Jeremy Sowden [Sun, 11 Aug 2019 13:09:26 +0000 (14:09 +0100)]
xt_DHCPMAC: replace skb_make_writable with skb_ensure_writable
skb_make_writable was removed from the kernel in
v5.3-rc1~140^2~370^2~1 , and its callers were converted to use
skb_ensure_writable. Updated dhcpmac_tg() accordingly.
Use of uninitialized value $dir in concatenation (.) or string at
/usr/lib/xtables-addons/xt_geoip_build line 59.
Couldn't open list country names
Do not rely on any directory names (they change). Use the current
directory as the default source directory, similar to the older
xt_geoip_build (well, *.csv was passed as arguments).
geoip: add database query tool for use with ipsets
Add a tool for retrieiving the IPv4 or IPv6 (or both!) CIDR ranges
for a given country, which can then be injected into an ipset if
one doesn't want to use (or have available) the xt_geoip extension.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Requires Net::CIDR::Lite for manipulating CIDR blocks, aggregation, etc.
since database is stored as subnet/mask pairs and may require compaction
into ranges (which can combine adjacent subnets).
We don't use Net::CIDR because it's a clunkier interface.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Make both instances of the same message (about invalid country codes)
be consistent with each other. If you have scripts which capture and
collate error messages, then having consistent strings to match against
is a win.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jan Engelhardt [Sun, 23 Jul 2017 17:56:30 +0000 (19:56 +0200)]
ipp2p: fix PVSStudio reports
V666 Consider inspecting fourth argument of the function 'HX_memmem'.
It is possible that the value does not correspond with the length of
a string which was passed with the third argument.
Jan Engelhardt [Thu, 15 Jun 2017 10:15:48 +0000 (12:15 +0200)]
xt_DNETMAP: fix a buffer overflow
prefix_str was only 16 bytes, but the largest emitted string could be
"255.255.255.255/32" (19 bytes).
xt_DNETMAP.c: In function "dnetmap_tg_check":
compat_xtables.h:46:22: warning: "%u" directive writing between 1 and 10
bytes into a region of size between 0 and 8 [-Wformat-overflow=]
# define NIPQUAD_FMT "%u.%u.%u.%u"
xt_DNETMAP.c:296:2: note: "sprintf" output between 10 and 27 bytes into
a destination of size 16
sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip),
33 - ffs(~(ip_min ^ ip_max)));
Ralph Sennhauser [Sun, 14 May 2017 16:16:11 +0000 (18:16 +0200)]
build: support for Linux 4.12
As a result of commit cc41c84b7e7f ("netfilter: kill the fake untracked
conntrack objects") the helper nf_ct_is_untracked always returns false
and commit ab8bc7ed864b ("netfilter: remove nf_ct_is_untracked") removes
it all together.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Jan Engelhardt [Thu, 13 Apr 2017 09:37:44 +0000 (11:37 +0200)]
xt_psd: resolve compiler warning
xt_psd.c:53:0: warning: "HASH_SIZE" redefined
#define HASH_SIZE (1 << HASH_LOG)
linux-4.10.10/include/linux/hashtable.h:26:0:
note: this is the location of the previous definition
#define HASH_SIZE(name) (ARRAY_SIZE(name))
Ralph Sennhauser [Mon, 26 Dec 2016 15:14:02 +0000 (16:14 +0100)]
build: support for Linux 4.10
Commit 613dbd95723aee7abd16860745691b6c7bda20dc (netfilter:
x_tables: move hook state into xt_action_param structure) changes the
struct xt_action_param, accommodate for it.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Andreas Schultz [Tue, 8 Dec 2015 17:41:33 +0000 (18:41 +0100)]
xt_ACCOUNT: make it namespace aware
xt_ACCOUNTing objects create in one network namespace could be
read from all namespaces. Also object with the same name in
different namespaces would collide.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
build: fix configure compatiblity with POSIX shells
The kernel version detection code uses some bashisms, which makes the
build fail on Debian systems where /bin/sh links to dash. Replace with
POSIX-conforming commands at the cost of requiring awk.
projects / thirdparty / xtables-addons.git / log
