From c51f03a1c5ebe8e2a797e82e2dd58ac567d47dab Mon Sep 17 00:00:00 2001 From: Martin Holzer Date: Tue, 11 Mar 2003 21:52:05 +0000 Subject: moved from sys-apps/iptables to net-firewall/iptables --- net-firewall/iptables/ChangeLog | 155 +++++++ .../files/1.2.7a-files/01_all_grsecurity.patch.bz2 | Bin 0 -> 1163 bytes .../files/1.2.7a-files/02_all_imq.patch.bz2 | Bin 0 -> 2936 bytes .../files/1.2.7a-files/03_all_mac_fix.patch.bz2 | Bin 0 -> 305 bytes .../1.2.7a-files/04_all_no_optimize_fix.patch.bz2 | Bin 0 -> 549 bytes .../iptables/files/digest-iptables-1.2.7a-r3 | 1 + .../files/grsecurity-1.2.7a-iptables.patch | 79 ++++ .../iptables/files/iptables-1.2.6a-imq.diff-3 | 488 +++++++++++++++++++++ .../iptables/files/iptables-1.2.7a-gentoo.diff | 23 + .../iptables/files/iptables-1.2.7a-hppa.diff | 12 + .../iptables/files/iptables-1.2.7a-imq.diff-3 | 488 +++++++++++++++++++++ net-firewall/iptables/files/iptables.confd | 12 + net-firewall/iptables/files/iptables.init | 80 ++++ net-firewall/iptables/iptables-1.2.7a-r3.ebuild | 68 +++ 14 files changed, 1406 insertions(+) create mode 100644 net-firewall/iptables/ChangeLog create mode 100644 net-firewall/iptables/files/1.2.7a-files/01_all_grsecurity.patch.bz2 create mode 100644 net-firewall/iptables/files/1.2.7a-files/02_all_imq.patch.bz2 create mode 100644 net-firewall/iptables/files/1.2.7a-files/03_all_mac_fix.patch.bz2 create mode 100644 net-firewall/iptables/files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 create mode 100644 net-firewall/iptables/files/digest-iptables-1.2.7a-r3 create mode 100644 net-firewall/iptables/files/grsecurity-1.2.7a-iptables.patch create mode 100644 net-firewall/iptables/files/iptables-1.2.6a-imq.diff-3 create mode 100644 net-firewall/iptables/files/iptables-1.2.7a-gentoo.diff create mode 100644 net-firewall/iptables/files/iptables-1.2.7a-hppa.diff create mode 100644 net-firewall/iptables/files/iptables-1.2.7a-imq.diff-3 create mode 100644 net-firewall/iptables/files/iptables.confd create mode 100644 net-firewall/iptables/files/iptables.init create mode 100644 net-firewall/iptables/iptables-1.2.7a-r3.ebuild (limited to 'net-firewall') diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog new file mode 100644 index 000000000000..4f8b076acebf --- /dev/null +++ b/net-firewall/iptables/ChangeLog @@ -0,0 +1,155 @@ +# ChangeLog for sys-apps/iptables +# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.1 2003/03/11 21:50:24 mholzer Exp $ + +*iptables-1.2.7a-r3 (11 Mar 2003) + + 11 Mar 2003; Martin Holzer iptables-1.2.7a-r3.ebuild, + files/grsecurity-1.2.7a-iptables.patch, files/iptables-1.2.6a-imq.diff-3, + files/iptables-1.2.7a-gentoo.diff, files/iptables-1.2.7a-hppa.diff, + files/iptables-1.2.7a-imq.diff-3, files/iptables.confd, files/iptables.init, + files/1.2.7a-files/01_all_grsecurity.patch.bz2, + files/1.2.7a-files/02_all_imq.patch.bz2, + files/1.2.7a-files/03_all_mac_fix.patch.bz2, + files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2: + moved from sys-apps/iptables to net-firewall/iptables + + 21 Feb 2003; Zach Welch iptables-1.2.7a-r3.ebuild : + Added arm keyword + + 17 Feb 2003; Guy Martin iptables-1.2.7a-r3.ebuild : + Added patch and keyword for hppa. + +*iptables-1.2.7a-r3 (09 Jan 2003) + + 11 Mar 2003; Zach Welch iptables-1.2.7a-r3.ebuild: + change sys-kernel/linux-headers to new virtual/os-headers + + 09 Feb 2003; Seemant Kulleen + iptables-1.2.7a-r3.ebuild : + + Sed expression delimiter from / to :, closing bug #15006 by Blu3 + + + 06 Feb 2003; Mark Guertin iptables-1.2.7a-r3.ebuild : + Added ppc keyword + + 10 Jan 2003; Joshua Brindle iptables-1.2.7a-r3.ebuild : + unmasked for x86, sparc, alpha re: bug #13466 + fixed sed string re: bug #13644 + + 09 Jan 2003; Christian Birchinger : + Added new revsion with sparc64 limit rule fixes. + + 09 Jan 2003; Daniel Ahlberg files/iptables.init : + Readded save() function, closes #7752. + + 08 Jan 2003; Daniel Ahlberg files/iptables.init : + Forgot to remove save() function from initscript. + + 08 Jan 2003; Daniel Ahlberg iptables-1.2.7a-r2.ebuild : + Closes #13466. + + 07 Jan 2003; Daniel Ahlberg : + Cleaned out old files. + +*iptables-1.2.7a-r2 (07 Jan 2003) + + 07 Jan 2003; Daniel Ahlberg iptables-1.2.7a-r2.ebuild, files/iptables.init, + files/iptables.confd : + Closes #13366, #13144 and #10424. Added new patching method and made installation prettier. + +*iptables-1.2.7a-r1 (10 Dec 2002) + + 10 Dec 2002; Joshua Beindle iptables-1.2.7a-r1.ebuild : + Added grsecurity stealth module patch + + 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords + +*iptables-1.2.7a (27 Aug 2002) + + 20 Nov 2002; Daniel Ahlberg iptables-1.2.7a.ebuild : + Added patch for iptables-restore. Contributed by fridtjof@fbunet.de in #10736. + + 25 Sep 2002; Daniel Ahlberg files/iptables-1.2.7a-imq.diff-3 : + Closes #8046. + + 23 Sep 2002; Jack Morgan iptables-1.2.7a.ebuild : + Added sparc/sparc64 keywords + + 09 Sep 2002; Daniel Ahlberg iptables-1.2.7a.ebuild : + Cleaned up configurationfiles and ebuild, added blocke's changes to -r1 into this version. + + 08 Sep 2002; Bruce A. Locke iptables-1.2.6a-r3.ebuild, iptables-1.2.7a-r2, files/iptables.confd-2, files/iptables.init-2 + Fix #2355. Forwarding is disabled on script stop and only turned on + during script start if conf.d/iptables settings are enabled. + + 01 Sep 2002; Daniel Ahlberg iptables-1.2.7a.ebuild : + Added better handling of stopping iptables as described in #6949. + Suggested and submitted by Frederic Jolliton . + + 30 Aug 2002; Daniel Ahlberg iptables-1.2.7a.ebuild : + Added the IMQ patch to 1.2.7a. + + 27 Aug 2002; Daniel Ahlberg iptables-1.2.7a.ebuild : New + upstream version to fix the bugs introduced in 1.2.7. + +*iptables-1.2.6a-r3 + + 08 Sep 2002; Bruce A. Locke iptables-1.2.6a-r3.ebuild, iptables-1.2.7a-r2, files/iptables.confd-2, files/iptables.init-2 + Fix #2335. Forwarding is disabled on script stop and only turned on + during script start if conf.d/iptables settings are enabled. + +*iptables-1.2.6a-r2 (29 Aug 2002) + + 29 Aug 2002; Daniel Robbins new rev of iptables-1.2.6a + adding support for IMQ (intermediate queueing device.) See + http://luxik.cdi.cz/~patrick/imq/ for more information. + +*iptables-1.2.7.ebuild (17 Aug 2002) + + 17 Aug 2002; Daniel Ahlberg iptables-1.2.7.ebuild : Version + bump. Christian Parpart brought this to our + attention. + +*iptables-1.2.6a-r1.ebuild (14 July 2002) + + 14 Jul 2002; phoen][x iptables-1.2.6a.ebuild : + Added KEYWORDS. + + 14 Jul 2002; phoen][x iptables-1.2.6a-r1.ebuild : + Added KEYWORDS. + +*iptables-1.2.4-r1.ebuild (14 July 2002) + + 14 Jul 2002; phoen][x iptables-1.2.4-r1.ebuild : + Added KEYWORDS, SLOT. + +*iptables-1.2.6a (13 Apr 2002) + + 13 Apr 2002; Seemant Kulleen iptables-1.2.6a.ebuild : + + gaarde@yahoo.com (Paul Belt) in bug #1670 submitted the update. + +*iptables-1.2.5-r1 (20 Mar 2002) + + 14 Jul 2002; phoen][x iptables-1.2.5.ebuild : + Added KEYWORDS, SLOT. + + 14 Jul 2002; phoen][x iptables-1.2.5-r1.ebuild : + Added KEYWORDS. + + 20 Mar 2002; Daniel Robbins : iptables *requires* + kernel sources to compile. Before, we got away without them since we had a + /usr/include/linux/autoconf.h. Now we don't, and this means that we need a + source tree handy. Sad but true, and apparently the right thing to do. + +*iptables-1.2.5 (1 Feb 2002) + + 1 Feb 2002; G.Bevin ChangeLog : + + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/net-firewall/iptables/files/1.2.7a-files/01_all_grsecurity.patch.bz2 b/net-firewall/iptables/files/1.2.7a-files/01_all_grsecurity.patch.bz2 new file mode 100644 index 000000000000..a2ed67c98108 Binary files /dev/null and b/net-firewall/iptables/files/1.2.7a-files/01_all_grsecurity.patch.bz2 differ diff --git a/net-firewall/iptables/files/1.2.7a-files/02_all_imq.patch.bz2 b/net-firewall/iptables/files/1.2.7a-files/02_all_imq.patch.bz2 new file mode 100644 index 000000000000..85a7f00124f2 Binary files /dev/null and b/net-firewall/iptables/files/1.2.7a-files/02_all_imq.patch.bz2 differ diff --git a/net-firewall/iptables/files/1.2.7a-files/03_all_mac_fix.patch.bz2 b/net-firewall/iptables/files/1.2.7a-files/03_all_mac_fix.patch.bz2 new file mode 100644 index 000000000000..edd1f0e0dc07 Binary files /dev/null and b/net-firewall/iptables/files/1.2.7a-files/03_all_mac_fix.patch.bz2 differ diff --git a/net-firewall/iptables/files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 b/net-firewall/iptables/files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 new file mode 100644 index 000000000000..7bb811fbbb16 Binary files /dev/null and b/net-firewall/iptables/files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 differ diff --git a/net-firewall/iptables/files/digest-iptables-1.2.7a-r3 b/net-firewall/iptables/files/digest-iptables-1.2.7a-r3 new file mode 100644 index 000000000000..557c12876948 --- /dev/null +++ b/net-firewall/iptables/files/digest-iptables-1.2.7a-r3 @@ -0,0 +1 @@ +MD5 e9de1c98c86a93934c8ada812fc8b286 iptables-1.2.7a.tar.bz2 118127 diff --git a/net-firewall/iptables/files/grsecurity-1.2.7a-iptables.patch b/net-firewall/iptables/files/grsecurity-1.2.7a-iptables.patch new file mode 100644 index 000000000000..ca20b9628dfb --- /dev/null +++ b/net-firewall/iptables/files/grsecurity-1.2.7a-iptables.patch @@ -0,0 +1,79 @@ +diff -urN iptables-1.2.7a/extensions/Makefile iptables-1.2.7a-new/extensions/Makefile +--- iptables-1.2.7a/extensions/Makefile 2002-08-09 03:44:10.000000000 -0400 ++++ iptables-1.2.7a-new/extensions/Makefile 2002-09-09 12:52:50.000000000 -0400 +@@ -1,6 +1,6 @@ + #! /usr/bin/make + +-PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG ++PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp stealth unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG + PF6_EXT_SLIB:=eui64 icmpv6 length limit mac mark multiport owner standard tcp udp LOG MARK + + # The following may not be present, but compile them anyway. +diff -urN iptables-1.2.7a/extensions/libipt_stealth.c iptables-1.2.7a-new/extensions/libipt_stealth.c +--- iptables-1.2.7a/extensions/libipt_stealth.c 1969-12-31 19:00:00.000000000 -0500 ++++ iptables-1.2.7a-new/extensions/libipt_stealth.c 2002-09-10 16:36:24.000000000 -0400 +@@ -0,0 +1,64 @@ ++/* Shared library add-on to iptables to add stealth support. ++ * Copyright (C) 2002 Brad Spengler ++ * This netfilter module is licensed under the GNU GPL. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf("stealth v%s takes no options\n\n", IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ {0} ++}; ++ ++/* Initialize the match. */ ++static void ++init(struct ipt_entry_match *m, unsigned int *nfcache) ++{ ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ipt_entry *entry, ++ unsigned int *nfcache, ++ struct ipt_entry_match **match) ++{ ++ return 0; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++ return; ++} ++ ++static ++struct iptables_match stealth = { ++ NULL, ++ "stealth", ++ IPTABLES_VERSION, ++ IPT_ALIGN(0), ++ IPT_ALIGN(0), ++ &help, ++ &init, ++ &parse, ++ &final_check, ++ NULL, ++ NULL, ++ opts ++}; ++ ++void _init(void) ++{ ++ register_match(&stealth); ++} diff --git a/net-firewall/iptables/files/iptables-1.2.6a-imq.diff-3 b/net-firewall/iptables/files/iptables-1.2.6a-imq.diff-3 new file mode 100644 index 000000000000..a4b28a673c5c --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.2.6a-imq.diff-3 @@ -0,0 +1,488 @@ +diff -urN iptables-1.2.6a-clean/extensions/.IMQ-test iptables-1.2.6a-imq/extensions/.IMQ-test +--- iptables-1.2.6a-clean/extensions/.IMQ-test Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/.IMQ-test Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ +diff -urN iptables-1.2.6a-clean/extensions/.IMQ-test6 iptables-1.2.6a-imq/extensions/.IMQ-test6 +--- iptables-1.2.6a-clean/extensions/.IMQ-test6 Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/.IMQ-test6 Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ +diff -urN iptables-1.2.6a-clean/extensions/libip6t_IMQ.c iptables-1.2.6a-imq/extensions/libip6t_IMQ.c +--- iptables-1.2.6a-clean/extensions/libip6t_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/libip6t_IMQ.c Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,102 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++NETFILTER_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ip6t_entry_target *t, unsigned int *nfcache) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ip6t_entry *entry, ++ struct ip6t_entry_target **target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ip6t_ip6 *ip, ++ const struct ip6t_entry_target *target, ++ int numeric) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static ++struct ip6tables_target imq ++= { NULL, ++ "IMQ", ++ NETFILTER_VERSION, ++ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ &help, ++ &init, ++ &parse, ++ &final_check, ++ &print, ++ &save, ++ opts ++}; ++ ++void _init(void) ++{ ++ register_target6(&imq); ++} +diff -urN iptables-1.2.6a-clean/extensions/libipt_IMQ.c iptables-1.2.6a-imq/extensions/libipt_IMQ.c +--- iptables-1.2.6a-clean/extensions/libipt_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/libipt_IMQ.c Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,102 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++NETFILTER_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ipt_entry_target *t, unsigned int *nfcache) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ipt_entry *entry, ++ struct ipt_entry_target **target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ipt_ip *ip, ++ const struct ipt_entry_target *target, ++ int numeric) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ipt_ip *ip, const struct ipt_entry_target *target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static ++struct iptables_target imq ++= { NULL, ++ "IMQ", ++ NETFILTER_VERSION, ++ IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ &help, ++ &init, ++ &parse, ++ &final_check, ++ &print, ++ &save, ++ opts ++}; ++ ++void _init(void) ++{ ++ register_target(&imq); ++} +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,94 @@ ++diff -urN linux-2.4.18-clean/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.4.18-imq-nf/include/linux/netfilter_ipv4/ipt_IMQ.h ++--- linux-2.4.18-clean/include/linux/netfilter_ipv4/ipt_IMQ.h Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq-nf/include/linux/netfilter_ipv4/ipt_IMQ.h Tue Apr 2 21:35:20 2002 ++@@ -0,0 +1,8 @@ +++#ifndef _IPT_IMQ_H +++#define _IPT_IMQ_H +++ +++struct ipt_imq_info { +++ unsigned int todev; /* target imq device */ +++}; +++ +++#endif /* _IPT_IMQ_H */ ++diff -urN linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQ.c linux-2.4.18-imq-nf/net/ipv4/netfilter/ipt_IMQ.c ++--- linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQ.c Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq-nf/net/ipv4/netfilter/ipt_IMQ.c Tue Apr 2 21:34:15 2002 ++@@ -0,0 +1,78 @@ +++/* This target marks packets to be enqueued to an imq device */ +++#include +++#include +++#include +++#include +++#include +++ +++static unsigned int imq_target(struct sk_buff **pskb, +++ unsigned int hooknum, +++ const struct net_device *in, +++ const struct net_device *out, +++ const void *targinfo, +++ void *userinfo) +++{ +++ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; +++ +++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; +++ (*pskb)->nfcache |= NFC_ALTERED; +++ +++ return IPT_CONTINUE; +++} +++ +++static int imq_checkentry(const char *tablename, +++ const struct ipt_entry *e, +++ void *targinfo, +++ unsigned int targinfosize, +++ unsigned int hook_mask) +++{ +++ struct ipt_imq_info *mr; +++ +++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_imq_info))) { +++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); +++ return 0; +++ } +++ mr = (struct ipt_imq_info*)targinfo; +++ +++ if (strcmp(tablename, "mangle") != 0) { +++ printk(KERN_WARNING +++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", +++ tablename); +++ return 0; +++ } +++ +++ if (mr->todev > IMQ_MAX_DEVS) { +++ printk(KERN_WARNING +++ "IMQ: invalid device specified, highest is %u\n", +++ IMQ_MAX_DEVS); +++ return 0; +++ } +++ +++ return 1; +++} +++ +++static struct ipt_target ipt_imq_reg = { +++ { NULL, NULL}, +++ "IMQ", +++ imq_target, +++ imq_checkentry, +++ NULL, +++ THIS_MODULE +++}; +++ +++static int __init init(void) +++{ +++ if (ipt_register_target(&ipt_imq_reg)) +++ return -EINVAL; +++ +++ return 0; +++} +++ +++static void __exit fini(void) +++{ +++ ipt_unregister_target(&ipt_imq_reg); +++} +++ +++module_init(init); +++module_exit(fini); +++MODULE_LICENSE("GPL"); +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.config.in iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.config.in +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.config.in Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.config.in Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++ dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP_NF_TARGET_IMQ $CONFIG_IP_NF_MANGLE +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.configure.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.configure.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.configure.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.configure.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,8 @@ ++CONFIG_IP_NF_TARGET_MARK ++IMQ target support ++CONFIG_IP_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,5 @@ ++Author: Patrick McHardy ++Status: Working ++ ++ This patch adds a new target 'IMQ' which is required ++ to direct packets through an imq device. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6 iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6 +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6 Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6 Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,94 @@ ++diff -urN linux-2.4.18-clean/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.4.18-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ++--- linux-2.4.18-clean/include/linux/netfilter_ipv6/ip6t_IMQ.h Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h Sun Apr 28 23:34:53 2002 ++@@ -0,0 +1,8 @@ +++#ifndef _IP6T_IMQ_H +++#define _IP6T_IMQ_H +++ +++struct ip6t_imq_info { +++ unsigned int todev; /* target imq device */ +++}; +++ +++#endif /* _IP6T_IMQ_H */ ++diff -urN linux-2.4.18-clean/net/ipv6/netfilter/ip6t_IMQ.c linux-2.4.18-imq/net/ipv6/netfilter/ip6t_IMQ.c ++--- linux-2.4.18-clean/net/ipv6/netfilter/ip6t_IMQ.c Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq/net/ipv6/netfilter/ip6t_IMQ.c Sun Apr 28 23:34:11 2002 ++@@ -0,0 +1,78 @@ +++/* This target marks packets to be enqueued to an imq device */ +++#include +++#include +++#include +++#include +++#include +++ +++static unsigned int imq_target(struct sk_buff **pskb, +++ unsigned int hooknum, +++ const struct net_device *in, +++ const struct net_device *out, +++ const void *targinfo, +++ void *userinfo) +++{ +++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; +++ +++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; +++ (*pskb)->nfcache |= NFC_ALTERED; +++ +++ return IP6T_CONTINUE; +++} +++ +++static int imq_checkentry(const char *tablename, +++ const struct ip6t_entry *e, +++ void *targinfo, +++ unsigned int targinfosize, +++ unsigned int hook_mask) +++{ +++ struct ip6t_imq_info *mr; +++ +++ if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_imq_info))) { +++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); +++ return 0; +++ } +++ mr = (struct ip6t_imq_info*)targinfo; +++ +++ if (strcmp(tablename, "mangle") != 0) { +++ printk(KERN_WARNING +++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", +++ tablename); +++ return 0; +++ } +++ +++ if (mr->todev > IMQ_MAX_DEVS) { +++ printk(KERN_WARNING +++ "IMQ: invalid device specified, highest is %u\n", +++ IMQ_MAX_DEVS); +++ return 0; +++ } +++ +++ return 1; +++} +++ +++static struct ip6t_target ip6t_imq_reg = { +++ { NULL, NULL}, +++ "IMQ", +++ imq_target, +++ imq_checkentry, +++ NULL, +++ THIS_MODULE +++}; +++ +++static int __init init(void) +++{ +++ if (ip6t_register_target(&ip6t_imq_reg)) +++ return -EINVAL; +++ +++ return 0; +++} +++ +++static void __exit fini(void) +++{ +++ ip6t_unregister_target(&ip6t_imq_reg); +++} +++ +++module_init(init); +++module_exit(fini); +++MODULE_LICENSE("GPL"); +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.config.in iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.config.in +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.config.in Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.config.in Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++ dep_tristate ' MARK target support' CONFIG_IP6_NF_TARGET_MARK $CONFIG_IP6_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP6_NF_TARGET_IMQ $CONFIG_IP6_NF_MANGLE +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.configure.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.configure.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.configure.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.configure.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,8 @@ ++CONFIG_IP6_NF_TARGET_MARK ++IMQ target support ++CONFIG_IP6_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,5 @@ ++Author: Patrick McHardy ++Status: Working ++ ++ This patch adds a new target 'IMQ' which is required ++ to direct packets through an imq device. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.makefile iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.makefile +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.makefile Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.makefile Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.makefile iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.makefile +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.makefile Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.makefile Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o diff --git a/net-firewall/iptables/files/iptables-1.2.7a-gentoo.diff b/net-firewall/iptables/files/iptables-1.2.7a-gentoo.diff new file mode 100644 index 000000000000..f6235bfdfb9c --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.2.7a-gentoo.diff @@ -0,0 +1,23 @@ +--- extensions/libipt_mac.c.orig Fri Nov 8 18:20:48 2002 ++++ extensions/libipt_mac.c Fri Nov 8 18:22:48 2002 +@@ -90,7 +90,7 @@ + { + unsigned int i; + +- printf("%s%02X", invert ? "!" : "", macaddress[0]); ++ printf("%s %02X", invert ? "!" : "", macaddress[0]); + for (i = 1; i < ETH_ALEN; i++) + printf(":%02X", macaddress[i]); + printf(" "); +--- extensions/libip6t_mac.c.orig Fri Nov 8 18:23:10 2002 ++++ extensions/libip6t_mac.c Fri Nov 8 18:23:31 2002 +@@ -90,7 +90,7 @@ + { + unsigned int i; + +- printf("%s%02X", invert ? "!" : "", macaddress[0]); ++ printf("%s %02X", invert ? "!" : "", macaddress[0]); + for (i = 1; i < ETH_ALEN; i++) + printf(":%02X", macaddress[i]); + printf(" "); + diff --git a/net-firewall/iptables/files/iptables-1.2.7a-hppa.diff b/net-firewall/iptables/files/iptables-1.2.7a-hppa.diff new file mode 100644 index 000000000000..fc5d267a7ba4 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.2.7a-hppa.diff @@ -0,0 +1,12 @@ +--- Rules.make 2001-08-06 20:50:21.000000000 +0200 ++++ /root/Rules.make 2003-02-17 17:17:08.000000000 +0100 +@@ -31,7 +31,8 @@ + sed -e 's@^.*\.o:@$*.d $*_sh.o:@' > $@ + + $(SHARED_LIBS): %.so : %_sh.o +- $(LD) -shared -o $@ $< ++# $(LD) -shared -o $@ $< ++ $(CC) -shared -o $@ -nostdlib $< -lgcc + + %_sh.o : %.c + $(CC) $(SH_CFLAGS) -o $@ -c $< diff --git a/net-firewall/iptables/files/iptables-1.2.7a-imq.diff-3 b/net-firewall/iptables/files/iptables-1.2.7a-imq.diff-3 new file mode 100644 index 000000000000..1d8c41b68279 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.2.7a-imq.diff-3 @@ -0,0 +1,488 @@ +diff -urN iptables-1.2.6a-clean/extensions/.IMQ-test iptables-1.2.6a-imq/extensions/.IMQ-test +--- iptables-1.2.6a-clean/extensions/.IMQ-test Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/.IMQ-test Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ +diff -urN iptables-1.2.6a-clean/extensions/.IMQ-test6 iptables-1.2.6a-imq/extensions/.IMQ-test6 +--- iptables-1.2.6a-clean/extensions/.IMQ-test6 Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/.IMQ-test6 Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,3 @@ ++#!/bin/sh ++# True if IMQ target patch is applied. ++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ +diff -urN iptables-1.2.6a-clean/extensions/libip6t_IMQ.c iptables-1.2.6a-imq/extensions/libip6t_IMQ.c +--- iptables-1.2.6a-clean/extensions/libip6t_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/libip6t_IMQ.c Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,102 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ip6t_entry_target *t, unsigned int *nfcache) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ip6t_entry *entry, ++ struct ip6t_entry_target **target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ip6t_ip6 *ip, ++ const struct ip6t_entry_target *target, ++ int numeric) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static ++struct ip6tables_target imq ++= { NULL, ++ "IMQ", ++ IPTABLES_VERSION, ++ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), ++ &help, ++ &init, ++ &parse, ++ &final_check, ++ &print, ++ &save, ++ opts ++}; ++ ++void _init(void) ++{ ++ register_target6(&imq); ++} +diff -urN iptables-1.2.6a-clean/extensions/libipt_IMQ.c iptables-1.2.6a-imq/extensions/libipt_IMQ.c +--- iptables-1.2.6a-clean/extensions/libipt_IMQ.c Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/extensions/libipt_IMQ.c Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,102 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Function which prints out usage message. */ ++static void ++help(void) ++{ ++ printf( ++"IMQ target v%s options:\n" ++" --todev enqueue to imq, defaults to 0\n", ++IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void ++init(struct ipt_entry_target *t, unsigned int *nfcache) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data; ++ ++ mr->todev = 0; ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int ++parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ipt_entry *entry, ++ struct ipt_entry_target **target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++ mr->todev=atoi(optarg); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++final_check(unsigned int flags) ++{ ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ipt_ip *ip, ++ const struct ipt_entry_target *target, ++ int numeric) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void ++save(const struct ipt_ip *ip, const struct ipt_entry_target *target) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; ++ ++ printf("--todev %u", mr->todev); ++} ++ ++static ++struct iptables_target imq ++= { NULL, ++ "IMQ", ++ IPTABLES_VERSION, ++ IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ IPT_ALIGN(sizeof(struct ipt_imq_info)), ++ &help, ++ &init, ++ &parse, ++ &final_check, ++ &print, ++ &save, ++ opts ++}; ++ ++void _init(void) ++{ ++ register_target(&imq); ++} +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,94 @@ ++diff -urN linux-2.4.18-clean/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.4.18-imq-nf/include/linux/netfilter_ipv4/ipt_IMQ.h ++--- linux-2.4.18-clean/include/linux/netfilter_ipv4/ipt_IMQ.h Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq-nf/include/linux/netfilter_ipv4/ipt_IMQ.h Tue Apr 2 21:35:20 2002 ++@@ -0,0 +1,8 @@ +++#ifndef _IPT_IMQ_H +++#define _IPT_IMQ_H +++ +++struct ipt_imq_info { +++ unsigned int todev; /* target imq device */ +++}; +++ +++#endif /* _IPT_IMQ_H */ ++diff -urN linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQ.c linux-2.4.18-imq-nf/net/ipv4/netfilter/ipt_IMQ.c ++--- linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQ.c Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq-nf/net/ipv4/netfilter/ipt_IMQ.c Tue Apr 2 21:34:15 2002 ++@@ -0,0 +1,78 @@ +++/* This target marks packets to be enqueued to an imq device */ +++#include +++#include +++#include +++#include +++#include +++ +++static unsigned int imq_target(struct sk_buff **pskb, +++ unsigned int hooknum, +++ const struct net_device *in, +++ const struct net_device *out, +++ const void *targinfo, +++ void *userinfo) +++{ +++ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; +++ +++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; +++ (*pskb)->nfcache |= NFC_ALTERED; +++ +++ return IPT_CONTINUE; +++} +++ +++static int imq_checkentry(const char *tablename, +++ const struct ipt_entry *e, +++ void *targinfo, +++ unsigned int targinfosize, +++ unsigned int hook_mask) +++{ +++ struct ipt_imq_info *mr; +++ +++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_imq_info))) { +++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); +++ return 0; +++ } +++ mr = (struct ipt_imq_info*)targinfo; +++ +++ if (strcmp(tablename, "mangle") != 0) { +++ printk(KERN_WARNING +++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", +++ tablename); +++ return 0; +++ } +++ +++ if (mr->todev > IMQ_MAX_DEVS) { +++ printk(KERN_WARNING +++ "IMQ: invalid device specified, highest is %u\n", +++ IMQ_MAX_DEVS); +++ return 0; +++ } +++ +++ return 1; +++} +++ +++static struct ipt_target ipt_imq_reg = { +++ { NULL, NULL}, +++ "IMQ", +++ imq_target, +++ imq_checkentry, +++ NULL, +++ THIS_MODULE +++}; +++ +++static int __init init(void) +++{ +++ if (ipt_register_target(&ipt_imq_reg)) +++ return -EINVAL; +++ +++ return 0; +++} +++ +++static void __exit fini(void) +++{ +++ ipt_unregister_target(&ipt_imq_reg); +++} +++ +++module_init(init); +++module_exit(fini); +++MODULE_LICENSE("GPL"); +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.config.in iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.config.in +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.config.in Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.config.in Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++ dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP_NF_TARGET_IMQ $CONFIG_IP_NF_MANGLE +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.configure.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.configure.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.configure.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.configure.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,8 @@ ++CONFIG_IP_NF_TARGET_MARK ++IMQ target support ++CONFIG_IP_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,5 @@ ++Author: Patrick McHardy ++Status: Working ++ ++ This patch adds a new target 'IMQ' which is required ++ to direct packets through an imq device. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6 iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6 +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6 Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6 Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,94 @@ ++diff -urN linux-2.4.18-clean/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.4.18-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ++--- linux-2.4.18-clean/include/linux/netfilter_ipv6/ip6t_IMQ.h Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h Sun Apr 28 23:34:53 2002 ++@@ -0,0 +1,8 @@ +++#ifndef _IP6T_IMQ_H +++#define _IP6T_IMQ_H +++ +++struct ip6t_imq_info { +++ unsigned int todev; /* target imq device */ +++}; +++ +++#endif /* _IP6T_IMQ_H */ ++diff -urN linux-2.4.18-clean/net/ipv6/netfilter/ip6t_IMQ.c linux-2.4.18-imq/net/ipv6/netfilter/ip6t_IMQ.c ++--- linux-2.4.18-clean/net/ipv6/netfilter/ip6t_IMQ.c Thu Jan 1 01:00:00 1970 +++++ linux-2.4.18-imq/net/ipv6/netfilter/ip6t_IMQ.c Sun Apr 28 23:34:11 2002 ++@@ -0,0 +1,78 @@ +++/* This target marks packets to be enqueued to an imq device */ +++#include +++#include +++#include +++#include +++#include +++ +++static unsigned int imq_target(struct sk_buff **pskb, +++ unsigned int hooknum, +++ const struct net_device *in, +++ const struct net_device *out, +++ const void *targinfo, +++ void *userinfo) +++{ +++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; +++ +++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; +++ (*pskb)->nfcache |= NFC_ALTERED; +++ +++ return IP6T_CONTINUE; +++} +++ +++static int imq_checkentry(const char *tablename, +++ const struct ip6t_entry *e, +++ void *targinfo, +++ unsigned int targinfosize, +++ unsigned int hook_mask) +++{ +++ struct ip6t_imq_info *mr; +++ +++ if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_imq_info))) { +++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); +++ return 0; +++ } +++ mr = (struct ip6t_imq_info*)targinfo; +++ +++ if (strcmp(tablename, "mangle") != 0) { +++ printk(KERN_WARNING +++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", +++ tablename); +++ return 0; +++ } +++ +++ if (mr->todev > IMQ_MAX_DEVS) { +++ printk(KERN_WARNING +++ "IMQ: invalid device specified, highest is %u\n", +++ IMQ_MAX_DEVS); +++ return 0; +++ } +++ +++ return 1; +++} +++ +++static struct ip6t_target ip6t_imq_reg = { +++ { NULL, NULL}, +++ "IMQ", +++ imq_target, +++ imq_checkentry, +++ NULL, +++ THIS_MODULE +++}; +++ +++static int __init init(void) +++{ +++ if (ip6t_register_target(&ip6t_imq_reg)) +++ return -EINVAL; +++ +++ return 0; +++} +++ +++static void __exit fini(void) +++{ +++ ip6t_unregister_target(&ip6t_imq_reg); +++} +++ +++module_init(init); +++module_exit(fini); +++MODULE_LICENSE("GPL"); +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.config.in iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.config.in +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.config.in Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.config.in Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++ dep_tristate ' MARK target support' CONFIG_IP6_NF_TARGET_MARK $CONFIG_IP6_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP6_NF_TARGET_IMQ $CONFIG_IP6_NF_MANGLE +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.configure.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.configure.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.configure.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.configure.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,8 @@ ++CONFIG_IP6_NF_TARGET_MARK ++IMQ target support ++CONFIG_IP6_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.help iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.help +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.help Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.help Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,5 @@ ++Author: Patrick McHardy ++Status: Working ++ ++ This patch adds a new target 'IMQ' which is required ++ to direct packets through an imq device. +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.makefile iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.makefile +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.ipv6.makefile Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.ipv6.makefile Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o +diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.makefile iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.makefile +--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQ.patch.makefile Thu Jan 1 01:00:00 1970 ++++ iptables-1.2.6a-imq/patch-o-matic/extra/IMQ.patch.makefile Mon Apr 29 01:34:33 2002 +@@ -0,0 +1,2 @@ ++obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o diff --git a/net-firewall/iptables/files/iptables.confd b/net-firewall/iptables/files/iptables.confd new file mode 100644 index 000000000000..b09de80da5b1 --- /dev/null +++ b/net-firewall/iptables/files/iptables.confd @@ -0,0 +1,12 @@ + +# Location in which iptables initscript will save set rules on +# service shutdown +IPTABLES_SAVE="/var/lib/iptables/rules-save" + +# Change to "yes" to enable forwarding support in the kernel. Please +# note that this will override any setting placed in /etc/sysctl.conf. +ENABLE_FORWARDING_IPv4="no" +ENABLE_FORWARDING_IPv6="no" + +#Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init new file mode 100644 index 000000000000..673cd5a4347c --- /dev/null +++ b/net-firewall/iptables/files/iptables.init @@ -0,0 +1,80 @@ +#!/sbin/runscript +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or +# later +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.1 2003/03/11 21:50:24 mholzer Exp $ + +opts="start stop save" + +depend() { + need logger net +} + +start() { + ebegin "Loading iptables state and starting firewall" + # This variable is set in /etc/conf.d/iptables + if [ ! -f ${IPTABLES_SAVE} ] + then + einfo "Not starting iptables. First create some rules then run" + einfo "/etc/init.d/iptables save" + else + einfo "Restoring iptables ruleset" + /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} + + if [ "${ENABLE_FORWARDING_IPv4}" = "yes" ] ; then + einfo "Enabling forwarding for ipv4" + echo "1" > /proc/sys/net/ipv4/conf/all/forwarding + fi + + if [ "${ENABLE_FORWARDING_IPv6}" = "yes" ] ; then + einfo "Enabling forwarding for ipv6" + echo "1" > /proc/sys/net/ipv6/conf/all/forwarding + fi + fi + + eend $? +} + +stop() { + ebegin "Stopping firewall and saving iptables state" + # This way we don't forget to save changes + /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} + + # set sane defaults that disable forwarding + if [ -f /proc/sys/net/ipv4/conf/all/forwarding ] ; then + echo "0" > /proc/sys/net/ipv4/conf/all/forwarding + fi + + if [ -f /proc/sys/net/ipv6/conf/all/forwarding ] ; then + echo "0" > /proc/sys/net/ipv6/conf/all/forwarding + fi + + for a in `cat /proc/net/ip_tables_names`; do + iptables -F -t $a + iptables -X -t $a + + if [ $a == nat ]; then + iptables -t nat -P PREROUTING ACCEPT + iptables -t nat -P POSTROUTING ACCEPT + iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + iptables -t mangle -P PREROUTING ACCEPT + iptables -t mangle -P INPUT ACCEPT + iptables -t mangle -P FORWARD ACCEPT + iptables -t mangle -P OUTPUT ACCEPT + iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + iptables -t filter -P INPUT ACCEPT + iptables -t filter -P FORWARD ACCEPT + iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +save() { + ebegin "Saving iptables state" + /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} + eend $? +} + diff --git a/net-firewall/iptables/iptables-1.2.7a-r3.ebuild b/net-firewall/iptables/iptables-1.2.7a-r3.ebuild new file mode 100644 index 000000000000..bd0ab543e6a5 --- /dev/null +++ b/net-firewall/iptables/iptables-1.2.7a-r3.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.7a-r3.ebuild,v 1.1 2003/03/11 21:50:24 mholzer Exp $ + +inherit eutils + +IUSE="" + +S=${WORKDIR}/${P} +DESCRIPTION="Kernel 2.4 firewall, NAT and packet mangling tools" +SRC_URI="http://www.iptables.org/files/${P}.tar.bz2" +HOMEPAGE="http://www.iptables.org/" + +SLOT="0" +KEYWORDS="x86 ppc alpha sparc hppa arm" +LICENSE="GPL-2" + +# iptables is dependent on kernel sources. Strange but true. +DEPEND="virtual/os-headers" + +src_unpack() { + unpack ${A} + cd ${S} + + epatch ${FILESDIR}/${PV}-files + # The folowing hack is needed because ${ARCH} is "sparc" and not "sparc64" + # and epatch uses ??_${ARCH}_foo.${EPATCH_SUFFIX} when reading from directories + [ "${PROFILE_ARCH}" = "sparc64" ] && epatch ${FILESDIR}/sparc64_limit_fix.patch.bz2 + [ "${ARCH}" = "hppa" ] && epatch ${FILESDIR}/iptables-1.2.7a-hppa.diff + + chmod +x extensions/.IMQ-test* + + cp Makefile Makefile.new + sed -e "s:-O2:${CFLAGS}:g" -e "s:/usr/local::g" Makefile.new > Makefile +} + +src_compile() { + # iptables and libraries are now installed to /sbin and /lib, so that + # systems with remote network-mounted /usr filesystems can get their + # network interfaces up and running correctly without /usr. + + make \ + LIBDIR=/lib \ + BINDIR=/sbin \ + MANDIR=/usr/share/man \ + INCDIR=/usr/include \ + KERNEL_DIR=/usr/src/linux \ + || die +} + +src_install() { +# dodir /usr/{lib,share/man/man8,sbin} + + make DESTDIR=${D} MANDIR=/usr/share/man install + + dodoc COPYING KNOWN_BUGS + dodir /var/lib/iptables ; keepdir /var/lib/iptables + exeinto /etc/init.d + newexe ${FILESDIR}/iptables.init iptables + insinto /etc/conf.d + newins ${FILESDIR}/iptables.confd iptables +} + +pkg_postinst() { + einfo "This package now includes an initscript which loads and saves" + einfo "rules stored in /var/lib/iptables/rules-save" + einfo "This location can be changed in /etc/conf.d/iptables" +} -- cgit v1.2.3-65-gdbad