iptables: bump to 1.6.1

Switch to git repo
Removed musl patch
Refreshed existing patch

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
This commit is contained in:
Ansuel Smith 2017-03-22 16:02:09 +01:00 committed by Felix Fietkau
parent efb22b6f06
commit 98e43b13a7
9 changed files with 103 additions and 304 deletions

View file

@ -9,17 +9,16 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables PKG_NAME:=iptables
PKG_VERSION:=1.4.21 PKG_VERSION:=1.6.1
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \ PKG_SOURCE_URL:=https://git.netfilter.org/iptables
ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487
ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \ PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14
ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
PKG_HASH:=52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_INSTALL:=1 PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0
@ -51,6 +50,20 @@ $(call Package/iptables/Default)
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
endef endef
define Package/iptables/config
config IPTABLES_CONNLABEL
bool "Enable Connlabel support"
default n
help
This enable connlabel support in iptables.
config IPTABLES_NFTABLES
bool "Enable Nftables support"
default n
help
This enable nftables support in iptables.
endef
define Package/iptables/description define Package/iptables/description
IP firewall administration tool. IP firewall administration tool.
@ -413,6 +426,9 @@ define Package/libxtables
SECTION:=libs SECTION:=libs
CATEGORY:=Libraries CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library TITLE:=IPv4/IPv6 firewall - shared xtables library
DEPENDS:= \
+IPTABLES_CONNLABEL:libnetfilter-conntrack \
+IPTABLES_NFTABLES:libnfnetlink
endef endef
TARGET_CPPFLAGS := \ TARGET_CPPFLAGS := \
@ -431,10 +447,12 @@ TARGET_LDFLAGS += \
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--enable-shared \ --enable-shared \
--enable-static \
--enable-devel \ --enable-devel \
--with-kernel="$(LINUX_DIR)/user_headers" \ --with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \ --with-xtlibdir=/usr/lib/iptables \
--enable-static \ $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
$(if $(CONFIG_IPV6),,--disable-ipv6) $(if $(CONFIG_IPV6),,--disable-ipv6)
MAKE_FLAGS := \ MAKE_FLAGS := \

View file

@ -1,6 +1,6 @@
--- a/libxtables/xtables.c --- a/libxtables/xtables.c
+++ b/libxtables/xtables.c +++ b/libxtables/xtables.c
@@ -336,6 +336,7 @@ static char *get_modprobe(void) @@ -355,6 +355,7 @@ static char *get_modprobe(void)
int xtables_insmod(const char *modname, const char *modprobe, bool quiet) int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
{ {
@ -8,7 +8,7 @@
char *buf = NULL; char *buf = NULL;
char *argv[4]; char *argv[4];
int status; int status;
@@ -380,6 +381,7 @@ int xtables_insmod(const char *modname, @@ -395,6 +396,7 @@ int xtables_insmod(const char *modname,
free(buf); free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0; return 0;

View file

@ -1,94 +0,0 @@
--- a/configure
+++ b/configure
@@ -12367,77 +12367,7 @@ fi
fi
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnfnetlink" >&5
-$as_echo_n "checking for libnfnetlink... " >&6; }
-
-if test -n "$libnfnetlink_CFLAGS"; then
- pkg_cv_libnfnetlink_CFLAGS="$libnfnetlink_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_libnfnetlink_CFLAGS=`$PKG_CONFIG --cflags "libnfnetlink >= 1.0" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$libnfnetlink_LIBS"; then
- pkg_cv_libnfnetlink_LIBS="$libnfnetlink_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_libnfnetlink_LIBS=`$PKG_CONFIG --libs "libnfnetlink >= 1.0" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
- else
- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$libnfnetlink_PKG_ERRORS" >&5
-
- nfnetlink=0
-elif test $pkg_failed = untried; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- nfnetlink=0
-else
- libnfnetlink_CFLAGS=$pkg_cv_libnfnetlink_CFLAGS
- libnfnetlink_LIBS=$pkg_cv_libnfnetlink_LIBS
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- nfnetlink=1
-fi
- if test "$nfnetlink" = 1; then
+if false; then
HAVE_LIBNFNETLINK_TRUE=
HAVE_LIBNFNETLINK_FALSE='#'
else
--- a/configure.ac
+++ b/configure.ac
@@ -111,9 +111,7 @@ if test "x$enable_bpfc" = "xyes" || test
AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
fi
-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
- [nfnetlink=1], [nfnetlink=0])
-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [false])
regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \

View file

@ -1,6 +1,6 @@
--- a/iptables/xtables-multi.c --- a/iptables/xtables-multi.c
+++ b/iptables/xtables-multi.c +++ b/iptables/xtables-multi.c
@@ -22,8 +22,10 @@ static const struct subcommand multi_sub @@ -26,8 +26,10 @@ static const struct subcommand multi_sub
{"iptables-restore", iptables_restore_main}, {"iptables-restore", iptables_restore_main},
{"restore4", iptables_restore_main}, {"restore4", iptables_restore_main},
#endif #endif

View file

@ -1,8 +0,0 @@
--- a/iptables/iptables-apply
+++ b/iptables/iptables-apply
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# iptables-apply -- a safer way to update iptables remotely
#

View file

@ -1,58 +1,75 @@
--- a/extensions/GNUmakefile.in --- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in
@@ -45,9 +45,24 @@ pfx_symlinks := NOTRACK state @@ -50,11 +50,31 @@ pfb_build_mod := $(filter-out @blacklist
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) pfa_build_mod := $(filter-out @blacklist_modules@ @blacklist_a_modules@,${pfa_build_mod})
pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) pf4_build_mod := $(filter-out @blacklist_modules@ @blacklist_4_modules@,${pf4_build_mod})
pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) pf6_build_mod := $(filter-out @blacklist_modules@ @blacklist_6_modules@,${pf6_build_mod})
-pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) -pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
-pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod})
-pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_mod})
-pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) -pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
-pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) -pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
+
+ifdef BUILTIN_MODULES +ifdef BUILTIN_MODULES
+pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod}) +pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod})
+pfb_build_static := $(filter $(BUILTIN_MODULES),${pfb_build_mod})
+pfa_build_static := $(filter $(BUILTIN_MODULES),${pfa_build_mod})
+pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod}) +pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod})
+pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod}) +pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod})
+else +else
+@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod) +@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod)
+@ENABLE_STATIC_TRUE@ pfb_build_static := $(pfb_build_mod)
+@ENABLE_STATIC_TRUE@ pfa_build_static := $(pfa_build_mod)
+@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod) +@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod)
+@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod) +@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod)
+endif +endif
+ +
+pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod)) +pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod))
+pfb_build_mod := $(filter-out $(pfb_build_static),$(pfb_build_mod))
+pfa_build_mod := $(filter-out $(pfa_build_static),$(pfa_build_mod))
+pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod)) +pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod))
+pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod)) +pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod))
+ +
+pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static}) +pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static})
+pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_static})
+pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_static})
+pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static}) +pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static})
+pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static}) +pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static})
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks}) pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) pfb_solibs := $(patsubst %,libebt_%.so,${pfb_build_mod})
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) pfa_solibs := $(patsubst %,libarpt_%.so,${pfa_build_mod})
@@ -58,11 +73,11 @@ pf6_solibs := $(patsubst %,libip6t_%. @@ -67,13 +87,13 @@ pf6_solibs := $(patsubst %,libip6t_%.
# #
targets := libext.a libext4.a libext6.a matches.man targets.man targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man
targets_install := targets_install :=
-@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs} -@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
-@ENABLE_STATIC_TRUE@ libext_ebt_objs := ${pfb_objs}
-@ENABLE_STATIC_TRUE@ libext_arpt_objs := ${pfa_objs}
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs} -@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs} -@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} -@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} -@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
+libext_objs := ${pfx_objs} +libext_objs := ${pfx_objs}
+libext_ebt_objs := ${pfb_objs}
+libext_arpt_objs := ${pfa_objs}
+libext4_objs := ${pf4_objs} +libext4_objs := ${pf4_objs}
+libext6_objs := ${pf6_objs} +libext6_objs := ${pf6_objs}
+targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} +targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
+targets_install := $(strip ${targets_install} ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}) +targets_install := $(strip ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs})
.SECONDARY: .SECONDARY:
@@ -126,9 +141,9 @@ libext4.a: initext4.o ${libext4_objs} @@ -141,11 +161,11 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs} libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^; ${AM_VERBOSE_AR} ${AR} crs $@ $^;
-initext_func := $(addprefix xt_,${pfx_build_mod}) -initext_func := $(addprefix xt_,${pfx_build_mod})
-initextb_func := $(addprefix ebt_,${pfb_build_mod})
-initexta_func := $(addprefix arpt_,${pfa_build_mod})
-initext4_func := $(addprefix ipt_,${pf4_build_mod}) -initext4_func := $(addprefix ipt_,${pf4_build_mod})
-initext6_func := $(addprefix ip6t_,${pf6_build_mod}) -initext6_func := $(addprefix ip6t_,${pf6_build_mod})
+initext_func := $(addprefix xt_,${pfx_build_static}) +initext_func := $(addprefix xt_,${pfx_build_static})
+initextb_func := $(addprefix ebt_,${pfb_build_static})
+initexta_func := $(addprefix arpt_,${pfa_build_static})
+initext4_func := $(addprefix ipt_,${pf4_build_static}) +initext4_func := $(addprefix ipt_,${pf4_build_static})
+initext6_func := $(addprefix ip6t_,${pf6_build_static}) +initext6_func := $(addprefix ip6t_,${pf6_build_static})

View file

@ -1,127 +0,0 @@
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -10,6 +10,9 @@ on whether they contain certain headers
#include <netdb.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_ipv6header.h>
+#ifndef IPPROTO_HOPOPTS
+# define IPPROTO_HOPOPTS 0
+#endif
enum {
O_HEADER = 0,
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -12,6 +12,21 @@
#ifndef TCPOPT_MD5SIG
# define TCPOPT_MD5SIG 19
#endif
+#ifndef TCPOPT_MAXSEG
+# define TCPOPT_MAXSEG 2
+#endif
+#ifndef TCPOPT_WINDOW
+# define TCPOPT_WINDOW 3
+#endif
+#ifndef TCPOPT_SACK_PERMITTED
+# define TCPOPT_SACK_PERMITTED 4
+#endif
+#ifndef TCPOPT_SACK
+# define TCPOPT_SACK 5
+#endif
+#ifndef TCPOPT_TIMESTAMP
+# define TCPOPT_TIMESTAMP 8
+#endif
enum {
O_STRIP_OPTION = 0,
--- a/include/libiptc/ipt_kernel_headers.h
+++ b/include/libiptc/ipt_kernel_headers.h
@@ -5,7 +5,6 @@
#include <limits.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/ip_icmp.h>
@@ -13,15 +12,4 @@
#include <netinet/udp.h>
#include <net/if.h>
#include <sys/types.h>
-#else /* libc5 */
-#include <sys/socket.h>
-#include <linux/ip.h>
-#include <linux/in.h>
-#include <linux/if.h>
-#include <linux/icmp.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/types.h>
-#include <linux/in6.h>
-#endif
#endif
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -16,6 +16,7 @@
#define _IPTABLES_H
#include <linux/types.h>
+#include <sys/types.h>
#include <linux/netfilter_ipv4.h>
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -9,7 +9,7 @@
*/
#include <getopt.h>
-#include <sys/errno.h>
+#include <errno.h>
#include <stdbool.h>
#include <string.h>
#include <stdio.h>
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -6,7 +6,7 @@
* This code is distributed under the terms of GNU GPL v2
*/
#include <getopt.h>
-#include <sys/errno.h>
+#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -6,7 +6,7 @@
*/
#include <getopt.h>
-#include <sys/errno.h>
+#include <errno.h>
#include <stdbool.h>
#include <string.h>
#include <stdio.h>
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -6,7 +6,7 @@
*
*/
#include <getopt.h>
-#include <sys/errno.h>
+#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -7,7 +7,7 @@
*/
#include <getopt.h>
-#include <sys/errno.h>
+#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>

View file

@ -1,17 +1,15 @@
Index: iptables-1.4.21/extensions/GNUmakefile.in --- a/extensions/GNUmakefile.in
=================================================================== +++ b/extensions/GNUmakefile.in
--- iptables-1.4.21.orig/extensions/GNUmakefile.in @@ -85,7 +85,7 @@ pf6_solibs := $(patsubst %,libip6t_%.
+++ iptables-1.4.21/extensions/GNUmakefile.in
@@ -71,7 +71,7 @@ pf6_solibs := $(patsubst %,libip6t_%.
# #
# Building blocks # Building blocks
# #
-targets := libext.a libext4.a libext6.a matches.man targets.man -targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man
+targets := libiptext.so libiptext4.so libiptext6.so matches.man targets.man +targets := libiptext.so libiptext4.so libiptext6.so libiptext_ebt.so libiptext_arpt.so matches.man targets.man
targets_install := targets_install :=
libext_objs := ${pfx_objs} libext_objs := ${pfx_objs}
libext4_objs := ${pf4_objs} libext_ebt_objs := ${pfb_objs}
@@ -96,7 +96,7 @@ clean: @@ -112,7 +112,7 @@ clean:
distclean: clean distclean: clean
init%.o: init%.c init%.o: init%.c
@ -20,7 +18,7 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
-include .*.d -include .*.d
@@ -130,16 +130,16 @@ xt_statistic_LIBADD = -lm @@ -144,22 +144,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
# handling code in the Makefiles. # handling code in the Makefiles.
# #
lib%.o: ${srcdir}/lib%.c lib%.o: ${srcdir}/lib%.c
@ -32,6 +30,16 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
+libiptext.so: initext.o ${libext_objs} +libiptext.so: initext.o ${libext_objs}
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; + ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
-libext_ebt.a: initextb.o ${libext_ebt_objs}
- ${AM_VERBOSE_AR} ${AR} crs $@ $^;
+libiptext_ebt.so: initextb.o ${libext_ebt__objs}
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
-libext_arpt.a: initexta.o ${libext_arpt_objs}
- ${AM_VERBOSE_AR} ${AR} crs $@ $^;
+libiptext_arpt.so: initexta.o ${libext_arpt__objs}
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
-libext4.a: initext4.o ${libext4_objs} -libext4.a: initext4.o ${libext4_objs}
- ${AM_VERBOSE_AR} ${AR} crs $@ $^; - ${AM_VERBOSE_AR} ${AR} crs $@ $^;
+libiptext4.so: initext4.o ${libext4_objs} +libiptext4.so: initext4.o ${libext4_objs}
@ -43,12 +51,10 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; + ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
initext_func := $(addprefix xt_,${pfx_build_static}) initext_func := $(addprefix xt_,${pfx_build_static})
initext4_func := $(addprefix ipt_,${pf4_build_static}) initextb_func := $(addprefix ebt_,${pfb_build_static})
Index: iptables-1.4.21/iptables/Makefile.am --- a/iptables/Makefile.am
=================================================================== +++ b/iptables/Makefile.am
--- iptables-1.4.21.orig/iptables/Makefile.am @@ -8,7 +8,8 @@ BUILT_SOURCES =
+++ iptables-1.4.21/iptables/Makefile.am
@@ -5,7 +5,8 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -
xtables_multi_SOURCES = xtables-multi.c iptables-xml.c xtables_multi_SOURCES = xtables-multi.c iptables-xml.c
xtables_multi_CFLAGS = ${AM_CFLAGS} xtables_multi_CFLAGS = ${AM_CFLAGS}
@ -58,7 +64,7 @@ Index: iptables-1.4.21/iptables/Makefile.am
if ENABLE_STATIC if ENABLE_STATIC
xtables_multi_CFLAGS += -DALL_INCLUSIVE xtables_multi_CFLAGS += -DALL_INCLUSIVE
endif endif
@@ -13,13 +14,15 @@ if ENABLE_IPV4 @@ -16,13 +17,15 @@ if ENABLE_IPV4
xtables_multi_SOURCES += iptables-save.c iptables-restore.c \ xtables_multi_SOURCES += iptables-save.c iptables-restore.c \
iptables-standalone.c iptables.c iptables-standalone.c iptables.c
xtables_multi_CFLAGS += -DENABLE_IPV4 xtables_multi_CFLAGS += -DENABLE_IPV4

View file

@ -1,8 +1,6 @@
Index: iptables-1.4.21/extensions/libxt_conntrack.c --- a/extensions/libxt_conntrack.c
=================================================================== +++ b/extensions/libxt_conntrack.c
--- iptables-1.4.21.orig/extensions/libxt_conntrack.c @@ -1397,6 +1397,7 @@ static int conntrack3_mt6_xlate(struct x
+++ iptables-1.4.21/extensions/libxt_conntrack.c
@@ -1157,6 +1157,7 @@ static void state_save(const void *ip, c
} }
static struct xtables_match conntrack_mt_reg[] = { static struct xtables_match conntrack_mt_reg[] = {
@ -10,7 +8,7 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
{ {
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
.name = "conntrack", .name = "conntrack",
@@ -1232,6 +1233,7 @@ static struct xtables_match conntrack_mt @@ -1472,6 +1473,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias, .alias = conntrack_print_name_alias,
.x6_options = conntrack2_mt_opts, .x6_options = conntrack2_mt_opts,
}, },
@ -18,31 +16,24 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
{ {
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
.name = "conntrack", .name = "conntrack",
@@ -1262,6 +1264,7 @@ static struct xtables_match conntrack_mt @@ -1504,6 +1506,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias,
.x6_options = conntrack3_mt_opts, .x6_options = conntrack3_mt_opts,
.xlate = conntrack3_mt6_xlate,
}, },
+#ifndef NO_LEGACY +#ifndef NO_LEGACY
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "state", .name = "state",
@@ -1292,6 +1295,7 @@ static struct xtables_match conntrack_mt @@ -1534,6 +1537,8 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse, .x6_parse = state_ct23_parse,
.x6_options = state_opts, .x6_options = state_opts,
}, },
+#endif +#endif
{
.family = NFPROTO_UNSPEC,
.name = "state",
@@ -1307,6 +1311,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse,
.x6_options = state_opts,
},
+#ifndef NO_LEGACY +#ifndef NO_LEGACY
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "state", .name = "state",
@@ -1320,6 +1325,7 @@ static struct xtables_match conntrack_mt @@ -1563,6 +1568,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_parse, .x6_parse = state_parse,
.x6_options = state_opts, .x6_options = state_opts,
}, },
@ -50,11 +41,9 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
}; };
void _init(void) void _init(void)
Index: iptables-1.4.21/extensions/libxt_CT.c --- a/extensions/libxt_CT.c
=================================================================== +++ b/extensions/libxt_CT.c
--- iptables-1.4.21.orig/extensions/libxt_CT.c @@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x
+++ iptables-1.4.21/extensions/libxt_CT.c
@@ -290,6 +290,7 @@ static void notrack_ct2_tg_init(struct x
} }
static struct xtables_target ct_target_reg[] = { static struct xtables_target ct_target_reg[] = {
@ -62,7 +51,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "CT", .name = "CT",
@@ -315,6 +316,7 @@ static struct xtables_target ct_target_r @@ -374,6 +375,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1, .x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1, .x6_options = ct_opts_v1,
}, },
@ -70,7 +59,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "CT", .name = "CT",
@@ -329,6 +331,7 @@ static struct xtables_target ct_target_r @@ -388,6 +390,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1, .x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1, .x6_options = ct_opts_v1,
}, },
@ -78,7 +67,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "NOTRACK", .name = "NOTRACK",
@@ -366,6 +369,7 @@ static struct xtables_target ct_target_r @@ -425,6 +428,7 @@ static struct xtables_target ct_target_r
.revision = 0, .revision = 0,
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
}, },
@ -86,11 +75,9 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
}; };
void _init(void) void _init(void)
Index: iptables-1.4.21/extensions/libxt_multiport.c --- a/extensions/libxt_multiport.c
=================================================================== +++ b/extensions/libxt_multiport.c
--- iptables-1.4.21.orig/extensions/libxt_multiport.c @@ -571,6 +571,7 @@ static int multiport_xlate6_v1(struct xt
+++ iptables-1.4.21/extensions/libxt_multiport.c
@@ -469,6 +469,7 @@ static void multiport_save6_v1(const voi
} }
static struct xtables_match multiport_mt_reg[] = { static struct xtables_match multiport_mt_reg[] = {
@ -98,9 +85,9 @@ Index: iptables-1.4.21/extensions/libxt_multiport.c
{ {
.family = NFPROTO_IPV4, .family = NFPROTO_IPV4,
.name = "multiport", .name = "multiport",
@@ -497,6 +498,7 @@ static struct xtables_match multiport_mt @@ -601,6 +602,7 @@ static struct xtables_match multiport_mt
.save = multiport_save6,
.x6_options = multiport_opts, .x6_options = multiport_opts,
.xlate = multiport_xlate6,
}, },
+#endif +#endif
{ {