aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/iptables/patches
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/utils/iptables/patches')
-rw-r--r--package/network/utils/iptables/patches/011-recent-add-reap.patch4
-rw-r--r--package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch2
-rw-r--r--package/network/utils/iptables/patches/110-linux_3.2_compat.patch6
-rw-r--r--package/network/utils/iptables/patches/200-configurable_builtin.patch6
-rw-r--r--package/network/utils/iptables/patches/300-musl_fixes.patch139
5 files changed, 148 insertions, 9 deletions
diff --git a/package/network/utils/iptables/patches/011-recent-add-reap.patch b/package/network/utils/iptables/patches/011-recent-add-reap.patch
index 275265b99d..6a2923feca 100644
--- a/package/network/utils/iptables/patches/011-recent-add-reap.patch
+++ b/package/network/utils/iptables/patches/011-recent-add-reap.patch
@@ -79,7 +79,7 @@ Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
}
static void recent_save(const void *ip, const struct xt_entry_match *match)
-@@ -211,6 +229,8 @@ static void recent_save(const void *ip,
+@@ -211,6 +229,8 @@ static void recent_save(const void *ip,
printf("--rsource ");
if (info->side == XT_RECENT_DEST)
printf("--rdest ");
@@ -90,7 +90,7 @@ Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
static struct xtables_match recent_mt_reg = {
--- a/extensions/libxt_recent.man
+++ b/extensions/libxt_recent.man
-@@ -41,6 +41,11 @@ This option must be used in conjunction
+@@ -41,6 +41,11 @@ This option must be used in conjunction
\fB\-\-update\fP. When used, this will narrow the match to only happen when the
address is in the list and was seen within the last given number of seconds.
.TP
diff --git a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
index 338962ffbe..422058df78 100644
--- a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
+++ b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
@@ -8,7 +8,7 @@
char *buf = NULL;
char *argv[4];
int status;
-@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname,
+@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname,
free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0;
diff --git a/package/network/utils/iptables/patches/110-linux_3.2_compat.patch b/package/network/utils/iptables/patches/110-linux_3.2_compat.patch
index 2cdd673d25..536cb238ad 100644
--- a/package/network/utils/iptables/patches/110-linux_3.2_compat.patch
+++ b/package/network/utils/iptables/patches/110-linux_3.2_compat.patch
@@ -1,6 +1,6 @@
---- iptables-1.4.10/include/linux/types.h.orig 2011-11-07 00:08:33.000000000 +0100
-+++ iptables-1.4.10/include/linux/types.h 2011-11-07 00:09:25.000000000 +0100
-@@ -34,5 +34,9 @@
+--- a/include/linux/types.h
++++ b/include/linux/types.h
+@@ -34,5 +34,9 @@ typedef __u64 __bitwise __be64;
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch
index 9f9cc387c3..4c9c88f675 100644
--- a/package/network/utils/iptables/patches/200-configurable_builtin.patch
+++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch
@@ -1,6 +1,6 @@
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
-@@ -40,9 +40,24 @@
+@@ -40,9 +40,24 @@ pfx_build_mod := $(patsubst ${srcdir}/li
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
@@ -28,7 +28,7 @@
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
-@@ -54,10 +69,10 @@
+@@ -54,10 +69,10 @@ pf6_solibs := $(patsubst %,libip6t_%.
targets := libext4.a libext6.a matches4.man matches6.man \
targets4.man targets6.man
targets_install :=
@@ -43,7 +43,7 @@
.SECONDARY:
-@@ -107,8 +122,8 @@
+@@ -107,8 +122,8 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
diff --git a/package/network/utils/iptables/patches/300-musl_fixes.patch b/package/network/utils/iptables/patches/300-musl_fixes.patch
new file mode 100644
index 0000000000..b6f6a0e1b7
--- /dev/null
+++ b/package/network/utils/iptables/patches/300-musl_fixes.patch
@@ -0,0 +1,139 @@
+--- a/extensions/libip6t_ipv6header.c
++++ b/extensions/libip6t_ipv6header.c
+@@ -15,6 +15,9 @@ on whether they contain certain headers
+ #include <sys/types.h>
+
+ #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
++#ifndef IPPROTO_HOPOPTS
++# define IPPROTO_HOPOPTS 0
++#endif
+
+ /* This maybe required
+ #include <linux/in.h>
+--- a/extensions/libxt_TCPOPTSTRIP.c
++++ b/extensions/libxt_TCPOPTSTRIP.c
+@@ -16,6 +16,21 @@
+ #ifndef TCPOPT_MD5SIG
+ # define TCPOPT_MD5SIG 19
+ #endif
++#ifndef TCPOPT_MAXSEG
++# define TCPOPT_MAXSEG 2
++#endif
++#ifndef TCPOPT_WINDOW
++# define TCPOPT_WINDOW 3
++#endif
++#ifndef TCPOPT_SACK_PERMITTED
++# define TCPOPT_SACK_PERMITTED 4
++#endif
++#ifndef TCPOPT_SACK
++# define TCPOPT_SACK 5
++#endif
++#ifndef TCPOPT_TIMESTAMP
++# define TCPOPT_TIMESTAMP 8
++#endif
+
+ enum {
+ FLAG_STRIP = 1 << 0,
+--- a/include/libiptc/ipt_kernel_headers.h
++++ b/include/libiptc/ipt_kernel_headers.h
+@@ -5,7 +5,6 @@
+
+ #include <limits.h>
+
+-#if defined(__GLIBC__) && __GLIBC__ == 2
+ #include <netinet/ip.h>
+ #include <netinet/in.h>
+ #include <netinet/ip_icmp.h>
+@@ -13,15 +12,4 @@
+ #include <netinet/udp.h>
+ #include <net/if.h>
+ #include <sys/types.h>
+-#else /* libc5 */
+-#include <sys/socket.h>
+-#include <linux/ip.h>
+-#include <linux/in.h>
+-#include <linux/if.h>
+-#include <linux/icmp.h>
+-#include <linux/tcp.h>
+-#include <linux/udp.h>
+-#include <linux/types.h>
+-#include <linux/in6.h>
+-#endif
+ #endif
+--- a/include/linux/netfilter/xt_osf.h
++++ b/include/linux/netfilter/xt_osf.h
+@@ -21,6 +21,9 @@
+ #define _XT_OSF_H
+
+ #include <linux/types.h>
++#if !defined(__UCLIBC__) && !defined(__GLIBC_)
++#include <linux/tcp.h>
++#endif
+
+ #define MAXGENRELEN 32
+
+--- a/include/linux/netfilter_ipv4/ip_tables.h
++++ b/include/linux/netfilter_ipv4/ip_tables.h
+@@ -16,6 +16,7 @@
+ #define _IPTABLES_H
+
+ #include <linux/types.h>
++#include <sys/types.h>
+
+ #include <linux/netfilter_ipv4.h>
+
+--- a/ip6tables-restore.c
++++ b/ip6tables-restore.c
+@@ -11,7 +11,7 @@
+ */
+
+ #include <getopt.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <stdbool.h>
+ #include <string.h>
+ #include <stdio.h>
+--- a/ip6tables-save.c
++++ b/ip6tables-save.c
+@@ -6,7 +6,7 @@
+ * This code is distributed under the terms of GNU GPL v2
+ */
+ #include <getopt.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <stdlib.h>
+--- a/iptables-restore.c
++++ b/iptables-restore.c
+@@ -8,7 +8,7 @@
+ */
+
+ #include <getopt.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <stdbool.h>
+ #include <string.h>
+ #include <stdio.h>
+--- a/iptables-save.c
++++ b/iptables-save.c
+@@ -6,7 +6,7 @@
+ *
+ */
+ #include <getopt.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <stdlib.h>
+--- a/iptables-xml.c
++++ b/iptables-xml.c
+@@ -9,7 +9,7 @@
+ */
+
+ #include <getopt.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <string.h>
+ #include <stdio.h>
+ #include <stdlib.h>