xtables-addons:master

Last commit made on 2019-12-01
Get this branch:
git clone -b master https://git.launchpad.net/xtables-addons

Branch merges

Branch information

Name:
master
Repository:
lp:xtables-addons

Recent commits

061fc79... by Jan Engelhardt on 2019-12-01

Xtables-addons 3.7

bf1ca29... by Jeremy Sowden on 2019-11-30

xt_geoip: fix in6_addr little-endian byte swapping

The Perl script that builds the GeoIP DBs uses inet_pton(3) to convert
the addresses to network byte order. This converts

  "1234:5678::90ab:cdef"

to:

  0x12 0x34 0x56 0x78 .. 0xcd 0xef, interpreted by an LE machine
  accessing this in uint32_t-sized chunks as
  8765:4321::fedc:ba09

The kernel module compares the addresses in packets with the ranges from
the DB in host byte order using binary search. It uses 32-bit swaps
when converting the addresses.

libxt_geoip, however, which the module uses to load the ranges from the
DB and convert them from NBO to HBO, uses 16-bit swaps to do so, and
this means that:

  1234:5678::90ab:cdef

becomes:

  4321:8765::ba09:fedc

Obviously, this is inconsistent with the kernel module and DB build
script and breaks the binary search.

Fixes: b91dbd03c717 ("geoip: store database in network byte order")
Reported-by: "Thomas B. Clark" <email address hidden>
Signed-off-by: Jeremy Sowden <email address hidden>

6e5edc8... by Jeremy Sowden on 2019-11-30

build: update max. supported kernel version

The maximum supported version is reported as 5.3. Bump to 5.4.

Signed-off-by: Jeremy Sowden <email address hidden>

7ad14b7... by Jan Engelhardt on 2019-11-20

Xtables-addons 3.6

0cc51e6... by Paolo Pisati on 2019-11-13

build: add support for Linux 5.4

fa7bcbf... by Jan Engelhardt on 2019-09-10

Xtables-addons 3.5

d86101e... by Jan Engelhardt on 2019-09-10

Merge MR-14

00114de... by Jan Engelhardt on 2019-09-06

Xtables-addons 3.4

d4c2aac... by Jeremy Sowden on 2019-08-12

xt_pknock, xt_SYSRQ: do not set shash_desc::flags.

shash_desc::flags was removed from the kernel in 5.1.

That assignment was actually superfluous anyway, because crypto.desc
is zero-initialized when crypto is initialized (xt_pknock.c, ll.
110ff.).

Signed-off-by: Jeremy Sowden <email address hidden>

5622c5f... by Jan Engelhardt on 2019-09-06

treewide: replace skb_make_writable

skb_make_writable was removed in v5.3-rc1~140^2~370^2~1 .
Replace it with skb_ensure_writable that was introduced in
v3.19-rc1~118^2~153^2~2 .