From 2a389d744d8957692eb7554402c1f99e161d8a71 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org" Date: Tue, 5 Apr 2005 08:03:33 +0000 Subject: [PATCH] ipset 2.1.1 released --- ChangeLog | 9 ++++++++ Makefile | 6 +++--- ipset.8 | 2 +- ipset.c | 63 ++++++++++++++++++++++++++++++++++++++++++++----------- 4 files changed, 64 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index e24b6f4..7305656 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2.1.1 + - Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson) + - Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford + Wolf) + - Safety checkings of restore in ipset was incomplete (Robin H. Johnson) + - More careful resizing by avoiding locking completely + - stdin stored internally in a temporary file, so we can feed 'ipset -R' + from a pipe + 2.1 - Lock debugging used with debugless lock definiton (Piotr Chytla and others). diff --git a/Makefile b/Makefile index 6f0539b..39fe317 100644 --- a/Makefile +++ b/Makefile @@ -8,14 +8,14 @@ ifndef KERNEL_DIR KERNEL_DIR=/usr/src/linux endif -IPSET_VERSION:=2.1.0 +IPSET_VERSION:=2.1.1 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib BINDIR:=$(PREFIX)/sbin MANDIR:=$(PREFIX)/man INCDIR:=$(PREFIX)/include -IPSET_LIB_DIR:=$(DESTDIR)$(LIBDIR)/ipset +IPSET_LIB_DIR:=$(LIBDIR)/ipset # directory for new iptables releases RELEASE_DIR:=/tmp @@ -35,7 +35,7 @@ all: $(PROGRAMS) $(SHARED_LIBS) install: all $(INSTALL) clean: $(EXTRA_CLEANS) - rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o + rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ #The ipset(8) self ipset.o: ipset.c diff --git a/ipset.8 b/ipset.8 index f2c2f02..663d282 100644 --- a/ipset.8 +++ b/ipset.8 @@ -117,7 +117,7 @@ is specified to stdout in a format that --restore can read. .TP .BI "-R, --restore " Restore a saved session generated by --save. The saved session -is read from stdin which is required to be rewindable. +can be fed from stdin. .TP .BI "-A, --add " "\fIsetname\fP \fIIP\fP" Add an IP to a set. diff --git a/ipset.c b/ipset.c index 5849892..a1697f3 100644 --- a/ipset.c +++ b/ipset.c @@ -11,9 +11,12 @@ #include #include #include -#include #include #include +#include +#include +#include +#include #include #include #include @@ -42,6 +45,8 @@ struct ip_set_restore *restore_set = NULL; size_t restore_offset = 0, restore_size; unsigned line = 0; +#define TEMPFILE_PATTERN "/ipsetXXXXXX" + #ifdef IPSET_DEBUG int option_debug = 0; #endif @@ -1220,10 +1225,44 @@ static void build_argv(int line, char *buffer) { } } +static FILE *create_tempfile(void) +{ + char buffer[1024]; + char *tmpdir = NULL; + char *filename; + int fd; + FILE *file; + + if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP"))) + tmpdir = "/tmp"; + filename = malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1); + if (!filename) + exit_error(OTHER_PROBLEM, "Could not malloc temporary filename."); + strcpy(filename, tmpdir); + strcpy(filename, TEMPFILE_PATTERN); + + (void) umask(077); /* Create with restrictive permissions */ + fd = mkstemp(filename); + if (fd == -1) + exit_error(OTHER_PROBLEM, "Could not create temporary file."); + if (!(file = fdopen(fd, "r+"))) + exit_error(OTHER_PROBLEM, "Could not open temporary file."); + if (unlink(filename) == -1) + exit_error(OTHER_PROBLEM, "Could not unlink temporary file."); + free(filename); + + while (fgets(buffer, sizeof(buffer), stdin)) { + fputs(buffer, file); + } + fseek(file, 0L, SEEK_SET); + + return file; +} + /* * Performs a restore from a file */ -static void set_restore(FILE *in, char *argv0) +static void set_restore(char *argv0) { char buffer[1024]; char *ptr, *name = NULL; @@ -1232,8 +1271,12 @@ static void set_restore(FILE *in, char *argv0) struct settype *settype = NULL; struct ip_set_req_setnames *header; ip_set_id_t index; + FILE *in; int res; + /* Create and store stdin in temporary file */ + in = create_tempfile(); + /* Load existing sets from kernel */ load_set_list(IPSET_TOKEN_ALL, &index, IP_SET_OP_LIST_SIZE, CMD_RESTORE); @@ -1286,7 +1329,7 @@ static void set_restore(FILE *in, char *argv0) exit_error(PARAMETER_PROBLEM, "Missing settype in line %u\n", line); - if (restore) + if (bindings) exit_error(PARAMETER_PROBLEM, "Invalid line %u: create must precede bindings\n", line); @@ -1297,12 +1340,13 @@ static void set_restore(FILE *in, char *argv0) break; } case 'A': { - if (strncmp(name, ptr, sizeof(name)) != 0) + if (name == NULL + || strncmp(name, ptr, sizeof(name)) != 0) exit_error(PARAMETER_PROBLEM, "Add IP to set %s in line %u without " "preceding corresponding create set line\n", ptr, line); - if (restore) + if (bindings) exit_error(PARAMETER_PROBLEM, "Invalid line %u: adding entries must precede bindings\n", line); @@ -1335,10 +1379,7 @@ static void set_restore(FILE *in, char *argv0) restore_offset = sizeof(struct ip_set_req_setnames); /* Rewind to scan the file again */ - res = fseek(in, 0L, SEEK_SET); - if (res) - exit_error(PARAMETER_PROBLEM, - "Cannot rewind stdin: %s", strerror(errno)); + fseek(in, 0L, SEEK_SET); first_pass = line; line = 0; @@ -1848,8 +1889,6 @@ int parse_commandline(int argc, char *argv[]) unsigned options = 0; int c; - FILE *in = stdin; /* -R */ - char *name = NULL; /* All except -H, -R */ char *newname = NULL; /* -E, -W */ char *adt = NULL; /* -A, -D, -T, -B, -U */ @@ -2110,7 +2149,7 @@ int parse_commandline(int argc, char *argv[]) break; case CMD_RESTORE: - set_restore(in, argv[0]); + set_restore(argv[0]); break; case CMD_ADD: -- 2.40.0