iptables: upgrade to 1.6.0

1.4.21 -> 1.6.0 xtables_globals structure layout has changed. * Refreshed below listed patches to work with this release: 1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 2. 0001-fix-build-with-musl.patch * Added PACKAGECONFIG for libnftnl (From OE-Core rev: 8609c4e5eadfdd60664640c4ae07e250c98dd86b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Maxin B. John <maxin.john@intel.com> 2015-12-29 15:11:59 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-07 13:40:17 +0000
commit: 20843fa01618d5591e30b2a0336605ddc1f62a61 (patch)
tree: 8fb125e1feed2b60fef8398c7b0a41534f45e505 /meta/recipes-extended
parent: c2bda6c000794b881274de953818e0de6635cc4a (diff)
download: poky-20843fa01618d5591e30b2a0336605ddc1f62a61.tar.gz
3 files changed, 39 insertions, 89 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
index ab609e27e3..b711b7aa36 100644
--- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -1,47 +1,37 @@
-From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001
+[PATCH] configure: Add option to enable/disable libnfnetlink
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 17 Mar 2013 11:21:35 -0700
-Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
 This changes the configure behaviour from autodetecting
 for libnfnetlink to having an option to disable it explicitly
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
 Upstream-Status: Pending
---
- configure.ac |   11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-diff --git a/configure.ac b/configure.ac
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
-index ba616ab..ce2d315 100644
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
--- a/configure.ac
+---
-+++ b/configure.ac
+diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
-@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq],
+--- iptables-1.6.0-old/configure.ac     2015-12-28 18:40:35.255417976 +0200
- AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
+++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200
-        [Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
+@@ -63,6 +63,9 @@
-        [pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
+ AC_ARG_ENABLE([nftables],
+        AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
+        [enable_nftables="$enableval"], [enable_nftables="yes"])
 +AC_ARG_ENABLE([libnfnetlink],
-+       AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
+    AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
-+       [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
+    [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
 
 libiptc_LDFLAGS2="";
 AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
-@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
+@@ -123,9 +126,10 @@
- AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
+        AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
- AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
+ fi
 
 -PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
 -       [nfnetlink=1], [nfnetlink=0])
 -AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
 +AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
-+  PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
+    PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
-+  ])
+    ])
-+
 +AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
 
- regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
+ if test "x$enable_nftables" = "xyes"; then
-        -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
+        PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
-- 
-1.7.9.5
diff --git a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
index 7a003d912f..f1f85a6fa0 100644
--- a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
@@ -1,81 +1,41 @@
-From 7c07b7fd4fdd7844dd032af822306f08e4422c34 Mon Sep 17 00:00:00 2001
+[PATCH] fix build with musl
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 6 Apr 2015 20:47:29 -0700
-Subject: [PATCH] fix build with musl
-Add needed headers they are just not needed for glibc6+ but also
-for musl
 Define additional TCOPTS if not there
 u_initX types are in sys/types.h be explicit about it
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
- extensions/libxt_TCPOPTSTRIP.c           | 15 +++++++++++++++
+diff -Naur iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c
- include/libiptc/ipt_kernel_headers.h     | 12 ------------
+--- iptables-1.6.0-origin/extensions/libxt_TCPOPTSTRIP.c        2015-12-09 14:55:06.000000000 +0200
- include/linux/netfilter_ipv4/ip_tables.h |  1 +
+++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c       2015-12-29 14:44:32.585327077 +0200
- 3 files changed, 16 insertions(+), 12 deletions(-)
-diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
-index 6897857..8a170b2 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
-+++ b/extensions/libxt_TCPOPTSTRIP.c
 @@ -12,6 +12,21 @@
 #ifndef TCPOPT_MD5SIG
 #      define TCPOPT_MD5SIG 19
 #endif
 +#ifndef TCPOPT_MAXSEG
-+#      define TCPOPT_MAXSEG 2
+#define TCPOPT_MAXSEG 2
 +#endif
 +#ifndef TCPOPT_WINDOW
-+#      define TCPOPT_WINDOW 3
+#define TCPOPT_WINDOW 3
 +#endif
 +#ifndef TCPOPT_SACK_PERMITTED
-+#      define TCPOPT_SACK_PERMITTED 4
+#define TCPOPT_SACK_PERMITTED 4
 +#endif
 +#ifndef TCPOPT_SACK
-+#      define TCPOPT_SACK 5
+#define TCPOPT_SACK 5
 +#endif
 +#ifndef TCPOPT_TIMESTAMP
-+#      define TCPOPT_TIMESTAMP 8
+#define TCPOPT_TIMESTAMP 8
 +#endif
 
 enum {
        O_STRIP_OPTION = 0,
-diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h
+diff -Naur iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h
-index 18861fe..a5963e9 100644
+--- iptables-1.6.0-origin/include/linux/netfilter_ipv4/ip_tables.h      2015-12-09 14:55:06.000000000 +0200
--- a/include/libiptc/ipt_kernel_headers.h
+++ iptables-1.6.0/include/linux/netfilter_ipv4/ip_tables.h     2015-12-29 14:40:21.250469195 +0200
-+++ b/include/libiptc/ipt_kernel_headers.h
-@@ -5,7 +5,6 @@
- 
- #include <limits.h>
- 
-#if defined(__GLIBC__) && __GLIBC__ == 2
- #include <netinet/ip.h>
- #include <netinet/in.h>
- #include <netinet/ip_icmp.h>
-@@ -13,15 +12,4 @@
- #include <netinet/udp.h>
- #include <net/if.h>
- #include <sys/types.h>
-#else /* libc5 */
-#include <sys/socket.h>
-#include <linux/ip.h>
-#include <linux/in.h>
-#include <linux/if.h>
-#include <linux/icmp.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/types.h>
-#include <linux/in6.h>
-#endif
- #endif
-diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
-index 57fd82a..4807246 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
-+++ b/include/linux/netfilter_ipv4/ip_tables.h
 @@ -15,6 +15,7 @@
 #ifndef _IPTABLES_H
 #define _IPTABLES_H
@@ -84,6 +44,3 @@ index 57fd82a..4807246 100644
 #include <linux/types.h>
 
 #include <linux/netfilter_ipv4.h>
-- 
-2.1.4
diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb b/meta/recipes-extended/iptables/iptables_1.6.0.bb
index 4118f54812..fbbe4186b2 100644
--- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
+++ b/meta/recipes-extended/iptables/iptables_1.6.0.bb
@@ -21,12 +21,12 @@ FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables"
 SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
           file://types.h-add-defines-that-are-required-for-if_packet.patch \
           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
-           file://0001-fix-build-with-musl.patch \
           file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
          "
+SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
-SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0"
+SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
-SRC_URI[sha256sum] = "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0"
+SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
 inherit autotools pkgconfig
@@ -40,6 +40,9 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 # libnfnetlink recipe is in meta-networking layer
 PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
+# libnftnl recipe is in meta-networking layer(previously known as libnftables)
+PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
 do_configure_prepend() {
        # Remove some libtool m4 files
        # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
author	Maxin B. John <maxin.john@intel.com>	2015-12-29 15:11:59 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-07 13:40:17 +0000
commit	20843fa01618d5591e30b2a0336605ddc1f62a61 (patch)
tree	8fb125e1feed2b60fef8398c7b0a41534f45e505 /meta/recipes-extended
parent	c2bda6c000794b881274de953818e0de6635cc4a (diff)
download	poky-20843fa01618d5591e30b2a0336605ddc1f62a61.tar.gz