From 45ab1a31628006af6a1fc5b45c39f64b9a699949 Mon Sep 17 00:00:00 2001 From: "Alexandros C. Couloumbis" Date: Wed, 8 Dec 2010 12:56:46 +0000 Subject: [PATCH] package/iptables: update to iptables-1.4.10 & layer7_2.22. (partially closes #8369) SVN-Revision: 24345 --- package/iptables/Makefile | 4 ++-- ...ayer7_2.17.patch => 002-layer7_2.22.patch} | 19 +------------------ .../010-multiport-linux-2.4-compat.patch | 12 ++++++------ .../020-iptables-disable-modprobe.patch | 2 +- .../patches/030-no-libnfnetlink.patch | 4 ++-- 5 files changed, 12 insertions(+), 29 deletions(-) rename package/iptables/patches/{002-layer7_2.17.patch => 002-layer7_2.22.patch} (92%) diff --git a/package/iptables/Makefile b/package/iptables/Makefile index 9d6d195fe1f3..6a4e0541e417 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables -PKG_VERSION:=1.4.9.1 +PKG_VERSION:=1.4.10 PKG_RELEASE:=1 -PKG_MD5SUM:=fbadfb0b5f2dbda49e0ad06a798898e3 +PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \ ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ diff --git a/package/iptables/patches/002-layer7_2.17.patch b/package/iptables/patches/002-layer7_2.22.patch similarity index 92% rename from package/iptables/patches/002-layer7_2.17.patch rename to package/iptables/patches/002-layer7_2.22.patch index 3257f0fb70c5..04b21c010567 100644 --- a/package/iptables/patches/002-layer7_2.17.patch +++ b/package/iptables/patches/002-layer7_2.22.patch @@ -1,5 +1,5 @@ --- /dev/null -+++ b/extensions/libxt_layer7.c ++++ b/libxt_layer7.c @@ -0,0 +1,368 @@ +/* + Shared library add-on to iptables for layer 7 matching support. @@ -369,20 +369,3 @@ +{ + xtables_register_match(&layer7); +} ---- /dev/null -+++ b/extensions/libxt_layer7.man -@@ -0,0 +1,14 @@ -+This module matches packets based on the application layer data of -+their connections. It uses regular expression matching to compare -+the application layer data to regular expressions found it the layer7 -+configuration files. This is an experimental module which can be found at -+http://l7-filter.sf.net. It takes two options. -+.TP -+.BI "--l7proto " "\fIprotocol\fP" -+Match the specified protocol. The protocol name must match a file -+name in /etc/l7-protocols/ or one of its first-level child directories. -+.TP -+.BI "--l7dir " "\fIdirectory\fP" -+Use \fIdirectory\fP instead of /etc/l7-protocols/. This option must be -+specified before --l7proto. -+ diff --git a/package/iptables/patches/010-multiport-linux-2.4-compat.patch b/package/iptables/patches/010-multiport-linux-2.4-compat.patch index e87dfc1b68de..3b35f7e3c6ab 100644 --- a/package/iptables/patches/010-multiport-linux-2.4-compat.patch +++ b/package/iptables/patches/010-multiport-linux-2.4-compat.patch @@ -1,6 +1,6 @@ --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c -@@ -14,21 +14,6 @@ +@@ -15,21 +15,6 @@ #include /* Function which prints out usage message. */ @@ -22,7 +22,7 @@ static void multiport_help_v1(void) { printf( -@@ -71,26 +56,6 @@ proto_to_name(u_int8_t proto) +@@ -72,26 +57,6 @@ proto_to_name(u_int8_t proto) } } @@ -49,7 +49,7 @@ static void parse_multi_ports_v1(const char *portstring, struct xt_multiport_v1 *multiinfo, -@@ -154,73 +119,6 @@ check_proto(u_int16_t pnum, u_int8_t inv +@@ -155,73 +120,6 @@ check_proto(u_int16_t pnum, u_int8_t inv /* Function which parses command options; returns true if it ate an option */ static int @@ -123,7 +123,7 @@ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags, struct xt_entry_match **match, u_int16_t pnum, u_int8_t invflags) -@@ -313,55 +211,6 @@ print_port(u_int16_t port, u_int8_t prot +@@ -314,55 +212,6 @@ print_port(u_int16_t port, u_int8_t prot } /* Prints out the matchinfo. */ @@ -179,7 +179,7 @@ static void __multiport_print_v1(const struct xt_entry_match *match, int numeric, u_int16_t proto) { -@@ -418,48 +267,6 @@ static void multiport_print6_v1(const vo +@@ -419,48 +268,6 @@ static void multiport_print6_v1(const vo } /* Saves the union ipt_matchinfo in parsable form to stdout. */ @@ -228,7 +228,7 @@ static void __multiport_save_v1(const struct xt_entry_match *match, u_int16_t proto) { -@@ -513,34 +320,6 @@ static struct xtables_match multiport_mt +@@ -514,34 +321,6 @@ static struct xtables_match multiport_mt { .family = NFPROTO_IPV4, .name = "multiport", diff --git a/package/iptables/patches/020-iptables-disable-modprobe.patch b/package/iptables/patches/020-iptables-disable-modprobe.patch index 338962ffbeea..422058df787b 100644 --- a/package/iptables/patches/020-iptables-disable-modprobe.patch +++ b/package/iptables/patches/020-iptables-disable-modprobe.patch @@ -8,7 +8,7 @@ char *buf = NULL; char *argv[4]; int status; -@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, +@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, free(buf); if (WIFEXITED(status) && WEXITSTATUS(status) == 0) return 0; diff --git a/package/iptables/patches/030-no-libnfnetlink.patch b/package/iptables/patches/030-no-libnfnetlink.patch index 07bed666cae2..cda9a7205be2 100644 --- a/package/iptables/patches/030-no-libnfnetlink.patch +++ b/package/iptables/patches/030-no-libnfnetlink.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -10864,75 +10864,7 @@ $as_echo "no" >&6; } +@@ -10917,75 +10917,7 @@ $as_echo "no" >&6; } fi fi @@ -79,7 +79,7 @@ else --- a/configure.ac +++ b/configure.ac -@@ -68,9 +68,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test +@@ -79,9 +79,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) -- 2.30.2