[tor-commits] [orbot/master] add patches for iptables/xtables building on Android

n8fr8 at torproject.org n8fr8 at torproject.org
Mon Dec 30 03:15:21 UTC 2013


commit ca28aded12d81c80817435701158c617faae09ad
Author: Nathan Freitas <nathan at freitas.net>
Date:   Sat Dec 28 09:21:13 2013 -0500

    add patches for iptables/xtables building on Android
---
 external/iptables-patch-1 |   39 +++++++++++++++++++++++++++++++++++++++
 external/iptables-patch-2 |   26 ++++++++++++++++++++++++++
 external/iptables-patch-3 |   30 ++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/external/iptables-patch-1 b/external/iptables-patch-1
new file mode 100644
index 0000000..a2657a5
--- /dev/null
+++ b/external/iptables-patch-1
@@ -0,0 +1,39 @@
+Bionic defines socklen_t as a signed int, so redefining it as unsigned
+breaks the build.
+
+This change comes from AOSP.
+
+Signed-off-by: Kevin Cernekee <cernekee at xxxxxxxxx>
+---
+ libiptc/libip4tc.c |    2 +-
+ libiptc/libip6tc.c |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
+index dd59951..2b029d4 100644
+--- a/libiptc/libip4tc.c
++++ b/libiptc/libip4tc.c
+@@ -22,7 +22,7 @@
+ #define inline
+ #endif
+ 
+-#if !defined(__GLIBC__) || (__GLIBC__ < 2)
++#if !defined(__ANDROID__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
+ typedef unsigned int socklen_t;
+ #endif
+ 
+diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
+index ca01bcb..4e47e69 100644
+--- a/libiptc/libip6tc.c
++++ b/libiptc/libip6tc.c
+@@ -23,7 +23,7 @@
+ #define inline
+ #endif
+ 
+-#if !defined(__GLIBC__) || (__GLIBC__ < 2)
++#if !defined(__ANDROID__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
+ typedef unsigned int socklen_t;
+ #endif
+ 
+-- 
+1.7.9.5
diff --git a/external/iptables-patch-2 b/external/iptables-patch-2
new file mode 100644
index 0000000..c740da0
--- /dev/null
+++ b/external/iptables-patch-2
@@ -0,0 +1,26 @@
+<netinet/ip.h> and <linux/ip.h> redefine a couple of structs, including
+iphdr.  Handle this the same way as on glibc, i.e. don't include
+<linux/ip.h>.
+
+This change comes from AOSP.
+
+Signed-off-by: Kevin Cernekee <cernekee at xxxxxxxxx>
+---
+ include/libiptc/ipt_kernel_headers.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h
+index 18861fe..60c7998 100644
+--- a/include/libiptc/ipt_kernel_headers.h
++++ b/include/libiptc/ipt_kernel_headers.h
+@@ -5,7 +5,7 @@
+ 
+ #include <limits.h>
+ 
+-#if defined(__GLIBC__) && __GLIBC__ == 2
++#if defined(__ANDROID__) || (defined(__GLIBC__) && __GLIBC__ == 2)
+ #include <netinet/ip.h>
+ #include <netinet/in.h>
+ #include <netinet/ip_icmp.h>
+-- 
+1.7.9.5
diff --git a/external/iptables-patch-3 b/external/iptables-patch-3
new file mode 100644
index 0000000..b5517b3
--- /dev/null
+++ b/external/iptables-patch-3
@@ -0,0 +1,30 @@
+Bionic's <netinet/tcp.h> is missing constants needed to build this module,
+so have autoconf check for this condition before trying to build it.
+
+Signed-off-by: Kevin Cernekee <cernekee at xxxxxxxxx>
+---
+ configure.ac |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 76d0b37..53a9ded 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -91,6 +91,14 @@ if test "$nfconntrack" -ne 1; then
+ 	echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+ fi;
+ 
++AC_CHECK_DECL([TCPOPT_WINDOW], [tcpopt_ok=1], [tcpopt_ok=0],
++	[[#include <netinet/tcp.h>]])
++
++if test "$tcpopt_ok" -ne 1; then
++	blacklist_modules="$blacklist_modules TCPOPTSTRIP";
++	echo "WARNING: TCPOPT_* constants not found, TCPOPTSTRIP target will not be built";
++fi;
++
+ AC_SUBST([blacklist_modules])
+ AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
+ 
+-- 
+1.7.9.5
+





More information about the tor-commits mailing list