backport multiport stuff from 2.6 to 2.4 (disable rev0 support in iptables itself, only use the new stuff)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@3125 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/iptables/patches/04-multiport_v1.patch

@@ -0,0 +1,221 @@
+diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/libipt_multiport.c
+--- iptables.old/extensions/libipt_multiport.c	2005-02-19 20:19:17.000000000 +0100
++++ iptables.dev/extensions/libipt_multiport.c	2006-02-04 05:46:12.154127750 +0100
+@@ -8,24 +8,6 @@
+ /* To ensure that iptables compiles with an old kernel */
+ #include "../include/linux/netfilter_ipv4/ipt_multiport.h"
+ 
+-/* Function which prints out usage message. */
+-static void
+-help(void)
+-{
+-	printf(
+-"multiport v%s options:\n"
+-" --source-ports port[,port,port...]\n"
+-" --sports ...\n"
+-"				match source port(s)\n"
+-" --destination-ports port[,port,port...]\n"
+-" --dports ...\n"
+-"				match destination port(s)\n"
+-" --ports port[,port,port]\n"
+-"				match both source and destination port(s)\n"
+-" NOTE: this kernel does not support port ranges in multiport.\n",
+-IPTABLES_VERSION);
+-}
+-
+ static void
+ help_v1(void)
+ {
+@@ -75,26 +57,6 @@
+ 		   "invalid port/service `%s' specified", port);
+ }
+ 
+-static unsigned int
+-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+-{
+-	char *buffer, *cp, *next;
+-	unsigned int i;
+-
+-	buffer = strdup(portstring);
+-	if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+-
+-	for (cp=buffer, i=0; cp && i<IPT_MULTI_PORTS; cp=next,i++)
+-	{
+-		next=strchr(cp, ',');
+-		if (next) *next++='\0';
+-		ports[i] = parse_port(cp, proto);
+-	}
+-	if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
+-	free(buffer);
+-	return i;
+-}
+-
+ static void
+ parse_multi_ports_v1(const char *portstring, 
+ 		     struct ipt_multiport_v1 *multiinfo,
+@@ -160,58 +122,6 @@
+ 			   "multiport only works with TCP or UDP");
+ }
+ 
+-/* Function which parses command options; returns true if it
+-   ate an option */
+-static int
+-parse(int c, char **argv, int invert, unsigned int *flags,
+-      const struct ipt_entry *entry,
+-      unsigned int *nfcache,
+-      struct ipt_entry_match **match)
+-{
+-	const char *proto;
+-	struct ipt_multiport *multiinfo
+-		= (struct ipt_multiport *)(*match)->data;
+-
+-	switch (c) {
+-	case '1':
+-		check_inverse(argv[optind-1], &invert, &optind, 0);
+-		proto = check_proto(entry);
+-		multiinfo->count = parse_multi_ports(argv[optind-1],
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = IPT_MULTIPORT_SOURCE;
+-		break;
+-
+-	case '2':
+-		check_inverse(argv[optind-1], &invert, &optind, 0);
+-		proto = check_proto(entry);
+-		multiinfo->count = parse_multi_ports(argv[optind-1],
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = IPT_MULTIPORT_DESTINATION;
+-		break;
+-
+-	case '3':
+-		check_inverse(argv[optind-1], &invert, &optind, 0);
+-		proto = check_proto(entry);
+-		multiinfo->count = parse_multi_ports(argv[optind-1],
+-						     multiinfo->ports, proto);
+-		multiinfo->flags = IPT_MULTIPORT_EITHER;
+-		break;
+-
+-	default:
+-		return 0;
+-	}
+-
+-	if (invert)
+-		exit_error(PARAMETER_PROBLEM,
+-			   "multiport does not support invert");
+-
+-	if (*flags)
+-		exit_error(PARAMETER_PROBLEM,
+-			   "multiport can only have one option");
+-	*flags = 1;
+-	return 1;
+-}
+-
+ static int
+ parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ 	 const struct ipt_entry *entry,
+@@ -289,43 +199,6 @@
+ 		printf("%s", service);
+ }
+ 
+-/* Prints out the matchinfo. */
+-static void
+-print(const struct ipt_ip *ip,
+-      const struct ipt_entry_match *match,
+-      int numeric)
+-{
+-	const struct ipt_multiport *multiinfo
+-		= (const struct ipt_multiport *)match->data;
+-	unsigned int i;
+-
+-	printf("multiport ");
+-
+-	switch (multiinfo->flags) {
+-	case IPT_MULTIPORT_SOURCE:
+-		printf("sports ");
+-		break;
+-
+-	case IPT_MULTIPORT_DESTINATION:
+-		printf("dports ");
+-		break;
+-
+-	case IPT_MULTIPORT_EITHER:
+-		printf("ports ");
+-		break;
+-
+-	default:
+-		printf("ERROR ");
+-		break;
+-	}
+-
+-	for (i=0; i < multiinfo->count; i++) {
+-		printf("%s", i ? "," : "");
+-		print_port(multiinfo->ports[i], ip->proto, numeric);
+-	}
+-	printf(" ");
+-}
+-
+ static void
+ print_v1(const struct ipt_ip *ip,
+ 	 const struct ipt_entry_match *match,
+@@ -369,34 +242,6 @@
+ 	printf(" ");
+ }
+ 
+-/* Saves the union ipt_matchinfo in parsable form to stdout. */
+-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+-{
+-	const struct ipt_multiport *multiinfo
+-		= (const struct ipt_multiport *)match->data;
+-	unsigned int i;
+-
+-	switch (multiinfo->flags) {
+-	case IPT_MULTIPORT_SOURCE:
+-		printf("--sports ");
+-		break;
+-
+-	case IPT_MULTIPORT_DESTINATION:
+-		printf("--dports ");
+-		break;
+-
+-	case IPT_MULTIPORT_EITHER:
+-		printf("--ports ");
+-		break;
+-	}
+-
+-	for (i=0; i < multiinfo->count; i++) {
+-		printf("%s", i ? "," : "");
+-		print_port(multiinfo->ports[i], ip->proto, 1);
+-	}
+-	printf(" ");
+-}
+-
+ static void save_v1(const struct ipt_ip *ip, 
+ 		    const struct ipt_entry_match *match)
+ {
+@@ -432,19 +277,20 @@
+ 	printf(" ");
+ }
+ 
++
+ static struct iptables_match multiport = { 
+ 	.next		= NULL,
+ 	.name		= "multiport",
+-	.revision	= 0,
+ 	.version	= IPTABLES_VERSION,
+-	.size		= IPT_ALIGN(sizeof(struct ipt_multiport)),
+-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_multiport)),
+-	.help		= &help,
++	.revision	= 0,
++	.size		= IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
++	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
++	.help		= &help_v1,
+ 	.init		= &init,
+-	.parse		= &parse,
++	.parse		= &parse_v1,
+ 	.final_check	= &final_check,
+-	.print		= &print,
+-	.save		= &save,
++	.print		= &print_v1,
++	.save		= &save_v1,
+ 	.extra_opts	= opts
+ };
+