nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

treewide: switch to ebtables-tiny

Browse Source
This commit is contained in:
Matthias Schiffer 2018-04-11 13:13:59 +02:00
parent 461f93bfe4
commit 8e5abf02ae
No known key found for this signature in database
GPG Key ID: 16EF3F64CB201D9C
5 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c
View File

@ -18,7 +18,7 @@
#define BATCTL_DC "/usr/sbin/batctl dc -H -n" #define BATCTL_DC "/usr/sbin/batctl dc -H -n"
#define BATCTL_TL "/usr/sbin/batctl tl -H -n" #define BATCTL_TL "/usr/sbin/batctl tl -H -n"
#define EBTABLES "/usr/sbin/ebtables --concurrent" #define EBTABLES "/usr/sbin/ebtables-tiny"
#define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)])) #define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)]))

2
package/gluon-ebtables/Makefile
View File

@ -10,7 +10,7 @@ define Package/gluon-ebtables
SECTION:=gluon SECTION:=gluon
CATEGORY:=Gluon CATEGORY:=Gluon
TITLE:=Ebtables support TITLE:=Ebtables support
DEPENDS:=+gluon-core +ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 +kmod-ipt-core DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6
endef endef
define Package/gluon-ebtables/description define Package/gluon-ebtables/description

16
package/gluon-ebtables/files/etc/init.d/gluon-ebtables
View File

@ -7,13 +7,13 @@
# rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP
# #
# Removing all rules: # Removing all rules:
# $ ./firewall-ebtables stop # $ /etc/init.d/gluon-ebtables stop
# Inserting all rules: # Inserting all rules:
# $ ./firewall-ebtables start # $ /etc/init.d/gluon-ebtables start
# Inserting a specific rule file: # Inserting a specific rule file:
# $ ./firewall-ebtables start /lib/gluon/ebtables/100-mcast-chain # $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain
# Removing a specific rule file: # Removing a specific rule file:
# $ ./firewall-ebtables stop /lib/gluon/ebtables/100-mcast-chain # $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain
START=19 START=19
@ -51,8 +51,8 @@ exec_all() {
start() { start() {
( (
export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -A " .. command' export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command'
export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -N " .. name .. " -P " .. policy' export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy'
# Contains /var/lib/ebtables/lock for '--concurrent' # Contains /var/lib/ebtables/lock for '--concurrent'
[ ! -d "/var/lib/ebtables" ] && \ [ ! -d "/var/lib/ebtables" ] && \
@ -68,8 +68,8 @@ start() {
stop() { stop() {
( (
export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -D " .. command' export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command'
export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -X " .. name' export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name'
if [ -z "$1" ]; then if [ -z "$1" ]; then
exec_all '-r' exec_all '-r'

8
package/gluon-radv-filterd/src/gluon-radv-filterd.c
View File

@ -168,11 +168,11 @@ static void cleanup(void) {
if (G.chain) { if (G.chain) {
/* Reset chain to accept everything again */ /* Reset chain to accept everything again */
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
{ "ebtables", "--concurrent", "-F", G.chain, NULL })) { "ebtables-tiny", "-F", G.chain, NULL }))
DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
{ "ebtables", "--concurrent", "-A", G.chain, "-j", "ACCEPT", NULL })) { "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL }))
DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
} }
} }
@ -720,10 +720,10 @@ static void update_ebtables(void) {
G.best_router = router; G.best_router = router;
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
{ "ebtables", "--concurrent", "-F", G.chain, NULL })) { "ebtables-tiny", "-F", G.chain, NULL }))
error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
{ "ebtables", "--concurrent", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL })) { "ebtables-tiny", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL }))
error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain); error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain);
} }

2
package/gluon-radv-filterd/src/respondd.c
View File

@ -8,7 +8,7 @@
#include "mac.h" #include "mac.h"
static struct json_object * get_radv_filter() { static struct json_object * get_radv_filter() {
FILE *f = popen("exec ebtables --concurrent -L RADV_FILTER", "r"); FILE *f = popen("exec ebtables-tiny -L RADV_FILTER", "r");
char *line = NULL; char *line = NULL;
size_t len = 0; size_t len = 0;
struct ether_addr mac = {}; struct ether_addr mac = {};