From f190b5f2264fd7d340039dceb51ee2f95748a491 Mon Sep 17 00:00:00 2001 From: c0bw3b Date: Thu, 29 Nov 2018 22:44:29 +0100 Subject: iptables: 1.6.2 -> 1.8.2 + enabled BPF compiler by default since it is the future Changelog 1.8.0: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.0.txt Changelog 1.8.1: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.1.txt Changelog 1.8.2: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.2.txt --- pkgs/os-specific/linux/iptables/default.nix | 35 +++++++++++++++++----- .../linux/iptables/netinet-headers-collision.patch | 11 +++++++ 2 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 pkgs/os-specific/linux/iptables/netinet-headers-collision.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix index 84493421481..8f98391021f 100644 --- a/pkgs/os-specific/linux/iptables/default.nix +++ b/pkgs/os-specific/linux/iptables/default.nix @@ -1,18 +1,38 @@ -{ stdenv, fetchurl, bison, flex, pkgconfig -, libnetfilter_conntrack, libnftnl, libmnl }: +{ stdenv, fetchurl, fetchpatch, bison, flex, pkgconfig +, libnetfilter_conntrack, libnftnl, libmnl, libpcap }: stdenv.mkDerivation rec { name = "iptables-${version}"; - version = "1.6.2"; + version = "1.8.2"; src = fetchurl { url = "https://www.netfilter.org/projects/iptables/files/${name}.tar.bz2"; - sha256 = "0crp0lvh5m2f15pr8cw97h8yb8zjj10x95zj06j46cr68vx2vl2m"; + sha256 = "1bqj9hf3szy9r0w14iy23w00ir8448nfhpcprbwmcchsxm88nxx3"; }; + patches = [ + # Adds missing bits to extensions' libipt_icmp.c and libip6t_icmp6.c that were causing build to fail + (fetchpatch { + url = "https://git.netfilter.org/iptables/patch/?id=907e429d7548157016cd51aba4adc5d0c7d9f816"; + sha256 = "0vc7ljcglz5152lc3jx4p44vjfi6ipvxdrgkdb5dmkhlb5v93i2h"; + }) + # Build with musl libc fails because of conflicting struct ethhdr definitions + (fetchpatch { + url = "https://git.netfilter.org/iptables/patch/?id=51d374ba41ae4f1bb851228c06b030b83dd2092f"; + sha256 = "05fwrq03f9sm0v2bfwshbrg7pi2p978w1460arnmpay3135gj266"; + }) + # extensions: libip6t_mh: fix bogus translation error + (fetchpatch { + url = "https://git.netfilter.org/iptables/patch/?id=5839d7fe62ff667af7132fc7d589b386951f27b3"; + sha256 = "0578jn1ip710z9kijwg9g2vjq2kfrbafl03m1rgi4fasz215gvkf"; + }) + # Prevent headers collisions between linux and netfilter (in.h and in6.h) + (./netinet-headers-collision.patch) + ]; + nativeBuildInputs = [ bison flex pkgconfig ]; - buildInputs = [ libnetfilter_conntrack libnftnl libmnl ]; + buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ]; preConfigure = '' export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl" @@ -21,17 +41,18 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-devel" "--enable-shared" + "--enable-bpf-compiler" ]; outputs = [ "out" "dev" ]; meta = with stdenv.lib; { description = "A program to configure the Linux IP packet filtering ruleset"; - homepage = http://www.netfilter.org/projects/iptables/index.html; + homepage = https://www.netfilter.org/projects/iptables/index.html; platforms = platforms.linux; maintainers = with maintainers; [ fpletz ]; license = licenses.gpl2; - downloadPage = "http://www.netfilter.org/projects/iptables/files/"; + downloadPage = "https://www.netfilter.org/projects/iptables/files/"; updateWalker = true; inherit version; }; diff --git a/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch b/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch new file mode 100644 index 00000000000..940ffa0c29c --- /dev/null +++ b/pkgs/os-specific/linux/iptables/netinet-headers-collision.patch @@ -0,0 +1,11 @@ +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -3,7 +3,9 @@ + + #include + ++#ifndef _NETINET_IN_H + #include + #include ++#endif + #include -- cgit 1.4.1