xtables-addons: build version 2.0 for kernel 3.7 onwards

Version 2.0 of xtables-addons dropped support for all kernels older than
3.7. So we still need to build v1.x for older kernels. Keep a separate
patches directory for it, with almost all the same patches for now.

We can easily drop the 1.x build once we have more than two platforms
running 3.7.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/packages@34921 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/xtables-addons/Makefile

@@ -9,11 +9,18 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=xtables-addons
+ifeq ($(strip $(call CompareKernelPatchVer,$(KERNEL_PATCHVER),ge,3.7.0)),1)
+PKG_VERSION:=2.0
+PKG_RELEASE:=1
+PKG_MD5SUM:=26b1b1dbb4a8faff24597723ebde04c9
+else
 PKG_VERSION:=1.45
 PKG_RELEASE:=3
+PKG_MD5SUM:=802d2f556a5e545f44e4b69937bf8490
+PATCH_DIR:=./patches-1.x
+endif
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MD5SUM:=802d2f556a5e545f44e4b69937bf8490
 PKG_SOURCE_URL:=@SF/xtables-addons
 PKG_BUILD_DEPENDS:=iptables
 PKG_INSTALL:=1

net/xtables-addons/patches-1.x/001-no_depmod.patch

@@ -0,0 +1,16 @@
+---
+ Makefile.in |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -11,9 +11,6 @@ FORCE:
+ xtables-addons.8: FORCE
+ 	${MAKE} -f Makefile.mans all;
+ 
+-install-exec-hook:
+-	depmod -a || :;
+-
+ config.status: Makefile.iptrules.in
+ 
+ tmpdir := $(shell mktemp -dtu)

net/xtables-addons/patches-1.x/002-fix-kernel-version-detection.patch

@@ -0,0 +1,22 @@
+--- a/configure
++++ b/configure
+@@ -11780,7 +11780,7 @@ regular_CFLAGS="-Wall -Waggregate-return
+ if test -n "$kbuilddir"; then
+ 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel version that we will build against" >&5
+ $as_echo_n "checking kernel version that we will build against... " >&6; }
+-	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
++	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
+ 	kmajor="${krel%%[^0-9]*}";
+ 	kmajor="$(($kmajor+0))";
+ 	krel="${krel:${#kmajor}}";
+--- a/configure.ac
++++ b/configure.ac
+@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
+ 
+ if test -n "$kbuilddir"; then
+ 	AC_MSG_CHECKING([kernel version that we will build against])
+-	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease)";
++	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion)";
+ 	kmajor="${krel%%[[^0-9]]*}";
+ 	kmajor="$(($kmajor+0))";
+ 	krel="${krel:${#kmajor}}";

net/xtables-addons/patches-1.x/101-rtsp-linux-3.6-compat.patch

@@ -0,0 +1,22 @@
+--- a/extensions/rtsp/nf_conntrack_rtsp.c
++++ b/extensions/rtsp/nf_conntrack_rtsp.c
+@@ -28,6 +28,7 @@
+  * 			- Port to new NF API
+  */
+ 
++#include <linux/version.h>
+ #include <linux/module.h>
+ #include <linux/netfilter.h>
+ #include <linux/ip.h>
+@@ -496,7 +497,11 @@ init(void)
+ 		} else {
+ 			sprintf(tmpname, "rtsp-%d", i);
+ 		}
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0)
++		strncpy(hlpr->name, tmpname, sizeof(hlpr->name));
++#else
+ 		hlpr->name = tmpname;
++#endif
+ 
+ 		pr_debug("port #%d: %d\n", i, ports[i]);
+ 

net/xtables-addons/patches-1.x/201-fix-lua-packetscript.patch

@@ -0,0 +1,89 @@
+--- a/extensions/LUA/xt_LUA_target.c
++++ b/extensions/LUA/xt_LUA_target.c
+@@ -64,10 +64,10 @@ uint32_t  lua_state_refs[LUA_STATE_ARRAY
+  * XT_CONTINUE inside the *register_lua_packet_lib* function.
+  */
+ 
+-spinlock_t lock = SPIN_LOCK_UNLOCKED;
++DEFINE_SPINLOCK(lock);
+ 
+ static uint32_t 
+-lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
++lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
+ {
+ 	uint32_t  verdict;
+ 	lua_packet_segment *p;
+@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
+  * some workqueue initialization. So far this is done each time this function
+  * is called, subject to change.
+  */
+-static bool
++static int
+ lua_tg_checkentry(const struct xt_tgchk_param *par)
+ {
+ 	const struct xt_lua_tginfo *info = par->targinfo;
+ 
+ 	if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
+ 		lua_state_refs[info->state_id]++;
+-		return true;
++		return 0;
+ 	}
+-	return false;
++	return -EINVAL;
+ }
+ 
+ /*::*
+--- a/extensions/LUA/lua/llimits.h
++++ b/extensions/LUA/lua/llimits.h
+@@ -8,7 +8,6 @@
+ #define llimits_h
+ 
+ #include <stddef.h>
+-#include <limits.h>
+ 
+ #include "lua.h"
+ 
+--- a/extensions/LUA/lua/lapi.c
++++ b/extensions/LUA/lua/lapi.c
+@@ -4,9 +4,6 @@
+ ** See Copyright Notice in lua.h
+ */
+ 
+-#include <stdarg.h>
+-#include <math.h>
+-#include <assert.h>
+ #include <string.h>
+ 
+ #define lapi_c
+--- a/extensions/LUA/lua/ltable.c
++++ b/extensions/LUA/lua/ltable.c
+@@ -18,7 +18,6 @@
+ ** Hence even when the load factor reaches 100%, performance remains good.
+ */
+ 
+-#include <math.h>
+ #include <string.h>
+ 
+ #define ltable_c
+--- a/extensions/LUA/lua/luaconf.h
++++ b/extensions/LUA/lua/luaconf.h
+@@ -13,6 +13,10 @@
+ #if !defined(__KERNEL__)
+ #include <limits.h>
+ #else
++#undef UCHAR_MAX
++#undef SHRT_MAX
++#undef BUFSIZ
++#undef NO_FPU
+ #define UCHAR_MAX	255
+ #define SHRT_MAX        32767
+ #define BUFSIZ 		8192
+@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l; 
+ */
+ #if defined(__KERNEL__)
+ #undef LUA_USE_ULONGJMP
++#define setjmp __builtin_setjmp
++#define longjmp __builtin_longjmp
+ #endif
+ 
+ #if defined(__cplusplus)

net/xtables-addons/patches-1.x/300-geoip-endian-detection.patch

@@ -0,0 +1,18 @@
+--- a/extensions/libxt_geoip.c
++++ b/extensions/libxt_geoip.c
+@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
+ 
+ 	/* Use simple integer vector files */
+ 	if (nfproto == NFPROTO_IPV6) {
+-#if __BYTE_ORDER == _BIG_ENDIAN
++#if BYTE_ORDER == BIG_ENDIAN
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
+ #else
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
+ #endif
+ 	} else {
+-#if __BYTE_ORDER == _BIG_ENDIAN
++#if BYTE_ORDER == BIG_ENDIAN
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
+ #else
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);

net/xtables-addons/patches/102-rtsp-linux-3.7-compat.patch

@@ -0,0 +1,155 @@
+--- xtables-addons-2.0/extensions/rtsp/nf_conntrack_rtsp.c~	2012-12-20 00:08:48.000000000 +0000
++++ xtables-addons-2.0/extensions/rtsp/nf_conntrack_rtsp.c	2012-12-20 00:19:14.065730169 +0000
+@@ -73,7 +73,7 @@ static DEFINE_SPINLOCK(rtsp_buffer_lock)
+ static struct nf_conntrack_expect_policy rtsp_exp_policy; 
+ 
+ unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+-				 enum ip_conntrack_info ctinfo,
++				 enum ip_conntrack_info ctinfo, unsigned int protoff,
+ 				 unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp,
+ 				 struct nf_conntrack_expect *exp);
+ void (*nf_nat_rtsp_hook_expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
+@@ -269,7 +269,7 @@ void expected(struct nf_conn *ct, struct
+ 
+ static inline int
+ help_out(struct sk_buff *skb, unsigned char *rb_ptr, unsigned int datalen,
+-                struct nf_conn *ct, enum ip_conntrack_info ctinfo)
++	 struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int protoff)
+ {
+ 	struct ip_ct_rtsp_expect expinfo;
+ 	
+@@ -353,7 +353,7 @@ help_out(struct sk_buff *skb, unsigned c
+ 		nf_nat_rtsp = rcu_dereference(nf_nat_rtsp_hook);
+ 		if (nf_nat_rtsp && ct->status & IPS_NAT_MASK)
+ 			/* pass the request off to the nat helper */
+-			ret = nf_nat_rtsp(skb, ctinfo, hdrsoff, hdrslen, &expinfo, exp);
++			ret = nf_nat_rtsp(skb, ctinfo, protoff, hdrsoff, hdrslen, &expinfo, exp);
+ 		else if (nf_ct_expect_related(exp) != 0) {
+ 			pr_info("nf_conntrack_expect_related failed\n");
+ 			ret  = NF_DROP;
+@@ -420,7 +420,7 @@ static int help(struct sk_buff *skb, uns
+ 
+ 	switch (CTINFO2DIR(ctinfo)) {
+ 	case IP_CT_DIR_ORIGINAL:
+-		ret = help_out(skb, rb_ptr, datalen, ct, ctinfo);
++		ret = help_out(skb, rb_ptr, datalen, ct, ctinfo, protoff);
+ 		break;
+ 	case IP_CT_DIR_REPLY:
+ 		pr_debug("IP_CT_DIR_REPLY\n");
+--- xtables-addons-2.0/extensions/rtsp/nf_conntrack_rtsp.h~	2012-12-20 00:08:48.000000000 +0000
++++ xtables-addons-2.0/extensions/rtsp/nf_conntrack_rtsp.h	2012-12-20 00:16:50.868733345 +0000
+@@ -50,6 +50,7 @@ struct ip_ct_rtsp_expect
+ 
+ extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+ 				 enum ip_conntrack_info ctinfo,
++				 unsigned int protoff,
+ 				 unsigned int matchoff, unsigned int matchlen,
+ 				 struct ip_ct_rtsp_expect *prtspexp,
+ 				 struct nf_conntrack_expect *exp);
+--- xtables-addons-2.0/extensions/rtsp/nf_nat_rtsp.c~	2012-12-20 00:08:48.000000000 +0000
++++ xtables-addons-2.0/extensions/rtsp/nf_nat_rtsp.c	2012-12-20 00:29:32.311738640 +0000
+@@ -33,10 +33,10 @@
+ 
+ #include <linux/module.h>
+ #include <net/tcp.h>
++#include <net/netfilter/nf_conntrack_expect.h>
+ #include <net/netfilter/nf_nat_helper.h>
+-#include <net/netfilter/nf_nat_rule.h>
++#include <net/netfilter/nf_nat.h>
+ #include "nf_conntrack_rtsp.h"
+-#include <net/netfilter/nf_conntrack_expect.h>
+ 
+ #include <linux/inet.h>
+ #include <linux/ctype.h>
+@@ -105,8 +103,8 @@ get_skb_tcpdata(struct sk_buff* skb, cha
+ static int
+ rtsp_mangle_tran(enum ip_conntrack_info ctinfo,
+                  struct nf_conntrack_expect* exp,
+-								 struct ip_ct_rtsp_expect* prtspexp,
+-                 struct sk_buff* skb, uint tranoff, uint tranlen)
++		 struct ip_ct_rtsp_expect* prtspexp,
++                 struct sk_buff* skb, uint protoff, uint tranoff, uint tranlen)
+ {
+     char*       ptcp;
+     uint        tcplen;
+@@ -259,7 +257,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
+                 if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun))
+                 {
+                     diff = nextfieldoff-off;
+-                    if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
++                    if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
+                                                          off, diff, NULL, 0))
+                     {
+                         /* mangle failed, all we can do is bail */
+@@ -329,7 +327,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
+                      * parameter 4 below is offset from start of tcp data.
+                      */
+                     diff = origlen-rbuflen;
+-                    if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
++                    if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
+                                               origoff, origlen, rbuf, rbuflen))
+                     {
+                         /* mangle failed, all we can do is bail */
+@@ -354,7 +352,7 @@ rtsp_mangle_tran(enum ip_conntrack_info
+ }
+ 
+ static uint
+-help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
++help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo, unsigned int protoff,
+ 	 unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp, 
+ 	 struct nf_conntrack_expect* exp)
+ {
+@@ -392,7 +390,7 @@ help_out(struct sk_buff *skb, enum ip_co
+         {
+             uint oldtcplen = tcplen;
+ 	    pr_debug("hdr: Transport\n");
+-            if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, lineoff, linelen))
++            if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, protoff, lineoff, linelen))
+             {
+ 		pr_debug("hdr: Transport mangle failed");
+                 break;
+@@ -410,7 +408,7 @@ help_out(struct sk_buff *skb, enum ip_co
+ }
+ 
+ static unsigned int
+-help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, 
++help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, unsigned int protoff,
+      unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
+      struct nf_conntrack_expect* exp)
+ {
+@@ -420,7 +418,7 @@ help(struct sk_buff *skb, enum ip_conntr
+     switch (dir)
+     {
+     case IP_CT_DIR_ORIGINAL:
+-        rc = help_out(skb, ctinfo, matchoff, matchlen, prtspexp, exp);
++	    rc = help_out(skb, ctinfo, protoff, matchoff, matchlen, prtspexp, exp);
+         break;
+     case IP_CT_DIR_REPLY:
+ 	pr_debug("unmangle ! %u\n", ctinfo);
+@@ -435,7 +433,7 @@ help(struct sk_buff *skb, enum ip_conntr
+ 
+ static void expected(struct nf_conn* ct, struct nf_conntrack_expect *exp)
+ {
+-    struct nf_nat_ipv4_multi_range_compat mr;
++    struct nf_nat_range nr;
+     u_int32_t newdstip, newsrcip, newip;
+ 
+     struct nf_conn *master = ct->master;
+@@ -449,12 +447,13 @@ static void expected(struct nf_conn* ct,
+     pr_debug("newsrcip=%pI4, newdstip=%pI4, newip=%pI4\n",
+            &newsrcip, &newdstip, &newip);
+ 
+-    mr.rangesize = 1;
++    memset(&nr, 0, sizeof(nr));
++
+     // We don't want to manip the per-protocol, just the IPs. 
+-    mr.range[0].flags = NF_NAT_RANGE_MAP_IPS;
+-    mr.range[0].min_ip = mr.range[0].max_ip = newip;
++    nr.flags = NF_NAT_RANGE_MAP_IPS;
++    nr.min_addr.ip = nr.max_addr.ip = newip;
+ 
+-    nf_nat_setup_info(ct, &mr.range[0], NF_NAT_MANIP_DST);
++    nf_nat_setup_info(ct, &nr, NF_NAT_MANIP_DST);
+ }
+ 
+ 

net/xtables-addons/patches/110-dnetmap-linux-3.7.patch

@@ -0,0 +1,22 @@
+--- xtables-addons-2.0/extensions/xt_DNETMAP.c~	2012-11-12 18:03:51.000000000 +0000
++++ xtables-addons-2.0/extensions/xt_DNETMAP.c	2012-12-20 00:06:10.656675731 +0000
+@@ -27,7 +27,7 @@
+ #include <linux/netfilter_ipv4.h>
+ #include <linux/netfilter/x_tables.h>
+ #include <linux/version.h>
+-#include <net/netfilter/nf_nat_rule.h>
++#include <net/netfilter/nf_nat.h>
+ #include <net/net_namespace.h>
+ #include <net/netns/generic.h>
+ #include <linux/netfilter/nf_nat.h>
+--- xtables-addons-2.0/mconfig	2012-12-20 00:55:11.445085492 +0000
++++ xtables-addons-2.0/mconfig~	2012-12-20 00:54:29.000000000 +0000
+@@ -4,7 +4,7 @@ build_ACCOUNT=m
+ build_CHAOS=m
+ build_DELUDE=m
+ build_DHCPMAC=m
+-build_DNETMAP=
++build_DNETMAP=m
+ build_ECHO=m
+ build_IPMARK=m
+ build_LOGMARK=m