iptables: Fix build without kernel source

The layer7 filter header files were not installed into /usr/include and therefore we needed to keep the whole kernel source tree. This is just a waste of space and this patch fixes this. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2019-05-09 18:16:20 +01:00
parent 7c984de699
commit 3966b1e58f
2 changed files with 22 additions and 23 deletions
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -84,7 +84,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
-		--with-ksource=/usr/src/linux \
 		--libdir=/lib \
 		--includedir=/usr/include \
 		--enable-libipq \
--- a/src/patches/linux/linux-4.14-layer7.patch
+++ b/src/patches/linux/linux-4.14-layer7.patch
@@ -1,27 +1,8 @@
-diff --git a/include/linux/netfilter/xt_layer7.h b/include/linux/netfilter/xt_layer7.h
-new file mode 100644
-index 0000000..147cd64
--- /dev/null
-+++ b/include/linux/netfilter/xt_layer7.h
-@@ -0,0 +1,13 @@
-+#ifndef _XT_LAYER7_H
-+#define _XT_LAYER7_H
-+
-+#define MAX_PATTERN_LEN 8192
-+#define MAX_PROTOCOL_LEN 256
-+
-+struct xt_layer7_info {
-+    char protocol[MAX_PROTOCOL_LEN];
-+    char pattern[MAX_PATTERN_LEN];
-+    u_int8_t invert;
-+};
-+
-+#endif /* _XT_LAYER7_H */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index d448a48..868a876 100644
+index 3172e14..798b8c9 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
-@@ -693,6 +693,9 @@ struct sk_buff {
+@@ -700,6 +700,9 @@ struct sk_buff {
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 	unsigned long		 _nfct;
 #endif
@@ -59,6 +40,25 @@ index 792c3f6..f24a6ac 100644
 	/* Storage reserved for other modules, must be the last member */
 	union nf_conntrack_proto proto;
 };
+diff --git a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h
+new file mode 100644
+index 0000000..147cd64
+--- /dev/null
+++ b/include/uapi/linux/netfilter/xt_layer7.h
+@@ -0,0 +1,13 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H
+
+#define MAX_PATTERN_LEN 8192
+#define MAX_PROTOCOL_LEN 256
+
+struct xt_layer7_info {
+    char protocol[MAX_PROTOCOL_LEN];
+    char pattern[MAX_PATTERN_LEN];
+    u_int8_t invert;
+};
+
+#endif /* _XT_LAYER7_H */
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
 index e4a13cc..0b0f501 100644
 --- a/net/netfilter/Kconfig
@@ -103,7 +103,7 @@ index f78ed24..268b7e7 100644
 obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
 obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 0113039..871eaa2 100644
+index 06520bf..0109de4 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
@@ -427,6 +427,11 @@ destroy_conntrack(struct nf_conntrack *nfct)