reinit the tree, so we can have metadata

8 files changed, 497 insertions, 0 deletions

diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest
new file mode 100644
index 000000000000..bfed314208fd
--- /dev/null
+++ b/net-firewall/ipt_netflow/Manifest
@@ -0,0 +1,10 @@
+AUX ipt_netflow-2.0-configure.patch 276 SHA256 cf24753f0075b8015b8832799d993fcc1671ab001033f40f7d0ee12ba469de50 SHA512 cb7b1a690a69eb68ce57d1b216324de3114c01a6bc2ca7e29fece702be62a0f903e6946426c49a8fcd08295466524eb464127655a8742507f999a318319cd3d0 WHIRLPOOL ca45617b098c4e57756b5aeacef9c638444c12cbbd3dea38de457fca9be89592e854c3b9bd70d36250dce4becee28fee94ecd321c857786dc93e92ff5316ab16
+AUX ipt_netflow-2.2-linux-4.10.patch 4343 SHA256 c9874b75e050e0172deb12d0e6c1f981a3c869585e13be7b08d6094a16ff9e42 SHA512 077787f9bc8981064c4a9489487a0079877000f58d4ce789b7aaf7819cabacd1b12e4a527174662bd17c1303631282254e2215f06f02f08e41327a7dbbc13f13 WHIRLPOOL 48c949953be76d096946c02ff0b77c60f2e6f04f287c297ee4494077b8f5192312352ad1b23a89779d635933a6e8203ba316ab296f6566d3bc43fd71ceed7ff9
+AUX ipt_netflow-2.2-linux-4.13.patch 2403 SHA256 96354f3907a1d8d0d590436a3f9fa8ee6829489bcc9b7a46ab8e74f31b704370 SHA512 38b2657a42607cd86f36089cb1c26b609d29f1c6aca75ed38000baa69a58b75568ee7194e5d1692004c59ad8087fc4cb183ee61ed34ab52e557a3f0a330d2b6a WHIRLPOOL 270f2369a693c49a7b1bbe9ba14eb674b8a15648e16d59a9b8b33a295cc87ca9bc1b38599756b7bc680ffe7ea54108c3b3aec938228e520864b039df130507e0
+AUX ipt_netflow-2.2-linux-4.6.patch 2098 SHA256 c795cf2cbba8c502ca8d1aa27c3138f382b728c58351d60c50fd538f17f27644 SHA512 319b1a013e8d32854ecfbc207aa7197e2ef39bc2688ece952814d3092e9110aa3cf134c56f3b9f671c7856465814905a4d1f888f8dab3b40f0be09202c6f1a64 WHIRLPOOL 475c5779f97e2a1611120e38f475bd7acb6855ba647bb9e78057288dca84950aae88ddc2f85ae4e6a48a99cb94fd0978ade5e87e11b9b60200cf12c4df895b6c
+DIST ipt-netflow-2.2.tgz 96697 SHA256 81be0a334f74894756d022aee2c87b36c89a7aeca6ff1c91ef6b4f3458793198 SHA512 a406ab9bd18616414d8c99f427382a075bdb8000d8c40959f5b6d6e577d7eb4dfc7f8b773664a516ec2228d15590f21c3fbd6aa3d4302f6cdf03810e1702af74 WHIRLPOOL e9c5f13a3efa346b75ec47ceb033e83099744fa90d575d62135225a88f0093b1de556354d972772f13e7ea895659cd58e6e9a3c08817f62fd902336cc8771928
+EBUILD ipt_netflow-2.2-r1.ebuild 2290 SHA256 6d5179df6ba5fc7b1cf416f99a935ecffbe5a9c87e390232da3378b19bd103d0 SHA512 ff5991046c7a4f575071721f456a88de1f410cdc1ccd0a6b73d5e4a607a25bcb17ed8c1c475f5b3dabb43e00c57f3f9ccd3a8f230f550e8d61b622adee69cf4f WHIRLPOOL a8782221335da2d2249e1a1e165b6a2ef3829c7591f932bdca376fae7848a8eaa8032b4cd6e3adc22e35fbc35b8534714aa16d31562c8451a6cf8c787ffc27e0
+EBUILD ipt_netflow-2.2-r2.ebuild 2511 SHA256 cf8734703821b4b1d0f65b8dfb746e8dcd9c93ce0bcb5b57e2269ddee53d7fae SHA512 f7ffbb8345bd9febdda8895c3424bb3cb8c85b214cbe8b14f0be4bfddd9d2fb9ae04652dcb9dbb54d37337a5e3d44b233bdc95c772244580ed7b4cf4e0cc079c WHIRLPOOL cbd5f3354abfa17711f7d768d645598b8fb09c68fc843a07a7248d4bd1a58607babd41908fae9ed14f10919df69b8a05395336322055e4c1b959725593a224a0
+MISC ChangeLog 4149 SHA256 907012df44868b22ece920cad4dccb3aa44482ad4749468fabd28547cc493d99 SHA512 f7f9c87d99cfae607dadd88df531ca283df898f0c093a4928f5d441d6347a773803311ae325c4a058f5812676efb02f995283abeb88fe832e03792602c56e583 WHIRLPOOL d981cc10fe6884988dfe0e580ad0adf26eb1479435c8789e77232a66e605803b9ddc582c9930b1b2a08a9260dbb613da83c4f477328f5407710c036f0a2cb633
+MISC ChangeLog-2015 5139 SHA256 4bc227582ff7a604a701289ac3cd6a7e9b347025f3838732b59d213d60e70aa3 SHA512 6d5d0f39352fafccd77b878f37342461e21b94b8834f6bab0018328781e7dbf726ef537064eadf9c60baa4ec2e69562f7f6e741b379574821d24544dc9005626 WHIRLPOOL 67bd74db5f3303682bb771982c45586bdab9cb55feb6b0b04f0e1a7fab9e6c29ae0317a1100dd9235b2662f25e899ee1f656281ee56ade3f57c65523e7ab416b
+MISC metadata.xml 561 SHA256 7a00db53aae4ab7395ec5fe44907703f00c61ec92995dfb3de6e5ee1b5fc0576 SHA512 6cd4feab99315acfcf34f34fccd9ecb6b00b23efecef622cc638902a4ec62240f3d9f87d1f349a84ec7c4985a90f8632ffcfa9f403b42c26ce9d923ca9e01bc5 WHIRLPOOL 62ecc05c510e0fdf9e235c5dc45be32f8028b1834595d7121e79a48d64535589d479a02c08d50f5f5cc934b188f9c7b4dfc55e73428d0a121cb825347297a32e
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch
new file mode 100644
index 000000000000..f6b3a005ba21
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch
@@ -0,0 +1,10 @@
+--- a/configure
++++ b/configure
+@@ -421,7 +421,6 @@
+ iptables_find_version	#IPTVER
+ iptables_try_pkgconfig	#try to configure from pkg-config
+ iptables_find_src	#IPTSRC
+-iptables_src_version	#check that IPTSRC match to IPTVER
+ iptables_inc		#IPTINC
+ iptables_modules	#IPTLIB
+ 
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch
new file mode 100644
index 000000000000..7e8f62840a91
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch
@@ -0,0 +1,137 @@
+commit 5d71c94c400d91633f6d3c3be9e785bb23d4ca1a
+Author: ABC <abc@telekom.ru>
+Date:   Sun Mar 5 11:27:39 2017 +0300
+
+    Compilation compatibility with kernel 4.10.
+    
+    Fixes #70.
+    Resolves incompatibilities introduced by
+     2456e855354415bfaeb7badaa14e11b3e02c8466 and
+     613dbd95723aee7abd16860745691b6c7bda20dc for kernel 4.10.
+
+diff --git a/compat.h b/compat.h
+index 3f27977..47176ef 100644
+--- a/compat.h
++++ b/compat.h
+@@ -600,4 +600,29 @@ out:
+ # define __GNUC_PREREQ(maj, min) 0
+ #endif
+ 
++/* ktime is not union anymore, since 2456e855354415bfaeb7badaa14e11b3e02c8466 */
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
++# define first_tv64	first.tv64
++# define last_tv64	last.tv64
++#else
++# define first_tv64	first
++# define last_tv64	last
++#endif
++
++/* Offset changes made in 613dbd95723aee7abd16860745691b6c7bda20dc */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) && LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
++static inline u_int8_t xt_family(const struct xt_action_param *par)
++{
++	return par->family;
++}
++static inline const struct net_device *xt_in(const struct xt_action_param *par)
++{
++	return par->in;
++}
++static inline const struct net_device *xt_out(const struct xt_action_param *par)
++{
++	return par->out;
++}
++#endif
++
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 781b284..0d1ac55 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3863,10 +3863,10 @@ static void netflow_export_stats(void)
+ 		t.pkts_selected	+= st->pkts_selected;
+ 		t.pkts_observed	+= st->pkts_observed;
+ #endif
+-		t.drop.first.tv64 = min_not_zero(t.drop.first.tv64, st->drop.first.tv64);
+-		t.drop.last.tv64  = max(t.drop.last.tv64, st->drop.last.tv64);
+-		t.lost.first.tv64 = min_not_zero(t.lost.first.tv64, st->lost.first.tv64);
+-		t.lost.last.tv64  = max(t.lost.last.tv64, st->lost.last.tv64);
++		t.drop.first_tv64 = min_not_zero(t.drop.first_tv64, st->drop.first_tv64);
++		t.drop.last_tv64  = max(t.drop.last_tv64, st->drop.last_tv64);
++		t.lost.first_tv64 = min_not_zero(t.lost.first_tv64, st->lost.first_tv64);
++		t.lost.last_tv64  = max(t.lost.last_tv64, st->lost.last_tv64);
+ 	}
+ 
+ 	export_stat_st(OTPL_MPSTAT, &t);
+@@ -4781,8 +4781,8 @@ static unsigned int netflow_target(
+ 			   const void *targinfo
+ # endif
+ #else /* since 2.6.28 */
+-# define if_in  par->in
+-# define if_out par->out
++# define if_in  xt_in(par)
++# define if_out xt_out(par)
+ # if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
+ 			   const struct xt_target_param *par
+ # else
+@@ -4809,7 +4809,7 @@ static unsigned int netflow_target(
+ #ifdef ENABLE_DIRECTION
+ 	const int hooknum = par->hooknum;
+ #endif
+-	const int family = par->family;
++	const int family = xt_family(par);
+ #endif
+ 	struct ipt_netflow_tuple tuple;
+ 	struct ipt_netflow *nf;
+diff --git a/ipt_NETFLOW.h b/ipt_NETFLOW.h
+index eb00e94..3ee44a8 100644
+--- a/ipt_NETFLOW.h
++++ b/ipt_NETFLOW.h
+@@ -414,7 +414,7 @@ struct netflow_aggr_p {
+ #define NETFLOW_STAT_TS(count)							 \
+ 	do {									 \
+ 		ktime_t kts = ktime_get_real();					 \
+-		if (!(__get_cpu_var(ipt_netflow_stat)).count.first.tv64)	 \
++		if (!(__get_cpu_var(ipt_netflow_stat)).count.first_tv64)	 \
+ 			__get_cpu_var(ipt_netflow_stat).count.first = kts;	 \
+ 		__get_cpu_var(ipt_netflow_stat).count.last = kts;		 \
+ 	} while (0);
+commit 5dec6355f151a5c9fa4393c43388b22d9c720fae
+Author: ABC <abc@telekom.ru>
+Date:   Tue Mar 14 21:55:29 2017 +0300
+
+    More compatibility with kernel 4.10.
+    
+    Thanks to cREoz @ gitnub. Resolves #70 once more.
+
+diff --git a/compat.h b/compat.h
+index 47176ef..867e7f2 100644
+--- a/compat.h
++++ b/compat.h
+@@ -623,6 +623,10 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par)
+ {
+ 	return par->out;
+ }
++static inline unsigned int xt_hooknum(const struct xt_action_param *par)
++{
++	return par->hooknum;
++}
+ #endif
+ 
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 0d1ac55..6d3122e 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -4806,9 +4806,9 @@ static unsigned int netflow_target(
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
+ 	const int family = target->family;
+ #else
+-#ifdef ENABLE_DIRECTION
+-	const int hooknum = par->hooknum;
+-#endif
++# ifdef ENABLE_DIRECTION
++	const int hooknum = xt_hooknum(par);
++# endif
+ 	const int family = xt_family(par);
+ #endif
+ 	struct ipt_netflow_tuple tuple;
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch
new file mode 100644
index 000000000000..10e8b552afb4
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch
@@ -0,0 +1,63 @@
+commit 53a556cb4a705f4eae2bcb49552b6427b231378a
+Author: ABC <abc@telekom.ru>
+Date:   Mon Aug 14 22:55:25 2017 +0300
+
+    Compatibility with kernel 4.13.
+    
+    Offset patch torvalds/linux@14afee4b6092fde451ee17604e5f5c89da33e71e
+
+diff --git a/compat.h b/compat.h
+index 061eb57..275ff58 100644
+--- a/compat.h
++++ b/compat.h
+@@ -636,4 +636,10 @@ static inline unsigned int xt_hooknum(const struct xt_action_param *par)
+ # define SK_CAN_REUSE   1
+ #endif
+ 
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,13,0)
++# define compat_refcount_read atomic_read
++#else
++# define compat_refcount_read refcount_read
++#endif
++
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 494ea74..9365325 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -622,7 +622,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
+ 
+ 			seq_printf(seq, " %u %u %u\n",
+ 			    sk->sk_sndbuf,
+-			    atomic_read(&sk->sk_wmem_alloc),
++			    compat_refcount_read(&sk->sk_wmem_alloc),
+ 			    wmem_peak);
+ 		} else
+ 			seq_printf(seq, " 0 0 %u\n", wmem_peak);
+@@ -864,7 +864,7 @@ static int nf_seq_show(struct seq_file *seq, void *v)
+ 			seq_printf(seq, ", sndbuf %u, filled %u, peak %u;"
+ 			    " err: sndbuf reached %u, connect %u, cberr %u, other %u\n",
+ 			    sk->sk_sndbuf,
+-			    atomic_read(&sk->sk_wmem_alloc),
++			    compat_refcount_read(&sk->sk_wmem_alloc),
+ 			    atomic_read(&usock->wmem_peak),
+ 			    usock->err_full,
+ 			    usock->err_connect,
+@@ -2031,7 +2031,7 @@ static void netflow_sendmsg(void *buffer, const int len)
+ 			printk(KERN_INFO "netflow_sendmsg: sendmsg(%d, %d) [%u %u]\n",
+ 			       snum,
+ 			       len,
+-			       atomic_read(&usock->sock->sk->sk_wmem_alloc),
++			       compat_refcount_read(&usock->sock->sk->sk_wmem_alloc),
+ 			       usock->sock->sk->sk_sndbuf);
+ 		ret = kernel_sendmsg(usock->sock, &msg, &iov, 1, (size_t)len);
+ 		if (ret < 0) {
+@@ -2054,7 +2054,7 @@ static void netflow_sendmsg(void *buffer, const int len)
+ 			printk(KERN_ERR "ipt_NETFLOW: sendmsg[%d] error %d: data loss %llu pkt, %llu bytes%s\n",
+ 			       snum, ret, pdu_packets, pdu_traf, suggestion);
+ 		} else {
+-			unsigned int wmem = atomic_read(&usock->sock->sk->sk_wmem_alloc);
++			unsigned int wmem = compat_refcount_read(&usock->sock->sk->sk_wmem_alloc);
+ 			if (wmem > atomic_read(&usock->wmem_peak))
+ 				atomic_set(&usock->wmem_peak, wmem);
+ 			NETFLOW_STAT_INC(exported_pkt);
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch
new file mode 100644
index 000000000000..bd9bedd3d998
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch
@@ -0,0 +1,61 @@
+commit c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214
+Author: ABC <abc@telekom.ru>
+Date:   Sun May 22 22:07:14 2016 +0300
+
+    Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6).
+    
+    Thus, making support for 4.6 kernels.
+    Reference to linux commit:
+      https://github.com/torvalds/linux/commit/3f1ac7a700d
+    
+    Fixes #56, thanks karel-un.
+
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 067fd50..d27eea2 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ {
+ 	struct ethtool_drvinfo info = { 0 };
+ 	const struct ethtool_ops *ops = dev->ethtool_ops;
++#ifndef ETHTOOL_GLINKSETTINGS
+ 	struct ethtool_cmd ecmd;
++#define _KSETTINGS(x, y) (x)
++#else
++	struct ethtool_link_ksettings ekmd;
++#define _KSETTINGS(x, y) (y)
++#endif
+ 	int len = size;
+ 	int n;
+ 
+@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ 	/* only get_settings for running devices to not trigger link negotiation */
+ 	if (dev->flags & IFF_UP &&
+ 	    dev->flags & IFF_RUNNING &&
+-	    !__ethtool_get_settings(dev, &ecmd)) {
++	    !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) {
+ 		char *s, *p;
+ 
+ 		/* append basic parameters: speed and port */
+-		switch (ethtool_cmd_speed(&ecmd)) {
++		switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) {
+ 		case SPEED_10000: s = "10Gb"; break;
+ 		case SPEED_2500:  s = "2.5Gb"; break;
+ 		case SPEED_1000:  s = "1Gb"; break;
+@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ 		case SPEED_10:    s = "10Mb"; break;
+ 		default:          s = "";
+ 		}
+-		switch (ecmd.port) {
++		switch (_KSETTINGS(ecmd.port, ekmd.base.port)) {
+ 		case PORT_TP:     p = "tp"; break;
+ 		case PORT_AUI:    p = "aui"; break;
+ 		case PORT_MII:    p = "mii"; break;
+@@ -3964,6 +3970,7 @@ ret:
+ 		ops->complete(dev);
+ 	return size - len;
+ }
++#undef _KSETTINGS
+ 
+ static const unsigned short netdev_type[] =
+ {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25,
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild
new file mode 100644
index 000000000000..f82263fe40cd
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="https://sourceforge.net/projects/ipt-netflow"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE="debug snmp"
+
+RDEPEND="
+	net-firewall/iptables
+	snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+	virtual/linux-sources
+	virtual/pkgconfig
+"
+
+# set S before MODULE_NAMES
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	BUILD_TARGETS="all"
+	MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+	IPT_LIB="/usr/$(get_libdir)/xtables"
+	local CONFIG_CHECK="~IP_NF_IPTABLES"
+	use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+	linux-mod_pkg_setup
+}
+
+src_prepare() {
+	sed -i \
+		-e 's:make -C:$(MAKE) -C:g' \
+		-e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \
+		-e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \
+		Makefile.in || die
+
+	# Checking for directory is enough
+	sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+
+	# bug #455984
+	eapply "${FILESDIR}/${PN}-2.0-configure.patch"
+
+	# Compatibility with kernel 4.6
+	eapply "${FILESDIR}/${P}-linux-4.6.patch"
+
+	# Compatibility with kernel 4.10, bug #617484
+	eapply "${FILESDIR}/${P}-linux-4.10.patch"
+
+	# Compatibility with kernel 4.13, bug #630446
+	eapply "${FILESDIR}/${P}-linux-4.13.patch"
+
+	eapply_user
+}
+
+do_conf() {
+	echo ./configure $*
+	./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+	local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+	# this configure script is not based on autotools
+	# ipt-src need to be defined, see bug #455984
+	do_conf \
+		--disable-dkms \
+		--ipt-lib="${IPT_LIB}" \
+		--ipt-src="/usr/" \
+		--ipt-ver="${IPT_VERSION}" \
+		--kdir="${KV_DIR}" \
+		--kver="${KV_FULL}" \
+		$(use debug && echo '--enable-debugfs') \
+		$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+	emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+	linux-mod_src_install
+	exeinto "${IPT_LIB}"
+	doexe libipt_NETFLOW.so
+	use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+	doheader ipt_NETFLOW.h
+	dodoc README*
+}
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild
new file mode 100644
index 000000000000..c2ed5f6f4274
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="https://sourceforge.net/projects/ipt-netflow"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="debug natevents snmp"
+
+RDEPEND="
+	net-firewall/iptables
+	snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+	virtual/linux-sources
+	virtual/pkgconfig
+"
+
+# set S before MODULE_NAMES
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	BUILD_TARGETS="all"
+	MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+	IPT_LIB="/usr/$(get_libdir)/xtables"
+	local CONFIG_CHECK="~IP_NF_IPTABLES"
+	use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+	use natevents && CONFIG_CHECK+=" NF_CONNTRACK_EVENTS NF_NAT_NEEDED"
+	linux-mod_pkg_setup
+}
+
+src_prepare() {
+	sed -i \
+		-e 's:make -C:$(MAKE) -C:g' \
+		-e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \
+		-e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \
+		Makefile.in || die
+
+	# Checking for directory is enough
+	sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+
+	# bug #455984
+	eapply "${FILESDIR}/${PN}-2.0-configure.patch"
+
+	# Compatibility with kernel 4.6
+	eapply "${FILESDIR}/${P}-linux-4.6.patch"
+
+	# Compatibility with kernel 4.10, bug #617484
+	eapply "${FILESDIR}/${P}-linux-4.10.patch"
+
+	# Compatibility with kernel 4.13, bug #630446
+	eapply "${FILESDIR}/${P}-linux-4.13.patch"
+
+	eapply_user
+}
+
+do_conf() {
+	echo ./configure $*
+	./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+	local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+	# this configure script is not based on autotools
+	# ipt-src need to be defined, see bug #455984
+	do_conf \
+		--disable-dkms \
+		--enable-aggregation \
+		--enable-direction \
+		--enable-macaddress \
+		--enable-vlan \
+		--ipt-lib="${IPT_LIB}" \
+		--ipt-src="/usr/" \
+		--ipt-ver="${IPT_VERSION}" \
+		--kdir="${KV_DIR}" \
+		--kver="${KV_FULL}" \
+		$(use debug && echo '--enable-debugfs') \
+		$(use natevents && echo '--enable-natevents') \
+		$(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+	emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+	linux-mod_src_install
+	exeinto "${IPT_LIB}"
+	doexe libipt_NETFLOW.so
+	use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+	doheader ipt_NETFLOW.h
+	dodoc README*
+}
diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml
new file mode 100644
index 000000000000..76cfd5175511
--- /dev/null
+++ b/net-firewall/ipt_netflow/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>pinkbyte@gentoo.org</email>
+		<name>Sergey Popov</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>netmon@gentoo.org</email>
+		<name>Gentoo network monitoring and analysis project</name>
+	</maintainer>
+	<use>
+		<flag name="natevents">Netflow NAT translation events (NEL) support</flag>
+	</use>
+	<upstream>
+		<remote-id type="sourceforge">ipt-netflow</remote-id>
+	</upstream>
+</pkgmetadata>