17 files changed, 690 insertions, 0 deletions
diff --git a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.0.bb b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.0.bb
new file mode 100644
index 000000000..0cc139840
--- /dev/null
+++ b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.0.bb
@@ -0,0 +1,32 @@
+SUMMARY = "Connection tracking userspace tools for Linux"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \
+           libnetfilter-cthelper libnetfilter-queue bison-native"
+SRC_URI = " \
+    http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.bz2;name=tar \
+    file://conntrack-failover \
+    file://init \
+"
+SRC_URI[tar.md5sum] = "ee737c774e01349f75e935228a2d851b"
+SRC_URI[tar.sha256sum] = "036b032a5c4d180aad686df21399d74506b9b3d3000794eb13ac313482e24896"
+inherit autotools-brokensep update-rc.d pkgconfig
+INITSCRIPT_NAME = "conntrackd"
+do_install_append() {
+    install -d ${D}/${sysconfdir}/conntrackd
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 0644 doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
+    install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover
+    install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd
+    # Fix hardcoded paths in scripts
+    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
+    sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
+    sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
+    sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd
+}
diff --git a/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover b/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover
new file mode 100644
index 000000000..6d92e637f
--- /dev/null
+++ b/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover
@@ -0,0 +1,77 @@
+#!/bin/sh
+# 
+# (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org>
+# (C) 2009 Roman I Khimov <khimov@altell.ru>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+#
+# Description:
+#
+# This is the script for primary-backup setups for keepalived
+# (http://www.keepalived.org). You may adapt it to make it work with other
+# high-availability managers.
+#
+# Do not forget to include the required modifications to your keepalived.conf
+# file to invoke this script during keepalived's state transitions.
+#
+# Contributions to improve this script are welcome :).
+#
+## Modified to work as init.d script under pacemaker control
+CONNTRACKD_BIN=/usr/sbin/conntrackd
+CONNTRACKD_LOCK=/var/lock/conntrack.lock
+CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
+case "$1" in
+  start)
+    #
+    # commit the external cache into the kernel table
+    #
+    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
+    if [ $? -eq 1 ]
+    then
+        logger "ERROR: failed to invoke conntrackd -c"
+    fi
+    #
+    # flush the internal and the external caches
+    #
+    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
+    if [ $? -eq 1 ]
+    then
+        logger "ERROR: failed to invoke conntrackd -f"
+    fi
+    #
+    # resynchronize my internal cache to the kernel table
+    #
+    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
+    if [ $? -eq 1 ]
+    then
+        logger "ERROR: failed to invoke conntrackd -R"
+    fi
+    #
+    # send a bulk update to backups 
+    #
+    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
+    if [ $? -eq 1 ]
+    then
+        logger "ERROR: failed to invoke conntrackd -B"
+    fi
+    ;;
+  stop)
+        $CONNTRACKD_BIN -t
+        $CONNTRACKD_BIN -n
+        ;;
+  status)
+        ;;
+  *)
+    logger "ERROR: unknown command"
+    echo "Usage: conntrack-failover {start|stop|status}"
+    exit 1
+    ;;
+esac
+exit 0
diff --git a/meta-networking/recipes-filter/conntrack-tools/files/init b/meta-networking/recipes-filter/conntrack-tools/files/init
new file mode 100644
index 000000000..bce2075a7
--- /dev/null
+++ b/meta-networking/recipes-filter/conntrack-tools/files/init
@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+# /etc/init.d/conntrackd
+#
+# Maximilian Wilhelm <max@rfc2324.org>
+#  -- Mon, 06 Nov 2006 18:39:07 +0100
+#
+# Roman I Khimov <khimov@altell.ru>
+#  -- Tue, 27 Oct 2009 14:34:00 +0300
+### BEGIN INIT INFO
+# Provides:          conntrackd
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Description: Starts conntrackd
+# short-description: Starts conntrackd
+### END INIT INFO
+export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NAME="conntrackd"
+DAEMON="/usr/sbin/conntrackd"
+CONFIG="/etc/conntrackd/conntrackd.conf"
+PIDFILE="/var/run/${NAME}.pid"
+# Gracefully exit if there is no daemon (debian way of life)
+if [ ! -x "${DAEMON}" ]; then
+        exit 0
+fi
+# Check for config file
+if [ ! -f /etc/conntrackd/conntrackd.conf ]; then
+        echo "Error: There is no config file for $NAME" >&2
+        exit 1;
+fi
+case "$1" in
+  start)
+        echo -n "Starting $NAME: "
+        for i in nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_proto_dccp nf_conntrack_tftp \
+                nf_conntrack_sane nf_conntrack_pptp nf_conntrack_irc nf_conntrack_amanda nf_conntrack_h323 \
+                nf_conntrack_proto_udplite nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_ftp \
+                nf_conntrack_sip; do
+                modprobe $i >/dev/null 2>/dev/null &
+        done
+        start-stop-daemon --start --quiet --make-pidfile --pidfile "/var/run/${NAME}.pid" --background --exec "${DAEMON}"
+        RET=$?
+        if [ "$?" = "0" ]; then
+                sleep 2
+                # Sync with other server
+                conntrackd -n
+                echo "done."
+        else
+                echo "FAILED!"
+        fi
+        exit $RET
+        ;;
+  stop)
+        echo -n "Stopping $NAME:"
+        start-stop-daemon --stop --quiet --oknodo --pidfile "/var/run/${NAME}.pid" && echo "done." || echo "FAILED!"
+        ;;
+  status)
+        echo -n "conntrackd "
+        start-stop-daemon -q -K -t -x $DAEMON
+        RET=$?
+        if [ "$RET" = "0" ]; then
+                PID=`cat $PIDFILE`
+                echo "($PID) is running"
+        else
+                echo "is not running"
+                exit $RET
+        fi
+        ;;
+  restart)
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: /etc/init.d/conntrackd {start|stop|restart}"
+        exit 1
+esac
+exit 0
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
new file mode 100644
index 000000000..c260403ea
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
@@ -0,0 +1,50 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## debian_defaultconfig.dpatch by  <hesso@pool.math.tu-berlin.de>
+##
+## DP: Debian enhancements to the ebtables "sysconfig" default settings.
+@DPATCH@
+--- ebtables-2.0.8.1.orig/ebtables-config
+++ ebtables-2.0.8.1/ebtables-config
+@@ -1,17 +1,3 @@
+-# Save (and possibly restore) in text format.
+-#   Value: yes|no,  default: yes
+-# Save the firewall rules in text format to __SYSCONFIG__/ebtables
+-# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
+-# is done using this text format.
+-EBTABLES_TEXT_FORMAT="yes"
+-
+-# Save (and restore) in binary format.
+-#   Value: yes|no,  default: yes
+-# Save (and restore) the firewall rules in binary format to (and from)
+-# __SYSCONFIG__/ebtables.<chain>. Enabling this option will make
+-# firewall initialisation a lot faster.
+-EBTABLES_BINARY_FORMAT="yes"
+-
+ # Unload modules on restart and stop
+ #   Value: yes|no,  default: yes
+ # This option has to be 'yes' to get to a sane state for a firewall
+@@ -19,6 +5,12 @@
+ # modules.
+ EBTABLES_MODULES_UNLOAD="yes"
+ 
+# Load firewall rules on system startup.
+#   Value: yes|no,  default: no
+# Restores the ebtables rulesets from the last saved state when the
+# system boots up.
+EBTABLES_LOAD_ON_START="no"
+
+ # Save current firewall rules on stop.
+ #   Value: yes|no,  default: no
+ # Saves all firewall rules if firewall gets stopped
+@@ -35,3 +27,9 @@
+ # Save rule counters when saving a kernel table to a file. If the
+ # rule counters were saved, they will be restored when restoring the table.
+ EBTABLES_SAVE_COUNTER="no"
+
+# Backup suffix for ruleset save files.
+#   Value: <string>,  default: "~"
+# Keep one backup level of saved rules.
+# Set this variable to the empty string to disable backups.
+EBTABLES_BACKUP_SUFFIX="~"
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common
new file mode 100644
index 000000000..640025dba
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common
@@ -0,0 +1,163 @@
+#!/bin/sh
+[ -x /sbin/ebtables ] || exit 1
+EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
+RETVAL=0
+prog="ebtables"
+desc="Ethernet bridge filtering"
+umask 0077
+#default configuration
+EBTABLES_MODULES_UNLOAD="yes"
+EBTABLES_LOAD_ON_START="no"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+EBTABLES_BACKUP_SUFFIX="~"
+config=/etc/default/$prog
+[ -f "$config" ] && . "$config"
+function get_supported_tables() {
+        EBTABLES_SUPPORTED_TABLES=
+        /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
+        if [ $? -eq 0 ]; then
+                echo "Error: insufficient privileges to access the ebtables rulesets."
+                exit 1
+        fi
+        for table in filter nat broute; do
+                /sbin/ebtables -t $table -L &> /dev/null
+                if [ $? -eq 0 ]; then
+                        EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
+                fi
+        done
+}
+function load() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Restoring ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
+                        /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
+                        RET=$?
+                        if [ $RET -ne 0 ]; then
+                                echo -n "(failed) "
+                                RETVAL=$RET
+                        fi
+                else
+                        echo -n "(no saved state) "
+                fi
+        done
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+function clear() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Clearing ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                /sbin/ebtables -t $table --init-table
+        done
+        if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
+                for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
+                        rmmod $mod 2> /dev/null
+                done
+        fi
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+function save() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Saving ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
+                  mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
+                /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
+                RET=$?
+                if [ $RET -ne 0 ]; then
+                        echo -n "(failed) "
+                        RETVAL=$RET
+                else
+                        if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+                                /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
+                        fi
+                fi
+        done
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+case "$1" in
+  start)
+        [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+        ;;
+  stop)
+        [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
+        clear
+        ;;
+  restart|reload|force-reload)
+        [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
+        clear
+        [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+        ;;
+  load)
+        load
+        ;;
+  save)
+        save
+        ;;
+  status)
+        get_supported_tables
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo "No kernel support for ebtables."
+                RETVAL=1
+        else
+                echo -n "Ebtables support available, number of installed rules: "
+                for table in $EBTABLES_SUPPORTED_TABLES; do
+                        COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
+                        echo -n "$table($COUNT) "
+                done
+                echo ok
+                RETVAL=0
+        fi
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
+        RETVAL=1
+esac
+exit $RETVAL
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init
new file mode 100755
index 000000000..c9a77a29e
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# init script for the Ethernet Bridge filter tables
+#
+# Written by Dag Wieers <dag@wieers.com>
+# Modified by Rok Papez <rok.papez@arnes.si>
+#            Bart De Schuymer <bdschuym@pandora.be>
+# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
+# Adapted to OpenEmbedded by Roman I Khimov <khimov@altell.ru>
+#
+# chkconfig: - 15 85
+# description: Ethernet Bridge filtering tables
+#
+### BEGIN INIT INFO
+# Provides:             ebtables
+# Required-Start:       
+# Required-Stop:        
+# Should-Start:         $local_fs
+# Should-Stop:          $local_fs
+# Default-Start:        S
+# Default-Stop:         0 6
+# Short-Description:    ebtables ruleset management
+# Description:          Saves and restores the state of the ebtables rulesets.
+### END INIT INFO
+/usr/sbin/ebtables.common $1
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service
new file mode 100644
index 000000000..3abd1fe3e
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Ethernet Bridge Filtering Tables
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@SBINDIR@/ebtables.common start
+ExecStop=@SBINDIR@/ebtables.common stop
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch
new file mode 100644
index 000000000..bcd9bed23
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch
@@ -0,0 +1,43 @@
+diff --git a/Makefile b/Makefile
+index c1106a4..7ea6b7a 100644
+--- a/Makefile
+++ b/Makefile
+@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\//\\\//g')
+ scripts: ebtables-save ebtables.sysv ebtables-config
+        cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+        mkdir -p $(DESTDIR)$(BINDIR)
+-       install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+       install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+        cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+        if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
+-       if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
+       if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
+        cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+        if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi
+-       if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
+       if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
+        rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+ 
+ tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g')
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+        mkdir -p $(DESTDIR)$(@D)
+        sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_
+-       install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
+       install -m 0644 ebtables.8_ $(DESTDIR)$@
+        rm -f ebtables.8_
+ 
+ $(DESTDIR)$(ETHERTYPESFILE): ethertypes
+        mkdir -p $(@D)
+-       install -m 0644 -o root -g root $< $@
+       install -m 0644 $< $@
+ 
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+        mkdir -p $(DESTDIR)$(BINDIR)
+-       install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+-       install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+       install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+       install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+ 
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch
new file mode 100644
index 000000000..336119d6b
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch
@@ -0,0 +1,25 @@
+link ebtables with --no-as-needed and adjust the link order to fix runtime crash
+Program terminated with signal 11, Segmentation fault.
+#0  0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so
+(gdb) bt
+#0  0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so
+#1  0x00007ffaa83824dc in do_command () from /lib64/ebtables/libebtc.so
+#2  0x000000000040065c in ?? ()
+#3  0x00007ffaa7fed755 in __libc_start_main () from /lib64/libc.so.6
+#4  0x0000000000400691 in ?? ()
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Index: ebtables-v2.0.10-4/Makefile
+===================================================================
+--- ebtables-v2.0.10-4.orig/Makefile    2011-12-15 12:02:47.000000000 -0800
+++ ebtables-v2.0.10-4/Makefile 2012-12-17 22:09:45.065973753 -0800
+@@ -90,7 +90,7 @@
+        $(CC) -shared $(LDFLAGS) -Wl,-soname,libebtc.so -o libebtc.so -lc $(OBJECTS2)
+ 
+ ebtables: $(OBJECTS) ebtables-standalone.o libebtc.so
+-       $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \
+       $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -Wl,--no-as-needed $(EXT_LIBSI) -lebtc \
+        -Wl,-rpath,$(LIBDIR)
+ 
+ ebtablesu: ebtablesu.c
diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb
new file mode 100644
index 000000000..32cfc752b
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb
@@ -0,0 +1,77 @@
+SUMMARY = "Filtering tool for a Linux-based bridging firewall"
+DESCRIPTION = "Utility for basic Ethernet frame filtering on a Linux bridge, \
+               advanced logging, MAC DNAT/SNAT and brouting."
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e"
+SECTION = "console/network"
+PR = "r3"
+RDEPENDS_${PN} += "perl"
+RRECOMMENDS_${PN} += "kernel-module-ebtables \
+    "
+SRC_URI = "${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \
+           file://installnonroot.patch \
+           file://01debian_defaultconfig.patch \
+           file://ebtables.init \
+           file://ebtables.common \
+           file://ebtables.service \
+           file://no-as-needed.patch \
+"
+SRC_URI[md5sum] = "506742a3d44b9925955425a659c1a8d0"
+SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d"
+S = "${WORKDIR}/ebtables-v${PV}"
+inherit update-rc.d systemd
+EXTRA_OEMAKE = " \
+        BINDIR=${base_sbindir} \
+        MANDIR=${mandir} \
+        ETHERTYPESPATH=${sysconfdir} \
+        INITDIR=${sysconfdir}/init.d \
+        SYSCONFIGDIR=${sysconfdir}/default \
+        LIBDIR=${base_libdir}/ebtables \
+        'CC=${CC}' \
+        'CFLAGS=${CFLAGS}' \
+        'LDFLAGS=${LDFLAGS} -Wl,--no-as-needed' \
+        'LD=${LD}' \
+"
+do_install () {
+    install -d ${D}${sbindir}
+    install -m 0755 ${WORKDIR}/ebtables.common ${D}${sbindir}/ebtables.common
+    # Fix hardcoded paths in scripts
+    sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${sbindir}/ebtables.common
+    sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sbindir}/ebtables.common
+    install -d ${D}${sysconfdir}/init.d
+    install -d ${D}${sysconfdir}/default
+    install -d ${D}${sysconfdir}/ebtables
+    oe_runmake DESTDIR='${D}' install
+    install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables
+    mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables
+    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ebtables
+    # The script ebtables-save refernces perl in exec_prefix, so
+    # move it to sbindir to avoid QA issue
+    install -d ${D}/${sbindir}
+    mv ${D}/${base_sbindir}/ebtables-save ${D}/${sbindir}
+    # Install systemd service files
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system
+    sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service
+}
+CONFFILES_${PN} += "${sysconfdir}/default/ebtables"
+INITSCRIPT_NAME = "ebtables"
+INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ."
+SYSTEMD_SERVICE_${PN} = "ebtables.service"
+FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug"
+FILES_${PN} += "${base_libdir}/ebtables/*.so"
diff --git a/meta-networking/recipes-filter/libmnl/libmnl_1.0.3.bb b/meta-networking/recipes-filter/libmnl/libmnl_1.0.3.bb
new file mode 100644
index 000000000..74f909660
--- /dev/null
+++ b/meta-networking/recipes-filter/libmnl/libmnl_1.0.3.bb
@@ -0,0 +1,12 @@
+SUMMARY = "Minimalistic user-space Netlink utility library"
+DESCRIPTION = "Minimalistic user-space library oriented to Netlink developers, providing \
+    functions for common tasks in parsing, validating, and constructing both the Netlink header and TLVs."
+HOMEPAGE = "http://www.netfilter.org/projects/libmnl/index.html"
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
+SRC_URI = "http://www.netfilter.org/projects/libmnl/files/libmnl-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "7d95fc3bea3365bc03c48e484224f65f"
+SRC_URI[tar.sha256sum] = "6f14336e9acdbc62c2dc71bbb59ce162e54e9af5c80153e92476c5443fe784de"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.2.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.2.bb
new file mode 100644
index 000000000..fb915abbf
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.2.bb
@@ -0,0 +1,14 @@
+SUMMARY = "Netfilter connection tracking library"
+DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter connection tracking state table"
+HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_conntrack/index.html"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libnfnetlink libmnl"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "447114b5d61bb9a9617ead3217c3d3ff"
+SRC_URI[tar.sha256sum] = "a0bd747dd58ae1513586b43c7125b41e6325f97eb95ac63d53cf5aeb33254d12"
+S = "${WORKDIR}/libnetfilter_conntrack-${PV}"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb
new file mode 100644
index 000000000..405e8bfae
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb
@@ -0,0 +1,14 @@
+SUMMARY = "Netfilter connection tracking helper library"
+DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter user-space helper infrastructure"
+HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_cthelper/index.html"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libmnl"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "b2efab1a3a198a5add448960ba011acd"
+SRC_URI[tar.sha256sum] = "07618e71c4d9a6b6b3dc1986540486ee310a9838ba754926c7d14a17d8fccf3d"
+S = "${WORKDIR}/libnetfilter_cthelper-${PV}"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb
new file mode 100644
index 000000000..2f2585217
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb
@@ -0,0 +1,13 @@
+SUMMARY = "Netfilter connection tracking timeout library"
+DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter fine-grain connection tracking timeout infrastructure"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libmnl"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cttimeout/files/libnetfilter_cttimeout-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "7697437fc9ebb6f6b83df56a633db7f9"
+SRC_URI[tar.sha256sum] = "aeab12754f557cba3ce2950a2029963d817490df7edb49880008b34d7ff8feba"
+S = "${WORKDIR}/libnetfilter_cttimeout-${PV}"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb
new file mode 100644
index 000000000..81909b8be
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb
@@ -0,0 +1,14 @@
+SUMMARY = "Netfilter logging library"
+DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter log message (NFLOG)"
+HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_log/index.html"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libnfnetlink"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_log/files/libnetfilter_log-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "2a4bb0654ae675a52d2e8d1c06090b94"
+SRC_URI[tar.sha256sum] = "74e0fe75753dba3ac114531b5e73240452c789a3f3adccf5c51217da1d933b21"
+S = "${WORKDIR}/libnetfilter_log-${PV}"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb
new file mode 100644
index 000000000..b932ff65f
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb
@@ -0,0 +1,14 @@
+SUMMARY = "Netfilter packet queue access library"
+DESCRIPTION = "Userspace library providing a programming interface (API) to access the Linux kernel netfilter packet queue"
+HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_queue/index.html"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+DEPENDS = "libnfnetlink libmnl"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_queue/files/libnetfilter_queue-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "df09befac35cb215865b39a36c96a3fa"
+SRC_URI[tar.sha256sum] = "838490eb5dbe358f9669823704982f5313a8d397111562373200203f93ac1a32"
+S = "${WORKDIR}/libnetfilter_queue-${PV}"
+inherit autotools pkgconfig
diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb
new file mode 100644
index 000000000..9cb615bb4
--- /dev/null
+++ b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb
@@ -0,0 +1,18 @@
+SUMMARY = "Low-level library for netfilter related kernel/userspace communication"
+DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \
+kernel/userspace communication. It provides a generic messaging \
+infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \
+nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \
+management tools in userspace."
+HOMEPAGE = "http://www.netfilter.org/projects/libnfnetlink/index.html"
+SECTION = "devel/libs"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+SRC_URI = "http://www.netfilter.org/projects/libnfnetlink/files/libnfnetlink-${PV}.tar.bz2;name=tar"
+SRC_URI[tar.md5sum] = "98927583d2016a9fb1936fed992e2c5e"
+SRC_URI[tar.sha256sum] = "f270e19de9127642d2a11589ef2ec97ef90a649a74f56cf9a96306b04817b51a"
+inherit autotools pkgconfig