From 8609c4e5eadfdd60664640c4ae07e250c98dd86b Mon Sep 17 00:00:00 2001 From: "Maxin B. John" Date: Tue, 29 Dec 2015 15:11:59 +0200 Subject: iptables: upgrade to 1.6.0 1.4.21 -> 1.6.0 xtables_globals structure layout has changed. * Refreshed below listed patches to work with this release: 1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 2. 0001-fix-build-with-musl.patch * Added PACKAGECONFIG for libnftnl Signed-off-by: Maxin B. John Signed-off-by: Ross Burton --- ...Add-option-to-enable-disable-libnfnetlink.patch | 50 +++++++--------- .../iptables/0001-fix-build-with-musl.patch | 69 ++++------------------ meta/recipes-extended/iptables/iptables_1.4.21.bb | 47 --------------- meta/recipes-extended/iptables/iptables_1.6.0.bb | 50 ++++++++++++++++ 4 files changed, 83 insertions(+), 133 deletions(-) delete mode 100644 meta/recipes-extended/iptables/iptables_1.4.21.bb create mode 100644 meta/recipes-extended/iptables/iptables_1.6.0.bb diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch index ab609e27e3..b711b7aa36 100644 --- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch +++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch @@ -1,47 +1,37 @@ -From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sun, 17 Mar 2013 11:21:35 -0700 -Subject: [PATCH] configure: Add option to enable/disable libnfnetlink +[PATCH] configure: Add option to enable/disable libnfnetlink This changes the configure behaviour from autodetecting for libnfnetlink to having an option to disable it explicitly -Signed-off-by: Khem Raj - Upstream-Status: Pending ---- - configure.ac | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) -diff --git a/configure.ac b/configure.ac -index ba616ab..ce2d315 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq], - AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], - [Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]), - [pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig']) +Signed-off-by: Khem Raj +Signed-off-by: Maxin B. John +--- +diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac +--- iptables-1.6.0-old/configure.ac 2015-12-28 18:40:35.255417976 +0200 ++++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200 +@@ -63,6 +63,9 @@ + AC_ARG_ENABLE([nftables], + AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]), + [enable_nftables="$enableval"], [enable_nftables="yes"]) +AC_ARG_ENABLE([libnfnetlink], -+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), -+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"]) ++ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), ++ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"]) libiptc_LDFLAGS2=""; AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed], -@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"]) - AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) - AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) +@@ -123,9 +126,10 @@ + AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool)) + fi -PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], - [nfnetlink=1], [nfnetlink=0]) -AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) +AS_IF([test "x$enable_libnfnetlink" = "xyes"], [ -+ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0]) -+ ]) -+ ++ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0]) ++ ]) +AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"]) - regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ - -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ --- -1.7.9.5 - + if test "x$enable_nftables" = "xyes"; then + PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0]) diff --git a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch index 7a003d912f..f1f85a6fa0 100644 --- a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch +++ b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch @@ -1,81 +1,41 @@ -From 7c07b7fd4fdd7844dd032af822306f08e4422c34 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 6 Apr 2015 20:47:29 -0700 -Subject: [PATCH] fix build with musl +[PATCH] fix build with musl -Add needed headers they are just not needed for glibc6+ but also -for musl Define additional TCOPTS if not there - u_initX types are in sys/types.h be explicit about it Upstream-Status: Pending Signed-off-by: Khem Raj +Signed-off-by: Maxin B. John --- - extensions/libxt_TCPOPTSTRIP.c | 15 +++++++++++++++ - include/libiptc/ipt_kernel_headers.h | 12 ------------ - include/linux/netfilter_ipv4/ip_tables.h | 1 + - 3 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c -index 6897857..8a170b2 100644 ---- a/extensions/libxt_TCPOPTSTRIP.c -+++ b/extensions/libxt_TCPOPTSTRIP.c +diff -Naur iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c +--- iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c 2015-12-09 14:55:06.000000000 +0200 ++++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c 2015-12-29 14:44:32.585327077 +0200 @@ -12,6 +12,21 @@ #ifndef TCPOPT_MD5SIG # define TCPOPT_MD5SIG 19 #endif +#ifndef TCPOPT_MAXSEG -+# define TCPOPT_MAXSEG 2 ++#define TCPOPT_MAXSEG 2 +#endif +#ifndef TCPOPT_WINDOW -+# define TCPOPT_WINDOW 3 ++#define TCPOPT_WINDOW 3 +#endif +#ifndef TCPOPT_SACK_PERMITTED -+# define TCPOPT_SACK_PERMITTED 4 ++#define TCPOPT_SACK_PERMITTED 4 +#endif +#ifndef TCPOPT_SACK -+# define TCPOPT_SACK 5 ++#define TCPOPT_SACK 5 +#endif +#ifndef TCPOPT_TIMESTAMP -+# define TCPOPT_TIMESTAMP 8 ++#define TCPOPT_TIMESTAMP 8 +#endif enum { O_STRIP_OPTION = 0, -diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h -index 18861fe..a5963e9 100644 ---- a/include/libiptc/ipt_kernel_headers.h -+++ b/include/libiptc/ipt_kernel_headers.h -@@ -5,7 +5,6 @@ - - #include - --#if defined(__GLIBC__) && __GLIBC__ == 2 - #include - #include - #include -@@ -13,15 +12,4 @@ - #include - #include - #include --#else /* libc5 */ --#include --#include --#include --#include --#include --#include --#include --#include --#include --#endif - #endif -diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h -index 57fd82a..4807246 100644 ---- a/include/linux/netfilter_ipv4/ip_tables.h -+++ b/include/linux/netfilter_ipv4/ip_tables.h +diff -Naur iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h +--- iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h 2015-12-09 14:55:06.000000000 +0200 ++++ iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h 2015-12-29 14:40:21.250469195 +0200 @@ -15,6 +15,7 @@ #ifndef _IPTABLES_H #define _IPTABLES_H @@ -84,6 +44,3 @@ index 57fd82a..4807246 100644 #include #include --- -2.1.4 - diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb b/meta/recipes-extended/iptables/iptables_1.4.21.bb deleted file mode 100644 index 4118f54812..0000000000 --- a/meta/recipes-extended/iptables/iptables_1.4.21.bb +++ /dev/null @@ -1,47 +0,0 @@ -SUMMARY = "Tools for managing kernel packet filtering capabilities" -DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \ -filtering code in Linux." -HOMEPAGE = "http://www.netfilter.org/" -BUGTRACKER = "http://bugzilla.netfilter.org/" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ - file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc" - -RRECOMMENDS_${PN} = "kernel-module-x-tables \ - kernel-module-ip-tables \ - kernel-module-iptable-filter \ - kernel-module-iptable-nat \ - kernel-module-nf-defrag-ipv4 \ - kernel-module-nf-conntrack \ - kernel-module-nf-conntrack-ipv4 \ - kernel-module-nf-nat \ - kernel-module-ipt-masquerade" -FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables" - -SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ - file://types.h-add-defines-that-are-required-for-if_packet.patch \ - file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ - file://0001-fix-build-with-musl.patch \ - file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ - " - -SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0" -SRC_URI[sha256sum] = "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0" - -inherit autotools pkgconfig - -EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \ - " -PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ - " - -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," - -# libnfnetlink recipe is in meta-networking layer -PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack" - -do_configure_prepend() { - # Remove some libtool m4 files - # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. - rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 -} diff --git a/meta/recipes-extended/iptables/iptables_1.6.0.bb b/meta/recipes-extended/iptables/iptables_1.6.0.bb new file mode 100644 index 0000000000..fbbe4186b2 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables_1.6.0.bb @@ -0,0 +1,50 @@ +SUMMARY = "Tools for managing kernel packet filtering capabilities" +DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \ +filtering code in Linux." +HOMEPAGE = "http://www.netfilter.org/" +BUGTRACKER = "http://bugzilla.netfilter.org/" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ + file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc" + +RRECOMMENDS_${PN} = "kernel-module-x-tables \ + kernel-module-ip-tables \ + kernel-module-iptable-filter \ + kernel-module-iptable-nat \ + kernel-module-nf-defrag-ipv4 \ + kernel-module-nf-conntrack \ + kernel-module-nf-conntrack-ipv4 \ + kernel-module-nf-nat \ + kernel-module-ipt-masquerade" +FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables" + +SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ + file://types.h-add-defines-that-are-required-for-if_packet.patch \ + file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ + file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ + " +SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch" + +SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31" +SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60" + +inherit autotools pkgconfig + +EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \ + " +PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ + " + +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +# libnfnetlink recipe is in meta-networking layer +PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack" + +# libnftnl recipe is in meta-networking layer(previously known as libnftables) +PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl" + +do_configure_prepend() { + # Remove some libtool m4 files + # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. + rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 +} -- cgit 1.2.3-korg