[OE-core] [PATCH 2/2] iptables: upgrade to 1.6.1
Maxin B. John
maxin.john at intel.com
Tue Feb 21 11:55:07 UTC 2017
1.6.0 -> 1.6.1
Refreshed the following patches:
a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
Signed-off-by: Maxin B. John <maxin.john at intel.com>
---
...Add-option-to-enable-disable-libnfnetlink.patch | 28 ++++++++----
...check-conntrack-when-libnfnetlink-enabled.patch | 53 ++++++++++++++--------
.../{iptables_1.6.0.bb => iptables_1.6.1.bb} | 4 +-
3 files changed, 56 insertions(+), 29 deletions(-)
rename meta/recipes-extended/iptables/{iptables_1.6.0.bb => iptables_1.6.1.bb} (93%)
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
index b711b7a..03c36cc 100644
--- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -1,4 +1,7 @@
-[PATCH] configure: Add option to enable/disable libnfnetlink
+From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john at intel.com>
+Date: Tue, 21 Feb 2017 11:16:31 +0200
+Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
This changes the configure behaviour from autodetecting
for libnfnetlink to having an option to disable it explicitly
@@ -8,20 +11,24 @@ Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Maxin B. John <maxin.john at intel.com>
---
-diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
---- iptables-1.6.0-old/configure.ac 2015-12-28 18:40:35.255417976 +0200
-+++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200
-@@ -63,6 +63,9 @@
+ configure.ac | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index eda7871..03ddc50 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
AC_ARG_ENABLE([nftables],
AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
[enable_nftables="$enableval"], [enable_nftables="yes"])
+AC_ARG_ENABLE([libnfnetlink],
+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
-
- libiptc_LDFLAGS2="";
- AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
-@@ -123,9 +126,10 @@
+ AC_ARG_ENABLE([connlabel],
+ AS_HELP_STRING([--disable-connlabel],
+ [Do not build libnetfilter_conntrack]),
+@@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
fi
@@ -35,3 +42,6 @@ diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
if test "x$enable_nftables" = "xyes"; then
PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
+--
+2.4.0
+
diff --git a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
index 89ad8f6..7842c64 100644
--- a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
+++ b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
@@ -1,34 +1,51 @@
+From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john at intel.com>
+Date: Tue, 21 Feb 2017 11:49:07 +0200
+Subject: [PATCH] configure.ac:
+ only-check-conntrack-when-libnfnetlink-enabled.patch
+
Package libnetfilter-conntrack depends on package libnfnetlink. iptables
checks package libnetfilter-conntrack whatever its package config
libnfnetlink is enabled or not. When libnfnetlink is disabled but
package libnetfilter-conntrack exists, it fails randomly with:
-| In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
-| .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
-| compilation terminated.
-| GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
+In file included from
+.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
+
+.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
+fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
+compilation terminated.
+GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
Upstream-Status: Pending
Signed-off-by: Kai Kang <kai.kang at windriver.com>
+Signed-off-by: Maxin B. John <maxin.john at intel.com>
+---
+ configure.ac | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 5d7e62b..e331ee7 100644
+index 03ddc50..523caea 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -88,8 +88,12 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
- blacklist_modules="$blacklist_modules ipvs";
- fi;
+@@ -172,10 +172,12 @@ if test "$nftables" != 1; then
+ fi
--PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
-+nfconntrack=0
-+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
-+ PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
- [nfconntrack=1], [nfconntrack=0])
-+ ])
-+
- AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
-
- if test "$nfconntrack" -ne 1; then
+ if test "x$enable_connlabel" = "xyes"; then
+- PKG_CHECK_MODULES([libnetfilter_conntrack],
++ nfconntrack=0
++ AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
++ PKG_CHECK_MODULES([libnetfilter_conntrack],
+ [libnetfilter_conntrack >= 1.0.6],
+ [nfconntrack=1], [nfconntrack=0])
+-
++ ])
+ if test "$nfconntrack" -ne 1; then
+ blacklist_modules="$blacklist_modules connlabel";
+ echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+--
+2.4.0
+
diff --git a/meta/recipes-extended/iptables/iptables_1.6.0.bb b/meta/recipes-extended/iptables/iptables_1.6.1.bb
similarity index 93%
rename from meta/recipes-extended/iptables/iptables_1.6.0.bb
rename to meta/recipes-extended/iptables/iptables_1.6.1.bb
index fbbe418..9b4c050 100644
--- a/meta/recipes-extended/iptables/iptables_1.6.0.bb
+++ b/meta/recipes-extended/iptables/iptables_1.6.1.bb
@@ -25,8 +25,8 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
"
SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
-SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
-SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
+SRC_URI[md5sum] = "ab38a33806b6182c6f53d6afb4619add"
+SRC_URI[sha256sum] = "0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5"
inherit autotools pkgconfig
--
2.4.0
More information about the Openembedded-core
mailing list