diff options
Diffstat (limited to 'package/network/utils')
4 files changed, 153 insertions, 0 deletions
| diff --git a/package/network/utils/ipset/Makefile b/package/network/utils/ipset/Makefile new file mode 100644 index 000000000..874f160d6 --- /dev/null +++ b/package/network/utils/ipset/Makefile @@ -0,0 +1,82 @@ +  +# Copyright (C) 2009-2012 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ipset +PKG_VERSION:=6.11 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=http://ipset.netfilter.org +PKG_MD5SUM:=bfcc92e30a0fcf10ae6e7c4affa03c84 + +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset/Default +  DEPENDS:= @(!(TARGET_ps3||TARGET_pxcab)||BROKEN) +endef + +define Package/ipset +$(call Package/ipset/Default) +  SECTION:=net +  CATEGORY:=Network +  DEPENDS+= +iptables-mod-ipset +kmod-ipt-ipset +libmnl +  TITLE:=IPset administration utility +  URL:=http://ipset.netfilter.org/ +endef + +CONFIGURE_ARGS += \ +	--with-kbuild="$(LINUX_DIR)" + +MAKE_FLAGS += \ +	ARCH="$(LINUX_KARCH)" + +IPSET_MODULES:= \ +	ipset/ip_set \ +	ipset/ip_set_bitmap_ip \ +	ipset/ip_set_bitmap_ipmac \ +	ipset/ip_set_bitmap_port \ +	ipset/ip_set_hash_ip \ +	ipset/ip_set_hash_ipport \ +	ipset/ip_set_hash_ipportip \ +	ipset/ip_set_hash_ipportnet \ +	ipset/ip_set_hash_net \ +	ipset/ip_set_hash_netiface \ +	ipset/ip_set_hash_netport \ +	ipset/ip_set_list_set \ +	xt_set \ + +define Build/Compile +	$(call Build/Compile/Default) +	$(call Build/Compile/Default,modules) +endef + +define Package/ipset/install +	$(INSTALL_DIR) $(1)/usr/sbin +	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipset $(1)/usr/sbin/ +	$(INSTALL_DIR) $(1)/usr/lib +	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipset*.so* $(1)/usr/lib/ +endef + +define KernelPackage/ipt-ipset +$(call Package/ipset/Default) +  SUBMENU:=Netfilter Extensions +  TITLE:=IPset netfilter modules +  DEPENDS+= +kmod-ipt-core +kmod-nfnetlink +  FILES:=$(foreach mod,$(IPSET_MODULES),$(PKG_BUILD_DIR)/kernel/net/netfilter/$(mod).ko) +  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) +endef + +$(eval $(call BuildPackage,ipset)) +$(eval $(call KernelPackage,ipt-ipset)) diff --git a/package/network/utils/ipset/patches/100-export.h.patch b/package/network/utils/ipset/patches/100-export.h.patch new file mode 100644 index 000000000..d8a9ca23d --- /dev/null +++ b/package/network/utils/ipset/patches/100-export.h.patch @@ -0,0 +1,20 @@ +--- a/kernel/net/netfilter/ipset/ip_set_getport.c ++++ b/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -8,7 +8,7 @@ + /* Get Layer-4 data from the packets */ +  + #include <linux/version.h> +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include <linux/export.h> + #endif + #include <linux/ip.h> +--- a/kernel/net/netfilter/ipset/pfxlen.c ++++ b/kernel/net/netfilter/ipset/pfxlen.c +@@ -1,5 +1,5 @@ + #include <linux/version.h> +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include <linux/export.h> + #endif + #include <linux/netfilter/ipset/pfxlen.h> diff --git a/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch new file mode 100644 index 000000000..82a680f38 --- /dev/null +++ b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch @@ -0,0 +1,22 @@ +--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c ++++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c +@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i + static inline void + hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src) + { +-	ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); ++	dst->ip.in6 = src->ip.in6; + } +  + static inline void +--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c ++++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c +@@ -295,7 +295,7 @@ static inline void + hash_net6_data_copy(struct hash_net6_elem *dst, + 		    const struct hash_net6_elem *src) + { +-	ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); ++	dst->ip.in6 = src->ip.in6; + 	dst->cidr = src->cidr; + 	dst->nomatch = src->nomatch; + } diff --git a/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch new file mode 100644 index 000000000..aaecc79cd --- /dev/null +++ b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch @@ -0,0 +1,29 @@ +--- a/kernel/net/netfilter/ipset/ip_set_getport.c ++++ b/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -113,6 +113,17 @@ ip_set_get_ip4_port(const struct sk_buff + EXPORT_SYMBOL_GPL(ip_set_get_ip4_port); +  + #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) ++static int ip_set_skip_exthdr(const struct sk_buff *skb, int start, ++                              u8 *nexthdrp) ++{ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0) ++	__be16 fragoff; ++	return ipv6_skip_exthdr(skb, start, nexthdrp, &fragoff); ++#else ++	return ipv6_skip_exthdr(skb, start, nexthdrp); ++#endif ++} ++ + bool + ip_set_get_ip6_port(const struct sk_buff *skb, bool src, + 		    __be16 *port, u8 *proto) +@@ -121,7 +132,7 @@ ip_set_get_ip6_port(const struct sk_buff + 	u8 nexthdr; +  + 	nexthdr = ipv6_hdr(skb)->nexthdr; +-	protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); ++	protoff = ip_set_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); + 	if (protoff < 0) + 		return false; +  | 
