diff options
Diffstat (limited to 'meta-networking/recipes-filter')
42 files changed, 824 insertions, 3328 deletions
diff --git a/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.1.1.bb b/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.1.1.bb index 8b78433d73..e124fd2906 100644 --- a/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.1.1.bb +++ b/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.1.1.bb @@ -1,7 +1,7 @@ SUMMARY = "IPTables based firewall scripts" HOMEPAGE = "http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://gpl_license.txt;md5=11c7b65c4a4acb9d5175f7e9bf99c403" SRCREV = "a96b81da4a9b619e4045805f5f13a1e982c95663" @@ -20,7 +20,7 @@ do_install() { install -m 0755 ${S}/bin/arno-fwfilter ${D}${bindir} cp -r ${S}/share/arno-iptables-firewall/* ${D}${datadir}/arno-iptables-firewall cp -r ${S}/etc/arno-iptables-firewall/* ${D}${sysconfdir}/arno-iptables-firewall - install -m 0644 ${S}/${systemd_unitdir}/system/arno-iptables-firewall.service ${D}${systemd_unitdir}/system + install -m 0644 ${S}/lib/systemd/system/arno-iptables-firewall.service ${D}${systemd_unitdir}/system sed -i -e 's%/usr/local/sbin%${bindir}%g' ${D}${systemd_unitdir}/system/arno-iptables-firewall.service sed -i -e 's%/usr/local/sbin%${sbindir}%g' ${D}${bindir}/arno-iptables-firewall sed -i -e 's%/usr/local%${exec_prefix}%g' ${D}${sysconfdir}/arno-iptables-firewall/firewall.conf diff --git a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb deleted file mode 100644 index 0e009da029..0000000000 --- a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb +++ /dev/null @@ -1,34 +0,0 @@ -SUMMARY = "Connection tracking userspace tools for Linux" -SECTION = "net" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" - -DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \ - libnetfilter-cthelper libnetfilter-queue bison-native libtirpc" - -EXTRA_OECONF += "LIBS=-ltirpc CPPFLAGS=-I${STAGING_INCDIR}/tirpc" - -SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.bz2;name=tar \ - file://conntrack-failover \ - file://init \ -" -SRC_URI[tar.md5sum] = "a9dc7567921213007def78ad72313109" -SRC_URI[tar.sha256sum] = "590859cc848245dbfd9c6487761dd303b3a1771e007f4f42213063ca56205d5f" - -inherit autotools update-rc.d pkgconfig - -INITSCRIPT_NAME = "conntrackd" - -do_install:append() { - install -d ${D}/${sysconfdir}/conntrackd - install -d ${D}/${sysconfdir}/init.d - install -m 0644 ${S}/doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample - install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover - install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd - - # Fix hardcoded paths in scripts - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd - sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd - sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample - sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd -} diff --git a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.8.bb b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.8.bb new file mode 100644 index 0000000000..07e01845d7 --- /dev/null +++ b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.8.bb @@ -0,0 +1,60 @@ +SUMMARY = "Connection tracking userspace tools for Linux" +SECTION = "net" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \ + libnetfilter-cthelper libnetfilter-queue bison-native libtirpc" + +EXTRA_OECONF += "LIBS=-ltirpc CPPFLAGS=-I${STAGING_INCDIR}/tirpc" + +SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.xz \ + file://conntrack-failover \ + file://init \ + file://conntrackd.service \ +" +SRC_URI[sha256sum] = "067677f4c5f6564819e78ed3a9d4a8980935ea9273f3abb22a420ea30ab5ded6" + +inherit autotools update-rc.d pkgconfig systemd + +PACKAGECONFIG ?= "cthelper cttimeout \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" + +PACKAGECONFIG[cthelper] = "--enable-cthelper,--disable-cthelper" +PACKAGECONFIG[cttimeout] = "--enable-cttimeout,--disable-cttimeout" +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" + +INITSCRIPT_NAME = "conntrackd" + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "conntrackd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +do_install:append() { + install -d ${D}/${sysconfdir}/conntrackd + install -d ${D}/${sysconfdir}/init.d + install -m 0644 ${S}/doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample + install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover + install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd + sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd + sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample + sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${WORKDIR}/conntrackd.service ${D}/${systemd_system_unitdir} + fi +} + +# fix error message: Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-) +pkg_postinst:${PN} () { + setcap cap_net_admin+ep "$D/${sbindir}/conntrack" +} +PACKAGE_WRITE_DEPS += "libcap-native" + +RRECOMMENDS:${PN} = "kernel-module-nf-conntrack kernel-module-nfnetlink \ + kernel-module-nf-conntrack-netlink \ + " diff --git a/meta-networking/recipes-filter/conntrack-tools/files/conntrackd.service b/meta-networking/recipes-filter/conntrack-tools/files/conntrackd.service new file mode 100644 index 0000000000..b3b0f1d216 --- /dev/null +++ b/meta-networking/recipes-filter/conntrack-tools/files/conntrackd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Conntrack Daemon +Documentation=man:conntrackd(8) man:conntrackd.conf(5) + +[Service] +Type=notify +ExecStartPre=-/bin/rm -f /var/lock/conntrackd.lock +ExecStart=/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch index 1f3fcfe370..dd8ad969c0 100644 --- a/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0010-Adjust-header-include-sequence.patch @@ -8,6 +8,8 @@ This fixes the build with musl Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> --- +Upstream-Status: Pending + extensions/ebt_among.c | 2 +- extensions/ebt_arpreply.c | 2 +- extensions/ebt_nat.c | 2 +- diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb index 21e5c1877e..d522b514f6 100644 --- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb @@ -2,11 +2,11 @@ SUMMARY = "Filtering tool for a Linux-based bridging firewall" HOMEPAGE = "http://sourceforge.net/projects/ebtables/" DESCRIPTION = "Utility for basic Ethernet frame filtering on a Linux bridge, \ advanced logging, MAC DNAT/SNAT and brouting." -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e" SECTION = "net" -RDEPENDS:${PN} += "bash perl" +RDEPENDS:${PN} += "bash" RRECOMMENDS:${PN} += "kernel-module-ebtables \ " diff --git a/meta-networking/recipes-filter/ipset/ipset/0001-ipset-Define-portable-basename-function.patch b/meta-networking/recipes-filter/ipset/ipset/0001-ipset-Define-portable-basename-function.patch new file mode 100644 index 0000000000..a06bcac362 --- /dev/null +++ b/meta-networking/recipes-filter/ipset/ipset/0001-ipset-Define-portable-basename-function.patch @@ -0,0 +1,50 @@ +From 8c5c0a7a48af7652c50bc27a4efdd9cb4f7d95bd Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 24 Mar 2024 21:58:50 -0700 +Subject: [PATCH] ipset: Define portable basename function + +Newer version of musl have removed prototype for basename in string.h [1] +which now makes it fail to compile with newer clang 18+ compiler therefore +define own basename utility function and not depend on platform for it. + +[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/ipset.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/ipset.c b/src/ipset.c +index 162f477..7b5d580 100644 +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -16,6 +16,16 @@ + #include <libipset/ipset.h> /* ipset library */ + #include <libipset/xlate.h> /* translate to nftables */ + ++/* basename is implemented differently across different C libraries. This ++ * implementation matches the one provided by the GNU libc, and does not ++ * modify its input parameter. ++ */ ++static const char *ipset_basename(const char *path) ++{ ++ const char *base = strrchr(path, '/'); ++ return base ? base + 1 : path; ++} ++ + int + main(int argc, char *argv[]) + { +@@ -32,7 +42,7 @@ main(int argc, char *argv[]) + exit(1); + } + +- if (!strcmp(basename(argv[0]), "ipset-translate")) { ++ if (!strcmp(ipset_basename(argv[0]), "ipset-translate")) { + ret = ipset_xlate_argv(ipset, argc, argv); + } else { + ret = ipset_parse_argv(ipset, argc, argv); +-- +2.44.0 + diff --git a/meta-networking/recipes-filter/ipset/ipset_7.11.bb b/meta-networking/recipes-filter/ipset/ipset_7.21.bb index 3e64f41596..c7ebdc1c66 100644 --- a/meta-networking/recipes-filter/ipset/ipset_7.11.bb +++ b/meta-networking/recipes-filter/ipset/ipset_7.21.bb @@ -3,14 +3,15 @@ DESCRIPTION = "Administration tool for IP sets" HOMEPAGE = "http://ipset.netfilter.org" -LICENSE = "GPL-2.0" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552" SECTION = "base" DEPENDS = "libtool libmnl" -SRC_URI = "http://ftp.netfilter.org/pub/ipset/${BP}.tar.bz2" -SRC_URI[sha256sum] = "3151baad30f1d9e317b2ab4f2f5aa7a9f7b4dc11fcf8fe73acd0dc0b5dbabf7d" +SRC_URI = "http://ftp.netfilter.org/pub/ipset/${BP}.tar.bz2 \ + file://0001-ipset-Define-portable-basename-function.patch" +SRC_URI[sha256sum] = "e2c6ce4fcf3acb3893ca5d35c86935f80ad76fc5ccae601185842df760e0bc69" inherit autotools pkgconfig module-base diff --git a/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch b/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch new file mode 100644 index 0000000000..a02940af3d --- /dev/null +++ b/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch @@ -0,0 +1,61 @@ +From 21ee35dde73aec5eba35290587d479218c6dd824 Mon Sep 17 00:00:00 2001 +From: Robert Marko <robimarko@gmail.com> +Date: Thu, 24 Feb 2022 15:01:11 +0100 +Subject: [PATCH] conntrack: fix build with kernel 5.15 and musl + +Currently, with kernel 5.15 headers and musl building is failing with +redefinition errors due to a conflict between the kernel and musl headers. + +Musl is able to suppres the conflicting kernel header definitions if they +are included after the standard libc ones, however since ICMP definitions +were moved into a separate internal header to avoid duplication this has +stopped working and is breaking the builds. + +It seems that the issue is that <netinet/in.h> which contains the UAPI +suppression defines is included in the internal.h header and not in the +proto.h which actually includes the kernel ICMP headers and thus UAPI +supression defines are not present. + +Solve this by moving the <netinet/in.h> include before the ICMP kernel +includes in the proto.h + +Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file") +Signed-off-by: Robert Marko <robimarko@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> + +Upstream-Status: Backport +[https://git.netfilter.org/libnetfilter_conntrack/commit/?id=21ee35dde73aec5eba35290587d479218c6dd824] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + include/internal/internal.h | 1 - + include/internal/proto.h | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/internal/internal.h b/include/internal/internal.h +index 2ef8a90..7cd7c44 100644 +--- a/include/internal/internal.h ++++ b/include/internal/internal.h +@@ -14,7 +14,6 @@ + #include <arpa/inet.h> + #include <time.h> + #include <errno.h> +-#include <netinet/in.h> + + #include <libnfnetlink/libnfnetlink.h> + #include <libnetfilter_conntrack/libnetfilter_conntrack.h> +diff --git a/include/internal/proto.h b/include/internal/proto.h +index 40e7bfe..60a5f4e 100644 +--- a/include/internal/proto.h ++++ b/include/internal/proto.h +@@ -2,6 +2,7 @@ + #define _NFCT_PROTO_H_ + + #include <stdint.h> ++#include <netinet/in.h> + #include <linux/icmp.h> + #include <linux/icmpv6.h> + +-- +2.25.1 + diff --git a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch b/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch index 9e0b420e0a..92e178efb7 100644 --- a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch +++ b/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-acct-Declare-the-define-visivility-attribute-together.patch @@ -10,6 +10,8 @@ fail to link due to these missing symbols Signed-off-by: Khem Raj <raj.khem@gmail.com> --- +Upstream-Status: Pending + doxygen.cfg.in | 2 +- src/internal.h | 5 ++--- src/libnetfilter_acct.c | 41 ++++++++++++++--------------------------- diff --git a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch b/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch deleted file mode 100644 index aa9ff09a99..0000000000 --- a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch +++ /dev/null @@ -1,1227 +0,0 @@ -From db7eb5f0a4e78c6bd3c4f9cbd8332d909eb82ad6 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 10 Apr 2017 12:09:41 -0700 -Subject: [PATCH] Declare the define visivility attribute together - -clang ignores the visibility attribute if its not -defined before the definition. As a result these -symbols become hidden and consumers of this library -fail to link due to these missing symbols - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - doxygen.cfg.in | 2 +- - src/extra/ipv4.c | 15 ++---- - src/extra/ipv6.c | 9 ++-- - src/extra/pktbuff.c | 42 +++++---------- - src/extra/tcp.c | 21 +++----- - src/extra/udp.c | 21 +++----- - src/internal.h | 5 +- - src/libnetfilter_queue.c | 108 +++++++++++++-------------------------- - src/nlmsg.c | 21 +++----- - 9 files changed, 82 insertions(+), 162 deletions(-) - -diff --git a/doxygen.cfg.in b/doxygen.cfg.in -index a7378ca..659abee 100644 ---- a/doxygen.cfg.in -+++ b/doxygen.cfg.in -@@ -72,7 +72,7 @@ RECURSIVE = YES - EXCLUDE = - EXCLUDE_SYMLINKS = NO - EXCLUDE_PATTERNS = --EXCLUDE_SYMBOLS = EXPORT_SYMBOL -+EXCLUDE_SYMBOLS = - EXAMPLE_PATH = - EXAMPLE_PATTERNS = - EXAMPLE_RECURSIVE = NO -diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c -index a93d113..56d5dc7 100644 ---- a/src/extra/ipv4.c -+++ b/src/extra/ipv4.c -@@ -32,7 +32,7 @@ - * This funcion returns NULL if the IPv4 is malformed or the protocol version - * is not 4. On success, it returns a valid pointer to the IPv4 header. - */ --struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) -+struct iphdr __EXPORTED *nfq_ip_get_hdr(struct pkt_buff *pktb) - { - struct iphdr *iph; - unsigned int pktlen = pktb->tail - pktb->network_header; -@@ -53,14 +53,13 @@ struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) - - return iph; - } --EXPORT_SYMBOL(nfq_ip_get_hdr); - - /** - * nfq_ip_set_transport_header - set transport header - * \param pktb: pointer to network packet buffer - * \param iph: pointer to the IPv4 header - */ --int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) -+int __EXPORTED nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) - { - int doff = iph->ihl * 4; - -@@ -71,7 +70,6 @@ int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) - pktb->transport_header = pktb->network_header + doff; - return 0; - } --EXPORT_SYMBOL(nfq_ip_set_transport_header); - - /** - * nfq_ip_set_checksum - set IPv4 checksum -@@ -80,14 +78,13 @@ EXPORT_SYMBOL(nfq_ip_set_transport_header); - * \note Call to this function if you modified the IPv4 header to update the - * checksum. - */ --void nfq_ip_set_checksum(struct iphdr *iph) -+void __EXPORTED nfq_ip_set_checksum(struct iphdr *iph) - { - uint32_t iph_len = iph->ihl * 4; - - iph->check = 0; - iph->check = nfq_checksum(0, (uint16_t *)iph, iph_len); - } --EXPORT_SYMBOL(nfq_ip_set_checksum); - - /** - * nfq_ip_mangle - mangle IPv4 packet buffer -@@ -100,7 +97,7 @@ EXPORT_SYMBOL(nfq_ip_set_checksum); - * - * \note This function recalculates the IPv4 checksum (if needed). - */ --int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, -+int __EXPORTED nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, - unsigned int match_offset, unsigned int match_len, - const char *rep_buffer, unsigned int rep_len) - { -@@ -116,7 +113,6 @@ int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, - - return 1; - } --EXPORT_SYMBOL(nfq_ip_mangle); - - /** - * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format -@@ -128,7 +124,7 @@ EXPORT_SYMBOL(nfq_ip_mangle); - * case that there is enough room in the buffer. Read snprintf manpage for more - * information to know more about this strange behaviour. - */ --int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) -+int __EXPORTED nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) - { - int ret; - struct in_addr src = { iph->saddr }; -@@ -147,7 +143,6 @@ int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) - - return ret; - } --EXPORT_SYMBOL(nfq_ip_snprintf); - - /** - * @} -diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c -index 7c5dc9b..6641c6b 100644 ---- a/src/extra/ipv6.c -+++ b/src/extra/ipv6.c -@@ -33,7 +33,7 @@ - * This funcion returns NULL if an invalid header is found. On sucess, it - * returns a valid pointer to the header. - */ --struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) -+struct ip6_hdr __EXPORTED *nfq_ip6_get_hdr(struct pkt_buff *pktb) - { - struct ip6_hdr *ip6h; - unsigned int pktlen = pktb->tail - pktb->network_header; -@@ -50,7 +50,6 @@ struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) - - return ip6h; - } --EXPORT_SYMBOL(nfq_ip6_get_hdr); - - /** - * nfq_ip6_set_transport_header - set transport header pointer for IPv6 packet -@@ -61,7 +60,7 @@ EXPORT_SYMBOL(nfq_ip6_get_hdr); - * This function returns 1 if the protocol has been found and the transport - * header has been set. Otherwise, it returns 0. - */ --int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, -+int __EXPORTED nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, - uint8_t target) - { - uint8_t nexthdr = ip6h->ip6_nxt; -@@ -115,7 +114,6 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, - pktb->transport_header = cur; - return cur ? 1 : 0; - } --EXPORT_SYMBOL(nfq_ip6_set_transport_header); - - /** - * nfq_ip6_snprintf - print IPv6 header into one buffer in iptables LOG format -@@ -124,7 +122,7 @@ EXPORT_SYMBOL(nfq_ip6_set_transport_header); - * \param ip6_hdr: pointer to a valid IPv6 header. - * - */ --int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) -+int __EXPORTED nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) - { - int ret; - char src[INET6_ADDRSTRLEN]; -@@ -143,7 +141,6 @@ int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) - - return ret; - } --EXPORT_SYMBOL(nfq_ip6_snprintf); - - /** - * @} -diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c -index 1c15a00..54d8244 100644 ---- a/src/extra/pktbuff.c -+++ b/src/extra/pktbuff.c -@@ -40,7 +40,7 @@ - * - * \return a pointer to a new queue handle or NULL on failure. - */ --struct pkt_buff * -+struct pkt_buff __EXPORTED * - pktb_alloc(int family, void *data, size_t len, size_t extra) - { - struct pkt_buff *pktb; -@@ -84,120 +84,108 @@ pktb_alloc(int family, void *data, size_t len, size_t extra) - } - return pktb; - } --EXPORT_SYMBOL(pktb_alloc); - - /** - * pktb_data - return pointer to the beginning of the packet buffer - * \param pktb Pointer to packet buffer - */ --uint8_t *pktb_data(struct pkt_buff *pktb) -+uint8_t __EXPORTED *pktb_data(struct pkt_buff *pktb) - { - return pktb->data; - } --EXPORT_SYMBOL(pktb_data); - - /** - * pktb_len - return length of the packet buffer - * \param pktb Pointer to packet buffer - */ --uint32_t pktb_len(struct pkt_buff *pktb) -+uint32_t __EXPORTED pktb_len(struct pkt_buff *pktb) - { - return pktb->len; - } --EXPORT_SYMBOL(pktb_len); - - /** - * pktb_free - release packet buffer - * \param pktb Pointer to packet buffer - */ --void pktb_free(struct pkt_buff *pktb) -+void __EXPORTED pktb_free(struct pkt_buff *pktb) - { - free(pktb); - } --EXPORT_SYMBOL(pktb_free); - - /** - * pktb_push - update pointer to the beginning of the packet buffer - * \param pktb Pointer to packet buffer - */ --void pktb_push(struct pkt_buff *pktb, unsigned int len) -+void __EXPORTED pktb_push(struct pkt_buff *pktb, unsigned int len) - { - pktb->data -= len; - pktb->len += len; - } --EXPORT_SYMBOL(pktb_push); - - /** - * pktb_pull - update pointer to the beginning of the packet buffer - * \param pktb Pointer to packet buffer - */ --void pktb_pull(struct pkt_buff *pktb, unsigned int len) -+void __EXPORTED pktb_pull(struct pkt_buff *pktb, unsigned int len) - { - pktb->data += len; - pktb->len -= len; - } --EXPORT_SYMBOL(pktb_pull); - - /** - * pktb_put - add extra bytes to the tail of the packet buffer - * \param pktb Pointer to packet buffer - */ --void pktb_put(struct pkt_buff *pktb, unsigned int len) -+void __EXPORTED pktb_put(struct pkt_buff *pktb, unsigned int len) - { - pktb->tail += len; - pktb->len += len; - } --EXPORT_SYMBOL(pktb_put); - - /** - * pktb_trim - set new length for this packet buffer - * \param pktb Pointer to packet buffer - */ --void pktb_trim(struct pkt_buff *pktb, unsigned int len) -+void __EXPORTED pktb_trim(struct pkt_buff *pktb, unsigned int len) - { - pktb->len = len; - } --EXPORT_SYMBOL(pktb_trim); - - /** - * pktb_tailroom - get room in bytes in the tail of the packet buffer - * \param pktb Pointer to packet buffer - */ --unsigned int pktb_tailroom(struct pkt_buff *pktb) -+unsigned int __EXPORTED pktb_tailroom(struct pkt_buff *pktb) - { - return pktb->data_len - pktb->len; - } --EXPORT_SYMBOL(pktb_tailroom); - - /** - * pktb_mac_header - return pointer to layer 2 header (if any) - * \param pktb Pointer to packet buffer - */ --uint8_t *pktb_mac_header(struct pkt_buff *pktb) -+uint8_t __EXPORTED *pktb_mac_header(struct pkt_buff *pktb) - { - return pktb->mac_header; - } --EXPORT_SYMBOL(pktb_mac_header); - - /** - * pktb_network_header - return pointer to layer 3 header - * \param pktb Pointer to packet buffer - */ --uint8_t *pktb_network_header(struct pkt_buff *pktb) -+uint8_t __EXPORTED *pktb_network_header(struct pkt_buff *pktb) - { - return pktb->network_header; - } --EXPORT_SYMBOL(pktb_network_header); - - /** - * pktb_transport_header - return pointer to layer 4 header (if any) - * \param pktb Pointer to packet buffer - */ --uint8_t *pktb_transport_header(struct pkt_buff *pktb) -+uint8_t __EXPORTED *pktb_transport_header(struct pkt_buff *pktb) - { - return pktb->transport_header; - } --EXPORT_SYMBOL(pktb_transport_header); - - static int pktb_expand_tail(struct pkt_buff *pkt, int extra) - { -@@ -224,7 +212,7 @@ static int enlarge_pkt(struct pkt_buff *pkt, unsigned int extra) - return 1; - } - --int pktb_mangle(struct pkt_buff *pkt, -+int __EXPORTED pktb_mangle(struct pkt_buff *pkt, - unsigned int dataoff, - unsigned int match_offset, - unsigned int match_len, -@@ -258,17 +246,15 @@ int pktb_mangle(struct pkt_buff *pkt, - pkt->mangled = true; - return 1; - } --EXPORT_SYMBOL(pktb_mangle); - - /** - * pktb_mangled - return true if packet has been mangled - * \param pktb Pointer to packet buffer - */ --bool pktb_mangled(const struct pkt_buff *pkt) -+bool __EXPORTED pktb_mangled(const struct pkt_buff *pkt) - { - return pkt->mangled; - } --EXPORT_SYMBOL(pktb_mangled); - - /** - * @} -diff --git a/src/extra/tcp.c b/src/extra/tcp.c -index d1cd79d..8038ce5 100644 ---- a/src/extra/tcp.c -+++ b/src/extra/tcp.c -@@ -40,7 +40,7 @@ - * \note You have to call nfq_ip_set_transport_header or - * nfq_ip6_set_transport_header first to access the TCP header. - */ --struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) -+struct tcphdr __EXPORTED *nfq_tcp_get_hdr(struct pkt_buff *pktb) - { - if (pktb->transport_header == NULL) - return NULL; -@@ -51,14 +51,13 @@ struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) - - return (struct tcphdr *)pktb->transport_header; - } --EXPORT_SYMBOL(nfq_tcp_get_hdr); - - /** - * nfq_tcp_get_payload - get the TCP packet payload - * \param tcph: pointer to the TCP header - * \param pktb: pointer to user-space network packet buffer - */ --void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) -+void __EXPORTED *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) - { - unsigned int len = tcph->doff * 4; - -@@ -72,47 +71,43 @@ void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) - - return pktb->transport_header + len; - } --EXPORT_SYMBOL(nfq_tcp_get_payload); - - /** - * nfq_tcp_get_payload_len - get the tcp packet payload - * \param tcph: pointer to the TCP header - * \param pktb: pointer to user-space network packet buffer - */ --unsigned int -+unsigned int __EXPORTED - nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb) - { - return pktb->tail - pktb->transport_header; - } --EXPORT_SYMBOL(nfq_tcp_get_payload_len); - - /** - * nfq_tcp_set_checksum_ipv4 - computes IPv4/TCP packet checksum - * \param tcph: pointer to the TCP header - * \param iph: pointer to the IPv4 header - */ --void -+void __EXPORTED - nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph) - { - /* checksum field in header needs to be zero for calculation. */ - tcph->check = 0; - tcph->check = nfq_checksum_tcpudp_ipv4(iph); - } --EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4); - - /** - * nfq_tcp_set_checksum_ipv6 - computes IPv6/TCP packet checksum - * \param tcph: pointer to the TCP header - * \param iph: pointer to the IPv6 header - */ --void -+void __EXPORTED - nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h) - { - /* checksum field in header needs to be zero for calculation. */ - tcph->check = 0; - tcph->check = nfq_checksum_tcpudp_ipv6(ip6h, tcph); - } --EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6); - - /* - * The union cast uses a gcc extension to avoid aliasing problems -@@ -134,7 +129,7 @@ union tcp_word_hdr { - * \param tcp: pointer to a valid tcp header. - * - */ --int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) -+int __EXPORTED nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) - { - int ret, len = 0; - -@@ -177,7 +172,6 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) - - return ret; - } --EXPORT_SYMBOL(nfq_tcp_snprintf); - - /** - * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer -@@ -189,7 +183,7 @@ EXPORT_SYMBOL(nfq_tcp_snprintf); - * - * \note This function recalculates the IPv4 and TCP checksums for you. - */ --int -+int __EXPORTED - nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, - unsigned int match_offset, unsigned int match_len, - const char *rep_buffer, unsigned int rep_len) -@@ -208,7 +202,6 @@ nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, - - return 1; - } --EXPORT_SYMBOL(nfq_tcp_mangle_ipv4); - - /** - * @} -diff --git a/src/extra/udp.c b/src/extra/udp.c -index 8c44a66..99c8faa 100644 ---- a/src/extra/udp.c -+++ b/src/extra/udp.c -@@ -37,7 +37,7 @@ - * This function returns NULL if invalid UDP header is found. On success, - * it returns the UDP header. - */ --struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) -+struct udphdr __EXPORTED *nfq_udp_get_hdr(struct pkt_buff *pktb) - { - if (pktb->transport_header == NULL) - return NULL; -@@ -48,14 +48,13 @@ struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) - - return (struct udphdr *)pktb->transport_header; - } --EXPORT_SYMBOL(nfq_udp_get_hdr); - - /** - * nfq_udp_get_payload - get the UDP packet payload. - * \param udph: the pointer to the UDP header. - * \param tail: pointer to the tail of the packet - */ --void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) -+void __EXPORTED *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) - { - uint16_t len = ntohs(udph->len); - -@@ -69,17 +68,15 @@ void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) - - return pktb->transport_header + sizeof(struct udphdr); - } --EXPORT_SYMBOL(nfq_udp_get_payload); - - /** - * nfq_udp_get_payload_len - get the udp packet payload. - * \param udp: the pointer to the udp header. - */ --unsigned int nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) -+unsigned int __EXPORTED nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) - { - return pktb->tail - pktb->transport_header; - } --EXPORT_SYMBOL(nfq_udp_get_payload_len); - - /** - * nfq_udp_set_checksum_ipv4 - computes a IPv4/TCP packet's segment -@@ -91,14 +88,13 @@ EXPORT_SYMBOL(nfq_udp_get_payload_len); - * \see nfq_pkt_compute_ip_checksum - * \see nfq_pkt_compute_udp_checksum - */ --void -+void __EXPORTED - nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph) - { - /* checksum field in header needs to be zero for calculation. */ - udph->check = 0; - udph->check = nfq_checksum_tcpudp_ipv4(iph); - } --EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); - - /** - * nfq_udp_set_checksum_ipv6 - computes a IPv6/TCP packet's segment -@@ -110,14 +106,13 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); - * \see nfq_pkt_compute_ip_checksum - * \see nfq_pkt_compute_udp_checksum - */ --void -+void __EXPORTED - nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h) - { - /* checksum field in header needs to be zero for calculation. */ - udph->check = 0; - udph->check = nfq_checksum_tcpudp_ipv6(ip6h, udph); - } --EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); - - /** - * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer -@@ -129,7 +124,7 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); - * - * \note This function recalculates the IPv4 and TCP checksums for you. - */ --int -+int __EXPORTED - nfq_udp_mangle_ipv4(struct pkt_buff *pkt, - unsigned int match_offset, unsigned int match_len, - const char *rep_buffer, unsigned int rep_len) -@@ -148,7 +143,6 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt, - - return 1; - } --EXPORT_SYMBOL(nfq_udp_mangle_ipv4); - - /** - * nfq_pkt_snprintf_udp_hdr - print udp header into one buffer in a humnan -@@ -158,12 +152,11 @@ EXPORT_SYMBOL(nfq_udp_mangle_ipv4); - * \param udp: pointer to a valid udp header. - * - */ --int nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) -+int __EXPORTED nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) - { - return snprintf(buf, size, "SPT=%u DPT=%u ", - htons(udph->source), htons(udph->dest)); - } --EXPORT_SYMBOL(nfq_udp_snprintf); - - /** - * @} -diff --git a/src/internal.h b/src/internal.h -index 558d267..79b0752 100644 ---- a/src/internal.h -+++ b/src/internal.h -@@ -5,10 +5,9 @@ - #include <stdint.h> - #include <stdbool.h> - #ifdef HAVE_VISIBILITY_HIDDEN --# define __visible __attribute__((visibility("default"))) --# define EXPORT_SYMBOL(x) typeof(x) (x) __visible -+# define __EXPORTED __attribute__((visibility("default"))) - #else --# define EXPORT_SYMBOL -+# define __EXPORTED - #endif - - struct iphdr; -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 673e3b0..c12f068 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -133,8 +133,7 @@ struct nfq_data { - struct nfattr **data; - }; - --int nfq_errno; --EXPORT_SYMBOL(nfq_errno); -+int __EXPORTED nfq_errno; - - /*********************************************************************** - * low level stuff -@@ -218,11 +217,10 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], - - /* public interface */ - --struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) -+struct nfnl_handle __EXPORTED *nfq_nfnlh(struct nfq_handle *h) - { - return h->nfnlh; - } --EXPORT_SYMBOL(nfq_nfnlh); - - /** - * -@@ -294,11 +292,10 @@ EXPORT_SYMBOL(nfq_nfnlh); - * over the netlink connection associated with the given queue connection - * handle. - */ --int nfq_fd(struct nfq_handle *h) -+int __EXPORTED nfq_fd(struct nfq_handle *h) - { - return nfnl_fd(nfq_nfnlh(h)); - } --EXPORT_SYMBOL(nfq_fd); - /** - * @} - */ -@@ -349,7 +346,7 @@ EXPORT_SYMBOL(nfq_fd); - * - * \return a pointer to a new queue handle or NULL on failure. - */ --struct nfq_handle *nfq_open(void) -+struct nfq_handle __EXPORTED *nfq_open(void) - { - struct nfnl_handle *nfnlh = nfnl_open(); - struct nfq_handle *qh; -@@ -366,7 +363,6 @@ struct nfq_handle *nfq_open(void) - - return qh; - } --EXPORT_SYMBOL(nfq_open); - - /** - * @} -@@ -382,7 +378,7 @@ EXPORT_SYMBOL(nfq_open); - * - * \return a pointer to a new queue handle or NULL on failure. - */ --struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh) -+struct nfq_handle __EXPORTED *nfq_open_nfnl(struct nfnl_handle *nfnlh) - { - struct nfnl_callback pkt_cb = { - .call = __nfq_rcv_pkt, -@@ -419,7 +415,6 @@ out_free: - free(h); - return NULL; - } --EXPORT_SYMBOL(nfq_open_nfnl); - - /** - * \addtogroup LibrarySetup -@@ -438,7 +433,7 @@ EXPORT_SYMBOL(nfq_open_nfnl); - * - * \return 0 on success, non-zero on failure. - */ --int nfq_close(struct nfq_handle *h) -+int __EXPORTED nfq_close(struct nfq_handle *h) - { - int ret; - -@@ -447,7 +442,6 @@ int nfq_close(struct nfq_handle *h) - free(h); - return ret; - } --EXPORT_SYMBOL(nfq_close); - - /** - * nfq_bind_pf - bind a nfqueue handler to a given protocol family -@@ -460,11 +454,10 @@ EXPORT_SYMBOL(nfq_close); - * - * \return integer inferior to 0 in case of failure - */ --int nfq_bind_pf(struct nfq_handle *h, uint16_t pf) -+int __EXPORTED nfq_bind_pf(struct nfq_handle *h, uint16_t pf) - { - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf); - } --EXPORT_SYMBOL(nfq_bind_pf); - - /** - * nfq_unbind_pf - unbind nfqueue handler from a protocol family -@@ -476,11 +469,10 @@ EXPORT_SYMBOL(nfq_bind_pf); - * - * This call is obsolete, Linux kernels from 3.8 onwards ignore it. - */ --int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) -+int __EXPORTED nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) - { - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf); - } --EXPORT_SYMBOL(nfq_unbind_pf); - - - /** -@@ -524,7 +516,7 @@ typedef int nfq_callback(struct nfq_q_handle *qh, - * The callback should return < 0 to stop processing. - */ - --struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, -+struct nfq_q_handle __EXPORTED *nfq_create_queue(struct nfq_handle *h, - uint16_t num, - nfq_callback *cb, - void *data) -@@ -555,7 +547,6 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, - add_qh(qh); - return qh; - } --EXPORT_SYMBOL(nfq_create_queue); - - /** - * @} -@@ -573,7 +564,7 @@ EXPORT_SYMBOL(nfq_create_queue); - * Removes the binding for the specified queue handle. This call also unbind - * from the nfqueue handler, so you don't have to call nfq_unbind_pf. - */ --int nfq_destroy_queue(struct nfq_q_handle *qh) -+int __EXPORTED nfq_destroy_queue(struct nfq_q_handle *qh) - { - int ret = __build_send_cfg_msg(qh->h, NFQNL_CFG_CMD_UNBIND, qh->id, 0); - if (ret == 0) { -@@ -583,7 +574,6 @@ int nfq_destroy_queue(struct nfq_q_handle *qh) - - return ret; - } --EXPORT_SYMBOL(nfq_destroy_queue); - - /** - * nfq_handle_packet - handle a packet received from the nfqueue subsystem -@@ -597,11 +587,10 @@ EXPORT_SYMBOL(nfq_destroy_queue); - * - * \return 0 on success, non-zero on failure. - */ --int nfq_handle_packet(struct nfq_handle *h, char *buf, int len) -+int __EXPORTED nfq_handle_packet(struct nfq_handle *h, char *buf, int len) - { - return nfnl_handle_packet(h->nfnlh, buf, len); - } --EXPORT_SYMBOL(nfq_handle_packet); - - /** - * nfq_set_mode - set the amount of packet data that nfqueue copies to userspace -@@ -618,7 +607,7 @@ EXPORT_SYMBOL(nfq_handle_packet); - * - * \return -1 on error; >=0 otherwise. - */ --int nfq_set_mode(struct nfq_q_handle *qh, -+int __EXPORTED nfq_set_mode(struct nfq_q_handle *qh, - uint8_t mode, uint32_t range) - { - union { -@@ -638,7 +627,6 @@ int nfq_set_mode(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } --EXPORT_SYMBOL(nfq_set_mode); - - /** - * nfq_set_queue_flags - set flags (options) for the kernel queue -@@ -708,7 +696,7 @@ EXPORT_SYMBOL(nfq_set_mode); - * - * \return -1 on error with errno set appropriately; =0 otherwise. - */ --int nfq_set_queue_flags(struct nfq_q_handle *qh, -+int __EXPORTED nfq_set_queue_flags(struct nfq_q_handle *qh, - uint32_t mask, uint32_t flags) - { - union { -@@ -729,7 +717,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } --EXPORT_SYMBOL(nfq_set_queue_flags); - - /** - * nfq_set_queue_maxlen - Set kernel queue maximum length parameter -@@ -742,7 +729,7 @@ EXPORT_SYMBOL(nfq_set_queue_flags); - * - * \return -1 on error; >=0 otherwise. - */ --int nfq_set_queue_maxlen(struct nfq_q_handle *qh, -+int __EXPORTED nfq_set_queue_maxlen(struct nfq_q_handle *qh, - uint32_t queuelen) - { - union { -@@ -760,7 +747,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } --EXPORT_SYMBOL(nfq_set_queue_maxlen); - - /** - * @} -@@ -847,14 +833,13 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id, - * - * \return -1 on error; >= 0 otherwise. - */ --int nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, -+int __EXPORTED nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, - uint32_t verdict, uint32_t data_len, - const unsigned char *buf) - { - return __set_verdict(qh, id, verdict, 0, 0, data_len, buf, - NFQNL_MSG_VERDICT); - } --EXPORT_SYMBOL(nfq_set_verdict); - - /** - * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark. -@@ -865,14 +850,13 @@ EXPORT_SYMBOL(nfq_set_verdict); - * \param data_len number of bytes of data pointed to by #buf - * \param buf the buffer that contains the packet data - */ --int nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, -+int __EXPORTED nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, - uint32_t verdict, uint32_t mark, - uint32_t data_len, const unsigned char *buf) - { - return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, - buf, NFQNL_MSG_VERDICT); - } --EXPORT_SYMBOL(nfq_set_verdict2); - - /** - * nfq_set_verdict_batch - issue verdicts on several packets at once -@@ -886,13 +870,12 @@ EXPORT_SYMBOL(nfq_set_verdict2); - * batch support was added in Linux 3.1. - * These functions will fail silently on older kernels. - */ --int nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, -+int __EXPORTED nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, - uint32_t verdict) - { - return __set_verdict(qh, id, verdict, 0, 0, 0, NULL, - NFQNL_MSG_VERDICT_BATCH); - } --EXPORT_SYMBOL(nfq_set_verdict_batch); - - /** - * nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark. -@@ -901,13 +884,12 @@ EXPORT_SYMBOL(nfq_set_verdict_batch); - * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP) - * \param mark mark to put on packet - */ --int nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, -+int __EXPORTED nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, - uint32_t verdict, uint32_t mark) - { - return __set_verdict(qh, id, verdict, htonl(mark), 1, 0, - NULL, NFQNL_MSG_VERDICT_BATCH); - } --EXPORT_SYMBOL(nfq_set_verdict_batch2); - - /** - * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark. -@@ -923,14 +905,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2); - * This function is deprecated since it is broken, its use is highly - * discouraged. Please, use nfq_set_verdict2 instead. - */ --int nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, -+int __EXPORTED nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, - uint32_t verdict, uint32_t mark, - uint32_t data_len, const unsigned char *buf) - { - return __set_verdict(qh, id, verdict, mark, 1, data_len, buf, - NFQNL_MSG_VERDICT); - } --EXPORT_SYMBOL(nfq_set_verdict_mark); - - /** - * @} -@@ -965,12 +946,11 @@ EXPORT_SYMBOL(nfq_set_verdict_mark); - } __attribute__ ((packed)); - \endverbatim - */ --struct nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(struct nfq_data *nfad) -+struct nfqnl_msg_packet_hdr __EXPORTED *nfq_get_msg_packet_hdr(struct nfq_data *nfad) - { - return nfnl_get_pointer_to_data(nfad->data, NFQA_PACKET_HDR, - struct nfqnl_msg_packet_hdr); - } --EXPORT_SYMBOL(nfq_get_msg_packet_hdr); - - /** - * nfq_get_nfmark - get the packet mark -@@ -978,11 +958,10 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr); - * - * \return the netfilter mark currently assigned to the given queued packet. - */ --uint32_t nfq_get_nfmark(struct nfq_data *nfad) -+uint32_t __EXPORTED nfq_get_nfmark(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t)); - } --EXPORT_SYMBOL(nfq_get_nfmark); - - /** - * nfq_get_timestamp - get the packet timestamp -@@ -993,7 +972,7 @@ EXPORT_SYMBOL(nfq_get_nfmark); - * - * \return 0 on success, non-zero on failure. - */ --int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) -+int __EXPORTED nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) - { - struct nfqnl_msg_packet_timestamp *qpt; - qpt = nfnl_get_pointer_to_data(nfad->data, NFQA_TIMESTAMP, -@@ -1006,7 +985,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) - - return 0; - } --EXPORT_SYMBOL(nfq_get_timestamp); - - /** - * nfq_get_indev - get the interface that the packet was received through -@@ -1019,11 +997,10 @@ EXPORT_SYMBOL(nfq_get_timestamp); - * \warning all nfq_get_dev() functions return 0 if not set, since linux - * only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1) - */ --uint32_t nfq_get_indev(struct nfq_data *nfad) -+uint32_t __EXPORTED nfq_get_indev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_INDEV, uint32_t)); - } --EXPORT_SYMBOL(nfq_get_indev); - - /** - * nfq_get_physindev - get the physical interface that the packet was received -@@ -1033,11 +1010,10 @@ EXPORT_SYMBOL(nfq_get_indev); - * If the returned index is 0, the packet was locally generated or the - * physical input interface is no longer known (ie. POSTROUTING?). - */ --uint32_t nfq_get_physindev(struct nfq_data *nfad) -+uint32_t __EXPORTED nfq_get_physindev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSINDEV, uint32_t)); - } --EXPORT_SYMBOL(nfq_get_physindev); - - /** - * nfq_get_outdev - gets the interface that the packet will be routed out -@@ -1047,11 +1023,10 @@ EXPORT_SYMBOL(nfq_get_physindev); - * returned index is 0, the packet is destined for localhost or the output - * interface is not yet known (ie. PREROUTING?). - */ --uint32_t nfq_get_outdev(struct nfq_data *nfad) -+uint32_t __EXPORTED nfq_get_outdev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_OUTDEV, uint32_t)); - } --EXPORT_SYMBOL(nfq_get_outdev); - - /** - * nfq_get_physoutdev - get the physical interface that the packet output -@@ -1063,11 +1038,10 @@ EXPORT_SYMBOL(nfq_get_outdev); - * - * \return The index of physical interface that the packet output will be routed out. - */ --uint32_t nfq_get_physoutdev(struct nfq_data *nfad) -+uint32_t __EXPORTED nfq_get_physoutdev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, uint32_t)); - } --EXPORT_SYMBOL(nfq_get_physoutdev); - - /** - * nfq_get_indev_name - get the name of the interface the packet -@@ -1107,13 +1081,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev); - \endverbatim - * - */ --int nfq_get_indev_name(struct nlif_handle *nlif_handle, -+int __EXPORTED nfq_get_indev_name(struct nlif_handle *nlif_handle, - struct nfq_data *nfad, char *name) - { - uint32_t ifindex = nfq_get_indev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } --EXPORT_SYMBOL(nfq_get_indev_name); - - /** - * nfq_get_physindev_name - get the name of the physical interface the -@@ -1127,13 +1100,12 @@ EXPORT_SYMBOL(nfq_get_indev_name); - * - * \return -1 in case of error, > 0 if it succeed. - */ --int nfq_get_physindev_name(struct nlif_handle *nlif_handle, -+int __EXPORTED nfq_get_physindev_name(struct nlif_handle *nlif_handle, - struct nfq_data *nfad, char *name) - { - uint32_t ifindex = nfq_get_physindev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } --EXPORT_SYMBOL(nfq_get_physindev_name); - - /** - * nfq_get_outdev_name - get the name of the physical interface the -@@ -1147,13 +1119,12 @@ EXPORT_SYMBOL(nfq_get_physindev_name); - * - * \return -1 in case of error, > 0 if it succeed. - */ --int nfq_get_outdev_name(struct nlif_handle *nlif_handle, -+int __EXPORTED nfq_get_outdev_name(struct nlif_handle *nlif_handle, - struct nfq_data *nfad, char *name) - { - uint32_t ifindex = nfq_get_outdev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } --EXPORT_SYMBOL(nfq_get_outdev_name); - - /** - * nfq_get_physoutdev_name - get the name of the interface the -@@ -1168,13 +1139,12 @@ EXPORT_SYMBOL(nfq_get_outdev_name); - * \return -1 in case of error, > 0 if it succeed. - */ - --int nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, -+int __EXPORTED nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, - struct nfq_data *nfad, char *name) - { - uint32_t ifindex = nfq_get_physoutdev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } --EXPORT_SYMBOL(nfq_get_physoutdev_name); - - /** - * nfq_get_packet_hw -@@ -1198,12 +1168,11 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name); - } __attribute__ ((packed)); - \endverbatim - */ --struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad) -+struct nfqnl_msg_packet_hw __EXPORTED *nfq_get_packet_hw(struct nfq_data *nfad) - { - return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR, - struct nfqnl_msg_packet_hw); - } --EXPORT_SYMBOL(nfq_get_packet_hw); - - /** - * nfq_get_uid - get the UID of the user the packet belongs to -@@ -1215,7 +1184,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw); - * - * \return 1 if there is a UID available, 0 otherwise. - */ --int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) -+int __EXPORTED nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) - { - if (!nfnl_attr_present(nfad->data, NFQA_UID)) - return 0; -@@ -1223,7 +1192,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) - *uid = ntohl(nfnl_get_data(nfad->data, NFQA_UID, uint32_t)); - return 1; - } --EXPORT_SYMBOL(nfq_get_uid); - - /** - * nfq_get_gid - get the GID of the user the packet belongs to -@@ -1235,7 +1203,7 @@ EXPORT_SYMBOL(nfq_get_uid); - * - * \return 1 if there is a GID available, 0 otherwise. - */ --int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) -+int __EXPORTED nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) - { - if (!nfnl_attr_present(nfad->data, NFQA_GID)) - return 0; -@@ -1243,7 +1211,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) - *gid = ntohl(nfnl_get_data(nfad->data, NFQA_GID, uint32_t)); - return 1; - } --EXPORT_SYMBOL(nfq_get_gid); - - /** - * nfq_get_secctx - get the security context for this packet -@@ -1256,7 +1223,7 @@ EXPORT_SYMBOL(nfq_get_gid); - * - * \return -1 on error, otherwise > 0 - */ --int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) -+int __EXPORTED nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) - { - if (!nfnl_attr_present(nfad->data, NFQA_SECCTX)) - return -1; -@@ -1269,7 +1236,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) - - return 0; - } --EXPORT_SYMBOL(nfq_get_secctx); - - /** - * nfq_get_payload - get payload -@@ -1282,7 +1248,7 @@ EXPORT_SYMBOL(nfq_get_secctx); - * - * \return -1 on error, otherwise > 0. - */ --int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) -+int __EXPORTED nfq_get_payload(struct nfq_data *nfad, unsigned char **data) - { - *data = (unsigned char *) - nfnl_get_pointer_to_data(nfad->data, NFQA_PAYLOAD, char); -@@ -1291,7 +1257,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) - - return -1; - } --EXPORT_SYMBOL(nfq_get_payload); - - /** - * @} -@@ -1336,7 +1301,7 @@ do { \ - * would have been printed into the buffer (in case that there is enough - * room in it). See snprintf() return value for more information. - */ --int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) -+int __EXPORTED nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) - { - struct nfqnl_msg_packet_hdr *ph; - struct nfqnl_msg_packet_hw *hwph; -@@ -1489,7 +1454,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) - - return len; - } --EXPORT_SYMBOL(nfq_snprintf_xml); - - /** - * @} -diff --git a/src/nlmsg.c b/src/nlmsg.c -index ba28c77..5582407 100644 ---- a/src/nlmsg.c -+++ b/src/nlmsg.c -@@ -30,7 +30,7 @@ - * @{ - */ - --void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) -+void __EXPORTED nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) - { - struct nfqnl_msg_verdict_hdr vh = { - .verdict = htonl(verdict), -@@ -38,20 +38,17 @@ void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) - }; - mnl_attr_put(nlh, NFQA_VERDICT_HDR, sizeof(vh), &vh); - } --EXPORT_SYMBOL(nfq_nlmsg_verdict_put); - --void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) -+void __EXPORTED nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) - { - mnl_attr_put_u32(nlh, NFQA_MARK, htonl(mark)); - } --EXPORT_SYMBOL(nfq_nlmsg_verdict_put_mark); - --void -+void __EXPORTED - nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t plen) - { - mnl_attr_put(nlh, NFQA_PAYLOAD, plen, pkt); - } --EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); - - /** - * @} -@@ -85,7 +82,7 @@ EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); - * given protocol family. Both commands are ignored by Linux kernel 3.8 and - * later versions. - */ --void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) -+void __EXPORTED nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) - { - struct nfqnl_msg_config_cmd command = { - .command = cmd, -@@ -93,9 +90,8 @@ void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) - }; - mnl_attr_put(nlh, NFQA_CFG_CMD, sizeof(command), &command); - } --EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd); - --void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) -+void __EXPORTED nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) - { - struct nfqnl_msg_config_params params = { - .copy_range = htonl(range), -@@ -103,13 +99,11 @@ void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) - }; - mnl_attr_put(nlh, NFQA_CFG_PARAMS, sizeof(params), ¶ms); - } --EXPORT_SYMBOL(nfq_nlmsg_cfg_put_params); - --void nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) -+void __EXPORTED nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) - { - mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(queue_maxlen)); - } --EXPORT_SYMBOL(nfq_nlmsg_cfg_put_qmaxlen); - - /** - * @} -@@ -179,12 +173,11 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) - * This function returns MNL_CB_ERROR if any error occurs, or MNL_CB_OK on - * success. - */ --int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) -+int __EXPORTED nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) - { - return mnl_attr_parse(nlh, sizeof(struct nfgenmsg), - nfq_pkt_parse_attr_cb, attr); - } --EXPORT_SYMBOL(nfq_nlmsg_parse); - - /** - * @} diff --git a/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch b/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch deleted file mode 100644 index e717d5b0e3..0000000000 --- a/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cthelper-visibility-hidden.patch +++ /dev/null @@ -1,382 +0,0 @@ -From f58c5b09fb59baf07c942d373fc4d522b27e73c6 Mon Sep 17 00:00:00 2001 -From: Kevin Cernekee <cernekee@chromium.org> -Date: Wed, 4 Jan 2017 14:30:26 -0800 -Subject: Use __EXPORTED rather than EXPORT_SYMBOL - -clang is sensitive to the ordering of -__attribute__((visibility("default"))) relative to the function -body. gcc is not. So if we try to re-declare an existing function -with default visibility, clang prints a warning and generates -a broken .so file in which nfct_helper_* are not exported to library -callers. - -Move the attribute up into the function definition to make clang happy. - -Signed-off-by: Kevin Cernekee <cernekee@chromium.org> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - doxygen.cfg.in | 2 +- - src/internal.h | 5 ++- - src/libnetfilter_cthelper.c | 83 ++++++++++++++++++--------------------------- - 3 files changed, 36 insertions(+), 54 deletions(-) - -Index: libnetfilter_cthelper-1.0.0/doxygen.cfg.in -=================================================================== ---- libnetfilter_cthelper-1.0.0.orig/doxygen.cfg.in -+++ libnetfilter_cthelper-1.0.0/doxygen.cfg.in -@@ -72,7 +72,7 @@ RECURSIVE = YES - EXCLUDE = - EXCLUDE_SYMLINKS = NO - EXCLUDE_PATTERNS = */.git/* .*.d --EXCLUDE_SYMBOLS = EXPORT_SYMBOL -+EXCLUDE_SYMBOLS = - EXAMPLE_PATH = - EXAMPLE_PATTERNS = - EXAMPLE_RECURSIVE = NO -Index: libnetfilter_cthelper-1.0.0/src/internal.h -=================================================================== ---- libnetfilter_cthelper-1.0.0.orig/src/internal.h -+++ libnetfilter_cthelper-1.0.0/src/internal.h -@@ -3,10 +3,9 @@ - - #include "config.h" - #ifdef HAVE_VISIBILITY_HIDDEN --# define __visible __attribute__((visibility("default"))) --# define EXPORT_SYMBOL(x) typeof(x) (x) __visible -+# define __EXPORTED __attribute__((visibility("default"))) - #else --# define EXPORT_SYMBOL -+# define __EXPORTED - #endif - - #endif -Index: libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c -=================================================================== ---- libnetfilter_cthelper-1.0.0.orig/src/libnetfilter_cthelper.c -+++ libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c -@@ -99,17 +99,16 @@ struct nfct_helper { - * In case of success, this function returns a valid pointer, otherwise NULL - * s returned and errno is appropriately set. - */ --struct nfct_helper *nfct_helper_alloc(void) -+struct nfct_helper __EXPORTED *nfct_helper_alloc(void) - { - return calloc(1, sizeof(struct nfct_helper)); - } --EXPORT_SYMBOL(nfct_helper_alloc); - - /** - * nfct_helper_free - release one helper object - * \param nfct_helper pointer to the helper object - */ --void nfct_helper_free(struct nfct_helper *h) -+void __EXPORTED nfct_helper_free(struct nfct_helper *h) - { - int i; - -@@ -119,7 +118,6 @@ void nfct_helper_free(struct nfct_helper - free(h->expect_policy[i]); - } - } --EXPORT_SYMBOL(nfct_helper_free); - - /** - * nfct_helper_policy_alloc - allocate a new helper policy object -@@ -127,21 +125,19 @@ EXPORT_SYMBOL(nfct_helper_free); - * In case of success, this function returns a valid pointer, otherwise NULL - * s returned and errno is appropriately set. - */ --struct nfct_helper_policy *nfct_helper_policy_alloc(void) -+struct nfct_helper_policy __EXPORTED *nfct_helper_policy_alloc(void) - { - return calloc(1, sizeof(struct nfct_helper_policy)); - } --EXPORT_SYMBOL(nfct_helper_policy_alloc); - - /** - * nfct_helper_free - release one helper policy object - * \param nfct_helper pointer to the helper object - */ --void nfct_helper_policy_free(struct nfct_helper_policy *p) -+void __EXPORTED nfct_helper_policy_free(struct nfct_helper_policy *p) - { - free(p); - } --EXPORT_SYMBOL(nfct_helper_policy_free); - - /** - * nfct_helper_policy_attr_set - set one attribute of the helper object -@@ -149,7 +145,7 @@ EXPORT_SYMBOL(nfct_helper_policy_free); - * \param type attribute type you want to set - * \param data pointer to data that will be used to set this attribute - */ --void -+void __EXPORTED - nfct_helper_policy_attr_set(struct nfct_helper_policy *p, - enum nfct_helper_policy_attr_type type, - const void *data) -@@ -170,7 +166,6 @@ nfct_helper_policy_attr_set(struct nfct_ - break; - } - } --EXPORT_SYMBOL(nfct_helper_policy_attr_set); - - /** - * nfct_helper_attr_set_str - set one attribute the helper object -@@ -178,23 +173,21 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_se - * \param type attribute type you want to set - * \param name string that will be used to set this attribute - */ --void -+void __EXPORTED - nfct_helper_policy_attr_set_str(struct nfct_helper_policy *p, - enum nfct_helper_policy_attr_type type, - const char *name) - { - nfct_helper_policy_attr_set(p, type, name); - } --EXPORT_SYMBOL(nfct_helper_policy_attr_set_str); - --void -+void __EXPORTED - nfct_helper_policy_attr_set_u32(struct nfct_helper_policy *p, - enum nfct_helper_policy_attr_type type, - uint32_t value) - { - nfct_helper_policy_attr_set(p, type, &value); - } --EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32); - - /** - * nfct_helper_attr_set - set one attribute of the helper object -@@ -202,7 +195,7 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_se - * \param type attribute type you want to set - * \param data pointer to data that will be used to set this attribute - */ --void -+void __EXPORTED - nfct_helper_attr_set(struct nfct_helper *h, - enum nfct_helper_attr_type type, const void *data) - { -@@ -250,7 +243,6 @@ nfct_helper_attr_set(struct nfct_helper - break; - } - } --EXPORT_SYMBOL(nfct_helper_attr_set); - - /** - * nfct_helper_attr_set_str - set one attribute the helper object -@@ -258,44 +250,40 @@ EXPORT_SYMBOL(nfct_helper_attr_set); - * \param type attribute type you want to set - * \param name string that will be used to set this attribute - */ --void -+void __EXPORTED - nfct_helper_attr_set_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, - const char *name) - { - nfct_helper_attr_set(nfct_helper, type, name); - } --EXPORT_SYMBOL(nfct_helper_attr_set_str); - --void -+void __EXPORTED - nfct_helper_attr_set_u8(struct nfct_helper *nfct_helper, - enum nfct_helper_attr_type type, uint8_t value) - { - nfct_helper_attr_set(nfct_helper, type, &value); - } --EXPORT_SYMBOL(nfct_helper_attr_set_u8); - --void -+void __EXPORTED - nfct_helper_attr_set_u16(struct nfct_helper *nfct_helper, - enum nfct_helper_attr_type type, uint16_t value) - { - nfct_helper_attr_set(nfct_helper, type, &value); - } --EXPORT_SYMBOL(nfct_helper_attr_set_u16); - --void -+void __EXPORTED - nfct_helper_attr_set_u32(struct nfct_helper *nfct_helper, - enum nfct_helper_attr_type type, uint32_t value) - { - nfct_helper_attr_set(nfct_helper, type, &value); - } --EXPORT_SYMBOL(nfct_helper_attr_set_u32); - - /** - * nfct_helper_attr_unset - unset one attribute the helper object - * \param nfct_helper pointer to the helper object - * \param type attribute type you want to set - */ --void -+void __EXPORTED - nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type) - { - switch(type) { -@@ -307,7 +295,6 @@ nfct_helper_attr_unset(struct nfct_helpe - break; - } - } --EXPORT_SYMBOL(nfct_helper_attr_unset); - - /** - * nfct_helper_attr_get - get one attribute the helper object -@@ -317,8 +304,9 @@ EXPORT_SYMBOL(nfct_helper_attr_unset); - * This function returns a valid pointer to the attribute data. If a - * unsupported attribute is used, this returns NULL. - */ --const void *nfct_helper_attr_get(struct nfct_helper *helper, -- enum nfct_helper_attr_type type) -+const void __EXPORTED * -+nfct_helper_attr_get(struct nfct_helper *helper, -+ enum nfct_helper_attr_type type) - { - const void *ret = NULL; - -@@ -358,7 +346,6 @@ const void *nfct_helper_attr_get(struct - } - return ret; - } --EXPORT_SYMBOL(nfct_helper_attr_get); - - /** - * nfct_helper_attr_get_str - get one attribute the helper object -@@ -368,13 +355,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get); - * This function returns a valid pointer to the beginning of the string. - * If the attribute is unsupported, this returns NULL. - */ --const char * -+const char __EXPORTED * - nfct_helper_attr_get_str(struct nfct_helper *nfct_helper, - enum nfct_helper_attr_type type) - { - return (const char *)nfct_helper_attr_get(nfct_helper, type); - } --EXPORT_SYMBOL(nfct_helper_attr_get_str); - - /** - * nfct_helper_attr_get_u8 - get one attribute the helper object -@@ -384,12 +370,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_str); - * This function returns a unsigned 8-bits integer. If the attribute is - * unsupported, this returns NULL. - */ --uint8_t nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper, -- enum nfct_helper_attr_type type) -+uint8_t __EXPORTED -+nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper, -+ enum nfct_helper_attr_type type) - { - return *((uint8_t *)nfct_helper_attr_get(nfct_helper, type)); - } --EXPORT_SYMBOL(nfct_helper_attr_get_u8); - - /** - * nfct_helper_attr_get_u16 - get one attribute the helper object -@@ -399,12 +385,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u8); - * This function returns a unsigned 16-bits integer. If the attribute is - * unsupported, this returns NULL. - */ --uint16_t nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper, -- enum nfct_helper_attr_type type) -+uint16_t __EXPORTED -+nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper, -+ enum nfct_helper_attr_type type) - { - return *((uint16_t *)nfct_helper_attr_get(nfct_helper, type)); - } --EXPORT_SYMBOL(nfct_helper_attr_get_u16); - - /** - * nfct_helper_attr_get_u32 - get one attribute the helper object -@@ -414,12 +400,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u16); - * This function returns a unsigned 32-bits integer. If the attribute is - * unsupported, this returns NULL. - */ --uint32_t nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper, -- enum nfct_helper_attr_type type) -+uint32_t __EXPORTED -+nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper, -+ enum nfct_helper_attr_type type) - { - return *((uint32_t *)nfct_helper_attr_get(nfct_helper, type)); - } --EXPORT_SYMBOL(nfct_helper_attr_get_u32); - - /** - * nfct_helper_snprintf - print helper object into one buffer -@@ -431,9 +417,10 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u32); - * This function returns -1 in case that some mandatory attributes are - * missing. On sucess, it returns 0. - */ --int nfct_helper_snprintf(char *buf, size_t size, -- struct nfct_helper *helper, -- unsigned int type, unsigned int flags) -+int __EXPORTED -+nfct_helper_snprintf(char *buf, size_t size, -+ struct nfct_helper *helper, -+ unsigned int type, unsigned int flags) - { - int ret; - -@@ -454,7 +441,6 @@ int nfct_helper_snprintf(char *buf, size - - return ret; - } --EXPORT_SYMBOL(nfct_helper_snprintf); - - /** - * @} -@@ -490,7 +476,7 @@ EXPORT_SYMBOL(nfct_helper_snprintf); - * - Command NFNL_MSG_ACCT_DEL, to delete one specific nfct_helper object (if - * unused, otherwise you hit EBUSY). - */ --struct nlmsghdr * -+struct nlmsghdr __EXPORTED * - nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd, - uint16_t flags, uint32_t seq) - { -@@ -509,7 +495,6 @@ nfct_helper_nlmsg_build_hdr(char *buf, u - - return nlh; - } --EXPORT_SYMBOL(nfct_helper_nlmsg_build_hdr); - - static void - nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh, -@@ -530,7 +515,7 @@ nfct_helper_nlmsg_build_policy(struct nl - * \param nlh: netlink message that you want to use to add the payload. - * \param nfct_helper: pointer to a helper object - */ --void -+void __EXPORTED - nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h) - { - struct nlattr *nest; -@@ -593,7 +578,6 @@ nfct_helper_nlmsg_build_payload(struct n - if (h->bitset & (1 << NFCTH_ATTR_STATUS)) - mnl_attr_put_u32(nlh, NFCTH_STATUS, ntohl(h->status)); - } --EXPORT_SYMBOL(nfct_helper_nlmsg_build_payload); - - static int - nfct_helper_nlmsg_parse_tuple_cb(const struct nlattr *attr, void *data) -@@ -795,7 +779,7 @@ nfct_helper_nlmsg_parse_attr_cb(const st - * This function returns -1 in case that some mandatory attributes are - * missing. On sucess, it returns 0. - */ --int -+int __EXPORTED - nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh, - struct nfct_helper *h) - { -@@ -832,7 +816,6 @@ nfct_helper_nlmsg_parse_payload(const st - } - return 0; - } --EXPORT_SYMBOL(nfct_helper_nlmsg_parse_payload); - - /** - * @} diff --git a/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch b/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch deleted file mode 100644 index 2c606c832d..0000000000 --- a/meta-networking/recipes-filter/libnetfilter/files/libnetfilter-cttimeout-visibility-hidden.patch +++ /dev/null @@ -1,264 +0,0 @@ -From d0c4e39d12f903e06db262656cff2e24d267bed7 Mon Sep 17 00:00:00 2001 -From: Kevin Cernekee <cernekee@chromium.org> -Date: Wed, 4 Jan 2017 14:30:25 -0800 -Subject: Use __EXPORTED rather than EXPORT_SYMBOL - -clang is sensitive to the ordering of -__attribute__((visibility("default"))) relative to the function -body. gcc is not. So if we try to re-declare an existing function -with default visibility, clang prints a warning and generates -a broken .so file in which nfct_timeout_* are not exported to library -callers. - -Move the attribute up into the function definition to make clang happy. - -Signed-off-by: Kevin Cernekee <cernekee@chromium.org> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - doxygen.cfg.in | 2 +- - src/internal.h | 5 ++--- - src/libnetfilter_cttimeout.c | 44 +++++++++++++++++--------------------------- - 3 files changed, 20 insertions(+), 31 deletions(-) - -diff --git a/doxygen.cfg.in b/doxygen.cfg.in -index 8e5d449..09c3ce0 100644 ---- a/doxygen.cfg.in -+++ b/doxygen.cfg.in -@@ -72,7 +72,7 @@ RECURSIVE = YES - EXCLUDE = - EXCLUDE_SYMLINKS = NO - EXCLUDE_PATTERNS = */.git/* .*.d --EXCLUDE_SYMBOLS = EXPORT_SYMBOL nfct_timeout _container_policy_cb -+EXCLUDE_SYMBOLS = nfct_timeout _container_policy_cb - EXAMPLE_PATH = - EXAMPLE_PATTERNS = - EXAMPLE_RECURSIVE = NO -diff --git a/src/internal.h b/src/internal.h -index 3a88d1a..5d78171 100644 ---- a/src/internal.h -+++ b/src/internal.h -@@ -3,10 +3,9 @@ - - #include "config.h" - #ifdef HAVE_VISIBILITY_HIDDEN --# define __visible __attribute__((visibility("default"))) --# define EXPORT_SYMBOL(x) typeof(x) (x) __visible -+# define __EXPORTED __attribute__((visibility("default"))) - #else --# define EXPORT_SYMBOL -+# define __EXPORTED - #endif - - #endif -diff --git a/src/libnetfilter_cttimeout.c b/src/libnetfilter_cttimeout.c -index 7844a1f..a0a7185 100644 ---- a/src/libnetfilter_cttimeout.c -+++ b/src/libnetfilter_cttimeout.c -@@ -187,7 +187,7 @@ struct nfct_timeout { - * In case of success, this function returns a valid pointer, otherwise NULL - * s returned and errno is appropriately set. - */ --struct nfct_timeout *nfct_timeout_alloc(void) -+struct nfct_timeout __EXPORTED *nfct_timeout_alloc(void) - { - struct nfct_timeout *t; - -@@ -197,19 +197,17 @@ struct nfct_timeout *nfct_timeout_alloc(void) - - return t; - } --EXPORT_SYMBOL(nfct_timeout_alloc); - - /** - * nfct_timeout_free - release one conntrack timeout object - * \param t pointer to the conntrack timeout object - */ --void nfct_timeout_free(struct nfct_timeout *t) -+void __EXPORTED nfct_timeout_free(struct nfct_timeout *t) - { - if (t->timeout) - free(t->timeout); - free(t); - } --EXPORT_SYMBOL(nfct_timeout_free); - - /** - * nfct_timeout_attr_set - set one attribute of the conntrack timeout object -@@ -217,7 +215,7 @@ EXPORT_SYMBOL(nfct_timeout_free); - * \param type attribute type you want to set - * \param data pointer to data that will be used to set this attribute - */ --int -+int __EXPORTED - nfct_timeout_attr_set(struct nfct_timeout *t, uint32_t type, const void *data) - { - switch(type) { -@@ -236,7 +234,6 @@ nfct_timeout_attr_set(struct nfct_timeout *t, uint32_t type, const void *data) - t->attrset |= (1 << type); - return 0; - } --EXPORT_SYMBOL(nfct_timeout_attr_set); - - /** - * nfct_timeout_attr_set_u8 - set one attribute of the conntrack timeout object -@@ -244,12 +241,11 @@ EXPORT_SYMBOL(nfct_timeout_attr_set); - * \param type attribute type you want to set - * \param data pointer to data that will be used to set this attribute - */ --int -+int __EXPORTED - nfct_timeout_attr_set_u8(struct nfct_timeout *t, uint32_t type, uint8_t data) - { - return nfct_timeout_attr_set(t, type, &data); - } --EXPORT_SYMBOL(nfct_timeout_attr_set_u8); - - /** - * nfct_timeout_attr_set_u16 - set one attribute of the conntrack timeout object -@@ -257,23 +253,21 @@ EXPORT_SYMBOL(nfct_timeout_attr_set_u8); - * \param type attribute type you want to set - * \param data pointer to data that will be used to set this attribute - */ --int -+int __EXPORTED - nfct_timeout_attr_set_u16(struct nfct_timeout *t, uint32_t type, uint16_t data) - { - return nfct_timeout_attr_set(t, type, &data); - } --EXPORT_SYMBOL(nfct_timeout_attr_set_u16); - - /** - * nfct_timeout_attr_unset - unset one attribute of the conntrack timeout object - * \param t pointer to the conntrack timeout object - * \param type attribute type you want to set - */ --void nfct_timeout_attr_unset(struct nfct_timeout *t, uint32_t type) -+void __EXPORTED nfct_timeout_attr_unset(struct nfct_timeout *t, uint32_t type) - { - t->attrset &= ~(1 << type); - } --EXPORT_SYMBOL(nfct_timeout_attr_unset); - - /** - * nfct_timeout_policy_attr_set_u32 - set one attribute of the policy -@@ -281,7 +275,7 @@ EXPORT_SYMBOL(nfct_timeout_attr_unset); - * \param type attribute type you want to set - * \param data data that will be used to set this attribute - */ --int -+int __EXPORTED - nfct_timeout_policy_attr_set_u32(struct nfct_timeout *t, - uint32_t type, uint32_t data) - { -@@ -319,18 +313,17 @@ nfct_timeout_policy_attr_set_u32(struct nfct_timeout *t, - - return 0; - } --EXPORT_SYMBOL(nfct_timeout_policy_attr_set_u32); - - /** - * nfct_timeout_policy_attr_unset - unset one attribute of the policy - * \param t pointer to the conntrack timeout object - * \param type attribute type you want to set - */ --void nfct_timeout_policy_attr_unset(struct nfct_timeout *t, uint32_t type) -+void __EXPORTED -+nfct_timeout_policy_attr_unset(struct nfct_timeout *t, uint32_t type) - { - t->attrset &= ~(1 << type); - } --EXPORT_SYMBOL(nfct_timeout_policy_attr_unset); - - /** - * nfct_timeout_policy_attr_to_name - get state name from protocol state number -@@ -340,7 +333,8 @@ EXPORT_SYMBOL(nfct_timeout_policy_attr_unset); - * This function returns NULL if unsupported protocol or state number is passed. - * Otherwise, a pointer to valid string is returned. - */ --const char *nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) -+const char __EXPORTED * -+nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) - { - if (timeout_protocol[l4proto].state_to_name == NULL) { - printf("no array state name\n"); -@@ -354,7 +348,6 @@ const char *nfct_timeout_policy_attr_to_name(uint8_t l4proto, uint32_t state) - - return timeout_protocol[l4proto].state_to_name[state]; - } --EXPORT_SYMBOL(nfct_timeout_policy_attr_to_name); - - /** - * @} -@@ -438,8 +431,9 @@ nfct_timeout_snprintf_default(char *buf, size_t size, - * This function returns -1 in case that some mandatory attributes are - * missing. On sucess, it returns 0. - */ --int nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, -- unsigned int type, unsigned int flags) -+int __EXPORTED -+nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, -+ unsigned int type, unsigned int flags) - { - int ret = 0; - -@@ -454,7 +448,6 @@ int nfct_timeout_snprintf(char *buf, size_t size, const struct nfct_timeout *t, - - return ret; - } --EXPORT_SYMBOL(nfct_timeout_snprintf); - - /** - * @} -@@ -477,7 +470,7 @@ EXPORT_SYMBOL(nfct_timeout_snprintf); - * - CTNL_MSG_TIMEOUT_GET: get conntrack timeout object. - * - CTNL_MSG_TIMEOUT_DEL: delete conntrack timeout object. - */ --struct nlmsghdr * -+struct nlmsghdr __EXPORTED * - nfct_timeout_nlmsg_build_hdr(char *buf, uint8_t cmd, - uint16_t flags, uint32_t seq) - { -@@ -496,14 +489,13 @@ nfct_timeout_nlmsg_build_hdr(char *buf, uint8_t cmd, - - return nlh; - } --EXPORT_SYMBOL(nfct_timeout_nlmsg_build_hdr); - - /** - * nfct_timeout_nlmsg_build_payload - build payload from ct timeout object - * \param nlh: netlink message that you want to use to add the payload. - * \param t: pointer to a conntrack timeout object - */ --void -+void __EXPORTED - nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh, - const struct nfct_timeout *t) - { -@@ -532,7 +524,6 @@ nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh, - } - - } --EXPORT_SYMBOL(nfct_timeout_nlmsg_build_payload); - - static int - timeout_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data) -@@ -629,7 +620,7 @@ timeout_parse_attr_data(struct nfct_timeout *t, const struct nlattr *nest) - * This function returns -1 in case that some mandatory attributes are - * missing. On sucess, it returns 0. - */ --int -+int __EXPORTED - nfct_timeout_nlmsg_parse_payload(const struct nlmsghdr *nlh, - struct nfct_timeout *t) - { -@@ -654,7 +645,6 @@ nfct_timeout_nlmsg_parse_payload(const struct nlmsghdr *nlh, - } - return 0; - } --EXPORT_SYMBOL(nfct_timeout_nlmsg_parse_payload); - - /** - * @} --- -cgit v1.1 - diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb index 974035ccc7..d92c676fa9 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-acct_1.0.3.bb @@ -2,7 +2,7 @@ SUMMARY = "libnetfilter_acct accounting infrastructure." DESCRIPTION = "libnetfilter_acct is the userspace library providing interface to extended accounting infrastructure." HOMEPAGE = "http://netfilter.org/projects/libnetfilter_acct/index.html" SECTION = "libs" -LICENSE = "LGPL-2.1" +LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" DEPENDS = "libnfnetlink libmnl" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.8.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.9.bb index cd89433938..abec84b256 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.8.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.9.bb @@ -2,13 +2,16 @@ SUMMARY = "Netfilter connection tracking library" DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter connection tracking state table" HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_conntrack/index.html" SECTION = "libs" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" -SRC_URI = "https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2" -SRC_URI[md5sum] = "3121b55acf97322db830da75d8407cba" -SRC_URI[sha256sum] = "0cd13be008923528687af6c6b860f35392d49251c04ee0648282d36b1faec1cf" +SRC_URI = "https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2 \ + file://0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch \ + " + +SRC_URI[md5sum] = "596c722733cdf30f24d4418f34f999d9" +SRC_URI[sha256sum] = "67bd9df49fe34e8b82144f6dfb93b320f384a8ea59727e92ff8d18b5f4b579a8" S = "${WORKDIR}/libnetfilter_conntrack-${PV}" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb deleted file mode 100644 index 92cb23d6e9..0000000000 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.0.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Netfilter connection tracking helper library" -DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter user-space helper infrastructure" -HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_cthelper/index.html" -SECTION = "libs" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" -DEPENDS = "libmnl" - -SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-${PV}.tar.bz2;name=tar \ - file://libnetfilter-cthelper-visibility-hidden.patch \ -" -SRC_URI[tar.md5sum] = "b2efab1a3a198a5add448960ba011acd" -SRC_URI[tar.sha256sum] = "07618e71c4d9a6b6b3dc1986540486ee310a9838ba754926c7d14a17d8fccf3d" - -S = "${WORKDIR}/libnetfilter_cthelper-${PV}" - -inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.1.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.1.bb new file mode 100644 index 0000000000..ebb0eb2329 --- /dev/null +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cthelper_1.0.1.bb @@ -0,0 +1,17 @@ +SUMMARY = "Netfilter connection tracking helper library" +DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter user-space helper infrastructure" +HOMEPAGE = "https://www.netfilter.org/projects/libnetfilter_cthelper/index.html" +SECTION = "libs" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +DEPENDS = "libmnl" + +SRC_URI = "https://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-${PV}.tar.bz2 \ + " + +SRC_URI[md5sum] = "e59279645fe65d40dd7dfc82a797ca5b" +SRC_URI[sha256sum] = "14073d5487233897355d3ff04ddc1c8d03cc5ba8d2356236aa88161a9f2dc912" + +S = "${WORKDIR}/libnetfilter_cthelper-${PV}" + +inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.1.bb index ff32f3409d..5349e6e4b8 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.0.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-cttimeout_1.0.1.bb @@ -1,15 +1,15 @@ SUMMARY = "Netfilter connection tracking timeout library" DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter fine-grain connection tracking timeout infrastructure" SECTION = "libs" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libmnl" -SRC_URI = "http://www.netfilter.org/projects/libnetfilter_cttimeout/files/libnetfilter_cttimeout-${PV}.tar.bz2;name=tar \ - file://libnetfilter-cttimeout-visibility-hidden.patch \ -" -SRC_URI[tar.md5sum] = "7697437fc9ebb6f6b83df56a633db7f9" -SRC_URI[tar.sha256sum] = "aeab12754f557cba3ce2950a2029963d817490df7edb49880008b34d7ff8feba" +SRC_URI = "https://www.netfilter.org/projects/libnetfilter_cttimeout/files/libnetfilter_cttimeout-${PV}.tar.bz2 \ + " + +SRC_URI[md5sum] = "ac64b55952b79cb9910db95ce8883940" +SRC_URI[sha256sum] = "0b59da2f3204e1c80cb85d1f6d72285fc07b01a2f5678abf5dccfbbefd650325" S = "${WORKDIR}/libnetfilter_cttimeout-${PV}" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.2.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.2.bb index 03c0af59ac..699b096ae8 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.2.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-log_1.0.2.bb @@ -2,7 +2,7 @@ SUMMARY = "Netfilter logging library" DESCRIPTION = "Userspace library providing a programming interface (API) to the Linux kernel netfilter log message (NFLOG)" HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_log/index.html" SECTION = "libs" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" SRCREV = "b0e4be94c0b8f68d4e912402b93a130063c34e17" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.3.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb index 1bbab6f3cb..301dd86cf3 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.3.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb @@ -2,16 +2,17 @@ SUMMARY = "Netfilter packet queue access library" DESCRIPTION = "Userspace library providing a programming interface (API) to access the Linux kernel netfilter packet queue" HOMEPAGE = "http://www.netfilter.org/projects/libnetfilter_queue/index.html" SECTION = "libs" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" -SRCREV = "601abd1c71ccdf90753cf294c120ad43fb25dc54" +SRCREV = "2ff321690b8dafeca99ee8e9cafac71e36f292b9" SRC_URI = "git://git.netfilter.org/libnetfilter_queue;branch=master \ - file://0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch \ " S = "${WORKDIR}/git" inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch deleted file mode 100644 index 00d95cd79e..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0001-build-resolve-automake-1.12-warnings.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2e5f2b81fb8cbe0d1cd33e58caa19ac308e1f847 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt <jengelh@inai.de> -Date: Tue, 9 Oct 2012 15:59:48 +0200 -Subject: [PATCH 1/6] build: resolve automake-1.12 warnings - -am/ltlibrary.am: warning: 'libnfnetlink.la': linking libtool libraries -using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac' - -Signed-off-by: Jan Engelhardt <jengelh@inai.de> ---- - configure.ac | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/configure.ac b/configure.ac -index ed549df..0926a1c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -7,6 +7,7 @@ AC_CANONICAL_HOST - - AM_INIT_AUTOMAKE([-Wall foreign subdir-objects - tar-pax no-dist-gzip dist-bzip2 1.6]) -+m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - - dnl kernel style compile messages - m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch deleted file mode 100644 index c2fb5e05a7..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0002-src-get-source-code-license-header-in-sync-with-curr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5e6b6e23a8b04475c5a9de7eddb4c18103932fe5 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Wed, 7 Aug 2013 20:53:57 +0200 -Subject: [PATCH 2/6] src: get source code license header in sync with current - licensing terms - -Since (3956761 license: upgrade to GPLv2+), we upgraded to GPLv2+, -propagate that changes to src/iftable.c and src/rtnl.c - -Reported-by: Thomas Woerner <twoerner@redhat.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - src/iftable.c | 2 +- - src/rtnl.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/iftable.c b/src/iftable.c -index 0325335..5976ed8 100644 ---- a/src/iftable.c -+++ b/src/iftable.c -@@ -3,7 +3,7 @@ - * (C) 2004 by Astaro AG, written by Harald Welte <hwelte@astaro.com> - * (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> - * -- * This software is Free Software and licensed under GNU GPLv2. -+ * This software is Free Software and licensed under GNU GPLv2+. - */ - - /* IFINDEX handling */ -diff --git a/src/rtnl.c b/src/rtnl.c -index 5ccb272..7b4ac7d 100644 ---- a/src/rtnl.c -+++ b/src/rtnl.c -@@ -1,10 +1,10 @@ - /* rtnl - rtnetlink utility functions - * - * (C) 2004 by Astaro AG, written by Harald Welte <hwelte@astaro.com> -- * -+ * - * Adapted to nfnetlink by Eric Leblond <eric@inl.fr> - * -- * This software is free software and licensed under GNU GPLv2. -+ * This software is free software and licensed under GNU GPLv2+. - * - */ - --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch deleted file mode 100644 index 6cb7ed6fa9..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0003-configure-uclinux-is-also-linux.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b259fe13826414c1bd5328a25c8d6d60e20e65f2 Mon Sep 17 00:00:00 2001 -From: Gustavo Zacarias <gustavo@zacarias.com.ar> -Date: Tue, 10 Sep 2013 16:23:29 -0300 -Subject: [PATCH 3/6] configure: uclinux is also linux - -Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 0926a1c..b979772 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -18,7 +18,7 @@ AC_DISABLE_STATIC - AM_PROG_LIBTOOL - - case "$host" in --*-*-linux*) ;; -+*-*-linux* | *-*-uclinux*) ;; - *) AC_MSG_ERROR([Linux only, dude!]);; - esac - --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch deleted file mode 100644 index cf3a841356..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b142da8d2c9e2e2dfbe4e89e680dd124f6064ac8 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Mon, 3 Feb 2014 12:09:29 +0100 -Subject: [PATCH 4/6] libnfnetlink: initialize attribute padding to resolve - valgrind warnings - -==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) -==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81) -==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391) -==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569) -==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143) -==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413) -==12195== by 0x400CB1: main (nfulnl_test.c:77) -==12195== Address 0x7fefff3e9 is on thread 1's stack - -This patch sets to zero the padding that is included to align the -attribute payload. - -Reported-by: Ivan Homoliak <xhomol11@gmail.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - src/libnfnetlink.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c -index 4b2bcd0..398b7d7 100644 ---- a/src/libnfnetlink.c -+++ b/src/libnfnetlink.c -@@ -809,6 +809,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, - nfa->nfa_type = type; - nfa->nfa_len = len; - memcpy(NFA_DATA(nfa), data, alen); -+ memset((uint8_t *)nfa + nfa->nfa_len, 0, NFA_ALIGN(alen) - alen); - n->nlmsg_len = (NLMSG_ALIGN(n->nlmsg_len) + NFA_ALIGN(len)); - return 0; - } --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch deleted file mode 100644 index 383f0e8b3d..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0005-include-Sync-with-kernel-headers.patch +++ /dev/null @@ -1,110 +0,0 @@ -From b10c90a61a5fc46f2be5aeecb9c96e84178f7717 Mon Sep 17 00:00:00 2001 -From: Felix Janda <felix.janda@posteo.de> -Date: Sat, 16 May 2015 14:49:07 +0200 -Subject: [PATCH 5/6] include: Sync with kernel headers - -Signed-off-by: Felix Janda <felix.janda@posteo.de> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - include/libnfnetlink/linux_nfnetlink.h | 44 ++++----------------------- - include/libnfnetlink/linux_nfnetlink_compat.h | 12 ++++---- - 2 files changed, 12 insertions(+), 44 deletions(-) - -diff --git a/include/libnfnetlink/linux_nfnetlink.h b/include/libnfnetlink/linux_nfnetlink.h -index 76a8550..44a38d6 100644 ---- a/include/libnfnetlink/linux_nfnetlink.h -+++ b/include/libnfnetlink/linux_nfnetlink.h -@@ -25,9 +25,9 @@ enum nfnetlink_groups { - /* General form of address family dependent message. - */ - struct nfgenmsg { -- u_int8_t nfgen_family; /* AF_xxx */ -- u_int8_t version; /* nfnetlink version */ -- u_int16_t res_id; /* resource id */ -+ __u8 nfgen_family; /* AF_xxx */ -+ __u8 version; /* nfnetlink version */ -+ __be16 res_id; /* resource id */ - }; - - #define NFNETLINK_V0 0 -@@ -46,40 +46,8 @@ struct nfgenmsg { - #define NFNL_SUBSYS_CTNETLINK_EXP 2 - #define NFNL_SUBSYS_QUEUE 3 - #define NFNL_SUBSYS_ULOG 4 --#define NFNL_SUBSYS_COUNT 5 -+#define NFNL_SUBSYS_OSF 5 -+#define NFNL_SUBSYS_IPSET 6 -+#define NFNL_SUBSYS_COUNT 7 - --#ifdef __KERNEL__ -- --#include <linux/netlink.h> --#include <linux/capability.h> --#include <net/netlink.h> -- --struct nfnl_callback --{ -- int (*call)(struct sock *nl, struct sk_buff *skb, -- struct nlmsghdr *nlh, struct nlattr *cda[]); -- const struct nla_policy *policy; /* netlink attribute policy */ -- const u_int16_t attr_count; /* number of nlattr's */ --}; -- --struct nfnetlink_subsystem --{ -- const char *name; -- __u8 subsys_id; /* nfnetlink subsystem ID */ -- __u8 cb_count; /* number of callbacks */ -- const struct nfnl_callback *cb; /* callback for individual types */ --}; -- --extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); --extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); -- --extern int nfnetlink_has_listeners(unsigned int group); --extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, -- int echo); --extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags); -- --#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ -- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) -- --#endif /* __KERNEL__ */ - #endif /* _NFNETLINK_H */ -diff --git a/include/libnfnetlink/linux_nfnetlink_compat.h b/include/libnfnetlink/linux_nfnetlink_compat.h -index e145176..74b9e55 100644 ---- a/include/libnfnetlink/linux_nfnetlink_compat.h -+++ b/include/libnfnetlink/linux_nfnetlink_compat.h -@@ -1,6 +1,8 @@ - #ifndef _NFNETLINK_COMPAT_H - #define _NFNETLINK_COMPAT_H --#ifndef __KERNEL__ -+ -+#include <linux/types.h> -+ - /* Old nfnetlink macros for userspace */ - - /* nfnetlink groups: Up to 32 maximum */ -@@ -18,10 +20,9 @@ - * ! nfnetlink use the same attributes methods. - J. Schulist. - */ - --struct nfattr --{ -- u_int16_t nfa_len; -- u_int16_t nfa_type; /* we use 15 bits for the type, and the highest -+struct nfattr { -+ __u16 nfa_len; -+ __u16 nfa_type; /* we use 15 bits for the type, and the highest - * bit to indicate whether the payload is nested */ - }; - -@@ -57,5 +58,4 @@ struct nfattr - + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) - #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) - --#endif /* ! __KERNEL__ */ - #endif /* _NFNETLINK_COMPAT_H */ --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch deleted file mode 100644 index 72c9987d1e..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink/0006-src-Use-stdint-types-everywhere.patch +++ /dev/null @@ -1,403 +0,0 @@ -From 5cb589e246c91331ee6b3926b15f5e6cfc8ad95e Mon Sep 17 00:00:00 2001 -From: Felix Janda <felix.janda@posteo.de> -Date: Sat, 16 May 2015 14:59:57 +0200 -Subject: [PATCH 6/6] src: Use stdint types everywhere - -Signed-off-by: Felix Janda <felix.janda@posteo.de> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - include/libnfnetlink/libnfnetlink.h | 25 ++++++------- - src/iftable.c | 8 ++--- - src/iftable.h | 4 +-- - src/libnfnetlink.c | 72 ++++++++++++++++++------------------- - src/rtnl.c | 4 +-- - src/rtnl.h | 2 +- - 6 files changed, 58 insertions(+), 57 deletions(-) - -diff --git a/include/libnfnetlink/libnfnetlink.h b/include/libnfnetlink/libnfnetlink.h -index 1d8c49d..cd0be3d 100644 ---- a/include/libnfnetlink/libnfnetlink.h -+++ b/include/libnfnetlink/libnfnetlink.h -@@ -15,6 +15,7 @@ - #define aligned_u64 unsigned long long __attribute__((aligned(8))) - #endif - -+#include <stdint.h> - #include <sys/socket.h> /* for sa_family_t */ - #include <linux/netlink.h> - #include <libnfnetlink/linux_nfnetlink.h> -@@ -55,7 +56,7 @@ struct nfnlhdr { - struct nfnl_callback { - int (*call)(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); - void *data; -- u_int16_t attr_count; -+ uint16_t attr_count; - }; - - struct nfnl_handle; -@@ -69,7 +70,7 @@ extern struct nfnl_handle *nfnl_open(void); - extern int nfnl_close(struct nfnl_handle *); - - extern struct nfnl_subsys_handle *nfnl_subsys_open(struct nfnl_handle *, -- u_int8_t, u_int8_t, -+ uint8_t, uint8_t, - unsigned int); - extern void nfnl_subsys_close(struct nfnl_subsys_handle *); - -@@ -88,8 +89,8 @@ extern int nfnl_sendiov(const struct nfnl_handle *nfnlh, - const struct iovec *iov, unsigned int num, - unsigned int flags); - extern void nfnl_fill_hdr(struct nfnl_subsys_handle *, struct nlmsghdr *, -- unsigned int, u_int8_t, u_int16_t, u_int16_t, -- u_int16_t); -+ unsigned int, uint8_t, uint16_t, uint16_t, -+ uint16_t); - extern __attribute__((deprecated)) int - nfnl_talk(struct nfnl_handle *, struct nlmsghdr *, pid_t, - unsigned, struct nlmsghdr *, -@@ -103,8 +104,8 @@ nfnl_listen(struct nfnl_handle *, - /* receiving */ - extern ssize_t nfnl_recv(const struct nfnl_handle *h, unsigned char *buf, size_t len); - extern int nfnl_callback_register(struct nfnl_subsys_handle *, -- u_int8_t type, struct nfnl_callback *cb); --extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, u_int8_t type); -+ uint8_t type, struct nfnl_callback *cb); -+extern int nfnl_callback_unregister(struct nfnl_subsys_handle *, uint8_t type); - extern int nfnl_handle_packet(struct nfnl_handle *, char *buf, int len); - - /* parsing */ -@@ -180,12 +181,12 @@ extern int nfnl_query(struct nfnl_handle *h, struct nlmsghdr *nlh); - - /* nfnl attribute handling functions */ - extern int nfnl_addattr_l(struct nlmsghdr *, int, int, const void *, int); --extern int nfnl_addattr8(struct nlmsghdr *, int, int, u_int8_t); --extern int nfnl_addattr16(struct nlmsghdr *, int, int, u_int16_t); --extern int nfnl_addattr32(struct nlmsghdr *, int, int, u_int32_t); -+extern int nfnl_addattr8(struct nlmsghdr *, int, int, uint8_t); -+extern int nfnl_addattr16(struct nlmsghdr *, int, int, uint16_t); -+extern int nfnl_addattr32(struct nlmsghdr *, int, int, uint32_t); - extern int nfnl_nfa_addattr_l(struct nfattr *, int, int, const void *, int); --extern int nfnl_nfa_addattr16(struct nfattr *, int, int, u_int16_t); --extern int nfnl_nfa_addattr32(struct nfattr *, int, int, u_int32_t); -+extern int nfnl_nfa_addattr16(struct nfattr *, int, int, uint16_t); -+extern int nfnl_nfa_addattr32(struct nfattr *, int, int, uint32_t); - extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); - #define nfnl_parse_nested(tb, max, nfa) \ - nfnl_parse_attr((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa))) -@@ -197,7 +198,7 @@ extern int nfnl_parse_attr(struct nfattr **, int, struct nfattr *, int); - ({ (tail)->nfa_len = (void *) NLMSG_TAIL(nlh) - (void *) tail; }) - - extern void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, -- u_int16_t type, u_int32_t len, -+ uint16_t type, uint32_t len, - unsigned char *val); - extern unsigned int nfnl_rcvbufsiz(const struct nfnl_handle *h, - unsigned int size); -diff --git a/src/iftable.c b/src/iftable.c -index 5976ed8..157f97b 100644 ---- a/src/iftable.c -+++ b/src/iftable.c -@@ -27,10 +27,10 @@ - struct ifindex_node { - struct list_head head; - -- u_int32_t index; -- u_int32_t type; -- u_int32_t alen; -- u_int32_t flags; -+ uint32_t index; -+ uint32_t type; -+ uint32_t alen; -+ uint32_t flags; - char addr[8]; - char name[16]; - }; -diff --git a/src/iftable.h b/src/iftable.h -index 8df7f24..655df6b 100644 ---- a/src/iftable.h -+++ b/src/iftable.h -@@ -1,8 +1,8 @@ - #ifndef _IFTABLE_H - #define _IFTABLE_H - --int iftable_delete(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); --int iftable_insert(u_int32_t dst, u_int32_t mask, u_int32_t gw, u_int32_t oif); -+int iftable_delete(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); -+int iftable_insert(uint32_t dst, uint32_t mask, uint32_t gw, uint32_t oif); - - int iftable_init(void); - void iftable_fini(void); -diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c -index 398b7d7..df57533 100644 ---- a/src/libnfnetlink.c -+++ b/src/libnfnetlink.c -@@ -72,9 +72,9 @@ - - struct nfnl_subsys_handle { - struct nfnl_handle *nfnlh; -- u_int32_t subscriptions; -- u_int8_t subsys_id; -- u_int8_t cb_count; -+ uint32_t subscriptions; -+ uint8_t subsys_id; -+ uint8_t cb_count; - struct nfnl_callback *cb; /* array of callbacks */ - }; - -@@ -86,11 +86,11 @@ struct nfnl_handle { - int fd; - struct sockaddr_nl local; - struct sockaddr_nl peer; -- u_int32_t subscriptions; -- u_int32_t seq; -- u_int32_t dump; -- u_int32_t rcv_buffer_size; /* for nfnl_catch */ -- u_int32_t flags; -+ uint32_t subscriptions; -+ uint32_t seq; -+ uint32_t dump; -+ uint32_t rcv_buffer_size; /* for nfnl_catch */ -+ uint32_t flags; - struct nlmsghdr *last_nlhdr; - struct nfnl_subsys_handle subsys[NFNL_MAX_SUBSYS+1]; - }; -@@ -145,7 +145,7 @@ unsigned int nfnl_portid(const struct nfnl_handle *h) - static int recalc_rebind_subscriptions(struct nfnl_handle *nfnlh) - { - int i, err; -- u_int32_t new_subscriptions = nfnlh->subscriptions; -+ uint32_t new_subscriptions = nfnlh->subscriptions; - - for (i = 0; i < NFNL_MAX_SUBSYS; i++) - new_subscriptions |= nfnlh->subsys[i].subscriptions; -@@ -273,8 +273,8 @@ void nfnl_set_rcv_buffer_size(struct nfnl_handle *h, unsigned int size) - * a valid address that points to a nfnl_subsys_handle structure is returned. - */ - struct nfnl_subsys_handle * --nfnl_subsys_open(struct nfnl_handle *nfnlh, u_int8_t subsys_id, -- u_int8_t cb_count, u_int32_t subscriptions) -+nfnl_subsys_open(struct nfnl_handle *nfnlh, uint8_t subsys_id, -+ uint8_t cb_count, uint32_t subscriptions) - { - struct nfnl_subsys_handle *ssh; - -@@ -435,10 +435,10 @@ int nfnl_sendiov(const struct nfnl_handle *nfnlh, const struct iovec *iov, - */ - void nfnl_fill_hdr(struct nfnl_subsys_handle *ssh, - struct nlmsghdr *nlh, unsigned int len, -- u_int8_t family, -- u_int16_t res_id, -- u_int16_t msg_type, -- u_int16_t msg_flags) -+ uint8_t family, -+ uint16_t res_id, -+ uint16_t msg_type, -+ uint16_t msg_flags) - { - assert(ssh); - assert(nlh); -@@ -815,7 +815,7 @@ int nfnl_addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, - } - - /** -- * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr -+ * nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -849,14 +849,14 @@ int nfnl_nfa_addattr_l(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr8 - Add u_int8_t attribute to nlmsghdr -+ * nfnl_addattr8 - Add uint8_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header - * @type: type of new attribute - * @data: content of new attribute - */ --int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) -+int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, uint8_t data) - { - assert(n); - assert(maxlen > 0); -@@ -866,7 +866,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) - } - - /** -- * nfnl_nfa_addattr16 - Add u_int16_t attribute to struct nfattr -+ * nfnl_nfa_addattr16 - Add uint16_t attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -875,7 +875,7 @@ int nfnl_addattr8(struct nlmsghdr *n, int maxlen, int type, u_int8_t data) - * - */ - int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, -- u_int16_t data) -+ uint16_t data) - { - assert(nfa); - assert(maxlen > 0); -@@ -885,7 +885,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr16 - Add u_int16_t attribute to nlmsghdr -+ * nfnl_addattr16 - Add uint16_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header -@@ -894,7 +894,7 @@ int nfnl_nfa_addattr16(struct nfattr *nfa, int maxlen, int type, - * - */ - int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, -- u_int16_t data) -+ uint16_t data) - { - assert(n); - assert(maxlen > 0); -@@ -904,7 +904,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, - } - - /** -- * nfnl_nfa_addattr32 - Add u_int32_t attribute to struct nfattr -+ * nfnl_nfa_addattr32 - Add uint32_t attribute to struct nfattr - * - * @nfa: struct nfattr - * @maxlen: maximal length of nfattr buffer -@@ -913,7 +913,7 @@ int nfnl_addattr16(struct nlmsghdr *n, int maxlen, int type, - * - */ - int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, -- u_int32_t data) -+ uint32_t data) - { - assert(nfa); - assert(maxlen > 0); -@@ -923,7 +923,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, - } - - /** -- * nfnl_addattr32 - Add u_int32_t attribute to nlmsghdr -+ * nfnl_addattr32 - Add uint32_t attribute to nlmsghdr - * - * @n: netlink message header to which attribute is to be added - * @maxlen: maximum length of netlink message header -@@ -932,7 +932,7 @@ int nfnl_nfa_addattr32(struct nfattr *nfa, int maxlen, int type, - * - */ - int nfnl_addattr32(struct nlmsghdr *n, int maxlen, int type, -- u_int32_t data) -+ uint32_t data) - { - assert(n); - assert(maxlen > 0); -@@ -980,7 +980,7 @@ int nfnl_parse_attr(struct nfattr *tb[], int max, struct nfattr *nfa, int len) - * - */ - void nfnl_build_nfa_iovec(struct iovec *iov, struct nfattr *nfa, -- u_int16_t type, u_int32_t len, unsigned char *val) -+ uint16_t type, uint32_t len, unsigned char *val) - { - assert(iov); - assert(nfa); -@@ -1115,7 +1115,7 @@ struct nlmsghdr *nfnl_get_msg_next(struct nfnl_handle *h, - * appropiately. - */ - int nfnl_callback_register(struct nfnl_subsys_handle *ssh, -- u_int8_t type, struct nfnl_callback *cb) -+ uint8_t type, struct nfnl_callback *cb) - { - assert(ssh); - assert(cb); -@@ -1138,7 +1138,7 @@ int nfnl_callback_register(struct nfnl_subsys_handle *ssh, - * On sucess, 0 is returned. On error, -1 is returned and errno is - * set appropiately. - */ --int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, u_int8_t type) -+int nfnl_callback_unregister(struct nfnl_subsys_handle *ssh, uint8_t type) - { - assert(ssh); - -@@ -1161,8 +1161,8 @@ int nfnl_check_attributes(const struct nfnl_handle *h, - assert(nfa); - - int min_len; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - const struct nfnl_subsys_handle *ssh; - struct nfnl_callback *cb; - -@@ -1212,8 +1212,8 @@ static int __nfnl_handle_msg(struct nfnl_handle *h, struct nlmsghdr *nlh, - int len) - { - struct nfnl_subsys_handle *ssh; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - int err = 0; - - if (subsys_id > NFNL_MAX_SUBSYS) -@@ -1243,7 +1243,7 @@ int nfnl_handle_packet(struct nfnl_handle *h, char *buf, int len) - { - - while (len >= NLMSG_SPACE(0)) { -- u_int32_t rlen; -+ uint32_t rlen; - struct nlmsghdr *nlh = (struct nlmsghdr *)buf; - - if (nlh->nlmsg_len < sizeof(struct nlmsghdr) -@@ -1285,8 +1285,8 @@ static int nfnl_is_error(struct nfnl_handle *h, struct nlmsghdr *nlh) - static int nfnl_step(struct nfnl_handle *h, struct nlmsghdr *nlh) - { - struct nfnl_subsys_handle *ssh; -- u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -- u_int8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); -+ uint8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); -+ uint8_t subsys_id = NFNL_SUBSYS_ID(nlh->nlmsg_type); - - /* Is this an error message? */ - if (nfnl_is_error(h, nlh)) { -diff --git a/src/rtnl.c b/src/rtnl.c -index 7b4ac7d..284eecd 100644 ---- a/src/rtnl.c -+++ b/src/rtnl.c -@@ -30,7 +30,7 @@ - #define rtnl_log(x, ...) - - static inline struct rtnl_handler * --find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) -+find_handler(struct rtnl_handle *rtnl_handle, uint16_t type) - { - struct rtnl_handler *h; - for (h = rtnl_handle->handlers; h; h = h->next) { -@@ -41,7 +41,7 @@ find_handler(struct rtnl_handle *rtnl_handle, u_int16_t type) - } - - static int call_handler(struct rtnl_handle *rtnl_handle, -- u_int16_t type, -+ uint16_t type, - struct nlmsghdr *hdr) - { - struct rtnl_handler *h = find_handler(rtnl_handle, type); -diff --git a/src/rtnl.h b/src/rtnl.h -index 0c403dc..2cb22a8 100644 ---- a/src/rtnl.h -+++ b/src/rtnl.h -@@ -7,7 +7,7 @@ - struct rtnl_handler { - struct rtnl_handler *next; - -- u_int16_t nlmsg_type; -+ uint16_t nlmsg_type; - int (*handlefn)(struct nlmsghdr *h, void *arg); - void *arg; - }; --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb deleted file mode 100644 index f7951ff8dd..0000000000 --- a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.1.bb +++ /dev/null @@ -1,25 +0,0 @@ -SUMMARY = "Low-level library for netfilter related kernel/userspace communication" -DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \ -kernel/userspace communication. It provides a generic messaging \ -infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \ -nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \ -management tools in userspace." -HOMEPAGE = "http://www.netfilter.org/projects/libnfnetlink/index.html" -SECTION = "libs" -LICENSE = "GPLv2+" - - -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" - -SRC_URI = "http://www.netfilter.org/projects/libnfnetlink/files/libnfnetlink-${PV}.tar.bz2;name=tar \ - file://0001-build-resolve-automake-1.12-warnings.patch \ - file://0002-src-get-source-code-license-header-in-sync-with-curr.patch \ - file://0003-configure-uclinux-is-also-linux.patch \ - file://0004-libnfnetlink-initialize-attribute-padding-to-resolve.patch \ - file://0005-include-Sync-with-kernel-headers.patch \ - file://0006-src-Use-stdint-types-everywhere.patch \ - " -SRC_URI[tar.md5sum] = "98927583d2016a9fb1936fed992e2c5e" -SRC_URI[tar.sha256sum] = "f270e19de9127642d2a11589ef2ec97ef90a649a74f56cf9a96306b04817b51a" - -inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb new file mode 100644 index 0000000000..2778185618 --- /dev/null +++ b/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb @@ -0,0 +1,22 @@ +SUMMARY = "Low-level library for netfilter related kernel/userspace communication" +DESCRIPTION = "libnfnetlink is the low-level library for netfilter related \ +kernel/userspace communication. It provides a generic messaging \ +infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, \ +nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or \ +management tools in userspace." +HOMEPAGE = "https://www.netfilter.org/projects/libnfnetlink/index.html" +SECTION = "libs" +LICENSE = "GPL-2.0-or-later" + + +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +SRC_URI = "https://www.netfilter.org/projects/libnfnetlink/files/${BPN}-${PV}.tar.bz2 \ + " + +SRC_URI[md5sum] = "39d65185e2990562c64de05a08de8771" +SRC_URI[sha256sum] = "b064c7c3d426efb4786e60a8e6859b82ee2f2c5e49ffeea640cfe4fe33cbc376" + +inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch deleted file mode 100644 index 68eb04a83e..0000000000 --- a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch +++ /dev/null @@ -1,650 +0,0 @@ -From e03b003610a176d608da9a02e433e7ded7e4b75f Mon Sep 17 00:00:00 2001 -From: Todd Cunningham <tcunningham07@gmail.com> -Date: Wed, 11 Dec 2019 10:18:56 +1000 -Subject: [PATCH] avoid naming local function as one of printf family - -Fixes build issues with clang -error: no member named '__builtin___snprintf_chk' in 'struct expr_ops' - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> - -Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> -Signed-off-by: Todd Cunningham <tcunningham07@gmail.com> - -Use wiggle to get the patch to apply for version 1.2.0. - -Add the same change in src/expr/last.c to make the patch apply for -1.2.1. Also correct the patch to show the original author and metadata. - -Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> ---- - include/expr_ops.h | 2 +- - include/obj.h | 2 +- - src/expr.c | 4 ++-- - src/expr/bitwise.c | 2 +- - src/expr/byteorder.c | 2 +- - src/expr/cmp.c | 2 +- - src/expr/connlimit.c | 2 +- - src/expr/counter.c | 2 +- - src/expr/ct.c | 2 +- - src/expr/dup.c | 2 +- - src/expr/dynset.c | 2 +- - src/expr/exthdr.c | 2 +- - src/expr/fib.c | 2 +- - src/expr/flow_offload.c | 2 +- - src/expr/fwd.c | 2 +- - src/expr/hash.c | 2 +- - src/expr/immediate.c | 2 +- - src/expr/last.c | 2 +- - src/expr/limit.c | 2 +- - src/expr/log.c | 2 +- - src/expr/lookup.c | 2 +- - src/expr/masq.c | 2 +- - src/expr/match.c | 2 +- - src/expr/meta.c | 2 +- - src/expr/nat.c | 2 +- - src/expr/numgen.c | 2 +- - src/expr/objref.c | 2 +- - src/expr/osf.c | 2 +- - src/expr/payload.c | 2 +- - src/expr/queue.c | 2 +- - src/expr/quota.c | 2 +- - src/expr/range.c | 2 +- - src/expr/redir.c | 2 +- - src/expr/reject.c | 2 +- - src/expr/rt.c | 2 +- - src/expr/socket.c | 2 +- - src/expr/synproxy.c | 2 +- - src/expr/target.c | 2 +- - src/expr/tproxy.c | 2 +- - src/expr/tunnel.c | 2 +- - src/expr/xfrm.c | 2 +- - src/obj/counter.c | 2 +- - src/obj/ct_expect.c | 2 +- - src/obj/ct_helper.c | 2 +- - src/obj/ct_timeout.c | 2 +- - src/obj/limit.c | 2 +- - src/obj/quota.c | 2 +- - src/obj/secmark.c | 2 +- - src/obj/synproxy.c | 2 +- - src/obj/tunnel.c | 2 +- - src/object.c | 2 +- - 51 files changed, 52 insertions(+), 52 deletions(-) - -diff --git a/include/expr_ops.h b/include/expr_ops.h -index 7a6aa23..d3a2855 100644 ---- a/include/expr_ops.h -+++ b/include/expr_ops.h -@@ -18,7 +18,7 @@ struct expr_ops { - const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_expr *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); - }; - - struct expr_ops *nftnl_expr_ops_lookup(const char *name); -diff --git a/include/obj.h b/include/obj.h -index 60dc853..1c1c3c1 100644 ---- a/include/obj.h -+++ b/include/obj.h -@@ -109,7 +109,7 @@ struct obj_ops { - const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_obj *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); - }; - - extern struct obj_ops obj_ops_counter; -diff --git a/src/expr.c b/src/expr.c -index 277bbde..2231b21 100644 ---- a/src/expr.c -+++ b/src/expr.c -@@ -279,10 +279,10 @@ int nftnl_expr_snprintf(char *buf, size_t remain, const struct nftnl_expr *expr, - if (remain) - buf[0] = '\0'; - -- if (!expr->ops->snprintf || type != NFTNL_OUTPUT_DEFAULT) -+ if (!expr->ops->snprintf_ || type != NFTNL_OUTPUT_DEFAULT) - return 0; - -- ret = expr->ops->snprintf(buf + offset, remain, flags, expr); -+ ret = expr->ops->snprintf_(buf + offset, remain, flags, expr); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - return offset; -diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c -index d0c7827..eded505 100644 ---- a/src/expr/bitwise.c -+++ b/src/expr/bitwise.c -@@ -282,5 +282,5 @@ struct expr_ops expr_ops_bitwise = { - .get = nftnl_expr_bitwise_get, - .parse = nftnl_expr_bitwise_parse, - .build = nftnl_expr_bitwise_build, -- .snprintf = nftnl_expr_bitwise_snprintf, -+ .snprintf_ = nftnl_expr_bitwise_snprintf, - }; -diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c -index d299745..0068ab2 100644 ---- a/src/expr/byteorder.c -+++ b/src/expr/byteorder.c -@@ -220,5 +220,5 @@ struct expr_ops expr_ops_byteorder = { - .get = nftnl_expr_byteorder_get, - .parse = nftnl_expr_byteorder_parse, - .build = nftnl_expr_byteorder_build, -- .snprintf = nftnl_expr_byteorder_snprintf, -+ .snprintf_ = nftnl_expr_byteorder_snprintf, - }; -diff --git a/src/expr/cmp.c b/src/expr/cmp.c -index 6030693..7e548e6 100644 ---- a/src/expr/cmp.c -+++ b/src/expr/cmp.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_cmp = { - .get = nftnl_expr_cmp_get, - .parse = nftnl_expr_cmp_parse, - .build = nftnl_expr_cmp_build, -- .snprintf = nftnl_expr_cmp_snprintf, -+ .snprintf_ = nftnl_expr_cmp_snprintf, - }; -diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c -index 3b37587..39b7092 100644 ---- a/src/expr/connlimit.c -+++ b/src/expr/connlimit.c -@@ -135,5 +135,5 @@ struct expr_ops expr_ops_connlimit = { - .get = nftnl_expr_connlimit_get, - .parse = nftnl_expr_connlimit_parse, - .build = nftnl_expr_connlimit_build, -- .snprintf = nftnl_expr_connlimit_snprintf, -+ .snprintf_ = nftnl_expr_connlimit_snprintf, - }; -diff --git a/src/expr/counter.c b/src/expr/counter.c -index 1676d70..42c96d9 100644 ---- a/src/expr/counter.c -+++ b/src/expr/counter.c -@@ -133,5 +133,5 @@ struct expr_ops expr_ops_counter = { - .get = nftnl_expr_counter_get, - .parse = nftnl_expr_counter_parse, - .build = nftnl_expr_counter_build, -- .snprintf = nftnl_expr_counter_snprintf, -+ .snprintf_ = nftnl_expr_counter_snprintf, - }; -diff --git a/src/expr/ct.c b/src/expr/ct.c -index d5dfc81..8c15db1 100644 ---- a/src/expr/ct.c -+++ b/src/expr/ct.c -@@ -258,5 +258,5 @@ struct expr_ops expr_ops_ct = { - .get = nftnl_expr_ct_get, - .parse = nftnl_expr_ct_parse, - .build = nftnl_expr_ct_build, -- .snprintf = nftnl_expr_ct_snprintf, -+ .snprintf_ = nftnl_expr_ct_snprintf, - }; -diff --git a/src/expr/dup.c b/src/expr/dup.c -index f041b55..6238a43 100644 ---- a/src/expr/dup.c -+++ b/src/expr/dup.c -@@ -138,5 +138,5 @@ struct expr_ops expr_ops_dup = { - .get = nftnl_expr_dup_get, - .parse = nftnl_expr_dup_parse, - .build = nftnl_expr_dup_build, -- .snprintf = nftnl_expr_dup_snprintf, -+ .snprintf_ = nftnl_expr_dup_snprintf, - }; -diff --git a/src/expr/dynset.c b/src/expr/dynset.c -index 85d64bb..9afbb94 100644 ---- a/src/expr/dynset.c -+++ b/src/expr/dynset.c -@@ -373,5 +373,5 @@ struct expr_ops expr_ops_dynset = { - .get = nftnl_expr_dynset_get, - .parse = nftnl_expr_dynset_parse, - .build = nftnl_expr_dynset_build, -- .snprintf = nftnl_expr_dynset_snprintf, -+ .snprintf_ = nftnl_expr_dynset_snprintf, - }; -diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c -index 1b813b1..25f1491 100644 ---- a/src/expr/exthdr.c -+++ b/src/expr/exthdr.c -@@ -262,5 +262,5 @@ struct expr_ops expr_ops_exthdr = { - .get = nftnl_expr_exthdr_get, - .parse = nftnl_expr_exthdr_parse, - .build = nftnl_expr_exthdr_build, -- .snprintf = nftnl_expr_exthdr_snprintf, -+ .snprintf_ = nftnl_expr_exthdr_snprintf, - }; -diff --git a/src/expr/fib.c b/src/expr/fib.c -index aaff52a..3916e18 100644 ---- a/src/expr/fib.c -+++ b/src/expr/fib.c -@@ -198,5 +198,5 @@ struct expr_ops expr_ops_fib = { - .get = nftnl_expr_fib_get, - .parse = nftnl_expr_fib_parse, - .build = nftnl_expr_fib_build, -- .snprintf = nftnl_expr_fib_snprintf, -+ .snprintf_ = nftnl_expr_fib_snprintf, - }; -diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c -index a826202..c1ca678 100644 ---- a/src/expr/flow_offload.c -+++ b/src/expr/flow_offload.c -@@ -120,5 +120,5 @@ struct expr_ops expr_ops_flow = { - .get = nftnl_expr_flow_get, - .parse = nftnl_expr_flow_parse, - .build = nftnl_expr_flow_build, -- .snprintf = nftnl_expr_flow_snprintf, -+ .snprintf_ = nftnl_expr_flow_snprintf, - }; -diff --git a/src/expr/fwd.c b/src/expr/fwd.c -index 82e5a41..4e80687 100644 ---- a/src/expr/fwd.c -+++ b/src/expr/fwd.c -@@ -158,5 +158,5 @@ struct expr_ops expr_ops_fwd = { - .get = nftnl_expr_fwd_get, - .parse = nftnl_expr_fwd_parse, - .build = nftnl_expr_fwd_build, -- .snprintf = nftnl_expr_fwd_snprintf, -+ .snprintf_ = nftnl_expr_fwd_snprintf, - }; -diff --git a/src/expr/hash.c b/src/expr/hash.c -index 10b4a72..84ace31 100644 ---- a/src/expr/hash.c -+++ b/src/expr/hash.c -@@ -226,5 +226,5 @@ struct expr_ops expr_ops_hash = { - .get = nftnl_expr_hash_get, - .parse = nftnl_expr_hash_parse, - .build = nftnl_expr_hash_build, -- .snprintf = nftnl_expr_hash_snprintf, -+ .snprintf_ = nftnl_expr_hash_snprintf, - }; -diff --git a/src/expr/immediate.c b/src/expr/immediate.c -index 94b043c..a8a3c1f 100644 ---- a/src/expr/immediate.c -+++ b/src/expr/immediate.c -@@ -229,5 +229,5 @@ struct expr_ops expr_ops_immediate = { - .get = nftnl_expr_immediate_get, - .parse = nftnl_expr_immediate_parse, - .build = nftnl_expr_immediate_build, -- .snprintf = nftnl_expr_immediate_snprintf, -+ .snprintf_ = nftnl_expr_immediate_snprintf, - }; -diff --git a/src/expr/last.c b/src/expr/last.c -index e2a60c4..2f75464 100644 ---- a/src/expr/last.c -+++ b/src/expr/last.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_last = { - .get = nftnl_expr_last_get, - .parse = nftnl_expr_last_parse, - .build = nftnl_expr_last_build, -- .snprintf = nftnl_expr_last_snprintf, -+ .snprintf_ = nftnl_expr_last_snprintf, - }; -diff --git a/src/expr/limit.c b/src/expr/limit.c -index 3dfd54a..f652df0 100644 ---- a/src/expr/limit.c -+++ b/src/expr/limit.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_limit = { - .get = nftnl_expr_limit_get, - .parse = nftnl_expr_limit_parse, - .build = nftnl_expr_limit_build, -- .snprintf = nftnl_expr_limit_snprintf, -+ .snprintf_ = nftnl_expr_limit_snprintf, - }; -diff --git a/src/expr/log.c b/src/expr/log.c -index 86db548..d96b7ce 100644 ---- a/src/expr/log.c -+++ b/src/expr/log.c -@@ -253,5 +253,5 @@ struct expr_ops expr_ops_log = { - .get = nftnl_expr_log_get, - .parse = nftnl_expr_log_parse, - .build = nftnl_expr_log_build, -- .snprintf = nftnl_expr_log_snprintf, -+ .snprintf_ = nftnl_expr_log_snprintf, - }; -diff --git a/src/expr/lookup.c b/src/expr/lookup.c -index 83adce9..1fbace4 100644 ---- a/src/expr/lookup.c -+++ b/src/expr/lookup.c -@@ -206,5 +206,5 @@ struct expr_ops expr_ops_lookup = { - .get = nftnl_expr_lookup_get, - .parse = nftnl_expr_lookup_parse, - .build = nftnl_expr_lookup_build, -- .snprintf = nftnl_expr_lookup_snprintf, -+ .snprintf_ = nftnl_expr_lookup_snprintf, - }; -diff --git a/src/expr/masq.c b/src/expr/masq.c -index 684708c..1ce099c 100644 ---- a/src/expr/masq.c -+++ b/src/expr/masq.c -@@ -163,5 +163,5 @@ struct expr_ops expr_ops_masq = { - .get = nftnl_expr_masq_get, - .parse = nftnl_expr_masq_parse, - .build = nftnl_expr_masq_build, -- .snprintf = nftnl_expr_masq_snprintf, -+ .snprintf_ = nftnl_expr_masq_snprintf, - }; -diff --git a/src/expr/match.c b/src/expr/match.c -index 533fdf5..8561986 100644 ---- a/src/expr/match.c -+++ b/src/expr/match.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_match = { - .get = nftnl_expr_match_get, - .parse = nftnl_expr_match_parse, - .build = nftnl_expr_match_build, -- .snprintf = nftnl_expr_match_snprintf, -+ .snprintf_ = nftnl_expr_match_snprintf, - }; -diff --git a/src/expr/meta.c b/src/expr/meta.c -index 34fbb9b..1ef79a4 100644 ---- a/src/expr/meta.c -+++ b/src/expr/meta.c -@@ -216,5 +216,5 @@ struct expr_ops expr_ops_meta = { - .get = nftnl_expr_meta_get, - .parse = nftnl_expr_meta_parse, - .build = nftnl_expr_meta_build, -- .snprintf = nftnl_expr_meta_snprintf, -+ .snprintf_ = nftnl_expr_meta_snprintf, - }; -diff --git a/src/expr/nat.c b/src/expr/nat.c -index 0a9cdd7..bc4a3fa 100644 ---- a/src/expr/nat.c -+++ b/src/expr/nat.c -@@ -274,5 +274,5 @@ struct expr_ops expr_ops_nat = { - .get = nftnl_expr_nat_get, - .parse = nftnl_expr_nat_parse, - .build = nftnl_expr_nat_build, -- .snprintf = nftnl_expr_nat_snprintf, -+ .snprintf_ = nftnl_expr_nat_snprintf, - }; -diff --git a/src/expr/numgen.c b/src/expr/numgen.c -index 159dfec..99bb442 100644 ---- a/src/expr/numgen.c -+++ b/src/expr/numgen.c -@@ -180,5 +180,5 @@ struct expr_ops expr_ops_ng = { - .get = nftnl_expr_ng_get, - .parse = nftnl_expr_ng_parse, - .build = nftnl_expr_ng_build, -- .snprintf = nftnl_expr_ng_snprintf, -+ .snprintf_ = nftnl_expr_ng_snprintf, - }; -diff --git a/src/expr/objref.c b/src/expr/objref.c -index a4b6470..1b2d387 100644 ---- a/src/expr/objref.c -+++ b/src/expr/objref.c -@@ -205,5 +205,5 @@ struct expr_ops expr_ops_objref = { - .get = nftnl_expr_objref_get, - .parse = nftnl_expr_objref_parse, - .build = nftnl_expr_objref_build, -- .snprintf = nftnl_expr_objref_snprintf, -+ .snprintf_ = nftnl_expr_objref_snprintf, - }; -diff --git a/src/expr/osf.c b/src/expr/osf.c -index 215a681..75a6b3c 100644 ---- a/src/expr/osf.c -+++ b/src/expr/osf.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_osf = { - .get = nftnl_expr_osf_get, - .parse = nftnl_expr_osf_parse, - .build = nftnl_expr_osf_build, -- .snprintf = nftnl_expr_osf_snprintf, -+ .snprintf_ = nftnl_expr_osf_snprintf, - }; -diff --git a/src/expr/payload.c b/src/expr/payload.c -index 82747ec..e9130ec 100644 ---- a/src/expr/payload.c -+++ b/src/expr/payload.c -@@ -259,5 +259,5 @@ struct expr_ops expr_ops_payload = { - .get = nftnl_expr_payload_get, - .parse = nftnl_expr_payload_parse, - .build = nftnl_expr_payload_build, -- .snprintf = nftnl_expr_payload_snprintf, -+ .snprintf_ = nftnl_expr_payload_snprintf, - }; -diff --git a/src/expr/queue.c b/src/expr/queue.c -index 8f70977..6bc76ef 100644 ---- a/src/expr/queue.c -+++ b/src/expr/queue.c -@@ -193,5 +193,5 @@ struct expr_ops expr_ops_queue = { - .get = nftnl_expr_queue_get, - .parse = nftnl_expr_queue_parse, - .build = nftnl_expr_queue_build, -- .snprintf = nftnl_expr_queue_snprintf, -+ .snprintf_ = nftnl_expr_queue_snprintf, - }; -diff --git a/src/expr/quota.c b/src/expr/quota.c -index 8c841d8..1a5f2fa 100644 ---- a/src/expr/quota.c -+++ b/src/expr/quota.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_quota = { - .get = nftnl_expr_quota_get, - .parse = nftnl_expr_quota_parse, - .build = nftnl_expr_quota_build, -- .snprintf = nftnl_expr_quota_snprintf, -+ .snprintf_ = nftnl_expr_quota_snprintf, - }; -diff --git a/src/expr/range.c b/src/expr/range.c -index f76843a..73a1930 100644 ---- a/src/expr/range.c -+++ b/src/expr/range.c -@@ -213,5 +213,5 @@ struct expr_ops expr_ops_range = { - .get = nftnl_expr_range_get, - .parse = nftnl_expr_range_parse, - .build = nftnl_expr_range_build, -- .snprintf = nftnl_expr_range_snprintf, -+ .snprintf_ = nftnl_expr_range_snprintf, - }; -diff --git a/src/expr/redir.c b/src/expr/redir.c -index 4f56cb4..51ec71c 100644 ---- a/src/expr/redir.c -+++ b/src/expr/redir.c -@@ -167,5 +167,5 @@ struct expr_ops expr_ops_redir = { - .get = nftnl_expr_redir_get, - .parse = nftnl_expr_redir_parse, - .build = nftnl_expr_redir_build, -- .snprintf = nftnl_expr_redir_snprintf, -+ .snprintf_ = nftnl_expr_redir_snprintf, - }; -diff --git a/src/expr/reject.c b/src/expr/reject.c -index 716d25c..acf32c2 100644 ---- a/src/expr/reject.c -+++ b/src/expr/reject.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_reject = { - .get = nftnl_expr_reject_get, - .parse = nftnl_expr_reject_parse, - .build = nftnl_expr_reject_build, -- .snprintf = nftnl_expr_reject_snprintf, -+ .snprintf_ = nftnl_expr_reject_snprintf, - }; -diff --git a/src/expr/rt.c b/src/expr/rt.c -index 1ad9b2a..9f2fdf3 100644 ---- a/src/expr/rt.c -+++ b/src/expr/rt.c -@@ -162,5 +162,5 @@ struct expr_ops expr_ops_rt = { - .get = nftnl_expr_rt_get, - .parse = nftnl_expr_rt_parse, - .build = nftnl_expr_rt_build, -- .snprintf = nftnl_expr_rt_snprintf, -+ .snprintf_ = nftnl_expr_rt_snprintf, - }; -diff --git a/src/expr/socket.c b/src/expr/socket.c -index 02d86f8..49a126b 100644 ---- a/src/expr/socket.c -+++ b/src/expr/socket.c -@@ -165,5 +165,5 @@ struct expr_ops expr_ops_socket = { - .get = nftnl_expr_socket_get, - .parse = nftnl_expr_socket_parse, - .build = nftnl_expr_socket_build, -- .snprintf = nftnl_expr_socket_snprintf, -+ .snprintf_ = nftnl_expr_socket_snprintf, - }; -diff --git a/src/expr/synproxy.c b/src/expr/synproxy.c -index 630f3f4..b22ad2f 100644 ---- a/src/expr/synproxy.c -+++ b/src/expr/synproxy.c -@@ -152,5 +152,5 @@ struct expr_ops expr_ops_synproxy = { - .get = nftnl_expr_synproxy_get, - .parse = nftnl_expr_synproxy_parse, - .build = nftnl_expr_synproxy_build, -- .snprintf = nftnl_expr_synproxy_snprintf, -+ .snprintf_ = nftnl_expr_synproxy_snprintf, - }; -diff --git a/src/expr/target.c b/src/expr/target.c -index b7c595a..31a039c 100644 ---- a/src/expr/target.c -+++ b/src/expr/target.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_target = { - .get = nftnl_expr_target_get, - .parse = nftnl_expr_target_parse, - .build = nftnl_expr_target_build, -- .snprintf = nftnl_expr_target_snprintf, -+ .snprintf_ = nftnl_expr_target_snprintf, - }; -diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c -index d3ee8f8..1b01591 100644 ---- a/src/expr/tproxy.c -+++ b/src/expr/tproxy.c -@@ -170,5 +170,5 @@ struct expr_ops expr_ops_tproxy = { - .get = nftnl_expr_tproxy_get, - .parse = nftnl_expr_tproxy_parse, - .build = nftnl_expr_tproxy_build, -- .snprintf = nftnl_expr_tproxy_snprintf, -+ .snprintf_ = nftnl_expr_tproxy_snprintf, - }; -diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c -index 1460fd2..6c2f653 100644 ---- a/src/expr/tunnel.c -+++ b/src/expr/tunnel.c -@@ -145,5 +145,5 @@ struct expr_ops expr_ops_tunnel = { - .get = nftnl_expr_tunnel_get, - .parse = nftnl_expr_tunnel_parse, - .build = nftnl_expr_tunnel_build, -- .snprintf = nftnl_expr_tunnel_snprintf, -+ .snprintf_ = nftnl_expr_tunnel_snprintf, - }; -diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c -index c81d14d..e648ee5 100644 ---- a/src/expr/xfrm.c -+++ b/src/expr/xfrm.c -@@ -196,5 +196,5 @@ struct expr_ops expr_ops_xfrm = { - .get = nftnl_expr_xfrm_get, - .parse = nftnl_expr_xfrm_parse, - .build = nftnl_expr_xfrm_build, -- .snprintf = nftnl_expr_xfrm_snprintf, -+ .snprintf_ = nftnl_expr_xfrm_snprintf, - }; -diff --git a/src/obj/counter.c b/src/obj/counter.c -index ef0cd20..0c199f7 100644 ---- a/src/obj/counter.c -+++ b/src/obj/counter.c -@@ -127,5 +127,5 @@ struct obj_ops obj_ops_counter = { - .get = nftnl_obj_counter_get, - .parse = nftnl_obj_counter_parse, - .build = nftnl_obj_counter_build, -- .snprintf = nftnl_obj_counter_snprintf, -+ .snprintf_ = nftnl_obj_counter_snprintf, - }; -diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c -index 8136ad9..b3e1d70 100644 ---- a/src/obj/ct_expect.c -+++ b/src/obj/ct_expect.c -@@ -196,5 +196,5 @@ struct obj_ops obj_ops_ct_expect = { - .get = nftnl_obj_ct_expect_get, - .parse = nftnl_obj_ct_expect_parse, - .build = nftnl_obj_ct_expect_build, -- .snprintf = nftnl_obj_ct_expect_snprintf, -+ .snprintf_ = nftnl_obj_ct_expect_snprintf, - }; -diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c -index c52032a..12b783c 100644 ---- a/src/obj/ct_helper.c -+++ b/src/obj/ct_helper.c -@@ -150,5 +150,5 @@ struct obj_ops obj_ops_ct_helper = { - .get = nftnl_obj_ct_helper_get, - .parse = nftnl_obj_ct_helper_parse, - .build = nftnl_obj_ct_helper_build, -- .snprintf = nftnl_obj_ct_helper_snprintf, -+ .snprintf_ = nftnl_obj_ct_helper_snprintf, - }; -diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c -index 1d4f8fb..0a12883 100644 ---- a/src/obj/ct_timeout.c -+++ b/src/obj/ct_timeout.c -@@ -316,5 +316,5 @@ struct obj_ops obj_ops_ct_timeout = { - .get = nftnl_obj_ct_timeout_get, - .parse = nftnl_obj_ct_timeout_parse, - .build = nftnl_obj_ct_timeout_build, -- .snprintf = nftnl_obj_ct_timeout_snprintf, -+ .snprintf_ = nftnl_obj_ct_timeout_snprintf, - }; -diff --git a/src/obj/limit.c b/src/obj/limit.c -index 8b40f9d..2f049b8 100644 ---- a/src/obj/limit.c -+++ b/src/obj/limit.c -@@ -168,5 +168,5 @@ struct obj_ops obj_ops_limit = { - .get = nftnl_obj_limit_get, - .parse = nftnl_obj_limit_parse, - .build = nftnl_obj_limit_build, -- .snprintf = nftnl_obj_limit_snprintf, -+ .snprintf_ = nftnl_obj_limit_snprintf, - }; -diff --git a/src/obj/quota.c b/src/obj/quota.c -index 8ab3300..8666334 100644 ---- a/src/obj/quota.c -+++ b/src/obj/quota.c -@@ -144,5 +144,5 @@ struct obj_ops obj_ops_quota = { - .get = nftnl_obj_quota_get, - .parse = nftnl_obj_quota_parse, - .build = nftnl_obj_quota_build, -- .snprintf = nftnl_obj_quota_snprintf, -+ .snprintf_ = nftnl_obj_quota_snprintf, - }; -diff --git a/src/obj/secmark.c b/src/obj/secmark.c -index 2ccc803..e96e06f 100644 ---- a/src/obj/secmark.c -+++ b/src/obj/secmark.c -@@ -116,5 +116,5 @@ struct obj_ops obj_ops_secmark = { - .get = nftnl_obj_secmark_get, - .parse = nftnl_obj_secmark_parse, - .build = nftnl_obj_secmark_build, -- .snprintf = nftnl_obj_secmark_snprintf, -+ .snprintf_ = nftnl_obj_secmark_snprintf, - }; -diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c -index d689fee..d06cb6d 100644 ---- a/src/obj/synproxy.c -+++ b/src/obj/synproxy.c -@@ -143,5 +143,5 @@ struct obj_ops obj_ops_synproxy = { - .get = nftnl_obj_synproxy_get, - .parse = nftnl_obj_synproxy_parse, - .build = nftnl_obj_synproxy_build, -- .snprintf = nftnl_obj_synproxy_snprintf, -+ .snprintf_ = nftnl_obj_synproxy_snprintf, - }; -diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c -index 5ede6bd..d3743ff 100644 ---- a/src/obj/tunnel.c -+++ b/src/obj/tunnel.c -@@ -547,5 +547,5 @@ struct obj_ops obj_ops_tunnel = { - .get = nftnl_obj_tunnel_get, - .parse = nftnl_obj_tunnel_parse, - .build = nftnl_obj_tunnel_build, -- .snprintf = nftnl_obj_tunnel_snprintf, -+ .snprintf_ = nftnl_obj_tunnel_snprintf, - }; -diff --git a/src/object.c b/src/object.c -index 46e208b..d321c50 100644 ---- a/src/object.c -+++ b/src/object.c -@@ -396,7 +396,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t remain, - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - if (obj->ops) { -- ret = obj->ops->snprintf(buf + offset, remain, flags, obj); -+ ret = obj->ops->snprintf_(buf + offset, remain, flags, obj); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - } - ret = snprintf(buf + offset, remain, "]"); --- -2.33.1 - diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch new file mode 100644 index 0000000000..abeca6579c --- /dev/null +++ b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-configure.ac-Add-serial-tests.patch @@ -0,0 +1,33 @@ +From 801a4dd42449fb5f09fb9cb99714ed137278ca24 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <trevor.gamblin@windriver.com> +Date: Tue, 14 Dec 2021 12:31:12 -0500 +Subject: [PATCH] configure.ac: Add serial-tests + +ptest needs buildtest-TESTS and runtest-TESTS targets. +serial-tests is required to generate those targets. + +Upstream-Status: Inappropriate (default automake behavior incompatible with ptest) + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +--- + configure.ac | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index d5c6bd0..d90048e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -8,7 +8,9 @@ AC_CONFIG_HEADERS([config.h]) + m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) + + AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-xz +- 1.6 subdir-objects]) ++ 1.6 subdir-objects serial-tests]) ++ ++AM_EXTRA_RECURSIVE_TARGETS([buildtest-TESTS]) + + dnl kernel style compile messages + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +-- +2.25.1 + diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/run-ptest b/meta-networking/recipes-filter/libnftnl/libnftnl/run-ptest new file mode 100644 index 0000000000..133cf92d02 --- /dev/null +++ b/meta-networking/recipes-filter/libnftnl/libnftnl/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +make -C tests -k runtest-TESTS diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb deleted file mode 100644 index 16de8589a7..0000000000 --- a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb +++ /dev/null @@ -1,14 +0,0 @@ -SUMMARY = "Library for low-level interaction with nftables Netlink's API over libmnl" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" -SECTION = "libs" -DEPENDS = "libmnl" - -SRCREV = "09456c720e9c00eecc08e41ac6b7c291b3821ee5" -SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \ - file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \ - " - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb new file mode 100644 index 0000000000..841a7267b8 --- /dev/null +++ b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb @@ -0,0 +1,39 @@ +SUMMARY = "Library for low-level interaction with nftables Netlink's API over libmnl" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" +SECTION = "libs" + +SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \ + file://0001-configure.ac-Add-serial-tests.patch \ + file://run-ptest \ + " +SRCREV = "83dd4dc316b4189d16ead54cd30bfc89e5160cfd" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig ptest + +DEPENDS = "libmnl" +RDEPENDS:${PN}-ptest += " bash python3-core make" + +TESTDIR = "tests" + +do_compile_ptest() { + cp -rf ${S}/build-aux . + oe_runmake buildtest-TESTS +} + +do_install_ptest() { + cp -rf ${B}/build-aux ${D}${PTEST_PATH} + install -d ${D}${PTEST_PATH}/${TESTDIR} + cp -rf ${B}/${TESTDIR}/Makefile ${D}${PTEST_PATH}/${TESTDIR} + + # the binaries compiled in ${TESTDIR} will look for a compiler to + # use, which will cause failures. Substitute the binaries in + # ${TESTDIR}/.libs instead + cp -rf ${B}/${TESTDIR}/.libs/* ${D}${PTEST_PATH}/${TESTDIR} + + # Alter the Makefile so that it does not try and rebuild anything in + # other nonexistent paths before running the actual tests + sed -i 's/^Makefile/_Makefile/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile +} diff --git a/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb b/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb index 3245455271..9b938beae3 100644 --- a/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb +++ b/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb @@ -1,14 +1,12 @@ SUMMARY = "nfacct is the command line tool to create/retrieve/delete accounting objects" HOMEPAGE = "http://netfilter.org/projects/nfacct/" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" -UPSTREAM_CHECK_URI = "ftp://ftp.netfilter.org/pub/nfacct/" - -SRC_URI = "ftp://ftp.netfilter.org/pub/${BPN}/${BP}.tar.bz2" - -SRC_URI[md5sum] = "94faafdaaed85ca9220c5692be8a408e" +UPSTREAM_CHECK_URI = "https://www.netfilter.org/pub/nfacct" +SRC_URI = "https://www.netfilter.org/pub/${BPN}/${BP}.tar.bz2" SRC_URI[sha256sum] = "ecff2218754be318bce3c3a5d1775bab93bf4168b2c4aac465785de5655fbd69" + DEPENDS = "libnfnetlink libmnl libnetfilter-acct" EXTRA_OEMAKE += 'HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}"' diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch new file mode 100644 index 0000000000..164182bb1e --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch @@ -0,0 +1,53 @@ +From 7a6089a400a573b9a4fd92f29c00a6be7b8ef269 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Thu, 2 Nov 2023 16:02:14 +0100 +Subject: [PATCH] tests: shell: Fix sets/reset_command_0 for current kernels + +Since kernel commit 4c90bba60c26 ("netfilter: nf_tables: do not refresh +timeout when resetting element"), element reset won't touch expiry +anymore. Invert the one check to make sure it remains unaltered, drop +the other testing behaviour for per-element timeouts. + +Signed-off-by: Phil Sutter <phil@nwl.cc> + +Upstream-Status: Backport +[https://git.netfilter.org/nftables/commit/?id=7a6089a400a573b9a4fd92f29c00a6be7b8ef269] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + tests/shell/testcases/sets/reset_command_0 | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0 +index e663dac8..d38ddb3f 100755 +--- a/tests/shell/testcases/sets/reset_command_0 ++++ b/tests/shell/testcases/sets/reset_command_0 +@@ -44,10 +44,10 @@ elem='element t s { 1.0.0.1 . udp . 53 }' + grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]] + echo OK + +-echo -n "counters and expiry are reset: " ++echo -n "counters are reset, expiry left alone: " + NEW=$($NFT "get $elem") + grep -q 'counter packets 0 bytes 0' <<< "$NEW" +-[[ $(expires_minutes <<< "$NEW") -gt 20 ]] ++[[ $(expires_minutes <<< "$NEW") -lt 20 ]] + echo OK + + echo -n "get map elem matches reset map elem: " +@@ -80,12 +80,6 @@ OUT=$($NFT reset map t m) + $DIFF -u <(echo "$EXP") <(echo "$OUT") + echo OK + +-echo -n "reset command respects per-element timeout: " +-VAL=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }' | expires_minutes) +-[[ $VAL -lt 15 ]] # custom timeout applies +-[[ $VAL -gt 10 ]] # expires was reset +-echo OK +- + echo -n "remaining elements are reset: " + OUT=$($NFT list ruleset) + grep -q '2.0.0.2 . tcp . 22 counter packets 0 bytes 0' <<< "$OUT" +-- +2.43.0 + diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch new file mode 100644 index 0000000000..2a966ab443 --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables/0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch @@ -0,0 +1,46 @@ +From fff913c1eefbc84eb2d9c52038ef29fe881e9ee9 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Tue, 21 Nov 2023 21:16:38 +0100 +Subject: [PATCH] tests: shell: skip secmark tests if kernel does not support + it + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + +Upstream-Status: Backport +[https://git.netfilter.org/nftables/commit/?id=fff913c1eefbc84eb2d9c52038ef29fe881e9ee9] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + tests/shell/features/secmark.nft | 7 +++++++ + tests/shell/testcases/json/0005secmark_objref_0 | 1 + + 2 files changed, 8 insertions(+) + create mode 100644 tests/shell/features/secmark.nft + +diff --git a/tests/shell/features/secmark.nft b/tests/shell/features/secmark.nft +new file mode 100644 +index 00000000..ccbb572f +--- /dev/null ++++ b/tests/shell/features/secmark.nft +@@ -0,0 +1,7 @@ ++# fb961945457f ("netfilter: nf_tables: add SECMARK support") ++# v4.20-rc1~14^2~125^2~5 ++table inet x { ++ secmark ssh_server { ++ "system_u:object_r:ssh_server_packet_t:s0" ++ } ++} +diff --git a/tests/shell/testcases/json/0005secmark_objref_0 b/tests/shell/testcases/json/0005secmark_objref_0 +index 992d1b00..5c44f093 100755 +--- a/tests/shell/testcases/json/0005secmark_objref_0 ++++ b/tests/shell/testcases/json/0005secmark_objref_0 +@@ -1,6 +1,7 @@ + #!/bin/bash + + # NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) ++# NFT_TEST_REQUIRES(NFT_TEST_HAVE_secmark) + + set -e + +-- +2.43.0 + diff --git a/meta-networking/recipes-filter/nftables/nftables/run-ptest b/meta-networking/recipes-filter/nftables/nftables/run-ptest new file mode 100644 index 0000000000..32ddf9f455 --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables/run-ptest @@ -0,0 +1,18 @@ +#!/bin/sh + +NFTABLESLIB=@libdir@/nftables +cd ${NFTABLESLIB}/ptest || exit 1 + +LOG="${NFTABLESLIB}/ptest/nftables_ptest_$(date +%Y%m%d-%H%M%S).log" +NFT=nft +tests/shell/run-tests.sh -v | sed -E '/I: \[OK\]/ s/^/PASS: / ; /W: \[(CHK DUMP|VALGRIND|TAINTED|DUMP FAIL|FAILED)\]/ s/^/FAIL: /' | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g" | tee -a "${LOG}" + +passed=$(grep -c PASS: "${LOG}") +failed=$(grep -c FAIL: "${LOG}") +all=$((passed + failed)) + +( echo "=== Test Summary ===" + echo "TOTAL: ${all}" + echo "PASSED: ${passed}" + echo "FAILED: ${failed}" +) | tee -a "${LOG}" diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.0.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.0.bb deleted file mode 100644 index 68409c9103..0000000000 --- a/meta-networking/recipes-filter/nftables/nftables_1.0.0.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Netfilter Tables userspace utillites" -SECTION = "net" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79" - -DEPENDS = "libmnl libnftnl bison-native \ - ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}" - -# Ensure we reject the 0.099 version by matching at least two dots -UPSTREAM_CHECK_REGEX = "nftables-(?P<pver>\d+(\.\d+){2,}).tar.bz2" - -SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2" -SRC_URI[sha256sum] = "58bf547daf967a2b88ecb4f425f126006ebde22711db806b25c1d6cf84fe45f4" - -inherit autotools manpages pkgconfig - -PACKAGECONFIG ??= "python readline json" -PACKAGECONFIG[json] = "--with-json, --without-json, jansson" -PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native" -PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp" -PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --with-python-bin="", python3" -PACKAGECONFIG[readline] = "--with-cli=readline, --without-cli, readline" -PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables" - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)} - -RRECOMMENDS:${PN} += "kernel-module-nf-tables" - -PACKAGES =+ "${PN}-python" -FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" -RDEPENDS:${PN}-python = "python3-core python3-json ${PN}" diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb new file mode 100644 index 0000000000..7718922742 --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb @@ -0,0 +1,106 @@ +SUMMARY = "Netfilter Tables userspace utillites" +DESCRIPTION = "nftables replaces the popular {ip,ip6,arp,eb}tables. \ + This software provides an in-kernel packet classification framework \ + that is based on a network-specific Virtual Machine (VM), \ + nft, a userspace command line tool and libnftables, a high-level userspace library." +HOMEPAGE = "https://netfilter.org/projects/nftables" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=81ec33bb3e47b460fc993ac768c74b62" + +DEPENDS = "libmnl libnftnl bison-native \ + ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}" + +SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.xz \ + file://0001-tests-shell-Fix-sets-reset_command_0-for-current-ker.patch \ + file://0001-tests-shell-skip-secmark-tests-if-kernel-does-not-su.patch \ + file://run-ptest \ + " +SRC_URI[sha256sum] = "a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd" + +inherit autotools manpages pkgconfig ptest + +PACKAGECONFIG ?= "python readline json" +PACKAGECONFIG[editline] = "--with-cli=editline, , libedit, , , linenoise readline" +PACKAGECONFIG[json] = "--with-json, --without-json, jansson" +PACKAGECONFIG[linenoise] = "--with-cli=linenoise, , linenoise, , , editline readline" +PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native" +PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp" +PACKAGECONFIG[python] = ",, python3-setuptools-native" +PACKAGECONFIG[readline] = "--with-cli=readline, , readline, , , editline linenoise" +PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables" + +EXTRA_OECONF = " \ + ${@bb.utils.contains_any('PACKAGECONFIG', 'editline linenoise readline', '', '--without-cli', d)}" + +SETUPTOOLS_SETUP_PATH = "${S}/py" + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'setuptools3', '', d)} + +PACKAGES =+ "${PN}-python" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" +RDEPENDS:${PN}-python = "python3-core python3-json ${PN}" + +# Explicitly define do_configure, do_compile and do_install because both autotools and setuptools3 +# have EXPORT_FUNCTIONS do_configure do_compile do_install +do_configure() { + autotools_do_configure + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_configure + fi +} + +do_compile() { + autotools_do_compile + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_compile + fi +} + +do_install() { + autotools_do_install + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + setuptools3_do_install + fi +} + +RDEPENDS:${PN}-ptest += " ${PN}-python bash coreutils make iproute2 iputils-ping procps python3-core python3-ctypes python3-json python3-misc sed util-linux" + +RRECOMMENDS:${PN}-ptest += "\ +kernel-module-nft-chain-nat kernel-module-nft-queue \ +kernel-module-nft-compat kernel-module-nft-quota \ +kernel-module-nft-connlimit kernel-module-nft-redir \ +kernel-module-nft-ct kernel-module-nft-reject \ +kernel-module-nft-flow-offload kernel-module-nft-reject-inet \ +kernel-module-nft-hash kernel-module-nft-reject-ipv4 \ +kernel-module-nft-limit kernel-module-nft-reject-ipv6 \ +kernel-module-nft-log kernel-module-nft-socket \ +kernel-module-nft-masq kernel-module-nft-synproxy \ +kernel-module-nft-nat kernel-module-nft-tunnel \ +kernel-module-nft-numgen kernel-module-nft-xfrm \ +kernel-module-nft-osf \ +kernel-module-nf-flow-table \ +kernel-module-nf-flow-table-inet \ +kernel-module-nf-nat \ +kernel-module-nf-log-syslog \ +kernel-module-nf-nat-ftp \ +kernel-module-nf-nat-sip \ +kernel-module-8021q \ +kernel-module-dummy" + +TESTDIR = "tests" + +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" + +do_install_ptest() { + cp -rf ${S}/build-aux ${D}${PTEST_PATH} + cp -rf ${S}/src ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/src/.libs + cp -rf ${B}/src/.libs/* ${D}${PTEST_PATH}/src/.libs + cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/ + cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}/${TESTDIR} + sed -i 's#/usr/bin/python#/usr/bin/python3#' ${D}${PTEST_PATH}/${TESTDIR}/json_echo/run-test.py + sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py + # handle multilib + sed -i s:@libdir@:${libdir}:g ${D}${PTEST_PATH}/run-ptest +} diff --git a/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.init b/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.init new file mode 100644 index 0000000000..05d284e725 --- /dev/null +++ b/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.init @@ -0,0 +1,180 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: ulogd2 ulogd +# Required-Start: $local_fs +# Should-Start: +# Required-Stop: $local_fs +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Userspace logging daemon for netfilter/iptables +### END INIT INFO + +# The definition of actions: (From LSB 3.1.0) +# start start the service +# stop stop the service +# restart stop and restart the service if the service is already running, +# otherwise start the service +# try-restart restart the service if the service is already running +# reload cause the configuration of the service to be reloaded without +# actually stopping and restarting the service +# force-reload cause the configuration to be reloaded if the service supports +# this, otherwise restart the service if it is running +# status print the current status of the service + +# The start, stop, restart, force-reload, and status actions shall be supported +# by all init scripts; the reload and the try-restart actions are optional + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +DESC="Userspace logging daemon for netfilter/iptables" +NAME="ulogd" +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="-d" +PIDFILE=/var/run/$NAME.pid + +. /etc/init.d/functions || exit 1 + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# +# Function that starts the daemon/service +# +do_start() { + local status pid + + status=0 + pid=`pidofproc $NAME` || status=$? + case $status in + 0) + echo "$DESC already running ($pid)." + exit 1 + ;; + *) + echo "Starting $DESC ..." + exec $DAEMON $DAEMON_ARGS >/dev/null 2>&1 || status=$? + echo "ERROR: Failed to start $DESC." + exit $status + ;; + esac + + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() { + local pid status + + status=0 + pid=`pidofproc $NAME` || status=$? + case $status in + 0) + # Exit when fail to stop, the kill would complain when fail + kill -s 15 $pid >/dev/null && rm -f $PIDFILE && \ + echo "Stopped $DESC ($pid)." || exit $? + ;; + *) + echo "$DESC is not running; none killed." >&2 + ;; + esac + + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + return $status +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + local pid status + + status=0 + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + pid=`pidofproc $NAME` || status=$? + case $status in + 0) + echo "Reloading $DESC ..." + kill -s 1 $pid || exit $? + ;; + *) + echo "$DESC is not running; none reloaded." >&2 + ;; + esac + exit $status +} + + +# +# Function that shows the daemon/service status +# +status_of_proc () { + local pid status + + status=0 + # pidof output null when no program is running, so no "2>/dev/null". + pid=`pidofproc $NAME` || status=$? + case $status in + 0) + echo "$DESC is running ($pid)." + exit 0 + ;; + *) + echo "$DESC is not running." >&2 + exit $status + ;; + esac +} + +case "$1" in +start) + do_start + ;; +stop) + do_stop || exit $? + ;; +status) + status_of_proc + ;; +restart) + # Always start the service regardless the status of do_stop + do_stop + do_start + ;; +try-restart|force-reload) + # force-reload is the same as reload or try-restart according + # to its definition, the reload is not implemented here, so + # force-reload is the alias of try-restart here, but it should + # be the alias of reload if reload is implemented. + # + # Only start the service when do_stop succeeds + do_stop && do_start + ;; +reload) + # If the "reload" action is implemented properly, then let the + # force-reload be the alias of reload, and remove it from + # try-restart|force-reload) + # + do_reload + ;; +*) + echo "Usage: $0 {start|stop|status|restart|try-restart|force-reload}" >&2 + exit 3 + ;; +esac + diff --git a/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.service b/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.service new file mode 100644 index 0000000000..cf62962a95 --- /dev/null +++ b/meta-networking/recipes-filter/ulogd2/ulogd2/ulogd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Netfilter Ulogd daemon +Before=network-pre.target +Wants=network-pre.target + +[Service] +ExecStart=@SBINDIR@/ulogd +ExecReload=kill -HUP ${MAINPID} + +[Install] +WantedBy=multi-user.target diff --git a/meta-networking/recipes-filter/ulogd2/ulogd2_2.0.8.bb b/meta-networking/recipes-filter/ulogd2/ulogd2_2.0.8.bb new file mode 100644 index 0000000000..d075ec4788 --- /dev/null +++ b/meta-networking/recipes-filter/ulogd2/ulogd2_2.0.8.bb @@ -0,0 +1,80 @@ +SUMMARY = "Userspace logging daemon for netfilter/iptables" +DESCRIPTION = "ulogd-2.x provides a flexible, almost universal logging daemon for \ +netfilter logging. This encompasses both packet-based logging (logging of \ +policy violations) and flow-based logging, e.g. for accounting purpose." +HOMEPAGE = "https://www.netfilter.org/projects/ulogd/index.html" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" + +DEPENDS = "libnfnetlink" +PROVIDES = "ulogd" + +PV .= "+git" + +SRC_URI = "git://git.netfilter.org/ulogd2;branch=master \ + file://ulogd.init \ + file://ulogd.service \ +" +SRCREV = "79aa980f2df9dda0c097e8f883a62f414b9e5138" + +S = "${WORKDIR}/git" + +inherit autotools manpages pkgconfig systemd update-rc.d + +PACKAGECONFIG ?= "dbi json nfacct nfct nflog pcap sqlite3 ulog" +PACKAGECONFIG[dbi] = "--enable-dbi,--disable-dbi,libdbi" +PACKAGECONFIG[json] = "--enable-json,--disable-json,jansson" +PACKAGECONFIG[manpages] = "" +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5" +PACKAGECONFIG[nfacct] = "--enable-nfacct,--disable-nfacct,libnetfilter-acct" +PACKAGECONFIG[nfct] = "--enable-nfct,--disable-nfct,libnetfilter-conntrack" +PACKAGECONFIG[nflog] = "--enable-nflog,--disable-nflog,libnetfilter-log" +PACKAGECONFIG[pcap] = "--enable-pcap,--disable-pcap,libpcap" +PACKAGECONFIG[pgsql] = "--enable-pgsql,--disable-pgsql,postgresql" +PACKAGECONFIG[sqlite3] = "--enable-sqlite3,--disable-sqlite3,sqlite3" +PACKAGECONFIG[ulog] = "--enable-ulog,--disable-ulog" + +do_install:append () { + install -d ${D}${sysconfdir} + install -m 0644 ${B}/ulogd.conf ${D}${sysconfdir}/ulogd.conf + + install -d ${D}${mandir}/man8 + install -m 0644 ${S}/ulogd.8 ${D}${mandir}/man8/ulogd.8 + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ulogd.service ${D}${systemd_system_unitdir} + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/ulogd.service + + install -d ${D}${sysconfdir}/init.d + install -m 755 ${WORKDIR}/ulogd.init ${D}${sysconfdir}/init.d/ulogd +} + +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY:${PN}-plugins = "1" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +CONFFILES:${PN} = "${sysconfdir}/ulogd.conf" +RRECOMMENDS:${PN} += "${PN}-plugins" + +FILES:${PN}-dbg += "${sbindir}/.debug" + +python split_ulogd_libs () { + libdir = d.expand('${libdir}/ulogd') + dbglibdir = os.path.join(libdir, '.debug') + + split_packages = do_split_packages(d, libdir, r'^ulogd_.*\_([A-Z0-9]*).so', '${PN}-plugin-%s', 'ulogd2 %s plugin', prepend=True) + split_dbg_packages = do_split_packages(d, dbglibdir, r'^ulogd_.*\_([A-Z0-9]*).so', '${PN}-plugin-%s-dbg', 'ulogd2 %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) +} +PACKAGESPLITFUNCS:prepend = "split_ulogd_libs " + +SYSTEMD_SERVICE:${PN} = "ulogd.service" + +INITSCRIPT_NAME = "ulogd" +INITSCRIPT_PARAMS = "defaults" |