alarig/SwordArMor-gentoo-overlay
1
1
Fork 0
Code Issues Pull requests 2 Releases Wiki Activity

net-firewall/ipt_netflow: Version bump to 2.6

Browse source 
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr
This commit is contained in:
Alarig Le Lay 2021-07-19 17:53:18 +02:00
parent 9f06017717
commit 5416cd0886
Signed by: alarig
GPG key ID: 7AFE62C6DF8BCDEC
6 changed files with 92 additions and 115 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net-firewall/ipt_netflow/Manifest
View file

@ -1,2 +1,2 @@
DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74
DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce
DIST ipt_netflow-2.6.tar.gz 95752 BLAKE2B 088c7030addd34d9d889cfa705aa060d0793e33be957deb3b703daea4229afc24f7268285ce336e425a024dc9d8139633a5206ff9d769c95cf71c156acbd4f25 SHA512 0ccea556e25dc6bc2d8c7648ed1b4ab366097baf5b06f167ccd19d2adb0a195ad652635181573785f9e9fa208d163f22b6527310eb939455d7ee3bc141cbeed5

61
net-firewall/ipt_netflow/files/ipt_netflow-2.4-bridge_netfilter.patch
View file

@ -1,61 +0,0 @@
From 9288e30f493d252ee85b492a894f78073e4f6d41 Mon Sep 17 00:00:00 2001
From: ABC <abc@openwall.com>
Date: Sat, 28 Sep 2019 23:29:40 +0300
Subject: [PATCH] Don't compile physdev-override if BRIDGE_NETFILTER is
disabled.
Fixes #120 "Compile error nf_bridge / nf_trace" reported by DocMAX.
Fixes: 51bdc2b ("Use nf_bridge_info_get() instead of skb->nf_bridge").
---
compat.h | 2 ++
configure | 1 +
ipt_NETFLOW.c | 5 +++++
3 files changed, 8 insertions(+)
diff --git a/compat.h b/compat.h
index 0f9896b..66e224b 100644
--- a/compat.h
+++ b/compat.h
@@ -680,11 +680,13 @@ static inline int is_vlan_dev(struct net_device *dev)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0)
+# ifdef CONFIG_BRIDGE_NETFILTER
static inline struct nf_bridge_info *
nf_bridge_info_get(const struct sk_buff *skb)
{
return skb->nf_bridge;
}
+# endif
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
diff --git a/configure b/configure
index 74eece5..8aae8bf 100755
--- a/configure
+++ b/configure
@@ -470,6 +470,7 @@ kernel_check_config() {
kconfig CONFIG_NF_CONNTRACK_EVENTS "natevents"
kconfig CONFIG_IPV6 "IPv6"
kconfig CONFIG_IP6_NF_IPTABLES "ip6tables target"
+ kconfig CONFIG_BRIDGE_NETFILTER "physdev override"
}
kernel_check_include() {
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
index fe25655..064de6c 100644
--- a/ipt_NETFLOW.c
+++ b/ipt_NETFLOW.c
@@ -83,6 +83,11 @@
#if defined(CONFIG_NF_NAT_NEEDED) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,39)
# include <net/netfilter/nf_conntrack_timestamp.h>
#endif
+#ifdef ENABLE_PHYSDEV_OVER
+# ifndef CONFIG_BRIDGE_NETFILTER
+# undef ENABLE_PHYSDEV_OVER
+# endif
+#endif
#define IPT_NETFLOW_VERSION "2.4" /* Note that if you are using git, you
will see version in other format. */

32
net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch
View file

@ -1,32 +0,0 @@
commit 1153f73f038205dc17303e6e6c455bbbb56191f7
Author: ABC <abc@openwall.com>
Date: Wed Oct 14 15:35:57 2020 +0300
gen_compat_def: Check for vlan_dev_priv instead of version if
diff --git a/gen_compat_def b/gen_compat_def
index c0f20f6..3965e94 100755
--- a/gen_compat_def
+++ b/gen_compat_def
@@ -85,6 +85,8 @@ kbuild_test_struct proc_ops linux/proc_fs.h
kbuild_test_struct proc_ops linux/proc_fs.h
# No since v5.1, but present in CentOS-8's 4.18.0-227
kbuild_test_symbol synchronize_sched linux/rcupdate.h
+# Stumbled on 5.9
+kbuild_test_struct vlan_dev_priv linux/if_vlan.h
echo "// End of compat_def.h"
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
index 01055df..6f95166 100644
--- a/ipt_NETFLOW.c
+++ b/ipt_NETFLOW.c
@@ -4874,7 +4874,7 @@ static void parse_l2_header(const struct sk_buff *skb, struct ipt_netflow_tuple
tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb));
else if (skb->dev && is_vlan_dev(skb->dev)) {
struct net_device *vlan_dev = skb->dev;
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
+# ifdef HAVE_VLAN_DEV_PRIV
struct vlan_dev_priv *vlan = vlan_dev_priv(vlan_dev);
/* `if` condition is `#if`ed intentionally, and this is

32
net-firewall/ipt_netflow/files/ipt_netflow-2.3-flags.patch → net-firewall/ipt_netflow/files/ipt_netflow-2.6-gentoo.patch
View file

@ -1,21 +1,23 @@
--- a/Makefile.in --- a/Makefile.in 2021-05-27 12:57:29.600377496 +0300
+++ b/Makefile.in +++ b/Makefile.in 2021-05-27 12:58:55.111381725 +0300
@@ -11,7 +11,7 @@ @@ -13,7 +13,7 @@
SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so
SNMPCONF = /etc/snmp/snmpd.conf SNMPCONF = /etc/snmp/snmpd.conf
SNMPLINE = dlmod netflow $(SNMPTGSO) SNMPLINE = dlmod netflow $(SNMPTGSO)
-CC = gcc -CC = gcc
+$(CC) ?= gcc +CC ?= gcc
# https://www.kernel.org/doc/Documentation/kbuild/modules.txt # https://www.kernel.org/doc/Documentation/kbuild/modules.txt
# https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt # https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt
@@ -22,29 +22,29 @@ @@ -24,31 +24,31 @@
ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat_def.h compat.h Makefile
@echo Compiling for kernel $(KVERSION) @echo Compiling $(shell ./version.sh) for kernel $(KVERSION)
- make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y - make -C $(KDIR) M=$(CURDIR) modules
+ $(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y + $(MAKE) -C $(KDIR) M=$(CURDIR) modules
@touch $@ @touch $@
compat_def.h: gen_compat_def
./gen_compat_def > $@
sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
@rm -f ipt_NETFLOW.ko ipt_NETFLOW.o @rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
@echo Compiling for kernel $(KVERSION) @echo Compiling for kernel $(KVERSION)
@ -36,7 +38,7 @@
lclean: lclean:
-rm -f *.so *_sh.o -rm -f *.so *_sh.o
clean: mclean lclean clean: mclean lclean
-rm -f *.so *.o modules.order version.h -rm -f *.so *.o modules.order version.h compat_def.h
snmp_NETFLOW.so: snmp_NETFLOW.c snmp_NETFLOW.so: snmp_NETFLOW.c
- $(CC) -fPIC -shared -o $@ $< -lnetsnmp - $(CC) -fPIC -shared -o $@ $< -lnetsnmp
@ -44,12 +46,16 @@
sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
@echo " *" @echo " *"
@@ -64,7 +64,7 @@ @@ -68,10 +68,10 @@
fi fi
%_sh.o: libipt_NETFLOW.c %_sh.o: libipt_NETFLOW.c
- $(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c - $(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c + $(CC) $(CFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
%.so: %_sh.o %.so: %_sh.o
$(CC) -shared -o $@ $< - $(CC) -shared -o $@ $<
+ $(CC) $(LDFLAGS) -shared -o $@ $<
version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
@./version.sh --define > version.h

60
net-firewall/ipt_netflow/files/ipt_netflow-2.6-ref_module_fix.patch Normal file
View file

@ -0,0 +1,60 @@
commit 352cdb28eecbb57de3509b18dfc37dcce0455c01
Author: ABC <abc@openwall.com>
Date: Tue Jun 22 19:07:02 2021 +0300
Fix compile for stable kernels by not using 'ref_module'
`ref_module' unexport in 7ef5264de7732 ("modules: mark ref_module
static") is back-ported into stable kernels making old `#if
LINUX_VERSION_CODE' checks irrelevant or too complicated to update.
Do not use `ref_module' API at all since `try_module_get' is ancient
enough to use always.
Reported-by: https://github.com/xtaran
Fixes: https://github.com/aabc/ipt-netflow/issues/177
diff --git a/compat.h b/compat.h
index 99edf91..30f1d8f 100644
--- a/compat.h
+++ b/compat.h
@@ -170,10 +170,6 @@ static int __ethtool_get_settings(struct net_device *dev, struct ethtool_cmd *cm
# define CHECK_OK 0
#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35)
-# define use_module ref_module
-#endif
-
#ifndef NF_IP_LOCAL_IN /* 2.6.25 */
# define NF_IP_PRE_ROUTING NF_INET_PRE_ROUTING
# define NF_IP_LOCAL_IN NF_INET_LOCAL_IN
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
index d3d3901..c4c049d 100644
--- a/ipt_NETFLOW.c
+++ b/ipt_NETFLOW.c
@@ -5494,12 +5494,8 @@ static void register_ct_events(void)
}
/* Reference netlink module to prevent it's unsafe unload before us. */
if (!netlink_m && (netlink_m = find_module(NETLINK_M))) {
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0)
- use_module(THIS_MODULE, netlink_m);
-#else
if (!try_module_get(netlink_m))
netlink_m = NULL;
-#endif
}
/* Register ct events callback. */
@@ -5527,10 +5523,9 @@ static void unregister_ct_events(void)
#else /* < v3.2 */
unset_notifier_cb();
#endif /* v3.2 */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0)
module_put(netlink_m);
netlink_m = NULL;
-#endif
+
rcu_assign_pointer(saved_event_cb, NULL);
#else /* < v2.6.31 */
nf_conntrack_unregister_notifier(&ctnl_notifier);

20
net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild → net-firewall/ipt_netflow/ipt_netflow-2.6.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors # Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=7
@ -15,7 +15,7 @@ LICENSE="GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="amd64 x86" KEYWORDS="amd64 x86"
IUSE="debug dot1q natevents snmp" IUSE="debug dot1d dot1q natevents snmp"
RDEPEND=" RDEPEND="
net-firewall/iptables:0= net-firewall/iptables:0=
@ -27,8 +27,8 @@ DEPEND="${RDEPEND}
" "
PATCHES=( PATCHES=(
"${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984 "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
"${FILESDIR}/${PN}-2.3-flags.patch" "${FILESDIR}/${PN}-2.6-gentoo.patch"
"${FILESDIR}/${P}-bridge_netfilter.patch" "${FILESDIR}/${P}-ref_module_fix.patch" # bug #781014
) )
pkg_setup() { pkg_setup() {
@ -36,6 +36,7 @@ pkg_setup() {
local CONFIG_CHECK="~IP_NF_IPTABLES" local CONFIG_CHECK="~IP_NF_IPTABLES"
use debug && CONFIG_CHECK+=" ~DEBUG_FS" use debug && CONFIG_CHECK+=" ~DEBUG_FS"
use dot1d && CONFIG_CHECK+=" BRIDGE_NETFILTER"
use dot1q && CONFIG_CHECK+=" VLAN_8021Q" use dot1q && CONFIG_CHECK+=" VLAN_8021Q"
if use natevents; then if use natevents; then
CONFIG_CHECK+=" NF_CONNTRACK_EVENTS" CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
@ -87,21 +88,24 @@ src_configure() {
--kdir="${KV_DIR}" \ --kdir="${KV_DIR}" \
--kver="${KV_FULL}" \ --kver="${KV_FULL}" \
$(use debug && echo '--enable-debugfs') \ $(use debug && echo '--enable-debugfs') \
$(use dot1d && echo '--enable-physdev-override') \
$(use dot1q && echo '--enable-vlan') \ $(use dot1q && echo '--enable-vlan') \
$(use natevents && echo '--enable-natevents') \ $(use natevents && echo '--enable-natevents') \
$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
} }
src_compile() { src_compile() {
emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all
} }
src_install() { src_install() {
linux-mod_src_install linux-mod_src_install
exeinto "${IPT_LIB}"
doexe libipt_NETFLOW.so
doexe libip6t_NETFLOW.so
use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
exeinto "${IPT_LIB}"
doexe libip{,6}t_NETFLOW.so
doheader ipt_NETFLOW.h doheader ipt_NETFLOW.h
dodoc README* dodoc README*
} }