aboutsummaryrefslogtreecommitdiffstats
path: root/testing/ipt-netflow-hardened
diff options
context:
space:
mode:
Diffstat (limited to 'testing/ipt-netflow-hardened')
-rw-r--r--testing/ipt-netflow-hardened/APKBUILD70
-rw-r--r--testing/ipt-netflow-hardened/kernel-4.6.patch63
2 files changed, 133 insertions, 0 deletions
diff --git a/testing/ipt-netflow-hardened/APKBUILD b/testing/ipt-netflow-hardened/APKBUILD
new file mode 100644
index 0000000000..54eecc6a59
--- /dev/null
+++ b/testing/ipt-netflow-hardened/APKBUILD
@@ -0,0 +1,70 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=hardened
+_kpkg=linux-$_flavor
+_kver=4.9.24
+_kpkgrel=1
+
+# when chaning _ver we *must* bump _mypkgrel
+_ver=2.2
+
+_mypkgrel=0
+
+# verify the kernel version before entering chroot
+if [ -f ../linux-${_flavor}/APKBUILD ]; then
+ . ../linux-${_flavor}/APKBUILD
+ pkgname=ipt-netflow-${_flavor}
+ [ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver"
+ [ "$_kpkgrel" != "$pkgrel" ] && die "please update _kpkgrel to $pkgrel"
+fi
+
+_kpkgver="$_kver-r$_kpkgrel"
+_abi_release=${_kver}-${_kpkgrel}-${_flavor}
+
+pkgname=ipt-netflow-${_flavor}
+pkgver=$_kver
+
+pkgrel=$(( $_kpkgrel + $_mypkgrel ))
+pkgdesc="Linux kernel netflow sensor module"
+url="http://ipt-netflow.sourceforge.net/"
+arch="x86 x86_64 armhf"
+license=GPL3+
+source="ipt-netflow-$_ver.tar.gz::https://github.com/aabc/ipt-netflow/archive/v$_ver.tar.gz
+ kernel-4.6.patch
+ "
+provides="ipt-netflow-grsec=${_kpkgver}"
+depends="$_kpkg-dev=$_kpkgver"
+makedepends="linux-${_flavor}-dev=$_kpkgver iptables-dev bash"
+install_if="$_kpkg=$_kpkgver ipt-netflow"
+
+_builddir="$srcdir"/ipt-netflow-$_ver
+prepare() {
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
+build() {
+ cd "$_builddir"
+ ./configure --kver=$_abi_release \
+ --ipt-inc=/usr/include/libiptc \
+ || return 1
+ make ipt_NETFLOW.ko || return 1
+}
+
+package() {
+ cd "$_builddir"
+ make -j1 minstall DEPMOD=: DESTDIR="$pkgdir" \
+ || return 1
+}
+
+# override dev() from kernel's APKBUILD
+dev() {
+ default_dev
+}
+
+sha512sums="e5d9039c079abfb2ef3656d96228616514ac57d87a9c71181f132ecac51e51407bcdc62aa6e1eb43d16f98be5b22d3801c58578317ea21aaa5433ed143daabe2 ipt-netflow-2.2.tar.gz
+96a250b87f8fb7d6240850dd0721aa0e1dcc7647b689abb15b07fb8758aea4338e5d169b3d0dca19e45279b38166d791cd0d412a9f4b44caf028cee2e782b72b kernel-4.6.patch"
diff --git a/testing/ipt-netflow-hardened/kernel-4.6.patch b/testing/ipt-netflow-hardened/kernel-4.6.patch
new file mode 100644
index 0000000000..79fba3c5bf
--- /dev/null
+++ b/testing/ipt-netflow-hardened/kernel-4.6.patch
@@ -0,0 +1,63 @@
+From c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214 Mon Sep 17 00:00:00 2001
+From: ABC <abc@telekom.ru>
+Date: Sun, 22 May 2016 22:07:14 +0300
+Subject: [PATCH] Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6).
+
+Thus, making support for 4.6 kernels.
+Reference to linux commit:
+ https://github.com/torvalds/linux/commit/3f1ac7a700d
+
+Fixes #56, thanks karel-un.
+---
+ ipt_NETFLOW.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 067fd50..d27eea2 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ {
+ struct ethtool_drvinfo info = { 0 };
+ const struct ethtool_ops *ops = dev->ethtool_ops;
++#ifndef ETHTOOL_GLINKSETTINGS
+ struct ethtool_cmd ecmd;
++#define _KSETTINGS(x, y) (x)
++#else
++ struct ethtool_link_ksettings ekmd;
++#define _KSETTINGS(x, y) (y)
++#endif
+ int len = size;
+ int n;
+
+@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ /* only get_settings for running devices to not trigger link negotiation */
+ if (dev->flags & IFF_UP &&
+ dev->flags & IFF_RUNNING &&
+- !__ethtool_get_settings(dev, &ecmd)) {
++ !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) {
+ char *s, *p;
+
+ /* append basic parameters: speed and port */
+- switch (ethtool_cmd_speed(&ecmd)) {
++ switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) {
+ case SPEED_10000: s = "10Gb"; break;
+ case SPEED_2500: s = "2.5Gb"; break;
+ case SPEED_1000: s = "1Gb"; break;
+@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ case SPEED_10: s = "10Mb"; break;
+ default: s = "";
+ }
+- switch (ecmd.port) {
++ switch (_KSETTINGS(ecmd.port, ekmd.base.port)) {
+ case PORT_TP: p = "tp"; break;
+ case PORT_AUI: p = "aui"; break;
+ case PORT_MII: p = "mii"; break;
+@@ -3964,6 +3970,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ ops->complete(dev);
+ return size - len;
+ }
++#undef _KSETTINGS
+
+ static const unsigned short netdev_type[] =
+ {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25,