Package Details: xtables-addons 3.0-1

Git Clone URL: https://aur.archlinux.org/xtables-addons.git (read-only)
Package Base: xtables-addons
Description: Xtables-addons is a set of additional extensions for the Xtables packet filter that is present in the Linux kernel
Upstream URL: https://xtables-addons.sourceforge.net/
Keywords: iptablex xtables
Licenses: GPL2
Conflicts: xtables-addons-dkms
Replaces: xtables-addons-dkms
Submitter: None
Maintainer: k0ste
Last Packager: k0ste
Votes: 30
Popularity: 0.074334
First Submitted: 2009-04-20 09:21
Last Updated: 2018-02-18 04:51

Latest Comments

amish commented on 2018-02-08 17:24

IdleGandalf posted this patch (havent tested yet) https://gist.github.com/IdleGandalf/adf7813c6c2141bb306a66e757200059

Upstream commits (currently first 2 in list of commits) https://sourceforge.net/p/xtables-addons/xtables-addons/commit_browser

dcuk commented on 2018-02-08 17:06

Hmm, this seems to be broken against kernel 4.15.1-2-ARCH, no upstream patches that I can see. I'll see if I can turn up a fix.

k0ste commented on 2017-12-25 07:19

@amish, nope. Your usage is very uncommon. Make packets for yourself as you wish.

amish commented on 2017-12-25 07:17

@k0ste thank you for the update.

However problem here is that I have both lts as well normal linux kernel installed (Because thats what arch recommends. Incase anything goes wrong with one kernel you have another bootable kernel)

If I makepkg twice - one for lts and one for ARCH then there are some files common to both the packages and creates conflict. Is there any solution to it?

Like common files in separate package and kernel modules separate? So then I can makepkg twice but common package I will install once. And then install both kernel pacakges.

Thanks in advance.

k0ste commented on 2017-12-25 06:14

@amish I added another variable. Try to define this in PKGBUILD and .install script.

_linux_custom="lts"

_linux_localversion="-lts"

amish commented on 2017-12-16 11:45

Oh correct. Is there anyway you can add support for LTS kernel too? (without breaking things?)

I have Linux as well as LTS kernel. Earlier I used dkms AUR package but it seems its no more maintained.

k0ste commented on 2017-12-16 04:47

Not true. If kernel is upgraded and not rebooted, for example from 4.5.1 to 4.5.2 then "defaults" try to build over 4.5.1 - and build will failed.

amish commented on 2017-12-15 13:27

There is no need to detect and specify "_kernver" / --with-kbuild.

Detecting kernel version via pacman -Ql is kind of unwanted hack. It defaults to current running kernel anyway.

This way if I am using LTS kernel it will automatically build for LTS kernel.

k0ste commented on 2016-08-17 09:00

Forgot push commit. Now install on 4.7.0-1 okay.

oksijun commented on 2016-08-17 08:51

Depmod step in install stage failed with linux 4.7.0-1-ARCH.
In xtables-addons.install, I replaced :

kernver="`pacman -Qe linux | awk '{print $2"-ARCH"}'`"

with:

kernver="`pacman -Ql linux | awk -F'/' '/(\/modules\/)([0-9.-])+-ARCH\/$/ {print $5}'`"

to get it to succeed.

jskier commented on 2016-05-22 20:35

Thanks, appears to work good now.

dtschmitz commented on 2016-05-21 21:05

@nmset,

Thanks for attaching 'your' diff file.
I ran it with no errors.

nmset commented on 2016-05-21 19:16

Well, copy/paste from below gave me weird results too.

You can get the patch with wget or curl at :

{wget,curl} http://nmset.info/xtables_addons.diff

sha256sum : a3a2be4e97f95854e8220aa22cc5e8d7a862f880d5005267d7877ec38545967b

Sorry for the inconveniance.

dtschmitz commented on 2016-05-21 18:03

patch: **** malformed patch at line 151: diff -N -u xtables-addons.ori/pknock_makefile.diff xtables-addons/pknock_makefile.diff

^^ I get the above. Don't see what's wrong. Do you? (yes i have a leading space)

jskier commented on 2016-05-20 17:46

@nmset, better suited for pastebin. I can't get that to work either. Is there an official(s) patch somewhere for iptables1.6 and the latest kernel?

nmset commented on 2016-05-15 13:53

The package would not build due to inclusion problems from glibc's net/if.h, and the kernel's linux/if.h .

This patch is a(n ugly!) workaround to build xtables-addons on Linux 4.5.4.


********************************************************************************
#cat xtables_addons.diff
diff -N -u xtables-addons.ori/if.h.diff xtables-addons/if.h.diff
--- xtables-addons.ori/if.h.diff 1970-01-01 01:00:00.000000000 +0100
+++ xtables-addons/if.h.diff 2016-05-15 13:19:41.000000000 +0200
@@ -0,0 +1,129 @@
+--- if.h.ori 2016-05-15 13:18:46.336064705 +0200
++++ if.h 2016-05-15 13:15:21.000000000 +0200
+@@ -38,48 +38,6 @@
+
+
+ #ifdef __USE_MISC
+-/* Standard interface flags. */
+-enum
+- {
+- IFF_UP = 0x1, /* Interface is up. */
+-# define IFF_UP IFF_UP
+- IFF_BROADCAST = 0x2, /* Broadcast address valid. */
+-# define IFF_BROADCAST IFF_BROADCAST
+- IFF_DEBUG = 0x4, /* Turn on debugging. */
+-# define IFF_DEBUG IFF_DEBUG
+- IFF_LOOPBACK = 0x8, /* Is a loopback net. */
+-# define IFF_LOOPBACK IFF_LOOPBACK
+- IFF_POINTOPOINT = 0x10, /* Interface is point-to-point link. */
+-# define IFF_POINTOPOINT IFF_POINTOPOINT
+- IFF_NOTRAILERS = 0x20, /* Avoid use of trailers. */
+-# define IFF_NOTRAILERS IFF_NOTRAILERS
+- IFF_RUNNING = 0x40, /* Resources allocated. */
+-# define IFF_RUNNING IFF_RUNNING
+- IFF_NOARP = 0x80, /* No address resolution protocol. */
+-# define IFF_NOARP IFF_NOARP
+- IFF_PROMISC = 0x100, /* Receive all packets. */
+-# define IFF_PROMISC IFF_PROMISC
+-
+- /* Not supported */
+- IFF_ALLMULTI = 0x200, /* Receive all multicast packets. */
+-# define IFF_ALLMULTI IFF_ALLMULTI
+-
+- IFF_MASTER = 0x400, /* Master of a load balancer. */
+-# define IFF_MASTER IFF_MASTER
+- IFF_SLAVE = 0x800, /* Slave of a load balancer. */
+-# define IFF_SLAVE IFF_SLAVE
+-
+- IFF_MULTICAST = 0x1000, /* Supports multicast. */
+-# define IFF_MULTICAST IFF_MULTICAST
+-
+- IFF_PORTSEL = 0x2000, /* Can set media type. */
+-# define IFF_PORTSEL IFF_PORTSEL
+- IFF_AUTOMEDIA = 0x4000, /* Auto media select active. */
+-# define IFF_AUTOMEDIA IFF_AUTOMEDIA
+- IFF_DYNAMIC = 0x8000 /* Dialup device with changing addresses. */
+-# define IFF_DYNAMIC IFF_DYNAMIC
+- };
+-
+ /* The ifaddr structure contains information about one address of an
+ interface. They are maintained by the different address families,
+ are allocated and attached when an address is set, and are linked
+@@ -100,54 +58,13 @@
+ # define ifa_broadaddr ifa_ifu.ifu_broadaddr /* broadcast address */
+ # define ifa_dstaddr ifa_ifu.ifu_dstaddr /* other end of link */
+
+-/* Device mapping structure. I'd just gone off and designed a
+- beautiful scheme using only loadable modules with arguments for
+- driver options and along come the PCMCIA people 8)
+-
+- Ah well. The get() side of this is good for WDSETUP, and it'll be
+- handy for debugging things. The set side is fine for now and being
+- very small might be worth keeping for clean configuration. */
+-
+-struct ifmap
+- {
+- unsigned long int mem_start;
+- unsigned long int mem_end;
+- unsigned short int base_addr;
+- unsigned char irq;
+- unsigned char dma;
+- unsigned char port;
+- /* 3 bytes spare */
+- };
+
++ # define IFNAMSIZ IF_NAMESIZE
++
+ /* Interface request structure used for socket ioctl's. All interface
+ ioctl's must have parameter definitions which begin with ifr_name.
+ The remainder may be interface specific. */
+
+-struct ifreq
+- {
+-# define IFHWADDRLEN 6
+-# define IFNAMSIZ IF_NAMESIZE
+- union
+- {
+- char ifrn_name[IFNAMSIZ]; /* Interface name, e.g. "en0". */
+- } ifr_ifrn;
+-
+- union
+- {
+- struct sockaddr ifru_addr;
+- struct sockaddr ifru_dstaddr;
+- struct sockaddr ifru_broadaddr;
+- struct sockaddr ifru_netmask;
+- struct sockaddr ifru_hwaddr;
+- short int ifru_flags;
+- int ifru_ivalue;
+- int ifru_mtu;
+- struct ifmap ifru_map;
+- char ifru_slave[IFNAMSIZ]; /* Just fits the size */
+- char ifru_newname[IFNAMSIZ];
+- __caddr_t ifru_data;
+- } ifr_ifru;
+- };
+ # define ifr_name ifr_ifrn.ifrn_name /* interface name */
+ # define ifr_hwaddr ifr_ifru.ifru_hwaddr /* MAC address */
+ # define ifr_addr ifr_ifru.ifru_addr /* address */
+@@ -168,20 +85,6 @@
+ # define _IOT_ifreq_short _IOT(_IOTS(char),IFNAMSIZ,_IOTS(short),1,0,0)
+ # define _IOT_ifreq_int _IOT(_IOTS(char),IFNAMSIZ,_IOTS(int),1,0,0)
+
+-
+-/* Structure used in SIOCGIFCONF request. Used to retrieve interface
+- configuration for machine (useful for programs which must know all
+- networks accessible). */
+-
+-struct ifconf
+- {
+- int ifc_len; /* Size of buffer. */
+- union
+- {
+- __caddr_t ifcu_buf;
+- struct ifreq *ifcu_req;
+- } ifc_ifcu;
+- };
+ # define ifc_buf ifc_ifcu.ifcu_buf /* Buffer address. */
+ # define ifc_req ifc_ifcu.ifcu_req /* Array of structures. */
+ # define _IOT_ifconf _IOT(_IOTS(struct ifconf),1,0,0,0,0) /* not right */
diff -N -u xtables-addons.ori/PKGBUILD xtables-addons/PKGBUILD
--- xtables-addons.ori/PKGBUILD 2016-04-27 17:27:37.000000000 +0200
+++ xtables-addons/PKGBUILD 2016-05-15 15:04:33.426431964 +0200
@@ -19,6 +19,13 @@

prepare() {
pushd "${srcdir}/${pkgname}-${pkgver}"
+ [ ! -d "${srcdir}/${pkgname}-${pkgver}"/net ] && mkdir "${srcdir}/${pkgname}-${pkgver}"/net
+ rm -f "${srcdir}/${pkgname}-${pkgver}"/net/if.h
+ cp /usr/include/net/if.h "${srcdir}/${pkgname}-${pkgver}"/net/
+ patch "${srcdir}/${pkgname}-${pkgver}"/net/if.h "${srcdir}"/../if.h.diff
+ HERE=$(pwd)
+ "${srcdir}/${pkgname}-${pkgver}"/autogen.sh
+ patch "${srcdir}/${pkgname}-${pkgver}"/extensions/pknock/Makefile.am "${srcdir}"/../pknock_makefile.diff
./configure \
--prefix=/usr \
--sysconfdir=/etc \
diff -N -u xtables-addons.ori/pknock_makefile.diff xtables-addons/pknock_makefile.diff
--- xtables-addons.ori/pknock_makefile.diff 1970-01-01 01:00:00.000000000 +0100
+++ xtables-addons/pknock_makefile.diff 2016-05-15 14:52:25.000000000 +0200
@@ -0,0 +1,12 @@
+--- Makefile.am.ori 2016-05-15 14:51:47.000000000 +0200
++++ Makefile.am 2016-05-15 14:52:22.837922108 +0200
+@@ -1,7 +1,7 @@
+ # -*- Makefile -*-
+
+-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
+-AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
++AM_CPPFLAGS = -I${abs_top_srcdir} ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
++AM_CFLAGS = -I${abs_top_srcdir} ${regular_CFLAGS} ${libxtables_CFLAGS}
+
+ include ../../Makefile.extra
+

********************************************************************************

Usage :
cd to /path/xtables-addons/
patch -p1 < /path/to/xtables_addons.diff

It does the following :
1. patch PKGBUILD.
2. create src/xtables-addons-2.10/net directory, copy net/if.h in it, remove anything conflicting with linux/if.h.
3. patch src/xtables-addons-2.10/extensions/pknock/Makefile.am, to use src/xtables-addons-2.10/net/if.h .

In case it's useful; no warranty, of course.

k0ste commented on 2016-02-27 09:27

@BertVoegele, done. Thanks!

BertVoegele commented on 2016-02-27 09:12

pkg-config should be added to to makedepends

Knight commented on 2015-12-26 03:37

Since 2.10 is available now, the PKBUILD needs to changed as following:

pkgver=2.10
pkgrel=1
md5sums=('727bf0dd4a3d9c65724267bd0d5d80b0')

silvermonk commented on 2015-09-28 10:04

2.8 is available at upstream
thiagoc: FYI: I made it work with

pkgver=2.8
source=(http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/$pkgname-$pkgver.tar.xz)
md5sums=('246ec2f1f75c32c6e04ae9ae75b578c9')

jskier: I'm on arm7h for this, and

yaourt -S xtables-addons -A

built it (after the changes above) while ignoring architecture in the PKGBUILD:

(note the -A)

-f

dcuk commented on 2015-07-16 18:47

Hi, version 2.7 has been released for compatibility with a change in the upstream kernel headers in 4.1.x

Sourceforge seems to be having a few issues at the moment but it should return to service soon.

jskier commented on 2015-06-23 20:07

Would you please add arm support in the pkgbuild?

Amplificator commented on 2015-04-07 01:30

Yes, that and then running "depmod -a" fixed it :)

thiagoc commented on 2015-04-06 13:26

@Amplificator have you tried the latest release?

Amplificator commented on 2015-04-03 21:25

I think Sarens problem is the same as I'm having.

Shorewall reports:
ERROR: A country-code require GeoIP Match in your kernel and iptables /etc/shorewall/rules

And "modprobe xt_geoip" reports:
modprobe: FATAL: Module xt_geoip not found.
..despite it does exist. Is it incompatible with the latest kernel perhaps?

thiagoc commented on 2015-04-02 21:50

Please try the new release.

Saren commented on 2015-04-02 18:43

Does anybody knows why this happens?
/usr/share/xt_geoip/ is already correctly installed.

# iptables -A INPUT -m geoip --src-cc (whatever) -j DROP
iptables: No chain/target/match by that name.

RunningDroid commented on 2015-01-02 05:48

With pacman 4.2:
error: failed to commit transaction (conflicting files)
xtables-addons: /lib exists in filesystem
xtables-addons: /usr/sbin exists in filesystem
Errors occurred, no packages were upgraded.

dcuk commented on 2014-06-18 19:13

Version 2.5 of xtables-addons was released a couple of months ago and seems to compile cleanly against kernel 3.15.1 which cannot be said for 2.4 (at least for me).

disarmer commented on 2014-04-23 21:25

Upload your PKGBUILD please

unforgiven512 commented on 2014-04-23 19:32

Also:

optdepends=('perl-text-csv-xs: required for building GeoIP database')

unforgiven512 commented on 2014-04-23 19:16

I converted your patch to unified diff format.

PKGBUILD modifications:
source=(dkms.conf
make.sh
http://download.sourceforge.net/project/xtables-addons/Xtables-addons/$pkgver/xtables-addons-$pkgver.tar.xz
linux-3.14-net_random-fix.patch)
sha512sums=('bb5e7eff3e402dc0561d917d67af540fb405b2a404dd16a3d553610c7197c4741a583007a97d0ca380b727dc45a818c29ec34996581e1e14dfe1657ee2d17d7a'
'd1e917ac3c15ea8a533686781f6989ef648786f7a6666d06739c96d37debdc44bd2449c332db6e30af0f655540d1df49d4f5b702da4731aa7d550204ac908333'
'650182a9078c2ce9b66a26cc0f6224e1a5fc09bb88a714b44c6d0be9fbb73f83a19ab98d085ac24f22ba564d8614d62507ff71d45c1f305f037734f23a842915'
'229de73f89e76d58ef970827e888e58c6b61fd910987c36f7b203cd1153b025abc970d7700d51b9eb4f636470b8ecceadaf8331485b3c6e0d4c671178db32b7e')

prepare() {
cd "${srcdir}/xtables-addons-${pkgver}"
patch -p2 -i ../linux-3.14-net_random-fix.patch
}

PATCH:
------
diff -ur old/xtables-addons-2.4/extensions/xt_CHAOS.c new/xtables-addons-2.4/extensions/xt_CHAOS.c
--- old/xtables-addons-2.4/extensions/xt_CHAOS.c 2014-01-09 04:37:52.000000000 -0500
+++ new/xtables-addons-2.4/extensions/xt_CHAOS.c 2014-04-23 15:06:34.335470933 -0400
@@ -68,7 +68,7 @@
ret = xm_tcp->match(skb, &local_par);
hotdrop = local_par.hotdrop;
}
- if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
+ if (!ret || hotdrop || (unsigned int)prandom_u32() > delude_percentage)
return;

destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
@@ -98,7 +98,7 @@
const struct xt_chaos_tginfo *info = par->targinfo;
const struct iphdr *iph = ip_hdr(skb);

- if ((unsigned int)net_random() <= reject_percentage) {
+ if ((unsigned int)prandom_u32() <= reject_percentage) {
struct xt_action_param local_par;
local_par.in = par->in;
local_par.out = par->out;
diff -ur old/xtables-addons-2.4/extensions/xt_TARPIT.c new/xtables-addons-2.4/extensions/xt_TARPIT.c
--- old/xtables-addons-2.4/extensions/xt_TARPIT.c 2014-01-09 04:37:52.000000000 -0500
+++ new/xtables-addons-2.4/extensions/xt_TARPIT.c 2014-04-23 15:09:04.827092373 -0400
@@ -107,8 +107,8 @@
tcph->syn = true;
tcph->ack = true;
tcph->window = oth->window &
- ((net_random() & 0x1f) - 0xf);
- tcph->seq = htonl(net_random() & ~oth->seq);
+ ((prandom_u32() & 0x1f) - 0xf);
+ tcph->seq = htonl(prandom_u32() & ~oth->seq);
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
}

@@ -117,7 +117,7 @@
tcph->syn = false;
tcph->ack = true;
tcph->window = oth->window &
- ((net_random() & 0x1f) - 0xf);
+ ((prandom_u32() & 0x1f) - 0xf);
tcph->ack_seq = payload > 100 ?
htonl(ntohl(oth->seq) + payload) :
oth->seq;

johny77 commented on 2014-04-13 17:58

Problem solved.
Please applicate a patch into PKGBUILD. New kernel 3.14 has a new delarations for the function net_random().


diff -r old/xtables-addons-2.4/extensions/xt_CHAOS.c new/xtables-addons-2.4/extensions/xt_CHAOS.c
71c71
< if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
---
> if (!ret || hotdrop || (unsigned int)prandom_u32() > delude_percentage)
101c101
< if ((unsigned int)net_random() <= reject_percentage) {
---
> if ((unsigned int)prandom_u32() <= reject_percentage) {
diff -r old/xtables-addons-2.4/extensions/xt_TARPIT.c new/xtables-addons-2.4/extensions/xt_TARPIT.c
110,111c110,111
< ((net_random() & 0x1f) - 0xf);
< tcph->seq = htonl(net_random() & ~oth->seq);
---
> ((prandom_u32() & 0x1f) - 0xf);
> tcph->seq = htonl(prandom_u32() & ~oth->seq);
120c120
< ((net_random() & 0x1f) - 0xf);
---
> ((prandom_u32() & 0x1f) - 0xf);

disarmer commented on 2014-04-11 08:51

Updated to 2.4.1

johny77 commented on 2014-04-11 08:02

It is not possible to compile it after upgrade. I am unable to solve this problem. :(


build/xtables-addons/src/xtables-addons-2.4/extensions/xt_CHAOS.c:71:2: error: implicit declaration of function 'net_random' [-Werror=implicit-function-de
claration]
if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
^
cc1: some warnings being treated as errors


Anonymous comment on 2012-10-31 18:09

I have no idea why this is not working:


iptables -A INPUT -p tcp -m lscan --stealth -j DROP
iptables: No chain/target/match by that name.

Anonymous comment on 2012-10-31 18:08

I have no idea why this is not working:


iptables -A INPUT -p tcp -m lscan --stealth -j DROP
iptables: No chain/target/match by that name.

Anonymous comment on 2012-10-12 21:00

Could the conflict/provides/replaces lines for ipset be removed from the package, as ipset is no longer included.
And the descriptio adjusted too :-)

honza801 commented on 2012-08-14 08:30

please add linux-headers to build-dependencies

Anonymous comment on 2012-07-03 20:49

Required linux-headers to successfully build

Anonymous comment on 2012-04-18 22:21

Could the conflict/provides/replaces lines for ipset be removed from the package, as ipset is no longer included.
And the descriptio adjusted too :-)

Anonymous comment on 2011-11-23 21:42

Please update to 1.39.

kang commented on 2011-07-03 11:50

1.37 has been released - just need to bump the version of the PKGBUILD

Anonymous comment on 2011-01-05 00:55

1.32 has been released - http://xtables-addons.git.sf.net/git/gitweb.cgi?p=xtables-addons/xtables-addons;a=commit;h=80ded69d777f69f01065129679c9c0fb3149b057

Anonymous comment on 2010-10-05 06:57

Thank you, PKGBUILD updated.

jinks commented on 2010-10-05 04:48

xtables-addons 1.30 has been released a few days ago an builds fine with 2.6.35.

Anonymous comment on 2010-09-11 14:03

First Submitted: Mon, 20 Apr 2009 09:21:14 +0000
xtables-addons 1.28-1 : Successor to patch-o-matic(-ng). Additional extensions for iptables, ip6tables, etc. CHAOS, TARPIT, TEE, DELUDE and other targets; condition, geoip, ipp2p and other matches. Includes ipset package.
( Unsupported package: Potentially dangerous ! )

Anonymous comment on 2010-09-03 13:46

make[3]: Leaving directory `/usr/src/linux-2.6.35-ARCH'
make -f ../Makefile.iptrules all;
make[3]: Entering directory `/tmp/yaourt-tmp-root/aur-xtables-addons/src/xtables-addons-1.28/extensions'
CC libxt_CHAOS.oo
libxt_CHAOS.c:99:2: 警告:隐式声明函数‘ALIGN’
libxt_CHAOS.c:99:19: 错误:初始值设定元素不是常量
libxt_CHAOS.c:99:19: 错误:(在‘chaos_tg_reg.size’的初始化附近)
libxt_CHAOS.c:100:19: 错误:初始值设定元素不是常量
libxt_CHAOS.c:100:19: 错误:(在‘chaos_tg_reg.userspacesize’的初始化附近)
make[3]: *** [libxt_CHAOS.oo] 错误 1
make[3]: Leaving directory `/tmp/yaourt-tmp-root/aur-xtables-addons/src/xtables-addons-1.28/extensions'
make[2]: *** [user-all-local] 错误 2
make[2]: Leaving directory `/tmp/yaourt-tmp-root/aur-xtables-addons/src/xtables-addons-1.28/extensions'
make[1]: *** [all-recursive] 错误 1
make[1]: Leaving directory `/tmp/yaourt-tmp-root/aur-xtables-addons/src/xtables-addons-1.28'
make: *** [all] 错误 2

Anonymous comment on 2010-07-26 08:01

You can use it with kernel26-lts.

Anonymous comment on 2010-06-22 07:05

xtables-addons now has compilation problem with kernel 2.6.34. Be careful.
http://marc.info/?t=127444218200001&r=1&w=2