Fix iptables abuse of kernel header files. Use exported headers instead.
[juhosg: export xt_layer7.h for all kernel versions] Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> SVN-Revision: 31566
This commit is contained in:
parent
60db046ef2
commit
3349cf2691
10 changed files with 85 additions and 4 deletions
|
@ -106,6 +106,7 @@ define Kernel/Configure/Default
|
|||
$(call Kernel/SetInitramfs)
|
||||
-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
|
||||
rm -rf $(KERNEL_BUILD_DIR)/modules
|
||||
$(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
|
||||
$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
|
||||
endef
|
||||
|
||||
|
|
|
@ -343,26 +343,26 @@ endef
|
|||
|
||||
TARGET_CPPFLAGS := \
|
||||
-I$(PKG_BUILD_DIR)/include \
|
||||
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
|
||||
-I$(LINUX_DIR)/user_headers/include \
|
||||
$(TARGET_CPPFLAGS)
|
||||
|
||||
TARGET_CFLAGS += \
|
||||
-I$(PKG_BUILD_DIR)/include \
|
||||
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
|
||||
-I$(LINUX_DIR)/user_headers/include
|
||||
|
||||
CONFIGURE_ARGS += \
|
||||
--enable-shared \
|
||||
--enable-devel \
|
||||
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
|
||||
--enable-libipq \
|
||||
--with-kernel="$(LINUX_DIR)" \
|
||||
--with-kernel="$(LINUX_DIR)/user_headers" \
|
||||
--with-xtlibdir=/usr/lib/iptables \
|
||||
--enable-static
|
||||
|
||||
MAKE_FLAGS := \
|
||||
$(TARGET_CONFIGURE_OPTS) \
|
||||
COPT_FLAGS="$(TARGET_CFLAGS)" \
|
||||
KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
|
||||
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
|
||||
KBUILD_OUTPUT="$(LINUX_DIR)" \
|
||||
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
|
||||
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+
|
||||
+module_init(xt_layer7_init);
|
||||
+module_exit(xt_layer7_fini);
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
|
@ -2130,3 +2130,13 @@
|
|||
+};
|
||||
+
|
||||
+#endif /* _XT_LAYER7_H */
|
||||
--- a/include/linux/netfilter/Kbuild
|
||||
+++ b/include/linux/netfilter/Kbuild
|
||||
@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
header-y += xt_iprange.h
|
||||
header-y += xt_ipvs.h
|
||||
+header-y += xt_layer7.h
|
||||
header-y += xt_length.h
|
||||
header-y += xt_limit.h
|
||||
header-y += xt_mac.h
|
||||
|
|
Loading…
Reference in a new issue