From 46ba30fb8be477e738a62885afd9446b51fa13b7 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Oct 22 2013 12:26:21 +0000 Subject: Obsoleted by arptables --- diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 1420921..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -arptables_jf-0.0.8.tbz -arptables_jf-0.0.8-header.patch diff --git a/arptables-helper b/arptables-helper deleted file mode 100644 index 6900cb1..0000000 --- a/arptables-helper +++ /dev/null @@ -1,134 +0,0 @@ -#!/bin/sh -# config: /etc/sysconfig/arptables - -# Source 'em up -. /etc/init.d/functions - -ARPTABLES_CONFIG=/etc/sysconfig/arptables - -arp_table() { - if fgrep -qsx $1 /proc/net/arp_tables_names; then - arptables -t "$@" - fi -} - -start() { - if [ ! -x /sbin/arptables ]; then - exit 4 - fi - - KERNELMAJ=`uname -r | sed -e 's,\..*,,'` - KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` - - if [ "$KERNELMAJ" -lt 2 ] ; then - echo "Not supported for kernel $KERNELMAJ.$KERNELMIN" - exit 1 - fi - if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then - echo "Not supported for kernel $KERNELMAJ.$KERNELMIN" - exit 1 - fi - - # don't do squat if we don't have the config file - echo -n $"Starting arptables_jf" - if [ -f $ARPTABLES_CONFIG ]; then - success - # If we don't clear these first, we might be adding to - # pre-existing rules. - chains=`cat /proc/net/arp_tables_names 2>/dev/null` - echo -n $"Flushing all current rules and user defined chains:" - let ret=0 - for i in $chains; do arptables -t $i -F; let ret+=$?; done - arptables -F - let ret+=$? - if [ $ret -eq 0 ]; then - success - else - failure - fi - echo - echo -n $"Clearing all current rules and user defined chains:" - let ret=0 - for i in $chains; do arptables -t $i -X; let ret+=$?; done - arptables -X - let ret+=$? - if [ $ret -eq 0 ]; then - success - else - failure - fi - echo - - for i in $chains; do arptables -t $i -Z; done - - echo -n $"Applying arptables firewall rules: " - grep -v "^[[:space:]]*#" $ARPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/arptables-restore -c && \ - success || \ - failure - echo - touch /var/lock/subsys/arptables - else - failure - echo - echo $"Configuration file /etc/sysconfig/arptables missing" - exit 6 - fi -} - -stop() { - chains=`cat /proc/net/arp_tables_names 2>/dev/null` - echo -n $"Flushing all chains:" - let ret=0 - for i in $chains; do arptables -t $i -F; let ret+=$?; done - arptables -F; let ret+=$? - if [ $ret -eq 0 ]; then - success - else - failure - fi - echo - - echo -n $"Removing user defined chains:" - let ret=0 - for i in $chains; do arptables -t $i -X; let ret+=$?; done - arptables -X; let ret+=$? - if [ $ret -eq 0 ]; then - success - else - failure - fi - echo - echo -n $"Resetting built-in chains to the default ACCEPT policy:" - arp_table filter -P IN ACCEPT && \ - arp_table filter -P OUT ACCEPT && \ - success || \ - failure - echo - rm -f /var/lock/subsys/arptables -} - -case "$1" in -start) - start - ;; - -stop) - stop - ;; - -restart|reload) - # "restart" is really just "start" as this isn't a daemon, - # and "start" clears any pre-defined rules anyway. - # This is really only here to make those who expect it happy - start - ;; - -condrestart|try-restart|force-reload) - [ -e /var/lock/subsys/arptables ] && start - ;; - -*) - exit 2 -esac - -exit 0 diff --git a/arptables.service b/arptables.service deleted file mode 100644 index df6c7d6..0000000 --- a/arptables.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Automates a packet filtering firewall with arptables -After=network.target - -[Service] -Type=oneshot -ExecStart=/usr/libexec/arptables-helper start -ExecStop=/usr/libexec/arptables-helper stop -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/arptables_jf-0.0.8-2.6-kernel.patch b/arptables_jf-0.0.8-2.6-kernel.patch deleted file mode 100644 index 494d28f..0000000 --- a/arptables_jf-0.0.8-2.6-kernel.patch +++ /dev/null @@ -1,433 +0,0 @@ -diff -N -u arptables_jf-0.0.8/arp_tables.h arptables_jf-0.0.8-new/arp_tables.h ---- arptables_jf-0.0.8/arp_tables.h 1969-12-31 19:00:00.000000000 -0500 -+++ arptables_jf-0.0.8-new/arp_tables.h 2004-08-31 14:33:14.000000000 -0400 -@@ -0,0 +1,342 @@ -+/* -+ * Format of an ARP firewall descriptor -+ * -+ * src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in -+ * network byte order. -+ * flags are stored in host byte order (of course). -+ */ -+ -+#ifndef _ARPTABLES_H -+#define _ARPTABLES_H -+ -+#ifdef __KERNEL__ -+#include -+#include -+#include -+#include -+#include -+#endif -+#include -+#include "netfilter_arp.h" -+ -+#define ARPT_FUNCTION_MAXNAMELEN 30 -+#define ARPT_TABLE_MAXNAMELEN 32 -+ -+#define ARPT_DEV_ADDR_LEN_MAX 16 -+ -+struct arpt_devaddr_info { -+ char addr[ARPT_DEV_ADDR_LEN_MAX]; -+ char mask[ARPT_DEV_ADDR_LEN_MAX]; -+}; -+ -+/* Yes, Virginia, you have to zero the padding. */ -+struct arpt_arp { -+ /* Source and target IP addr */ -+ struct in_addr src, tgt; -+ /* Mask for src and target IP addr */ -+ struct in_addr smsk, tmsk; -+ -+ /* Device hw address length, src+target device addresses */ -+ u_int8_t arhln, arhln_mask; -+ struct arpt_devaddr_info src_devaddr; -+ struct arpt_devaddr_info tgt_devaddr; -+ -+ /* ARP operation code. */ -+ u_int16_t arpop, arpop_mask; -+ -+ /* ARP hardware address and protocol address format. */ -+ u_int16_t arhrd, arhrd_mask; -+ u_int16_t arpro, arpro_mask; -+ -+ /* The protocol address length is only accepted if it is 4 -+ * so there is no use in offering a way to do filtering on it. -+ */ -+ -+ char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; -+ unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; -+ -+ /* Flags word */ -+ u_int8_t flags; -+ /* Inverse flags */ -+ u_int16_t invflags; -+}; -+ -+struct arpt_entry_target -+{ -+ union { -+ struct { -+ u_int16_t target_size; -+ -+ /* Used by userspace */ -+ char name[ARPT_FUNCTION_MAXNAMELEN]; -+ } user; -+ struct { -+ u_int16_t target_size; -+ -+ /* Used inside the kernel */ -+ struct arpt_target *target; -+ } kernel; -+ -+ /* Total length */ -+ u_int16_t target_size; -+ } u; -+ -+ unsigned char data[0]; -+}; -+ -+struct arpt_standard_target -+{ -+ struct arpt_entry_target target; -+ int verdict; -+}; -+ -+struct arpt_counters -+{ -+ u_int64_t pcnt, bcnt; /* Packet and byte counters */ -+}; -+ -+/* Values for "flag" field in struct arpt_ip (general arp structure). -+ * No flags defined yet. -+ */ -+#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */ -+ -+/* Values for "inv" field in struct arpt_arp. */ -+#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */ -+#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */ -+#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */ -+#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */ -+#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */ -+#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */ -+#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */ -+#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */ -+#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */ -+#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */ -+#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */ -+ -+/* This structure defines each of the firewall rules. Consists of 3 -+ parts which are 1) general ARP header stuff 2) match specific -+ stuff 3) the target to perform if the rule matches */ -+struct arpt_entry -+{ -+ struct arpt_arp arp; -+ -+ /* Size of arpt_entry + matches */ -+ u_int16_t target_offset; -+ /* Size of arpt_entry + matches + target */ -+ u_int16_t next_offset; -+ -+ /* Back pointer */ -+ unsigned int comefrom; -+ -+ /* Packet and byte counters. */ -+ struct arpt_counters counters; -+ -+ /* The matches (if any), then the target. */ -+ unsigned char elems[0]; -+}; -+ -+/* -+ * New IP firewall options for [gs]etsockopt at the RAW IP level. -+ * Unlike BSD Linux inherits IP options so you don't have to use a raw -+ * socket for this. Instead we check rights in the calls. -+ */ -+#define ARPT_BASE_CTL 96 /* base for firewall socket options */ -+ -+#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) -+#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) -+#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS -+ -+#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) -+#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -+#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES -+ -+/* CONTINUE verdict for targets */ -+#define ARPT_CONTINUE 0xFFFFFFFF -+ -+/* For standard target */ -+#define ARPT_RETURN (-NF_MAX_VERDICT - 1) -+ -+/* The argument to ARPT_SO_GET_INFO */ -+struct arpt_getinfo -+{ -+ /* Which table: caller fills this in. */ -+ char name[ARPT_TABLE_MAXNAMELEN]; -+ -+ /* Kernel fills these in. */ -+ /* Which hook entry points are valid: bitmask */ -+ unsigned int valid_hooks; -+ -+ /* Hook entry points: one per netfilter hook. */ -+ unsigned int hook_entry[NF_ARP_NUMHOOKS]; -+ -+ /* Underflow points. */ -+ unsigned int underflow[NF_ARP_NUMHOOKS]; -+ -+ /* Number of entries */ -+ unsigned int num_entries; -+ -+ /* Size of entries. */ -+ unsigned int size; -+}; -+ -+/* The argument to ARPT_SO_SET_REPLACE. */ -+struct arpt_replace -+{ -+ /* Which table. */ -+ char name[ARPT_TABLE_MAXNAMELEN]; -+ -+ /* Which hook entry points are valid: bitmask. You can't -+ change this. */ -+ unsigned int valid_hooks; -+ -+ /* Number of entries */ -+ unsigned int num_entries; -+ -+ /* Total size of new entries */ -+ unsigned int size; -+ -+ /* Hook entry points. */ -+ unsigned int hook_entry[NF_ARP_NUMHOOKS]; -+ -+ /* Underflow points. */ -+ unsigned int underflow[NF_ARP_NUMHOOKS]; -+ -+ /* Information about old entries: */ -+ /* Number of counters (must be equal to current number of entries). */ -+ unsigned int num_counters; -+ /* The old entries' counters. */ -+ struct arpt_counters __user *counters; -+ -+ /* The entries (hang off end: not really an array). */ -+ struct arpt_entry entries[0]; -+}; -+ -+/* The argument to ARPT_SO_ADD_COUNTERS. */ -+struct arpt_counters_info -+{ -+ /* Which table. */ -+ char name[ARPT_TABLE_MAXNAMELEN]; -+ -+ unsigned int num_counters; -+ -+ /* The counters (actually `number' of these). */ -+ struct arpt_counters counters[0]; -+}; -+ -+/* The argument to ARPT_SO_GET_ENTRIES. */ -+struct arpt_get_entries -+{ -+ /* Which table: user fills this in. */ -+ char name[ARPT_TABLE_MAXNAMELEN]; -+ -+ /* User fills this in: total entry size. */ -+ unsigned int size; -+ -+ /* The entries. */ -+ struct arpt_entry entrytable[0]; -+}; -+ -+/* Standard return verdict, or do jump. */ -+#define ARPT_STANDARD_TARGET "" -+/* Error verdict. */ -+#define ARPT_ERROR_TARGET "ERROR" -+ -+/* Helper functions */ -+static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) -+{ -+ return (void *)e + e->target_offset; -+} -+ -+/* fn returns 0 to continue iteration */ -+#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ -+({ \ -+ unsigned int __i; \ -+ int __ret = 0; \ -+ struct arpt_entry *__entry; \ -+ \ -+ for (__i = 0; __i < (size); __i += __entry->next_offset) { \ -+ __entry = (void *)(entries) + __i; \ -+ \ -+ __ret = fn(__entry , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ } \ -+ __ret; \ -+}) -+ -+/* -+ * Main firewall chains definitions and global var's definitions. -+ */ -+#ifdef __KERNEL__ -+ -+/* Registration hooks for targets. */ -+struct arpt_target -+{ -+ struct list_head list; -+ -+ const char name[ARPT_FUNCTION_MAXNAMELEN]; -+ -+ /* Returns verdict. */ -+ unsigned int (*target)(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, -+ void *userdata); -+ -+ /* Called when user tries to insert an entry of this type: -+ hook_mask is a bitmask of hooks from which it can be -+ called. */ -+ /* Should return true or false. */ -+ int (*checkentry)(const char *tablename, -+ const struct arpt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hook_mask); -+ -+ /* Called when entry of this type deleted. */ -+ void (*destroy)(void *targinfo, unsigned int targinfosize); -+ -+ /* Set this to THIS_MODULE if you are a module, otherwise NULL */ -+ struct module *me; -+}; -+ -+extern int arpt_register_target(struct arpt_target *target); -+extern void arpt_unregister_target(struct arpt_target *target); -+ -+/* Furniture shopping... */ -+struct arpt_table -+{ -+ struct list_head list; -+ -+ /* A unique name... */ -+ char name[ARPT_TABLE_MAXNAMELEN]; -+ -+ /* Seed table: copied in register_table */ -+ struct arpt_replace *table; -+ -+ /* What hooks you will enter on */ -+ unsigned int valid_hooks; -+ -+ /* Lock for the curtain */ -+ rwlock_t lock; -+ -+ /* Man behind the curtain... */ -+ struct arpt_table_info *private; -+ -+ /* Set this to THIS_MODULE if you are a module, otherwise NULL */ -+ struct module *me; -+}; -+ -+extern int arpt_register_table(struct arpt_table *table); -+extern void arpt_unregister_table(struct arpt_table *table); -+extern unsigned int arpt_do_table(struct sk_buff **pskb, -+ unsigned int hook, -+ const struct net_device *in, -+ const struct net_device *out, -+ struct arpt_table *table, -+ void *userdata); -+ -+#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) -+#endif /*__KERNEL__*/ -+#endif /* _ARPTABLES_H */ -diff -N -u arptables_jf-0.0.8/arpt_mangle.h arptables_jf-0.0.8-new/arpt_mangle.h ---- arptables_jf-0.0.8/arpt_mangle.h 2004-01-23 13:52:36.000000000 -0500 -+++ arptables_jf-0.0.8-new/arpt_mangle.h 2004-08-31 14:33:14.000000000 -0400 -@@ -1,6 +1,6 @@ - #ifndef _ARPT_MANGLE_H - #define _ARPT_MANGLE_H --#include -+#include "arp_tables.h" - - #define ARPT_MANGLE_ADDR_LEN_MAX sizeof(struct in_addr) - struct arpt_mangle -diff -N -u arptables_jf-0.0.8/common.h arptables_jf-0.0.8-new/common.h ---- arptables_jf-0.0.8/common.h 2003-07-07 14:36:45.000000000 -0400 -+++ arptables_jf-0.0.8-new/common.h 2004-08-31 14:37:36.000000000 -0400 -@@ -10,6 +10,7 @@ - #endif - - #include --#include -+#define __user -+#include "arp_tables.h" - - #endif -diff -N -u arptables_jf-0.0.8/debugfiles.list arptables_jf-0.0.8-new/debugfiles.list ---- arptables_jf-0.0.8/debugfiles.list 1969-12-31 19:00:00.000000000 -0500 -+++ arptables_jf-0.0.8-new/debugfiles.list 2004-08-31 11:47:42.000000000 -0400 -@@ -0,0 +1,4 @@ -+/usr/lib/debug/sbin/arptables-save.debug -+/usr/lib/debug/sbin/arptables.debug -+/usr/lib/debug/sbin/arptables-restore.debug -+/usr/src/debug/arptables_jf-0.0.8 -Binary files arptables_jf-0.0.8/debugsources.list and arptables_jf-0.0.8-new/debugsources.list differ -diff -N -u arptables_jf-0.0.8/libarptc.c arptables_jf-0.0.8-new/libarptc.c ---- arptables_jf-0.0.8/libarptc.c 2003-07-07 14:37:40.000000000 -0400 -+++ arptables_jf-0.0.8-new/libarptc.c 2004-08-31 14:46:19.000000000 -0400 -@@ -193,6 +193,7 @@ - - #define HOOK_IN NF_ARP_IN - #define HOOK_OUT NF_ARP_OUT -+#define HOOK_FORWARD NF_ARP_FORWARD - - #define STRUCT_ENTRY_TARGET struct arpt_entry_target - #define STRUCT_ENTRY struct arpt_entry -@@ -299,6 +300,7 @@ - static const char *hooknames[] - = { [HOOK_IN] "IN", - [HOOK_OUT] "OUT", -+ [HOOK_FORWARD] "FORWARD", - }; - - struct counter_map -diff -N -u arptables_jf-0.0.8/libarptc.h arptables_jf-0.0.8-new/libarptc.h ---- arptables_jf-0.0.8/libarptc.h 2003-07-07 14:36:45.000000000 -0400 -+++ arptables_jf-0.0.8-new/libarptc.h 2004-08-31 14:41:50.000000000 -0400 -@@ -17,7 +17,7 @@ - - #define ARPT_ALIGN(s) (((s) + ((ARPT_MIN_ALIGN)-1)) & ~((ARPT_MIN_ALIGN)-1)) - --typedef char arpt_chainlabel[32]; -+typedef char arpt_chainlabel[ARPT_TABLE_MAXNAMELEN]; - - #define ARPTC_LABEL_ACCEPT "ACCEPT" - #define ARPTC_LABEL_DROP "DROP" -diff -N -u arptables_jf-0.0.8/netfilter_arp.h arptables_jf-0.0.8-new/netfilter_arp.h ---- arptables_jf-0.0.8/netfilter_arp.h 1969-12-31 19:00:00.000000000 -0500 -+++ arptables_jf-0.0.8-new/netfilter_arp.h 2004-08-31 14:31:26.000000000 -0400 -@@ -0,0 +1,20 @@ -+#ifndef __LINUX_ARP_NETFILTER_H -+#define __LINUX_ARP_NETFILTER_H -+ -+/* ARP-specific defines for netfilter. -+ * (C)2002 Rusty Russell IBM -- This code is GPL. -+ */ -+ -+#include -+#include -+ -+/* There is no PF_ARP. */ -+#define NF_ARP 0 -+ -+/* ARP Hooks */ -+#define NF_ARP_IN 0 -+#define NF_ARP_OUT 1 -+#define NF_ARP_FORWARD 2 -+#define NF_ARP_NUMHOOKS 3 -+ -+#endif /* __LINUX_ARP_NETFILTER_H */ diff --git a/arptables_jf-0.0.8-byteorder.patch b/arptables_jf-0.0.8-byteorder.patch deleted file mode 100644 index 7d7275e..0000000 --- a/arptables_jf-0.0.8-byteorder.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -Naur arptables_jf-0.0.8.orig/arptables.c arptables_jf-0.0.8.new/arptables.c ---- arptables_jf-0.0.8/arptables.c.byteorder 2009-12-04 13:40:59.000000000 +0100 -+++ arptables_jf-0.0.8/arptables.c 2009-12-04 14:14:30.000000000 +0100 -@@ -740,7 +740,7 @@ - - for ( i = 0; table[i].name; i++ ) { - if ( ! strcasecmp ( name, table[i].name ) ) { -- *value = table[i].value; -+ *value = htons(table[i].value); - *mask = 0xFFFF; - return; - } -@@ -748,7 +748,7 @@ - if ( strlen ( name ) == 4 ) { - for ( i = 0; table[i].name; i++ ) { - if ( ! strncasecmp ( name, table[i].name, 4 ) ) { -- *value = table[i].value; -+ *value = htons(table[i].value); - *mask = 0xFFFF; - return; - } -@@ -770,23 +770,21 @@ - if ( isxdigit(ch3) ) { - if ( isxdigit(ch4) ) { - v = (digit_to_bits(ch1)<<12) | (digit_to_bits(ch2)<<8) | ( digit_to_bits(ch3)<<4) | digit_to_bits(ch4); -- p = &name[4]; -+ p += 4; - } else { - v = (digit_to_bits(ch1)<<8) | (digit_to_bits(ch2)<<4) | ( digit_to_bits(ch3)<<0); -- p = &name[3]; -+ p += 3; - } - } else { - v = (digit_to_bits(ch1)<<4) | (digit_to_bits(ch2)<<0); -- p = &name[2]; -+ p += 2; - } - } else { - v = (digit_to_bits(ch1)<<0); -- p = &name[1]; -+ p++; - } -- } else { -+ } else - v = 0; -- p = name; -- } - if ( *p == '/' ) { - p++; - ch1 = p[0]; -diff -up arptables_jf-0.0.8/arptables-save.c.byteorder arptables_jf-0.0.8/arptables-save.c ---- arptables_jf-0.0.8/arptables-save.c.byteorder 2013-01-08 19:14:01.000000000 +0100 -+++ arptables_jf-0.0.8/arptables-save.c 2013-01-08 19:16:39.333712621 +0100 -@@ -171,12 +171,12 @@ static void print_rule(const struct arpt - print_uint8 ( "-a", e->arp.arhln, e->arp.arhln_mask, - e->arp.invflags & ARPT_INV_ARPHLN ); - -- print_uint16 ( "-p", e->arp.arpop, e->arp.arpop_mask, -+ print_uint16 ( "-p", ntohs(e->arp.arpop), ntohs(e->arp.arpop_mask), - e->arp.invflags & ARPT_INV_ARPOP ); - -- print_uint16 ( "-H", e->arp.arhrd, e->arp.arhrd_mask, -+ print_uint16 ( "-H", ntohs(e->arp.arhrd), ntohs(e->arp.arhrd_mask), - e->arp.invflags & ARPT_INV_ARPHRD ); -- print_uint16 ( "-w", e->arp.arpro, e->arp.arpro_mask, -+ print_uint16 ( "-w", ntohs(e->arp.arpro), ntohs(e->arp.arpro_mask), - e->arp.invflags & ARPT_INV_ARPPRO ); - - print_hwaddr_and_mask ( "-z", e->arp.src_devaddr.addr, e->arp.src_devaddr.mask, diff --git a/arptables_jf-0.0.8-header.patch b/arptables_jf-0.0.8-header.patch deleted file mode 100644 index 11e5083..0000000 --- a/arptables_jf-0.0.8-header.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- arptables_jf-0.0.8/arp_tables.h.jk 2006-07-13 13:42:11.000000000 -0400 -+++ arptables_jf-0.0.8/arp_tables.h 2006-07-13 13:42:25.000000000 -0400 -@@ -16,7 +16,6 @@ - #include - #include - #endif --#include - #include "netfilter_arp.h" - - #define ARPT_FUNCTION_MAXNAMELEN 30 diff --git a/arptables_jf-0.0.8-man.patch b/arptables_jf-0.0.8-man.patch deleted file mode 100644 index c248d5f..0000000 --- a/arptables_jf-0.0.8-man.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up arptables_jf-0.0.8/arptables.8.man arptables_jf-0.0.8/arptables.8 ---- arptables_jf-0.0.8/arptables.8.man 2004-01-27 17:29:48.000000000 +0100 -+++ arptables_jf-0.0.8/arptables.8 2013-05-13 15:21:24.527483392 +0200 -@@ -97,9 +97,9 @@ The tables are as follows: - .B "filter" - This is the default table (if no -t option is passed). It contains - the built-in chains --.B INPUT -+.B IN - (for ARP packets entering the box), --.B OUTPUT -+.B OUT - (for locally-generated ARP packets). - .TP - .SH OPTIONS -@@ -227,7 +227,7 @@ are aliases for this option. - .TP - .BR "-z, --source-hw " "[!] \fIhwaddr\fP[\fImask\fP]" - Specify the source hardware (MAC) address of the packet. hwaddr (and mask, --if specified) must consist of one or more 8-bit hexidecimal numbers, separated -+if specified) must consist of one or more 8-bit hexadecimal numbers, separated - by ':' characters. If the mask is not specified, it defaults to a number of - 0xff octets equal to the length of the hwaddr specified, then 0s. - The flags -@@ -255,7 +255,7 @@ are all aliases for this option. - .BR "-i, --in-interface " "[!] \fIname\fP" - Name of an interface via which a packet is going to be received (only for - packets entering the --.B INPUT -+.B IN - chain). When the "!" argument is used before the interface name, the - sense is inverted. If the interface name ends in a "+", then any - interface which begins with this name will match. If this option is -@@ -264,7 +264,7 @@ omitted, any interface name will match. - .BR "-o, --out-interface " "[!] \fIname\fP" - Name of an interface via which a packet is going to be sent (for packets - entering the --.B OUTPUT -+.B OUT - chain). When the "!" argument is used before the interface name, the - sense is inverted. If the interface name ends in a "+", then any - interface which begins with this name will match. If this option is -@@ -272,28 +272,28 @@ omitted, any interface name will match. - .TP - .BR "-a, --arhln " "[!] \fIvalue\fP[\fImask\fP]" - Specify the hardware address length of the packet. Both the value and mask --must be 8-bit hexidecimal numbers. Note that packets -+must be 8-bit hexadecimal numbers. Note that packets - with an incorrect hardware address length field may be dropped by the - lower-level layers of the network stack, which may limit the usefulness - of this option. - .TP - .BR "-p, --arpop " "[!] \fIvalue\fP[\fImask\fP]" - Specify the arp operation field of the packet. The value may be either a --16-bit hexidecimal number or one of the names "Request", "Reply", -+16-bit hexadecimal number or one of the names "Request", "Reply", - "Request_Reverse", - "Reply_Reverse", "DRARP_Request", "DRARP_Reply", "DRARP_Error", - "InARP_Request", or "ARP_NAK". The mask (if specified) must be a 16-bit --hexidecicmal number. -+hexadecimal number. - .TP - .BR "-H, --arhrd " "[!] \fIvalue\fP[\fImask\fP]" - Specify the hardware type field of the packet. The value may be either a --16-bit hexidecimal number or the name "Ethernet". The mask (if specified) --must be a 16-bit hexidecimal number. -+16-bit hexadecimal number or the name "Ethernet". The mask (if specified) -+must be a 16-bit hexadecimal number. - .TP - .BR "-w, --arpro " "[!] \fIvalue\fP[\fIvalue\fP]" --Specify the protocol type field of the packet. The value may be eithe a --16-bit hexidecimal numebr or the name "IPV4". The mask (if specified) must --be a 16-bit hexidecimal number. -+Specify the protocol type field of the packet. The value may be either a -+16-bit hexadecimal number or the name "IPV4". The mask (if specified) must -+be a 16-bit hexadecimal number. - .TP - .BI "-j, --jump " "target" - This specifies the target of the rule; i.e., what to do if the packet -@@ -353,22 +353,23 @@ to load any necessary modules (targets, - .SS "MANGLE OPTIONS" - The kernel mangle module supports the following options - .TP --.B "--mangle-ip-s" "IP address" -+.B "--mangle-ip-s" "\fIIP address\fP" - Change the source IP address of the packet to the specified value. - .TP --.B "--mangle-ip-d" "IP address" -+.B "--mangle-ip-d" "\fIIP address\fP" - Change the destination IP address of the packet to the specified value. - .TP - .B "--mangle-hw-s" "\fIhardware address\fP" --CHange the source hardware (MAC) address of the packet to the specified value. -+Change the source hardware (MAC) address of the packet to the specified value. -+It's necessary to specify length of hardware address using \fB--arhln\fP. - .TP - .B "--mangle-hw-d" "\fIhardware address\fP" - Change the destination hardware (MAC) address of the packet to the specified value. -+It's necessary to specify length of hardware address using \fB--arhln\fP. - .TP --.B "--mangle-target "\fItarget\fP" -+.B "--mangle-target" "\fItarget\fP" - Disposition of the packet. Valid targets are DROP, CONTINUE, or ACCEPT. If --no --.B "--mangle-target" option is specified, the default is ACCEPT. -+no \fB--mangle-target\fP option is specified, the default is ACCEPT. - - .SH EXAMPLES - Let's say you have a machine with two ip addresses aaaa and bbbb. diff --git a/arptables_jf-0.0.8-mangle.patch b/arptables_jf-0.0.8-mangle.patch deleted file mode 100644 index dfdbb49..0000000 --- a/arptables_jf-0.0.8-mangle.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up arptables_jf-0.0.8/arptables.c.mangle arptables_jf-0.0.8/arptables.c ---- arptables_jf-0.0.8/arptables.c.mangle 2010-03-25 11:18:07.351682117 +0100 -+++ arptables_jf-0.0.8/arptables.c 2010-03-25 11:19:07.730682571 +0100 -@@ -1978,6 +1978,8 @@ int do_commandarp(int argc, char *argv[] - check_inverse ( optarg, &invert, &optind, argc ); - set_option ( &options, OPT_ARHLN, &fw.arp.invflags, invert ); - arhln = argv[optind - 1]; -+ if ( arhln ) -+ parse_uint8 ( arhln, &fw.arp.arhln, &fw.arp.arhln_mask ); - break; - - case 'p': diff --git a/arptables_jf-0.0.8-options.patch b/arptables_jf-0.0.8-options.patch deleted file mode 100644 index 84fc0aa..0000000 --- a/arptables_jf-0.0.8-options.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up arptables_jf-0.0.8/arptables.c.options arptables_jf-0.0.8/arptables.c ---- arptables_jf-0.0.8/arptables.c.options 2013-05-15 15:09:45.328799344 +0200 -+++ arptables_jf-0.0.8/arptables.c 2013-05-15 15:10:21.028301662 +0200 -@@ -192,7 +192,7 @@ static char commands_v_options[NUMBER_OF - /*DELETE_NUM*/{'x','x',' ','x',' ','x','x','x','x','x','x','x','x','x','x','x'}, - /*REPLACE*/ {'x',' ',' ','x',' ','x',' ',' ',' ',' ',' ',' ',' ',' ',' ',' '}, - /*APPEND*/ {'x',' ',' ','x',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' '}, --/*LIST*/ {' ','x',' ',' ',' ','x','x','x','x','x','x','x','x','x','x','x'}, -+/*LIST*/ {' ','x',' ',' ',' ',' ','x','x','x','x','x','x','x','x','x','x'}, - /*FLUSH*/ {'x','x',' ','x',' ','x','x','x','x','x','x','x','x','x','x','x'}, - /*ZERO*/ {'x','x',' ','x',' ','x','x','x','x','x','x','x','x','x','x','x'}, - /*NEW_CHAIN*/ {'x','x',' ','x',' ','x','x','x','x','x','x','x','x','x','x','x'}, -@@ -413,8 +413,6 @@ exit_printhelp(void) - " source specification\n" - " --target -d [!] address[/mask]\n" - " destination specification\n" --" --arhln -a [!] length[/mask]\n" --" hardware address length\n" - " --source-hw -z [!] address[/mask]\n" - " source hardware address\n" - " --target-hw -y [!] address[/mask]\n" diff --git a/arptables_jf-0.0.8-warnings.patch b/arptables_jf-0.0.8-warnings.patch deleted file mode 100644 index 82e0cdf..0000000 --- a/arptables_jf-0.0.8-warnings.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up arptables_jf-0.0.8/arptables.c.warnings arptables_jf-0.0.8/arptables.c ---- arptables_jf-0.0.8/arptables.c.warnings 2004-01-23 21:22:27.000000000 +0100 -+++ arptables_jf-0.0.8/arptables.c 2012-05-18 16:34:33.533157499 +0200 -@@ -505,7 +505,7 @@ cmd2char(int option) - } - - static void --add_command(int *cmd, const int newcmd, const int othercmds, int invert) -+add_command(unsigned int *cmd, const int newcmd, const int othercmds, int invert) - { - if (invert) - exit_error(PARAMETER_PROBLEM, "unexpected ! flag"); -@@ -1329,7 +1329,6 @@ print_firewall(const struct arpt_entry * - { - struct arptables_target *target = NULL; - const struct arpt_entry_target *t; -- u_int8_t flags; - char buf[BUFSIZ]; - unsigned u,v; - -@@ -1339,7 +1338,6 @@ print_firewall(const struct arpt_entry * - target = find_target(ARPT_STANDARD_TARGET, LOAD_MUST_SUCCEED); - - t = arpt_get_target((struct arpt_entry *)fw); -- flags = fw->arp.flags; - - if (format & FMT_LINENUMBERS) - printf(FMT("%-4u ", "%u "), num+1); -diff -up arptables_jf-0.0.8/libarptc.c.warnings arptables_jf-0.0.8/libarptc.c ---- arptables_jf-0.0.8/libarptc.c.warnings 2012-05-18 16:34:33.000000000 +0200 -+++ arptables_jf-0.0.8/libarptc.c 2012-05-18 16:35:22.035819406 +0200 -@@ -495,7 +495,7 @@ TC_INIT(const char *tablename) - TC_HANDLE_T h; - STRUCT_GETINFO info; - unsigned int i; -- int tmp; -+ socklen_t tmp; - socklen_t s; - - iptc_fn = TC_INIT; -diff -up arptables_jf-0.0.8/netfilter_arp.h.warnings arptables_jf-0.0.8/netfilter_arp.h ---- arptables_jf-0.0.8/netfilter_arp.h.warnings 2012-05-18 16:34:33.527157541 +0200 -+++ arptables_jf-0.0.8/netfilter_arp.h 2012-05-18 16:34:33.533157499 +0200 -@@ -5,7 +5,6 @@ - * (C)2002 Rusty Russell IBM -- This code is GPL. - */ - --#include - #include - - /* There is no PF_ARP. */ diff --git a/arptables_jf.spec b/arptables_jf.spec deleted file mode 100644 index 3f7fd79..0000000 --- a/arptables_jf.spec +++ /dev/null @@ -1,209 +0,0 @@ -Summary: User-space control program for the arptables network filter -Name: arptables_jf -Version: 0.0.8 -Release: 36%{?dist} -License: GPLv2+ -Group: System Environment/Base - -# There's no Url tag here because there's no upstream. -Source0: %{name}-%{version}.tbz -Source1: arptables.service -Source2: arptables-helper - -Patch1: arptables_jf-0.0.8-2.6-kernel.patch -Patch2: arptables_jf-0.0.8-man.patch -Patch3: arptables_jf-0.0.8-warnings.patch -Patch4: arptables_jf-0.0.8-header.patch -Patch5: arptables_jf-0.0.8-mangle.patch -Patch6: arptables_jf-0.0.8-byteorder.patch -Patch7: arptables_jf-0.0.8-options.patch - -BuildRequires: systemd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - -%description -The arptables_jf utility controls the arpfilter network packet filtering -code in the Linux kernel. You do not need this program for normal -network firewalling. If you need to manually control which arp -requests and/or replies this machine accepts and sends, you should -install this package. - -Arptables_jf is a fork of arptables from ebtables.sourceforge.net -written by Jay Fenlason. - -%prep -%setup -q -%patch1 -p1 -b .2.6-kernel -%patch2 -p1 -b .man -%patch3 -p1 -b .warnings -%patch4 -p1 -b .header -%patch5 -p1 -b .mangle -%patch6 -p1 -b .byteorder -%patch7 -p1 -b .options - -%build -make all 'COPT_FLAGS=%{optflags} -fno-strict-aliasing' %{_smp_mflags} - -%install -make install DESTDIR=%{buildroot} BINDIR=%{_sbindir} -install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/arptables.service -mkdir -p %{buildroot}%{_libexecdir}/ -install -D -m 755 %{SOURCE2} %{buildroot}%{_libexecdir}/ -rm -rf %{buildroot}%{_initrddir} -mkdir -p %{buildroot}%{_sysconfdir}/sysconfig -echo '#Configure prior to use' > %{buildroot}%{_sysconfdir}/sysconfig/arptables - -%post -%systemd_post arptables.service - -%preun -%systemd_preun arptables.service - -%postun -%systemd_postun_with_restart arptables.service - - -%files -%{_sbindir}/arptables* -%{_libexecdir}/arptables-helper -%{_mandir}/*/arptables* -%{_unitdir}/arptables.service -%config(noreplace) %{_sysconfdir}/sysconfig/arptables - -%changelog -* Sun Aug 04 2013 Jiri Popelka - 0.0.8-36 -- BuildRequires: systemd due to %%{_unitdir} - -* Sat Aug 03 2013 Fedora Release Engineering - 0.0.8-35 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed May 15 2013 Jiri Popelka - 0.0.8-34 -- make option -x work together with -L (#963209) - -* Mon May 13 2013 Jiri Popelka - 0.0.8-33 -- add to man page that --mangle-hw-s/--mangle-hw-d need also --arhln -- removed triggerun scriptlet - -* Wed Feb 13 2013 Fedora Release Engineering - 0.0.8-32 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Tue Jan 08 2013 Jiri Popelka - 0.0.8-31 -- arptables-save was swapping bytes in the arpop (#891769) - -* Wed Nov 28 2012 Jiri Popelka - 0.0.8-30 -- /usr move: use _sbindir macro -- removed unused initscript.patch - -* Wed Aug 22 2012 Jiri Popelka - 0.0.8-29 -- use new systemd-rpm macros (#850031) - -* Wed Jul 18 2012 Fedora Release Engineering - 0.0.8-28 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri May 18 2012 Jiri Popelka - 0.0.8-27 -- install arptables-helper into /usr/libexec -- fix more compilation warnings - -* Wed May 16 2012 Jiri Popelka - 0.0.8-26 -- no need to Buildrequire perl (#225255) -- improved description -- No need to define BuildRoot and clean it in clean and install section anymore. -- %%defattr no longer needed in %%files sections. - -* Fri May 11 2012 Jon Ciesla - 0.0.8-25 -- Migrate to systemd, BZ 754423. - -* Thu Jan 12 2012 Fedora Release Engineering - 0.0.8-24 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Fri Oct 21 2011 Jiri Skala - 0:0.0.8-23 -- removed double --arhln optin of -h printout - -* Tue Mar 29 2011 Jiri Skala - 0:0.0.8-22 -- fixes #663655 - arptables(8) man page correction - -* Mon Feb 07 2011 Fedora Release Engineering - 0.0.8-21 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Fri Aug 20 2010 Jiri Skala - 0:0.0.8-20 -- corrected NVR against F13 - -* Thu Mar 25 2010 Jiri Skala - 0:0.0.8-19 -- fixes #544291 - Symbolic input of 16-bit fields argument are byte-swapped on little-endian machines -- fixed #544286 - No way to mangle an hardware address - -* Thu Jan 28 2010 Jiri Skala - 0.0.8-18 -- fixes init scritpt to be lsb compliant (#225255) - -* Fri Jan 22 2010 Jiri Skala - 0.0.8-17 -- moved header patch from sources to cvs -- fixes merge review findings #225255 - -* Fri Jul 24 2009 Fedora Release Engineering - 0:0.0.8-16 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Mon Mar 16 2009 Jiri Skala - 0:0.0.8-15 -- replaced config directive before arptables_jf init script - -* Mon Feb 23 2009 Fedora Release Engineering - 0:0.0.8-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Jul 14 2008 Tom "spot" Callaway - 0.0.8-13 -- fix license tag -- drop conflicts - -* Thu Apr 03 2008 Martin Nagy - 0.0.8-12 -- compile with proper CFLAGS -- add %%{_smp_mflags} - -* Mon Feb 25 2008 Martin Nagy - 0.0.8-11 -- fix init script (#237778) -- add LSB header (#246868) - -* Mon Feb 11 2008 Martin Nagy - 0.0.8-10 -- rebuild for gcc-4.3 - -* Wed Aug 29 2007 Maros Barabas - 0:0.0.8-9 -- rebuild - -* Wed Jul 12 2006 Jesse Keating - 0:0.0.8-8 -- rebuild -- Add patch to not include linux/compiler.h -- Remove br on glibc-kernheaders, part of the build-env. - -* Fri May 26 2006 Jay Fenlason 0:0.0.8-7 -- Add warnings patch to close - bz#191688 arptables_jf fails to build in mock - -* Fri Feb 10 2006 Jesse Keating - 0:0.0.8-6.2.1 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 0:0.0.8-6.2 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Thu Aug 18 2005 Florian La Roche -- change the requires into a conflicts for "kernel" - -* Thu Jun 9 2005 Jay Fenlason 0.0.8-5 -- add -man patch to correct the names of the default tables. - bz#123089 aptables man pages is not correct: built in chain name are wrong. - -* Tue Mar 8 2005 Jay Fenlason 0.0.8-4 -- rebuilt with gcc4 - -* Fri Nov 26 2004 Florian La Roche -- add a %%clean target into .spec - -* Tue Aug 31 2004 Jay Fenlason 0.0.8-2 -- backport latest version from 3E branch. -- Add 2.6-kernel patch, since glibc_kernheaders has incorrect - arptables headers for the 2.6 kernel. - -* Mon Jul 7 2003 Jay Fenlason 0.0.2-0 -- first attempt at a packaged version of arptables_jf, for - cambridge. diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..1d4579b --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +Obsoleted by arptables diff --git a/sources b/sources deleted file mode 100644 index 0d3e454..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -82bdb1306dca9182e05a10d3f0f520f1 arptables_jf-0.0.8.tbz