Ubuntu
iptables package

Merge lp:~csurbhi/ubuntu/maverick/iptables/iptable-fix.600195 into lp:ubuntu/maverick/iptables

  1. Maverick (10.10)
  2. iptable-fix.600195
  3. Merge into maverick
Proposed by Surbhi Palande
Status: Merged
Merged at revision: 25
Proposed branch: lp:~csurbhi/ubuntu/maverick/iptables/iptable-fix.600195
Merge into: lp:ubuntu/maverick/iptables
Diff against target: 150 lines (+130/-0)
3 files modified
debian/changelog (+9/-0)
debian/patch/03-compilation-error.patch (+120/-0)
debian/patch/series (+1/-0)
To merge this branch: bzr merge lp:~csurbhi/ubuntu/maverick/iptables/iptable-fix.600195
Reviewer Review Type Date Requested Status
Colin Watson Approve
Review via email: mp+29779@code.launchpad.net

Description of the change

I have added 3 patches to the iptables package.

a) The first one of them fixes bug 600195 on LP. It resolves the following compilation error:
"./include/linux/netfilter_ipv4/ipt_ECN.h:11: fatal error: linux/netfilter_ipv4/ipt_DSCP.h: No such file or directory". This was resolved by replacing ipt_DSCP.h to xpt_DSCP.h as seen in debian unstable package.

b) The next patch adds the following 2 flags to the regular_CFLAGS in configure file:
1) -fno-strict-aliasing 2) -Werror
so that in future, errors like the on in lp#600195 would be captured early.

c) The last patch removes the unused functions 1) TC_NUM_RULES i.e ip6tc_num_rules and 2) TC_GET_RULEip6 i.e tc_get_rule. This removal is necessary if we add the patch 2. iptables would not compile without removing these functions.

Please do consider merging these changes in iptables for Maverick.

Thanks!

Warm Regards,
Surbhi.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) wrote :

OK, so this is a different packaging style from gparted. iptables uses
quilt, and (oddly, perhaps uniquely?) keeps patches relative to upstream
in debian/patch/ rather than debian/patches/. However, it does not use
3.0 (quilt), so the basic state of the tree is to have patches
unapplied.

Thus, what you should do here is temporarily export
QUILT_PATCHES=debian/patch, and then add your non-debian/ patches to
quilt in the way you did before. When you've added them, 'quilt pop
-a', 'bzr add' your new patch files, and commit. The merge preview
should show just debian/changelog and some files in debian/patches/.

Please also consolidate your changelog entries into one stanza with one
version number. The upload target should be 'maverick' (or 'UNRELEASED'
if you like, and I'll set it to 'maverick' when uploading) rather than
'lucid'. The usual style is:

  * Description of change (LP: #nnnnnn).

The substantive changes themselves look fine to me.

Revision history for this message
Surbhi Palande (csurbhi) wrote :

1) Now, uploaded the non debian changes as a patch added to debian/patch/03-compilation-error-fix.patch
2) Added the debian changes through bzr.

lp:~csurbhi/ubuntu/maverick/iptables/iptable-fix.600195 updated
25. By Surbhi Palande

* Replaced ipt_DSCP.h by xpt_DSCP.h in ipt_ECN.h and ipt_echn.h (LP: #600195)
* Added -fno-strict-aliasing -Werror switches to regular_CFLAGS for catching
  errors early
* Removed unused TC_NUM_RULES() and TC_GET_RULE()

Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2010-03-04 07:16:17 +0000
+++ debian/changelog 2010-07-14 09:34:47 +0000
@@ -1,3 +1,12 @@
1iptables (1.4.4-2ubuntu3) maverick; urgency=low
2
3 * Replaced ipt_DSCP.h by xpt_DSCP.h in ipt_ECN.h and ipt_echn.h (LP: #600195)
4 * Added -fno-strict-aliasing -Werror switches to regular_CFLAGS for catching
5 errors early
6 * Removed unused TC_NUM_RULES() and TC_GET_RULE()
7
8 -- Surbhi Palande <surbhi.palande@canonical.com> Wed, 14 Jul 2010 12:30:38 +0300
9
1iptables (1.4.4-2ubuntu2) lucid; urgency=low10iptables (1.4.4-2ubuntu2) lucid; urgency=low
211
3 * Added support for the xt_recent filter --reap switch. This12 * Added support for the xt_recent filter --reap switch. This
413
=== added file 'debian/patch/03-compilation-error.patch'
--- debian/patch/03-compilation-error.patch 1970-01-01 00:00:00 +0000
+++ debian/patch/03-compilation-error.patch 2010-07-14 09:34:47 +0000
@@ -0,0 +1,120 @@
1Index: b/configure
2===================================================================
3--- a/configure
4+++ b/configure
5@@ -11441,6 +11441,7 @@
6 -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
7 -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
8 -Winline -pipe \
9+ -fno-strict-aliasing -Werror\
10 -DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
11 kinclude_CFLAGS="";
12 if [ -n "$kbuilddir" ]; then
13Index: b/include/linux/netfilter_ipv4/ipt_ECN.h
14===================================================================
15--- a/include/linux/netfilter_ipv4/ipt_ECN.h
16+++ b/include/linux/netfilter_ipv4/ipt_ECN.h
17@@ -8,9 +8,9 @@
18 */
19 #ifndef _IPT_ECN_TARGET_H
20 #define _IPT_ECN_TARGET_H
21-#include <linux/netfilter_ipv4/ipt_DSCP.h>
22+#include <linux/netfilter/xt_DSCP.h>
23
24-#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK)
25+#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
26
27 #define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */
28 #define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */
29Index: b/include/linux/netfilter_ipv4/ipt_ecn.h
30===================================================================
31--- a/include/linux/netfilter_ipv4/ipt_ecn.h
32+++ b/include/linux/netfilter_ipv4/ipt_ecn.h
33@@ -8,9 +8,9 @@
34 */
35 #ifndef _IPT_ECN_H
36 #define _IPT_ECN_H
37-#include <linux/netfilter_ipv4/ipt_dscp.h>
38+#include <linux/netfilter/xt_DSCP.h>
39
40-#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK)
41+#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
42
43 #define IPT_ECN_OP_MATCH_IP 0x01
44 #define IPT_ECN_OP_MATCH_ECE 0x10
45Index: b/libiptc/libip4tc.c
46===================================================================
47--- a/libiptc/libip4tc.c
48+++ b/libiptc/libip4tc.c
49@@ -93,8 +93,6 @@
50 #define TC_FREE iptc_free
51 #define TC_COMMIT iptc_commit
52 #define TC_STRERROR iptc_strerror
53-#define TC_NUM_RULES iptc_num_rules
54-#define TC_GET_RULE iptc_get_rule
55
56 #define TC_AF AF_INET
57 #define TC_IPPROTO IPPROTO_IP
58Index: b/libiptc/libip6tc.c
59===================================================================
60--- a/libiptc/libip6tc.c
61+++ b/libiptc/libip6tc.c
62@@ -88,8 +88,6 @@
63 #define TC_FREE ip6tc_free
64 #define TC_COMMIT ip6tc_commit
65 #define TC_STRERROR ip6tc_strerror
66-#define TC_NUM_RULES ip6tc_num_rules
67-#define TC_GET_RULE ip6tc_get_rule
68
69 #define TC_AF AF_INET6
70 #define TC_IPPROTO IPPROTO_IPV6
71Index: b/libiptc/libiptc.c
72===================================================================
73--- a/libiptc/libiptc.c
74+++ b/libiptc/libiptc.c
75@@ -1563,45 +1563,6 @@
76 return r->entry;
77 }
78
79-/* How many rules in this chain? */
80-static unsigned int
81-TC_NUM_RULES(const char *chain, struct xtc_handle *handle)
82-{
83- struct chain_head *c;
84- iptc_fn = TC_NUM_RULES;
85- CHECK(handle);
86-
87- c = iptcc_find_label(chain, handle);
88- if (!c) {
89- errno = ENOENT;
90- return (unsigned int)-1;
91- }
92-
93- return c->num_rules;
94-}
95-
96-static const STRUCT_ENTRY *
97-TC_GET_RULE(const char *chain, unsigned int n, struct xtc_handle *handle)
98-{
99- struct chain_head *c;
100- struct rule_head *r;
101-
102- iptc_fn = TC_GET_RULE;
103-
104- CHECK(handle);
105-
106- c = iptcc_find_label(chain, handle);
107- if (!c) {
108- errno = ENOENT;
109- return NULL;
110- }
111-
112- r = iptcc_get_rule_num(c, n);
113- if (!r)
114- return NULL;
115- return r->entry;
116-}
117-
118 /* Returns a pointer to the target name of this position. */
119 static const char *standard_target_map(int verdict)
120 {
0121
=== modified file 'debian/patch/series'
--- debian/patch/series 2010-03-04 07:16:17 +0000
+++ debian/patch/series 2010-07-14 09:34:47 +0000
@@ -1,3 +1,4 @@
103-compilation-error.patch
10101-changelog.patch20101-changelog.patch
20102-howtos.patch30102-howtos.patch
30103-sgml_errors.patch40103-sgml_errors.patch

Subscribers

People subscribed via source and target branches

to all changes: