fix the complict of the bb file
This commit is contained in:
Yunlong Xiao
commit
4f3b47d955
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
|
||||||
|
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
|
||||||
|
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
|
||||||
|
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
|
||||||
|
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
|
||||||
|
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
|
||||||
|
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
|
||||||
|
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
|
||||||
|
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
|
||||||
|
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
|
||||||
|
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
|
||||||
|
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
|
||||||
|
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
|
||||||
|
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
|
||||||
|
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
|
||||||
|
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
|
||||||
|
rqXRfboQnoZsG4q5WTP468SQvvG5
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF
|
||||||
|
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
|
||||||
|
b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL
|
||||||
|
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
|
||||||
|
b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK
|
||||||
|
gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ
|
||||||
|
W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg
|
||||||
|
1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K
|
||||||
|
8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r
|
||||||
|
2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me
|
||||||
|
z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR
|
||||||
|
8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj
|
||||||
|
mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz
|
||||||
|
7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6
|
||||||
|
+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI
|
||||||
|
0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
|
||||||
|
Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm
|
||||||
|
UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2
|
||||||
|
LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
|
||||||
|
+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS
|
||||||
|
k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl
|
||||||
|
7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm
|
||||||
|
btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl
|
||||||
|
urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+
|
||||||
|
fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63
|
||||||
|
n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE
|
||||||
|
76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H
|
||||||
|
9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT
|
||||||
|
4PsJYGw=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5
|
||||||
|
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
|
||||||
|
Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
|
||||||
|
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
|
||||||
|
Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl
|
||||||
|
ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j
|
||||||
|
QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr
|
||||||
|
ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr
|
||||||
|
BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM
|
||||||
|
YyRIHN8wfdVoOw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5
|
||||||
|
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
|
||||||
|
Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
|
||||||
|
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
|
||||||
|
Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi
|
||||||
|
9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk
|
||||||
|
M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB
|
||||||
|
/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB
|
||||||
|
MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw
|
||||||
|
CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW
|
||||||
|
1KyLa2tJElMzrdfkviT8tQp21KW8EA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -14,6 +14,10 @@ SRC_URI_append = " \
|
||||||
file://ring_buf.patch \
|
file://ring_buf.patch \
|
||||||
file://echo.patch \
|
file://echo.patch \
|
||||||
file://syslog.conf \
|
file://syslog.conf \
|
||||||
|
file://ssl/AmazonRootCA1.pem \
|
||||||
|
file://ssl/AmazonRootCA2.pem \
|
||||||
|
file://ssl/AmazonRootCA3.pem \
|
||||||
|
file://ssl/AmazonRootCA4.pem \
|
||||||
"
|
"
|
||||||
|
|
||||||
inherit systemd
|
inherit systemd
|
||||||
|
|
@ -24,6 +28,7 @@ FILES_${PN}-syslog_append = " ${systemd_unitdir}/system/busybox-syslog.service \
|
||||||
"
|
"
|
||||||
|
|
||||||
do_install_append() {
|
do_install_append() {
|
||||||
|
install -d ${D}${sysconfdir}/ssl/certs
|
||||||
cp ${WORKDIR}/syslogctl ${D}/bin/syslogctl
|
cp ${WORKDIR}/syslogctl ${D}/bin/syslogctl
|
||||||
cp ${WORKDIR}/mdlogctl ${D}/bin/mdlogctl
|
cp ${WORKDIR}/mdlogctl ${D}/bin/mdlogctl
|
||||||
cp ${WORKDIR}/syslog-start ${D}/bin/syslog-start
|
cp ${WORKDIR}/syslog-start ${D}/bin/syslog-start
|
||||||
|
|
@ -34,6 +39,10 @@ do_install_append() {
|
||||||
install -d ${D}${sysconfdir}/systemd/system
|
install -d ${D}${sysconfdir}/systemd/system
|
||||||
install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants
|
install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants
|
||||||
install -m 0644 ${WORKDIR}/tcpdump.service.in ${D}${systemd_unitdir}/system/tcpdump.service
|
install -m 0644 ${WORKDIR}/tcpdump.service.in ${D}${systemd_unitdir}/system/tcpdump.service
|
||||||
|
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA1.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA1.pem
|
||||||
|
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA2.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA2.pem
|
||||||
|
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA3.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA3.pem
|
||||||
|
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA4.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA4.pem
|
||||||
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/syslog.service
|
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/syslog.service
|
||||||
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-syslog.service
|
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-syslog.service
|
||||||
ln -sf ${systemd_unitdir}/system/busybox-klogd.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-klogd.service
|
ln -sf ${systemd_unitdir}/system/busybox-klogd.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-klogd.service
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,40 @@
|
||||||
|
From a4ed9fc8da720585f853d2ca6ffd30e2fa4d1247 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Trevor Gamblin <trevor.gamblin@windriver.com>
|
||||||
|
Date: Wed, 9 Mar 2022 12:50:39 -0500
|
||||||
|
Subject: [PATCH] Makefile.am: do not install /etc/ethertypes
|
||||||
|
|
||||||
|
The /etc/ethertypes is provided by netbase since 6.0[1].
|
||||||
|
Do not instal the file in ebtables, otherwise there would be a conflict:
|
||||||
|
Error: Transaction test error:
|
||||||
|
file /etc/ethertypes conflicts between attempted installs of
|
||||||
|
netbase-1:6.2-r0.corei7_64 and iptables-1.8.7-r0.corei7_64
|
||||||
|
|
||||||
|
[1]
|
||||||
|
https://salsa.debian.org/md/netbase/-/commit/316680c6a2c3641b6abc76b3eebf88781f609d35)
|
||||||
|
|
||||||
|
This patch is based off of the same change made for the ebtables recipe:
|
||||||
|
|
||||||
|
http://cgit.openembedded.org/meta-openembedded/tree/meta-networking/recipes-filter/ebtables/ebtables-2.0.11/0001-Makefile.am-do-not-install-etc-ethertypes.patch?h=master
|
||||||
|
|
||||||
|
Upstream-Status: Inappropriate [embedded specific]
|
||||||
|
|
||||||
|
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
||||||
|
---
|
||||||
|
Makefile.am | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 799bf8b8..2eb1843f 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -18,7 +18,6 @@ SUBDIRS += iptables
|
||||||
|
|
||||||
|
if ENABLE_NFTABLES
|
||||||
|
confdir = $(sysconfdir)
|
||||||
|
-dist_conf_DATA = etc/ethertypes
|
||||||
|
endif
|
||||||
|
|
||||||
|
.PHONY: tarball
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
||||||
|
|
@ -0,0 +1,47 @@
|
||||||
|
From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Maxin B. John" <maxin.john@intel.com>
|
||||||
|
Date: Tue, 21 Feb 2017 11:16:31 +0200
|
||||||
|
Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
|
||||||
|
|
||||||
|
This changes the configure behaviour from autodetecting
|
||||||
|
for libnfnetlink to having an option to disable it explicitly
|
||||||
|
|
||||||
|
Upstream-Status: Pending
|
||||||
|
|
||||||
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||||
|
Signed-off-by: Maxin B. John <maxin.john@intel.com>
|
||||||
|
---
|
||||||
|
configure.ac | 10 +++++++---
|
||||||
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index eda7871..03ddc50 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
|
||||||
|
AC_ARG_ENABLE([nftables],
|
||||||
|
AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
|
||||||
|
[enable_nftables="$enableval"], [enable_nftables="yes"])
|
||||||
|
+AC_ARG_ENABLE([libnfnetlink],
|
||||||
|
+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
|
||||||
|
+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
|
||||||
|
AC_ARG_ENABLE([connlabel],
|
||||||
|
AS_HELP_STRING([--disable-connlabel],
|
||||||
|
[Do not build libnetfilter_conntrack]),
|
||||||
|
@@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
|
||||||
|
AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
|
||||||
|
fi
|
||||||
|
|
||||||
|
-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
|
||||||
|
- [nfnetlink=1], [nfnetlink=0])
|
||||||
|
-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
|
||||||
|
+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
|
||||||
|
+ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
|
||||||
|
+ ])
|
||||||
|
+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
|
||||||
|
|
||||||
|
if test "x$enable_nftables" = "xyes"; then
|
||||||
|
PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
||||||
|
|
@ -0,0 +1,51 @@
|
||||||
|
From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Maxin B. John" <maxin.john@intel.com>
|
||||||
|
Date: Tue, 21 Feb 2017 11:49:07 +0200
|
||||||
|
Subject: [PATCH] configure.ac:
|
||||||
|
only-check-conntrack-when-libnfnetlink-enabled.patch
|
||||||
|
|
||||||
|
Package libnetfilter-conntrack depends on package libnfnetlink. iptables
|
||||||
|
checks package libnetfilter-conntrack whatever its package config
|
||||||
|
libnfnetlink is enabled or not. When libnfnetlink is disabled but
|
||||||
|
package libnetfilter-conntrack exists, it fails randomly with:
|
||||||
|
|
||||||
|
In file included from
|
||||||
|
.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
|
||||||
|
|
||||||
|
.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
|
||||||
|
fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
|
||||||
|
|
||||||
|
compilation terminated.
|
||||||
|
GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
|
||||||
|
Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
|
||||||
|
|
||||||
|
Upstream-Status: Pending
|
||||||
|
|
||||||
|
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
||||||
|
Signed-off-by: Maxin B. John <maxin.john@intel.com>
|
||||||
|
---
|
||||||
|
configure.ac | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 03ddc50..523caea 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -172,10 +172,12 @@ if test "$nftables" != 1; then
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test "x$enable_connlabel" = "xyes"; then
|
||||||
|
- PKG_CHECK_MODULES([libnetfilter_conntrack],
|
||||||
|
+ nfconntrack=0
|
||||||
|
+ AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
|
||||||
|
+ PKG_CHECK_MODULES([libnetfilter_conntrack],
|
||||||
|
[libnetfilter_conntrack >= 1.0.6],
|
||||||
|
[nfconntrack=1], [nfconntrack=0])
|
||||||
|
-
|
||||||
|
+ ])
|
||||||
|
if test "$nfconntrack" -ne 1; then
|
||||||
|
blacklist_modules="$blacklist_modules connlabel";
|
||||||
|
echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=IPv6 Packet Filtering Framework
|
||||||
|
Before=network-pre.target
|
||||||
|
Wants=network-pre.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
|
||||||
|
ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||||
|
*raw
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
COMMIT
|
||||||
|
# Completed on Tue Jul 12 01:22:18 2022
|
||||||
|
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||||
|
*mangle
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
COMMIT
|
||||||
|
# Completed on Tue Jul 12 01:22:18 2022
|
||||||
|
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||||
|
*filter
|
||||||
|
:INPUT DROP [0:0]
|
||||||
|
:FORWARD DROP [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -j ACCEPT
|
||||||
|
COMMIT
|
||||||
|
# Completed on Tue Jul 12 01:22:18 2022
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=IPv4 Packet Filtering Framework
|
||||||
|
Before=network-pre.target
|
||||||
|
Wants=network-pre.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||||
|
ExecReload=/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
SUMMARY = "Tools for managing kernel packet filtering capabilities"
|
||||||
|
DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \
|
||||||
|
filtering code in Linux."
|
||||||
|
HOMEPAGE = "http://www.netfilter.org/"
|
||||||
|
BUGTRACKER = "http://bugzilla.netfilter.org/"
|
||||||
|
LICENSE = "GPL-2.0-or-later"
|
||||||
|
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
|
||||||
|
file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc \
|
||||||
|
"
|
||||||
|
|
||||||
|
SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
|
||||||
|
file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
|
||||||
|
file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \
|
||||||
|
file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
|
||||||
|
file://iptables.service \
|
||||||
|
file://iptables.rules \
|
||||||
|
file://ip6tables.service \
|
||||||
|
file://ip6tables.rules \
|
||||||
|
"
|
||||||
|
SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0"
|
||||||
|
|
||||||
|
inherit autotools pkgconfig
|
||||||
|
|
||||||
|
EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
|
||||||
|
--disable-ipv6 \
|
||||||
|
"
|
||||||
|
PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
|
||||||
|
"
|
||||||
|
|
||||||
|
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
|
||||||
|
|
||||||
|
# libnfnetlink recipe is in meta-networking layer
|
||||||
|
PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
|
||||||
|
|
||||||
|
# libnftnl recipe is in meta-networking layer(previously known as libnftables)
|
||||||
|
PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
|
||||||
|
|
||||||
|
do_configure_prepend() {
|
||||||
|
# Remove some libtool m4 files
|
||||||
|
# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
|
||||||
|
rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
|
||||||
|
}
|
||||||
|
|
||||||
|
do_install_append() {
|
||||||
|
install -d ${D}${sysconfdir}/
|
||||||
|
install -d ${D}${sysconfdir}/systemd/system/
|
||||||
|
install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables.rules
|
||||||
|
install -m 0644 ${WORKDIR}/iptables.service ${D}${sysconfdir}/systemd/system/iptables.service
|
||||||
|
}
|
||||||
|
|
||||||
|
FILES_${PN} += "${libdir}/xtables/*"
|
||||||
|
INSANE_SKIP_${PN} = "dev-so"
|
||||||
|
|
@ -8,6 +8,7 @@ CONFIG_DELGROUP=y
|
||||||
CONFIG_GETTY=y
|
CONFIG_GETTY=y
|
||||||
CONFIG_LOGIN=y
|
CONFIG_LOGIN=y
|
||||||
CONFIG_PASSWD=y
|
CONFIG_PASSWD=y
|
||||||
CONFIG_SU=y
|
CONFIG_CHPASSWD=y
|
||||||
|
#CONFIG_SU=y
|
||||||
CONFIG_SULOGIN=y
|
CONFIG_SULOGIN=y
|
||||||
CONFIG_VLOCK=y
|
CONFIG_VLOCK=y
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,8 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# start appmainprog
|
# start appmainprog
|
||||||
|
echo 2 > /proc/sys/kernel/randomize_va_space
|
||||||
|
/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||||
echo auostart appmainprog
|
echo auostart appmainprog
|
||||||
hwclock -w
|
hwclock -w
|
||||||
/usr/bin/appmainprog
|
/usr/bin/appmainprog
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -535,3 +535,176 @@ CONFIG_SUNRPC_BACKCHANNEL=y
|
||||||
# CONFIG_NCP_FS is not set
|
# CONFIG_NCP_FS is not set
|
||||||
# CONFIG_CODA_FS is not set
|
# CONFIG_CODA_FS is not set
|
||||||
# CONFIG_AFS_FS is not set
|
# CONFIG_AFS_FS is not set
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Core Netfilter Configuration
|
||||||
|
#
|
||||||
|
CONFIG_NETFILTER_INGRESS=y
|
||||||
|
CONFIG_NETFILTER_NETLINK=y
|
||||||
|
# CONFIG_NETFILTER_NETLINK_ACCT is not set
|
||||||
|
CONFIG_NETFILTER_NETLINK_QUEUE=y
|
||||||
|
# CONFIG_NETFILTER_NETLINK_LOG is not set
|
||||||
|
CONFIG_NF_CONNTRACK=y
|
||||||
|
CONFIG_NF_CONNTRACK_MARK=y
|
||||||
|
CONFIG_NF_CONNTRACK_PROCFS=y
|
||||||
|
CONFIG_NF_CONNTRACK_EVENTS=y
|
||||||
|
# CONFIG_NF_CONNTRACK_TIMEOUT is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
|
||||||
|
# CONFIG_NF_CT_PROTO_DCCP is not set
|
||||||
|
# CONFIG_NF_CT_PROTO_SCTP is not set
|
||||||
|
CONFIG_NF_CT_PROTO_UDPLITE=y
|
||||||
|
# CONFIG_NF_CONNTRACK_AMANDA is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_FTP is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_H323 is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_IRC is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_SNMP is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_PPTP is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_SANE is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_SIP is not set
|
||||||
|
# CONFIG_NF_CONNTRACK_TFTP is not set
|
||||||
|
CONFIG_NF_CT_NETLINK=y
|
||||||
|
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
|
||||||
|
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
|
||||||
|
# CONFIG_NF_TABLES is not set
|
||||||
|
CONFIG_NETFILTER_XTABLES=y
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables combined modules
|
||||||
|
#
|
||||||
|
CONFIG_NETFILTER_XT_MARK=y
|
||||||
|
CONFIG_NETFILTER_XT_CONNMARK=y
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables targets
|
||||||
|
#
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_CT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_HL is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_MARK=y
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables matches
|
||||||
|
#
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HL is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_L2TP is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_MAC=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_MARK=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_POLICY=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_QUOTA2=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_REALM=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_RECENT=y
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_SOCKET=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_STATE=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_STRING=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_TIME=y
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_U32=y
|
||||||
|
# CONFIG_IP_SET is not set
|
||||||
|
# CONFIG_IP_VS is not set
|
||||||
|
|
||||||
|
#
|
||||||
|
# IP: Netfilter Configuration
|
||||||
|
#
|
||||||
|
CONFIG_NF_DEFRAG_IPV4=y
|
||||||
|
CONFIG_NF_CONNTRACK_IPV4=y
|
||||||
|
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
|
||||||
|
# CONFIG_NF_DUP_IPV4 is not set
|
||||||
|
# CONFIG_NF_LOG_ARP is not set
|
||||||
|
# CONFIG_NF_LOG_IPV4 is not set
|
||||||
|
CONFIG_NF_REJECT_IPV4=y
|
||||||
|
# CONFIG_NF_NAT_IPV4 is not set
|
||||||
|
CONFIG_IP_NF_IPTABLES=y
|
||||||
|
# CONFIG_IP_NF_MATCH_AH is not set
|
||||||
|
# CONFIG_IP_NF_MATCH_ECN is not set
|
||||||
|
# CONFIG_IP_NF_MATCH_RPFILTER is not set
|
||||||
|
# CONFIG_IP_NF_MATCH_TTL is not set
|
||||||
|
CONFIG_IP_NF_FILTER=y
|
||||||
|
CONFIG_IP_NF_TARGET_REJECT=y
|
||||||
|
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
|
||||||
|
# CONFIG_IP_NF_NAT is not set
|
||||||
|
CONFIG_IP_NF_MANGLE=y
|
||||||
|
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
|
||||||
|
# CONFIG_IP_NF_TARGET_ECN is not set
|
||||||
|
# CONFIG_IP_NF_TARGET_TTL is not set
|
||||||
|
CONFIG_IP_NF_RAW=y
|
||||||
|
# CONFIG_IP_NF_SECURITY is not set
|
||||||
|
CONFIG_IP_NF_ARPTABLES=y
|
||||||
|
# CONFIG_IP_NF_ARPFILTER is not set
|
||||||
|
# CONFIG_IP_NF_ARP_MANGLE is not set
|
||||||
|
# CONFIG_BRIDGE_NF_EBTABLES is not set
|
||||||
|
# CONFIG_IP_DCCP is not set
|
||||||
|
# CONFIG_IP_SCTP is not set
|
||||||
|
# CONFIG_RDS is not set
|
||||||
|
# CONFIG_TIPC is not set
|
||||||
|
# CONFIG_ATM is not set
|
||||||
|
# CONFIG_L2TP is not set
|
||||||
|
CONFIG_STP=y
|
||||||
|
CONFIG_BRIDGE=y
|
||||||
|
CONFIG_BRIDGE_IGMP_SNOOPING=y
|
||||||
|
# CONFIG_BRIDGE_VLAN_FILTERING is not set
|
||||||
|
CONFIG_HAVE_NET_DSA=y
|
||||||
|
CONFIG_VLAN_8021Q=y
|
||||||
|
# CONFIG_VLAN_8021Q_GVRP is not set
|
||||||
|
# CONFIG_VLAN_8021Q_MVRP is not set
|
||||||
|
# CONFIG_DECNET is not set
|
||||||
|
CONFIG_LLC=y
|
||||||
|
# CONFIG_LLC2 is not set
|
||||||
|
# CONFIG_IPX is not set
|
||||||
|
# CONFIG_ATALK is not set
|
||||||
|
# CONFIG_X25 is not set
|
||||||
|
# CONFIG_LAPB is not set
|
||||||
|
# CONFIG_PHONET is not set
|
||||||
|
# CONFIG_IEEE802154 is not set
|
||||||
|
CONFIG_NET_SCHED=y
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue