diff --git a/meta-networking/recipes-connectivity/firewalld/files/run-ptest b/meta-networking/recipes-connectivity/firewalld/files/run-ptest new file mode 100644 index 00000000000..9d3ec79042d --- /dev/null +++ b/meta-networking/recipes-connectivity/firewalld/files/run-ptest @@ -0,0 +1,21 @@ +#!/bin/sh + +ret_val=0 + +# Check if all the kernel modules are available +FIREWALLD_KERNEL_MODULES="@@FIREWALLD_KERNEL_MODULES@@" +for m in $FIREWALLD_KERNEL_MODULES; do + if modprobe $m; then + echo "PASS: loading $m" + else + echo "FAIL: loading $m" + ret_val=1 + fi +done + +# Run the test suite from firewalld +# Failing testsuites: 203 226 241 250 270 280 281 282 285 286 +# Problem icmpv6 compared against ipv6-icmptype? +/usr/share/firewalld/testsuite/testsuite -C /tmp -A || ret_val=1 + +exit $ret_val diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.4.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.4.bb deleted file mode 100644 index 1dea3395352..00000000000 --- a/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.4.bb +++ /dev/null @@ -1,92 +0,0 @@ -SUMMARY = "Dynamic firewall daemon with a D-Bus interface" -HOMEPAGE = "https://firewalld.org/" -BUGTRACKER = "https://github.com/firewalld/firewalld/issues" -UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" -LICENSE = "GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ - file://firewalld.init \ -" -SRC_URI[sha256sum] = "52c5e3d5b1e2efc0e86c22b2bc1f7fd80908cc2d8130157dc2a3517a59b0a760" - -# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 -DEPENDS = "intltool-native glib-2.0-native nftables" - -inherit gettext autotools bash-completion pkgconfig python3native gsettings systemd update-rc.d - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" -PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" - -PACKAGES += "${PN}-zsh-completion" - -# iptables, ip6tables, ebtables, and ipset *should* be unnecessary -# when the nftables backend is available, because nftables supersedes all of them. -# However we still need iptables and ip6tables to be available otherwise any -# application relying on "direct passthrough" rules (such as docker) will break. -# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by -# the Red Hat-specific init script which we aren't using, so we disable that. -EXTRA_OECONF = "\ - --without-ipset \ - --with-iptables=${sbindir}/iptables \ - --with-iptables-restore=${sbindir}/iptables-restore \ - --with-ip6tables=${sbindir}/ip6tables \ - --with-ip6tables-restore=${sbindir}/ip6tables-restore \ - --without-ebtables \ - --without-ebtables-restore \ - --disable-sysconfig \ -" - -INITSCRIPT_NAME = "firewalld" -SYSTEMD_SERVICE:${PN} = "firewalld.service" - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - : - else - # firewalld ships an init script but it contains Red Hat-isms, replace it with our own - rm -rf ${D}${sysconfdir}/rc.d/ - install -d ${D}${sysconfdir}/init.d - install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld - fi - - # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE - # so now we need to fix up any references to point at the proper path in the image. - # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. - if [ ${PN} != "${BPN}-native" ]; then - sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - fi - sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - - # This file contains Red Hat-isms. Modules get loaded without it. - rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf -} - -FILES:${PN} += "\ - ${PYTHON_SITEPACKAGES_DIR}/firewall \ - ${nonarch_libdir}/firewalld \ - ${datadir}/dbus-1 \ - ${datadir}/polkit-1 \ - ${datadir}/metainfo \ -" -FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" - -RDEPENDS:${PN} = "\ - nftables-python \ - iptables \ - python3-core \ - python3-io \ - python3-fcntl \ - python3-shell \ - python3-syslog \ - python3-xml \ - python3-dbus \ - python3-slip-dbus \ - python3-decorator \ - python3-pygobject \ - python3-json \ - python3-ctypes \ -" diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_1.3.2.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_1.3.2.bb new file mode 100644 index 00000000000..52157cf9a88 --- /dev/null +++ b/meta-networking/recipes-connectivity/firewalld/firewalld_1.3.2.bb @@ -0,0 +1,312 @@ +SUMMARY = "Dynamic firewall daemon with a D-Bus interface" +HOMEPAGE = "https://firewalld.org/" +BUGTRACKER = "https://github.com/firewalld/firewalld/issues" +UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "\ + https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.bz2 \ + file://firewalld.init \ + file://run-ptest \ +" +SRC_URI[sha256sum] = "aba0d8ce9617b906ea4866bf0bdfb2c2d5312f53b8e9e8e9e4d49bf330da5b5e" + +# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 +DEPENDS = "intltool-native glib-2.0-native nftables" + +inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest features_check + +REQUIRED_DISTRO_FEATURES = "gobject-introspection-data" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" +PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" +PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset" +PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables" + +# Default logging configuration: mixed syslog file console +FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog" + +# The UIs are not yet tested and the dependencies are probably not quite correct yet. +# Splitting into separate packages is beneficial so that no dead code is transferred +# to the target device. +# Without enabling qt5, the firewalld-config package is not usable. +# Without enabling qt5 and gtk, the firewalld-applet package is not usable. +PACKAGECONFIG[qt5] = "" +PACKAGECONFIG[gtk] = "" + +PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate" + +# iptables, ip6tables, ebtables, and ipset *should* be unnecessary +# when the nftables backend is available, because nftables supersedes all of them. +# However we still need iptables and ip6tables to be available otherwise any +# application relying on "direct passthrough" rules (such as docker) will break. +# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by +# the Red Hat-specific init script which we aren't using, so we disable that. +EXTRA_OECONF = "\ + --with-iptables=${sbindir}/iptables \ + --with-iptables-restore=${sbindir}/iptables-restore \ + --with-ip6tables=${sbindir}/ip6tables \ + --with-ip6tables-restore=${sbindir}/ip6tables-restore \ + --disable-sysconfig \ +" + +INITSCRIPT_NAME = "firewalld" +SYSTEMD_SERVICE:${PN} = "firewalld.service" + +# kernel modules loaded after ptest execution (linux-yocto 5.15) +FIREWALLD_KERNEL_MODULES ?= "\ + xt_tcpudp \ + xt_TCPMSS \ + xt_set \ + xt_sctp \ + xt_REDIRECT \ + xt_pkttype \ + xt_NFLOG \ + xt_nat \ + xt_MASQUERADE \ + xt_mark \ + xt_mac \ + xt_LOG \ + xt_limit \ + xt_dccp \ + xt_CT \ + xt_conntrack \ + xt_CHECKSUM \ + nft_redir \ + nft_objref \ + nft_nat \ + nft_masq \ + nft_log \ + nfnetlink_log \ + nf_nat_tftp \ + nf_nat_sip \ + nf_nat_ftp \ + nf_log_syslog \ + nf_conntrack_tftp \ + nf_conntrack_sip \ + nf_conntrack_netbios_ns \ + nf_conntrack_ftp \ + nf_conntrack_broadcast \ + ipt_REJECT \ + ip6t_rpfilter \ + ip6t_REJECT \ + ip_set_hash_netport \ + ip_set_hash_netnet \ + ip_set_hash_netiface \ + ip_set_hash_net \ + ip_set_hash_mac \ + ip_set_hash_ipportnet \ + ip_set_hash_ipport \ + ip_set_hash_ipmark \ + ip_set_hash_ip \ + ebt_ip6 \ + nft_fib_inet \ + nft_fib_ipv4 \ + nft_fib_ipv6 \ + nft_fib \ + nft_reject_inet \ + nf_reject_ipv4 \ + nf_reject_ipv6 \ + nft_reject \ + nft_ct \ + nft_chain_nat \ + ebtable_nat \ + ebtable_broute \ + ip6table_nat \ + ip6table_mangle \ + ip6table_raw \ + ip6table_security \ + iptable_nat \ + nf_nat \ + nf_conntrack \ + nf_defrag_ipv6 \ + nf_defrag_ipv4 \ + iptable_mangle \ + iptable_raw \ + iptable_security \ + ip_set \ + ebtable_filter \ + ebtables \ + ip6table_filter \ + ip6_tables \ + iptable_filter \ + ip_tables \ + x_tables \ + sch_fq_codel \ +" + +do_configure:prepend() { + export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET} +} + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then + # firewalld ships an init script but it contains Red Hat-isms, replace it with our own + rm -rf ${D}${sysconfdir}/rc.d/ + install -d ${D}${sysconfdir}/init.d + install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then + # Delete polkit profiles if polkit is not available + rm -rf ${D}${datadir}/polkit-1 + fi + + # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE + # so now we need to fix up any references to point at the proper path in the image. + # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. + if [ ${PN} != "${BPN}-native" ]; then + sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + fi + sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + + # This file contains Red Hat-isms. Modules get loaded without it. + rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf +} + +do_install_ptest:append() { + # Add kernel modules to the ptest script + if [ ${PTEST_ENABLED} = "1" ]; then + sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \ + ${D}${PTEST_PATH}/run-ptest + fi +} + +SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)" +FILES:python3-firewall = "\ + ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \ + ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \ +" +RDEPENDS:python3-firewall = "\ + python3-dbus \ + nftables-python \ + python3-pygobject \ +" + +# Do not depend on QT5 layer and GTK deps if not explicitely required. +FIREWALLD_QT5_RDEPENDS = "\ + ${PN}-config \ + hicolor-icon-theme \ + python3-pyqt5 \ + python3-pygobject \ + libnotify \ + networkmanager \ +" +FIREWALLD_GTK_RDEPENDS = "\ + gtk3 \ +" + +# A QT5 based UI +SUMMARY:${PN}-config = "${SUMMARY} (configuration application)" +FILES:${PN}-config = "\ + ${bindir}/firewall-config \ + ${datadir}/firewalld/firewall-config.glade \ + ${datadir}/firewalld/gtk3_chooserbutton.py* \ + ${datadir}/firewalld/gtk3_niceexpander.py* \ + ${datadir}/applications/firewall-config.desktop \ + ${datadir}/metainfo/firewall-config.appdata.xml \ + ${datadir}/icons/hicolor/*/apps/firewall-config*.* \ +" +RDEPENDS:${PN}-config += "\ + python3-core \ + python3-ctypes \ + ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \ +" + +# A GTK3 applet depending on the QT5 firewall-config UI +SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)" +FILES:${PN}-applet += "\ + ${bindir}/firewall-applet \ + ${sysconfdir}/xdg/autostart/firewall-applet.desktop \ + ${sysconfdir}/firewall/applet.conf \ + ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \ +" +RDEPENDS:${PN}-applet += "\ + python3-core \ + python3-ctypes \ + ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \ +" + +SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)" +FILES:${PN}-offline-cmd += " \ + ${bindir}/firewall-offline-cmd \ +" +RDEPENDS:${PN}-offline-cmd += "python3-core" + +SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)" +FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d" + +# To get allmost all tests passing +# - Enable PACKAGECONFIG ipset, ebtable +# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests) +FILES:${PN}-ptest += "\ + ${datadir}/firewalld/testsuite \ +" +RDEPENDS:${PN}-ptest += "\ + python3-unittest \ + ${PN}-offline-cmd \ + procps-ps \ + iproute2 \ +" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us" + +FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" + +FILES:${PN} += "\ + ${PYTHON_SITEPACKAGES_DIR}/firewall \ + ${nonarch_libdir}/firewalld \ + ${datadir}/dbus-1 \ + ${datadir}/polkit-1 \ + ${datadir}/metainfo \ + ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \ +" +RDEPENDS:${PN} += "\ + python3-firewall \ + iptables \ + python3-core \ + python3-io \ + python3-fcntl \ + python3-syslog \ + python3-xml \ + python3-json \ + python3-ctypes \ + python3-pprint \ +" +# If firewalld writes a log file rotation is needed +RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}" + +# Add required kernel modules. With Yocto kernel 5.15 this currently means: +# - features/nf_tables/nf_tables.scc +# - features/netfilter/netfilter.scc +# - cgl/features/audit/audit.scc +# - cfg/net/ip6_nf.scc +# - Plus: +# - ebtables +# - ipset +# - CONFIG_IP6_NF_SECURITY=m +# - CONFIG_IP6_NF_MATCH_RPFILTER=m +# - CONFIG_IP6_NF_TARGET_REJECT=m +# - CONFIG_NFT_OBJREF=m +# - CONFIG_NFT_FIB=m +# - CONFIG_NFT_FIB_INET=m +# - CONFIG_NFT_FIB_IPV4=m +# - CONFIG_NFT_FIB_IPV6=m +# - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m +# - CONFIG_NETFILTER_XT_SET=m +def get_kernel_deps(d): + kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split() + return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ]) +RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb index 580c29e1ae1..301dd86cf30 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb @@ -14,3 +14,5 @@ SRC_URI = "git://git.netfilter.org/libnetfilter_queue;branch=master \ S = "${WORKDIR}/git" inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch deleted file mode 100644 index 00d95cd79e9..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2e5f2b81fb8cbe0d1cd33e58caa19ac308e1f847 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Tue, 9 Oct 2012 15:59:48 +0200 -Subject: [PATCH 1/6] build: resolve automake-1.12 warnings - -am/ltlibrary.am: warning: 'libnfnetlink.la': linking libtool libraries -using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac' - -Signed-off-by: Jan Engelhardt ---- - configure.ac | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/configure.ac b/configure.ac -index ed549df..0926a1c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -7,6 +7,7 @@ AC_CANONICAL_HOST - - AM_INIT_AUTOMAKE([-Wall foreign subdir-objects - tar-pax no-dist-gzip dist-bzip2 1.6]) -+m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - - dnl kernel style compile messages - m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch deleted file mode 100644 index c2fb5e05a71..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5e6b6e23a8b04475c5a9de7eddb4c18103932fe5 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Wed, 7 Aug 2013 20:53:57 +0200 -Subject: [PATCH 2/6] src: get source code license header in sync with current - licensing terms - -Since (3956761 license: upgrade to GPLv2+), we upgraded to GPLv2+, -propagate that changes to src/iftable.c and src/rtnl.c - -Reported-by: Thomas Woerner -Signed-off-by: Pablo Neira Ayuso ---- - src/iftable.c | 2 +- - src/rtnl.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/iftable.c b/src/iftable.c -index 0325335..5976ed8 100644 ---- a/src/iftable.c -+++ b/src/iftable.c -@@ -3,7 +3,7 @@ - * (C) 2004 by Astaro AG, written by Harald Welte - * (C) 2008 by Pablo Neira Ayuso - * -- * This software is Free Software and licensed under GNU GPLv2. -+ * This software is Free Software and licensed under GNU GPLv2+. - */ - - /* IFINDEX handling */ -diff --git a/src/rtnl.c b/src/rtnl.c -index 5ccb272..7b4ac7d 100644 ---- a/src/rtnl.c -+++ b/src/rtnl.c -@@ -1,10 +1,10 @@ - /* rtnl - rtnetlink utility functions - * - * (C) 2004 by Astaro AG, written by Harald Welte -- * -+ * - * Adapted to nfnetlink by Eric Leblond - * -- * This software is free software and licensed under GNU GPLv2. -+ * This software is free software and licensed under GNU GPLv2+. - * - */ - --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch deleted file mode 100644 index 6cb7ed6fa91..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b259fe13826414c1bd5328a25c8d6d60e20e65f2 Mon Sep 17 00:00:00 2001 -From: Gustavo Zacarias -Date: Tue, 10 Sep 2013 16:23:29 -0300 -Subject: [PATCH 3/6] configure: uclinux is also linux - -Signed-off-by: Gustavo Zacarias -Signed-off-by: Pablo Neira Ayuso ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 0926a1c..b979772 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -18,7 +18,7 @@ AC_DISABLE_STATIC - AM_PROG_LIBTOOL - - case "$host" in --*-*-linux*) ;; -+*-*-linux* | *-*-uclinux*) ;; - *) AC_MSG_ERROR([Linux only, dude!]);; - esac - --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch deleted file mode 100644 index cf3a841356c..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b142da8d2c9e2e2dfbe4e89e680dd124f6064ac8 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 3 Feb 2014 12:09:29 +0100 -Subject: [PATCH 4/6] libnfnetlink: initialize attribute padding to resolve - valgrind warnings - -==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) -==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81) -==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391) -==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569) -==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143) -==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413) -==12195== by 0x400CB1: main (nfulnl_test.c:77) -==12195== Address 0x7fefff3e9 is on thread 1's stack - -This patch sets to zero the padding that is included to align the -attribute payload. - -Reported-by: Ivan Homoliak -Signed-off-by: Pablo Neira Ayuso ---- - src/libnfnetlink.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c -index 4b2bcd0..398b7d7 100644 ---- a/src/libnfnetlink.c -+++ b/src/libnfnetlink.c -@@ -809,6 +809,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, - nfa->nfa_type = type; - nfa->nfa_len = len; - memcpy(NFA_DATA(nfa), data, alen); -+ memset((uint8_t *)nfa + nfa->nfa_len, 0, NFA_ALIGN(alen) - alen); - n->nlmsg_len = (NLMSG_ALIGN(n->nlmsg_len) + NFA_ALIGN(len)); - return 0; - } --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch deleted file mode 100644 index 383f0e8b3dd..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch +++ /dev/null @@ -1,110 +0,0 @@ -From b10c90a61a5fc46f2be5aeecb9c96e84178f7717 Mon Sep 17 00:00:00 2001 -From: Felix Janda -Date: Sat, 16 May 2015 14:49:07 +0200 -Subject: [PATCH 5/6] include: Sync with kernel headers - -Signed-off-by: Felix Janda -Signed-off-by: Pablo Neira Ayuso ---- - include/libnfnetlink/linux_nfnetlink.h | 44 ++++----------------------- - include/libnfnetlink/linux_nfnetlink_compat.h | 12 ++++---- - 2 files changed, 12 insertions(+), 44 deletions(-) - -diff --git a/include/libnfnetlink/linux_nfnetlink.h b/include/libnfnetlink/linux_nfnetlink.h -index 76a8550..44a38d6 100644 ---- a/include/libnfnetlink/linux_nfnetlink.h -+++ b/include/libnfnetlink/linux_nfnetlink.h -@@ -25,9 +25,9 @@ enum nfnetlink_groups { - /* General form of address family dependent message. - */ - struct nfgenmsg { -- u_int8_t nfgen_family; /* AF_xxx */ -- u_int8_t version; /* nfnetlink version */ -- u_int16_t res_id; /* resource id */ -+ __u8 nfgen_family; /* AF_xxx */ -+ __u8 version; /* nfnetlink version */ -+ __be16 res_id; /* resource id */ - }; - - #define NFNETLINK_V0 0 -@@ -46,40 +46,8 @@ struct nfgenmsg { - #define NFNL_SUBSYS_CTNETLINK_EXP 2 - #define NFNL_SUBSYS_QUEUE 3 - #define NFNL_SUBSYS_ULOG 4 --#define NFNL_SUBSYS_COUNT 5 -+#define NFNL_SUBSYS_OSF 5 -+#define NFNL_SUBSYS_IPSET 6 -+#define NFNL_SUBSYS_COUNT 7 - --#ifdef __KERNEL__ -- --#include --#include --#include -- --struct nfnl_callback --{ -- int (*call)(struct sock *nl, struct sk_buff *skb, -- struct nlmsghdr *nlh, struct nlattr *cda[]); -- const struct nla_policy *policy; /* netlink attribute policy */ -- const u_int16_t attr_count; /* number of nlattr's */ --}; -- --struct nfnetlink_subsystem --{ -- const char *name; -- __u8 subsys_id; /* nfnetlink subsystem ID */ -- __u8 cb_count; /* number of callbacks */ -- const struct nfnl_callback *cb; /* callback for individual types */ --}; -- --extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); --extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); -- --extern int nfnetlink_has_listeners(unsigned int group); --extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, -- int echo); --extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags); -- --#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ -- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) -- --#endif /* __KERNEL__ */ - #endif /* _NFNETLINK_H */ -diff --git a/include/libnfnetlink/linux_nfnetlink_compat.h b/include/libnfnetlink/linux_nfnetlink_compat.h -index e145176..74b9e55 100644 ---- a/include/libnfnetlink/linux_nfnetlink_compat.h -+++ b/include/libnfnetlink/linux_nfnetlink_compat.h -@@ -1,6 +1,8 @@ - #ifndef _NFNETLINK_COMPAT_H - #define _NFNETLINK_COMPAT_H --#ifndef __KERNEL__ -+ -+#include -+ - /* Old nfnetlink macros for userspace */ - - /* nfnetlink groups: Up to 32 maximum */ -@@ -18,10 +20,9 @@ - * ! nfnetlink use the same attributes methods. - J. Schulist. - */ - --struct nfattr --{ -- u_int16_t nfa_len; -- u_int16_t nfa_type; /* we use 15 bits for the type, and the highest -+struct nfattr { -+ __u16 nfa_len; -+ __u16 nfa_type; /* we use 15 bits for the type, and the highest - * bit to indicate whether the payload is nested */ - }; - -@@ -57,5 +58,4 @@ struct nfattr - + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) - #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) - --#endif /* ! __KERNEL__ */ - #endif /* _NFNETLINK_COMPAT_H */ --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch deleted file mode 100644 index 72c9987d1ee..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch +++ /dev/null @@ -1,403 +0,0 @@ -From 5cb589e246c91331ee6b3926b15f5e6cfc8ad95e Mon Sep 17 00:00:00 2001 -From: Felix Janda -Date: Sat, 16 May 2015 14:59:57 +0200 -Subject: [PATCH 6/6] src: Use stdint types everywhere - -Signed-off-by: Felix Janda -Signed-off-by: Pablo Neira Ayuso ---- - include/libnfnetlink/libnfnetlink.h | 25 ++++++------- - src/iftable.c | 8 ++--- - src/iftable.h | 4 +-- - src/libnfnetlink.c | 72 ++++++++++++++++++------------------- - src/rtnl.c | 4 +-- - src/rtnl.h | 2 +- - 6 files changed, 58 insertions(+), 57 deletions(-) - -diff --git a/include/libnfnetlink/libnfnetlink.h b/include/libnfnetlink/libnfnetlink.h -index 1d8c49d..cd0be3d 100644 ---- a/include/libnfnetlink/libnfnetlink.h -+++ b/include/libnfnetlink/libnfnetlink.h -@@ -15,6 +15,7 @@ - #define aligned_u64 unsigned long long __attribute__((aligned(8))) - #endif - -+#include - #include /* for sa_family_t */ - #include - #include -@@ -55,7 +56,7 @@ struct nfnlhdr { - struct nfnl_callback { - int (*call)(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); - void *data; -- u_int16_t attr_count; -+ uint16_t attr_count; - }; - - struct nfnl_handle; -@@ -69,7 +70,7 @@ extern struct nfnl_handle *nfnl_open(void); - extern int nfnl_close(struct nfnl_handle *); - - extern struct nfnl_subsys_handle *nfnl_subsys_open(struct nfnl_handle *, -- u_int8_t, u_int8_t, -+ uint8_t, uint8_t, - unsigned int); - extern void nfnl_subsys_close(struct nfnl_subsys_handle *); - -@@ -88,8 +89,8 @@ extern int nfnl_sendiov(const struct nfnl_handle *nfnlh, - const struct iovec *iov, unsigned int num, - unsigned int flags); - extern void nfnl_fill_hdr(struct nfnl_subsys_handle *, struct nlmsghdr *, -- unsigned int, u_int8_t, u_int16_t, u_int16_t, -- u_int16_t); -+ unsigned int, uint8_t, uint16_t, uint16_t, -+ uint16_t); - extern __attribute__((deprecated)) int - nfnl_talk(struct nfnl_handle *, struct nlmsghdr *, pid_t, - unsigned, struct nlmsghdr *, -@@ -103,8 +104,8 @@ nfnl_listen(struct nfnl_handle *, - /* receiving */ - extern ssize_t nfnl_recv(const struct nfnl_handle *h, unsigned char *buf, size_t len); - extern int nfnl_callback_register(struct nfnl_subsys_handle *, -- u_int8_t type, struct nfnl_callback *cb); --extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, u_int8_t type); -+ uint8_t type, struct nfnl_callback *cb); -+extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, uint8_t type); - extern int nfnl_handle_packet(struct nfnl_handle *, char *buf, int len); - - /* parsing */ -@@ -180,12 +181,12 @@ extern int nfnl_query(struct nfnl_handle *h, struct nlmsghdr *nlh); - - /* nfnl attribute handling functions */ - extern int nfnl_addattr_l(struct nlmsghdr *, int, int, const void *, int); --extern int nfnl_addattr8(struct nlmsghdr *, int, int, u_int8_t); --extern int nfnl_addattr16(struct nlmsghdr *, int, int, u_int16_t); --extern int nfnl_addattr32(struct nlmsghdr *, int, int, u_int32_t); -+extern int nfnl_addattr8(struct nlmsghdr *, int, int, uint8_t); -+extern int nfnl_addattr16(struct nlmsghdr *, int, int, uint16_t); -+extern int nfnl_addattr32(struct nlmsghdr *, int, int, uint32_t); - extern int nfnl_nfa_addattr_l(struct nfattr *, int, int, const void *, int); --extern int nfnl_nfa_addattr16(struct nfattr *, int, int, u_int16_t); --extern int nfnl_nfa_addattr32(struct nfattr *, int, int, u_int32_t); -+extern int nfnl_nfa_addattr16(struct nfattr *, int, int, uint16_t); -+extern int nfnl_nfa_addattr32(struct nfattr *, int, int, uint32_t); - extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); - #define nfnl_parse_nested(tb, max, nfa) \ - nfnl_parse_attr((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa))) -@@ -197,7 +198,7 @@ extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); - ({ (tail)->nfa_len = (void *) NLMSG_TAIL(nlh) - (void *) tail; }) - - extern void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, -- u_int16_t type, u_int32_t len, -+ uint16_t type, uint32_t len, - unsigned char *val); - extern unsigned int nfnl_rcvbufsiz(const struct nfnl_handle *h, - unsigned int size); -diff --git a/src/iftable.c b/src/iftable.c -index 5976ed8..157f97b 100644 ---- a/src/iftable.c -+++ b/src/iftable.c -@@ -27,10 +27,10 @@ - struct ifindex_node { - struct list_head head; - -- u_int32_t index; -- u_int32_t type; -- u_int32_t alen; -- u_int32_t flags; -+ uint32_t index; -+ uint32_t type; -+ uint32_t alen; -+ uint32_t flags; - char addr[8]; - char name[16]; - }; -diff --git a/src/iftable.h b/src/iftable.h -index 8df7f24..655df6b 100644 ---- a/src/iftable.h -+++ b/src/iftable.h -@@ -1,8 +1,8 @@ - #ifndef _IFTABLE_H - #define _IFTABLE_H - --int iftable_delete(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); --int iftable_insert(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); -+int iftable_delete(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); -+int iftable_insert(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); - - int iftable_init(void); - void iftable_fini(void); -diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c -index 398b7d7..df57533 100644 ---- a/src/libnfnetlink.c -+++ b/src/libnfnetlink.c -@@ -72,9 +72,9 @@ - - struct nfnl_subsys_handle { - struct nfnl_handle *nfnlh; -- u_int32_t subscriptions; -- u_int8_t subsys_id; -- u_int8_t cb_count; -+ uint32_t subscriptions; -+ uint8_t subsys_id; -+ uint8_t cb_count; - struct nfnl_callback *cb; /* array of callbacks */ - }; - -@@ -86,11 +86,11 @@ struct nfnl_handle { - int fd; - struct sockaddr_nl local; - struct sockaddr_nl peer; -- u_int32_t subscriptions; -- u_int32_t seq; -- u_int32_t dump; -- u_int32_t rcv_buffer_size; /* for nfnl_catch */ -- u_int32_t flags; -+ uint32_t subscriptions; -+ uint32_t seq; -+ uint32_t dump; -+ uint32_t rcv_buffer_size; /* for nfnl_catch */ -+ uint32_t flags; - struct nlmsghdr *last_nlhdr; - struct nfnl_subsys_handle subsys[NFNL_MAX_SUBSYS+1]; - }; -@@ -145,7 +145,7 @@ unsigned int nfnl_portid(const struct nfnl_handle *h) - static int recalc_rebind_subscriptions(struct nfnl_handle *nfnlh) - { - int i, err; -- u_int32_t new_subscriptions = nfnlh->subscriptions; -+ uint32_t new_subscriptions = nfnlh->subscriptions; - - for (i = 0; i < NFNL_MAX_SUBSYS; i++) - new_subscriptions |= nfnlh->subsys[i].subscriptions; -@@ -273,8 +273,8 @@ void nfnl_set_rcv_buffer_size(struct nfnl_handle *h, unsigned int size) - * a valid address that points to a nfnl_subsys_handle structure is returned. - */ - struct nfnl_subsys_handle * --nfnl_subsys_open(struct nfnl_handle *nfnlh, u_int8_t subsys_id, -- u_int8_t cb_count, u_int32_t subscriptions) -+nfnl_subsys_open(struct nfnl_handle *nfnlh, uint8_t subsys_id, -+ uint8_t cb_count, uint32_t subscriptions) - { - struct nfnl_subsys_handle *ssh; - -@@ -435,10 +435,10 @@ int nfnl_sendiov(const struct nfnl_handle *nfnlh, const struct iovec *iov, - */ - void nfnl_fill_hdr(struct nfnl_subsys_handle *ssh, - struct nlmsghdr *nlh, unsigned int len, -- u_int8_t family, -- u_int16_t res_id, -- u_int16_t msg_type, -- u_int16_t msg_flags) -+ uint8_t family, -+ uint16_t res_id, -+ uint16_t msg_type, -+ uint16_t msg_flags) - { - assert(ssh); - assert(nlh); -@@ -815,7 +815,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, - } - - /** -- * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr -+ * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -849,14 +849,14 @@ int nfnl_nfa_addattr_l(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr8 - Add u_int8_t attribute to nlmsghdr -+ * nfnl_addattr8 - Add uint8_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header - * @type: type of new attribute - * @data: content of new attribute - */ --int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) -+int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, uint8_t data) - { - assert(n); - assert(maxlen > 0); -@@ -866,7 +866,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) - } - - /** -- * nfnl_nfa_addattr16 - Add u_int16_t attribute to struct nfattr -+ * nfnl_nfa_addattr16 - Add uint16_t attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -875,7 +875,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) - * - */ - int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, -- u_int16_t data) -+ uint16_t data) - { - assert(nfa); - assert(maxlen > 0); -@@ -885,7 +885,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr16 - Add u_int16_t attribute to nlmsghdr -+ * nfnl_addattr16 - Add uint16_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header -@@ -894,7 +894,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, - * - */ - int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, -- u_int16_t data) -+ uint16_t data) - { - assert(n); - assert(maxlen > 0); -@@ -904,7 +904,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, - } - - /** -- * nfnl_nfa_addattr32 - Add u_int32_t attribute to struct nfattr -+ * nfnl_nfa_addattr32 - Add uint32_t attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -913,7 +913,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, - * - */ - int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, -- u_int32_t data) -+ uint32_t data) - { - assert(nfa); - assert(maxlen > 0); -@@ -923,7 +923,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr32 - Add u_int32_t attribute to nlmsghdr -+ * nfnl_addattr32 - Add uint32_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header -@@ -932,7 +932,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, - * - */ - int nfnl_addattr32(struct nlmsghdr *n, int maxlen, int type, -- u_int32_t data) -+ uint32_t data) - { - assert(n); - assert(maxlen > 0); -@@ -980,7 +980,7 @@ int nfnl_parse_attr(struct nfattr *tb[], int max, struct nfattr *nfa, int len) - * - */ - void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, -- u_int16_t type, u_int32_t len, unsigned char *val) -+ uint16_t type, uint32_t len, unsigned char *val) - { - assert(iov); - assert(nfa); -@@ -1115,7 +1115,7 @@ struct nlmsghdr *nfnl_get_msg_next(struct nfnl_handle *h, - * appropiately. - */ - int nfnl_callback_register(struct nfnl_subsys_handle *ssh, -- u_int8_t type, struct nfnl_callback *cb) -+ uint8_t type, struct nfnl_callback *cb) - { - assert(ssh); - assert(cb); -@@ -1138,7 +1138,7 @@ int nfnl_callback_register(struct nfnl_subsys_handle *ssh, - * On sucess, 0 is returned. On error, -1 is returned and errno is - * set appropiately. - */ --int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, u_int8_t type) -+int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, uint8_t type) - { - assert(ssh); - -@@ -1161,8 +1161,8 @@ int nfnl_check_attributes(const struct nfnl_handle *h, - assert(nfa); - - int min_len; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - const struct nfnl_subsys_handle *ssh; - struct nfnl_callback *cb; - -@@ -1212,8 +1212,8 @@ static int __nfnl_handle_msg(struct nfnl_handle *h, struct nlmsghdr *nlh, - int len) - { - struct nfnl_subsys_handle *ssh; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - int err = 0; - - if (subsys_id > NFNL_MAX_SUBSYS) -@@ -1243,7 +1243,7 @@ int nfnl_handle_packet(struct nfnl_handle *h, char *buf, int len) - { - - while (len >= NLMSG_SPACE(0)) { -- u_int32_t rlen; -+ uint32_t rlen; - struct nlmsghdr *nlh = (struct nlmsghdr *)buf; - - if (nlh->nlmsg_len < sizeof(struct nlmsghdr) -@@ -1285,8 +1285,8 @@ static int nfnl_is_error(struct nfnl_handle *h, struct nlmsghdr *nlh) - static int nfnl_step(struct nfnl_handle *h, struct nlmsghdr *nlh) - { - struct nfnl_subsys_handle *ssh; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - - /* Is this an error message? */ - if (nfnl_is_error(h, nlh)) { -diff --git a/src/rtnl.c b/src/rtnl.c -index 7b4ac7d..284eecd 100644 ---- a/src/rtnl.c -+++ b/src/rtnl.c -@@ -30,7 +30,7 @@ - #define rtnl_log(x, ...) - - static inline struct rtnl_handler * --find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) -+find_handler(struct rtnl_handle *rtnl_handle, uint16_t type) - { - struct rtnl_handler *h; - for (h = rtnl_handle->handlers; h; h = h->next) { -@@ -41,7 +41,7 @@ find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) - } - - static int call_handler(struct rtnl_handle *rtnl_handle, -- u_int16_t type, -+ uint16_t type, - struct nlmsghdr *hdr) - { - struct rtnl_handler *h = find_handler(rtnl_handle, type); -diff --git a/src/rtnl.h b/src/rtnl.h -index 0c403dc..2cb22a8 100644 ---- a/src/rtnl.h -+++ b/src/rtnl.h -@@ -7,7 +7,7 @@ - struct rtnl_handler { - struct rtnl_handler *next; - -- u_int16_t nlmsg_type; -+ uint16_t nlmsg_type; - int (*handlefn)(struct nlmsghdr *h, void *arg); - void *arg; - }; --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb deleted file mode 100644 index 64271c74d36..00000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb +++ /dev/null @@ -1,25 +0,0 @@ -SUMMARY = "Low-level library for netfilter related kernel/userspace communication" -DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \ -kernel/userspace communication. It provides a generic messaging \ -infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \ -nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \ -management tools in userspace." -HOMEPAGE = "http://www.netfilter.org/projects/libnfnetlink/index.html" -SECTION = "libs" -LICENSE = "GPL-2.0-or-later" - - -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" - -SRC_URI = "http://www.netfilter.org/projects/libnfnetlink/files/libnfnetlink-${PV}.tar.bz2;name=tar \ - file://0001-build-resolve-automake-1.12-warnings.patch \ - file://0002-src-get-source-code-license-header-in-sync-with-curr.patch \ - file://0003-configure-uclinux-is-also-linux.patch \ - file://0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch \ - file://0005-include-Sync-with-kernel-headers.patch \ - file://0006-src-Use-stdint-types-everywhere.patch \ - " -SRC_URI[tar.md5sum] = "98927583d2016a9fb1936fed992e2c5e" -SRC_URI[tar.sha256sum] = "f270e19de9127642d2a11589ef2ec97ef90a649a74f56cf9a96306b04817b51a" - -inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb new file mode 100644 index 00000000000..2778185618c --- /dev/null +++ b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb @@ -0,0 +1,22 @@ +SUMMARY = "Low-level library for netfilter related kernel/userspace communication" +DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \ +kernel/userspace communication. It provides a generic messaging \ +infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \ +nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \ +management tools in userspace." +HOMEPAGE = "https://www.netfilter.org/projects/libnfnetlink/index.html" +SECTION = "libs" +LICENSE = "GPL-2.0-or-later" + + +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +SRC_URI = "https://www.netfilter.org/projects/libnfnetlink/files/${BPN}-${PV}.tar.bz2 \ + " + +SRC_URI[md5sum] = "39d65185e2990562c64de05a08de8771" +SRC_URI[sha256sum] = "b064c7c3d426efb4786e60a8e6859b82ee2f2c5e49ffeea640cfe4fe33cbc376" + +inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch deleted file mode 100644 index 68eb04a83e9..00000000000 --- a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch +++ /dev/null @@ -1,650 +0,0 @@ -From e03b003610a176d608da9a02e433e7ded7e4b75f Mon Sep 17 00:00:00 2001 -From: Todd Cunningham -Date: Wed, 11 Dec 2019 10:18:56 +1000 -Subject: [PATCH] avoid naming local function as one of printf family - -Fixes build issues with clang -error: no member named '__builtin___snprintf_chk' in 'struct expr_ops' - -Signed-off-by: Khem Raj -Signed-off-by: Alex Kiernan - -Signed-off-by: Yuan Chao -Signed-off-by: Todd Cunningham - -Use wiggle to get the patch to apply for version 1.2.0. - -Add the same change in src/expr/last.c to make the patch apply for -1.2.1. Also correct the patch to show the original author and metadata. - -Signed-off-by: Trevor Gamblin ---- - include/expr_ops.h | 2 +- - include/obj.h | 2 +- - src/expr.c | 4 ++-- - src/expr/bitwise.c | 2 +- - src/expr/byteorder.c | 2 +- - src/expr/cmp.c | 2 +- - src/expr/connlimit.c | 2 +- - src/expr/counter.c | 2 +- - src/expr/ct.c | 2 +- - src/expr/dup.c | 2 +- - src/expr/dynset.c | 2 +- - src/expr/exthdr.c | 2 +- - src/expr/fib.c | 2 +- - src/expr/flow_offload.c | 2 +- - src/expr/fwd.c | 2 +- - src/expr/hash.c | 2 +- - src/expr/immediate.c | 2 +- - src/expr/last.c | 2 +- - src/expr/limit.c | 2 +- - src/expr/log.c | 2 +- - src/expr/lookup.c | 2 +- - src/expr/masq.c | 2 +- - src/expr/match.c | 2 +- - src/expr/meta.c | 2 +- - src/expr/nat.c | 2 +- - src/expr/numgen.c | 2 +- - src/expr/objref.c | 2 +- - src/expr/osf.c | 2 +- - src/expr/payload.c | 2 +- - src/expr/queue.c | 2 +- - src/expr/quota.c | 2 +- - src/expr/range.c | 2 +- - src/expr/redir.c | 2 +- - src/expr/reject.c | 2 +- - src/expr/rt.c | 2 +- - src/expr/socket.c | 2 +- - src/expr/synproxy.c | 2 +- - src/expr/target.c | 2 +- - src/expr/tproxy.c | 2 +- - src/expr/tunnel.c | 2 +- - src/expr/xfrm.c | 2 +- - src/obj/counter.c | 2 +- - src/obj/ct_expect.c | 2 +- - src/obj/ct_helper.c | 2 +- - src/obj/ct_timeout.c | 2 +- - src/obj/limit.c | 2 +- - src/obj/quota.c | 2 +- - src/obj/secmark.c | 2 +- - src/obj/synproxy.c | 2 +- - src/obj/tunnel.c | 2 +- - src/object.c | 2 +- - 51 files changed, 52 insertions(+), 52 deletions(-) - -diff --git a/include/expr_ops.h b/include/expr_ops.h -index 7a6aa23..d3a2855 100644 ---- a/include/expr_ops.h -+++ b/include/expr_ops.h -@@ -18,7 +18,7 @@ struct expr_ops { - const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_expr *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); - }; - - struct expr_ops *nftnl_expr_ops_lookup(const char *name); -diff --git a/include/obj.h b/include/obj.h -index 60dc853..1c1c3c1 100644 ---- a/include/obj.h -+++ b/include/obj.h -@@ -109,7 +109,7 @@ struct obj_ops { - const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_obj *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); - }; - - extern struct obj_ops obj_ops_counter; -diff --git a/src/expr.c b/src/expr.c -index 277bbde..2231b21 100644 ---- a/src/expr.c -+++ b/src/expr.c -@@ -279,10 +279,10 @@ int nftnl_expr_snprintf(char *buf, size_t remain, const struct nftnl_expr *expr, - if (remain) - buf[0] = '\0'; - -- if (!expr->ops->snprintf || type != NFTNL_OUTPUT_DEFAULT) -+ if (!expr->ops->snprintf_ || type != NFTNL_OUTPUT_DEFAULT) - return 0; - -- ret = expr->ops->snprintf(buf + offset, remain, flags, expr); -+ ret = expr->ops->snprintf_(buf + offset, remain, flags, expr); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - return offset; -diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c -index d0c7827..eded505 100644 ---- a/src/expr/bitwise.c -+++ b/src/expr/bitwise.c -@@ -282,5 +282,5 @@ struct expr_ops expr_ops_bitwise = { - .get = nftnl_expr_bitwise_get, - .parse = nftnl_expr_bitwise_parse, - .build = nftnl_expr_bitwise_build, -- .snprintf = nftnl_expr_bitwise_snprintf, -+ .snprintf_ = nftnl_expr_bitwise_snprintf, - }; -diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c -index d299745..0068ab2 100644 ---- a/src/expr/byteorder.c -+++ b/src/expr/byteorder.c -@@ -220,5 +220,5 @@ struct expr_ops expr_ops_byteorder = { - .get = nftnl_expr_byteorder_get, - .parse = nftnl_expr_byteorder_parse, - .build = nftnl_expr_byteorder_build, -- .snprintf = nftnl_expr_byteorder_snprintf, -+ .snprintf_ = nftnl_expr_byteorder_snprintf, - }; -diff --git a/src/expr/cmp.c b/src/expr/cmp.c -index 6030693..7e548e6 100644 ---- a/src/expr/cmp.c -+++ b/src/expr/cmp.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_cmp = { - .get = nftnl_expr_cmp_get, - .parse = nftnl_expr_cmp_parse, - .build = nftnl_expr_cmp_build, -- .snprintf = nftnl_expr_cmp_snprintf, -+ .snprintf_ = nftnl_expr_cmp_snprintf, - }; -diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c -index 3b37587..39b7092 100644 ---- a/src/expr/connlimit.c -+++ b/src/expr/connlimit.c -@@ -135,5 +135,5 @@ struct expr_ops expr_ops_connlimit = { - .get = nftnl_expr_connlimit_get, - .parse = nftnl_expr_connlimit_parse, - .build = nftnl_expr_connlimit_build, -- .snprintf = nftnl_expr_connlimit_snprintf, -+ .snprintf_ = nftnl_expr_connlimit_snprintf, - }; -diff --git a/src/expr/counter.c b/src/expr/counter.c -index 1676d70..42c96d9 100644 ---- a/src/expr/counter.c -+++ b/src/expr/counter.c -@@ -133,5 +133,5 @@ struct expr_ops expr_ops_counter = { - .get = nftnl_expr_counter_get, - .parse = nftnl_expr_counter_parse, - .build = nftnl_expr_counter_build, -- .snprintf = nftnl_expr_counter_snprintf, -+ .snprintf_ = nftnl_expr_counter_snprintf, - }; -diff --git a/src/expr/ct.c b/src/expr/ct.c -index d5dfc81..8c15db1 100644 ---- a/src/expr/ct.c -+++ b/src/expr/ct.c -@@ -258,5 +258,5 @@ struct expr_ops expr_ops_ct = { - .get = nftnl_expr_ct_get, - .parse = nftnl_expr_ct_parse, - .build = nftnl_expr_ct_build, -- .snprintf = nftnl_expr_ct_snprintf, -+ .snprintf_ = nftnl_expr_ct_snprintf, - }; -diff --git a/src/expr/dup.c b/src/expr/dup.c -index f041b55..6238a43 100644 ---- a/src/expr/dup.c -+++ b/src/expr/dup.c -@@ -138,5 +138,5 @@ struct expr_ops expr_ops_dup = { - .get = nftnl_expr_dup_get, - .parse = nftnl_expr_dup_parse, - .build = nftnl_expr_dup_build, -- .snprintf = nftnl_expr_dup_snprintf, -+ .snprintf_ = nftnl_expr_dup_snprintf, - }; -diff --git a/src/expr/dynset.c b/src/expr/dynset.c -index 85d64bb..9afbb94 100644 ---- a/src/expr/dynset.c -+++ b/src/expr/dynset.c -@@ -373,5 +373,5 @@ struct expr_ops expr_ops_dynset = { - .get = nftnl_expr_dynset_get, - .parse = nftnl_expr_dynset_parse, - .build = nftnl_expr_dynset_build, -- .snprintf = nftnl_expr_dynset_snprintf, -+ .snprintf_ = nftnl_expr_dynset_snprintf, - }; -diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c -index 1b813b1..25f1491 100644 ---- a/src/expr/exthdr.c -+++ b/src/expr/exthdr.c -@@ -262,5 +262,5 @@ struct expr_ops expr_ops_exthdr = { - .get = nftnl_expr_exthdr_get, - .parse = nftnl_expr_exthdr_parse, - .build = nftnl_expr_exthdr_build, -- .snprintf = nftnl_expr_exthdr_snprintf, -+ .snprintf_ = nftnl_expr_exthdr_snprintf, - }; -diff --git a/src/expr/fib.c b/src/expr/fib.c -index aaff52a..3916e18 100644 ---- a/src/expr/fib.c -+++ b/src/expr/fib.c -@@ -198,5 +198,5 @@ struct expr_ops expr_ops_fib = { - .get = nftnl_expr_fib_get, - .parse = nftnl_expr_fib_parse, - .build = nftnl_expr_fib_build, -- .snprintf = nftnl_expr_fib_snprintf, -+ .snprintf_ = nftnl_expr_fib_snprintf, - }; -diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c -index a826202..c1ca678 100644 ---- a/src/expr/flow_offload.c -+++ b/src/expr/flow_offload.c -@@ -120,5 +120,5 @@ struct expr_ops expr_ops_flow = { - .get = nftnl_expr_flow_get, - .parse = nftnl_expr_flow_parse, - .build = nftnl_expr_flow_build, -- .snprintf = nftnl_expr_flow_snprintf, -+ .snprintf_ = nftnl_expr_flow_snprintf, - }; -diff --git a/src/expr/fwd.c b/src/expr/fwd.c -index 82e5a41..4e80687 100644 ---- a/src/expr/fwd.c -+++ b/src/expr/fwd.c -@@ -158,5 +158,5 @@ struct expr_ops expr_ops_fwd = { - .get = nftnl_expr_fwd_get, - .parse = nftnl_expr_fwd_parse, - .build = nftnl_expr_fwd_build, -- .snprintf = nftnl_expr_fwd_snprintf, -+ .snprintf_ = nftnl_expr_fwd_snprintf, - }; -diff --git a/src/expr/hash.c b/src/expr/hash.c -index 10b4a72..84ace31 100644 ---- a/src/expr/hash.c -+++ b/src/expr/hash.c -@@ -226,5 +226,5 @@ struct expr_ops expr_ops_hash = { - .get = nftnl_expr_hash_get, - .parse = nftnl_expr_hash_parse, - .build = nftnl_expr_hash_build, -- .snprintf = nftnl_expr_hash_snprintf, -+ .snprintf_ = nftnl_expr_hash_snprintf, - }; -diff --git a/src/expr/immediate.c b/src/expr/immediate.c -index 94b043c..a8a3c1f 100644 ---- a/src/expr/immediate.c -+++ b/src/expr/immediate.c -@@ -229,5 +229,5 @@ struct expr_ops expr_ops_immediate = { - .get = nftnl_expr_immediate_get, - .parse = nftnl_expr_immediate_parse, - .build = nftnl_expr_immediate_build, -- .snprintf = nftnl_expr_immediate_snprintf, -+ .snprintf_ = nftnl_expr_immediate_snprintf, - }; -diff --git a/src/expr/last.c b/src/expr/last.c -index e2a60c4..2f75464 100644 ---- a/src/expr/last.c -+++ b/src/expr/last.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_last = { - .get = nftnl_expr_last_get, - .parse = nftnl_expr_last_parse, - .build = nftnl_expr_last_build, -- .snprintf = nftnl_expr_last_snprintf, -+ .snprintf_ = nftnl_expr_last_snprintf, - }; -diff --git a/src/expr/limit.c b/src/expr/limit.c -index 3dfd54a..f652df0 100644 ---- a/src/expr/limit.c -+++ b/src/expr/limit.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_limit = { - .get = nftnl_expr_limit_get, - .parse = nftnl_expr_limit_parse, - .build = nftnl_expr_limit_build, -- .snprintf = nftnl_expr_limit_snprintf, -+ .snprintf_ = nftnl_expr_limit_snprintf, - }; -diff --git a/src/expr/log.c b/src/expr/log.c -index 86db548..d96b7ce 100644 ---- a/src/expr/log.c -+++ b/src/expr/log.c -@@ -253,5 +253,5 @@ struct expr_ops expr_ops_log = { - .get = nftnl_expr_log_get, - .parse = nftnl_expr_log_parse, - .build = nftnl_expr_log_build, -- .snprintf = nftnl_expr_log_snprintf, -+ .snprintf_ = nftnl_expr_log_snprintf, - }; -diff --git a/src/expr/lookup.c b/src/expr/lookup.c -index 83adce9..1fbace4 100644 ---- a/src/expr/lookup.c -+++ b/src/expr/lookup.c -@@ -206,5 +206,5 @@ struct expr_ops expr_ops_lookup = { - .get = nftnl_expr_lookup_get, - .parse = nftnl_expr_lookup_parse, - .build = nftnl_expr_lookup_build, -- .snprintf = nftnl_expr_lookup_snprintf, -+ .snprintf_ = nftnl_expr_lookup_snprintf, - }; -diff --git a/src/expr/masq.c b/src/expr/masq.c -index 684708c..1ce099c 100644 ---- a/src/expr/masq.c -+++ b/src/expr/masq.c -@@ -163,5 +163,5 @@ struct expr_ops expr_ops_masq = { - .get = nftnl_expr_masq_get, - .parse = nftnl_expr_masq_parse, - .build = nftnl_expr_masq_build, -- .snprintf = nftnl_expr_masq_snprintf, -+ .snprintf_ = nftnl_expr_masq_snprintf, - }; -diff --git a/src/expr/match.c b/src/expr/match.c -index 533fdf5..8561986 100644 ---- a/src/expr/match.c -+++ b/src/expr/match.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_match = { - .get = nftnl_expr_match_get, - .parse = nftnl_expr_match_parse, - .build = nftnl_expr_match_build, -- .snprintf = nftnl_expr_match_snprintf, -+ .snprintf_ = nftnl_expr_match_snprintf, - }; -diff --git a/src/expr/meta.c b/src/expr/meta.c -index 34fbb9b..1ef79a4 100644 ---- a/src/expr/meta.c -+++ b/src/expr/meta.c -@@ -216,5 +216,5 @@ struct expr_ops expr_ops_meta = { - .get = nftnl_expr_meta_get, - .parse = nftnl_expr_meta_parse, - .build = nftnl_expr_meta_build, -- .snprintf = nftnl_expr_meta_snprintf, -+ .snprintf_ = nftnl_expr_meta_snprintf, - }; -diff --git a/src/expr/nat.c b/src/expr/nat.c -index 0a9cdd7..bc4a3fa 100644 ---- a/src/expr/nat.c -+++ b/src/expr/nat.c -@@ -274,5 +274,5 @@ struct expr_ops expr_ops_nat = { - .get = nftnl_expr_nat_get, - .parse = nftnl_expr_nat_parse, - .build = nftnl_expr_nat_build, -- .snprintf = nftnl_expr_nat_snprintf, -+ .snprintf_ = nftnl_expr_nat_snprintf, - }; -diff --git a/src/expr/numgen.c b/src/expr/numgen.c -index 159dfec..99bb442 100644 ---- a/src/expr/numgen.c -+++ b/src/expr/numgen.c -@@ -180,5 +180,5 @@ struct expr_ops expr_ops_ng = { - .get = nftnl_expr_ng_get, - .parse = nftnl_expr_ng_parse, - .build = nftnl_expr_ng_build, -- .snprintf = nftnl_expr_ng_snprintf, -+ .snprintf_ = nftnl_expr_ng_snprintf, - }; -diff --git a/src/expr/objref.c b/src/expr/objref.c -index a4b6470..1b2d387 100644 ---- a/src/expr/objref.c -+++ b/src/expr/objref.c -@@ -205,5 +205,5 @@ struct expr_ops expr_ops_objref = { - .get = nftnl_expr_objref_get, - .parse = nftnl_expr_objref_parse, - .build = nftnl_expr_objref_build, -- .snprintf = nftnl_expr_objref_snprintf, -+ .snprintf_ = nftnl_expr_objref_snprintf, - }; -diff --git a/src/expr/osf.c b/src/expr/osf.c -index 215a681..75a6b3c 100644 ---- a/src/expr/osf.c -+++ b/src/expr/osf.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_osf = { - .get = nftnl_expr_osf_get, - .parse = nftnl_expr_osf_parse, - .build = nftnl_expr_osf_build, -- .snprintf = nftnl_expr_osf_snprintf, -+ .snprintf_ = nftnl_expr_osf_snprintf, - }; -diff --git a/src/expr/payload.c b/src/expr/payload.c -index 82747ec..e9130ec 100644 ---- a/src/expr/payload.c -+++ b/src/expr/payload.c -@@ -259,5 +259,5 @@ struct expr_ops expr_ops_payload = { - .get = nftnl_expr_payload_get, - .parse = nftnl_expr_payload_parse, - .build = nftnl_expr_payload_build, -- .snprintf = nftnl_expr_payload_snprintf, -+ .snprintf_ = nftnl_expr_payload_snprintf, - }; -diff --git a/src/expr/queue.c b/src/expr/queue.c -index 8f70977..6bc76ef 100644 ---- a/src/expr/queue.c -+++ b/src/expr/queue.c -@@ -193,5 +193,5 @@ struct expr_ops expr_ops_queue = { - .get = nftnl_expr_queue_get, - .parse = nftnl_expr_queue_parse, - .build = nftnl_expr_queue_build, -- .snprintf = nftnl_expr_queue_snprintf, -+ .snprintf_ = nftnl_expr_queue_snprintf, - }; -diff --git a/src/expr/quota.c b/src/expr/quota.c -index 8c841d8..1a5f2fa 100644 ---- a/src/expr/quota.c -+++ b/src/expr/quota.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_quota = { - .get = nftnl_expr_quota_get, - .parse = nftnl_expr_quota_parse, - .build = nftnl_expr_quota_build, -- .snprintf = nftnl_expr_quota_snprintf, -+ .snprintf_ = nftnl_expr_quota_snprintf, - }; -diff --git a/src/expr/range.c b/src/expr/range.c -index f76843a..73a1930 100644 ---- a/src/expr/range.c -+++ b/src/expr/range.c -@@ -213,5 +213,5 @@ struct expr_ops expr_ops_range = { - .get = nftnl_expr_range_get, - .parse = nftnl_expr_range_parse, - .build = nftnl_expr_range_build, -- .snprintf = nftnl_expr_range_snprintf, -+ .snprintf_ = nftnl_expr_range_snprintf, - }; -diff --git a/src/expr/redir.c b/src/expr/redir.c -index 4f56cb4..51ec71c 100644 ---- a/src/expr/redir.c -+++ b/src/expr/redir.c -@@ -167,5 +167,5 @@ struct expr_ops expr_ops_redir = { - .get = nftnl_expr_redir_get, - .parse = nftnl_expr_redir_parse, - .build = nftnl_expr_redir_build, -- .snprintf = nftnl_expr_redir_snprintf, -+ .snprintf_ = nftnl_expr_redir_snprintf, - }; -diff --git a/src/expr/reject.c b/src/expr/reject.c -index 716d25c..acf32c2 100644 ---- a/src/expr/reject.c -+++ b/src/expr/reject.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_reject = { - .get = nftnl_expr_reject_get, - .parse = nftnl_expr_reject_parse, - .build = nftnl_expr_reject_build, -- .snprintf = nftnl_expr_reject_snprintf, -+ .snprintf_ = nftnl_expr_reject_snprintf, - }; -diff --git a/src/expr/rt.c b/src/expr/rt.c -index 1ad9b2a..9f2fdf3 100644 ---- a/src/expr/rt.c -+++ b/src/expr/rt.c -@@ -162,5 +162,5 @@ struct expr_ops expr_ops_rt = { - .get = nftnl_expr_rt_get, - .parse = nftnl_expr_rt_parse, - .build = nftnl_expr_rt_build, -- .snprintf = nftnl_expr_rt_snprintf, -+ .snprintf_ = nftnl_expr_rt_snprintf, - }; -diff --git a/src/expr/socket.c b/src/expr/socket.c -index 02d86f8..49a126b 100644 ---- a/src/expr/socket.c -+++ b/src/expr/socket.c -@@ -165,5 +165,5 @@ struct expr_ops expr_ops_socket = { - .get = nftnl_expr_socket_get, - .parse = nftnl_expr_socket_parse, - .build = nftnl_expr_socket_build, -- .snprintf = nftnl_expr_socket_snprintf, -+ .snprintf_ = nftnl_expr_socket_snprintf, - }; -diff --git a/src/expr/synproxy.c b/src/expr/synproxy.c -index 630f3f4..b22ad2f 100644 ---- a/src/expr/synproxy.c -+++ b/src/expr/synproxy.c -@@ -152,5 +152,5 @@ struct expr_ops expr_ops_synproxy = { - .get = nftnl_expr_synproxy_get, - .parse = nftnl_expr_synproxy_parse, - .build = nftnl_expr_synproxy_build, -- .snprintf = nftnl_expr_synproxy_snprintf, -+ .snprintf_ = nftnl_expr_synproxy_snprintf, - }; -diff --git a/src/expr/target.c b/src/expr/target.c -index b7c595a..31a039c 100644 ---- a/src/expr/target.c -+++ b/src/expr/target.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_target = { - .get = nftnl_expr_target_get, - .parse = nftnl_expr_target_parse, - .build = nftnl_expr_target_build, -- .snprintf = nftnl_expr_target_snprintf, -+ .snprintf_ = nftnl_expr_target_snprintf, - }; -diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c -index d3ee8f8..1b01591 100644 ---- a/src/expr/tproxy.c -+++ b/src/expr/tproxy.c -@@ -170,5 +170,5 @@ struct expr_ops expr_ops_tproxy = { - .get = nftnl_expr_tproxy_get, - .parse = nftnl_expr_tproxy_parse, - .build = nftnl_expr_tproxy_build, -- .snprintf = nftnl_expr_tproxy_snprintf, -+ .snprintf_ = nftnl_expr_tproxy_snprintf, - }; -diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c -index 1460fd2..6c2f653 100644 ---- a/src/expr/tunnel.c -+++ b/src/expr/tunnel.c -@@ -145,5 +145,5 @@ struct expr_ops expr_ops_tunnel = { - .get = nftnl_expr_tunnel_get, - .parse = nftnl_expr_tunnel_parse, - .build = nftnl_expr_tunnel_build, -- .snprintf = nftnl_expr_tunnel_snprintf, -+ .snprintf_ = nftnl_expr_tunnel_snprintf, - }; -diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c -index c81d14d..e648ee5 100644 ---- a/src/expr/xfrm.c -+++ b/src/expr/xfrm.c -@@ -196,5 +196,5 @@ struct expr_ops expr_ops_xfrm = { - .get = nftnl_expr_xfrm_get, - .parse = nftnl_expr_xfrm_parse, - .build = nftnl_expr_xfrm_build, -- .snprintf = nftnl_expr_xfrm_snprintf, -+ .snprintf_ = nftnl_expr_xfrm_snprintf, - }; -diff --git a/src/obj/counter.c b/src/obj/counter.c -index ef0cd20..0c199f7 100644 ---- a/src/obj/counter.c -+++ b/src/obj/counter.c -@@ -127,5 +127,5 @@ struct obj_ops obj_ops_counter = { - .get = nftnl_obj_counter_get, - .parse = nftnl_obj_counter_parse, - .build = nftnl_obj_counter_build, -- .snprintf = nftnl_obj_counter_snprintf, -+ .snprintf_ = nftnl_obj_counter_snprintf, - }; -diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c -index 8136ad9..b3e1d70 100644 ---- a/src/obj/ct_expect.c -+++ b/src/obj/ct_expect.c -@@ -196,5 +196,5 @@ struct obj_ops obj_ops_ct_expect = { - .get = nftnl_obj_ct_expect_get, - .parse = nftnl_obj_ct_expect_parse, - .build = nftnl_obj_ct_expect_build, -- .snprintf = nftnl_obj_ct_expect_snprintf, -+ .snprintf_ = nftnl_obj_ct_expect_snprintf, - }; -diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c -index c52032a..12b783c 100644 ---- a/src/obj/ct_helper.c -+++ b/src/obj/ct_helper.c -@@ -150,5 +150,5 @@ struct obj_ops obj_ops_ct_helper = { - .get = nftnl_obj_ct_helper_get, - .parse = nftnl_obj_ct_helper_parse, - .build = nftnl_obj_ct_helper_build, -- .snprintf = nftnl_obj_ct_helper_snprintf, -+ .snprintf_ = nftnl_obj_ct_helper_snprintf, - }; -diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c -index 1d4f8fb..0a12883 100644 ---- a/src/obj/ct_timeout.c -+++ b/src/obj/ct_timeout.c -@@ -316,5 +316,5 @@ struct obj_ops obj_ops_ct_timeout = { - .get = nftnl_obj_ct_timeout_get, - .parse = nftnl_obj_ct_timeout_parse, - .build = nftnl_obj_ct_timeout_build, -- .snprintf = nftnl_obj_ct_timeout_snprintf, -+ .snprintf_ = nftnl_obj_ct_timeout_snprintf, - }; -diff --git a/src/obj/limit.c b/src/obj/limit.c -index 8b40f9d..2f049b8 100644 ---- a/src/obj/limit.c -+++ b/src/obj/limit.c -@@ -168,5 +168,5 @@ struct obj_ops obj_ops_limit = { - .get = nftnl_obj_limit_get, - .parse = nftnl_obj_limit_parse, - .build = nftnl_obj_limit_build, -- .snprintf = nftnl_obj_limit_snprintf, -+ .snprintf_ = nftnl_obj_limit_snprintf, - }; -diff --git a/src/obj/quota.c b/src/obj/quota.c -index 8ab3300..8666334 100644 ---- a/src/obj/quota.c -+++ b/src/obj/quota.c -@@ -144,5 +144,5 @@ struct obj_ops obj_ops_quota = { - .get = nftnl_obj_quota_get, - .parse = nftnl_obj_quota_parse, - .build = nftnl_obj_quota_build, -- .snprintf = nftnl_obj_quota_snprintf, -+ .snprintf_ = nftnl_obj_quota_snprintf, - }; -diff --git a/src/obj/secmark.c b/src/obj/secmark.c -index 2ccc803..e96e06f 100644 ---- a/src/obj/secmark.c -+++ b/src/obj/secmark.c -@@ -116,5 +116,5 @@ struct obj_ops obj_ops_secmark = { - .get = nftnl_obj_secmark_get, - .parse = nftnl_obj_secmark_parse, - .build = nftnl_obj_secmark_build, -- .snprintf = nftnl_obj_secmark_snprintf, -+ .snprintf_ = nftnl_obj_secmark_snprintf, - }; -diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c -index d689fee..d06cb6d 100644 ---- a/src/obj/synproxy.c -+++ b/src/obj/synproxy.c -@@ -143,5 +143,5 @@ struct obj_ops obj_ops_synproxy = { - .get = nftnl_obj_synproxy_get, - .parse = nftnl_obj_synproxy_parse, - .build = nftnl_obj_synproxy_build, -- .snprintf = nftnl_obj_synproxy_snprintf, -+ .snprintf_ = nftnl_obj_synproxy_snprintf, - }; -diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c -index 5ede6bd..d3743ff 100644 ---- a/src/obj/tunnel.c -+++ b/src/obj/tunnel.c -@@ -547,5 +547,5 @@ struct obj_ops obj_ops_tunnel = { - .get = nftnl_obj_tunnel_get, - .parse = nftnl_obj_tunnel_parse, - .build = nftnl_obj_tunnel_build, -- .snprintf = nftnl_obj_tunnel_snprintf, -+ .snprintf_ = nftnl_obj_tunnel_snprintf, - }; -diff --git a/src/object.c b/src/object.c -index 46e208b..d321c50 100644 ---- a/src/object.c -+++ b/src/object.c -@@ -396,7 +396,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t remain, - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - if (obj->ops) { -- ret = obj->ops->snprintf(buf + offset, remain, flags, obj); -+ ret = obj->ops->snprintf_(buf + offset, remain, flags, obj); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - } - ret = snprintf(buf + offset, remain, "]"); --- -2.33.1 - diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch index 049ad2d39aa..abeca6579c4 100644 --- a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch +++ b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch @@ -1,4 +1,4 @@ -From 1cb59c1fed33607e4fb2bee9144ce45276e9cc96 Mon Sep 17 00:00:00 2001 +From 801a4dd42449fb5f09fb9cb99714ed137278ca24 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Tue, 14 Dec 2021 12:31:12 -0500 Subject: [PATCH] configure.ac: Add serial-tests @@ -14,13 +14,13 @@ Signed-off-by: Trevor Gamblin 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 8e68035..2704214 100644 +index d5c6bd0..d90048e 100644 --- a/configure.ac +++ b/configure.ac @@ -8,7 +8,9 @@ AC_CONFIG_HEADERS([config.h]) m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2 + AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-xz - 1.6 subdir-objects]) + 1.6 subdir-objects serial-tests]) + @@ -29,5 +29,5 @@ index 8e68035..2704214 100644 dnl kernel style compile messages m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) -- -2.33.1 +2.25.1 diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb similarity index 89% rename from meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb rename to meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb index 44479638f14..841a7267b84 100644 --- a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb +++ b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb @@ -2,28 +2,27 @@ SUMMARY = "Library for low-level interaction with nftables Netlink's API over li LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" SECTION = "libs" -DEPENDS = "libmnl" -SRCREV = "09456c720e9c00eecc08e41ac6b7c291b3821ee5" SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \ - file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \ file://0001-configure.ac-Add-serial-tests.patch \ file://run-ptest \ " +SRCREV = "83dd4dc316b4189d16ead54cd30bfc89e5160cfd" S = "${WORKDIR}/git" inherit autotools pkgconfig ptest +DEPENDS = "libmnl" RDEPENDS:${PN}-ptest += " bash python3-core make" - + TESTDIR = "tests" do_compile_ptest() { cp -rf ${S}/build-aux . oe_runmake buildtest-TESTS } - + do_install_ptest() { cp -rf ${B}/build-aux ${D}${PTEST_PATH} install -d ${D}${PTEST_PATH}/${TESTDIR} @@ -38,4 +37,3 @@ do_install_ptest() { # other nonexistent paths before running the actual tests sed -i 's/^Makefile/_Makefile/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile } - diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch b/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch deleted file mode 100644 index 65ab2dfd8c4..00000000000 --- a/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Tue, 22 Feb 2022 00:56:36 +0100 -Subject: [PATCH] examples: compile with `make check' and add AM_CPPFLAGS - -Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to -specify local headers via -I. - -Unfortunately, `make distcheck' did not catch this compile time error in -my system, since it was using the nftables/libnftables.h file of the -previous nftables release. - -Fixes: 5b364657a35f ("build: missing SUBIRS update") -Fixes: caf2a6ad2d22 ("examples: add libnftables example program") -Signed-off-by: Pablo Neira Ayuso - -Upstream-Status: Backport -[http://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3] - -Signed-off-by: Yi Zhao ---- - examples/Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/examples/Makefile.am b/examples/Makefile.am -index c972170d..3b8b0b67 100644 ---- a/examples/Makefile.am -+++ b/examples/Makefile.am -@@ -1,4 +1,6 @@ --noinst_PROGRAMS = nft-buffer \ -+check_PROGRAMS = nft-buffer \ - nft-json-file - -+AM_CPPFLAGS = -I$(top_srcdir)/include -+ - LDADD = $(top_builddir)/src/libnftables.la --- -2.25.1 - diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch new file mode 100644 index 00000000000..164182bb1ef --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch @@ -0,0 +1,53 @@ +From 7a6089a400a573b9a4fd92f29c00a6be7b8ef269 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 2 Nov 2023 16:02:14 +0100 +Subject: [PATCH] tests: shell: Fix sets/reset_command_0 for current kernels + +Since kernel commit 4c90bba60c26 ("netfilter: nf_tables: do not refresh +timeout when resetting element"), element reset won't touch expiry +anymore. Invert the one check to make sure it remains unaltered, drop +the other testing behaviour for per-element timeouts. + +Signed-off-by: Phil Sutter + +Upstream-Status: Backport +[https://git.netfilter.org/nftables/commit/?id=7a6089a400a573b9a4fd92f29c00a6be7b8ef269] + +Signed-off-by: William Lyu +--- + tests/shell/testcases/sets/reset_command_0 | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0 +index e663dac8..d38ddb3f 100755 +--- a/tests/shell/testcases/sets/reset_command_0 ++++ b/tests/shell/testcases/sets/reset_command_0 +@@ -44,10 +44,10 @@ elem='element t s { 1.0.0.1 . udp . 53 }' + grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]] + echo OK + +-echo -n "counters and expiry are reset: " ++echo -n "counters are reset, expiry left alone: " + NEW=$($NFT "get $elem") + grep -q 'counter packets 0 bytes 0' <<< "$NEW" +-[[ $(expires_minutes <<< "$NEW") -gt 20 ]] ++[[ $(expires_minutes <<< "$NEW") -lt 20 ]] + echo OK + + echo -n "get map elem matches reset map elem: " +@@ -80,12 +80,6 @@ OUT=$($NFT reset map t m) + $DIFF -u <(echo "$EXP") <(echo "$OUT") + echo OK + +-echo -n "reset command respects per-element timeout: " +-VAL=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }' | expires_minutes) +-[[ $VAL -lt 15 ]] # custom timeout applies +-[[ $VAL -gt 10 ]] # expires was reset +-echo OK +- + echo -n "remaining elements are reset: " + OUT=$($NFT list ruleset) + grep -q '2.0.0.2 . tcp . 22 counter packets 0 bytes 0' <<< "$OUT" +-- +2.43.0 + diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch new file mode 100644 index 00000000000..2a966ab443c --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch @@ -0,0 +1,46 @@ +From fff913c1eefbc84eb2d9c52038ef29fe881e9ee9 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 21 Nov 2023 21:16:38 +0100 +Subject: [PATCH] tests: shell: skip secmark tests if kernel does not support + it + +Signed-off-by: Pablo Neira Ayuso + +Upstream-Status: Backport +[https://git.netfilter.org/nftables/commit/?id=fff913c1eefbc84eb2d9c52038ef29fe881e9ee9] + +Signed-off-by: William Lyu +--- + tests/shell/features/secmark.nft | 7 +++++++ + tests/shell/testcases/json/0005secmark_objref_0 | 1 + + 2 files changed, 8 insertions(+) + create mode 100644 tests/shell/features/secmark.nft + +diff --git a/tests/shell/features/secmark.nft b/tests/shell/features/secmark.nft +new file mode 100644 +index 00000000..ccbb572f +--- /dev/null ++++ b/tests/shell/features/secmark.nft +@@ -0,0 +1,7 @@ ++# fb961945457f ("netfilter: nf_tables: add SECMARK support") ++# v4.20-rc1~14^2~125^2~5 ++table inet x { ++ secmark ssh_server { ++ "system_u:object_r:ssh_server_packet_t:s0" ++ } ++} +diff --git a/tests/shell/testcases/json/0005secmark_objref_0 b/tests/shell/testcases/json/0005secmark_objref_0 +index 992d1b00..5c44f093 100755 +--- a/tests/shell/testcases/json/0005secmark_objref_0 ++++ b/tests/shell/testcases/json/0005secmark_objref_0 +@@ -1,6 +1,7 @@ + #!/bin/bash + + # NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) ++# NFT_TEST_REQUIRES(NFT_TEST_HAVE_secmark) + + set -e + +-- +2.43.0 + diff --git a/meta-networking/recipes-filter/nftables/nftables/run-ptest b/meta-networking/recipes-filter/nftables/nftables/run-ptest index 611b8448532..55e801f67c2 100644 --- a/meta-networking/recipes-filter/nftables/nftables/run-ptest +++ b/meta-networking/recipes-filter/nftables/nftables/run-ptest @@ -1,2 +1,22 @@ #!/bin/sh -tests/shell/run-tests.sh -v + +NFTABLESLIB=@libdir@/nftables +cd ${NFTABLESLIB}/ptest || exit 1 + +LOG="${NFTABLESLIB}/ptest/nftables_ptest_$(date +%Y%m%d-%H%M%S).log" +NFT=nft +tests/shell/run-tests.sh -v | sed -E '/I: \[OK\]/ s/^/PASS: / ; /W: \[(CHK DUMP|VALGRIND|TAINTED|DUMP FAIL|FAILED)\]/ s/^/FAIL: / ; /I: \[SKIPPED\]/ s/^/SKIP: /' | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g" | tee -a "${LOG}" + +passed=$(grep -c PASS: "${LOG}") +failed=$(grep -c FAIL: "${LOG}") +skiped=$(grep -c SKIP: "${LOG}") + +all=$((passed + failed + skiped)) + +( echo "=== Test Summary ===" + echo "TOTAL: ${all}" + echo "PASSED: ${passed}" + echo "FAILED: ${failed}" + echo "SKIPED: ${skiped}" + echo "====================" +) | tee -a "${LOG}" diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb deleted file mode 100644 index 080a0ed85c9..00000000000 --- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "Netfilter Tables userspace utillites" -SECTION = "net" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79" - -DEPENDS = "libmnl libnftnl bison-native \ - ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}" - -# Ensure we reject the 0.099 version by matching at least two dots -UPSTREAM_CHECK_REGEX = "nftables-(?P\d+(\.\d+){2,}).tar.bz2" - -SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \ - file://0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch \ - file://run-ptest \ - " - -SRC_URI[sha256sum] = "0b28a36ffcf4567b841de7bd3f37918b1fed27859eb48bdec51e1f7a83954c02" - -inherit autotools manpages pkgconfig ptest - -PACKAGECONFIG ??= "python readline json" -PACKAGECONFIG[json] = "--with-json, --without-json, jansson" -PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native" -PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp" -PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --with-python-bin="", python3" -PACKAGECONFIG[readline] = "--with-cli=readline, --without-cli, readline" -PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables" - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)} - -RRECOMMENDS:${PN} += "kernel-module-nf-tables" - -PACKAGES =+ "${PN}-python" -FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" -RDEPENDS:${PN}-python = "python3-core python3-json ${PN}" - -RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json python3-misc util-linux" - -TESTDIR = "tests" - -PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" - -do_install_ptest() { - cp -rf ${S}/build-aux ${D}${PTEST_PATH} - cp -rf ${S}/src ${D}${PTEST_PATH} - mkdir -p ${D}${PTEST_PATH}/src/.libs - cp -rf ${B}/src/.libs/* ${D}${PTEST_PATH}/src/.libs - cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/ - cp -rf ${S}/py ${D}${PTEST_PATH} - cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}/${TESTDIR} - sed -i 's#/usr/bin/python#/usr/bin/python3#' ${D}${PTEST_PATH}/${TESTDIR}/json_echo/run-test.py - sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py -} diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb new file mode 100644 index 00000000000..77189227425 --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb @@ -0,0 +1,106 @@ +SUMMARY = "Netfilter Tables userspace utillites" +DESCRIPTION = "nftables replaces the popular {ip,ip6,arp,eb}tables. \ + This software provides an in-kernel packet classification framework \ + that is based on a network-specific Virtual Machine (VM), \ + nft, a userspace command line tool and libnftables, a high-level userspace library." +HOMEPAGE = "https://netfilter.org/projects/nftables" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=81ec33bb3e47b460fc993ac768c74b62" + +DEPENDS = "libmnl libnftnl bison-native \ + ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}" + +SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.xz \ + file://0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch \ + file://0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch \ + file://run-ptest \ + " +SRC_URI[sha256sum] = "a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd" + +inherit autotools manpages pkgconfig ptest + +PACKAGECONFIG ?= "python readline json" +PACKAGECONFIG[editline] = "--with-cli=editline, , libedit, , , linenoise readline" +PACKAGECONFIG[json] = "--with-json, --without-json, jansson" +PACKAGECONFIG[linenoise] = "--with-cli=linenoise, , linenoise, , , editline readline" +PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native" +PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp" +PACKAGECONFIG[python] = ",, python3-setuptools-native" +PACKAGECONFIG[readline] = "--with-cli=readline, , readline, , , editline linenoise" +PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables" + +EXTRA_OECONF = " \ + ${@bb.utils.contains_any('PACKAGECONFIG', 'editline linenoise readline', '', '--without-cli', d)}" + +SETUPTOOLS_SETUP_PATH = "${S}/py" + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'setuptools3', '', d)} + +PACKAGES =+ "${PN}-python" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" +RDEPENDS:${PN}-python = "python3-core python3-json ${PN}" + +# Explicitly define do_configure, do_compile and do_install because both autotools and setuptools3 +# have EXPORT_FUNCTIONS do_configure do_compile do_install +do_configure() { + autotools_do_configure + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_configure + fi +} + +do_compile() { + autotools_do_compile + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_compile + fi +} + +do_install() { + autotools_do_install + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_install + fi +} + +RDEPENDS:${PN}-ptest += " ${PN}-python bash coreutils make iproute2 iputils-ping procps python3-core python3-ctypes python3-json python3-misc sed util-linux" + +RRECOMMENDS:${PN}-ptest += "\ +kernel-module-nft-chain-nat kernel-module-nft-queue \ +kernel-module-nft-compat kernel-module-nft-quota \ +kernel-module-nft-connlimit kernel-module-nft-redir \ +kernel-module-nft-ct kernel-module-nft-reject \ +kernel-module-nft-flow-offload kernel-module-nft-reject-inet \ +kernel-module-nft-hash kernel-module-nft-reject-ipv4 \ +kernel-module-nft-limit kernel-module-nft-reject-ipv6 \ +kernel-module-nft-log kernel-module-nft-socket \ +kernel-module-nft-masq kernel-module-nft-synproxy \ +kernel-module-nft-nat kernel-module-nft-tunnel \ +kernel-module-nft-numgen kernel-module-nft-xfrm \ +kernel-module-nft-osf \ +kernel-module-nf-flow-table \ +kernel-module-nf-flow-table-inet \ +kernel-module-nf-nat \ +kernel-module-nf-log-syslog \ +kernel-module-nf-nat-ftp \ +kernel-module-nf-nat-sip \ +kernel-module-8021q \ +kernel-module-dummy" + +TESTDIR = "tests" + +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" + +do_install_ptest() { + cp -rf ${S}/build-aux ${D}${PTEST_PATH} + cp -rf ${S}/src ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/src/.libs + cp -rf ${B}/src/.libs/* ${D}${PTEST_PATH}/src/.libs + cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/ + cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}/${TESTDIR} + sed -i 's#/usr/bin/python#/usr/bin/python3#' ${D}${PTEST_PATH}/${TESTDIR}/json_echo/run-test.py + sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py + # handle multilib + sed -i s:@libdir@:${libdir}:g ${D}${PTEST_PATH}/run-ptest +}