diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-12-12 19:37:12 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-01-17 16:54:56 +0100 |
| commit | ac8c96e51b2568f61d6b685ef287b1db78cddd26 (patch) | |
| tree | 193b0fd9df52dbf36660ffc27e293970d118b6b9 /testing/scripts | |
| parent | 1a16b170bad39425fd35321441c04aefaefbc67a (diff) | |
| download | strongswan-ac8c96e51b2568f61d6b685ef287b1db78cddd26.tar.bz2 strongswan-ac8c96e51b2568f61d6b685ef287b1db78cddd26.tar.xz | |
Patch iptables for use with HA kernel patch (XFRM hooks)
Diffstat (limited to 'testing/scripts')
| -rw-r--r-- | testing/scripts/recipes/004_iptables.mk | 18 | ||||
| -rw-r--r-- | testing/scripts/recipes/patches/iptables-xfrm-hooks | 61 |
2 files changed, 75 insertions, 4 deletions
diff --git a/testing/scripts/recipes/004_iptables.mk b/testing/scripts/recipes/004_iptables.mk index 80765445d..51200201a 100644 --- a/testing/scripts/recipes/004_iptables.mk +++ b/testing/scripts/recipes/004_iptables.mk @@ -9,19 +9,29 @@ NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) CONFIG_OPTS = +PATCHES = \ + iptables-xfrm-hooks + all: install $(TAR): wget $(SRC) -$(PKG): $(TAR) +.$(PKG)-unpacked: $(TAR) tar xfj $(TAR) + @touch $@ + +.$(PKG)-patches-applied: .$(PKG)-unpacked + cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 + @touch $@ -configure: $(PKG) +.$(PKG)-configured: .$(PKG)-patches-applied cd $(PKG) && ./configure $(CONFIG_OPTS) + @touch $@ -build: configure +.$(PKG)-built: .$(PKG)-configured cd $(PKG) && make -j $(NUM_CPUS) + @touch $@ -install: build +install: .$(PKG)-built cd $(PKG) && make install diff --git a/testing/scripts/recipes/patches/iptables-xfrm-hooks b/testing/scripts/recipes/patches/iptables-xfrm-hooks new file mode 100644 index 000000000..baa4a65c1 --- /dev/null +++ b/testing/scripts/recipes/patches/iptables-xfrm-hooks @@ -0,0 +1,61 @@ +From 4553ba0130bb9f0aa266cc1e4c3288a52f34eed6 Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@revosec.ch> +Date: Wed, 7 Apr 2010 11:40:15 +0200 +Subject: [PATCH] Added XFRM hooks to iptables headers + +--- + include/linux/netfilter.h | 2 ++ + include/linux/netfilter_ipv4.h | 6 +++++- + include/linux/netfilter_ipv6.h | 6 +++++- + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index 2eb00b6..b692c67 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -35,6 +35,8 @@ enum nf_inet_hooks { + NF_INET_FORWARD, + NF_INET_LOCAL_OUT, + NF_INET_POST_ROUTING, ++ NF_INET_XFRM_IN, ++ NF_INET_XFRM_OUT, + NF_INET_NUMHOOKS + }; + +diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h +index 4d7ba3e..28d3ca9 100644 +--- a/include/linux/netfilter_ipv4.h ++++ b/include/linux/netfilter_ipv4.h +@@ -47,7 +47,11 @@ + #define NF_IP_LOCAL_OUT 3 + /* Packets about to hit the wire. */ + #define NF_IP_POST_ROUTING 4 +-#define NF_IP_NUMHOOKS 5 ++/* Packets going into XFRM input transformation. */ ++#define NF_IP_XFRM_IN 5 ++/* Packets going into XFRM output transformation. */ ++#define NF_IP_XFRM_OUT 6 ++#define NF_IP_NUMHOOKS 7 + + enum nf_ip_hook_priorities { + NF_IP_PRI_FIRST = INT_MIN, +diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h +index 7430b39..18590a5 100644 +--- a/include/linux/netfilter_ipv6.h ++++ b/include/linux/netfilter_ipv6.h +@@ -51,7 +51,11 @@ + #define NF_IP6_LOCAL_OUT 3 + /* Packets about to hit the wire. */ + #define NF_IP6_POST_ROUTING 4 +-#define NF_IP6_NUMHOOKS 5 ++/* Packets going into XFRM input transformation. */ ++#define NF_IP6_XFRM_IN 5 ++/* Packets going into XFRM output transformation. */ ++#define NF_IP6_XFRM_OUT 6 ++#define NF_IP6_NUMHOOKS 7 + + + enum nf_ip6_hook_priorities { +-- +1.6.3.3 + |