iproute2: tc: enable and fix support for using .so plugins

This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-13 11:48:55 -08:00
parent 26681fa6a6
commit fc80ef3613
2 changed files with 107 additions and 1 deletions
--- a/package/network/utils/iproute2/Makefile
+++ b/package/network/utils/iproute2/Makefile
@@ -106,6 +106,7 @@ endif

 ifeq ($(BUILD_VARIANT),tc)
  HAVE_ELF:=y
+  SHARED_LIBS:=y
 endif

 ifdef CONFIG_PACKAGE_devlink
@@ -127,7 +128,7 @@ TARGET_CPPFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny

 MAKE_FLAGS += \
 	KERNEL_INCLUDE="$(LINUX_DIR)/user_headers/include" \
-	SHARED_LIBS="" \
+	SHARED_LIBS=$(SHARED_LIBS) \
 	IP_CONFIG_TINY=$(IP_CONFIG_TINY) \
 	HAVE_ELF=$(HAVE_ELF) \
 	HAVE_MNL=$(HAVE_MNL) \
@@ -164,6 +165,10 @@ define Package/tc/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) ./files/15-teql $(1)/etc/hotplug.d/iface/
+ifeq ($(SHARED_LIBS),y)
+	$(INSTALL_DIR) $(1)/usr/lib/tc
+	$(CP) $(PKG_BUILD_DIR)/tc/*.so $(1)/usr/lib/tc
+endif
 endef

 # ensure other packages are only saved during 'tiny' builds.
--- a/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
+++ b/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
@@ -0,0 +1,101 @@
+Description: Sync header from iptables
+ The current versions in several suites have the same content:
+  - 1.6.1-2 (unstable)
+Bug: https://bugs.debian.org/868059
+Forwarded: not-needed
+Author: Cyril Brulebois <cyril@debamax.com>
+Last-Update: 2017-11-22
+--- a/include/xtables.h
+++ b/include/xtables.h
+@@ -205,9 +205,24 @@ enum xtables_ext_flags {
+ 	XTABLES_EXT_ALIAS = 1 << 0,
+ };
+ 
+struct xt_xlate;
+
+struct xt_xlate_mt_params {
+	const void			*ip;
+	const struct xt_entry_match	*match;
+	int				numeric;
+	bool				escape_quotes;
+};
+
+struct xt_xlate_tg_params {
+	const void			*ip;
+	const struct xt_entry_target	*target;
+	int				numeric;
+	bool				escape_quotes;
+};
+
+ /* Include file for additions: new matches and targets. */
+-struct xtables_match
+-{
+struct xtables_match {
+ 	/*
+ 	 * ABI/API version this module requires. Must be first member,
+ 	 * as the rest of this struct may be subject to ABI changes.
+@@ -269,6 +284,10 @@ struct xtables_match
+ 	void (*x6_fcheck)(struct xt_fcheck_call *);
+ 	const struct xt_option_entry *x6_options;
+ 
+	/* Translate iptables to nft */
+	int (*xlate)(struct xt_xlate *xl,
+		     const struct xt_xlate_mt_params *params);
+
+ 	/* Size of per-extension instance extra "global" scratch space */
+ 	size_t udata_size;
+ 
+@@ -280,8 +299,7 @@ struct xtables_match
+ 	unsigned int loaded; /* simulate loading so options are merged properly */
+ };
+ 
+-struct xtables_target
+-{
+struct xtables_target {
+ 	/*
+ 	 * ABI/API version this module requires. Must be first member,
+ 	 * as the rest of this struct may be subject to ABI changes.
+@@ -346,6 +364,10 @@ struct xtables_target
+ 	void (*x6_fcheck)(struct xt_fcheck_call *);
+ 	const struct xt_option_entry *x6_options;
+ 
+	/* Translate iptables to nft */
+	int (*xlate)(struct xt_xlate *xl,
+		     const struct xt_xlate_tg_params *params);
+
+ 	size_t udata_size;
+ 
+ 	/* Ignore these men behind the curtain: */
+@@ -406,6 +428,17 @@ struct xtables_globals
+ 
+ #define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
+ 
+/*
+ * enum op-
+ *
+ * For writing clean nftables translations code
+ */
+enum xt_op {
+	XT_OP_EQ,
+	XT_OP_NEQ,
+	XT_OP_MAX,
+};
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -548,6 +581,14 @@ extern void xtables_lmap_free(struct xta
+ extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
+ extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
+ 
+/* xlate infrastructure */
+struct xt_xlate *xt_xlate_alloc(int size);
+void xt_xlate_free(struct xt_xlate *xl);
+void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
+const char *xt_xlate_get_comment(struct xt_xlate *xl);
+const char *xt_xlate_get(struct xt_xlate *xl);
+
+ #ifdef XTABLES_INTERNAL
+ 
+ /* Shipped modules rely on this... */