Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. Devel
[PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets
yasuyuki.kozakai at toshiba
Jul 23, 2007, 11:57 PM
Post #1 of 8 (4526 views)
Permalink
Hi all,

From: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>

> From: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
>
> > Well, I found missing FIN in text of help() in libipt_tcp.c then also
> > fixed. New release is necessary again ? grrr.. If so, I'll change version
> > in Makefile, and apply xtables patches to main trunk.
>
> If no one wants new release again before commiting thse patches,
> I'll commit them into main trunk without changing version in Makefile
> next week (maybe Tuesday).

I've commited them. I will commit following for other matches/targets
this weekend. Finally we can save about 3600 lines and add IPv6 support to
13 modules.

This time I post patches generated by 'git-format-patch -M' for ease of
review.

[01/13] Add IPv6 support to CONNMARK match
[02/13] Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK
[03/13] Unifies libip[6]t_MARK into libxt_MARK
[04/13] Unifies libip[6]t_hashlimit into libxt_hashlimit
[05/13] Unifies libip[6]t_connmark into libxt_connmark
[06/13] Unifies libip[6]t_state into libxt_state
[07/13] Unifies libip[6]t_NFLOG into libxt_NFLOG
[08/13] Unifies libip[6]t_TRACE into libxt_TRACE
[09/13] Add IPv6 support to CLASSIFY target
[10/13] Add IPv6 support to DSCP target
[11/13] Add IPv6 support to connbytes match
[12/13] Add IPv6 support to helper match
[13/13] Add IPv6 support to statistic match

-- Yasuyuki Kozakai
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
jengelh at computergmbh
Jul 24, 2007, 1:54 AM
Post #2 of 8 (4415 views)
Permalink
iptables svn6960 does not yet search for the libxt_*.so files.


# strace -e open ./iptables -t nat -L
...
open("/ws/iptables/extensions/libipt_tcp.so", O_RDONLY) = -1 ENOENT (No
such file or directory)
REDIRECT tcp -- anywhere 192.168.250.2 UNKNOWN
match `tcp' redir ports 8080



Jan
--
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
yasuyuki.kozakai at toshiba
Jul 24, 2007, 2:08 AM
Post #3 of 8 (4407 views)
Permalink
From: Jan Engelhardt <jengelh@computergmbh.de>
Date: Tue, 24 Jul 2007 10:54:25 +0200 (CEST)

> iptables svn6960 does not yet search for the libxt_*.so files.
>
>
> # strace -e open ./iptables -t nat -L
> ...
> open("/ws/iptables/extensions/libipt_tcp.so", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> REDIRECT tcp -- anywhere 192.168.250.2 UNKNOWN
> match `tcp' redir ports 8080

Thanks for report.

I wrote Makefile to make symbolic link from libip[6]t_*.so to libxt_*.so.
How did you make and install iptables ?

-- Yasuyuki Kozakai
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
jengelh at computergmbh
Jul 24, 2007, 2:12 AM
Post #4 of 8 (4402 views)
Permalink
On Jul 24 2007 18:08, Yasuyuki KOZAKAI wrote:
>
>> iptables svn6960 does not yet search for the libxt_*.so files.
>>
>>
>> # strace -e open ./iptables -t nat -L
>> ...
>> open("/ws/iptables/extensions/libipt_tcp.so", O_RDONLY) = -1 ENOENT (No
>> such file or directory)
>> REDIRECT tcp -- anywhere 192.168.250.2 UNKNOWN
>> match `tcp' redir ports 8080
>
>Thanks for report.
>
>I wrote Makefile to make symbolic link from libip[6]t_*.so to libxt_*.so.
>How did you make and install iptables ?

>From /ws/iptables (svn code dir):

make KERNEL_DIR=/ws/linux/linux-2.6.22 PREFIX=/usr
LIBIPT_DIR=/ws/iptables/extensions

I did not install it, but ran it from /ws/iptables.


Jan
--
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
yasuyuki.kozakai at toshiba
Jul 24, 2007, 2:49 AM
Post #5 of 8 (4440 views)
Permalink
From: Jan Engelhardt <jengelh@computergmbh.de>
Date: Tue, 24 Jul 2007 11:12:57 +0200 (CEST)

> On Jul 24 2007 18:08, Yasuyuki KOZAKAI wrote:
> >
> >> iptables svn6960 does not yet search for the libxt_*.so files.
> >>
> >>
> >> # strace -e open ./iptables -t nat -L
> >> ...
> >> open("/ws/iptables/extensions/libipt_tcp.so", O_RDONLY) = -1 ENOENT (No
> >> such file or directory)
> >> REDIRECT tcp -- anywhere 192.168.250.2 UNKNOWN
> >> match `tcp' redir ports 8080
> >
> >Thanks for report.
> >
> >I wrote Makefile to make symbolic link from libip[6]t_*.so to libxt_*.so.
> >How did you make and install iptables ?
>
> From /ws/iptables (svn code dir):
>
> make KERNEL_DIR=/ws/linux/linux-2.6.22 PREFIX=/usr
> LIBIPT_DIR=/ws/iptables/extensions
>
> I did not install it, but ran it from /ws/iptables.

Wow, I didn't expect such usage. But I'm not sure we should support
this usage. The reason why I employed symbolic link instead of iptables
searching libxt_*.so is to keep codes simple. Actually I'm not familiar
of 'tryload' argument of find_{match,target} so I just kept the behavior of
them :) If I come up with good idea, I will support it.

-- Yasuyuki Kozakai
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
kaber at trash
Jul 24, 2007, 6:02 PM
Post #6 of 8 (4398 views)
Permalink
Yasuyuki KOZAKAI wrote:
> I've commited them. I will commit following for other matches/targets
> this weekend. Finally we can save about 3600 lines and add IPv6 support to
> 13 modules.
>

Very nice work, thanks a lot :)

> This time I post patches generated by 'git-format-patch -M' for ease of
> review.

Which reminds me how nice it would be to replace SVN by git ...
does anyone know how well the git import works? I recall
seeing some people reporting problems on the git list.
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
jengelh at computergmbh
Jul 25, 2007, 1:31 AM
Post #7 of 8 (4403 views)
Permalink
On Jul 25 2007 03:02, Patrick McHardy wrote:
> Yasuyuki KOZAKAI wrote:
>> I've commited them. I will commit following for other matches/targets
>> this weekend. Finally we can save about 3600 lines and add IPv6 support to
>> 13 modules.
>>
>
> Very nice work, thanks a lot :)
>
>> This time I post patches generated by 'git-format-patch -M' for ease of
>> review.
>
> Which reminds me how nice it would be to replace SVN by git ...
> does anyone know how well the git import works? I recall
> seeing some people reporting problems on the git list.

Well, I always recommand "add; commit" instead of "import" (at least
for cvs and svn, but I suppose it applies to every SCM) - because
importing does not automatically put the files in your WC like add;ci does.
(And if you don't know how to import - there's add;ci :-))


Jan
--
Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets [ In reply to ]
kaber at trash
Jul 25, 2007, 6:56 AM
Post #8 of 8 (4406 views)
Permalink
Jan Engelhardt wrote:
> On Jul 25 2007 03:02, Patrick McHardy wrote:
>
>>Which reminds me how nice it would be to replace SVN by git ...
>>does anyone know how well the git import works? I recall
>>seeing some people reporting problems on the git list.
>
>
> Well, I always recommand "add; commit" instead of "import" (at least
> for cvs and svn, but I suppose it applies to every SCM) - because
> importing does not automatically put the files in your WC like add;ci does.
> (And if you don't know how to import - there's add;ci :-))


I'm talking about a repository including history, not single files.
Ideally with SVN "branches" as real branches.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal