iptables: reduce binary size

* drop unused lenient restore patch * instead of statically linking core extensions, build shared libraries for reuse in fw3 * strip outdated match revisions and aliases to trim down library size Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45758
2015-05-26 09:16:50 +00:00
parent ecb14f4a5d
commit 1c00b6bc7f
4 changed files with 195 additions and 176 deletions
--- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
+++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
@@ -0,0 +1,108 @@
+Index: iptables-1.4.21/extensions/libxt_conntrack.c
+===================================================================
+--- iptables-1.4.21.orig/extensions/libxt_conntrack.c
+++ iptables-1.4.21/extensions/libxt_conntrack.c
+@@ -1157,6 +1157,7 @@ static void state_save(const void *ip, c
+ }
+ 
+ static struct xtables_match conntrack_mt_reg[] = {
+#ifndef NO_LEGACY
+ 	{
+ 		.version       = XTABLES_VERSION,
+ 		.name          = "conntrack",
+@@ -1232,6 +1233,7 @@ static struct xtables_match conntrack_mt
+ 		.alias	       = conntrack_print_name_alias,
+ 		.x6_options    = conntrack2_mt_opts,
+ 	},
+#endif
+ 	{
+ 		.version       = XTABLES_VERSION,
+ 		.name          = "conntrack",
+@@ -1262,6 +1264,7 @@ static struct xtables_match conntrack_mt
+ 		.alias	       = conntrack_print_name_alias,
+ 		.x6_options    = conntrack3_mt_opts,
+ 	},
+#ifndef NO_LEGACY
+ 	{
+ 		.family        = NFPROTO_UNSPEC,
+ 		.name          = "state",
+@@ -1292,6 +1295,7 @@ static struct xtables_match conntrack_mt
+ 		.x6_parse      = state_ct23_parse,
+ 		.x6_options    = state_opts,
+ 	},
+#endif
+ 	{
+ 		.family        = NFPROTO_UNSPEC,
+ 		.name          = "state",
+@@ -1307,6 +1311,7 @@ static struct xtables_match conntrack_mt
+ 		.x6_parse      = state_ct23_parse,
+ 		.x6_options    = state_opts,
+ 	},
+#ifndef NO_LEGACY
+ 	{
+ 		.family        = NFPROTO_UNSPEC,
+ 		.name          = "state",
+@@ -1320,6 +1325,7 @@ static struct xtables_match conntrack_mt
+ 		.x6_parse      = state_parse,
+ 		.x6_options    = state_opts,
+ 	},
+#endif
+ };
+ 
+ void _init(void)
+Index: iptables-1.4.21/extensions/libxt_CT.c
+===================================================================
+--- iptables-1.4.21.orig/extensions/libxt_CT.c
+++ iptables-1.4.21/extensions/libxt_CT.c
+@@ -290,6 +290,7 @@ static void notrack_ct2_tg_init(struct x
+ }
+ 
+ static struct xtables_target ct_target_reg[] = {
+#ifndef NO_LEGACY
+ 	{
+ 		.family		= NFPROTO_UNSPEC,
+ 		.name		= "CT",
+@@ -315,6 +316,7 @@ static struct xtables_target ct_target_r
+ 		.x6_parse	= ct_parse_v1,
+ 		.x6_options	= ct_opts_v1,
+ 	},
+#endif
+ 	{
+ 		.family		= NFPROTO_UNSPEC,
+ 		.name		= "CT",
+@@ -329,6 +331,7 @@ static struct xtables_target ct_target_r
+ 		.x6_parse	= ct_parse_v1,
+ 		.x6_options	= ct_opts_v1,
+ 	},
+#ifndef NO_LEGACY
+ 	{
+ 		.family        = NFPROTO_UNSPEC,
+ 		.name          = "NOTRACK",
+@@ -366,6 +369,7 @@ static struct xtables_target ct_target_r
+ 		.revision      = 0,
+ 		.version       = XTABLES_VERSION,
+ 	},
+#endif
+ };
+ 
+ void _init(void)
+Index: iptables-1.4.21/extensions/libxt_multiport.c
+===================================================================
+--- iptables-1.4.21.orig/extensions/libxt_multiport.c
+++ iptables-1.4.21/extensions/libxt_multiport.c
+@@ -469,6 +469,7 @@ static void multiport_save6_v1(const voi
+ }
+ 
+ static struct xtables_match multiport_mt_reg[] = {
+#ifndef NO_LEGACY
+ 	{
+ 		.family        = NFPROTO_IPV4,
+ 		.name          = "multiport",
+@@ -497,6 +498,7 @@ static struct xtables_match multiport_mt
+ 		.save          = multiport_save6,
+ 		.x6_options    = multiport_opts,
+ 	},
+#endif
+ 	{
+ 		.family        = NFPROTO_IPV4,
+ 		.name          = "multiport",