iptables-1.8.10-8.el9

* Thu Dec 05 2024 Phil Sutter <psutter@redhat.com> [1.8.10-8.el9]
- Revert "xshared: Print protocol numbers if --numeric was given" (Phil Sutter) [RHEL-70173]
Resolves: RHEL-70173
This commit is contained in:
Phil Sutter 2024-12-05 18:03:18 +01:00
parent 5371b0d64d
commit cd46da9928
2 changed files with 105 additions and 1 deletions

View File

@ -0,0 +1,100 @@
From 04ed17727f6f008be9a9ce1281d8e8db8d867332 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 5 Dec 2024 18:01:53 +0100
Subject: [PATCH] Revert "xshared: Print protocol numbers if --numeric was
given"
JIRA: https://issues.redhat.com/browse/RHEL-70173
Upstream Status: iptables commit 34f085b1607364f4eaded1140060dcaf965a2649
commit 34f085b1607364f4eaded1140060dcaf965a2649
Author: Phil Sutter <phil@nwl.cc>
Date: Wed Jan 10 14:08:58 2024 +0100
Revert "xshared: Print protocol numbers if --numeric was given"
This reverts commit da8ecc62dd765b15df84c3aa6b83dcb7a81d4ffa.
The patch's original intention is not entirely clear anymore. If it was
to reduce delays involved by calling getprotobynumber() though, commit
b6196c7504d4d ("xshared: Prefer xtables_chain_protos lookup over
getprotoent") avoids those if --numeric flag was given already. Also,
this numeric protocol output did not cover iptables-save which is a more
relevant candidate for such optimizations anyway.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1729
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
.../shell/testcases/ip6tables/0002-verbose-output_0 | 10 +++++-----
.../testcases/ipt-restore/0011-noflush-empty-line_0 | 2 +-
.../shell/testcases/iptables/0002-verbose-output_0 | 4 ++--
iptables/xshared.c | 6 +++---
4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
index cc18a94..45fab83 100755
--- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
@@ -33,11 +33,11 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
- 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::1 feed:babe::2
- 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::4 feed:babe::5
- 0 0 58 -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
- 0 0 0 -- * * ::/0 ::/0 dst length:42 rt type:23
- 0 0 LOG 0 -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5
+ 0 0 ipv6-icmp -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
+ 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23
+ 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination'
diff --git a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
index 1a3af46..bea1a69 100755
--- a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
+++ b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
@@ -12,5 +12,5 @@ EOF
EXPECT='Chain FORWARD (policy ACCEPT)
target prot opt source destination
-ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 '
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 '
diff -u <(echo "$EXPECT") <($XT_MULTI iptables -n -L FORWARD)
diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
index 15c72af..5d2af4c 100755
--- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
@@ -21,8 +21,8 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
- 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.1 10.0.0.2
- 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.4 10.0.0.5
+ 0 0 ACCEPT all -- eth2 eth3 10.0.0.1 10.0.0.2
+ 0 0 ACCEPT all -- eth2 eth3 10.0.0.4 10.0.0.5
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination'
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 5f75a0a..53a30db 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1083,10 +1083,10 @@ void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs,
fputc(invflags & XT_INV_PROTO ? '!' : ' ', stdout);
- if (((format & (FMT_NUMERIC | FMT_NOTABLE)) == FMT_NUMERIC) || !pname)
- printf(FMT("%-4hu ", "%hu "), proto);
- else
+ if (pname)
printf(FMT("%-4s ", "%s "), pname);
+ else
+ printf(FMT("%-4hu ", "%hu "), proto);
}
void save_rule_details(const char *iniface, unsigned const char *iniface_mask,

View File

@ -1,5 +1,5 @@
%define iptables_rpmversion 1.8.10 %define iptables_rpmversion 1.8.10
%define iptables_specrelease 7 %define iptables_specrelease 8
# install init scripts to /usr/libexec with systemd # install init scripts to /usr/libexec with systemd
%global script_path %{_libexecdir}/iptables %global script_path %{_libexecdir}/iptables
@ -48,6 +48,7 @@ Patch12: 0012-xtables-monitor-Support-arptables-chain-events.patch
Patch13: 0013-tests-shell-New-xtables-monitor-test.patch Patch13: 0013-tests-shell-New-xtables-monitor-test.patch
Patch14: 0014-xtables-monitor-Fix-for-ebtables-rule-events.patch Patch14: 0014-xtables-monitor-Fix-for-ebtables-rule-events.patch
Patch15: 0015-xtables-monitor-Ignore-ebtables-policy-rules-unless-.patch Patch15: 0015-xtables-monitor-Ignore-ebtables-policy-rules-unless-.patch
Patch16: 0016-Revert-xshared-Print-protocol-numbers-if-numeric-was.patch
# pf.os: ISC license # pf.os: ISC license
# iptables-apply: Artistic 2.0 # iptables-apply: Artistic 2.0
@ -482,6 +483,9 @@ fi
%ghost %{_mandir}/man8/ebtables{,-translate}.8.gz %ghost %{_mandir}/man8/ebtables{,-translate}.8.gz
%changelog %changelog
* Thu Dec 05 2024 Phil Sutter <psutter@redhat.com> [1.8.10-8.el9]
- Revert "xshared: Print protocol numbers if --numeric was given" (Phil Sutter) [RHEL-70173]
* Wed Nov 27 2024 Phil Sutter <psutter@redhat.com> [1.8.10-7.el9] * Wed Nov 27 2024 Phil Sutter <psutter@redhat.com> [1.8.10-7.el9]
- Bump release for side-tag (Phil Sutter) [RHEL-69283 RHEL-69284] - Bump release for side-tag (Phil Sutter) [RHEL-69283 RHEL-69284]