ipset-6.15+
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=17
This commit is contained in:
parent
086b5d2ffd
commit
25a80326cc
106
0001-build-Linux-3.7-netlink-fun.patch
Normal file
106
0001-build-Linux-3.7-netlink-fun.patch
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
From fbd99092352fb0fac406da55b2ca08ba414823d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: Wed, 21 Nov 2012 23:47:16 +0100
|
||||||
|
Subject: [PATCH] build: Linux 3.7 netlink fun
|
||||||
|
|
||||||
|
---
|
||||||
|
kernel/net/netfilter/ipset/ip_set_core.c | 20 ++++++++++----------
|
||||||
|
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
|
||||||
|
index 01af069..1a1f29c 100644
|
||||||
|
--- a/kernel/net/netfilter/ipset/ip_set_core.c
|
||||||
|
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
|
||||||
|
@@ -1105,7 +1105,7 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
|
||||||
|
ip_set_id_t index = IPSET_INVALID_ID, max;
|
||||||
|
struct ip_set *set = NULL;
|
||||||
|
struct nlmsghdr *nlh = NULL;
|
||||||
|
- unsigned int flags = NETLINK_CB(cb->skb).pid ? NLM_F_MULTI : 0;
|
||||||
|
+ unsigned int flags = NETLINK_CB(cb->skb).portid ? NLM_F_MULTI : 0;
|
||||||
|
u32 dump_type, dump_flags;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
@@ -1153,7 +1153,7 @@ dump_last:
|
||||||
|
pr_debug("reference set\n");
|
||||||
|
__ip_set_get(index);
|
||||||
|
}
|
||||||
|
- nlh = start_msg(skb, NETLINK_CB(cb->skb).pid,
|
||||||
|
+ nlh = start_msg(skb, NETLINK_CB(cb->skb).portid,
|
||||||
|
cb->nlh->nlmsg_seq, flags,
|
||||||
|
IPSET_CMD_LIST);
|
||||||
|
if (!nlh) {
|
||||||
|
@@ -1296,7 +1296,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
|
||||||
|
skb2 = nlmsg_new(payload, GFP_KERNEL);
|
||||||
|
if (skb2 == NULL)
|
||||||
|
return -ENOMEM;
|
||||||
|
- rep = __nlmsg_put(skb2, NETLINK_CB(skb).pid,
|
||||||
|
+ rep = __nlmsg_put(skb2, NETLINK_CB(skb).portid,
|
||||||
|
nlh->nlmsg_seq, NLMSG_ERROR, payload, 0);
|
||||||
|
errmsg = nlmsg_data(rep);
|
||||||
|
errmsg->error = ret;
|
||||||
|
@@ -1311,7 +1311,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
|
||||||
|
|
||||||
|
*errline = lineno;
|
||||||
|
|
||||||
|
- netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
|
||||||
|
+ netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT);
|
||||||
|
/* Signal netlink not to send its ACK/errmsg. */
|
||||||
|
return -EINTR;
|
||||||
|
}
|
||||||
|
@@ -1486,7 +1486,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
if (skb2 == NULL)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0,
|
||||||
|
+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
|
||||||
|
IPSET_CMD_HEADER);
|
||||||
|
if (!nlh2)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
@@ -1498,7 +1498,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
goto nla_put_failure;
|
||||||
|
nlmsg_end(skb2, nlh2);
|
||||||
|
|
||||||
|
- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
|
||||||
|
+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
@@ -1546,7 +1546,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
if (skb2 == NULL)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0,
|
||||||
|
+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
|
||||||
|
IPSET_CMD_TYPE);
|
||||||
|
if (!nlh2)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
@@ -1559,7 +1559,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
nlmsg_end(skb2, nlh2);
|
||||||
|
|
||||||
|
pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len);
|
||||||
|
- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
|
||||||
|
+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
@@ -1595,7 +1595,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
if (skb2 == NULL)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0,
|
||||||
|
+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
|
||||||
|
IPSET_CMD_PROTOCOL);
|
||||||
|
if (!nlh2)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
@@ -1603,7 +1603,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
|
||||||
|
goto nla_put_failure;
|
||||||
|
nlmsg_end(skb2, nlh2);
|
||||||
|
|
||||||
|
- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
|
||||||
|
+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.10.4
|
||||||
|
|
29
0001-build-support-for-Linux-3.7-UAPI.patch
Normal file
29
0001-build-support-for-Linux-3.7-UAPI.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From a6addc5519c0de9bb939317086ca5b6b0df9039f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: Wed, 21 Nov 2012 23:39:37 +0100
|
||||||
|
Subject: [PATCH] build: support for Linux 3.7 UAPI
|
||||||
|
|
||||||
|
In Linux 3.7, nfnetlink.h moved below include/uapi/. Make configure
|
||||||
|
recognize that. Furthermore, we can drop the unnecessary indirection
|
||||||
|
via backticks and just ask grep directly if there was any result.
|
||||||
|
---
|
||||||
|
configure.ac | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 7a6aa33..dea392d 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -68,7 +68,8 @@ fi
|
||||||
|
|
||||||
|
AC_PROG_GREP
|
||||||
|
|
||||||
|
-if test "X`$GREP 'NFNL_SUBSYS_IPSET' $ksourcedir/include/linux/netfilter/nfnetlink.h`" = "X"
|
||||||
|
+if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \
|
||||||
|
+ ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h";
|
||||||
|
then
|
||||||
|
AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset])
|
||||||
|
fi
|
||||||
|
--
|
||||||
|
1.7.10.4
|
||||||
|
|
@ -8,6 +8,8 @@ Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de
|
|||||||
* Kernel part changes:
|
* Kernel part changes:
|
||||||
* Increase the number of maximal sets automatically as needed
|
* Increase the number of maximal sets automatically as needed
|
||||||
* Fix range bug in hash:ip,port,net
|
* Fix range bug in hash:ip,port,net
|
||||||
|
- Add 0001-build-support-for-Linux-3.7-UAPI.patch
|
||||||
|
- Add 0001-build-Linux-3.7-netlink-fun.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de
|
Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de
|
||||||
|
15
ipset.spec
15
ipset.spec
@ -31,8 +31,13 @@ Url: http://ipset.netfilter.org/
|
|||||||
Source: %name-%version.tar.xz
|
Source: %name-%version.tar.xz
|
||||||
Source3: %name-preamble
|
Source3: %name-preamble
|
||||||
Patch1: sles11.diff
|
Patch1: sles11.diff
|
||||||
|
Patch2: 0001-build-support-for-Linux-3.7-UAPI.patch
|
||||||
|
Patch3: 0001-build-Linux-3.7-netlink-fun.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake >= 1.11
|
||||||
|
BuildRequires: libtool >= 2
|
||||||
BuildRequires: pkgconfig >= 0.21
|
BuildRequires: pkgconfig >= 0.21
|
||||||
BuildRequires: xz
|
BuildRequires: xz
|
||||||
%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
|
%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
|
||||||
@ -47,7 +52,7 @@ BuildRequires: linux-glibc-devel >= 2.6.24
|
|||||||
BuildRequires: linux-kernel-headers >= 2.6.24
|
BuildRequires: linux-kernel-headers >= 2.6.24
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version}
|
%if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version}
|
||||||
#BuildRequires: kernel-headers >= 2.6.24
|
BuildRequires: kernel-headers >= 2.6.24
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?suse_version}
|
%if 0%{?suse_version}
|
||||||
# Make quilt happy
|
# Make quilt happy
|
||||||
@ -121,9 +126,15 @@ when matching an entry against a set.
|
|||||||
tar --use=xz -xf "%{S:0}";
|
tar --use=xz -xf "%{S:0}";
|
||||||
%setup -DTq
|
%setup -DTq
|
||||||
%endif
|
%endif
|
||||||
%patch -P 1 -p1
|
%patch -P 1 -P 2 -p1
|
||||||
|
%if "%_repository" == "Kernel_HEAD"
|
||||||
|
%patch -P 3 -p1
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
# patch2: force reconf
|
||||||
|
autoreconf -fi;
|
||||||
|
|
||||||
%if 0%{?with_kmp}
|
%if 0%{?with_kmp}
|
||||||
for flavor in %flavors_to_build; do
|
for flavor in %flavors_to_build; do
|
||||||
cp -a . "../%name-$flavor-%version";
|
cp -a . "../%name-$flavor-%version";
|
||||||
|
Loading…
Reference in New Issue
Block a user