From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] iptables: Update to version 1.8.8
Date: Thu, 26 May 2022 12:12:05 +0000 [thread overview]
Message-ID: <d1ee86ca-c0cd-1b38-d382-d86db8627c04@ipfire.org> (raw)
In-Reply-To: <20220522214328.2766670-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 13877 bytes --]
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
> - Update from version 1.8.7 to 1.8.8
> - Update of rootfile
> - Changelog
> Version 1.8.8
> extensions: libxt_conntrack: use bitops for state negation
> extensions: libxt_conntrack: use bitops for status negation
> xtables: Call init_extensions6() for static builds
> xtables: Call init_extensions{,a,b}() for static builds
> iptables-nft: fix -Z option
> libxtables: exit if called by setuid executeable
> iptables-nft: allow removal of empty builtin chains
> extensions: tcpmss: add iptables-translate support
> nft-shared: set correct register value
> nft-shared: support native tcp port delinearize
> nft-shared: support native tcp port range delinearize
> nft-shared: support native udp port delinearize
> nft: prefer native expressions instead of udp match
> nft: prefer native expressions instead of tcp match
> nft-shared: add tcp flag dissection
> nft: add support for native tcp flag matching
> tests: shell: fix bashism
> nft: fix indentation error.
> tests: iptables-test: correct misspelt variable
> extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
> extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
> build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
> extensions: libxt_NFLOG: fix typo
> tests: iptables-test: rename variable
> tests: add `NOMATCH` test result
> tests: support explicit variant test result
> tests: NFLOG: enable `--nflog-range` tests
> xshared: Implement xtables lock timeout using signals
> extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
> extensions: libxt_NFLOG: don't truncate log prefix on print/save
> extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
> fix build for missing ETH_ALEN definition
> libxtables: extend xlate infrastructure
> tests: xlate-test: support multiline expectation
> extensions: libxt_connlimit: add translation
> extensions: libxt_tcp: rework translation to use flags match representation
> extensions: libxt_conntrack: simplify translation using negation
> extensions: libxt_multiport: add translation for -m multiport --ports
> nft-shared: update context register for bitwise expression
> nft: pass struct nft_xt_ctx to parse_meta()
> nft: native mark matching support
> nft: pass handle to helper functions to build netlink payload
> nft: prepare for dynamic register allocation
> nft: split gen_payload() to allocate register and initialize expression
> configure: bump version for 1.8.8 release
> ip6tables: masquerade: use fully-random so that nft can understand the rule
> ebtables: Exit gracefully on invalid table names
> include: Drop libipulog.h
> nft: Fix bitwise expression avoidance detection
> xtables-translate: Fix translation of odd netmasks
> libxtables: Simplify xtables_ipmask_to_cidr() a bit
> nft: cache: Sort chains on demand only
> nft: Increase BATCH_PAGE_SIZE to support huge rulesets
> extensions: sctp: Explain match types in man page
> Eliminate inet_aton() and inet_ntoa()
> nft-arp: Make use of ipv4_addr_to_string()
> extensions: SECMARK: Implement revision 1
> xtables: Make invflags 16bit wide
> xshared: Eliminate iptables_command_state->invert
> xshared: Merge invflags handling code
> ebtables-translate: Use shared ebt_get_current_chain() function
> Use proto_to_name() from xshared in more places
> extensions: sctp: Fix nftables translation
> extensions: sctp: Translate --chunk-types option
> libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
> extensions: libebt_ip6: Drop unused variables
> libxtables: Fix memleak in xtopt_parse_hostmask()
> nft: Avoid memleak in error path of nft_cmd_new()
> nft: Avoid buffer size warnings copying iface names
> iptables-apply: Drop unused variable
> extensions: libebt_ip6: Use xtables_ip6parse_any()
> libxtables: Introduce xtables_strdup() and use it everywhere
> extensions: libxt_string: Avoid buffer size warning for strncpy()
> doc: ebtables-nft.8: Adjust for missing atomic-options
> ebtables: Dump atomic waste
> nft: Fix for non-verbose check command
> tests/shell: Assert non-verbose mode is silent
> extensions: hashlimit: Fix tests with HZ=100
> iptables-test: Make netns spawning more robust
> extensions: libxt_mac: Fix for missing space in listing
> nft: Use xtables_malloc() in mnl_err_list_node_add()
> nft: Use xtables_{m,c}alloc() everywhere
> tests: iptables-test: Fix missing chain case
> tests: xlate-test: Don't skip any input after the first empty line
> tests: xlate-test: Print errors to stderr
> tests: iptables-test: Print errors to stderr
> tests: xlate-test: Exit non-zero on error
> tests: iptables-test: Exit non-zero on error
> tests: shell: Return non-zero on error
> ebtables: Avoid dropping policy when flushing
> tests: iptables-test: Fix conditional colors on stderr
> nft: cache: Avoid double free of unrecognized base-chains
> nft: Check base-chain compatibility when adding to cache
> nft-chain: Introduce base_slot field
> nft: Delete builtin chains compatibly
> nft: Introduce builtin_tables_lookup()
> xshared: Store optstring in xtables_globals
> nft-shared: Introduce init_cs family ops callback
> xtables: Simplify addr_mask freeing
> nft: Add family ops callbacks wrapping different nft_cmd_* functions
> xtables-standalone: Drop version number from init errors
> libxtables: Introduce xtables_globals print_help callback
> arptables: Use standard data structures when parsing
> nft-arp: Introduce post_parse callback
> nft-shared: Make nft_check_xt_legacy() family agnostic
> xtables: Derive xtables_globals from family
> xtables: arptables accepts empty interface names
> nft: Merge xtables-arp-standalone.c into xtables-standalone.c
> Unbreak xtables-translate
> xlate-test: Print full path if testing all files
> extensions: hashlimit: Fix tests with HZ=1000
> xshared: Merge and share parse_chain()
> nft: Change whitespace printing in save_rule callback
> xshared: Share print_iface() function
> xshared: Share save_rule_details() with legacy
> xshared: Share save_ipv{4,6}_addr() with legacy
> xshared: Share print_rule_details() with legacy
> xshared: Share print_fragment() with legacy
> xshared: Share print_header() with legacy iptables
> nft-shared: Drop unused function print_proto()
> xshared: Make load_proto() static
> xshared: Share print_match_save() between legacy ip*tables
> xshared: Share a common printhelp function
> xshared: Share exit_tryhelp()
> xtables_globals: Embed variant name in .program_version
> libxtables: Extend basic_exit_err()
> iptables-*-restore: Drop pointless line reference
> xtables: Drop xtables' family on demand feature
> xtables: Pull table validity check out of do_parse()
> xtables: Move struct nft_xt_cmd_parse to xshared.h
> xtables: Pass xtables_args to check_empty_interface()
> xtables: Pass xtables_args to check_inverse()
> xtables: Do not pass nft_handle to do_parse()
> xshared: Move do_parse to shared space
> xshared: Store parsed wait and wait_interval in xtables_args
> nft: Move proto_parse and post_parse callbacks to xshared
> iptables: Use xtables' do_parse() function
> ip6tables: Use the shared do_parse, too
> extensions: *NAT: Kill multiple IPv4 range support
> xshared: Fix response to unprivileged users
> nft: Use verbose flag to toggle debug output
> iptables-restore: Support for extra debug output
> nft: Set NFTNL_CHAIN_FAMILY in new chains
> ebtables: Support verbose mode
> nft: Add debug output to table creation
> nft: cache: Dump rules if debugging
> tests: iptables-test: Support variant deviation
> iptables.8: Describe the effect of multiple -v flags
> libxtables: Register only the highest revision extension
> Improve error messages for unsupported extensions
> nft: Simplify immediate parsing
> nft: Speed up immediate parsing
> xshared: Prefer xtables_chain_protos lookup over getprotoent
> nft: Don't pass command state opaque to family ops callbacks
> libxtables: Fix for warning in xtables_ipmask_to_numeric
> Simplify static build extension loading
> nft: Review static extension loading
> tests: shell: Fix 0004-return-codes_0 for static builds
> nft: Reject standard targets as chain names when restoring
> libxtables: Implement notargets hash table
> libxtables: Boost rule target checks by announcing chain names
> xlate-test: Fix for empty source line on failure
> man: DNAT: Describe shifted port range feature
> Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
> extensions: ipt_DNAT: Merge v1 and v2 parsers
> extensions: ipt_DNAT: Merge v1/v2 print/save code
> extensions: ipt_DNAT: Combine xlate functions also
> extensions: DNAT: Rename from libipt to libxt
> extensions: Merge IPv4 and IPv6 DNAT targets
> extensions: Merge REDIRECT into DNAT
> extensions: man: Document service name support in DNAT and REDIRECT
> extensions: MARK: Drop extra newline at end of help
> xshared: Move arp_opcodes into shared space
> xshared: Extend xtables_printhelp() for arptables
> libxtables: Drop xtables_globals 'optstring' field
> libxtables: Revert change to struct xtables_pprot
> extensions: DNAT: Merge core printing functions
> man: *NAT: Review --random* option descriptions
> extensions: LOG: Document --log-macdecode in man page
> nft: Fix EPERM handling for extensions without rev 0
> xtables-translate: add missing argument and option to usage
> Fix a few doc typos
> iptables-test.py: print with color escapes only when stdout isatty
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/common/iptables | 8 +++-----
> lfs/iptables | 4 ++--
> 2 files changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
> index b8bf748a5..ba1621324 100644
> --- a/config/rootfiles/common/iptables
> +++ b/config/rootfiles/common/iptables
> @@ -13,15 +13,13 @@ lib/libipq.so.0.0.0
> #lib/libxtables.la
> lib/libxtables.so
> lib/libxtables.so.12
> -lib/libxtables.so.12.4.0
> +lib/libxtables.so.12.6.0
> #lib/xtables
> -lib/xtables/libip6t_DNAT.so
> lib/xtables/libip6t_DNPT.so
> lib/xtables/libip6t_HL.so
> lib/xtables/libip6t_LOG.so
> lib/xtables/libip6t_MASQUERADE.so
> lib/xtables/libip6t_NETMAP.so
> -lib/xtables/libip6t_REDIRECT.so
> lib/xtables/libip6t_REJECT.so
> lib/xtables/libip6t_SNAT.so
> lib/xtables/libip6t_SNPT.so
> @@ -37,12 +35,10 @@ lib/xtables/libip6t_mh.so
> lib/xtables/libip6t_rt.so
> lib/xtables/libip6t_srh.so
> lib/xtables/libipt_CLUSTERIP.so
> -lib/xtables/libipt_DNAT.so
> lib/xtables/libipt_ECN.so
> lib/xtables/libipt_LOG.so
> lib/xtables/libipt_MASQUERADE.so
> lib/xtables/libipt_NETMAP.so
> -lib/xtables/libipt_REDIRECT.so
> lib/xtables/libipt_REJECT.so
> lib/xtables/libipt_SNAT.so
> lib/xtables/libipt_TTL.so
> @@ -57,6 +53,7 @@ lib/xtables/libxt_CLASSIFY.so
> lib/xtables/libxt_CONNMARK.so
> lib/xtables/libxt_CONNSECMARK.so
> lib/xtables/libxt_CT.so
> +lib/xtables/libxt_DNAT.so
> lib/xtables/libxt_DSCP.so
> lib/xtables/libxt_HMARK.so
> lib/xtables/libxt_IDLETIMER.so
> @@ -66,6 +63,7 @@ lib/xtables/libxt_NFLOG.so
> lib/xtables/libxt_NFQUEUE.so
> lib/xtables/libxt_NOTRACK.so
> lib/xtables/libxt_RATEEST.so
> +lib/xtables/libxt_REDIRECT.so
> lib/xtables/libxt_SECMARK.so
> lib/xtables/libxt_SET.so
> lib/xtables/libxt_SYNPROXY.so
> diff --git a/lfs/iptables b/lfs/iptables
> index c2f0d56c5..275559bfe 100644
> --- a/lfs/iptables
> +++ b/lfs/iptables
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 1.8.7
> +VER = 1.8.8
>
> THISAPP = iptables-$(VER)
> DL_FILE = $(THISAPP).tar.bz2
> @@ -41,7 +41,7 @@ objects = $(DL_FILE) \
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz
>
> -$(DL_FILE)_BLAKE2 = fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976
> +$(DL_FILE)_BLAKE2 = 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164
> netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc
>
> install : $(TARGET)
prev parent reply other threads:[~2022-05-26 12:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-22 21:43 Adolf Belka
2022-05-26 12:12 ` Peter Müller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d1ee86ca-c0cd-1b38-d382-d86db8627c04@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox