From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 9 May 2019 17:16:20 +0000 (+0100)
Subject: iptables: Fix build without kernel source
X-Git-Tag: v2.23-core133~70^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3966b1e58fc31bcd1e1676145992286fc92d1b34;p=ipfire-2.x.git

iptables: Fix build without kernel source

The layer7 filter header files were not installed into /usr/include
and therefore we needed to keep the whole kernel source tree.

This is just a waste of space and this patch fixes this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/lfs/iptables b/lfs/iptables
index 17817a9ef4..3716d80624 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -84,7 +84,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
-		--with-ksource=/usr/src/linux \
 		--libdir=/lib \
 		--includedir=/usr/include \
 		--enable-libipq \
diff --git a/src/patches/linux/linux-4.14-layer7.patch b/src/patches/linux/linux-4.14-layer7.patch
index aef2456460..721a2b2401 100644
--- a/src/patches/linux/linux-4.14-layer7.patch
+++ b/src/patches/linux/linux-4.14-layer7.patch
@@ -1,27 +1,8 @@
-diff --git a/include/linux/netfilter/xt_layer7.h b/include/linux/netfilter/xt_layer7.h
-new file mode 100644
-index 0000000..147cd64
---- /dev/null
-+++ b/include/linux/netfilter/xt_layer7.h
-@@ -0,0 +1,13 @@
-+#ifndef _XT_LAYER7_H
-+#define _XT_LAYER7_H
-+
-+#define MAX_PATTERN_LEN 8192
-+#define MAX_PROTOCOL_LEN 256
-+
-+struct xt_layer7_info {
-+    char protocol[MAX_PROTOCOL_LEN];
-+    char pattern[MAX_PATTERN_LEN];
-+    u_int8_t invert;
-+};
-+
-+#endif /* _XT_LAYER7_H */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index d448a48..868a876 100644
+index 3172e14..798b8c9 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
-@@ -693,6 +693,9 @@ struct sk_buff {
+@@ -700,6 +700,9 @@ struct sk_buff {
  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  	unsigned long		 _nfct;
  #endif
@@ -59,6 +40,25 @@ index 792c3f6..f24a6ac 100644
  	/* Storage reserved for other modules, must be the last member */
  	union nf_conntrack_proto proto;
  };
+diff --git a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h
+new file mode 100644
+index 0000000..147cd64
+--- /dev/null
++++ b/include/uapi/linux/netfilter/xt_layer7.h
+@@ -0,0 +1,13 @@
++#ifndef _XT_LAYER7_H
++#define _XT_LAYER7_H
++
++#define MAX_PATTERN_LEN 8192
++#define MAX_PROTOCOL_LEN 256
++
++struct xt_layer7_info {
++    char protocol[MAX_PROTOCOL_LEN];
++    char pattern[MAX_PATTERN_LEN];
++    u_int8_t invert;
++};
++
++#endif /* _XT_LAYER7_H */
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
 index e4a13cc..0b0f501 100644
 --- a/net/netfilter/Kconfig
@@ -103,7 +103,7 @@ index f78ed24..268b7e7 100644
  obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 0113039..871eaa2 100644
+index 06520bf..0109de4 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
 @@ -427,6 +427,11 @@ destroy_conntrack(struct nf_conntrack *nfct)