remove ipset support from core, it is now provided by xtables-addons from the packages feed

SVN-Revision: 17844
This commit is contained in:
Nicolas Thill 2009-10-03 23:51:10 +00:00
parent c9b0c63f07
commit 0e43e71159
21 changed files with 24 additions and 44593 deletions

View file

@ -1,48 +0,0 @@
#
# Copyright (C) 2007 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ipset
PKG_VERSION:=3.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://ipset.netfilter.org
PKG_MD5SUM:=0fd83af3efae5f72f5e5b55d07582941
include $(INCLUDE_DIR)/package.mk
define Package/ipset
SECTION:=net
CATEGORY:=Network
DEPENDS:=@!TARGET_etrax @LINUX_2_6
TITLE:=Netfilter ip sets administration utility
URL:=http://ipset.netfilter.org/
endef
define Build/Compile
$(call Build/Compile/Default, \
COPT_FLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="-rdynamic -static-libgcc" \
KERNEL_DIR="$(LINUX_DIR)" \
PREFIX="/usr" \
DESTDIR="$(PKG_INSTALL_DIR)" \
binaries \
)
endef
define Package/ipset/install
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(1)" \
PREFIX="/usr" \
binaries_install
rm -rf $(1)/usr/man
endef
$(eval $(call BuildPackage,ipset))

View file

@ -207,11 +207,6 @@ define Package/iptables-mod-extra/description
- libipt_NOTRACK
endef
define Package/iptables-mod-ipset
$(call Package/iptables/Module, +kmod-ipt-ipset)
TITLE:=IPset extension
endef
define Package/iptables-utils
$(call Package/iptables/Module, )
TITLE:=iptables save and restore utilities
@ -365,7 +360,6 @@ $(eval $(call BuildPackage,iptables-utils))
$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-ipset,$(IPT_IPSET-m)))
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
$(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))

View file

@ -300,37 +300,6 @@ endef
$(eval $(call KernelPackage,ipt-iprange))
define KernelPackage/ipt-ipset
SUBMENU:=$(NF_MENU)
TITLE:=IPSET Modules
KCONFIG:=$(KCONFIG_IPT_IPSET)
FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSET-m)))
DEPENDS:= kmod-ipt-core
endef
define KernelPackage/ipt-ipset/description
Netfilter kernel modules for ipset
Includes:
- ip_set
- ip_set_iphash
- ip_set_ipmap
- ip_set_ipporthash
- ip_set_ipportiphash
- ip_set_ipportnethash
- ip_set_iptree
- ip_set_iptreemap
- ip_set_macipmap
- ip_set_nethash
- ip_set_portmap
- ip_set_setlist
- ipt_set
- ipt_SET
endef
$(eval $(call KernelPackage,ipt-ipset))
define KernelPackage/ipt-extra
SUBMENU:=$(NF_MENU)
TITLE:=Extra modules

File diff suppressed because it is too large Load diff

View file

@ -21,7 +21,7 @@
+#endif /*_IPT_STRING_H*/
--- a/net/ipv4/netfilter/Config.in
+++ b/net/ipv4/netfilter/Config.in
@@ -61,6 +61,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -47,6 +47,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
fi
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES
@ -133,7 +133,7 @@
+module_exit(fini);
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -99,6 +99,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s
@@ -87,6 +87,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s
obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o
obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o

View file

@ -11,7 +11,7 @@
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -97,6 +97,7 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_
@@ -85,6 +85,7 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o
obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o

View file

@ -15,7 +15,7 @@
conntrack match support
CONFIG_IP_NF_MATCH_CONNTRACK
This is a general conntrack match module, a superset of the state match.
@@ -3365,6 +3373,14 @@ CONFIG_IP6_NF_MATCH_MARK
@@ -3296,6 +3304,14 @@ CONFIG_IP6_NF_MATCH_MARK
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
@ -60,7 +60,7 @@
+#endif
--- a/net/ipv4/netfilter/Config.in
+++ b/net/ipv4/netfilter/Config.in
@@ -41,6 +41,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -27,6 +27,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
@ -70,7 +70,7 @@
dep_tristate ' peer to peer traffic match support' CONFIG_IP_NF_MATCH_IPP2P $CONFIG_IP_NF_IPTABLES
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -85,6 +85,7 @@ obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt
@@ -73,6 +73,7 @@ obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt
obj-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport.o
obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o

View file

@ -36,9 +36,9 @@
# The simple matches.
dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
+ dep_tristate ' quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
if [ "$CONFIG_IP_NF_SET" != "n" ]; then
dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -65,6 +65,7 @@ obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
@ -47,8 +47,8 @@
obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o
+obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o
obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o
obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_quota.c
@@ -0,0 +1,88 @@

View file

@ -8,7 +8,7 @@
fi
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
@@ -94,6 +95,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -80,6 +81,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
define_tristate CONFIG_IP_NF_NAT_AMANDA $CONFIG_IP_NF_NAT
fi
fi

View file

@ -8,7 +8,7 @@
fi
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
@@ -102,6 +103,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -88,6 +89,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT
fi
fi

View file

@ -8,7 +8,7 @@
fi
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
@@ -110,6 +111,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -96,6 +97,13 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
define_tristate CONFIG_IP_NF_NAT_RTSP $CONFIG_IP_NF_NAT
fi
fi

View file

@ -23,7 +23,7 @@
MARK target support
CONFIG_IP_NF_TARGET_MARK
This option adds a `MARK' target, which allows you to create rules
@@ -9931,6 +9947,20 @@ CONFIG_BONDING
@@ -9862,6 +9878,20 @@ CONFIG_BONDING
say M here and read <file:Documentation/modules.txt>. The module
will be called bonding.o.
@ -505,7 +505,7 @@
/**
--- a/net/ipv4/netfilter/Config.in
+++ b/net/ipv4/netfilter/Config.in
@@ -155,6 +155,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -141,6 +141,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
dep_tristate ' DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE
dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
@ -515,7 +515,7 @@
if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -130,6 +130,7 @@ obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TO
@@ -118,6 +118,7 @@ obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TO
obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o

View file

@ -49,8 +49,8 @@
dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
+ dep_tristate ' IP range match support' CONFIG_IP_NF_MATCH_IPRANGE $CONFIG_IP_NF_IPTABLES
dep_tristate ' quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_iprange.c
@@ -0,0 +1,101 @@
@ -164,4 +164,4 @@
+obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o
obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o

View file

@ -24,7 +24,7 @@
TCPMSS match support
CONFIG_IP_NF_MATCH_TCPMSS
This option adds a `tcpmss' match, which allows you to examine the
@@ -3387,6 +3397,14 @@ CONFIG_IP6_NF_MATCH_MAC
@@ -3318,6 +3328,14 @@ CONFIG_IP6_NF_MATCH_MAC
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
@ -69,7 +69,7 @@
+#endif /*_IP6T_RAND_H*/
--- a/net/ipv4/netfilter/Config.in
+++ b/net/ipv4/netfilter/Config.in
@@ -46,6 +46,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
@@ -32,6 +32,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
@ -178,7 +178,7 @@
+module_exit(fini);
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -105,6 +105,8 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_o
@@ -93,6 +93,8 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_o
obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
obj-$(CONFIG_IP_NF_MATCH_CONDITION) += ipt_condition.o

View file

@ -1,6 +1,6 @@
--- a/Documentation/Configure.help
+++ b/Documentation/Configure.help
@@ -11165,6 +11165,24 @@ CONFIG_NET_SCH_HFSC
@@ -11096,6 +11096,24 @@ CONFIG_NET_SCH_HFSC
whenever you want). If you want to compile it as a module, say M
here and read <file:Documentation/modules.txt>.

View file

@ -1,37 +0,0 @@
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_set_ipporthash.h
@@ -0,0 +1,34 @@
+#ifndef __IP_SET_IPPORTHASH_H
+#define __IP_SET_IPPORTHASH_H
+
+#include <linux/netfilter_ipv4/ip_set.h>
+
+#define SETTYPE_NAME "ipporthash"
+#define MAX_RANGE 0x0000FFFF
+#define INVALID_PORT (MAX_RANGE + 1)
+
+struct ip_set_ipporthash {
+ ip_set_ip_t *members; /* the ipporthash proper */
+ uint32_t elements; /* number of elements */
+ uint32_t hashsize; /* hash size */
+ uint16_t probes; /* max number of probes */
+ uint16_t resize; /* resize factor in percent */
+ ip_set_ip_t first_ip; /* host byte order, included in range */
+ ip_set_ip_t last_ip; /* host byte order, included in range */
+ void *initval[0]; /* initvals for jhash_1word */
+};
+
+struct ip_set_req_ipporthash_create {
+ uint32_t hashsize;
+ uint16_t probes;
+ uint16_t resize;
+ ip_set_ip_t from;
+ ip_set_ip_t to;
+};
+
+struct ip_set_req_ipporthash {
+ ip_set_ip_t ip;
+ ip_set_ip_t port;
+};
+
+#endif /* __IP_SET_IPPORTHASH_H */