2 files changed, 170 insertions, 3 deletions
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common
new file mode 100644
index 000000000..d948422e9
--- /dev/null
+++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common
@@ -0,0 +1,163 @@
+#!/bin/sh
+[ -x /usr/sbin/ebtables-legacy ] || exit 1
+EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
+RETVAL=0
+prog="ebtables"
+desc="Ethernet bridge filtering"
+umask 0077
+#default configuration
+EBTABLES_MODULES_UNLOAD="yes"
+EBTABLES_LOAD_ON_START="no"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+EBTABLES_BACKUP_SUFFIX="~"
+config=/etc/default/$prog
+[ -f "$config" ] && . "$config"
+get_supported_tables() {
+        EBTABLES_SUPPORTED_TABLES=
+        /usr/sbin/ebtables-legacy -t filter -L 2>&1 1>/dev/null | grep -q permission
+        if [ $? -eq 0 ]; then
+                echo "Error: insufficient privileges to access the ebtables rulesets."
+                exit 1
+        fi
+        for table in filter nat broute; do
+                /usr/sbin/ebtables-legacy -t $table -L &> /dev/null
+                if [ $? -eq 0 ]; then
+                        EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
+                fi
+        done
+}
+load() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Restoring ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
+                        /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
+                        RET=$?
+                        if [ $RET -ne 0 ]; then
+                                echo -n "(failed) "
+                                RETVAL=$RET
+                        fi
+                else
+                        echo -n "(no saved state) "
+                fi
+        done
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+clear_rules() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Clearing ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                /usr/sbin/ebtables-legacy -t $table --init-table
+        done
+        if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
+                for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
+                        rmmod $mod 2> /dev/null
+                done
+        fi
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+save() {
+        RETVAL=0
+        get_supported_tables
+        echo -n "Saving ebtables rulesets: "
+        for table in $EBTABLES_SUPPORTED_TABLES; do
+                echo -n "$table "
+                [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
+                        mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
+                /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
+                RET=$?
+                if [ $RET -ne 0 ]; then
+                        echo -n "(failed) "
+                        RETVAL=$RET
+                else
+                        if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+                                /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
+                        fi
+                fi
+        done
+        if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                echo -n "no kernel support. "
+        else
+                echo -n "done. "
+        fi
+        if [ $RETVAL -eq 0 ]; then
+                echo "ok"
+        else
+                echo "fail"
+        fi
+}
+case "$1" in
+        start)
+                [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+                ;;
+        stop)
+                [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
+                clear_rules
+                ;;
+        restart|reload|force-reload)
+                [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
+                clear_rules
+                [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+                ;;
+        load)
+                load
+                ;;
+        save)
+                save
+                ;;
+        status)
+                get_supported_tables
+                if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+                        echo "No kernel support for ebtables."
+                        RETVAL=1
+                else
+                        echo -n "Ebtables support available, number of installed rules: "
+                        for table in $EBTABLES_SUPPORTED_TABLES; do
+                                COUNT=$(( $(/usr/sbin/ebtables-legacy -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
+                                echo -n "$table($COUNT) "
+                        done
+                        echo ok
+                        RETVAL=0
+                fi
+                ;;
+        *)
+                echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
+                RETVAL=1
+esac
+exit $RETVAL
diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb
index fc544e1b6..08d4d661d 100644
--- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb
+++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb
@@ -13,6 +13,7 @@ RRECOMMENDS_${PN} += "kernel-module-ebtables \
 SRC_URI = "http://ftp.netfilter.org/pub/ebtables/ebtables-${PV}.tar.gz \
           file://ebtables-legacy-save \
+           file://ebtables.common \
           file://ebtables.service \
           "
@@ -33,9 +34,12 @@ do_install_append () {
        install -m 0755 ${WORKDIR}/ebtables-legacy-save ${D}${base_sbindir}/ebtables-legacy-save
        sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${base_sbindir}/ebtables-legacy-save
        # Install systemd service files
-        install -d ${D}${systemd_unitdir}/system
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system
+                install -d ${D}${systemd_unitdir}/system
-        sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service
+                install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system
+                sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service
+                install -m 0755 ${WORKDIR}/ebtables.common ${D}${sbindir}/ebtables.common
+        fi
 }
 do_configure_prepend () {

diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common new file mode 100644 index 000000000..d948422e9 --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common
@@ -0,0 +1,163 @@
		1	#!/bin/sh
		2
		3	[ -x /usr/sbin/ebtables-legacy ] \|\| exit 1
		4
		5	EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
		6
		7	RETVAL=0
		8	prog="ebtables"
		9	desc="Ethernet bridge filtering"
		10	umask 0077
		11
		12	#default configuration
		13	EBTABLES_MODULES_UNLOAD="yes"
		14	EBTABLES_LOAD_ON_START="no"
		15	EBTABLES_SAVE_ON_STOP="no"
		16	EBTABLES_SAVE_ON_RESTART="no"
		17	EBTABLES_SAVE_COUNTER="no"
		18	EBTABLES_BACKUP_SUFFIX="~"
		19
		20	config=/etc/default/$prog
		21	[ -f "$config" ] && . "$config"
		22
		23	get_supported_tables() {
		24	EBTABLES_SUPPORTED_TABLES=
		25	/usr/sbin/ebtables-legacy -t filter -L 2>&1 1>/dev/null \| grep -q permission
		26	if [ $? -eq 0 ]; then
		27	echo "Error: insufficient privileges to access the ebtables rulesets."
		28	exit 1
		29	fi
		30	for table in filter nat broute; do
		31	/usr/sbin/ebtables-legacy -t $table -L &> /dev/null
		32	if [ $? -eq 0 ]; then
		33	EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
		34	fi
		35	done
		36	}
		37
		38	load() {
		39	RETVAL=0
		40	get_supported_tables
		41	echo -n "Restoring ebtables rulesets: "
		42	for table in $EBTABLES_SUPPORTED_TABLES; do
		43	echo -n "$table "
		44	if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
		45	/usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
		46	RET=$?
		47	if [ $RET -ne 0 ]; then
		48	echo -n "(failed) "
		49	RETVAL=$RET
		50	fi
		51	else
		52	echo -n "(no saved state) "
		53	fi
		54	done
		55	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		56	echo -n "no kernel support. "
		57	else
		58	echo -n "done. "
		59	fi
		60	if [ $RETVAL -eq 0 ]; then
		61	echo "ok"
		62	else
		63	echo "fail"
		64	fi
		65	}
		66
		67	clear_rules() {
		68	RETVAL=0
		69	get_supported_tables
		70	echo -n "Clearing ebtables rulesets: "
		71	for table in $EBTABLES_SUPPORTED_TABLES; do
		72	echo -n "$table "
		73	/usr/sbin/ebtables-legacy -t $table --init-table
		74	done
		75
		76	if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
		77	for mod in $(grep -E '^(ebt\|ebtable)_' /proc/modules \| cut -d' ' -f1) ebtables; do
		78	rmmod $mod 2> /dev/null
		79	done
		80	fi
		81	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		82	echo -n "no kernel support. "
		83	else
		84	echo -n "done. "
		85	fi
		86	if [ $RETVAL -eq 0 ]; then
		87	echo "ok"
		88	else
		89	echo "fail"
		90	fi
		91	}
		92
		93	save() {
		94	RETVAL=0
		95	get_supported_tables
		96	echo -n "Saving ebtables rulesets: "
		97	for table in $EBTABLES_SUPPORTED_TABLES; do
		98	echo -n "$table "
		99	[ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
		100	mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
		101	/usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
		102	RET=$?
		103	if [ $RET -ne 0 ]; then
		104	echo -n "(failed) "
		105	RETVAL=$RET
		106	else
		107	if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
		108	/usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
		109	fi
		110	fi
		111	done
		112	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		113	echo -n "no kernel support. "
		114	else
		115	echo -n "done. "
		116	fi
		117	if [ $RETVAL -eq 0 ]; then
		118	echo "ok"
		119	else
		120	echo "fail"
		121	fi
		122	}
		123
		124	case "$1" in
		125	start)
		126	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
		127	;;
		128	stop)
		129	[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
		130	clear_rules
		131	;;
		132	restart\|reload\|force-reload)
		133	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
		134	clear_rules
		135	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
		136	;;
		137	load)
		138	load
		139	;;
		140	save)
		141	save
		142	;;
		143	status)
		144	get_supported_tables
		145	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		146	echo "No kernel support for ebtables."
		147	RETVAL=1
		148	else
		149	echo -n "Ebtables support available, number of installed rules: "
		150	for table in $EBTABLES_SUPPORTED_TABLES; do
		151	COUNT=$(( $(/usr/sbin/ebtables-legacy -t $table -L \| sed -e "/^Bridge chain/! d" -e "s/^.entries: //" -e "s/,.$/ +/") 0 ))
		152	echo -n "$table($COUNT) "
		153	done
		154	echo ok
		155	RETVAL=0
		156	fi
		157	;;
		158	*)
		159	echo "Usage: $0 {start\|stop\|restart\|reload\|force-reload\|load\|save\|status}" >&2
		160	RETVAL=1
		161	esac
		162
		163	exit $RETVAL


diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb index fc544e1b6..08d4d661d 100644 --- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb
@@ -13,6 +13,7 @@ RRECOMMENDS_${PN} += "kernel-module-ebtables \
13		13
14	SRC_URI = "http://ftp.netfilter.org/pub/ebtables/ebtables-${PV}.tar.gz \	14	SRC_URI = "http://ftp.netfilter.org/pub/ebtables/ebtables-${PV}.tar.gz \
15	file://ebtables-legacy-save \	15	file://ebtables-legacy-save \
		16	file://ebtables.common \
16	file://ebtables.service \	17	file://ebtables.service \
17	"	18	"
18		19
@@ -33,9 +34,12 @@ do_install_append () {
33	install -m 0755 ${WORKDIR}/ebtables-legacy-save ${D}${base_sbindir}/ebtables-legacy-save	34	install -m 0755 ${WORKDIR}/ebtables-legacy-save ${D}${base_sbindir}/ebtables-legacy-save
34	sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${base_sbindir}/ebtables-legacy-save	35	sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${base_sbindir}/ebtables-legacy-save
35	# Install systemd service files	36	# Install systemd service files
36	install -d ${D}${systemd_unitdir}/system	37	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
37	install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system	38	install -d ${D}${systemd_unitdir}/system
38	sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service	39	install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system
		40	sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service
		41	install -m 0755 ${WORKDIR}/ebtables.common ${D}${sbindir}/ebtables.common
		42	fi
39	}	43	}
40		44
41	do_configure_prepend () {	45	do_configure_prepend () {