From 7d8e51ef997a90b6190f87c717d4cf753419af6f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 8 Jun 2022 18:35:59 +0200 Subject: [PATCH] iptables-1.8.8-3.el9 - arptables: Support -x/--exact flag Related: rhbz#2084543 --- 0005-arptables-Support-x-exact-flag.patch | 33 +++++++++++++++++++++++ iptables.spec | 8 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 0005-arptables-Support-x-exact-flag.patch diff --git a/0005-arptables-Support-x-exact-flag.patch b/0005-arptables-Support-x-exact-flag.patch new file mode 100644 index 0000000..98c11b8 --- /dev/null +++ b/0005-arptables-Support-x-exact-flag.patch @@ -0,0 +1,33 @@ +From 5d197a9a4c0f456243894aea4b5fd059ecf6c402 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 7 Jun 2022 18:07:00 +0200 +Subject: [PATCH] arptables: Support -x/--exact flag + +Legacy arptables accepts but ignores the flag. Yet there are remains of +the functionality in sources, like OPT_EXPANDED define and a print_num() +function which acts on FMT_KILOMEGAGIGA flag being set or not. So +instead of mimicking legacy behaviour by explicitly ignoring -x flag for +arptables, just enable the feature for it. + +Signed-off-by: Phil Sutter +(cherry picked from commit 24c5b593156de29a49146bcc3497ebb7d8d40ef0) +--- + iptables/xshared.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/iptables/xshared.h b/iptables/xshared.h +index 14568bb00fb65..a50c8b7298072 100644 +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -69,7 +69,7 @@ struct xtables_target; + + #define OPTSTRING_COMMON "-:A:C:D:E:F::I:L::M:N:P:VX::Z::" "c:d:i:j:o:p:s:t:" + #define IPT_OPTSTRING OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x" +-#define ARPT_OPTSTRING OPTSTRING_COMMON "R:S::" "h::l:nv" /* "m:" */ ++#define ARPT_OPTSTRING OPTSTRING_COMMON "R:S::" "h::l:nvx" /* "m:" */ + #define EBT_OPTSTRING OPTSTRING_COMMON "hv" + + /* define invflags which won't collide with IPT ones */ +-- +2.34.1 + diff --git a/iptables.spec b/iptables.spec index c26e2fb..735f9fb 100644 --- a/iptables.spec +++ b/iptables.spec @@ -16,7 +16,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities URL: https://www.netfilter.org/projects/iptables Version: 1.8.8 -Release: 2%{?dist} +Release: 3%{?dist} Source: %{url}/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -32,7 +32,8 @@ Source10: ebtables-config Patch01: 0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch Patch02: 0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch Patch03: 0003-xshared-Fix-build-for-Werror-format-security.patch -patch04: 0004-tests-shell-Check-overhead-in-iptables-save-and-rest.patch +Patch04: 0004-tests-shell-Check-overhead-in-iptables-save-and-rest.patch +Patch05: 0005-arptables-Support-x-exact-flag.patch # pf.os: ISC license # iptables-apply: Artistic 2.0 @@ -448,6 +449,9 @@ fi %ghost %{_mandir}/man8/ebtables.8.gz %changelog +* Wed Jun 08 2022 Phil Sutter - 1.8.8-3 +- arptables: Support -x/--exact flag + * Thu Jun 02 2022 Phil Sutter - 1.8.8-2 - tests: shell: Check overhead in iptables-save and -restore