treewide: switch to ebtables-tiny
This commit is contained in:
parent
461f93bfe4
commit
8e5abf02ae
@ -18,7 +18,7 @@
|
|||||||
|
|
||||||
#define BATCTL_DC "/usr/sbin/batctl dc -H -n"
|
#define BATCTL_DC "/usr/sbin/batctl dc -H -n"
|
||||||
#define BATCTL_TL "/usr/sbin/batctl tl -H -n"
|
#define BATCTL_TL "/usr/sbin/batctl tl -H -n"
|
||||||
#define EBTABLES "/usr/sbin/ebtables --concurrent"
|
#define EBTABLES "/usr/sbin/ebtables-tiny"
|
||||||
|
|
||||||
#define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)]))
|
#define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)]))
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ define Package/gluon-ebtables
|
|||||||
SECTION:=gluon
|
SECTION:=gluon
|
||||||
CATEGORY:=Gluon
|
CATEGORY:=Gluon
|
||||||
TITLE:=Ebtables support
|
TITLE:=Ebtables support
|
||||||
DEPENDS:=+gluon-core +ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 +kmod-ipt-core
|
DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/gluon-ebtables/description
|
define Package/gluon-ebtables/description
|
||||||
|
@ -7,13 +7,13 @@
|
|||||||
# rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP
|
# rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP
|
||||||
#
|
#
|
||||||
# Removing all rules:
|
# Removing all rules:
|
||||||
# $ ./firewall-ebtables stop
|
# $ /etc/init.d/gluon-ebtables stop
|
||||||
# Inserting all rules:
|
# Inserting all rules:
|
||||||
# $ ./firewall-ebtables start
|
# $ /etc/init.d/gluon-ebtables start
|
||||||
# Inserting a specific rule file:
|
# Inserting a specific rule file:
|
||||||
# $ ./firewall-ebtables start /lib/gluon/ebtables/100-mcast-chain
|
# $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain
|
||||||
# Removing a specific rule file:
|
# Removing a specific rule file:
|
||||||
# $ ./firewall-ebtables stop /lib/gluon/ebtables/100-mcast-chain
|
# $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain
|
||||||
|
|
||||||
|
|
||||||
START=19
|
START=19
|
||||||
@ -51,8 +51,8 @@ exec_all() {
|
|||||||
|
|
||||||
start() {
|
start() {
|
||||||
(
|
(
|
||||||
export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -A " .. command'
|
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command'
|
||||||
export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -N " .. name .. " -P " .. policy'
|
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy'
|
||||||
|
|
||||||
# Contains /var/lib/ebtables/lock for '--concurrent'
|
# Contains /var/lib/ebtables/lock for '--concurrent'
|
||||||
[ ! -d "/var/lib/ebtables" ] && \
|
[ ! -d "/var/lib/ebtables" ] && \
|
||||||
@ -68,8 +68,8 @@ start() {
|
|||||||
|
|
||||||
stop() {
|
stop() {
|
||||||
(
|
(
|
||||||
export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -D " .. command'
|
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command'
|
||||||
export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -X " .. name'
|
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name'
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
exec_all '-r'
|
exec_all '-r'
|
||||||
|
@ -168,11 +168,11 @@ static void cleanup(void) {
|
|||||||
if (G.chain) {
|
if (G.chain) {
|
||||||
/* Reset chain to accept everything again */
|
/* Reset chain to accept everything again */
|
||||||
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||||
{ "ebtables", "--concurrent", "-F", G.chain, NULL }))
|
{ "ebtables-tiny", "-F", G.chain, NULL }))
|
||||||
DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
|
DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
|
||||||
|
|
||||||
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||||
{ "ebtables", "--concurrent", "-A", G.chain, "-j", "ACCEPT", NULL }))
|
{ "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL }))
|
||||||
DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
|
DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -720,10 +720,10 @@ static void update_ebtables(void) {
|
|||||||
G.best_router = router;
|
G.best_router = router;
|
||||||
|
|
||||||
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||||
{ "ebtables", "--concurrent", "-F", G.chain, NULL }))
|
{ "ebtables-tiny", "-F", G.chain, NULL }))
|
||||||
error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
|
error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
|
||||||
else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||||
{ "ebtables", "--concurrent", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL }))
|
{ "ebtables-tiny", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL }))
|
||||||
error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain);
|
error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
#include "mac.h"
|
#include "mac.h"
|
||||||
|
|
||||||
static struct json_object * get_radv_filter() {
|
static struct json_object * get_radv_filter() {
|
||||||
FILE *f = popen("exec ebtables --concurrent -L RADV_FILTER", "r");
|
FILE *f = popen("exec ebtables-tiny -L RADV_FILTER", "r");
|
||||||
char *line = NULL;
|
char *line = NULL;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
struct ether_addr mac = {};
|
struct ether_addr mac = {};
|
||||||
|
Loading…
Reference in New Issue
Block a user