Skip to content
Snippets Groups Projects
Verified Commit 1190f972 authored by Karel Koci's avatar Karel Koci :metal: Committed by Josef Schlehofer
Browse files

patches/packages: drop invalid patch 

This patch should have been clearly in openwrt repository not in
packages feed.
Everything seems to work even without it so I think that we can drop
it safely. I am not even sure if it applies two year after its creation.
parent a3a00f2a
Branches
Tags
2 merge requests!377Turris OS 5.2 (HBK),!265patches/packages: drop invalid patch
Pipeline #74962 passed with stage
Stage:
    in 3 minutes and 58 seconds
    Hide whitespace changes
    Inline Side-by-side
    patches/packages/to-upstream/0001-firewall-accept-and-drop-chains-added-option-to-set-.patch deleted 100644 → 0
    + 0
    245
    View file @ a3a00f2a
    From 5d4b0f972af5ed68f40d5c2ffc52b606b0a49436 Mon Sep 17 00:00:00 2001
    From: Stepan Henek <stepan.henek@nic.cz>
    Date: Tue, 12 Jun 2018 14:36:58 +0200
    Subject: [PATCH 01/12] firewall: accept and drop chains added + option to set
    uci config directory added
    ---
    .../01-accept-and-reject-chains-added.patch | 160 ++++++++++++++++++
    .../02-uci_config_dir-option-added.patch | 57 +++++++
    2 files changed, 217 insertions(+)
    create mode 100644 package/network/config/firewall/patches/01-accept-and-reject-chains-added.patch
    create mode 100644 package/network/config/firewall/patches/02-uci_config_dir-option-added.patch
    diff --git a/package/network/config/firewall/patches/01-accept-and-reject-chains-added.patch b/package/network/config/firewall/patches/01-accept-and-reject-chains-added.patch
    new file mode 100644
    index 0000000..1a3970b
    --- /dev/null
    +++ b/package/network/config/firewall/patches/01-accept-and-reject-chains-added.patch
    @@ -0,0 +1,160 @@
    +diff --git a/defaults.c b/defaults.c
    +index 11fbf0d..d252301 100644
    +--- a/defaults.c
    ++++ b/defaults.c
    +@@ -24,6 +24,8 @@
    +
    + static const struct fw3_chain_spec default_chains[] = {
    + C(ANY, FILTER, UNSPEC, "reject"),
    ++ C(ANY, FILTER, UNSPEC, "accept"),
    ++ C(ANY, FILTER, UNSPEC, "drop"),
    + C(ANY, FILTER, CUSTOM_CHAINS, "input_rule"),
    + C(ANY, FILTER, CUSTOM_CHAINS, "output_rule"),
    + C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
    +@@ -286,6 +288,14 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
    + fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach");
    + fw3_ipt_rule_append(r, "reject");
    +
    ++ r = fw3_ipt_rule_new(handle);
    ++ fw3_ipt_rule_target(r, "ACCEPT");
    ++ fw3_ipt_rule_append(r, "accept");
    ++
    ++ r = fw3_ipt_rule_new(handle);
    ++ fw3_ipt_rule_target(r, "DROP");
    ++ fw3_ipt_rule_append(r, "drop");
    ++
    + break;
    +
    + case FW3_TABLE_NAT:
    +@@ -308,48 +318,47 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
    + }
    + }
    +
    ++static inline void prepare_tails(struct fw3_ipt_handle *handle,
    ++ const char* base_chain_name, enum fw3_flag target_flag) {
    ++ char *target_chain_name = NULL;
    ++
    ++ switch (target_flag) {
    ++ case FW3_FLAG_REJECT:
    ++ target_chain_name = "reject";
    ++ break;
    ++ case FW3_FLAG_DROP:
    ++ target_chain_name = "drop";
    ++ break;
    ++ case FW3_FLAG_ACCEPT:
    ++ target_chain_name = "accept";
    ++ break;
    ++ default:
    ++ return;
    ++ }
    ++
    ++ struct fw3_ipt_rule *r;
    ++ r = fw3_ipt_rule_new(handle);
    ++
    ++ if (!r)
    ++ return;
    ++
    ++ fw3_ipt_rule_target(r, target_chain_name);
    ++ fw3_ipt_rule_append(r, base_chain_name);
    ++
    ++}
    ++
    + void
    + fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
    + struct fw3_state *state, bool reload)
    + {
    + struct fw3_defaults *defs = &state->defaults;
    +- struct fw3_ipt_rule *r;
    +
    + if (handle->table != FW3_TABLE_FILTER)
    + return;
    +
    +- if (defs->policy_input == FW3_FLAG_REJECT)
    +- {
    +- r = fw3_ipt_rule_new(handle);
    +-
    +- if (!r)
    +- return;
    +-
    +- fw3_ipt_rule_target(r, "reject");
    +- fw3_ipt_rule_append(r, "INPUT");
    +- }
    +-
    +- if (defs->policy_output == FW3_FLAG_REJECT)
    +- {
    +- r = fw3_ipt_rule_new(handle);
    +-
    +- if (!r)
    +- return;
    +-
    +- fw3_ipt_rule_target(r, "reject");
    +- fw3_ipt_rule_append(r, "OUTPUT");
    +- }
    +-
    +- if (defs->policy_forward == FW3_FLAG_REJECT)
    +- {
    +- r = fw3_ipt_rule_new(handle);
    +-
    +- if (!r)
    +- return;
    +-
    +- fw3_ipt_rule_target(r, "reject");
    +- fw3_ipt_rule_append(r, "FORWARD");
    +- }
    ++ prepare_tails(handle, "INPUT", defs->policy_input);
    ++ prepare_tails(handle, "OUTPUT", defs->policy_output);
    ++ prepare_tails(handle, "FORWARD", defs->policy_forward);
    + }
    +
    + static void
    +diff --git a/rules.c b/rules.c
    +index 5e1d5f3..a62aae4 100644
    +--- a/rules.c
    ++++ b/rules.c
    +@@ -377,10 +377,14 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
    + fw3_ipt_rule_target(r, "zone_%s_dest_%s", rule->dest.name, name);
    + else if (need_src_action_chain(rule))
    + fw3_ipt_rule_target(r, "zone_%s_src_%s", rule->src.name, name);
    +- else if (strcmp(name, "REJECT"))
    +- fw3_ipt_rule_target(r, name);
    +- else
    ++ else if (!strcmp(name, "REJECT"))
    + fw3_ipt_rule_target(r, "reject");
    ++ else if (!strcmp(name, "ACCEPT"))
    ++ fw3_ipt_rule_target(r, "accept");
    ++ else if (!strcmp(name, "DROP"))
    ++ fw3_ipt_rule_target(r, "drop");
    ++ else
    ++ fw3_ipt_rule_target(r, name);
    + }
    +
    + static void
    +diff --git a/zones.c b/zones.c
    +index 505ab20..47cf85b 100644
    +--- a/zones.c
    ++++ b/zones.c
    +@@ -421,7 +421,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
    + };
    +
    + #define jump_target(t) \
    +- ((t == FW3_FLAG_REJECT) ? "reject" : fw3_flag_names[t])
    ++ ((t == FW3_FLAG_DROP) ? "drop" : (t == FW3_FLAG_ACCEPT) ? "accept" : ((t == FW3_FLAG_REJECT) ? "reject" : fw3_flag_names[t]))
    +
    + if (handle->table == FW3_TABLE_FILTER)
    + {
    +@@ -637,13 +637,13 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
    + r = fw3_ipt_rule_new(handle);
    + fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
    + fw3_ipt_rule_comment(r, "Accept port redirections");
    +- fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
    ++ fw3_ipt_rule_target(r, jump_target(FW3_FLAG_ACCEPT));
    + fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
    +
    + r = fw3_ipt_rule_new(handle);
    + fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
    + fw3_ipt_rule_comment(r, "Accept port forwards");
    +- fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
    ++ fw3_ipt_rule_target(r, jump_target(FW3_FLAG_ACCEPT));
    + fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
    + }
    +
    diff --git a/package/network/config/firewall/patches/02-uci_config_dir-option-added.patch b/package/network/config/firewall/patches/02-uci_config_dir-option-added.patch
    new file mode 100644
    index 0000000..d157160
    --- /dev/null
    +++ b/package/network/config/firewall/patches/02-uci_config_dir-option-added.patch
    @@ -0,0 +1,57 @@
    +diff --git a/main.c b/main.c
    +index 1410fef..f2eaa5d 100644
    +--- a/main.c
    ++++ b/main.c
    +@@ -38,6 +38,7 @@ static enum fw3_family print_family = FW3_FAMILY_ANY;
    + static struct fw3_state *run_state = NULL;
    + static struct fw3_state *cfg_state = NULL;
    +
    ++static char *uci_config_dir = "/etc/config/";
    +
    + static bool
    + build_state(bool runtime)
    +@@ -51,6 +52,7 @@ build_state(bool runtime)
    + error("Out of memory");
    +
    + state->uci = uci_alloc_context();
    ++ uci_set_confdir(state->uci, uci_config_dir);
    +
    + if (!state->uci)
    + error("Out of memory");
    +@@ -508,11 +510,11 @@ lookup_zone(const char *zone, const char *device)
    + static int
    + usage(void)
    + {
    +- fprintf(stderr, "fw3 [-4] [-6] [-q] print\n");
    +- fprintf(stderr, "fw3 [-q] {start|stop|flush|reload|restart}\n");
    +- fprintf(stderr, "fw3 [-q] network {net}\n");
    +- fprintf(stderr, "fw3 [-q] device {dev}\n");
    +- fprintf(stderr, "fw3 [-q] zone {zone} [dev]\n");
    ++ fprintf(stderr, "fw3 [-u <uci_conf_dir>] [-4] [-6] [-q] print\n");
    ++ fprintf(stderr, "fw3 [-u <uci_conf_dir>] [-q] {start|stop|flush|reload|restart}\n");
    ++ fprintf(stderr, "fw3 [-u <uci_conf_dir>] [-q] network {net}\n");
    ++ fprintf(stderr, "fw3 [-u <uci_conf_dir>] [-q] device {dev}\n");
    ++ fprintf(stderr, "fw3 [-u <uci_conf_dir>] [-q] zone {zone} [dev]\n");
    +
    + return 1;
    + }
    +@@ -524,7 +526,7 @@ int main(int argc, char **argv)
    + enum fw3_family family = FW3_FAMILY_ANY;
    + struct fw3_defaults *defs = NULL;
    +
    +- while ((ch = getopt(argc, argv, "46dqh")) != -1)
    ++ while ((ch = getopt(argc, argv, "46dqu:h")) != -1)
    + {
    + switch (ch)
    + {
    +@@ -544,6 +546,10 @@ int main(int argc, char **argv)
    + if (freopen("/dev/null", "w", stderr)) {}
    + break;
    +
    ++ case 'u':
    ++ uci_config_dir = optarg;
    ++ break;
    ++
    + case 'h':
    + rv = usage();
    + goto out;
    --
    2.19.1
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment