diff options
Diffstat (limited to 'package/iptables/patches/1.4.3.2')
5 files changed, 0 insertions, 548 deletions
diff --git a/package/iptables/patches/1.4.3.2/002-layer7_2.17.patch b/package/iptables/patches/1.4.3.2/002-layer7_2.17.patch deleted file mode 100644 index a62d87f61..000000000 --- a/package/iptables/patches/1.4.3.2/002-layer7_2.17.patch +++ /dev/null @@ -1,390 +0,0 @@ -diff -Nur a/libxt_layer7.c b/libxt_layer7.c ---- a/extensions/libxt_layer7.c 1970-01-01 01:00:00.000000000 +0100 -+++ b/extensions/libxt_layer7.c 2008-08-22 16:00:52.000000000 +0200 -@@ -0,0 +1,368 @@ -+/* -+ Shared library add-on to iptables for layer 7 matching support. -+ -+ By Matthew Strait <quadong@users.sf.net>, Oct 2003-Aug 2008. -+ -+ http://l7-filter.sf.net -+ -+ This program is free software; you can redistribute it and/or -+ modify it under the terms of the GNU General Public License -+ as published by the Free Software Foundation; either version -+ 2 of the License, or (at your option) any later version. -+ http://www.gnu.org/licenses/gpl.txt -+*/ -+ -+#define _GNU_SOURCE -+#include <stdio.h> -+#include <netdb.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+#include <ctype.h> -+#include <dirent.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/xt_layer7.h> -+ -+#define MAX_FN_LEN 256 -+ -+static char l7dir[MAX_FN_LEN] = "\0"; -+ -+/* Function which prints out usage message. */ -+static void help(void) -+{ -+ printf( -+ "layer7 match options:\n" -+ " --l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n" -+ " (--l7dir must be specified before --l7proto if used)\n" -+ "[!] --l7proto <name>: Match named protocol using /etc/l7-protocols/.../name.pat\n"); -+} -+ -+static const struct option opts[] = { -+ { .name = "l7proto", .has_arg = 1, .val = 'p' }, -+ { .name = "l7dir", .has_arg = 1, .val = 'd' }, -+ { .name = NULL } -+}; -+ -+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */ -+static int parse_protocol_file(char * filename, const char * protoname, struct xt_layer7_info *info) -+{ -+ FILE * f; -+ char * line = NULL; -+ size_t len = 0; -+ -+ enum { protocol, pattern, done } datatype = protocol; -+ -+ f = fopen(filename, "r"); -+ -+ if(!f) -+ return 0; -+ -+ while(getline(&line, &len, f) != -1) -+ { -+ if(strlen(line) < 2 || line[0] == '#') -+ continue; -+ -+ /* strip the pesky newline... */ -+ if(line[strlen(line) - 1] == '\n') -+ line[strlen(line) - 1] = '\0'; -+ -+ if(datatype == protocol) -+ { -+ /* Ignore everything on the line beginning with the -+ first space or tab . For instance, this allows the -+ protocol line in http.pat to be "http " (or -+ "http I am so cool") instead of just "http". */ -+ if(strchr(line, ' ')){ -+ char * space = strchr(line, ' '); -+ space[0] = '\0'; -+ } -+ if(strchr(line, '\t')){ -+ char * space = strchr(line, '\t'); -+ space[0] = '\0'; -+ } -+ -+ /* sanity check. First non-comment non-blank -+ line must be the same as the file name. */ -+ if(strcmp(line, protoname)) -+ xtables_error(OTHER_PROBLEM, -+ "Protocol name (%s) doesn't match file name (%s). Bailing out\n", -+ line, filename); -+ -+ if(strlen(line) >= MAX_PROTOCOL_LEN) -+ xtables_error(PARAMETER_PROBLEM, -+ "Protocol name in %s too long!", filename); -+ strncpy(info->protocol, line, MAX_PROTOCOL_LEN); -+ -+ datatype = pattern; -+ } -+ else if(datatype == pattern) -+ { -+ if(strlen(line) >= MAX_PATTERN_LEN) -+ xtables_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename); -+ strncpy(info->pattern, line, MAX_PATTERN_LEN); -+ -+ datatype = done; -+ break; -+ } -+ else -+ xtables_error(OTHER_PROBLEM, "Internal error"); -+ } -+ -+ if(datatype != done) -+ xtables_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename); -+ -+ if(line) free(line); -+ fclose(f); -+ -+ return 1; -+} -+ -+static int hex2dec(char c) -+{ -+ switch (c) -+ { -+ case '0' ... '9': -+ return c - '0'; -+ case 'a' ... 'f': -+ return c - 'a' + 10; -+ case 'A' ... 'F': -+ return c - 'A' + 10; -+ default: -+ xtables_error(OTHER_PROBLEM, "hex2dec: bad value!\n"); -+ return 0; -+ } -+} -+ -+/* takes a string with \xHH escapes and returns one with the characters -+they stand for */ -+static char * pre_process(char * s) -+{ -+ char * result = malloc(strlen(s) + 1); -+ int sindex = 0, rrindex = 0; -+ while( sindex < strlen(s) ) -+ { -+ if( sindex + 3 < strlen(s) && -+ s[sindex] == '\\' && s[sindex+1] == 'x' && -+ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) ) -+ { -+ /* carefully remember to call tolower here... */ -+ result[rrindex] = tolower( hex2dec(s[sindex + 2])*16 + -+ hex2dec(s[sindex + 3] ) ); -+ -+ switch ( result[rrindex] ) -+ { -+ case 0x24: -+ case 0x28: -+ case 0x29: -+ case 0x2a: -+ case 0x2b: -+ case 0x2e: -+ case 0x3f: -+ case 0x5b: -+ case 0x5c: -+ case 0x5d: -+ case 0x5e: -+ case 0x7c: -+ fprintf(stderr, -+ "Warning: layer7 regexp contains a control character, %c, in hex (\\x%c%c).\n" -+ "I recommend that you write this as %c or \\%c, depending on what you meant.\n", -+ result[rrindex], s[sindex + 2], s[sindex + 3], result[rrindex], result[rrindex]); -+ break; -+ case 0x00: -+ fprintf(stderr, -+ "Warning: null (\\x00) in layer7 regexp. A null terminates the regexp string!\n"); -+ break; -+ default: -+ break; -+ } -+ -+ -+ sindex += 3; /* 4 total */ -+ } -+ else -+ result[rrindex] = tolower(s[sindex]); -+ -+ sindex++; -+ rrindex++; -+ } -+ result[rrindex] = '\0'; -+ -+ return result; -+} -+ -+#define MAX_SUBDIRS 128 -+static char ** readl7dir(char * dirname) -+{ -+ DIR * scratchdir; -+ struct dirent ** namelist; -+ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *)); -+ -+ int n, d = 1; -+ subdirs[0] = ""; -+ -+ n = scandir(dirname, &namelist, 0, alphasort); -+ -+ if (n < 0) -+ { -+ perror("scandir"); -+ xtables_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname); -+ } -+ else -+ { -+ while(n--) -+ { -+ char fulldirname[MAX_FN_LEN]; -+ -+ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name); -+ -+ if((scratchdir = opendir(fulldirname)) != NULL) -+ { -+ closedir(scratchdir); -+ -+ if(!strcmp(namelist[n]->d_name, ".") || -+ !strcmp(namelist[n]->d_name, "..")) -+ /* do nothing */ ; -+ else -+ { -+ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1); -+ strcpy(subdirs[d], namelist[n]->d_name); -+ d++; -+ if(d >= MAX_SUBDIRS - 1) -+ { -+ fprintf(stderr, -+ "Too many subdirectories, skipping the rest!\n"); -+ break; -+ } -+ } -+ } -+ free(namelist[n]); -+ } -+ free(namelist); -+ } -+ -+ subdirs[d] = NULL; -+ -+ return subdirs; -+} -+ -+static void parse_layer7_protocol(const char *s, struct xt_layer7_info *info) -+{ -+ char filename[MAX_FN_LEN]; -+ char * dir = NULL; -+ char ** subdirs; -+ int n = 0, done = 0; -+ -+ if(strlen(l7dir) > 0) dir = l7dir; -+ else dir = "/etc/l7-protocols"; -+ -+ subdirs = readl7dir(dir); -+ -+ while(subdirs[n] != NULL) -+ { -+ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s); -+ -+ if(c > MAX_FN_LEN) -+ xtables_error(OTHER_PROBLEM, -+ "Filename beginning with %s is too long!\n", filename); -+ -+ /* read in the pattern from the file */ -+ if(parse_protocol_file(filename, s, info)){ -+ done = 1; -+ break; -+ } -+ -+ n++; -+ } -+ -+ if(!done) -+ xtables_error(OTHER_PROBLEM, -+ "Couldn't find a pattern definition file for %s.\n", s); -+ -+ /* process \xHH escapes and tolower everything. (our regex lib has no -+ case insensitivity option.) */ -+ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN); -+} -+ -+/* Function which parses command options; returns true if it ate an option */ -+static int parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_match **match) -+{ -+ struct xt_layer7_info *layer7info = -+ (struct xt_layer7_info *)(*match)->data; -+ -+ switch (c) { -+ case 'p': -+ parse_layer7_protocol(argv[optind-1], layer7info); -+ if (invert) -+ layer7info->invert = true; -+ *flags = 1; -+ break; -+ -+ case 'd': -+ if(strlen(argv[optind-1]) >= MAX_FN_LEN) -+ xtables_error(PARAMETER_PROBLEM, "directory name too long\n"); -+ -+ strncpy(l7dir, argv[optind-1], MAX_FN_LEN); -+ -+ *flags = 1; -+ break; -+ -+ default: -+ return 0; -+ } -+ -+ return 1; -+} -+ -+/* Final check; must have specified --l7proto */ -+static void final_check(unsigned int flags) -+{ -+ if (!flags) -+ xtables_error(PARAMETER_PROBLEM, -+ "LAYER7 match: You must specify `--l7proto'"); -+} -+ -+static void print_protocol(char s[], int invert, int numeric) -+{ -+ fputs("l7proto ", stdout); -+ if (invert) fputc('!', stdout); -+ printf("%s ", s); -+} -+ -+/* Prints out the matchinfo. */ -+static void print(const void *ip, -+ const struct xt_entry_match *match, -+ int numeric) -+{ -+ printf("LAYER7 "); -+ print_protocol(((struct xt_layer7_info *)match->data)->protocol, -+ ((struct xt_layer7_info *)match->data)->invert, numeric); -+} -+/* Saves the union ipt_matchinfo in parsable form to stdout. */ -+static void save(const void *ip, const struct xt_entry_match *match) -+{ -+ const struct xt_layer7_info *info = -+ (const struct xt_layer7_info*) match->data; -+ -+ printf("--l7proto %s%s ", (info->invert)? "! ":"", info->protocol); -+} -+ -+static struct xtables_match layer7 = { -+ .family = AF_INET, -+ .name = "layer7", -+ .version = XTABLES_VERSION, -+ .size = XT_ALIGN(sizeof(struct xt_layer7_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_layer7_info)), -+ .help = &help, -+ .parse = &parse, -+ .final_check = &final_check, -+ .print = &print, -+ .save = &save, -+ .extra_opts = opts -+}; -+ -+void _init(void) -+{ -+ xtables_register_match(&layer7); -+} -diff -Nur a/libxt_layer7.man b/libxt_layer7.man ---- a/extensions/libxt_layer7.man 1970-01-01 01:00:00.000000000 +0100 -+++ b/extensions/libxt_layer7.man 2008-08-22 16:00:52.000000000 +0200 -@@ -0,0 +1,14 @@ -+This module matches packets based on the application layer data of -+their connections. It uses regular expression matching to compare -+the application layer data to regular expressions found it the layer7 -+configuration files. This is an experimental module which can be found at -+http://l7-filter.sf.net. It takes two options. -+.TP -+.BI "--l7proto " "\fIprotocol\fP" -+Match the specified protocol. The protocol name must match a file -+name in /etc/l7-protocols/ or one of its first-level child directories. -+.TP -+.BI "--l7dir " "\fIdirectory\fP" -+Use \fIdirectory\fP instead of /etc/l7-protocols/. This option must be -+specified before --l7proto. -+ diff --git a/package/iptables/patches/1.4.3.2/005-imq.patch b/package/iptables/patches/1.4.3.2/005-imq.patch deleted file mode 100644 index fb5860a39..000000000 --- a/package/iptables/patches/1.4.3.2/005-imq.patch +++ /dev/null @@ -1,124 +0,0 @@ ---- /dev/null -+++ b/extensions/.IMQ-testx -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ ---- /dev/null -+++ b/extensions/libxt_IMQ.c -@@ -0,0 +1,103 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target v%s options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n", -+XTABLES_VERSION); -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (xtables_check_inverse(optarg, &invert, NULL, 0)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = AF_INET, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = AF_INET6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+void _init(void) -+{ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} ---- /dev/null -+++ b/include/linux/netfilter/xt_IMQ.h -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/package/iptables/patches/1.4.3.2/008-netfilter_include_linux_type_h.patch b/package/iptables/patches/1.4.3.2/008-netfilter_include_linux_type_h.patch deleted file mode 100644 index 761f1c497..000000000 --- a/package/iptables/patches/1.4.3.2/008-netfilter_include_linux_type_h.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -1,6 +1,7 @@ - #ifndef __LINUX_NETFILTER_H - #define __LINUX_NETFILTER_H - -+#include <linux/types.h> - - /* Responses from hook functions. */ - #define NF_DROP 0 diff --git a/package/iptables/patches/1.4.3.2/009-table-alignment.patch b/package/iptables/patches/1.4.3.2/009-table-alignment.patch deleted file mode 100644 index b11c0afd6..000000000 --- a/package/iptables/patches/1.4.3.2/009-table-alignment.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/libiptc/libiptc.c -+++ b/libiptc/libiptc.c -@@ -69,7 +69,7 @@ - struct ipt_error_target - { - STRUCT_ENTRY_TARGET t; -- char error[TABLE_MAXNAMELEN]; -+ char error[FUNCTION_MAXNAMELEN]; - }; - - struct chain_head; diff --git a/package/iptables/patches/1.4.3.2/010-xtables-parse-protocol-crash.patch b/package/iptables/patches/1.4.3.2/010-xtables-parse-protocol-crash.patch deleted file mode 100644 index e779aaa9c..000000000 --- a/package/iptables/patches/1.4.3.2/010-xtables-parse-protocol-crash.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -ur iptables-1.4.3.2.orig/xtables.c iptables-1.4.3.2/xtables.c ---- iptables-1.4.3.2.orig/xtables.c 2009-05-03 16:17:53.000000000 +0200 -+++ iptables-1.4.3.2/xtables.c 2009-05-03 16:27:37.000000000 +0200 -@@ -1502,7 +1502,8 @@ - else { - unsigned int i; - for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) { -- if (strcmp(s, xtables_chain_protos[i].name) == 0) { -+ if ((xtables_chain_protos[i].name != NULL) && -+ (strcmp(s, xtables_chain_protos[i].name) == 0)) { - proto = xtables_chain_protos[i].num; - break; - } |