rpms/iptables
5
0
Fork 0
Code Issues Pull Requests Releases Activity

iptables-1.8.5-3

Browse Source 
- nft: cache: Check consistency with NFT_CL_FAKE, too
- nft: Fix command name in ip6tables error message
This commit is contained in:
Phil Sutter 2020-08-25 17:57:13 +02:00
parent 34ff3b278c
commit fb677ca83c
3 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0003-nft-cache-Check-consistency-with-NFT_CL_FAKE-too.patch Normal file
View File

@ -0,0 +1,40 @@
From eacefb728885b5dc51036181de83b2df309d4e6b Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 29 Jul 2020 15:39:31 +0200
Subject: [PATCH] nft: cache: Check consistency with NFT_CL_FAKE, too
Athough this cache level fetches table names only, it shouldn't skip the
consistency check.
Fixes: f42bfb344af82 ("nft: cache: Re-establish cache consistency check")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit b531365ce32f386d91c6a0bbc80ec4076e4babdd)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
iptables/nft-cache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 638b18bc7e382..434cc10b82ce7 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -511,14 +511,14 @@ retry:
if (req->level >= NFT_CL_TABLES)
fetch_table_cache(h);
if (req->level == NFT_CL_FAKE)
- return;
+ goto genid_check;
if (req->level >= NFT_CL_CHAINS)
fetch_chain_cache(h, t, chains);
if (req->level >= NFT_CL_SETS)
fetch_set_cache(h, t, NULL);
if (req->level >= NFT_CL_RULES)
fetch_rule_cache(h, t);
-
+genid_check:
mnl_genid_get(h, &genid_check);
if (h->nft_genid != genid_check) {
flush_cache(h, h->cache, NULL);
--
2.27.0

45
0004-nft-Fix-command-name-in-ip6tables-error-message.patch Normal file
View File

@ -0,0 +1,45 @@
From dac3434e2e7ea297a3886c662d558305b460670b Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 7 Aug 2020 13:48:28 +0200
Subject: [PATCH] nft: Fix command name in ip6tables error message
Upon errors, ip6tables-nft would prefix its error messages with
'iptables:' instead of 'ip6tables:'. Turns out the command name was
hard-coded, use 'progname' variable instead.
While being at it, merge the two mostly identical fprintf() calls into
one.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3be40dcfb5af1438b6abdbda45a1e3b59c104e13)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
iptables/xtables-standalone.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index dd6fb7919d2e1..7b71db62f1ea6 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -75,14 +75,10 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
xtables_fini();
if (!ret) {
- if (errno == EINVAL) {
- fprintf(stderr, "iptables: %s. "
- "Run `dmesg' for more information.\n",
- nft_strerror(errno));
- } else {
- fprintf(stderr, "iptables: %s.\n",
- nft_strerror(errno));
- }
+ fprintf(stderr, "%s: %s.%s\n", progname, nft_strerror(errno),
+ (errno == EINVAL ?
+ " Run `dmesg' for more information." : ""));
+
if (errno == EAGAIN)
exit(RESOURCE_PROBLEM);
}
--
2.27.0

8
iptables.spec
View File

@ -19,7 +19,7 @@ Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities Summary: Tools for managing Linux kernel packet filtering capabilities
URL: http://www.netfilter.org/projects/iptables URL: http://www.netfilter.org/projects/iptables
Version: 1.8.5 Version: 1.8.5
Release: 2%{?dist} Release: 3%{?dist}
Source: %{url}/files/%{name}-%{version}.tar.bz2 Source: %{url}/files/%{name}-%{version}.tar.bz2
Source1: iptables.init Source1: iptables.init
Source2: iptables-config Source2: iptables-config
@ -34,6 +34,8 @@ Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
Patch1: 0001-build-resolve-iptables-apply-not-getting-installed.patch Patch1: 0001-build-resolve-iptables-apply-not-getting-installed.patch
Patch2: 0002-xtables-translate-don-t-fail-if-help-was-requested.patch Patch2: 0002-xtables-translate-don-t-fail-if-help-was-requested.patch
Patch3: 0003-nft-cache-Check-consistency-with-NFT_CL_FAKE-too.patch
Patch4: 0004-nft-Fix-command-name-in-ip6tables-error-message.patch
# pf.os: ISC license # pf.os: ISC license
# iptables-apply: Artistic Licence 2.0 # iptables-apply: Artistic Licence 2.0
@ -446,6 +448,10 @@ fi
%changelog %changelog
* Tue Aug 25 15:56:10 GMT 2020 Phil Sutter <psutter@redhat.com> - 1.8.5-3
- nft: cache: Check consistency with NFT_CL_FAKE, too
- nft: Fix command name in ip6tables error message
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.5-2 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild