diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11')
5 files changed, 335 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0001-Makefile.am-do-not-install-etc-ethertypes.patch b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0001-Makefile.am-do-not-install-etc-ethertypes.patch new file mode 100644 index 0000000000..f2dbb552ea --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0001-Makefile.am-do-not-install-etc-ethertypes.patch @@ -0,0 +1,34 @@ +From a822e8dbca017e426a4c1c3ca835d0d03cbb4a4d Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Thu, 31 Dec 2020 16:09:56 +0800 +Subject: [PATCH] Makefile.am: do not install /etc/ethertypes + +The /etc/ethertypes is provided by netbase since 6.0[1]. +Do not instal the file in ebtables, otherwise there would be a conflict: +Error: Transaction test error: + file /etc/ethertypes conflicts between attempted installs of netbase-1:6.2-r0.corei7_64 and ebtables-2.0.10+4-r4.corei7_64 + +[1] https://salsa.debian.org/md/netbase/-/commit/316680c6a2c3641b6abc76b3eebf88781f609d35) + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index b879941..2237002 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -26,7 +26,6 @@ AM_CFLAGS = ${regular_CFLAGS} + + sbin_PROGRAMS = ebtables-legacy ebtablesd ebtablesu ebtables-legacy-restore + EXTRA_PROGRAMS = static examples/ulog/test_ulog +-sysconf_DATA = ethertypes + sbin_SCRIPTS = ebtables-legacy-save + man8_MANS = ebtables-legacy.8 + lib_LTLIBRARIES = libebtc.la +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch new file mode 100644 index 0000000000..1f3fcfe370 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch @@ -0,0 +1,84 @@ +From b7cee37734007fced7a4d5ed586c3a9e5ad92878 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 26 Mar 2017 13:12:21 -0700 +Subject: [PATCH 10/10] Adjust header include sequence + +This fixes the build with musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> +--- + extensions/ebt_among.c | 2 +- + extensions/ebt_arpreply.c | 2 +- + extensions/ebt_nat.c | 2 +- + useful_functions.c | 4 ++-- + 4 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/extensions/ebt_among.c b/extensions/ebt_among.c +index 30c098c..af73bd9 100644 +--- a/extensions/ebt_among.c ++++ b/extensions/ebt_among.c +@@ -12,8 +12,8 @@ + #include <getopt.h> + #include <ctype.h> + #include <unistd.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include "../include/ethernetdb.h" + #include <linux/if_ether.h> + #include <linux/netfilter_bridge/ebt_among.h> +diff --git a/extensions/ebt_arpreply.c b/extensions/ebt_arpreply.c +index 399868b..7b6b5ae 100644 +--- a/extensions/ebt_arpreply.c ++++ b/extensions/ebt_arpreply.c +@@ -11,8 +11,8 @@ + #include <stdlib.h> + #include <string.h> + #include <getopt.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_arpreply.h> + + static int mac_supplied; +diff --git a/extensions/ebt_nat.c b/extensions/ebt_nat.c +index fe7e987..1899df3 100644 +--- a/extensions/ebt_nat.c ++++ b/extensions/ebt_nat.c +@@ -10,8 +10,8 @@ + #include <stdlib.h> + #include <string.h> + #include <getopt.h> +-#include "../include/ebtables_u.h" + #include <netinet/ether.h> ++#include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_nat.h> + + static int to_source_supplied, to_dest_supplied; +diff --git a/useful_functions.c b/useful_functions.c +index 133ae2f..c7adc66 100644 +--- a/useful_functions.c ++++ b/useful_functions.c +@@ -22,8 +22,6 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +-#include "include/ebtables_u.h" +-#include "include/ethernetdb.h" + #include <errno.h> + #include <inttypes.h> + #include <limits.h> +@@ -36,6 +34,8 @@ + #include <sys/types.h> + #include <sys/socket.h> + #include <arpa/inet.h> ++#include "include/ebtables_u.h" ++#include "include/ethernetdb.h" + + + const unsigned char mac_type_unicast[ETH_ALEN] = {0,0,0,0,0,0}; +-- +2.25.1 + + diff --git a/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables-legacy-save b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables-legacy-save new file mode 100644 index 0000000000..2133600f77 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables-legacy-save @@ -0,0 +1,43 @@ +#!/bin/bash + +EBTABLES="/usr/sbin/ebtables-legacy" + +[ -x "$EBTABLES" ] || exit 1 + +echo "# Generated by ebtables-save v1.0 on $(date)" + +cnt="" +[ "x$EBTABLES_SAVE_COUNTER" = "xyes" ] && cnt="--Lc" + +for table_name in $(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//); do + table=$($EBTABLES -t $table_name -L $cnt) + [ $? -eq 0 ] || { echo "$table"; exit -1; } + + chain="" + rules="" + while read line; do + [ -z "$line" ] && continue + + case "$line" in + Bridge\ table:\ *) + echo "*${line:14}" + ;; + Bridge\ chain:\ *) + chain="${line:14}" + chain="${chain%%,*}" + policy="${line##*policy: }" + echo ":$chain $policy" + ;; + *) + if [ "$cnt" = "--Lc" ]; then + line=${line/, pcnt \=/ -c} + line=${line/-- bcnt \=/} + fi + rules="$rules-A $chain $line\n" + ;; + esac + done <<EOF +$table +EOF + echo -e $rules +done diff --git a/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common new file mode 100644 index 0000000000..d948422e99 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.common @@ -0,0 +1,163 @@ +#!/bin/sh + +[ -x /usr/sbin/ebtables-legacy ] || exit 1 + +EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump + +RETVAL=0 +prog="ebtables" +desc="Ethernet bridge filtering" +umask 0077 + +#default configuration +EBTABLES_MODULES_UNLOAD="yes" +EBTABLES_LOAD_ON_START="no" +EBTABLES_SAVE_ON_STOP="no" +EBTABLES_SAVE_ON_RESTART="no" +EBTABLES_SAVE_COUNTER="no" +EBTABLES_BACKUP_SUFFIX="~" + +config=/etc/default/$prog +[ -f "$config" ] && . "$config" + +get_supported_tables() { + EBTABLES_SUPPORTED_TABLES= + /usr/sbin/ebtables-legacy -t filter -L 2>&1 1>/dev/null | grep -q permission + if [ $? -eq 0 ]; then + echo "Error: insufficient privileges to access the ebtables rulesets." + exit 1 + fi + for table in filter nat broute; do + /usr/sbin/ebtables-legacy -t $table -L &> /dev/null + if [ $? -eq 0 ]; then + EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table" + fi + done +} + +load() { + RETVAL=0 + get_supported_tables + echo -n "Restoring ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then + /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit + RET=$? + if [ $RET -ne 0 ]; then + echo -n "(failed) " + RETVAL=$RET + fi + else + echo -n "(no saved state) " + fi + done + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +clear_rules() { + RETVAL=0 + get_supported_tables + echo -n "Clearing ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + /usr/sbin/ebtables-legacy -t $table --init-table + done + + if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then + for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do + rmmod $mod 2> /dev/null + done + fi + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +save() { + RETVAL=0 + get_supported_tables + echo -n "Saving ebtables rulesets: " + for table in $EBTABLES_SUPPORTED_TABLES; do + echo -n "$table " + [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \ + mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX + /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save + RET=$? + if [ $RET -ne 0 ]; then + echo -n "(failed) " + RETVAL=$RET + else + if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then + /usr/sbin/ebtables-legacy -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z + fi + fi + done + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo -n "no kernel support. " + else + echo -n "done. " + fi + if [ $RETVAL -eq 0 ]; then + echo "ok" + else + echo "fail" + fi +} + +case "$1" in + start) + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load + ;; + stop) + [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save + clear_rules + ;; + restart|reload|force-reload) + [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save + clear_rules + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load + ;; + load) + load + ;; + save) + save + ;; + status) + get_supported_tables + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then + echo "No kernel support for ebtables." + RETVAL=1 + else + echo -n "Ebtables support available, number of installed rules: " + for table in $EBTABLES_SUPPORTED_TABLES; do + COUNT=$(( $(/usr/sbin/ebtables-legacy -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 )) + echo -n "$table($COUNT) " + done + echo ok + RETVAL=0 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2 + RETVAL=1 +esac + +exit $RETVAL diff --git a/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.service b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.service new file mode 100644 index 0000000000..3abd1fe3e2 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/ebtables.service @@ -0,0 +1,11 @@ +[Unit] +Description=Ethernet Bridge Filtering Tables + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@SBINDIR@/ebtables.common start +ExecStop=@SBINDIR@/ebtables.common stop + +[Install] +WantedBy=multi-user.target |