* [Buildroot] [PATCH] package/iptables: add nf_log.h
@ 2022-06-16 23:23 Markus Mayer via buildroot
2022-06-30 21:21 ` Markus Mayer via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Markus Mayer via buildroot @ 2022-06-16 23:23 UTC (permalink / raw)
To: Buildroot Mailing List; +Cc: Markus Mayer
iptables generally bundles the netfilter header files inside its own
tar-ball.
Since iptables 1.8.8, it started to make use of netfilter/nf_log.h, but
didn't include it in the iptables tar-ball. This can lead to build
failures.
Add a patch that rectifies this for iptables 1.8.8.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
---
.../0001-netfilter-add-nf_log.h.patch | 37 +++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 package/iptables/0001-netfilter-add-nf_log.h.patch
diff --git a/package/iptables/0001-netfilter-add-nf_log.h.patch b/package/iptables/0001-netfilter-add-nf_log.h.patch
new file mode 100644
index 000000000000..c014c45931e9
--- /dev/null
+++ b/package/iptables/0001-netfilter-add-nf_log.h.patch
@@ -0,0 +1,37 @@
+From 15ea3fa147dea25d8cae3c2ac417142f2e0f029e Mon Sep 17 00:00:00 2001
+From: Markus Mayer <mmayer@broadcom.com>
+To: Netfilter Mailing List <netfilter-devel@vger.kernel.org>
+Date: Thu, 16 Jun 2022 15:29:58 -0700
+Subject: [PATCH] netfilter: add nf_log.h
+
+Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should
+be bundled alongside the other netfilter kernel headers.
+
+This copy of nf_log.h was taken from Linux 5.18.
+
+Signed-off-by: Markus Mayer <mmayer@broadcom.com>
+---
+diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
+new file mode 100644
+index 000000000000..2ae00932d3d2
+--- /dev/null
++++ b/include/linux/netfilter/nf_log.h
+@@ -0,0 +1,15 @@
++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
++#ifndef _NETFILTER_NF_LOG_H
++#define _NETFILTER_NF_LOG_H
++
++#define NF_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
++#define NF_LOG_TCPOPT 0x02 /* Log TCP options */
++#define NF_LOG_IPOPT 0x04 /* Log IP options */
++#define NF_LOG_UID 0x08 /* Log UID owning local socket */
++#define NF_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
++#define NF_LOG_MACDECODE 0x20 /* Decode MAC header */
++#define NF_LOG_MASK 0x2f
++
++#define NF_LOG_PREFIXLEN 128
++
++#endif /* _NETFILTER_NF_LOG_H */
+--
+2.25.1
+
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH] package/iptables: add nf_log.h
2022-06-16 23:23 [Buildroot] [PATCH] package/iptables: add nf_log.h Markus Mayer via buildroot
@ 2022-06-30 21:21 ` Markus Mayer via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Markus Mayer via buildroot @ 2022-06-30 21:21 UTC (permalink / raw)
To: Buildroot Mailing List
On Thu, 16 Jun 2022 at 16:23, Markus Mayer <mmayer@broadcom.com> wrote:
>
> iptables generally bundles the netfilter header files inside its own
> tar-ball.
>
> Since iptables 1.8.8, it started to make use of netfilter/nf_log.h, but
> didn't include it in the iptables tar-ball. This can lead to build
> failures.
>
> Add a patch that rectifies this for iptables 1.8.8.
This change has now been accepted upstream.
https://git.netfilter.org/iptables/commit/?id=9ea7e6aa638d0dfa14613f6f97e6dc06c857e609
Since there isn't an iptables 1.8.9 yet, would it be possible to
accept the patch below into Buildroot for now, until the next iptables
release becomes available?
Thanks,
-Markus
> Signed-off-by: Markus Mayer <mmayer@broadcom.com>
> ---
> .../0001-netfilter-add-nf_log.h.patch | 37 +++++++++++++++++++
> 1 file changed, 37 insertions(+)
> create mode 100644 package/iptables/0001-netfilter-add-nf_log.h.patch
>
> diff --git a/package/iptables/0001-netfilter-add-nf_log.h.patch b/package/iptables/0001-netfilter-add-nf_log.h.patch
> new file mode 100644
> index 000000000000..c014c45931e9
> --- /dev/null
> +++ b/package/iptables/0001-netfilter-add-nf_log.h.patch
> @@ -0,0 +1,37 @@
> +From 15ea3fa147dea25d8cae3c2ac417142f2e0f029e Mon Sep 17 00:00:00 2001
> +From: Markus Mayer <mmayer@broadcom.com>
> +To: Netfilter Mailing List <netfilter-devel@vger.kernel.org>
> +Date: Thu, 16 Jun 2022 15:29:58 -0700
> +Subject: [PATCH] netfilter: add nf_log.h
> +
> +Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should
> +be bundled alongside the other netfilter kernel headers.
> +
> +This copy of nf_log.h was taken from Linux 5.18.
> +
> +Signed-off-by: Markus Mayer <mmayer@broadcom.com>
> +---
> +diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
> +new file mode 100644
> +index 000000000000..2ae00932d3d2
> +--- /dev/null
> ++++ b/include/linux/netfilter/nf_log.h
> +@@ -0,0 +1,15 @@
> ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> ++#ifndef _NETFILTER_NF_LOG_H
> ++#define _NETFILTER_NF_LOG_H
> ++
> ++#define NF_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
> ++#define NF_LOG_TCPOPT 0x02 /* Log TCP options */
> ++#define NF_LOG_IPOPT 0x04 /* Log IP options */
> ++#define NF_LOG_UID 0x08 /* Log UID owning local socket */
> ++#define NF_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
> ++#define NF_LOG_MACDECODE 0x20 /* Decode MAC header */
> ++#define NF_LOG_MASK 0x2f
> ++
> ++#define NF_LOG_PREFIXLEN 128
> ++
> ++#endif /* _NETFILTER_NF_LOG_H */
> +--
> +2.25.1
> +
> --
> 2.25.1
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-06-30 21:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-16 23:23 [Buildroot] [PATCH] package/iptables: add nf_log.h Markus Mayer via buildroot
2022-06-30 21:21 ` Markus Mayer via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.