xtables-addons: import from OpenWrt base

This commit moves xtables-addons from
https://github.com/openwrt/openwrt/tree/master/package/network/utils/xtables-addons
into the package feed repository to allow for dependencies on other feed
packages, such as Perl.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[fix commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

net/xtables-addons/Makefile

@@ -0,0 +1,148 @@
+#
+# Copyright (C) 2009-2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=xtables-addons
+PKG_VERSION:=2.14
+PKG_RELEASE:=1
+PKG_HASH:=d215a9a8b8e66aae04b982fa2e1228e8a71e7dfe42320df99e34e5000cbdf152
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@SF/xtables-addons
+PKG_BUILD_DEPENDS:=iptables
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_CHECK_FORMAT_SECURITY:=0
+
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_LICENSE:=GPL-2.0
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/xtables-addons
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Firewall
+  TITLE:=Extensions not distributed in the main Xtables
+  URL:=http://xtables-addons.sourceforge.net/
+endef
+
+# uses GNU configure
+
+CONFIGURE_ARGS+= \
+	--with-kbuild="$(LINUX_DIR)" \
+	--with-xtlibdir="/usr/lib/iptables" \
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(KERNEL_MAKE_FLAGS) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		DEPMOD="/bin/true" \
+		all
+endef
+
+define Build/Install
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		$(KERNEL_MAKE_FLAGS) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		DEPMOD="/bin/true" \
+		install
+endef
+
+# 1: extension/module suffix used in package name
+# 2: extension/module display name used in package title/description
+# 3: list of extensions to package
+# 4: list of modules to package
+# 5: module load priority
+# 6: module depends
+define BuildTemplate
+
+ ifneq ($(3),)
+  define Package/iptables-mod-$(1)
+    $$(call Package/xtables-addons)
+    CATEGORY:=Network
+    TITLE:=$(2) iptables extension
+    DEPENDS:=iptables $(if $(4),+kmod-ipt-$(1))
+  endef
+
+  define Package/iptables-mod-$(1)/install
+	$(INSTALL_DIR) $$(1)/usr/lib/iptables
+	for m in $(3); do \
+		$(CP) \
+			$(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so \
+			$$(1)/usr/lib/iptables/ ; \
+	done
+  endef
+
+  $$(eval $$(call BuildPackage,iptables-mod-$(1)))
+ endif
+
+ ifneq ($(4),)
+  define KernelPackage/ipt-$(1)
+    SUBMENU:=Netfilter Extensions
+    TITLE:=$(2) netfilter module
+    DEPENDS:=+kmod-ipt-core $(5)
+    FILES:=$(foreach mod,$(4),$(PKG_BUILD_DIR)/extensions/$(mod).$(LINUX_KMOD_SUFFIX))
+    AUTOLOAD:=$(call AutoProbe,$(notdir $(4)))
+  endef
+
+  $$(eval $$(call KernelPackage,ipt-$(1)))
+ endif
+
+endef
+
+
+define Package/iptaccount
+  $(call Package/xtables-addons)
+  CATEGORY:=Network
+  TITLE:=iptables-mod-account control utility
+  DEPENDS:=iptables +iptables-mod-account
+endef
+
+define Package/iptaccount/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/libxt_ACCOUNT_cl.so* \
+		$(1)/usr/lib/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/sbin/iptaccount \
+		$(1)/usr/sbin/
+endef
+
+
+#$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,PRIORITY,DEPENDS))
+
+$(eval $(call BuildTemplate,compat-xtables,API compatibilty layer,,compat_xtables,+IPV6:kmod-ip6tables))
+$(eval $(call BuildTemplate,nathelper-rtsp,RTSP Conntrack and NAT,,rtsp/nf_conntrack_rtsp rtsp/nf_nat_rtsp,+kmod-ipt-conntrack-extra +kmod-ipt-nat))
+
+$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit))
+$(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,))
+$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-compat-xtables +kmod-ipt-nat))
+$(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,))
+$(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,))
+$(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,))
+$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,))
+$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,))
+$(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,+kmod-ipt-conntrack-extra))
+$(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,))
+$(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,))
+$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-ipt-compat-xtables +kmod-crypto-hash))
+$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,+kmod-ipt-compat-xtables))
+
+$(eval $(call BuildPackage,iptaccount))

net/xtables-addons/patches/002-fix-kernel-version-detection.patch

@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
+ 
+ if test -n "$kbuilddir"; then
+ 	AC_MSG_CHECKING([kernel version that we will build against])
+-	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
++	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
+ 	save_IFS="$IFS"
+ 	IFS='.'
+ 	set x $krel

net/xtables-addons/patches/201-fix-lua-packetscript.patch

@@ -0,0 +1,127 @@
+--- a/extensions/LUA/xt_LUA_target.c
++++ b/extensions/LUA/xt_LUA_target.c
+@@ -19,7 +19,7 @@
+ #include <linux/kernel.h>
+ #include <linux/slab.h>
+ #include <linux/module.h>
+-#include <asm/uaccess.h>
++#include <linux/uaccess.h>
+ #include <net/ip.h>
+ #include <linux/netfilter/x_tables.h>
+ #include "xt_LUA.h"
+@@ -64,10 +64,10 @@ uint32_t  lua_state_refs[LUA_STATE_ARRAY
+  * XT_CONTINUE inside the *register_lua_packet_lib* function.
+  */
+ 
+-spinlock_t lock = SPIN_LOCK_UNLOCKED;
++DEFINE_SPINLOCK(lock);
+ 
+ static uint32_t 
+-lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
++lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
+ {
+ 	uint32_t  verdict;
+ 	lua_packet_segment *p;
+@@ -88,11 +88,11 @@ lua_tg(struct sk_buff *pskb, const struc
+ 	/* push the lua_packet_segment as a parameter */
+ 	p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
+ 	if (pskb->mac_header)
+-		p->start = pskb->mac_header;
++		p->start = skb_mac_header(pskb);
+ 	else if (pskb->network_header)
+-		p->start = pskb->network_header;
++		p->start = skb_network_header(pskb);
+ 	else if (pskb->transport_header)
+-		p->start = pskb->transport_header;
++		p->start = skb_transport_header(pskb);
+ 	p->offset = 0;
+ 	p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
+ 	p->changes = NULL;
+@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
+  * some workqueue initialization. So far this is done each time this function
+  * is called, subject to change.
+  */
+-static bool
++static int
+ lua_tg_checkentry(const struct xt_tgchk_param *par)
+ {
+ 	const struct xt_lua_tginfo *info = par->targinfo;
+ 
+ 	if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
+ 		lua_state_refs[info->state_id]++;
+-		return true;
++		return 0;
+ 	}
+-	return false;
++	return -EINVAL;
+ }
+ 
+ /*::*
+--- a/extensions/LUA/lua/llimits.h
++++ b/extensions/LUA/lua/llimits.h
+@@ -8,7 +8,6 @@
+ #define llimits_h
+ 
+ #include <stddef.h>
+-#include <limits.h>
+ 
+ #include "lua.h"
+ 
+--- a/extensions/LUA/lua/lapi.c
++++ b/extensions/LUA/lua/lapi.c
+@@ -4,9 +4,6 @@
+ ** See Copyright Notice in lua.h
+ */
+ 
+-#include <stdarg.h>
+-#include <math.h>
+-#include <assert.h>
+ #include <string.h>
+ 
+ #define lapi_c
+--- a/extensions/LUA/lua/ltable.c
++++ b/extensions/LUA/lua/ltable.c
+@@ -18,7 +18,6 @@
+ ** Hence even when the load factor reaches 100%, performance remains good.
+ */
+ 
+-#include <math.h>
+ #include <string.h>
+ 
+ #define ltable_c
+--- a/extensions/LUA/lua/luaconf.h
++++ b/extensions/LUA/lua/luaconf.h
+@@ -13,8 +13,12 @@
+ #if !defined(__KERNEL__)
+ #include <limits.h>
+ #else
++#include <linux/kernel.h>
++
++#undef UCHAR_MAX
++#undef BUFSIZ
++#undef NO_FPU
+ #define UCHAR_MAX	255
+-#define SHRT_MAX        32767
+ #define BUFSIZ 		8192
+ #define NO_FPU
+ #endif
+@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
+ */
+ #if defined(__KERNEL__)
+ #undef LUA_USE_ULONGJMP
++#define setjmp __builtin_setjmp
++#define longjmp __builtin_longjmp
+ #endif
+ 
+ #if defined(__cplusplus)
+--- a/extensions/LUA/lua/llex.h
++++ b/extensions/LUA/lua/llex.h
+@@ -10,6 +10,8 @@
+ #include "lobject.h"
+ #include "lzio.h"
+ 
++/* prevent conflict with definition from asm/current.h */
++#undef current
+ 
+ #define FIRST_RESERVED	257
+ 

net/xtables-addons/patches/300-geoip-endian-detection.patch

@@ -0,0 +1,18 @@
+--- a/extensions/libxt_geoip.c
++++ b/extensions/libxt_geoip.c
+@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
+ 
+ 	/* Use simple integer vector files */
+ 	if (nfproto == NFPROTO_IPV6) {
+-#if __BYTE_ORDER == _BIG_ENDIAN
++#if BYTE_ORDER == BIG_ENDIAN
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
+ #else
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
+ #endif
+ 	} else {
+-#if __BYTE_ORDER == _BIG_ENDIAN
++#if BYTE_ORDER == BIG_ENDIAN
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
+ #else
+ 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);