diff options
Diffstat (limited to 'recipes/iptables')
-rw-r--r-- | recipes/iptables/files/compile.patch | 17 | ||||
-rw-r--r-- | recipes/iptables/files/getsockopt-failed.patch | 28 | ||||
-rw-r--r-- | recipes/iptables/files/iptables-use-s6_addr32.patch | 32 | ||||
-rw-r--r-- | recipes/iptables/iptables.inc | 33 | ||||
-rw-r--r-- | recipes/iptables/iptables_1.3.8.bb | 8 |
5 files changed, 118 insertions, 0 deletions
diff --git a/recipes/iptables/files/compile.patch b/recipes/iptables/files/compile.patch new file mode 100644 index 0000000000..76662d9748 --- /dev/null +++ b/recipes/iptables/files/compile.patch @@ -0,0 +1,17 @@ +Index: iptables-1.3.3/extensions/Makefile +=================================================================== +--- iptables-1.3.3.orig/extensions/Makefile ++++ iptables-1.3.3/extensions/Makefile +@@ -67,10 +67,10 @@ endif + + ifdef NO_SHARED_LIBS + extensions/libext.a: $(EXT_OBJS) +- rm -f $@; ar crv $@ $(EXT_OBJS) ++ rm -f $@; $(AR) crv $@ $(EXT_OBJS) + + extensions/libext6.a: $(EXT6_OBJS) +- rm -f $@; ar crv $@ $(EXT6_OBJS) ++ rm -f $@; $(AR) crv $@ $(EXT6_OBJS) + + extensions/initext.o: extensions/initext.c + extensions/initext6.o: extensions/initext6.c diff --git a/recipes/iptables/files/getsockopt-failed.patch b/recipes/iptables/files/getsockopt-failed.patch new file mode 100644 index 0000000000..bba9bdaafb --- /dev/null +++ b/recipes/iptables/files/getsockopt-failed.patch @@ -0,0 +1,28 @@ +This patch fixes an issue where iptables throws the following error: +"getsockopt failed strangely". This patch is taken from the netfilter +svn (and it's included in iptable 1.4.0rc1): + +http://svn.netfilter.org/cgi-bin/viewcvs.cgi?rev=6890&view=rev + +--- iptables/iptables.c 2007/04/30 00:01:39 6815 ++++ iptables/iptables.c 2007/06/26 15:29:45 6890 +@@ -1158,7 +1158,7 @@ + max_rev = getsockopt(sockfd, IPPROTO_IP, opt, &rev, &s); + if (max_rev < 0) { + /* Definitely don't support this? */ +- if (errno == EPROTONOSUPPORT) { ++ if (errno == ENOENT || errno == EPROTONOSUPPORT) { + close(sockfd); + return 0; + } else if (errno == ENOPROTOOPT) { +--- iptables/ip6tables.c 2007/06/25 14:55:18 6889 ++++ iptables/ip6tables.c 2007/06/26 15:29:45 6890 +@@ -1130,7 +1130,7 @@ + max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s); + if (max_rev < 0) { + /* Definitely don't support this? */ +- if (errno == EPROTONOSUPPORT) { ++ if (errno == ENOENT || errno == EPROTONOSUPPORT) { + close(sockfd); + return 0; + } else if (errno == ENOPROTOOPT) { diff --git a/recipes/iptables/files/iptables-use-s6_addr32.patch b/recipes/iptables/files/iptables-use-s6_addr32.patch new file mode 100644 index 0000000000..d3d215ba58 --- /dev/null +++ b/recipes/iptables/files/iptables-use-s6_addr32.patch @@ -0,0 +1,32 @@ +This patch fixes a compile error which is demonstrated with glibc/eglibc cvs +the union ip6_u has been renamed inside glibc header in.h here +http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/netinet/in.h.diff?r1=1.55&r2=1.56&cvsroot=glibc +We should be really using +the defines that are provided in inet/netinet/in.h to access the members instead. + +Index: iptables-1.3.8/ip6tables.c +=================================================================== +--- iptables-1.3.8.orig/ip6tables.c ++++ iptables-1.3.8/ip6tables.c +@@ -730,7 +730,7 @@ parse_hostnetworkmask(const char *name, + for (i = 0, j = 0; i < n; i++) { + int k; + for (k = 0; k < 4; k++) +- addrp[j].in6_u.u6_addr32[k] &= maskp->in6_u.u6_addr32[k]; ++ addrp[j].s6_addr32[k] &= maskp->s6_addr32[k]; + j++; + for (k = 0; k < j - 1; k++) { + if (IN6_ARE_ADDR_EQUAL(&addrp[k], &addrp[j - 1])) { +Index: iptables-1.3.8/libiptc/libip6tc.c +=================================================================== +--- iptables-1.3.8.orig/libiptc/libip6tc.c ++++ iptables-1.3.8/libiptc/libip6tc.c +@@ -113,7 +113,7 @@ typedef unsigned int socklen_t; + #include "libiptc.c" + + #define BIT6(a, l) \ +- ((ntohl(a->in6_u.u6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) ++ ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) + + int + ipv6_prefix_length(const struct in6_addr *a) diff --git a/recipes/iptables/iptables.inc b/recipes/iptables/iptables.inc new file mode 100644 index 0000000000..4868abb8ee --- /dev/null +++ b/recipes/iptables/iptables.inc @@ -0,0 +1,33 @@ +DESCRIPTION = "iptables network filtering tools" +HOMEPAGE = "http://www.netfilter.org/" +SECTION = "console/utils" +LICENSE = "GPL" + +SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2" +S = "${WORKDIR}/iptables-${PV}" + +PARALLEL_MAKE = "" + +export COPT_FLAGS = "${CFLAGS}" +export KERNEL_DIR = "${STAGING_INCDIR}" + +do_compile () { + unset CFLAGS + oe_runmake BINDIR=${D}${sbindir} LIBDIR=${D}${libdir} MANDIR=${D}${mandir} NO_SHARED_LIBS=1 +} + +do_install () { + unset CFLAGS + oe_runmake BINDIR=${D}${sbindir} LIBDIR=${D}${libdir} MANDIR=${D}${mandir} install NO_SHARED_LIBS=1 +} + +PACKAGES =+ "${PN}-utils" +FILES_${PN}-utils = "${sbindir}/iptables-save ${sbindir}/iptables-restore" +FILES_${PN}-doc += "${mandir}" + +RRECOMMENDS = "\ + kernel-module-ip-tables \ + kernel-module-iptable-nat \ + kernel-module-iptable-filter \ + kernel-module-ipt-masquerade \ +" diff --git a/recipes/iptables/iptables_1.3.8.bb b/recipes/iptables/iptables_1.3.8.bb new file mode 100644 index 0000000000..040be0643f --- /dev/null +++ b/recipes/iptables/iptables_1.3.8.bb @@ -0,0 +1,8 @@ +require iptables.inc +PR = "r4" + +SRC_URI += "\ + file://getsockopt-failed.patch;patch=1 \ + file://iptables-use-s6_addr32.patch;patch=1 \ +" + |