From fc04815ddc385551d05c5f4317341de1a8873305 Mon Sep 17 00:00:00 2001 From: Ralph Sennhauser Date: Mon, 7 Nov 2016 14:08:28 +0100 Subject: firewall: bump to 2016-11-06 This version fixes loading of extensions for users of musl as it no longer relies on undefined behaviour wrt dlclose. There is also a fix which allows to build firewall without patched kernel headers when using musl. Another major feature is support for iptables-1.6.0 and vanilla iptables in general. Last but not least firewall no longer depends on the "in-house" iptables extension xt_id and uses xt_comment instead for tracking its own rules. For other changes consult the commit log. Signed-off-by: Ralph Sennhauser --- package/network/config/firewall/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'package') diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 73dae29468..f9fa9116b6 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -8,15 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_VERSION:=2016-01-29 -PKG_RELEASE:=$(PKG_SOURCE_VERSION) +PKG_VERSION:=2016-11-06 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(OPENWRT_GIT)/project/firewall3.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=8957be6c026858fe414aef69281d8aa06f7ea122 +PKG_SOURCE_VERSION:=bd40ba4584141ce34f3d5c42841abafccad06bdd PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz -PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=ISC PKG_CONFIG_DEPENDS := CONFIG_IPV6 -- cgit v1.2.3 From dc5d9e714a15b8130f0d2a79f54d4f7132f39a28 Mon Sep 17 00:00:00 2001 From: Ralph Sennhauser Date: Mon, 7 Nov 2016 13:09:50 +0100 Subject: iptables: kernel: drop custom extension xt_id This extension was added specifically for use by firewall3. Since firewall-2016-11-06 no longer uses it remove it before it finds other creative uses. Should there already be such a use-case outside of OpenWrt I suggest to package this extension properly a la xtables-addons instead. Signed-off-by: Ralph Sennhauser --- .../iptables/patches/500-add-xt_id-match.patch | 69 ---------------------- 1 file changed, 69 deletions(-) delete mode 100644 package/network/utils/iptables/patches/500-add-xt_id-match.patch (limited to 'package') diff --git a/package/network/utils/iptables/patches/500-add-xt_id-match.patch b/package/network/utils/iptables/patches/500-add-xt_id-match.patch deleted file mode 100644 index 0964f0175f..0000000000 --- a/package/network/utils/iptables/patches/500-add-xt_id-match.patch +++ /dev/null @@ -1,69 +0,0 @@ ---- /dev/null -+++ b/extensions/libxt_id.c -@@ -0,0 +1,55 @@ -+/* Shared library add-on to iptables to add id match support. */ -+ -+#include -+#include -+#include -+ -+enum { -+ O_ID = 0, -+}; -+ -+static const struct xt_option_entry id_opts[] = { -+ { -+ .name = "id", -+ .id = O_ID, -+ .type = XTTYPE_UINT32, -+ .flags = XTOPT_MAND | XTOPT_PUT, -+ XTOPT_POINTER(struct xt_id_info, id) -+ }, -+ XTOPT_TABLEEND, -+}; -+ -+static void -+id_print(const void *ip, const struct xt_entry_match *match, int numeric) -+{ -+ struct xt_id_info *idinfo = (void *)match->data; -+ -+ printf(" ID:%08lx", idinfo->id); -+} -+ -+ -+/* Saves the union ipt_matchinfo in parsable form to stdout. */ -+static void -+id_save(const void *ip, const struct xt_entry_match *match) -+{ -+ struct xt_id_info *idinfo = (void *)match->data; -+ -+ printf(" --id 0x%lx", idinfo->id); -+} -+ -+static struct xtables_match id_match = { -+ .family = NFPROTO_UNSPEC, -+ .name = "id", -+ .version = XTABLES_VERSION, -+ .size = XT_ALIGN(sizeof(struct xt_id_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_id_info)), -+ .print = id_print, -+ .save = id_save, -+ .x6_parse = xtables_option_parse, -+ .x6_options = id_opts, -+}; -+ -+void _init(void) -+{ -+ xtables_register_match(&id_match); -+} ---- /dev/null -+++ b/include/linux/netfilter/xt_id.h -@@ -0,0 +1,8 @@ -+#ifndef _XT_ID_H -+#define _XT_ID_H -+ -+struct xt_id_info { -+ __u32 id; -+}; -+ -+#endif /* XT_ID_H */ -- cgit v1.2.3