diff options
Diffstat (limited to 'package/network/utils')
4 files changed, 153 insertions, 0 deletions
diff --git a/package/network/utils/ipset/Makefile b/package/network/utils/ipset/Makefile new file mode 100644 index 0000000000..874f160d6f --- /dev/null +++ b/package/network/utils/ipset/Makefile @@ -0,0 +1,82 @@ + +# Copyright (C) 2009-2012 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ipset +PKG_VERSION:=6.11 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=http://ipset.netfilter.org +PKG_MD5SUM:=bfcc92e30a0fcf10ae6e7c4affa03c84 + +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset/Default + DEPENDS:= @(!(TARGET_ps3||TARGET_pxcab)||BROKEN) +endef + +define Package/ipset +$(call Package/ipset/Default) + SECTION:=net + CATEGORY:=Network + DEPENDS+= +iptables-mod-ipset +kmod-ipt-ipset +libmnl + TITLE:=IPset administration utility + URL:=http://ipset.netfilter.org/ +endef + +CONFIGURE_ARGS += \ + --with-kbuild="$(LINUX_DIR)" + +MAKE_FLAGS += \ + ARCH="$(LINUX_KARCH)" + +IPSET_MODULES:= \ + ipset/ip_set \ + ipset/ip_set_bitmap_ip \ + ipset/ip_set_bitmap_ipmac \ + ipset/ip_set_bitmap_port \ + ipset/ip_set_hash_ip \ + ipset/ip_set_hash_ipport \ + ipset/ip_set_hash_ipportip \ + ipset/ip_set_hash_ipportnet \ + ipset/ip_set_hash_net \ + ipset/ip_set_hash_netiface \ + ipset/ip_set_hash_netport \ + ipset/ip_set_list_set \ + xt_set \ + +define Build/Compile + $(call Build/Compile/Default) + $(call Build/Compile/Default,modules) +endef + +define Package/ipset/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipset $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipset*.so* $(1)/usr/lib/ +endef + +define KernelPackage/ipt-ipset +$(call Package/ipset/Default) + SUBMENU:=Netfilter Extensions + TITLE:=IPset netfilter modules + DEPENDS+= +kmod-ipt-core +kmod-nfnetlink + FILES:=$(foreach mod,$(IPSET_MODULES),$(PKG_BUILD_DIR)/kernel/net/netfilter/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) +endef + +$(eval $(call BuildPackage,ipset)) +$(eval $(call KernelPackage,ipt-ipset)) diff --git a/package/network/utils/ipset/patches/100-export.h.patch b/package/network/utils/ipset/patches/100-export.h.patch new file mode 100644 index 0000000000..d8a9ca23df --- /dev/null +++ b/package/network/utils/ipset/patches/100-export.h.patch @@ -0,0 +1,20 @@ +--- a/kernel/net/netfilter/ipset/ip_set_getport.c ++++ b/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -8,7 +8,7 @@ + /* Get Layer-4 data from the packets */ + + #include <linux/version.h> +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include <linux/export.h> + #endif + #include <linux/ip.h> +--- a/kernel/net/netfilter/ipset/pfxlen.c ++++ b/kernel/net/netfilter/ipset/pfxlen.c +@@ -1,5 +1,5 @@ + #include <linux/version.h> +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include <linux/export.h> + #endif + #include <linux/netfilter/ipset/pfxlen.h> diff --git a/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch new file mode 100644 index 0000000000..82a680f389 --- /dev/null +++ b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch @@ -0,0 +1,22 @@ +--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c ++++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c +@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i + static inline void + hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src) + { +- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); ++ dst->ip.in6 = src->ip.in6; + } + + static inline void +--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c ++++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c +@@ -295,7 +295,7 @@ static inline void + hash_net6_data_copy(struct hash_net6_elem *dst, + const struct hash_net6_elem *src) + { +- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); ++ dst->ip.in6 = src->ip.in6; + dst->cidr = src->cidr; + dst->nomatch = src->nomatch; + } diff --git a/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch new file mode 100644 index 0000000000..aaecc79cd1 --- /dev/null +++ b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch @@ -0,0 +1,29 @@ +--- a/kernel/net/netfilter/ipset/ip_set_getport.c ++++ b/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -113,6 +113,17 @@ ip_set_get_ip4_port(const struct sk_buff + EXPORT_SYMBOL_GPL(ip_set_get_ip4_port); + + #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) ++static int ip_set_skip_exthdr(const struct sk_buff *skb, int start, ++ u8 *nexthdrp) ++{ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0) ++ __be16 fragoff; ++ return ipv6_skip_exthdr(skb, start, nexthdrp, &fragoff); ++#else ++ return ipv6_skip_exthdr(skb, start, nexthdrp); ++#endif ++} ++ + bool + ip_set_get_ip6_port(const struct sk_buff *skb, bool src, + __be16 *port, u8 *proto) +@@ -121,7 +132,7 @@ ip_set_get_ip6_port(const struct sk_buff + u8 nexthdr; + + nexthdr = ipv6_hdr(skb)->nexthdr; +- protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); ++ protoff = ip_set_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); + if (protoff < 0) + return false; + |