diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-05-26 09:16:50 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-05-26 09:16:50 +0000 |
commit | 1c00b6bc7f6e8cb56aedd1ba86e5d1c49a6538f1 (patch) | |
tree | bcb2d027036eb3ad6e653388b941c2df239a098b /package/network/utils/iptables/patches/700-disable-legacy-revisions.patch | |
parent | ecb14f4a5da62e9ea4b5020e25ccec37da669f59 (diff) | |
download | upstream-1c00b6bc7f6e8cb56aedd1ba86e5d1c49a6538f1.tar.gz upstream-1c00b6bc7f6e8cb56aedd1ba86e5d1c49a6538f1.tar.bz2 upstream-1c00b6bc7f6e8cb56aedd1ba86e5d1c49a6538f1.zip |
iptables: reduce binary size
* drop unused lenient restore patch
* instead of statically linking core extensions, build shared libraries
for reuse in fw3
* strip outdated match revisions and aliases to trim down library size
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45758
Diffstat (limited to 'package/network/utils/iptables/patches/700-disable-legacy-revisions.patch')
-rw-r--r-- | package/network/utils/iptables/patches/700-disable-legacy-revisions.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch new file mode 100644 index 0000000000..342c3b013a --- /dev/null +++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch @@ -0,0 +1,108 @@ +Index: iptables-1.4.21/extensions/libxt_conntrack.c +=================================================================== +--- iptables-1.4.21.orig/extensions/libxt_conntrack.c ++++ iptables-1.4.21/extensions/libxt_conntrack.c +@@ -1157,6 +1157,7 @@ static void state_save(const void *ip, c + } + + static struct xtables_match conntrack_mt_reg[] = { ++#ifndef NO_LEGACY + { + .version = XTABLES_VERSION, + .name = "conntrack", +@@ -1232,6 +1233,7 @@ static struct xtables_match conntrack_mt + .alias = conntrack_print_name_alias, + .x6_options = conntrack2_mt_opts, + }, ++#endif + { + .version = XTABLES_VERSION, + .name = "conntrack", +@@ -1262,6 +1264,7 @@ static struct xtables_match conntrack_mt + .alias = conntrack_print_name_alias, + .x6_options = conntrack3_mt_opts, + }, ++#ifndef NO_LEGACY + { + .family = NFPROTO_UNSPEC, + .name = "state", +@@ -1292,6 +1295,7 @@ static struct xtables_match conntrack_mt + .x6_parse = state_ct23_parse, + .x6_options = state_opts, + }, ++#endif + { + .family = NFPROTO_UNSPEC, + .name = "state", +@@ -1307,6 +1311,7 @@ static struct xtables_match conntrack_mt + .x6_parse = state_ct23_parse, + .x6_options = state_opts, + }, ++#ifndef NO_LEGACY + { + .family = NFPROTO_UNSPEC, + .name = "state", +@@ -1320,6 +1325,7 @@ static struct xtables_match conntrack_mt + .x6_parse = state_parse, + .x6_options = state_opts, + }, ++#endif + }; + + void _init(void) +Index: iptables-1.4.21/extensions/libxt_CT.c +=================================================================== +--- iptables-1.4.21.orig/extensions/libxt_CT.c ++++ iptables-1.4.21/extensions/libxt_CT.c +@@ -290,6 +290,7 @@ static void notrack_ct2_tg_init(struct x + } + + static struct xtables_target ct_target_reg[] = { ++#ifndef NO_LEGACY + { + .family = NFPROTO_UNSPEC, + .name = "CT", +@@ -315,6 +316,7 @@ static struct xtables_target ct_target_r + .x6_parse = ct_parse_v1, + .x6_options = ct_opts_v1, + }, ++#endif + { + .family = NFPROTO_UNSPEC, + .name = "CT", +@@ -329,6 +331,7 @@ static struct xtables_target ct_target_r + .x6_parse = ct_parse_v1, + .x6_options = ct_opts_v1, + }, ++#ifndef NO_LEGACY + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", +@@ -366,6 +369,7 @@ static struct xtables_target ct_target_r + .revision = 0, + .version = XTABLES_VERSION, + }, ++#endif + }; + + void _init(void) +Index: iptables-1.4.21/extensions/libxt_multiport.c +=================================================================== +--- iptables-1.4.21.orig/extensions/libxt_multiport.c ++++ iptables-1.4.21/extensions/libxt_multiport.c +@@ -469,6 +469,7 @@ static void multiport_save6_v1(const voi + } + + static struct xtables_match multiport_mt_reg[] = { ++#ifndef NO_LEGACY + { + .family = NFPROTO_IPV4, + .name = "multiport", +@@ -497,6 +498,7 @@ static struct xtables_match multiport_mt + .save = multiport_save6, + .x6_options = multiport_opts, + }, ++#endif + { + .family = NFPROTO_IPV4, + .name = "multiport", |