- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
This commit is contained in:
parent
f7ec09d02c
commit
668046c0c7
119
iptables-1.4.7-xt_CHECKSUM.patch
Normal file
119
iptables-1.4.7-xt_CHECKSUM.patch
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..00fbd8f
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/extensions/libxt_CHECKSUM.c
|
||||||
|
@@ -0,0 +1,99 @@
|
||||||
|
+/* Shared library add-on to xtables for CHECKSUM
|
||||||
|
+ *
|
||||||
|
+ * (C) 2002 by Harald Welte <laforge@gnumonks.org>
|
||||||
|
+ * (C) 2010 by Red Hat, Inc
|
||||||
|
+ * Author: Michael S. Tsirkin <mst@redhat.com>
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed under the terms of GNU GPL v2, 1991
|
||||||
|
+ *
|
||||||
|
+ * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c
|
||||||
|
+ *
|
||||||
|
+ * $Id$
|
||||||
|
+ */
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <getopt.h>
|
||||||
|
+
|
||||||
|
+#include <xtables.h>
|
||||||
|
+#include <linux/netfilter/xt_CHECKSUM.h>
|
||||||
|
+
|
||||||
|
+static void CHECKSUM_help(void)
|
||||||
|
+{
|
||||||
|
+ printf(
|
||||||
|
+"CHECKSUM target options\n"
|
||||||
|
+" --checksum-fill Fill in packet checksum.\n");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static const struct option CHECKSUM_opts[] = {
|
||||||
|
+ { "checksum-fill", 0, NULL, 'F' },
|
||||||
|
+ { .name = NULL }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags,
|
||||||
|
+ const void *entry, struct xt_entry_target **target)
|
||||||
|
+{
|
||||||
|
+ struct xt_CHECKSUM_info *einfo
|
||||||
|
+ = (struct xt_CHECKSUM_info *)(*target)->data;
|
||||||
|
+
|
||||||
|
+ switch (c) {
|
||||||
|
+ case 'F':
|
||||||
|
+ if (*flags)
|
||||||
|
+ xtables_error(PARAMETER_PROBLEM,
|
||||||
|
+ "CHECKSUM target: Only use --checksum-fill ONCE!");
|
||||||
|
+ einfo->operation = XT_CHECKSUM_OP_FILL;
|
||||||
|
+ *flags |= XT_CHECKSUM_OP_FILL;
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void CHECKSUM_check(unsigned int flags)
|
||||||
|
+{
|
||||||
|
+ if (!flags)
|
||||||
|
+ xtables_error(PARAMETER_PROBLEM,
|
||||||
|
+ "CHECKSUM target: Parameter --checksum-fill is required");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target,
|
||||||
|
+ int numeric)
|
||||||
|
+{
|
||||||
|
+ const struct xt_CHECKSUM_info *einfo =
|
||||||
|
+ (const struct xt_CHECKSUM_info *)target->data;
|
||||||
|
+
|
||||||
|
+ printf("CHECKSUM ");
|
||||||
|
+
|
||||||
|
+ if (einfo->operation & XT_CHECKSUM_OP_FILL)
|
||||||
|
+ printf("fill ");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
|
||||||
|
+{
|
||||||
|
+ const struct xt_CHECKSUM_info *einfo =
|
||||||
|
+ (const struct xt_CHECKSUM_info *)target->data;
|
||||||
|
+
|
||||||
|
+ if (einfo->operation & XT_CHECKSUM_OP_FILL)
|
||||||
|
+ printf("--checksum-fill ");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static struct xtables_target checksum_tg_reg = {
|
||||||
|
+ .name = "CHECKSUM",
|
||||||
|
+ .version = XTABLES_VERSION,
|
||||||
|
+ .family = NFPROTO_UNSPEC,
|
||||||
|
+ .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
|
||||||
|
+ .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
|
||||||
|
+ .help = CHECKSUM_help,
|
||||||
|
+ .parse = CHECKSUM_parse,
|
||||||
|
+ .final_check = CHECKSUM_check,
|
||||||
|
+ .print = CHECKSUM_print,
|
||||||
|
+ .save = CHECKSUM_save,
|
||||||
|
+ .extra_opts = CHECKSUM_opts,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+void _init(void)
|
||||||
|
+{
|
||||||
|
+ xtables_register_target(&checksum_tg_reg);
|
||||||
|
+}
|
||||||
|
diff --git a/extensions/libxt_CHECKSUM.man b/extensions/libxt_CHECKSUM.man
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..92ae700
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/extensions/libxt_CHECKSUM.man
|
||||||
|
@@ -0,0 +1,8 @@
|
||||||
|
+This target allows to selectively work around broken/old applications.
|
||||||
|
+It can only be used in the mangle table.
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-checksum\-fill\fP
|
||||||
|
+Compute and fill in the checksum in a packet that lacks a checksum.
|
||||||
|
+This is particularly useful, if you need to work around old applications
|
||||||
|
+such as dhcp clients, that do not work well with checksum offloads,
|
||||||
|
+but don't want to disable checksum offload in your device.
|
@ -1,11 +1,12 @@
|
|||||||
Name: iptables
|
Name: iptables
|
||||||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||||
Version: 1.4.9
|
Version: 1.4.9
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
|
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
|
||||||
Source1: iptables.init
|
Source1: iptables.init
|
||||||
Source2: iptables-config
|
Source2: iptables-config
|
||||||
Patch5: iptables-1.4.9-cloexec.patch
|
Patch5: iptables-1.4.9-cloexec.patch
|
||||||
|
Patch6: iptables-1.4.7-xt_CHECKSUM.patch
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://www.netfilter.org/
|
URL: http://www.netfilter.org/
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
@ -52,6 +53,7 @@ stable and may change with every new version. It is therefore unsupported.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch5 -p1 -b .cloexec
|
%patch5 -p1 -b .cloexec
|
||||||
|
%patch6 -p1 -b .xt_CHECKSUM
|
||||||
|
|
||||||
%build
|
%build
|
||||||
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
|
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
|
||||||
@ -163,6 +165,9 @@ fi
|
|||||||
%{_libdir}/pkgconfig/xtables.pc
|
%{_libdir}/pkgconfig/xtables.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 12 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-2
|
||||||
|
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
|
||||||
|
|
||||||
* Wed Aug 4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
|
* Wed Aug 4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
|
||||||
- new version 1.4.9 with all new features of 2.6.35
|
- new version 1.4.9 with all new features of 2.6.35
|
||||||
- doc: xt_hashlimit: fix a typo
|
- doc: xt_hashlimit: fix a typo
|
||||||
|
Loading…
Reference in New Issue
Block a user