Fix iptables abuse of kernel header files. Use exported headers instead.

[juhosg: export xt_layer7.h for all kernel versions]

Signed-off-by: David Woodhouse <[email protected]>

SVN-Revision: 31566

include/kernel-defaults.mk

@@ -106,6 +106,7 @@ define Kernel/Configure/Default
 	$(call Kernel/SetInitramfs)
 	-$(_SINGLE)$(MAKE) $(KERNEL_MAKEOPTS) oldconfig prepare scripts
 	rm -rf $(KERNEL_BUILD_DIR)/modules
+	$(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
 	$(SH_FUNC) grep '=[ym]' $(LINUX_DIR)/.config | LC_ALL=C sort | md5s > $(LINUX_DIR)/.vermagic
 endef
 

package/iptables/Makefile

@@ -343,26 +343,26 @@ endef
 
 TARGET_CPPFLAGS := \
 	-I$(PKG_BUILD_DIR)/include \
-	-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
+	-I$(LINUX_DIR)/user_headers/include \
 	$(TARGET_CPPFLAGS)
 
 TARGET_CFLAGS += \
 	-I$(PKG_BUILD_DIR)/include \
-	-I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
+	-I$(LINUX_DIR)/user_headers/include
 
 CONFIGURE_ARGS += \
 	--enable-shared \
 	--enable-devel \
 	$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
 	--enable-libipq \
-	--with-kernel="$(LINUX_DIR)" \
+	--with-kernel="$(LINUX_DIR)/user_headers" \
 	--with-xtlibdir=/usr/lib/iptables \
 	--enable-static
 
 MAKE_FLAGS := \
 	$(TARGET_CONFIGURE_OPTS) \
 	COPT_FLAGS="$(TARGET_CFLAGS)" \
-	KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
+	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
 	KBUILD_OUTPUT="$(LINUX_DIR)" \
 	BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
 

target/linux/generic/patches-2.6.32/100-netfilter_layer7_2.21.patch

@@ -2130,3 +2130,13 @@
 +
 +module_init(xt_layer7_init);
 +module_exit(xt_layer7_fini);
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-2.6.37/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-2.6.38/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -40,6 +40,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-2.6.39/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-3.0/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-3.1/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-3.2/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -45,6 +45,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h

target/linux/generic/patches-3.3/600-netfilter_layer7_2.22.patch

@@ -2130,3 +2130,13 @@
 +};
 +
 +#endif /* _XT_LAYER7_H */
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -49,6 +49,7 @@ header-y += xt_hashlimit.h
+ header-y += xt_helper.h
+ header-y += xt_iprange.h
+ header-y += xt_ipvs.h
++header-y += xt_layer7.h
+ header-y += xt_length.h
+ header-y += xt_limit.h
+ header-y += xt_mac.h