diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest index 592cc29..a779559 100644 --- a/net-firewall/ipt_netflow/Manifest +++ b/net-firewall/ipt_netflow/Manifest @@ -1,2 +1,2 @@ -DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74 DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce +DIST ipt_netflow-2.6.tar.gz 95752 BLAKE2B 088c7030addd34d9d889cfa705aa060d0793e33be957deb3b703daea4229afc24f7268285ce336e425a024dc9d8139633a5206ff9d769c95cf71c156acbd4f25 SHA512 0ccea556e25dc6bc2d8c7648ed1b4ab366097baf5b06f167ccd19d2adb0a195ad652635181573785f9e9fa208d163f22b6527310eb939455d7ee3bc141cbeed5 diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.4-bridge_netfilter.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.4-bridge_netfilter.patch deleted file mode 100644 index cde23bc..0000000 --- a/net-firewall/ipt_netflow/files/ipt_netflow-2.4-bridge_netfilter.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 9288e30f493d252ee85b492a894f78073e4f6d41 Mon Sep 17 00:00:00 2001 -From: ABC -Date: Sat, 28 Sep 2019 23:29:40 +0300 -Subject: [PATCH] Don't compile physdev-override if BRIDGE_NETFILTER is - disabled. - -Fixes #120 "Compile error nf_bridge / nf_trace" reported by DocMAX. - -Fixes: 51bdc2b ("Use nf_bridge_info_get() instead of skb->nf_bridge"). ---- - compat.h | 2 ++ - configure | 1 + - ipt_NETFLOW.c | 5 +++++ - 3 files changed, 8 insertions(+) - -diff --git a/compat.h b/compat.h -index 0f9896b..66e224b 100644 ---- a/compat.h -+++ b/compat.h -@@ -680,11 +680,13 @@ static inline int is_vlan_dev(struct net_device *dev) - #endif - - #if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0) -+# ifdef CONFIG_BRIDGE_NETFILTER - static inline struct nf_bridge_info * - nf_bridge_info_get(const struct sk_buff *skb) - { - return skb->nf_bridge; - } -+# endif - #endif - - #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0) -diff --git a/configure b/configure -index 74eece5..8aae8bf 100755 ---- a/configure -+++ b/configure -@@ -470,6 +470,7 @@ kernel_check_config() { - kconfig CONFIG_NF_CONNTRACK_EVENTS "natevents" - kconfig CONFIG_IPV6 "IPv6" - kconfig CONFIG_IP6_NF_IPTABLES "ip6tables target" -+ kconfig CONFIG_BRIDGE_NETFILTER "physdev override" - } - - kernel_check_include() { -diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c -index fe25655..064de6c 100644 ---- a/ipt_NETFLOW.c -+++ b/ipt_NETFLOW.c -@@ -83,6 +83,11 @@ - #if defined(CONFIG_NF_NAT_NEEDED) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,39) - # include - #endif -+#ifdef ENABLE_PHYSDEV_OVER -+# ifndef CONFIG_BRIDGE_NETFILTER -+# undef ENABLE_PHYSDEV_OVER -+# endif -+#endif - - #define IPT_NETFLOW_VERSION "2.4" /* Note that if you are using git, you - will see version in other format. */ diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch deleted file mode 100644 index 49721e5..0000000 --- a/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit 1153f73f038205dc17303e6e6c455bbbb56191f7 -Author: ABC -Date: Wed Oct 14 15:35:57 2020 +0300 - - gen_compat_def: Check for vlan_dev_priv instead of version if - -diff --git a/gen_compat_def b/gen_compat_def -index c0f20f6..3965e94 100755 ---- a/gen_compat_def -+++ b/gen_compat_def -@@ -85,6 +85,8 @@ kbuild_test_struct proc_ops linux/proc_fs.h - kbuild_test_struct proc_ops linux/proc_fs.h - # No since v5.1, but present in CentOS-8's 4.18.0-227 - kbuild_test_symbol synchronize_sched linux/rcupdate.h -+# Stumbled on 5.9 -+kbuild_test_struct vlan_dev_priv linux/if_vlan.h - - echo "// End of compat_def.h" - -diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c -index 01055df..6f95166 100644 ---- a/ipt_NETFLOW.c -+++ b/ipt_NETFLOW.c -@@ -4874,7 +4874,7 @@ static void parse_l2_header(const struct sk_buff *skb, struct ipt_netflow_tuple - tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb)); - else if (skb->dev && is_vlan_dev(skb->dev)) { - struct net_device *vlan_dev = skb->dev; --# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) -+# ifdef HAVE_VLAN_DEV_PRIV - struct vlan_dev_priv *vlan = vlan_dev_priv(vlan_dev); - - /* `if` condition is `#if`ed intentionally, and this is diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.3-flags.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.6-gentoo.patch similarity index 62% rename from net-firewall/ipt_netflow/files/ipt_netflow-2.3-flags.patch rename to net-firewall/ipt_netflow/files/ipt_netflow-2.6-gentoo.patch index 0d89e5b..44dcfde 100644 --- a/net-firewall/ipt_netflow/files/ipt_netflow-2.3-flags.patch +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.6-gentoo.patch @@ -1,21 +1,23 @@ ---- a/Makefile.in -+++ b/Makefile.in -@@ -11,7 +11,7 @@ +--- a/Makefile.in 2021-05-27 12:57:29.600377496 +0300 ++++ b/Makefile.in 2021-05-27 12:58:55.111381725 +0300 +@@ -13,7 +13,7 @@ SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so SNMPCONF = /etc/snmp/snmpd.conf SNMPLINE = dlmod netflow $(SNMPTGSO) -CC = gcc -+$(CC) ?= gcc ++CC ?= gcc # https://www.kernel.org/doc/Documentation/kbuild/modules.txt # https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt -@@ -22,29 +22,29 @@ +@@ -24,31 +24,31 @@ - ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile - @echo Compiling for kernel $(KVERSION) -- make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y -+ $(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y + ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat_def.h compat.h Makefile + @echo Compiling $(shell ./version.sh) for kernel $(KVERSION) +- make -C $(KDIR) M=$(CURDIR) modules ++ $(MAKE) -C $(KDIR) M=$(CURDIR) modules @touch $@ + compat_def.h: gen_compat_def + ./gen_compat_def > $@ sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile @rm -f ipt_NETFLOW.ko ipt_NETFLOW.o @echo Compiling for kernel $(KVERSION) @@ -36,7 +38,7 @@ lclean: -rm -f *.so *_sh.o clean: mclean lclean - -rm -f *.so *.o modules.order version.h + -rm -f *.so *.o modules.order version.h compat_def.h snmp_NETFLOW.so: snmp_NETFLOW.c - $(CC) -fPIC -shared -o $@ $< -lnetsnmp @@ -44,12 +46,16 @@ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my @echo " *" -@@ -64,7 +64,7 @@ +@@ -68,10 +68,10 @@ fi %_sh.o: libipt_NETFLOW.c - $(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c -+ $(CC) $(CFLAGS) $(LDFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c ++ $(CC) $(CFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c %.so: %_sh.o - $(CC) -shared -o $@ $< +- $(CC) -shared -o $@ $< ++ $(CC) $(LDFLAGS) -shared -o $@ $< + + version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile + @./version.sh --define > version.h diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.6-ref_module_fix.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.6-ref_module_fix.patch new file mode 100644 index 0000000..21d6471 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.6-ref_module_fix.patch @@ -0,0 +1,60 @@ +commit 352cdb28eecbb57de3509b18dfc37dcce0455c01 +Author: ABC +Date: Tue Jun 22 19:07:02 2021 +0300 + + Fix compile for stable kernels by not using 'ref_module' + + `ref_module' unexport in 7ef5264de7732 ("modules: mark ref_module + static") is back-ported into stable kernels making old `#if + LINUX_VERSION_CODE' checks irrelevant or too complicated to update. + + Do not use `ref_module' API at all since `try_module_get' is ancient + enough to use always. + + Reported-by: https://github.com/xtaran + Fixes: https://github.com/aabc/ipt-netflow/issues/177 + +diff --git a/compat.h b/compat.h +index 99edf91..30f1d8f 100644 +--- a/compat.h ++++ b/compat.h +@@ -170,10 +170,6 @@ static int __ethtool_get_settings(struct net_device *dev, struct ethtool_cmd *cm + # define CHECK_OK 0 + #endif + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) +-# define use_module ref_module +-#endif +- + #ifndef NF_IP_LOCAL_IN /* 2.6.25 */ + # define NF_IP_PRE_ROUTING NF_INET_PRE_ROUTING + # define NF_IP_LOCAL_IN NF_INET_LOCAL_IN +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index d3d3901..c4c049d 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -5494,12 +5494,8 @@ static void register_ct_events(void) + } + /* Reference netlink module to prevent it's unsafe unload before us. */ + if (!netlink_m && (netlink_m = find_module(NETLINK_M))) { +-#if LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0) +- use_module(THIS_MODULE, netlink_m); +-#else + if (!try_module_get(netlink_m)) + netlink_m = NULL; +-#endif + } + + /* Register ct events callback. */ +@@ -5527,10 +5523,9 @@ static void unregister_ct_events(void) + #else /* < v3.2 */ + unset_notifier_cb(); + #endif /* v3.2 */ +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0) + module_put(netlink_m); + netlink_m = NULL; +-#endif ++ + rcu_assign_pointer(saved_event_cb, NULL); + #else /* < v2.6.31 */ + nf_conntrack_unregister_notifier(&ctnl_notifier); diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.6.ebuild similarity index 84% rename from net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild rename to net-firewall/ipt_netflow/ipt_netflow-2.6.ebuild index d167b5e..29b10a9 100644 --- a/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild +++ b/net-firewall/ipt_netflow/ipt_netflow-2.6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ LICENSE="GPL-2" SLOT="0" KEYWORDS="amd64 x86" -IUSE="debug dot1q natevents snmp" +IUSE="debug dot1d dot1q natevents snmp" RDEPEND=" net-firewall/iptables:0= @@ -27,8 +27,8 @@ DEPEND="${RDEPEND} " PATCHES=( "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984 - "${FILESDIR}/${PN}-2.3-flags.patch" - "${FILESDIR}/${P}-bridge_netfilter.patch" + "${FILESDIR}/${PN}-2.6-gentoo.patch" + "${FILESDIR}/${P}-ref_module_fix.patch" # bug #781014 ) pkg_setup() { @@ -36,6 +36,7 @@ pkg_setup() { local CONFIG_CHECK="~IP_NF_IPTABLES" use debug && CONFIG_CHECK+=" ~DEBUG_FS" + use dot1d && CONFIG_CHECK+=" BRIDGE_NETFILTER" use dot1q && CONFIG_CHECK+=" VLAN_8021Q" if use natevents; then CONFIG_CHECK+=" NF_CONNTRACK_EVENTS" @@ -87,21 +88,24 @@ src_configure() { --kdir="${KV_DIR}" \ --kver="${KV_FULL}" \ $(use debug && echo '--enable-debugfs') \ + $(use dot1d && echo '--enable-physdev-override') \ $(use dot1q && echo '--enable-vlan') \ $(use natevents && echo '--enable-natevents') \ $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') } src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all } src_install() { linux-mod_src_install - exeinto "${IPT_LIB}" - doexe libipt_NETFLOW.so - doexe libip6t_NETFLOW.so + use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall + + exeinto "${IPT_LIB}" + doexe libip{,6}t_NETFLOW.so + doheader ipt_NETFLOW.h dodoc README* }