reinit the tree, so we can have metadata

5 files changed, 201 insertions, 0 deletions

diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-arm-ppc-getopt-help-fix.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-arm-ppc-getopt-help-fix.patch
new file mode 100644
index 000000000000..29801ceed31a
--- /dev/null
+++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-arm-ppc-getopt-help-fix.patch
@@ -0,0 +1,21 @@
+--- l7-filter-userspace-0.11/l7-filter.cpp.old	2010-07-12 10:43:58.485002456 +0100
++++ l7-filter-userspace-0.11/l7-filter.cpp	2010-07-12 11:14:38.825001868 +0100
+@@ -186,15 +186,11 @@
+   conffilename = ""; 
+   const char *opts = "f:q:vh?sb:dn:p:m:cz";
+ 
+-  int done = 0;
+-  while(!done)
++  int c;
++  while ((c = getopt (argc, argv, opts)) != -1)
+   {
+-    char c;
+-    switch(c = getopt(argc, argv, opts))
++    switch(c)
+     {
+-      case -1:
+-        done = 1;
+-        break;
+       case 'f':
+         conffilename = optarg;
+         break;
diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-datatype.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-datatype.patch
new file mode 100644
index 000000000000..eb49c595844b
--- /dev/null
+++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-datatype.patch
@@ -0,0 +1,11 @@
+--- l7-filter-userspace-0.11/l7-queue.cpp.orig	2008-09-27 10:51:01.000000000 +0400
++++ l7-filter-userspace-0.11/l7-queue.cpp	2011-11-05 03:11:08.595773935 +0400
+@@ -196,7 +196,7 @@
+   ifi = nfq_get_outdev(tb);
+   if(ifi) l7printf(4, "outdev = %d ", ifi);
+ 
+-  ret = nfq_get_payload(tb, &data);
++  ret = nfq_get_payload(tb, (unsigned char**)&data);
+   if(ret >= 0) l7printf(4, "payload_len = %d\n", ret);
+   
+   char ip_protocol = data[9];
diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch
new file mode 100644
index 000000000000..6cc941ddd1a6
--- /dev/null
+++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch
@@ -0,0 +1,104 @@
+diff -Naur l7-filter-userspace-0.11-orig/l7-conntrack.cpp l7-filter-userspace-0.11-ptch/l7-conntrack.cpp
+--- l7-filter-userspace-0.11-orig/l7-conntrack.cpp	2009-02-26 21:40:28.000000000 +0000
++++ l7-filter-userspace-0.11-ptch/l7-conntrack.cpp	2009-10-19 17:40:42.000000000 +0000
+@@ -121,25 +121,10 @@
+   return (char *)buffer;
+ }
+ 
+-static int sprintf_conntrack_key(char *buf, struct nfct_conntrack *ct, 
+-                          unsigned int flags) 
+-{
+-  int size = 0;
+-
+-  size += nfct_sprintf_protocol(buf, ct);
+-  size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
+-  size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
+-
+-  /* Delete the last blank space */
+-  buf[size-1] = '\0';
+-
+-  return size;
+-}
+-
+-static string make_key(nfct_conntrack* ct, int flags)
++static string make_key(nfct_conntrack* ct, int flags, int type)
+ {
+   char key[512];
+-  int keysize = sprintf_conntrack_key(key, ct, flags);
++  int keysize = nfct_snprintf(key, sizeof(key), (const nf_conntrack *)ct, type, NFCT_O_DEFAULT, flags);
+   if(keysize >= 512){
+     cerr << "Yike! Overflowed key!\n";
+     exit(1);
+@@ -148,28 +133,28 @@
+   return key;
+ }
+ 
+-static int l7_handle_conntrack_event(void *arg, unsigned int flags, int type, 
++static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, struct nf_conntrack* arg,
+ 					void *data)
+ {
+   l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data;
+ 
+   nfct_conntrack* ct = (nfct_conntrack*)arg;
++  u_int8_t protonum = *(u_int8_t *)nfct_get_attr((const nf_conntrack *)ct, ATTR_ORIG_L4PROTO);
+ 
+   // I don't think there is any demand for ICMP. These are enough work for now.
+-  if(ct->tuple[0].protonum != IPPROTO_TCP && 
+-     ct->tuple[0].protonum != IPPROTO_UDP) return 0;
++  if(protonum != IPPROTO_TCP && protonum != IPPROTO_UDP) return 0;
+ 
+-  if(type == NFCT_MSG_DESTROY) l7printf(3, "Got event: NFCT_MSG_DESTROY\n");
+-  if(type == NFCT_MSG_NEW)     l7printf(3, "Got event: NFCT_MSG_NEW\n");
+-  if(type == NFCT_MSG_UPDATE)  l7printf(3, "Got event: NFCT_MSG_UPDATE\n");
+-  if(type == NFCT_MSG_UNKNOWN) l7printf(3, "Got event: NFCT_MSG_UNKNOWN\n");
++  if(type == NFCT_T_DESTROY) l7printf(3, "Got event: NFCT_T_DESTROY\n");
++  if(type == NFCT_T_NEW)     l7printf(3, "Got event: NFCT_T_NEW\n");
++  if(type == NFCT_T_UPDATE)  l7printf(3, "Got event: NFCT_T_UPDATE\n");
++  if(type == NFCT_T_UNKNOWN) l7printf(3, "Got event: NFCT_T_UNKNOWN\n");
+ 
+   // On the first packet, create the connection buffer, etc.
+-  if(type == NFCT_MSG_NEW){
+-    string key = make_key(ct, flags);
++  if(type == NFCT_T_NEW){
++    string key = make_key(ct, 0, NFCT_T_NEW);
+     if (l7_conntrack_handler->get_l7_connection(key)){
+       // this happens sometimes
+-      cerr << "Received NFCT_MSG_NEW but already have a connection. Packets = " 
++      cerr << "Received NFCT_T_NEW but already have a connection. Packets = " 
+            << l7_conntrack_handler->get_l7_connection(key)->get_num_packets() 
+            << endl;
+       l7_conntrack_handler->remove_l7_connection(key);
+@@ -179,9 +164,9 @@
+     l7_conntrack_handler->add_l7_connection(thisconnection, key);
+     thisconnection->key = key;
+   }
+-  else if(type == NFCT_MSG_DESTROY){
++  else if(type == NFCT_T_DESTROY){
+     // clean up the connection buffer, etc.
+-    string key = make_key(ct, flags);
++    string key = make_key(ct, 0, NFCT_T_DESTROY);
+     if(l7_conntrack_handler->get_l7_connection(key)){
+       l7_conntrack_handler->remove_l7_connection(key);
+     }
+@@ -193,7 +178,7 @@
+ 
+ l7_conntrack::~l7_conntrack() 
+ {
+-  nfct_conntrack_free(ct);
++  free(ct);
+   nfct_close(cth);
+ }
+ 
+@@ -230,9 +215,9 @@
+ {
+   int ret;
+ 
+-  nfct_register_callback(cth, l7_handle_conntrack_event, (void *)this);
+-  ret = nfct_event_conntrack(cth); // this is the main loop
++  nfct_callback_register(cth, NFCT_T_NEW, l7_handle_conntrack_event, (void *)this);
++  ret = nfct_catch(cth); // this is the main loop
+   
+   nfct_close(cth);
+-  nfct_conntrack_free(ct);
++  free(ct);
+ }
diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-map-access-threadsafe.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-map-access-threadsafe.patch
new file mode 100644
index 000000000000..fea0f5bbb5a6
--- /dev/null
+++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-map-access-threadsafe.patch
@@ -0,0 +1,55 @@
+--- l7-filter-userspace-0.11/l7-conntrack.cpp.orig	2009-02-26 21:40:28.000000000 +0000
++++ l7-filter-userspace-0.11/l7-conntrack.cpp	2010-07-23 13:03:23.000000000 +0100
+@@ -195,11 +195,13 @@
+ {
+   nfct_conntrack_free(ct);
+   nfct_close(cth);
++  pthread_mutex_destroy(&map_mutex);
+ }
+ 
+ l7_conntrack::l7_conntrack(void* l7_classifier_in) 
+ {
+   l7_classifier = (l7_classify *)l7_classifier_in;
++  pthread_mutex_init(&map_mutex, NULL);
+   
+   // Now open a handler that is subscribed to all possible events
+   cth = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
+@@ -211,19 +213,27 @@
+ 
+ l7_connection *l7_conntrack::get_l7_connection(const string key) 
+ {
+-  return l7_connections[key];
++  l7_connection *conn;
++  pthread_mutex_lock(&map_mutex);
++  conn = l7_connections[key];
++  pthread_mutex_unlock(&map_mutex);
++  return conn;
+ }
+ 
+ void l7_conntrack::add_l7_connection(l7_connection* connection, 
+ 					const string key) 
+ {
++  pthread_mutex_lock(&map_mutex);
+   l7_connections[key] = connection;
++  pthread_mutex_unlock(&map_mutex);
+ }
+ 
+ void l7_conntrack::remove_l7_connection(const string key) 
+ {
++  pthread_mutex_lock(&map_mutex);
+   delete l7_connections[key];
+   l7_connections.erase(l7_connections.find(key));
++  pthread_mutex_unlock(&map_mutex);
+ }
+ 
+ void l7_conntrack::start() 
+--- l7-filter-userspace-0.11/l7-conntrack.h.orig	2010-07-23 13:04:49.000000000 +0100
++++ l7-filter-userspace-0.11/l7-conntrack.h	2010-07-23 13:05:56.000000000 +0100
+@@ -52,6 +52,7 @@
+   l7_map l7_connections;
+   struct nfct_conntrack *ct;
+   struct nfct_handle *cth; // the callback
++  pthread_mutex_t map_mutex;
+ 
+  public:
+   l7_conntrack(void * foo);
diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-pattern-loading-leak.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-pattern-loading-leak.patch
new file mode 100644
index 000000000000..835fc8ffb9f1
--- /dev/null
+++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-pattern-loading-leak.patch
@@ -0,0 +1,10 @@
+diff --git a/l7-filter-userspace/trunk/l7-classify.cpp b/l7-filter-userspace/trunk/l7-classify.cpp
+index 8b5b77e..1c80d4d 100644
+--- a/l7-filter-userspace/trunk/l7-classify.cpp
++++ b/l7-filter-userspace/trunk/l7-classify.cpp
+@@ -59,6 +59,7 @@ l7_pattern::l7_pattern(string name, string pattern_string, int eflags,
+     cerr << "error compiling " << name << " -- " << pattern_string << endl;
+     exit(1);
+   }
++  free(preprocessed);
+ }