Age | Commit message (Collapse) | Author |
|
Location of file inside sourcedir fixed but bitbake variable
systemd_unitdir varies depending on usrmerge feature
hence can not be used here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2b643dcefe8ae4ef0cd3066bd31bae41e322b84c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Note that (like for nftables itself), the ptests will require the
following added to local.conf (or the kernel configuration):
KERNEL_FEATURES:append = " features/nf_tables/nf_tables.scc"
Current pass/fail results:
I: results: [OK] 271 [FAILED] 29 [TOTAL] 300
I've been investigating the failing tests under the assumption that they
fail because of missing kernel modules, but there are some that suggest
syntax problems (possibly problems with the tests themselves). Example:
W: [FAILED] ./tests/shell/testcases/listing/0020flowtable_0: got 1
/dev/stdin:2:12-12: Error: Could not process rule: No such file or
directory
flowtable f {
^
/dev/stdin:6:11-12: Error: Could not process rule: No such file or
directory
flowtable f2 {
^^
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport a patch to fix musl build.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport a patch to fix build error:
../../nftables-1.0.2/examples/nft-buffer.c:3:10: fatal error: nftables/libnftables.h: No such file or directory
3 | #include <nftables/libnftables.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The upstream ebtables-legacy-save perl script is replaced by a bash
implementation (taken from Fedora). So there's nothing left which
RDEPENDs on perl.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop 0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch
as the clang build issue had been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Also fix patch contributor name in the process of reworking it to apply
on the new 1.2.1 release (I had accidentally modified it when reworking
it previously).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
From the changelog (https://marc.info/?l=netfilter&m=162939459210790&w=2):
- Catch-all set element support: This allows users to define the
special wildcard set element for anything else not defined in
the set
- Define variables from the command line through --define
- Allow to use stateful expressions in maps
- Add command to list the netfilter hooks pipeline for a given packet
family. If device is specified, then ingress path is also included
- Allow to combine jhash, symhash and numgen expressions with the
queue statement, to fan out packets to userspace queues via
nfnetlink_queue
- Expand variable containing set into multiple mappings
- Allow to combine verdict maps with interval concatenations
- Simplify syntax for NAT mappings. You can specify an IP range, or a
specific IP and port, or a combination of range of IP addresses and
ports
- Bugfixes
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upgrade libnftnl in preparation for the upgrade of nftables, since the
latter requires libnftnl >= 1.2.0.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Added missing RDEPENDS to the libnft library from nftables-python to
libnftable.so.1 which is loaded dynamically by LibraryLoader into
python.
Added json to default PACKAGECONFIG which is probably used as well when
compiled with python support. For example firewalld crashes at runtime
if nftables is compiled without json support.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This is needed for login-shield pkg in meta-security
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The original /sbin/ebtables has been moved to /usr/sbin/ebtables-legacy.
But the old path is still used by some other software libvirt.
libvirtd[809]: direct firewall backend requested,
but /sbin/ebtables is not available: No such file or directory
As stated in the related change in ebtable git repo:
The new -legacy binary has no problem if called via a symlink with the
'ebtables' name, so users can still name this binary with whatever name.
So we add a symbol link from /usr/sbin/ebtables-legacy to /sbin/ebtables.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refer to Debian, patch the Makefile to prevent /etc/ethertypes
installation instead of removing it in do_install_append.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Remove the upstream ebtables-legacy-save before we install the local
ones. And install it to ${sbindir} rather than ${base_sbindir}.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The ebtables.common is required by ebtables.service. Add it back.
Fixes:
systemd[660]: ebtables.service: Failed to locate executable /usr/sbin/ebtables.common: No such file or directory
systemd[660]: ebtables.service: Failed at step EXEC spawning /usr/sbin/ebtables.common: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refresh the following patch:
0010-Adjust-header-include-sequence.patch
Referring to Fedora style, ebtables-legacy-save and ebtables.service are retained.
The upstream address has been modified.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The /etc/ethertypes is provided by netbase since 6.0[1].
Do not instal the file in ebtables, otherwise there would be a conflict:
Error: Transaction test error:
file /etc/ethertypes conflicts between attempted installs of netbase-1:6.2-r0.corei7_64 and ebtables-2.0.10+4-r4.corei7_64
[1] https://salsa.debian.org/md/netbase/-/commit/316680c6a2c3641b6abc76b3eebf88781f609d35
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
See https://lwn.net/Articles/822353/
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
See https://lwn.net/Articles/816528/
Also remove patch applied upstream
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This includes the following changes:
ac0778e build: libnftnl 1.1.6 release
60e6d9b include: update nf_tables.h.
c8cc25b Revert "bitwise: add support for passing mask and xor via registers."
4bf470b expr: nat: snprint flags in hexadecimal
ff92868 expr: masq: revisit _snprintf()
c76d36a set: support for NFTNL_SET_EXPR
9270557 set_elem: missing set and build for NFTNL_SET_ELEM_EXPR
4c8abad chain: add NFTNL_CHAIN_FLAGS
75b8778 bitwise: add support for passing mask and xor via registers.
8db0a94 include: update nf_tables.h.
7b4848c tests: bitwise: fix error message.
ec3622b src: add nftnl_*_{get,set}_array()
629ee38 src: Fix for reading garbage in nftnl_chain getters
04cc28d set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END
7cd41b5 set: Add support for NFTA_SET_DESC_CONCAT attributes
131a6c2 include: resync nf_tables.h cache copy
8fa63d7 bitwise: add support for left- and right-shifts.
3f232d7 bitwise: add support for new netlink attributes.
3fb5640 include: update nf_tables.h.
154104a bitwise: add helper to print boolean expressions.
66d6afb bitwise: fix some incorrect indentation.
35bac9a Update gitignore.
325cb6f include: Remove buffer.h
6079297 expr: meta: add slave device matching
7e15d9d udata: support for TLV attribute nesting
7f72b5c udata: add NFTNL_UDATA_SET_*TYPEOF* definitions
d16abf7 include: typo in object.h C++ wrapper
dfe3828 examples: Replace use of deprecated symbols
d95a703 chain: Correctly check realloc() call
835d645 flowtable: Correctly check realloc() call
32a8c5f chain: Fix memleak in error path of nftnl_chain_parse_devs()
ba1b025 flowtable: Fix memleak in error path of nftnl_flowtable_parse_devs()
b238876 tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Helps fixing packaging errors on mulilib builds
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fill out PACKAGECONFIG options for json, mini-gmp, readline and xtables
whilst matching existing behaviour. Drop PACKAGECONFIG to weak default.
Fix upstream version matching so the very old 0.099 is rejected as the
newest version.
Drop seemingly redundant ASNEEDED which was added in 5477d5bcb727
("nftables: Upgrade to 0.7") without explanation.
Package python files from libdir not libdir_native; whilst they're the
same thing, building a target package with native variables is odd.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
New patch:
0001-update-python3-nftables-reference.patch
Signed-off-by: Todd Cunningham <tcunningham07@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Remove obselete patch:
0001-Move-exports-before-symbol-definition.patch
Refresh patch:
0002-avoid-naming-local-function-as-one-of-printf-family.patch
Add one new file in this patch:
src/obj/synproxy.c
Signed-off-by: Todd Cunningham <tcunningham07@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Switch PACKAGECONFIG from man to manpages so we are included when
api-documentation is set. Ensure correct tools are available to build
the documentation and avoid unsupported option failures by not passing
`--enable-man-doc`.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refresh patch:
0002-avoid-naming-local-function-as-one-of-printf-family.patch
Add two new file in this patch:
src/expr/synproxy.c
src/obj/ct_expect.c
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The upgrade includes a new python library, therefore added the
{PN}-python package.
Signed-off-by: Mariano López <just.another.mariano@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
github archives are not reliable
Fixes
arno-iptables-firewall-2.0.3: https://github.com/arno-iptables-firewall/aif/archive/2.0.3.tar.gz: SRC_URI uses unstable GitHub archives [src-uri-bad]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Updated libnftnl to 1.1.3 and refreshed patches.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|