[Buildroot] [PATCH] package/iptables: add nf_log.h

Markus Mayer mmayer at broadcom.com
Thu Jun 30 21:21:00 UTC 2022 

On Thu, 16 Jun 2022 at 16:23, Markus Mayer <mmayer at broadcom.com> wrote:
>
> iptables generally bundles the netfilter header files inside its own
> tar-ball.
>
> Since iptables 1.8.8, it started to make use of netfilter/nf_log.h, but
> didn't include it in the iptables tar-ball. This can lead to build
> failures.
>
> Add a patch that rectifies this for iptables 1.8.8.

This change has now been accepted upstream.

https://git.netfilter.org/iptables/commit/?id=9ea7e6aa638d0dfa14613f6f97e6dc06c857e609

Since there isn't an iptables 1.8.9 yet, would it be possible to
accept the patch below into Buildroot for now, until the next iptables
release becomes available?

Thanks,
-Markus

> Signed-off-by: Markus Mayer <mmayer at broadcom.com>
> ---
>  .../0001-netfilter-add-nf_log.h.patch         | 37 +++++++++++++++++++
>  1 file changed, 37 insertions(+)
>  create mode 100644 package/iptables/0001-netfilter-add-nf_log.h.patch
>
> diff --git a/package/iptables/0001-netfilter-add-nf_log.h.patch b/package/iptables/0001-netfilter-add-nf_log.h.patch
> new file mode 100644
> index 000000000000..c014c45931e9
> --- /dev/null
> +++ b/package/iptables/0001-netfilter-add-nf_log.h.patch
> @@ -0,0 +1,37 @@
> +From 15ea3fa147dea25d8cae3c2ac417142f2e0f029e Mon Sep 17 00:00:00 2001
> +From: Markus Mayer <mmayer at broadcom.com>
> +To: Netfilter Mailing List <netfilter-devel at vger.kernel.org>
> +Date: Thu, 16 Jun 2022 15:29:58 -0700
> +Subject: [PATCH] netfilter: add nf_log.h
> +
> +Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should
> +be bundled alongside the other netfilter kernel headers.
> +
> +This copy of nf_log.h was taken from Linux 5.18.
> +
> +Signed-off-by: Markus Mayer <mmayer at broadcom.com>
> +---
> +diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
> +new file mode 100644
> +index 000000000000..2ae00932d3d2
> +--- /dev/null
> ++++ b/include/linux/netfilter/nf_log.h
> +@@ -0,0 +1,15 @@
> ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> ++#ifndef _NETFILTER_NF_LOG_H
> ++#define _NETFILTER_NF_LOG_H
> ++
> ++#define NF_LOG_TCPSEQ         0x01    /* Log TCP sequence numbers */
> ++#define NF_LOG_TCPOPT         0x02    /* Log TCP options */
> ++#define NF_LOG_IPOPT          0x04    /* Log IP options */
> ++#define NF_LOG_UID            0x08    /* Log UID owning local socket */
> ++#define NF_LOG_NFLOG          0x10    /* Unsupported, don't reuse */
> ++#define NF_LOG_MACDECODE      0x20    /* Decode MAC header */
> ++#define NF_LOG_MASK           0x2f
> ++
> ++#define NF_LOG_PREFIXLEN      128
> ++
> ++#endif /* _NETFILTER_NF_LOG_H */
> +--
> +2.25.1
> +
> --
> 2.25.1
>

More information about the buildroot mailing list