diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile index 81a815641..1b08e0487 100644 --- a/ndpi-netfilter2/Makefile +++ b/ndpi-netfilter2/Makefile @@ -21,7 +21,6 @@ PKG_SOURCE_URL:=https://github.com/vel21ripn/nDPI.git PKG_SOURCE_VERSION:=$(PKG_REV) PKG_BUILD_PARALLEL:=0 -PKG_FORTIFY_SOURCE:=0 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) @@ -35,8 +34,7 @@ define Package/iptables-mod-ndpi URL:=http://www.ntop.org/products/ndpi/ # DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi +libpcap # DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) -# DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15) @!TARGET_ramips - DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @!TARGET_ramips + DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15) MAINTAINER:=Ycarus (Yannick Chabanois) endef @@ -52,7 +50,7 @@ MAKE_PATH:=ndpi-netfilter MAKE_FLAGS += \ KERNEL_DIR="$(LINUX_DIR)" \ MODULES_DIR="$(TARGET_MODULES_DIR)" \ - NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter + NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter \ ifeq ($ARCH),aarch64) MAKE_FLAGS += ARCH="arm64" @@ -76,15 +74,14 @@ define KernelPackage/ipt-ndpi SUBMENU:=Netfilter Extensions TITLE:= nDPI net netfilter module # DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) -# DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) @!TARGET_ramips - DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @!TARGET_ramips + DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \ CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko AUTOLOAD:=$(call AutoProbe,xt_ndpi) # MODPARAMS.xt_ndpi:=ndpi_enable_flow=1 KCONFIG:=\ - CONFIG_NDPI_HOOK=y \ + CONFIG_LIVEPATCH=y \ CONFIG_NF_CONNTRACK=y \ CONFIG_NF_CONNTRACK_LABELS=y \ CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y \ diff --git a/ndpi-netfilter2/patches/002-no-livepatch-required.patch b/ndpi-netfilter2/patches/002-no-livepatch-required.patch deleted file mode 100644 index a97f001b2..000000000 --- a/ndpi-netfilter2/patches/002-no-livepatch-required.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 9e2bc31b8c330dc6ad0e6e478103652cd72dc3c8 Mon Sep 17 00:00:00 2001 -From: Sebastian Gottschall -Date: Sun, 9 Jul 2023 12:22:02 +0600 -Subject: [PATCH] add ndpi support for arm/arm64 etc. in 6.1 - -ndpi is not supported in more recent kernels without livepatch support -however. livepatch is only supported for x86_64 architectures. -so ndpi cannot be used on any other platform anymore. -we solve this by adding a simple hook to nf_ct_destroy - -Signed-off-by: Sebastian Gottschall ---- - ndpi-netfilter/kernel-patch/v6.1.38.diff | 81 ++++++++++++++++++++++++ - ndpi-netfilter/src/main.c | 23 +++++-- - 2 files changed, 98 insertions(+), 6 deletions(-) - create mode 100644 ndpi-netfilter/kernel-patch/v6.1.38.diff - -diff --git a/ndpi-netfilter/kernel-patch/v6.1.38.diff b/ndpi-netfilter/kernel-patch/v6.1.38.diff -new file mode 100644 -index 0000000000..6846dc84fc ---- /dev/null -+++ b/ndpi-netfilter/kernel-patch/v6.1.38.diff -@@ -0,0 +1,81 @@ -+diff -urpN linux-6.1.38.old/include/net/netfilter/nf_conntrack.h linux-6.1.38/include/net/netfilter/nf_conntrack.h -+--- linux-6.1.38.old/include/net/netfilter/nf_conntrack.h 2023-07-05 23:27:38.000000000 +0600 -++++ linux-6.1.38/include/net/netfilter/nf_conntrack.h 2023-07-14 12:34:56.663750711 +0600 -+@@ -362,6 +362,11 @@ static inline struct nf_conntrack_net *n -+ return net_generic(net, nf_conntrack_net_id); -+ } -+ -++#ifdef CONFIG_NDPI_HOOK -++void register_ndpi_hook(void (*hook)(struct nf_conn *)); -++void unregister_ndpi_hook(void); -++#endif -++ -+ #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) -+ #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) -+ #define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v)) -+diff -urpN linux-6.1.38.old/net/netfilter/Kconfig linux-6.1.38/net/netfilter/Kconfig -+--- linux-6.1.38.old/net/netfilter/Kconfig 2023-07-05 23:27:38.000000000 +0600 -++++ linux-6.1.38/net/netfilter/Kconfig 2023-07-14 12:34:11.966879899 +0600 -+@@ -76,11 +76,15 @@ config NETFILTER_NETLINK_OSF -+ If this option is enabled, the kernel will include support -+ for passive OS fingerprint via NFNETLINK. -+ -++config NDPI_HOOK -++ bool -++ -+ config NF_CONNTRACK -+ tristate "Netfilter connection tracking support" -+ default m if NETFILTER_ADVANCED=n -+ select NF_DEFRAG_IPV4 -+ select NF_DEFRAG_IPV6 if IPV6 != n -++ select NDPI_HOOK -+ help -+ Connection tracking keeps a record of what packets have passed -+ through your machine, in order to figure out how they are related -+diff -urpN linux-6.1.38.old/net/netfilter/nf_conntrack_core.c linux-6.1.38/net/netfilter/nf_conntrack_core.c -+--- linux-6.1.38.old/net/netfilter/nf_conntrack_core.c 2023-07-05 23:27:38.000000000 +0600 -++++ linux-6.1.38/net/netfilter/nf_conntrack_core.c 2023-07-14 12:33:45.580092713 +0600 -+@@ -582,9 +582,30 @@ static void destroy_gre_conntrack(struct -+ #endif -+ } -+ -++#ifdef CONFIG_NDPI_HOOK -++ -++static void (*ndpi_hook)(struct nf_conn *) __rcu __read_mostly = NULL; -++ -++void register_ndpi_hook(void (*hook)(struct nf_conn *)) -++{ -++ rcu_assign_pointer(ndpi_hook, hook); -++} -++EXPORT_SYMBOL(register_ndpi_hook); -++ -++void unregister_ndpi_hook(void) -++{ -++ rcu_assign_pointer(ndpi_hook, NULL); -++} -++ -++EXPORT_SYMBOL(unregister_ndpi_hook); -++#endif -++ -+ void nf_ct_destroy(struct nf_conntrack *nfct) -+ { -+ struct nf_conn *ct = (struct nf_conn *)nfct; -++#ifdef CONFIG_NDPI_HOOK -++ void (*hook)(struct nf_conn *); -++#endif -+ -+ pr_debug("%s(%p)\n", __func__, ct); -+ WARN_ON(refcount_read(&nfct->use) != 0); -+@@ -594,6 +615,12 @@ void nf_ct_destroy(struct nf_conntrack * -+ return; -+ } -+ -++#ifdef CONFIG_NDPI_HOOK -++ hook = rcu_dereference(ndpi_hook); -++ if (hook) -++ hook(ct); -++#endif -++ -+ if (unlikely(nf_ct_protonum(ct) == IPPROTO_GRE)) -+ destroy_gre_conntrack(ct); -+ -diff --git a/ndpi-netfilter/src/main.c b/ndpi-netfilter/src/main.c -index 024ca4bb79..e8ae3912d7 100644 ---- a/ndpi-netfilter/src/main.c -+++ b/ndpi-netfilter/src/main.c -@@ -102,7 +102,9 @@ static char proto_name[]="proto"; - static char debug_name[]="debug"; - static char risk_name[]="risks"; - --#if LINUX_VERSION_CODE > KERNEL_VERSION(5,19,0) -+#ifdef CONFIG_NDPI_HOOK -+#define USE_NDPI_HOOK -+#elif LINUX_VERSION_CODE > KERNEL_VERSION(5,19,0) - #ifndef USE_LIVEPATCH - #define USE_LIVEPATCH - #endif -@@ -162,15 +164,17 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par) - // for testing only! - // #define USE_CONNLABELS - --#if !defined(USE_CONNLABELS) && defined(CONFIG_NF_CONNTRACK_CUSTOM) && CONFIG_NF_CONNTRACK_CUSTOM > 0 -+#if !defined(USE_CONNLABELS) && !defined(USE_NDPI_HOOK) && defined(CONFIG_NF_CONNTRACK_CUSTOM) && CONFIG_NF_CONNTRACK_CUSTOM > 0 - #define NF_CT_CUSTOM - #else -+#ifndef USE_NDPI_HOOK - #undef NF_CT_CUSTOM - #include - #ifndef CONFIG_NF_CONNTRACK_LABELS - #error NF_CONNTRACK_LABELS not defined - #endif - #endif -+#endif - - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0) - #define nf_ct_l3proto_try_module_get(a) 0 -@@ -3187,7 +3191,7 @@ static int __net_init ndpi_net_init(struct net *net) - return -ENOMEM; - } - --#ifndef USE_LIVEPATCH -+#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) - static struct nf_ct_ext_type ndpi_extend = { - #if LINUX_VERSION_CODE < KERNEL_VERSION(4,8,0) - .seq_print = seq_print_ndpi, -@@ -3197,7 +3201,7 @@ static struct nf_ct_ext_type ndpi_extend = { - .align = __alignof__(uint32_t), - .id = 0, - }; --#else -+#elif !defined(USE_NDPI_HOOK) - - #if LINUX_VERSION_CODE < KERNEL_VERSION(5,17,0) - #error "not implemented" -@@ -3266,6 +3270,8 @@ static int __init ndpi_mt_init(void) - return -EBUSY; - } - nf_ct_ext_id_ndpi = ndpi_extend.id; -+#elif defined(USE_NDPI_HOOK) -+ register_ndpi_hook(&nf_ndpi_free_flow); - #else - #ifdef USE_LIVEPATCH - nf_ct_ext_id_ndpi = NF_CT_EXT_LABELS; -@@ -3389,8 +3395,11 @@ static int __init ndpi_mt_init(void) - unreg_pernet: - unregister_pernet_subsys(&ndpi_net_ops); - unreg_ext: --#ifndef USE_LIVEPATCH -+#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) - nf_ct_extend_unregister(&ndpi_extend); -+#endif -+#if defined(USE_NDPI_HOOK) -+ unregister_ndpi_hook(); - #endif - return ret; - } -@@ -3401,8 +3410,10 @@ static void __exit ndpi_mt_exit(void) - xt_unregister_target(&ndpi_tg_reg); - xt_unregister_match(&ndpi_mt_reg); - unregister_pernet_subsys(&ndpi_net_ops); --#ifndef USE_LIVEPATCH -+#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) - nf_ct_extend_unregister(&ndpi_extend); -+#elif defined(USE_NDPI_HOOK) -+ unregister_ndpi_hook(); - #else - rcu_assign_pointer(nf_conntrack_destroy_cb,NULL); - #endif diff --git a/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch b/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch deleted file mode 100644 index b72b4271f..000000000 --- a/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch +++ /dev/null @@ -1,237 +0,0 @@ ---- a/src/lib/protocols/bittorrent.c.old 2023-07-15 11:45:44.566446059 +0200 -+++ b/src/lib/protocols/bittorrent.c 2023-07-15 11:49:25.498828807 +0200 -@@ -263,19 +263,6 @@ - return key % (size-1); - } - --#ifdef NDPI_DETECTION_SUPPORT_IPV6 --static inline u_int32_t hash_calc6(ndpi_ip_addr_t *ip,u_int16_t port,u_int32_t size) { -- u_int32_t M,I; -- u_int8_t *ipp = (u_int8_t *)&I; -- u_int32_t key; -- M=103; -- I = ip->ipv6.u6_addr.u6_addr32[0] + ip->ipv6.u6_addr.u6_addr32[1] + ip->ipv6.u6_addr.u6_addr32[2] + ip->ipv6.u6_addr.u6_addr32[3]; -- key = (((ipp[0] * M) + ipp[1] * M) + ipp[2]) * M +ipp[3]; -- ipp = (u_int8_t *)&port; -- key = ((key * M) + ipp[0] * M) + ipp[1]; -- return key % (size-1); --} --#endif - - // ndpi_ip_addr_t - static struct hash_ip4p_node *hash_ip4p_add(struct hash_ip4p_table *ht, -@@ -283,9 +270,6 @@ - struct hash_ip4p_node *n,*t; - - u_int32_t key = --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- ht->ipv6 ? hash_calc6(ip,port,ht->size) : --#endif - hash_calc(ip,port,ht->size); - - n = NULL; -@@ -293,22 +277,6 @@ - spin_lock(&ht->tbl[key].lock); - - n = ht->tbl[key].top; --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(ht->ipv6) { -- while(n) { -- if(!memcmp(&n->ip,ip->ipv6.u6_addr.u6_addr8,16) && n->port == port) { -- n->lchg = lchg; -- n->flag |= flag; -- move_up(&ht->tbl[key],n); -- goto unlock; -- } -- n = n->next; -- } -- n = BT_N_MALLOC(sizeof(struct hash_ip4p_node)+12); -- if(!n) goto unlock; -- memcpy(&n->ip,ip->ipv6.u6_addr.u6_addr8,16); -- } else { --#endif - while(n) { - if(n->ip == ip->ipv4 && n->port == port) { - n->lchg = lchg; -@@ -321,9 +289,6 @@ - n = BT_N_MALLOC(sizeof(struct hash_ip4p_node)); - if(!n) goto unlock; - n->ip = ip->ipv4; --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- } --#endif - t = ht->tbl[key].top; - n->next = t; - n->prev = NULL; -@@ -347,31 +312,16 @@ - struct hash_ip4p_node *n; - - u_int16_t key = --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- ht->ipv6 ? hash_calc6(ip,port,ht->size) : --#endif - hash_calc(ip,port,ht->size); - - n = NULL; - spin_lock(&ht->tbl[key].lock); - - n = ht->tbl[key].top; --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(ht->ipv6) { -- while(n) { -- if(!memcmp(&n->ip,ip->ipv6.u6_addr.u6_addr8,16) && n->port == port) -- break; -- n = n->next; -- } -- } else { --#endif - while(n) { - if(n->ip == ip->ipv4 && n->port == port) break; - n = n->next; - } --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- } --#endif - if(n) { - #ifdef __KERNEL__ - diagram(ndpi_btp_tm,sizeof(ndpi_btp_tm)/sizeof(ndpi_btp_tm[0]),lchg - n->lchg); -@@ -805,13 +755,6 @@ - u_int16_t s_port = packet->udp ? packet->udp->source : - packet->tcp ? packet->tcp->source : 0; - --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(packet->iphv6) -- bt_add_announce(ndpi_struct, -- ndpi_struct->bt_ann, ndpi_struct->bt_ann_len, -- 1, (ndpi_ip_addr_t *)&packet->iphv6->ip6_src, -- s_port, &x.p,p_now); --#endif - if(packet->iph) - bt_add_announce(ndpi_struct, - ndpi_struct->bt_ann, ndpi_struct->bt_ann_len, -@@ -819,39 +762,6 @@ - s_port, &x.p,p_now); - } - #endif --#ifdef NDPI_DETECTION_SUPPORT_IPV6 --if(packet->iphv6 && ndpi_struct->bt6_ht) { --NDPI_LOG_DBG2(ndpi_struct, -- "BT: detected valid DHT6 %d %d\n", -- x.p.r.nn6,x.p.r.nv6); --#ifndef __KERNEL__ --if(bt_parse_debug) dump_bt_proto_struct(&x.p); --#endif -- if(x.p.r.nodes6 && x.p.r.nn6) { -- struct bt_nodes6_data *n = x.p.r.nodes6; -- for(i=0; i < x.p.r.nn6; i++,n++) { -- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&n->ip,n->port,p_now,0x2); -- -- NDPI_LOG_DBG2(ndpi_struct, -- "BT: nodes6 add DHT peer %s:%d\n", -- inet_ntop(AF_INET6,(void *)&n->ip, ip6buf,sizeof(ip6buf)), -- htons(n->port)); -- } -- } -- if(x.p.r.values6 && x.p.r.nv6) { -- struct bt_ipv6p2 *n = (struct bt_ipv6p2 *)x.p.r.values6; -- for(i=0; i < x.p.r.nv6; i++,n++) { -- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&n->d.ip,n->d.port,p_now,0x4); -- -- NDPI_LOG_DBG2(ndpi_struct, -- "BT: values6 add DHT peer %s:%d\n", -- inet_ntop(AF_INET6,(void *)&n->d.ip, ip6buf,sizeof(ip6buf)), -- htons(n->d.port)); -- } -- } -- return r >= 0; --} --#endif - - if(!ndpi_struct->bt_ht) return r >= 0; - -@@ -899,16 +809,6 @@ - static void ndpi_bt_add_peer_cache(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_packet_struct *packet, uint16_t p_src, uint16_t p_dst) { - --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(ndpi_struct->bt6_ht && packet->iphv6) { -- if(packet->packet_direction) -- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src, -- p_src, packet->current_time,1); -- else -- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst, -- p_dst, packet->current_time,1); -- } else --#endif - if(ndpi_struct->bt_ht && packet->iph) { - if(packet->packet_direction) - hash_ip4p_add(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr, -@@ -1073,19 +973,6 @@ - if(!packet->tcp) return 0; - source = packet->tcp->source; - dest = packet->tcp->dest; --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(ndpi_struct->bt6_ht && packet->iphv6) { -- f1 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src,source, -- packet->current_time); -- f2 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst,dest, -- packet->current_time); --#ifdef __KERNEL__ -- if(f1) ndpi_ptss++; -- if(f2) ndpi_ptdd++; --#endif -- return f1 != NULL || f2 != NULL; -- } --#endif - if(ndpi_struct->bt_ht && packet->iph) { - f1 = hash_ip4p_find(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr,source, - packet->current_time); -@@ -1110,23 +997,6 @@ - if(!packet->udp) return 0; - source = packet->udp->source; - dest = packet->udp->dest; --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- if(ndpi_struct->bt6_ht && packet->iphv6) { -- f1 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src,source, -- packet->current_time); -- f2 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst,dest, -- packet->current_time); --#ifdef __KERNEL__ -- if(f1) { -- DIRC(ndpi_pusr,ndpi_pusf); -- } -- if(f2) { -- DIRC(ndpi_pudr,ndpi_pudf); -- } --#endif -- return f1 != NULL || f2 != NULL; -- } --#endif - if(ndpi_struct->bt_ht && packet->iph) { - f1 = hash_ip4p_find(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr,source, - packet->current_time); -@@ -1653,11 +1523,6 @@ - u_int32_t size,u_int32_t size6,u_int32_t tmo,int logsize) { - - ndpi_struct->bt_ht = hash_ip4p_init(size); --#ifdef NDPI_DETECTION_SUPPORT_IPV6 -- ndpi_struct->bt6_ht = hash_ip4p_init(size6); -- if(ndpi_struct->bt6_ht) -- ndpi_struct->bt6_ht->ipv6=1; --#endif - ndpi_bt_node_expire = tmo; - #ifdef BT_ANNOUNCE - if(logsize > 0) { -@@ -1679,12 +1544,6 @@ - hash_ip4p_del(ndpi_struct->bt_ht); - ndpi_struct->bt_ht = NULL; - } --#ifdef NDPI_DETECTION_SUPPORT_IPV6 --if(ndpi_struct->bt6_ht) { -- hash_ip4p_del(ndpi_struct->bt6_ht); -- ndpi_struct->bt6_ht = NULL; --} --#endif - } - - void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/ndpi-netfilter2/patches/outline-atomics.patch b/ndpi-netfilter2/patches/outline-atomics.patch index 8055bd41a..72dace62c 100644 --- a/ndpi-netfilter2/patches/outline-atomics.patch +++ b/ndpi-netfilter2/patches/outline-atomics.patch @@ -7,7 +7,7 @@ +cc-option = $(shell if $(CC) -Werror $(1) -S -o /dev/null -xc /dev/null \ + > /dev/null 2>&1; then echo "$(1)"; else echo "$(2)"; fi ;) +mno_outline_atomics := $(call cc-option, -mno-outline-atomics, "") -+ccflags-y += $(mno_outline_atomics) -Wframe-larger-than=2600 ++ccflags-y += $(mno_outline_atomics) #ccflags-y += -Wshadow-local # Needed for pahole #ccflags-y += -femit-struct-debug-detailed=any diff --git a/ndpi-netfilter2/patches/skbuff-check_fix.patch b/ndpi-netfilter2/patches/skbuff-check_fix.patch index f089d87e1..f5fe4defc 100644 --- a/ndpi-netfilter2/patches/skbuff-check_fix.patch +++ b/ndpi-netfilter2/patches/skbuff-check_fix.patch @@ -4,8 +4,8 @@ KERNEL_DIR := /lib/modules/$(shell uname -r)/build endif --ifeq ($(shell test -f $(KERNEL_DIR)/source/include/linux/skbuff.h && grep -c userid $(KERNEL_DIR)/source/include/linux/skbuff.h),1) -+ifeq ($(shell test -f $(KERNEL_DIR)/include/linux/skbuff.h && shell grep -c userid $(KERNEL_DIR)/include/linux/skbuff.h),1) +-ifeq ($(shell test -f $(KERNEL_DIR)/source/include/linux/skbuff.h && grep -qc userid $(KERNEL_DIR)/source/include/linux/skbuff.h),1) ++ifeq ($(shell test -f $(KERNEL_DIR)/include/linux/skbuff.h && shell grep -qc userid $(KERNEL_DIR)/include/linux/skbuff.h),1) ccflags-y += -DUSE_HACK_USERID=1 endif