diff options
author | 2020-03-30 09:24:26 +0900 | |
---|---|---|
committer | 2020-03-30 09:24:26 +0900 | |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-openembedded/meta-networking/recipes-filter | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/meta-openembedded/meta-networking/recipes-filter')
45 files changed, 5177 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.bb b/external/meta-openembedded/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.bb new file mode 100644 index 00000000..6fd0affd --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.bb @@ -0,0 +1,35 @@ +SUMMARY = "IPTables based firewall scripts" +HOMEPAGE = "http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://gpl_license.txt;md5=11c7b65c4a4acb9d5175f7e9bf99c403" + +SRC_URI = "http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/${BPN}_${PV}.tar.gz \ + " +SRC_URI[md5sum] = "77eba7f148bf2840a3e35a6f50c9c353" +SRC_URI[sha256sum] = "0bafd85ddc235752250eaec0c7fdb21e530912483f6807a97f86158ed2d301f7" + +S = "${WORKDIR}/${BPN}_${PV}" + +inherit systemd + +do_install() { + install -d ${D}${sysconfdir} ${D}${sbindir} ${D}${bindir} ${D}${systemd_unitdir}/system ${D}${sysconfdir}/init.d + install -d ${D}${datadir}/arno-iptables-firewall ${D}${sysconfdir}/arno-iptables-firewall + cp -r ${S}${sysconfdir}/arno-iptables-firewall ${D}${sysconfdir}/ + install -m 0755 ${S}${sysconfdir}/init.d/arno-iptables-firewall ${D}${bindir} + install -m 0755 ${S}/bin/arno-iptables-firewall ${D}${sbindir} + install -m 0755 ${S}/bin/arno-fwfilter ${D}${bindir} + cp -r ${S}/share/arno-iptables-firewall/* ${D}${datadir}/arno-iptables-firewall + cp -r ${S}/etc/arno-iptables-firewall/* ${D}${sysconfdir}/arno-iptables-firewall + install -m 0644 ${S}/${systemd_unitdir}/system/arno-iptables-firewall.service ${D}${systemd_unitdir}/system + sed -i -e 's%/usr/local/sbin%${bindir}%g' ${D}${systemd_unitdir}/system/arno-iptables-firewall.service + sed -i -e 's%/usr/local/sbin%${sbindir}%g' ${D}${bindir}/arno-iptables-firewall + sed -i -e 's%/usr/local%${exec_prefix}%g' ${D}${sysconfdir}/arno-iptables-firewall/firewall.conf + sed -i -e 's%#!/bin/bash%#!/bin/sh%g' ${D}${bindir}/arno-fwfilter + sed -i -e 's%#!/bin/bash%#!/bin/sh%g' ${D}${datadir}/arno-iptables-firewall/plugins/traffic-accounting-helper + sed -i -e 's%#!/bin/bash%#!/bin/sh%g' ${D}${datadir}/arno-iptables-firewall/plugins/dyndns-host-open-helper +} + +SYSTEMD_SERVICE_${PN} = "arno-iptables-firewall.service" +FILES_${PN} += "${systemd_unitdir}/system/arno-iptables-firewall.service" diff --git a/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.4.bb b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.4.bb new file mode 100644 index 00000000..46168b0b --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.4.bb @@ -0,0 +1,34 @@ +SUMMARY = "Connection tracking userspace tools for Linux" +SECTION = "net" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \ + libnetfilter-cthelper libnetfilter-queue bison-native libtirpc" + +EXTRA_OECONF += "LIBS=-ltirpc CPPFLAGS=-I${STAGING_INCDIR}/tirpc" + +SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.bz2;name=tar \ + file://conntrack-failover \ + file://init \ +" +SRC_URI[tar.md5sum] = "acd9e0b27cf16ae3092ba900e4d7560e" +SRC_URI[tar.sha256sum] = "b7caf4fcc4c03575df57d25e5216584d597fd916c891f191dac616ce68bdba6c" + +inherit autotools update-rc.d pkgconfig + +INITSCRIPT_NAME = "conntrackd" + +do_install_append() { + install -d ${D}/${sysconfdir}/conntrackd + install -d ${D}/${sysconfdir}/init.d + install -m 0644 ${S}/doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample + install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover + install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd + sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd + sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample + sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd +} diff --git a/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover new file mode 100644 index 00000000..6d92e637 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/conntrack-failover @@ -0,0 +1,77 @@ +#!/bin/sh +# +# (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> +# (C) 2009 Roman I Khimov <khimov@altell.ru> +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. +# +# Description: +# +# This is the script for primary-backup setups for keepalived +# (http://www.keepalived.org). You may adapt it to make it work with other +# high-availability managers. +# +# Do not forget to include the required modifications to your keepalived.conf +# file to invoke this script during keepalived's state transitions. +# +# Contributions to improve this script are welcome :). +# +## Modified to work as init.d script under pacemaker control + +CONNTRACKD_BIN=/usr/sbin/conntrackd +CONNTRACKD_LOCK=/var/lock/conntrack.lock +CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf + +case "$1" in + start) + # + # commit the external cache into the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -c" + fi + + # + # flush the internal and the external caches + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -f" + fi + + # + # resynchronize my internal cache to the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -R" + fi + + # + # send a bulk update to backups + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -B" + fi + ;; + stop) + $CONNTRACKD_BIN -t + $CONNTRACKD_BIN -n + ;; + status) + ;; + *) + logger "ERROR: unknown command" + echo "Usage: conntrack-failover {start|stop|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/init b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/init new file mode 100644 index 00000000..bce2075a --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/files/init @@ -0,0 +1,87 @@ +#!/bin/sh +# +# /etc/init.d/conntrackd +# +# Maximilian Wilhelm <max@rfc2324.org> +# -- Mon, 06 Nov 2006 18:39:07 +0100 +# +# Roman I Khimov <khimov@altell.ru> +# -- Tue, 27 Oct 2009 14:34:00 +0300 + +### BEGIN INIT INFO +# Provides: conntrackd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: Starts conntrackd +# short-description: Starts conntrackd +### END INIT INFO + +export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +NAME="conntrackd" +DAEMON="/usr/sbin/conntrackd" +CONFIG="/etc/conntrackd/conntrackd.conf" +PIDFILE="/var/run/${NAME}.pid" + + +# Gracefully exit if there is no daemon (debian way of life) +if [ ! -x "${DAEMON}" ]; then + exit 0 +fi + +# Check for config file +if [ ! -f /etc/conntrackd/conntrackd.conf ]; then + echo "Error: There is no config file for $NAME" >&2 + exit 1; +fi + +case "$1" in + start) + echo -n "Starting $NAME: " + for i in nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_proto_dccp nf_conntrack_tftp \ + nf_conntrack_sane nf_conntrack_pptp nf_conntrack_irc nf_conntrack_amanda nf_conntrack_h323 \ + nf_conntrack_proto_udplite nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_ftp \ + nf_conntrack_sip; do + modprobe $i >/dev/null 2>/dev/null & + done + start-stop-daemon --start --quiet --make-pidfile --pidfile "/var/run/${NAME}.pid" --background --exec "${DAEMON}" + RET=$? + if [ "$?" = "0" ]; then + sleep 2 + # Sync with other server + conntrackd -n + echo "done." + else + echo "FAILED!" + fi + exit $RET + ;; + stop) + echo -n "Stopping $NAME:" + start-stop-daemon --stop --quiet --oknodo --pidfile "/var/run/${NAME}.pid" && echo "done." || echo "FAILED!" + ;; + status) + echo -n "conntrackd " + start-stop-daemon -q -K -t -x $DAEMON + RET=$? + if [ "$RET" = "0" ]; then + PID=`cat $PIDFILE` + echo "($PID) is running" + else + echo "is not running" + exit $RET + fi + ;; + restart) + $0 stop + $0 start + ;; + + *) + echo "Usage: /etc/init.d/conntrackd {start|stop|restart}" + exit 1 +esac + +exit 0 diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0001-add-RARP-and-update-iana-url.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0001-add-RARP-and-update-iana-url.patch new file mode 100644 index 00000000..90b69792 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0001-add-RARP-and-update-iana-url.patch @@ -0,0 +1,45 @@ +From dd35afc9ce1004128a754d5eeb8c5c2cb32ae420 Mon Sep 17 00:00:00 2001 +From: Bart De Schuymer <bdschuym@pandora.be> +Date: Tue, 3 Jul 2012 18:47:32 +0000 +Subject: [PATCH 01/10] add RARP and update iana url + +--- + ethertypes | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/ethertypes b/ethertypes +index 5e700f6..813177b 100644 +--- a/ethertypes ++++ b/ethertypes +@@ -5,6 +5,7 @@ + # + # This list could be found on: + # http://www.iana.org/assignments/ethernet-numbers ++# http://www.iana.org/assignments/ieee-802-numbers + # + # <name> <hexnumber> <alias1>...<alias35> #Comment + # +@@ -21,15 +22,16 @@ LAT 6004 # DEC LAT + DIAG 6005 # DEC Diagnostics + CUST 6006 # DEC Customer use + SCA 6007 # DEC Systems Comms Arch +-TEB 6558 # Trans Ether Bridging [RFC1701] +-RAW_FR 6559 # Raw Frame Relay [RFC1701] ++TEB 6558 # Trans Ether Bridging [RFC1701] ++RAW_FR 6559 # Raw Frame Relay [RFC1701] ++RARP 8035 # Reverse ARP [RFC903] + AARP 80F3 # Appletalk AARP +-ATALK 809B # Appletalk ++ATALK 809B # Appletalk + 802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged frame + IPX 8137 # Novell IPX + NetBEUI 8191 # NetBEUI + IPv6 86DD ip6 # IP version 6 +-PPP 880B # PPP ++PPP 880B # PPP + ATMMPOA 884C # MultiProtocol over ATM + PPP_DISC 8863 # PPPoE discovery messages + PPP_SES 8864 # PPPoE session messages +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0002-fix-compilation-warning.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0002-fix-compilation-warning.patch new file mode 100644 index 00000000..87b0e9b8 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0002-fix-compilation-warning.patch @@ -0,0 +1,25 @@ +From 2a5333fc8b4825251adfb717d980d89cefde38d6 Mon Sep 17 00:00:00 2001 +From: Petri Gynther <petri.gynther@gmail.com> +Date: Sun, 24 Feb 2013 10:56:59 +0100 +Subject: [PATCH 02/10] fix compilation warning + +--- + communication.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/communication.c b/communication.c +index 62ed667..ba058c0 100644 +--- a/communication.c ++++ b/communication.c +@@ -282,7 +282,7 @@ static int store_counters_in_file(char *filename, struct ebt_u_replace *repl) + } + close_file: + fclose(file); +- return 0; ++ return ret; + } + + /* Gets executed after ebt_deliver_table. Delivers the counters to the kernel +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0003-add-info-about-Wl-no-as-needed.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0003-add-info-about-Wl-no-as-needed.patch new file mode 100644 index 00000000..c8573a46 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0003-add-info-about-Wl-no-as-needed.patch @@ -0,0 +1,25 @@ +From a6faf3b50d6af4768b7b853cb536944fb18e1450 Mon Sep 17 00:00:00 2001 +From: Bart De Schuymer <bdschuym@pandora.be> +Date: Wed, 3 Jul 2013 22:12:47 +0200 +Subject: [PATCH 03/10] add info about -Wl,-no-as-needed + +--- + INSTALL | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/INSTALL b/INSTALL +index 4a05c67..e90d5c1 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -39,6 +39,8 @@ That's all + You can also use a base directory different from the root directory (/), + using the DESTDIR option. See the Makefile for more details. + ++You might need to set LDFLAGS=-Wl,-no-as-needed to build ebtables correctly ++on your system. + + ADDITIONAL PROGRAMS: + ---------------------- +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0004-workaround-for-kernel-regression-bug-IPv6-source-des.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0004-workaround-for-kernel-regression-bug-IPv6-source-des.patch new file mode 100644 index 00000000..d8f2795b --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0004-workaround-for-kernel-regression-bug-IPv6-source-des.patch @@ -0,0 +1,28 @@ +From b0617af37b8b1aafb43e8019135bea44c2d94c28 Mon Sep 17 00:00:00 2001 +From: Luis Fernando <tdthp@terra.com.br> +Date: Wed, 3 Jul 2013 22:19:55 +0200 +Subject: [PATCH 04/10] workaround for kernel regression bug: IPv6 + source/destination addresses are potentially not matched correctly + +--- + extensions/ebt_ip6.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/extensions/ebt_ip6.c b/extensions/ebt_ip6.c +index 0465e77..bbdc4ae 100644 +--- a/extensions/ebt_ip6.c ++++ b/extensions/ebt_ip6.c +@@ -312,6 +312,10 @@ static void init(struct ebt_entry_match *match) + + ipinfo->invflags = 0; + ipinfo->bitmask = 0; ++ memset(ipinfo->saddr.s6_addr, 0, sizeof(ipinfo->saddr.s6_addr)); ++ memset(ipinfo->smsk.s6_addr, 0, sizeof(ipinfo->smsk.s6_addr)); ++ memset(ipinfo->daddr.s6_addr, 0, sizeof(ipinfo->daddr.s6_addr)); ++ memset(ipinfo->dmsk.s6_addr, 0, sizeof(ipinfo->dmsk.s6_addr)); + } + + #define OPT_SOURCE 0x01 +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0005-Add-noflush-command-line-support-for-ebtables-restor.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0005-Add-noflush-command-line-support-for-ebtables-restor.patch new file mode 100644 index 00000000..9585fd20 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0005-Add-noflush-command-line-support-for-ebtables-restor.patch @@ -0,0 +1,75 @@ +From 15d3ab8a4a167dc44396b003d2ec01841949972f Mon Sep 17 00:00:00 2001 +From: Sanket Shah <sanket.shah@cyberoam.com> +Date: Wed, 31 Jul 2013 21:40:08 +0200 +Subject: [PATCH 05/10] Add --noflush command line support for ebtables-restore + +--- + ebtables-restore.c | 29 +++++++++++++++++++++++++---- + 1 file changed, 25 insertions(+), 4 deletions(-) + +diff --git a/ebtables-restore.c b/ebtables-restore.c +index ea02960..bb4d0cf 100644 +--- a/ebtables-restore.c ++++ b/ebtables-restore.c +@@ -22,13 +22,25 @@ + #include <string.h> + #include <errno.h> + #include <unistd.h> ++#include <getopt.h> + #include "include/ebtables_u.h" + ++static const struct option options[] = { ++ {.name = "noflush", .has_arg = 0, .val = 'n'}, ++ { 0 } ++}; ++ + static struct ebt_u_replace replace[3]; + void ebt_early_init_once(); + + #define OPT_KERNELDATA 0x800 /* Also defined in ebtables.c */ + ++static void print_usage() ++{ ++ fprintf(stderr, "Usage: ebtables-restore [ --noflush ]\n"); ++ exit(1); ++} ++ + static void copy_table_names() + { + strcpy(replace[0].name, "filter"); +@@ -41,11 +53,20 @@ static void copy_table_names() + int main(int argc_, char *argv_[]) + { + char *argv[EBTD_ARGC_MAX], cmdline[EBTD_CMDLINE_MAXLN]; +- int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace; ++ int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace, c, flush = 1; + char ebtables_str[] = "ebtables"; + +- if (argc_ != 1) +- ebtrest_print_error("options are not supported"); ++ while ((c = getopt_long(argc_, argv_, "n", options, NULL)) != -1) { ++ switch(c) { ++ case 'n': ++ flush = 0; ++ break; ++ default: ++ print_usage(); ++ break; ++ } ++ } ++ + ebt_silent = 0; + copy_table_names(); + ebt_early_init_once(); +@@ -68,7 +89,7 @@ int main(int argc_, char *argv_[]) + ebtrest_print_error("table '%s' was not recognized", cmdline+1); + table_nr = i; + replace[table_nr].command = 11; +- ebt_get_kernel_table(&replace[table_nr], 1); ++ ebt_get_kernel_table(&replace[table_nr], flush); + replace[table_nr].command = 0; + replace[table_nr].flags = OPT_KERNELDATA; /* Prevent do_command from initialising replace */ + continue; +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0006-don-t-print-IPv6-mask-if-it-s-all-ones-based-on-patc.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0006-don-t-print-IPv6-mask-if-it-s-all-ones-based-on-patc.patch new file mode 100644 index 00000000..21f8e588 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0006-don-t-print-IPv6-mask-if-it-s-all-ones-based-on-patc.patch @@ -0,0 +1,69 @@ +From 85a0f6d77a9d5c0e7ef7948395f0f6b1612dc987 Mon Sep 17 00:00:00 2001 +From: Bart De Schuymer <bdschuym@pandora.be> +Date: Mon, 14 Apr 2014 22:04:55 +0200 +Subject: [PATCH 06/10] don't print IPv6 mask if it's all ones (based on patch + by Mariusz Mazur <mmazur at axeos.com>) + +--- + extensions/ebt_ip6.c | 4 ++-- + include/ebtables_u.h | 1 + + useful_functions.c | 13 +++++++++++++ + 3 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/extensions/ebt_ip6.c b/extensions/ebt_ip6.c +index bbdc4ae..e3e0956 100644 +--- a/extensions/ebt_ip6.c ++++ b/extensions/ebt_ip6.c +@@ -449,14 +449,14 @@ static void print(const struct ebt_u_entry *entry, + if (ipinfo->invflags & EBT_IP6_SOURCE) + printf("! "); + printf("%s", ebt_ip6_to_numeric(&ipinfo->saddr)); +- printf("/%s ", ebt_ip6_to_numeric(&ipinfo->smsk)); ++ printf("%s ", ebt_ip6_mask_to_string(&ipinfo->smsk)); + } + if (ipinfo->bitmask & EBT_IP6_DEST) { + printf("--ip6-dst "); + if (ipinfo->invflags & EBT_IP6_DEST) + printf("! "); + printf("%s", ebt_ip6_to_numeric(&ipinfo->daddr)); +- printf("/%s ", ebt_ip6_to_numeric(&ipinfo->dmsk)); ++ printf("%s ", ebt_ip6_mask_to_string(&ipinfo->dmsk)); + } + if (ipinfo->bitmask & EBT_IP6_TCLASS) { + printf("--ip6-tclass "); +diff --git a/include/ebtables_u.h b/include/ebtables_u.h +index ab615c1..35a5bcc 100644 +--- a/include/ebtables_u.h ++++ b/include/ebtables_u.h +@@ -303,6 +303,7 @@ char *ebt_mask_to_dotted(uint32_t mask); + void ebt_parse_ip6_address(char *address, struct in6_addr *addr, + struct in6_addr *msk); + char *ebt_ip6_to_numeric(const struct in6_addr *addrp); ++char *ebt_ip6_mask_to_string(const struct in6_addr *msk); + + + int do_command(int argc, char *argv[], int exec_style, +diff --git a/useful_functions.c b/useful_functions.c +index d20b68e..d14cbe9 100644 +--- a/useful_functions.c ++++ b/useful_functions.c +@@ -411,3 +411,16 @@ char *ebt_ip6_to_numeric(const struct in6_addr *addrp) + static char buf[50+1]; + return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof(buf)); + } ++ ++char *ebt_ip6_mask_to_string(const struct in6_addr *msk) ++{ ++ /* /0000:0000:0000:0000:0000:000.000.000.000 ++ * /0000:0000:0000:0000:0000:0000:0000:0000 */ ++ static char buf[51+1]; ++ if (msk->s6_addr32[0] == 0xFFFFFFFFL && msk->s6_addr32[1] == 0xFFFFFFFFL && ++ msk->s6_addr32[2] == 0xFFFFFFFFL && msk->s6_addr32[3] == 0xFFFFFFFFL) ++ *buf = '\0'; ++ else ++ sprintf(buf, "/%s", ebt_ip6_to_numeric(msk)); ++ return buf; ++} +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0007-extensions-Use-stdint-types.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0007-extensions-Use-stdint-types.patch new file mode 100644 index 00000000..6fbe7df4 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0007-extensions-Use-stdint-types.patch @@ -0,0 +1,67 @@ +From a60c7d4a6d05387aceb8ae9c38390d0f9bae84a2 Mon Sep 17 00:00:00 2001 +From: Felix Janda <felix.janda@posteo.de> +Date: Sat, 16 May 2015 12:22:39 +0200 +Subject: [PATCH 07/10] extensions: Use stdint types + +Signed-off-by: Felix Janda <felix.janda@posteo.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/ebt_ip6.c | 4 ++-- + extensions/ebt_limit.c | 10 +++++----- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/extensions/ebt_ip6.c b/extensions/ebt_ip6.c +index e3e0956..dd48547 100644 +--- a/extensions/ebt_ip6.c ++++ b/extensions/ebt_ip6.c +@@ -53,8 +53,8 @@ static const struct option opts[] = + + struct icmpv6_names { + const char *name; +- u_int8_t type; +- u_int8_t code_min, code_max; ++ uint8_t type; ++ uint8_t code_min, code_max; + }; + + static const struct icmpv6_names icmpv6_codes[] = { +diff --git a/extensions/ebt_limit.c b/extensions/ebt_limit.c +index ee40e5c..d189a09 100644 +--- a/extensions/ebt_limit.c ++++ b/extensions/ebt_limit.c +@@ -59,11 +59,11 @@ static void print_help(void) + " default %u\n", EBT_LIMIT_BURST); + } + +-static int parse_rate(const char *rate, u_int32_t *val) ++static int parse_rate(const char *rate, uint32_t *val) + { + const char *delim; +- u_int32_t r; +- u_int32_t mult = 1; /* Seconds by default. */ ++ uint32_t r; ++ uint32_t mult = 1; /* Seconds by default. */ + + delim = strchr(rate, '/'); + if (delim) { +@@ -151,7 +151,7 @@ static void final_check(const struct ebt_u_entry *entry, + struct rates + { + const char *name; +- u_int32_t mult; ++ uint32_t mult; + }; + + static struct rates g_rates[] = +@@ -162,7 +162,7 @@ static struct rates g_rates[] = + { "sec", EBT_LIMIT_SCALE } + }; + +-static void print_rate(u_int32_t period) ++static void print_rate(uint32_t period) + { + unsigned int i; + +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0008-ethernetdb.h-Remove-C-specific-compiler-hint-macro-_.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0008-ethernetdb.h-Remove-C-specific-compiler-hint-macro-_.patch new file mode 100644 index 00000000..df3f5214 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0008-ethernetdb.h-Remove-C-specific-compiler-hint-macro-_.patch @@ -0,0 +1,48 @@ +From 6ed23c8c2bc5efc3956e7bb6155afc8f45e6ae1a Mon Sep 17 00:00:00 2001 +From: Felix Janda <felix.janda@posteo.de> +Date: Sat, 16 May 2015 12:31:58 +0200 +Subject: [PATCH 08/10] ethernetdb.h: Remove C++ specific compiler hint macro + _THROW + +Fixes compilation with musl libc + +Signed-off-by: Felix Janda <felix.janda@posteo.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + include/ethernetdb.h | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/include/ethernetdb.h b/include/ethernetdb.h +index 46d8bfd..1683abe 100644 +--- a/include/ethernetdb.h ++++ b/include/ethernetdb.h +@@ -38,21 +38,20 @@ struct ethertypeent { + + /* Open ethertype data base files and mark them as staying open even + after a later search if STAY_OPEN is non-zero. */ +-extern void setethertypeent(int __stay_open) __THROW; ++extern void setethertypeent(int __stay_open); + + /* Close ethertype data base files and clear `stay open' flag. */ +-extern void endethertypeent(void) __THROW; ++extern void endethertypeent(void); + + /* Get next entry from ethertype data base file. Open data base if + necessary. */ +-extern struct ethertypeent *getethertypeent(void) __THROW; ++extern struct ethertypeent *getethertypeent(void); + + /* Return entry from ethertype data base for network with NAME. */ +-extern struct ethertypeent *getethertypebyname(__const char *__name) +- __THROW; ++extern struct ethertypeent *getethertypebyname(__const char *__name); + + /* Return entry from ethertype data base which number is PROTO. */ +-extern struct ethertypeent *getethertypebynumber(int __ethertype) __THROW; ++extern struct ethertypeent *getethertypebynumber(int __ethertype); + + + #endif /* ethernetdb.h */ +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0009-ebtables-Allow-RETURN-target-rules-in-user-defined-c.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0009-ebtables-Allow-RETURN-target-rules-in-user-defined-c.patch new file mode 100644 index 00000000..248582c1 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0009-ebtables-Allow-RETURN-target-rules-in-user-defined-c.patch @@ -0,0 +1,48 @@ +From e6b367c0c2668341c47242d099f4d2048ae575ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alin=20N=C4=83stac?= <alin.nastac@gmail.com> +Date: Thu, 22 Oct 2015 16:41:03 +0200 +Subject: [PATCH 09/10] ebtables: Allow RETURN target rules in user defined + chains + +During loop checking ebtables marks entries with '1 << NF_BR_NUMHOOKS' if +they're called from a base chain rather than a user defined chain. + +This can be used by ebtables targets that can encode a special return +value to bail out if e.g. RETURN is used from a base chain. + +Unfortunately, this is broken, since the '1 << NF_BR_NUMHOOKS' is also +copied to called user-defined-chains (i.e., a user defined chain can no +longer be distinguished from a base chain): + +root@OpenWrt:~# ebtables -N foo +root@OpenWrt:~# ebtables -A OUTPUT -j foo +root@OpenWrt:~# ebtables -A foo -j mark --mark-or 3 --mark-target RETURN +--mark-target RETURN not allowed on base chain. + +This works if -A OUTPUT -j foo is omitted, but will still appear +if we try to call foo from OUTPUT afterwards. + +After this patch we still reject +'-A OUTPUT -j mark .. --mark-target RETURN'. + +Signed-off-by: Florian Westphal <fw@strlen.de> +--- + libebtc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libebtc.c b/libebtc.c +index 17ba8f2..74830ec 100644 +--- a/libebtc.c ++++ b/libebtc.c +@@ -1102,7 +1102,7 @@ void ebt_check_for_loops(struct ebt_u_replace *replace) + /* check if we've dealt with this chain already */ + if (entries2->hook_mask & (1<<i)) + goto letscontinue; +- entries2->hook_mask |= entries->hook_mask; ++ entries2->hook_mask |= entries->hook_mask & ~(1 << NF_BR_NUMHOOKS); + /* Jump to the chain, make sure we know how to get back */ + stack[sp].chain_nr = chain_nr; + stack[sp].n = j; +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0010-Adjust-header-include-sequence.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0010-Adjust-header-include-sequence.patch new file mode 100644 index 00000000..a6ef9cd0 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/0010-Adjust-header-include-sequence.patch @@ -0,0 +1,216 @@ +From b7cee37734007fced7a4d5ed586c3a9e5ad92878 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 26 Mar 2017 13:12:21 -0700 +Subject: [PATCH 10/10] Adjust header include sequence + +This fixes the build with musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + extensions/ebt_among.c | 2 +- + extensions/ebt_arpreply.c | 2 +- + extensions/ebt_nat.c | 2 +- + include/linux/if_ether.h | 126 ---------------------------------------------- + useful_functions.c | 4 +- + 5 files changed, 5 insertions(+), 131 deletions(-) + delete mode 100644 include/linux/if_ether.h + +diff --git a/extensions/ebt_among.c b/extensions/ebt_among.c +index f97d07e..b096847 100644 +--- a/extensions/ebt_among.c ++++ b/extensions/ebt_among.c +@@ -12,8 +12,8 @@ + #include <getopt.h> + #include <ctype.h> + #include <unistd.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include "../include/ethernetdb.h" + #include <linux/if_ether.h> + #include <linux/netfilter_bridge/ebt_among.h> +diff --git a/extensions/ebt_arpreply.c b/extensions/ebt_arpreply.c +index c3757f3..c5102a4 100644 +--- a/extensions/ebt_arpreply.c ++++ b/extensions/ebt_arpreply.c +@@ -11,8 +11,8 @@ + #include <stdlib.h> + #include <string.h> + #include <getopt.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_arpreply.h> + + static int mac_supplied; +diff --git a/extensions/ebt_nat.c b/extensions/ebt_nat.c +index e6afbf8..8d318d1 100644 +--- a/extensions/ebt_nat.c ++++ b/extensions/ebt_nat.c +@@ -10,8 +10,8 @@ + #include <stdlib.h> + #include <string.h> + #include <getopt.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_nat.h> + + static int to_source_supplied, to_dest_supplied; +diff --git a/include/linux/if_ether.h b/include/linux/if_ether.h +deleted file mode 100644 +index 28a15ff..0000000 +--- a/include/linux/if_ether.h ++++ /dev/null +@@ -1,126 +0,0 @@ +-/* +- * INET An implementation of the TCP/IP protocol suite for the LINUX +- * operating system. INET is implemented using the BSD Socket +- * interface as the means of communication with the user level. +- * +- * Global definitions for the Ethernet IEEE 802.3 interface. +- * +- * Version: @(#)if_ether.h 1.0.1a 02/08/94 +- * +- * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> +- * Donald Becker, <becker@super.org> +- * Alan Cox, <alan@lxorguk.ukuu.org.uk> +- * Steve Whitehouse, <gw7rrm@eeshack3.swan.ac.uk> +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * as published by the Free Software Foundation; either version +- * 2 of the License, or (at your option) any later version. +- */ +- +-#ifndef _LINUX_IF_ETHER_H +-#define _LINUX_IF_ETHER_H +- +-#include <linux/types.h> +- +-/* +- * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble +- * and FCS/CRC (frame check sequence). +- */ +- +-#define ETH_ALEN 6 /* Octets in one ethernet addr */ +-#define ETH_HLEN 14 /* Total octets in header. */ +-#define ETH_ZLEN 60 /* Min. octets in frame sans FCS */ +-#define ETH_DATA_LEN 1500 /* Max. octets in payload */ +-#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */ +-#define ETH_FCS_LEN 4 /* Octets in the FCS */ +- +-/* +- * These are the defined Ethernet Protocol ID's. +- */ +- +-#define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */ +-#define ETH_P_PUP 0x0200 /* Xerox PUP packet */ +-#define ETH_P_PUPAT 0x0201 /* Xerox PUP Addr Trans packet */ +-#define ETH_P_IP 0x0800 /* Internet Protocol packet */ +-#define ETH_P_X25 0x0805 /* CCITT X.25 */ +-#define ETH_P_ARP 0x0806 /* Address Resolution packet */ +-#define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */ +-#define ETH_P_IEEEPUP 0x0a00 /* Xerox IEEE802.3 PUP packet */ +-#define ETH_P_IEEEPUPAT 0x0a01 /* Xerox IEEE802.3 PUP Addr Trans packet */ +-#define ETH_P_DEC 0x6000 /* DEC Assigned proto */ +-#define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */ +-#define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */ +-#define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */ +-#define ETH_P_LAT 0x6004 /* DEC LAT */ +-#define ETH_P_DIAG 0x6005 /* DEC Diagnostics */ +-#define ETH_P_CUST 0x6006 /* DEC Customer use */ +-#define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */ +-#define ETH_P_TEB 0x6558 /* Trans Ether Bridging */ +-#define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */ +-#define ETH_P_ATALK 0x809B /* Appletalk DDP */ +-#define ETH_P_AARP 0x80F3 /* Appletalk AARP */ +-#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */ +-#define ETH_P_IPX 0x8137 /* IPX over DIX */ +-#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */ +-#define ETH_P_PAUSE 0x8808 /* IEEE Pause frames. See 802.3 31B */ +-#define ETH_P_SLOW 0x8809 /* Slow Protocol. See 802.3ad 43B */ +-#define ETH_P_WCCP 0x883E /* Web-cache coordination protocol +- * defined in draft-wilson-wrec-wccp-v2-00.txt */ +-#define ETH_P_PPP_DISC 0x8863 /* PPPoE discovery messages */ +-#define ETH_P_PPP_SES 0x8864 /* PPPoE session messages */ +-#define ETH_P_MPLS_UC 0x8847 /* MPLS Unicast traffic */ +-#define ETH_P_MPLS_MC 0x8848 /* MPLS Multicast traffic */ +-#define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */ +-#define ETH_P_LINK_CTL 0x886c /* HPNA, wlan link local tunnel */ +-#define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport +- * over Ethernet +- */ +-#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */ +-#define ETH_P_AOE 0x88A2 /* ATA over Ethernet */ +-#define ETH_P_TIPC 0x88CA /* TIPC */ +-#define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */ +-#define ETH_P_FCOE 0x8906 /* Fibre Channel over Ethernet */ +-#define ETH_P_FIP 0x8914 /* FCoE Initialization Protocol */ +-#define ETH_P_EDSA 0xDADA /* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */ +- +-/* +- * Non DIX types. Won't clash for 1500 types. +- */ +- +-#define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */ +-#define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */ +-#define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */ +-#define ETH_P_802_2 0x0004 /* 802.2 frames */ +-#define ETH_P_SNAP 0x0005 /* Internal only */ +-#define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */ +-#define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/ +-#define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */ +-#define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */ +-#define ETH_P_CAN 0x000C /* Controller Area Network */ +-#define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/ +-#define ETH_P_TR_802_2 0x0011 /* 802.2 frames */ +-#define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */ +-#define ETH_P_CONTROL 0x0016 /* Card specific control frames */ +-#define ETH_P_IRDA 0x0017 /* Linux-IrDA */ +-#define ETH_P_ECONET 0x0018 /* Acorn Econet */ +-#define ETH_P_HDLC 0x0019 /* HDLC frames */ +-#define ETH_P_ARCNET 0x001A /* 1A for ArcNet :-) */ +-#define ETH_P_DSA 0x001B /* Distributed Switch Arch. */ +-#define ETH_P_TRAILER 0x001C /* Trailer switch tagging */ +-#define ETH_P_PHONET 0x00F5 /* Nokia Phonet frames */ +-#define ETH_P_IEEE802154 0x00F6 /* IEEE802.15.4 frame */ +-#define ETH_P_CAIF 0x00F7 /* ST-Ericsson CAIF protocol */ +- +-/* +- * This is an Ethernet frame header. +- */ +- +-struct ethhdr { +- unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ +- unsigned char h_source[ETH_ALEN]; /* source ether addr */ +- __be16 h_proto; /* packet type ID field */ +-} __attribute__((packed)); +- +- +-#endif /* _LINUX_IF_ETHER_H */ +diff --git a/useful_functions.c b/useful_functions.c +index d14cbe9..c304f4d 100644 +--- a/useful_functions.c ++++ b/useful_functions.c +@@ -22,8 +22,6 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +-#include "include/ebtables_u.h" +-#include "include/ethernetdb.h" + #include <stdio.h> + #include <netinet/ether.h> + #include <string.h> +@@ -33,6 +31,8 @@ + #include <sys/types.h> + #include <sys/socket.h> + #include <arpa/inet.h> ++#include "include/ebtables_u.h" ++#include "include/ethernetdb.h" + + const unsigned char mac_type_unicast[ETH_ALEN] = {0,0,0,0,0,0}; + const unsigned char msk_type_unicast[ETH_ALEN] = {1,0,0,0,0,0}; +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch new file mode 100644 index 00000000..c260403e --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch @@ -0,0 +1,50 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## debian_defaultconfig.dpatch by <hesso@pool.math.tu-berlin.de> +## +## DP: Debian enhancements to the ebtables "sysconfig" default settings. + +@DPATCH@ + +--- ebtables-2.0.8.1.orig/ebtables-config ++++ ebtables-2.0.8.1/ebtables-config +@@ -1,17 +1,3 @@ +-# Save (and possibly restore) in text format. +-# Value: yes|no, default: yes +-# Save the firewall rules in text format to __SYSCONFIG__/ebtables +-# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules +-# is done using this text format. +-EBTABLES_TEXT_FORMAT="yes" +- +-# Save (and restore) in binary format. +-# Value: yes|no, default: yes +-# Save (and restore) the firewall rules in binary format to (and from) +-# __SYSCONFIG__/ebtables.<chain>. Enabling this option will make +-# firewall initialisation a lot faster. +-EBTABLES_BINARY_FORMAT="yes" +- + # Unload modules on restart and stop + # Value: yes|no, default: yes + # This option has to be 'yes' to get to a sane state for a firewall +@@ -19,6 +5,12 @@ + # modules. + EBTABLES_MODULES_UNLOAD="yes" + ++# Load firewall rules on system startup. ++# Value: yes|no, default: no ++# Restores the ebtables rulesets from the last saved state when the ++# system boots up. ++EBTABLES_LOAD_ON_START="no" ++ + # Save current firewall rules on stop. + # Value: yes|no, default: no + # Saves all firewall rules if firewall gets stopped +@@ -35,3 +27,9 @@ + # Save rule counters when saving a kernel table to a file. If the + # rule counters were saved, they will be restored when restoring the table. + EBTABLES_SAVE_COUNTER="no" ++ ++# Backup suffix for ruleset save files. ++# Value: <string>, default: "~" ++# Keep one backup level of saved rules. ++# Set this variable to the empty string to disable backups. ++EBTABLES_BACKUP_SUFFIX="~" diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables-save b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables-save new file mode 100755 index 00000000..2d7fc4ed --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables-save @@ -0,0 +1,43 @@ +#!/bin/bash + +EBTABLES="/sbin/ebtables" + +[ -x "$EBTABLES" ] || exit 1 + +echo "# Generated by ebtables-save v1.0 on $(date)" + +cnt="" +[ "x$EBTABLES_SAVE_COUNTER" = "xyes" ] && cnt="--Lc" + +for table_name in $(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//); do + table=$($EBTABLES -t $table_name -L $cnt) + [ $? -eq 0 ] || { echo "$table"; exit -1; } + + chain="" + rules="" + while read line; do + [ -z "$line" ] && continue + + case "$line" in + Bridge\ table:\ *) + echo "*${line:14}" + ;; + Bridge\ chain:\ *) + chain="${line:14}" + chain="${chain%%,*}" + policy="${line##*policy: }" + echo ":$chain $policy" + ;; + *) + if [ "$cnt" = "--Lc" ]; then + line=${line/, pcnt \=/ -c} + line=${line/-- bcnt \=/} + fi + rules="$rules-A $chain $line\n" + ;; + esac + done <<EOF +$table +EOF + echo -e $rules +done diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common new file mode 100644 index 00000000..1ae18fed --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common @@ -0,0 +1,163 @@ +#!/bin/sh + +[ -x /sbin/ebtables ] || exit 1 + +EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump + +RETVAL=0 +prog="ebtables" +desc="Ethernet bridge filtering" +umask 0077 + +#default configuration +EBTABLES_MODULES_UNLOAD="yes" +EBTABLES_LOAD_ON_START="no" +EBTABLES_SAVE_ON_STOP="no" +EBTABLES_SAVE_ON_RESTART="no" +EBTABLES_SAVE_COUNTER="no" +EBTABLES_BACKUP_SUFFIX="~" + +config=/etc/default/$prog +[ -f "$config" ] && . "$config" + +get_supported_tables() { + EBTABLES_SUPPORTED_TABLES= + /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission + if [ $? -eq 0 ]; then + echo "Error: insufficient privileges to access the ebtables rulesets." + exit 1 + fi + for table in filter nat broute; do + /sbin/ebtables -t $table -L &> /dev/null + if [ $? -eq 0 ]; then + EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table" + fi + done +} + +load() { + RETVAL=0 + get_supported_tables + echo -n "Restoring ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit + RET=$? + if [ $RET -ne 0 ]; then + echo -n "(failed) " + RETVAL=$RET + fi + else + echo -n "(no saved state) " + fi + done + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +clear_rules() { + RETVAL=0 + get_supported_tables + echo -n "Clearing ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + /sbin/ebtables -t $table --init-table + done + + if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then + for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do + rmmod $mod 2> /dev/null + done + fi + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +save() { + RETVAL=0 + get_supported_tables + echo -n "Saving ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \ + mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save + RET=$? + if [ $RET -ne 0 ]; then + echo -n "(failed) " + RETVAL=$RET + else + if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z + fi + fi + done + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +case "$1" in + start) + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load + ;; + stop) + [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save + clear_rules + ;; + restart|reload|force-reload) + [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save + clear_rules + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load + ;; + load) + load + ;; + save) + save + ;; + status) + get_supported_tables + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo "No kernel support for ebtables." + RETVAL=1 + else + echo -n "Ebtables support available, number of installed rules: " + for table in $EBTABLES_SUPPORTED_TABLES; do + COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 )) + echo -n "$table($COUNT) " + done + echo ok + RETVAL=0 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2 + RETVAL=1 +esac + +exit $RETVAL diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init new file mode 100755 index 00000000..c9a77a29 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init @@ -0,0 +1,26 @@ +#!/bin/sh +# +# init script for the Ethernet Bridge filter tables +# +# Written by Dag Wieers <dag@wieers.com> +# Modified by Rok Papez <rok.papez@arnes.si> +# Bart De Schuymer <bdschuym@pandora.be> +# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> +# Adapted to OpenEmbedded by Roman I Khimov <khimov@altell.ru> +# +# chkconfig: - 15 85 +# description: Ethernet Bridge filtering tables +# +### BEGIN INIT INFO +# Provides: ebtables +# Required-Start: +# Required-Stop: +# Should-Start: $local_fs +# Should-Stop: $local_fs +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: ebtables ruleset management +# Description: Saves and restores the state of the ebtables rulesets. +### END INIT INFO + +/usr/sbin/ebtables.common $1 diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service new file mode 100644 index 00000000..3abd1fe3 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service @@ -0,0 +1,11 @@ +[Unit] +Description=Ethernet Bridge Filtering Tables + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@SBINDIR@/ebtables.common start +ExecStop=@SBINDIR@/ebtables.common stop + +[Install] +WantedBy=multi-user.target diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch new file mode 100644 index 00000000..bcd9bed2 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/installnonroot.patch @@ -0,0 +1,43 @@ +diff --git a/Makefile b/Makefile +index c1106a4..7ea6b7a 100644 +--- a/Makefile ++++ b/Makefile +@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\//\\\//g') + scripts: ebtables-save ebtables.sysv ebtables-config + cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ + mkdir -p $(DESTDIR)$(BINDIR) +- install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save ++ install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save + cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_ + if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi +- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi ++ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi + cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_ + if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi +- if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi ++ if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi + rm -f ebtables-save_ ebtables.sysv_ ebtables-config_ + + tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g') + $(MANDIR)/man8/ebtables.8: ebtables.8 + mkdir -p $(DESTDIR)$(@D) + sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_ +- install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@ ++ install -m 0644 ebtables.8_ $(DESTDIR)$@ + rm -f ebtables.8_ + + $(DESTDIR)$(ETHERTYPESFILE): ethertypes + mkdir -p $(@D) +- install -m 0644 -o root -g root $< $@ ++ install -m 0644 $< $@ + + .PHONY: exec + exec: ebtables ebtables-restore + mkdir -p $(DESTDIR)$(BINDIR) +- install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) +- install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore ++ install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) ++ install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore + + .PHONY: install + install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch new file mode 100644 index 00000000..336119d6 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/no-as-needed.patch @@ -0,0 +1,25 @@ +link ebtables with --no-as-needed and adjust the link order to fix runtime crash + +Program terminated with signal 11, Segmentation fault. +#0 0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so +(gdb) bt +#0 0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so +#1 0x00007ffaa83824dc in do_command () from /lib64/ebtables/libebtc.so +#2 0x000000000040065c in ?? () +#3 0x00007ffaa7fed755 in __libc_start_main () from /lib64/libc.so.6 +#4 0x0000000000400691 in ?? () + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Index: ebtables-v2.0.10-4/Makefile +=================================================================== +--- ebtables-v2.0.10-4.orig/Makefile 2011-12-15 12:02:47.000000000 -0800 ++++ ebtables-v2.0.10-4/Makefile 2012-12-17 22:09:45.065973753 -0800 +@@ -90,7 +90,7 @@ + $(CC) -shared $(LDFLAGS) -Wl,-soname,libebtc.so -o libebtc.so -lc $(OBJECTS2) + + ebtables: $(OBJECTS) ebtables-standalone.o libebtc.so +- $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \ ++ $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -Wl,--no-as-needed $(EXT_LIBSI) -lebtc \ + -Wl,-rpath,$(LIBDIR) + + ebtablesu: ebtablesu.c diff --git a/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb new file mode 100644 index 00000000..f05bd615 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb @@ -0,0 +1,112 @@ +SUMMARY = "Filtering tool for a Linux-based bridging firewall" +HOMEPAGE = "http://sourceforge.net/projects/ebtables/" +DESCRIPTION = "Utility for basic Ethernet frame filtering on a Linux bridge, \ + advanced logging, MAC DNAT/SNAT and brouting." +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e" +SECTION = "net" +PR = "r4" + +RDEPENDS_${PN} += "bash" + +RRECOMMENDS_${PN} += "kernel-module-ebtables \ + " + +SRC_URI = "${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \ + file://ebtables-save \ + file://installnonroot.patch \ + file://01debian_defaultconfig.patch \ + file://ebtables.init \ + file://ebtables.common \ + file://ebtables.service \ + file://no-as-needed.patch \ + file://0001-add-RARP-and-update-iana-url.patch \ + file://0002-fix-compilation-warning.patch \ + file://0003-add-info-about-Wl-no-as-needed.patch \ + file://0004-workaround-for-kernel-regression-bug-IPv6-source-des.patch \ + file://0005-Add-noflush-command-line-support-for-ebtables-restor.patch \ + file://0006-don-t-print-IPv6-mask-if-it-s-all-ones-based-on-patc.patch \ + file://0007-extensions-Use-stdint-types.patch \ + file://0008-ethernetdb.h-Remove-C-specific-compiler-hint-macro-_.patch \ + file://0009-ebtables-Allow-RETURN-target-rules-in-user-defined-c.patch \ + " + +SRC_URI_append_libc-musl = " file://0010-Adjust-header-include-sequence.patch" + +SRC_URI[md5sum] = "506742a3d44b9925955425a659c1a8d0" +SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d" + +# It is using '-' but not '.' as delimiter for the version in the releases page, +# which causes the version comparison unmatched. +#UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ebtables/files/ebtables/" +#UPSTREAM_CHECK_REGEX = "ebtables-(?P<pver>\d+(\-\d+)+)" + +RECIPE_UPSTREAM_VERSION = "2.0.10-4" +RECIPE_UPSTREAM_DATE = "Dec 15, 2011" +CHECK_DATE = "May 25, 2018" + +S = "${WORKDIR}/ebtables-v${PV}" + +inherit update-rc.d systemd + +python __anonymous () { + import re + + karch = d.getVar('TARGET_ARCH') + multilib = d.getVar('MLPREFIX') + + if multilib and ( karch == 'powerpc64' or karch == 'arm' ): + searchstr = "lib.?32" + reg = re.compile(searchstr) + if reg.search(multilib): + d.appendVar('CFLAGS' ,' -DKERNEL_64_USERSPACE_32 -DEBT_MIN_ALIGN=8') +} + +EXTRA_OEMAKE = " \ + BINDIR=${base_sbindir} \ + MANDIR=${mandir} \ + ETHERTYPESPATH=${sysconfdir} \ + INITDIR=${sysconfdir}/init.d \ + SYSCONFIGDIR=${sysconfdir}/default \ + LIBDIR=${base_libdir}/ebtables \ + 'CC=${CC}' \ + 'CFLAGS=${CFLAGS}' \ + 'LDFLAGS=${LDFLAGS} -Wl,--no-as-needed' \ + 'LD=${LD}' \ +" + +do_install () { + install -d ${D}${sbindir} + install -m 0755 ${WORKDIR}/ebtables.common ${D}${sbindir}/ebtables.common + # Fix hardcoded paths in scripts + sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${sbindir}/ebtables.common + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sbindir}/ebtables.common + + install -d ${D}${sysconfdir}/init.d + install -d ${D}${sysconfdir}/default + install -d ${D}${sysconfdir}/ebtables + oe_runmake DESTDIR='${D}' install + install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables + mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ebtables + + # Replace upstream ebtables-save perl script with Fedora bash based rewrite + # http://pkgs.fedoraproject.org/cgit/rpms/ebtables.git/tree/ebtables-save + install -m 0755 ${WORKDIR}/ebtables-save ${D}${base_sbindir}/ebtables-save + sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${base_sbindir}/ebtables-save + + # Install systemd service files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system + sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service +} + +CONFFILES_${PN} += "${sysconfdir}/default/ebtables" + +INITSCRIPT_NAME = "ebtables" +INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ." + +SYSTEMD_SERVICE_${PN} = "ebtables.service" + +FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug" +FILES_${PN} += "${base_libdir}/ebtables/*.so" diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch new file mode 100644 index 00000000..76d2d5d2 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch @@ -0,0 +1,26 @@ +From 32af64e1811c74292891dc4dc8455736f7d33ccf Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 30 Mar 2017 13:26:56 -0700 +Subject: [PATCH] Correct typo in the location of internal.h in #include + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/libnetfilter_queue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c +index 211a8ba..065d618 100644 +--- a/src/libnetfilter_queue.c ++++ b/src/libnetfilter_queue.c +@@ -32,7 +32,7 @@ + + #include <libnfnetlink/libnfnetlink.h> + #include <libnetfilter_queue/libnetfilter_queue.h> +-#include "src/internal.h" ++#include "internal.h" + + /** + * \mainpage +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch new file mode 100644 index 00000000..9e0b420e --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch @@ -0,0 +1,255 @@ +From f3e3e8fa703e88b76b22c5486277dfca3c85a24b Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 10 Apr 2017 14:56:18 -0700 +Subject: [PATCH] Declare the define visivility attribute together + +clang ignores the visibility attribute if its not +defined before the definition. As a result these +symbols become hidden and consumers of this library +fail to link due to these missing symbols + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + doxygen.cfg.in | 2 +- + src/internal.h | 5 ++--- + src/libnetfilter_acct.c | 41 ++++++++++++++--------------------------- + 3 files changed, 17 insertions(+), 31 deletions(-) + +diff --git a/doxygen.cfg.in b/doxygen.cfg.in +index 7f4bd04..fe64d48 100644 +--- a/doxygen.cfg.in ++++ b/doxygen.cfg.in +@@ -72,7 +72,7 @@ RECURSIVE = YES + EXCLUDE = + EXCLUDE_SYMLINKS = NO + EXCLUDE_PATTERNS = */.git/* .*.d +-EXCLUDE_SYMBOLS = EXPORT_SYMBOL nfacct ++EXCLUDE_SYMBOLS = nfacct + EXAMPLE_PATH = + EXAMPLE_PATTERNS = + EXAMPLE_RECURSIVE = NO +diff --git a/src/internal.h b/src/internal.h +index f0cc2e1..e5c5ffd 100644 +--- a/src/internal.h ++++ b/src/internal.h +@@ -3,10 +3,9 @@ + + #include "config.h" + #ifdef HAVE_VISIBILITY_HIDDEN +-# define __visible __attribute__((visibility("default"))) +-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible ++# define __EXPORT __attribute__((visibility("default"))) + #else +-# define EXPORT_SYMBOL ++# define __EXPORT + #endif + + #include <endian.h> +diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c +index b0bcf67..0220d14 100644 +--- a/src/libnetfilter_acct.c ++++ b/src/libnetfilter_acct.c +@@ -76,21 +76,19 @@ struct nfacct { + * In case of success, this function returns a valid pointer, otherwise NULL + * s returned and errno is appropriately set. + */ +-struct nfacct *nfacct_alloc(void) ++struct nfacct __EXPORT *nfacct_alloc(void) + { + return calloc(1, sizeof(struct nfacct)); + } +-EXPORT_SYMBOL(nfacct_alloc); + + /** + * nfacct_free - release one accounting object + * \param nfacct pointer to the accounting object + */ +-void nfacct_free(struct nfacct *nfacct) ++void __EXPORT nfacct_free(struct nfacct *nfacct) + { + free(nfacct); + } +-EXPORT_SYMBOL(nfacct_free); + + /** + * nfacct_attr_set - set one attribute of the accounting object +@@ -98,7 +96,7 @@ EXPORT_SYMBOL(nfacct_free); + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-void ++void __EXPORT + nfacct_attr_set(struct nfacct *nfacct, enum nfacct_attr_type type, + const void *data) + { +@@ -126,7 +124,6 @@ nfacct_attr_set(struct nfacct *nfacct, enum nfacct_attr_type type, + break; + } + } +-EXPORT_SYMBOL(nfacct_attr_set); + + /** + * nfacct_attr_set_str - set one attribute the accounting object +@@ -134,13 +131,12 @@ EXPORT_SYMBOL(nfacct_attr_set); + * \param type attribute type you want to set + * \param name string that will be used to set this attribute + */ +-void ++void __EXPORT + nfacct_attr_set_str(struct nfacct *nfacct, enum nfacct_attr_type type, + const char *name) + { + nfacct_attr_set(nfacct, type, name); + } +-EXPORT_SYMBOL(nfacct_attr_set_str); + + /** + * nfacct_attr_set_u64 - set one attribute the accounting object +@@ -148,20 +144,19 @@ EXPORT_SYMBOL(nfacct_attr_set_str); + * \param type attribute type you want to set + * \param value unsigned 64-bits integer + */ +-void ++void __EXPORT + nfacct_attr_set_u64(struct nfacct *nfacct, enum nfacct_attr_type type, + uint64_t value) + { + nfacct_attr_set(nfacct, type, &value); + } +-EXPORT_SYMBOL(nfacct_attr_set_u64); + + /** + * nfacct_attr_unset - unset one attribute the accounting object + * \param nfacct pointer to the accounting object + * \param type attribute type you want to set + */ +-void ++void __EXPORT + nfacct_attr_unset(struct nfacct *nfacct, enum nfacct_attr_type type) + { + switch(type) { +@@ -182,7 +177,6 @@ nfacct_attr_unset(struct nfacct *nfacct, enum nfacct_attr_type type) + break; + } + } +-EXPORT_SYMBOL(nfacct_attr_unset); + + /** + * nfacct_attr_get - get one attribute the accounting object +@@ -192,7 +186,7 @@ EXPORT_SYMBOL(nfacct_attr_unset); + * This function returns a valid pointer to the attribute data. If a + * unsupported attribute is used, this returns NULL. + */ +-const void *nfacct_attr_get(struct nfacct *nfacct, enum nfacct_attr_type type) ++const void __EXPORT *nfacct_attr_get(struct nfacct *nfacct, enum nfacct_attr_type type) + { + const void *ret = NULL; + +@@ -220,7 +214,6 @@ const void *nfacct_attr_get(struct nfacct *nfacct, enum nfacct_attr_type type) + } + return ret; + } +-EXPORT_SYMBOL(nfacct_attr_get); + + /** + * nfacct_attr_get_str - get one attribute the accounting object +@@ -230,12 +223,11 @@ EXPORT_SYMBOL(nfacct_attr_get); + * This function returns a valid pointer to the beginning of the string. + * If the attribute is unsupported, this returns NULL. + */ +-const char * ++const char __EXPORT * + nfacct_attr_get_str(struct nfacct *nfacct, enum nfacct_attr_type type) + { + return nfacct_attr_get(nfacct, type); + } +-EXPORT_SYMBOL(nfacct_attr_get_str); + + /** + * nfacct_attr_get_u64 - get one attribute the accounting object +@@ -245,12 +237,11 @@ EXPORT_SYMBOL(nfacct_attr_get_str); + * This function returns a unsigned 64-bits integer. If the attribute is + * unsupported, this returns NULL. + */ +-uint64_t nfacct_attr_get_u64(struct nfacct *nfacct, enum nfacct_attr_type type) ++uint64_t __EXPORT nfacct_attr_get_u64(struct nfacct *nfacct, enum nfacct_attr_type type) + { + const void *ret = nfacct_attr_get(nfacct, type); + return ret ? *((uint64_t *)ret) : 0; + } +-EXPORT_SYMBOL(nfacct_attr_get_u64); + + static int + nfacct_snprintf_plain(char *buf, size_t rem, struct nfacct *nfacct, +@@ -424,8 +415,8 @@ err: + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int nfacct_snprintf(char *buf, size_t size, struct nfacct *nfacct, +- uint16_t type, uint16_t flags) ++int __EXPORT nfacct_snprintf(char *buf, size_t size, struct nfacct *nfacct, ++ uint16_t type, uint16_t flags) + { + int ret = 0; + +@@ -445,7 +436,6 @@ int nfacct_snprintf(char *buf, size_t size, struct nfacct *nfacct, + } + return ret; + } +-EXPORT_SYMBOL(nfacct_snprintf); + + /** + * @} +@@ -484,7 +474,7 @@ EXPORT_SYMBOL(nfacct_snprintf); + * - Command NFNL_MSG_ACCT_DEL, to delete one specific nfacct object (if + * unused, otherwise you hit EBUSY). + */ +-struct nlmsghdr * ++struct nlmsghdr __EXPORT * + nfacct_nlmsg_build_hdr(char *buf, uint8_t cmd, uint16_t flags, uint32_t seq) + { + struct nlmsghdr *nlh; +@@ -502,14 +492,13 @@ nfacct_nlmsg_build_hdr(char *buf, uint8_t cmd, uint16_t flags, uint32_t seq) + + return nlh; + } +-EXPORT_SYMBOL(nfacct_nlmsg_build_hdr); + + /** + * nfacct_nlmsg_build_payload - build payload from accounting object + * \param nlh: netlink message that you want to use to add the payload. + * \param nfacct: pointer to a accounting object + */ +-void nfacct_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfacct *nfacct) ++void __EXPORT nfacct_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfacct *nfacct) + { + if (nfacct->bitset & (1 << NFACCT_ATTR_NAME)) + mnl_attr_put_strz(nlh, NFACCT_NAME, nfacct->name); +@@ -526,7 +515,6 @@ void nfacct_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfacct *nfacct) + if (nfacct->bitset & (1 << NFACCT_ATTR_QUOTA)) + mnl_attr_put_u64(nlh, NFACCT_QUOTA, htobe64(nfacct->quota)); + } +-EXPORT_SYMBOL(nfacct_nlmsg_build_payload); + + static int nfacct_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data) + { +@@ -563,7 +551,7 @@ static int nfacct_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data) + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int ++int __EXPORT + nfacct_nlmsg_parse_payload(const struct nlmsghdr *nlh, struct nfacct *nfacct) + { + struct nlattr *tb[NFACCT_MAX+1] = {}; +@@ -589,7 +577,6 @@ nfacct_nlmsg_parse_payload(const struct nlmsghdr *nlh, struct nfacct *nfacct) + + return 0; + } +-EXPORT_SYMBOL(nfacct_nlmsg_parse_payload); + + /** + * @} +-- +2.12.2 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch new file mode 100644 index 00000000..946f1b71 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch @@ -0,0 +1,1229 @@ +From 06562244ac4a1a61e1a2c6b219a517658f7349bf Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 10 Apr 2017 12:09:41 -0700 +Subject: [PATCH] Declare the define visivility attribute together + +clang ignores the visibility attribute if its not +defined before the definition. As a result these +symbols become hidden and consumers of this library +fail to link due to these missing symbols + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + doxygen.cfg.in | 2 +- + src/extra/ipv4.c | 15 +++---- + src/extra/ipv6.c | 9 ++-- + src/extra/pktbuff.c | 42 ++++++------------ + src/extra/tcp.c | 21 +++------ + src/extra/udp.c | 21 +++------ + src/internal.h | 5 +-- + src/libnetfilter_queue.c | 108 ++++++++++++++++------------------------------- + src/nlmsg.c | 21 +++------ + 9 files changed, 82 insertions(+), 162 deletions(-) + +diff --git a/doxygen.cfg.in b/doxygen.cfg.in +index a7378ca..659abee 100644 +--- a/doxygen.cfg.in ++++ b/doxygen.cfg.in +@@ -72,7 +72,7 @@ RECURSIVE = YES + EXCLUDE = + EXCLUDE_SYMLINKS = NO + EXCLUDE_PATTERNS = +-EXCLUDE_SYMBOLS = EXPORT_SYMBOL ++EXCLUDE_SYMBOLS = + EXAMPLE_PATH = + EXAMPLE_PATTERNS = + EXAMPLE_RECURSIVE = NO +diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c +index a93d113..56d5dc7 100644 +--- a/src/extra/ipv4.c ++++ b/src/extra/ipv4.c +@@ -32,7 +32,7 @@ + * This funcion returns NULL if the IPv4 is malformed or the protocol version + * is not 4. On success, it returns a valid pointer to the IPv4 header. + */ +-struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) ++struct iphdr __EXPORTED *nfq_ip_get_hdr(struct pkt_buff *pktb) + { + struct iphdr *iph; + unsigned int pktlen = pktb->tail - pktb->network_header; +@@ -53,14 +53,13 @@ struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) + + return iph; + } +-EXPORT_SYMBOL(nfq_ip_get_hdr); + + /** + * nfq_ip_set_transport_header - set transport header + * \param pktb: pointer to network packet buffer + * \param iph: pointer to the IPv4 header + */ +-int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) ++int __EXPORTED nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) + { + int doff = iph->ihl * 4; + +@@ -71,7 +70,6 @@ int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) + pktb->transport_header = pktb->network_header + doff; + return 0; + } +-EXPORT_SYMBOL(nfq_ip_set_transport_header); + + /** + * nfq_ip_set_checksum - set IPv4 checksum +@@ -80,14 +78,13 @@ EXPORT_SYMBOL(nfq_ip_set_transport_header); + * \note Call to this function if you modified the IPv4 header to update the + * checksum. + */ +-void nfq_ip_set_checksum(struct iphdr *iph) ++void __EXPORTED nfq_ip_set_checksum(struct iphdr *iph) + { + uint32_t iph_len = iph->ihl * 4; + + iph->check = 0; + iph->check = nfq_checksum(0, (uint16_t *)iph, iph_len); + } +-EXPORT_SYMBOL(nfq_ip_set_checksum); + + /** + * nfq_ip_mangle - mangle IPv4 packet buffer +@@ -100,7 +97,7 @@ EXPORT_SYMBOL(nfq_ip_set_checksum); + * + * \note This function recalculates the IPv4 checksum (if needed). + */ +-int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, ++int __EXPORTED nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, + unsigned int match_offset, unsigned int match_len, + const char *rep_buffer, unsigned int rep_len) + { +@@ -116,7 +113,6 @@ int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, + + return 1; + } +-EXPORT_SYMBOL(nfq_ip_mangle); + + /** + * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format +@@ -128,7 +124,7 @@ EXPORT_SYMBOL(nfq_ip_mangle); + * case that there is enough room in the buffer. Read snprintf manpage for more + * information to know more about this strange behaviour. + */ +-int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) ++int __EXPORTED nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) + { + int ret; + struct in_addr src = { iph->saddr }; +@@ -147,7 +143,6 @@ int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) + + return ret; + } +-EXPORT_SYMBOL(nfq_ip_snprintf); + + /** + * @} +diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c +index 7c5dc9b..6641c6b 100644 +--- a/src/extra/ipv6.c ++++ b/src/extra/ipv6.c +@@ -33,7 +33,7 @@ + * This funcion returns NULL if an invalid header is found. On sucess, it + * returns a valid pointer to the header. + */ +-struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) ++struct ip6_hdr __EXPORTED *nfq_ip6_get_hdr(struct pkt_buff *pktb) + { + struct ip6_hdr *ip6h; + unsigned int pktlen = pktb->tail - pktb->network_header; +@@ -50,7 +50,6 @@ struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) + + return ip6h; + } +-EXPORT_SYMBOL(nfq_ip6_get_hdr); + + /** + * nfq_ip6_set_transport_header - set transport header pointer for IPv6 packet +@@ -61,7 +60,7 @@ EXPORT_SYMBOL(nfq_ip6_get_hdr); + * This function returns 1 if the protocol has been found and the transport + * header has been set. Otherwise, it returns 0. + */ +-int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, ++int __EXPORTED nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, + uint8_t target) + { + uint8_t nexthdr = ip6h->ip6_nxt; +@@ -115,7 +114,6 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, + pktb->transport_header = cur; + return cur ? 1 : 0; + } +-EXPORT_SYMBOL(nfq_ip6_set_transport_header); + + /** + * nfq_ip6_snprintf - print IPv6 header into one buffer in iptables LOG format +@@ -124,7 +122,7 @@ EXPORT_SYMBOL(nfq_ip6_set_transport_header); + * \param ip6_hdr: pointer to a valid IPv6 header. + * + */ +-int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) ++int __EXPORTED nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) + { + int ret; + char src[INET6_ADDRSTRLEN]; +@@ -143,7 +141,6 @@ int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) + + return ret; + } +-EXPORT_SYMBOL(nfq_ip6_snprintf); + + /** + * @} +diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c +index 1c15a00..54d8244 100644 +--- a/src/extra/pktbuff.c ++++ b/src/extra/pktbuff.c +@@ -40,7 +40,7 @@ + * + * \return a pointer to a new queue handle or NULL on failure. + */ +-struct pkt_buff * ++struct pkt_buff __EXPORTED * + pktb_alloc(int family, void *data, size_t len, size_t extra) + { + struct pkt_buff *pktb; +@@ -84,120 +84,108 @@ pktb_alloc(int family, void *data, size_t len, size_t extra) + } + return pktb; + } +-EXPORT_SYMBOL(pktb_alloc); + + /** + * pktb_data - return pointer to the beginning of the packet buffer + * \param pktb Pointer to packet buffer + */ +-uint8_t *pktb_data(struct pkt_buff *pktb) ++uint8_t __EXPORTED *pktb_data(struct pkt_buff *pktb) + { + return pktb->data; + } +-EXPORT_SYMBOL(pktb_data); + + /** + * pktb_len - return length of the packet buffer + * \param pktb Pointer to packet buffer + */ +-uint32_t pktb_len(struct pkt_buff *pktb) ++uint32_t __EXPORTED pktb_len(struct pkt_buff *pktb) + { + return pktb->len; + } +-EXPORT_SYMBOL(pktb_len); + + /** + * pktb_free - release packet buffer + * \param pktb Pointer to packet buffer + */ +-void pktb_free(struct pkt_buff *pktb) ++void __EXPORTED pktb_free(struct pkt_buff *pktb) + { + free(pktb); + } +-EXPORT_SYMBOL(pktb_free); + + /** + * pktb_push - update pointer to the beginning of the packet buffer + * \param pktb Pointer to packet buffer + */ +-void pktb_push(struct pkt_buff *pktb, unsigned int len) ++void __EXPORTED pktb_push(struct pkt_buff *pktb, unsigned int len) + { + pktb->data -= len; + pktb->len += len; + } +-EXPORT_SYMBOL(pktb_push); + + /** + * pktb_pull - update pointer to the beginning of the packet buffer + * \param pktb Pointer to packet buffer + */ +-void pktb_pull(struct pkt_buff *pktb, unsigned int len) ++void __EXPORTED pktb_pull(struct pkt_buff *pktb, unsigned int len) + { + pktb->data += len; + pktb->len -= len; + } +-EXPORT_SYMBOL(pktb_pull); + + /** + * pktb_put - add extra bytes to the tail of the packet buffer + * \param pktb Pointer to packet buffer + */ +-void pktb_put(struct pkt_buff *pktb, unsigned int len) ++void __EXPORTED pktb_put(struct pkt_buff *pktb, unsigned int len) + { + pktb->tail += len; + pktb->len += len; + } +-EXPORT_SYMBOL(pktb_put); + + /** + * pktb_trim - set new length for this packet buffer + * \param pktb Pointer to packet buffer + */ +-void pktb_trim(struct pkt_buff *pktb, unsigned int len) ++void __EXPORTED pktb_trim(struct pkt_buff *pktb, unsigned int len) + { + pktb->len = len; + } +-EXPORT_SYMBOL(pktb_trim); + + /** + * pktb_tailroom - get room in bytes in the tail of the packet buffer + * \param pktb Pointer to packet buffer + */ +-unsigned int pktb_tailroom(struct pkt_buff *pktb) ++unsigned int __EXPORTED pktb_tailroom(struct pkt_buff *pktb) + { + return pktb->data_len - pktb->len; + } +-EXPORT_SYMBOL(pktb_tailroom); + + /** + * pktb_mac_header - return pointer to layer 2 header (if any) + * \param pktb Pointer to packet buffer + */ +-uint8_t *pktb_mac_header(struct pkt_buff *pktb) ++uint8_t __EXPORTED *pktb_mac_header(struct pkt_buff *pktb) + { + return pktb->mac_header; + } +-EXPORT_SYMBOL(pktb_mac_header); + + /** + * pktb_network_header - return pointer to layer 3 header + * \param pktb Pointer to packet buffer + */ +-uint8_t *pktb_network_header(struct pkt_buff *pktb) ++uint8_t __EXPORTED *pktb_network_header(struct pkt_buff *pktb) + { + return pktb->network_header; + } +-EXPORT_SYMBOL(pktb_network_header); + + /** + * pktb_transport_header - return pointer to layer 4 header (if any) + * \param pktb Pointer to packet buffer + */ +-uint8_t *pktb_transport_header(struct pkt_buff *pktb) ++uint8_t __EXPORTED *pktb_transport_header(struct pkt_buff *pktb) + { + return pktb->transport_header; + } +-EXPORT_SYMBOL(pktb_transport_header); + + static int pktb_expand_tail(struct pkt_buff *pkt, int extra) + { +@@ -224,7 +212,7 @@ static int enlarge_pkt(struct pkt_buff *pkt, unsigned int extra) + return 1; + } + +-int pktb_mangle(struct pkt_buff *pkt, ++int __EXPORTED pktb_mangle(struct pkt_buff *pkt, + unsigned int dataoff, + unsigned int match_offset, + unsigned int match_len, +@@ -258,17 +246,15 @@ int pktb_mangle(struct pkt_buff *pkt, + pkt->mangled = true; + return 1; + } +-EXPORT_SYMBOL(pktb_mangle); + + /** + * pktb_mangled - return true if packet has been mangled + * \param pktb Pointer to packet buffer + */ +-bool pktb_mangled(const struct pkt_buff *pkt) ++bool __EXPORTED pktb_mangled(const struct pkt_buff *pkt) + { + return pkt->mangled; + } +-EXPORT_SYMBOL(pktb_mangled); + + /** + * @} +diff --git a/src/extra/tcp.c b/src/extra/tcp.c +index d1cd79d..8038ce5 100644 +--- a/src/extra/tcp.c ++++ b/src/extra/tcp.c +@@ -40,7 +40,7 @@ + * \note You have to call nfq_ip_set_transport_header or + * nfq_ip6_set_transport_header first to access the TCP header. + */ +-struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) ++struct tcphdr __EXPORTED *nfq_tcp_get_hdr(struct pkt_buff *pktb) + { + if (pktb->transport_header == NULL) + return NULL; +@@ -51,14 +51,13 @@ struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) + + return (struct tcphdr *)pktb->transport_header; + } +-EXPORT_SYMBOL(nfq_tcp_get_hdr); + + /** + * nfq_tcp_get_payload - get the TCP packet payload + * \param tcph: pointer to the TCP header + * \param pktb: pointer to user-space network packet buffer + */ +-void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) ++void __EXPORTED *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) + { + unsigned int len = tcph->doff * 4; + +@@ -72,47 +71,43 @@ void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) + + return pktb->transport_header + len; + } +-EXPORT_SYMBOL(nfq_tcp_get_payload); + + /** + * nfq_tcp_get_payload_len - get the tcp packet payload + * \param tcph: pointer to the TCP header + * \param pktb: pointer to user-space network packet buffer + */ +-unsigned int ++unsigned int __EXPORTED + nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb) + { + return pktb->tail - pktb->transport_header; + } +-EXPORT_SYMBOL(nfq_tcp_get_payload_len); + + /** + * nfq_tcp_set_checksum_ipv4 - computes IPv4/TCP packet checksum + * \param tcph: pointer to the TCP header + * \param iph: pointer to the IPv4 header + */ +-void ++void __EXPORTED + nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph) + { + /* checksum field in header needs to be zero for calculation. */ + tcph->check = 0; + tcph->check = nfq_checksum_tcpudp_ipv4(iph); + } +-EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4); + + /** + * nfq_tcp_set_checksum_ipv6 - computes IPv6/TCP packet checksum + * \param tcph: pointer to the TCP header + * \param iph: pointer to the IPv6 header + */ +-void ++void __EXPORTED + nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h) + { + /* checksum field in header needs to be zero for calculation. */ + tcph->check = 0; + tcph->check = nfq_checksum_tcpudp_ipv6(ip6h, tcph); + } +-EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6); + + /* + * The union cast uses a gcc extension to avoid aliasing problems +@@ -134,7 +129,7 @@ union tcp_word_hdr { + * \param tcp: pointer to a valid tcp header. + * + */ +-int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) ++int __EXPORTED nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) + { + int ret, len = 0; + +@@ -177,7 +172,6 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) + + return ret; + } +-EXPORT_SYMBOL(nfq_tcp_snprintf); + + /** + * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer +@@ -189,7 +183,7 @@ EXPORT_SYMBOL(nfq_tcp_snprintf); + * + * \note This function recalculates the IPv4 and TCP checksums for you. + */ +-int ++int __EXPORTED + nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, + unsigned int match_offset, unsigned int match_len, + const char *rep_buffer, unsigned int rep_len) +@@ -208,7 +202,6 @@ nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, + + return 1; + } +-EXPORT_SYMBOL(nfq_tcp_mangle_ipv4); + + /** + * @} +diff --git a/src/extra/udp.c b/src/extra/udp.c +index 8c44a66..99c8faa 100644 +--- a/src/extra/udp.c ++++ b/src/extra/udp.c +@@ -37,7 +37,7 @@ + * This function returns NULL if invalid UDP header is found. On success, + * it returns the UDP header. + */ +-struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) ++struct udphdr __EXPORTED *nfq_udp_get_hdr(struct pkt_buff *pktb) + { + if (pktb->transport_header == NULL) + return NULL; +@@ -48,14 +48,13 @@ struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) + + return (struct udphdr *)pktb->transport_header; + } +-EXPORT_SYMBOL(nfq_udp_get_hdr); + + /** + * nfq_udp_get_payload - get the UDP packet payload. + * \param udph: the pointer to the UDP header. + * \param tail: pointer to the tail of the packet + */ +-void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) ++void __EXPORTED *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) + { + uint16_t len = ntohs(udph->len); + +@@ -69,17 +68,15 @@ void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) + + return pktb->transport_header + sizeof(struct udphdr); + } +-EXPORT_SYMBOL(nfq_udp_get_payload); + + /** + * nfq_udp_get_payload_len - get the udp packet payload. + * \param udp: the pointer to the udp header. + */ +-unsigned int nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) ++unsigned int __EXPORTED nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) + { + return pktb->tail - pktb->transport_header; + } +-EXPORT_SYMBOL(nfq_udp_get_payload_len); + + /** + * nfq_udp_set_checksum_ipv4 - computes a IPv4/TCP packet's segment +@@ -91,14 +88,13 @@ EXPORT_SYMBOL(nfq_udp_get_payload_len); + * \see nfq_pkt_compute_ip_checksum + * \see nfq_pkt_compute_udp_checksum + */ +-void ++void __EXPORTED + nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph) + { + /* checksum field in header needs to be zero for calculation. */ + udph->check = 0; + udph->check = nfq_checksum_tcpudp_ipv4(iph); + } +-EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); + + /** + * nfq_udp_set_checksum_ipv6 - computes a IPv6/TCP packet's segment +@@ -110,14 +106,13 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); + * \see nfq_pkt_compute_ip_checksum + * \see nfq_pkt_compute_udp_checksum + */ +-void ++void __EXPORTED + nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h) + { + /* checksum field in header needs to be zero for calculation. */ + udph->check = 0; + udph->check = nfq_checksum_tcpudp_ipv6(ip6h, udph); + } +-EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); + + /** + * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer +@@ -129,7 +124,7 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); + * + * \note This function recalculates the IPv4 and TCP checksums for you. + */ +-int ++int __EXPORTED + nfq_udp_mangle_ipv4(struct pkt_buff *pkt, + unsigned int match_offset, unsigned int match_len, + const char *rep_buffer, unsigned int rep_len) +@@ -148,7 +143,6 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt, + + return 1; + } +-EXPORT_SYMBOL(nfq_udp_mangle_ipv4); + + /** + * nfq_pkt_snprintf_udp_hdr - print udp header into one buffer in a humnan +@@ -158,12 +152,11 @@ EXPORT_SYMBOL(nfq_udp_mangle_ipv4); + * \param udp: pointer to a valid udp header. + * + */ +-int nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) ++int __EXPORTED nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) + { + return snprintf(buf, size, "SPT=%u DPT=%u ", + htons(udph->source), htons(udph->dest)); + } +-EXPORT_SYMBOL(nfq_udp_snprintf); + + /** + * @} +diff --git a/src/internal.h b/src/internal.h +index 558d267..79b0752 100644 +--- a/src/internal.h ++++ b/src/internal.h +@@ -5,10 +5,9 @@ + #include <stdint.h> + #include <stdbool.h> + #ifdef HAVE_VISIBILITY_HIDDEN +-# define __visible __attribute__((visibility("default"))) +-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible ++# define __EXPORTED __attribute__((visibility("default"))) + #else +-# define EXPORT_SYMBOL ++# define __EXPORTED + #endif + + struct iphdr; +diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c +index 065d618..ab0b66b 100644 +--- a/src/libnetfilter_queue.c ++++ b/src/libnetfilter_queue.c +@@ -133,8 +133,7 @@ struct nfq_data { + struct nfattr **data; + }; + +-int nfq_errno; +-EXPORT_SYMBOL(nfq_errno); ++int __EXPORTED nfq_errno; + + /*********************************************************************** + * low level stuff +@@ -218,11 +217,10 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], + + /* public interface */ + +-struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) ++struct nfnl_handle __EXPORTED *nfq_nfnlh(struct nfq_handle *h) + { + return h->nfnlh; + } +-EXPORT_SYMBOL(nfq_nfnlh); + + /** + * +@@ -294,11 +292,10 @@ EXPORT_SYMBOL(nfq_nfnlh); + * over the netlink connection associated with the given queue connection + * handle. + */ +-int nfq_fd(struct nfq_handle *h) ++int __EXPORTED nfq_fd(struct nfq_handle *h) + { + return nfnl_fd(nfq_nfnlh(h)); + } +-EXPORT_SYMBOL(nfq_fd); + /** + * @} + */ +@@ -349,7 +346,7 @@ EXPORT_SYMBOL(nfq_fd); + * + * \return a pointer to a new queue handle or NULL on failure. + */ +-struct nfq_handle *nfq_open(void) ++struct nfq_handle __EXPORTED *nfq_open(void) + { + struct nfnl_handle *nfnlh = nfnl_open(); + struct nfq_handle *qh; +@@ -366,7 +363,6 @@ struct nfq_handle *nfq_open(void) + + return qh; + } +-EXPORT_SYMBOL(nfq_open); + + /** + * @} +@@ -382,7 +378,7 @@ EXPORT_SYMBOL(nfq_open); + * + * \return a pointer to a new queue handle or NULL on failure. + */ +-struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh) ++struct nfq_handle __EXPORTED *nfq_open_nfnl(struct nfnl_handle *nfnlh) + { + struct nfnl_callback pkt_cb = { + .call = __nfq_rcv_pkt, +@@ -419,7 +415,6 @@ out_free: + free(h); + return NULL; + } +-EXPORT_SYMBOL(nfq_open_nfnl); + + /** + * \addtogroup LibrarySetup +@@ -438,7 +433,7 @@ EXPORT_SYMBOL(nfq_open_nfnl); + * + * \return 0 on success, non-zero on failure. + */ +-int nfq_close(struct nfq_handle *h) ++int __EXPORTED nfq_close(struct nfq_handle *h) + { + int ret; + +@@ -447,7 +442,6 @@ int nfq_close(struct nfq_handle *h) + free(h); + return ret; + } +-EXPORT_SYMBOL(nfq_close); + + /** + * nfq_bind_pf - bind a nfqueue handler to a given protocol family +@@ -460,11 +454,10 @@ EXPORT_SYMBOL(nfq_close); + * + * \return integer inferior to 0 in case of failure + */ +-int nfq_bind_pf(struct nfq_handle *h, uint16_t pf) ++int __EXPORTED nfq_bind_pf(struct nfq_handle *h, uint16_t pf) + { + return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf); + } +-EXPORT_SYMBOL(nfq_bind_pf); + + /** + * nfq_unbind_pf - unbind nfqueue handler from a protocol family +@@ -476,11 +469,10 @@ EXPORT_SYMBOL(nfq_bind_pf); + * + * This call is obsolete, Linux kernels from 3.8 onwards ignore it. + */ +-int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) ++int __EXPORTED nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) + { + return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf); + } +-EXPORT_SYMBOL(nfq_unbind_pf); + + + /** +@@ -524,7 +516,7 @@ typedef int nfq_callback(struct nfq_q_handle *qh, + * The callback should return < 0 to stop processing. + */ + +-struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, ++struct nfq_q_handle __EXPORTED *nfq_create_queue(struct nfq_handle *h, + uint16_t num, + nfq_callback *cb, + void *data) +@@ -555,7 +547,6 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, + add_qh(qh); + return qh; + } +-EXPORT_SYMBOL(nfq_create_queue); + + /** + * @} +@@ -573,7 +564,7 @@ EXPORT_SYMBOL(nfq_create_queue); + * Removes the binding for the specified queue handle. This call also unbind + * from the nfqueue handler, so you don't have to call nfq_unbind_pf. + */ +-int nfq_destroy_queue(struct nfq_q_handle *qh) ++int __EXPORTED nfq_destroy_queue(struct nfq_q_handle *qh) + { + int ret = __build_send_cfg_msg(qh->h, NFQNL_CFG_CMD_UNBIND, qh->id, 0); + if (ret == 0) { +@@ -583,7 +574,6 @@ int nfq_destroy_queue(struct nfq_q_handle *qh) + + return ret; + } +-EXPORT_SYMBOL(nfq_destroy_queue); + + /** + * nfq_handle_packet - handle a packet received from the nfqueue subsystem +@@ -597,11 +587,10 @@ EXPORT_SYMBOL(nfq_destroy_queue); + * + * \return 0 on success, non-zero on failure. + */ +-int nfq_handle_packet(struct nfq_handle *h, char *buf, int len) ++int __EXPORTED nfq_handle_packet(struct nfq_handle *h, char *buf, int len) + { + return nfnl_handle_packet(h->nfnlh, buf, len); + } +-EXPORT_SYMBOL(nfq_handle_packet); + + /** + * nfq_set_mode - set the amount of packet data that nfqueue copies to userspace +@@ -618,7 +607,7 @@ EXPORT_SYMBOL(nfq_handle_packet); + * + * \return -1 on error; >=0 otherwise. + */ +-int nfq_set_mode(struct nfq_q_handle *qh, ++int __EXPORTED nfq_set_mode(struct nfq_q_handle *qh, + uint8_t mode, uint32_t range) + { + union { +@@ -638,7 +627,6 @@ int nfq_set_mode(struct nfq_q_handle *qh, + + return nfnl_query(qh->h->nfnlh, &u.nmh); + } +-EXPORT_SYMBOL(nfq_set_mode); + + /** + * nfq_set_queue_flags - set flags (options) for the kernel queue +@@ -690,7 +678,7 @@ EXPORT_SYMBOL(nfq_set_mode); + * + * \return -1 on error with errno set appropriately; =0 otherwise. + */ +-int nfq_set_queue_flags(struct nfq_q_handle *qh, ++int __EXPORTED nfq_set_queue_flags(struct nfq_q_handle *qh, + uint32_t mask, uint32_t flags) + { + union { +@@ -711,7 +699,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, + + return nfnl_query(qh->h->nfnlh, &u.nmh); + } +-EXPORT_SYMBOL(nfq_set_queue_flags); + + /** + * nfq_set_queue_maxlen - Set kernel queue maximum length parameter +@@ -724,7 +711,7 @@ EXPORT_SYMBOL(nfq_set_queue_flags); + * + * \return -1 on error; >=0 otherwise. + */ +-int nfq_set_queue_maxlen(struct nfq_q_handle *qh, ++int __EXPORTED nfq_set_queue_maxlen(struct nfq_q_handle *qh, + uint32_t queuelen) + { + union { +@@ -742,7 +729,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, + + return nfnl_query(qh->h->nfnlh, &u.nmh); + } +-EXPORT_SYMBOL(nfq_set_queue_maxlen); + + /** + * @} +@@ -829,14 +815,13 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id, + * + * \return -1 on error; >= 0 otherwise. + */ +-int nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, ++int __EXPORTED nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, + uint32_t verdict, uint32_t data_len, + const unsigned char *buf) + { + return __set_verdict(qh, id, verdict, 0, 0, data_len, buf, + NFQNL_MSG_VERDICT); + } +-EXPORT_SYMBOL(nfq_set_verdict); + + /** + * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark. +@@ -847,14 +832,13 @@ EXPORT_SYMBOL(nfq_set_verdict); + * \param data_len number of bytes of data pointed to by #buf + * \param buf the buffer that contains the packet data + */ +-int nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, ++int __EXPORTED nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, + uint32_t verdict, uint32_t mark, + uint32_t data_len, const unsigned char *buf) + { + return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, + buf, NFQNL_MSG_VERDICT); + } +-EXPORT_SYMBOL(nfq_set_verdict2); + + /** + * nfq_set_verdict_batch - issue verdicts on several packets at once +@@ -868,13 +852,12 @@ EXPORT_SYMBOL(nfq_set_verdict2); + * batch support was added in Linux 3.1. + * These functions will fail silently on older kernels. + */ +-int nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, ++int __EXPORTED nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, + uint32_t verdict) + { + return __set_verdict(qh, id, verdict, 0, 0, 0, NULL, + NFQNL_MSG_VERDICT_BATCH); + } +-EXPORT_SYMBOL(nfq_set_verdict_batch); + + /** + * nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark. +@@ -883,13 +866,12 @@ EXPORT_SYMBOL(nfq_set_verdict_batch); + * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP) + * \param mark mark to put on packet + */ +-int nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, ++int __EXPORTED nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, + uint32_t verdict, uint32_t mark) + { + return __set_verdict(qh, id, verdict, htonl(mark), 1, 0, + NULL, NFQNL_MSG_VERDICT_BATCH); + } +-EXPORT_SYMBOL(nfq_set_verdict_batch2); + + /** + * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark. +@@ -905,14 +887,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2); + * This function is deprecated since it is broken, its use is highly + * discouraged. Please, use nfq_set_verdict2 instead. + */ +-int nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, ++int __EXPORTED nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, + uint32_t verdict, uint32_t mark, + uint32_t data_len, const unsigned char *buf) + { + return __set_verdict(qh, id, verdict, mark, 1, data_len, buf, + NFQNL_MSG_VERDICT); + } +-EXPORT_SYMBOL(nfq_set_verdict_mark); + + /** + * @} +@@ -947,12 +928,11 @@ EXPORT_SYMBOL(nfq_set_verdict_mark); + } __attribute__ ((packed)); + \endverbatim + */ +-struct nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(struct nfq_data *nfad) ++struct nfqnl_msg_packet_hdr __EXPORTED *nfq_get_msg_packet_hdr(struct nfq_data *nfad) + { + return nfnl_get_pointer_to_data(nfad->data, NFQA_PACKET_HDR, + struct nfqnl_msg_packet_hdr); + } +-EXPORT_SYMBOL(nfq_get_msg_packet_hdr); + + /** + * nfq_get_nfmark - get the packet mark +@@ -960,11 +940,10 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr); + * + * \return the netfilter mark currently assigned to the given queued packet. + */ +-uint32_t nfq_get_nfmark(struct nfq_data *nfad) ++uint32_t __EXPORTED nfq_get_nfmark(struct nfq_data *nfad) + { + return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t)); + } +-EXPORT_SYMBOL(nfq_get_nfmark); + + /** + * nfq_get_timestamp - get the packet timestamp +@@ -975,7 +954,7 @@ EXPORT_SYMBOL(nfq_get_nfmark); + * + * \return 0 on success, non-zero on failure. + */ +-int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) ++int __EXPORTED nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) + { + struct nfqnl_msg_packet_timestamp *qpt; + qpt = nfnl_get_pointer_to_data(nfad->data, NFQA_TIMESTAMP, +@@ -988,7 +967,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) + + return 0; + } +-EXPORT_SYMBOL(nfq_get_timestamp); + + /** + * nfq_get_indev - get the interface that the packet was received through +@@ -1001,11 +979,10 @@ EXPORT_SYMBOL(nfq_get_timestamp); + * \warning all nfq_get_dev() functions return 0 if not set, since linux + * only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1) + */ +-uint32_t nfq_get_indev(struct nfq_data *nfad) ++uint32_t __EXPORTED nfq_get_indev(struct nfq_data *nfad) + { + return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_INDEV, uint32_t)); + } +-EXPORT_SYMBOL(nfq_get_indev); + + /** + * nfq_get_physindev - get the physical interface that the packet was received +@@ -1015,11 +992,10 @@ EXPORT_SYMBOL(nfq_get_indev); + * If the returned index is 0, the packet was locally generated or the + * physical input interface is no longer known (ie. POSTROUTING?). + */ +-uint32_t nfq_get_physindev(struct nfq_data *nfad) ++uint32_t __EXPORTED nfq_get_physindev(struct nfq_data *nfad) + { + return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSINDEV, uint32_t)); + } +-EXPORT_SYMBOL(nfq_get_physindev); + + /** + * nfq_get_outdev - gets the interface that the packet will be routed out +@@ -1029,11 +1005,10 @@ EXPORT_SYMBOL(nfq_get_physindev); + * returned index is 0, the packet is destined for localhost or the output + * interface is not yet known (ie. PREROUTING?). + */ +-uint32_t nfq_get_outdev(struct nfq_data *nfad) ++uint32_t __EXPORTED nfq_get_outdev(struct nfq_data *nfad) + { + return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_OUTDEV, uint32_t)); + } +-EXPORT_SYMBOL(nfq_get_outdev); + + /** + * nfq_get_physoutdev - get the physical interface that the packet output +@@ -1045,11 +1020,10 @@ EXPORT_SYMBOL(nfq_get_outdev); + * + * \return The index of physical interface that the packet output will be routed out. + */ +-uint32_t nfq_get_physoutdev(struct nfq_data *nfad) ++uint32_t __EXPORTED nfq_get_physoutdev(struct nfq_data *nfad) + { + return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, uint32_t)); + } +-EXPORT_SYMBOL(nfq_get_physoutdev); + + /** + * nfq_get_indev_name - get the name of the interface the packet +@@ -1089,13 +1063,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev); + \endverbatim + * + */ +-int nfq_get_indev_name(struct nlif_handle *nlif_handle, ++int __EXPORTED nfq_get_indev_name(struct nlif_handle *nlif_handle, + struct nfq_data *nfad, char *name) + { + uint32_t ifindex = nfq_get_indev(nfad); + return nlif_index2name(nlif_handle, ifindex, name); + } +-EXPORT_SYMBOL(nfq_get_indev_name); + + /** + * nfq_get_physindev_name - get the name of the physical interface the +@@ -1109,13 +1082,12 @@ EXPORT_SYMBOL(nfq_get_indev_name); + * + * \return -1 in case of error, > 0 if it succeed. + */ +-int nfq_get_physindev_name(struct nlif_handle *nlif_handle, ++int __EXPORTED nfq_get_physindev_name(struct nlif_handle *nlif_handle, + struct nfq_data *nfad, char *name) + { + uint32_t ifindex = nfq_get_physindev(nfad); + return nlif_index2name(nlif_handle, ifindex, name); + } +-EXPORT_SYMBOL(nfq_get_physindev_name); + + /** + * nfq_get_outdev_name - get the name of the physical interface the +@@ -1129,13 +1101,12 @@ EXPORT_SYMBOL(nfq_get_physindev_name); + * + * \return -1 in case of error, > 0 if it succeed. + */ +-int nfq_get_outdev_name(struct nlif_handle *nlif_handle, ++int __EXPORTED nfq_get_outdev_name(struct nlif_handle *nlif_handle, + struct nfq_data *nfad, char *name) + { + uint32_t ifindex = nfq_get_outdev(nfad); + return nlif_index2name(nlif_handle, ifindex, name); + } +-EXPORT_SYMBOL(nfq_get_outdev_name); + + /** + * nfq_get_physoutdev_name - get the name of the interface the +@@ -1150,13 +1121,12 @@ EXPORT_SYMBOL(nfq_get_outdev_name); + * \return -1 in case of error, > 0 if it succeed. + */ + +-int nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, ++int __EXPORTED nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, + struct nfq_data *nfad, char *name) + { + uint32_t ifindex = nfq_get_physoutdev(nfad); + return nlif_index2name(nlif_handle, ifindex, name); + } +-EXPORT_SYMBOL(nfq_get_physoutdev_name); + + /** + * nfq_get_packet_hw +@@ -1180,12 +1150,11 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name); + } __attribute__ ((packed)); + \endverbatim + */ +-struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad) ++struct nfqnl_msg_packet_hw __EXPORTED *nfq_get_packet_hw(struct nfq_data *nfad) + { + return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR, + struct nfqnl_msg_packet_hw); + } +-EXPORT_SYMBOL(nfq_get_packet_hw); + + /** + * nfq_get_uid - get the UID of the user the packet belongs to +@@ -1193,7 +1162,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw); + * + * \return 1 if there is a UID available, 0 otherwise. + */ +-int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) ++int __EXPORTED nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) + { + if (!nfnl_attr_present(nfad->data, NFQA_UID)) + return 0; +@@ -1201,7 +1170,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) + *uid = ntohl(nfnl_get_data(nfad->data, NFQA_UID, uint32_t)); + return 1; + } +-EXPORT_SYMBOL(nfq_get_uid); + + /** + * nfq_get_gid - get the GID of the user the packet belongs to +@@ -1209,7 +1177,7 @@ EXPORT_SYMBOL(nfq_get_uid); + * + * \return 1 if there is a GID available, 0 otherwise. + */ +-int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) ++int __EXPORTED nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) + { + if (!nfnl_attr_present(nfad->data, NFQA_GID)) + return 0; +@@ -1217,7 +1185,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) + *gid = ntohl(nfnl_get_data(nfad->data, NFQA_GID, uint32_t)); + return 1; + } +-EXPORT_SYMBOL(nfq_get_gid); + + + /** +@@ -1227,7 +1194,7 @@ EXPORT_SYMBOL(nfq_get_gid); + * + * \return -1 on error, otherwise > 0 + */ +-int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) ++int __EXPORTED nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) + { + if (!nfnl_attr_present(nfad->data, NFQA_SECCTX)) + return -1; +@@ -1240,7 +1207,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) + + return 0; + } +-EXPORT_SYMBOL(nfq_get_secctx); + + /** + * nfq_get_payload - get payload +@@ -1253,7 +1219,7 @@ EXPORT_SYMBOL(nfq_get_secctx); + * + * \return -1 on error, otherwise > 0. + */ +-int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) ++int __EXPORTED nfq_get_payload(struct nfq_data *nfad, unsigned char **data) + { + *data = (unsigned char *) + nfnl_get_pointer_to_data(nfad->data, NFQA_PAYLOAD, char); +@@ -1262,7 +1228,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) + + return -1; + } +-EXPORT_SYMBOL(nfq_get_payload); + + /** + * @} +@@ -1307,7 +1272,7 @@ do { \ + * would have been printed into the buffer (in case that there is enough + * room in it). See snprintf() return value for more information. + */ +-int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) ++int __EXPORTED nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) + { + struct nfqnl_msg_packet_hdr *ph; + struct nfqnl_msg_packet_hw *hwph; +@@ -1460,7 +1425,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) + + return len; + } +-EXPORT_SYMBOL(nfq_snprintf_xml); + + /** + * @} +diff --git a/src/nlmsg.c b/src/nlmsg.c +index ba28c77..5582407 100644 +--- a/src/nlmsg.c ++++ b/src/nlmsg.c +@@ -30,7 +30,7 @@ + * @{ + */ + +-void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) ++void __EXPORTED nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) + { + struct nfqnl_msg_verdict_hdr vh = { + .verdict = htonl(verdict), +@@ -38,20 +38,17 @@ void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) + }; + mnl_attr_put(nlh, NFQA_VERDICT_HDR, sizeof(vh), &vh); + } +-EXPORT_SYMBOL(nfq_nlmsg_verdict_put); + +-void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) ++void __EXPORTED nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) + { + mnl_attr_put_u32(nlh, NFQA_MARK, htonl(mark)); + } +-EXPORT_SYMBOL(nfq_nlmsg_verdict_put_mark); + +-void ++void __EXPORTED + nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t plen) + { + mnl_attr_put(nlh, NFQA_PAYLOAD, plen, pkt); + } +-EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); + + /** + * @} +@@ -85,7 +82,7 @@ EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); + * given protocol family. Both commands are ignored by Linux kernel 3.8 and + * later versions. + */ +-void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) ++void __EXPORTED nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) + { + struct nfqnl_msg_config_cmd command = { + .command = cmd, +@@ -93,9 +90,8 @@ void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) + }; + mnl_attr_put(nlh, NFQA_CFG_CMD, sizeof(command), &command); + } +-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd); + +-void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) ++void __EXPORTED nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) + { + struct nfqnl_msg_config_params params = { + .copy_range = htonl(range), +@@ -103,13 +99,11 @@ void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) + }; + mnl_attr_put(nlh, NFQA_CFG_PARAMS, sizeof(params), ¶ms); + } +-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_params); + +-void nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) ++void __EXPORTED nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) + { + mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(queue_maxlen)); + } +-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_qmaxlen); + + /** + * @} +@@ -179,12 +173,11 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) + * This function returns MNL_CB_ERROR if any error occurs, or MNL_CB_OK on + * success. + */ +-int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) ++int __EXPORTED nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) + { + return mnl_attr_parse(nlh, sizeof(struct nfgenmsg), + nfq_pkt_parse_attr_cb, attr); + } +-EXPORT_SYMBOL(nfq_nlmsg_parse); + + /** + * @} +-- +2.12.2 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch new file mode 100644 index 00000000..e717d5b0 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch @@ -0,0 +1,382 @@ +From f58c5b09fb59baf07c942d373fc4d522b27e73c6 Mon Sep 17 00:00:00 2001 +From: Kevin Cernekee <cernekee@chromium.org> +Date: Wed, 4 Jan 2017 14:30:26 -0800 +Subject: Use __EXPORTED rather than EXPORT_SYMBOL + +clang is sensitive to the ordering of +__attribute__((visibility("default"))) relative to the function +body. gcc is not. So if we try to re-declare an existing function +with default visibility, clang prints a warning and generates +a broken .so file in which nfct_helper_* are not exported to library +callers. + +Move the attribute up into the function definition to make clang happy. + +Signed-off-by: Kevin Cernekee <cernekee@chromium.org> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + doxygen.cfg.in | 2 +- + src/internal.h | 5 ++- + src/libnetfilter_cthelper.c | 83 ++++++++++++++++++--------------------------- + 3 files changed, 36 insertions(+), 54 deletions(-) + +Index: libnetfilter_cthelper-1.0.0/doxygen.cfg.in +=================================================================== +--- libnetfilter_cthelper-1.0.0.orig/doxygen.cfg.in ++++ libnetfilter_cthelper-1.0.0/doxygen.cfg.in +@@ -72,7 +72,7 @@ RECURSIVE = YES + EXCLUDE = + EXCLUDE_SYMLINKS = NO + EXCLUDE_PATTERNS = */.git/* .*.d +-EXCLUDE_SYMBOLS = EXPORT_SYMBOL ++EXCLUDE_SYMBOLS = + EXAMPLE_PATH = + EXAMPLE_PATTERNS = + EXAMPLE_RECURSIVE = NO +Index: libnetfilter_cthelper-1.0.0/src/internal.h +=================================================================== +--- libnetfilter_cthelper-1.0.0.orig/src/internal.h ++++ libnetfilter_cthelper-1.0.0/src/internal.h +@@ -3,10 +3,9 @@ + + #include "config.h" + #ifdef HAVE_VISIBILITY_HIDDEN +-# define __visible __attribute__((visibility("default"))) +-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible ++# define __EXPORTED __attribute__((visibility("default"))) + #else +-# define EXPORT_SYMBOL ++# define __EXPORTED + #endif + + #endif +Index: libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c +=================================================================== +--- libnetfilter_cthelper-1.0.0.orig/src/libnetfilter_cthelper.c ++++ libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c +@@ -99,17 +99,16 @@ struct nfct_helper { + * In case of success, this function returns a valid pointer, otherwise NULL + * s returned and errno is appropriately set. + */ +-struct nfct_helper *nfct_helper_alloc(void) ++struct nfct_helper __EXPORTED *nfct_helper_alloc(void) + { + return calloc(1, sizeof(struct nfct_helper)); + } +-EXPORT_SYMBOL(nfct_helper_alloc); + + /** + * nfct_helper_free - release one helper object + * \param nfct_helper pointer to the helper object + */ +-void nfct_helper_free(struct nfct_helper *h) ++void __EXPORTED nfct_helper_free(struct nfct_helper *h) + { + int i; + +@@ -119,7 +118,6 @@ void nfct_helper_free(struct nfct_helper + free(h->expect_policy[i]); + } + } +-EXPORT_SYMBOL(nfct_helper_free); + + /** + * nfct_helper_policy_alloc - allocate a new helper policy object +@@ -127,21 +125,19 @@ EXPORT_SYMBOL(nfct_helper_free); + * In case of success, this function returns a valid pointer, otherwise NULL + * s returned and errno is appropriately set. + */ +-struct nfct_helper_policy *nfct_helper_policy_alloc(void) ++struct nfct_helper_policy __EXPORTED *nfct_helper_policy_alloc(void) + { + return calloc(1, sizeof(struct nfct_helper_policy)); + } +-EXPORT_SYMBOL(nfct_helper_policy_alloc); + + /** + * nfct_helper_free - release one helper policy object + * \param nfct_helper pointer to the helper object + */ +-void nfct_helper_policy_free(struct nfct_helper_policy *p) ++void __EXPORTED nfct_helper_policy_free(struct nfct_helper_policy *p) + { + free(p); + } +-EXPORT_SYMBOL(nfct_helper_policy_free); + + /** + * nfct_helper_policy_attr_set - set one attribute of the helper object +@@ -149,7 +145,7 @@ EXPORT_SYMBOL(nfct_helper_policy_free); + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-void ++void __EXPORTED + nfct_helper_policy_attr_set(struct nfct_helper_policy *p, + enum nfct_helper_policy_attr_type type, + const void *data) +@@ -170,7 +166,6 @@ nfct_helper_policy_attr_set(struct nfct_ + break; + } + } +-EXPORT_SYMBOL(nfct_helper_policy_attr_set); + + /** + * nfct_helper_attr_set_str - set one attribute the helper object +@@ -178,23 +173,21 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_se + * \param type attribute type you want to set + * \param name string that will be used to set this attribute + */ +-void ++void __EXPORTED + nfct_helper_policy_attr_set_str(struct nfct_helper_policy *p, + enum nfct_helper_policy_attr_type type, + const char *name) + { + nfct_helper_policy_attr_set(p, type, name); + } +-EXPORT_SYMBOL(nfct_helper_policy_attr_set_str); + +-void ++void __EXPORTED + nfct_helper_policy_attr_set_u32(struct nfct_helper_policy *p, + enum nfct_helper_policy_attr_type type, + uint32_t value) + { + nfct_helper_policy_attr_set(p, type, &value); + } +-EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32); + + /** + * nfct_helper_attr_set - set one attribute of the helper object +@@ -202,7 +195,7 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_se + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-void ++void __EXPORTED + nfct_helper_attr_set(struct nfct_helper *h, + enum nfct_helper_attr_type type, const void *data) + { +@@ -250,7 +243,6 @@ nfct_helper_attr_set(struct nfct_helper + break; + } + } +-EXPORT_SYMBOL(nfct_helper_attr_set); + + /** + * nfct_helper_attr_set_str - set one attribute the helper object +@@ -258,44 +250,40 @@ EXPORT_SYMBOL(nfct_helper_attr_set); + * \param type attribute type you want to set + * \param name string that will be used to set this attribute + */ +-void ++void __EXPORTED + nfct_helper_attr_set_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, + const char *name) + { + nfct_helper_attr_set(nfct_helper, type, name); + } +-EXPORT_SYMBOL(nfct_helper_attr_set_str); + +-void ++void __EXPORTED + nfct_helper_attr_set_u8(struct nfct_helper *nfct_helper, + enum nfct_helper_attr_type type, uint8_t value) + { + nfct_helper_attr_set(nfct_helper, type, &value); + } +-EXPORT_SYMBOL(nfct_helper_attr_set_u8); + +-void ++void __EXPORTED + nfct_helper_attr_set_u16(struct nfct_helper *nfct_helper, + enum nfct_helper_attr_type type, uint16_t value) + { + nfct_helper_attr_set(nfct_helper, type, &value); + } +-EXPORT_SYMBOL(nfct_helper_attr_set_u16); + +-void ++void __EXPORTED + nfct_helper_attr_set_u32(struct nfct_helper *nfct_helper, + enum nfct_helper_attr_type type, uint32_t value) + { + nfct_helper_attr_set(nfct_helper, type, &value); + } +-EXPORT_SYMBOL(nfct_helper_attr_set_u32); + + /** + * nfct_helper_attr_unset - unset one attribute the helper object + * \param nfct_helper pointer to the helper object + * \param type attribute type you want to set + */ +-void ++void __EXPORTED + nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type) + { + switch(type) { +@@ -307,7 +295,6 @@ nfct_helper_attr_unset(struct nfct_helpe + break; + } + } +-EXPORT_SYMBOL(nfct_helper_attr_unset); + + /** + * nfct_helper_attr_get - get one attribute the helper object +@@ -317,8 +304,9 @@ EXPORT_SYMBOL(nfct_helper_attr_unset); + * This function returns a valid pointer to the attribute data. If a + * unsupported attribute is used, this returns NULL. + */ +-const void *nfct_helper_attr_get(struct nfct_helper *helper, +- enum nfct_helper_attr_type type) ++const void __EXPORTED * ++nfct_helper_attr_get(struct nfct_helper *helper, ++ enum nfct_helper_attr_type type) + { + const void *ret = NULL; + +@@ -358,7 +346,6 @@ const void *nfct_helper_attr_get(struct + } + return ret; + } +-EXPORT_SYMBOL(nfct_helper_attr_get); + + /** + * nfct_helper_attr_get_str - get one attribute the helper object +@@ -368,13 +355,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get); + * This function returns a valid pointer to the beginning of the string. + * If the attribute is unsupported, this returns NULL. + */ +-const char * ++const char __EXPORTED * + nfct_helper_attr_get_str(struct nfct_helper *nfct_helper, + enum nfct_helper_attr_type type) + { + return (const char *)nfct_helper_attr_get(nfct_helper, type); + } +-EXPORT_SYMBOL(nfct_helper_attr_get_str); + + /** + * nfct_helper_attr_get_u8 - get one attribute the helper object +@@ -384,12 +370,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_str); + * This function returns a unsigned 8-bits integer. If the attribute is + * unsupported, this returns NULL. + */ +-uint8_t nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper, +- enum nfct_helper_attr_type type) ++uint8_t __EXPORTED ++nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper, ++ enum nfct_helper_attr_type type) + { + return *((uint8_t *)nfct_helper_attr_get(nfct_helper, type)); + } +-EXPORT_SYMBOL(nfct_helper_attr_get_u8); + + /** + * nfct_helper_attr_get_u16 - get one attribute the helper object +@@ -399,12 +385,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u8); + * This function returns a unsigned 16-bits integer. If the attribute is + * unsupported, this returns NULL. + */ +-uint16_t nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper, +- enum nfct_helper_attr_type type) ++uint16_t __EXPORTED ++nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper, ++ enum nfct_helper_attr_type type) + { + return *((uint16_t *)nfct_helper_attr_get(nfct_helper, type)); + } +-EXPORT_SYMBOL(nfct_helper_attr_get_u16); + + /** + * nfct_helper_attr_get_u32 - get one attribute the helper object +@@ -414,12 +400,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u16); + * This function returns a unsigned 32-bits integer. If the attribute is + * unsupported, this returns NULL. + */ +-uint32_t nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper, +- enum nfct_helper_attr_type type) ++uint32_t __EXPORTED ++nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper, ++ enum nfct_helper_attr_type type) + { + return *((uint32_t *)nfct_helper_attr_get(nfct_helper, type)); + } +-EXPORT_SYMBOL(nfct_helper_attr_get_u32); + + /** + * nfct_helper_snprintf - print helper object into one buffer +@@ -431,9 +417,10 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u32); + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int nfct_helper_snprintf(char *buf, size_t size, +- struct nfct_helper *helper, +- unsigned int type, unsigned int flags) ++int __EXPORTED ++nfct_helper_snprintf(char *buf, size_t size, ++ struct nfct_helper *helper, ++ unsigned int type, unsigned int flags) + { + int ret; + +@@ -454,7 +441,6 @@ int nfct_helper_snprintf(char *buf, size + + return ret; + } +-EXPORT_SYMBOL(nfct_helper_snprintf); + + /** + * @} +@@ -490,7 +476,7 @@ EXPORT_SYMBOL(nfct_helper_snprintf); + * - Command NFNL_MSG_ACCT_DEL, to delete one specific nfct_helper object (if + * unused, otherwise you hit EBUSY). + */ +-struct nlmsghdr * ++struct nlmsghdr __EXPORTED * + nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd, + uint16_t flags, uint32_t seq) + { +@@ -509,7 +495,6 @@ nfct_helper_nlmsg_build_hdr(char *buf, u + + return nlh; + } +-EXPORT_SYMBOL(nfct_helper_nlmsg_build_hdr); + + static void + nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh, +@@ -530,7 +515,7 @@ nfct_helper_nlmsg_build_policy(struct nl + * \param nlh: netlink message that you want to use to add the payload. + * \param nfct_helper: pointer to a helper object + */ +-void ++void __EXPORTED + nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h) + { + struct nlattr *nest; +@@ -593,7 +578,6 @@ nfct_helper_nlmsg_build_payload(struct n + if (h->bitset & (1 << NFCTH_ATTR_STATUS)) + mnl_attr_put_u32(nlh, NFCTH_STATUS, ntohl(h->status)); + } +-EXPORT_SYMBOL(nfct_helper_nlmsg_build_payload); + + static int + nfct_helper_nlmsg_parse_tuple_cb(const struct nlattr *attr, void *data) +@@ -795,7 +779,7 @@ nfct_helper_nlmsg_parse_attr_cb(const st + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int ++int __EXPORTED + nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh, + struct nfct_helper *h) + { +@@ -832,7 +816,6 @@ nfct_helper_nlmsg_parse_payload(const st + } + return 0; + } +-EXPORT_SYMBOL(nfct_helper_nlmsg_parse_payload); + + /** + * @} diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch new file mode 100644 index 00000000..2c606c83 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch @@ -0,0 +1,264 @@ +From d0c4e39d12f903e06db262656cff2e24d267bed7 Mon Sep 17 00:00:00 2001 +From: Kevin Cernekee <cernekee@chromium.org> +Date: Wed, 4 Jan 2017 14:30:25 -0800 +Subject: Use __EXPORTED rather than EXPORT_SYMBOL + +clang is sensitive to the ordering of +__attribute__((visibility("default"))) relative to the function +body. gcc is not. So if we try to re-declare an existing function +with default visibility, clang prints a warning and generates +a broken .so file in which nfct_timeout_* are not exported to library +callers. + +Move the attribute up into the function definition to make clang happy. + +Signed-off-by: Kevin Cernekee <cernekee@chromium.org> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + doxygen.cfg.in | 2 +- + src/internal.h | 5 ++--- + src/libnetfilter_cttimeout.c | 44 +++++++++++++++++--------------------------- + 3 files changed, 20 insertions(+), 31 deletions(-) + +diff --git a/doxygen.cfg.in b/doxygen.cfg.in +index 8e5d449..09c3ce0 100644 +--- a/doxygen.cfg.in ++++ b/doxygen.cfg.in +@@ -72,7 +72,7 @@ RECURSIVE = YES + EXCLUDE = + EXCLUDE_SYMLINKS = NO + EXCLUDE_PATTERNS = */.git/* .*.d +-EXCLUDE_SYMBOLS = EXPORT_SYMBOL nfct_timeout _container_policy_cb ++EXCLUDE_SYMBOLS = nfct_timeout _container_policy_cb + EXAMPLE_PATH = + EXAMPLE_PATTERNS = + EXAMPLE_RECURSIVE = NO +diff --git a/src/internal.h b/src/internal.h +index 3a88d1a..5d78171 100644 +--- a/src/internal.h ++++ b/src/internal.h +@@ -3,10 +3,9 @@ + + #include "config.h" + #ifdef HAVE_VISIBILITY_HIDDEN +-# define __visible __attribute__((visibility("default"))) +-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible ++# define __EXPORTED __attribute__((visibility("default"))) + #else +-# define EXPORT_SYMBOL ++# define __EXPORTED + #endif + + #endif +diff --git a/src/libnetfilter_cttimeout.c b/src/libnetfilter_cttimeout.c +index 7844a1f..a0a7185 100644 +--- a/src/libnetfilter_cttimeout.c ++++ b/src/libnetfilter_cttimeout.c +@@ -187,7 +187,7 @@ struct nfct_timeout { + * In case of success, this function returns a valid pointer, otherwise NULL + * s returned and errno is appropriately set. + */ +-struct nfct_timeout *nfct_timeout_alloc(void) ++struct nfct_timeout __EXPORTED *nfct_timeout_alloc(void) + { + struct nfct_timeout *t; + +@@ -197,19 +197,17 @@ struct nfct_timeout *nfct_timeout_alloc(void) + + return t; + } +-EXPORT_SYMBOL(nfct_timeout_alloc); + + /** + * nfct_timeout_free - release one conntrack timeout object + * \param t pointer to the conntrack timeout object + */ +-void nfct_timeout_free(struct nfct_timeout *t) ++void __EXPORTED nfct_timeout_free(struct nfct_timeout *t) + { + if (t->timeout) + free(t->timeout); + free(t); + } +-EXPORT_SYMBOL(nfct_timeout_free); + + /** + * nfct_timeout_attr_set - set one attribute of the conntrack timeout object +@@ -217,7 +215,7 @@ EXPORT_SYMBOL(nfct_timeout_free); + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-int ++int __EXPORTED + nfct_timeout_attr_set(struct nfct_timeout *t, uint32_t type, const void *data) + { + switch(type) { +@@ -236,7 +234,6 @@ nfct_timeout_attr_set(struct nfct_timeout *t, uint32_t type, const void *data) + t->attrset |= (1 << type); + return 0; + } +-EXPORT_SYMBOL(nfct_timeout_attr_set); + + /** + * nfct_timeout_attr_set_u8 - set one attribute of the conntrack timeout object +@@ -244,12 +241,11 @@ EXPORT_SYMBOL(nfct_timeout_attr_set); + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-int ++int __EXPORTED + nfct_timeout_attr_set_u8(struct nfct_timeout *t, uint32_t type, uint8_t data) + { + return nfct_timeout_attr_set(t, type, &data); + } +-EXPORT_SYMBOL(nfct_timeout_attr_set_u8); + + /** + * nfct_timeout_attr_set_u16 - set one attribute of the conntrack timeout object +@@ -257,23 +253,21 @@ EXPORT_SYMBOL(nfct_timeout_attr_set_u8); + * \param type attribute type you want to set + * \param data pointer to data that will be used to set this attribute + */ +-int ++int __EXPORTED + nfct_timeout_attr_set_u16(struct nfct_timeout *t, uint32_t type, uint16_t data) + { + return nfct_timeout_attr_set(t, type, &data); + } +-EXPORT_SYMBOL(nfct_timeout_attr_set_u16); + + /** + * nfct_timeout_attr_unset - unset one attribute of the conntrack timeout object + * \param t pointer to the conntrack timeout object + * \param type attribute type you want to set + */ +-void nfct_timeout_attr_unset(struct nfct_timeout *t, uint32_t type) ++void __EXPORTED nfct_timeout_attr_unset(struct nfct_timeout *t, uint32_t type) + { + t->attrset &= ~(1 << type); + } +-EXPORT_SYMBOL(nfct_timeout_attr_unset); + + /** + * nfct_timeout_policy_attr_set_u32 - set one attribute of the policy +@@ -281,7 +275,7 @@ EXPORT_SYMBOL(nfct_timeout_attr_unset); + * \param type attribute type you want to set + * \param data data that will be used to set this attribute + */ +-int ++int __EXPORTED + nfct_timeout_policy_attr_set_u32(struct nfct_timeout *t, + uint32_t type, uint32_t data) + { +@@ -319,18 +313,17 @@ nfct_timeout_policy_attr_set_u32(struct nfct_timeout *t, + + return 0; + } +-EXPORT_SYMBOL(nfct_timeout_policy_attr_set_u32); + + /** + * nfct_timeout_policy_attr_unset - unset one attribute of the policy + * \param t pointer to the conntrack timeout object + * \param type attribute type you want to set + */ +-void nfct_timeout_policy_attr_unset(struct nfct_timeout *t, uint32_t type) ++void __EXPORTED ++nfct_timeout_policy_attr_unset(struct nfct_timeout *t, uint32_t type) + { + t->attrset &= ~(1 << type); + } +-EXPORT_SYMBOL(nfct_timeout_policy_attr_unset); + + /** + * nfct_timeout_policy_attr_to_name - get state name from protocol state number +@@ -340,7 +333,8 @@ EXPORT_SYMBOL(nfct_timeout_policy_attr_unset); + * This function returns NULL if unsupported protocol or state number is passed. + * Otherwise, a pointer to valid string is returned. + */ +-const char *nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) ++const char __EXPORTED * ++nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) + { + if (timeout_protocol[l4proto].state_to_name == NULL) { + printf("no array state name\n"); +@@ -354,7 +348,6 @@ const char *nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) + + return timeout_protocol[l4proto].state_to_name[state]; + } +-EXPORT_SYMBOL(nfct_timeout_policy_attr_to_name); + + /** + * @} +@@ -438,8 +431,9 @@ nfct_timeout_snprintf_default(char *buf, size_t size, + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, +- unsigned int type, unsigned int flags) ++int __EXPORTED ++nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, ++ unsigned int type, unsigned int flags) + { + int ret = 0; + +@@ -454,7 +448,6 @@ int nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, + + return ret; + } +-EXPORT_SYMBOL(nfct_timeout_snprintf); + + /** + * @} +@@ -477,7 +470,7 @@ EXPORT_SYMBOL(nfct_timeout_snprintf); + * - CTNL_MSG_TIMEOUT_GET: get conntrack timeout object. + * - CTNL_MSG_TIMEOUT_DEL: delete conntrack timeout object. + */ +-struct nlmsghdr * ++struct nlmsghdr __EXPORTED * + nfct_timeout_nlmsg_build_hdr(char *buf, uint8_t cmd, + uint16_t flags, uint32_t seq) + { +@@ -496,14 +489,13 @@ nfct_timeout_nlmsg_build_hdr(char *buf, uint8_t cmd, + + return nlh; + } +-EXPORT_SYMBOL(nfct_timeout_nlmsg_build_hdr); + + /** + * nfct_timeout_nlmsg_build_payload - build payload from ct timeout object + * \param nlh: netlink message that you want to use to add the payload. + * \param t: pointer to a conntrack timeout object + */ +-void ++void __EXPORTED + nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh, + const struct nfct_timeout *t) + { +@@ -532,7 +524,6 @@ nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh, + } + + } +-EXPORT_SYMBOL(nfct_timeout_nlmsg_build_payload); + + static int + timeout_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data) +@@ -629,7 +620,7 @@ timeout_parse_attr_data(struct nfct_timeout *t, const struct nlattr *nest) + * This function returns -1 in case that some mandatory attributes are + * missing. On sucess, it returns 0. + */ +-int ++int __EXPORTED + nfct_timeout_nlmsg_parse_payload(const struct nlmsghdr *nlh, + struct nfct_timeout *t) + { +@@ -654,7 +645,6 @@ nfct_timeout_nlmsg_parse_payload(const struct nlmsghdr *nlh, + } + return 0; + } +-EXPORT_SYMBOL(nfct_timeout_nlmsg_parse_payload); + + /** + * @} +-- +cgit v1.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb new file mode 100644 index 00000000..974035cc --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb @@ -0,0 +1,17 @@ +SUMMARY = "libnetfilter_acct accounting infrastructure." +DESCRIPTION = "libnetfilter_acct is the userspace library providing interface to extended accounting infrastructure." +HOMEPAGE = "http://netfilter.org/projects/libnetfilter_acct/index.html" +SECTION = "libs" +LICENSE = "LGPL-2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" +DEPENDS = "libnfnetlink libmnl" + +SRC_URI = "http://ftp.netfilter.org/pub/libnetfilter_acct/libnetfilter_acct-1.0.3.tar.bz2 \ + file://0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch \ +" +SRC_URI[md5sum] = "814b2972b2f5c740ff87510bc109168b" +SRC_URI[sha256sum] = "4250ceef3efe2034f4ac05906c3ee427db31b9b0a2df41b2744f4bf79a959a1a" + +S = "${WORKDIR}/libnetfilter_acct-${PV}" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.6.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.6.bb new file mode 100644 index 00000000..e4e186bd --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.6.bb @@ -0,0 +1,16 @@ +SUMMARY = "Netfilter connection tracking library" +DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter connection tracking state table" +HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_conntrack/index.html" +SECTION = "libs" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libnfnetlink libmnl" + +SRC_URI = "http://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2;name=tar \ +" +SRC_URI[tar.md5sum] = "7139c5f408dd9606ffecfd5dcda8175b" +SRC_URI[tar.sha256sum] = "efcc08021284e75f4d96d3581c5155a11f08fd63316b1938cbcb269c87f37feb" + +S = "${WORKDIR}/libnetfilter_conntrack-${PV}" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb new file mode 100644 index 00000000..92cb23d6 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb @@ -0,0 +1,17 @@ +SUMMARY = "Netfilter connection tracking helper library" +DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter user-space helper infrastructure" +HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_cthelper/index.html" +SECTION = "libs" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libmnl" + +SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-${PV}.tar.bz2;name=tar \ + file://libnetfilter-cthelper-visibility-hidden.patch \ +" +SRC_URI[tar.md5sum] = "b2efab1a3a198a5add448960ba011acd" +SRC_URI[tar.sha256sum] = "07618e71c4d9a6b6b3dc1986540486ee310a9838ba754926c7d14a17d8fccf3d" + +S = "${WORKDIR}/libnetfilter_cthelper-${PV}" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb new file mode 100644 index 00000000..ff32f340 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb @@ -0,0 +1,16 @@ +SUMMARY = "Netfilter connection tracking timeout library" +DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter fine-grain connection tracking timeout infrastructure" +SECTION = "libs" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libmnl" + +SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cttimeout/files/libnetfilter_cttimeout-${PV}.tar.bz2;name=tar \ + file://libnetfilter-cttimeout-visibility-hidden.patch \ +" +SRC_URI[tar.md5sum] = "7697437fc9ebb6f6b83df56a633db7f9" +SRC_URI[tar.sha256sum] = "aeab12754f557cba3ce2950a2029963d817490df7edb49880008b34d7ff8feba" + +S = "${WORKDIR}/libnetfilter_cttimeout-${PV}" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb new file mode 100644 index 00000000..2f627d45 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.1.bb @@ -0,0 +1,15 @@ +SUMMARY = "Netfilter logging library" +DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter log message (NFLOG)" +HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_log/index.html" +SECTION = "libs" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libnfnetlink libmnl" +SRCREV = "ba196a97e810746e5660fe3f57c87c0ed0f2b324" +PV .= "+git${SRCPV}" + +SRC_URI = "git://git.netfilter.org/libnetfilter_log" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb new file mode 100644 index 00000000..754e11d9 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb @@ -0,0 +1,19 @@ +SUMMARY = "Netfilter packet queue access library" +DESCRIPTION = "Userspace library providing a programming interface (API) to access the Linux kernel netfilter packet queue" +HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_queue/index.html" +SECTION = "libs" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libnfnetlink libmnl" + +PV .= "+git${SRCREV}" +SRCREV = "981025e103d887fb6a9c9bb49c74ec323108d098" + +SRC_URI = "git://git.netfilter.org/libnetfilter_queue \ + file://0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch \ + file://0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch \ + " + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch new file mode 100644 index 00000000..00d95cd7 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch @@ -0,0 +1,28 @@ +From 2e5f2b81fb8cbe0d1cd33e58caa19ac308e1f847 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt <jengelh@inai.de> +Date: Tue, 9 Oct 2012 15:59:48 +0200 +Subject: [PATCH 1/6] build: resolve automake-1.12 warnings + +am/ltlibrary.am: warning: 'libnfnetlink.la': linking libtool libraries +using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac' + +Signed-off-by: Jan Engelhardt <jengelh@inai.de> +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configure.ac b/configure.ac +index ed549df..0926a1c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -7,6 +7,7 @@ AC_CANONICAL_HOST + + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects + tar-pax no-dist-gzip dist-bzip2 1.6]) ++m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) + + dnl kernel style compile messages + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch new file mode 100644 index 00000000..c2fb5e05 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch @@ -0,0 +1,49 @@ +From 5e6b6e23a8b04475c5a9de7eddb4c18103932fe5 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Wed, 7 Aug 2013 20:53:57 +0200 +Subject: [PATCH 2/6] src: get source code license header in sync with current + licensing terms + +Since (3956761 license: upgrade to GPLv2+), we upgraded to GPLv2+, +propagate that changes to src/iftable.c and src/rtnl.c + +Reported-by: Thomas Woerner <twoerner@redhat.com> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + src/iftable.c | 2 +- + src/rtnl.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iftable.c b/src/iftable.c +index 0325335..5976ed8 100644 +--- a/src/iftable.c ++++ b/src/iftable.c +@@ -3,7 +3,7 @@ + * (C) 2004 by Astaro AG, written by Harald Welte <hwelte@astaro.com> + * (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * +- * This software is Free Software and licensed under GNU GPLv2. ++ * This software is Free Software and licensed under GNU GPLv2+. + */ + + /* IFINDEX handling */ +diff --git a/src/rtnl.c b/src/rtnl.c +index 5ccb272..7b4ac7d 100644 +--- a/src/rtnl.c ++++ b/src/rtnl.c +@@ -1,10 +1,10 @@ + /* rtnl - rtnetlink utility functions + * + * (C) 2004 by Astaro AG, written by Harald Welte <hwelte@astaro.com> +- * ++ * + * Adapted to nfnetlink by Eric Leblond <eric@inl.fr> + * +- * This software is free software and licensed under GNU GPLv2. ++ * This software is free software and licensed under GNU GPLv2+. + * + */ + +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch new file mode 100644 index 00000000..6cb7ed6f --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch @@ -0,0 +1,27 @@ +From b259fe13826414c1bd5328a25c8d6d60e20e65f2 Mon Sep 17 00:00:00 2001 +From: Gustavo Zacarias <gustavo@zacarias.com.ar> +Date: Tue, 10 Sep 2013 16:23:29 -0300 +Subject: [PATCH 3/6] configure: uclinux is also linux + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 0926a1c..b979772 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -18,7 +18,7 @@ AC_DISABLE_STATIC + AM_PROG_LIBTOOL + + case "$host" in +-*-*-linux*) ;; ++*-*-linux* | *-*-uclinux*) ;; + *) AC_MSG_ERROR([Linux only, dude!]);; + esac + +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch new file mode 100644 index 00000000..cf3a8413 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch @@ -0,0 +1,39 @@ +From b142da8d2c9e2e2dfbe4e89e680dd124f6064ac8 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Mon, 3 Feb 2014 12:09:29 +0100 +Subject: [PATCH 4/6] libnfnetlink: initialize attribute padding to resolve + valgrind warnings + +==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) +==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81) +==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391) +==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569) +==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143) +==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413) +==12195== by 0x400CB1: main (nfulnl_test.c:77) +==12195== Address 0x7fefff3e9 is on thread 1's stack + +This patch sets to zero the padding that is included to align the +attribute payload. + +Reported-by: Ivan Homoliak <xhomol11@gmail.com> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + src/libnfnetlink.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c +index 4b2bcd0..398b7d7 100644 +--- a/src/libnfnetlink.c ++++ b/src/libnfnetlink.c +@@ -809,6 +809,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, + nfa->nfa_type = type; + nfa->nfa_len = len; + memcpy(NFA_DATA(nfa), data, alen); ++ memset((uint8_t *)nfa + nfa->nfa_len, 0, NFA_ALIGN(alen) - alen); + n->nlmsg_len = (NLMSG_ALIGN(n->nlmsg_len) + NFA_ALIGN(len)); + return 0; + } +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch new file mode 100644 index 00000000..383f0e8b --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch @@ -0,0 +1,110 @@ +From b10c90a61a5fc46f2be5aeecb9c96e84178f7717 Mon Sep 17 00:00:00 2001 +From: Felix Janda <felix.janda@posteo.de> +Date: Sat, 16 May 2015 14:49:07 +0200 +Subject: [PATCH 5/6] include: Sync with kernel headers + +Signed-off-by: Felix Janda <felix.janda@posteo.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + include/libnfnetlink/linux_nfnetlink.h | 44 ++++----------------------- + include/libnfnetlink/linux_nfnetlink_compat.h | 12 ++++---- + 2 files changed, 12 insertions(+), 44 deletions(-) + +diff --git a/include/libnfnetlink/linux_nfnetlink.h b/include/libnfnetlink/linux_nfnetlink.h +index 76a8550..44a38d6 100644 +--- a/include/libnfnetlink/linux_nfnetlink.h ++++ b/include/libnfnetlink/linux_nfnetlink.h +@@ -25,9 +25,9 @@ enum nfnetlink_groups { + /* General form of address family dependent message. + */ + struct nfgenmsg { +- u_int8_t nfgen_family; /* AF_xxx */ +- u_int8_t version; /* nfnetlink version */ +- u_int16_t res_id; /* resource id */ ++ __u8 nfgen_family; /* AF_xxx */ ++ __u8 version; /* nfnetlink version */ ++ __be16 res_id; /* resource id */ + }; + + #define NFNETLINK_V0 0 +@@ -46,40 +46,8 @@ struct nfgenmsg { + #define NFNL_SUBSYS_CTNETLINK_EXP 2 + #define NFNL_SUBSYS_QUEUE 3 + #define NFNL_SUBSYS_ULOG 4 +-#define NFNL_SUBSYS_COUNT 5 ++#define NFNL_SUBSYS_OSF 5 ++#define NFNL_SUBSYS_IPSET 6 ++#define NFNL_SUBSYS_COUNT 7 + +-#ifdef __KERNEL__ +- +-#include <linux/netlink.h> +-#include <linux/capability.h> +-#include <net/netlink.h> +- +-struct nfnl_callback +-{ +- int (*call)(struct sock *nl, struct sk_buff *skb, +- struct nlmsghdr *nlh, struct nlattr *cda[]); +- const struct nla_policy *policy; /* netlink attribute policy */ +- const u_int16_t attr_count; /* number of nlattr's */ +-}; +- +-struct nfnetlink_subsystem +-{ +- const char *name; +- __u8 subsys_id; /* nfnetlink subsystem ID */ +- __u8 cb_count; /* number of callbacks */ +- const struct nfnl_callback *cb; /* callback for individual types */ +-}; +- +-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); +-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); +- +-extern int nfnetlink_has_listeners(unsigned int group); +-extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, +- int echo); +-extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags); +- +-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ +- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) +- +-#endif /* __KERNEL__ */ + #endif /* _NFNETLINK_H */ +diff --git a/include/libnfnetlink/linux_nfnetlink_compat.h b/include/libnfnetlink/linux_nfnetlink_compat.h +index e145176..74b9e55 100644 +--- a/include/libnfnetlink/linux_nfnetlink_compat.h ++++ b/include/libnfnetlink/linux_nfnetlink_compat.h +@@ -1,6 +1,8 @@ + #ifndef _NFNETLINK_COMPAT_H + #define _NFNETLINK_COMPAT_H +-#ifndef __KERNEL__ ++ ++#include <linux/types.h> ++ + /* Old nfnetlink macros for userspace */ + + /* nfnetlink groups: Up to 32 maximum */ +@@ -18,10 +20,9 @@ + * ! nfnetlink use the same attributes methods. - J. Schulist. + */ + +-struct nfattr +-{ +- u_int16_t nfa_len; +- u_int16_t nfa_type; /* we use 15 bits for the type, and the highest ++struct nfattr { ++ __u16 nfa_len; ++ __u16 nfa_type; /* we use 15 bits for the type, and the highest + * bit to indicate whether the payload is nested */ + }; + +@@ -57,5 +58,4 @@ struct nfattr + + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) + #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) + +-#endif /* ! __KERNEL__ */ + #endif /* _NFNETLINK_COMPAT_H */ +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch new file mode 100644 index 00000000..72c9987d --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch @@ -0,0 +1,403 @@ +From 5cb589e246c91331ee6b3926b15f5e6cfc8ad95e Mon Sep 17 00:00:00 2001 +From: Felix Janda <felix.janda@posteo.de> +Date: Sat, 16 May 2015 14:59:57 +0200 +Subject: [PATCH 6/6] src: Use stdint types everywhere + +Signed-off-by: Felix Janda <felix.janda@posteo.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + include/libnfnetlink/libnfnetlink.h | 25 ++++++------- + src/iftable.c | 8 ++--- + src/iftable.h | 4 +-- + src/libnfnetlink.c | 72 ++++++++++++++++++------------------- + src/rtnl.c | 4 +-- + src/rtnl.h | 2 +- + 6 files changed, 58 insertions(+), 57 deletions(-) + +diff --git a/include/libnfnetlink/libnfnetlink.h b/include/libnfnetlink/libnfnetlink.h +index 1d8c49d..cd0be3d 100644 +--- a/include/libnfnetlink/libnfnetlink.h ++++ b/include/libnfnetlink/libnfnetlink.h +@@ -15,6 +15,7 @@ + #define aligned_u64 unsigned long long __attribute__((aligned(8))) + #endif + ++#include <stdint.h> + #include <sys/socket.h> /* for sa_family_t */ + #include <linux/netlink.h> + #include <libnfnetlink/linux_nfnetlink.h> +@@ -55,7 +56,7 @@ struct nfnlhdr { + struct nfnl_callback { + int (*call)(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); + void *data; +- u_int16_t attr_count; ++ uint16_t attr_count; + }; + + struct nfnl_handle; +@@ -69,7 +70,7 @@ extern struct nfnl_handle *nfnl_open(void); + extern int nfnl_close(struct nfnl_handle *); + + extern struct nfnl_subsys_handle *nfnl_subsys_open(struct nfnl_handle *, +- u_int8_t, u_int8_t, ++ uint8_t, uint8_t, + unsigned int); + extern void nfnl_subsys_close(struct nfnl_subsys_handle *); + +@@ -88,8 +89,8 @@ extern int nfnl_sendiov(const struct nfnl_handle *nfnlh, + const struct iovec *iov, unsigned int num, + unsigned int flags); + extern void nfnl_fill_hdr(struct nfnl_subsys_handle *, struct nlmsghdr *, +- unsigned int, u_int8_t, u_int16_t, u_int16_t, +- u_int16_t); ++ unsigned int, uint8_t, uint16_t, uint16_t, ++ uint16_t); + extern __attribute__((deprecated)) int + nfnl_talk(struct nfnl_handle *, struct nlmsghdr *, pid_t, + unsigned, struct nlmsghdr *, +@@ -103,8 +104,8 @@ nfnl_listen(struct nfnl_handle *, + /* receiving */ + extern ssize_t nfnl_recv(const struct nfnl_handle *h, unsigned char *buf, size_t len); + extern int nfnl_callback_register(struct nfnl_subsys_handle *, +- u_int8_t type, struct nfnl_callback *cb); +-extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, u_int8_t type); ++ uint8_t type, struct nfnl_callback *cb); ++extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, uint8_t type); + extern int nfnl_handle_packet(struct nfnl_handle *, char *buf, int len); + + /* parsing */ +@@ -180,12 +181,12 @@ extern int nfnl_query(struct nfnl_handle *h, struct nlmsghdr *nlh); + + /* nfnl attribute handling functions */ + extern int nfnl_addattr_l(struct nlmsghdr *, int, int, const void *, int); +-extern int nfnl_addattr8(struct nlmsghdr *, int, int, u_int8_t); +-extern int nfnl_addattr16(struct nlmsghdr *, int, int, u_int16_t); +-extern int nfnl_addattr32(struct nlmsghdr *, int, int, u_int32_t); ++extern int nfnl_addattr8(struct nlmsghdr *, int, int, uint8_t); ++extern int nfnl_addattr16(struct nlmsghdr *, int, int, uint16_t); ++extern int nfnl_addattr32(struct nlmsghdr *, int, int, uint32_t); + extern int nfnl_nfa_addattr_l(struct nfattr *, int, int, const void *, int); +-extern int nfnl_nfa_addattr16(struct nfattr *, int, int, u_int16_t); +-extern int nfnl_nfa_addattr32(struct nfattr *, int, int, u_int32_t); ++extern int nfnl_nfa_addattr16(struct nfattr *, int, int, uint16_t); ++extern int nfnl_nfa_addattr32(struct nfattr *, int, int, uint32_t); + extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); + #define nfnl_parse_nested(tb, max, nfa) \ + nfnl_parse_attr((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa))) +@@ -197,7 +198,7 @@ extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); + ({ (tail)->nfa_len = (void *) NLMSG_TAIL(nlh) - (void *) tail; }) + + extern void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, +- u_int16_t type, u_int32_t len, ++ uint16_t type, uint32_t len, + unsigned char *val); + extern unsigned int nfnl_rcvbufsiz(const struct nfnl_handle *h, + unsigned int size); +diff --git a/src/iftable.c b/src/iftable.c +index 5976ed8..157f97b 100644 +--- a/src/iftable.c ++++ b/src/iftable.c +@@ -27,10 +27,10 @@ + struct ifindex_node { + struct list_head head; + +- u_int32_t index; +- u_int32_t type; +- u_int32_t alen; +- u_int32_t flags; ++ uint32_t index; ++ uint32_t type; ++ uint32_t alen; ++ uint32_t flags; + char addr[8]; + char name[16]; + }; +diff --git a/src/iftable.h b/src/iftable.h +index 8df7f24..655df6b 100644 +--- a/src/iftable.h ++++ b/src/iftable.h +@@ -1,8 +1,8 @@ + #ifndef _IFTABLE_H + #define _IFTABLE_H + +-int iftable_delete(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); +-int iftable_insert(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); ++int iftable_delete(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); ++int iftable_insert(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); + + int iftable_init(void); + void iftable_fini(void); +diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c +index 398b7d7..df57533 100644 +--- a/src/libnfnetlink.c ++++ b/src/libnfnetlink.c +@@ -72,9 +72,9 @@ + + struct nfnl_subsys_handle { + struct nfnl_handle *nfnlh; +- u_int32_t subscriptions; +- u_int8_t subsys_id; +- u_int8_t cb_count; ++ uint32_t subscriptions; ++ uint8_t subsys_id; ++ uint8_t cb_count; + struct nfnl_callback *cb; /* array of callbacks */ + }; + +@@ -86,11 +86,11 @@ struct nfnl_handle { + int fd; + struct sockaddr_nl local; + struct sockaddr_nl peer; +- u_int32_t subscriptions; +- u_int32_t seq; +- u_int32_t dump; +- u_int32_t rcv_buffer_size; /* for nfnl_catch */ +- u_int32_t flags; ++ uint32_t subscriptions; ++ uint32_t seq; ++ uint32_t dump; ++ uint32_t rcv_buffer_size; /* for nfnl_catch */ ++ uint32_t flags; + struct nlmsghdr *last_nlhdr; + struct nfnl_subsys_handle subsys[NFNL_MAX_SUBSYS+1]; + }; +@@ -145,7 +145,7 @@ unsigned int nfnl_portid(const struct nfnl_handle *h) + static int recalc_rebind_subscriptions(struct nfnl_handle *nfnlh) + { + int i, err; +- u_int32_t new_subscriptions = nfnlh->subscriptions; ++ uint32_t new_subscriptions = nfnlh->subscriptions; + + for (i = 0; i < NFNL_MAX_SUBSYS; i++) + new_subscriptions |= nfnlh->subsys[i].subscriptions; +@@ -273,8 +273,8 @@ void nfnl_set_rcv_buffer_size(struct nfnl_handle *h, unsigned int size) + * a valid address that points to a nfnl_subsys_handle structure is returned. + */ + struct nfnl_subsys_handle * +-nfnl_subsys_open(struct nfnl_handle *nfnlh, u_int8_t subsys_id, +- u_int8_t cb_count, u_int32_t subscriptions) ++nfnl_subsys_open(struct nfnl_handle *nfnlh, uint8_t subsys_id, ++ uint8_t cb_count, uint32_t subscriptions) + { + struct nfnl_subsys_handle *ssh; + +@@ -435,10 +435,10 @@ int nfnl_sendiov(const struct nfnl_handle *nfnlh, const struct iovec *iov, + */ + void nfnl_fill_hdr(struct nfnl_subsys_handle *ssh, + struct nlmsghdr *nlh, unsigned int len, +- u_int8_t family, +- u_int16_t res_id, +- u_int16_t msg_type, +- u_int16_t msg_flags) ++ uint8_t family, ++ uint16_t res_id, ++ uint16_t msg_type, ++ uint16_t msg_flags) + { + assert(ssh); + assert(nlh); +@@ -815,7 +815,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, + } + + /** +- * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr ++ * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr + * + * @nfa: struct nfattr + * @maxlen: maximal length of nfattr buffer +@@ -849,14 +849,14 @@ int nfnl_nfa_addattr_l(struct nfattr *nfa, int maxlen, int type, + } + + /** +- * nfnl_addattr8 - Add u_int8_t attribute to nlmsghdr ++ * nfnl_addattr8 - Add uint8_t attribute to nlmsghdr + * + * @n: netlink message header to which attribute is to be added + * @maxlen: maximum length of netlink message header + * @type: type of new attribute + * @data: content of new attribute + */ +-int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) ++int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, uint8_t data) + { + assert(n); + assert(maxlen > 0); +@@ -866,7 +866,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) + } + + /** +- * nfnl_nfa_addattr16 - Add u_int16_t attribute to struct nfattr ++ * nfnl_nfa_addattr16 - Add uint16_t attribute to struct nfattr + * + * @nfa: struct nfattr + * @maxlen: maximal length of nfattr buffer +@@ -875,7 +875,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) + * + */ + int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, +- u_int16_t data) ++ uint16_t data) + { + assert(nfa); + assert(maxlen > 0); +@@ -885,7 +885,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, + } + + /** +- * nfnl_addattr16 - Add u_int16_t attribute to nlmsghdr ++ * nfnl_addattr16 - Add uint16_t attribute to nlmsghdr + * + * @n: netlink message header to which attribute is to be added + * @maxlen: maximum length of netlink message header +@@ -894,7 +894,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, + * + */ + int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, +- u_int16_t data) ++ uint16_t data) + { + assert(n); + assert(maxlen > 0); +@@ -904,7 +904,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, + } + + /** +- * nfnl_nfa_addattr32 - Add u_int32_t attribute to struct nfattr ++ * nfnl_nfa_addattr32 - Add uint32_t attribute to struct nfattr + * + * @nfa: struct nfattr + * @maxlen: maximal length of nfattr buffer +@@ -913,7 +913,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, + * + */ + int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, +- u_int32_t data) ++ uint32_t data) + { + assert(nfa); + assert(maxlen > 0); +@@ -923,7 +923,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, + } + + /** +- * nfnl_addattr32 - Add u_int32_t attribute to nlmsghdr ++ * nfnl_addattr32 - Add uint32_t attribute to nlmsghdr + * + * @n: netlink message header to which attribute is to be added + * @maxlen: maximum length of netlink message header +@@ -932,7 +932,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, + * + */ + int nfnl_addattr32(struct nlmsghdr *n, int maxlen, int type, +- u_int32_t data) ++ uint32_t data) + { + assert(n); + assert(maxlen > 0); +@@ -980,7 +980,7 @@ int nfnl_parse_attr(struct nfattr *tb[], int max, struct nfattr *nfa, int len) + * + */ + void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, +- u_int16_t type, u_int32_t len, unsigned char *val) ++ uint16_t type, uint32_t len, unsigned char *val) + { + assert(iov); + assert(nfa); +@@ -1115,7 +1115,7 @@ struct nlmsghdr *nfnl_get_msg_next(struct nfnl_handle *h, + * appropiately. + */ + int nfnl_callback_register(struct nfnl_subsys_handle *ssh, +- u_int8_t type, struct nfnl_callback *cb) ++ uint8_t type, struct nfnl_callback *cb) + { + assert(ssh); + assert(cb); +@@ -1138,7 +1138,7 @@ int nfnl_callback_register(struct nfnl_subsys_handle *ssh, + * On sucess, 0 is returned. On error, -1 is returned and errno is + * set appropiately. + */ +-int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, u_int8_t type) ++int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, uint8_t type) + { + assert(ssh); + +@@ -1161,8 +1161,8 @@ int nfnl_check_attributes(const struct nfnl_handle *h, + assert(nfa); + + int min_len; +- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); +- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); ++ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); ++ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); + const struct nfnl_subsys_handle *ssh; + struct nfnl_callback *cb; + +@@ -1212,8 +1212,8 @@ static int __nfnl_handle_msg(struct nfnl_handle *h, struct nlmsghdr *nlh, + int len) + { + struct nfnl_subsys_handle *ssh; +- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); +- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); ++ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); ++ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); + int err = 0; + + if (subsys_id > NFNL_MAX_SUBSYS) +@@ -1243,7 +1243,7 @@ int nfnl_handle_packet(struct nfnl_handle *h, char *buf, int len) + { + + while (len >= NLMSG_SPACE(0)) { +- u_int32_t rlen; ++ uint32_t rlen; + struct nlmsghdr *nlh = (struct nlmsghdr *)buf; + + if (nlh->nlmsg_len < sizeof(struct nlmsghdr) +@@ -1285,8 +1285,8 @@ static int nfnl_is_error(struct nfnl_handle *h, struct nlmsghdr *nlh) + static int nfnl_step(struct nfnl_handle *h, struct nlmsghdr *nlh) + { + struct nfnl_subsys_handle *ssh; +- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); +- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); ++ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); ++ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); + + /* Is this an error message? */ + if (nfnl_is_error(h, nlh)) { +diff --git a/src/rtnl.c b/src/rtnl.c +index 7b4ac7d..284eecd 100644 +--- a/src/rtnl.c ++++ b/src/rtnl.c +@@ -30,7 +30,7 @@ + #define rtnl_log(x, ...) + + static inline struct rtnl_handler * +-find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) ++find_handler(struct rtnl_handle *rtnl_handle, uint16_t type) + { + struct rtnl_handler *h; + for (h = rtnl_handle->handlers; h; h = h->next) { +@@ -41,7 +41,7 @@ find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) + } + + static int call_handler(struct rtnl_handle *rtnl_handle, +- u_int16_t type, ++ uint16_t type, + struct nlmsghdr *hdr) + { + struct rtnl_handler *h = find_handler(rtnl_handle, type); +diff --git a/src/rtnl.h b/src/rtnl.h +index 0c403dc..2cb22a8 100644 +--- a/src/rtnl.h ++++ b/src/rtnl.h +@@ -7,7 +7,7 @@ + struct rtnl_handler { + struct rtnl_handler *next; + +- u_int16_t nlmsg_type; ++ uint16_t nlmsg_type; + int (*handlefn)(struct nlmsghdr *h, void *arg); + void *arg; + }; +-- +2.12.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb new file mode 100644 index 00000000..f7951ff8 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb @@ -0,0 +1,25 @@ +SUMMARY = "Low-level library for netfilter related kernel/userspace communication" +DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \ +kernel/userspace communication. It provides a generic messaging \ +infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \ +nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \ +management tools in userspace." +HOMEPAGE = "http://www.netfilter.org/projects/libnfnetlink/index.html" +SECTION = "libs" +LICENSE = "GPLv2+" + + +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +SRC_URI = "http://www.netfilter.org/projects/libnfnetlink/files/libnfnetlink-${PV}.tar.bz2;name=tar \ + file://0001-build-resolve-automake-1.12-warnings.patch \ + file://0002-src-get-source-code-license-header-in-sync-with-curr.patch \ + file://0003-configure-uclinux-is-also-linux.patch \ + file://0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch \ + file://0005-include-Sync-with-kernel-headers.patch \ + file://0006-src-Use-stdint-types-everywhere.patch \ + " +SRC_URI[tar.md5sum] = "98927583d2016a9fb1936fed992e2c5e" +SRC_URI[tar.sha256sum] = "f270e19de9127642d2a11589ef2ec97ef90a649a74f56cf9a96306b04817b51a" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch new file mode 100644 index 00000000..995fd59a --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch @@ -0,0 +1,289 @@ +From 21eb59fbd071ebffb8495232766824944fb521a0 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 7 Nov 2018 21:19:53 +0000 +Subject: [PATCH] Move exports before symbol definition + +Based on 7966020 ("src: Fix exporting symbols with clang"), when +EXPORT_SYMBOL is located after function definition, clang won't properly +export the function, resulting in a library with no symbols when built with +clang. + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + src/flowtable.c | 54 +++++++++++++++++++++++++++--------------------------- + 1 file changed, 27 insertions(+), 27 deletions(-) + +diff --git a/src/flowtable.c b/src/flowtable.c +index c1ddae4..d7434e3 100644 +--- a/src/flowtable.c ++++ b/src/flowtable.c +@@ -34,12 +34,13 @@ struct nftnl_flowtable { + uint32_t flags; + }; + ++EXPORT_SYMBOL(nftnl_flowtable_alloc); + struct nftnl_flowtable *nftnl_flowtable_alloc(void) + { + return calloc(1, sizeof(struct nftnl_flowtable)); + } +-EXPORT_SYMBOL(nftnl_flowtable_alloc); + ++EXPORT_SYMBOL(nftnl_flowtable_free); + void nftnl_flowtable_free(const struct nftnl_flowtable *c) + { + int i; +@@ -56,14 +57,14 @@ void nftnl_flowtable_free(const struct nftnl_flowtable *c) + } + xfree(c); + } +-EXPORT_SYMBOL(nftnl_flowtable_free); + ++EXPORT_SYMBOL(nftnl_flowtable_is_set); + bool nftnl_flowtable_is_set(const struct nftnl_flowtable *c, uint16_t attr) + { + return c->flags & (1 << attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_is_set); + ++EXPORT_SYMBOL(nftnl_flowtable_unset); + void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) + { + int i; +@@ -96,7 +97,6 @@ void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) + + c->flags &= ~(1 << attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_unset); + + static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = { + [NFTNL_FLOWTABLE_HOOKNUM] = sizeof(uint32_t), +@@ -105,6 +105,7 @@ static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = { + [NFTNL_FLOWTABLE_FLAGS] = sizeof(uint32_t), + }; + ++EXPORT_SYMBOL(nftnl_flowtable_set_data); + int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, + const void *data, uint32_t data_len) + { +@@ -170,32 +171,32 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, + c->flags |= (1 << attr); + return 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_set_data); + ++EXPORT_SYMBOL(nftnl_flowtable_set); + void nftnl_flowtable_set(struct nftnl_flowtable *c, uint16_t attr, const void *data) + { + nftnl_flowtable_set_data(c, attr, data, nftnl_flowtable_validate[attr]); + } +-EXPORT_SYMBOL(nftnl_flowtable_set); + ++EXPORT_SYMBOL(nftnl_flowtable_set_u32); + void nftnl_flowtable_set_u32(struct nftnl_flowtable *c, uint16_t attr, uint32_t data) + { + nftnl_flowtable_set_data(c, attr, &data, sizeof(uint32_t)); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_u32); + ++EXPORT_SYMBOL(nftnl_flowtable_set_s32); + void nftnl_flowtable_set_s32(struct nftnl_flowtable *c, uint16_t attr, int32_t data) + { + nftnl_flowtable_set_data(c, attr, &data, sizeof(int32_t)); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_s32); + ++EXPORT_SYMBOL(nftnl_flowtable_set_str); + int nftnl_flowtable_set_str(struct nftnl_flowtable *c, uint16_t attr, const char *str) + { + return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_str); + ++EXPORT_SYMBOL(nftnl_flowtable_get_data); + const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, + uint16_t attr, uint32_t *data_len) + { +@@ -229,21 +230,21 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, + } + return NULL; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_data); + ++EXPORT_SYMBOL(nftnl_flowtable_get); + const void *nftnl_flowtable_get(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; + return nftnl_flowtable_get_data(c, attr, &data_len); + } +-EXPORT_SYMBOL(nftnl_flowtable_get); + ++EXPORT_SYMBOL(nftnl_flowtable_get_str); + const char *nftnl_flowtable_get_str(const struct nftnl_flowtable *c, uint16_t attr) + { + return nftnl_flowtable_get(c, attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_get_str); + ++EXPORT_SYMBOL(nftnl_flowtable_get_u32); + uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; +@@ -253,8 +254,8 @@ uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr) + + return val ? *val : 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_u32); + ++EXPORT_SYMBOL(nftnl_flowtable_get_s32); + int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; +@@ -264,8 +265,8 @@ int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr) + + return val ? *val : 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_s32); + ++EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); + void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, + const struct nftnl_flowtable *c) + { +@@ -301,7 +302,6 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, + if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE)) + mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size)); + } +-EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); + + static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data) + { +@@ -412,6 +412,7 @@ static int nftnl_flowtable_parse_hook(struct nlattr *attr, struct nftnl_flowtabl + return 0; + } + ++EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); + int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtable *c) + { + struct nlattr *tb[NFTA_FLOWTABLE_MAX + 1] = {}; +@@ -460,7 +461,6 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab + + return ret; + } +-EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); + + static const char *nftnl_hooknum2str(int family, int hooknum) + { +@@ -612,20 +612,20 @@ static int nftnl_flowtable_do_parse(struct nftnl_flowtable *c, + return ret; + } + ++EXPORT_SYMBOL(nftnl_flowtable_parse); + int nftnl_flowtable_parse(struct nftnl_flowtable *c, enum nftnl_parse_type type, + const char *data, struct nftnl_parse_err *err) + { + return nftnl_flowtable_do_parse(c, type, data, err, NFTNL_PARSE_BUFFER); + } +-EXPORT_SYMBOL(nftnl_flowtable_parse); + ++EXPORT_SYMBOL(nftnl_flowtable_parse_file); + int nftnl_flowtable_parse_file(struct nftnl_flowtable *c, + enum nftnl_parse_type type, + FILE *fp, struct nftnl_parse_err *err) + { + return nftnl_flowtable_do_parse(c, type, fp, err, NFTNL_PARSE_FILE); + } +-EXPORT_SYMBOL(nftnl_flowtable_parse_file); + + static int nftnl_flowtable_export(char *buf, size_t size, + const struct nftnl_flowtable *c, int type) +@@ -720,6 +720,7 @@ static int nftnl_flowtable_cmd_snprintf(char *buf, size_t size, + return offset; + } + ++EXPORT_SYMBOL(nftnl_flowtable_snprintf); + int nftnl_flowtable_snprintf(char *buf, size_t size, const struct nftnl_flowtable *c, + uint32_t type, uint32_t flags) + { +@@ -729,7 +730,6 @@ int nftnl_flowtable_snprintf(char *buf, size_t size, const struct nftnl_flowtabl + return nftnl_flowtable_cmd_snprintf(buf, size, c, nftnl_flag2cmd(flags), + type, flags); + } +-EXPORT_SYMBOL(nftnl_flowtable_snprintf); + + static int nftnl_flowtable_do_snprintf(char *buf, size_t size, const void *c, + uint32_t cmd, uint32_t type, uint32_t flags) +@@ -737,18 +737,19 @@ static int nftnl_flowtable_do_snprintf(char *buf, size_t size, const void *c, + return nftnl_flowtable_snprintf(buf, size, c, type, flags); + } + ++EXPORT_SYMBOL(nftnl_flowtable_fprintf); + int nftnl_flowtable_fprintf(FILE *fp, const struct nftnl_flowtable *c, + uint32_t type, uint32_t flags) + { + return nftnl_fprintf(fp, c, NFTNL_CMD_UNSPEC, type, flags, + nftnl_flowtable_do_snprintf); + } +-EXPORT_SYMBOL(nftnl_flowtable_fprintf); + + struct nftnl_flowtable_list { + struct list_head list; + }; + ++EXPORT_SYMBOL(nftnl_flowtable_list_alloc); + struct nftnl_flowtable_list *nftnl_flowtable_list_alloc(void) + { + struct nftnl_flowtable_list *list; +@@ -761,8 +762,8 @@ struct nftnl_flowtable_list *nftnl_flowtable_list_alloc(void) + + return list; + } +-EXPORT_SYMBOL(nftnl_flowtable_list_alloc); + ++EXPORT_SYMBOL(nftnl_flowtable_list_free); + void nftnl_flowtable_list_free(struct nftnl_flowtable_list *list) + { + struct nftnl_flowtable *s, *tmp; +@@ -773,34 +774,34 @@ void nftnl_flowtable_list_free(struct nftnl_flowtable_list *list) + } + xfree(list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_free); + ++EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); + int nftnl_flowtable_list_is_empty(const struct nftnl_flowtable_list *list) + { + return list_empty(&list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); + ++EXPORT_SYMBOL(nftnl_flowtable_list_add); + void nftnl_flowtable_list_add(struct nftnl_flowtable *s, + struct nftnl_flowtable_list *list) + { + list_add(&s->head, &list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_add); + ++EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); + void nftnl_flowtable_list_add_tail(struct nftnl_flowtable *s, + struct nftnl_flowtable_list *list) + { + list_add_tail(&s->head, &list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); + ++EXPORT_SYMBOL(nftnl_flowtable_list_del); + void nftnl_flowtable_list_del(struct nftnl_flowtable *s) + { + list_del(&s->head); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_del); + ++EXPORT_SYMBOL(nftnl_flowtable_list_foreach); + int nftnl_flowtable_list_foreach(struct nftnl_flowtable_list *flowtable_list, + int (*cb)(struct nftnl_flowtable *t, void *data), void *data) + { +@@ -814,4 +815,3 @@ int nftnl_flowtable_list_foreach(struct nftnl_flowtable_list *flowtable_list, + } + return 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_list_foreach); diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0002-avoid-naming-local-function-as-one-of-printf-family.patch b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0002-avoid-naming-local-function-as-one-of-printf-family.patch new file mode 100644 index 00000000..e7e8f6fe --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0002-avoid-naming-local-function-as-one-of-printf-family.patch @@ -0,0 +1,549 @@ +From 5ea9fa9d345005f2f53b1b598edb85f5f24ca9da Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 7 Nov 2018 19:41:54 +0000 +Subject: [PATCH] avoid naming local function as one of printf family + +Fixes build issues with clang +error: no member named '__builtin___snprintf_chk' in 'struct expr_ops' + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + include/expr_ops.h | 2 +- + include/obj.h | 2 +- + src/expr.c | 4 ++-- + src/expr/bitwise.c | 2 +- + src/expr/byteorder.c | 2 +- + src/expr/cmp.c | 2 +- + src/expr/connlimit.c | 2 +- + src/expr/counter.c | 2 +- + src/expr/ct.c | 2 +- + src/expr/dup.c | 2 +- + src/expr/dynset.c | 2 +- + src/expr/exthdr.c | 2 +- + src/expr/fib.c | 2 +- + src/expr/flow_offload.c | 2 +- + src/expr/fwd.c | 2 +- + src/expr/hash.c | 2 +- + src/expr/immediate.c | 2 +- + src/expr/limit.c | 2 +- + src/expr/log.c | 2 +- + src/expr/lookup.c | 2 +- + src/expr/masq.c | 2 +- + src/expr/match.c | 2 +- + src/expr/meta.c | 2 +- + src/expr/nat.c | 2 +- + src/expr/numgen.c | 2 +- + src/expr/objref.c | 2 +- + src/expr/payload.c | 2 +- + src/expr/queue.c | 2 +- + src/expr/quota.c | 2 +- + src/expr/range.c | 2 +- + src/expr/redir.c | 2 +- + src/expr/reject.c | 2 +- + src/expr/rt.c | 2 +- + src/expr/socket.c | 2 +- + src/expr/target.c | 2 +- + src/obj/counter.c | 2 +- + src/obj/ct_helper.c | 2 +- + src/obj/limit.c | 2 +- + src/obj/quota.c | 2 +- + src/object.c | 4 ++-- + 40 files changed, 42 insertions(+), 42 deletions(-) + +diff --git a/include/expr_ops.h b/include/expr_ops.h +index e639390..c4fe050 100644 +--- a/include/expr_ops.h ++++ b/include/expr_ops.h +@@ -18,7 +18,7 @@ struct expr_ops { + const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); + int (*parse)(struct nftnl_expr *e, struct nlattr *attr); + void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e); +- int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e); ++ int (*snprintf_)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e); + int (*json_parse)(struct nftnl_expr *e, json_t *data, + struct nftnl_parse_err *err); + }; +diff --git a/include/obj.h b/include/obj.h +index 4a728c8..4c20bd1 100644 +--- a/include/obj.h ++++ b/include/obj.h +@@ -55,7 +55,7 @@ struct obj_ops { + const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); + int (*parse)(struct nftnl_obj *e, struct nlattr *attr); + void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); +- int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e); ++ int (*snprintf_)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e); + int (*json_parse)(struct nftnl_obj *e, json_t *data, + struct nftnl_parse_err *err); + }; +diff --git a/src/expr.c b/src/expr.c +index 62565e0..2489c30 100644 +--- a/src/expr.c ++++ b/src/expr.c +@@ -285,10 +285,10 @@ int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr, + if (size) + buf[0] = '\0'; + +- if (!expr->ops->snprintf) ++ if (!expr->ops->snprintf_) + return 0; + +- ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr); ++ ret = expr->ops->snprintf_(buf + offset, remain, type, flags, expr); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + return offset; +diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c +index a89734b..f8360b1 100644 +--- a/src/expr/bitwise.c ++++ b/src/expr/bitwise.c +@@ -299,6 +299,6 @@ struct expr_ops expr_ops_bitwise = { + .get = nftnl_expr_bitwise_get, + .parse = nftnl_expr_bitwise_parse, + .build = nftnl_expr_bitwise_build, +- .snprintf = nftnl_expr_bitwise_snprintf, ++ .snprintf_ = nftnl_expr_bitwise_snprintf, + .json_parse = nftnl_expr_bitwise_json_parse, + }; +diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c +index 47c04cf..61f733f 100644 +--- a/src/expr/byteorder.c ++++ b/src/expr/byteorder.c +@@ -314,6 +314,6 @@ struct expr_ops expr_ops_byteorder = { + .get = nftnl_expr_byteorder_get, + .parse = nftnl_expr_byteorder_parse, + .build = nftnl_expr_byteorder_build, +- .snprintf = nftnl_expr_byteorder_snprintf, ++ .snprintf_ = nftnl_expr_byteorder_snprintf, + .json_parse = nftnl_expr_byteorder_json_parse, + }; +diff --git a/src/expr/cmp.c b/src/expr/cmp.c +index b26d0eb..522c7be 100644 +--- a/src/expr/cmp.c ++++ b/src/expr/cmp.c +@@ -284,6 +284,6 @@ struct expr_ops expr_ops_cmp = { + .get = nftnl_expr_cmp_get, + .parse = nftnl_expr_cmp_parse, + .build = nftnl_expr_cmp_build, +- .snprintf = nftnl_expr_cmp_snprintf, ++ .snprintf_ = nftnl_expr_cmp_snprintf, + .json_parse = nftnl_expr_cmp_json_parse, + }; +diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c +index 60965b5..4e41866 100644 +--- a/src/expr/connlimit.c ++++ b/src/expr/connlimit.c +@@ -202,6 +202,6 @@ struct expr_ops expr_ops_connlimit = { + .get = nftnl_expr_connlimit_get, + .parse = nftnl_expr_connlimit_parse, + .build = nftnl_expr_connlimit_build, +- .snprintf = nftnl_expr_connlimit_snprintf, ++ .snprintf_ = nftnl_expr_connlimit_snprintf, + .json_parse = nftnl_expr_connlimit_json_parse, + }; +diff --git a/src/expr/counter.c b/src/expr/counter.c +index 21901e8..9fd7655 100644 +--- a/src/expr/counter.c ++++ b/src/expr/counter.c +@@ -200,6 +200,6 @@ struct expr_ops expr_ops_counter = { + .get = nftnl_expr_counter_get, + .parse = nftnl_expr_counter_parse, + .build = nftnl_expr_counter_build, +- .snprintf = nftnl_expr_counter_snprintf, ++ .snprintf_ = nftnl_expr_counter_snprintf, + .json_parse = nftnl_expr_counter_json_parse, + }; +diff --git a/src/expr/ct.c b/src/expr/ct.c +index 39e9be6..b363f7c 100644 +--- a/src/expr/ct.c ++++ b/src/expr/ct.c +@@ -357,6 +357,6 @@ struct expr_ops expr_ops_ct = { + .get = nftnl_expr_ct_get, + .parse = nftnl_expr_ct_parse, + .build = nftnl_expr_ct_build, +- .snprintf = nftnl_expr_ct_snprintf, ++ .snprintf_ = nftnl_expr_ct_snprintf, + .json_parse = nftnl_expr_ct_json_parse, + }; +diff --git a/src/expr/dup.c b/src/expr/dup.c +index ed8e620..8d603e3 100644 +--- a/src/expr/dup.c ++++ b/src/expr/dup.c +@@ -206,6 +206,6 @@ struct expr_ops expr_ops_dup = { + .get = nftnl_expr_dup_get, + .parse = nftnl_expr_dup_parse, + .build = nftnl_expr_dup_build, +- .snprintf = nftnl_expr_dup_snprintf, ++ .snprintf_ = nftnl_expr_dup_snprintf, + .json_parse = nftnl_expr_dup_json_parse, + }; +diff --git a/src/expr/dynset.c b/src/expr/dynset.c +index 160d0e1..a43f4da 100644 +--- a/src/expr/dynset.c ++++ b/src/expr/dynset.c +@@ -368,6 +368,6 @@ struct expr_ops expr_ops_dynset = { + .get = nftnl_expr_dynset_get, + .parse = nftnl_expr_dynset_parse, + .build = nftnl_expr_dynset_build, +- .snprintf = nftnl_expr_dynset_snprintf, ++ .snprintf_ = nftnl_expr_dynset_snprintf, + .json_parse = nftnl_expr_dynset_json_parse, + }; +diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c +index 75cafbc..89ea7f5 100644 +--- a/src/expr/exthdr.c ++++ b/src/expr/exthdr.c +@@ -385,6 +385,6 @@ struct expr_ops expr_ops_exthdr = { + .get = nftnl_expr_exthdr_get, + .parse = nftnl_expr_exthdr_parse, + .build = nftnl_expr_exthdr_build, +- .snprintf = nftnl_expr_exthdr_snprintf, ++ .snprintf_ = nftnl_expr_exthdr_snprintf, + .json_parse = nftnl_expr_exthdr_json_parse, + }; +diff --git a/src/expr/fib.c b/src/expr/fib.c +index b922b26..ece4645 100644 +--- a/src/expr/fib.c ++++ b/src/expr/fib.c +@@ -274,6 +274,6 @@ struct expr_ops expr_ops_fib = { + .get = nftnl_expr_fib_get, + .parse = nftnl_expr_fib_parse, + .build = nftnl_expr_fib_build, +- .snprintf = nftnl_expr_fib_snprintf, ++ .snprintf_ = nftnl_expr_fib_snprintf, + .json_parse = nftnl_expr_fib_json_parse, + }; +diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c +index a2001c9..9cdbc21 100644 +--- a/src/expr/flow_offload.c ++++ b/src/expr/flow_offload.c +@@ -179,6 +179,6 @@ struct expr_ops expr_ops_flow = { + .get = nftnl_expr_flow_get, + .parse = nftnl_expr_flow_parse, + .build = nftnl_expr_flow_build, +- .snprintf = nftnl_expr_flow_snprintf, ++ .snprintf_ = nftnl_expr_flow_snprintf, + .json_parse = nftnl_expr_flow_json_parse, + }; +diff --git a/src/expr/fwd.c b/src/expr/fwd.c +index 9021606..7178f43 100644 +--- a/src/expr/fwd.c ++++ b/src/expr/fwd.c +@@ -233,6 +233,6 @@ struct expr_ops expr_ops_fwd = { + .get = nftnl_expr_fwd_get, + .parse = nftnl_expr_fwd_parse, + .build = nftnl_expr_fwd_build, +- .snprintf = nftnl_expr_fwd_snprintf, ++ .snprintf_ = nftnl_expr_fwd_snprintf, + .json_parse = nftnl_expr_fwd_json_parse, + }; +diff --git a/src/expr/hash.c b/src/expr/hash.c +index 415537e..186c5b0 100644 +--- a/src/expr/hash.c ++++ b/src/expr/hash.c +@@ -383,6 +383,6 @@ struct expr_ops expr_ops_hash = { + .get = nftnl_expr_hash_get, + .parse = nftnl_expr_hash_parse, + .build = nftnl_expr_hash_build, +- .snprintf = nftnl_expr_hash_snprintf, ++ .snprintf_ = nftnl_expr_hash_snprintf, + .json_parse = nftnl_expr_hash_json_parse, + }; +diff --git a/src/expr/immediate.c b/src/expr/immediate.c +index b0570bd..91ccbdc 100644 +--- a/src/expr/immediate.c ++++ b/src/expr/immediate.c +@@ -316,6 +316,6 @@ struct expr_ops expr_ops_immediate = { + .get = nftnl_expr_immediate_get, + .parse = nftnl_expr_immediate_parse, + .build = nftnl_expr_immediate_build, +- .snprintf = nftnl_expr_immediate_snprintf, ++ .snprintf_ = nftnl_expr_immediate_snprintf, + .json_parse = nftnl_expr_immediate_json_parse, + }; +diff --git a/src/expr/limit.c b/src/expr/limit.c +index 856ab18..e71fc2f 100644 +--- a/src/expr/limit.c ++++ b/src/expr/limit.c +@@ -285,6 +285,6 @@ struct expr_ops expr_ops_limit = { + .get = nftnl_expr_limit_get, + .parse = nftnl_expr_limit_parse, + .build = nftnl_expr_limit_build, +- .snprintf = nftnl_expr_limit_snprintf, ++ .snprintf_ = nftnl_expr_limit_snprintf, + .json_parse = nftnl_expr_limit_json_parse, + }; +diff --git a/src/expr/log.c b/src/expr/log.c +index 86d9651..5769c1c 100644 +--- a/src/expr/log.c ++++ b/src/expr/log.c +@@ -353,6 +353,6 @@ struct expr_ops expr_ops_log = { + .get = nftnl_expr_log_get, + .parse = nftnl_expr_log_parse, + .build = nftnl_expr_log_build, +- .snprintf = nftnl_expr_log_snprintf, ++ .snprintf_ = nftnl_expr_log_snprintf, + .json_parse = nftnl_expr_log_json_parse, + }; +diff --git a/src/expr/lookup.c b/src/expr/lookup.c +index 5fcb81f..b2f0dd6 100644 +--- a/src/expr/lookup.c ++++ b/src/expr/lookup.c +@@ -292,6 +292,6 @@ struct expr_ops expr_ops_lookup = { + .get = nftnl_expr_lookup_get, + .parse = nftnl_expr_lookup_parse, + .build = nftnl_expr_lookup_build, +- .snprintf = nftnl_expr_lookup_snprintf, ++ .snprintf_ = nftnl_expr_lookup_snprintf, + .json_parse = nftnl_expr_lookup_json_parse, + }; +diff --git a/src/expr/masq.c b/src/expr/masq.c +index 7c235d3..adec325 100644 +--- a/src/expr/masq.c ++++ b/src/expr/masq.c +@@ -228,6 +228,6 @@ struct expr_ops expr_ops_masq = { + .get = nftnl_expr_masq_get, + .parse = nftnl_expr_masq_parse, + .build = nftnl_expr_masq_build, +- .snprintf = nftnl_expr_masq_snprintf, ++ .snprintf_ = nftnl_expr_masq_snprintf, + .json_parse = nftnl_expr_masq_json_parse, + }; +diff --git a/src/expr/match.c b/src/expr/match.c +index dd09e1e..f0d8868 100644 +--- a/src/expr/match.c ++++ b/src/expr/match.c +@@ -249,6 +249,6 @@ struct expr_ops expr_ops_match = { + .get = nftnl_expr_match_get, + .parse = nftnl_expr_match_parse, + .build = nftnl_expr_match_build, +- .snprintf = nftnl_expr_match_snprintf, ++ .snprintf_ = nftnl_expr_match_snprintf, + .json_parse = nftnl_expr_match_json_parse, + }; +diff --git a/src/expr/meta.c b/src/expr/meta.c +index de82105..91f1ebb 100644 +--- a/src/expr/meta.c ++++ b/src/expr/meta.c +@@ -291,6 +291,6 @@ struct expr_ops expr_ops_meta = { + .get = nftnl_expr_meta_get, + .parse = nftnl_expr_meta_parse, + .build = nftnl_expr_meta_build, +- .snprintf = nftnl_expr_meta_snprintf, ++ .snprintf_ = nftnl_expr_meta_snprintf, + .json_parse = nftnl_expr_meta_json_parse, + }; +diff --git a/src/expr/nat.c b/src/expr/nat.c +index 9271303..427c282 100644 +--- a/src/expr/nat.c ++++ b/src/expr/nat.c +@@ -384,6 +384,6 @@ struct expr_ops expr_ops_nat = { + .get = nftnl_expr_nat_get, + .parse = nftnl_expr_nat_parse, + .build = nftnl_expr_nat_build, +- .snprintf = nftnl_expr_nat_snprintf, ++ .snprintf_ = nftnl_expr_nat_snprintf, + .json_parse = nftnl_expr_nat_json_parse, + }; +diff --git a/src/expr/numgen.c b/src/expr/numgen.c +index 5336fde..8e0479a 100644 +--- a/src/expr/numgen.c ++++ b/src/expr/numgen.c +@@ -313,6 +313,6 @@ struct expr_ops expr_ops_ng = { + .get = nftnl_expr_ng_get, + .parse = nftnl_expr_ng_parse, + .build = nftnl_expr_ng_build, +- .snprintf = nftnl_expr_ng_snprintf, ++ .snprintf_ = nftnl_expr_ng_snprintf, + .json_parse = nftnl_expr_ng_json_parse, + }; +diff --git a/src/expr/objref.c b/src/expr/objref.c +index 64ee863..4504488 100644 +--- a/src/expr/objref.c ++++ b/src/expr/objref.c +@@ -278,6 +278,6 @@ struct expr_ops expr_ops_objref = { + .get = nftnl_expr_objref_get, + .parse = nftnl_expr_objref_parse, + .build = nftnl_expr_objref_build, +- .snprintf = nftnl_expr_objref_snprintf, ++ .snprintf_ = nftnl_expr_objref_snprintf, + .json_parse = nftnl_expr_objref_json_parse, + }; +diff --git a/src/expr/payload.c b/src/expr/payload.c +index 91e1587..894ac08 100644 +--- a/src/expr/payload.c ++++ b/src/expr/payload.c +@@ -348,6 +348,6 @@ struct expr_ops expr_ops_payload = { + .get = nftnl_expr_payload_get, + .parse = nftnl_expr_payload_parse, + .build = nftnl_expr_payload_build, +- .snprintf = nftnl_expr_payload_snprintf, ++ .snprintf_ = nftnl_expr_payload_snprintf, + .json_parse = nftnl_expr_payload_json_parse, + }; +diff --git a/src/expr/queue.c b/src/expr/queue.c +index a392a27..ee26c10 100644 +--- a/src/expr/queue.c ++++ b/src/expr/queue.c +@@ -275,6 +275,6 @@ struct expr_ops expr_ops_queue = { + .get = nftnl_expr_queue_get, + .parse = nftnl_expr_queue_parse, + .build = nftnl_expr_queue_build, +- .snprintf = nftnl_expr_queue_snprintf, ++ .snprintf_ = nftnl_expr_queue_snprintf, + .json_parse = nftnl_expr_queue_json_parse, + }; +diff --git a/src/expr/quota.c b/src/expr/quota.c +index 667e6e1..ff5d182 100644 +--- a/src/expr/quota.c ++++ b/src/expr/quota.c +@@ -203,6 +203,6 @@ struct expr_ops expr_ops_quota = { + .get = nftnl_expr_quota_get, + .parse = nftnl_expr_quota_parse, + .build = nftnl_expr_quota_build, +- .snprintf = nftnl_expr_quota_snprintf, ++ .snprintf_ = nftnl_expr_quota_snprintf, + .json_parse = nftnl_expr_quota_json_parse, + }; +diff --git a/src/expr/range.c b/src/expr/range.c +index b2789ff..8910f8a 100644 +--- a/src/expr/range.c ++++ b/src/expr/range.c +@@ -283,6 +283,6 @@ struct expr_ops expr_ops_range = { + .get = nftnl_expr_range_get, + .parse = nftnl_expr_range_parse, + .build = nftnl_expr_range_build, +- .snprintf = nftnl_expr_range_snprintf, ++ .snprintf_ = nftnl_expr_range_snprintf, + .json_parse = nftnl_expr_range_json_parse, + }; +diff --git a/src/expr/redir.c b/src/expr/redir.c +index b2aa345..41b77ab 100644 +--- a/src/expr/redir.c ++++ b/src/expr/redir.c +@@ -242,6 +242,6 @@ struct expr_ops expr_ops_redir = { + .get = nftnl_expr_redir_get, + .parse = nftnl_expr_redir_parse, + .build = nftnl_expr_redir_build, +- .snprintf = nftnl_expr_redir_snprintf, ++ .snprintf_ = nftnl_expr_redir_snprintf, + .json_parse = nftnl_expr_redir_json_parse, + }; +diff --git a/src/expr/reject.c b/src/expr/reject.c +index 11d8b20..b10e729 100644 +--- a/src/expr/reject.c ++++ b/src/expr/reject.c +@@ -200,6 +200,6 @@ struct expr_ops expr_ops_reject = { + .get = nftnl_expr_reject_get, + .parse = nftnl_expr_reject_parse, + .build = nftnl_expr_reject_build, +- .snprintf = nftnl_expr_reject_snprintf, ++ .snprintf_ = nftnl_expr_reject_snprintf, + .json_parse = nftnl_expr_reject_json_parse, + }; +diff --git a/src/expr/rt.c b/src/expr/rt.c +index c3c92c7..688a042 100644 +--- a/src/expr/rt.c ++++ b/src/expr/rt.c +@@ -235,6 +235,6 @@ struct expr_ops expr_ops_rt = { + .get = nftnl_expr_rt_get, + .parse = nftnl_expr_rt_parse, + .build = nftnl_expr_rt_build, +- .snprintf = nftnl_expr_rt_snprintf, ++ .snprintf_ = nftnl_expr_rt_snprintf, + .json_parse = nftnl_expr_rt_json_parse, + }; +diff --git a/src/expr/socket.c b/src/expr/socket.c +index db160a1..4c50011 100644 +--- a/src/expr/socket.c ++++ b/src/expr/socket.c +@@ -204,5 +204,5 @@ struct expr_ops expr_ops_socket = { + .get = nftnl_expr_socket_get, + .parse = nftnl_expr_socket_parse, + .build = nftnl_expr_socket_build, +- .snprintf = nftnl_expr_socket_snprintf, ++ .snprintf_ = nftnl_expr_socket_snprintf, + }; +diff --git a/src/expr/target.c b/src/expr/target.c +index ed4bf7d..2ef4078 100644 +--- a/src/expr/target.c ++++ b/src/expr/target.c +@@ -249,6 +249,6 @@ struct expr_ops expr_ops_target = { + .get = nftnl_expr_target_get, + .parse = nftnl_expr_target_parse, + .build = nftnl_expr_target_build, +- .snprintf = nftnl_expr_target_snprintf, ++ .snprintf_ = nftnl_expr_target_snprintf, + .json_parse = nftnl_expr_target_json_parse, + }; +diff --git a/src/obj/counter.c b/src/obj/counter.c +index 332bb2b..edeb7be 100644 +--- a/src/obj/counter.c ++++ b/src/obj/counter.c +@@ -182,6 +182,6 @@ struct obj_ops obj_ops_counter = { + .get = nftnl_obj_counter_get, + .parse = nftnl_obj_counter_parse, + .build = nftnl_obj_counter_build, +- .snprintf = nftnl_obj_counter_snprintf, ++ .snprintf_ = nftnl_obj_counter_snprintf, + .json_parse = nftnl_obj_counter_json_parse, + }; +diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c +index 62569fe..69757ff 100644 +--- a/src/obj/ct_helper.c ++++ b/src/obj/ct_helper.c +@@ -208,6 +208,6 @@ struct obj_ops obj_ops_ct_helper = { + .get = nftnl_obj_ct_helper_get, + .parse = nftnl_obj_ct_helper_parse, + .build = nftnl_obj_ct_helper_build, +- .snprintf = nftnl_obj_ct_helper_snprintf, ++ .snprintf_ = nftnl_obj_ct_helper_snprintf, + .json_parse = nftnl_obj_quota_json_parse, + }; +diff --git a/src/obj/limit.c b/src/obj/limit.c +index 7f8bcf7..25018b6 100644 +--- a/src/obj/limit.c ++++ b/src/obj/limit.c +@@ -236,6 +236,6 @@ struct obj_ops obj_ops_limit = { + .get = nftnl_obj_limit_get, + .parse = nftnl_obj_limit_parse, + .build = nftnl_obj_limit_build, +- .snprintf = nftnl_obj_limit_snprintf, ++ .snprintf_ = nftnl_obj_limit_snprintf, + .json_parse = nftnl_obj_limit_json_parse, + }; +diff --git a/src/obj/quota.c b/src/obj/quota.c +index 6d36784..ecaa8b1 100644 +--- a/src/obj/quota.c ++++ b/src/obj/quota.c +@@ -203,6 +203,6 @@ struct obj_ops obj_ops_quota = { + .get = nftnl_obj_quota_get, + .parse = nftnl_obj_quota_parse, + .build = nftnl_obj_quota_build, +- .snprintf = nftnl_obj_quota_snprintf, ++ .snprintf_ = nftnl_obj_quota_snprintf, + .json_parse = nftnl_obj_quota_json_parse, + }; +diff --git a/src/object.c b/src/object.c +index d8278f3..9654b7b 100644 +--- a/src/object.c ++++ b/src/object.c +@@ -429,7 +429,7 @@ static int nftnl_obj_export(char *buf, size_t size, + nftnl_buf_u64(&b, type, obj->handle, HANDLE); + + if (obj->ops) +- ret = obj->ops->snprintf(buf + b.len, size - b.len, type, ++ ret = obj->ops->snprintf_(buf + b.len, size - b.len, type, + flags, obj); + + b.len += ret; +@@ -450,7 +450,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t size, + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + if (obj->ops) { +- ret = obj->ops->snprintf(buf + offset, offset, type, flags, ++ ret = obj->ops->snprintf_(buf + offset, offset, type, flags, + obj); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + } diff --git a/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.1.1.bb b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.1.1.bb new file mode 100644 index 00000000..77959a73 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.1.1.bb @@ -0,0 +1,15 @@ +SUMMARY = "Library for low-level interaction with nftables Netlink's API over libmnl" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" +SECTION = "libs" +DEPENDS = "libmnl" +PV .= "+git${SRCPV}" +SRCREV = "d379dfcb6c94dcb93a8f16896572d6e162138e0f" +SRC_URI = "git://git.netfilter.org/libnftnl \ + file://0001-Move-exports-before-symbol-definition.patch \ + file://0002-avoid-naming-local-function-as-one-of-printf-family.patch \ + " + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/external/meta-openembedded/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb b/external/meta-openembedded/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb new file mode 100644 index 00000000..8177ebcc --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb @@ -0,0 +1,15 @@ +SUMMARY = "nfacct is the command line tool to create/retrieve/delete accounting objects" +HOMEPAGE = "http://netfilter.org/projects/nfacct/" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +SRC_URI = "ftp://ftp.netfilter.org/pub/${BPN}/${BP}.tar.bz2" + +SRC_URI[md5sum] = "94faafdaaed85ca9220c5692be8a408e" +SRC_URI[sha256sum] = "ecff2218754be318bce3c3a5d1775bab93bf4168b2c4aac465785de5655fbd69" +DEPENDS = "libnfnetlink libmnl libnetfilter-acct" + +EXTRA_OEMAKE += 'HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}"' + +inherit autotools pkgconfig + diff --git a/external/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb b/external/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb new file mode 100644 index 00000000..aadf4f7f --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb @@ -0,0 +1,20 @@ +SUMMARY = "Netfilter Tables userspace utillites" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79" + +DEPENDS = "libmnl libnftnl readline gmp bison-native" + +SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \ + " +SRC_URI[md5sum] = "d4dcb61df80aa544b2e142e91d937635" +SRC_URI[sha256sum] = "ad8181b5fcb9ca572f444bed54018749588522ee97e4c21922648bb78d7e7e91" + +inherit autotools manpages pkgconfig + +PACKAGECONFIG ?= "" +PACKAGECONFIG[man] = "--enable--man-doc, --disable-man-doc" + +ASNEEDED = "" + +RRECOMMENDS_${PN} += "kernel-module-nf-tables" |