summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-02-19 21:25:40 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-02-19 21:25:40 +0000
commit2a473ebe19c315691118f66e0f64617884f5a3f6 (patch)
treef420a9578287590d0fc6d9d86a2d4eaf4dd6b402
parent046caa7e25915218e9a54f3fa5faac16d6f14d36 (diff)
downloadmtk-20170518-2a473ebe19c315691118f66e0f64617884f5a3f6.zip
mtk-20170518-2a473ebe19c315691118f66e0f64617884f5a3f6.tar.gz
mtk-20170518-2a473ebe19c315691118f66e0f64617884f5a3f6.tar.bz2
iptables: fix multiport match for brcm-2.4 Since the netfilter framework in Linux 2.4 lacks support for target and match revisioning, iptables falls back to the v0 implementation of multiport while only v1 is implemented on the kernel side, leading to an invalid argument error when trying to insert rules using multiport. This patch removes v0 support from the userspace match library to enforce the usage of the v1 match implementation.
SVN-Revision: 19761
-rw-r--r--package/iptables/patches/010-multiport-linux-2.4-compat.patch265
1 files changed, 265 insertions, 0 deletions
diff --git a/package/iptables/patches/010-multiport-linux-2.4-compat.patch b/package/iptables/patches/010-multiport-linux-2.4-compat.patch
new file mode 100644
index 0000000..7233d3a
--- /dev/null
+++ b/package/iptables/patches/010-multiport-linux-2.4-compat.patch
@@ -0,0 +1,265 @@
+--- a/extensions/libxt_multiport.c
++++ b/extensions/libxt_multiport.c
+@@ -14,21 +14,6 @@
+ #include <linux/netfilter/xt_multiport.h>
+
+ /* Function which prints out usage message. */
+-static void multiport_help(void)
+-{
+- printf(
+-"multiport match options:\n"
+-" --source-ports port[,port,port...]\n"
+-" --sports ...\n"
+-" match source port(s)\n"
+-" --destination-ports port[,port,port...]\n"
+-" --dports ...\n"
+-" match destination port(s)\n"
+-" --ports port[,port,port]\n"
+-" match both source and destination port(s)\n"
+-" NOTE: this kernel does not support port ranges in multiport.\n");
+-}
+-
+ static void multiport_help_v1(void)
+ {
+ printf(
+@@ -71,26 +56,6 @@
+ }
+ }
+
+-static unsigned int
+-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+-{
+- char *buffer, *cp, *next;
+- unsigned int i;
+-
+- buffer = strdup(portstring);
+- if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
+-
+- for (cp=buffer, i=0; cp && i<XT_MULTI_PORTS; cp=next,i++)
+- {
+- next=strchr(cp, ',');
+- if (next) *next++='\0';
+- ports[i] = xtables_parse_port(cp, proto);
+- }
+- if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
+- free(buffer);
+- return i;
+-}
+-
+ static void
+ parse_multi_ports_v1(const char *portstring,
+ struct xt_multiport_v1 *multiinfo,
+@@ -154,73 +119,6 @@
+ /* Function which parses command options; returns true if it
+ ate an option */
+ static int
+-__multiport_parse(int c, char **argv, int invert, unsigned int *flags,
+- struct xt_entry_match **match, u_int16_t pnum,
+- u_int8_t invflags)
+-{
+- const char *proto;
+- struct xt_multiport *multiinfo
+- = (struct xt_multiport *)(*match)->data;
+-
+- switch (c) {
+- case '1':
+- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+- proto = check_proto(pnum, invflags);
+- multiinfo->count = parse_multi_ports(optarg,
+- multiinfo->ports, proto);
+- multiinfo->flags = XT_MULTIPORT_SOURCE;
+- break;
+-
+- case '2':
+- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+- proto = check_proto(pnum, invflags);
+- multiinfo->count = parse_multi_ports(optarg,
+- multiinfo->ports, proto);
+- multiinfo->flags = XT_MULTIPORT_DESTINATION;
+- break;
+-
+- case '3':
+- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+- proto = check_proto(pnum, invflags);
+- multiinfo->count = parse_multi_ports(optarg,
+- multiinfo->ports, proto);
+- multiinfo->flags = XT_MULTIPORT_EITHER;
+- break;
+-
+- default:
+- return 0;
+- }
+-
+- if (invert)
+- xtables_error(PARAMETER_PROBLEM,
+- "multiport does not support invert");
+-
+- if (*flags)
+- xtables_error(PARAMETER_PROBLEM,
+- "multiport can only have one option");
+- *flags = 1;
+- return 1;
+-}
+-
+-static int
+-multiport_parse(int c, char **argv, int invert, unsigned int *flags,
+- const void *e, struct xt_entry_match **match)
+-{
+- const struct ipt_entry *entry = e;
+- return __multiport_parse(c, argv, invert, flags, match,
+- entry->ip.proto, entry->ip.invflags);
+-}
+-
+-static int
+-multiport_parse6(int c, char **argv, int invert, unsigned int *flags,
+- const void *e, struct xt_entry_match **match)
+-{
+- const struct ip6t_entry *entry = e;
+- return __multiport_parse(c, argv, invert, flags, match,
+- entry->ipv6.proto, entry->ipv6.invflags);
+-}
+-
+-static int
+ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ struct xt_entry_match **match, u_int16_t pnum,
+ u_int8_t invflags)
+@@ -313,55 +211,6 @@
+ }
+
+ /* Prints out the matchinfo. */
+-static void
+-__multiport_print(const struct xt_entry_match *match, int numeric,
+- u_int16_t proto)
+-{
+- const struct xt_multiport *multiinfo
+- = (const struct xt_multiport *)match->data;
+- unsigned int i;
+-
+- printf("multiport ");
+-
+- switch (multiinfo->flags) {
+- case XT_MULTIPORT_SOURCE:
+- printf("sports ");
+- break;
+-
+- case XT_MULTIPORT_DESTINATION:
+- printf("dports ");
+- break;
+-
+- case XT_MULTIPORT_EITHER:
+- printf("ports ");
+- break;
+-
+- default:
+- printf("ERROR ");
+- break;
+- }
+-
+- for (i=0; i < multiinfo->count; i++) {
+- printf("%s", i ? "," : "");
+- print_port(multiinfo->ports[i], proto, numeric);
+- }
+- printf(" ");
+-}
+-
+-static void multiport_print(const void *ip_void,
+- const struct xt_entry_match *match, int numeric)
+-{
+- const struct ipt_ip *ip = ip_void;
+- __multiport_print(match, numeric, ip->proto);
+-}
+-
+-static void multiport_print6(const void *ip_void,
+- const struct xt_entry_match *match, int numeric)
+-{
+- const struct ip6t_ip6 *ip = ip_void;
+- __multiport_print(match, numeric, ip->proto);
+-}
+-
+ static void __multiport_print_v1(const struct xt_entry_match *match,
+ int numeric, u_int16_t proto)
+ {
+@@ -418,48 +267,6 @@
+ }
+
+ /* Saves the union ipt_matchinfo in parsable form to stdout. */
+-static void __multiport_save(const struct xt_entry_match *match,
+- u_int16_t proto)
+-{
+- const struct xt_multiport *multiinfo
+- = (const struct xt_multiport *)match->data;
+- unsigned int i;
+-
+- switch (multiinfo->flags) {
+- case XT_MULTIPORT_SOURCE:
+- printf("--sports ");
+- break;
+-
+- case XT_MULTIPORT_DESTINATION:
+- printf("--dports ");
+- break;
+-
+- case XT_MULTIPORT_EITHER:
+- printf("--ports ");
+- break;
+- }
+-
+- for (i=0; i < multiinfo->count; i++) {
+- printf("%s", i ? "," : "");
+- print_port(multiinfo->ports[i], proto, 1);
+- }
+- printf(" ");
+-}
+-
+-static void multiport_save(const void *ip_void,
+- const struct xt_entry_match *match)
+-{
+- const struct ipt_ip *ip = ip_void;
+- __multiport_save(match, ip->proto);
+-}
+-
+-static void multiport_save6(const void *ip_void,
+- const struct xt_entry_match *match)
+-{
+- const struct ip6t_ip6 *ip = ip_void;
+- __multiport_save(match, ip->proto);
+-}
+-
+ static void __multiport_save_v1(const struct xt_entry_match *match,
+ u_int16_t proto)
+ {
+@@ -513,34 +320,6 @@
+ {
+ .family = NFPROTO_IPV4,
+ .name = "multiport",
+- .revision = 0,
+- .version = XTABLES_VERSION,
+- .size = XT_ALIGN(sizeof(struct xt_multiport)),
+- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+- .help = multiport_help,
+- .parse = multiport_parse,
+- .final_check = multiport_check,
+- .print = multiport_print,
+- .save = multiport_save,
+- .extra_opts = multiport_opts,
+- },
+- {
+- .family = NFPROTO_IPV6,
+- .name = "multiport",
+- .revision = 0,
+- .version = XTABLES_VERSION,
+- .size = XT_ALIGN(sizeof(struct xt_multiport)),
+- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+- .help = multiport_help,
+- .parse = multiport_parse6,
+- .final_check = multiport_check,
+- .print = multiport_print6,
+- .save = multiport_save6,
+- .extra_opts = multiport_opts,
+- },
+- {
+- .family = NFPROTO_IPV4,
+- .name = "multiport",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),