From: Joe MacDonald <Joe_MacDonald@mentor.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: Re: [meta-networking][PATCH] ebtables: fix for sysvinit and systemd
Date: Tue, 21 Oct 2014 14:13:05 -0400 [thread overview]
Message-ID: <20141021181304.GA18243@mentor.com> (raw)
In-Reply-To: <1411971857-31420-1-git-send-email-Qi.Chen@windriver.com>
[-- Attachment #1: Type: text/plain, Size: 13887 bytes --]
Merged, thanks.
-J.
[[oe] [meta-networking][PATCH] ebtables: fix for sysvinit and systemd] On 14.09.29 (Mon 14:24) Qi.Chen@windriver.com wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> The solution mainly references Fedora20.
> Extract the common part of the code and install it into ${sbindir}.
> Add systemd service file.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> .../ebtables/ebtables-2.0.10-4/ebtables.common | 163 ++++++++++++++++++++
> .../ebtables/ebtables-2.0.10-4/ebtables.init | 162 +------------------
> .../ebtables/ebtables-2.0.10-4/ebtables.service | 11 ++
> .../recipes-filter/ebtables/ebtables_2.0.10-4.bb | 22 ++-
> 4 files changed, 192 insertions(+), 166 deletions(-)
> create mode 100644 meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common
> create mode 100644 meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service
>
> diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common
> new file mode 100644
> index 0000000..640025d
> --- /dev/null
> +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common
> @@ -0,0 +1,163 @@
> +#!/bin/sh
> +
> +[ -x /sbin/ebtables ] || exit 1
> +
> +EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
> +
> +RETVAL=0
> +prog="ebtables"
> +desc="Ethernet bridge filtering"
> +umask 0077
> +
> +#default configuration
> +EBTABLES_MODULES_UNLOAD="yes"
> +EBTABLES_LOAD_ON_START="no"
> +EBTABLES_SAVE_ON_STOP="no"
> +EBTABLES_SAVE_ON_RESTART="no"
> +EBTABLES_SAVE_COUNTER="no"
> +EBTABLES_BACKUP_SUFFIX="~"
> +
> +config=/etc/default/$prog
> +[ -f "$config" ] && . "$config"
> +
> +function get_supported_tables() {
> + EBTABLES_SUPPORTED_TABLES=
> + /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
> + if [ $? -eq 0 ]; then
> + echo "Error: insufficient privileges to access the ebtables rulesets."
> + exit 1
> + fi
> + for table in filter nat broute; do
> + /sbin/ebtables -t $table -L &> /dev/null
> + if [ $? -eq 0 ]; then
> + EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
> + fi
> + done
> +}
> +
> +function load() {
> + RETVAL=0
> + get_supported_tables
> + echo -n "Restoring ebtables rulesets: "
> + for table in $EBTABLES_SUPPORTED_TABLES; do
> + echo -n "$table "
> + if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
> + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
> + RET=$?
> + if [ $RET -ne 0 ]; then
> + echo -n "(failed) "
> + RETVAL=$RET
> + fi
> + else
> + echo -n "(no saved state) "
> + fi
> + done
> + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> + echo -n "no kernel support. "
> + else
> + echo -n "done. "
> + fi
> + if [ $RETVAL -eq 0 ]; then
> + echo "ok"
> + else
> + echo "fail"
> + fi
> +}
> +
> +function clear() {
> + RETVAL=0
> + get_supported_tables
> + echo -n "Clearing ebtables rulesets: "
> + for table in $EBTABLES_SUPPORTED_TABLES; do
> + echo -n "$table "
> + /sbin/ebtables -t $table --init-table
> + done
> +
> + if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
> + for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
> + rmmod $mod 2> /dev/null
> + done
> + fi
> + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> + echo -n "no kernel support. "
> + else
> + echo -n "done. "
> + fi
> + if [ $RETVAL -eq 0 ]; then
> + echo "ok"
> + else
> + echo "fail"
> + fi
> +}
> +
> +function save() {
> + RETVAL=0
> + get_supported_tables
> + echo -n "Saving ebtables rulesets: "
> + for table in $EBTABLES_SUPPORTED_TABLES; do
> + echo -n "$table "
> + [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
> + mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
> + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
> + RET=$?
> + if [ $RET -ne 0 ]; then
> + echo -n "(failed) "
> + RETVAL=$RET
> + else
> + if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
> + /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
> + fi
> + fi
> + done
> + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> + echo -n "no kernel support. "
> + else
> + echo -n "done. "
> + fi
> + if [ $RETVAL -eq 0 ]; then
> + echo "ok"
> + else
> + echo "fail"
> + fi
> +}
> +
> +case "$1" in
> + start)
> + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> + ;;
> + stop)
> + [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
> + clear
> + ;;
> + restart|reload|force-reload)
> + [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
> + clear
> + [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> + ;;
> + load)
> + load
> + ;;
> + save)
> + save
> + ;;
> + status)
> + get_supported_tables
> + if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> + echo "No kernel support for ebtables."
> + RETVAL=1
> + else
> + echo -n "Ebtables support available, number of installed rules: "
> + for table in $EBTABLES_SUPPORTED_TABLES; do
> + COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
> + echo -n "$table($COUNT) "
> + done
> + echo ok
> + RETVAL=0
> + fi
> + ;;
> + *)
> + echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
> + RETVAL=1
> +esac
> +
> +exit $RETVAL
> diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init
> index 0044e98..c9a77a2 100755
> --- a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init
> +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.init
> @@ -23,164 +23,4 @@
> # Description: Saves and restores the state of the ebtables rulesets.
> ### END INIT INFO
>
> -[ -x /sbin/ebtables ] || exit 1
> -
> -EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
> -
> -RETVAL=0
> -prog="ebtables"
> -desc="Ethernet bridge filtering"
> -umask 0077
> -
> -#default configuration
> -EBTABLES_MODULES_UNLOAD="yes"
> -EBTABLES_LOAD_ON_START="no"
> -EBTABLES_SAVE_ON_STOP="no"
> -EBTABLES_SAVE_ON_RESTART="no"
> -EBTABLES_SAVE_COUNTER="no"
> -EBTABLES_BACKUP_SUFFIX="~"
> -
> -config=/etc/default/$prog
> -[ -f "$config" ] && . "$config"
> -
> -function get_supported_tables() {
> - EBTABLES_SUPPORTED_TABLES=
> - /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
> - if [ $? -eq 0 ]; then
> - echo "Error: insufficient privileges to access the ebtables rulesets."
> - exit 1
> - fi
> - for table in filter nat broute; do
> - /sbin/ebtables -t $table -L &> /dev/null
> - if [ $? -eq 0 ]; then
> - EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
> - fi
> - done
> -}
> -
> -function load() {
> - RETVAL=0
> - get_supported_tables
> - echo -n "Restoring ebtables rulesets: "
> - for table in $EBTABLES_SUPPORTED_TABLES; do
> - echo -n "$table "
> - if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
> - /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
> - RET=$?
> - if [ $RET -ne 0 ]; then
> - echo -n "(failed) "
> - RETVAL=$RET
> - fi
> - else
> - echo -n "(no saved state) "
> - fi
> - done
> - if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> - echo -n "no kernel support. "
> - else
> - echo -n "done. "
> - fi
> - if [ $RETVAL -eq 0 ]; then
> - echo "ok"
> - else
> - echo "fail"
> - fi
> -}
> -
> -function clear() {
> - RETVAL=0
> - get_supported_tables
> - echo -n "Clearing ebtables rulesets: "
> - for table in $EBTABLES_SUPPORTED_TABLES; do
> - echo -n "$table "
> - /sbin/ebtables -t $table --init-table
> - done
> -
> - if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
> - for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
> - rmmod $mod 2> /dev/null
> - done
> - fi
> - if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> - echo -n "no kernel support. "
> - else
> - echo -n "done. "
> - fi
> - if [ $RETVAL -eq 0 ]; then
> - echo "ok"
> - else
> - echo "fail"
> - fi
> -}
> -
> -function save() {
> - RETVAL=0
> - get_supported_tables
> - echo -n "Saving ebtables rulesets: "
> - for table in $EBTABLES_SUPPORTED_TABLES; do
> - echo -n "$table "
> - [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
> - mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
> - /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
> - RET=$?
> - if [ $RET -ne 0 ]; then
> - echo -n "(failed) "
> - RETVAL=$RET
> - else
> - if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
> - /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
> - fi
> - fi
> - done
> - if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> - echo -n "no kernel support. "
> - else
> - echo -n "done. "
> - fi
> - if [ $RETVAL -eq 0 ]; then
> - echo "ok"
> - else
> - echo "fail"
> - fi
> -}
> -
> -case "$1" in
> - start)
> - [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> - ;;
> - stop)
> - [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
> - clear
> - ;;
> - restart|reload|force-reload)
> - [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
> - clear
> - [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> - ;;
> - load)
> - load
> - ;;
> - save)
> - save
> - ;;
> - status)
> - get_supported_tables
> - if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> - echo "No kernel support for ebtables."
> - RETVAL=1
> - else
> - echo -n "Ebtables support available, number of installed rules: "
> - for table in $EBTABLES_SUPPORTED_TABLES; do
> - COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
> - echo -n "$table($COUNT) "
> - done
> - echo ok
> - RETVAL=0
> - fi
> - ;;
> - *)
> - echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
> - RETVAL=1
> -esac
> -
> -exit $RETVAL
> +/usr/sbin/ebtables.common $1
> diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service
> new file mode 100644
> index 0000000..3abd1fe
> --- /dev/null
> +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.service
> @@ -0,0 +1,11 @@
> +[Unit]
> +Description=Ethernet Bridge Filtering Tables
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=@SBINDIR@/ebtables.common start
> +ExecStop=@SBINDIR@/ebtables.common stop
> +
> +[Install]
> +WantedBy=multi-user.target
> diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb
> index 9222b2d..32cfc75 100644
> --- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb
> +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb
> @@ -15,6 +15,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \
> file://installnonroot.patch \
> file://01debian_defaultconfig.patch \
> file://ebtables.init \
> + file://ebtables.common \
> + file://ebtables.service \
> file://no-as-needed.patch \
> "
>
> @@ -23,7 +25,7 @@ SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9
>
> S = "${WORKDIR}/ebtables-v${PV}"
>
> -inherit update-rc.d
> +inherit update-rc.d systemd
>
> EXTRA_OEMAKE = " \
> BINDIR=${base_sbindir} \
> @@ -39,21 +41,29 @@ EXTRA_OEMAKE = " \
> "
>
> do_install () {
> + install -d ${D}${sbindir}
> + install -m 0755 ${WORKDIR}/ebtables.common ${D}${sbindir}/ebtables.common
> + # Fix hardcoded paths in scripts
> + sed -i 's!/sbin/!${base_sbindir}/!g' ${D}${sbindir}/ebtables.common
> + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sbindir}/ebtables.common
> +
> install -d ${D}${sysconfdir}/init.d
> install -d ${D}${sysconfdir}/default
> install -d ${D}${sysconfdir}/ebtables
> oe_runmake DESTDIR='${D}' install
> install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables
> mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables
> -
> - # Fix hardcoded paths in scripts
> - sed -i 's!/sbin/!${base_sbindir}/!g' ${D}/${sysconfdir}/init.d/ebtables
> - sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/ebtables
> + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ebtables
>
> # The script ebtables-save refernces perl in exec_prefix, so
> # move it to sbindir to avoid QA issue
> install -d ${D}/${sbindir}
> mv ${D}/${base_sbindir}/ebtables-save ${D}/${sbindir}
> +
> + # Install systemd service files
> + install -d ${D}${systemd_unitdir}/system
> + install -m 0644 ${WORKDIR}/ebtables.service ${D}${systemd_unitdir}/system
> + sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/ebtables.service
> }
>
> CONFFILES_${PN} += "${sysconfdir}/default/ebtables"
> @@ -61,5 +71,7 @@ CONFFILES_${PN} += "${sysconfdir}/default/ebtables"
> INITSCRIPT_NAME = "ebtables"
> INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ."
>
> +SYSTEMD_SERVICE_${PN} = "ebtables.service"
> +
> FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug"
> FILES_${PN} += "${base_libdir}/ebtables/*.so"
> --
> 1.7.9.5
>
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 501 bytes --]
prev parent reply other threads:[~2014-10-21 18:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 6:24 [meta-networking][PATCH] ebtables: fix for sysvinit and systemd Qi.Chen
2014-10-21 18:13 ` Joe MacDonald [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141021181304.GA18243@mentor.com \
--to=joe_macdonald@mentor.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.