remove ipset support from core, it is now provided by xtables-addons from the packages feed

SVN-Revision: 17844

package/ipset/Makefile

@@ -1,48 +0,0 @@
-# 
-# Copyright (C) 2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-#
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=ipset
-PKG_VERSION:=3.2
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://ipset.netfilter.org
-PKG_MD5SUM:=0fd83af3efae5f72f5e5b55d07582941
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/ipset
-  SECTION:=net
-  CATEGORY:=Network
-  DEPENDS:=@!TARGET_etrax @LINUX_2_6
-  TITLE:=Netfilter ip sets administration utility
-  URL:=http://ipset.netfilter.org/
-endef
-
-define Build/Compile
-	$(call Build/Compile/Default, \
-		COPT_FLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="-rdynamic -static-libgcc" \
-		KERNEL_DIR="$(LINUX_DIR)" \
-		PREFIX="/usr" \
-		DESTDIR="$(PKG_INSTALL_DIR)" \
-		binaries \
-	)
-endef
-
-define Package/ipset/install
-	$(MAKE) -C $(PKG_BUILD_DIR) \
-		DESTDIR="$(1)" \
-		PREFIX="/usr" \
-		binaries_install
-	rm -rf $(1)/usr/man
-endef
-
-$(eval $(call BuildPackage,ipset))

package/iptables/Makefile

@@ -207,11 +207,6 @@ define Package/iptables-mod-extra/description
  - libipt_NOTRACK
 endef
 
-define Package/iptables-mod-ipset
-$(call Package/iptables/Module, +kmod-ipt-ipset)
-  TITLE:=IPset extension
-endef
-
 define Package/iptables-utils
 $(call Package/iptables/Module, )
   TITLE:=iptables save and restore utilities
@@ -365,7 +360,6 @@ $(eval $(call BuildPackage,iptables-utils))
 $(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
-$(eval $(call BuildPlugin,iptables-mod-ipset,$(IPT_IPSET-m)))
 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
 $(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))

package/kernel/modules/netfilter.mk

@@ -300,37 +300,6 @@ endef
 $(eval $(call KernelPackage,ipt-iprange))
 
 
-define KernelPackage/ipt-ipset
-  SUBMENU:=$(NF_MENU)
-  TITLE:=IPSET Modules
-  KCONFIG:=$(KCONFIG_IPT_IPSET)
-  FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
-  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSET-m)))
-  DEPENDS:= kmod-ipt-core
-endef
-
-define KernelPackage/ipt-ipset/description
- Netfilter kernel modules for ipset
- Includes:
- - ip_set
- - ip_set_iphash
- - ip_set_ipmap
- - ip_set_ipporthash
- - ip_set_ipportiphash
- - ip_set_ipportnethash
- - ip_set_iptree
- - ip_set_iptreemap
- - ip_set_macipmap
- - ip_set_nethash
- - ip_set_portmap
- - ip_set_setlist
- - ipt_set
- - ipt_SET
-endef
-
-$(eval $(call KernelPackage,ipt-ipset))
-
-
 define KernelPackage/ipt-extra
   SUBMENU:=$(NF_MENU)
   TITLE:=Extra modules

target/linux/generic-2.4/patches/609-netfilter_string.patch

@@ -21,7 +21,7 @@
 +#endif /*_IPT_STRING_H*/
 --- a/net/ipv4/netfilter/Config.in
 +++ b/net/ipv4/netfilter/Config.in
-@@ -61,6 +61,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -47,6 +47,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
    fi
    if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
      dep_tristate '  Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES
@@ -133,7 +133,7 @@
 +module_exit(fini);
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
-@@ -99,6 +99,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s
+@@ -87,6 +87,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s
  obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o
  obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
  obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o

target/linux/generic-2.4/patches/610-netfilter_connbytes.patch

@@ -11,7 +11,7 @@
  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
-@@ -97,6 +97,7 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_
+@@ -85,6 +85,7 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_
  obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
  obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o
  obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o

target/linux/generic-2.4/patches/611-netfilter_condition.patch

@@ -15,7 +15,7 @@
  conntrack match support
  CONFIG_IP_NF_MATCH_CONNTRACK
    This is a general conntrack match module, a superset of the state match.
-@@ -3365,6 +3373,14 @@ CONFIG_IP6_NF_MATCH_MARK
+@@ -3296,6 +3304,14 @@ CONFIG_IP6_NF_MATCH_MARK
    If you want to compile it as a module, say M here and read
    <file:Documentation/modules.txt>.  If unsure, say `N'.
  
@@ -60,7 +60,7 @@
 +#endif
 --- a/net/ipv4/netfilter/Config.in
 +++ b/net/ipv4/netfilter/Config.in
-@@ -41,6 +41,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -27,6 +27,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
    dep_tristate '  netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
    dep_tristate '  Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
    dep_tristate '  TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
@@ -70,7 +70,7 @@
    dep_tristate '  peer to peer traffic match support' CONFIG_IP_NF_MATCH_IPP2P $CONFIG_IP_NF_IPTABLES
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
-@@ -85,6 +85,7 @@ obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt
+@@ -73,6 +73,7 @@ obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt
  obj-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport.o
  obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
  obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o

target/linux/generic-2.4/patches/612-netfilter_quota.patch

@@ -36,9 +36,9 @@
  # The simple matches.
    dep_tristate '  limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
 +  dep_tristate '  quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
- 
-   dep_tristate '  IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
-   if [ "$CONFIG_IP_NF_SET" != "n" ]; then
+   dep_tristate '  MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
+   dep_tristate '  Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
+   dep_tristate '  netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
 @@ -65,6 +65,7 @@ obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
@@ -47,8 +47,8 @@
  obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o
 +obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
  obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
- obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
- obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o
+ obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o
+ obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
 --- /dev/null
 +++ b/net/ipv4/netfilter/ipt_quota.c
 @@ -0,0 +1,88 @@

target/linux/generic-2.4/patches/613-netfilter_nat_h323.patch

@@ -8,7 +8,7 @@
  fi
  
  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
-@@ -94,6 +95,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -80,6 +81,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
            define_tristate CONFIG_IP_NF_NAT_AMANDA $CONFIG_IP_NF_NAT
          fi
        fi

target/linux/generic-2.4/patches/614-netfilter_nat_rtsp.patch

@@ -8,7 +8,7 @@
  fi
  
  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
-@@ -102,6 +103,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -88,6 +89,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
           define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT
         fi
        fi

target/linux/generic-2.4/patches/615-netfilter_nat_mms.patch

@@ -8,7 +8,7 @@
  fi
  
  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
-@@ -110,6 +111,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -96,6 +97,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
           define_tristate CONFIG_IP_NF_NAT_RTSP $CONFIG_IP_NF_NAT
         fi
        fi

target/linux/generic-2.4/patches/616-netfilter_imq.patch

@@ -23,7 +23,7 @@
  MARK target support
  CONFIG_IP_NF_TARGET_MARK
    This option adds a `MARK' target, which allows you to create rules
-@@ -9931,6 +9947,20 @@ CONFIG_BONDING
+@@ -9862,6 +9878,20 @@ CONFIG_BONDING
    say M here and read <file:Documentation/modules.txt>.  The module
    will be called bonding.o.
  
@@ -505,7 +505,7 @@
  /**
 --- a/net/ipv4/netfilter/Config.in
 +++ b/net/ipv4/netfilter/Config.in
-@@ -155,6 +155,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -141,6 +141,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
      dep_tristate '    DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE
   
      dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
@@ -515,7 +515,7 @@
    if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
-@@ -130,6 +130,7 @@ obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TO
+@@ -118,6 +118,7 @@ obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TO
  obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
  obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
  obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o

target/linux/generic-2.4/patches/620-netfilter_iprange.patch

@@ -49,8 +49,8 @@
    dep_tristate '  limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
 +  dep_tristate '  IP range match support' CONFIG_IP_NF_MATCH_IPRANGE $CONFIG_IP_NF_IPTABLES
    dep_tristate '  quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
- 
-   dep_tristate '  IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
+   dep_tristate '  MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
+   dep_tristate '  Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
 --- /dev/null
 +++ b/net/ipv4/netfilter/ipt_iprange.c
 @@ -0,0 +1,101 @@
@@ -164,4 +164,4 @@
 +obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o
  obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
  obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
- obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
+ obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o

target/linux/generic-2.4/patches/621-netfilter_random.patch

@@ -24,7 +24,7 @@
  TCPMSS match support
  CONFIG_IP_NF_MATCH_TCPMSS
    This option adds a `tcpmss' match, which allows you to examine the
-@@ -3387,6 +3397,14 @@ CONFIG_IP6_NF_MATCH_MAC
+@@ -3318,6 +3328,14 @@ CONFIG_IP6_NF_MATCH_MAC
    If you want to compile it as a module, say M here and read
    <file:Documentation/modules.txt>.  If unsure, say `N'.
  
@@ -69,7 +69,7 @@
 +#endif /*_IP6T_RAND_H*/
 --- a/net/ipv4/netfilter/Config.in
 +++ b/net/ipv4/netfilter/Config.in
-@@ -46,6 +46,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
+@@ -32,6 +32,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
    dep_tristate '  netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
    dep_tristate '  Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
    dep_tristate '  TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
@@ -178,7 +178,7 @@
 +module_exit(fini);
 --- a/net/ipv4/netfilter/Makefile
 +++ b/net/ipv4/netfilter/Makefile
-@@ -105,6 +105,8 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_o
+@@ -93,6 +93,8 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_o
  obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
  obj-$(CONFIG_IP_NF_MATCH_CONDITION) += ipt_condition.o
  

target/linux/generic-2.4/patches/622-tc_esfq.patch

@@ -1,6 +1,6 @@
 --- a/Documentation/Configure.help
 +++ b/Documentation/Configure.help
-@@ -11165,6 +11165,24 @@ CONFIG_NET_SCH_HFSC
+@@ -11096,6 +11096,24 @@ CONFIG_NET_SCH_HFSC
    whenever you want).  If you want to compile it as a module, say M
    here and read <file:Documentation/modules.txt>.
  

target/linux/generic-2.4/patches/623-netfilter_ipset_porthash.patch

@@ -1,37 +0,0 @@
---- /dev/null
-+++ b/include/linux/netfilter_ipv4/ip_set_ipporthash.h
-@@ -0,0 +1,34 @@
-+#ifndef __IP_SET_IPPORTHASH_H
-+#define __IP_SET_IPPORTHASH_H
-+
-+#include <linux/netfilter_ipv4/ip_set.h>
-+
-+#define SETTYPE_NAME "ipporthash"
-+#define MAX_RANGE 0x0000FFFF
-+#define INVALID_PORT	(MAX_RANGE + 1)
-+
-+struct ip_set_ipporthash {
-+	ip_set_ip_t *members;		/* the ipporthash proper */
-+	uint32_t elements;		/* number of elements */
-+	uint32_t hashsize;		/* hash size */
-+	uint16_t probes;		/* max number of probes  */
-+	uint16_t resize;		/* resize factor in percent */
-+	ip_set_ip_t first_ip;		/* host byte order, included in range */
-+	ip_set_ip_t last_ip;		/* host byte order, included in range */
-+	void *initval[0];		/* initvals for jhash_1word */
-+};
-+
-+struct ip_set_req_ipporthash_create {
-+	uint32_t hashsize;
-+	uint16_t probes;
-+	uint16_t resize;
-+	ip_set_ip_t from;
-+	ip_set_ip_t to;
-+};
-+
-+struct ip_set_req_ipporthash {
-+	ip_set_ip_t ip;
-+	ip_set_ip_t port;
-+};
-+
-+#endif	/* __IP_SET_IPPORTHASH_H */