mirror of https://github.com/hak5/openwrt-owl.git
Fix iptables abuse of kernel header files. Use exported headers instead.
[juhosg: export xt_layer7.h for all kernel versions] Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> SVN-Revision: 31566owl
parent
60db046ef2
commit
3349cf2691
|
@ -106,6 +106,7 @@ define Kernel/Configure/Default
|
||||||
$(call Kernel/SetInitramfs)
|
$(call Kernel/SetInitramfs)
|
||||||
-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
|
-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
|
||||||
rm -rf $(KERNEL_BUILD_DIR)/modules
|
rm -rf $(KERNEL_BUILD_DIR)/modules
|
||||||
|
$(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
|
||||||
$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
|
$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
|
|
@ -343,26 +343,26 @@ endef
|
||||||
|
|
||||||
TARGET_CPPFLAGS := \
|
TARGET_CPPFLAGS := \
|
||||||
-I$(PKG_BUILD_DIR)/include \
|
-I$(PKG_BUILD_DIR)/include \
|
||||||
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
|
-I$(LINUX_DIR)/user_headers/include \
|
||||||
$(TARGET_CPPFLAGS)
|
$(TARGET_CPPFLAGS)
|
||||||
|
|
||||||
TARGET_CFLAGS += \
|
TARGET_CFLAGS += \
|
||||||
-I$(PKG_BUILD_DIR)/include \
|
-I$(PKG_BUILD_DIR)/include \
|
||||||
-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
|
-I$(LINUX_DIR)/user_headers/include
|
||||||
|
|
||||||
CONFIGURE_ARGS += \
|
CONFIGURE_ARGS += \
|
||||||
--enable-shared \
|
--enable-shared \
|
||||||
--enable-devel \
|
--enable-devel \
|
||||||
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
|
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
|
||||||
--enable-libipq \
|
--enable-libipq \
|
||||||
--with-kernel="$(LINUX_DIR)" \
|
--with-kernel="$(LINUX_DIR)/user_headers" \
|
||||||
--with-xtlibdir=/usr/lib/iptables \
|
--with-xtlibdir=/usr/lib/iptables \
|
||||||
--enable-static
|
--enable-static
|
||||||
|
|
||||||
MAKE_FLAGS := \
|
MAKE_FLAGS := \
|
||||||
$(TARGET_CONFIGURE_OPTS) \
|
$(TARGET_CONFIGURE_OPTS) \
|
||||||
COPT_FLAGS="$(TARGET_CFLAGS)" \
|
COPT_FLAGS="$(TARGET_CFLAGS)" \
|
||||||
KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
|
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
|
||||||
KBUILD_OUTPUT="$(LINUX_DIR)" \
|
KBUILD_OUTPUT="$(LINUX_DIR)" \
|
||||||
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
|
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
|
||||||
|
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+
|
+
|
||||||
+module_init(xt_layer7_init);
|
+module_init(xt_layer7_init);
|
||||||
+module_exit(xt_layer7_fini);
|
+module_exit(xt_layer7_fini);
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
|
@ -2130,3 +2130,13 @@
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#endif /* _XT_LAYER7_H */
|
+#endif /* _XT_LAYER7_H */
|
||||||
|
--- a/include/linux/netfilter/Kbuild
|
||||||
|
+++ b/include/linux/netfilter/Kbuild
|
||||||
|
@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h
|
||||||
|
header-y += xt_helper.h
|
||||||
|
header-y += xt_iprange.h
|
||||||
|
header-y += xt_ipvs.h
|
||||||
|
+header-y += xt_layer7.h
|
||||||
|
header-y += xt_length.h
|
||||||
|
header-y += xt_limit.h
|
||||||
|
header-y += xt_mac.h
|
||||||
|
|
Loading…
Reference in New Issue