xtables-addons: move to package/, add myself as maintainer
SVN-Revision: 35193
This commit is contained in:
parent
576aa2af0c
commit
3b798d819d
18 changed files with 39869 additions and 0 deletions
158
package/network/utils/xtables-addons/Makefile
Normal file
158
package/network/utils/xtables-addons/Makefile
Normal file
|
@ -0,0 +1,158 @@
|
|||
#
|
||||
# Copyright (C) 2009-2013 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=xtables-addons
|
||||
ifeq ($(strip $(call CompareKernelPatchVer,$(KERNEL_PATCHVER),ge,3.7.0)),1)
|
||||
PKG_VERSION:=2.1
|
||||
PKG_RELEASE:=1
|
||||
PKG_MD5SUM:=b624fc57bbda9e15c33a6471e4ec75e1
|
||||
else
|
||||
PKG_VERSION:=1.45
|
||||
PKG_RELEASE:=3
|
||||
PKG_MD5SUM:=802d2f556a5e545f44e4b69937bf8490
|
||||
PATCH_DIR:=./patches-1.x
|
||||
endif
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=@SF/xtables-addons
|
||||
PKG_BUILD_DEPENDS:=iptables
|
||||
PKG_INSTALL:=1
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
|
||||
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
|
||||
|
||||
PKG_FIXUP:=autoreconf
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/xtables-addons
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
SUBMENU:=Firewall
|
||||
TITLE:=Extensions not distributed in the main Xtables
|
||||
URL:=http://xtables-addons.sourceforge.net/
|
||||
endef
|
||||
|
||||
# uses GNU configure
|
||||
|
||||
CONFIGURE_ARGS+= \
|
||||
--with-kbuild="$(LINUX_DIR)" \
|
||||
--with-xtables="$(STAGING_DIR)/usr" \
|
||||
--with-xtlibdir="/usr/lib/iptables" \
|
||||
|
||||
define Build/Compile
|
||||
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
|
||||
ARCH="$(LINUX_KARCH)" \
|
||||
CROSS_COMPILE="$(TARGET_CROSS)" \
|
||||
DESTDIR="$(PKG_INSTALL_DIR)" \
|
||||
DEPMOD="/bin/true" \
|
||||
all
|
||||
endef
|
||||
|
||||
define Build/Install
|
||||
$(MAKE) -C $(PKG_BUILD_DIR) \
|
||||
ARCH="$(LINUX_KARCH)" \
|
||||
CROSS_COMPILE="$(TARGET_CROSS)" \
|
||||
DESTDIR="$(PKG_INSTALL_DIR)" \
|
||||
DEPMOD="/bin/true" \
|
||||
install
|
||||
endef
|
||||
|
||||
# 1: extension/module suffix used in package name
|
||||
# 2: extension/module display name used in package title/description
|
||||
# 3: list of extensions to package
|
||||
# 4: list of modules to package
|
||||
# 5: module load priority
|
||||
# 6: module depends
|
||||
define BuildTemplate
|
||||
|
||||
ifneq ($(3),)
|
||||
define Package/iptables-mod-$(1)
|
||||
$$(call Package/xtables-addons)
|
||||
CATEGORY:=Network
|
||||
TITLE:=$(2) iptables extension
|
||||
DEPENDS:=iptables $(if $(4),+kmod-ipt-$(1))
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-$(1)/install
|
||||
$(INSTALL_DIR) $$(1)/usr/lib/iptables
|
||||
for m in $(3); do \
|
||||
$(CP) \
|
||||
$(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so \
|
||||
$$(1)/usr/lib/iptables/ ; \
|
||||
done
|
||||
endef
|
||||
|
||||
$$(eval $$(call BuildPackage,iptables-mod-$(1)))
|
||||
endif
|
||||
|
||||
ifneq ($(4),)
|
||||
define KernelPackage/ipt-$(1)
|
||||
SUBMENU:=Netfilter Extensions
|
||||
TITLE:=$(2) netfilter module
|
||||
DEPENDS:=kmod-ipt-core $(6)
|
||||
KCONFIG:=$(7)
|
||||
FILES:=$(foreach mod,$(4),$(PKG_BUILD_DIR)/extensions/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||
AUTOLOAD:=$(call AutoLoad,$(5),$(notdir $(4)))
|
||||
endef
|
||||
|
||||
$$(eval $$(call KernelPackage,ipt-$(1)))
|
||||
endif
|
||||
|
||||
endef
|
||||
|
||||
|
||||
define Package/iptaccount
|
||||
$(call Package/xtables-addons)
|
||||
CATEGORY:=Network
|
||||
TITLE:=iptables-mod-account control utility
|
||||
DEPENDS:=iptables +iptables-mod-account
|
||||
endef
|
||||
|
||||
define Package/iptaccount/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(CP) \
|
||||
$(PKG_INSTALL_DIR)/usr/lib/libxt_ACCOUNT_cl.so* \
|
||||
$(1)/usr/lib/
|
||||
$(CP) \
|
||||
$(PKG_INSTALL_DIR)/usr/sbin/iptaccount \
|
||||
$(1)/usr/sbin/
|
||||
endef
|
||||
|
||||
|
||||
#$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,PRIORITY,DEPENDS))
|
||||
|
||||
$(eval $(call BuildTemplate,compat-xtables,API compatibilty layer,,compat_xtables,45,,CONFIG_NF_CONNTRACK_MARK=y))
|
||||
$(eval $(call BuildTemplate,rawpost,RAWPOST,,iptable_rawpost $(if $(CONFIG_IPV6),ip6table_rawpost),50,+kmod-ipt-compat-xtables +IPV6:kmod-ip6tables))
|
||||
$(eval $(call BuildTemplate,nathelper-rtsp,RTSP Conntrack and NAT,,rtsp/nf_conntrack_rtsp rtsp/nf_nat_rtsp,46,+kmod-ipt-conntrack-extra))
|
||||
|
||||
$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,47,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit))
|
||||
$(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,46,))
|
||||
$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,46,))
|
||||
$(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,46,))
|
||||
$(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,46,))
|
||||
$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,46,))
|
||||
$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,46,))
|
||||
$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,46,))
|
||||
$(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,46,+kmod-ipt-conntrack-extra))
|
||||
$(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,46,))
|
||||
$(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,46,))
|
||||
$(eval $(call BuildTemplate,rawnat,RAWNAT,xt_RAWDNAT xt_RAWSNAT,xt_RAWNAT,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,steal,STEAL,xt_STEAL,xt_STEAL,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,46,+kmod-ipt-compat-xtables))
|
||||
$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,46,+kmod-ipt-compat-xtables))
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
Makefile.in | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -11,9 +11,6 @@ FORCE:
|
||||
xtables-addons.8: FORCE
|
||||
${MAKE} -f Makefile.mans all;
|
||||
|
||||
-install-exec-hook:
|
||||
- depmod -a || :;
|
||||
-
|
||||
config.status: Makefile.iptrules.in
|
||||
|
||||
tmpdir := $(shell mktemp -dtu)
|
|
@ -0,0 +1,22 @@
|
|||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -11780,7 +11780,7 @@ regular_CFLAGS="-Wall -Waggregate-return
|
||||
if test -n "$kbuilddir"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel version that we will build against" >&5
|
||||
$as_echo_n "checking kernel version that we will build against... " >&6; }
|
||||
- krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
|
||||
+ krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
|
||||
kmajor="${krel%%[^0-9]*}";
|
||||
kmajor="$(($kmajor+0))";
|
||||
krel="${krel:${#kmajor}}";
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
|
||||
|
||||
if test -n "$kbuilddir"; then
|
||||
AC_MSG_CHECKING([kernel version that we will build against])
|
||||
- krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
|
||||
+ krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
|
||||
kmajor="${krel%%[[^0-9]]*}";
|
||||
kmajor="$(($kmajor+0))";
|
||||
krel="${krel:${#kmajor}}";
|
|
@ -0,0 +1,11 @@
|
|||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -31,7 +31,7 @@ xtlibdir="$(pkg-config --variable=xtlibd
|
||||
|
||||
AC_ARG_WITH([xtlibdir],
|
||||
AS_HELP_STRING([--with-xtlibdir=PATH],
|
||||
- [Path where to install Xtables extensions [[autodetect]]]]),
|
||||
+ [Path where to install Xtables extensions [[autodetect]]]),
|
||||
[xtlibdir="$withval"])
|
||||
AC_MSG_CHECKING([Xtables module directory])
|
||||
AC_MSG_RESULT([$xtlibdir])
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,22 @@
|
|||
--- a/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
+++ b/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
@@ -28,6 +28,7 @@
|
||||
* - Port to new NF API
|
||||
*/
|
||||
|
||||
+#include <linux/version.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/netfilter.h>
|
||||
#include <linux/ip.h>
|
||||
@@ -496,7 +497,11 @@ init(void)
|
||||
} else {
|
||||
sprintf(tmpname, "rtsp-%d", i);
|
||||
}
|
||||
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0)
|
||||
+ strncpy(hlpr->name, tmpname, sizeof(hlpr->name));
|
||||
+#else
|
||||
hlpr->name = tmpname;
|
||||
+#endif
|
||||
|
||||
pr_debug("port #%d: %d\n", i, ports[i]);
|
||||
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,89 @@
|
|||
--- a/extensions/LUA/xt_LUA_target.c
|
||||
+++ b/extensions/LUA/xt_LUA_target.c
|
||||
@@ -64,10 +64,10 @@ uint32_t lua_state_refs[LUA_STATE_ARRAY
|
||||
* XT_CONTINUE inside the *register_lua_packet_lib* function.
|
||||
*/
|
||||
|
||||
-spinlock_t lock = SPIN_LOCK_UNLOCKED;
|
||||
+DEFINE_SPINLOCK(lock);
|
||||
|
||||
static uint32_t
|
||||
-lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
|
||||
+lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
|
||||
{
|
||||
uint32_t verdict;
|
||||
lua_packet_segment *p;
|
||||
@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
|
||||
* some workqueue initialization. So far this is done each time this function
|
||||
* is called, subject to change.
|
||||
*/
|
||||
-static bool
|
||||
+static int
|
||||
lua_tg_checkentry(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_lua_tginfo *info = par->targinfo;
|
||||
|
||||
if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
|
||||
lua_state_refs[info->state_id]++;
|
||||
- return true;
|
||||
+ return 0;
|
||||
}
|
||||
- return false;
|
||||
+ return -EINVAL;
|
||||
}
|
||||
|
||||
/*::*
|
||||
--- a/extensions/LUA/lua/llimits.h
|
||||
+++ b/extensions/LUA/lua/llimits.h
|
||||
@@ -8,7 +8,6 @@
|
||||
#define llimits_h
|
||||
|
||||
#include <stddef.h>
|
||||
-#include <limits.h>
|
||||
|
||||
#include "lua.h"
|
||||
|
||||
--- a/extensions/LUA/lua/lapi.c
|
||||
+++ b/extensions/LUA/lua/lapi.c
|
||||
@@ -4,9 +4,6 @@
|
||||
** See Copyright Notice in lua.h
|
||||
*/
|
||||
|
||||
-#include <stdarg.h>
|
||||
-#include <math.h>
|
||||
-#include <assert.h>
|
||||
#include <string.h>
|
||||
|
||||
#define lapi_c
|
||||
--- a/extensions/LUA/lua/ltable.c
|
||||
+++ b/extensions/LUA/lua/ltable.c
|
||||
@@ -18,7 +18,6 @@
|
||||
** Hence even when the load factor reaches 100%, performance remains good.
|
||||
*/
|
||||
|
||||
-#include <math.h>
|
||||
#include <string.h>
|
||||
|
||||
#define ltable_c
|
||||
--- a/extensions/LUA/lua/luaconf.h
|
||||
+++ b/extensions/LUA/lua/luaconf.h
|
||||
@@ -13,6 +13,10 @@
|
||||
#if !defined(__KERNEL__)
|
||||
#include <limits.h>
|
||||
#else
|
||||
+#undef UCHAR_MAX
|
||||
+#undef SHRT_MAX
|
||||
+#undef BUFSIZ
|
||||
+#undef NO_FPU
|
||||
#define UCHAR_MAX 255
|
||||
#define SHRT_MAX 32767
|
||||
#define BUFSIZ 8192
|
||||
@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
|
||||
*/
|
||||
#if defined(__KERNEL__)
|
||||
#undef LUA_USE_ULONGJMP
|
||||
+#define setjmp __builtin_setjmp
|
||||
+#define longjmp __builtin_longjmp
|
||||
#endif
|
||||
|
||||
#if defined(__cplusplus)
|
|
@ -0,0 +1,18 @@
|
|||
--- a/extensions/libxt_geoip.c
|
||||
+++ b/extensions/libxt_geoip.c
|
||||
@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
|
||||
|
||||
/* Use simple integer vector files */
|
||||
if (nfproto == NFPROTO_IPV6) {
|
||||
-#if __BYTE_ORDER == _BIG_ENDIAN
|
||||
+#if BYTE_ORDER == BIG_ENDIAN
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
|
||||
#else
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
|
||||
#endif
|
||||
} else {
|
||||
-#if __BYTE_ORDER == _BIG_ENDIAN
|
||||
+#if BYTE_ORDER == BIG_ENDIAN
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
|
||||
#else
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
Makefile.in | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -11,9 +11,6 @@ FORCE:
|
||||
xtables-addons.8: FORCE
|
||||
${MAKE} -f Makefile.mans all;
|
||||
|
||||
-install-exec-hook:
|
||||
- depmod -a || :;
|
||||
-
|
||||
config.status: Makefile.iptrules.in
|
||||
|
||||
tmpdir := $(shell mktemp -dtu)
|
|
@ -0,0 +1,22 @@
|
|||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -11892,7 +11892,7 @@ regular_CFLAGS="-Wall -Waggregate-return
|
||||
if test -n "$kbuilddir"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel version that we will build against" >&5
|
||||
$as_echo_n "checking kernel version that we will build against... " >&6; }
|
||||
- krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
|
||||
+ krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
|
||||
kmajor="${krel%%[^0-9]*}";
|
||||
kmajor="$(($kmajor+0))";
|
||||
krel="${krel:${#kmajor}}";
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
|
||||
|
||||
if test -n "$kbuilddir"; then
|
||||
AC_MSG_CHECKING([kernel version that we will build against])
|
||||
- krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
|
||||
+ krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
|
||||
kmajor="${krel%%[[^0-9]]*}";
|
||||
kmajor="$(($kmajor+0))";
|
||||
krel="${krel:${#kmajor}}";
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,22 @@
|
|||
--- a/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
+++ b/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
@@ -28,6 +28,7 @@
|
||||
* - Port to new NF API
|
||||
*/
|
||||
|
||||
+#include <linux/version.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/netfilter.h>
|
||||
#include <linux/ip.h>
|
||||
@@ -496,7 +497,11 @@ init(void)
|
||||
} else {
|
||||
sprintf(tmpname, "rtsp-%d", i);
|
||||
}
|
||||
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0)
|
||||
+ strncpy(hlpr->name, tmpname, sizeof(hlpr->name));
|
||||
+#else
|
||||
hlpr->name = tmpname;
|
||||
+#endif
|
||||
|
||||
pr_debug("port #%d: %d\n", i, ports[i]);
|
||||
|
|
@ -0,0 +1,155 @@
|
|||
--- a/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
+++ b/extensions/rtsp/nf_conntrack_rtsp.c
|
||||
@@ -73,7 +73,7 @@ static DEFINE_SPINLOCK(rtsp_buffer_lock)
|
||||
static struct nf_conntrack_expect_policy rtsp_exp_policy;
|
||||
|
||||
unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
|
||||
- enum ip_conntrack_info ctinfo,
|
||||
+ enum ip_conntrack_info ctinfo, unsigned int protoff,
|
||||
unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp,
|
||||
struct nf_conntrack_expect *exp);
|
||||
void (*nf_nat_rtsp_hook_expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
|
||||
@@ -269,7 +269,7 @@ void expected(struct nf_conn *ct, struct
|
||||
|
||||
static inline int
|
||||
help_out(struct sk_buff *skb, unsigned char *rb_ptr, unsigned int datalen,
|
||||
- struct nf_conn *ct, enum ip_conntrack_info ctinfo)
|
||||
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int protoff)
|
||||
{
|
||||
struct ip_ct_rtsp_expect expinfo;
|
||||
|
||||
@@ -353,7 +353,7 @@ help_out(struct sk_buff *skb, unsigned c
|
||||
nf_nat_rtsp = rcu_dereference(nf_nat_rtsp_hook);
|
||||
if (nf_nat_rtsp && ct->status & IPS_NAT_MASK)
|
||||
/* pass the request off to the nat helper */
|
||||
- ret = nf_nat_rtsp(skb, ctinfo, hdrsoff, hdrslen, &expinfo, exp);
|
||||
+ ret = nf_nat_rtsp(skb, ctinfo, protoff, hdrsoff, hdrslen, &expinfo, exp);
|
||||
else if (nf_ct_expect_related(exp) != 0) {
|
||||
pr_info("nf_conntrack_expect_related failed\n");
|
||||
ret = NF_DROP;
|
||||
@@ -420,7 +420,7 @@ static int help(struct sk_buff *skb, uns
|
||||
|
||||
switch (CTINFO2DIR(ctinfo)) {
|
||||
case IP_CT_DIR_ORIGINAL:
|
||||
- ret = help_out(skb, rb_ptr, datalen, ct, ctinfo);
|
||||
+ ret = help_out(skb, rb_ptr, datalen, ct, ctinfo, protoff);
|
||||
break;
|
||||
case IP_CT_DIR_REPLY:
|
||||
pr_debug("IP_CT_DIR_REPLY\n");
|
||||
--- a/extensions/rtsp/nf_conntrack_rtsp.h
|
||||
+++ b/extensions/rtsp/nf_conntrack_rtsp.h
|
||||
@@ -50,6 +50,7 @@ struct ip_ct_rtsp_expect
|
||||
|
||||
extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
|
||||
enum ip_conntrack_info ctinfo,
|
||||
+ unsigned int protoff,
|
||||
unsigned int matchoff, unsigned int matchlen,
|
||||
struct ip_ct_rtsp_expect *prtspexp,
|
||||
struct nf_conntrack_expect *exp);
|
||||
--- a/extensions/rtsp/nf_nat_rtsp.c
|
||||
+++ b/extensions/rtsp/nf_nat_rtsp.c
|
||||
@@ -32,10 +32,10 @@
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <net/tcp.h>
|
||||
+#include <net/netfilter/nf_conntrack_expect.h>
|
||||
#include <net/netfilter/nf_nat_helper.h>
|
||||
-#include <net/netfilter/nf_nat_rule.h>
|
||||
+#include <net/netfilter/nf_nat.h>
|
||||
#include "nf_conntrack_rtsp.h"
|
||||
-#include <net/netfilter/nf_conntrack_expect.h>
|
||||
|
||||
#include <linux/inet.h>
|
||||
#include <linux/ctype.h>
|
||||
@@ -102,8 +102,8 @@ get_skb_tcpdata(struct sk_buff* skb, cha
|
||||
static int
|
||||
rtsp_mangle_tran(enum ip_conntrack_info ctinfo,
|
||||
struct nf_conntrack_expect* exp,
|
||||
- struct ip_ct_rtsp_expect* prtspexp,
|
||||
- struct sk_buff* skb, uint tranoff, uint tranlen)
|
||||
+ struct ip_ct_rtsp_expect* prtspexp,
|
||||
+ struct sk_buff* skb, uint protoff, uint tranoff, uint tranlen)
|
||||
{
|
||||
char* ptcp;
|
||||
uint tcplen;
|
||||
@@ -256,7 +256,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
|
||||
if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun))
|
||||
{
|
||||
diff = nextfieldoff-off;
|
||||
- if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
|
||||
+ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
|
||||
off, diff, NULL, 0))
|
||||
{
|
||||
/* mangle failed, all we can do is bail */
|
||||
@@ -326,7 +326,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
|
||||
* parameter 4 below is offset from start of tcp data.
|
||||
*/
|
||||
diff = origlen-rbuflen;
|
||||
- if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
|
||||
+ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
|
||||
origoff, origlen, rbuf, rbuflen))
|
||||
{
|
||||
/* mangle failed, all we can do is bail */
|
||||
@@ -351,7 +351,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
|
||||
}
|
||||
|
||||
static uint
|
||||
-help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
|
||||
+help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo, unsigned int protoff,
|
||||
unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
|
||||
struct nf_conntrack_expect* exp)
|
||||
{
|
||||
@@ -389,7 +389,7 @@ help_out(struct sk_buff *skb, enum ip_co
|
||||
{
|
||||
uint oldtcplen = tcplen;
|
||||
pr_debug("hdr: Transport\n");
|
||||
- if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, lineoff, linelen))
|
||||
+ if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, protoff, lineoff, linelen))
|
||||
{
|
||||
pr_debug("hdr: Transport mangle failed");
|
||||
break;
|
||||
@@ -407,7 +407,7 @@ help_out(struct sk_buff *skb, enum ip_co
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
-help(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
|
||||
+help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, unsigned int protoff,
|
||||
unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
|
||||
struct nf_conntrack_expect* exp)
|
||||
{
|
||||
@@ -417,7 +417,7 @@ help(struct sk_buff *skb, enum ip_conntr
|
||||
switch (dir)
|
||||
{
|
||||
case IP_CT_DIR_ORIGINAL:
|
||||
- rc = help_out(skb, ctinfo, matchoff, matchlen, prtspexp, exp);
|
||||
+ rc = help_out(skb, ctinfo, protoff, matchoff, matchlen, prtspexp, exp);
|
||||
break;
|
||||
case IP_CT_DIR_REPLY:
|
||||
pr_debug("unmangle ! %u\n", ctinfo);
|
||||
@@ -432,7 +432,7 @@ help(struct sk_buff *skb, enum ip_conntr
|
||||
|
||||
static void expected(struct nf_conn* ct, struct nf_conntrack_expect *exp)
|
||||
{
|
||||
- struct nf_nat_ipv4_multi_range_compat mr;
|
||||
+ struct nf_nat_range nr;
|
||||
u_int32_t newdstip, newsrcip, newip;
|
||||
|
||||
struct nf_conn *master = ct->master;
|
||||
@@ -446,12 +446,13 @@ static void expected(struct nf_conn* ct,
|
||||
pr_debug("newsrcip=%pI4, newdstip=%pI4, newip=%pI4\n",
|
||||
&newsrcip, &newdstip, &newip);
|
||||
|
||||
- mr.rangesize = 1;
|
||||
+ memset(&nr, 0, sizeof(nr));
|
||||
+
|
||||
// We don't want to manip the per-protocol, just the IPs.
|
||||
- mr.range[0].flags = NF_NAT_RANGE_MAP_IPS;
|
||||
- mr.range[0].min_ip = mr.range[0].max_ip = newip;
|
||||
+ nr.flags = NF_NAT_RANGE_MAP_IPS;
|
||||
+ nr.min_addr.ip = nr.max_addr.ip = newip;
|
||||
|
||||
- nf_nat_setup_info(ct, &mr.range[0], NF_NAT_MANIP_DST);
|
||||
+ nf_nat_setup_info(ct, &nr, NF_NAT_MANIP_DST);
|
||||
}
|
||||
|
||||
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,89 @@
|
|||
--- a/extensions/LUA/xt_LUA_target.c
|
||||
+++ b/extensions/LUA/xt_LUA_target.c
|
||||
@@ -64,10 +64,10 @@ uint32_t lua_state_refs[LUA_STATE_ARRAY
|
||||
* XT_CONTINUE inside the *register_lua_packet_lib* function.
|
||||
*/
|
||||
|
||||
-spinlock_t lock = SPIN_LOCK_UNLOCKED;
|
||||
+DEFINE_SPINLOCK(lock);
|
||||
|
||||
static uint32_t
|
||||
-lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
|
||||
+lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
|
||||
{
|
||||
uint32_t verdict;
|
||||
lua_packet_segment *p;
|
||||
@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
|
||||
* some workqueue initialization. So far this is done each time this function
|
||||
* is called, subject to change.
|
||||
*/
|
||||
-static bool
|
||||
+static int
|
||||
lua_tg_checkentry(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_lua_tginfo *info = par->targinfo;
|
||||
|
||||
if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
|
||||
lua_state_refs[info->state_id]++;
|
||||
- return true;
|
||||
+ return 0;
|
||||
}
|
||||
- return false;
|
||||
+ return -EINVAL;
|
||||
}
|
||||
|
||||
/*::*
|
||||
--- a/extensions/LUA/lua/llimits.h
|
||||
+++ b/extensions/LUA/lua/llimits.h
|
||||
@@ -8,7 +8,6 @@
|
||||
#define llimits_h
|
||||
|
||||
#include <stddef.h>
|
||||
-#include <limits.h>
|
||||
|
||||
#include "lua.h"
|
||||
|
||||
--- a/extensions/LUA/lua/lapi.c
|
||||
+++ b/extensions/LUA/lua/lapi.c
|
||||
@@ -4,9 +4,6 @@
|
||||
** See Copyright Notice in lua.h
|
||||
*/
|
||||
|
||||
-#include <stdarg.h>
|
||||
-#include <math.h>
|
||||
-#include <assert.h>
|
||||
#include <string.h>
|
||||
|
||||
#define lapi_c
|
||||
--- a/extensions/LUA/lua/ltable.c
|
||||
+++ b/extensions/LUA/lua/ltable.c
|
||||
@@ -18,7 +18,6 @@
|
||||
** Hence even when the load factor reaches 100%, performance remains good.
|
||||
*/
|
||||
|
||||
-#include <math.h>
|
||||
#include <string.h>
|
||||
|
||||
#define ltable_c
|
||||
--- a/extensions/LUA/lua/luaconf.h
|
||||
+++ b/extensions/LUA/lua/luaconf.h
|
||||
@@ -13,6 +13,10 @@
|
||||
#if !defined(__KERNEL__)
|
||||
#include <limits.h>
|
||||
#else
|
||||
+#undef UCHAR_MAX
|
||||
+#undef SHRT_MAX
|
||||
+#undef BUFSIZ
|
||||
+#undef NO_FPU
|
||||
#define UCHAR_MAX 255
|
||||
#define SHRT_MAX 32767
|
||||
#define BUFSIZ 8192
|
||||
@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
|
||||
*/
|
||||
#if defined(__KERNEL__)
|
||||
#undef LUA_USE_ULONGJMP
|
||||
+#define setjmp __builtin_setjmp
|
||||
+#define longjmp __builtin_longjmp
|
||||
#endif
|
||||
|
||||
#if defined(__cplusplus)
|
|
@ -0,0 +1,18 @@
|
|||
--- a/extensions/libxt_geoip.c
|
||||
+++ b/extensions/libxt_geoip.c
|
||||
@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
|
||||
|
||||
/* Use simple integer vector files */
|
||||
if (nfproto == NFPROTO_IPV6) {
|
||||
-#if __BYTE_ORDER == _BIG_ENDIAN
|
||||
+#if BYTE_ORDER == BIG_ENDIAN
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
|
||||
#else
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
|
||||
#endif
|
||||
} else {
|
||||
-#if __BYTE_ORDER == _BIG_ENDIAN
|
||||
+#if BYTE_ORDER == BIG_ENDIAN
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
|
||||
#else
|
||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);
|
|
@ -0,0 +1,83 @@
|
|||
--- a/extensions/xt_DNETMAP.c
|
||||
+++ b/extensions/xt_DNETMAP.c
|
||||
@@ -21,6 +21,7 @@
|
||||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
||||
#include <linux/inet.h>
|
||||
#include <linux/ip.h>
|
||||
+#include <linux/version.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/netdevice.h>
|
||||
#include <linux/netfilter.h>
|
||||
@@ -328,8 +329,8 @@ static int dnetmap_tg_check(const struct
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
- pde_data->uid = proc_uid;
|
||||
- pde_data->gid = proc_gid;
|
||||
+ pde_data->uid = XT_UID(proc_uid);
|
||||
+ pde_data->gid = XT_GID(proc_gid);
|
||||
|
||||
/* statistics */
|
||||
pde_stat = create_proc_entry(p->proc_str_stat, proc_perms,
|
||||
@@ -341,8 +342,8 @@ static int dnetmap_tg_check(const struct
|
||||
}
|
||||
pde_stat->data = p;
|
||||
pde_stat->read_proc = dnetmap_stat_proc_read;
|
||||
- pde_stat->uid = proc_uid;
|
||||
- pde_stat->gid = proc_gid;
|
||||
+ pde_stat->uid = XT_UID(proc_uid);
|
||||
+ pde_stat->gid = XT_GID(proc_gid);
|
||||
#endif
|
||||
|
||||
spin_lock_bh(&dnetmap_lock);
|
||||
--- a/extensions/xt_condition.c
|
||||
+++ b/extensions/xt_condition.c
|
||||
@@ -14,6 +14,7 @@
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/list.h>
|
||||
+#include <linux/version.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/proc_fs.h>
|
||||
#include <linux/spinlock.h>
|
||||
@@ -155,8 +156,8 @@ static int condition_mt_check(const stru
|
||||
var->status_proc->read_proc = condition_proc_read;
|
||||
var->status_proc->write_proc = condition_proc_write;
|
||||
list_add(&var->list, &conditions_list);
|
||||
- var->status_proc->uid = condition_uid_perms;
|
||||
- var->status_proc->gid = condition_gid_perms;
|
||||
+ var->status_proc->uid = XT_UID(condition_uid_perms);
|
||||
+ var->status_proc->gid = XT_GID(condition_gid_perms);
|
||||
mutex_unlock(&proc_lock);
|
||||
info->condvar = var;
|
||||
return 0;
|
||||
--- a/extensions/compat_xtables.h
|
||||
+++ b/extensions/compat_xtables.h
|
||||
@@ -12,6 +12,14 @@
|
||||
# warning Kernels below 3.7 not supported.
|
||||
#endif
|
||||
|
||||
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)
|
||||
+# define XT_UID(x) make_kuid(current_user_ns(), x)
|
||||
+# define XT_GID(x) make_kgid(current_user_ns(), x)
|
||||
+#else
|
||||
+# define XT_UID(x) (x)
|
||||
+# define XT_GID(x) (x)
|
||||
+#endif
|
||||
+
|
||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||
# if !defined(CONFIG_NF_CONNTRACK_MARK)
|
||||
# warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK is not (please enable).
|
||||
--- a/extensions/xt_quota2.c
|
||||
+++ b/extensions/xt_quota2.c
|
||||
@@ -131,8 +131,8 @@ q2_get_counter(const struct xt_quota_mti
|
||||
p->data = e;
|
||||
p->read_proc = quota_proc_read;
|
||||
p->write_proc = quota_proc_write;
|
||||
- p->uid = quota_list_uid;
|
||||
- p->gid = quota_list_gid;
|
||||
+ p->uid = XT_UID(quota_list_uid);
|
||||
+ p->gid = XT_GID(quota_list_gid);
|
||||
list_add_tail(&e->list, &counter_list);
|
||||
spin_unlock_bh(&counter_list_lock);
|
||||
return e;
|
Loading…
Reference in a new issue