summary refs log tree commit diff
path: root/pkgs/os-specific/linux/iptables
diff options
context:
space:
mode:
authorc0bw3b <c0bw3b@users.noreply.github.com>2018-11-29 22:44:29 +0100
committerc0bw3b <c0bw3b@users.noreply.github.com>2018-11-29 22:48:02 +0100
commitf190b5f2264fd7d340039dceb51ee2f95748a491 (patch)
treedd5cd32c0c98aadb894d45d5e10fc1613f741008 /pkgs/os-specific/linux/iptables
parent071eba26a486e1b86df157a0d5e5d460e740e13a (diff)
downloadnixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar.gz
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar.bz2
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar.lz
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar.xz
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.tar.zst
nixpkgs-f190b5f2264fd7d340039dceb51ee2f95748a491.zip
iptables: 1.6.2 -> 1.8.2
+ enabled BPF compiler by default since it is the future

Changelog 1.8.0:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.0.txt

Changelog 1.8.1:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.1.txt

Changelog 1.8.2:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.2.txt
Diffstat (limited to 'pkgs/os-specific/linux/iptables')
-rw-r--r--pkgs/os-specific/linux/iptables/default.nix35
-rw-r--r--pkgs/os-specific/linux/iptables/netinet-headers-collision.patch11
2 files changed, 39 insertions, 7 deletions
diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix
index 84493421481..8f98391021f 100644
--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@@ -1,18 +1,38 @@
-{ stdenv, fetchurl, bison, flex, pkgconfig
-, libnetfilter_conntrack, libnftnl, libmnl }:
+{ stdenv, fetchurl, fetchpatch, bison, flex, pkgconfig
+, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
 
 stdenv.mkDerivation rec {
   name = "iptables-${version}";
-  version = "1.6.2";
+  version = "1.8.2";
 
   src = fetchurl {
     url = "https://www.netfilter.org/projects/iptables/files/${name}.tar.bz2";
-    sha256 = "0crp0lvh5m2f15pr8cw97h8yb8zjj10x95zj06j46cr68vx2vl2m";
+    sha256 = "1bqj9hf3szy9r0w14iy23w00ir8448nfhpcprbwmcchsxm88nxx3";
   };
 
+  patches = [
+    # Adds missing bits to extensions' libipt_icmp.c and libip6t_icmp6.c that were causing build to fail
+    (fetchpatch {
+      url = "https://git.netfilter.org/iptables/patch/?id=907e429d7548157016cd51aba4adc5d0c7d9f816";
+      sha256 = "0vc7ljcglz5152lc3jx4p44vjfi6ipvxdrgkdb5dmkhlb5v93i2h";
+    })
+    # Build with musl libc fails because of conflicting struct ethhdr definitions
+    (fetchpatch {
+      url = "https://git.netfilter.org/iptables/patch/?id=51d374ba41ae4f1bb851228c06b030b83dd2092f";
+      sha256 = "05fwrq03f9sm0v2bfwshbrg7pi2p978w1460arnmpay3135gj266";
+    })
+    # extensions: libip6t_mh: fix bogus translation error
+    (fetchpatch {
+      url = "https://git.netfilter.org/iptables/patch/?id=5839d7fe62ff667af7132fc7d589b386951f27b3";
+      sha256 = "0578jn1ip710z9kijwg9g2vjq2kfrbafl03m1rgi4fasz215gvkf";
+    })
+    # Prevent headers collisions between linux and netfilter (in.h and in6.h)
+    (./netinet-headers-collision.patch)
+  ];
+
   nativeBuildInputs = [ bison flex pkgconfig ];
 
-  buildInputs = [ libnetfilter_conntrack libnftnl libmnl ];
+  buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
 
   preConfigure = ''
     export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
@@ -21,17 +41,18 @@ stdenv.mkDerivation rec {
   configureFlags = [
     "--enable-devel"
     "--enable-shared"
+    "--enable-bpf-compiler"
   ];
 
   outputs = [ "out" "dev" ];
 
   meta = with stdenv.lib; {
     description = "A program to configure the Linux IP packet filtering ruleset";
-    homepage = http://www.netfilter.org/projects/iptables/index.html;
+    homepage = https://www.netfilter.org/projects/iptables/index.html;
     platforms = platforms.linux;
     maintainers = with maintainers; [ fpletz ];
     license = licenses.gpl2;
-    downloadPage = "http://www.netfilter.org/projects/iptables/files/";
+    downloadPage = "https://www.netfilter.org/projects/iptables/files/";
     updateWalker = true;
     inherit version;
   };
diff --git a/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch b/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch
new file mode 100644
index 00000000000..940ffa0c29c
--- /dev/null
+++ b/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch
@@ -0,0 +1,11 @@
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -3,7 +3,9 @@
+ 
+ #include <linux/types.h>
+ 
++#ifndef _NETINET_IN_H
+ #include <linux/in.h>
+ #include <linux/in6.h>
++#endif
+ #include <limits.h>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-28 03:40:36 +0000