r30675 - in /branches/upstream/libiptables-chainmgr-perl/current: Changes Makefile.PL VERSION lib/IPTables/ChainMgr.pm

tincho at users.alioth.debian.org tincho at users.alioth.debian.org
Fri Feb 13 23:42:44 UTC 2009 

Author: tincho
Date: Fri Feb 13 23:42:41 2009
New Revision: 30675

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=30675
Log:
[svn-upgrade] Integrating new upstream version, libiptables-chainmgr-perl (0.9)

Modified:
    branches/upstream/libiptables-chainmgr-perl/current/Changes
    branches/upstream/libiptables-chainmgr-perl/current/Makefile.PL
    branches/upstream/libiptables-chainmgr-perl/current/VERSION
    branches/upstream/libiptables-chainmgr-perl/current/lib/IPTables/ChainMgr.pm

Modified: branches/upstream/libiptables-chainmgr-perl/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libiptables-chainmgr-perl/current/Changes?rev=30675&op=diff
==============================================================================
--- branches/upstream/libiptables-chainmgr-perl/current/Changes (original)
+++ branches/upstream/libiptables-chainmgr-perl/current/Changes Fri Feb 13 23:42:41 2009
@@ -1,20 +1,32 @@
 Revision history for Perl extension IPTables::ChainMgr.
 
+0.9 Sat Feb 11 23:11:45 2008
+    - Added Net::IPv4Addr prerequisite to Makefile.PL (patch submitted by
+      Dominik Gehl).
+    - Updated perldoc documentation to properly discuss the delete_chain()
+      API.  The material about the $jump_from_chain was missing (Darien
+      Kindlund reported this issue).
+    - Applied patch from Darien Kindlund to add the ability to specify the
+      source MAC address via the --mac-source <addr> command line argument to
+      iptables.
+
 0.8 Fri Oct 17 11:35:15 2008
-    - Added the ability to control iptables execution model.  The default is to
-      use waitpid(), but other options are to use system() or popen().
+    - Added the ability to control the iptables execution model.  The default
+      is to use waitpid(), but other options are to use system() or popen().
     - Added the ability to introduce a configurable time delay between each
       iptables command.
     - Added the ability to use a function reference for the SIGCHLD signal
       handler.
     - Added the ability to configure the number of seconds used as the alarm
       timeout for iptables command execution in the waitpid() execution model.
-    - Passed IPTables::ChainMgr option for execution model, configurable alarm
+    - Passed IPTables::ChainMgr options for execution model, configurable alarm
       timeouts, the SIGCHLD signal handler reference, and the configurable
       number of seconds for additional sleeps between iptables commands to the
       IPTables::Parse module.
     - Bugfix for SIGALRM handling to be more consistent with an example from
       the perlipc man page.
+    - Added append_ip_rule() so that new iptables rules can be appended to the
+      end of a chain instead of just inserted at a particular rule number.
 
 0.7 Sat May 17 10:49:15 2008
     - Added perldoc documentation for 0.7 release.

Modified: branches/upstream/libiptables-chainmgr-perl/current/Makefile.PL
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libiptables-chainmgr-perl/current/Makefile.PL?rev=30675&op=diff
==============================================================================
--- branches/upstream/libiptables-chainmgr-perl/current/Makefile.PL (original)
+++ branches/upstream/libiptables-chainmgr-perl/current/Makefile.PL Fri Feb 13 23:42:41 2009
@@ -5,7 +5,7 @@
 WriteMakefile(
     NAME              => 'IPTables::ChainMgr',
     VERSION_FROM      => 'lib/IPTables/ChainMgr.pm', # finds $VERSION
-    PREREQ_PM         => {}, # e.g., Module::Name => 1.1
+    PREREQ_PM         => {'Net::IPv4Addr' => 0.10}, # e.g., Module::Name => 1.1
     ($] >= 5.005 ?     ## Add these new keywords supported since 5.005
       (ABSTRACT_FROM  => 'lib/IPTables/ChainMgr.pm', # retrieve abstract from module
        AUTHOR         => 'Michael Rash <mbr at cipherdyne.org>') : ()),

Modified: branches/upstream/libiptables-chainmgr-perl/current/VERSION
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libiptables-chainmgr-perl/current/VERSION?rev=30675&op=diff
==============================================================================
--- branches/upstream/libiptables-chainmgr-perl/current/VERSION (original)
+++ branches/upstream/libiptables-chainmgr-perl/current/VERSION Fri Feb 13 23:42:41 2009
@@ -1,1 +1,1 @@
-0.8
+0.9

Modified: branches/upstream/libiptables-chainmgr-perl/current/lib/IPTables/ChainMgr.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libiptables-chainmgr-perl/current/lib/IPTables/ChainMgr.pm?rev=30675&op=diff
==============================================================================
--- branches/upstream/libiptables-chainmgr-perl/current/lib/IPTables/ChainMgr.pm (original)
+++ branches/upstream/libiptables-chainmgr-perl/current/lib/IPTables/ChainMgr.pm Fri Feb 13 23:42:41 2009
@@ -10,7 +10,7 @@
 #
 # Author: Michael Rash (mbr at cipherdyne.org)
 #
-# Version: 0.8
+# Version: 0.9
 #
 ##############################################################################
 #
@@ -20,7 +20,7 @@
 package IPTables::ChainMgr;
 
 use 5.006;
-use POSIX ":sys_wait_h";
+use POSIX ':sys_wait_h';
 use Carp;
 use IPTables::Parse;
 use Net::IPv4Addr 'ipv4_network';
@@ -28,7 +28,7 @@
 use warnings;
 use vars qw($VERSION);
 
-$VERSION = '0.8';
+$VERSION = '0.9';
 
 sub new() {
     my $class = shift;
@@ -155,7 +155,7 @@
         if ($extended_href) {
             $msg = "Table: $table, chain: $chain, $normalized_src -> " .
                 "$normalized_dst ";
-            for my $key qw(protocol s_port d_port) {
+            for my $key qw(protocol s_port d_port mac_source) {
                 $msg .= "$key $extended_href->{$key} "
                     if defined $extended_href->{$key};
             }
@@ -182,11 +182,13 @@
         $ipt_cmd .= "-d $normalized_dst ";
         $ipt_cmd .= "--dport $extended_href->{'d_port'} "
             if defined $extended_href->{'d_port'};
+        $ipt_cmd .= "-m mac --mac-source $extended_href->{'mac_source'} "
+            if defined $extended_href->{'mac_source'};
         $ipt_cmd .= "-j $target";
 
         $msg = "Table: $table, chain: $chain, added $normalized_src " .
             "-> $normalized_dst ";
-        for my $key qw(protocol s_port d_port) {
+        for my $key qw(protocol s_port d_port mac_source) {
             $msg .= "$key $extended_href->{$key} "
                 if defined $extended_href->{$key};
         }
@@ -242,7 +244,7 @@
         if ($extended_href) {
             $msg = "Table: $table, chain: $chain, $normalized_src -> " .
                 "$normalized_dst ";
-            for my $key qw(protocol s_port d_port) {
+            for my $key qw(protocol s_port d_port mac_source) {
                 $msg .= "$key $extended_href->{$key} "
                     if defined $extended_href->{$key};
             }
@@ -279,11 +281,13 @@
         $ipt_cmd .= "-d $normalized_dst ";
         $ipt_cmd .= "--dport $extended_href->{'d_port'} "
             if defined $extended_href->{'d_port'};
+        $ipt_cmd .= "-m mac --mac-source $extended_href->{'mac_source'} "
+            if defined $extended_href->{'mac_source'};
         $ipt_cmd .= "-j $target";
 
         $msg = "Table: $table, chain: $chain, added $normalized_src " .
             "-> $normalized_dst ";
-        for my $key qw(protocol s_port d_port) {
+        for my $key qw(protocol s_port d_port mac_source) {
             $msg .= "$key $extended_href->{$key} "
                 if defined $extended_href->{$key};
         }
@@ -340,7 +344,7 @@
 
     my $extended_msg = '';
     if ($extended_href) {
-        for my $key qw(protocol s_port d_port) {
+        for my $key qw(protocol s_port d_port mac_source) {
             $extended_msg .= "$key: $extended_href->{$key} "
                 if defined $extended_href->{$key};
         }
@@ -386,7 +390,7 @@
     $fh = *STDOUT if $verbose;
 
     if ($debug or $verbose) {
-        print $fh localtime() . " [+] IPTables::Parse::VERSION",
+        print $fh localtime() . " [+] IPTables::Parse::VERSION ",
             "$IPTables::Parse::VERSION\n"
     }
 
@@ -665,8 +669,9 @@
       ### flush all rules from the chain
       $ipt_obj->flush_chain('filter', 'CUSTOM');
 
-      ### now delete the chain
-      $ipt_obj->delete_chain('filter', 'CUSTOM');
+      ### now delete the chain (along with any jump rule in the
+      ### INPUT chain)
+      $ipt_obj->delete_chain('filter', 'INPUT', 'CUSTOM');
   }
 
   # create new iptables chain in the 'filter' table
@@ -764,16 +769,18 @@
 The flush_chain() function in the example above executes the iptables command
 "/sbin/iptables -t filter -F CUSTOM"
 
-=item delete_chain($table, $chain)
-
-This function deletes a chain from the specified table:
-
-  ($rv, $out_ar, $errs_ar) = $ipt_obj->delete_chain('filter', 'CUSTOM');
+=item delete_chain($table, $jump_from_chain, $chain)
+
+This function deletes a chain from the specified table along with any jump
+rule to which packets are jumped into this chain:
+
+  ($rv, $out_ar, $errs_ar) = $ipt_obj->delete_chain('filter', 'INPUT', 'CUSTOM');
 
 Internally a check is performed to see whether the chain exists within
-the table, and global jump rules from other chains within the table that
-reference the specified chain are also deleted (a chain cannot be deleted
-until there are no references to it).
+the table, and global jump rules are removed from the jump chain before
+deletion (a chain cannot be deleted until there are no references to it).
+In the example above, the CUSTOM chain is deleted after any jump rule
+to this chain from the INPUT chain is also deleted.
 
 =item find_ip_rule($src, $dst, $table, $chain, $target, %extended_info)
 
@@ -873,6 +880,7 @@
 
   Franck Joncourt <franck.mail at dthconnex.com>
   Grant Ferley
+  Darien Kindlund
 
 =head1 AUTHOR

More information about the Pkg-perl-cvs-commits mailing list