[Buildroot] [PATCH] package/iptables: add nf_log.h

[Buildroot] [PATCH] package/iptables: add nf_log.h

[Markus Mayer via buildroot]

iptables generally bundles the netfilter header files inside its own
tar-ball.

Since iptables 1.8.8, it started to make use of netfilter/nf_log.h, but
didn't include it in the iptables tar-ball. This can lead to build
failures.

Add a patch that rectifies this for iptables 1.8.8.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
---
 .../0001-netfilter-add-nf_log.h.patch         | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 package/iptables/0001-netfilter-add-nf_log.h.patch

diff --git a/package/iptables/0001-netfilter-add-nf_log.h.patch b/package/iptables/0001-netfilter-add-nf_log.h.patch
new file mode 100644
index 000000000000..c014c45931e9
--- /dev/null
+++ b/package/iptables/0001-netfilter-add-nf_log.h.patch
@@ -0,0 +1,37 @@
+From 15ea3fa147dea25d8cae3c2ac417142f2e0f029e Mon Sep 17 00:00:00 2001
+From: Markus Mayer <mmayer@broadcom.com>
+To: Netfilter Mailing List <netfilter-devel@vger.kernel.org>
+Date: Thu, 16 Jun 2022 15:29:58 -0700
+Subject: [PATCH] netfilter: add nf_log.h
+
+Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should
+be bundled alongside the other netfilter kernel headers.
+
+This copy of nf_log.h was taken from Linux 5.18.
+
+Signed-off-by: Markus Mayer <mmayer@broadcom.com>
+---
+diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
+new file mode 100644
+index 000000000000..2ae00932d3d2
+--- /dev/null
++++ b/include/linux/netfilter/nf_log.h
+@@ -0,0 +1,15 @@
++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
++#ifndef _NETFILTER_NF_LOG_H
++#define _NETFILTER_NF_LOG_H
++
++#define NF_LOG_TCPSEQ		0x01	/* Log TCP sequence numbers */
++#define NF_LOG_TCPOPT		0x02	/* Log TCP options */
++#define NF_LOG_IPOPT		0x04	/* Log IP options */
++#define NF_LOG_UID		0x08	/* Log UID owning local socket */
++#define NF_LOG_NFLOG		0x10	/* Unsupported, don't reuse */
++#define NF_LOG_MACDECODE	0x20	/* Decode MAC header */
++#define NF_LOG_MASK		0x2f
++
++#define NF_LOG_PREFIXLEN	128
++
++#endif /* _NETFILTER_NF_LOG_H */
+-- 
+2.25.1
+
-- 
2.25.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/iptables: add nf_log.h

[Markus Mayer via buildroot]

On Thu, 16 Jun 2022 at 16:23, Markus Mayer <mmayer@broadcom.com> wrote:
>
> iptables generally bundles the netfilter header files inside its own
> tar-ball.
>
> Since iptables 1.8.8, it started to make use of netfilter/nf_log.h, but
> didn't include it in the iptables tar-ball. This can lead to build
> failures.
>
> Add a patch that rectifies this for iptables 1.8.8.

This change has now been accepted upstream.

https://git.netfilter.org/iptables/commit/?id=9ea7e6aa638d0dfa14613f6f97e6dc06c857e609

Since there isn't an iptables 1.8.9 yet, would it be possible to
accept the patch below into Buildroot for now, until the next iptables
release becomes available?

Thanks,
-Markus

> Signed-off-by: Markus Mayer <mmayer@broadcom.com>
> ---
>  .../0001-netfilter-add-nf_log.h.patch         | 37 +++++++++++++++++++
>  1 file changed, 37 insertions(+)
>  create mode 100644 package/iptables/0001-netfilter-add-nf_log.h.patch
>
> diff --git a/package/iptables/0001-netfilter-add-nf_log.h.patch b/package/iptables/0001-netfilter-add-nf_log.h.patch
> new file mode 100644
> index 000000000000..c014c45931e9
> --- /dev/null
> +++ b/package/iptables/0001-netfilter-add-nf_log.h.patch
> @@ -0,0 +1,37 @@
> +From 15ea3fa147dea25d8cae3c2ac417142f2e0f029e Mon Sep 17 00:00:00 2001
> +From: Markus Mayer <mmayer@broadcom.com>
> +To: Netfilter Mailing List <netfilter-devel@vger.kernel.org>
> +Date: Thu, 16 Jun 2022 15:29:58 -0700
> +Subject: [PATCH] netfilter: add nf_log.h
> +
> +Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should
> +be bundled alongside the other netfilter kernel headers.
> +
> +This copy of nf_log.h was taken from Linux 5.18.
> +
> +Signed-off-by: Markus Mayer <mmayer@broadcom.com>
> +---
> +diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
> +new file mode 100644
> +index 000000000000..2ae00932d3d2
> +--- /dev/null
> ++++ b/include/linux/netfilter/nf_log.h
> +@@ -0,0 +1,15 @@
> ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> ++#ifndef _NETFILTER_NF_LOG_H
> ++#define _NETFILTER_NF_LOG_H
> ++
> ++#define NF_LOG_TCPSEQ         0x01    /* Log TCP sequence numbers */
> ++#define NF_LOG_TCPOPT         0x02    /* Log TCP options */
> ++#define NF_LOG_IPOPT          0x04    /* Log IP options */
> ++#define NF_LOG_UID            0x08    /* Log UID owning local socket */
> ++#define NF_LOG_NFLOG          0x10    /* Unsupported, don't reuse */
> ++#define NF_LOG_MACDECODE      0x20    /* Decode MAC header */
> ++#define NF_LOG_MASK           0x2f
> ++
> ++#define NF_LOG_PREFIXLEN      128
> ++
> ++#endif /* _NETFILTER_NF_LOG_H */
> +--
> +2.25.1
> +
> --
> 2.25.1
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot