From a6e9d42e392aec3e3d0b8655634f1071896725d4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 21 May 2008 00:19:19 +0200 Subject: [PATCH] Updated Layer7 filter Removed mkinitcpio ide hook if no ide drive found --- config/kernel/kernel.config.i586 | 8 +++++--- config/kernel/kernel.config.i586.smp | 8 +++++--- lfs/iptables | 15 +++++++-------- lfs/linux | 12 ++++++------ src/install+setup/install/main.c | 4 ++++ 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/config/kernel/kernel.config.i586 b/config/kernel/kernel.config.i586 index 9552b4947..389522bcd 100644 --- a/config/kernel/kernel.config.i586 +++ b/config/kernel/kernel.config.i586 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.20.21-ipfire -# Mon May 19 16:44:12 2008 +# Linux kernel version: 2.6.20.21 +# Tue May 20 18:00:30 2008 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y @@ -501,6 +501,8 @@ CONFIG_NETFILTER_XT_MATCH_QUOTA=m CONFIG_NETFILTER_XT_MATCH_REALM=m CONFIG_NETFILTER_XT_MATCH_SCTP=m CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_LAYER7=m +# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m @@ -662,7 +664,7 @@ CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=m CONFIG_NET_ACT_IPT=m CONFIG_NET_ACT_PEDIT=m -CONFIG_NET_ACT_SIMP=m +# CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_ESTIMATOR=y diff --git a/config/kernel/kernel.config.i586.smp b/config/kernel/kernel.config.i586.smp index 04be248da..0ae0cd971 100644 --- a/config/kernel/kernel.config.i586.smp +++ b/config/kernel/kernel.config.i586.smp @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.20.21-ipfire -# Mon May 19 16:45:16 2008 +# Linux kernel version: 2.6.20.21 +# Tue May 20 18:05:28 2008 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y @@ -503,6 +503,8 @@ CONFIG_NETFILTER_XT_MATCH_QUOTA=m CONFIG_NETFILTER_XT_MATCH_REALM=m CONFIG_NETFILTER_XT_MATCH_SCTP=m CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_LAYER7=m +# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m @@ -664,7 +666,7 @@ CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=m CONFIG_NET_ACT_IPT=m CONFIG_NET_ACT_PEDIT=m -CONFIG_NET_ACT_SIMP=m +# CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_ESTIMATOR=y diff --git a/lfs/iptables b/lfs/iptables index de88dfa3d..f35e0be2c 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -36,17 +36,17 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ############################################################################### objects = $(DL_FILE) \ - netfilter-layer7-v2.9.tar.gz \ + netfilter-layer7-v2.18.tar.gz \ libnfnetlink-0.0.25.tar.bz2 \ libnetfilter_queue-0.0.13.tar.bz2 $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz +netfilter-layer7-v2.18.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.18.tar.gz libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2 libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2 $(DL_FILE)_MD5 = 0a9209f928002e5eee9cdff8fef4d4b3 -netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee +netfilter-layer7-v2.18.tar.gz_MD5 = 8d2e2c00f5c20e8c0852998035aeffd2 libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256 @@ -81,16 +81,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13 @cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/iptables-layer7-2.9.patch + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.18.tar.gz + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.18/iptables-1.3-for-kernel-2.6.20forward-layer7-2.18.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.3.0-imq1.diff chmod +x $(DIR_APP)/extensions/.IMQ-test* $(DIR_APP)/extensions/.layer7-test* # hack to disable IPv6 compilation as the configuration variable does not work when ip6.h is present cd $(DIR_APP) && sed -i -e 's/DO_IPV6:=1/DO_IPV6:=0/' Makefile - cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib $(MAKETUNING) - cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib install install-devel + cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man KERNEL_DIR=/usr/src/linux LIBDIR=/lib $(MAKETUNING) + cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man KERNEL_DIR=/usr/src/linux LIBDIR=/lib install install-devel cd $(DIR_APP) && cp -fva include/* /usr/include -mkdir /usr/include/libiptc cd $(DIR_APP) && cp -vf include/libiptc/{libiptc.h,ipt_kernel_headers.h} \ @@ -105,6 +105,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && ./configure --prefix=/usr cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install - @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13 @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index 8135ab436..00e39e5df 100644 --- a/lfs/linux +++ b/lfs/linux @@ -51,14 +51,14 @@ objects =$(DL_FILE) \ squashfs3.3.tgz \ iptables-1.3.8.tar.bz2 \ patch-o-matic-ng-20061210.tar.bz2 \ - netfilter-layer7-v2.9.tar.gz \ + netfilter-layer7-v2.18.tar.gz \ patch-2.6.16-nath323-1.3.bz2 \ openswan-2.4.12.tar.gz $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2 iptables-1.3.8.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.8.tar.bz2 -netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz +netfilter-layer7-v2.18.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.18.tar.gz patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2 squashfs3.3.tgz = $(URL_IPFIRE)/squashfs3.3.tgz mISDN-1_1_5.tar.gz = $(URL_IPFIRE)/mISDN-1_1_5.tar.gz @@ -67,7 +67,7 @@ openswan-2.4.12.tar.gz = $(URL_IPFIRE)/openswan-2.4.12.tar.gz $(DL_FILE)_MD5 = fbedc192e654735936cc780da8deeba4 patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393 iptables-1.3.8.tar.bz2_MD5 = 0a9209f928002e5eee9cdff8fef4d4b3 -netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee +netfilter-layer7-v2.18.tar.gz_MD5 = 8d2e2c00f5c20e8c0852998035aeffd2 patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138 squashfs3.3.tgz_MD5 = 95c40fca0d886893631b5de14a0af25b mISDN-1_1_5.tar.gz_MD5 = 93b1cff7817b82638a0475c2b7b7f1b6 @@ -139,9 +139,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # mms-conntrack-nat # Layer7-patch - cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.9 - cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/kernel-2.6.18-2.6.19-layer7-2.9.patch + cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.18 + cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.18.tar.gz + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.20-2.6.21-layer7-2.16.1.patch # Linux Intermediate Queueing Device ifeq "$(XEN)" "" diff --git a/src/install+setup/install/main.c b/src/install+setup/install/main.c index 7d2e573b6..72af0ce59 100644 --- a/src/install+setup/install/main.c +++ b/src/install+setup/install/main.c @@ -501,6 +501,10 @@ int main(int argc, char *argv[]) replace("/harddisk/boot/grub/grub.conf", "MOUNT", "ro"); } + /* Remove the ide hook if we install sda */ + if ( scsi_disk==1 ) { + replace("/harddisk/etc/mkinitcpio.conf", " ide ", " "); + } /* Going to make our initrd... */ snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitcpio -g /boot/ipfirerd.img -k %s-ipfire", KERNEL_VERSION); runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]); -- 2.39.2