iptables: Remove all crappy patches.

diff --git a/pkgs/core/iptables/patches/grsecurity-iptables-1.4.0.patch b/pkgs/core/iptables/patches/grsecurity-iptables-1.4.0.patch
deleted file mode 100644 (file)
index bcb1bfd..0000000
--- a/pkgs/core/iptables/patches/grsecurity-iptables-1.4.0.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-diff -urNp iptables-1.3.5/extensions/Makefile iptables-1.3.5-new/extensions/Makefile
---- iptables-1.3.5/extensions/Makefile 2006-02-01 07:14:31.000000000 -0500
-+++ iptables-1.3.5-new/extensions/Makefile     2006-08-13 14:16:42.000000000 -0400
-@@ -5,7 +5,7 @@
- # header files are present in the include/linux directory of this iptables
- # package (HW)
- #
--PF_EXT_SLIB:=ah addrtype conntrack ecn icmp iprange owner policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG
-+PF_EXT_SLIB:=stealth ah addrtype conntrack ecn icmp iprange owner policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG
- PF6_EXT_SLIB:=ah dst eui64 frag hbh hl icmp6 ipv6header mh owner policy rt HL LOG REJECT
- PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE
-
-diff -urNp iptables-1.3.5/extensions/libipt_stealth.c iptables-1.3.5-new/extensions/libipt_stealth.c
---- iptables-1.3.5/extensions/libipt_stealth.c 1969-12-31 19:00:00.000000000 -0500
-+++ iptables-1.3.5-new/extensions/libipt_stealth.c     2006-08-13 14:21:52.000000000 -0400
-@@ -0,0 +1,64 @@
-+/* Shared library add-on to iptables to add stealth support.
-+ * Copyright (C) 2006 Brad Spengler  <spender@grsecurity.net>
-+ * This netfilter module is licensed under the GNU GPL.
-+ */
-+
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+      printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+      {0}
-+};
-+
-+/* Initialize the match. */
-+static void
-+init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+      *nfcache |= NFC_UNKNOWN;
-+}
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+      const struct ipt_entry *entry,
-+      unsigned int *nfcache,
-+      struct ipt_entry_match **match)
-+{
-+      return 0;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+      return;
-+}
-+
-+static
-+struct iptables_match stealth = {
-+      .next           = NULL,
-+      .name           = "stealth",
-+      .version        = IPTABLES_VERSION,
-+      .size           = IPT_ALIGN(0),
-+      .userspacesize  = IPT_ALIGN(0),
-+      .help           = &help,
-+      .init           = &init,
-+      .parse          = &parse, 
-+      .final_check    = &final_check,
-+      .print          = NULL,
-+      .save           = NULL,
-+      .extra_opts     = opts  
-+};
-+
-+void _init(void)
-+{
-+      register_match(&stealth);
-+}

diff --git a/pkgs/core/iptables/patches/iptables-1.4.1.1-imq-1.patch b/pkgs/core/iptables/patches/iptables-1.4.1.1-imq-1.patch
deleted file mode 100644 (file)
index 3c96a3b..0000000
--- a/pkgs/core/iptables/patches/iptables-1.4.1.1-imq-1.patch
+++ /dev/null
@@ -1,198 +0,0 @@
---- iptables-1.4.1-rc3.orig/extensions/.IMQ-test       1970-01-01 10:00:00.000000000 +1000
-+++ iptables-1.4.1-rc3/extensions/.IMQ-test    2008-06-08 22:41:49.000000000 +1000
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_IMQ.h ] && echo IMQ
-diff -pruN iptables-1.4.1-rc3.orig/extensions/.IMQ-test6 iptables-1.4.1-rc3/extensions/.IMQ-test6
---- iptables-1.4.1-rc3.orig/extensions/.IMQ-test6      1970-01-01 10:00:00.000000000 +1000
-+++ iptables-1.4.1-rc3/extensions/.IMQ-test6   2008-06-08 22:41:49.000000000 +1000
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_IMQ.h ] && echo IMQ
-diff -pruN iptables-1.4.1-rc3.orig/extensions/libip6t_IMQ.c iptables-1.4.1-rc3/extensions/libip6t_IMQ.c
---- iptables-1.4.1-rc3.orig/extensions/libip6t_IMQ.c   1970-01-01 10:00:00.000000000 +1000
-+++ iptables-1.4.1-rc3/extensions/libip6t_IMQ.c        2008-06-08 22:46:57.000000000 +1000
-@@ -0,0 +1,89 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <ip6tables.h>
-+#include <linux/netfilter_ipv6/ip6_tables.h>
-+#include <linux/netfilter_ipv6/ip6t_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void IMQ_help(void)
-+{
-+      printf(
-+"IMQ target v%s options:\n"
-+"  --todev <N>                enqueue to imq<N>, defaults to 0\n", 
-+XTABLES_VERSION);
-+}
-+
-+static struct option IMQ_opts[] = {
-+      { "todev", 1, 0, '1' },
-+      { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void IMQ_init(struct xt_entry_target *t)
-+{
-+      struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;
-+
-+      mr->todev = 0;
-+}
-+
-+/* Function which parses command options; returns true if it
-+   ate an option */
-+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
-+      const void *entry,
-+      struct xt_entry_target **target)
-+{
-+      struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;
-+      
-+      switch(c) {
-+      case '1':
-+              if (check_inverse(optarg, &invert, NULL, 0))
-+                      exit_error(PARAMETER_PROBLEM,
-+                                 "Unexpected `!' after --todev");
-+              mr->todev=atoi(optarg);
-+              break;
-+      default:
-+              return 0;
-+      }
-+      return 1;
-+}
-+
-+/* Prints out the targinfo. */
-+static void IMQ_print(const void *ip,
-+      const struct xt_entry_target *target,
-+      int numeric)
-+{
-+      struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+      printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
-+{
-+      struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+      printf("--todev %u", mr->todev);
-+}
-+
-+static struct xtables_target imq = {
-+      .name           = "IMQ",
-+      .version        = XTABLES_VERSION,
-+      .family         = PF_INET6,
-+      .size           = XT_ALIGN(sizeof(struct ip6t_imq_info)),
-+      .userspacesize  = XT_ALIGN(sizeof(struct ip6t_imq_info)),
-+      .help           = IMQ_help,
-+      .init           = IMQ_init,
-+      .parse          = IMQ_parse,
-+      .print          = IMQ_print,
-+      .save           = IMQ_save,
-+      .extra_opts     = IMQ_opts,
-+};
-+
-+void _init(void)
-+{
-+      xtables_register_target(&imq);
-+}
-diff -pruN iptables-1.4.1-rc3.orig/extensions/libipt_IMQ.c iptables-1.4.1-rc3/extensions/libipt_IMQ.c
---- iptables-1.4.1-rc3.orig/extensions/libipt_IMQ.c    1970-01-01 10:00:00.000000000 +1000
-+++ iptables-1.4.1-rc3/extensions/libipt_IMQ.c 2008-06-08 22:46:25.000000000 +1000
-@@ -0,0 +1,88 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ipt_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void IMQ_help(void)
-+{
-+      printf(
-+"IMQ target v%s options:\n"
-+"  --todev <N>                enqueue to imq<N>, defaults to 0\n", 
-+XTABLES_VERSION);
-+}
-+
-+static struct option IMQ_opts[] = {
-+      { "todev", 1, 0, '1' },
-+      { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void IMQ_init(struct xt_entry_target *t)
-+{
-+      struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;
-+
-+      mr->todev = 0;
-+}
-+
-+/* Function which parses command options; returns true if it
-+   ate an option */
-+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
-+      const void *entry, struct xt_entry_target **target)
-+{
-+      struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;
-+      
-+      switch(c) {
-+      case '1':
-+              if (check_inverse(optarg, &invert, NULL, 0))
-+                      exit_error(PARAMETER_PROBLEM,
-+                                 "Unexpected `!' after --todev");
-+              mr->todev=atoi(optarg);
-+              break;
-+      default:
-+              return 0;
-+      }
-+      return 1;
-+}
-+
-+/* Prints out the targinfo. */
-+static void IMQ_print(const void *ip,
-+      const struct xt_entry_target *target,
-+      int numeric)
-+{
-+      struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+      printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
-+{
-+      struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+      printf("--todev %u", mr->todev);
-+}
-+
-+static struct xtables_target imq = {
-+      .name           = "IMQ",
-+      .version        = XTABLES_VERSION,
-+      .family         = PF_INET,
-+      .size           = XT_ALIGN(sizeof(struct ipt_imq_info)),
-+      .userspacesize  = XT_ALIGN(sizeof(struct ipt_imq_info)),
-+      .help           = IMQ_help,
-+      .init           = IMQ_init,
-+      .parse          = IMQ_parse,
-+      .print          = IMQ_print,
-+      .save           = IMQ_save,
-+      .extra_opts     = IMQ_opts,
-+};
-+
-+void _init(void)
-+{
-+      xtables_register_target(&imq);
-+}