diff options
Diffstat (limited to 'package/network/utils/iptables')
9 files changed, 103 insertions, 304 deletions
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index ac869f0385..2fef0aba19 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -9,17 +9,16 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables -PKG_VERSION:=1.4.21 -PKG_RELEASE:=2 +PKG_VERSION:=1.6.1 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \ - ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ - ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \ - ftp://ftp.no.netfilter.org/pub/netfilter/iptables/ -PKG_HASH:=52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://git.netfilter.org/iptables +PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487 +PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14 PKG_FIXUP:=autoreconf + PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0 @@ -51,6 +50,20 @@ $(call Package/iptables/Default) DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables endef +define Package/iptables/config + config IPTABLES_CONNLABEL + bool "Enable Connlabel support" + default n + help + This enable connlabel support in iptables. + + config IPTABLES_NFTABLES + bool "Enable Nftables support" + default n + help + This enable nftables support in iptables. +endef + define Package/iptables/description IP firewall administration tool. @@ -413,6 +426,9 @@ define Package/libxtables SECTION:=libs CATEGORY:=Libraries TITLE:=IPv4/IPv6 firewall - shared xtables library + DEPENDS:= \ + +IPTABLES_CONNLABEL:libnetfilter-conntrack \ + +IPTABLES_NFTABLES:libnfnetlink endef TARGET_CPPFLAGS := \ @@ -431,10 +447,12 @@ TARGET_LDFLAGS += \ CONFIGURE_ARGS += \ --enable-shared \ + --enable-static \ --enable-devel \ --with-kernel="$(LINUX_DIR)/user_headers" \ --with-xtlibdir=/usr/lib/iptables \ - --enable-static \ + $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \ + $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \ $(if $(CONFIG_IPV6),,--disable-ipv6) MAKE_FLAGS := \ diff --git a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch index 2b6c57ec9e..4add4ea5f3 100644 --- a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch +++ b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch @@ -1,6 +1,6 @@ --- a/libxtables/xtables.c +++ b/libxtables/xtables.c -@@ -336,6 +336,7 @@ static char *get_modprobe(void) +@@ -355,6 +355,7 @@ static char *get_modprobe(void) int xtables_insmod(const char *modname, const char *modprobe, bool quiet) { @@ -8,7 +8,7 @@ char *buf = NULL; char *argv[4]; int status; -@@ -380,6 +381,7 @@ int xtables_insmod(const char *modname, +@@ -395,6 +396,7 @@ int xtables_insmod(const char *modname, free(buf); if (WIFEXITED(status) && WEXITSTATUS(status) == 0) return 0; diff --git a/package/network/utils/iptables/patches/030-no-libnfnetlink.patch b/package/network/utils/iptables/patches/030-no-libnfnetlink.patch deleted file mode 100644 index 50542ac0b5..0000000000 --- a/package/network/utils/iptables/patches/030-no-libnfnetlink.patch +++ /dev/null @@ -1,94 +0,0 @@ ---- a/configure -+++ b/configure -@@ -12367,77 +12367,7 @@ fi - fi - - --pkg_failed=no --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnfnetlink" >&5 --$as_echo_n "checking for libnfnetlink... " >&6; } -- --if test -n "$libnfnetlink_CFLAGS"; then -- pkg_cv_libnfnetlink_CFLAGS="$libnfnetlink_CFLAGS" -- elif test -n "$PKG_CONFIG"; then -- if test -n "$PKG_CONFIG" && \ -- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5 -- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; then -- pkg_cv_libnfnetlink_CFLAGS=`$PKG_CONFIG --cflags "libnfnetlink >= 1.0" 2>/dev/null` -- test "x$?" != "x0" && pkg_failed=yes --else -- pkg_failed=yes --fi -- else -- pkg_failed=untried --fi --if test -n "$libnfnetlink_LIBS"; then -- pkg_cv_libnfnetlink_LIBS="$libnfnetlink_LIBS" -- elif test -n "$PKG_CONFIG"; then -- if test -n "$PKG_CONFIG" && \ -- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5 -- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; then -- pkg_cv_libnfnetlink_LIBS=`$PKG_CONFIG --libs "libnfnetlink >= 1.0" 2>/dev/null` -- test "x$?" != "x0" && pkg_failed=yes --else -- pkg_failed=yes --fi -- else -- pkg_failed=untried --fi -- -- -- --if test $pkg_failed = yes; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then -- _pkg_short_errors_supported=yes --else -- _pkg_short_errors_supported=no --fi -- if test $_pkg_short_errors_supported = yes; then -- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1` -- else -- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1` -- fi -- # Put the nasty error message in config.log where it belongs -- echo "$libnfnetlink_PKG_ERRORS" >&5 -- -- nfnetlink=0 --elif test $pkg_failed = untried; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- nfnetlink=0 --else -- libnfnetlink_CFLAGS=$pkg_cv_libnfnetlink_CFLAGS -- libnfnetlink_LIBS=$pkg_cv_libnfnetlink_LIBS -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- nfnetlink=1 --fi -- if test "$nfnetlink" = 1; then -+if false; then - HAVE_LIBNFNETLINK_TRUE= - HAVE_LIBNFNETLINK_FALSE='#' - else ---- a/configure.ac -+++ b/configure.ac -@@ -111,9 +111,7 @@ if test "x$enable_bpfc" = "xyes" || test - AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool)) - fi - --PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], -- [nfnetlink=1], [nfnetlink=0]) --AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) -+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [false]) - - regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ - -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ diff --git a/package/network/utils/iptables/patches/050-optional-xml.patch b/package/network/utils/iptables/patches/050-optional-xml.patch index 11311ddb47..b782bbf13a 100644 --- a/package/network/utils/iptables/patches/050-optional-xml.patch +++ b/package/network/utils/iptables/patches/050-optional-xml.patch @@ -1,6 +1,6 @@ --- a/iptables/xtables-multi.c +++ b/iptables/xtables-multi.c -@@ -22,8 +22,10 @@ static const struct subcommand multi_sub +@@ -26,8 +26,10 @@ static const struct subcommand multi_sub {"iptables-restore", iptables_restore_main}, {"restore4", iptables_restore_main}, #endif diff --git a/package/network/utils/iptables/patches/100-bash-location.patch b/package/network/utils/iptables/patches/100-bash-location.patch deleted file mode 100644 index 02ee45ba1e..0000000000 --- a/package/network/utils/iptables/patches/100-bash-location.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- a/iptables/iptables-apply -+++ b/iptables/iptables-apply -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/usr/bin/env bash - # - # iptables-apply -- a safer way to update iptables remotely - # diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch index d35bc5a85d..9c53c2bfed 100644 --- a/package/network/utils/iptables/patches/200-configurable_builtin.patch +++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch @@ -1,58 +1,75 @@ --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in -@@ -45,9 +45,24 @@ pfx_symlinks := NOTRACK state - pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) - pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) - pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) +@@ -50,11 +50,31 @@ pfb_build_mod := $(filter-out @blacklist + pfa_build_mod := $(filter-out @blacklist_modules@ @blacklist_a_modules@,${pfa_build_mod}) + pf4_build_mod := $(filter-out @blacklist_modules@ @blacklist_4_modules@,${pf4_build_mod}) + pf6_build_mod := $(filter-out @blacklist_modules@ @blacklist_6_modules@,${pf6_build_mod}) -pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) +-pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod}) +-pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_mod}) -pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) -pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) -+ +ifdef BUILTIN_MODULES +pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod}) ++pfb_build_static := $(filter $(BUILTIN_MODULES),${pfb_build_mod}) ++pfa_build_static := $(filter $(BUILTIN_MODULES),${pfa_build_mod}) +pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod}) +pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod}) +else +@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod) ++@ENABLE_STATIC_TRUE@ pfb_build_static := $(pfb_build_mod) ++@ENABLE_STATIC_TRUE@ pfa_build_static := $(pfa_build_mod) +@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod) +@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod) +endif + +pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod)) ++pfb_build_mod := $(filter-out $(pfb_build_static),$(pfb_build_mod)) ++pfa_build_mod := $(filter-out $(pfa_build_static),$(pfa_build_mod)) +pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod)) +pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod)) + +pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static}) ++pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_static}) ++pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_static}) +pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static}) +pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static}) pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks}) - pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) - pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) -@@ -58,11 +73,11 @@ pf6_solibs := $(patsubst %,libip6t_%. + pfb_solibs := $(patsubst %,libebt_%.so,${pfb_build_mod}) + pfa_solibs := $(patsubst %,libarpt_%.so,${pfa_build_mod}) +@@ -67,13 +87,13 @@ pf6_solibs := $(patsubst %,libip6t_%. # - targets := libext.a libext4.a libext6.a matches.man targets.man + targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man targets_install := -@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs} +-@ENABLE_STATIC_TRUE@ libext_ebt_objs := ${pfb_objs} +-@ENABLE_STATIC_TRUE@ libext_arpt_objs := ${pfa_objs} -@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs} -@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs} --@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} --@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} +-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs} +-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs} +libext_objs := ${pfx_objs} ++libext_ebt_objs := ${pfb_objs} ++libext_arpt_objs := ${pfa_objs} +libext4_objs := ${pf4_objs} +libext6_objs := ${pf6_objs} -+targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} -+targets_install := $(strip ${targets_install} ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}) ++targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs} ++targets_install := $(strip ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}) .SECONDARY: -@@ -126,9 +141,9 @@ libext4.a: initext4.o ${libext4_objs} +@@ -141,11 +161,11 @@ libext4.a: initext4.o ${libext4_objs} libext6.a: initext6.o ${libext6_objs} ${AM_VERBOSE_AR} ${AR} crs $@ $^; -initext_func := $(addprefix xt_,${pfx_build_mod}) +-initextb_func := $(addprefix ebt_,${pfb_build_mod}) +-initexta_func := $(addprefix arpt_,${pfa_build_mod}) -initext4_func := $(addprefix ipt_,${pf4_build_mod}) -initext6_func := $(addprefix ip6t_,${pf6_build_mod}) +initext_func := $(addprefix xt_,${pfx_build_static}) ++initextb_func := $(addprefix ebt_,${pfb_build_static}) ++initexta_func := $(addprefix arpt_,${pfa_build_static}) +initext4_func := $(addprefix ipt_,${pf4_build_static}) +initext6_func := $(addprefix ip6t_,${pf6_build_static}) diff --git a/package/network/utils/iptables/patches/300-musl_fixes.patch b/package/network/utils/iptables/patches/300-musl_fixes.patch deleted file mode 100644 index a78eda775d..0000000000 --- a/package/network/utils/iptables/patches/300-musl_fixes.patch +++ /dev/null @@ -1,127 +0,0 @@ ---- a/extensions/libip6t_ipv6header.c -+++ b/extensions/libip6t_ipv6header.c -@@ -10,6 +10,9 @@ on whether they contain certain headers - #include <netdb.h> - #include <xtables.h> - #include <linux/netfilter_ipv6/ip6t_ipv6header.h> -+#ifndef IPPROTO_HOPOPTS -+# define IPPROTO_HOPOPTS 0 -+#endif - - enum { - O_HEADER = 0, ---- a/extensions/libxt_TCPOPTSTRIP.c -+++ b/extensions/libxt_TCPOPTSTRIP.c -@@ -12,6 +12,21 @@ - #ifndef TCPOPT_MD5SIG - # define TCPOPT_MD5SIG 19 - #endif -+#ifndef TCPOPT_MAXSEG -+# define TCPOPT_MAXSEG 2 -+#endif -+#ifndef TCPOPT_WINDOW -+# define TCPOPT_WINDOW 3 -+#endif -+#ifndef TCPOPT_SACK_PERMITTED -+# define TCPOPT_SACK_PERMITTED 4 -+#endif -+#ifndef TCPOPT_SACK -+# define TCPOPT_SACK 5 -+#endif -+#ifndef TCPOPT_TIMESTAMP -+# define TCPOPT_TIMESTAMP 8 -+#endif - - enum { - O_STRIP_OPTION = 0, ---- a/include/libiptc/ipt_kernel_headers.h -+++ b/include/libiptc/ipt_kernel_headers.h -@@ -5,7 +5,6 @@ - - #include <limits.h> - --#if defined(__GLIBC__) && __GLIBC__ == 2 - #include <netinet/ip.h> - #include <netinet/in.h> - #include <netinet/ip_icmp.h> -@@ -13,15 +12,4 @@ - #include <netinet/udp.h> - #include <net/if.h> - #include <sys/types.h> --#else /* libc5 */ --#include <sys/socket.h> --#include <linux/ip.h> --#include <linux/in.h> --#include <linux/if.h> --#include <linux/icmp.h> --#include <linux/tcp.h> --#include <linux/udp.h> --#include <linux/types.h> --#include <linux/in6.h> --#endif - #endif ---- a/include/linux/netfilter_ipv4/ip_tables.h -+++ b/include/linux/netfilter_ipv4/ip_tables.h -@@ -16,6 +16,7 @@ - #define _IPTABLES_H - - #include <linux/types.h> -+#include <sys/types.h> - - #include <linux/netfilter_ipv4.h> - ---- a/iptables/ip6tables-restore.c -+++ b/iptables/ip6tables-restore.c -@@ -9,7 +9,7 @@ - */ - - #include <getopt.h> --#include <sys/errno.h> -+#include <errno.h> - #include <stdbool.h> - #include <string.h> - #include <stdio.h> ---- a/iptables/ip6tables-save.c -+++ b/iptables/ip6tables-save.c -@@ -6,7 +6,7 @@ - * This code is distributed under the terms of GNU GPL v2 - */ - #include <getopt.h> --#include <sys/errno.h> -+#include <errno.h> - #include <stdio.h> - #include <fcntl.h> - #include <stdlib.h> ---- a/iptables/iptables-restore.c -+++ b/iptables/iptables-restore.c -@@ -6,7 +6,7 @@ - */ - - #include <getopt.h> --#include <sys/errno.h> -+#include <errno.h> - #include <stdbool.h> - #include <string.h> - #include <stdio.h> ---- a/iptables/iptables-save.c -+++ b/iptables/iptables-save.c -@@ -6,7 +6,7 @@ - * - */ - #include <getopt.h> --#include <sys/errno.h> -+#include <errno.h> - #include <stdio.h> - #include <fcntl.h> - #include <stdlib.h> ---- a/iptables/iptables-xml.c -+++ b/iptables/iptables-xml.c -@@ -7,7 +7,7 @@ - */ - - #include <getopt.h> --#include <sys/errno.h> -+#include <errno.h> - #include <string.h> - #include <stdio.h> - #include <stdlib.h> diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch index 92f5485399..2071ebd868 100644 --- a/package/network/utils/iptables/patches/600-shared-libext.patch +++ b/package/network/utils/iptables/patches/600-shared-libext.patch @@ -1,17 +1,15 @@ -Index: iptables-1.4.21/extensions/GNUmakefile.in -=================================================================== ---- iptables-1.4.21.orig/extensions/GNUmakefile.in -+++ iptables-1.4.21/extensions/GNUmakefile.in -@@ -71,7 +71,7 @@ pf6_solibs := $(patsubst %,libip6t_%. +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -85,7 +85,7 @@ pf6_solibs := $(patsubst %,libip6t_%. # # Building blocks # --targets := libext.a libext4.a libext6.a matches.man targets.man -+targets := libiptext.so libiptext4.so libiptext6.so matches.man targets.man +-targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man ++targets := libiptext.so libiptext4.so libiptext6.so libiptext_ebt.so libiptext_arpt.so matches.man targets.man targets_install := libext_objs := ${pfx_objs} - libext4_objs := ${pf4_objs} -@@ -96,7 +96,7 @@ clean: + libext_ebt_objs := ${pfb_objs} +@@ -112,7 +112,7 @@ clean: distclean: clean init%.o: init%.c @@ -20,7 +18,7 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in -include .*.d -@@ -130,16 +130,16 @@ xt_statistic_LIBADD = -lm +@@ -144,22 +144,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn # handling code in the Makefiles. # lib%.o: ${srcdir}/lib%.c @@ -32,6 +30,16 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in +libiptext.so: initext.o ${libext_objs} + ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; +-libext_ebt.a: initextb.o ${libext_ebt_objs} +- ${AM_VERBOSE_AR} ${AR} crs $@ $^; ++libiptext_ebt.so: initextb.o ${libext_ebt__objs} ++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; + +-libext_arpt.a: initexta.o ${libext_arpt_objs} +- ${AM_VERBOSE_AR} ${AR} crs $@ $^; ++libiptext_arpt.so: initexta.o ${libext_arpt__objs} ++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; + -libext4.a: initext4.o ${libext4_objs} - ${AM_VERBOSE_AR} ${AR} crs $@ $^; +libiptext4.so: initext4.o ${libext4_objs} @@ -43,12 +51,10 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in + ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD}; initext_func := $(addprefix xt_,${pfx_build_static}) - initext4_func := $(addprefix ipt_,${pf4_build_static}) -Index: iptables-1.4.21/iptables/Makefile.am -=================================================================== ---- iptables-1.4.21.orig/iptables/Makefile.am -+++ iptables-1.4.21/iptables/Makefile.am -@@ -5,7 +5,8 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} - + initextb_func := $(addprefix ebt_,${pfb_build_static}) +--- a/iptables/Makefile.am ++++ b/iptables/Makefile.am +@@ -8,7 +8,8 @@ BUILT_SOURCES = xtables_multi_SOURCES = xtables-multi.c iptables-xml.c xtables_multi_CFLAGS = ${AM_CFLAGS} @@ -58,7 +64,7 @@ Index: iptables-1.4.21/iptables/Makefile.am if ENABLE_STATIC xtables_multi_CFLAGS += -DALL_INCLUSIVE endif -@@ -13,13 +14,15 @@ if ENABLE_IPV4 +@@ -16,13 +17,15 @@ if ENABLE_IPV4 xtables_multi_SOURCES += iptables-save.c iptables-restore.c \ iptables-standalone.c iptables.c xtables_multi_CFLAGS += -DENABLE_IPV4 diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch index 342c3b013a..6800ca5ece 100644 --- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch +++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch @@ -1,8 +1,6 @@ -Index: iptables-1.4.21/extensions/libxt_conntrack.c -=================================================================== ---- iptables-1.4.21.orig/extensions/libxt_conntrack.c -+++ iptables-1.4.21/extensions/libxt_conntrack.c -@@ -1157,6 +1157,7 @@ static void state_save(const void *ip, c +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -1397,6 +1397,7 @@ static int conntrack3_mt6_xlate(struct x } static struct xtables_match conntrack_mt_reg[] = { @@ -10,7 +8,7 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1232,6 +1233,7 @@ static struct xtables_match conntrack_mt +@@ -1472,6 +1473,7 @@ static struct xtables_match conntrack_mt .alias = conntrack_print_name_alias, .x6_options = conntrack2_mt_opts, }, @@ -18,31 +16,24 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1262,6 +1264,7 @@ static struct xtables_match conntrack_mt - .alias = conntrack_print_name_alias, +@@ -1504,6 +1506,7 @@ static struct xtables_match conntrack_mt .x6_options = conntrack3_mt_opts, + .xlate = conntrack3_mt6_xlate, }, +#ifndef NO_LEGACY { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1292,6 +1295,7 @@ static struct xtables_match conntrack_mt +@@ -1534,6 +1537,8 @@ static struct xtables_match conntrack_mt .x6_parse = state_ct23_parse, .x6_options = state_opts, }, +#endif - { - .family = NFPROTO_UNSPEC, - .name = "state", -@@ -1307,6 +1311,7 @@ static struct xtables_match conntrack_mt - .x6_parse = state_ct23_parse, - .x6_options = state_opts, - }, +#ifndef NO_LEGACY { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1320,6 +1325,7 @@ static struct xtables_match conntrack_mt +@@ -1563,6 +1568,7 @@ static struct xtables_match conntrack_mt .x6_parse = state_parse, .x6_options = state_opts, }, @@ -50,11 +41,9 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c }; void _init(void) -Index: iptables-1.4.21/extensions/libxt_CT.c -=================================================================== ---- iptables-1.4.21.orig/extensions/libxt_CT.c -+++ iptables-1.4.21/extensions/libxt_CT.c -@@ -290,6 +290,7 @@ static void notrack_ct2_tg_init(struct x +--- a/extensions/libxt_CT.c ++++ b/extensions/libxt_CT.c +@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x } static struct xtables_target ct_target_reg[] = { @@ -62,7 +51,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c { .family = NFPROTO_UNSPEC, .name = "CT", -@@ -315,6 +316,7 @@ static struct xtables_target ct_target_r +@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r .x6_parse = ct_parse_v1, .x6_options = ct_opts_v1, }, @@ -70,7 +59,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c { .family = NFPROTO_UNSPEC, .name = "CT", -@@ -329,6 +331,7 @@ static struct xtables_target ct_target_r +@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r .x6_parse = ct_parse_v1, .x6_options = ct_opts_v1, }, @@ -78,7 +67,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c { .family = NFPROTO_UNSPEC, .name = "NOTRACK", -@@ -366,6 +369,7 @@ static struct xtables_target ct_target_r +@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r .revision = 0, .version = XTABLES_VERSION, }, @@ -86,11 +75,9 @@ Index: iptables-1.4.21/extensions/libxt_CT.c }; void _init(void) -Index: iptables-1.4.21/extensions/libxt_multiport.c -=================================================================== ---- iptables-1.4.21.orig/extensions/libxt_multiport.c -+++ iptables-1.4.21/extensions/libxt_multiport.c -@@ -469,6 +469,7 @@ static void multiport_save6_v1(const voi +--- a/extensions/libxt_multiport.c ++++ b/extensions/libxt_multiport.c +@@ -571,6 +571,7 @@ static int multiport_xlate6_v1(struct xt } static struct xtables_match multiport_mt_reg[] = { @@ -98,9 +85,9 @@ Index: iptables-1.4.21/extensions/libxt_multiport.c { .family = NFPROTO_IPV4, .name = "multiport", -@@ -497,6 +498,7 @@ static struct xtables_match multiport_mt - .save = multiport_save6, +@@ -601,6 +602,7 @@ static struct xtables_match multiport_mt .x6_options = multiport_opts, + .xlate = multiport_xlate6, }, +#endif { |