Resend Patch
--- a/target/linux/generic/patches-3.10/600-netfilter_layer7_2.22.patch
+++ b/target/linux/generic/patches-3.10/600-netfilter_layer7_2.22.patch
@@ -1,33 +1,3 @@
---- a/net/netfilter/Kconfig
-+++ b/net/netfilter/Kconfig
-@@ -1203,6 +1203,27 @@ config NETFILTER_XT_MATCH_STATE
-
- To compile it as a module, choose M here. If unsure, say N.
-
-+config NETFILTER_XT_MATCH_LAYER7
-+ tristate '"layer7" match support'
-+ depends on NETFILTER_XTABLES
-+ depends on EXPERIMENTAL && (IP_NF_CONNTRACK || NF_CONNTRACK)
-+ depends on NETFILTER_ADVANCED
-+ help
-+ Say Y if you want to be able to classify connections (and their
-+ packets) based on regular expression matching of their application
-+ layer data. This is one way to classify applications such as
-+ peer-to-peer filesharing systems that do not always use the same
-+ port.
-+
-+ To compile it as a module, choose M here. If unsure, say N.
-+
-+config NETFILTER_XT_MATCH_LAYER7_DEBUG
-+ bool 'Layer 7 debugging output'
-+ depends on NETFILTER_XT_MATCH_LAYER7
-+ help
-+ Say Y to get lots of debugging output.
-+
-+
- config NETFILTER_XT_MATCH_STATISTIC
- tristate '"statistic" match support'
- depends on NETFILTER_ADVANCED
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -134,6 +134,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT)
--- a/target/linux/generic/patches-3.10/603-netfilter_layer7_2.6.36_fix.patch
+++ b/target/linux/generic/patches-3.10/603-netfilter_layer7_2.6.36_fix.patch
@@ -1,12 +1,11 @@
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
-@@ -1009,6 +1009,27 @@ config NETFILTER_XT_MATCH_IPVS
+@@ -1009,6 +1009,26 @@ config NETFILTER_XT_MATCH_IPVS
If unsure, say N.
+config NETFILTER_XT_MATCH_LAYER7
+ tristate '"layer7" match support'
-+ depends on EXPERIMENTAL
+ depends on NETFILTER_XTABLES
+ depends on NETFILTER_ADVANCED
+ depends on NF_CONNTRACK
@@ -28,34 +27,3 @@
config NETFILTER_XT_MATCH_LENGTH
tristate '"length" match support'
depends on NETFILTER_ADVANCED
-@@ -1203,26 +1224,11 @@ config NETFILTER_XT_MATCH_STATE
-
- To compile it as a module, choose M here. If unsure, say N.
-
--config NETFILTER_XT_MATCH_LAYER7
-- tristate '"layer7" match support'
-- depends on NETFILTER_XTABLES
-- depends on EXPERIMENTAL && (IP_NF_CONNTRACK || NF_CONNTRACK)
-- depends on NETFILTER_ADVANCED
-- help
-- Say Y if you want to be able to classify connections (and their
-- packets) based on regular expression matching of their application
-- layer data. This is one way to classify applications such as
-- peer-to-peer filesharing systems that do not always use the same
-- port.
--
-- To compile it as a module, choose M here. If unsure, say N.
--
- config NETFILTER_XT_MATCH_LAYER7_DEBUG
-- bool 'Layer 7 debugging output'
-- depends on NETFILTER_XT_MATCH_LAYER7
-- help
-- Say Y to get lots of debugging output.
--
-+ bool 'Layer 7 debugging output'
-+ depends on NETFILTER_XT_MATCH_LAYER7
-+ help
-+ Say Y to get lots of debugging output.
-
- config NETFILTER_XT_MATCH_STATISTIC
- tristate '"statistic" match support'
--- /dev/null
+++
b/target/linux/generic/patches-3.10/633-netfilter_layer7_3.10.x_procfs_fix.patch
@@ -0,0 +1,55 @@
+--- a/net/netfilter/xt_layer7.c
++++ b/net/netfilter/xt_layer7.c
+@@ -364,8 +364,8 @@
+ }
+
+ /* write out num_packets to userland. */
+-static int layer7_read_proc(char* page, char ** start, off_t off, int count,
+- int* eof, void * data)
++static ssize_t layer7_read_proc(struct file *filp, char __user *page,
++ size_t count, loff_t *data)
+ {
+ if(num_packets > 99 && net_ratelimit())
+ printk(KERN_ERR "layer7: NOT REACHED. num_packets too big\n");
+@@ -375,14 +375,12 @@
+ page[2] = '\n';
+ page[3] = '\0';
+
+- *eof=1;
+-
+ return 3;
+ }
+
+ /* Read in num_packets from userland */
+-static int layer7_write_proc(struct file* file, const char* buffer,
+- unsigned long count, void *data)
++static ssize_t layer7_write_proc(struct file *file, const char __user *buffer,
++ size_t count, loff_t *data)
+ {
+ char * foo = kmalloc(count, GFP_ATOMIC);
+
+@@ -661,12 +659,20 @@
+ }
+
+ /* register the proc file */
+-static void layer7_init_proc(void)
++static const struct file_operations layer7_fops = {
++ .owner = THIS_MODULE,
++ .read = layer7_read_proc,
++ .write = layer7_write_proc,
++};
++
++static int layer7_init_proc(void)
+ {
+ struct proc_dir_entry* entry;
+- entry = create_proc_entry("layer7_numpackets", 0644, init_net.proc_net);
+- entry->read_proc = layer7_read_proc;
+- entry->write_proc = layer7_write_proc;
++ entry = proc_create("layer7_numpackets", 0644,
init_net.proc_net, &layer7_fops);
++ if (entry == NULL) {
++ return -ENOMEM;
++ }
++ return 0;
+ }
+
+ static int __init xt_layer7_init(void)
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
