From dd46a3c51a866ef65b7a307493e9a608cbcb7ae3 Mon Sep 17 00:00:00 2001 From: ms Date: Sun, 4 Mar 2007 17:55:55 +0000 Subject: [PATCH] IPTables Update fuer den neuen Kernel. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@437 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- config/grub/grub.conf | 12 +- config/grub/scsigrub.conf | 12 +- config/kernel/kernel.config.i586 | 4 +- config/kernel/kernel.config.i586.smp | 4 +- lfs/iptables | 25 ++- lfs/linux | 6 +- src/initscripts/init.d/checkfs | 4 +- src/patches/iptables-1.3.6-imq.diff | 221 +++++++++++++++++++++++++++ 8 files changed, 255 insertions(+), 33 deletions(-) create mode 100644 src/patches/iptables-1.3.6-imq.diff diff --git a/config/grub/grub.conf b/config/grub/grub.conf index 9cfd63d2aa..d7deeb8202 100644 --- a/config/grub/grub.conf +++ b/config/grub/grub.conf @@ -5,31 +5,31 @@ background = ffffff gfxmenu /grub/message title IPFire (1024x768) root (hd0,0) - kernel /vmlinuz root=ROOT panic=10 vga=791 splash=silent ro + kernel /vmlinuz-ipfire root=ROOT panic=10 vga=791 splash=silent ro initrd /initrd.splash savedefault 0 title IPFire (VESA) root (hd0,0) - kernel /vmlinuz root=ROOT panic=10 ro + kernel /vmlinuz-ipfire root=ROOT panic=10 ro initrd /initrd.splash savedefault 1 title IPFire SMP (1024x768) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 acpi=off vga=791 splash=silent ro + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 acpi=off vga=791 splash=silent ro initrd /initrd.splash savedefault 2 title IPFire SMP (VESA) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 acpi=off ro + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 acpi=off ro initrd /initrd.splash savedefault 3 title IPFire SMP-HT (Intel Pentium 4) (1024x768) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 acpi=ht vga=791 splash=silent ro + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 acpi=ht vga=791 splash=silent ro initrd /initrd.splash savedefault 4 title IPFire SMP-HT (Intel Pentium 4) (VESA) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 acpi=ht ro + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 acpi=ht ro initrd /initrd.splash savedefault 5 diff --git a/config/grub/scsigrub.conf b/config/grub/scsigrub.conf index dd5fb88e7e..2eade227f3 100644 --- a/config/grub/scsigrub.conf +++ b/config/grub/scsigrub.conf @@ -5,31 +5,31 @@ background = ffffff gfxmenu /grub/message title IPFire (1024x768) root (hd0,0) - kernel /vmlinuz root=ROOT panic=10 init=/linuxrc vga=791 splash=silent rw + kernel /vmlinuz-ipfire root=ROOT panic=10 init=/linuxrc vga=791 splash=silent rw initrd /ipfirerd.img savedefault 0 title IPFire (VESA) root (hd0,0) - kernel /vmlinuz root=ROOT panic=10 init=/linuxrc rw + kernel /vmlinuz-ipfire root=ROOT panic=10 init=/linuxrc rw initrd /ipfirerd.img savedefault 1 title IPFire SMP (1024x768) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=off vga=791 splash=silent rw + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 init=/linuxrc acpi=off vga=791 splash=silent rw initrd /ipfirerd-smp.img savedefault 2 title IPFire SMP (VESA) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=off rw + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 init=/linuxrc acpi=off rw initrd /ipfirerd-smp.img savedefault 3 title IPFire SMP (Intel Pentium 4) (1024x768) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=ht vga=791 splash=silent rw + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 init=/linuxrc acpi=ht vga=791 splash=silent rw initrd /ipfirerd-smp.img savedefault 4 title IPFire SMP (Intel Pentium 4) (VESA) root (hd0,0) - kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=ht rw + kernel /vmlinuz-ipfire-smp root=ROOT panic=10 init=/linuxrc acpi=ht rw initrd /ipfirerd-smp.img savedefault 5 diff --git a/config/kernel/kernel.config.i586 b/config/kernel/kernel.config.i586 index faba484a6a..f9f42134c9 100644 --- a/config/kernel/kernel.config.i586 +++ b/config/kernel/kernel.config.i586 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.16.42-ipfire -# Sat Mar 3 20:27:00 2007 +# Sun Mar 4 14:59:47 2007 # CONFIG_X86_32=y CONFIG_SEMAPHORE_SLEEPERS=y @@ -476,6 +476,8 @@ CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m +CONFIG_IP_NF_NAT_MMS=m +CONFIG_IP_NF_MMS=m CONFIG_IP_NF_NAT_SIP=m CONFIG_IP_NF_SIP=m diff --git a/config/kernel/kernel.config.i586.smp b/config/kernel/kernel.config.i586.smp index efd259c4f5..89e30d923c 100644 --- a/config/kernel/kernel.config.i586.smp +++ b/config/kernel/kernel.config.i586.smp @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.16.42-ipfire -# Sat Mar 3 20:27:11 2007 +# Sun Mar 4 14:59:47 2007 # CONFIG_X86_32=y CONFIG_SEMAPHORE_SLEEPERS=y @@ -482,6 +482,8 @@ CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m +CONFIG_IP_NF_NAT_MMS=m +CONFIG_IP_NF_MMS=m CONFIG_IP_NF_NAT_SIP=m CONFIG_IP_NF_SIP=m diff --git a/lfs/iptables b/lfs/iptables index 59493402e3..4f0769c755 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -26,11 +26,11 @@ include Config -VER = 1.3.5 +VER = 1.3.7 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = http://ftp.netfilter.org/pub/iptables +DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -38,20 +38,17 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ############################################################################### objects = $(DL_FILE) \ - iptables-1.3.0-imq1.diff \ - netfilter-layer7-v2.6.tar.gz \ + netfilter-layer7-v2.9.tar.gz \ libnfnetlink-0.0.25.tar.bz2 \ libnetfilter_queue-0.0.13.tar.bz2 $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -iptables-1.3.0-imq1.diff = $(URL_IPFIRE)/iptables-1.3.0-imq1.diff -netfilter-layer7-v2.6.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz +netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2 libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2 -$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5 -iptables-1.3.0-imq1.diff_MD5 = 9adae8be9562775a176fc1b275b3cb29 -netfilter-layer7-v2.6.tar.gz_MD5 = 58135cd1aafaf4ae2fa478159206f064 +$(DL_FILE)_MD5 = dd965bdacbb86ce2a6498829fddda6b7 +netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256 @@ -83,13 +80,13 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) # iptables-fixed.tar.gz is made in the linux kernel build process - @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13 + @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13 @cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz - @cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/iptables-layer7-2.6.patch + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/iptables-layer7-2.9.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_DL)/iptables-1.3.0-imq1.diff + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.3.6-imq.diff chmod +x $(DIR_APP)/extensions/.IMQ-test* $(DIR_APP)/extensions/.layer7-test* # hack to disable IPv6 compilation as the configuration variable does not work when ip6.h is present @@ -107,5 +104,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install - @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13 + @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13 @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index 3d86d59aac..e53c6af09c 100644 --- a/lfs/linux +++ b/lfs/linux @@ -50,14 +50,14 @@ endif objects =$(DL_FILE) \ mISDN-CVS-2007-01-26.tar.bz2 \ squashfs3.2-r2.tar.gz \ - iptables-1.3.5.tar.bz2 \ + iptables-1.3.7.tar.bz2 \ patch-o-matic-ng-20061210.tar.bz2 \ netfilter-layer7-v2.9.tar.gz \ patch-2.6.16-nath323-1.3.bz2 $(DL_FILE) = $(DL_FROM)/$(DL_FILE) patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2 -iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2 +iptables-1.3.7.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.7.tar.bz2 netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2 squashfs3.2-r2.tar.gz = $(URL_IPFIRE)/squashfs3.2-r2.tar.gz @@ -65,7 +65,7 @@ mISDN-CVS-2007-01-26.tar.bz2 = $(URL_IPFIRE)/mISDN-CVS-2007-01-26.tar.bz2 $(DL_FILE)_MD5 = 87e998bb87839b962702815dd5aecc73 patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393 -iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5 +iptables-1.3.7.tar.bz2_MD5 = dd965bdacbb86ce2a6498829fddda6b7 netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138 squashfs3.2-r2.tar.gz_MD5 = bf360b92eba9e6d5610196ce2e02fcd1 diff --git a/src/initscripts/init.d/checkfs b/src/initscripts/init.d/checkfs index 484721398b..fe0f435a1a 100644 --- a/src/initscripts/init.d/checkfs +++ b/src/initscripts/init.d/checkfs @@ -30,8 +30,8 @@ case "${1}" in start) - if [ ! -f /.autofsck ]; then - boot_mesg -n "No /.autofsck found, will not perform" ${INFO} + if [ -f /fastboot ]; then + boot_mesg -n "/fastboot found, will not perform" ${INFO} boot_mesg " file system checks as requested." echo_ok exit 0 diff --git a/src/patches/iptables-1.3.6-imq.diff b/src/patches/iptables-1.3.6-imq.diff new file mode 100644 index 0000000000..262fef1a1e --- /dev/null +++ b/src/patches/iptables-1.3.6-imq.diff @@ -0,0 +1,221 @@ +--- iptables-1.3.6.orig/extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970 ++++ iptables-1.3.6/extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ +--- iptables-1.3.6.orig/extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.3.6/extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003 +@@ -0,0 +1,101 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ip6t_entry_target *t, unsigned int *nfcache) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ip6t_entry *entry, ++ struct ip6t_entry_target **target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ip6t_ip6 *ip, ++ const struct ip6t_entry_target *target, ++ int numeric) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static struct ip6tables_target imq = { ++ .next = NULL, ++ .name = "IMQ", ++ .version = IPTABLES_VERSION, ++ .size = IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ .help = &help, ++ .init = &init, ++ .parse = &parse, ++ .final_check = &final_check, ++ .print = &print, ++ .save = &save, ++ .extra_opts = opts ++}; ++ ++static __attribute__((constructor)) void _init(void) ++{ ++ register_target6(&imq); ++} +--- iptables-1.3.6.orig/extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970 ++++ iptables-1.3.6/extensions/.IMQ-test Mon Jun 16 10:12:47 2003 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ +--- iptables-1.3.6.orig/extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.3.6/extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003 +@@ -0,0 +1,101 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ipt_entry_target *t, unsigned int *nfcache) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ipt_entry *entry, ++ struct ipt_entry_target **target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ipt_ip *ip, ++ const struct ipt_entry_target *target, ++ int numeric) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ipt_ip *ip, const struct ipt_entry_target *target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static struct iptables_target imq = { ++ .next = NULL, ++ .name = "IMQ", ++ .version = IPTABLES_VERSION, ++ .size = IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ .help = &help, ++ .init = &init, ++ .parse = &parse, ++ .final_check = &final_check, ++ .print = &print, ++ .save = &save, ++ .extra_opts = opts ++}; ++ ++static __attribute__((constructor)) void _init(void) ++{ ++ register_target(&imq); ++} + -- 2.39.2