iptables-1.8.5-3
- nft: cache: Check consistency with NFT_CL_FAKE, too - nft: Fix command name in ip6tables error message
This commit is contained in:
Phil Sutter
parent
34ff3b278c
commit
fb677ca83c
40
0003-nft-cache-Check-consistency-with-NFT_CL_FAKE-too.patch
Normal file
40
0003-nft-cache-Check-consistency-with-NFT_CL_FAKE-too.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From eacefb728885b5dc51036181de83b2df309d4e6b Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Wed, 29 Jul 2020 15:39:31 +0200
|
||||
Subject: [PATCH] nft: cache: Check consistency with NFT_CL_FAKE, too
|
||||
|
||||
Athough this cache level fetches table names only, it shouldn't skip the
|
||||
consistency check.
|
||||
|
||||
Fixes: f42bfb344af82 ("nft: cache: Re-establish cache consistency check")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit b531365ce32f386d91c6a0bbc80ec4076e4babdd)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
iptables/nft-cache.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
|
||||
index 638b18bc7e382..434cc10b82ce7 100644
|
||||
--- a/iptables/nft-cache.c
|
||||
+++ b/iptables/nft-cache.c
|
||||
@@ -511,14 +511,14 @@ retry:
|
||||
if (req->level >= NFT_CL_TABLES)
|
||||
fetch_table_cache(h);
|
||||
if (req->level == NFT_CL_FAKE)
|
||||
- return;
|
||||
+ goto genid_check;
|
||||
if (req->level >= NFT_CL_CHAINS)
|
||||
fetch_chain_cache(h, t, chains);
|
||||
if (req->level >= NFT_CL_SETS)
|
||||
fetch_set_cache(h, t, NULL);
|
||||
if (req->level >= NFT_CL_RULES)
|
||||
fetch_rule_cache(h, t);
|
||||
-
|
||||
+genid_check:
|
||||
mnl_genid_get(h, &genid_check);
|
||||
if (h->nft_genid != genid_check) {
|
||||
flush_cache(h, h->cache, NULL);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
45
0004-nft-Fix-command-name-in-ip6tables-error-message.patch
Normal file
45
0004-nft-Fix-command-name-in-ip6tables-error-message.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From dac3434e2e7ea297a3886c662d558305b460670b Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri, 7 Aug 2020 13:48:28 +0200
|
||||
Subject: [PATCH] nft: Fix command name in ip6tables error message
|
||||
|
||||
Upon errors, ip6tables-nft would prefix its error messages with
|
||||
'iptables:' instead of 'ip6tables:'. Turns out the command name was
|
||||
hard-coded, use 'progname' variable instead.
|
||||
While being at it, merge the two mostly identical fprintf() calls into
|
||||
one.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 3be40dcfb5af1438b6abdbda45a1e3b59c104e13)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
iptables/xtables-standalone.c | 12 ++++--------
|
||||
1 file changed, 4 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
|
||||
index dd6fb7919d2e1..7b71db62f1ea6 100644
|
||||
--- a/iptables/xtables-standalone.c
|
||||
+++ b/iptables/xtables-standalone.c
|
||||
@@ -75,14 +75,10 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
|
||||
xtables_fini();
|
||||
|
||||
if (!ret) {
|
||||
- if (errno == EINVAL) {
|
||||
- fprintf(stderr, "iptables: %s. "
|
||||
- "Run `dmesg' for more information.\n",
|
||||
- nft_strerror(errno));
|
||||
- } else {
|
||||
- fprintf(stderr, "iptables: %s.\n",
|
||||
- nft_strerror(errno));
|
||||
- }
|
||||
+ fprintf(stderr, "%s: %s.%s\n", progname, nft_strerror(errno),
|
||||
+ (errno == EINVAL ?
|
||||
+ " Run `dmesg' for more information." : ""));
|
||||
+
|
||||
if (errno == EAGAIN)
|
||||
exit(RESOURCE_PROBLEM);
|
||||
}
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -19,7 +19,7 @@ Name: iptables
|
||||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||
URL: http://www.netfilter.org/projects/iptables
|
||||
Version: 1.8.5
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Source: %{url}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: iptables.init
|
||||
Source2: iptables-config
|
||||
@ -34,6 +34,8 @@ Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
|
||||
|
||||
Patch1: 0001-build-resolve-iptables-apply-not-getting-installed.patch
|
||||
Patch2: 0002-xtables-translate-don-t-fail-if-help-was-requested.patch
|
||||
Patch3: 0003-nft-cache-Check-consistency-with-NFT_CL_FAKE-too.patch
|
||||
Patch4: 0004-nft-Fix-command-name-in-ip6tables-error-message.patch
|
||||
|
||||
# pf.os: ISC license
|
||||
# iptables-apply: Artistic Licence 2.0
|
||||
@ -446,6 +448,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Aug 25 15:56:10 GMT 2020 Phil Sutter <psutter@redhat.com> - 1.8.5-3
|
||||
- nft: cache: Check consistency with NFT_CL_FAKE, too
|
||||
- nft: Fix command name in ip6tables error message
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user