This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, kernel-update has been updated via df1374700091096fcf75a2560e4894e9a8752e8b (commit) via 8e57f223289aeb8cf2eae3246cbd2dbf6ef29a12 (commit) from 50b5d7ce0bc813a35d3daaba150a87c1ae990faa (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit df1374700091096fcf75a2560e4894e9a8752e8b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jul 29 16:28:12 2012 +0200
iptables: update to 1.4.14.
commit 8e57f223289aeb8cf2eae3246cbd2dbf6ef29a12 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jul 29 16:24:05 2012 +0200
miniupnpd: fix for build with newer iptables.
IPT_ALIGN is replaces by XT_ALIGN since iptables 1.4 and the compatiblity macro is removed in 1.4.14.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/iptables | 116 ++++--------- lfs/iptables | 10 +- lfs/miniupnpd | 5 +- ..._test1.patch => iptables-1.4.12-IMQ-test4.diff} | 47 ++++-- ...ch => iptables-1.4.14-ipp2p-0.8.2-ipfire.patch} | 4 +- src/patches/iptables-1.4.6-errorno_includes.patch | 170 -------------------- src/patches/miniupnpd-1.4_use_XT_ALIGN.patch | 47 ++++++ 7 files changed, 124 insertions(+), 275 deletions(-) rename src/patches/{iptables-1.4.6-imq_test1.patch => iptables-1.4.12-IMQ-test4.diff} (60%) rename src/patches/{iptables-1.4.6-ipp2p-0.8.2-pomng.patch => iptables-1.4.14-ipp2p-0.8.2-ipfire.patch} (99%) delete mode 100644 src/patches/iptables-1.4.6-errorno_includes.patch create mode 100644 src/patches/miniupnpd-1.4_use_XT_ALIGN.patch
Difference in files: diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 8e1a6e4..e958a93 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -1,21 +1,27 @@ #lib/libip4tc.la lib/libip4tc.so lib/libip4tc.so.0 -lib/libip4tc.so.0.0.0 +lib/libip4tc.so.0.1.0 #lib/libip6tc.la lib/libip6tc.so lib/libip6tc.so.0 -lib/libip6tc.so.0.0.0 -#lib/libipq.a +lib/libip6tc.so.0.1.0 +#lib/libipq.la +lib/libipq.so +lib/libipq.so.0 +lib/libipq.so.0.0.0 #lib/libiptc.la lib/libiptc.so lib/libiptc.so.0 lib/libiptc.so.0.0.0 #lib/libxtables.la lib/libxtables.so -lib/libxtables.so.4 -lib/libxtables.so.4.0.0 +lib/libxtables.so.7 +lib/libxtables.so.7.0.0 #lib/pkgconfig +#lib/pkgconfig/libip4tc.pc +#lib/pkgconfig/libip6tc.pc +#lib/pkgconfig/libipq.pc #lib/pkgconfig/libiptc.pc #lib/pkgconfig/xtables.pc lib/xtables @@ -42,52 +48,62 @@ lib/xtables #lib/xtables/libipt_REDIRECT.so #lib/xtables/libipt_REJECT.so #lib/xtables/libipt_SAME.so -#lib/xtables/libipt_SET.so #lib/xtables/libipt_SNAT.so #lib/xtables/libipt_TTL.so #lib/xtables/libipt_ULOG.so -#lib/xtables/libipt_addrtype.so #lib/xtables/libipt_ah.so -#lib/xtables/libipt_ecn.so #lib/xtables/libipt_icmp.so #lib/xtables/libipt_ipp2p.so #lib/xtables/libipt_realm.so -#lib/xtables/libipt_set.so #lib/xtables/libipt_ttl.so #lib/xtables/libipt_unclean.so +#lib/xtables/libxt_AUDIT.so +#lib/xtables/libxt_CHECKSUM.so #lib/xtables/libxt_CLASSIFY.so #lib/xtables/libxt_CONNMARK.so #lib/xtables/libxt_CONNSECMARK.so +#lib/xtables/libxt_CT.so #lib/xtables/libxt_DSCP.so +#lib/xtables/libxt_IDLETIMER.so #lib/xtables/libxt_IMQ.so +#lib/xtables/libxt_LED.so #lib/xtables/libxt_MARK.so #lib/xtables/libxt_NFLOG.so #lib/xtables/libxt_NFQUEUE.so #lib/xtables/libxt_NOTRACK.so #lib/xtables/libxt_RATEEST.so #lib/xtables/libxt_SECMARK.so +#lib/xtables/libxt_SET.so #lib/xtables/libxt_TCPMSS.so #lib/xtables/libxt_TCPOPTSTRIP.so +#lib/xtables/libxt_TEE.so #lib/xtables/libxt_TOS.so #lib/xtables/libxt_TPROXY.so #lib/xtables/libxt_TRACE.so +#lib/xtables/libxt_addrtype.so #lib/xtables/libxt_cluster.so #lib/xtables/libxt_comment.so #lib/xtables/libxt_connbytes.so #lib/xtables/libxt_connlimit.so #lib/xtables/libxt_connmark.so #lib/xtables/libxt_conntrack.so +#lib/xtables/libxt_cpu.so +#lib/xtables/libxt_dccp.so +#lib/xtables/libxt_devgroup.so #lib/xtables/libxt_dscp.so +#lib/xtables/libxt_ecn.so #lib/xtables/libxt_esp.so #lib/xtables/libxt_hashlimit.so #lib/xtables/libxt_helper.so #lib/xtables/libxt_iprange.so +#lib/xtables/libxt_ipvs.so #lib/xtables/libxt_layer7.so #lib/xtables/libxt_length.so #lib/xtables/libxt_limit.so #lib/xtables/libxt_mac.so #lib/xtables/libxt_mark.so #lib/xtables/libxt_multiport.so +#lib/xtables/libxt_nfacct.so #lib/xtables/libxt_osf.so #lib/xtables/libxt_owner.so #lib/xtables/libxt_physdev.so @@ -96,7 +112,9 @@ lib/xtables #lib/xtables/libxt_quota.so #lib/xtables/libxt_rateest.so #lib/xtables/libxt_recent.so +#lib/xtables/libxt_rpfilter.so #lib/xtables/libxt_sctp.so +#lib/xtables/libxt_set.so #lib/xtables/libxt_socket.so #lib/xtables/libxt_standard.so #lib/xtables/libxt_state.so @@ -108,18 +126,14 @@ lib/xtables #lib/xtables/libxt_tos.so #lib/xtables/libxt_u32.so #lib/xtables/libxt_udp.so -#sbin/ip6tables -#sbin/ip6tables-multi -#sbin/ip6tables-restore -#sbin/ip6tables-save +sbin/ip6tables +sbin/ip6tables-restore +sbin/ip6tables-save sbin/iptables -sbin/iptables-multi -#sbin/iptables-restore -#sbin/iptables-save -#sbin/iptables-xml -#usr/include/asm-generic -#usr/include/asm-generic/errno-base.h -#usr/include/asm-generic/errno.h +sbin/iptables-restore +sbin/iptables-save +sbin/iptables-xml +sbin/xtables-multi #usr/include/iptables #usr/include/iptables.h #usr/include/iptables/internal.h @@ -129,6 +143,7 @@ sbin/iptables-multi #usr/include/libiptc/libip6tc.h #usr/include/libiptc/libiptc.h #usr/include/libiptc/libxtc.h +#usr/include/libiptc/xtcshared.h #usr/include/libipulog #usr/include/libipulog/libipulog.h #usr/include/libnetfilter_queue @@ -139,12 +154,9 @@ sbin/iptables-multi #usr/include/libnfnetlink/libnfnetlink.h #usr/include/libnfnetlink/linux_nfnetlink.h #usr/include/libnfnetlink/linux_nfnetlink_compat.h -#usr/include/linux/netfilter #usr/include/linux/netfilter/Kbuild #usr/include/linux/netfilter/nf_conntrack_amanda.h -#usr/include/linux/netfilter/nf_conntrack_common.h #usr/include/linux/netfilter/nf_conntrack_dccp.h -#usr/include/linux/netfilter/nf_conntrack_ftp.h #usr/include/linux/netfilter/nf_conntrack_h323.h #usr/include/linux/netfilter/nf_conntrack_h323_asn1.h #usr/include/linux/netfilter/nf_conntrack_h323_types.h @@ -152,67 +164,11 @@ sbin/iptables-multi #usr/include/linux/netfilter/nf_conntrack_pptp.h #usr/include/linux/netfilter/nf_conntrack_proto_gre.h #usr/include/linux/netfilter/nf_conntrack_sane.h -#usr/include/linux/netfilter/nf_conntrack_sctp.h #usr/include/linux/netfilter/nf_conntrack_sip.h -#usr/include/linux/netfilter/nf_conntrack_tcp.h #usr/include/linux/netfilter/nf_conntrack_tftp.h -#usr/include/linux/netfilter/nf_conntrack_tuple_common.h -#usr/include/linux/netfilter/nfnetlink.h -#usr/include/linux/netfilter/nfnetlink_compat.h -#usr/include/linux/netfilter/nfnetlink_conntrack.h -#usr/include/linux/netfilter/nfnetlink_log.h -#usr/include/linux/netfilter/nfnetlink_queue.h -#usr/include/linux/netfilter/x_tables.h -#usr/include/linux/netfilter/xt_CLASSIFY.h -#usr/include/linux/netfilter/xt_CONNMARK.h -#usr/include/linux/netfilter/xt_CONNSECMARK.h -#usr/include/linux/netfilter/xt_DSCP.h #usr/include/linux/netfilter/xt_IMQ.h -#usr/include/linux/netfilter/xt_LED.h -#usr/include/linux/netfilter/xt_MARK.h -#usr/include/linux/netfilter/xt_NFLOG.h -#usr/include/linux/netfilter/xt_NFQUEUE.h -#usr/include/linux/netfilter/xt_RATEEST.h -#usr/include/linux/netfilter/xt_SECMARK.h -#usr/include/linux/netfilter/xt_TCPMSS.h -#usr/include/linux/netfilter/xt_TCPOPTSTRIP.h -#usr/include/linux/netfilter/xt_TPROXY.h -#usr/include/linux/netfilter/xt_cluster.h -#usr/include/linux/netfilter/xt_comment.h -#usr/include/linux/netfilter/xt_connbytes.h -#usr/include/linux/netfilter/xt_connlimit.h -#usr/include/linux/netfilter/xt_connmark.h -#usr/include/linux/netfilter/xt_conntrack.h -#usr/include/linux/netfilter/xt_dccp.h -#usr/include/linux/netfilter/xt_dscp.h -#usr/include/linux/netfilter/xt_esp.h -#usr/include/linux/netfilter/xt_hashlimit.h -#usr/include/linux/netfilter/xt_helper.h -#usr/include/linux/netfilter/xt_iprange.h #usr/include/linux/netfilter/xt_layer7.h -#usr/include/linux/netfilter/xt_length.h -#usr/include/linux/netfilter/xt_limit.h -#usr/include/linux/netfilter/xt_mac.h -#usr/include/linux/netfilter/xt_mark.h -#usr/include/linux/netfilter/xt_multiport.h -#usr/include/linux/netfilter/xt_osf.h -#usr/include/linux/netfilter/xt_owner.h -#usr/include/linux/netfilter/xt_physdev.h -#usr/include/linux/netfilter/xt_pkttype.h -#usr/include/linux/netfilter/xt_policy.h -#usr/include/linux/netfilter/xt_quota.h -#usr/include/linux/netfilter/xt_rateest.h -#usr/include/linux/netfilter/xt_realm.h -#usr/include/linux/netfilter/xt_recent.h -#usr/include/linux/netfilter/xt_sctp.h #usr/include/linux/netfilter/xt_socket.h -#usr/include/linux/netfilter/xt_state.h -#usr/include/linux/netfilter/xt_statistic.h -#usr/include/linux/netfilter/xt_string.h -#usr/include/linux/netfilter/xt_tcpmss.h -#usr/include/linux/netfilter/xt_tcpudp.h -#usr/include/linux/netfilter/xt_time.h -#usr/include/linux/netfilter/xt_u32.h #usr/include/net/netfilter #usr/include/net/netfilter/nf_conntrack_tuple.h #usr/include/net/netfilter/nf_nat.h @@ -234,6 +190,7 @@ usr/lib/libnfnetlink.so.0 usr/lib/libnfnetlink.so.0.2.0 #usr/lib/pkgconfig/libnetfilter_queue.pc #usr/lib/pkgconfig/libnfnetlink.pc +#usr/share/man/man1/iptables-xml.1 #usr/share/man/man3/ipq_create_handle.3 #usr/share/man/man3/ipq_destroy_handle.3 #usr/share/man/man3/ipq_errstr.3 @@ -250,5 +207,4 @@ usr/lib/libnfnetlink.so.0.2.0 #usr/share/man/man8/ip6tables.8 #usr/share/man/man8/iptables-restore.8 #usr/share/man/man8/iptables-save.8 -#usr/share/man/man8/iptables-xml.8 #usr/share/man/man8/iptables.8 diff --git a/lfs/iptables b/lfs/iptables index 6d36990..33a00e4 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -24,7 +24,7 @@
include Config
-VER = 1.4.6 +VER = 1.4.14
THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz libnfnetlink-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-1.0.0.tar.bz2 libnetfilter_queue-0.0.17.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.17.tar.bz2
-$(DL_FILE)_MD5 = c67cf30e281a924def6426be0973df56 +$(DL_FILE)_MD5 = 5ab24ad683f76689cfe7e0c73f44855d netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f libnfnetlink-1.0.0.tar.bz2_MD5 = 016fdec8389242615024c529acc1adb8 libnetfilter_queue-0.0.17.tar.bz2_MD5 = 2cde35e678ead3a8f9eb896bf807a159 @@ -89,11 +89,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ./extensions/
# ipp2p 0.8.2-pomng - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch
# imq - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.6-imq_test1.patch - chmod +x $(DIR_APP)/extensions/.IMQ-test* + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff +# chmod +x $(DIR_APP)/extensions/.IMQ-test*
cd $(DIR_APP) && ./configure --prefix=/usr --with-ksource=/usr/src/linux \ --libdir=/lib --includedir=/usr/include --enable-libipq \ diff --git a/lfs/miniupnpd b/lfs/miniupnpd index 470fc28..c7ba937 100644 --- a/lfs/miniupnpd +++ b/lfs/miniupnpd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2012 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = miniupnpd -PAK_VER = 0 +PAK_VER = 1
############################################################################### # Top-level Rules @@ -76,6 +76,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/miniupnpd-iptcrdr.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch cd $(DIR_APP) && make -f Makefile.linux \ CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff new file mode 100644 index 0000000..5ce17e1 --- /dev/null +++ b/src/patches/iptables-1.4.12-IMQ-test4.diff @@ -0,0 +1,141 @@ +diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c +--- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,105 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <getopt.h> ++ ++#include <xtables.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_IMQ.h> ++ ++/* Function which prints out usage message. */ ++static void IMQ_help(void) ++{ ++ printf( ++"IMQ target options:\n" ++" --todev <N> enqueue to imq<N>, defaults to 0\n"); ++ ++} ++ ++static struct option IMQ_opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void IMQ_init(struct xt_entry_target *t) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; ++ ++ mr->todev = 0; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, ++ const void *entry, struct xt_entry_target **target) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) ++ xtables_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++*/ ++ mr->todev=atoi(optarg); ++ break; ++ ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++/* Prints out the targinfo. */ ++static void IMQ_print(const void *ip, ++ const struct xt_entry_target *target, ++ int numeric) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void IMQ_save(const void *ip, const struct xt_entry_target *target) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; ++ ++ printf(" --todev %u", mr->todev); ++} ++ ++static struct xtables_target imq_target = { ++ .name = "IMQ", ++ .version = XTABLES_VERSION, ++ .family = NFPROTO_IPV4, ++ .size = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .help = IMQ_help, ++ .init = IMQ_init, ++ .parse = IMQ_parse, ++ .print = IMQ_print, ++ .save = IMQ_save, ++ .extra_opts = IMQ_opts, ++}; ++ ++static struct xtables_target imq_target6 = { ++ .name = "IMQ", ++ .version = XTABLES_VERSION, ++ .family = NFPROTO_IPV6, ++ .size = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .help = IMQ_help, ++ .init = IMQ_init, ++ .parse = IMQ_parse, ++ .print = IMQ_print, ++ .save = IMQ_save, ++ .extra_opts = IMQ_opts, ++}; ++ ++// void __attribute((constructor)) nf_ext_init(void){ ++void _init(void){ ++ xtables_register_target(&imq_target); ++ xtables_register_target(&imq_target6); ++} +diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man +--- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,15 @@ ++This target is used to redirect the traffic to the IMQ driver and you can apply ++QoS rules like HTB or CBQ. ++For example you can select only traffic comming from a specific interface or ++is going out on a specific interface. ++Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic ++or AFTER NAT in the case of incomming traffic. ++.TP ++\fB--to-dev\fP \fIvalue\fP ++Set the IMQ interface where to send this traffic ++.TP ++Example: ++.TP ++Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: ++iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0 ++iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1 +diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h +--- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,9 @@ ++#ifndef _XT_IMQ_H ++#define _XT_IMQ_H ++ ++struct xt_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _XT_IMQ_H */ ++ diff --git a/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch b/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch new file mode 100644 index 0000000..9a11eb5 --- /dev/null +++ b/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch @@ -0,0 +1,481 @@ +diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test +--- iptables-1.4.6.org/extensions/.ipp2p-test 1970-01-01 01:00:00.000000000 +0100 ++++ iptables-1.4.6/extensions/.ipp2p-test 2010-02-13 20:02:52.000000000 +0100 +@@ -0,0 +1,2 @@ ++#! /bin/sh ++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p +diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c +--- iptables-1.4.6.org/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 ++++ iptables-1.4.6/extensions/libipt_ipp2p.c 2010-02-13 20:02:52.000000000 +0100 +@@ -0,0 +1,424 @@ ++#include <stdio.h> ++#include <netdb.h> ++#include <string.h> ++#include <stdlib.h> ++#include <getopt.h> ++#include <ctype.h> ++ ++#include <iptables.h> ++ ++#include <linux/netfilter_ipv4/ipt_ipp2p.h> ++ ++#ifndef XTABLES_VERSION ++#define XTABLES_VERSION IPTABLES_VERSION ++#endif ++ ++#ifdef IPT_LIB_DIR ++#define xtables_target iptables_target ++#define xtables_register_target register_target ++#endif ++ ++static void ++help(void) ++{ ++ printf( ++ "IPP2P v%s options:\n" ++ " --ipp2p Grab all known p2p packets\n" ++ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n" ++ " --dc [TCP] All known Direct Connect packets\n" ++ " --kazaa [TCP&UDP] All known KaZaA packets\n" ++ " --gnu [TCP&UDP] All known Gnutella packets\n" ++ " --bit [TCP&UDP] All known BitTorrent packets\n" ++ " --apple [TCP] All known AppleJuice packets\n" ++ " --winmx [TCP] All known WinMX\n" ++ " --soul [TCP] All known SoulSeek\n" ++ " --ares [TCP] All known Ares\n\n" ++ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n" ++ " --mute [TCP] All known Mute packets\n" ++ " --waste [TCP] All known Waste packets\n" ++ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n" ++ " DEBUG SUPPPORT, use only if you know why\n" ++ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" ++ "\nNote that the follwing options will have the same meaning:\n" ++ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" ++ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" ++ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" ++ "\nSee README included with this package for more details or visit http://www.ipp2p.org%5Cn" ++ "\nExamples:\n" ++ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n" ++ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n" ++ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n" ++ , IPP2P_VERSION); ++} ++ ++static struct option opts[] = { ++ { "ipp2p", 0, 0, '1' }, ++ { "edk", 0, 0, '2' }, ++ { "dc", 0, 0, '7' }, ++ { "gnu", 0, 0, '9' }, ++ { "kazaa", 0, 0, 'a' }, ++ { "bit", 0, 0, 'b' }, ++ { "apple", 0, 0, 'c' }, ++ { "soul", 0, 0, 'd' }, ++ { "winmx", 0, 0, 'e' }, ++ { "ares", 0, 0, 'f' }, ++ { "mute", 0, 0, 'g' }, ++ { "waste", 0, 0, 'h' }, ++ { "xdcc", 0, 0, 'i' }, ++ { "debug", 0, 0, 'j' }, ++ {0} ++}; ++ ++ ++static void ++#ifdef _XTABLES_H ++init(struct xt_entry_match *m) ++#else ++init(struct ipt_entry_match *t, unsigned int *nfcache) ++#endif ++{ ++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data; ++ ++#ifndef _XTABLES_H ++ *nfcache |= NFC_UNKNOWN; ++#endif ++ ++ /*init the module with default values*/ ++ info->cmd = 0; ++ info->debug = 0; ++ ++} ++ ++ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++#ifdef _XTABLES_H ++ const void *entry, struct xt_entry_match **match) ++#else ++ const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) ++#endif ++{ ++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; ++ ++ switch (c) { ++ case '1': /*cmd: ipp2p*/ ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified once!"); ++ ++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p-data' may only be " ++ "specified alone!"); ++*/ ++ ++ if ((*flags) != 0) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += SHORT_HAND_IPP2P; ++ info->cmd = *flags; ++ break; ++ ++ case '2': /*cmd: edk*/ ++ if ((*flags & IPP2P_EDK) == IPP2P_EDK) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--edk' may only be " ++ "specified once"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p-data' may only be " ++ "specified alone!");*/ ++ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_EDK; ++ info->cmd = *flags; ++ break; ++ ++ ++ case '7': /*cmd: dc*/ ++ if ((*flags & IPP2P_DC) == IPP2P_DC) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--dc' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p-data' may only be " ++ "specified alone!");*/ ++ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_DC; ++ info->cmd = *flags; ++ break; ++ ++ ++ case '9': /*cmd: gnu*/ ++ if ((*flags & IPP2P_GNU) == IPP2P_GNU) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--gnu' may only be " ++ "specified once!"); ++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p-data' may only be " ++ "specified alone!");*/ ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_GNU; ++ info->cmd = *flags; ++ break; ++ ++ case 'a': /*cmd: kazaa*/ ++ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--kazaa' may only be " ++ "specified once!"); ++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p-data' may only be " ++ "specified alone!");*/ ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_KAZAA; ++ info->cmd = *flags; ++ break; ++ ++ case 'b': /*cmd: bit*/ ++ if ((*flags & IPP2P_BIT) == IPP2P_BIT) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--bit' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_BIT; ++ info->cmd = *flags; ++ break; ++ ++ case 'c': /*cmd: apple*/ ++ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--apple' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_APPLE; ++ info->cmd = *flags; ++ break; ++ ++ ++ case 'd': /*cmd: soul*/ ++ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--soul' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_SOUL; ++ info->cmd = *flags; ++ break; ++ ++ ++ case 'e': /*cmd: winmx*/ ++ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--winmx' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_WINMX; ++ info->cmd = *flags; ++ break; ++ ++ case 'f': /*cmd: ares*/ ++ if ((*flags & IPP2P_ARES) == IPP2P_ARES) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ares' may only be " ++ "specified once!"); ++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ipp2p' may only be " ++ "specified alone!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_ARES; ++ info->cmd = *flags; ++ break; ++ ++ case 'g': /*cmd: mute*/ ++ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--mute' may only be " ++ "specified once!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_MUTE; ++ info->cmd = *flags; ++ break; ++ case 'h': /*cmd: waste*/ ++ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--waste' may only be " ++ "specified once!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_WASTE; ++ info->cmd = *flags; ++ break; ++ case 'i': /*cmd: xdcc*/ ++ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC) ++ xtables_error(PARAMETER_PROBLEM, ++ "ipp2p: `--ares' may only be " ++ "specified once!"); ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ *flags += IPP2P_XDCC; ++ info->cmd = *flags; ++ break; ++ ++ case 'j': /*cmd: debug*/ ++ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); ++ info->debug = 1; ++ break; ++ ++ default: ++// xtables_error(PARAMETER_PROBLEM, ++// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); ++ return 0; ++ } ++ return 1; ++} ++ ++ ++static void ++final_check(unsigned int flags) ++{ ++ if (!flags) ++ xtables_error(PARAMETER_PROBLEM, ++ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); ++} ++ ++static void ++#ifdef _XTABLES_H ++print(const void *ip, ++ const struct xt_entry_match *match, ++#else ++print(const struct ipt_ip *ip, ++ const struct ipt_entry_match *match, ++#endif ++ int numeric) ++{ ++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; ++ ++ printf("ipp2p v%s", IPP2P_VERSION); ++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p"); ++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data"); ++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa"); ++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data"); ++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data"); ++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); ++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); ++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data"); ++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data"); ++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc"); ++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit"); ++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple"); ++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul"); ++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx"); ++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares"); ++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); ++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); ++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); ++ if (info->debug != 0) printf(" --debug"); ++ printf(" "); ++} ++ ++static void ++#ifdef _XTABLES_H ++save(const void *ip, ++ const struct xt_entry_match *match) ++#else ++save(const struct ipt_ip *ip, ++ const struct ipt_entry_match *match) ++#endif ++{ ++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; ++ ++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p "); ++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data "); ++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa "); ++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data "); ++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data "); ++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu "); ++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk "); ++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data "); ++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data "); ++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc "); ++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit "); ++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple "); ++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul "); ++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx "); ++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares "); ++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); ++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); ++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); ++ if (info->debug != 0) printf("--debug "); ++} ++ ++ ++static ++struct xtables_match ipp2p= ++{ ++ .next = NULL, ++ .name = "ipp2p", ++ .version = XTABLES_VERSION, ++ .size = XT_ALIGN(sizeof(struct ipt_p2p_info)), ++ .userspacesize = XT_ALIGN(sizeof(struct ipt_p2p_info)), ++ .help = &help, ++ .init = &init, ++ .parse = &parse, ++ .final_check = &final_check, ++ .print = &print, ++ .save = &save, ++ .extra_opts = opts ++}; ++ ++ ++ ++void _init(void) ++{ ++ xtables_register_match(&ipp2p); ++} ++ +diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man +--- iptables-1.4.6.org/extensions/libipt_ipp2p.man 1970-01-01 01:00:00.000000000 +0100 ++++ iptables-1.4.6/extensions/libipt_ipp2p.man 2010-02-13 20:02:52.000000000 +0100 +@@ -0,0 +1,43 @@ ++This module matches certain packets in P2P flows. It is not ++designed to match all packets belonging to a P2P connection - ++use IPP2P together with CONNMARK for this purpose. Also visit ++http://www.ipp2p.org for detailed information. ++ ++Use it together with -p tcp or -p udp to search these protocols ++only or without -p switch to search packets of both protocols. ++ ++IPP2P provides the following options: ++.TP ++.B "--edk " ++Matches as many eDonkey/eMule packets as possible. ++.TP ++.B "--kazaa " ++Matches as many KaZaA packets as possible. ++.TP ++.B "--gnu " ++Matches as many Gnutella packets as possible. ++.TP ++.B "--dc " ++Matches as many Direct Connect packets as possible. ++.TP ++.B "--bit " ++Matches BitTorrent packets. ++.TP ++.B "--apple " ++Matches AppleJuice packets. ++.TP ++.B "--soul " ++Matches some SoulSeek packets. Considered as beta, use careful! ++.TP ++.B "--winmx " ++Matches some WinMX packets. Considered as beta, use careful! ++.TP ++.B "--ares " ++Matches Ares and AresLite packets. Use together with -j DROP only. ++.TP ++.B "--ipp2p " ++Short hand for: --edk --kazaa --gnu --dc ++.TP ++.B "--debug " ++Prints some information about each hit into kernel logfile. May ++produce huge logfiles so beware! diff --git a/src/patches/iptables-1.4.6-errorno_includes.patch b/src/patches/iptables-1.4.6-errorno_includes.patch deleted file mode 100644 index a25c5a3..0000000 --- a/src/patches/iptables-1.4.6-errorno_includes.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff -Naur include.org/asm/errno.h include/asm/errno.h ---- include.org/asm/errno.h 2010-02-12 18:21:40.000000000 +0100 -+++ include/asm/errno.h 2010-02-12 18:19:41.000000000 +0100 -@@ -5,4 +5,8 @@ - #include <linux/errno.h> - #endif - -+#ifndef _ASM_GENERIC_ERRNO_H -+ #include <asm-generic/errno.h> -+#endif -+ - #endif -diff -Naur include.org/asm-generic/errno-base.h include/asm-generic/errno-base.h ---- include.org/asm-generic/errno-base.h 1970-01-01 01:00:00.000000000 +0100 -+++ include/asm-generic/errno-base.h 2010-02-09 13:57:19.000000000 +0100 -@@ -0,0 +1,39 @@ -+#ifndef _ASM_GENERIC_ERRNO_BASE_H -+#define _ASM_GENERIC_ERRNO_BASE_H -+ -+#define EPERM 1 /* Operation not permitted */ -+#define ENOENT 2 /* No such file or directory */ -+#define ESRCH 3 /* No such process */ -+#define EINTR 4 /* Interrupted system call */ -+#define EIO 5 /* I/O error */ -+#define ENXIO 6 /* No such device or address */ -+#define E2BIG 7 /* Argument list too long */ -+#define ENOEXEC 8 /* Exec format error */ -+#define EBADF 9 /* Bad file number */ -+#define ECHILD 10 /* No child processes */ -+#define EAGAIN 11 /* Try again */ -+#define ENOMEM 12 /* Out of memory */ -+#define EACCES 13 /* Permission denied */ -+#define EFAULT 14 /* Bad address */ -+#define ENOTBLK 15 /* Block device required */ -+#define EBUSY 16 /* Device or resource busy */ -+#define EEXIST 17 /* File exists */ -+#define EXDEV 18 /* Cross-device link */ -+#define ENODEV 19 /* No such device */ -+#define ENOTDIR 20 /* Not a directory */ -+#define EISDIR 21 /* Is a directory */ -+#define EINVAL 22 /* Invalid argument */ -+#define ENFILE 23 /* File table overflow */ -+#define EMFILE 24 /* Too many open files */ -+#define ENOTTY 25 /* Not a typewriter */ -+#define ETXTBSY 26 /* Text file busy */ -+#define EFBIG 27 /* File too large */ -+#define ENOSPC 28 /* No space left on device */ -+#define ESPIPE 29 /* Illegal seek */ -+#define EROFS 30 /* Read-only file system */ -+#define EMLINK 31 /* Too many links */ -+#define EPIPE 32 /* Broken pipe */ -+#define EDOM 33 /* Math argument out of domain of func */ -+#define ERANGE 34 /* Math result not representable */ -+ -+#endif -diff -Naur include.org/asm-generic/errno.h include/asm-generic/errno.h ---- include.org/asm-generic/errno.h 1970-01-01 01:00:00.000000000 +0100 -+++ include/asm-generic/errno.h 2010-02-09 13:57:19.000000000 +0100 -@@ -0,0 +1,111 @@ -+#ifndef _ASM_GENERIC_ERRNO_H -+#define _ASM_GENERIC_ERRNO_H -+ -+#include <asm-generic/errno-base.h> -+ -+#define EDEADLK 35 /* Resource deadlock would occur */ -+#define ENAMETOOLONG 36 /* File name too long */ -+#define ENOLCK 37 /* No record locks available */ -+#define ENOSYS 38 /* Function not implemented */ -+#define ENOTEMPTY 39 /* Directory not empty */ -+#define ELOOP 40 /* Too many symbolic links encountered */ -+#define EWOULDBLOCK EAGAIN /* Operation would block */ -+#define ENOMSG 42 /* No message of desired type */ -+#define EIDRM 43 /* Identifier removed */ -+#define ECHRNG 44 /* Channel number out of range */ -+#define EL2NSYNC 45 /* Level 2 not synchronized */ -+#define EL3HLT 46 /* Level 3 halted */ -+#define EL3RST 47 /* Level 3 reset */ -+#define ELNRNG 48 /* Link number out of range */ -+#define EUNATCH 49 /* Protocol driver not attached */ -+#define ENOCSI 50 /* No CSI structure available */ -+#define EL2HLT 51 /* Level 2 halted */ -+#define EBADE 52 /* Invalid exchange */ -+#define EBADR 53 /* Invalid request descriptor */ -+#define EXFULL 54 /* Exchange full */ -+#define ENOANO 55 /* No anode */ -+#define EBADRQC 56 /* Invalid request code */ -+#define EBADSLT 57 /* Invalid slot */ -+ -+#define EDEADLOCK EDEADLK -+ -+#define EBFONT 59 /* Bad font file format */ -+#define ENOSTR 60 /* Device not a stream */ -+#define ENODATA 61 /* No data available */ -+#define ETIME 62 /* Timer expired */ -+#define ENOSR 63 /* Out of streams resources */ -+#define ENONET 64 /* Machine is not on the network */ -+#define ENOPKG 65 /* Package not installed */ -+#define EREMOTE 66 /* Object is remote */ -+#define ENOLINK 67 /* Link has been severed */ -+#define EADV 68 /* Advertise error */ -+#define ESRMNT 69 /* Srmount error */ -+#define ECOMM 70 /* Communication error on send */ -+#define EPROTO 71 /* Protocol error */ -+#define EMULTIHOP 72 /* Multihop attempted */ -+#define EDOTDOT 73 /* RFS specific error */ -+#define EBADMSG 74 /* Not a data message */ -+#define EOVERFLOW 75 /* Value too large for defined data type */ -+#define ENOTUNIQ 76 /* Name not unique on network */ -+#define EBADFD 77 /* File descriptor in bad state */ -+#define EREMCHG 78 /* Remote address changed */ -+#define ELIBACC 79 /* Can not access a needed shared library */ -+#define ELIBBAD 80 /* Accessing a corrupted shared library */ -+#define ELIBSCN 81 /* .lib section in a.out corrupted */ -+#define ELIBMAX 82 /* Attempting to link in too many shared libraries */ -+#define ELIBEXEC 83 /* Cannot exec a shared library directly */ -+#define EILSEQ 84 /* Illegal byte sequence */ -+#define ERESTART 85 /* Interrupted system call should be restarted */ -+#define ESTRPIPE 86 /* Streams pipe error */ -+#define EUSERS 87 /* Too many users */ -+#define ENOTSOCK 88 /* Socket operation on non-socket */ -+#define EDESTADDRREQ 89 /* Destination address required */ -+#define EMSGSIZE 90 /* Message too long */ -+#define EPROTOTYPE 91 /* Protocol wrong type for socket */ -+#define ENOPROTOOPT 92 /* Protocol not available */ -+#define EPROTONOSUPPORT 93 /* Protocol not supported */ -+#define ESOCKTNOSUPPORT 94 /* Socket type not supported */ -+#define EOPNOTSUPP 95 /* Operation not supported on transport endpoint */ -+#define EPFNOSUPPORT 96 /* Protocol family not supported */ -+#define EAFNOSUPPORT 97 /* Address family not supported by protocol */ -+#define EADDRINUSE 98 /* Address already in use */ -+#define EADDRNOTAVAIL 99 /* Cannot assign requested address */ -+#define ENETDOWN 100 /* Network is down */ -+#define ENETUNREACH 101 /* Network is unreachable */ -+#define ENETRESET 102 /* Network dropped connection because of reset */ -+#define ECONNABORTED 103 /* Software caused connection abort */ -+#define ECONNRESET 104 /* Connection reset by peer */ -+#define ENOBUFS 105 /* No buffer space available */ -+#define EISCONN 106 /* Transport endpoint is already connected */ -+#define ENOTCONN 107 /* Transport endpoint is not connected */ -+#define ESHUTDOWN 108 /* Cannot send after transport endpoint shutdown */ -+#define ETOOMANYREFS 109 /* Too many references: cannot splice */ -+#define ETIMEDOUT 110 /* Connection timed out */ -+#define ECONNREFUSED 111 /* Connection refused */ -+#define EHOSTDOWN 112 /* Host is down */ -+#define EHOSTUNREACH 113 /* No route to host */ -+#define EALREADY 114 /* Operation already in progress */ -+#define EINPROGRESS 115 /* Operation now in progress */ -+#define ESTALE 116 /* Stale NFS file handle */ -+#define EUCLEAN 117 /* Structure needs cleaning */ -+#define ENOTNAM 118 /* Not a XENIX named type file */ -+#define ENAVAIL 119 /* No XENIX semaphores available */ -+#define EISNAM 120 /* Is a named type file */ -+#define EREMOTEIO 121 /* Remote I/O error */ -+#define EDQUOT 122 /* Quota exceeded */ -+ -+#define ENOMEDIUM 123 /* No medium found */ -+#define EMEDIUMTYPE 124 /* Wrong medium type */ -+#define ECANCELED 125 /* Operation Canceled */ -+#define ENOKEY 126 /* Required key not available */ -+#define EKEYEXPIRED 127 /* Key has expired */ -+#define EKEYREVOKED 128 /* Key has been revoked */ -+#define EKEYREJECTED 129 /* Key was rejected by service */ -+ -+/* for robust mutexes */ -+#define EOWNERDEAD 130 /* Owner died */ -+#define ENOTRECOVERABLE 131 /* State not recoverable */ -+ -+#define ERFKILL 132 /* Operation not possible due to RF-kill */ -+ -+#endif diff --git a/src/patches/iptables-1.4.6-imq_test1.patch b/src/patches/iptables-1.4.6-imq_test1.patch deleted file mode 100644 index 2b4fb79..0000000 --- a/src/patches/iptables-1.4.6-imq_test1.patch +++ /dev/null @@ -1,126 +0,0 @@ -diff -Naurw iptables-1.4.1/extensions/.IMQ-testx iptables-1.4.1.imq/extensions/.IMQ-testx ---- iptables-1.4.1/extensions/.IMQ-testx 1969-12-31 21:00:00.000000000 -0300 -+++ iptables-1.4.1.imq/extensions/.IMQ-testx 2008-06-24 22:20:06.000000000 -0300 -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ -diff -Naurw iptables-1.4.1/extensions/libxt_IMQ.c iptables-1.4.1.imq/extensions/libxt_IMQ.c ---- iptables-1.4.1/extensions/libxt_IMQ.c 1969-12-31 21:00:00.000000000 -0300 -+++ iptables-1.4.1.imq/extensions/libxt_IMQ.c 2008-06-24 22:31:02.000000000 -0300 -@@ -0,0 +1,103 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n"); -+ -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' for --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV4, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+// void __attribute((constructor)) nf_ext_init(void){ -+void _init(void){ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} ---- iptables-1.4.1.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.1.1.new/include/linux/netfilter/xt_IMQ.h 2008-08-05 00:41:28.000000000 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch b/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch deleted file mode 100644 index 68e44b1..0000000 --- a/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch +++ /dev/null @@ -1,481 +0,0 @@ -diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test ---- iptables-1.4.6.org/extensions/.ipp2p-test 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.4.6/extensions/.ipp2p-test 2010-02-13 20:02:52.000000000 +0100 -@@ -0,0 +1,2 @@ -+#! /bin/sh -+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p -diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c ---- iptables-1.4.6.org/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.4.6/extensions/libipt_ipp2p.c 2010-02-13 20:02:52.000000000 +0100 -@@ -0,0 +1,424 @@ -+#include <stdio.h> -+#include <netdb.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+#include <ctype.h> -+ -+#include <iptables.h> -+ -+#include <linux/netfilter_ipv4/ipt_ipp2p.h> -+ -+#ifndef XTABLES_VERSION -+#define XTABLES_VERSION IPTABLES_VERSION -+#endif -+ -+#ifdef IPT_LIB_DIR -+#define xtables_target iptables_target -+#define xtables_register_target register_target -+#endif -+ -+static void -+help(void) -+{ -+ printf( -+ "IPP2P v%s options:\n" -+ " --ipp2p Grab all known p2p packets\n" -+ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n" -+ " --dc [TCP] All known Direct Connect packets\n" -+ " --kazaa [TCP&UDP] All known KaZaA packets\n" -+ " --gnu [TCP&UDP] All known Gnutella packets\n" -+ " --bit [TCP&UDP] All known BitTorrent packets\n" -+ " --apple [TCP] All known AppleJuice packets\n" -+ " --winmx [TCP] All known WinMX\n" -+ " --soul [TCP] All known SoulSeek\n" -+ " --ares [TCP] All known Ares\n\n" -+ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n" -+ " --mute [TCP] All known Mute packets\n" -+ " --waste [TCP] All known Waste packets\n" -+ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n" -+ " DEBUG SUPPPORT, use only if you know why\n" -+ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" -+ "\nNote that the follwing options will have the same meaning:\n" -+ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" -+ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" -+ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" -+ "\nSee README included with this package for more details or visit http://www.ipp2p.org%5Cn" -+ "\nExamples:\n" -+ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n" -+ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n" -+ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n" -+ , IPP2P_VERSION); -+} -+ -+static struct option opts[] = { -+ { "ipp2p", 0, 0, '1' }, -+ { "edk", 0, 0, '2' }, -+ { "dc", 0, 0, '7' }, -+ { "gnu", 0, 0, '9' }, -+ { "kazaa", 0, 0, 'a' }, -+ { "bit", 0, 0, 'b' }, -+ { "apple", 0, 0, 'c' }, -+ { "soul", 0, 0, 'd' }, -+ { "winmx", 0, 0, 'e' }, -+ { "ares", 0, 0, 'f' }, -+ { "mute", 0, 0, 'g' }, -+ { "waste", 0, 0, 'h' }, -+ { "xdcc", 0, 0, 'i' }, -+ { "debug", 0, 0, 'j' }, -+ {0} -+}; -+ -+ -+static void -+#ifdef _XTABLES_H -+init(struct xt_entry_match *m) -+#else -+init(struct ipt_entry_match *t, unsigned int *nfcache) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data; -+ -+#ifndef _XTABLES_H -+ *nfcache |= NFC_UNKNOWN; -+#endif -+ -+ /*init the module with default values*/ -+ info->cmd = 0; -+ info->debug = 0; -+ -+} -+ -+ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+#ifdef _XTABLES_H -+ const void *entry, struct xt_entry_match **match) -+#else -+ const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; -+ -+ switch (c) { -+ case '1': /*cmd: ipp2p*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified once!"); -+ -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!"); -+*/ -+ -+ if ((*flags) != 0) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += SHORT_HAND_IPP2P; -+ info->cmd = *flags; -+ break; -+ -+ case '2': /*cmd: edk*/ -+ if ((*flags & IPP2P_EDK) == IPP2P_EDK) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--edk' may only be " -+ "specified once"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_EDK; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '7': /*cmd: dc*/ -+ if ((*flags & IPP2P_DC) == IPP2P_DC) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--dc' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_DC; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '9': /*cmd: gnu*/ -+ if ((*flags & IPP2P_GNU) == IPP2P_GNU) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--gnu' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_GNU; -+ info->cmd = *flags; -+ break; -+ -+ case 'a': /*cmd: kazaa*/ -+ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--kazaa' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_KAZAA; -+ info->cmd = *flags; -+ break; -+ -+ case 'b': /*cmd: bit*/ -+ if ((*flags & IPP2P_BIT) == IPP2P_BIT) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--bit' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_BIT; -+ info->cmd = *flags; -+ break; -+ -+ case 'c': /*cmd: apple*/ -+ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--apple' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_APPLE; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'd': /*cmd: soul*/ -+ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--soul' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_SOUL; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'e': /*cmd: winmx*/ -+ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--winmx' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WINMX; -+ info->cmd = *flags; -+ break; -+ -+ case 'f': /*cmd: ares*/ -+ if ((*flags & IPP2P_ARES) == IPP2P_ARES) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_ARES; -+ info->cmd = *flags; -+ break; -+ -+ case 'g': /*cmd: mute*/ -+ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--mute' may only be " -+ "specified once!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_MUTE; -+ info->cmd = *flags; -+ break; -+ case 'h': /*cmd: waste*/ -+ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--waste' may only be " -+ "specified once!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WASTE; -+ info->cmd = *flags; -+ break; -+ case 'i': /*cmd: xdcc*/ -+ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC) -+ xtables_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_XDCC; -+ info->cmd = *flags; -+ break; -+ -+ case 'j': /*cmd: debug*/ -+ if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ info->debug = 1; -+ break; -+ -+ default: -+// xtables_error(PARAMETER_PROBLEM, -+// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+ return 0; -+ } -+ return 1; -+} -+ -+ -+static void -+final_check(unsigned int flags) -+{ -+ if (!flags) -+ xtables_error(PARAMETER_PROBLEM, -+ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+} -+ -+static void -+#ifdef _XTABLES_H -+print(const void *ip, -+ const struct xt_entry_match *match, -+#else -+print(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match, -+#endif -+ int numeric) -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ printf("ipp2p v%s", IPP2P_VERSION); -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p"); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data"); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa"); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data"); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data"); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data"); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data"); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc"); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit"); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple"); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul"); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx"); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares"); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf(" --debug"); -+ printf(" "); -+} -+ -+static void -+#ifdef _XTABLES_H -+save(const void *ip, -+ const struct xt_entry_match *match) -+#else -+save(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p "); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data "); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa "); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data "); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data "); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu "); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk "); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data "); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data "); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc "); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit "); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple "); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul "); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx "); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares "); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf("--debug "); -+} -+ -+ -+static -+struct xtables_match ipp2p= -+{ -+ .next = NULL, -+ .name = "ipp2p", -+ .version = XTABLES_VERSION, -+ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .help = &help, -+ .init = &init, -+ .parse = &parse, -+ .final_check = &final_check, -+ .print = &print, -+ .save = &save, -+ .extra_opts = opts -+}; -+ -+ -+ -+void _init(void) -+{ -+ xtables_register_match(&ipp2p); -+} -+ -diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man ---- iptables-1.4.6.org/extensions/libipt_ipp2p.man 1970-01-01 01:00:00.000000000 +0100 -+++ iptables-1.4.6/extensions/libipt_ipp2p.man 2010-02-13 20:02:52.000000000 +0100 -@@ -0,0 +1,43 @@ -+This module matches certain packets in P2P flows. It is not -+designed to match all packets belonging to a P2P connection - -+use IPP2P together with CONNMARK for this purpose. Also visit -+http://www.ipp2p.org for detailed information. -+ -+Use it together with -p tcp or -p udp to search these protocols -+only or without -p switch to search packets of both protocols. -+ -+IPP2P provides the following options: -+.TP -+.B "--edk " -+Matches as many eDonkey/eMule packets as possible. -+.TP -+.B "--kazaa " -+Matches as many KaZaA packets as possible. -+.TP -+.B "--gnu " -+Matches as many Gnutella packets as possible. -+.TP -+.B "--dc " -+Matches as many Direct Connect packets as possible. -+.TP -+.B "--bit " -+Matches BitTorrent packets. -+.TP -+.B "--apple " -+Matches AppleJuice packets. -+.TP -+.B "--soul " -+Matches some SoulSeek packets. Considered as beta, use careful! -+.TP -+.B "--winmx " -+Matches some WinMX packets. Considered as beta, use careful! -+.TP -+.B "--ares " -+Matches Ares and AresLite packets. Use together with -j DROP only. -+.TP -+.B "--ipp2p " -+Short hand for: --edk --kazaa --gnu --dc -+.TP -+.B "--debug " -+Prints some information about each hit into kernel logfile. May -+produce huge logfiles so beware! diff --git a/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch b/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch new file mode 100644 index 0000000..8c33222 --- /dev/null +++ b/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch @@ -0,0 +1,47 @@ +diff -Naur miniupnpd-1.4.org/netfilter/iptcrdr.c miniupnpd-1.4/netfilter/iptcrdr.c +--- miniupnpd-1.4.org/netfilter/iptcrdr.c 2009-10-10 21:19:41.000000000 +0200 ++++ miniupnpd-1.4/netfilter/iptcrdr.c 2012-07-29 16:09:42.640363971 +0200 +@@ -443,8 +443,8 @@ + struct ipt_entry_match *match; + struct ipt_tcp * tcpinfo; + size_t size; +- size = IPT_ALIGN(sizeof(struct ipt_entry_match)) +- + IPT_ALIGN(sizeof(struct ipt_tcp)); ++ size = XT_ALIGN(sizeof(struct ipt_entry_match)) ++ + XT_ALIGN(sizeof(struct ipt_tcp)); + match = calloc(1, size); + match->u.match_size = size; + strncpy(match->u.user.name, "tcp", IPT_FUNCTION_MAXNAMELEN); +@@ -462,8 +462,8 @@ + struct ipt_entry_match *match; + struct ipt_udp * udpinfo; + size_t size; +- size = IPT_ALIGN(sizeof(struct ipt_entry_match)) +- + IPT_ALIGN(sizeof(struct ipt_udp)); ++ size = XT_ALIGN(sizeof(struct ipt_entry_match)) ++ + XT_ALIGN(sizeof(struct ipt_udp)); + match = calloc(1, size); + match->u.match_size = size; + strncpy(match->u.user.name, "udp", IPT_FUNCTION_MAXNAMELEN); +@@ -483,8 +483,8 @@ + struct ip_nat_range * range; + size_t size; + +- size = IPT_ALIGN(sizeof(struct ipt_entry_target)) +- + IPT_ALIGN(sizeof(struct ip_nat_multi_range)); ++ size = XT_ALIGN(sizeof(struct ipt_entry_target)) ++ + XT_ALIGN(sizeof(struct ip_nat_multi_range)); + target = calloc(1, size); + target->u.target_size = size; + strncpy(target->u.user.name, "DNAT", IPT_FUNCTION_MAXNAMELEN); +@@ -614,8 +614,8 @@ + { + struct ipt_entry_target * target = NULL; + size_t size; +- size = IPT_ALIGN(sizeof(struct ipt_entry_target)) +- + IPT_ALIGN(sizeof(int)); ++ size = XT_ALIGN(sizeof(struct ipt_entry_target)) ++ + XT_ALIGN(sizeof(int)); + target = calloc(1, size); + target->u.user.target_size = size; + strncpy(target->u.user.name, "ACCEPT", IPT_FUNCTION_MAXNAMELEN);
hooks/post-receive -- IPFire 2.x development tree