtoull(buf, NULL, 0);
+		int64_t temp = simple_strtoll(buf + 1, NULL, 0);
-	spin_unlock_bh(&e->lock);
+		spin_lock_bh(&e->lock);
+		/* Do not let quota become negative if @tmp is very negative */
+		if (temp > 0 || -temp < e->quota)
+			e->quota += temp;
+		else
+			e->quota = 0;
+		spin_unlock_bh(&e->lock);
+	} else if (*buf == '-') {
+		int64_t temp = simple_strtoll(buf + 1, NULL, 0);
+		spin_lock_bh(&e->lock);
+		/* Do not let quota become negative if @tmp is very big */
+		if (temp < 0 || temp < e->quota)
+			e->quota -= temp;
+		else
+			e->quota = 0;
+		spin_unlock_bh(&e->lock);
+	} else {
+		spin_lock_bh(&e->lock);
+		e->quota = simple_strtoull(buf, NULL, 0);
+		spin_unlock_bh(&e->lock);
+	}
 	return size;
 }
 

xtables-addons.8.in

@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "Deep Fried" "" "v2.7 (2015-07-06)"
+.TH xtables-addons 8 "" "" "v2.9 (2015-10-12)"
 .SH Name
 Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
 .SH Targets