Revert "iptables: update to 1.4.18" due to toolchain-issue: binaries …

…cause segfaults when stripped on ar71xx SVN-Revision: 35894
hrdinka · Mar 6, 2013 · bacd716 · bacd716
1 parent c3faa6b
commit bacd716
Show file tree

Hide file tree

Showing 11 changed files with 512 additions and 105 deletions.
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
@@ -9,15 +9,15 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
-PKG_VERSION:=1.4.18
-PKG_RELEASE:=1
+PKG_VERSION:=1.4.10
+PKG_RELEASE:=5
 
+PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
 	ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
 	ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
 	ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
-PKG_MD5SUM:=a819199d5ec013b82da13a8ffbba857e
 
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
@@ -49,13 +49,13 @@ endef
 
 define Package/iptables
 $(call Package/iptables/Default)
-  TITLE:=IP firewall administration tool
+  TITLE:=IPv4 firewall administration tool
   MENU:=1
-  DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
+  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
 endef
 
 define Package/iptables/description
-IP firewall administration tool.
+IPv4 firewall administration tool.
 
  Matches:
   - icmp
@@ -300,7 +300,7 @@ endef
 
 define Package/ip6tables
 $(call Package/iptables/Default)
-  DEPENDS:=@IPV6 +kmod-ip6tables +iptables
+  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
   CATEGORY:=IPv6
   TITLE:=IPv6 firewall administration tool
   MENU:=1
@@ -365,9 +365,9 @@ define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
 
 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
+	$(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
 
@@ -382,14 +382,21 @@ endef
 
 define Package/iptables/install
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
-	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
+	$(LN) iptables $(1)/usr/sbin/iptables-save
+	$(LN) iptables $(1)/usr/sbin/iptables-restore
 	$(INSTALL_DIR) $(1)/usr/lib/iptables
 endef
 
 define Package/ip6tables/install
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
+	$(LN) ip6tables $(1)/usr/sbin/ip6tables-save
+	$(LN) ip6tables $(1)/usr/sbin/ip6tables-restore
+	$(INSTALL_DIR) $(1)/usr/lib/iptables
+	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
+		$(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
+	)
 endef
 
 define Package/libiptc/install

diff --git a/package/network/utils/iptables/patches/009-table-alignment.patch b/package/network/utils/iptables/patches/009-table-alignment.patch
@@ -0,0 +1,11 @@
+--- a/libiptc/libiptc.c
++++ b/libiptc/libiptc.c
+@@ -69,7 +69,7 @@ static const char *hooknames[] = {
+ struct ipt_error_target
+ {
+ 	STRUCT_ENTRY_TARGET t;
+-	char error[TABLE_MAXNAMELEN];
++	char error[FUNCTION_MAXNAMELEN];
+ };
+
+ struct chain_head;
diff --git a/package/network/utils/iptables/patches/010-multiport-linux-2.4-compat.patch b/package/network/utils/iptables/patches/010-multiport-linux-2.4-compat.patch
@@ -0,0 +1,265 @@
+--- a/extensions/libxt_multiport.c
++++ b/extensions/libxt_multiport.c
+@@ -15,21 +15,6 @@
+ #include <linux/netfilter/xt_multiport.h>
+
+ /* Function which prints out usage message. */
+-static void multiport_help(void)
+-{
+-	printf(
+-"multiport match options:\n"
+-" --source-ports port[,port,port...]\n"
+-" --sports ...\n"
+-"				match source port(s)\n"
+-" --destination-ports port[,port,port...]\n"
+-" --dports ...\n"
+-"				match destination port(s)\n"
+-" --ports port[,port,port]\n"
+-"				match both source and destination port(s)\n"
+-" NOTE: this kernel does not support port ranges in multiport.\n");
+-}
+-
+ static void multiport_help_v1(void)
+ {
+ 	printf(
+@@ -72,26 +57,6 @@ proto_to_name(u_int8_t proto)
+ 	}
+ }
+
+-static unsigned int
+-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+-{
+-	char *buffer, *cp, *next;
+-	unsigned int i;
+-
+-	buffer = strdup(portstring);
+-	if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
+-
+-	for (cp=buffer, i=0; cp && i<XT_MULTI_PORTS; cp=next,i++)
+-	{
+-		next=strchr(cp, ',');
+-		if (next) *next++='\0';
+-		ports[i] = xtables_parse_port(cp, proto);
+-	}
+-	if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
+-	free(buffer);
+-	return i;
+-}
+-
+ static void
+ parse_multi_ports_v1(const char *portstring, 
+ 		     struct xt_multiport_v1 *multiinfo,
+@@ -155,73 +120,6 @@ check_proto(u_int16_t pnum, u_int8_t inv
+ /* Function which parses command options; returns true if it
+    ate an option */
+ static int
+-__multiport_parse(int c, char **argv, int invert, unsigned int *flags,
+-                  struct xt_entry_match **match, u_int16_t pnum,
+-                  u_int8_t invflags)
+-{
+-	const char *proto;
+-	struct xt_multiport *multiinfo
+-		= (struct xt_multiport *)(*match)->data;
+-
+-	switch (c) {
+-	case '1':
+-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+-		proto = check_proto(pnum, invflags);
+-		multiinfo->count = parse_multi_ports(optarg,
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = XT_MULTIPORT_SOURCE;
+-		break;
+-
+-	case '2':
+-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+-		proto = check_proto(pnum, invflags);
+-		multiinfo->count = parse_multi_ports(optarg,
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = XT_MULTIPORT_DESTINATION;
+-		break;
+-
+-	case '3':
+-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+-		proto = check_proto(pnum, invflags);
+-		multiinfo->count = parse_multi_ports(optarg,
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = XT_MULTIPORT_EITHER;
+-		break;
+-
+-	default:
+-		return 0;
+-	}
+-
+-	if (invert)
+-		xtables_error(PARAMETER_PROBLEM,
+-			   "multiport does not support invert");
+-
+-	if (*flags)
+-		xtables_error(PARAMETER_PROBLEM,
+-			   "multiport can only have one option");
+-	*flags = 1;
+-	return 1;
+-}
+-
+-static int
+-multiport_parse(int c, char **argv, int invert, unsigned int *flags,
+-                const void *e, struct xt_entry_match **match)
+-{
+-	const struct ipt_entry *entry = e;
+-	return __multiport_parse(c, argv, invert, flags, match,
+-	       entry->ip.proto, entry->ip.invflags);
+-}
+-
+-static int
+-multiport_parse6(int c, char **argv, int invert, unsigned int *flags,
+-                 const void *e, struct xt_entry_match **match)
+-{
+-	const struct ip6t_entry *entry = e;
+-	return __multiport_parse(c, argv, invert, flags, match,
+-	       entry->ipv6.proto, entry->ipv6.invflags);
+-}
+-
+-static int
+ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
+                      struct xt_entry_match **match, u_int16_t pnum,
+                      u_int8_t invflags)
+@@ -314,55 +212,6 @@ print_port(u_int16_t port, u_int8_t prot
+ }
+
+ /* Prints out the matchinfo. */
+-static void
+-__multiport_print(const struct xt_entry_match *match, int numeric,
+-                  u_int16_t proto)
+-{
+-	const struct xt_multiport *multiinfo
+-		= (const struct xt_multiport *)match->data;
+-	unsigned int i;
+-
+-	printf("multiport ");
+-
+-	switch (multiinfo->flags) {
+-	case XT_MULTIPORT_SOURCE:
+-		printf("sports ");
+-		break;
+-
+-	case XT_MULTIPORT_DESTINATION:
+-		printf("dports ");
+-		break;
+-
+-	case XT_MULTIPORT_EITHER:
+-		printf("ports ");
+-		break;
+-
+-	default:
+-		printf("ERROR ");
+-		break;
+-	}
+-
+-	for (i=0; i < multiinfo->count; i++) {
+-		printf("%s", i ? "," : "");
+-		print_port(multiinfo->ports[i], proto, numeric);
+-	}
+-	printf(" ");
+-}
+-
+-static void multiport_print(const void *ip_void,
+-                            const struct xt_entry_match *match, int numeric)
+-{
+-	const struct ipt_ip *ip = ip_void;
+-	__multiport_print(match, numeric, ip->proto);
+-}
+-
+-static void multiport_print6(const void *ip_void,
+-                             const struct xt_entry_match *match, int numeric)
+-{
+-	const struct ip6t_ip6 *ip = ip_void;
+-	__multiport_print(match, numeric, ip->proto);
+-}
+-
+ static void __multiport_print_v1(const struct xt_entry_match *match,
+                                  int numeric, u_int16_t proto)
+ {
+@@ -419,48 +268,6 @@ static void multiport_print6_v1(const vo
+ }
+
+ /* Saves the union ipt_matchinfo in parsable form to stdout. */
+-static void __multiport_save(const struct xt_entry_match *match,
+-                             u_int16_t proto)
+-{
+-	const struct xt_multiport *multiinfo
+-		= (const struct xt_multiport *)match->data;
+-	unsigned int i;
+-
+-	switch (multiinfo->flags) {
+-	case XT_MULTIPORT_SOURCE:
+-		printf("--sports ");
+-		break;
+-
+-	case XT_MULTIPORT_DESTINATION:
+-		printf("--dports ");
+-		break;
+-
+-	case XT_MULTIPORT_EITHER:
+-		printf("--ports ");
+-		break;
+-	}
+-
+-	for (i=0; i < multiinfo->count; i++) {
+-		printf("%s", i ? "," : "");
+-		print_port(multiinfo->ports[i], proto, 1);
+-	}
+-	printf(" ");
+-}
+-
+-static void multiport_save(const void *ip_void,
+-                           const struct xt_entry_match *match)
+-{
+-	const struct ipt_ip *ip = ip_void;
+-	__multiport_save(match, ip->proto);
+-}
+-
+-static void multiport_save6(const void *ip_void,
+-                            const struct xt_entry_match *match)
+-{
+-	const struct ip6t_ip6 *ip = ip_void;
+-	__multiport_save(match, ip->proto);
+-}
+-
+ static void __multiport_save_v1(const struct xt_entry_match *match,
+                                 u_int16_t proto)
+ {
+@@ -514,34 +321,6 @@ static struct xtables_match multiport_mt
+ 	{
+ 		.family        = NFPROTO_IPV4,
+ 		.name          = "multiport",
+-		.revision      = 0,
+-		.version       = XTABLES_VERSION,
+-		.size          = XT_ALIGN(sizeof(struct xt_multiport)),
+-		.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+-		.help          = multiport_help,
+-		.parse         = multiport_parse,
+-		.final_check   = multiport_check,
+-		.print         = multiport_print,
+-		.save          = multiport_save,
+-		.extra_opts    = multiport_opts,
+-	},
+-	{
+-		.family        = NFPROTO_IPV6,
+-		.name          = "multiport",
+-		.revision      = 0,
+-		.version       = XTABLES_VERSION,
+-		.size          = XT_ALIGN(sizeof(struct xt_multiport)),
+-		.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+-		.help          = multiport_help,
+-		.parse         = multiport_parse6,
+-		.final_check   = multiport_check,
+-		.print         = multiport_print6,
+-		.save          = multiport_save6,
+-		.extra_opts    = multiport_opts,
+-	},
+-	{
+-		.family        = NFPROTO_IPV4,
+-		.name          = "multiport",
+ 		.version       = XTABLES_VERSION,
+ 		.revision      = 1,
+ 		.size          = XT_ALIGN(sizeof(struct xt_multiport_v1)),