package/keepalived: fix build with kernel < 3.14

Fix the following build failure with kernel < 3.14 raised since bump to
version 2.27 in commit 79f631000f:

vrrp_nftables.c: In function 'setup_rule_move_igmp':
vrrp_nftables.c:1226:15: error: 'NFT_META_L4PROTO' undeclared (first use in this function)
   add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
               ^

Fixes:
 - http://autobuild.buildroot.org/results/2132570fb0407abc0e70146d771471e13ef10237

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/keepalived/0001-vrrp-nft-didn-t-support-meta-l4proro-until-Linux-3-14.patch

@@ -0,0 +1,76 @@
+From edc71b19c619fdc1d71df10a2d0e8f5822965d69 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 8 Feb 2022 14:58:49 +0000
+Subject: [PATCH] vrrp: nft didn't support meta l4proro until Linux 3.14
+
+For Linux 3.13 (first version to support nftables), we instead specify:
+@nh,48,8 58
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+
+[Retrieved (and updated to drop update of README.kernel_versions) from:
+https://github.com/acassen/keepalived/commit/edc71b19c619fdc1d71df10a2d0e8f5822965d69]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ README.kernel_versions          |  1 +
+ configure.ac                    |  5 +++++
+ keepalived/vrrp/vrrp_nftables.c | 16 ++++++++++++++--
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 350a9f4e9..bc643dbf1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1754,6 +1754,11 @@ if test .${enable_nftables} != .no; then
+ 	],[
+ 	  AC_MSG_RESULT(no)
+ 	])
++
++      # nft l4proto from Linux 3.14
++      AC_CHECK_DECLS([NFT_META_L4PROTO], [], [],
++        [#include <linux/netfilter/nf_tables.h>])
++
+       # nft dup from Linux 4.3
+       AC_CHECK_DECLS([NFTA_DUP_MAX], [], [],
+         [#include <linux/netfilter/nf_tables.h>])
+diff --git a/keepalived/vrrp/vrrp_nftables.c b/keepalived/vrrp/vrrp_nftables.c
+index d3ea39db3..8b5095ad4 100644
+--- a/keepalived/vrrp/vrrp_nftables.c
++++ b/keepalived/vrrp/vrrp_nftables.c
+@@ -1191,6 +1191,8 @@ setup_rule_move_igmp(uint8_t family, const char *table,
+ 	   otherwise:
+ 	     nft add rule ip keepalived out ip protocol igmp [meta oifkind macvlan] oif @vmac_set drop
+ 	     nft add rule ip6 keepalived out icmpv6 type mld2-listener-report [meta oifkind macvlan] oif @vmac_set drop
++	 *
++	 * Note: on 3.13 kernels, icmpv6 is specified as @nh,48,8 58
+ 	 */
+ 	struct nftnl_rule *r = NULL;
+ 	uint64_t handle_num;
+@@ -1223,7 +1225,12 @@ setup_rule_move_igmp(uint8_t family, const char *table,
+ 			    offsetof(struct iphdr, daddr), sizeof(struct in_addr));
+ #endif
+ 	} else {
+-		add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
++#if HAVE_DECL_NFT_META_L4PROTO
++		add_meta(r, NFT_META_L4PROTO, NFT_REG_1);	/* From Linux 3.14 */
++#else
++		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
++			    offsetof(struct ip6_hdr, ip6_nxt), sizeof(((struct ip6_hdr *)NULL)->ip6_nxt));
++#endif
+ 		protocol = IPPROTO_ICMPV6;
+ 		add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &protocol, sizeof(protocol));
+ 		add_payload(r, NFT_PAYLOAD_TRANSPORT_HEADER, NFT_REG_1,
+@@ -1279,7 +1286,12 @@ setup_rule_drop_router_solicit(const char *table, const char *chain,
+ 		nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle_num);
+ 	}
+ 
+-	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
++#if HAVE_DECL_NFT_META_L4PROTO
++	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);	/* From Linux 3.14 */
++#else
++	add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
++		    offsetof(struct ip6_hdr, ip6_nxt), sizeof(((struct ip6_hdr *)NULL)->ip6_nxt));
++#endif
+ 	protocol = IPPROTO_ICMPV6;
+ 	add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &protocol, sizeof(protocol));
+ 	add_payload(r, NFT_PAYLOAD_TRANSPORT_HEADER, NFT_REG_1,

package/keepalived/0002-ipvs-nft-didn-t-support-meta-l4proro-until-Linux-3-14.patch

@@ -0,0 +1,40 @@
+From 50e8a8d56cd5a3d7184b035708865302bbc7ef69 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 8 Feb 2022 17:43:49 +0000
+Subject: [PATCH] ipvs: nft didn't support meta l4proro until Linux 3.14
+
+For Linux 3.13 (first version to support nftables), we instead specify:
+ipv4: @nh,72,8 PROTO
+ipv6: @nh,48,8 PROTO
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+
+[Retrieved from:
+https://github.com/acassen/keepalived/commit/50e8a8d56cd5a3d7184b035708865302bbc7ef69]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ keepalived/check/check_nftables.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/keepalived/check/check_nftables.c b/keepalived/check/check_nftables.c
+index 2d163ac14..45831203b 100644
+--- a/keepalived/check/check_nftables.c
++++ b/keepalived/check/check_nftables.c
+@@ -150,7 +150,16 @@ setup_rule_set_mark(uint8_t family, const char *table,
+ 		nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle_num);
+ 	}
+ 
+-	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
++#if HAVE_DECL_NFT_META_L4PROTO
++	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);	/* From Linux 3.14 */
++#else
++	if (family == NFPROTO_IPV4)
++		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
++			    offsetof(struct iphdr, protocol), sizeof(((struct iphdr *)NULL)->protocol));
++	else
++		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
++			    offsetof(struct ip6_hdr, ip6_nxt), sizeof(((struct ip6_hdr *)NULL)->ip6_nxt));
++#endif
+ 	add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &l4_protocol, sizeof(l4_protocol));
+ 	if (family == NFPROTO_IPV4)
+ 		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,

package/keepalived/keepalived.mk

@@ -11,6 +11,8 @@ KEEPALIVED_LICENSE = GPL-2.0+
 KEEPALIVED_LICENSE_FILES = COPYING
 KEEPALIVED_CPE_ID_VENDOR = keepalived
 KEEPALIVED_CONF_OPTS = --disable-hardening
+# We're patching configure.ac
+KEEPALIVED_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_JSON_C),y)
 KEEPALIVED_DEPENDENCIES += json-c