1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 01:01:52 +02:00

package/iptables: update to iptables-1.4.10 & layer7_2.22. (partially closes #8369)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24345 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
acoul 2010-12-08 12:56:46 +00:00
parent 70a9f15283
commit 543491d603
5 changed files with 12 additions and 29 deletions

View File

@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables PKG_NAME:=iptables
PKG_VERSION:=1.4.9.1 PKG_VERSION:=1.4.10
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_MD5SUM:=fbadfb0b5f2dbda49e0ad06a798898e3 PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \ PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \

View File

@ -1,5 +1,5 @@
--- /dev/null --- /dev/null
+++ b/extensions/libxt_layer7.c +++ b/libxt_layer7.c
@@ -0,0 +1,368 @@ @@ -0,0 +1,368 @@
+/* +/*
+ Shared library add-on to iptables for layer 7 matching support. + Shared library add-on to iptables for layer 7 matching support.
@ -369,20 +369,3 @@
+{ +{
+ xtables_register_match(&layer7); + xtables_register_match(&layer7);
+} +}
--- /dev/null
+++ b/extensions/libxt_layer7.man
@@ -0,0 +1,14 @@
+This module matches packets based on the application layer data of
+their connections. It uses regular expression matching to compare
+the application layer data to regular expressions found it the layer7
+configuration files. This is an experimental module which can be found at
+http://l7-filter.sf.net. It takes two options.
+.TP
+.BI "--l7proto " "\fIprotocol\fP"
+Match the specified protocol. The protocol name must match a file
+name in /etc/l7-protocols/ or one of its first-level child directories.
+.TP
+.BI "--l7dir " "\fIdirectory\fP"
+Use \fIdirectory\fP instead of /etc/l7-protocols/. This option must be
+specified before --l7proto.
+

View File

@ -1,6 +1,6 @@
--- a/extensions/libxt_multiport.c --- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c
@@ -14,21 +14,6 @@ @@ -15,21 +15,6 @@
#include <linux/netfilter/xt_multiport.h> #include <linux/netfilter/xt_multiport.h>
/* Function which prints out usage message. */ /* Function which prints out usage message. */
@ -22,7 +22,7 @@
static void multiport_help_v1(void) static void multiport_help_v1(void)
{ {
printf( printf(
@@ -71,26 +56,6 @@ proto_to_name(u_int8_t proto) @@ -72,26 +57,6 @@ proto_to_name(u_int8_t proto)
} }
} }
@ -49,7 +49,7 @@
static void static void
parse_multi_ports_v1(const char *portstring, parse_multi_ports_v1(const char *portstring,
struct xt_multiport_v1 *multiinfo, struct xt_multiport_v1 *multiinfo,
@@ -154,73 +119,6 @@ check_proto(u_int16_t pnum, u_int8_t inv @@ -155,73 +120,6 @@ check_proto(u_int16_t pnum, u_int8_t inv
/* Function which parses command options; returns true if it /* Function which parses command options; returns true if it
ate an option */ ate an option */
static int static int
@ -123,7 +123,7 @@
__multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags, __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
struct xt_entry_match **match, u_int16_t pnum, struct xt_entry_match **match, u_int16_t pnum,
u_int8_t invflags) u_int8_t invflags)
@@ -313,55 +211,6 @@ print_port(u_int16_t port, u_int8_t prot @@ -314,55 +212,6 @@ print_port(u_int16_t port, u_int8_t prot
} }
/* Prints out the matchinfo. */ /* Prints out the matchinfo. */
@ -179,7 +179,7 @@
static void __multiport_print_v1(const struct xt_entry_match *match, static void __multiport_print_v1(const struct xt_entry_match *match,
int numeric, u_int16_t proto) int numeric, u_int16_t proto)
{ {
@@ -418,48 +267,6 @@ static void multiport_print6_v1(const vo @@ -419,48 +268,6 @@ static void multiport_print6_v1(const vo
} }
/* Saves the union ipt_matchinfo in parsable form to stdout. */ /* Saves the union ipt_matchinfo in parsable form to stdout. */
@ -228,7 +228,7 @@
static void __multiport_save_v1(const struct xt_entry_match *match, static void __multiport_save_v1(const struct xt_entry_match *match,
u_int16_t proto) u_int16_t proto)
{ {
@@ -513,34 +320,6 @@ static struct xtables_match multiport_mt @@ -514,34 +321,6 @@ static struct xtables_match multiport_mt
{ {
.family = NFPROTO_IPV4, .family = NFPROTO_IPV4,
.name = "multiport", .name = "multiport",

View File

@ -8,7 +8,7 @@
char *buf = NULL; char *buf = NULL;
char *argv[4]; char *argv[4];
int status; int status;
@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, @@ -348,6 +349,7 @@ int xtables_insmod(const char *modname,
free(buf); free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0; return 0;

View File

@ -1,6 +1,6 @@
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -10864,75 +10864,7 @@ $as_echo "no" >&6; } @@ -10917,75 +10917,7 @@ $as_echo "no" >&6; }
fi fi
fi fi
@ -79,7 +79,7 @@
else else
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -68,9 +68,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test @@ -79,9 +79,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])