From 07df1ce5dff84405be8837604d7c766965647932 Mon Sep 17 00:00:00 2001
From: Andrea Pesaresi <andreapesaresi82@gmail.com>
Date: Wed, 8 Apr 2026 21:29:12 +0200
Subject: [PATCH] xtables-addons: fix build with Linux 6.18

ACCOUNT, pknock and LUA still use EXTRA_CFLAGS in their Kbuild files
to add local include paths.

With Linux 6.18, external modules should use ccflags-y for these
include directories instead. Otherwise the additional include paths are
not propagated reliably and the build can fail with missing
compat_xtables.h.

Linux 6.18 also changed the timer API used by pknock, removing
from_timer() and del_timer(). Add a small compatibility wrapper so
pknock uses timer_container_of() and timer_delete() on 6.18+ while
remaining compatible with older kernels.

Bump PKG_RELEASE accordingly.

Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
---
 net/xtables-addons/Makefile                   |  2 +-
 ...kbuild-use-ccflags-y-for-kernel-6.18.patch | 46 +++++++++++++++++++
 ...pknock-fix-timer-api-for-kernel-6.18.patch | 46 +++++++++++++++++++
 3 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 net/xtables-addons/patches/510-kbuild-use-ccflags-y-for-kernel-6.18.patch
 create mode 100644 net/xtables-addons/patches/520-pknock-fix-timer-api-for-kernel-6.18.patch

diff --git a/net/xtables-addons/Makefile b/net/xtables-addons/Makefile
index f97b82c346ca3..478a34b1df7b6 100644
--- a/net/xtables-addons/Makefile
+++ b/net/xtables-addons/Makefile
@@ -8,7 +8,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=xtables-addons
 PKG_VERSION:=3.27
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 PKG_HASH:=e47ea8febe73c12ecab09d2c93578c5dc72d76f17fdf673397758f519cce6828
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
diff --git a/net/xtables-addons/patches/510-kbuild-use-ccflags-y-for-kernel-6.18.patch b/net/xtables-addons/patches/510-kbuild-use-ccflags-y-for-kernel-6.18.patch
new file mode 100644
index 0000000000000..d451f49b905c8
--- /dev/null
+++ b/net/xtables-addons/patches/510-kbuild-use-ccflags-y-for-kernel-6.18.patch
@@ -0,0 +1,46 @@
+--- a/extensions/ACCOUNT/Kbuild
++++ b/extensions/ACCOUNT/Kbuild
+@@ -1,5 +1,5 @@
+ # -*- Makefile -*-
+ 
+-EXTRA_CFLAGS = -I${src}/..
++ccflags-y += -I$(src)/..
+ 
+ obj-m += xt_ACCOUNT.o
+--- a/extensions/pknock/Kbuild
++++ b/extensions/pknock/Kbuild
+@@ -1,5 +1,5 @@
+ # -*- Makefile -*-
+ 
+-EXTRA_CFLAGS = -I${src}/..
++ccflags-y += -I$(src)/..
+ 
+ obj-m += xt_pknock.o
+--- a/extensions/LUA/Kbuild
++++ b/extensions/LUA/Kbuild
+@@ -1,11 +1,11 @@
+ # -*- Makefile -*-
+ 
+ # Adding debug options
+-EXTRA_CFLAGS += -DDEBUG
++ccflags-y += -DDEBUG
+ 
+ obj-m += xt_LUA.o
+ 
+-EXTRA_CFLAGS += -I$(src)/prot_buf_new
++ccflags-y += -I$(src)/prot_buf_new
+ xt_LUA-y += xt_LUA_target.o \
+ 
+ xt_LUA-y += nf_lua.o \
+@@ -23,9 +23,9 @@ xt_LUA-y += nf_lua.o \
+ 
+ 
+ # Enable <stddef.h> <stdarg.h>
+-EXTRA_CFLAGS += -isystem $(shell $(CC) -print-file-name=include)
++ccflags-y += -isystem $(shell $(CC) -print-file-name=include)
+ # Adding Lua Support
+-EXTRA_CFLAGS += -I$(src)/lua -I$(src)/lua/include 
++ccflags-y += -I$(src)/lua -I$(src)/lua/include
+ xt_LUA-y += lua/lapi.o \
+ 			lua/lbaselib.o \
+ 			lua/lcode.o \
diff --git a/net/xtables-addons/patches/520-pknock-fix-timer-api-for-kernel-6.18.patch b/net/xtables-addons/patches/520-pknock-fix-timer-api-for-kernel-6.18.patch
new file mode 100644
index 0000000000000..0e1c8749504d9
--- /dev/null
+++ b/net/xtables-addons/patches/520-pknock-fix-timer-api-for-kernel-6.18.patch
@@ -0,0 +1,46 @@
+--- a/extensions/pknock/xt_pknock.c
++++ b/extensions/pknock/xt_pknock.c
+@@ -120,6 +120,16 @@
+ module_param(nl_multicast_group, int, S_IRUGO);
+ MODULE_PARM_DESC(nl_multicast_group, "Netlink multicast group number for pknock messages");
+ 
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6,18,0)
++#define pknock_timer_delete(timer) timer_delete(timer)
++#define pknock_from_timer(var, callback_timer, timer_fieldname) \
++	timer_container_of(var, callback_timer, timer_fieldname)
++#else
++#define pknock_timer_delete(timer) del_timer(timer)
++#define pknock_from_timer(var, callback_timer, timer_fieldname) \
++	from_timer(var, callback_timer, timer_fieldname)
++#endif
++
+ /**
+  * Calculates a value from 0 to max from a hash of the arguments.
+  *
+@@ -296,7 +306,7 @@
+ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
+ {
+ 	if (timer_pending(&rule->timer))
+-		del_timer(&rule->timer);
++		pknock_timer_delete(&rule->timer);
+ 	rule->timer.expires = jiffies + msecs_to_jiffies(gc_expir_time);
+ 	add_timer(&rule->timer);
+ }
+@@ -355,7 +365,7 @@
+ static void peer_gc(struct timer_list *tl)
+ {
+ 	unsigned int i;
+-	struct xt_pknock_rule *rule = from_timer(rule, tl, timer);
++	struct xt_pknock_rule *rule = pknock_from_timer(rule, tl, timer);
+ 	struct peer *peer;
+ 	struct list_head *pos, *n;
+ 
+@@ -517,7 +527,7 @@
+ 		remove_proc_entry(info->rule_name, pde);
+ 	pr_debug("(D) rule deleted: %s.\n", rule->rule_name);
+ 	if (timer_pending(&rule->timer))
+-		del_timer(&rule->timer);
++		pknock_timer_delete(&rule->timer);
+ 	list_del(&rule->head);
+ 	kfree(rule->peer_head);
+ 	kfree(rule);