Updated Layer7 filter

author Arne Fitzenreiter <arne_f@ipfire.org>

Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)
author Arne Fitzenreiter <arne_f@ipfire.org>
Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)
diff --git a/config/kernel/kernel.config.i586 b/config/kernel/kernel.config.i586

index 9552b4947d9f4afdac872e330f8f5eceaf6b93a9..389522bcd5cb3424e5b84f22aaefe1107b18fb02 100644 (file)
--- a/config/kernel/kernel.config.i586
+++ b/config/kernel/kernel.config.i586
@@ -1,7 +1,7 @@
  #
  # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.20.21-ipfire
-# Mon May 19 16:44:12 2008
+# Linux kernel version: 2.6.20.21
+# Tue May 20 18:00:30 2008
  #
  CONFIG_X86_32=y
  CONFIG_GENERIC_TIME=y
@@ -501,6 +501,8 @@ CONFIG_NETFILTER_XT_MATCH_QUOTA=m
  CONFIG_NETFILTER_XT_MATCH_REALM=m
  CONFIG_NETFILTER_XT_MATCH_SCTP=m
  CONFIG_NETFILTER_XT_MATCH_STATE=m
+CONFIG_NETFILTER_XT_MATCH_LAYER7=m
+# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set
  CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
  CONFIG_NETFILTER_XT_MATCH_STRING=m
  CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
@@ -662,7 +664,7 @@ CONFIG_GACT_PROB=y
  CONFIG_NET_ACT_MIRRED=m
  CONFIG_NET_ACT_IPT=m
  CONFIG_NET_ACT_PEDIT=m
-CONFIG_NET_ACT_SIMP=m
+# CONFIG_NET_ACT_SIMP is not set
  CONFIG_NET_CLS_IND=y
  CONFIG_NET_ESTIMATOR=y
  
diff --git a/config/kernel/kernel.config.i586.smp b/config/kernel/kernel.config.i586.smp

index 04be248da4c3c138bfbc610216fccd8013871504..0ae0cd971c9615973cef29ec74835a75fe3923ed 100644 (file)
--- a/config/kernel/kernel.config.i586.smp
+++ b/config/kernel/kernel.config.i586.smp
@@ -1,7 +1,7 @@
  #
  # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.20.21-ipfire
-# Mon May 19 16:45:16 2008
+# Linux kernel version: 2.6.20.21
+# Tue May 20 18:05:28 2008
  #
  CONFIG_X86_32=y
  CONFIG_GENERIC_TIME=y
@@ -503,6 +503,8 @@ CONFIG_NETFILTER_XT_MATCH_QUOTA=m
  CONFIG_NETFILTER_XT_MATCH_REALM=m
  CONFIG_NETFILTER_XT_MATCH_SCTP=m
  CONFIG_NETFILTER_XT_MATCH_STATE=m
+CONFIG_NETFILTER_XT_MATCH_LAYER7=m
+# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set
  CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
  CONFIG_NETFILTER_XT_MATCH_STRING=m
  CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
@@ -664,7 +666,7 @@ CONFIG_GACT_PROB=y
  CONFIG_NET_ACT_MIRRED=m
  CONFIG_NET_ACT_IPT=m
  CONFIG_NET_ACT_PEDIT=m
-CONFIG_NET_ACT_SIMP=m
+# CONFIG_NET_ACT_SIMP is not set
  CONFIG_NET_CLS_IND=y
  CONFIG_NET_ESTIMATOR=y
  
diff --git a/lfs/iptables b/lfs/iptables

index de88dfa3d4e1731f2bea00bc6841142ed73887ed..f35e0be2cee661a04b1596e6ac2ca5d231b7c1a0 100644 (file)
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -36,17 +36,17 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
  # Top-level Rules
  ###############################################################################
  objects =      $(DL_FILE) \
-                       netfilter-layer7-v2.9.tar.gz \
+                       netfilter-layer7-v2.18.tar.gz \
                         libnfnetlink-0.0.25.tar.bz2 \
                         libnetfilter_queue-0.0.13.tar.bz2
  
  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-netfilter-layer7-v2.9.tar.gz   = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
+netfilter-layer7-v2.18.tar.gz          = $(URL_IPFIRE)/netfilter-layer7-v2.18.tar.gz
  libnfnetlink-0.0.25.tar.bz2            = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
  libnetfilter_queue-0.0.13.tar.bz2      = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
  
  $(DL_FILE)_MD5 = 0a9209f928002e5eee9cdff8fef4d4b3
-netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
+netfilter-layer7-v2.18.tar.gz_MD5 = 8d2e2c00f5c20e8c0852998035aeffd2
  libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
  libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
  
@@ -81,16 +81,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13
  
         @cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz
-       cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/iptables-layer7-2.9.patch
+       cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.18.tar.gz
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.18/iptables-1.3-for-kernel-2.6.20forward-layer7-2.18.patch
  
         cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.3.0-imq1.diff
         chmod +x $(DIR_APP)/extensions/.IMQ-test*  $(DIR_APP)/extensions/.layer7-test*
  
         # hack to disable IPv6 compilation as the configuration variable does not work when ip6.h is present
         cd $(DIR_APP) && sed -i -e 's/DO_IPV6:=1/DO_IPV6:=0/' Makefile
-       cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib $(MAKETUNING)
-       cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib install install-devel
+       cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man KERNEL_DIR=/usr/src/linux LIBDIR=/lib $(MAKETUNING)
+       cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man KERNEL_DIR=/usr/src/linux LIBDIR=/lib install install-devel
         cd $(DIR_APP) && cp -fva include/* /usr/include
         -mkdir /usr/include/libiptc
         cd $(DIR_APP) && cp -vf include/libiptc/{libiptc.h,ipt_kernel_headers.h} \
@@ -105,6 +105,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && ./configure --prefix=/usr
         cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make
         cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install
-
         @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13
         @$(POSTBUILD)
diff --git a/lfs/linux b/lfs/linux

index 8135ab436609816201f5feefcedf20daf72d4204..00e39e5df3cee721c139adad5ab28f223b5cf6be 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -51,14 +51,14 @@ objects =$(DL_FILE) \
         squashfs3.3.tgz \
         iptables-1.3.8.tar.bz2 \
         patch-o-matic-ng-20061210.tar.bz2 \
-       netfilter-layer7-v2.9.tar.gz \
+       netfilter-layer7-v2.18.tar.gz \
         patch-2.6.16-nath323-1.3.bz2 \
         openswan-2.4.12.tar.gz
  
  $(DL_FILE)                                                                                             = $(URL_IPFIRE)/$(DL_FILE)
  patch-o-matic-ng-20061210.tar.bz2      = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
  iptables-1.3.8.tar.bz2                 = $(URL_IPFIRE)/iptables-1.3.8.tar.bz2
-netfilter-layer7-v2.9.tar.gz           = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
+netfilter-layer7-v2.18.tar.gz          = $(URL_IPFIRE)/netfilter-layer7-v2.18.tar.gz
  patch-2.6.16-nath323-1.3.bz2           = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
  squashfs3.3.tgz                                = $(URL_IPFIRE)/squashfs3.3.tgz
  mISDN-1_1_5.tar.gz                     = $(URL_IPFIRE)/mISDN-1_1_5.tar.gz
@@ -67,7 +67,7 @@ openswan-2.4.12.tar.gz                        = $(URL_IPFIRE)/openswan-2.4.12.tar.gz
  $(DL_FILE)_MD5                                                                         = fbedc192e654735936cc780da8deeba4
  patch-o-matic-ng-20061210.tar.bz2_MD5  = 76edac76301b45f89e467b41c8cf4393
  iptables-1.3.8.tar.bz2_MD5             = 0a9209f928002e5eee9cdff8fef4d4b3
-netfilter-layer7-v2.9.tar.gz_MD5       = ebf9043a5352ebe6dbd721989ef83dee
+netfilter-layer7-v2.18.tar.gz_MD5      = 8d2e2c00f5c20e8c0852998035aeffd2
  patch-2.6.16-nath323-1.3.bz2_MD5       = f926409ff703a307baf54b57ab75d138
  squashfs3.3.tgz_MD5                    = 95c40fca0d886893631b5de14a0af25b
  mISDN-1_1_5.tar.gz_MD5                 = 93b1cff7817b82638a0475c2b7b7f1b6
@@ -139,9 +139,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         #               mms-conntrack-nat
  
         # Layer7-patch
-       cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.9
-       cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/kernel-2.6.18-2.6.19-layer7-2.9.patch
+       cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.18
+       cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.18.tar.gz
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.20-2.6.21-layer7-2.16.1.patch
  
         # Linux Intermediate Queueing Device
  ifeq "$(XEN)" ""
diff --git a/src/install+setup/install/main.c b/src/install+setup/install/main.c

index 7d2e573b6dc26c3219596e222bd3fc2d47768389..72af0ce59a620338904213e6ad67468b1197e245 100644 (file)
--- a/src/install+setup/install/main.c
+++ b/src/install+setup/install/main.c
@@ -501,6 +501,10 @@ int main(int argc, char *argv[])
                 replace("/harddisk/boot/grub/grub.conf", "MOUNT", "ro");
         }
  
+       /* Remove the ide hook if we install sda */
+       if ( scsi_disk==1 ) {
+         replace("/harddisk/etc/mkinitcpio.conf", " ide ", " ");
+       }
         /* Going to make our initrd... */
         snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitcpio -g /boot/ipfirerd.img -k %s-ipfire", KERNEL_VERSION);
         runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Tue, 20 May 2008 22:19:19 +0000 (00:19 +0200)
config/kernel/kernel.config.i586		patch \| blob \| blame \| history
config/kernel/kernel.config.i586.smp		patch \| blob \| blame \| history
lfs/iptables		patch \| blob \| blame \| history
lfs/linux		patch \| blob \| blame \| history
src/install+setup/install/main.c		patch \| blob \| blame \| history