diff options
Diffstat (limited to 'package/iptables')
-rw-r--r-- | package/iptables/patches/001-ipp2p-0.8.1rc1.patch | 27 | ||||
-rw-r--r-- | package/iptables/patches/002-layer7-1.5nbd.patch | 28 | ||||
-rw-r--r-- | package/iptables/patches/004-multiport_v1.patch | 21 | ||||
-rw-r--r-- | package/iptables/patches/005-imq1.patch | 25 | ||||
-rw-r--r-- | package/iptables/patches/006-iprange-typesh.patch | 6 | ||||
-rw-r--r-- | package/iptables/patches/008-chaostables.patch | 42 |
6 files changed, 86 insertions, 63 deletions
diff --git a/package/iptables/patches/001-ipp2p-0.8.1rc1.patch b/package/iptables/patches/001-ipp2p-0.8.1rc1.patch index f7129b456..06397410b 100644 --- a/package/iptables/patches/001-ipp2p-0.8.1rc1.patch +++ b/package/iptables/patches/001-ipp2p-0.8.1rc1.patch @@ -1,9 +1,10 @@ -diff -urN iptables.old/extensions/Makefile iptables.dev/extensions/Makefile ---- iptables.old/extensions/Makefile 2005-07-20 04:22:56.000000000 +0200 -+++ iptables.dev/extensions/Makefile 2006-03-23 14:42:28.000000000 +0100 -@@ -8,6 +8,10 @@ - PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG - PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE +Index: iptables-1.3.7/extensions/Makefile +=================================================================== +--- iptables-1.3.7.orig/extensions/Makefile 2007-06-04 13:21:43.398379112 +0200 ++++ iptables-1.3.7/extensions/Makefile 2007-06-04 13:21:43.484366040 +0200 +@@ -13,6 +13,10 @@ + PF6_EXT_SE_SLIB:=SECMARK CONNSECMARK + endif + +# ipp2p @@ -12,9 +13,10 @@ diff -urN iptables.old/extensions/Makefile iptables.dev/extensions/Makefile # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) -diff -urN iptables.old/extensions/libipt_ipp2p.c iptables.dev/extensions/libipt_ipp2p.c ---- iptables.old/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/extensions/libipt_ipp2p.c 2006-03-23 14:43:26.000000000 +0100 +Index: iptables-1.3.7/extensions/libipt_ipp2p.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_ipp2p.c 2007-06-04 13:21:43.485365888 +0200 @@ -0,0 +1,401 @@ + +#include <stdio.h> @@ -417,9 +419,10 @@ diff -urN iptables.old/extensions/libipt_ipp2p.c iptables.dev/extensions/libipt_ + register_match(&ipp2p); +} + -diff -urN iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h ---- iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h 2006-03-23 14:44:26.000000000 +0100 +Index: iptables-1.3.7/include/linux/netfilter_ipv4/ipt_ipp2p.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/include/linux/netfilter_ipv4/ipt_ipp2p.h 2007-06-04 13:21:43.485365888 +0200 @@ -0,0 +1,31 @@ +#ifndef __IPT_IPP2P_H +#define __IPT_IPP2P_H diff --git a/package/iptables/patches/002-layer7-1.5nbd.patch b/package/iptables/patches/002-layer7-1.5nbd.patch index 95c62a860..1fc4fdeca 100644 --- a/package/iptables/patches/002-layer7-1.5nbd.patch +++ b/package/iptables/patches/002-layer7-1.5nbd.patch @@ -1,12 +1,14 @@ -diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test ---- iptables.old/extensions/.layer7-test 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/extensions/.layer7-test 2005-11-10 16:57:51.819381000 +0100 +Index: iptables-1.3.7/extensions/.layer7-test +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.layer7-test 2007-06-04 13:21:43.708331992 +0200 @@ -0,0 +1,2 @@ +#! /bin/sh +[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7 -diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h ---- iptables.old/extensions/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/extensions/ipt_layer7.h 2005-11-10 17:46:32.933599750 +0100 +Index: iptables-1.3.7/extensions/ipt_layer7.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/ipt_layer7.h 2007-06-04 13:21:43.708331992 +0200 @@ -0,0 +1,27 @@ +/* + By Matthew Strait <quadong@users.sf.net>, Dec 2003. @@ -35,9 +37,10 @@ diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer +}; + +#endif /* _IPT_LAYER7_H */ -diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c ---- iptables.old/extensions/libipt_layer7.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/extensions/libipt_layer7.c 2005-11-10 17:47:01.399378750 +0100 +Index: iptables-1.3.7/extensions/libipt_layer7.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_layer7.c 2007-06-04 13:21:43.709331840 +0200 @@ -0,0 +1,358 @@ +/* + Shared library add-on to iptables to add layer 7 matching support. @@ -397,9 +400,10 @@ diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt +{ + register_match(&layer7); +} -diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man ---- iptables.old/extensions/libipt_layer7.man 1970-01-01 01:00:00.000000000 +0100 -+++ iptables.dev/extensions/libipt_layer7.man 2005-11-10 16:57:51.823381250 +0100 +Index: iptables-1.3.7/extensions/libipt_layer7.man +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_layer7.man 2007-06-04 13:21:43.709331840 +0200 @@ -0,0 +1,13 @@ +This module matches packets based on the application layer data of +their connections. It uses regular expression matching to compare diff --git a/package/iptables/patches/004-multiport_v1.patch b/package/iptables/patches/004-multiport_v1.patch index 90b5144c7..46821383e 100644 --- a/package/iptables/patches/004-multiport_v1.patch +++ b/package/iptables/patches/004-multiport_v1.patch @@ -1,6 +1,7 @@ -diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/libipt_multiport.c ---- iptables.old/extensions/libipt_multiport.c 2005-02-19 20:19:17.000000000 +0100 -+++ iptables.dev/extensions/libipt_multiport.c 2006-02-04 05:46:12.154127750 +0100 +Index: iptables-1.3.7/extensions/libipt_multiport.c +=================================================================== +--- iptables-1.3.7.orig/extensions/libipt_multiport.c 2007-06-04 13:21:43.344387320 +0200 ++++ iptables-1.3.7/extensions/libipt_multiport.c 2007-06-04 13:21:43.932297944 +0200 @@ -8,24 +8,6 @@ /* To ensure that iptables compiles with an old kernel */ #include "../include/linux/netfilter_ipv4/ipt_multiport.h" @@ -26,8 +27,8 @@ diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/lib static void help_v1(void) { -@@ -75,26 +57,6 @@ - "invalid port/service `%s' specified", port); +@@ -68,26 +50,6 @@ + } } -static unsigned int @@ -53,8 +54,8 @@ diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/lib static void parse_multi_ports_v1(const char *portstring, struct ipt_multiport_v1 *multiinfo, -@@ -160,58 +122,6 @@ - "multiport only works with TCP or UDP"); +@@ -153,58 +115,6 @@ + "multiport only works with TCP, UDP, SCTP and DCCP"); } -/* Function which parses command options; returns true if it @@ -112,7 +113,7 @@ diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/lib static int parse_v1(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, -@@ -289,43 +199,6 @@ +@@ -281,43 +191,6 @@ printf("%s", service); } @@ -156,7 +157,7 @@ diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/lib static void print_v1(const struct ipt_ip *ip, const struct ipt_entry_match *match, -@@ -369,34 +242,6 @@ +@@ -361,34 +234,6 @@ printf(" "); } @@ -191,7 +192,7 @@ diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/lib static void save_v1(const struct ipt_ip *ip, const struct ipt_entry_match *match) { -@@ -432,19 +277,20 @@ +@@ -424,19 +269,20 @@ printf(" "); } diff --git a/package/iptables/patches/005-imq1.patch b/package/iptables/patches/005-imq1.patch index acb952f43..49ce9df65 100644 --- a/package/iptables/patches/005-imq1.patch +++ b/package/iptables/patches/005-imq1.patch @@ -1,11 +1,15 @@ ---- iptables-1.3.6.orig/extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970 -+++ iptables-1.3.6/extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003 +Index: iptables-1.3.7/extensions/.IMQ-test6 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.IMQ-test6 2007-06-04 13:21:44.124268760 +0200 @@ -0,0 +1,3 @@ +#!/bin/sh +# True if IMQ target patch is applied. +[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ ---- iptables-1.3.6.orig/extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970 -+++ iptables-1.3.6/extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003 +Index: iptables-1.3.7/extensions/libip6t_IMQ.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libip6t_IMQ.c 2007-06-04 13:21:44.125268608 +0200 @@ -0,0 +1,101 @@ +/* Shared library add-on to iptables to add IMQ target support. */ +#include <stdio.h> @@ -108,14 +112,18 @@ +{ + register_target6(&imq); +} ---- iptables-1.3.6.orig/extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970 -+++ iptables-1.3.6/extensions/.IMQ-test Mon Jun 16 10:12:47 2003 +Index: iptables-1.3.7/extensions/.IMQ-test +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.IMQ-test 2007-06-04 13:21:44.125268608 +0200 @@ -0,0 +1,3 @@ +#!/bin/sh +# True if IMQ target patch is applied. +[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ ---- iptables-1.3.6.orig/extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970 -+++ iptables-1.3.6/extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003 +Index: iptables-1.3.7/extensions/libipt_IMQ.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_IMQ.c 2007-06-04 13:21:44.125268608 +0200 @@ -0,0 +1,101 @@ +/* Shared library add-on to iptables to add IMQ target support. */ +#include <stdio.h> @@ -218,4 +226,3 @@ +{ + register_target(&imq); +} - diff --git a/package/iptables/patches/006-iprange-typesh.patch b/package/iptables/patches/006-iprange-typesh.patch index 2dc60d44b..4b4e16f28 100644 --- a/package/iptables/patches/006-iprange-typesh.patch +++ b/package/iptables/patches/006-iprange-typesh.patch @@ -1,5 +1,7 @@ ---- iptables-1.3.5/extensions/libipt_iprange.c.orig 2006-12-05 19:28:58.000000000 +0100 -+++ iptables-1.3.5/extensions/libipt_iprange.c 2006-12-05 19:30:28.000000000 +0100 +Index: iptables-1.3.7/extensions/libipt_iprange.c +=================================================================== +--- iptables-1.3.7.orig/extensions/libipt_iprange.c 2007-06-04 13:21:43.288395832 +0200 ++++ iptables-1.3.7/extensions/libipt_iprange.c 2007-06-04 13:21:44.343235472 +0200 @@ -6,6 +6,7 @@ #include <getopt.h> diff --git a/package/iptables/patches/008-chaostables.patch b/package/iptables/patches/008-chaostables.patch index 7fc1aab45..25e686a84 100644 --- a/package/iptables/patches/008-chaostables.patch +++ b/package/iptables/patches/008-chaostables.patch @@ -1,18 +1,21 @@ -diff -ruN iptables-1.3.5.orig/extensions/.CHAOS-test iptables-1.3.5/extensions/.CHAOS-test ---- iptables-1.3.5.orig/extensions/.CHAOS-test 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/.CHAOS-test 2007-01-09 16:05:23.251885840 +0100 +Index: iptables-1.3.7/extensions/.CHAOS-test +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.CHAOS-test 2007-06-04 13:21:44.537205984 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +[ -f "$KERNEL_DIR/include/linux/netfilter/xt_CHAOS.h" ] && echo "CHAOS"; -diff -ruN iptables-1.3.5.orig/extensions/.DELUDE-test iptables-1.3.5/extensions/.DELUDE-test ---- iptables-1.3.5.orig/extensions/.DELUDE-test 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/.DELUDE-test 2007-01-09 16:05:18.104057722 +0100 +Index: iptables-1.3.7/extensions/.DELUDE-test +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.DELUDE-test 2007-06-04 13:21:44.537205984 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +echo "DELUDE"; -diff -ruN iptables-1.3.5.orig/extensions/libipt_CHAOS.c iptables-1.3.5/extensions/libipt_CHAOS.c ---- iptables-1.3.5.orig/extensions/libipt_CHAOS.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/libipt_CHAOS.c 2007-01-09 16:05:23.251885840 +0100 +Index: iptables-1.3.7/extensions/libipt_CHAOS.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_CHAOS.c 2007-06-04 13:21:44.537205984 +0200 @@ -0,0 +1,111 @@ +/* + CHAOS target for iptables @@ -125,9 +128,10 @@ diff -ruN iptables-1.3.5.orig/extensions/libipt_CHAOS.c iptables-1.3.5/extension + register_target(&libipt_chaos_info); + return; +} -diff -ruN iptables-1.3.5.orig/extensions/libipt_DELUDE.c iptables-1.3.5/extensions/libipt_DELUDE.c ---- iptables-1.3.5.orig/extensions/libipt_DELUDE.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/libipt_DELUDE.c 2007-01-09 16:05:18.104057722 +0100 +Index: iptables-1.3.7/extensions/libipt_DELUDE.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_DELUDE.c 2007-06-04 13:21:44.537205984 +0200 @@ -0,0 +1,66 @@ +/* + DELUDE target for iptables @@ -195,9 +199,10 @@ diff -ruN iptables-1.3.5.orig/extensions/libipt_DELUDE.c iptables-1.3.5/extensio + register_target(&libipt_delude_info); + return; +} -diff -ruN iptables-1.3.5.orig/extensions/libipt_portscan.c iptables-1.3.5/extensions/libipt_portscan.c ---- iptables-1.3.5.orig/extensions/libipt_portscan.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/libipt_portscan.c 2007-01-09 16:05:14.228187134 +0100 +Index: iptables-1.3.7/extensions/libipt_portscan.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_portscan.c 2007-06-04 13:21:44.538205832 +0200 @@ -0,0 +1,129 @@ +/* + portscan match for iptables @@ -328,9 +333,10 @@ diff -ruN iptables-1.3.5.orig/extensions/libipt_portscan.c iptables-1.3.5/extens + register_match(&libipt_portscan_info); + return; +} -diff -ruN iptables-1.3.5.orig/extensions/.portscan-test iptables-1.3.5/extensions/.portscan-test ---- iptables-1.3.5.orig/extensions/.portscan-test 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.3.5/extensions/.portscan-test 2007-01-09 16:05:14.228187134 +0100 +Index: iptables-1.3.7/extensions/.portscan-test +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/.portscan-test 2007-06-04 13:21:44.538205832 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +[ -f "$KERNEL_DIR/include/linux/netfilter/xt_portscan.h" ] && echo "portscan"; |