aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGabor Juhos <juhosg@openwrt.org>2012-05-03 09:43:10 +0000
committerGabor Juhos <juhosg@openwrt.org>2012-05-03 09:43:10 +0000
commit3349cf269125525480485ee40bf30d7f0c8ae17a (patch)
tree92af28bbc824a84906875961c205c1783fa48623
parent60db046ef28501513c3a58e3b23a070fa0b9bcc4 (diff)
downloadupstream-3349cf269125525480485ee40bf30d7f0c8ae17a.tar.gz
upstream-3349cf269125525480485ee40bf30d7f0c8ae17a.tar.bz2
upstream-3349cf269125525480485ee40bf30d7f0c8ae17a.zip
Fix iptables abuse of kernel header files. Use exported headers instead.
[juhosg: export xt_layer7.h for all kernel versions] Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> SVN-Revision: 31566
-rw-r--r--include/kernel-defaults.mk1
-rw-r--r--package/iptables/Makefile8
-rw-r--r--target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch10
-rw-r--r--target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch10
-rw-r--r--target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch10
10 files changed, 85 insertions, 4 deletions
diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
index 0c188502fc..f55ea8a844 100644
--- a/include/kernel-defaults.mk
+++ b/include/kernel-defaults.mk
@@ -106,6 +106,7 @@ define Kernel/Configure/Default
$(call Kernel/SetInitramfs)
-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
rm -rf $(KERNEL_BUILD_DIR)/modules
+ $(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
endef
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 026df266ba..ff7d428215 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -343,26 +343,26 @@ endef
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
- -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
+ -I$(LINUX_DIR)/user_headers/include \
$(TARGET_CPPFLAGS)
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
- -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
+ -I$(LINUX_DIR)/user_headers/include
CONFIGURE_ARGS += \
--enable-shared \
--enable-devel \
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
--enable-libipq \
- --with-kernel="$(LINUX_DIR)" \
+ --with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
--enable-static
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
COPT_FLAGS="$(TARGET_CFLAGS)" \
- KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
+ KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
diff --git a/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch b/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch
index de9c63c357..00b6d480be 100644
--- a/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch
+++ b/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch
@@ -2130,3 +2130,13 @@
+
+module_init(xt_layer7_init);
+module_exit(xt_layer7_fini);
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch
index 8a66cab18e..a32169d49f 100644
--- a/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch
index 8a66cab18e..a32169d49f 100644
--- a/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch
index 87c2e1fc2e..4df080c3d0 100644
--- a/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch
index 389152b4dc..8d2bce2d42 100644
--- a/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch
index 389152b4dc..8d2bce2d42 100644
--- a/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch
index d62eb37572..b3d6bca0f0 100644
--- a/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h
diff --git a/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch
index fe74ae7f51..f3055590ab 100644
--- a/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch
@@ -2130,3 +2130,13 @@
+};
+
+#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h