Commit 35dc775b authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

iptables: bump to version 1.6.0 



Add option for nftables compat utilies and for bpf compiler/nfsynproxy
configuration tool.

Drop symlink trickery since it's not required any more.

Switch homepage to proper one and drop the kernel v2.4+ note since
that's not supported by buildroot anyway.

Drop most patches (except musl build) since they're upstream.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 5203541a

package/iptables/0001-fix-static-link.patch

deleted100644 → 0
+0 −68
Original line number Diff line number Diff line 
From 76e230e41947576efb96e86e605bb84015cdb287 Mon Sep 17 00:00:00 2001

From: Jan Engelhardt <jengelh@inai.de>

Date: Tue, 13 Aug 2013 19:02:06 +0000

Subject: iptables: link against libnetfilter_conntrack



Linking currently fails in --enable-static case:



../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name':

iptables/extensions/libxt_connlabel.c:57: undefined reference to `nfct_labelmap_get_name'

[..]

It's libxtables.la(libxt_connlabel.o) using libnetfilter_conntrack.



If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@

and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty,

therefore producing no harm to include unconditionally.



[Gustavo: update for iptables 1.4.21]

Reported-and-tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Signed-off-by: Florian Westphal <fw@strlen.de>

---

diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in

index 14e7c57..780e715 100644

--- a/extensions/GNUmakefile.in

+++ b/extensions/GNUmakefile.in

@@ -21,7 +21,7 @@ regular_CPPFLAGS   = @regular_CPPFLAGS@

 kinclude_CPPFLAGS  = @kinclude_CPPFLAGS@

 

 AM_CFLAGS       = ${regular_CFLAGS}

-AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS} ${CPPFLAGS}

+AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS} ${CPPFLAGS} @libnetfilter_conntrack_CFLAGS@

 AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@

 AM_LDFLAGS      = @noundef_LDFLAGS@

 

@@ -93,7 +93,7 @@ lib%.so: lib%.oo

 	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};

 

 lib%.oo: ${srcdir}/lib%.c

-	${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} ${$*_CFLAGADD} -o $@ -c $<;

+	${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;

 

 libxt_NOTRACK.so: libxt_CT.so

 	ln -fs $< $@

@@ -103,9 +103,7 @@ libxt_state.so: libxt_conntrack.so

 # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD

 xt_RATEEST_LIBADD   = -lm

 xt_statistic_LIBADD = -lm

-@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_LIBADD = @libnetfilter_conntrack_LIBS@

-

-@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_CFLAGADD = @libnetfilter_conntrack_CFLAGS@

+xt_connlabel_LIBADD = @libnetfilter_conntrack_LIBS@

 

 #

 #	Static bits

diff --git a/libxtables/Makefile.am b/libxtables/Makefile.am

index c5795fe..4267cb5 100644

--- a/libxtables/Makefile.am

+++ b/libxtables/Makefile.am

@@ -10,7 +10,7 @@ libxtables_la_LIBADD  =

 if ENABLE_STATIC

 # With --enable-static, shipped extensions are linked into the main executable,

 # so we need all the LIBADDs here too

-libxtables_la_LIBADD += -lm

+libxtables_la_LIBADD += -lm ${libnetfilter_conntrack_LIBS}

 endif

 if ENABLE_SHARED

 libxtables_la_CFLAGS  = ${AM_CFLAGS}

--

cgit v0.9.2

package/iptables/0002-iptables-ip-6-tables-save.c-remove-dlfcn.h-include.patch

deleted100644 → 0
+0 −47
Original line number Diff line number Diff line 
From 2efdcf332a40431c6584970bb0c68712d14d409b Mon Sep 17 00:00:00 2001

From: Gustavo Zacarias <gustavo@zacarias.com.ar>

Date: Wed, 27 Nov 2013 10:18:11 -0300

Subject: [PATCH] iptables/ip(6)tables-save.c: remove dlfcn.h include



It's not required and breaks on static-only uClibc builds which don't

have the header file.



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

 iptables/ip6tables-save.c | 4 ----

 iptables/iptables-save.c  | 4 ----

 2 files changed, 8 deletions(-)



diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c

index d819b30..a86a64a 100644

--- a/iptables/ip6tables-save.c

+++ b/iptables/ip6tables-save.c

@@ -18,10 +18,6 @@

 #include "ip6tables.h"

 #include "ip6tables-multi.h"

 

-#ifndef NO_SHARED_LIBS

-#include <dlfcn.h>

-#endif

-

 static int show_counters = 0;

 

 static const struct option options[] = {

diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c

index e599fce..2999c7f 100644

--- a/iptables/iptables-save.c

+++ b/iptables/iptables-save.c

@@ -17,10 +17,6 @@

 #include "iptables.h"

 #include "iptables-multi.h"

 

-#ifndef NO_SHARED_LIBS

-#include <dlfcn.h>

-#endif

-

 static int show_counters = 0;

 

 static const struct option options[] = {

-- 

1.8.3.2

package/iptables/0003-consistently-use-errno.h.patch

deleted100644 → 0
+0 −92
Original line number Diff line number Diff line 
From a9214a0b718812d823a933ad580a96a3bf5f4dc6 Mon Sep 17 00:00:00 2001

From: Felix Janda <felix.janda@posteo.de>

Date: Sat, 2 May 2015 21:51:01 +0200

Subject: [PATCH 1/3] consistently use <errno.h>



On glibc, <sys/errno.h> is a synomym for <errno.h>.

<errno.h> is specified by POSIX, so use that.



Fixes compilation error with musl libc



Backported from :

http://git.netfilter.org/iptables/commit/?id=043e52bc42021f71b85229f6d78bf7e75b282765



Upstream-Status: backport

Signed-off-by: Florian Westphal <fw@strlen.de>

Signed-off-by: Brendan Heading <brendanheading@gmail.com>

---

 iptables/ip6tables-restore.c | 2 +-

 iptables/ip6tables-save.c    | 2 +-

 iptables/iptables-restore.c  | 2 +-

 iptables/iptables-save.c     | 2 +-

 iptables/iptables-xml.c      | 2 +-

 5 files changed, 5 insertions(+), 5 deletions(-)



diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c

index b8b9e0d..0927e6d 100644

--- a/iptables/ip6tables-restore.c

+++ b/iptables/ip6tables-restore.c

@@ -9,7 +9,7 @@

  */

 

 #include <getopt.h>

-#include <sys/errno.h>

+#include <errno.h>

 #include <stdbool.h>

 #include <string.h>

 #include <stdio.h>

diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c

index d819b30..f0349d3 100644

--- a/iptables/ip6tables-save.c

+++ b/iptables/ip6tables-save.c

@@ -6,7 +6,7 @@

  * This code is distributed under the terms of GNU GPL v2

  */

 #include <getopt.h>

-#include <sys/errno.h>

+#include <errno.h>

 #include <stdio.h>

 #include <fcntl.h>

 #include <stdlib.h>

diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c

index 8c942ff..d00b9e7 100644

--- a/iptables/iptables-restore.c

+++ b/iptables/iptables-restore.c

@@ -6,7 +6,7 @@

  */

 

 #include <getopt.h>

-#include <sys/errno.h>

+#include <errno.h>

 #include <stdbool.h>

 #include <string.h>

 #include <stdio.h>

diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c

index e599fce..3fbdb77 100644

--- a/iptables/iptables-save.c

+++ b/iptables/iptables-save.c

@@ -6,7 +6,7 @@

  *

  */

 #include <getopt.h>

-#include <sys/errno.h>

+#include <errno.h>

 #include <stdio.h>

 #include <fcntl.h>

 #include <stdlib.h>

diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c

index 9628447..695cd67 100644

--- a/iptables/iptables-xml.c

+++ b/iptables/iptables-xml.c

@@ -7,7 +7,7 @@

  */

 

 #include <getopt.h>

-#include <sys/errno.h>

+#include <errno.h>

 #include <string.h>

 #include <stdio.h>

 #include <stdlib.h>

-- 

2.4.3

package/iptables/0004-include-remove-libc5-support-code.patch

deleted100644 → 0
+0 −51
Original line number Diff line number Diff line 
From 401673e9d37ea1e6da0bc335b1d7a2bbf445c690 Mon Sep 17 00:00:00 2001

From: Felix Janda <felix.janda@posteo.de>

Date: Sat, 2 May 2015 21:51:38 +0200

Subject: [PATCH 2/3] include: remove libc5 support code



Current code makes the assumption that !defined(__GLIBC__) means libc5

which is very unlikely the case nowadays.



Fixes compile error because of conflict between kernel and musl headers.



Backported from :

http://git.netfilter.org/iptables/commit/?id=0bb1859e2d6dd79a0a59c3ee65f6a78cba118b86



Upstream-Status: backport

Signed-off-by: Florian Westphal <fw@strlen.de>

Signed-off-by: Brendan Heading <brendanheading@gmail.com>

---

 include/libiptc/ipt_kernel_headers.h | 12 ------------

 1 file changed, 12 deletions(-)



diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h

index 18861fe..a5963e9 100644

--- a/include/libiptc/ipt_kernel_headers.h

+++ b/include/libiptc/ipt_kernel_headers.h

@@ -5,7 +5,6 @@

 

 #include <limits.h>

 

-#if defined(__GLIBC__) && __GLIBC__ == 2

 #include <netinet/ip.h>

 #include <netinet/in.h>

 #include <netinet/ip_icmp.h>

@@ -13,15 +12,4 @@

 #include <netinet/udp.h>

 #include <net/if.h>

 #include <sys/types.h>

-#else /* libc5 */

-#include <sys/socket.h>

-#include <linux/ip.h>

-#include <linux/in.h>

-#include <linux/if.h>

-#include <linux/icmp.h>

-#include <linux/tcp.h>

-#include <linux/udp.h>

-#include <linux/types.h>

-#include <linux/in6.h>

-#endif

 #endif

-- 

2.4.3