From 3349cf269125525480485ee40bf30d7f0c8ae17a Mon Sep 17 00:00:00 2001 From: Gabor Juhos Date: Thu, 3 May 2012 09:43:10 +0000 Subject: [PATCH] Fix iptables abuse of kernel header files. Use exported headers instead. [juhosg: export xt_layer7.h for all kernel versions] Signed-off-by: David Woodhouse SVN-Revision: 31566 --- include/kernel-defaults.mk | 1 + package/iptables/Makefile | 8 ++++---- .../patches-2.6.32/100-netfilter_layer7_2.21.patch | 10 ++++++++++ .../patches-2.6.37/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-2.6.38/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-2.6.39/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-3.0/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-3.1/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-3.2/600-netfilter_layer7_2.22.patch | 10 ++++++++++ .../patches-3.3/600-netfilter_layer7_2.22.patch | 10 ++++++++++ 10 files changed, 85 insertions(+), 4 deletions(-) diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk index 0c188502fc..f55ea8a844 100644 --- a/include/kernel-defaults.mk +++ b/include/kernel-defaults.mk @@ -106,6 +106,7 @@ define Kernel/Configure/Default $(call Kernel/SetInitramfs) -$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts rm -rf $(KERNEL_BUILD_DIR)/modules + $(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install $(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic endef diff --git a/package/iptables/Makefile b/package/iptables/Makefile index 026df266ba..ff7d428215 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -343,26 +343,26 @@ endef TARGET_CPPFLAGS := \ -I$(PKG_BUILD_DIR)/include \ - -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \ + -I$(LINUX_DIR)/user_headers/include \ $(TARGET_CPPFLAGS) TARGET_CFLAGS += \ -I$(PKG_BUILD_DIR)/include \ - -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include + -I$(LINUX_DIR)/user_headers/include CONFIGURE_ARGS += \ --enable-shared \ --enable-devel \ $(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \ --enable-libipq \ - --with-kernel="$(LINUX_DIR)" \ + --with-kernel="$(LINUX_DIR)/user_headers" \ --with-xtlibdir=/usr/lib/iptables \ --enable-static MAKE_FLAGS := \ $(TARGET_CONFIGURE_OPTS) \ COPT_FLAGS="$(TARGET_CFLAGS)" \ - KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \ + KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \ KBUILD_OUTPUT="$(LINUX_DIR)" \ BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))" diff --git a/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch b/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch index de9c63c357..00b6d480be 100644 --- a/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch +++ b/target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch @@ -2130,3 +2130,13 @@ + +module_init(xt_layer7_init); +module_exit(xt_layer7_fini); +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch index 8a66cab18e..a32169d49f 100644 --- a/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch index 8a66cab18e..a32169d49f 100644 --- a/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch index 87c2e1fc2e..4df080c3d0 100644 --- a/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch index 389152b4dc..8d2bce2d42 100644 --- a/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch index 389152b4dc..8d2bce2d42 100644 --- a/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch index d62eb37572..b3d6bca0f0 100644 --- a/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h diff --git a/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch b/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch index fe74ae7f51..f3055590ab 100644 --- a/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch +++ b/target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch @@ -2130,3 +2130,13 @@ +}; + +#endif /* _XT_LAYER7_H */ +--- a/include/linux/netfilter/Kbuild ++++ b/include/linux/netfilter/Kbuild +@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h + header-y += xt_helper.h + header-y += xt_iprange.h + header-y += xt_ipvs.h ++header-y += xt_layer7.h + header-y += xt_length.h + header-y += xt_limit.h + header-y += xt_mac.h -- 2.25.1