net-firewall/ipt_netflow: Version bump to 2.6
Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr
This commit is contained in:
parent
9f06017717
commit
5416cd0886
GPG Key ID:
7AFE62C6DF8BCDEC
|
|
@ -1,2 +1,2 @@
|
|||
DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74
|
||||
DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce
|
||||
DIST ipt_netflow-2.6.tar.gz 95752 BLAKE2B 088c7030addd34d9d889cfa705aa060d0793e33be957deb3b703daea4229afc24f7268285ce336e425a024dc9d8139633a5206ff9d769c95cf71c156acbd4f25 SHA512 0ccea556e25dc6bc2d8c7648ed1b4ab366097baf5b06f167ccd19d2adb0a195ad652635181573785f9e9fa208d163f22b6527310eb939455d7ee3bc141cbeed5
|
||||
|
|
|
|||
|
|
@ -1,61 +0,0 @@
|
|||
From 9288e30f493d252ee85b492a894f78073e4f6d41 Mon Sep 17 00:00:00 2001
|
||||
From: ABC <abc@openwall.com>
|
||||
Date: Sat, 28 Sep 2019 23:29:40 +0300
|
||||
Subject: [PATCH] Don't compile physdev-override if BRIDGE_NETFILTER is
|
||||
disabled.
|
||||
|
||||
Fixes #120 "Compile error nf_bridge / nf_trace" reported by DocMAX.
|
||||
|
||||
Fixes: 51bdc2b ("Use nf_bridge_info_get() instead of skb->nf_bridge").
|
||||
---
|
||||
compat.h | 2 ++
|
||||
configure | 1 +
|
||||
ipt_NETFLOW.c | 5 +++++
|
||||
3 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/compat.h b/compat.h
|
||||
index 0f9896b..66e224b 100644
|
||||
--- a/compat.h
|
||||
+++ b/compat.h
|
||||
@@ -680,11 +680,13 @@ static inline int is_vlan_dev(struct net_device *dev)
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0)
|
||||
+# ifdef CONFIG_BRIDGE_NETFILTER
|
||||
static inline struct nf_bridge_info *
|
||||
nf_bridge_info_get(const struct sk_buff *skb)
|
||||
{
|
||||
return skb->nf_bridge;
|
||||
}
|
||||
+# endif
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
|
||||
diff --git a/configure b/configure
|
||||
index 74eece5..8aae8bf 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -470,6 +470,7 @@ kernel_check_config() {
|
||||
kconfig CONFIG_NF_CONNTRACK_EVENTS "natevents"
|
||||
kconfig CONFIG_IPV6 "IPv6"
|
||||
kconfig CONFIG_IP6_NF_IPTABLES "ip6tables target"
|
||||
+ kconfig CONFIG_BRIDGE_NETFILTER "physdev override"
|
||||
}
|
||||
|
||||
kernel_check_include() {
|
||||
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
|
||||
index fe25655..064de6c 100644
|
||||
--- a/ipt_NETFLOW.c
|
||||
+++ b/ipt_NETFLOW.c
|
||||
@@ -83,6 +83,11 @@
|
||||
#if defined(CONFIG_NF_NAT_NEEDED) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,39)
|
||||
# include <net/netfilter/nf_conntrack_timestamp.h>
|
||||
#endif
|
||||
+#ifdef ENABLE_PHYSDEV_OVER
|
||||
+# ifndef CONFIG_BRIDGE_NETFILTER
|
||||
+# undef ENABLE_PHYSDEV_OVER
|
||||
+# endif
|
||||
+#endif
|
||||
|
||||
#define IPT_NETFLOW_VERSION "2.4" /* Note that if you are using git, you
|
||||
will see version in other format. */
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
commit 1153f73f038205dc17303e6e6c455bbbb56191f7
|
||||
Author: ABC <abc@openwall.com>
|
||||
Date: Wed Oct 14 15:35:57 2020 +0300
|
||||
|
||||
gen_compat_def: Check for vlan_dev_priv instead of version if
|
||||
|
||||
diff --git a/gen_compat_def b/gen_compat_def
|
||||
index c0f20f6..3965e94 100755
|
||||
--- a/gen_compat_def
|
||||
+++ b/gen_compat_def
|
||||
@@ -85,6 +85,8 @@ kbuild_test_struct proc_ops linux/proc_fs.h
|
||||
kbuild_test_struct proc_ops linux/proc_fs.h
|
||||
# No since v5.1, but present in CentOS-8's 4.18.0-227
|
||||
kbuild_test_symbol synchronize_sched linux/rcupdate.h
|
||||
+# Stumbled on 5.9
|
||||
+kbuild_test_struct vlan_dev_priv linux/if_vlan.h
|
||||
|
||||
echo "// End of compat_def.h"
|
||||
|
||||
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
|
||||
index 01055df..6f95166 100644
|
||||
--- a/ipt_NETFLOW.c
|
||||
+++ b/ipt_NETFLOW.c
|
||||
@@ -4874,7 +4874,7 @@ static void parse_l2_header(const struct sk_buff *skb, struct ipt_netflow_tuple
|
||||
tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb));
|
||||
else if (skb->dev && is_vlan_dev(skb->dev)) {
|
||||
struct net_device *vlan_dev = skb->dev;
|
||||
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
|
||||
+# ifdef HAVE_VLAN_DEV_PRIV
|
||||
struct vlan_dev_priv *vlan = vlan_dev_priv(vlan_dev);
|
||||
|
||||
/* `if` condition is `#if`ed intentionally, and this is
|
||||
|
|
@ -1,21 +1,23 @@
|
|||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -11,7 +11,7 @@
|
||||
--- a/Makefile.in 2021-05-27 12:57:29.600377496 +0300
|
||||
+++ b/Makefile.in 2021-05-27 12:58:55.111381725 +0300
|
||||
@@ -13,7 +13,7 @@
|
||||
SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so
|
||||
SNMPCONF = /etc/snmp/snmpd.conf
|
||||
SNMPLINE = dlmod netflow $(SNMPTGSO)
|
||||
-CC = gcc
|
||||
+$(CC) ?= gcc
|
||||
+CC ?= gcc
|
||||
|
||||
# https://www.kernel.org/doc/Documentation/kbuild/modules.txt
|
||||
# https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt
|
||||
@@ -22,29 +22,29 @@
|
||||
@@ -24,31 +24,31 @@
|
||||
|
||||
ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
|
||||
@echo Compiling for kernel $(KVERSION)
|
||||
- make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
|
||||
+ $(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
|
||||
ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat_def.h compat.h Makefile
|
||||
@echo Compiling $(shell ./version.sh) for kernel $(KVERSION)
|
||||
- make -C $(KDIR) M=$(CURDIR) modules
|
||||
+ $(MAKE) -C $(KDIR) M=$(CURDIR) modules
|
||||
@touch $@
|
||||
compat_def.h: gen_compat_def
|
||||
./gen_compat_def > $@
|
||||
sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
|
||||
@rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
|
||||
@echo Compiling for kernel $(KVERSION)
|
||||
|
|
@ -36,7 +38,7 @@
|
|||
lclean:
|
||||
-rm -f *.so *_sh.o
|
||||
clean: mclean lclean
|
||||
-rm -f *.so *.o modules.order version.h
|
||||
-rm -f *.so *.o modules.order version.h compat_def.h
|
||||
|
||||
snmp_NETFLOW.so: snmp_NETFLOW.c
|
||||
- $(CC) -fPIC -shared -o $@ $< -lnetsnmp
|
||||
|
|
@ -44,12 +46,16 @@
|
|||
|
||||
sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
|
||||
@echo " *"
|
||||
@@ -64,7 +64,7 @@
|
||||
@@ -68,10 +68,10 @@
|
||||
fi
|
||||
|
||||
%_sh.o: libipt_NETFLOW.c
|
||||
- $(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
|
||||
+ $(CC) $(CFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
|
||||
|
||||
%.so: %_sh.o
|
||||
$(CC) -shared -o $@ $<
|
||||
- $(CC) -shared -o $@ $<
|
||||
+ $(CC) $(LDFLAGS) -shared -o $@ $<
|
||||
|
||||
version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
|
||||
@./version.sh --define > version.h
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
commit 352cdb28eecbb57de3509b18dfc37dcce0455c01
|
||||
Author: ABC <abc@openwall.com>
|
||||
Date: Tue Jun 22 19:07:02 2021 +0300
|
||||
|
||||
Fix compile for stable kernels by not using 'ref_module'
|
||||
|
||||
`ref_module' unexport in 7ef5264de7732 ("modules: mark ref_module
|
||||
static") is back-ported into stable kernels making old `#if
|
||||
LINUX_VERSION_CODE' checks irrelevant or too complicated to update.
|
||||
|
||||
Do not use `ref_module' API at all since `try_module_get' is ancient
|
||||
enough to use always.
|
||||
|
||||
Reported-by: https://github.com/xtaran
|
||||
Fixes: https://github.com/aabc/ipt-netflow/issues/177
|
||||
|
||||
diff --git a/compat.h b/compat.h
|
||||
index 99edf91..30f1d8f 100644
|
||||
--- a/compat.h
|
||||
+++ b/compat.h
|
||||
@@ -170,10 +170,6 @@ static int __ethtool_get_settings(struct net_device *dev, struct ethtool_cmd *cm
|
||||
# define CHECK_OK 0
|
||||
#endif
|
||||
|
||||
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35)
|
||||
-# define use_module ref_module
|
||||
-#endif
|
||||
-
|
||||
#ifndef NF_IP_LOCAL_IN /* 2.6.25 */
|
||||
# define NF_IP_PRE_ROUTING NF_INET_PRE_ROUTING
|
||||
# define NF_IP_LOCAL_IN NF_INET_LOCAL_IN
|
||||
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
|
||||
index d3d3901..c4c049d 100644
|
||||
--- a/ipt_NETFLOW.c
|
||||
+++ b/ipt_NETFLOW.c
|
||||
@@ -5494,12 +5494,8 @@ static void register_ct_events(void)
|
||||
}
|
||||
/* Reference netlink module to prevent it's unsafe unload before us. */
|
||||
if (!netlink_m && (netlink_m = find_module(NETLINK_M))) {
|
||||
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0)
|
||||
- use_module(THIS_MODULE, netlink_m);
|
||||
-#else
|
||||
if (!try_module_get(netlink_m))
|
||||
netlink_m = NULL;
|
||||
-#endif
|
||||
}
|
||||
|
||||
/* Register ct events callback. */
|
||||
@@ -5527,10 +5523,9 @@ static void unregister_ct_events(void)
|
||||
#else /* < v3.2 */
|
||||
unset_notifier_cb();
|
||||
#endif /* v3.2 */
|
||||
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0)
|
||||
module_put(netlink_m);
|
||||
netlink_m = NULL;
|
||||
-#endif
|
||||
+
|
||||
rcu_assign_pointer(saved_event_cb, NULL);
|
||||
#else /* < v2.6.31 */
|
||||
nf_conntrack_unregister_notifier(&ctnl_notifier);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 1999-2020 Gentoo Authors
|
||||
# Copyright 1999-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
|
@ -15,7 +15,7 @@ LICENSE="GPL-2"
|
|||
SLOT="0"
|
||||
KEYWORDS="amd64 x86"
|
||||
|
||||
IUSE="debug dot1q natevents snmp"
|
||||
IUSE="debug dot1d dot1q natevents snmp"
|
||||
|
||||
RDEPEND="
|
||||
net-firewall/iptables:0=
|
||||
|
|
@ -27,8 +27,8 @@ DEPEND="${RDEPEND}
|
|||
"
|
||||
PATCHES=(
|
||||
"${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
|
||||
"${FILESDIR}/${PN}-2.3-flags.patch"
|
||||
"${FILESDIR}/${P}-bridge_netfilter.patch"
|
||||
"${FILESDIR}/${PN}-2.6-gentoo.patch"
|
||||
"${FILESDIR}/${P}-ref_module_fix.patch" # bug #781014
|
||||
)
|
||||
|
||||
pkg_setup() {
|
||||
|
|
@ -36,6 +36,7 @@ pkg_setup() {
|
|||
|
||||
local CONFIG_CHECK="~IP_NF_IPTABLES"
|
||||
use debug && CONFIG_CHECK+=" ~DEBUG_FS"
|
||||
use dot1d && CONFIG_CHECK+=" BRIDGE_NETFILTER"
|
||||
use dot1q && CONFIG_CHECK+=" VLAN_8021Q"
|
||||
if use natevents; then
|
||||
CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
|
||||
|
|
@ -87,21 +88,24 @@ src_configure() {
|
|||
--kdir="${KV_DIR}" \
|
||||
--kver="${KV_FULL}" \
|
||||
$(use debug && echo '--enable-debugfs') \
|
||||
$(use dot1d && echo '--enable-physdev-override') \
|
||||
$(use dot1q && echo '--enable-vlan') \
|
||||
$(use natevents && echo '--enable-natevents') \
|
||||
$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
|
||||
emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all
|
||||
}
|
||||
|
||||
src_install() {
|
||||
linux-mod_src_install
|
||||
exeinto "${IPT_LIB}"
|
||||
doexe libipt_NETFLOW.so
|
||||
doexe libip6t_NETFLOW.so
|
||||
|
||||
use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
|
||||
|
||||
exeinto "${IPT_LIB}"
|
||||
doexe libip{,6}t_NETFLOW.so
|
||||
|
||||
doheader ipt_NETFLOW.h
|
||||
dodoc README*
|
||||
}
|
||||
Loading…
Reference in New Issue