diff options
| author | Martin Willi <martin@revosec.ch> | 2013-03-22 11:33:51 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-03-26 10:31:29 +0100 |
| commit | c59f3dcb68c0dc136f779db0374520e22166bed4 (patch) | |
| tree | 2f9f5e0e90a5de7f23773acaeb3db05a5554d426 | |
| parent | b5f3c1f7854994dc2d26aba7e9eaf50fef6f7033 (diff) | |
| download | strongswan-c59f3dcb68c0dc136f779db0374520e22166bed4.tar.bz2 strongswan-c59f3dcb68c0dc136f779db0374520e22166bed4.tar.xz | |
Use new strongSwan HA kernel patchset keeping iptables ABI
Allows us to install stock debian iptables without the need for patching and
compiling our own.
| -rwxr-xr-x | testing/scripts/build-baseimage | 3 | ||||
| -rw-r--r-- | testing/scripts/recipes/004_iptables.mk | 37 | ||||
| -rw-r--r-- | testing/scripts/recipes/patches/iptables-xfrm-hooks | 61 | ||||
| -rw-r--r-- | testing/testing.conf | 2 |
4 files changed, 2 insertions, 101 deletions
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index 8bafc58ae..c426f0af5 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -20,7 +20,6 @@ INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev INC=$INC,libalog0.4.1-base-dev,hostapd SERVICES="apache2 dbus isc-dhcp-server slapd bind9" INC=$INC,${SERVICES// /,} -EXC=iptables CACHEDIR=$BUILDDIR/cache APTCACHE=$LOOPDIR/var/cache/apt/archives @@ -67,7 +66,7 @@ execute "mount -o bind $CACHEDIR $APTCACHE" do_on_exit graceful_umount $APTCACHE log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)" -execute "debootstrap --arch=$BASEIMGARCH --include=$INC --exclude $EXC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR" +execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR" execute "mount -t proc none $LOOPDIR/proc" do_on_exit graceful_umount $LOOPDIR/proc diff --git a/testing/scripts/recipes/004_iptables.mk b/testing/scripts/recipes/004_iptables.mk deleted file mode 100644 index 51200201a..000000000 --- a/testing/scripts/recipes/004_iptables.mk +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/make - -PV = 1.4.16.3 -PKG = iptables-$(PV) -TAR = $(PKG).tar.bz2 -SRC = http://www.netfilter.org/projects/iptables/files/$(TAR) - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = - -PATCHES = \ - iptables-xfrm-hooks - -all: install - -$(TAR): - wget $(SRC) - -.$(PKG)-unpacked: $(TAR) - tar xfj $(TAR) - @touch $@ - -.$(PKG)-patches-applied: .$(PKG)-unpacked - cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 - @touch $@ - -.$(PKG)-configured: .$(PKG)-patches-applied - cd $(PKG) && ./configure $(CONFIG_OPTS) - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG) && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG) && make install diff --git a/testing/scripts/recipes/patches/iptables-xfrm-hooks b/testing/scripts/recipes/patches/iptables-xfrm-hooks deleted file mode 100644 index baa4a65c1..000000000 --- a/testing/scripts/recipes/patches/iptables-xfrm-hooks +++ /dev/null @@ -1,61 +0,0 @@ -From 4553ba0130bb9f0aa266cc1e4c3288a52f34eed6 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Wed, 7 Apr 2010 11:40:15 +0200 -Subject: [PATCH] Added XFRM hooks to iptables headers - ---- - include/linux/netfilter.h | 2 ++ - include/linux/netfilter_ipv4.h | 6 +++++- - include/linux/netfilter_ipv6.h | 6 +++++- - 3 files changed, 12 insertions(+), 2 deletions(-) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index 2eb00b6..b692c67 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -35,6 +35,8 @@ enum nf_inet_hooks { - NF_INET_FORWARD, - NF_INET_LOCAL_OUT, - NF_INET_POST_ROUTING, -+ NF_INET_XFRM_IN, -+ NF_INET_XFRM_OUT, - NF_INET_NUMHOOKS - }; - -diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h -index 4d7ba3e..28d3ca9 100644 ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -47,7 +47,11 @@ - #define NF_IP_LOCAL_OUT 3 - /* Packets about to hit the wire. */ - #define NF_IP_POST_ROUTING 4 --#define NF_IP_NUMHOOKS 5 -+/* Packets going into XFRM input transformation. */ -+#define NF_IP_XFRM_IN 5 -+/* Packets going into XFRM output transformation. */ -+#define NF_IP_XFRM_OUT 6 -+#define NF_IP_NUMHOOKS 7 - - enum nf_ip_hook_priorities { - NF_IP_PRI_FIRST = INT_MIN, -diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h -index 7430b39..18590a5 100644 ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -51,7 +51,11 @@ - #define NF_IP6_LOCAL_OUT 3 - /* Packets about to hit the wire. */ - #define NF_IP6_POST_ROUTING 4 --#define NF_IP6_NUMHOOKS 5 -+/* Packets going into XFRM input transformation. */ -+#define NF_IP6_XFRM_IN 5 -+/* Packets going into XFRM output transformation. */ -+#define NF_IP6_XFRM_OUT 6 -+#define NF_IP6_NUMHOOKS 7 - - - enum nf_ip6_hook_priorities { --- -1.6.3.3 - diff --git a/testing/testing.conf b/testing/testing.conf index e3bc5650c..7929dba3a 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -22,7 +22,7 @@ KERNELVERSION=3.8.1 KERNEL=linux-$KERNELVERSION KERNELTARBALL=$KERNEL.tar.bz2 KERNELCONFIG=$DIR/../config/kernel/config-3.8 -KERNELPATCH=ha-3.8.patch.bz2 +KERNELPATCH=ha-3.8-abicompat.patch.bz2 # strongSwan version used in tests SWANVERSION=5.0.3 |