Re: [ptxdist] [PATCH] ebtables: this patch adds ebtables to ptxdist

[Michael Olbrich <m.olbrich@pengutronix.de>]

On Thu, Dec 10, 2015 at 09:45:58AM +0100, Oliver Graute wrote:
> The ebtables program is a filtering tool for a Linux-based bridging firewall.
> It enables transparent filtering of network traffic passing through a Linux
> bridge.
> 
> Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
> ---
>  .../ebtables-v2.0.10-4/0001-fixed-returncode.patch |   23 +++++
>  .../0002-cross-complile-prep.patch                 |   23 +++++
>  .../ebtables-v2.0.10-4/0003-changed-bin-dir.patch  |   21 ++++
>  ...004-with-no-as-needed-and-adjust-the-link.patch |   31 ++++++
>  patches/ebtables-v2.0.10-4/series                  |    7 ++
>  rules/ebtables.in                                  |   12 +++
>  rules/ebtables.make                                |  104 ++++++++++++++++++++
>  7 files changed, 221 insertions(+)
>  create mode 100644 patches/ebtables-v2.0.10-4/0001-fixed-returncode.patch
>  create mode 100644 patches/ebtables-v2.0.10-4/0002-cross-complile-prep.patch
>  create mode 100644 patches/ebtables-v2.0.10-4/0003-changed-bin-dir.patch
>  create mode 100644 patches/ebtables-v2.0.10-4/0004-with-no-as-needed-and-adjust-the-link.patch
>  create mode 100644 patches/ebtables-v2.0.10-4/series
>  create mode 100644 rules/ebtables.in
>  create mode 100644 rules/ebtables.make
> 
> diff --git a/patches/ebtables-v2.0.10-4/0001-fixed-returncode.patch b/patches/ebtables-v2.0.10-4/0001-fixed-returncode.patch
> new file mode 100644
> index 0000000..77cc296
> --- /dev/null
> +++ b/patches/ebtables-v2.0.10-4/0001-fixed-returncode.patch
> @@ -0,0 +1,23 @@
> +From: Oliver Graute <oliver.graute@neuhaus.de>
> +Date: Fri, 27 Nov 2015 11:13:46 +0100
> +Subject: [PATCH] fixed returncode
> +
> +fixed returncode in store_counters_in_file

Please elaborate. What happening upstream here?

> +
> +---
> + communication.c |    2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/communication.c b/communication.c
> +index 62ed667..ba058c0 100644
> +--- a/communication.c
> ++++ b/communication.c
> +@@ -282,7 +282,7 @@ static int store_counters_in_file(char *filename, struct ebt_u_replace *repl)
> + 	}
> + close_file:
> + 	fclose(file);
> +-	return 0;
> ++	return ret;
> + }
> + 
> + /* Gets executed after ebt_deliver_table. Delivers the counters to the kernel
> diff --git a/patches/ebtables-v2.0.10-4/0002-cross-complile-prep.patch b/patches/ebtables-v2.0.10-4/0002-cross-complile-prep.patch
> new file mode 100644
> index 0000000..c194969
> --- /dev/null
> +++ b/patches/ebtables-v2.0.10-4/0002-cross-complile-prep.patch
> @@ -0,0 +1,23 @@
> +From: Oliver Graute <oliver.graute@neuhaus.de>
> +Date: Fri, 27 Nov 2015 11:46:39 +0100
> +Subject: [PATCH] cross complile prep
> +
> +Cross compile patch for arm
> +
> +---
> + Makefile |    2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index c1106a4..6b88ff6 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -19,7 +19,7 @@ DESTDIR:=
> + 
> + CFLAGS:=-Wall -Wunused -Werror
> + CFLAGS_SH_LIB:=-fPIC -O3
> +-CC:=gcc
> ++CC:=arm-v5te-linux-gnueabi-gcc

No. This breaks with other cross compilers. adding $(CROSS_ENV_PROGS) to
<PKG>_MAKE_OPT should help instead.

> + 
> + ifeq ($(shell uname -m),sparc64)
> + CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
> diff --git a/patches/ebtables-v2.0.10-4/0003-changed-bin-dir.patch b/patches/ebtables-v2.0.10-4/0003-changed-bin-dir.patch
> new file mode 100644
> index 0000000..1173e59
> --- /dev/null
> +++ b/patches/ebtables-v2.0.10-4/0003-changed-bin-dir.patch
> @@ -0,0 +1,21 @@
> +From: Oliver Graute <oliver.graute@neuhaus.de>
> +Date: Fri, 27 Nov 2015 12:01:59 +0100
> +Subject: [PATCH] changed bin dir
> +
> +---
> + Makefile |    2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index 6b88ff6..8d735ac 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -11,7 +11,7 @@ LOCKDIR:=$(shell echo $(LOCKFILE) | sed 's/\(.*\)\/.*/\1/')/
> + # default paths
> + LIBDIR:=/usr/lib
> + MANDIR:=/usr/local/man
> +-BINDIR:=/usr/local/sbin
> ++BINDIR:=/sbin

Add BINDIR=/sbin to the <PKG>_MAKE_OPT to avoid this patch.

> + ETCDIR:=/etc
> + INITDIR:=/etc/rc.d/init.d
> + SYSCONFIGDIR:=/etc/sysconfig
> diff --git a/patches/ebtables-v2.0.10-4/0004-with-no-as-needed-and-adjust-the-link.patch b/patches/ebtables-v2.0.10-4/0004-with-no-as-needed-and-adjust-the-link.patch
> new file mode 100644
> index 0000000..f781e12
> --- /dev/null
> +++ b/patches/ebtables-v2.0.10-4/0004-with-no-as-needed-and-adjust-the-link.patch
> @@ -0,0 +1,31 @@
> +From: Khem Raj <raj.khem@gmail.com>
> +Date: Tue, 12 Dec 2012 00:00:00 +0100
> +Subject: [PATCH] link ebtables with --no-as-needed and adjust the link order
> + to fix runtime crash
> +
> +Program terminated with signal 11, Segmentation fault.
> +0  0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so
> +(gdb) bt
> +0  0x00007ffaa837fb53 in ebt_initialize_entry () from /lib64/ebtables/libebtc.so
> +1  0x00007ffaa83824dc in do_command () from /lib64/ebtables/libebtc.so
> +2  0x000000000040065c in ?? ()
> +3  0x00007ffaa7fed755 in __libc_start_main () from /lib64/libc.so.6
> +4  0x0000000000400691 in ?? ()
> +
> +---
> + Makefile |    2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index 8d735ac..7cfe784 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -90,7 +90,7 @@ libebtc.so: $(OBJECTS2)
> + 	$(CC) -shared $(LDFLAGS) -Wl,-soname,libebtc.so -o libebtc.so -lc $(OBJECTS2)
> + 
> + ebtables: $(OBJECTS) ebtables-standalone.o libebtc.so
> +-	$(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \
> ++	$(CC) $(CFLAGS) $(CFLAGS_SH_LIB) $(LDFLAGS) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -Wl,--no-as-needed $(EXT_LIBSI) -lebtc \
> + 	-Wl,-rpath,$(LIBDIR)

<PKG>_WRAPPER_BLACKLIST := \
	TARGET_LINKER_AS_NEEDED

should help instead.

> + 
> + ebtablesu: ebtablesu.c
> diff --git a/patches/ebtables-v2.0.10-4/series b/patches/ebtables-v2.0.10-4/series
> new file mode 100644
> index 0000000..463b15f
> --- /dev/null
> +++ b/patches/ebtables-v2.0.10-4/series
> @@ -0,0 +1,7 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-fixed-returncode.patch
> +0002-cross-complile-prep.patch
> +0003-changed-bin-dir.patch
> +0004-with-no-as-needed-and-adjust-the-link.patch
> +# 5247698c8b551a01103d9b67868658de  - git-ptx-patches magic
> diff --git a/rules/ebtables.in b/rules/ebtables.in
> new file mode 100644
> index 0000000..460aed8
> --- /dev/null
> +++ b/rules/ebtables.in
> @@ -0,0 +1,12 @@
> +## SECTION=networking
> +
> +config EBTABLES
> +	tristate
> +	prompt "ebtables"
> +	help
> +	  The ebtables program is a filtering tool for a Linux-based bridging
> +	  firewall. It enables transparent filtering of network traffic passing
> +	  through a Linux bridge. The filtering possibilities are limited to
> +	  link layer filtering and some basic filtering on higher network
> +	  layers. Advanced logging, MAC DNAT/SNAT and brouter facilities
> +	  are also included.
> diff --git a/rules/ebtables.make b/rules/ebtables.make
> new file mode 100644
> index 0000000..12fc426
> --- /dev/null
> +++ b/rules/ebtables.make
> @@ -0,0 +1,104 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_EBTABLES) += ebtables
> +
> +#
> +# Paths and names
> +#
> +EBTABLES_VERSION	:= v2.0.10-4
> +EBTABLES_MD5		:= 506742a3d44b9925955425a659c1a8d0
> +EBTABLES		:= ebtables-$(EBTABLES_VERSION)
> +EBTABLES_SUFFIX	:= tar.gz
> +EBTABLES_URL		:= ftp://ftp.netfilter.org/pub/ebtables/$(EBTABLES).$(EBTABLES_SUFFIX)
> +EBTABLES_SOURCE	:= $(SRCDIR)/$(EBTABLES).$(EBTABLES_SUFFIX)
> +EBTABLES_DIR		:= $(BUILDDIR)/$(EBTABLES)
> +EBTABLES_LICENSE	:= GPLv2
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +EBTABLES_CONF_ENV	:= $(CROSS_ENV)

remove.

set conf tool

> +
> +# ----------------------------------------------------------------------------
> +# Compile
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/ebtables.compile:
> +	@$(call targetinfo)
> +	@$(call world/compile, EBTABLES)
> +	@$(call touch)

remove

> +# ----------------------------------------------------------------------------
> +# Install
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/ebtables.install:
> +#	@$(call targetinfo)
> +#	@$(call world/install, EBTABLES)
> +#	@$(call touch)
> +

remove

> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/ebtables.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, ebtables)
> +	@$(call install_fixup, ebtables,PRIORITY,optional)
> +	@$(call install_fixup, ebtables,SECTION,base)
> +	@$(call install_fixup, ebtables,AUTHOR,"<oliver.graute@neuhaus.de>")
> +	@$(call install_fixup, ebtables,DESCRIPTION,missing)
> +
> +	@$(call install_copy, ebtables, 0, 0, 0755, $(EBTABLES_DIR)/ebtables, /sbin/ebtables)
> +	@$(call install_copy, ebtables, 0, 0, 0755, $(EBTABLES_DIR)/ebtables-restore, /sbin/ebtables-restore)
> +	@$(call install_copy, ebtables, 0, 0, 0755, $(EBTABLES_DIR)/ebtables-config, /etc/ebtables-config)
> +	@$(call install_copy, ebtables, 0, 0, 0755, $(EBTABLES_DIR)/ethertypes, /etc/ethertypes)

Again source should be '-'.

> +	@$(call install_lib, ebtables, 0, 0, 0644, libebtc)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_802_3)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebtable_broute)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebtable_filter)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebtable_nat)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_among)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_arpreply)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_arp)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_ip6)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_ip)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_limit)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_log)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_mark_m)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_mark)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_nat)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_nflog)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_pkttype)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_redirect)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_standard)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_stp)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_ulog)
> +	@$(call install_lib, ebtables, 0, 0, 0644, libebt_vlan)
> +
> +	@$(call install_finish, ebtables)
> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Clean
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/ebtables.clean:
> +#	@$(call targetinfo)
> +#	@$(call clean_pkg, EBTABLES)
> +

remove

Michael

> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de