summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/iptables
diff options
context:
space:
mode:
authorMaxin B. John <maxin.john@intel.com>2015-12-29 15:11:59 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-07 13:40:17 +0000
commit20843fa01618d5591e30b2a0336605ddc1f62a61 (patch)
tree8fb125e1feed2b60fef8398c7b0a41534f45e505 /meta/recipes-extended/iptables
parentc2bda6c000794b881274de953818e0de6635cc4a (diff)
downloadpoky-20843fa01618d5591e30b2a0336605ddc1f62a61.tar.gz
iptables: upgrade to 1.6.0
1.4.21 -> 1.6.0 xtables_globals structure layout has changed. * Refreshed below listed patches to work with this release: 1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 2. 0001-fix-build-with-musl.patch * Added PACKAGECONFIG for libnftnl (From OE-Core rev: 8609c4e5eadfdd60664640c4ae07e250c98dd86b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/iptables')
-rw-r--r--meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch50
-rw-r--r--meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch69
-rw-r--r--meta/recipes-extended/iptables/iptables_1.6.0.bb (renamed from meta/recipes-extended/iptables/iptables_1.4.21.bb)9
3 files changed, 39 insertions, 89 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
index ab609e27e3..b711b7aa36 100644
--- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -1,47 +1,37 @@
1From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001 1[PATCH] configure: Add option to enable/disable libnfnetlink
2From: Khem Raj <raj.khem@gmail.com>
3Date: Sun, 17 Mar 2013 11:21:35 -0700
4Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
5 2
6This changes the configure behaviour from autodetecting 3This changes the configure behaviour from autodetecting
7for libnfnetlink to having an option to disable it explicitly 4for libnfnetlink to having an option to disable it explicitly
8 5
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10
11Upstream-Status: Pending 6Upstream-Status: Pending
12---
13 configure.ac | 11 ++++++++---
14 1 file changed, 8 insertions(+), 3 deletions(-)
15 7
16diff --git a/configure.ac b/configure.ac 8Signed-off-by: Khem Raj <raj.khem@gmail.com>
17index ba616ab..ce2d315 100644 9Signed-off-by: Maxin B. John <maxin.john@intel.com>
18--- a/configure.ac 10---
19+++ b/configure.ac 11diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
20@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq], 12--- iptables-1.6.0-old/configure.ac 2015-12-28 18:40:35.255417976 +0200
21 AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], 13+++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200
22 [Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]), 14@@ -63,6 +63,9 @@
23 [pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig']) 15 AC_ARG_ENABLE([nftables],
16 AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
17 [enable_nftables="$enableval"], [enable_nftables="yes"])
24+AC_ARG_ENABLE([libnfnetlink], 18+AC_ARG_ENABLE([libnfnetlink],
25+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), 19+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
26+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"]) 20+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
27 21
28 libiptc_LDFLAGS2=""; 22 libiptc_LDFLAGS2="";
29 AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed], 23 AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
30@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"]) 24@@ -123,9 +126,10 @@
31 AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) 25 AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
32 AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) 26 fi
33 27
34-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], 28-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
35- [nfnetlink=1], [nfnetlink=0]) 29- [nfnetlink=1], [nfnetlink=0])
36-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) 30-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
37+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [ 31+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
38+ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0]) 32+ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
39+ ]) 33+ ])
40+
41+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"]) 34+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
42 35
43 regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ 36 if test "x$enable_nftables" = "xyes"; then
44 -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ 37 PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
45--
461.7.9.5
47
diff --git a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
index 7a003d912f..f1f85a6fa0 100644
--- a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
@@ -1,81 +1,41 @@
1From 7c07b7fd4fdd7844dd032af822306f08e4422c34 Mon Sep 17 00:00:00 2001 1[PATCH] fix build with musl
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 6 Apr 2015 20:47:29 -0700
4Subject: [PATCH] fix build with musl
5 2
6Add needed headers they are just not needed for glibc6+ but also
7for musl
8Define additional TCOPTS if not there 3Define additional TCOPTS if not there
9
10u_initX types are in sys/types.h be explicit about it 4u_initX types are in sys/types.h be explicit about it
11 5
12Upstream-Status: Pending 6Upstream-Status: Pending
13 7
14Signed-off-by: Khem Raj <raj.khem@gmail.com> 8Signed-off-by: Khem Raj <raj.khem@gmail.com>
9Signed-off-by: Maxin B. John <maxin.john@intel.com>
15--- 10---
16 extensions/libxt_TCPOPTSTRIP.c | 15 +++++++++++++++ 11diff -Naur iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c
17 include/libiptc/ipt_kernel_headers.h | 12 ------------ 12--- iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c 2015-12-09 14:55:06.000000000 +0200
18 include/linux/netfilter_ipv4/ip_tables.h | 1 + 13+++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c 2015-12-29 14:44:32.585327077 +0200
19 3 files changed, 16 insertions(+), 12 deletions(-)
20
21diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
22index 6897857..8a170b2 100644
23--- a/extensions/libxt_TCPOPTSTRIP.c
24+++ b/extensions/libxt_TCPOPTSTRIP.c
25@@ -12,6 +12,21 @@ 14@@ -12,6 +12,21 @@
26 #ifndef TCPOPT_MD5SIG 15 #ifndef TCPOPT_MD5SIG
27 # define TCPOPT_MD5SIG 19 16 # define TCPOPT_MD5SIG 19
28 #endif 17 #endif
29+#ifndef TCPOPT_MAXSEG 18+#ifndef TCPOPT_MAXSEG
30+# define TCPOPT_MAXSEG 2 19+#define TCPOPT_MAXSEG 2
31+#endif 20+#endif
32+#ifndef TCPOPT_WINDOW 21+#ifndef TCPOPT_WINDOW
33+# define TCPOPT_WINDOW 3 22+#define TCPOPT_WINDOW 3
34+#endif 23+#endif
35+#ifndef TCPOPT_SACK_PERMITTED 24+#ifndef TCPOPT_SACK_PERMITTED
36+# define TCPOPT_SACK_PERMITTED 4 25+#define TCPOPT_SACK_PERMITTED 4
37+#endif 26+#endif
38+#ifndef TCPOPT_SACK 27+#ifndef TCPOPT_SACK
39+# define TCPOPT_SACK 5 28+#define TCPOPT_SACK 5
40+#endif 29+#endif
41+#ifndef TCPOPT_TIMESTAMP 30+#ifndef TCPOPT_TIMESTAMP
42+# define TCPOPT_TIMESTAMP 8 31+#define TCPOPT_TIMESTAMP 8
43+#endif 32+#endif
44 33
45 enum { 34 enum {
46 O_STRIP_OPTION = 0, 35 O_STRIP_OPTION = 0,
47diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h 36diff -Naur iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h
48index 18861fe..a5963e9 100644 37--- iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h 2015-12-09 14:55:06.000000000 +0200
49--- a/include/libiptc/ipt_kernel_headers.h 38+++ iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h 2015-12-29 14:40:21.250469195 +0200
50+++ b/include/libiptc/ipt_kernel_headers.h
51@@ -5,7 +5,6 @@
52
53 #include <limits.h>
54
55-#if defined(__GLIBC__) && __GLIBC__ == 2
56 #include <netinet/ip.h>
57 #include <netinet/in.h>
58 #include <netinet/ip_icmp.h>
59@@ -13,15 +12,4 @@
60 #include <netinet/udp.h>
61 #include <net/if.h>
62 #include <sys/types.h>
63-#else /* libc5 */
64-#include <sys/socket.h>
65-#include <linux/ip.h>
66-#include <linux/in.h>
67-#include <linux/if.h>
68-#include <linux/icmp.h>
69-#include <linux/tcp.h>
70-#include <linux/udp.h>
71-#include <linux/types.h>
72-#include <linux/in6.h>
73-#endif
74 #endif
75diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
76index 57fd82a..4807246 100644
77--- a/include/linux/netfilter_ipv4/ip_tables.h
78+++ b/include/linux/netfilter_ipv4/ip_tables.h
79@@ -15,6 +15,7 @@ 39@@ -15,6 +15,7 @@
80 #ifndef _IPTABLES_H 40 #ifndef _IPTABLES_H
81 #define _IPTABLES_H 41 #define _IPTABLES_H
@@ -84,6 +44,3 @@ index 57fd82a..4807246 100644
84 #include <linux/types.h> 44 #include <linux/types.h>
85 45
86 #include <linux/netfilter_ipv4.h> 46 #include <linux/netfilter_ipv4.h>
87--
882.1.4
89
diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb b/meta/recipes-extended/iptables/iptables_1.6.0.bb
index 4118f54812..fbbe4186b2 100644
--- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
+++ b/meta/recipes-extended/iptables/iptables_1.6.0.bb
@@ -21,12 +21,12 @@ FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables"
21SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ 21SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
22 file://types.h-add-defines-that-are-required-for-if_packet.patch \ 22 file://types.h-add-defines-that-are-required-for-if_packet.patch \
23 file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ 23 file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
24 file://0001-fix-build-with-musl.patch \
25 file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ 24 file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
26 " 25 "
26SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
27 27
28SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0" 28SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
29SRC_URI[sha256sum] = "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0" 29SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
30 30
31inherit autotools pkgconfig 31inherit autotools pkgconfig
32 32
@@ -40,6 +40,9 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
40# libnfnetlink recipe is in meta-networking layer 40# libnfnetlink recipe is in meta-networking layer
41PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack" 41PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
42 42
43# libnftnl recipe is in meta-networking layer(previously known as libnftables)
44PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
45
43do_configure_prepend() { 46do_configure_prepend() {
44 # Remove some libtool m4 files 47 # Remove some libtool m4 files
45 # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. 48 # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.