From: juhosg Date: Wed, 30 Apr 2008 15:09:56 +0000 (+0000) Subject: [kernel] fix some netfilter extensions on 2.6.25 X-Git-Url: https://git.rohieb.name/openwrt.git/commitdiff_plain/a23828e5e3bff211228dbd122c90e72a56465ecd [kernel] fix some netfilter extensions on 2.6.25 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10991 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- diff --git a/target/linux/generic-2.6/patches-2.6.25/140-netfilter_time.patch b/target/linux/generic-2.6/patches-2.6.25/140-netfilter_time.patch index a77f04c24..e933bc601 100644 --- a/target/linux/generic-2.6/patches-2.6.25/140-netfilter_time.patch +++ b/target/linux/generic-2.6/patches-2.6.25/140-netfilter_time.patch @@ -122,7 +122,7 @@ Index: linux-2.6.23-rc6/net/ipv4/netfilter/ipt_time.c + + /* First, check that we are in the correct hooks */ + if (hook_mask -+ & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))) ++ & ~((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | (1 << NF_INET_LOCAL_OUT))) + { + printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n"); + return 0; diff --git a/target/linux/generic-2.6/patches-2.6.25/170-netfilter_chaostables_0.8.patch b/target/linux/generic-2.6/patches-2.6.25/170-netfilter_chaostables_0.8.patch index 38b50004e..a5c42fc64 100644 --- a/target/linux/generic-2.6/patches-2.6.25/170-netfilter_chaostables_0.8.patch +++ b/target/linux/generic-2.6/patches-2.6.25/170-netfilter_chaostables_0.8.patch @@ -271,7 +271,7 @@ Index: linux-2.6.24/net/netfilter/xt_CHAOS.c + + /* TARPIT/DELUDE may not be called from the OUTPUT chain */ + if (iph->protocol == IPPROTO_TCP && -+ info->variant != XTCHAOS_NORMAL && hooknum != NF_IP_LOCAL_OUT) ++ info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT) + xt_chaos_total(info, skb, in, out, hooknum); + + return NF_DROP; @@ -300,8 +300,8 @@ Index: linux-2.6.24/net/netfilter/xt_CHAOS.c + .name = "CHAOS", + .family = AF_INET, + .table = "filter", -+ .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | -+ (1 << NF_IP_LOCAL_OUT), ++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | ++ (1 << NF_INET_LOCAL_OUT), + .checkentry = chaos_tg_check, + .target = chaos_tg, + .targetsize = sizeof(struct xt_chaos_target_info), @@ -507,10 +507,10 @@ Index: linux-2.6.24/net/netfilter/xt_DELUDE.c + + addr_type = RTN_UNSPEC; +#ifdef CONFIG_BRIDGE_NETFILTER -+ if (hook != NF_IP_FORWARD || (nskb->nf_bridge != NULL && ++ if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && + nskb->nf_bridge->mask & BRNF_BRIDGED)) +#else -+ if (hook != NF_IP_FORWARD) ++ if (hook != NF_INET_FORWARD) +#endif + addr_type = RTN_LOCAL; + @@ -532,7 +532,7 @@ Index: linux-2.6.24/net/netfilter/xt_DELUDE.c + + nf_ct_attach(nskb, oldskb); + -+ NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, nskb, NULL, nskb->dst->dev, ++ NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, nskb, NULL, nskb->dst->dev, + dst_output); + return; + @@ -555,7 +555,7 @@ Index: linux-2.6.24/net/netfilter/xt_DELUDE.c + .name = "DELUDE", + .family = AF_INET, + .table = "filter", -+ .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD), ++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD), + .target = delude_tg, + .proto = IPPROTO_TCP, + .me = THIS_MODULE, diff --git a/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch b/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch index f5f5589ff..e08900a46 100644 --- a/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch +++ b/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch @@ -218,7 +218,7 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c + fl.nl_u.ip4_u.tos = RT_TOS(niph->tos) | RTO_CONN; + fl.oif = 0; + -+ if (ip_route_output_key(&nrt, &fl)) ++ if (ip_route_output_key(&init_net, &nrt, &fl)) + goto free_nskb; + + dst_release(nskb->dst); @@ -279,7 +279,7 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c + if (iph->frag_off & htons(IP_OFFSET)) + return NF_DROP; + -+ tarpit_tcp(skb, rt, hooknum == NF_IP_LOCAL_IN); ++ tarpit_tcp(skb, rt, hooknum == NF_INET_LOCAL_IN); + return NF_DROP; +} + @@ -289,11 +289,11 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c +{ + bool invalid; + -+ if (strcmp(tablename, "raw") == 0 && hook_mask == NF_IP_PRE_ROUTING) ++ if (strcmp(tablename, "raw") == 0 && hook_mask == NF_INET_PRE_ROUTING) + return true; + if (strcmp(tablename, "filter") != 0) + return false; -+ invalid = hook_mask & ~((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD)); ++ invalid = hook_mask & ~((1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD)); + return !invalid; +} + diff --git a/target/linux/generic-2.6/patches-2.6.25/190-netfilter_rtsp.patch b/target/linux/generic-2.6/patches-2.6.25/190-netfilter_rtsp.patch index 56d0b7df2..c5a3f6752 100644 --- a/target/linux/generic-2.6/patches-2.6.25/190-netfilter_rtsp.patch +++ b/target/linux/generic-2.6/patches-2.6.25/190-netfilter_rtsp.patch @@ -1340,7 +1340,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c + mr.range[0].flags = IP_NAT_RANGE_MAP_IPS; + mr.range[0].min_ip = mr.range[0].max_ip = newip; + -+ nf_nat_setup_info(ct, &mr.range[0], NF_IP_PRE_ROUTING); ++ nf_nat_setup_info(ct, &mr.range[0], NF_INET_PRE_ROUTING); +} + +