Fix iptables abuse of kernel header files. Use exported headers instead.

[juhosg: export xt_layer7.h for all kernel versions]

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

SVN-Revision: 31566
This commit is contained in:
Gabor Juhos 2012-05-03 09:43:10 +00:00
parent 60db046ef2
commit 3349cf2691
10 changed files with 85 additions and 4 deletions

View file

@ -106,6 +106,7 @@ define Kernel/Configure/Default
$(call Kernel/SetInitramfs)
-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
rm -rf $(KERNEL_BUILD_DIR)/modules
$(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
endef

View file

@ -343,26 +343,26 @@ endef
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
-I$(LINUX_DIR)/user_headers/include \
$(TARGET_CPPFLAGS)
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
-I$(LINUX_DIR)/user_headers/include
CONFIGURE_ARGS += \
--enable-shared \
--enable-devel \
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
--enable-libipq \
--with-kernel="$(LINUX_DIR)" \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
--enable-static
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
COPT_FLAGS="$(TARGET_CFLAGS)" \
KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"

View file

@ -2130,3 +2130,13 @@
+
+module_init(xt_layer7_init);
+module_exit(xt_layer7_fini);
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h

View file

@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h