diff --git a/libs/libnetfilter-log/Makefile b/libs/libnetfilter-log/Makefile new file mode 100644 index 000000000..7dc45a01c --- /dev/null +++ b/libs/libnetfilter-log/Makefile @@ -0,0 +1,75 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=libnetfilter_log +PKG_VERSION:=1.0.1 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:= \ + http://www.netfilter.org/projects/libnetfilter_log/files/ \ + ftp://ftp.netfilter.org/pub/libnetfilter_log/ +PKG_HASH:=74e0fe75753dba3ac114531b5e73240452c789a3f3adccf5c51217da1d933b21 +PKG_MAINTAINER:=Yousong Zhou + +PKG_FIXUP:=autoreconf +PKG_LICENSE:=GPL-2.0+ + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/libnetfilter-log + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+libnfnetlink +kmod-nfnetlink-log +libmnl + TITLE:=API to receive to-be-logged packets from the kernel nfnetlink_log subsystem + URL:=http://www.netfilter.org/projects/libnetfilter_log/ + ABI_VERSION:=1 +endef + +define Package/libnetfilter-log/description + libnetfilter_log is a userspace library providing interface to packets that + have been logged by the kernel packet filter. It is is part of a system that + deprecates the old syslog/dmesg based packet logging. This library has been + previously known as libnfnetlink_log. +endef + +TARGET_CFLAGS += $(FPIC) + +CONFIGURE_ARGS += \ + --enable-static \ + --enable-shared \ + --without-ipulog \ + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/libnetfilter_log + $(CP) \ + $(PKG_INSTALL_DIR)/usr/include/libnetfilter_log/*.h \ + $(1)/usr/include/libnetfilter_log/ + + $(INSTALL_DIR) $(1)/usr/lib + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/libnetfilter_log.{so*,a,la} \ + $(1)/usr/lib/ + + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnetfilter_log.pc \ + $(1)/usr/lib/pkgconfig/ +endef + +define Package/libnetfilter-log/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/libnetfilter_log.so.* \ + $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libnetfilter-log)) diff --git a/libs/libnetfilter-log/patches/0001-build-remove-unnecessary-pkgconfig-config.status-dep.patch b/libs/libnetfilter-log/patches/0001-build-remove-unnecessary-pkgconfig-config.status-dep.patch new file mode 100644 index 000000000..c9b325b4d --- /dev/null +++ b/libs/libnetfilter-log/patches/0001-build-remove-unnecessary-pkgconfig-config.status-dep.patch @@ -0,0 +1,25 @@ +From 8858b8eacd1385f99796ead78b3a7157c5e93121 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Sun, 24 Jun 2012 14:57:14 +0200 +Subject: [PATCH 1/6] build: remove unnecessary pkgconfig->config.status + dependency + +The flags obtained from pkgconfig are in essence preprocessor ones. + +Signed-off-by: Jan Engelhardt +--- + Make_global.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Make_global.am b/Make_global.am +index b7dab7b..a4e9bd9 100644 +--- a/Make_global.am ++++ b/Make_global.am +@@ -1,2 +1,2 @@ +-AM_CPPFLAGS = -I${top_srcdir}/include +-AM_CFLAGS = -Wall ${LIBNFNETLINK_CFLAGS} ++AM_CPPFLAGS = -I${top_srcdir}/include ${LIBNFNETLINK_CFLAGS} ++AM_CFLAGS = -Wall +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0002-build-remove-unused-lines-in-Makefile.am.patch b/libs/libnetfilter-log/patches/0002-build-remove-unused-lines-in-Makefile.am.patch new file mode 100644 index 000000000..ce47198ff --- /dev/null +++ b/libs/libnetfilter-log/patches/0002-build-remove-unused-lines-in-Makefile.am.patch @@ -0,0 +1,24 @@ +From fee63b81ee432d0b3e03ffcf9f54cda99476f267 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Sun, 24 Jun 2012 14:57:48 +0200 +Subject: [PATCH 2/6] build: remove unused lines in Makefile.am + +Signed-off-by: Jan Engelhardt +--- + Makefile.am | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index b758e56..9a1cbcb 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,4 @@ +-AM_CPPFLAGS = -I$(top_srcdir)/include + SUBDIRS = include src utils +-LINKOPTS = -lnfnetlink + + ACLOCAL_AMFLAGS = -I m4 + +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0003-build-resolve-automake-1.12-warnings.patch b/libs/libnetfilter-log/patches/0003-build-resolve-automake-1.12-warnings.patch new file mode 100644 index 000000000..77cb1b492 --- /dev/null +++ b/libs/libnetfilter-log/patches/0003-build-resolve-automake-1.12-warnings.patch @@ -0,0 +1,29 @@ +From 1aa23946431ac593568ccac0e0b6925e7dfd7bd3 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Mon, 8 Oct 2012 15:15:07 +0200 +Subject: [PATCH 3/6] build: resolve automake-1.12 warnings + +am/ltlibrary.am: warning: 'libnetfilter_log.la': linking libtool +libraries using a non-POSIX archiver requires 'AM_PROG_AR' in +'configure.ac' + +Signed-off-by: Jan Engelhardt +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configure.ac b/configure.ac +index fe6e75f..e6e1317 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -7,6 +7,7 @@ AC_CONFIG_MACRO_DIR([m4]) + + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects + tar-pax no-dist-gzip dist-bzip2 1.6]) ++m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) + + dnl kernel style compile messages + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0004-Add-include-needed-for-integer-type-definition.patch b/libs/libnetfilter-log/patches/0004-Add-include-needed-for-integer-type-definition.patch new file mode 100644 index 000000000..78578750b --- /dev/null +++ b/libs/libnetfilter-log/patches/0004-Add-include-needed-for-integer-type-definition.patch @@ -0,0 +1,24 @@ +From 7529487f70e244cd31ef84b037b1c32749c134a7 Mon Sep 17 00:00:00 2001 +From: Eric Leblond +Date: Sun, 4 Nov 2012 09:29:44 +0100 +Subject: [PATCH 4/6] Add include needed for integer type definition. + +--- + include/libnetfilter_log/libnetfilter_log.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h +index 6b0d3b0..a1331de 100644 +--- a/include/libnetfilter_log/libnetfilter_log.h ++++ b/include/libnetfilter_log/libnetfilter_log.h +@@ -9,6 +9,7 @@ + #ifndef __LIBNETFILTER_LOG_H + #define __LIBNETFILTER_LOG_H + ++#include + #include + + struct nflog_handle; +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0005-configure-uclinux-is-also-linux.patch b/libs/libnetfilter-log/patches/0005-configure-uclinux-is-also-linux.patch new file mode 100644 index 000000000..ff78bb3ea --- /dev/null +++ b/libs/libnetfilter-log/patches/0005-configure-uclinux-is-also-linux.patch @@ -0,0 +1,27 @@ +From 2f22d3c4453135c27873b9014e9dc5b5712804df Mon Sep 17 00:00:00 2001 +From: Gustavo Zacarias +Date: Tue, 10 Sep 2013 16:23:31 -0300 +Subject: [PATCH 5/6] configure: uclinux is also linux + +Signed-off-by: Gustavo Zacarias +Signed-off-by: Pablo Neira Ayuso +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index e6e1317..189a753 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -20,7 +20,7 @@ AC_PROG_INSTALL + AC_PROG_LN_S + + case "$host" in +-*-*-linux*) ;; ++*-*-linux* | *-*-uclinux*) ;; + *) AC_MSG_ERROR([Linux only, dude!]);; + esac + +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0006-configure-add-without-ipulog-option-to-disable-libip.patch b/libs/libnetfilter-log/patches/0006-configure-add-without-ipulog-option-to-disable-libip.patch new file mode 100644 index 000000000..839f81bbb --- /dev/null +++ b/libs/libnetfilter-log/patches/0006-configure-add-without-ipulog-option-to-disable-libip.patch @@ -0,0 +1,95 @@ +From a1b392b4156db984ab2b695a4a70d113f70cb9b8 Mon Sep 17 00:00:00 2001 +From: Matthieu Crapet +Date: Wed, 5 Feb 2014 14:18:57 +0100 +Subject: [PATCH 6/6] configure: add --without-ipulog option to disable + libipulog build + +This is a compat library used for netfilter ULOG target. +ULOG only works with IPv4. NFLOG has replaced ULOG. + +Signed-off-by: Matthieu Crapet +Signed-off-by: Pablo Neira Ayuso +--- + configure.ac | 5 +++++ + include/libnetfilter_log/Makefile.am | 5 ++++- + src/Makefile.am | 6 +++++- + utils/Makefile.am | 7 +++++-- + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 189a753..88ff7ab 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -24,6 +24,11 @@ case "$host" in + *) AC_MSG_ERROR([Linux only, dude!]);; + esac + ++AC_ARG_WITH([ipulog], ++ AC_HELP_STRING([--without-ipulog], [don't build libipulog compat library]), ++ [ipulog_skip=1], [ipulog_skip=0]) ++AM_CONDITIONAL([BUILD_IPULOG], [test $ipulog_skip = 0]) ++ + dnl Dependencies + PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 0.0.41]) + +diff --git a/include/libnetfilter_log/Makefile.am b/include/libnetfilter_log/Makefile.am +index fe934f1..fde1d60 100644 +--- a/include/libnetfilter_log/Makefile.am ++++ b/include/libnetfilter_log/Makefile.am +@@ -1,3 +1,6 @@ + +-pkginclude_HEADERS = libnetfilter_log.h libipulog.h linux_nfnetlink_log.h ++pkginclude_HEADERS = libnetfilter_log.h linux_nfnetlink_log.h + ++if BUILD_IPULOG ++pkginclude_HEADERS += libipulog.h ++endif +diff --git a/src/Makefile.am b/src/Makefile.am +index 10a66e2..33933a4 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -22,14 +22,18 @@ LIBVERSION=2:0:1 + + include ${top_srcdir}/Make_global.am + +-lib_LTLIBRARIES = libnetfilter_log.la libnetfilter_log_libipulog.la ++lib_LTLIBRARIES = libnetfilter_log.la + + libnetfilter_log_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \ + -version-info $(LIBVERSION) + libnetfilter_log_la_SOURCES = libnetfilter_log.c + libnetfilter_log_la_LIBADD = ${LIBNFNETLINK_LIBS} + ++if BUILD_IPULOG ++lib_LTLIBRARIES += libnetfilter_log_libipulog.la ++ + libnetfilter_log_libipulog_la_LDFLAGS = -Wc,-nostartfiles \ + -version-info 1:0:0 + libnetfilter_log_libipulog_la_LIBADD = libnetfilter_log.la + libnetfilter_log_libipulog_la_SOURCES = libipulog_compat.c ++endif +diff --git a/utils/Makefile.am b/utils/Makefile.am +index ae64c90..f961b6c 100644 +--- a/utils/Makefile.am ++++ b/utils/Makefile.am +@@ -1,12 +1,15 @@ + include ${top_srcdir}/Make_global.am + +-check_PROGRAMS = nfulnl_test ulog_test ++check_PROGRAMS = nfulnl_test + + nfulnl_test_SOURCES = nfulnl_test.c + nfulnl_test_LDADD = ../src/libnetfilter_log.la + nfulnl_test_LDFLAGS = -dynamic + ++if BUILD_IPULOG ++check_PROGRAMS += ulog_test ++ + ulog_test_SOURCES = ulog_test.c + ulog_test_LDADD = ../src/libnetfilter_log_libipulog.la ../src/libnetfilter_log.la + ulog_test_LDFLAGS = -dynamic +- ++endif +-- +1.7.10.4 + diff --git a/libs/libnetfilter-log/patches/0007-include-Sync-with-current-kernel-headers.patch b/libs/libnetfilter-log/patches/0007-include-Sync-with-current-kernel-headers.patch new file mode 100644 index 000000000..f7f733402 --- /dev/null +++ b/libs/libnetfilter-log/patches/0007-include-Sync-with-current-kernel-headers.patch @@ -0,0 +1,108 @@ +From 614d8b6cfb969c6102ef320de22b1eb199efce2a Mon Sep 17 00:00:00 2001 +From: Felix Janda +Date: Sat, 16 May 2015 13:37:53 +0200 +Subject: include: Sync with current kernel headers + +Signed-off-by: Felix Janda +Signed-off-by: Pablo Neira Ayuso +--- + include/libnetfilter_log/linux_nfnetlink_log.h | 51 +++++++++++++------------- + 1 file changed, 25 insertions(+), 26 deletions(-) + +diff --git a/include/libnetfilter_log/linux_nfnetlink_log.h b/include/libnetfilter_log/linux_nfnetlink_log.h +index 4c802c8..9f38277 100644 +--- a/include/libnetfilter_log/linux_nfnetlink_log.h ++++ b/include/libnetfilter_log/linux_nfnetlink_log.h +@@ -20,33 +20,31 @@ enum nfulnl_msg_types { + }; + + struct nfulnl_msg_packet_hdr { +- u_int16_t hw_protocol; /* hw protocol (network order) */ +- u_int8_t hook; /* netfilter hook */ +- u_int8_t _pad; +-} __attribute__ ((packed)); ++ __be16 hw_protocol; /* hw protocol (network order) */ ++ __u8 hook; /* netfilter hook */ ++ __u8 _pad; ++}; + + struct nfulnl_msg_packet_hw { +- u_int16_t hw_addrlen; +- u_int16_t _pad; +- u_int8_t hw_addr[8]; +-} __attribute__ ((packed)); ++ __be16 hw_addrlen; ++ __u16 _pad; ++ __u8 hw_addr[8]; ++}; + + struct nfulnl_msg_packet_timestamp { +- aligned_u64 sec; +- aligned_u64 usec; +-} __attribute__ ((packed)); +- +-#define NFULNL_PREFIXLEN 30 /* just like old log target */ ++ __aligned_be64 sec; ++ __aligned_be64 usec; ++}; + + enum nfulnl_attr_type { + NFULA_UNSPEC, + NFULA_PACKET_HDR, +- NFULA_MARK, /* u_int32_t nfmark */ ++ NFULA_MARK, /* __u32 nfmark */ + NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */ +- NFULA_IFINDEX_INDEV, /* u_int32_t ifindex */ +- NFULA_IFINDEX_OUTDEV, /* u_int32_t ifindex */ +- NFULA_IFINDEX_PHYSINDEV, /* u_int32_t ifindex */ +- NFULA_IFINDEX_PHYSOUTDEV, /* u_int32_t ifindex */ ++ NFULA_IFINDEX_INDEV, /* __u32 ifindex */ ++ NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */ ++ NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ ++ NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ + NFULA_HWADDR, /* nfulnl_msg_packet_hw */ + NFULA_PAYLOAD, /* opaque data payload */ + NFULA_PREFIX, /* string prefix */ +@@ -71,23 +69,23 @@ enum nfulnl_msg_config_cmds { + }; + + struct nfulnl_msg_config_cmd { +- u_int8_t command; /* nfulnl_msg_config_cmds */ ++ __u8 command; /* nfulnl_msg_config_cmds */ + } __attribute__ ((packed)); + + struct nfulnl_msg_config_mode { +- u_int32_t copy_range; +- u_int8_t copy_mode; +- u_int8_t _pad; ++ __be32 copy_range; ++ __u8 copy_mode; ++ __u8 _pad; + } __attribute__ ((packed)); + + enum nfulnl_attr_config { + NFULA_CFG_UNSPEC, + NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */ + NFULA_CFG_MODE, /* nfulnl_msg_config_mode */ +- NFULA_CFG_NLBUFSIZ, /* u_int32_t buffer size */ +- NFULA_CFG_TIMEOUT, /* u_int32_t in 1/100 s */ +- NFULA_CFG_QTHRESH, /* u_int32_t */ +- NFULA_CFG_FLAGS, /* u_int16_t */ ++ NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */ ++ NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */ ++ NFULA_CFG_QTHRESH, /* __u32 */ ++ NFULA_CFG_FLAGS, /* __u16 */ + __NFULA_CFG_MAX + }; + #define NFULA_CFG_MAX (__NFULA_CFG_MAX -1) +@@ -95,6 +93,7 @@ enum nfulnl_attr_config { + #define NFULNL_COPY_NONE 0x00 + #define NFULNL_COPY_META 0x01 + #define NFULNL_COPY_PACKET 0x02 ++/* 0xff is reserved, don't use it for new copy modes. */ + + #define NFULNL_CFG_F_SEQ 0x0001 + #define NFULNL_CFG_F_SEQ_GLOBAL 0x0002 +-- +2.11.0 + diff --git a/libs/libnetfilter-log/patches/0008-include-Sync-with-current-kernel-headers.patch b/libs/libnetfilter-log/patches/0008-include-Sync-with-current-kernel-headers.patch new file mode 100644 index 000000000..60973a276 --- /dev/null +++ b/libs/libnetfilter-log/patches/0008-include-Sync-with-current-kernel-headers.patch @@ -0,0 +1,52 @@ +From 721ea5ec049e12afdd7c182f2899ab6d92914e68 Mon Sep 17 00:00:00 2001 +From: Ken-ichirou MATSUZAWA +Date: Fri, 11 Sep 2015 12:12:11 +0900 +Subject: include: Sync with kernel headers + +Signed-off-by: Ken-ichirou MATSUZAWA +Signed-off-by: Pablo Neira Ayuso +--- + include/libnetfilter_log/linux_nfnetlink_log.h | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/include/libnetfilter_log/linux_nfnetlink_log.h b/include/libnetfilter_log/linux_nfnetlink_log.h +index 9f38277..081e7f9 100644 +--- a/include/libnetfilter_log/linux_nfnetlink_log.h ++++ b/include/libnetfilter_log/linux_nfnetlink_log.h +@@ -1,16 +1,12 @@ + #ifndef _NFNETLINK_LOG_H + #define _NFNETLINK_LOG_H + +-#ifndef aligned_u64 +-#define aligned_u64 unsigned long long __attribute__((aligned(8))) +-#endif +- + /* This file describes the netlink messages (i.e. 'protocol packets'), + * and not any kind of function definitions. It is shared between kernel and + * userspace. Don't put kernel specific stuff in here */ + + #include +-#include ++#include + + enum nfulnl_msg_types { + NFULNL_MSG_PACKET, /* packet from kernel to userspace */ +@@ -55,6 +51,8 @@ enum nfulnl_attr_type { + NFULA_HWTYPE, /* hardware type */ + NFULA_HWHEADER, /* hardware header */ + NFULA_HWLEN, /* hardware header length */ ++ NFULA_CT, /* nf_conntrack_netlink.h */ ++ NFULA_CT_INFO, /* enum ip_conntrack_info */ + + __NFULA_MAX + }; +@@ -97,5 +95,6 @@ enum nfulnl_attr_config { + + #define NFULNL_CFG_F_SEQ 0x0001 + #define NFULNL_CFG_F_SEQ_GLOBAL 0x0002 ++#define NFULNL_CFG_F_CONNTRACK 0x0004 + + #endif /* _NFNETLINK_LOG_H */ +-- +2.11.0 +