summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/network/utils/ipset/Makefile82
-rw-r--r--package/network/utils/ipset/patches/100-export.h.patch20
-rw-r--r--package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch22
-rw-r--r--package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch29
4 files changed, 153 insertions, 0 deletions
diff --git a/package/network/utils/ipset/Makefile b/package/network/utils/ipset/Makefile
new file mode 100644
index 0000000..874f160
--- /dev/null
+++ b/package/network/utils/ipset/Makefile
@@ -0,0 +1,82 @@
+
+# Copyright (C) 2009-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+#
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipset
+PKG_VERSION:=6.11
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://ipset.netfilter.org
+PKG_MD5SUM:=bfcc92e30a0fcf10ae6e7c4affa03c84
+
+PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipset/Default
+ DEPENDS:= @(!(TARGET_ps3||TARGET_pxcab)||BROKEN)
+endef
+
+define Package/ipset
+$(call Package/ipset/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS+= +iptables-mod-ipset +kmod-ipt-ipset +libmnl
+ TITLE:=IPset administration utility
+ URL:=http://ipset.netfilter.org/
+endef
+
+CONFIGURE_ARGS += \
+ --with-kbuild="$(LINUX_DIR)"
+
+MAKE_FLAGS += \
+ ARCH="$(LINUX_KARCH)"
+
+IPSET_MODULES:= \
+ ipset/ip_set \
+ ipset/ip_set_bitmap_ip \
+ ipset/ip_set_bitmap_ipmac \
+ ipset/ip_set_bitmap_port \
+ ipset/ip_set_hash_ip \
+ ipset/ip_set_hash_ipport \
+ ipset/ip_set_hash_ipportip \
+ ipset/ip_set_hash_ipportnet \
+ ipset/ip_set_hash_net \
+ ipset/ip_set_hash_netiface \
+ ipset/ip_set_hash_netport \
+ ipset/ip_set_list_set \
+ xt_set \
+
+define Build/Compile
+ $(call Build/Compile/Default)
+ $(call Build/Compile/Default,modules)
+endef
+
+define Package/ipset/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipset $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipset*.so* $(1)/usr/lib/
+endef
+
+define KernelPackage/ipt-ipset
+$(call Package/ipset/Default)
+ SUBMENU:=Netfilter Extensions
+ TITLE:=IPset netfilter modules
+ DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
+ FILES:=$(foreach mod,$(IPSET_MODULES),$(PKG_BUILD_DIR)/kernel/net/netfilter/$(mod).ko)
+ AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
+endef
+
+$(eval $(call BuildPackage,ipset))
+$(eval $(call KernelPackage,ipt-ipset))
diff --git a/package/network/utils/ipset/patches/100-export.h.patch b/package/network/utils/ipset/patches/100-export.h.patch
new file mode 100644
index 0000000..d8a9ca2
--- /dev/null
+++ b/package/network/utils/ipset/patches/100-export.h.patch
@@ -0,0 +1,20 @@
+--- a/kernel/net/netfilter/ipset/ip_set_getport.c
++++ b/kernel/net/netfilter/ipset/ip_set_getport.c
+@@ -8,7 +8,7 @@
+ /* Get Layer-4 data from the packets */
+
+ #include <linux/version.h>
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
+ #include <linux/export.h>
+ #endif
+ #include <linux/ip.h>
+--- a/kernel/net/netfilter/ipset/pfxlen.c
++++ b/kernel/net/netfilter/ipset/pfxlen.c
+@@ -1,5 +1,5 @@
+ #include <linux/version.h>
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
+ #include <linux/export.h>
+ #endif
+ #include <linux/netfilter/ipset/pfxlen.h>
diff --git a/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch
new file mode 100644
index 0000000..82a680f
--- /dev/null
+++ b/package/network/utils/ipset/patches/200-remove-ipv6_addr_copy.patch
@@ -0,0 +1,22 @@
+--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c
++++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i
+ static inline void
+ hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src)
+ {
+- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6);
++ dst->ip.in6 = src->ip.in6;
+ }
+
+ static inline void
+--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
++++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
+@@ -295,7 +295,7 @@ static inline void
+ hash_net6_data_copy(struct hash_net6_elem *dst,
+ const struct hash_net6_elem *src)
+ {
+- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6);
++ dst->ip.in6 = src->ip.in6;
+ dst->cidr = src->cidr;
+ dst->nomatch = src->nomatch;
+ }
diff --git a/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch
new file mode 100644
index 0000000..aaecc79
--- /dev/null
+++ b/package/network/utils/ipset/patches/210-fix-ipv6_skip_exthdr.patch
@@ -0,0 +1,29 @@
+--- a/kernel/net/netfilter/ipset/ip_set_getport.c
++++ b/kernel/net/netfilter/ipset/ip_set_getport.c
+@@ -113,6 +113,17 @@ ip_set_get_ip4_port(const struct sk_buff
+ EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);
+
+ #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
++static int ip_set_skip_exthdr(const struct sk_buff *skb, int start,
++ u8 *nexthdrp)
++{
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0)
++ __be16 fragoff;
++ return ipv6_skip_exthdr(skb, start, nexthdrp, &fragoff);
++#else
++ return ipv6_skip_exthdr(skb, start, nexthdrp);
++#endif
++}
++
+ bool
+ ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
+ __be16 *port, u8 *proto)
+@@ -121,7 +132,7 @@ ip_set_get_ip6_port(const struct sk_buff
+ u8 nexthdr;
+
+ nexthdr = ipv6_hdr(skb)->nexthdr;
+- protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
++ protoff = ip_set_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
+ if (protoff < 0)
+ return false;
+