sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

iptables: upgrade to 1.6.0 

1.4.21 -> 1.6.0

xtables_globals structure layout has changed.

* Refreshed below listed patches to work with this release:
        1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
        2. 0001-fix-build-with-musl.patch

* Added PACKAGECONFIG for libnftnl

(From OE-Core rev: 8609c4e5eadfdd60664640c4ae07e250c98dd86b)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Maxin B. John 2015-12-29 15:11:59 +02:00 committed by Richard Purdie
parent c2bda6c000
commit 20843fa016
3 changed files with 39 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
View File

@ -1,47 +1,37 @@
From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001 [PATCH] configure: Add option to enable/disable libnfnetlink
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 17 Mar 2013 11:21:35 -0700
Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
This changes the configure behaviour from autodetecting This changes the configure behaviour from autodetecting
for libnfnetlink to having an option to disable it explicitly for libnfnetlink to having an option to disable it explicitly
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending Upstream-Status: Pending
---
configure.ac | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac Signed-off-by: Khem Raj <raj.khem@gmail.com>
index ba616ab..ce2d315 100644 Signed-off-by: Maxin B. John <maxin.john@intel.com>
--- a/configure.ac ---
+++ b/configure.ac diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq], --- iptables-1.6.0-old/configure.ac 2015-12-28 18:40:35.255417976 +0200
AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], +++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200
[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]), @@ -63,6 +63,9 @@
[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig']) AC_ARG_ENABLE([nftables],
AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
[enable_nftables="$enableval"], [enable_nftables="yes"])
+AC_ARG_ENABLE([libnfnetlink], +AC_ARG_ENABLE([libnfnetlink],
+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), + AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"]) + [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
libiptc_LDFLAGS2=""; libiptc_LDFLAGS2="";
AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed], AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"]) @@ -123,9 +126,10 @@
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) fi
-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], -PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
- [nfnetlink=1], [nfnetlink=0]) - [nfnetlink=1], [nfnetlink=0])
-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) -AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [ +AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
+ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0]) + PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
+ ]) + ])
+
+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"]) +AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ if test "x$enable_nftables" = "xyes"; then
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
--
1.7.9.5

69
meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
View File

@ -1,81 +1,41 @@
From 7c07b7fd4fdd7844dd032af822306f08e4422c34 Mon Sep 17 00:00:00 2001 [PATCH] fix build with musl
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 6 Apr 2015 20:47:29 -0700
Subject: [PATCH] fix build with musl
Add needed headers they are just not needed for glibc6+ but also
for musl
Define additional TCOPTS if not there Define additional TCOPTS if not there
u_initX types are in sys/types.h be explicit about it u_initX types are in sys/types.h be explicit about it
Upstream-Status: Pending Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
--- ---
extensions/libxt_TCPOPTSTRIP.c | 15 +++++++++++++++ diff -Naur iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c
include/libiptc/ipt_kernel_headers.h | 12 ------------ --- iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c 2015-12-09 14:55:06.000000000 +0200
include/linux/netfilter_ipv4/ip_tables.h | 1 + +++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c 2015-12-29 14:44:32.585327077 +0200
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index 6897857..8a170b2 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -12,6 +12,21 @@ @@ -12,6 +12,21 @@
#ifndef TCPOPT_MD5SIG #ifndef TCPOPT_MD5SIG
# define TCPOPT_MD5SIG 19 # define TCPOPT_MD5SIG 19
#endif #endif
+#ifndef TCPOPT_MAXSEG +#ifndef TCPOPT_MAXSEG
+# define TCPOPT_MAXSEG 2 +#define TCPOPT_MAXSEG 2
+#endif +#endif
+#ifndef TCPOPT_WINDOW +#ifndef TCPOPT_WINDOW
+# define TCPOPT_WINDOW 3 +#define TCPOPT_WINDOW 3
+#endif +#endif
+#ifndef TCPOPT_SACK_PERMITTED +#ifndef TCPOPT_SACK_PERMITTED
+# define TCPOPT_SACK_PERMITTED 4 +#define TCPOPT_SACK_PERMITTED 4
+#endif +#endif
+#ifndef TCPOPT_SACK +#ifndef TCPOPT_SACK
+# define TCPOPT_SACK 5 +#define TCPOPT_SACK 5
+#endif +#endif
+#ifndef TCPOPT_TIMESTAMP +#ifndef TCPOPT_TIMESTAMP
+# define TCPOPT_TIMESTAMP 8 +#define TCPOPT_TIMESTAMP 8
+#endif +#endif
enum { enum {
O_STRIP_OPTION = 0, O_STRIP_OPTION = 0,
diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h diff -Naur iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h
index 18861fe..a5963e9 100644 --- iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h 2015-12-09 14:55:06.000000000 +0200
--- a/include/libiptc/ipt_kernel_headers.h +++ iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h 2015-12-29 14:40:21.250469195 +0200
+++ b/include/libiptc/ipt_kernel_headers.h
@@ -5,7 +5,6 @@
#include <limits.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/ip_icmp.h>
@@ -13,15 +12,4 @@
#include <netinet/udp.h>
#include <net/if.h>
#include <sys/types.h>
-#else /* libc5 */
-#include <sys/socket.h>
-#include <linux/ip.h>
-#include <linux/in.h>
-#include <linux/if.h>
-#include <linux/icmp.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/types.h>
-#include <linux/in6.h>
-#endif
#endif
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 57fd82a..4807246 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -15,6 +15,7 @@ @@ -15,6 +15,7 @@
#ifndef _IPTABLES_H #ifndef _IPTABLES_H
#define _IPTABLES_H #define _IPTABLES_H
@ -84,6 +44,3 @@ index 57fd82a..4807246 100644
#include <linux/types.h> #include <linux/types.h>
#include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv4.h>
--
2.1.4

9
meta/recipes-extended/iptables/iptables_1.4.21.bb → meta/recipes-extended/iptables/iptables_1.6.0.bb
View File

@ -21,12 +21,12 @@ FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables"
SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
file://types.h-add-defines-that-are-required-for-if_packet.patch \ file://types.h-add-defines-that-are-required-for-if_packet.patch \
file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
file://0001-fix-build-with-musl.patch \
file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
" "
SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0" SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
SRC_URI[sha256sum] = "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0" SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
inherit autotools pkgconfig inherit autotools pkgconfig
@ -40,6 +40,9 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
# libnfnetlink recipe is in meta-networking layer # libnfnetlink recipe is in meta-networking layer
PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack" PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
# libnftnl recipe is in meta-networking layer(previously known as libnftables)
PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
do_configure_prepend() { do_configure_prepend() {
# Remove some libtool m4 files # Remove some libtool m4 files
# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.