Author: supercyper
Update of /cvs/free/rpms/xtables-addons/devel
In directory se02.es.rpmfusion.net:/tmp/cvs-serv24556
Added Files:
ipset-config ipset.init xtables-addons-userspace.patch
xtables-addons.spec
Log Message:
--- NEW FILE ipset-config ---
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for an ipset
# restart or stop. Only set to 'no' if there are problems unloading ipset
# modules.
IPSET_MODULES_UNLOAD="yes"
# Save current ipset rules on stop.
# Value: yes|no, default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets stopped
# (e.g. on system shutdown).
IPSET_SAVE_ON_STOP="no"
# Save current ipset rules on restart.
# Value: yes|no, default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets
# restarted.
IPSET_SAVE_ON_RESTART="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPSET_STATUS_NUMERIC="yes"
# Sorted status output
# Value: yes|no, default: yes
# List sorted entries in the status output.
IPSET_STATUS_SORTED="yes"
--- NEW FILE ipset.init ---
#!/bin/sh
#
# ipset Startup script for ipset
#
# chkconfig: - 07 93
# description: Starts, stops and saves ipset
#
# config: /etc/sysconfig/ipset
# config: /etc/sysconfig/ipset-config
#
### BEGIN INIT INFO
# Provides: ipset
# Required-Start:
# Required-Stop:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop ipset
# Description: Start, stop and save ipset
### END INIT INFO
# Source function library.
. /etc/init.d/functions
IPSET=ipset
IPSET_DATA=/etc/sysconfig/$IPSET
IPSET_CONFIG=/etc/sysconfig/${IPSET}-config
VAR_SUBSYS_IPSET=/var/lock/subsys/$IPSET
if [ ! -x /sbin/$IPSET ]; then
echo -n $"${IPSET}: /sbin/$IPSET does not exist."; warning; echo
exit 5
fi
# Default ipset configuration:
IPSET_MODULES_UNLOAD="yes"
IPSET_SAVE_ON_STOP="no"
IPSET_SAVE_ON_RESTART="no"
IPSET_STATUS_NUMERIC="yes"
IPSET_STATUS_SORTED="yes"
# Load ipset configuration.
[ -f "$IPSET_CONFIG" ] && . "$IPSET_CONFIG"
# Ipset modules
IPSET_MODULES=($(lsmod | awk "/^ip_set[_ ]/ {print \$1}"))
rmmod_r() {
# Unload module with all referring modules.
# At first all referring modules will be unloaded, then the module itself.
local mod=$1
local ret=0
local ref=
# Get referring modules.
ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ')
# recursive call for all referring modules
for i in $ref; do
rmmod_r $i
let ret+=$?;
done
# Unload module.
# The extra test is for 2.6: The module might have autocleaned,
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
res=$?
[ $res -eq 0 ] || echo -n " $mod"
let ret+=$res;
fi
return $ret
}
flush_n_delete() {
local use=
# Check if ipset module is loaded.
[ -z "$IPSET_MODULES" ] && return 0
# Get ipt_set modules use count.
use=$(lsmod | awk "/^ipt_(set|SET) / {print \$3}")
# Exit if ipset is in use.
if [ -n "$use" ]; then
for i in $use; do
if [ $i -gt 0 ]; then
echo -n $"${IPSET}: Set is in use, operation not permitted."; warning; echo
exit 1
fi
done
fi
# Flush ipset rules and delete sets.
echo -n $"${IPSET}: Flushing ipset rules: "
ret=0
# Flush ipset rules.
$IPSET -F;
let ret+=$?;
# Delete ipset sets.
$IPSET -X;
let ret+=$?;
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
start() {
# Do not start if there is no config file.
[ ! -f "$IPSET_DATA" ] && return 6
flush_n_delete
echo -n $"${IPSET}: Applying ipset rules: "
$IPSET --restore < $IPSET_DATA
if [ $? -eq 0 ]; then
success; echo
else
failure; echo; return 1
fi
touch $VAR_SUBSYS_IPSET
return $ret
}
stop() {
# Do not stop if ipset module is not loaded.
[ -z "$IPSET_MODULES" ] && return 0
flush_n_delete
if [ "x$IPSET_MODULES_UNLOAD" = "xyes" ]; then
echo -n $"${IPSET}: Unloading modules: "
ret=0
for mod in ${IPSET_MODULES[*]}; do
rmmod_r $mod
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
fi
rm -f $VAR_SUBSYS_IPSET
return $ret
}
save() {
# Check if ipset module is loaded
[ -z "$IPSET_MODULES" ] && return 0
echo -n $"${IPSET}: Saving ipset rules to $IPSET_DATA: "
ret=0
TMP_FILE=$(/bin/mktemp -q /tmp/$IPSET.XXXXXX) \
&& chmod 600 "$TMP_FILE" \
&& $IPSET --save > $TMP_FILE 2>/dev/null \
&& size=$(stat -c '%s' $TMP_FILE) && [ $size -gt 0 ] \
|| ret=1
if [ $ret -eq 0 ]; then
if [ -e $IPSET_DATA ]; then
cp -f $IPSET_DATA $IPSET_DATA.save \
&& chmod 600 $IPSET_DATA.save \
|| ret=1
fi
if [ $ret -eq 0 ]; then
cp -f $TMP_FILE $IPSET_DATA \
&& chmod 600 $IPSET_DATA \
|| ret=1
fi
fi
[ $ret -eq 0 ] && success || failure
echo
rm -f $TMP_FILE
return $ret
}
status() {
# Do not print status if lockfile is missing and ipset modules are not
# loaded.
if [ ! -f "$VAR_SUBSYS_IPSET" -a -z "$IPSET_MODULES" ]; then
echo $"${IPSET}: Ipset is not running."
return 3
fi
# Check if ipset modules are loaded
if [ -z "$IPSET_MODULES" ]; then
echo $"${IPSET}: Ipset modules are not loaded."
return 3
fi
NUM=
[ "x$IPSET_STATUS_NUMERIC" = "xyes" ] &&
NUM="-n"
SORT=
[ "x$IPSET_STATUS_SORTED" = "xyes" ] &&
SORT="--sorted"
$IPSET --list $NUM $SORT && echo
return 0
}
restart() {
[ "x$IPSET_SAVE_ON_RESTART" = "xyes" ] && save
stop
start
}
case "$1" in
start)
[ -f "$VAR_SUBSYS_IPSET" ] && exit 0
start
RETVAL=$?
;;
stop)
[ "x$IPSET_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
;;
restart|force-reload)
restart
RETVAL=$?
;;
condrestart|try-restart)
[ ! -e "$VAR_SUBSYS_IPSET" ] && exit 0
restart
RETVAL=$?
;;
status)
status
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo $"Usage: ${IPSET} {start|stop|restart|condrestart|status|save}"
RETVAL=2
;;
esac
exit $RETVAL
xtables-addons-userspace.patch:
Makefile.am | 1 -
configure.ac | 47 -----------------------------------------------
extensions/Makefile.am | 22 ----------------------
3 files changed, 70 deletions(-)
--- NEW FILE xtables-addons-userspace.patch ---
diff -urP
xtables-addons-1.27.org/configure.ac xtables-addons-1.27/configure.ac
---
xtables-addons-1.27.org/configure.ac 2010-05-31 09:47:58.385362271 +0800
+++ xtables-addons-1.27/configure.ac 2010-05-31 10:01:32.727112933 +0800
@@ -9,18 +9,6 @@
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
-AC_ARG_WITH([kbuild],
- AS_HELP_STRING([--with-kbuild=PATH],
- [Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
- [kbuilddir="$withval"],
- [kbuilddir="/lib/modules/$(uname -r)/build"])
-#
-# check for --without-kbuild
-#
-if [[ "$kbuilddir" == no ]]; then
- kbuilddir="";
-fi
-
AC_ARG_WITH([xtlibdir],
AS_HELP_STRING([--with-xtlibdir=PATH],
[Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]),
@@ -37,42 +25,7 @@
-Winline -pipe -DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" \
-I\${XA_TOPSRCDIR}/include";
-#
-# check kernel version
-#
-if grep -q "CentOS release 5\." /etc/redhat-release 2>/dev/null ||
- grep -q "Red Hat Enterprise Linux Server release 5" /etc/redhat-release
2>/dev/null; then
- # γγΎγ£γ!
- # Well, just a warning. Maybe the admin updated the kernel.
- echo "WARNING: This distribution's shipped kernel is not supported.";
-fi;
-krel="$(make -sC ${kbuilddir} kernelrelease)";
-krel="${krel%%-*}";
-kmajor="${krel%%.*}";
-krel="${krel#*.}";
-kminor="${krel%%.*}";
-krel="${krel#*.}";
-kmicro="${krel%%.*}";
-if test "$kmicro" = "$krel"; then
- kstable=0;
-else
- kstable="${krel#*.}";
- if test -z "$kstable"; then
- kstable=0;
- fi;
-fi;
-echo "Found kernel version $kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-if test "$kmajor" -gt 2 -o "$kminor" -gt 6 -o "$kmicro" -gt
35; then
- echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
-elif test \( "$kmajor" -lt 2 -o "$kminor" -lt 6 -o
"$kmicro" -lt 17 \) -o \
- \( "$kmajor" -eq 2 -a "$kminor" -eq 6 -a "$kmicro" -eq
18 -a \
- "$kstable" -lt 5 \); then
- echo "ERROR: That kernel version is not supported. Please see INSTALL for minimum
configuration.";
- exit 1;
-fi;
-
AC_SUBST([regular_CFLAGS])
-AC_SUBST([kbuilddir])
AC_SUBST([xtlibdir])
AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans
extensions/Makefile extensions/ACCOUNT/Makefile
diff -urP
xtables-addons-1.27.org/extensions/Makefile.am
xtables-addons-1.27/extensions/Makefile.am
---
xtables-addons-1.27.org/extensions/Makefile.am 2010-05-31 09:47:58.363361712 +0800
+++ xtables-addons-1.27/extensions/Makefile.am 2010-05-31 10:02:08.845363738 +0800
@@ -1,26 +1,4 @@
# -*- Makefile -*-
# AUTOMAKE
-# Not having Kbuild in Makefile.extra because it will already recurse
-.PHONY: modules modules_install clean_modules
-
-_kcall = -C ${kbuilddir} M=${abs_srcdir}
-
-modules:
- @echo -n "Xtables-addons ${PACKAGE_VERSION} - Linux "
- @if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} --no-print-directory -s
kernelrelease; fi;
- ${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} modules; fi;
-
-modules_install:
- ${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall}
INSTALL_MOD_PATH=${DESTDIR} ext-mod-dir='$${INSTALL_MOD_DIR}' modules_install;
fi;
-
-clean_modules:
- ${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} clean; fi;
-
-all-local: modules
-
-install-exec-local: modules_install
-
-clean-local: clean_modules
-
include ../Makefile.extra
diff -urP
xtables-addons-1.27.org/Makefile.am xtables-addons-1.27/Makefile.am
---
xtables-addons-1.27.org/Makefile.am 2010-05-31 09:47:58.385362271 +0800
+++ xtables-addons-1.27/Makefile.am 2010-05-31 09:52:19.632360246 +0800
@@ -12,7 +12,6 @@
${MAKE} -f Makefile.mans all;
install-exec-hook:
- depmod -a || :;
config.status: Makefile.iptrules.in
--- NEW FILE xtables-addons.spec ---
Name: xtables-addons
Summary: Extensions targets and matches for iptables
Version: 1.27
Release: 2%{?dist}
# The entire source code is GPLv2 except ACCOUNT/libxt_ACCOUNT_cl.* which is LGPLv2
License: GPLv2 and LGPLv2
Group: System Environment/Base
URL:
http://xtables-addons.sourceforge.net
Source0:
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
Source1: ipset.init
Source2: ipset-config
# patch to build userspace part only
Patch0: %{name}-userspace.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: iptables-devel
BuildRequires: autoconf automake libtool
Provides: %{name}-kmod-common = %{version}
Requires: %{name}-kmod >= %{version}
Requires(post): chkconfig
Requires(preun): chkconfig
# This is for /sbin/service
Requires(preun): initscripts
Requires(postun): initscripts
Provides: ipset = 4.2
%{?_isa:Provides: ipset%{?_isa} = 4.2}
Obsoletes: %{name}-devel < 1.27-1
%description
Xtables-addons provides extra modules for iptables not present in the kernel,
and is the successor of patch-o-matic. Extensions includes new targets like
TEE, TARPIT, CHAOS, or modules like geoip, ipset, and account.
This package provides the userspace libraries for iptables to use extensions
in the %{name}-kmod package. You must also install the
%{name}-kmod package.
%prep
%setup -q
%patch0 -p1
if [ -e /%{_lib}/xtables/libxt_TEE.so ]; then
sed -i 's/build_TEE=m/build_TEE=/' mconfig
fi
%build
./autogen.sh
%configure -with-xtlibdir=/%{_lib}/xtables
make V=1 %{?_smp_mflags}
%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
# move ipset to /sbin
install -d %{buildroot}/sbin
mv %{buildroot}/%{_sbindir}/ipset %{buildroot}/sbin
# There is no -devel package. So no need for these files
rm -f %{buildroot}%{_libdir}/*.{la,so}
# install init scripts and configuration files
install -D -pm 0755 %{SOURCE1} %{buildroot}%{_initddir}/ipset
install -D -pm 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/ipset-config
%post
/sbin/ldconfig
/sbin/chkconfig --add ipset
%preun
if [ $1 = 0 ] ; then
/sbin/service ipset stop >/dev/null 2>&1
/sbin/chkconfig --del ipset
fi
%postun
/sbin/ldconfig
if [ "$1" -ge "1" ] ; then
/sbin/service ipset condrestart >/dev/null 2>&1 || :
fi
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc LICENSE README doc/*
%attr(0755,root,root) %{_initddir}/*
%config(noreplace) %{_sysconfdir}/sysconfig/*
/%{_lib}/xtables/*.so
%{_libdir}/*.so.*
/sbin/ipset
%{_sbindir}/*
%{_mandir}/man?/*
%changelog
* Mon Jun 28 2010 Chen Lei <supercyper(a)163.com> - 1.27-2
- rebuild for kernel 2.6.35
* Mon May 31 2010 Chen Lei <supercyper(a)163.com> - 1.27-1
- update to 1.27
* Sun May 02 2010 Chen Lei <supercyper(a)163.com> - 1.26-1
- update to 1.26
* Mon Apr 26 2010 Chen Lei <supercyper(a)163.com> - 1.25-1
- update to 1.25
* Sun Apr 25 2010 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 1.24-2
- rebuilt
* Thu Mar 18 2010 Chen Lei <supercyper(a)163.com> - 1.24-1
- initial rpm build