Age | Commit message (Collapse) | Author |
|
nftables has a pyproject.toml file since v1.0.9, c.f.
https://git.netfilter.org/nftables/commit/?id=8e603e0f7eec7c0000344a004228a30fbf0ece5c
Styhead has started to complain when a recipe inherits setuptools3 and a
proper pyproject.toml is provided in sources.
This uses python_pep517 functions instead of the setuptools3 ones,
inherits the proper class (still using setuptools3 but through pep517
process).
Notably, the python PACKAGECONFIG has its build dependency on
python3-setuptools-native removed as it's brought in by
python_setuptools_build_meta inherit, which is performed whenever the
python PACKAGECONFIG is selected. This avoids a "duplicate" but no
change in behavior is expected.
This was only build tested.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This change adds a simple format for the skip results.
The format selected is the automake "simple test" format:
"result: testname"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
ChangeLog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.1.0.txt
* Drop backport patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
==========
- ipset: fix json output format for IPSET_OPT_IP
- tests: add namespace test and take into account delayed
set removal at module remove
- Update autoconfig tools to build cleanly on Debian bookworm
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Use inherit_defer instead of inhert. This way, setuptools3 is not
inherited when python is removed from PACKAGECONFIG in a .bbappend file.
This avoids dependencies added by setuptools3.
Don't add nftables-python to PACKAGES if python is disabled. It adds
extra runtime dependencies on python3-core and python3-json.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
============
* Enable IPv6 name record lookups for dig-wrapper. This indirectly enables
IPv6/AAAA-record support for dyndns-host-open (& traffic-accounting) plugin
! Prevent systemd from terminating the job manager when some rules fail
* Renamed xxx_OUTPUT to INET_OUTPUT_xxx for clarity/consistency
+ Additional INET_OUTPUT_xxx settings to have better control
of internet access on this machine
* Reorder some code/settings for clarity/consistency
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
It gets OOMs with memory < 2G on x86_64 qemu
Export NFT variable in run-ptest script its used by few tests
Add required runtime dependencies for ptests to pass
This also requires changes to kernel config
features/nf_tables/nft_test.scc and CONFIG_VETH
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There are 2 failed ptest testcases. They fail because they are broken,
but the fix from the upstream is not yet available in version 1.0.9.
These testcases are:
- tests/shell/testcases/sets/reset_command_0
Fix from the upstream:
https://git.netfilter.org/nftables/commit/?id=7a6089a400a573b9a4fd92f29c00a6be7b8ef269
- tests/shell/testcases/json/0005secmark_objref_0
Fix from the upstream:
https://git.netfilter.org/nftables/commit/?id=fff913c1eefbc84eb2d9c52038ef29fe881e9ee9
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The following ShellCheck violations in "run-ptest" are fixed:
- line 4:
SC2164: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
- line 7:
SC2086: Double quote to prevent globbing and word splitting.
- line 9:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 10:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 17:
SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix the following ptest output format issues:
- For "sed" command, change "-e" option to "-E" option. I believe the
previous "-e" option is a typo based on the manual page of "sed":
-e script, --expression=script
add the script to the commands to be executed
"-E" option, on the other hand, makes "sed" "use extended regular
expressions in the script" according to the manual page.
- The test result summary line is being treated as both a passed
testcase and a failed testcase due to this line containing substring
"[OK]" and "[FAILED]". The following is a sample test result summary
line:
I: results: [OK] 379 [SKIPPED] 1 [FAILED] 0 [TOTAL] 380
The fix is to change run-ptest to look for "I: [OK]" and
"W: [FAILED]" when determining which lines correspond to
passed/failed testcases.
- Previously, only "W: [FAILED]" out of the following testcase failure
prompts is parsed:
W: [CHK DUMP]
W: [VALGRIND]
W: [TAINTED]
W: [DUMP FAIL]
W: [FAILED]
Adding parsing for all testcase failure prompts.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add DESCRIPTION and HOMEPAGE.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix build with latest musl while here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Drop SRCPV similarly like oe-core did in:
https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=843f82a246a535c353e08072f252d1dc78217872
* SRCPV is deferred now from PV to PKGV since:
https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=a8e7b0f932b9ea69b3a218fca18041676c65aba0
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.9.txt
Drop configure option --disable-python as it has been removed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This release fixes several regressions in 1.4.7 with the -U/--update and
-D/--delete commands.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Required by daq native build.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Required by libnetfilter-queue native build.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
=========
tests: nft-rule-test: Add test cases to improve code coverage
tests: nft-table-test: fix typo shixuantong
expr: meta: introduce broute meta expression
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refer to https://git.netfilter.org/conntrack-tools/tree/INSTALL, add
required kernel modules to RRECOMMENDS.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refer to
https://salsa.debian.org/pkg-netfilter-team/pkg-conntrack-tools/-/blob/master/debian/conntrackd.service,
add systemd unit file conntrackd.service.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Update UPSTREAM_CHECK_URI accordingly
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.7.txt
The COPYING text changed to highlight that "New code though is moving to
GPL version 2 or any later which is the preferred license for this project
these days." Although the project itself stays GPLv2 only.
https://netfilter.org/licensing.html#terms
The upstream replaced distutils with setuptools, so the nftables-python
is now built using the standard approach. The coexistence of setuptools
and automake is solved in the same way as in meta-oe/recipes-support/libiio.
The removal of *.pyc is no longer necessary.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop backport patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Mitigate occurence where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Using a private module from setuptools is not a good idea and
no longer works with latest setuptools.
it's actually better to revert to official distutils even if
it is going away in the next python release. Hopefully by
then upstream will transition to something supported.
TMPDIR in .pyc can be addressed by simply not installing the .pyc.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changes are here [1], change to xz compressed archives
[1] https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Make run-ptest use the correct libdir for multilib builds.
Log the ptest output to a date stamped file and append a test summary
to the end of the log.
Munge the log as it is produced to:
- insert the expected automake keywords: PASS and FAIL.
- remove escape sequences used for ANSI colours as well as movement commands
Add additional discrete tool dependencies to the nftables-ptest list since
the test suite does not work with the busybox versions.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop 0001-avoid-naming-local-function-as-one-of-printf-family.patch as
the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop backported patch, switch PACKAGECONFIG assignment to ?= (matches
current practice), add in editline, linenoise CLI options and xtables
option. Switch to --disable-python when building without python to avoid
a configure time warning.
We can drop UPSTREAM_CHECK_REGEX as the version no longer gets confused
by the 0.099 version which exists.
Fix buildpaths warning by switching to setuptools and add dependency on
${PN}-python to ${PN}-ptest so that the embedded paths in the compiled
python files are correct.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix error caused by postinst script of conntrack-tools:
do_rootfs: Postinstall scriptlets of ['conntrack-tools'] have failed...
Configuring ... rootfs//var/lib/opkg/info/conntrack-tools.postinst:
line 2: setcap: command not found
conntrack-tools.postinst returned 127, marking as unpacked only...
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix error caused by postinst script of conntrack-tools:
| /var/tmp/rpm-tmp.or09Iq: line 4: unexpected EOF while looking for matching `"'
| %post(conntrack-tools-1.4.6-r0.core2_64): waitpid(1173) rc 1173 status 200
| warning: %post(conntrack-tools-1.4.6-r0.core2_64) scriptlet failed, exit status 2
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
ulogd-2.x provides a flexible, almost universal logging daemon for
netfilter logging. This encompasses both packet-based logging (logging
of policy violations) and flow-based logging, e.g. for accounting
purpose.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The commit fix this error message: Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Location of file inside sourcedir fixed but bitbake variable
systemd_unitdir varies depending on usrmerge feature
hence can not be used here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Note that (like for nftables itself), the ptests will require the
following added to local.conf (or the kernel configuration):
KERNEL_FEATURES:append = " features/nf_tables/nf_tables.scc"
Current pass/fail results:
I: results: [OK] 271 [FAILED] 29 [TOTAL] 300
I've been investigating the failing tests under the assumption that they
fail because of missing kernel modules, but there are some that suggest
syntax problems (possibly problems with the tests themselves). Example:
W: [FAILED] ./tests/shell/testcases/listing/0020flowtable_0: got 1
/dev/stdin:2:12-12: Error: Could not process rule: No such file or
directory
flowtable f {
^
/dev/stdin:6:11-12: Error: Could not process rule: No such file or
directory
flowtable f2 {
^^
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|