diff --git a/net/xtables-addons/Makefile b/net/xtables-addons/Makefile index f97b82c346ca31..5797dd40b43985 100644 --- a/net/xtables-addons/Makefile +++ b/net/xtables-addons/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=xtables-addons -PKG_VERSION:=3.27 -PKG_RELEASE:=3 -PKG_HASH:=e47ea8febe73c12ecab09d2c93578c5dc72d76f17fdf673397758f519cce6828 +PKG_VERSION:=3.30 +PKG_RELEASE:=1 +PKG_HASH:=d43400322980390180bef05eb6f798af49285987c217b7f1c6332da74920d9a4 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst PKG_SOURCE_URL:=https://inai.de/files/xtables-addons/ PKG_BUILD_DEPENDS:=iptables @@ -205,32 +205,29 @@ define KernelPackage/nf-nathelper-rtsp endef -#$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,DEPENDS)) - -$(eval $(call BuildTemplate,compat-xtables,API compatibility layer,,compat_xtables,+IPV6:kmod-ip6tables)) - -$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,+kmod-ipt-compat-xtables)) +# compat_xtables removed (module no longer exists in 3.30) +$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,)) $(eval $(call BuildTemplate,asn,asn,xt_asn,xt_asn,)) -$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit)) +$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-delude +kmod-ipt-tarpit)) $(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,)) -$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,+kmod-ipt-compat-xtables)) -$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,+kmod-ipt-compat-xtables)) -$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-compat-xtables +kmod-ipt-nat)) +$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,)) +$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,)) +$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-nat)) $(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,)) $(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,)) $(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,)) -$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,+kmod-ipt-compat-xtables)) -$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-ipt-compat-xtables +kmod-lib-textsearch)) +$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,)) +$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-lib-textsearch)) $(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,)) -$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,+kmod-ipt-compat-xtables)) -$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,+kmod-ipt-compat-xtables)) +$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,)) +$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,)) $(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,)) $(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,+kmod-ipt-conntrack-extra)) $(eval $(call BuildTemplate,proto,PROTO,xt_PROTO,xt_PROTO,)) $(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,)) $(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,)) -$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-ipt-compat-xtables +kmod-crypto-hash)) -$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,+kmod-ipt-compat-xtables)) +$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-crypto-hash)) +$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,)) $(eval $(call BuildPackage,iptaccount)) $(eval $(call BuildPackage,iptasn)) diff --git a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch index 11b13708249bc1..4b1088d5ae36b4 100644 --- a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch +++ b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch @@ -1737,7 +1737,7 @@ -include ${M}/Kbuild.* --- a/mconfig +++ b/mconfig -@@ -24,3 +24,4 @@ build_lscan=m +@@ -26,3 +26,4 @@ build_lscan=m build_pknock=m build_psd=m build_quota2=m diff --git a/net/xtables-addons/patches/200-add-lua-packetscript.patch b/net/xtables-addons/patches/200-add-lua-packetscript.patch index c49014e491813f..0a252b9d510ad6 100644 --- a/net/xtables-addons/patches/200-add-lua-packetscript.patch +++ b/net/xtables-addons/patches/200-add-lua-packetscript.patch @@ -1038,15 +1038,16 @@ +#endif /* CONTROLLER_H_ */ --- /dev/null +++ b/extensions/LUA/Kbuild -@@ -0,0 +1,51 @@ +@@ -0,0 +1,54 @@ +# -*- Makefile -*- + +# Adding debug options -+EXTRA_CFLAGS += -DDEBUG ++ccflags-y += -DDEBUG + +obj-m += xt_LUA.o + -+EXTRA_CFLAGS += -I$(src)/prot_buf_new ++ccflags-y += -I$(src)/prot_buf_new ++ +xt_LUA-y += xt_LUA_target.o \ + +xt_LUA-y += nf_lua.o \ @@ -1064,9 +1065,11 @@ + + +# Enable -+EXTRA_CFLAGS += -isystem $(shell $(CC) -print-file-name=include) -+# Adding Lua Support -+EXTRA_CFLAGS += -I$(src)/lua -I$(src)/lua/include ++ccflags-y += -I$(src)/prot_buf_new ++# Adding Lua Support (embedded Lua and libc shims) ++ccflags-y += -I$(src)/lua -I$(src)/lua/include ++ccflags-y += -isystem $(shell $(CC) -print-file-name=include) ++ +xt_LUA-y += lua/lapi.o \ + lua/lbaselib.o \ + lua/lcode.o \ @@ -18169,7 +18172,7 @@ +obj-${build_LUA} += LUA/ --- a/mconfig +++ b/mconfig -@@ -25,3 +25,4 @@ build_pknock=m +@@ -27,3 +27,4 @@ build_pknock=m build_psd=m build_quota2=m build_rtsp=m diff --git a/net/xtables-addons/patches/300-fix-path-Makefile.extra.patch b/net/xtables-addons/patches/300-fix-path-Makefile.extra.patch deleted file mode 100644 index 34791746c197cb..00000000000000 --- a/net/xtables-addons/patches/300-fix-path-Makefile.extra.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/extensions/ACCOUNT/Makefile.am -+++ b/extensions/ACCOUNT/Makefile.am -@@ -3,7 +3,7 @@ - AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions - AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS} - --include ${top_srcdir}/Makefile.extra -+include ../../Makefile.extra - - sbin_PROGRAMS = iptaccount - iptaccount_LDADD = libxt_ACCOUNT_cl.la diff --git a/net/xtables-addons/patches/600-xt_pknock-fox-do_div-signness-mismatch.patch b/net/xtables-addons/patches/600-xt_pknock-fox-do_div-signness-mismatch.patch new file mode 100644 index 00000000000000..7c98ba0ddf5465 --- /dev/null +++ b/net/xtables-addons/patches/600-xt_pknock-fox-do_div-signness-mismatch.patch @@ -0,0 +1,42 @@ +From 3c5c336fc0e47fea9baa912fc8d314ae9d1fa521 Mon Sep 17 00:00:00 2001 +From: Qingfang Deng +Date: Mon, 29 Dec 2025 07:26:07 +0100 +Subject: [PATCH] xt_pknock: fix do_div() signness mismatch + +do_div() expects an unsigned 64-bit dividend, but time64_t is signed. On +32-bit arch, this triggers a warnning: + +In file included from ./arch/arm/include/asm/div64.h:107, + from ./include/linux/math.h:6, + from ./include/linux/math64.h:6, + from ./include/linux/time.h:6, + from ./include/linux/stat.h:19, + from ./include/linux/module.h:13, + from ./xtables-addons-3.30/extensions/pknock/xt_pknock.c:10: +./xtables-addons-3.30/extensions/pknock/xt_pknock.c: In function 'has_secret': +./include/asm-generic/div64.h:222:35: warning: comparison of distinct pointer types lacks a cast [-Wcompare-distinct-pointer-types] + 222 | (void)(((typeof((n)) *)0) == ((uint64_t *)0)); \ + | ^~ +./xtables-addons-3.30/extensions/pknock/xt_pknock.c:747:17: note: in expansion of macro 'do_div' + 747 | do_div(t, 60); + | + +Change the type of variable `t` to uint64_t to fix this. + +Fixes: 397b282dba9a ("xt_pknock: use walltime for building hash") +Signed-off-by: Qingfang Deng +--- + extensions/pknock/xt_pknock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/extensions/pknock/xt_pknock.c ++++ b/extensions/pknock/xt_pknock.c +@@ -743,7 +743,7 @@ has_secret(const unsigned char *secret, + + /* Time needs to be in minutes relative to epoch. */ + { +- time64_t t = ktime_get_real_seconds(); ++ uint64_t t = ktime_get_real_seconds(); + do_div(t, 60); + epoch_min = t; + }