iptables: correctly enable libnetfilter_conntrack support

This is done via configure option, and makes 0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch unnecessary, as both libnetfilter_conntrack and libnfnetlink are enabled in lockstep. (From OE-Core rev: 04ffb341864b443544e9f594248c0c785f601a55) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alex@linutronix.de> 2024-05-16 13:26:38 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-05-28 09:38:23 +0100
commit: c0c78a4cd12e81ed598f4992adbd3b543d9a3138 (patch)
tree: 479caf871f308a1a7b0be411186920f5fd63360f /meta
parent: 640dafd0c4853dd1f30dc903188dc7b51a8bf03a (diff)
download: poky-c0c78a4cd12e81ed598f4992adbd3b543d9a3138.tar.gz
2 files changed, 1 insertions, 51 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch b/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch
deleted file mode 100644
index 5a022ebc8c..0000000000
--- a/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 6832501bbb90a3dab977a4625d0391804c0e795c Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Tue, 21 Feb 2017 11:49:07 +0200
-Subject: [PATCH] configure.ac:
- only-check-conntrack-when-libnfnetlink-enabled.patch
-Package libnetfilter-conntrack depends on package libnfnetlink. iptables
-checks package libnetfilter-conntrack whatever its package config
-libnfnetlink is enabled or not. When libnfnetlink is disabled but
-package libnetfilter-conntrack exists, it fails randomly with:
-In file included from
-.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
-.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
-fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
-compilation terminated.
-GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
-Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
-Upstream-Status: Pending
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
- configure.ac | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index d607772..25a8e75 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -159,10 +159,12 @@ if test "$nftables" != 1; then
- fi
- 
- if test "x$enable_connlabel" = "xyes"; then
-       PKG_CHECK_MODULES([libnetfilter_conntrack],
-+    nfconntrack=0
-+    AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
-+    PKG_CHECK_MODULES([libnetfilter_conntrack],
-                [libnetfilter_conntrack >= 1.0.6],
-                [nfconntrack=1], [nfconntrack=0])
-
-+    ])
-        if test "$nfconntrack" -ne 1; then
-                blacklist_modules="$blacklist_modules connlabel";
-                echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
diff --git a/meta/recipes-extended/iptables/iptables_1.8.10.bb b/meta/recipes-extended/iptables/iptables_1.8.10.bb
index cbd727b75d..a9c88582cd 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.10.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.10.bb
@@ -14,7 +14,6 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.xz \
           file://ip6tables.service \
           file://ip6tables.rules \
           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
-           file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \
           "
 SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c"
@@ -33,7 +32,7 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 # libnfnetlink recipe is in meta-networking layer
-PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
+PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink --enable-connlabel,--disable-libnfnetlink --disable-connlabel,libnfnetlink libnetfilter-conntrack"
 # libnftnl recipe is in meta-networking layer(previously known as libnftables)
 PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
author	Alexander Kanavin <alex@linutronix.de>	2024-05-16 13:26:38 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-05-28 09:38:23 +0100
commit	c0c78a4cd12e81ed598f4992adbd3b543d9a3138 (patch)
tree	479caf871f308a1a7b0be411186920f5fd63360f /meta
parent	640dafd0c4853dd1f30dc903188dc7b51a8bf03a (diff)
download	poky-c0c78a4cd12e81ed598f4992adbd3b543d9a3138.tar.gz

diff --git a/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch b/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch deleted file mode 100644 index 5a022ebc8c..0000000000 --- a/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch +++ /dev/null
@@ -1,49 +0,0 @@
1	From 6832501bbb90a3dab977a4625d0391804c0e795c Mon Sep 17 00:00:00 2001
2	From: "Maxin B. John" <maxin.john@intel.com>
3	Date: Tue, 21 Feb 2017 11:49:07 +0200
4	Subject: [PATCH] configure.ac:
5	only-check-conntrack-when-libnfnetlink-enabled.patch
6
7	Package libnetfilter-conntrack depends on package libnfnetlink. iptables
8	checks package libnetfilter-conntrack whatever its package config
9	libnfnetlink is enabled or not. When libnfnetlink is disabled but
10	package libnetfilter-conntrack exists, it fails randomly with:
11
12	In file included from
13	.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
14
15	.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
16	fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
17
18	compilation terminated.
19	GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
20	Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
21
22	Upstream-Status: Pending
23
24	Signed-off-by: Kai Kang <kai.kang@windriver.com>
25	Signed-off-by: Maxin B. John <maxin.john@intel.com>
26
27	---
28	configure.ac \| 6 ++++--
29	1 file changed, 4 insertions(+), 2 deletions(-)
30
31	diff --git a/configure.ac b/configure.ac
32	index d607772..25a8e75 100644
33	--- a/configure.ac
34	+++ b/configure.ac
35	@@ -159,10 +159,12 @@ if test "$nftables" != 1; then
36	fi
37
38	if test "x$enable_connlabel" = "xyes"; then
39	- PKG_CHECK_MODULES([libnetfilter_conntrack],
40	+ nfconntrack=0
41	+ AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
42	+ PKG_CHECK_MODULES([libnetfilter_conntrack],
43	[libnetfilter_conntrack >= 1.0.6],
44	[nfconntrack=1], [nfconntrack=0])
45	-
46	+ ])
47	if test "$nfconntrack" -ne 1; then
48	blacklist_modules="$blacklist_modules connlabel";
49	echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";


diff --git a/meta/recipes-extended/iptables/iptables_1.8.10.bb b/meta/recipes-extended/iptables/iptables_1.8.10.bb index cbd727b75d..a9c88582cd 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.10.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.10.bb
@@ -14,7 +14,6 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.xz \
14	file://ip6tables.service \	14	file://ip6tables.service \
15	file://ip6tables.rules \	15	file://ip6tables.rules \
16	file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \	16	file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
17	file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \
18	"	17	"
19	SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c"	18	SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c"
20		19
@@ -33,7 +32,7 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
33	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"	32	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
34		33
35	# libnfnetlink recipe is in meta-networking layer	34	# libnfnetlink recipe is in meta-networking layer
36	PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"	35	PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink --enable-connlabel,--disable-libnfnetlink --disable-connlabel,libnfnetlink libnetfilter-conntrack"
37		36
38	# libnftnl recipe is in meta-networking layer(previously known as libnftables)	37	# libnftnl recipe is in meta-networking layer(previously known as libnftables)
39	PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"	38	PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"