net-firewall/ipt_netflow: New ebuild

net-firewall/ipt_netflow/Manifest

@@ -0,0 +1,2 @@
+DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74
+DIST ipt_netflow-2.5.tar.gz 94097 BLAKE2B 5ca8d686e08f6fb0cdb1d502572afc71f146e2633ccf5fc7cb9ad21420fb62e88a2cb393e83ee4f5646200fa964d46a16ef58831958799449a4a59e2da6c9337 SHA512 8cd1bc46ef6e975964e5ddc290ed999f7076b63a9363f1a1f31b5d8db875d4e564ed5f0d5185c29dcf8a86793fe4badf63325b79ba1abbc264088b1ca94a9dad

net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch

@@ -0,0 +1,10 @@
+--- a/configure
++++ b/configure
+@@ -421,7 +421,6 @@
+ iptables_find_version	#IPTVER
+ iptables_try_pkgconfig	#try to configure from pkg-config
+ iptables_find_src	#IPTSRC
+-iptables_src_version	#check that IPTSRC match to IPTVER
+ iptables_inc		#IPTINC
+ iptables_modules	#IPTLIB
+ 

net-firewall/ipt_netflow/files/ipt_netflow-2.3-flags.patch

@@ -0,0 +1,55 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -11,7 +11,7 @@
+ SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so
+ SNMPCONF = /etc/snmp/snmpd.conf
+ SNMPLINE = dlmod netflow $(SNMPTGSO)
+-CC = gcc
++$(CC) ?= gcc
+ 
+ # https://www.kernel.org/doc/Documentation/kbuild/modules.txt
+ # https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt
+@@ -22,29 +22,29 @@
+ 
+ ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
+ 	@touch $@
+ sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules C=1
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules C=1
+ 	@touch ipt_NETFLOW.ko
+ coverity:
+ 	coverity-submit -v
+ 
+ minstall: | ipt_NETFLOW.ko
+ 	@echo " *"
+-	make -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
+ 	$(DEPMOD)
+ mclean:
+-	make -C $(KDIR) M=$(CURDIR) clean
++	$(MAKE) -C $(KDIR) M=$(CURDIR) clean
+ lclean:
+ 	-rm -f *.so *_sh.o
+ clean: mclean lclean
+ 	-rm -f *.so *.o modules.order version.h
+ 
+ snmp_NETFLOW.so: snmp_NETFLOW.c
+-	$(CC) -fPIC -shared -o $@ $< -lnetsnmp
++	$(CC) $(CFLAGS) $(LDFLAGS) -fPIC -shared -o $@ $< -lnetsnmp
+ 
+ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
+ 	@echo " *"
+@@ -64,7 +64,7 @@
+ 	fi
+ 
+ %_sh.o: libipt_NETFLOW.c
+-	$(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
++	$(CC) $(CFLAGS) $(LDFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
+ 
+ %.so: %_sh.o
+ 	$(CC) -shared -o $@ $<

net-firewall/ipt_netflow/files/ipt_netflow-2.4-bridge_netfilter.patch

@@ -0,0 +1,61 @@
+From 9288e30f493d252ee85b492a894f78073e4f6d41 Mon Sep 17 00:00:00 2001
+From: ABC <abc@openwall.com>
+Date: Sat, 28 Sep 2019 23:29:40 +0300
+Subject: [PATCH] Don't compile physdev-override if BRIDGE_NETFILTER is
+ disabled.
+
+Fixes #120 "Compile error nf_bridge / nf_trace" reported by DocMAX.
+
+Fixes: 51bdc2b ("Use nf_bridge_info_get() instead of skb->nf_bridge").
+---
+ compat.h      | 2 ++
+ configure     | 1 +
+ ipt_NETFLOW.c | 5 +++++
+ 3 files changed, 8 insertions(+)
+
+diff --git a/compat.h b/compat.h
+index 0f9896b..66e224b 100644
+--- a/compat.h
++++ b/compat.h
+@@ -680,11 +680,13 @@ static inline int is_vlan_dev(struct net_device *dev)
+ #endif
+ 
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0)
++# ifdef CONFIG_BRIDGE_NETFILTER
+ static inline struct nf_bridge_info *
+ nf_bridge_info_get(const struct sk_buff *skb)
+ {
+ 	return skb->nf_bridge;
+ }
++# endif
+ #endif
+ 
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
+diff --git a/configure b/configure
+index 74eece5..8aae8bf 100755
+--- a/configure
++++ b/configure
+@@ -470,6 +470,7 @@ kernel_check_config() {
+   kconfig CONFIG_NF_CONNTRACK_EVENTS	"natevents"
+   kconfig CONFIG_IPV6			"IPv6"
+   kconfig CONFIG_IP6_NF_IPTABLES	"ip6tables target"
++  kconfig CONFIG_BRIDGE_NETFILTER	"physdev override"
+ }
+ 
+ kernel_check_include() {
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index fe25655..064de6c 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -83,6 +83,11 @@
+ #if defined(CONFIG_NF_NAT_NEEDED) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,39)
+ # include <net/netfilter/nf_conntrack_timestamp.h>
+ #endif
++#ifdef ENABLE_PHYSDEV_OVER
++# ifndef CONFIG_BRIDGE_NETFILTER
++#  undef ENABLE_PHYSDEV_OVER
++# endif
++#endif
+ 
+ #define IPT_NETFLOW_VERSION "2.4"   /* Note that if you are using git, you
+ 				       will see version in other format. */

net-firewall/ipt_netflow/files/ipt_netflow-2.5-gentoo.patch

@@ -0,0 +1,61 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -11,7 +11,7 @@
+ SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so
+ SNMPCONF = /etc/snmp/snmpd.conf
+ SNMPLINE = dlmod netflow $(SNMPTGSO)
+-CC = gcc
++CC ?= gcc
+ 
+ # https://www.kernel.org/doc/Documentation/kbuild/modules.txt
+ # https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt
+@@ -22,31 +22,31 @@
+ 
+ ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat_def.h compat.h Makefile
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
+ 	@touch $@
+ compat_def.h: gen_compat_def
+ 	./gen_compat_def > $@
+ sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules C=1
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules C=1
+ 	@touch ipt_NETFLOW.ko
+ coverity:
+ 	coverity-submit -v
+ 
+ minstall: | ipt_NETFLOW.ko
+ 	@echo " *"
+-	make -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
+ 	$(DEPMOD)
+ mclean:
+-	make -C $(KDIR) M=$(CURDIR) clean
++	$(MAKE) -C $(KDIR) M=$(CURDIR) clean
+ lclean:
+ 	-rm -f *.so *_sh.o
+ clean: mclean lclean
+ 	-rm -f *.so *.o modules.order version.h compat_def.h
+ 
+ snmp_NETFLOW.so: snmp_NETFLOW.c
+-	$(CC) -fPIC -shared -o $@ $< -lnetsnmp
++	$(CC) $(CFLAGS) $(LDFLAGS) -fPIC -shared -o $@ $< -lnetsnmp
+ 
+ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
+ 	@echo " *"
+@@ -66,10 +66,10 @@
+ 	fi
+ 
+ %_sh.o: libipt_NETFLOW.c
+-	$(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
++	$(CC) $(CFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
+ 
+ %.so: %_sh.o
+-	$(CC) -shared -o $@ $<
++	$(CC) $(LDFLAGS) -shared -o $@ $<
+ 
+ version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@./version.sh --define > version.h

net-firewall/ipt_netflow/files/ipt_netflow-9999-gentoo.patch

@@ -0,0 +1,57 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -11,7 +11,7 @@ CARGS = @CARGS@
+ SNMPTGSO = /usr/lib/snmp/dlmod/snmp_NETFLOW.so
+ SNMPCONF = /etc/snmp/snmpd.conf
+ SNMPLINE = dlmod netflow $(SNMPTGSO)
+-CC = gcc
++$(CC) ?= gcc
+ 
+ # https://www.kernel.org/doc/Documentation/kbuild/modules.txt
+ # https://www.kernel.org/doc/Documentation/kbuild/makefiles.txt
+@@ -22,31 +22,31 @@ all: ipt_NETFLOW.ko libipt_NETFLOW.so libip6t_NETFLOW.so @SNMPTARGET@
+ 
+ ipt_NETFLOW.ko: version.h ipt_NETFLOW.c ipt_NETFLOW.h compat_def.h compat.h Makefile
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
+ 	@touch $@
+ compat_def.h: gen_compat_def
+ 	./gen_compat_def > $@
+ sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
+ 	@echo Compiling for kernel $(KVERSION)
+-	make -C $(KDIR) M=$(CURDIR) modules C=1
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules C=1
+ 	@touch ipt_NETFLOW.ko
+ coverity:
+ 	coverity-submit -v
+ 
+ minstall: | ipt_NETFLOW.ko
+ 	@echo " *"
+-	make -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
++	$(MAKE) -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
+ 	$(DEPMOD)
+ mclean:
+-	make -C $(KDIR) M=$(CURDIR) clean
++	$(MAKE) -C $(KDIR) M=$(CURDIR) clean
+ lclean:
+ 	-rm -f *.so *_sh.o
+ clean: mclean lclean
+ 	-rm -f *.so *.o modules.order version.h compat_def.h
+ 
+ snmp_NETFLOW.so: snmp_NETFLOW.c
+-	$(CC) -fPIC -shared -o $@ $< -lnetsnmp
++	$(CC) $(CFLAGS) $(LDFLAGS) -fPIC -shared -o $@ $< -lnetsnmp
+ 
+ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
+ 	@echo " *"
+@@ -66,7 +66,7 @@ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-MIB.my
+ 	fi
+ 
+ %_sh.o: libipt_NETFLOW.c
+-	$(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
++	$(CC) $(CFLAGS) $(LDFLAGS) -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
+ 
+ %.so: %_sh.o
+ 	$(CC) -shared -o $@ $<

net-firewall/ipt_netflow/ipt_netflow-2.4.ebuild

@@ -0,0 +1,105 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="
+	https://sourceforge.net/projects/ipt-netflow
+	https://github.com/aabc/ipt-netflow
+"
+SRC_URI="https://github.com/aabc/ipt-netflow/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE="debug dot1q natevents snmp"
+
+RDEPEND="
+	net-firewall/iptables:0=
+	snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+	virtual/linux-sources
+	virtual/pkgconfig
+"
+PATCHES=(
+	"${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
+	"${FILESDIR}/${PN}-2.3-flags.patch"
+	"${FILESDIR}/${P}-bridge_netfilter.patch"
+)
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	use dot1q && local CONFIG_CHECK="~IP_NF_IPTABLES VLAN_8021Q"
+	use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+	if use natevents; then
+		CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
+		if kernel_is lt 5 2; then
+			CONFIG_CHECK+=" NF_NAT_NEEDED"
+		else
+			CONFIG_CHECK+=" NF_NAT"
+		fi
+	fi
+
+	BUILD_TARGETS="all"
+	MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+	IPT_LIB="/usr/$(get_libdir)/xtables"
+
+	linux-mod_pkg_setup
+}
+
+src_unpack() {
+	default
+
+	mv "${WORKDIR}"/${PN/_/-}-* "${WORKDIR}"/${P} || die
+}
+
+src_prepare() {
+	default
+
+	# Checking for directory is enough
+	sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+}
+
+do_conf() {
+	tc-export CC
+	echo ./configure $*
+	./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+	local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+	# this configure script is not based on autotools
+	# ipt-src need to be defined, see bug #455984
+	do_conf \
+		--disable-dkms \
+		--enable-aggregation \
+		--enable-direction \
+		--enable-macaddress \
+		--ipt-lib="${IPT_LIB}" \
+		--ipt-src="/usr/" \
+		--ipt-ver="${IPT_VERSION}" \
+		--kdir="${KV_DIR}" \
+		--kver="${KV_FULL}" \
+		$(use debug && echo '--enable-debugfs') \
+		$(use dot1q && echo '--enable-vlan') \
+		$(use natevents && echo '--enable-natevents') \
+		$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+	emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+	linux-mod_src_install
+	exeinto "${IPT_LIB}"
+	doexe libipt_NETFLOW.so
+	use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+	doheader ipt_NETFLOW.h
+	dodoc README*
+}

net-firewall/ipt_netflow/ipt_netflow-2.5.ebuild

@@ -0,0 +1,104 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="
+	https://sourceforge.net/projects/ipt-netflow
+	https://github.com/aabc/ipt-netflow
+"
+SRC_URI="https://github.com/aabc/ipt-netflow/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="debug natevents snmp"
+
+RDEPEND="
+	net-firewall/iptables:0=
+	snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+	virtual/linux-sources
+	virtual/pkgconfig
+"
+PATCHES=(
+	"${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
+	"${FILESDIR}/${PN}-2.5-gentoo.patch"
+)
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	local CONFIG_CHECK="BRIDGE_NETFILTER ~IP_NF_IPTABLES VLAN_8021Q"
+	use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+	if use natevents; then
+		CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
+		if kernel_is lt 5 2; then
+			CONFIG_CHECK+=" NF_NAT_NEEDED"
+		else
+			CONFIG_CHECK+=" NF_NAT"
+		fi
+	fi
+
+	BUILD_TARGETS="all"
+	MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+	IPT_LIB="/usr/$(get_libdir)/xtables"
+
+	linux-mod_pkg_setup
+}
+
+src_unpack() {
+	default
+
+	mv "${WORKDIR}"/${PN/_/-}-* "${WORKDIR}"/${P} || die
+}
+
+src_prepare() {
+	default
+
+	# Checking for directory is enough
+	sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+}
+
+do_conf() {
+	tc-export CC
+	echo ./configure $*
+	./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+	local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+	# this configure script is not based on autotools
+	# ipt-src need to be defined, see bug #455984
+	do_conf \
+		--disable-dkms \
+		--enable-aggregation \
+		--enable-direction \
+		--enable-macaddress \
+		--enable-vlan \
+		--ipt-lib="${IPT_LIB}" \
+		--ipt-src="/usr/" \
+		--ipt-ver="${IPT_VERSION}" \
+		--kdir="${KV_DIR}" \
+		--kver="${KV_FULL}" \
+		$(use debug && echo '--enable-debugfs') \
+		$(use natevents && echo '--enable-natevents') \
+		$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+	emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+	linux-mod_src_install
+	exeinto "${IPT_LIB}"
+	doexe libipt_NETFLOW.so
+	use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+	doheader ipt_NETFLOW.h
+	dodoc README*
+}

net-firewall/ipt_netflow/ipt_netflow-9999.ebuild

@@ -0,0 +1,105 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit git-r3 linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="
+	https://sourceforge.net/projects/ipt-netflow
+	https://github.com/aabc/ipt-netflow
+"
+EGIT_REPO_URI="https://github.com/aabc/ipt-netflow"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS=""
+
+IUSE="debug natevents snmp"
+
+RDEPEND="
+	net-firewall/iptables:0=
+	snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+	virtual/linux-sources
+	virtual/pkgconfig
+"
+PATCHES=(
+	"${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
+	"${FILESDIR}/${PN}-9999-gentoo.patch"
+)
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	local CONFIG_CHECK="BRIDGE_NETFILTER ~IP_NF_IPTABLES VLAN_8021Q"
+	use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+	if use natevents; then
+		CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
+		if kernel_is lt 5 2; then
+			CONFIG_CHECK+=" NF_NAT_NEEDED"
+		else
+			CONFIG_CHECK+=" NF_NAT"
+		fi
+	fi
+
+	BUILD_TARGETS="all"
+	MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+	IPT_LIB="/usr/$(get_libdir)/xtables"
+
+	linux-mod_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# Fix incorrect module version in sources
+	sed -i \
+		-e '/IPT_NETFLOW_VERSION/s#"[0-9.]*"#"'${PV}'"#' \
+		ipt_NETFLOW.c || die
+
+	# Checking for directory is enough
+	sed -i \
+		-e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' \
+		configure || die
+}
+
+do_conf() {
+	tc-export CC
+	echo ./configure $*
+	./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+	local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+	# this configure script is not based on autotools
+	# ipt-src need to be defined, see bug #455984
+	do_conf \
+		--disable-dkms \
+		--enable-aggregation \
+		--enable-direction \
+		--enable-macaddress \
+		--enable-vlan \
+		--ipt-lib="${IPT_LIB}" \
+		--ipt-src="/usr/" \
+		--ipt-ver="${IPT_VERSION}" \
+		--kdir="${KV_DIR}" \
+		--kver="${KV_FULL}" \
+		$(use debug && echo '--enable-debugfs') \
+		$(use natevents && echo '--enable-natevents') \
+		$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+	emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+	linux-mod_src_install
+	exeinto "${IPT_LIB}"
+	doexe libipt_NETFLOW.so
+	use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+	doheader ipt_NETFLOW.h
+	dodoc README*
+}

net-firewall/ipt_netflow/metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>pinkbyte@gentoo.org</email>
+		<name>Sergey Popov</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>netmon@gentoo.org</email>
+		<name>Gentoo network monitoring and analysis project</name>
+	</maintainer>
+	<use>
+		<flag name="natevents">Netflow NAT translation events (NEL) support</flag>
+		<flag name="dot1q">Enable tagged VLAN support</flag>
+	</use>
+	<upstream>
+		<remote-id type="sourceforge">ipt-netflow</remote-id>
+	</upstream>
+</pkgmetadata>