testing/ipt-netflow-hardened: rename from ipt-netflow-grsec, provide ipt-netflow-grsec

author: William Pitcock <nenolod@dereferenced.org> 2017-04-27 05:23:25 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2017-04-27 05:46:22 +0000
commit: 7916354f8c744e5bfdfefba74da6c8f8981cfd1f (patch)
tree: bb5828edb43a47e2e9e5dc07765d7bee6938e618 /testing/ipt-netflow-hardened
parent: e78c37459b6399ac066e30fff9bd49bfe7779d30 (diff)
download: aports-7916354f8c744e5bfdfefba74da6c8f8981cfd1f.tar.bz2
aports-7916354f8c744e5bfdfefba74da6c8f8981cfd1f.tar.xz
2 files changed, 133 insertions, 0 deletions
diff --git a/testing/ipt-netflow-hardened/APKBUILD b/testing/ipt-netflow-hardened/APKBUILD
new file mode 100644
index 0000000000..54eecc6a59
--- /dev/null
+++ b/testing/ipt-netflow-hardened/APKBUILD
@@ -0,0 +1,70 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=hardened
+_kpkg=linux-$_flavor
+_kver=4.9.24
+_kpkgrel=1
+
+# when chaning _ver we *must* bump _mypkgrel
+_ver=2.2
+
+_mypkgrel=0
+
+# verify the kernel version before entering chroot
+if [ -f ../linux-${_flavor}/APKBUILD ]; then
+	. ../linux-${_flavor}/APKBUILD
+	pkgname=ipt-netflow-${_flavor}
+	[ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver"
+	[ "$_kpkgrel" != "$pkgrel" ] && die "please update _kpkgrel to $pkgrel"
+fi
+
+_kpkgver="$_kver-r$_kpkgrel"
+_abi_release=${_kver}-${_kpkgrel}-${_flavor}
+
+pkgname=ipt-netflow-${_flavor}
+pkgver=$_kver
+
+pkgrel=$(( $_kpkgrel + $_mypkgrel ))
+pkgdesc="Linux kernel netflow sensor module"
+url="http://ipt-netflow.sourceforge.net/"
+arch="x86 x86_64 armhf"
+license=GPL3+
+source="ipt-netflow-$_ver.tar.gz::https://github.com/aabc/ipt-netflow/archive/v$_ver.tar.gz
+	kernel-4.6.patch
+	"
+provides="ipt-netflow-grsec=${_kpkgver}"
+depends="$_kpkg-dev=$_kpkgver"
+makedepends="linux-${_flavor}-dev=$_kpkgver iptables-dev bash"
+install_if="$_kpkg=$_kpkgver ipt-netflow"
+
+_builddir="$srcdir"/ipt-netflow-$_ver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+        cd "$_builddir"
+        ./configure --kver=$_abi_release \
+		--ipt-inc=/usr/include/libiptc \
+		|| return 1
+	make ipt_NETFLOW.ko || return 1
+}
+
+package() {
+        cd "$_builddir"
+        make -j1 minstall DEPMOD=: DESTDIR="$pkgdir" \
+		|| return 1
+}
+
+# override dev() from kernel's APKBUILD
+dev() {
+	default_dev
+}
+
+sha512sums="e5d9039c079abfb2ef3656d96228616514ac57d87a9c71181f132ecac51e51407bcdc62aa6e1eb43d16f98be5b22d3801c58578317ea21aaa5433ed143daabe2  ipt-netflow-2.2.tar.gz
+96a250b87f8fb7d6240850dd0721aa0e1dcc7647b689abb15b07fb8758aea4338e5d169b3d0dca19e45279b38166d791cd0d412a9f4b44caf028cee2e782b72b  kernel-4.6.patch"
diff --git a/testing/ipt-netflow-hardened/kernel-4.6.patch b/testing/ipt-netflow-hardened/kernel-4.6.patch
new file mode 100644
index 0000000000..79fba3c5bf
--- /dev/null
+++ b/testing/ipt-netflow-hardened/kernel-4.6.patch
@@ -0,0 +1,63 @@
+From c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214 Mon Sep 17 00:00:00 2001
+From: ABC <abc@telekom.ru>
+Date: Sun, 22 May 2016 22:07:14 +0300
+Subject: [PATCH] Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6).
+
+Thus, making support for 4.6 kernels.
+Reference to linux commit:
+  https://github.com/torvalds/linux/commit/3f1ac7a700d
+
+Fixes #56, thanks karel-un.
+---
+ ipt_NETFLOW.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 067fd50..d27eea2 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ {
+ 	struct ethtool_drvinfo info = { 0 };
+ 	const struct ethtool_ops *ops = dev->ethtool_ops;
++#ifndef ETHTOOL_GLINKSETTINGS
+ 	struct ethtool_cmd ecmd;
++#define _KSETTINGS(x, y) (x)
++#else
++	struct ethtool_link_ksettings ekmd;
++#define _KSETTINGS(x, y) (y)
++#endif
+ 	int len = size;
+ 	int n;
+ 
+@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ 	/* only get_settings for running devices to not trigger link negotiation */
+ 	if (dev->flags & IFF_UP &&
+ 	    dev->flags & IFF_RUNNING &&
+-	    !__ethtool_get_settings(dev, &ecmd)) {
++	    !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) {
+ 		char *s, *p;
+ 
+ 		/* append basic parameters: speed and port */
+-		switch (ethtool_cmd_speed(&ecmd)) {
++		switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) {
+ 		case SPEED_10000: s = "10Gb"; break;
+ 		case SPEED_2500:  s = "2.5Gb"; break;
+ 		case SPEED_1000:  s = "1Gb"; break;
+@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ 		case SPEED_10:    s = "10Mb"; break;
+ 		default:          s = "";
+ 		}
+-		switch (ecmd.port) {
++		switch (_KSETTINGS(ecmd.port, ekmd.base.port)) {
+ 		case PORT_TP:     p = "tp"; break;
+ 		case PORT_AUI:    p = "aui"; break;
+ 		case PORT_MII:    p = "mii"; break;
+@@ -3964,6 +3970,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ 		ops->complete(dev);
+ 	return size - len;
+ }
++#undef _KSETTINGS
+ 
+ static const unsigned short netdev_type[] =
+ {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25,
author	William Pitcock <nenolod@dereferenced.org>	2017-04-27 05:23:25 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2017-04-27 05:46:22 +0000
commit	7916354f8c744e5bfdfefba74da6c8f8981cfd1f (patch)
tree	bb5828edb43a47e2e9e5dc07765d7bee6938e618 /testing/ipt-netflow-hardened
parent	e78c37459b6399ac066e30fff9bd49bfe7779d30 (diff)
download	aports-7916354f8c744e5bfdfefba74da6c8f8981cfd1f.tar.bz2 aports-7916354f8c744e5bfdfefba74da6c8f8981cfd1f.tar.xz