diff --git a/0001-add-RARP-and-update-iana-url.patch b/0001-add-RARP-and-update-iana-url.patch deleted file mode 100644 index 1528413..0000000 --- a/0001-add-RARP-and-update-iana-url.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 908d41de58d46262e719fff778950a6f893a02f8 Mon Sep 17 00:00:00 2001 -From: Bart De Schuymer -Date: Tue, 3 Jul 2012 18:47:32 +0000 -Subject: [PATCH 01/16] add RARP and update iana url - ---- - userspace/ebtables2/ethertypes | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -index 5e700f663987..813177b74588 100644 ---- a/ethertypes -+++ b/ethertypes -@@ -5,6 +5,7 @@ - # - # This list could be found on: - # http://www.iana.org/assignments/ethernet-numbers -+# http://www.iana.org/assignments/ieee-802-numbers - # - # ... #Comment - # -@@ -21,15 +22,16 @@ LAT 6004 # DEC LAT - DIAG 6005 # DEC Diagnostics - CUST 6006 # DEC Customer use - SCA 6007 # DEC Systems Comms Arch --TEB 6558 # Trans Ether Bridging [RFC1701] --RAW_FR 6559 # Raw Frame Relay [RFC1701] -+TEB 6558 # Trans Ether Bridging [RFC1701] -+RAW_FR 6559 # Raw Frame Relay [RFC1701] -+RARP 8035 # Reverse ARP [RFC903] - AARP 80F3 # Appletalk AARP --ATALK 809B # Appletalk -+ATALK 809B # Appletalk - 802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged frame - IPX 8137 # Novell IPX - NetBEUI 8191 # NetBEUI - IPv6 86DD ip6 # IP version 6 --PPP 880B # PPP -+PPP 880B # PPP - ATMMPOA 884C # MultiProtocol over ATM - PPP_DISC 8863 # PPPoE discovery messages - PPP_SES 8864 # PPPoE session messages --- -1.8.5.3 - diff --git a/ebtables-2.0.0-audit.patch b/ebtables-2.0.0-audit.patch deleted file mode 100644 index c1d85e9..0000000 --- a/ebtables-2.0.0-audit.patch +++ /dev/null @@ -1,157 +0,0 @@ ---- ebtables2.orig/extensions/ebt_AUDIT.c 1970-01-01 01:00:00.000000000 +0100 -+++ ebtables2.orig/extensions/ebt_AUDIT.c 2011-01-07 10:53:46.680329228 +0100 -@@ -0,0 +1,110 @@ -+ -+#include -+#include -+#include -+#include -+#include "../include/ebtables_u.h" -+#include -+ -+#define AUDIT_TYPE '1' -+static struct option opts[] = -+{ -+ { "audit-type" , required_argument, 0, AUDIT_TYPE }, -+ { 0 } -+}; -+ -+static void print_help() -+{ -+ printf( -+ "AUDIT target options:\n" -+ " --audit-type TYPE : Set action type to record.\n"); -+} -+ -+static void init(struct ebt_entry_target *target) -+{ -+ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data; -+ -+ info->type = 0; -+} -+ -+static int parse(int c, char **argv, int argc, -+ const struct ebt_u_entry *entry, unsigned int *flags, -+ struct ebt_entry_target **target) -+{ -+ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data; -+ -+ switch (c) { -+ case AUDIT_TYPE: -+ ebt_check_option2(flags, AUDIT_TYPE); -+ -+ if (!strcasecmp(optarg, "accept")) -+ info->type = XT_AUDIT_TYPE_ACCEPT; -+ else if (!strcasecmp(optarg, "drop")) -+ info->type = XT_AUDIT_TYPE_DROP; -+ else if (!strcasecmp(optarg, "reject")) -+ info->type = XT_AUDIT_TYPE_REJECT; -+ else -+ ebt_print_error2("Bad action type value `%s'", optarg); -+ -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+static void final_check(const struct ebt_u_entry *entry, -+ const struct ebt_entry_match *match, const char *name, -+ unsigned int hookmask, unsigned int time) -+{ -+} -+ -+static void print(const struct ebt_u_entry *entry, -+ const struct ebt_entry_target *target) -+{ -+ const struct xt_AUDIT_info *info = -+ (const struct xt_AUDIT_info *) target->data; -+ -+ printf("--audit-type "); -+ -+ switch(info->type) { -+ case XT_AUDIT_TYPE_ACCEPT: -+ printf("accept"); -+ break; -+ case XT_AUDIT_TYPE_DROP: -+ printf("drop"); -+ break; -+ case XT_AUDIT_TYPE_REJECT: -+ printf("reject"); -+ break; -+ } -+} -+ -+static int compare(const struct ebt_entry_target *t1, -+ const struct ebt_entry_target *t2) -+{ -+ const struct xt_AUDIT_info *info1 = -+ (const struct xt_AUDIT_info *) t1->data; -+ const struct xt_AUDIT_info *info2 = -+ (const struct xt_AUDIT_info *) t2->data; -+ -+ return info1->type == info2->type; -+} -+ -+static struct ebt_u_target AUDIT_target = -+{ -+ .name = "AUDIT", -+ .size = sizeof(struct xt_AUDIT_info), -+ .help = print_help, -+ .init = init, -+ .parse = parse, -+ .final_check = final_check, -+ .print = print, -+ .compare = compare, -+ .extra_ops = opts, -+}; -+ -+void _init(void) -+{ -+ ebt_register_target(&AUDIT_target); -+} ---- ebtables2.orig/extensions/Makefile 2011-01-07 10:55:28.077246240 +0100 -+++ ebtables2.orig/extensions/Makefile 2011-01-07 10:53:46.686329230 +0100 -@@ -1,7 +1,7 @@ - #! /usr/bin/make - - EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \ -- pkttype stp among limit ulog nflog -+ pkttype stp among limit ulog nflog AUDIT - EXT_TABLES+=filter nat broute - EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o) - EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o) ---- a/include/linux/netfilter/xt_AUDIT.h -+++ a/include/linux/netfilter/xt_AUDIT.h -@@ -0,0 +1,30 @@ -+/* -+ * Header file for iptables xt_AUDIT target -+ * -+ * (C) 2010-2011 Thomas Graf -+ * (C) 2010-2011 Red Hat, Inc. -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2 as -+ * published by the Free Software Foundation. -+ */ -+ -+#ifndef _XT_AUDIT_TARGET_H -+#define _XT_AUDIT_TARGET_H -+ -+#include -+ -+enum { -+ XT_AUDIT_TYPE_ACCEPT = 0, -+ XT_AUDIT_TYPE_DROP, -+ XT_AUDIT_TYPE_REJECT, -+ __XT_AUDIT_TYPE_MAX, -+}; -+ -+#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1) -+ -+struct xt_AUDIT_info { -+ __u8 type; /* XT_AUDIT_TYPE_* */ -+}; -+ -+#endif /* _XT_AUDIT_TARGET_H */ diff --git a/ebtables-2.0.10-linkfix.patch b/ebtables-2.0.10-linkfix.patch deleted file mode 100644 index b140d72..0000000 --- a/ebtables-2.0.10-linkfix.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up ebtables-v2.0.10-4/extensions/Makefile.linkfix ebtables-v2.0.10-4/extensions/Makefile ---- ebtables-v2.0.10-4/extensions/Makefile.linkfix 2011-12-15 15:02:47.000000000 -0500 -+++ ebtables-v2.0.10-4/extensions/Makefile 2012-04-05 15:52:09.563511746 -0400 -@@ -9,9 +9,10 @@ EXT_LIBS+=$(foreach T,$(EXT_FUNC), exten - EXT_LIBS+=$(foreach T,$(EXT_TABLES), extensions/libebtable_$(T).so) - EXT_LIBSI+=$(foreach T,$(EXT_FUNC), -lebt_$(T)) - EXT_LIBSI+=$(foreach T,$(EXT_TABLES), -lebtable_$(T)) -+EXT_LDFLAGS+=-L. -lebtc - --extensions/ebt_%.so: extensions/ebt_%.o -- $(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles -+extensions/ebt_%.so: extensions/ebt_%.o libebtc.so -+ $(CC) $(LDFLAGS) $(EXT_LDFLAGS) -shared -o $@ -lc $< -nostartfiles - - extensions/libebt_%.so: extensions/ebt_%.so - mv $< $@ diff --git a/ebtables-2.0.10-lockdirfix.patch b/ebtables-2.0.10-lockdirfix.patch deleted file mode 100644 index 9fadf08..0000000 --- a/ebtables-2.0.10-lockdirfix.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -up ebtables-v2.0.10-4/ebtables.8.lockdirfix ebtables-v2.0.10-4/ebtables.8 ---- ebtables-v2.0.10-4/ebtables.8.lockdirfix 2016-01-18 11:13:21.707069702 -0500 -+++ ebtables-v2.0.10-4/ebtables.8 2016-01-18 11:13:40.554953365 -0500 -@@ -1103,7 +1103,7 @@ arp message and the hardware address len - .br - .SH FILES - .I /etc/ethertypes --.I /var/lib/ebtables/lock -+.I /run/ebtables.lock - .SH ENVIRONMENT VARIABLES - .I EBTABLES_ATOMIC_FILE - .SH MAILINGLISTS -diff -up ebtables-v2.0.10-4/INSTALL.lockdirfix ebtables-v2.0.10-4/INSTALL ---- ebtables-v2.0.10-4/INSTALL.lockdirfix 2016-01-18 11:15:31.458268826 -0500 -+++ ebtables-v2.0.10-4/INSTALL 2016-01-18 11:15:53.890130367 -0500 -@@ -31,7 +31,7 @@ WHAT GETS INSTALLED AND WHAT OPTIONS ARE - copied to /etc/rc.d/init.d (change with option INITDIR) - - The ebtables configuration file (ebtables-config) is copied to /etc/sysconfig - - ebtables can use a lock file to enable concurrent execution of the ebtables -- tool. The standard location of the lock file is /var/lib/ebtables/lock. -+ tool. The standard location of the lock file is /run/ebtables.lock. - Include LOCKFILE=<> if you want to use another file. - - That's all -diff -up ebtables-v2.0.10-4/libebtc.c.lockdirfix ebtables-v2.0.10-4/libebtc.c ---- ebtables-v2.0.10-4/libebtc.c.lockdirfix 2016-01-18 11:12:14.347485472 -0500 -+++ ebtables-v2.0.10-4/libebtc.c 2016-01-18 11:13:06.515163472 -0500 -@@ -134,8 +134,8 @@ void ebt_list_extensions() - } - - #ifndef LOCKFILE --#define LOCKDIR "/var/lib/ebtables" --#define LOCKFILE LOCKDIR"/lock" -+#define LOCKDIR "/run" -+#define LOCKFILE LOCKDIR"/ebtables.lock" - #endif - static int lockfd = -1, locked; - int use_lockfd; -diff -up ebtables-v2.0.10-4/Makefile.lockdirfix ebtables-v2.0.10-4/Makefile ---- ebtables-v2.0.10-4/Makefile.lockdirfix 2016-01-18 11:14:10.715767201 -0500 -+++ ebtables-v2.0.10-4/Makefile 2016-01-18 11:15:20.506336425 -0500 -@@ -5,7 +5,7 @@ PROGRELEASE:=4 - PROGVERSION_:=2.0.10 - PROGVERSION:=$(PROGVERSION_)-$(PROGRELEASE) - PROGDATE:=December\ 2011 --LOCKFILE?=/var/lib/ebtables/lock -+LOCKFILE?=/run/ebtables.lock - LOCKDIR:=$(shell echo $(LOCKFILE) | sed 's/\(.*\)\/.*/\1/')/ - - # default paths diff --git a/ebtables-2.0.10-noflush.patch b/ebtables-2.0.10-noflush.patch deleted file mode 100644 index 42d5611..0000000 --- a/ebtables-2.0.10-noflush.patch +++ /dev/null @@ -1,69 +0,0 @@ -commit 3a25ae2361da048f24524d8e63d70f4cd40444f3 -Author: Sanket Shah -Date: Wed Jul 31 21:40:08 2013 +0200 - - Add --noflush command line support for ebtables-restore - -diff --git a/ebtables-restore.c b/ebtables-restore.c -index ea02960..bb4d0cf 100644 ---- a/ebtables-restore.c -+++ b/ebtables-restore.c -@@ -22,13 +22,25 @@ - #include - #include - #include -+#include - #include "include/ebtables_u.h" - -+static const struct option options[] = { -+ {.name = "noflush", .has_arg = 0, .val = 'n'}, -+ { 0 } -+}; -+ - static struct ebt_u_replace replace[3]; - void ebt_early_init_once(); - - #define OPT_KERNELDATA 0x800 /* Also defined in ebtables.c */ - -+static void print_usage() -+{ -+ fprintf(stderr, "Usage: ebtables-restore [ --noflush ]\n"); -+ exit(1); -+} -+ - static void copy_table_names() - { - strcpy(replace[0].name, "filter"); -@@ -41,11 +53,20 @@ static void copy_table_names() - int main(int argc_, char *argv_[]) - { - char *argv[EBTD_ARGC_MAX], cmdline[EBTD_CMDLINE_MAXLN]; -- int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace; -+ int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace, c, flush = 1; - char ebtables_str[] = "ebtables"; - -- if (argc_ != 1) -- ebtrest_print_error("options are not supported"); -+ while ((c = getopt_long(argc_, argv_, "n", options, NULL)) != -1) { -+ switch(c) { -+ case 'n': -+ flush = 0; -+ break; -+ default: -+ print_usage(); -+ break; -+ } -+ } -+ - ebt_silent = 0; - copy_table_names(); - ebt_early_init_once(); -@@ -68,7 +89,7 @@ int main(int argc_, char *argv_[]) - ebtrest_print_error("table '%s' was not recognized", cmdline+1); - table_nr = i; - replace[table_nr].command = 11; -- ebt_get_kernel_table(&replace[table_nr], 1); -+ ebt_get_kernel_table(&replace[table_nr], flush); - replace[table_nr].command = 0; - replace[table_nr].flags = OPT_KERNELDATA; /* Prevent do_command from initialising replace */ - continue; diff --git a/ebtables-2.0.10-norootinst.patch b/ebtables-2.0.10-norootinst.patch deleted file mode 100644 index 0017720..0000000 --- a/ebtables-2.0.10-norootinst.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff -up ebtables-v2.0.10-1/Makefile.orig ebtables-v2.0.10-1/Makefile ---- ebtables-v2.0.10-1/Makefile.orig 2011-07-10 05:28:52.000000000 -0400 -+++ ebtables-v2.0.10-1/Makefile 2011-07-11 10:45:00.323426448 -0400 -@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ - scripts: ebtables-save ebtables.sysv ebtables-config - cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ - mkdir -p $(DESTDIR)$(BINDIR) -- install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save -+ install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save - cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_ - if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi -- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi -+ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi - cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_ - if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi -- if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi -+ if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi - rm -f ebtables-save_ ebtables.sysv_ ebtables-config_ - - tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g') - $(MANDIR)/man8/ebtables.8: ebtables.8 - mkdir -p $(DESTDIR)$(@D) - sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_ -- install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@ -+ install -m 0644 ebtables.8_ $(DESTDIR)$@ - rm -f ebtables.8_ - - $(DESTDIR)$(ETHERTYPESFILE): ethertypes - mkdir -p $(@D) -- install -m 0644 -o root -g root $< $@ -+ install -m 0644 $< $@ - - .PHONY: exec - exec: ebtables ebtables-restore - mkdir -p $(DESTDIR)$(BINDIR) -- install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) -- install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore -+ install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) -+ install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore - - .PHONY: install - install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts -@@ -205,18 +205,18 @@ release: - rm -f extensions/ebt_inat.c - rm -rf $(CVSDIRS) - mkdir -p include/linux/netfilter_bridge -- install -m 0644 -o root -g root \ -+ install -m 0644 \ - $(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/ - # To keep possible compile error complaints about undefined ETH_P_8021Q - # off my back -- install -m 0644 -o root -g root \ -+ install -m 0644 \ - $(KERNEL_INCLUDES)/linux/if_ether.h include/linux/ -- install -m 0644 -o root -g root \ -+ install -m 0644 \ - $(KERNEL_INCLUDES)/linux/types.h include/linux/ -- install -m 0644 -o root -g root \ -+ install -m 0644 \ - $(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \ - include/linux/netfilter_bridge/ -- install -m 0644 -o root -g root \ -+ install -m 0644 \ - include/ebtables.h include/linux/netfilter_bridge/ - make clean - touch * diff --git a/ebtables-2.0.11.tar.gz b/ebtables-2.0.11.tar.gz new file mode 100644 index 0000000..750526c Binary files /dev/null and b/ebtables-2.0.11.tar.gz differ diff --git a/ebtables-2.0.9-lsb.patch b/ebtables-2.0.9-lsb.patch deleted file mode 100644 index 721deea..0000000 --- a/ebtables-2.0.9-lsb.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff -up ebtables-v2.0.9-1/ebtables.sysv.lsb ebtables-v2.0.9-1/ebtables.sysv ---- ebtables-v2.0.9-1/ebtables.sysv.lsb 2010-01-15 11:39:31.000000000 +0100 -+++ ebtables-v2.0.9-1/ebtables.sysv 2010-01-15 12:52:24.000000000 +0100 -@@ -18,9 +18,9 @@ source /etc/sysconfig/network - # Check that networking is up. - [ ${NETWORKING} = "no" ] && exit 0 - --[ -x __EXEC_PATH__/ebtables ] || exit 1 --[ -x __EXEC_PATH__/ebtables-save ] || exit 1 --[ -x __EXEC_PATH__/ebtables-restore ] || exit 1 -+[ -x __EXEC_PATH__/ebtables ] || exit 5 -+[ -x __EXEC_PATH__/ebtables-save ] || exit 5 -+[ -x __EXEC_PATH__/ebtables-restore ] || exit 5 - - RETVAL=0 - prog="ebtables" -@@ -39,6 +39,7 @@ config=__SYSCONFIG__/$prog-config - [ -f "$config" ] && . "$config" - - start() { -+ [ "$EUID" != "0" ] && exit 4 - echo -n $"Starting $desc ($prog): " - if [ "$EBTABLES_BINARY_FORMAT" = "yes" ]; then - for table in $(ls __SYSCONFIG__/ebtables.* 2>/dev/null | sed -e 's/.*ebtables\.//' -e '/save/d' ); do -@@ -50,7 +51,7 @@ start() { - - if [ $RETVAL -eq 0 ]; then - success "$prog startup" -- rm -f /var/lock/subsys/$prog -+ touch "/var/lock/subsys/$prog" - else - failure "$prog startup" - fi -@@ -58,6 +59,7 @@ start() { - } - - stop() { -+ [ "$EUID" != "0" ] && exit 4 - echo -n $"Stopping $desc ($prog): " - for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do - __EXEC_PATH__/ebtables -t $table --init-table || RETVAL=1 -@@ -71,7 +73,7 @@ stop() { - - if [ $RETVAL -eq 0 ]; then - success "$prog shutdown" -- rm -f /var/lock/subsys/$prog -+ rm -f "/var/lock/subsys/$prog" - else - failure "$prog shutdown" - fi -@@ -79,11 +81,13 @@ stop() { - } - - restart() { -+ [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save - stop - start - } - - save() { -+ [ "$EUID" != "0" ] && exit 4 - echo -n $"Saving $desc ($prog): " - if [ "$EBTABLES_TEXT_FORMAT" = "yes" ]; then - if [ -e __SYSCONFIG__/ebtables ]; then -@@ -116,30 +120,34 @@ save() { - - case "$1" in - start) -+ [ -f "/var/lock/subsys/$prog" ] && exit 0 - start - ;; - stop) - [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save - stop - ;; -- restart|reload) -- [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save -+ restart|force-reload) - restart - ;; -- condrestart) -- [ -e /var/lock/subsys/$prog ] && restart -- RETVAL=$? -+ reload) -+ [ ! -f "/var/lock/subsys/$prog" ] && exit 7 -+ restart -+ ;; -+ condrestart|try-restart) -+ [ ! -e "/var/lock/subsys/$prog" ] && exit 0 -+ restart - ;; - save) - save - ;; - status) -+ [ -f "/var/lock/subsys/$prog" ] && RETVAL=0 || RETVAL=3 - __EXEC_PATH__/ebtables-save -- RETVAL=$? - ;; - *) - echo $"Usage $0 {start|stop|restart|condrestart|save|status}" -- RETVAL=1 -+ RETVAL=2 - esac - - exit $RETVAL diff --git a/ebtables-config b/ebtables-config new file mode 100644 index 0000000..69d9289 --- /dev/null +++ b/ebtables-config @@ -0,0 +1,11 @@ +# Save current firewall rules on stop. +# Value: yes|no, default: no +# Saves all firewall rules if firewall gets stopped +# (e.g. on system shutdown). +EBTABLES_SAVE_ON_STOP="no" + +# Save (and restore) rule counters. +# Value: yes|no, default: no +# Save rule counters when saving a kernel table to a file. If the +# rule counters were saved, they will be restored when restoring the table. +EBTABLES_SAVE_COUNTER="no" diff --git a/ebtables-use-flock-for-concurrent-option.patch b/ebtables-use-flock-for-concurrent-option.patch deleted file mode 100644 index f639645..0000000 --- a/ebtables-use-flock-for-concurrent-option.patch +++ /dev/null @@ -1,113 +0,0 @@ -Subject: [ebtables PATCH] Use flock() for --concurrent option -From: https://patchwork.ozlabs.org/ - -The previous locking mechanism was not atomic, hence it was possible -that a killed ebtables process would leave the lock file in place which -in turn made future ebtables processes wait indefinitely for the lock to -become free. - -Fix this by using flock(). This also simplifies code quite a bit because -there is no need for a custom signal handler or an __exit routine -anymore. - -Signed-off-by: Phil Sutter - -diff -Nur ebtables-v2.0.10-4_orig/ebtables.c ebtables-v2.0.10-4/ebtables.c ---- ebtables-v2.0.10-4_orig/ebtables.c 2019-09-24 15:24:49.560000000 +0800 -+++ ebtables-v2.0.10-4/ebtables.c 2019-09-24 15:28:35.324000000 +0800 -@@ -528,12 +528,6 @@ - ebt_iterate_targets(merge_target); - } - --/* signal handler, installed when the option --concurrent is specified. */ --static void sighandler(int signum) --{ -- exit(-1); --} -- - /* We use exec_style instead of #ifdef's because ebtables.so is a shared object. */ - int do_command(int argc, char *argv[], int exec_style, - struct ebt_u_replace *replace_) -@@ -1047,8 +1041,6 @@ - strcpy(replace->filename, optarg); - break; - case 13 : /* concurrent */ -- signal(SIGINT, sighandler); -- signal(SIGTERM, sighandler); - use_lockfd = 1; - break; - case 1 : -diff -Nur ebtables-v2.0.10-4_orig/libebtc.c ebtables-v2.0.10-4/libebtc.c ---- ebtables-v2.0.10-4_orig/libebtc.c 2019-09-24 15:24:49.564000000 +0800 -+++ ebtables-v2.0.10-4/libebtc.c 2019-09-24 15:34:02.592000000 +0800 -@@ -31,6 +31,7 @@ - #include "include/ethernetdb.h" - #include - #include -+#include - #include - #include - #include -@@ -137,58 +138,17 @@ - #define LOCKDIR "/run" - #define LOCKFILE LOCKDIR"/ebtables.lock" - #endif --static int lockfd = -1, locked; - int use_lockfd; - /* Returns 0 on success, -1 when the file is locked by another process - * or -2 on any other error. */ - static int lock_file() - { -- int try = 0; -- int ret = 0; -- sigset_t sigset; -- --tryagain: -- /* the SIGINT handler will call unlock_file. To make sure the state -- * of the variable locked is correct, we need to temporarily mask the -- * SIGINT interrupt. */ -- sigemptyset(&sigset); -- sigaddset(&sigset, SIGINT); -- sigprocmask(SIG_BLOCK, &sigset, NULL); -- lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600); -- if (lockfd < 0) { -- if (errno == EEXIST) -- ret = -1; -- else if (try == 1) -- ret = -2; -- else { -- if (mkdir(LOCKDIR, 00700)) -- ret = -2; -- else { -- try = 1; -- goto tryagain; -- } -- } -- } else { -- close(lockfd); -- locked = 1; -- } -- sigprocmask(SIG_UNBLOCK, &sigset, NULL); -- return ret; -+int fd = open(LOCKFILE, O_CREAT, 00600); -+ if (fd < 0) -+ return -2; -+ return flock(fd, LOCK_EX); - } - --void unlock_file() --{ -- if (locked) { -- remove(LOCKFILE); -- locked = 0; -- } --} -- --void __attribute__ ((destructor)) onexit() --{ -- if (use_lockfd) -- unlock_file(); --} - /* Get the table from the kernel or from a binary file - * init: 1 = ask the kernel for the initial contents of a table, i.e. the - * way it looks when the table is insmod'ed diff --git a/ebtables-v2.0.10-4.tar.gz b/ebtables-v2.0.10-4.tar.gz deleted file mode 100644 index eb99875..0000000 Binary files a/ebtables-v2.0.10-4.tar.gz and /dev/null differ diff --git a/ebtables.spec b/ebtables.spec index 16c90d8..8715a41 100644 --- a/ebtables.spec +++ b/ebtables.spec @@ -1,28 +1,17 @@ -%global ebminor 4 Name: ebtables -Version: 2.0.10 -Release: 32 +Version: 2.0.11 +Release: 1 Summary: A filtering tool for a Linux-based bridging firewall License: GPLv2+ URL: http://ebtables.sourceforge.net/ -Source0: http://downloads.sourceforge.net/ebtables/ebtables-v%{version}-%{ebminor}.tar.gz -Source1: ebtables-save +Source0: http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz Source2: ebtables.systemd Source3: ebtables.service +Source4: ebtables-config -#patches from fedora/redhat repository -Patch0001: ebtables-2.0.10-norootinst.patch -Patch0002: ebtables-2.0.9-lsb.patch -Patch0003: ebtables-2.0.10-linkfix.patch -Patch0004: ebtables-2.0.0-audit.patch -Patch0005: 0001-add-RARP-and-update-iana-url.patch -Patch0006: ebtables-2.0.10-lockdirfix.patch -Patch0007: ebtables-2.0.10-noflush.patch -# patch0008 from https://patchwork.ozlabs.org -Patch0008: ebtables-use-flock-for-concurrent-option.patch -BuildRequires: systemd +BuildRequires: systemd libtool Requires: systemd %{_sbindir}/update-alternatives Conflicts: setup < 2.10.4-1 @@ -37,64 +26,78 @@ Summary: help documents for ebtables Help package contains some doc and man help files for ebtables. %prep -%autosetup -n %{name}-v%{version}-%{ebminor} -p1 +%autosetup -n %{name}-%{version} f=THANKS; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f %build +./autogen.sh +./configure --mandir=/usr/share/man --bindir=/usr/sbin --sbindir=/usr/sbin --libdir=/lib64/ebtables --sysconfdir=/etc %make_build CFLAGS="${RPM_OPT_FLAGS}" LIBDIR="/%{_lib}/ebtables" BINDIR="%{_sbindir}" MANDIR="%{_mandir}" LDFLAGS="${RPM_LD_FLAGS} -Wl,-z,now" %install install -d %{buildroot}{%{_initrddir},%{_unitdir},%{_libexecdir},%{_sysconfdir}/sysconfig} install -p %{SOURCE3} %{buildroot}%{_unitdir}/ +install -p %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config chmod -x %{buildroot}%{_unitdir}/*.service install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables %make_install LIBDIR="/%{_lib}/ebtables" BINDIR="%{_sbindir}" MANDIR="%{_mandir}" touch %{buildroot}%{_sysconfdir}/sysconfig/{ebtables.nat,ebtables.filter,ebtables.broute} -rm -f %{buildroot}%{_sbindir}/ebtables-save -install %{SOURCE1} %{buildroot}%{_sbindir}/ebtables-save mv %{buildroot}/%{_lib}/ebtables/libebtc.so %{buildroot}/%{_lib}/ -mv %{buildroot}%{_sbindir}/ebtables %{buildroot}%{_sbindir}/ebtables-legacy -touch %{buildroot}%{_sbindir}/ebtables %post %systemd_post ebtables.service %?ldconfig -if [ "$(readlink -e %{_sbindir}/ebtables)" == %{_sbindir}/ebtables ]; then +if [ "$(readlink -e %{_sbindir}/ebtables)" == %{_sbindir}/ebtables ] ; then rm -f %{_sbindir}/ebtables fi %{_sbindir}/update-alternatives --install %{_sbindir}/ebtables ebtables %{_sbindir}/ebtables-legacy 10 +if [ "$(readlink -e %{_sbindir}/ebtables-restore)" == %{_sbindir}/ebtables-restore ] ; then + rm -f %{_sbindir}/ebtables-restore +fi +%{_sbindir}/update-alternatives --install %{_sbindir}/ebtables-restore ebtables-restore %{_sbindir}/ebtables-legacy-restore 10 + +if [ "$(readlink -e %{_sbindir}/ebtables-save)" == %{_sbindir}/ebtables-save ] ; then + rm -f %{_sbindir}/ebtables-save +fi +%{_sbindir}/update-alternatives --install %{_sbindir}/ebtables-save ebtables-save %{_sbindir}/ebtables-legacy-save 10 + %preun %systemd_preun ebtables.service %postun %systemd_postun_with_restart ebtables.service %?ldconfig -if [ $1 -eq 0 ]; then - %{_sbindir}/update-alternatives --remove ebtables %{_sbindir}/ebtables-legacy -fi %files %license COPYING -%{_sbindir}/ebtables-legacy* %{_unitdir}/ebtables.service %{_libexecdir}/ebtables /%{_lib}/libebtc.so /%{_lib}/ebtables/ %{_sbindir}/ebtables-* +%{_sbindir}/ebtables* %exclude %{_initrddir} %exclude %{_sysconfdir}/ethertypes %config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config %ghost %{_sbindir}/ebtables +%ghost %{_sbindir}/ebtables-restore +%ghost %{_sbindir}/ebtables-save %ghost %{_sysconfdir}/sysconfig/{ebtables.filter,ebtables.nat,ebtables.broute} %files help %doc ChangeLog THANKS -%doc %{_mandir}/man8/ebtables.8* +%doc %{_mandir}/man8/ebtables-legacy.8* %changelog +* Mon Jul 27 2020 openEuler Buildteam - 2.0.11-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Upgrade to version 2.0.11 + * Wed Jan 15 2020 openEuler Buildteam - 2.0.10-32 - Type:bugfix - ID:NA