ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-09 20:31:35 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

iptables: update to 1.8.6

Browse Source 
Update iptables to 1.8.6

ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt

Refresh patch:
101-remove-check-already.patch

Signed-off-by: Curtis Deptuck <curtdept@me.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
This commit is contained in:
Curtis Deptuck 2020-12-02 17:28:39 -07:00 committed by Hans Dedecker
parent 4ebec0b3e2
commit 2e590a6364
7 changed files with 32 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/network/utils/iptables/Makefile
View File

@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables PKG_NAME:=iptables
PKG_VERSION:=1.8.4 PKG_VERSION:=1.8.6
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c PKG_HASH:=a0f4fe0c3eb8faa5bd9c8376d132f340b9558e750c91deb2d5028aa3d0047767
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared PKG_FLAGS:=nonshared

25
package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch
View File

@ -15,8 +15,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
include/linux/netfilter/xt_connmark.h | 10 + include/linux/netfilter/xt_connmark.h | 10 +
2 files changed, 324 insertions(+), 1 deletion(-) 2 files changed, 324 insertions(+), 1 deletion(-)
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 21e10913..c777b110 100644
--- a/extensions/libxt_CONNMARK.c --- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c
@@ -22,6 +22,7 @@ @@ -22,6 +22,7 @@
@ -47,7 +45,7 @@ index 21e10913..c777b110 100644
}; };
static const char *const xt_connmark_shift_ops[] = { static const char *const xt_connmark_shift_ops[] = {
@@ -114,6 +118,8 @@ static const struct xt_option_entry connmark_tg_opts[] = { @@ -114,6 +118,8 @@ static const struct xt_option_entry conn
.excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)}, .excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)},
{.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32, {.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32,
.excl = F_CTMASK | F_NFMASK}, .excl = F_CTMASK | F_NFMASK},
@ -56,7 +54,7 @@ index 21e10913..c777b110 100644
XTOPT_TABLEEND, XTOPT_TABLEEND,
}; };
#undef s #undef s
@@ -148,6 +154,38 @@ static const struct xt_option_entry connmark_tg_opts_v2[] = { @@ -148,6 +154,38 @@ static const struct xt_option_entry conn
}; };
#undef s #undef s
@ -111,7 +109,7 @@ index 21e10913..c777b110 100644
static void connmark_tg_init(struct xt_entry_target *target) static void connmark_tg_init(struct xt_entry_target *target)
{ {
struct xt_connmark_tginfo1 *info = (void *)target->data; struct xt_connmark_tginfo1 *info = (void *)target->data;
@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct xt_entry_target *target) @@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct x
info->shift_bits = 0; info->shift_bits = 0;
} }
@ -128,7 +126,7 @@ index 21e10913..c777b110 100644
static void CONNMARK_parse(struct xt_option_call *cb) static void CONNMARK_parse(struct xt_option_call *cb)
{ {
struct xt_connmark_target_info *markinfo = cb->data; struct xt_connmark_target_info *markinfo = cb->data;
@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_option_call *cb) @@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_
info->ctmark = cb->val.u32; info->ctmark = cb->val.u32;
info->ctmask = 0; info->ctmask = 0;
break; break;
@ -152,7 +150,7 @@ index 21e10913..c777b110 100644
case O_SAVE_MARK: case O_SAVE_MARK:
info->mode = XT_CONNMARK_SAVE; info->mode = XT_CONNMARK_SAVE;
break; break;
@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct xt_option_call *cb) @@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct
} }
} }
@ -231,7 +229,7 @@ index 21e10913..c777b110 100644
static void connmark_tg_check(struct xt_fcheck_call *cb) static void connmark_tg_check(struct xt_fcheck_call *cb)
{ {
if (!(cb->xflags & F_OP_ANY)) if (!(cb->xflags & F_OP_ANY))
@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, const struct xt_entry_target *target, @@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, con
} }
} }
@ -297,7 +295,7 @@ index 21e10913..c777b110 100644
static void CONNMARK_save(const void *ip, const struct xt_entry_target *target) static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
{ {
const struct xt_connmark_target_info *markinfo = const struct xt_connmark_target_info *markinfo =
@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, const struct xt_entry_target *target) @@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, cons
} }
} }
@ -336,7 +334,7 @@ index 21e10913..c777b110 100644
static int connmark_tg_xlate(struct xt_xlate *xl, static int connmark_tg_xlate(struct xt_xlate *xl,
const struct xt_xlate_tg_params *params) const struct xt_xlate_tg_params *params)
{ {
@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl, @@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct x
return 1; return 1;
} }
@ -403,7 +401,7 @@ index 21e10913..c777b110 100644
static struct xtables_target connmark_tg_reg[] = { static struct xtables_target connmark_tg_reg[] = {
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg_reg[] = { @@ -687,6 +984,22 @@ static struct xtables_target connmark_tg
.x6_options = connmark_tg_opts_v2, .x6_options = connmark_tg_opts_v2,
.xlate = connmark_tg_xlate_v2, .xlate = connmark_tg_xlate_v2,
}, },
@ -426,8 +424,6 @@ index 21e10913..c777b110 100644
}; };
void _init(void) void _init(void)
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index bbf2acc9..1d8e721c 100644
--- a/include/linux/netfilter/xt_connmark.h --- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h +++ b/include/linux/netfilter/xt_connmark.h
@@ -18,6 +18,11 @@ enum { @@ -18,6 +18,11 @@ enum {
@ -454,6 +450,3 @@ index bbf2acc9..1d8e721c 100644
struct xt_connmark_mtinfo1 { struct xt_connmark_mtinfo1 {
__u32 mark, mask; __u32 mark, mask;
__u8 invert; __u8 invert;
--
2.21.0 (Apple Git-122.2)

12
package/network/utils/iptables/patches/101-remove-check-already.patch
View File

@ -1,9 +1,9 @@
--- a/libxtables/xtables.c --- a/libxtables/xtables.c
+++ b/libxtables/xtables.c +++ b/libxtables/xtables.c
@@ -903,12 +903,6 @@ static void xtables_check_options(const @@ -968,12 +968,6 @@ void xtables_register_match(struct xtabl
struct xtables_match **pos;
bool seen_myself = false;
void xtables_register_match(struct xtables_match *me)
{
- if (me->next) { - if (me->next) {
- fprintf(stderr, "%s: match \"%s\" already registered\n", - fprintf(stderr, "%s: match \"%s\" already registered\n",
- xt_params->program_name, me->name); - xt_params->program_name, me->name);
@ -13,10 +13,10 @@
if (me->version == NULL) { if (me->version == NULL) {
fprintf(stderr, "%s: match %s<%u> is missing a version\n", fprintf(stderr, "%s: match %s<%u> is missing a version\n",
xt_params->program_name, me->name, me->revision); xt_params->program_name, me->name, me->revision);
@@ -1096,12 +1090,6 @@ void xtables_register_matches(struct xta @@ -1152,12 +1146,6 @@ void xtables_register_target(struct xtab
struct xtables_target **pos;
bool seen_myself = false;
void xtables_register_target(struct xtables_target *me)
{
- if (me->next) { - if (me->next) {
- fprintf(stderr, "%s: target \"%s\" already registered\n", - fprintf(stderr, "%s: target \"%s\" already registered\n",
- xt_params->program_name, me->name); - xt_params->program_name, me->name);

4
package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch
View File

@ -1,6 +1,6 @@
--- a/libxtables/xtables.c --- a/libxtables/xtables.c
+++ b/libxtables/xtables.c +++ b/libxtables/xtables.c
@@ -360,6 +360,7 @@ static char *get_modprobe(void) @@ -403,6 +403,7 @@ static char *get_modprobe(void)
int xtables_insmod(const char *modname, const char *modprobe, bool quiet) int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
{ {
@ -8,7 +8,7 @@
char *buf = NULL; char *buf = NULL;
char *argv[4]; char *argv[4];
int status; int status;
@@ -394,6 +395,7 @@ int xtables_insmod(const char *modname, @@ -437,6 +438,7 @@ int xtables_insmod(const char *modname,
free(buf); free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0; return 0;

2
package/network/utils/iptables/patches/200-configurable_builtin.patch
View File

@ -60,7 +60,7 @@
.SECONDARY: .SECONDARY:
@@ -148,11 +168,11 @@ libext4.a: initext4.o ${libext4_objs} @@ -161,11 +181,11 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs} libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^; ${AM_VERBOSE_AR} ${AR} crs $@ $^;

4
package/network/utils/iptables/patches/600-shared-libext.patch
View File

@ -9,7 +9,7 @@
targets_install := targets_install :=
libext_objs := ${pfx_objs} libext_objs := ${pfx_objs}
libext_ebt_objs := ${pfb_objs} libext_ebt_objs := ${pfb_objs}
@@ -119,7 +119,7 @@ clean: @@ -132,7 +132,7 @@ clean:
distclean: clean distclean: clean
init%.o: init%.c init%.o: init%.c
@ -18,7 +18,7 @@
-include .*.d -include .*.d
@@ -151,22 +151,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn @@ -164,22 +164,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
# handling code in the Makefiles. # handling code in the Makefiles.
# #
lib%.o: ${srcdir}/lib%.c lib%.o: ${srcdir}/lib%.c

20
package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
View File

@ -1,6 +1,6 @@
--- a/extensions/libxt_conntrack.c --- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c
@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x @@ -1395,6 +1395,7 @@ static int conntrack3_mt6_xlate(struct x
} }
static struct xtables_match conntrack_mt_reg[] = { static struct xtables_match conntrack_mt_reg[] = {
@ -8,7 +8,7 @@
{ {
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
.name = "conntrack", .name = "conntrack",
@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt @@ -1470,6 +1471,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias, .alias = conntrack_print_name_alias,
.x6_options = conntrack2_mt_opts, .x6_options = conntrack2_mt_opts,
}, },
@ -16,7 +16,7 @@
{ {
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
.name = "conntrack", .name = "conntrack",
@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt @@ -1502,6 +1504,7 @@ static struct xtables_match conntrack_mt
.x6_options = conntrack3_mt_opts, .x6_options = conntrack3_mt_opts,
.xlate = conntrack3_mt6_xlate, .xlate = conntrack3_mt6_xlate,
}, },
@ -24,7 +24,7 @@
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "state", .name = "state",
@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt @@ -1532,6 +1535,8 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse, .x6_parse = state_ct23_parse,
.x6_options = state_opts, .x6_options = state_opts,
}, },
@ -33,7 +33,7 @@
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "state", .name = "state",
@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt @@ -1561,6 +1566,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_parse, .x6_parse = state_parse,
.x6_options = state_opts, .x6_options = state_opts,
}, },
@ -43,7 +43,7 @@
void _init(void) void _init(void)
--- a/extensions/libxt_CT.c --- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c
@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x @@ -363,6 +363,7 @@ static int xlate_ct1_tg(struct xt_xlate
} }
static struct xtables_target ct_target_reg[] = { static struct xtables_target ct_target_reg[] = {
@ -51,7 +51,7 @@
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "CT", .name = "CT",
@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r @@ -388,6 +389,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1, .x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1, .x6_options = ct_opts_v1,
}, },
@ -59,15 +59,15 @@
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "CT", .name = "CT",
@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r @@ -403,6 +405,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1, .x6_options = ct_opts_v1,
.xlate = xlate_ct1_tg,
}, },
+#ifndef NO_LEGACY +#ifndef NO_LEGACY
{ {
.family = NFPROTO_UNSPEC, .family = NFPROTO_UNSPEC,
.name = "NOTRACK", .name = "NOTRACK",
@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r @@ -441,6 +444,7 @@ static struct xtables_target ct_target_r
.revision = 0, .revision = 0,
.version = XTABLES_VERSION, .version = XTABLES_VERSION,
}, },