[iptables] - added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
Thomas Woerner
twoerner at fedoraproject.org
Tue Oct 12 17:39:34 UTC 2010
commit 668046c0c7a3bcaae3730d417ea7cb27789c63f7
Author: Thomas Woerner <twoerner at redhat.com>
Date: Tue Oct 12 19:42:44 2010 +0200
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
iptables-1.4.7-xt_CHECKSUM.patch | 119 ++++++++++++++++++++++++++++++++++++++
iptables.spec | 7 ++-
2 files changed, 125 insertions(+), 1 deletions(-)
---
diff --git a/iptables-1.4.7-xt_CHECKSUM.patch b/iptables-1.4.7-xt_CHECKSUM.patch
new file mode 100644
index 0000000..282f934
--- /dev/null
+++ b/iptables-1.4.7-xt_CHECKSUM.patch
@@ -0,0 +1,119 @@
+diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c
+new file mode 100644
+index 0000000..00fbd8f
+--- /dev/null
++++ b/extensions/libxt_CHECKSUM.c
+@@ -0,0 +1,99 @@
++/* Shared library add-on to xtables for CHECKSUM
++ *
++ * (C) 2002 by Harald Welte <laforge at gnumonks.org>
++ * (C) 2010 by Red Hat, Inc
++ * Author: Michael S. Tsirkin <mst at redhat.com>
++ *
++ * This program is distributed under the terms of GNU GPL v2, 1991
++ *
++ * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c
++ *
++ * $Id$
++ */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <xtables.h>
++#include <linux/netfilter/xt_CHECKSUM.h>
++
++static void CHECKSUM_help(void)
++{
++ printf(
++"CHECKSUM target options\n"
++" --checksum-fill Fill in packet checksum.\n");
++}
++
++static const struct option CHECKSUM_opts[] = {
++ { "checksum-fill", 0, NULL, 'F' },
++ { .name = NULL }
++};
++
++static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags,
++ const void *entry, struct xt_entry_target **target)
++{
++ struct xt_CHECKSUM_info *einfo
++ = (struct xt_CHECKSUM_info *)(*target)->data;
++
++ switch (c) {
++ case 'F':
++ if (*flags)
++ xtables_error(PARAMETER_PROBLEM,
++ "CHECKSUM target: Only use --checksum-fill ONCE!");
++ einfo->operation = XT_CHECKSUM_OP_FILL;
++ *flags |= XT_CHECKSUM_OP_FILL;
++ break;
++ default:
++ return 0;
++ }
++
++ return 1;
++}
++
++static void CHECKSUM_check(unsigned int flags)
++{
++ if (!flags)
++ xtables_error(PARAMETER_PROBLEM,
++ "CHECKSUM target: Parameter --checksum-fill is required");
++}
++
++static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target,
++ int numeric)
++{
++ const struct xt_CHECKSUM_info *einfo =
++ (const struct xt_CHECKSUM_info *)target->data;
++
++ printf("CHECKSUM ");
++
++ if (einfo->operation & XT_CHECKSUM_OP_FILL)
++ printf("fill ");
++}
++
++static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
++{
++ const struct xt_CHECKSUM_info *einfo =
++ (const struct xt_CHECKSUM_info *)target->data;
++
++ if (einfo->operation & XT_CHECKSUM_OP_FILL)
++ printf("--checksum-fill ");
++}
++
++static struct xtables_target checksum_tg_reg = {
++ .name = "CHECKSUM",
++ .version = XTABLES_VERSION,
++ .family = NFPROTO_UNSPEC,
++ .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
++ .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
++ .help = CHECKSUM_help,
++ .parse = CHECKSUM_parse,
++ .final_check = CHECKSUM_check,
++ .print = CHECKSUM_print,
++ .save = CHECKSUM_save,
++ .extra_opts = CHECKSUM_opts,
++};
++
++void _init(void)
++{
++ xtables_register_target(&checksum_tg_reg);
++}
+diff --git a/extensions/libxt_CHECKSUM.man b/extensions/libxt_CHECKSUM.man
+new file mode 100644
+index 0000000..92ae700
+--- /dev/null
++++ b/extensions/libxt_CHECKSUM.man
+@@ -0,0 +1,8 @@
++This target allows to selectively work around broken/old applications.
++It can only be used in the mangle table.
++.TP
++\fB\-\-checksum\-fill\fP
++Compute and fill in the checksum in a packet that lacks a checksum.
++This is particularly useful, if you need to work around old applications
++such as dhcp clients, that do not work well with checksum offloads,
++but don't want to disable checksum offload in your device.
diff --git a/iptables.spec b/iptables.spec
index 5745b4d..df35e90 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,11 +1,12 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
Version: 1.4.9
-Release: 1%{?dist}
+Release: 2%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Patch5: iptables-1.4.9-cloexec.patch
+Patch6: iptables-1.4.7-xt_CHECKSUM.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -52,6 +53,7 @@ stable and may change with every new version. It is therefore unsupported.
%prep
%setup -q
%patch5 -p1 -b .cloexec
+%patch6 -p1 -b .xt_CHECKSUM
%build
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
@@ -163,6 +165,9 @@ fi
%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Tue Oct 12 2010 Thomas Woerner <twoerner at redhat.com> 1.4.9-2
+- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
+
* Wed Aug 4 2010 Thomas Woerner <twoerner at redhat.com> 1.4.9-1
- new version 1.4.9 with all new features of 2.6.35
- doc: xt_hashlimit: fix a typo
More information about the scm-commits
mailing list