From 1757ec846419c76da4e104f9675b40e05ac3eee6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Fri, 22 Jul 2011 12:11:03 +0200
Subject: extensions: use multi-target registration

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_TCPMSS.c | 56 +++++++++++++++++++++++------------------------
 extensions/libxt_TEE.c    | 56 +++++++++++++++++++++++------------------------
 2 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index 2266326d..48ab0445 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -91,36 +91,36 @@ static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
 		printf(" --set-mss %u", mssinfo->mss);
 }
 
-static struct xtables_target tcpmss_target = {
-	.family		= NFPROTO_IPV4,
-	.name		= "TCPMSS",
-	.version	= XTABLES_VERSION,
-	.size		= XT_ALIGN(sizeof(struct xt_tcpmss_info)),
-	.userspacesize	= XT_ALIGN(sizeof(struct xt_tcpmss_info)),
-	.help		= TCPMSS_help,
-	.print		= TCPMSS_print,
-	.save		= TCPMSS_save,
-	.x6_parse	= TCPMSS_parse,
-	.x6_fcheck	= TCPMSS_check,
-	.x6_options	= TCPMSS4_opts,
-};
-
-static struct xtables_target tcpmss_target6 = {
-	.family		= NFPROTO_IPV6,
-	.name		= "TCPMSS",
-	.version	= XTABLES_VERSION,
-	.size		= XT_ALIGN(sizeof(struct xt_tcpmss_info)),
-	.userspacesize	= XT_ALIGN(sizeof(struct xt_tcpmss_info)),
-	.help		= TCPMSS_help6,
-	.print		= TCPMSS_print,
-	.save		= TCPMSS_save,
-	.x6_parse	= TCPMSS_parse,
-	.x6_fcheck	= TCPMSS_check,
-	.x6_options	= TCPMSS6_opts,
+static struct xtables_target tcpmss_tg_reg[] = {
+	{
+		.family        = NFPROTO_IPV4,
+		.name          = "TCPMSS",
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+		.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+		.help          = TCPMSS_help,
+		.print         = TCPMSS_print,
+		.save          = TCPMSS_save,
+		.x6_parse      = TCPMSS_parse,
+		.x6_fcheck     = TCPMSS_check,
+		.x6_options    = TCPMSS4_opts,
+	},
+	{
+		.family        = NFPROTO_IPV6,
+		.name          = "TCPMSS",
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+		.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+		.help          = TCPMSS_help6,
+		.print         = TCPMSS_print,
+		.save          = TCPMSS_save,
+		.x6_parse      = TCPMSS_parse,
+		.x6_fcheck     = TCPMSS_check,
+		.x6_options    = TCPMSS6_opts,
+	},
 };
 
 void _init(void)
 {
-	xtables_register_target(&tcpmss_target);
-	xtables_register_target(&tcpmss_target6);
+	xtables_register_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
 }
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index c89e5809..92c7601c 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -92,36 +92,36 @@ static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
 		printf(" --oif %s", info->oif);
 }
 
-static struct xtables_target tee_tg_reg = {
-	.name          = "TEE",
-	.version       = XTABLES_VERSION,
-	.revision      = 1,
-	.family        = NFPROTO_IPV4,
-	.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-	.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-	.help          = tee_tg_help,
-	.print         = tee_tg_print,
-	.save          = tee_tg_save,
-	.x6_parse      = xtables_option_parse,
-	.x6_options    = tee_tg_opts,
-};
-
-static struct xtables_target tee_tg6_reg = {
-	.name          = "TEE",
-	.version       = XTABLES_VERSION,
-	.revision      = 1,
-	.family        = NFPROTO_IPV6,
-	.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-	.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-	.help          = tee_tg_help,
-	.print         = tee_tg6_print,
-	.save          = tee_tg6_save,
-	.x6_parse      = xtables_option_parse,
-	.x6_options    = tee_tg_opts,
+static struct xtables_target tee_tg_reg[] = {
+	{
+		.name          = "TEE",
+		.version       = XTABLES_VERSION,
+		.revision      = 1,
+		.family        = NFPROTO_IPV4,
+		.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+		.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+		.help          = tee_tg_help,
+		.print         = tee_tg_print,
+		.save          = tee_tg_save,
+		.x6_parse      = xtables_option_parse,
+		.x6_options    = tee_tg_opts,
+	},
+	{
+		.name          = "TEE",
+		.version       = XTABLES_VERSION,
+		.revision      = 1,
+		.family        = NFPROTO_IPV6,
+		.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+		.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+		.help          = tee_tg_help,
+		.print         = tee_tg6_print,
+		.save          = tee_tg6_save,
+		.x6_parse      = xtables_option_parse,
+		.x6_options    = tee_tg_opts,
+	},
 };
 
 void _init(void)
 {
-	xtables_register_target(&tee_tg_reg);
-	xtables_register_target(&tee_tg6_reg);
+	xtables_register_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
 }
-- 
cgit v1.2.3


From 4d8656ad9d0afd04820f125a85a7b673c7e74fe6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Fri, 22 Jul 2011 12:25:43 +0200
Subject: libxt_TCPMSS: restore build with IPv6-less libcs

Commit v1.4.10-149-gea2a02f added an netinet/ip6.h include, which is
not available on systems without IPv6 header files.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 configure.ac              | 1 +
 extensions/GNUmakefile.in | 2 +-
 extensions/libxt_TCPMSS.c | 6 +++---
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 5cb1b1bb..6aa0b2a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -68,6 +68,7 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
 fi;
 
 AC_SUBST([blacklist_modules])
+AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
 
 AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"])
 AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"])
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index fbaf2eca..2b48d841 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -21,7 +21,7 @@ regular_CPPFLAGS := @regular_CPPFLAGS@
 kinclude_CPPFLAGS := @kinclude_CPPFLAGS@
 
 AM_CFLAGS      := ${regular_CFLAGS}
-AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS}
 AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
 
 ifeq (${V},)
diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index 48ab0445..4b71e44a 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -2,10 +2,10 @@
  *
  * Copyright (c) 2000 Marc Boucher
 */
+#include "config.h"
 #include <stdio.h>
 #include <xtables.h>
 #include <netinet/ip.h>
-#include <netinet/ip6.h>
 #include <linux/netfilter/xt_TCPMSS.h>
 
 enum {
@@ -34,7 +34,7 @@ static void TCPMSS_help(void)
 
 static void TCPMSS_help6(void)
 {
-	__TCPMSS_help(sizeof(struct ip6_hdr));
+	__TCPMSS_help(SIZEOF_STRUCT_IP6_HDR);
 }
 
 static const struct xt_option_entry TCPMSS4_opts[] = {
@@ -47,7 +47,7 @@ static const struct xt_option_entry TCPMSS4_opts[] = {
 
 static const struct xt_option_entry TCPMSS6_opts[] = {
 	{.name = "set-mss", .id = O_SET_MSS, .type = XTTYPE_UINT16,
-	 .min = 0, .max = UINT16_MAX - sizeof(struct ip6_hdr),
+	 .min = 0, .max = UINT16_MAX - SIZEOF_STRUCT_IP6_HDR,
 	 .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_tcpmss_info, mss)},
 	{.name = "clamp-mss-to-pmtu", .id = O_CLAMP_MSS, .type = XTTYPE_NONE},
 	XTOPT_TABLEEND,
-- 
cgit v1.2.3


From 67156c0b9a3d35f5e7836e5683d8ca0b46ac36ca Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 1 Aug 2011 20:08:42 +0200
Subject: libxt_string: define _GNU_SOURCE for strnlen

On RHEL-5.6 and clones with its gcc-4.1.2 and glibc-2.5:

libxt_string.c: In function "parse_string":
libxt_string.c:84: warning: implicit declaration of function "strnlen"

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_string.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index eef0b081..8cee3359 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -20,6 +20,7 @@
  *             updated to work with slightly modified
  *             ipt_string_info.
  */
+#define _GNU_SOURCE 1 /* strnlen for older glibcs */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-- 
cgit v1.2.3


From 41a9b481693b4c43c16d0588cc558dd455168af0 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 1 Aug 2011 20:14:57 +0200
Subject: build: workaround broken linux-headers on RHEL-5

maigc.h was not invented yet, but they do not
ship proc_fs.h either, duh.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 iptables/xtables.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 1a5e568c..233efa30 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -37,6 +37,8 @@
 #	include <linux/magic.h> /* for PROC_SUPER_MAGIC */
 #elif defined(HAVE_LINUX_PROC_FS_H)
 #	include <linux/proc_fs.h>	/* Linux 2.4 */
+#else
+#	define PROC_SUPER_MAGIC	0x9fa0
 #endif
 
 #include <xtables.h>
-- 
cgit v1.2.3


From 43896add0eb9c6bc94b7323e76f137d402e0f7fe Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 1 Aug 2011 20:22:04 +0200
Subject: build: strengthen check for overlong lladdr components

ethermac[i] > UINT8_MAX is quite pointless, because ethermac[i] is
just uint8_t. To catch values that are not in the range "00"-"ff", use
a string length check (end-arg>2). I am willingly using 2 there,
because no one is going to specify an Ethernet LL address as
"0x00:0x24:0xbe:0xc2:0x7f:0x16" -- because it is always interpreted as
hexadecimal anyway even without the 0x prefix.

xtoptions.c: In function "xtopt_parse_ethermac":
xtoptions.c:760:3: warning: comparison is always false due to limited range of data type
xtoptions.c:766:2: warning: comparison is always false due to limited range of data type

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 iptables/xtoptions.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/iptables/xtoptions.c b/iptables/xtoptions.c
index 1423724b..7095e3ea 100644
--- a/iptables/xtoptions.c
+++ b/iptables/xtoptions.c
@@ -757,13 +757,13 @@ static void xtopt_parse_ethermac(struct xt_option_call *cb)
 
 	for (i = 0; i < ARRAY_SIZE(cb->val.ethermac) - 1; ++i) {
 		cb->val.ethermac[i] = strtoul(arg, &end, 16);
-		if (cb->val.ethermac[i] > UINT8_MAX || *end != ':')
+		if (*end != ':' || end - arg > 2)
 			goto out;
 		arg = end + 1;
 	}
 	i = ARRAY_SIZE(cb->val.ethermac) - 1;
 	cb->val.ethermac[i] = strtoul(arg, &end, 16);
-	if (cb->val.ethermac[i] > UINT8_MAX || *end != '\0')
+	if (*end != '\0' || end - arg > 2)
 		goto out;
 	if (cb->entry->flags & XTOPT_PUT)
 		memcpy(XTOPT_MKPTR(cb), cb->val.ethermac,
-- 
cgit v1.2.3


From fa2ce1ca2a3448350dee30c153dafe65abe7135d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 1 Aug 2011 21:26:01 +0200
Subject: build: abort autogen on subcommand failure

Needed to stop an automated build process when automake requirements
are not fulfilled.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 autogen.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/autogen.sh b/autogen.sh
index 62a89e1b..a0c4395f 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -e
 
 autoreconf -fi;
 rm -Rf autom4te*.cache;
-- 
cgit v1.2.3


From 4982fe43cf247cda6ddb946a8f1fd58177124735 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 8 Aug 2011 02:38:41 +0200
Subject: libipq: add pkgconfig file

This is just to make sure that projects (still) using it do so with
the right cflags, e.g. for when the include file ends up in a
non-standard location due to ./configure having been called with
--include=/somewhere/else.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 configure.ac        |  3 ++-
 libipq/.gitignore   |  1 +
 libipq/Makefile.am  |  2 ++
 libipq/libipq.pc.in | 11 +++++++++++
 4 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 libipq/.gitignore
 create mode 100644 libipq/libipq.pc.in

diff --git a/configure.ac b/configure.ac
index 6aa0b2a7..ab824a4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,7 @@ AC_SUBST([libxtables_vmajor])
 
 AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
 	iptables/Makefile iptables/xtables.pc
-	libipq/Makefile libiptc/Makefile libiptc/libiptc.pc utils/Makefile
+	libipq/Makefile libipq/libipq.pc
+	libiptc/Makefile libiptc/libiptc.pc utils/Makefile
 	include/xtables.h include/iptables/internal.h])
 AC_OUTPUT
diff --git a/libipq/.gitignore b/libipq/.gitignore
new file mode 100644
index 00000000..6cb21a35
--- /dev/null
+++ b/libipq/.gitignore
@@ -0,0 +1 @@
+/libipq.pc
diff --git a/libipq/Makefile.am b/libipq/Makefile.am
index 93e5b1c8..9e3a2ca6 100644
--- a/libipq/Makefile.am
+++ b/libipq/Makefile.am
@@ -9,3 +9,5 @@ man_MANS         = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \
                    ipq_get_msgerr.3 ipq_get_packet.3 ipq_message_type.3 \
                    ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \
                    libipq.3
+
+pkgconfig_DATA = libipq.pc
diff --git a/libipq/libipq.pc.in b/libipq/libipq.pc.in
new file mode 100644
index 00000000..ea31ec73
--- /dev/null
+++ b/libipq/libipq.pc.in
@@ -0,0 +1,11 @@
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name:		libipq
+Description:	Interface to the (old) ip_queue mechanism
+Version:	@PACKAGE_VERSION@
+Libs:		-L${libdir} -lipq
+Cflags:		-I${includedir}
-- 
cgit v1.2.3