diff options
5 files changed, 148 insertions, 9 deletions
diff --git a/package/network/utils/iptables/patches/011-recent-add-reap.patch b/package/network/utils/iptables/patches/011-recent-add-reap.patch index 275265b99..6a2923fec 100644 --- a/package/network/utils/iptables/patches/011-recent-add-reap.patch +++ b/package/network/utils/iptables/patches/011-recent-add-reap.patch @@ -79,7 +79,7 @@ Signed-off-by: Tim Gardner <tim.gardner@canonical.com> } static void recent_save(const void *ip, const struct xt_entry_match *match) -@@ -211,6 +229,8 @@ static void recent_save(const void *ip, +@@ -211,6 +229,8 @@ static void recent_save(const void *ip, printf("--rsource "); if (info->side == XT_RECENT_DEST) printf("--rdest "); @@ -90,7 +90,7 @@ Signed-off-by: Tim Gardner <tim.gardner@canonical.com> static struct xtables_match recent_mt_reg = { --- a/extensions/libxt_recent.man +++ b/extensions/libxt_recent.man -@@ -41,6 +41,11 @@ This option must be used in conjunction +@@ -41,6 +41,11 @@ This option must be used in conjunction \fB\-\-update\fP. When used, this will narrow the match to only happen when the address is in the list and was seen within the last given number of seconds. .TP diff --git a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch index 338962ffb..422058df7 100644 --- a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch +++ b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch @@ -8,7 +8,7 @@ char *buf = NULL; char *argv[4]; int status; -@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, +@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, free(buf); if (WIFEXITED(status) && WEXITSTATUS(status) == 0) return 0; diff --git a/package/network/utils/iptables/patches/110-linux_3.2_compat.patch b/package/network/utils/iptables/patches/110-linux_3.2_compat.patch index 2cdd673d2..536cb238a 100644 --- a/package/network/utils/iptables/patches/110-linux_3.2_compat.patch +++ b/package/network/utils/iptables/patches/110-linux_3.2_compat.patch @@ -1,6 +1,6 @@ ---- iptables-1.4.10/include/linux/types.h.orig 2011-11-07 00:08:33.000000000 +0100 -+++ iptables-1.4.10/include/linux/types.h 2011-11-07 00:09:25.000000000 +0100 -@@ -34,5 +34,9 @@ +--- a/include/linux/types.h ++++ b/include/linux/types.h +@@ -34,5 +34,9 @@ typedef __u64 __bitwise __be64; typedef __u16 __bitwise __sum16; typedef __u32 __bitwise __wsum; diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch index 9f9cc387c..4c9c88f67 100644 --- a/package/network/utils/iptables/patches/200-configurable_builtin.patch +++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch @@ -1,6 +1,6 @@ --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in -@@ -40,9 +40,24 @@ +@@ -40,9 +40,24 @@ pfx_build_mod := $(patsubst ${srcdir}/li pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) @@ -28,7 +28,7 @@ pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) -@@ -54,10 +69,10 @@ +@@ -54,10 +69,10 @@ pf6_solibs := $(patsubst %,libip6t_%. targets := libext4.a libext6.a matches4.man matches6.man \ targets4.man targets6.man targets_install := @@ -43,7 +43,7 @@ .SECONDARY: -@@ -107,8 +122,8 @@ +@@ -107,8 +122,8 @@ libext4.a: initext4.o ${libext4_objs} libext6.a: initext6.o ${libext6_objs} ${AM_VERBOSE_AR} ${AR} crs $@ $^; diff --git a/package/network/utils/iptables/patches/300-musl_fixes.patch b/package/network/utils/iptables/patches/300-musl_fixes.patch new file mode 100644 index 000000000..b6f6a0e1b --- /dev/null +++ b/package/network/utils/iptables/patches/300-musl_fixes.patch @@ -0,0 +1,139 @@ +--- a/extensions/libip6t_ipv6header.c ++++ b/extensions/libip6t_ipv6header.c +@@ -15,6 +15,9 @@ on whether they contain certain headers + #include <sys/types.h> + + #include <linux/netfilter_ipv6/ip6t_ipv6header.h> ++#ifndef IPPROTO_HOPOPTS ++# define IPPROTO_HOPOPTS 0 ++#endif + + /* This maybe required + #include <linux/in.h> +--- a/extensions/libxt_TCPOPTSTRIP.c ++++ b/extensions/libxt_TCPOPTSTRIP.c +@@ -16,6 +16,21 @@ + #ifndef TCPOPT_MD5SIG + # define TCPOPT_MD5SIG 19 + #endif ++#ifndef TCPOPT_MAXSEG ++# define TCPOPT_MAXSEG 2 ++#endif ++#ifndef TCPOPT_WINDOW ++# define TCPOPT_WINDOW 3 ++#endif ++#ifndef TCPOPT_SACK_PERMITTED ++# define TCPOPT_SACK_PERMITTED 4 ++#endif ++#ifndef TCPOPT_SACK ++# define TCPOPT_SACK 5 ++#endif ++#ifndef TCPOPT_TIMESTAMP ++# define TCPOPT_TIMESTAMP 8 ++#endif + + enum { + FLAG_STRIP = 1 << 0, +--- a/include/libiptc/ipt_kernel_headers.h ++++ b/include/libiptc/ipt_kernel_headers.h +@@ -5,7 +5,6 @@ + + #include <limits.h> + +-#if defined(__GLIBC__) && __GLIBC__ == 2 + #include <netinet/ip.h> + #include <netinet/in.h> + #include <netinet/ip_icmp.h> +@@ -13,15 +12,4 @@ + #include <netinet/udp.h> + #include <net/if.h> + #include <sys/types.h> +-#else /* libc5 */ +-#include <sys/socket.h> +-#include <linux/ip.h> +-#include <linux/in.h> +-#include <linux/if.h> +-#include <linux/icmp.h> +-#include <linux/tcp.h> +-#include <linux/udp.h> +-#include <linux/types.h> +-#include <linux/in6.h> +-#endif + #endif +--- a/include/linux/netfilter/xt_osf.h ++++ b/include/linux/netfilter/xt_osf.h +@@ -21,6 +21,9 @@ + #define _XT_OSF_H + + #include <linux/types.h> ++#if !defined(__UCLIBC__) && !defined(__GLIBC_) ++#include <linux/tcp.h> ++#endif + + #define MAXGENRELEN 32 + +--- a/include/linux/netfilter_ipv4/ip_tables.h ++++ b/include/linux/netfilter_ipv4/ip_tables.h +@@ -16,6 +16,7 @@ + #define _IPTABLES_H + + #include <linux/types.h> ++#include <sys/types.h> + + #include <linux/netfilter_ipv4.h> + +--- a/ip6tables-restore.c ++++ b/ip6tables-restore.c +@@ -11,7 +11,7 @@ + */ + + #include <getopt.h> +-#include <sys/errno.h> ++#include <errno.h> + #include <stdbool.h> + #include <string.h> + #include <stdio.h> +--- a/ip6tables-save.c ++++ b/ip6tables-save.c +@@ -6,7 +6,7 @@ + * This code is distributed under the terms of GNU GPL v2 + */ + #include <getopt.h> +-#include <sys/errno.h> ++#include <errno.h> + #include <stdio.h> + #include <fcntl.h> + #include <stdlib.h> +--- a/iptables-restore.c ++++ b/iptables-restore.c +@@ -8,7 +8,7 @@ + */ + + #include <getopt.h> +-#include <sys/errno.h> ++#include <errno.h> + #include <stdbool.h> + #include <string.h> + #include <stdio.h> +--- a/iptables-save.c ++++ b/iptables-save.c +@@ -6,7 +6,7 @@ + * + */ + #include <getopt.h> +-#include <sys/errno.h> ++#include <errno.h> + #include <stdio.h> + #include <fcntl.h> + #include <stdlib.h> +--- a/iptables-xml.c ++++ b/iptables-xml.c +@@ -9,7 +9,7 @@ + */ + + #include <getopt.h> +-#include <sys/errno.h> ++#include <errno.h> + #include <string.h> + #include <stdio.h> + #include <stdlib.h> |