diff options
Diffstat (limited to 'meta-networking')
4 files changed, 331 insertions, 0 deletions
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch new file mode 100644 index 000000000..c260403ea --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | #! /bin/sh /usr/share/dpatch/dpatch-run | ||
2 | ## debian_defaultconfig.dpatch by <hesso@pool.math.tu-berlin.de> | ||
3 | ## | ||
4 | ## DP: Debian enhancements to the ebtables "sysconfig" default settings. | ||
5 | |||
6 | @DPATCH@ | ||
7 | |||
8 | --- ebtables-2.0.8.1.orig/ebtables-config | ||
9 | +++ ebtables-2.0.8.1/ebtables-config | ||
10 | @@ -1,17 +1,3 @@ | ||
11 | -# Save (and possibly restore) in text format. | ||
12 | -# Value: yes|no, default: yes | ||
13 | -# Save the firewall rules in text format to __SYSCONFIG__/ebtables | ||
14 | -# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules | ||
15 | -# is done using this text format. | ||
16 | -EBTABLES_TEXT_FORMAT="yes" | ||
17 | - | ||
18 | -# Save (and restore) in binary format. | ||
19 | -# Value: yes|no, default: yes | ||
20 | -# Save (and restore) the firewall rules in binary format to (and from) | ||
21 | -# __SYSCONFIG__/ebtables.<chain>. Enabling this option will make | ||
22 | -# firewall initialisation a lot faster. | ||
23 | -EBTABLES_BINARY_FORMAT="yes" | ||
24 | - | ||
25 | # Unload modules on restart and stop | ||
26 | # Value: yes|no, default: yes | ||
27 | # This option has to be 'yes' to get to a sane state for a firewall | ||
28 | @@ -19,6 +5,12 @@ | ||
29 | # modules. | ||
30 | EBTABLES_MODULES_UNLOAD="yes" | ||
31 | |||
32 | +# Load firewall rules on system startup. | ||
33 | +# Value: yes|no, default: no | ||
34 | +# Restores the ebtables rulesets from the last saved state when the | ||
35 | +# system boots up. | ||
36 | +EBTABLES_LOAD_ON_START="no" | ||
37 | + | ||
38 | # Save current firewall rules on stop. | ||
39 | # Value: yes|no, default: no | ||
40 | # Saves all firewall rules if firewall gets stopped | ||
41 | @@ -35,3 +27,9 @@ | ||
42 | # Save rule counters when saving a kernel table to a file. If the | ||
43 | # rule counters were saved, they will be restored when restoring the table. | ||
44 | EBTABLES_SAVE_COUNTER="no" | ||
45 | + | ||
46 | +# Backup suffix for ruleset save files. | ||
47 | +# Value: <string>, default: "~" | ||
48 | +# Keep one backup level of saved rules. | ||
49 | +# Set this variable to the empty string to disable backups. | ||
50 | +EBTABLES_BACKUP_SUFFIX="~" | ||
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init new file mode 100755 index 000000000..0044e9825 --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init | |||
@@ -0,0 +1,186 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # init script for the Ethernet Bridge filter tables | ||
4 | # | ||
5 | # Written by Dag Wieers <dag@wieers.com> | ||
6 | # Modified by Rok Papez <rok.papez@arnes.si> | ||
7 | # Bart De Schuymer <bdschuym@pandora.be> | ||
8 | # Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | ||
9 | # Adapted to OpenEmbedded by Roman I Khimov <khimov@altell.ru> | ||
10 | # | ||
11 | # chkconfig: - 15 85 | ||
12 | # description: Ethernet Bridge filtering tables | ||
13 | # | ||
14 | ### BEGIN INIT INFO | ||
15 | # Provides: ebtables | ||
16 | # Required-Start: | ||
17 | # Required-Stop: | ||
18 | # Should-Start: $local_fs | ||
19 | # Should-Stop: $local_fs | ||
20 | # Default-Start: S | ||
21 | # Default-Stop: 0 6 | ||
22 | # Short-Description: ebtables ruleset management | ||
23 | # Description: Saves and restores the state of the ebtables rulesets. | ||
24 | ### END INIT INFO | ||
25 | |||
26 | [ -x /sbin/ebtables ] || exit 1 | ||
27 | |||
28 | EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump | ||
29 | |||
30 | RETVAL=0 | ||
31 | prog="ebtables" | ||
32 | desc="Ethernet bridge filtering" | ||
33 | umask 0077 | ||
34 | |||
35 | #default configuration | ||
36 | EBTABLES_MODULES_UNLOAD="yes" | ||
37 | EBTABLES_LOAD_ON_START="no" | ||
38 | EBTABLES_SAVE_ON_STOP="no" | ||
39 | EBTABLES_SAVE_ON_RESTART="no" | ||
40 | EBTABLES_SAVE_COUNTER="no" | ||
41 | EBTABLES_BACKUP_SUFFIX="~" | ||
42 | |||
43 | config=/etc/default/$prog | ||
44 | [ -f "$config" ] && . "$config" | ||
45 | |||
46 | function get_supported_tables() { | ||
47 | EBTABLES_SUPPORTED_TABLES= | ||
48 | /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission | ||
49 | if [ $? -eq 0 ]; then | ||
50 | echo "Error: insufficient privileges to access the ebtables rulesets." | ||
51 | exit 1 | ||
52 | fi | ||
53 | for table in filter nat broute; do | ||
54 | /sbin/ebtables -t $table -L &> /dev/null | ||
55 | if [ $? -eq 0 ]; then | ||
56 | EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table" | ||
57 | fi | ||
58 | done | ||
59 | } | ||
60 | |||
61 | function load() { | ||
62 | RETVAL=0 | ||
63 | get_supported_tables | ||
64 | echo -n "Restoring ebtables rulesets: " | ||
65 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
66 | echo -n "$table " | ||
67 | if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then | ||
68 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit | ||
69 | RET=$? | ||
70 | if [ $RET -ne 0 ]; then | ||
71 | echo -n "(failed) " | ||
72 | RETVAL=$RET | ||
73 | fi | ||
74 | else | ||
75 | echo -n "(no saved state) " | ||
76 | fi | ||
77 | done | ||
78 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
79 | echo -n "no kernel support. " | ||
80 | else | ||
81 | echo -n "done. " | ||
82 | fi | ||
83 | if [ $RETVAL -eq 0 ]; then | ||
84 | echo "ok" | ||
85 | else | ||
86 | echo "fail" | ||
87 | fi | ||
88 | } | ||
89 | |||
90 | function clear() { | ||
91 | RETVAL=0 | ||
92 | get_supported_tables | ||
93 | echo -n "Clearing ebtables rulesets: " | ||
94 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
95 | echo -n "$table " | ||
96 | /sbin/ebtables -t $table --init-table | ||
97 | done | ||
98 | |||
99 | if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then | ||
100 | for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do | ||
101 | rmmod $mod 2> /dev/null | ||
102 | done | ||
103 | fi | ||
104 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
105 | echo -n "no kernel support. " | ||
106 | else | ||
107 | echo -n "done. " | ||
108 | fi | ||
109 | if [ $RETVAL -eq 0 ]; then | ||
110 | echo "ok" | ||
111 | else | ||
112 | echo "fail" | ||
113 | fi | ||
114 | } | ||
115 | |||
116 | function save() { | ||
117 | RETVAL=0 | ||
118 | get_supported_tables | ||
119 | echo -n "Saving ebtables rulesets: " | ||
120 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
121 | echo -n "$table " | ||
122 | [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \ | ||
123 | mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX | ||
124 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save | ||
125 | RET=$? | ||
126 | if [ $RET -ne 0 ]; then | ||
127 | echo -n "(failed) " | ||
128 | RETVAL=$RET | ||
129 | else | ||
130 | if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then | ||
131 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z | ||
132 | fi | ||
133 | fi | ||
134 | done | ||
135 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
136 | echo -n "no kernel support. " | ||
137 | else | ||
138 | echo -n "done. " | ||
139 | fi | ||
140 | if [ $RETVAL -eq 0 ]; then | ||
141 | echo "ok" | ||
142 | else | ||
143 | echo "fail" | ||
144 | fi | ||
145 | } | ||
146 | |||
147 | case "$1" in | ||
148 | start) | ||
149 | [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load | ||
150 | ;; | ||
151 | stop) | ||
152 | [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save | ||
153 | clear | ||
154 | ;; | ||
155 | restart|reload|force-reload) | ||
156 | [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save | ||
157 | clear | ||
158 | [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load | ||
159 | ;; | ||
160 | load) | ||
161 | load | ||
162 | ;; | ||
163 | save) | ||
164 | save | ||
165 | ;; | ||
166 | status) | ||
167 | get_supported_tables | ||
168 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
169 | echo "No kernel support for ebtables." | ||
170 | RETVAL=1 | ||
171 | else | ||
172 | echo -n "Ebtables support available, number of installed rules: " | ||
173 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
174 | COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 )) | ||
175 | echo -n "$table($COUNT) " | ||
176 | done | ||
177 | echo ok | ||
178 | RETVAL=0 | ||
179 | fi | ||
180 | ;; | ||
181 | *) | ||
182 | echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2 | ||
183 | RETVAL=1 | ||
184 | esac | ||
185 | |||
186 | exit $RETVAL | ||
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch new file mode 100644 index 000000000..bcd9bed23 --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | diff --git a/Makefile b/Makefile | ||
2 | index c1106a4..7ea6b7a 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\//\\\//g') | ||
6 | scripts: ebtables-save ebtables.sysv ebtables-config | ||
7 | cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ | ||
8 | mkdir -p $(DESTDIR)$(BINDIR) | ||
9 | - install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save | ||
10 | + install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save | ||
11 | cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_ | ||
12 | if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi | ||
13 | - if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi | ||
14 | + if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi | ||
15 | cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_ | ||
16 | if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi | ||
17 | - if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi | ||
18 | + if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi | ||
19 | rm -f ebtables-save_ ebtables.sysv_ ebtables-config_ | ||
20 | |||
21 | tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g') | ||
22 | $(MANDIR)/man8/ebtables.8: ebtables.8 | ||
23 | mkdir -p $(DESTDIR)$(@D) | ||
24 | sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_ | ||
25 | - install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@ | ||
26 | + install -m 0644 ebtables.8_ $(DESTDIR)$@ | ||
27 | rm -f ebtables.8_ | ||
28 | |||
29 | $(DESTDIR)$(ETHERTYPESFILE): ethertypes | ||
30 | mkdir -p $(@D) | ||
31 | - install -m 0644 -o root -g root $< $@ | ||
32 | + install -m 0644 $< $@ | ||
33 | |||
34 | .PHONY: exec | ||
35 | exec: ebtables ebtables-restore | ||
36 | mkdir -p $(DESTDIR)$(BINDIR) | ||
37 | - install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) | ||
38 | - install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore | ||
39 | + install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) | ||
40 | + install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore | ||
41 | |||
42 | .PHONY: install | ||
43 | install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts | ||
diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb new file mode 100644 index 000000000..e3476daf0 --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb | |||
@@ -0,0 +1,52 @@ | |||
1 | SUMMARY = "Utility for basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting." | ||
2 | LICENSE = "GPLv2" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e" | ||
4 | SECTION = "console/network" | ||
5 | PR = "r0" | ||
6 | |||
7 | SRC_URI = "${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \ | ||
8 | file://installnonroot.patch \ | ||
9 | file://01debian_defaultconfig.patch \ | ||
10 | file://ebtables.init \ | ||
11 | " | ||
12 | |||
13 | SRC_URI[md5sum] = "506742a3d44b9925955425a659c1a8d0" | ||
14 | SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d" | ||
15 | |||
16 | S = "${WORKDIR}/ebtables-v${PV}" | ||
17 | |||
18 | inherit update-rc.d | ||
19 | |||
20 | EXTRA_OEMAKE = " \ | ||
21 | BINDIR=${base_sbindir} \ | ||
22 | MANDIR=${mandir} \ | ||
23 | ETHERTYPESPATH=${sysconfdir} \ | ||
24 | INITDIR=${sysconfdir}/init.d \ | ||
25 | SYSCONFIGDIR=${sysconfdir}/default \ | ||
26 | LIBDIR=${base_libdir}/ebtables \ | ||
27 | 'CC=${CC}' \ | ||
28 | 'CFLAGS=${CFLAGS}' \ | ||
29 | 'LDFLAGS=${LDFLAGS} -Wl,--no-as-needed' \ | ||
30 | 'LD=${LD}' \ | ||
31 | " | ||
32 | |||
33 | do_install () { | ||
34 | install -d ${D}${sysconfdir}/init.d | ||
35 | install -d ${D}${sysconfdir}/default | ||
36 | install -d ${D}${sysconfdir}/ebtables | ||
37 | oe_runmake DESTDIR='${D}' install | ||
38 | install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables | ||
39 | mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables | ||
40 | |||
41 | # Fix hardcoded paths in scripts | ||
42 | sed -i 's!/sbin/!${base_sbindir}/!g' ${D}/${sysconfdir}/init.d/ebtables | ||
43 | sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/ebtables | ||
44 | } | ||
45 | |||
46 | CONFFILES_${PN} += "${sysconfdir}/default/ebtables" | ||
47 | |||
48 | INITSCRIPT_NAME = "ebtables" | ||
49 | INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ." | ||
50 | |||
51 | FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug" | ||
52 | FILES_${PN} += "${base_libdir}/ebtables/*.so" | ||