vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

T6754: Delete Jenkins build packages

Browse Source
This commit is contained in:
Viacheslav Hletenko 2024-10-02 19:02:40 +00:00
parent b672c89acb
commit 7ddfa94d74
113 changed files with 2 additions and 4966 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -33,9 +33,8 @@ There are several directories with their own purpose:
* `build/` Used for temporary files used for the build and for build artifacts
* `data/` Data required for building the ISO (e.g. boot splash/configs)
* `packages/` This directory has two meanings. First it can hold arbitrary *.deb
packages which will be embeded into the resulting ISO, but it also
holds Jenkins Pipeline definitions for required VyOS packages.
* `packages/` This directory can hold arbitrary *.deb
packages which will be embeded into the resulting ISO.
Among other things those packages will be: Linux Kernel, FRR,
Netfiler...
* `scripts/` Scripts that are used for the build process

1
packages/aws-gateway-load-balancer-tunnel-handler/.gitignore vendored
View File

@ -1 +0,0 @@
aws-gwlbtun/

33
packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile vendored
View File

@ -1,33 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def timestamp = new Date().format('yyyyMMddhhmmss')
def commit_id = 'f78058a'
def pkgList = [
['name': "aws-gwlbtun-${timestamp}-${commit_id}",
'scmCommit': commit_id,
'scmUrl': 'https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler',
'buildCmd': "../build.py --package aws-gwlbtun --version ${timestamp}-${commit_id}"],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('aws-gateway-load-balancer-tunnel-handler', pkgList, null, true, "**/packages/aws-gateway-load-balancer-tunnel-handler/**")

57
packages/aws-gateway-load-balancer-tunnel-handler/build.py
View File

@ -1,57 +0,0 @@
#!/usr/bin/env python3
from argparse import ArgumentParser
from pathlib import Path
from subprocess import run
def prepare_package() -> None:
"""Prepare a package
"""
install_file = Path('./debian/install')
install_data = 'obj-*-linux-gnu/gwlbtun usr/sbin'
install_file.touch()
install_file.write_text(install_data)
def build_package(package_name: str, package_ver: str) -> bool:
"""Build a package using commands from external file
Args:
package_name (str): package name
package_ver (str): package version
Returns:
bool: build status
"""
# prepare sources
debmake_cmd = [
'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p',
package_name, '-u', package_ver, '-t'
]
run(debmake_cmd)
prepare_package()
# build a package
run('debuild')
return True
# build a package
if __name__ == '__main__':
# prepare argument parser
arg_parser = ArgumentParser()
arg_parser.add_argument('--package',
required=True,
help='Package name to build')
arg_parser.add_argument('--version',
required=True,
help='Version for the package')
args = arg_parser.parse_args()
if not build_package(args.package, args.version):
exit(1)
exit()

1
packages/ddclient/.gitignore vendored
View File

@ -1 +0,0 @@
ddclient/

30
packages/ddclient/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2023-2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'ddclient',
'scmCommit': 'debian/3.11.2-1',
'scmUrl': 'https://salsa.debian.org/debian/ddclient',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('ddclient', pkgList, null, null, "**/packages/ddclient/**")

1
packages/dropbear/.gitignore vendored
View File

@ -1 +0,0 @@
dropbear/

30
packages/dropbear/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2022-2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'dropbear',
'scmCommit': 'debian/2022.83-1+deb12u1',
'scmUrl': 'https://salsa.debian.org/debian/dropbear.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('dropbear', pkgList, null, true, "**/packages/dropbear/**")

27
packages/dropbear/build.sh
View File

@ -1,27 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=dropbear
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
PATCH_DIR=${CWD}/patches
if [ -d $PATCH_DIR ]; then
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${patch} to main repository"
cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/
echo ${patch} >> ${SRC}/debian/patches/series
done
fi
cd ${SRC}
echo "I: Installing build dependencies"
sudo apt-get install -y libpam0g-dev
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b

61
packages/dropbear/patches/0001-Enable-PAM-support.patch
View File

@ -1,61 +0,0 @@
From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 28 May 2023 15:45:32 +0200
Subject: [PATCH] Enable PAM support
---
debian/control | 1 +
debian/rules | 2 +-
default_options.h | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/control b/debian/control
index 77ea036..b252b97 100644
--- a/debian/control
+++ b/debian/control
@@ -6,6 +6,7 @@ Build-Depends: debhelper,
debhelper-compat (= 13),
libtomcrypt-dev (>= 1.18.2~),
libtommath-dev (>= 1.2.0~),
+ libpam0g-dev,
libz-dev
Rules-Requires-Root: no
Standards-Version: 4.6.1
diff --git a/debian/rules b/debian/rules
index 7dab64c..ce11aa4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,7 +24,7 @@ endif
dh $@
override_dh_auto_configure:
- dh_auto_configure -- --disable-bundled-libtom \
+ dh_auto_configure -- --disable-bundled-libtom --enable-pam \
CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
execute_before_dh_auto_build:
diff --git a/default_options.h b/default_options.h
index 5132775..e7d274c 100644
--- a/default_options.h
+++ b/default_options.h
@@ -223,7 +223,7 @@ group1 in Dropbear server too */
/* Authentication Types - at least one required.
RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#define DROPBEAR_SVR_PASSWORD_AUTH 0
/* Note: PAM auth is quite simple and only works for PAM modules which just do
* a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -231,7 +231,7 @@ group1 in Dropbear server too */
* but there's an interface via a PAM module. It won't work for more complex
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
-#define DROPBEAR_SVR_PAM_AUTH 0
+#define DROPBEAR_SVR_PAM_AUTH 1
/* ~/.ssh/authorized_keys authentication.
* You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
--
2.30.2

1
packages/ethtool/.gitignore vendored
View File

@ -1 +0,0 @@
ethtool/

31
packages/ethtool/Jenkinsfile vendored
View File

@ -1,31 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'ethtool',
'scmCommit': 'debian/1%6.10-1',
'scmUrl': 'https://salsa.debian.org/kernel-team/ethtool',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('ethtool', pkgList, null, true, "**/packages/ethtool/**")

3
packages/frr/.gitignore vendored
View File

@ -1,3 +0,0 @@
frr/
rtrlib/
libyang/

39
packages/frr/Jenkinsfile vendored
View File

@ -1,39 +0,0 @@
// Copyright (C) 2020-2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'libyang',
'scmCommit': 'v2.1.148',
'scmUrl': 'https://github.com/CESNET/libyang.git',
'buildCmd': 'pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +'],
['name': 'rtrlib',
'scmCommit': 'v0.8.0',
'scmUrl': 'https://github.com/rtrlib/rtrlib.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'],
['name': 'frr',
'scmCommit': 'stable/9.1',
'scmUrl': 'https://github.com/FRRouting/frr.git',
'buildCmd': 'sudo dpkg -i ../*.deb; sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build-frr.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('FRRouting', pkgList, null, true, "**/packages/frr/**")

40
packages/frr/build-frr.sh
View File

@ -1,40 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
FRR_SRC=frr
if [ ! -d ${FRR_SRC} ]; then
echo "FRR source directory does not exists, please 'git clone'"
exit 1
fi
# VyOS requires some small FRR Patches - apply them here
# It's easier to habe them here and make use of the upstream
# repository instead of maintaining a full Fork.
# Saving time/resources is essential :-)
cd ${FRR_SRC}
PATCH_DIR=${CWD}/patches
if [ -d $PATCH_DIR ]; then
echo "I: Apply FRRouting patches not in main repository:"
for patch in $(ls ${PATCH_DIR})
do
if [ -z "$(git config --list | grep -e user.name -e user.email)" ]; then
# if git user.name and user.email is not set, -c sets temorary user.name and
# user.email variables as these is not set in the build container by default.
OPTS="-c user.name=VyOS-CI -c user.email=maintainers@vyos.io"
fi
git $OPTS am --committer-date-is-author-date ${PATCH_DIR}/${patch}
done
fi
echo "I: Ensure Debian build dependencies are met"
sudo apt-get -y install chrpath gawk install-info libcap-dev libjson-c-dev librtr-dev
sudo apt-get -y install libpam-dev libprotobuf-c-dev libpython3-dev:native python3-sphinx:native libsnmp-dev protobuf-c-compiler python3-dev:native texinfo lua5.3
# Build Debian FRR package
echo "I: Build Debian FRR Package"
# extract "real" git commit for FRR version identifier
dch -v "$(git describe | cut -c5-)" "VyOS build - FRR"
dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua

2
packages/hostap/.gitignore vendored
View File

@ -1,2 +0,0 @@
hostap/
wpa/

34
packages/hostap/Jenkinsfile vendored
View File

@ -1,34 +0,0 @@
// Copyright (C) 2022-2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'wpa',
'scmCommit': 'debian/2%2.10-12',
'scmUrl': 'https://salsa.debian.org/debian/wpa',
'buildCmd': '/bin/true'],
['name': 'hostap',
'scmCommit': 'e7172e26d',
'scmUrl': 'git://w1.fi/srv/git/hostap.git',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('hostap', pkgList, null, true, "**/packages/hostap/**")

38
packages/hostap/build.sh
View File

@ -1,38 +0,0 @@
#!/bin/bash
CWD=$(pwd)
set -e
SRC=hostap
SRC_DEB=wpa
if [ ! -d ${SRC} ]; then
echo "${SRC} directory does not exists, please 'git clone'"
exit 1
fi
if [ ! -d ${SRC_DEB} ]; then
echo "${SRC_DEB} directory does not exists, please 'git clone'"
exit 1
fi
echo "I: Copy Debian build instructions"
cp -a ${SRC_DEB}/debian ${SRC}
# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for
# compatibility with networks that use legacy crypto
cat > ${SRC}/debian/patches/series << EOF
allow-tlsv1.patch
allow-legacy-renegotiation.patch
EOF
# Build Debian package
cd ${SRC}
echo "I: Ensure Debian build dependencies are met"
sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb
echo "I: Create new Debian Package version"
version="$(git describe --tags | tr _ .)"
dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b
echo "I: Build Debian hostap Package"
DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \
dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb

1
packages/hsflowd/.gitignore vendored
View File

@ -1 +0,0 @@
host-sflow/

32
packages/hsflowd/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'host-sflow',
'scmCommit': 'v2.0.55-1',
'scmUrl': 'https://github.com/sflow/host-sflow.git',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('hsflowd', pkgList, null, true, "**/packages/hsflowd/**")

27
packages/hsflowd/build.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
CWD=$(pwd)
set -e
SRC=host-sflow
if [ ! -d ${SRC} ]; then
echo "source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
echo "I: Ensure Debian build dependencies are met"
sudo apt-get install -y libpcap0.8-dev
# Build hsflowd
# make deb FEATURES="NFLOG PCAP TCP DOCKER KVM OVS DBUS SYSTEMD DROPMON PSAMPLE DENT CONTAINERD"
echo "I: Build VyOS hsflowd Package"
make deb FEATURES="PCAP DROPMON DBUS"
# hsflowd builds ARM package as aarch64 extension, rename to arm64
for file in *.deb ; do mv $file ${file//aarch64/arm64} || true ; done
# Do not confuse *.deb upload logic by removing build in debian packages ...
# ugly but works
find src -name "*.deb" -type f -exec rm {} \;

1
packages/isc-dhcp/.gitignore vendored
View File

@ -1 +0,0 @@
isc-dhcp/

32
packages/isc-dhcp/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'isc-dhcp',
'scmCommit': 'debian/4.4.3-P1-4',
'scmUrl': 'https://salsa.debian.org/debian/isc-dhcp',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('isc-dhcp', pkgList, null, true, "**/packages/isc-dhcp/**")

21
packages/isc-dhcp/build.sh
View File

@ -1,21 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=isc-dhcp
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
PATCH_DIR=${CWD}/patches
for patch in $(ls ${PATCH_DIR})
do
echo "I: Copy patch: ${PATCH_DIR}/${patch}"
cp ${PATCH_DIR}/${patch} debian/patches/${patch}
echo ${patch} >> debian/patches/series
done
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b -d

248
packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch
View File

@ -1,248 +0,0 @@
From 8d9e8ace96ad9e2dba9f2d4069228dee5daf6772 Mon Sep 17 00:00:00 2001
From: Loic Poulain <loic.poulain@linaro.org>
Date: Mon, 2 Nov 2020 06:42:12 -0500
Subject: [PATCH 1/4] Add support for raw IP interface type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Under linux some devices can expose raw IP interfaces, such as WWAN
modems. In that case IP data is not encapsulated in any lower level
protocol.
dhclient does not support this currently and this patch adds support
for such pure IP interfaces.
The original patch comes from Bjørn Mork on Network-Manage mailing list:
https://mail.gnome.org/archives/networkmanager-list/2015-December/msg00044.html
---
common/bpf.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++-
common/lpf.c | 59 +++++++++++++++++++++++++++++++++++++-----------
common/packet.c | 7 ++++++
includes/dhcp.h | 1 +
4 files changed, 113 insertions(+), 14 deletions(-)
diff --git a/common/bpf.c b/common/bpf.c
index 658e5db..0c08574 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -198,6 +198,34 @@ struct bpf_insn dhcp_bpf_filter [] = {
BPF_STMT (BPF_RET + BPF_K, 0),
};
+int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn);
+
+struct bpf_insn dhcp_bpf_pureip_filter [] = {
+ /* Make sure it's a UDP packet... */
+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6),
+
+ /* Make sure this isn't a fragment... */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6),
+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0),
+
+ /* Get the IP header length... */
+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0),
+
+ /* Make sure it's to the right port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+
+ /* If we passed all the tests, ask for the whole packet. */
+ BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
+
+ /* Otherwise, drop it. */
+ BPF_STMT(BPF_RET+BPF_K, 0),
+};
+
+int dhcp_bpf_pureip_filter_len =
+ sizeof dhcp_bpf_pureip_filter / sizeof (struct bpf_insn);
+
#if defined(RELAY_PORT)
/*
* For relay port extension
@@ -235,13 +263,43 @@ struct bpf_insn dhcp_bpf_relay_filter [] = {
int dhcp_bpf_relay_filter_len =
sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn);
+
+struct bpf_insn dhcp_bpf_pureip_relay_filter [] = {
+ /* Make sure it's a UDP packet... */
+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 8),
+
+ /* Make sure this isn't a fragment... */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6),
+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 6, 0),
+
+ /* Get the IP header length... */
+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0),
+
+ /* Make sure it's to the right port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */
+
+ /* relay can have an alternative port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+
+ /* If we passed all the tests, ask for the whole packet. */
+ BPF_STMT (BPF_RET + BPF_K, (u_int)-1),
+
+ /* Otherwise, drop it. */
+ BPF_STMT (BPF_RET + BPF_K, 0),
+};
+
+int dhcp_bpf_pureip_relay_filter_len =
+ sizeof dhcp_bpf_pureip_relay_filter / sizeof (struct bpf_insn);
+
#endif
#if defined (DEC_FDDI)
struct bpf_insn *bpf_fddi_filter = NULL;
#endif
-int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn);
#if defined (HAVE_TR_SUPPORT)
struct bpf_insn dhcp_bpf_tr_filter [] = {
/* accept all token ring packets due to variable length header */
diff --git a/common/lpf.c b/common/lpf.c
index bb8822a..d8f34a4 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -177,9 +177,15 @@ void if_deregister_send (info)
extern struct sock_filter dhcp_bpf_filter [];
extern int dhcp_bpf_filter_len;
+extern struct sock_filter dhcp_bpf_pureip_filter [];
+extern int dhcp_bpf_pureip_filter_len;
+
#if defined(RELAY_PORT)
extern struct sock_filter dhcp_bpf_relay_filter [];
extern int dhcp_bpf_relay_filter_len;
+
+extern struct sock_filter dhcp_bpf_pureip_relay_filter [];
+extern int dhcp_bpf_pureip_relay_filter_len;
#endif
#if defined (HAVE_TR_SUPPORT)
@@ -249,31 +255,52 @@ void if_deregister_receive (info)
static void lpf_gen_filter_setup (info)
struct interface_info *info;
{
+ int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP;
struct sock_fprog p;
memset(&p, 0, sizeof(p));
- /* Set up the bpf filter program structure. This is defined in
- bpf.c */
- p.len = dhcp_bpf_filter_len;
- p.filter = dhcp_bpf_filter;
+ /* Set up the bpf filter program structure and patch port(s).
+ *
+ * This is defined in bpf.c, XXX changes to filter program may
+ * require changes to the insn number(s) used below! XXX
+ */
+
+ if (pure_ip) {
+ p.len = dhcp_bpf_pureip_filter_len;
+ p.filter = dhcp_bpf_pureip_filter;
+
+ /* patch port */
+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
+ } else {
+ p.len = dhcp_bpf_filter_len;
+ p.filter = dhcp_bpf_filter;
+
+ /* patch port */
+ dhcp_bpf_filter [8].k = ntohs (local_port);
+ }
- /* Patch the server port into the LPF program...
- XXX changes to filter program may require changes
- to the insn number(s) used below! XXX */
#if defined(RELAY_PORT)
- if (relay_port) {
- /*
- * If user defined relay UDP port, we need to filter
- * also on the user UDP port.
- */
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
+ if (relay_port && pure_ip) {
+ p.len = dhcp_bpf_pureip_relay_filter_len;
+ p.filter = dhcp_bpf_pureip_relay_filter;
+
+ /* patch ports */
+ dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port);
+ dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port);
+ } else if (relay_port) {
p.len = dhcp_bpf_relay_filter_len;
p.filter = dhcp_bpf_relay_filter;
+ /* patch ports */
+ dhcp_bpf_relay_filter [8].k = ntohs (local_port);
dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
}
#endif
- dhcp_bpf_filter [8].k = ntohs (local_port);
if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p,
sizeof p) < 0) {
@@ -578,6 +605,12 @@ get_hw_addr(const char *name, struct hardware *hw) {
hw->hbuf[3] = 0xbe;
hw->hbuf[4] = 0xef;
break;
+#endif
+#ifdef ARPHRD_RAWIP
+ case ARPHRD_RAWIP:
+ hw->hlen = 1;
+ hw->hbuf[0] = HTYPE_PUREIP;
+ break;
#endif
default:
log_fatal("Unsupported device type %ld for \"%s\"",
diff --git a/common/packet.c b/common/packet.c
index 49795c4..6745db7 100644
--- a/common/packet.c
+++ b/common/packet.c
@@ -119,6 +119,10 @@ void assemble_hw_header (interface, buf, bufix, to)
case HTYPE_INFINIBAND:
log_error("Attempt to assemble hw header for infiniband");
break;
+ case HTYPE_PUREIP:
+ /* Nothing to do, there is no hw header */
+ *bufix = 0;
+ break;
case HTYPE_ETHER:
default:
assemble_ethernet_header(interface, buf, bufix, to);
@@ -219,6 +223,9 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
case HTYPE_INFINIBAND:
log_error("Attempt to decode hw header for infiniband");
return (0);
+ case HTYPE_PUREIP:
+ /* Nothing to do, there is no hw header */
+ return 0;
case HTYPE_ETHER:
default:
return (decode_ethernet_header(interface, buf, bufix, from));
diff --git a/includes/dhcp.h b/includes/dhcp.h
index d519821..75be1fb 100644
--- a/includes/dhcp.h
+++ b/includes/dhcp.h
@@ -76,6 +76,7 @@ struct dhcp_packet {
#define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */
#define HTYPE_FDDI 8 /* FDDI... */
#define HTYPE_INFINIBAND 32 /* IP over Infiniband */
+#define HTYPE_PUREIP 35 /* Pure IP */
#define HTYPE_IPMP 255 /* IPMP - random hw address - there
* is no standard for this so we
* just steal a type */
--
2.39.2

170
packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch
View File

@ -1,170 +0,0 @@
From e67d1b6b4178f412084459c4cb7e54a8c0019bd2 Mon Sep 17 00:00:00 2001
From: Francis Dupont <fdupont@isc.org>
Date: Fri, 6 Nov 2020 10:46:09 +0100
Subject: [PATCH 2/4] Checkpoint: improved patch
---
common/bpf.c | 10 +++---
common/lpf.c | 89 +++++++++++++++++++++++++++++++++++-----------------
2 files changed, 65 insertions(+), 34 deletions(-)
diff --git a/common/bpf.c b/common/bpf.c
index 0c08574..30dcaa5 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -214,13 +214,13 @@ struct bpf_insn dhcp_bpf_pureip_filter [] = {
/* Make sure it's to the right port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */
/* If we passed all the tests, ask for the whole packet. */
- BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1),
/* Otherwise, drop it. */
- BPF_STMT(BPF_RET+BPF_K, 0),
+ BPF_STMT(BPF_RET + BPF_K, 0),
};
int dhcp_bpf_pureip_filter_len =
@@ -278,11 +278,11 @@ struct bpf_insn dhcp_bpf_pureip_relay_filter [] = {
/* Make sure it's to the right port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 2, 0), /* patch */
/* relay can have an alternative port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */
/* If we passed all the tests, ask for the whole packet. */
BPF_STMT (BPF_RET + BPF_K, (u_int)-1),
diff --git a/common/lpf.c b/common/lpf.c
index d8f34a4..75609f5 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -221,6 +221,9 @@ void if_register_receive (info)
lpf_tr_filter_setup (info);
else
#endif
+ if (info -> hw_address.hbuf [0] == HTYPE_PUREIP)
+ lpf_pureip_filter_setup (info);
+ else
lpf_gen_filter_setup (info);
if (!quiet_interface_discovery)
@@ -255,50 +258,78 @@ void if_deregister_receive (info)
static void lpf_gen_filter_setup (info)
struct interface_info *info;
{
- int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP;
struct sock_fprog p;
memset(&p, 0, sizeof(p));
- /* Set up the bpf filter program structure and patch port(s).
- *
- * This is defined in bpf.c, XXX changes to filter program may
- * require changes to the insn number(s) used below! XXX
- */
+ /* Set up the bpf filter program structure. This is defined in
+ bpf.c */
+ p.len = dhcp_bpf_filter_len;
+ p.filter = dhcp_bpf_filter;
+
+ dhcp_bpf_filter [8].k = ntohs (local_port);
- if (pure_ip) {
- p.len = dhcp_bpf_pureip_filter_len;
- p.filter = dhcp_bpf_pureip_filter;
+ /* Patch the server port into the LPF program...
+ XXX changes to filter program may require changes
+ to the insn number(s) used below! XXX */
+#if defined(RELAY_PORT)
+ if (relay_port) {
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
+ p.len = dhcp_bpf_relay_filter_len;
+ p.filter = dhcp_bpf_relay_filter;
- /* patch port */
- dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
- } else {
- p.len = dhcp_bpf_filter_len;
- p.filter = dhcp_bpf_filter;
+ dhcp_bpf_relay_filter [8].k = ntohs (local_port);
+ dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
+ }
+#endif
- /* patch port */
- dhcp_bpf_filter [8].k = ntohs (local_port);
+ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p,
+ sizeof p) < 0) {
+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
+ errno == EAFNOSUPPORT) {
+ log_error ("socket: %m - make sure");
+ log_error ("CONFIG_PACKET (Packet socket) %s",
+ "and CONFIG_FILTER");
+ log_error ("(Socket Filtering) are enabled %s",
+ "in your kernel");
+ log_fatal ("configuration!");
+ }
+ log_fatal ("Can't install packet filter program: %m");
}
+}
+
+static void lpf_pureip_gen_filter_setup (info)
+ struct interface_info *info;
+{
+ struct sock_fprog p;
+
+ memset(&p, 0, sizeof(p));
+
+ /* Set up the bpf filter program structure. This is defined in
+ bpf.c */
+ p.len = dhcp_bpf_pureip_filter_len;
+ p.filter = dhcp_bpf_pureip_filter;
+
+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
+ /* Patch the server port into the LPF program...
+ XXX changes to filter program may require changes
+ to the insn number(s) used below! XXX */
#if defined(RELAY_PORT)
- /*
- * If user defined relay UDP port, we need to filter
- * also on the user UDP port.
- */
- if (relay_port && pure_ip) {
+ if (relay_port) {
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
p.len = dhcp_bpf_pureip_relay_filter_len;
p.filter = dhcp_bpf_pureip_relay_filter;
- /* patch ports */
dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port);
dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port);
- } else if (relay_port) {
- p.len = dhcp_bpf_relay_filter_len;
- p.filter = dhcp_bpf_relay_filter;
-
- /* patch ports */
- dhcp_bpf_relay_filter [8].k = ntohs (local_port);
- dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
}
#endif
--
2.39.2

48
packages/isc-dhcp/patches/0003-fix-compilation-errors.patch
View File

@ -1,48 +0,0 @@
From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Tue, 23 Jan 2024 21:47:00 -0500
Subject: [PATCH 3/4] fix compilation errors
---
common/lpf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/common/lpf.c b/common/lpf.c
index 75609f5..1561d71 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *);
#endif
static void lpf_gen_filter_setup (struct interface_info *);
+static void lpf_pureip_gen_filter_setup (struct interface_info *);
void if_register_receive (info)
struct interface_info *info;
@@ -215,14 +216,13 @@ void if_register_receive (info)
}
#endif
-
#if defined (HAVE_TR_SUPPORT)
if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
lpf_tr_filter_setup (info);
else
#endif
if (info -> hw_address.hbuf [0] == HTYPE_PUREIP)
- lpf_pureip_filter_setup (info);
+ lpf_pureip_gen_filter_setup (info);
else
lpf_gen_filter_setup (info);
@@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info)
}
}
+
#if defined (HAVE_TR_SUPPORT)
static void lpf_tr_filter_setup (info)
struct interface_info *info;
--
2.39.2

29
packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch
View File

@ -1,29 +0,0 @@
From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Tue, 23 Jan 2024 22:35:54 -0500
Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type
---
common/lpf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/common/lpf.c b/common/lpf.c
index 1561d71..f7e84b1 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) {
hw->hlen = 1;
hw->hbuf[0] = HTYPE_PUREIP;
break;
+#endif
+#ifdef ARPHRD_NONE
+ case ARPHRD_NONE:
+ hw->hlen = 1;
+ hw->hbuf[0] = HTYPE_PUREIP;
+ break;
#endif
default:
log_fatal("Unsupported device type %ld for \"%s\"",
--
2.39.2

1
packages/kea/.gitignore vendored
View File

@ -1 +0,0 @@
isc-kea/

32
packages/kea/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'isc-kea',
'scmCommit': 'debian/2.4.1-1',
'scmUrl': 'https://salsa.debian.org/debian/isc-kea',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('ISC Kea', pkgList, null, true, "**/packages/kea/**")

20
packages/kea/build.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=isc-kea
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
PATCH_DIR=${CWD}/patches
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b -d

1
packages/keepalived/.gitignore vendored
View File

@ -1 +0,0 @@
keepalived/

33
packages/keepalived/Jenkinsfile vendored
View File

@ -1,33 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def package_name = 'keepalived'
def pkgList = [
['name': "${package_name}",
'scmCommit': 'debian/1%2.2.8-1',
'scmUrl': 'https://salsa.debian.org/debian/pkg-keepalived.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage("${package_name}", pkgList, null, true, "**/packages/${package_name}/**")

50
packages/keepalived/build.py
View File

@ -1,50 +0,0 @@
#!/usr/bin/env python3
from pathlib import Path
from shutil import copy as copy_file
from subprocess import run
# copy patches
def apply_deb_patches() -> None:
"""Apply patches to sources directory
"""
patches_dir = Path('../patches')
current_dir: str = Path.cwd().as_posix()
if patches_dir.exists():
patches_list = list(patches_dir.iterdir())
patches_list.sort()
Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True)
series_file = Path(f'{current_dir}/debian/patches/series')
series_data = ''
for patch_file in patches_list:
print(f'Applying patch: {patch_file.name}')
copy_file(patch_file, f'{current_dir}/debian/patches/')
if series_file.exists():
series_data: str = series_file.read_text()
series_data = f'{series_data}\n{patch_file.name}'
series_file.write_text(series_data)
def build_package() -> bool:
"""Build a package
Returns:
bool: build status
"""
build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b']
build_status: int = run(build_cmd).returncode
if build_status:
return False
return True
# build a package
if __name__ == '__main__':
apply_deb_patches()
if not build_package():
exit(1)
exit()

129
packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch
View File

@ -1,129 +0,0 @@
From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Sat, 14 Oct 2023 15:37:19 +0100
Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs
Setting arp_ignore to 1 ensures that the VMAC interface does not respond
to ARP requests for IPv4 addresses not configured on the VMAC.
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
keepalived/include/vrrp_if_config.h | 2 +-
keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++--------
keepalived/vrrp/vrrp_vmac.c | 5 ++---
3 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h
index 35465cd..c35e56e 100644
--- a/keepalived/include/vrrp_if_config.h
+++ b/keepalived/include/vrrp_if_config.h
@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*);
extern void reset_promote_secondaries(interface_t*);
#ifdef _HAVE_VRRP_VMAC_
extern void restore_rp_filter(void);
-extern void set_interface_parameters(const interface_t*, interface_t*);
+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t);
extern void reset_interface_parameters(interface_t*);
extern void link_set_ipv6(const interface_t*, bool);
#endif
diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c
index cfce7e2..fbfd34c 100644
--- a/keepalived/vrrp/vrrp_if_config.c
+++ b/keepalived/vrrp/vrrp_if_config.c
@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = {
{ 0, 0}
};
+static sysctl_opts_t vmac_sysctl_6[] = {
+ { IPV4_DEVCONF_ARP_IGNORE, 1 },
+ { 0, 0}
+};
+
#endif
#endif
@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts)
#ifdef _HAVE_VRRP_VMAC_
static inline int
-netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp)
+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl))
+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl))
return -1;
+ if (family == AF_INET6)
+ return 0;
+
/* If the underlying interface is a MACVLAN that has been moved into
* a separate network namespace from the parent, we can't access the
* parent. */
@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp)
}
static inline void
-set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
- if (netlink_set_interface_parameters(ifp, base_ifp))
+ if (netlink_set_interface_parameters(ifp, base_ifp, family))
log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname);
}
@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp)
#ifdef _HAVE_VRRP_VMAC_
static inline void
-set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
unsigned val;
set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1);
+
+ if (family == AF_INET6)
+ return;
+
set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1);
set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0);
@@ -524,15 +536,15 @@ restore_rp_filter(void)
}
void
-set_interface_parameters(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
if (all_rp_filter == UINT_MAX)
clear_rp_filter();
#ifdef _HAVE_IPV4_DEVCONF_
- set_interface_parameters_devconf(ifp, base_ifp);
+ set_interface_parameters_devconf(ifp, base_ifp, family);
#else
- set_interface_parameters_sysctl(ifp, base_ifp);
+ set_interface_parameters_sysctl(ifp, base_ifp, family);
#endif
}
diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c
index e5ff0e9..021953a 100644
--- a/keepalived/vrrp/vrrp_vmac.c
+++ b/keepalived/vrrp/vrrp_vmac.c
@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface)
if (!ifp->ifindex)
return false;
- if (vrrp->family == AF_INET && create_interface) {
+ if (create_interface) {
/* Set the necessary kernel parameters to make macvlans work for us */
-// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f
- set_interface_parameters(ifp, ifp->base_ifp);
+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family);
}
#ifdef _WITH_FIREWALL_
--
2.34.1

25
packages/linux-kernel/.gitignore vendored
View File

@ -1,25 +0,0 @@
/linux
/wireguard
/wireguard-linux-compat
/accel-ppp
/intel-qat
/linux-firmware
/vyos-drivers-intel*
/vyos-drivers-realtek*
/ovpn-dco
/nat-rtsp
/jool*
/qat*
/QAT*
*.tar.xz
/*.postinst
# Intel Driver source
i40e-*/
igb-*/
ixgbe-*/
ixgbevf-*/
vyos-intel-*/
vyos-linux-firmware*/
kernel-vars
r8152-*.tar.bz2

80
packages/linux-kernel/Jenkinsfile vendored
View File

@ -1,80 +0,0 @@
// Copyright (C) 2020-2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
// The Linux Kernel
['name': 'kernel',
'buildCmd': '''
# all scripts must be executed one level above ...
cd ..
# read the required Kernel version
KERNEL_VER=\$(cat ../../data/defaults.toml | tomlq -r .kernel_version)
gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.xz
curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.sign
xz -cd linux-${KERNEL_VER}.tar.xz | gpg2 --verify linux-${KERNEL_VER}.tar.sign -
if [ $? -ne 0 ]; then
exit 1
fi
# Unpack Kernel source
tar xf linux-${KERNEL_VER}.tar.xz
ln -s linux-${KERNEL_VER} linux
# ... Build Kernel
./build-kernel.sh
'''],
// Firmware
['name': 'linux-firmware', 'scmCommit': '20231211',
'scmUrl': 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git',
'buildCmd': 'cd ..; ./build-linux-firmware.sh'],
// Accel-PPP
['name': 'accel-ppp', 'scmCommit': '1.13.0',
'scmUrl': 'https://github.com/accel-ppp/accel-ppp.git',
'buildCmd': 'cd ..; pwd; ls -al; ./build-accel-ppp.sh'],
// Intel QAT
['name': 'qat', 'buildCmd': 'cd ..; ./build-intel-qat.sh'],
// Intel IXGBE
['name': 'ixgbe', 'buildCmd': 'cd ..; ./build-intel-ixgbe.sh'],
// Intel IXGBEVF
['name': 'ixgbevf', 'buildCmd': 'cd ..; ./build-intel-ixgbevf.sh'],
// Jool
['name': 'jool', 'buildCmd': 'cd ..; ./build-jool.py'],
// OpenVPN DCO
['name': 'ovpn-dco','scmCommit': 'v0.2.20231117',
'scmUrl': 'https://github.com/OpenVPN/ovpn-dco',
'buildCmd': 'cd ..; ./build-openvpn-dco.sh'],
// RTSP netfilter helper
['name': 'nat-rtsp', 'scmCommit': '475af0a',
'scmUrl': 'https://github.com/maru-sama/rtsp-linux.git',
'buildCmd': 'cd ..; ./build-nat-rtsp.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('Kernel', pkgList, null, true, "**/packages/linux-kernel/**")

36
packages/linux-kernel/README.md
View File

@ -1,36 +0,0 @@
# About
VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing.
This repository holds a Jenkins Pipeline which is used to build the Custom
Kernel (x86_64/amd64 at the moment) and all required out-of tree modules.
VyOS does not utilize the build in Intel Kernel drivers for its NICs as those
Kernels sometimes lack features e.g. configurable receive-side-scaling queues.
On the other hand we ship additional not mainlined features as WireGuard VPN.
## Kernel
The Kernel is build from the vanilla repositories hosted at https://git.kernel.org.
VyOS requires two additional patches to work which are stored in the patches/kernel
folder.
### Config
The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig)
which will be copied on demand during the Pipeline run into the `arch/x86/configs`i
direcotry of the Kernel source tree.
Other configurations can be added in the future easily.
### Modules
VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel
network interface card drivers). Module source code is retrieved from the
upstream repository and - when needed - patched so it can be build using this
pipeline.
In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and
Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla
repositories upgrading to new versions is very easy - only the branch/commit/tag
used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be
adjusted.

42
packages/linux-kernel/build-accel-ppp.sh
View File

@ -1,42 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
ACCEL_SRC=${CWD}/accel-ppp
if [ ! -d ${ACCEL_SRC} ]; then
echo "Accel-PPP source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
PATCH_DIR=${CWD}/patches/accel-ppp
if [ -d $PATCH_DIR ]; then
cd ${ACCEL_SRC}
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
fi
. ${KERNEL_VAR_FILE}
mkdir -p ${ACCEL_SRC}/build
cd ${ACCEL_SRC}/build
echo "I: Build Accel-PPP Debian package"
cmake -DBUILD_IPOE_DRIVER=TRUE \
-DBUILD_VLAN_MON_DRIVER=TRUE \
-DCMAKE_INSTALL_PREFIX=/usr \
-DKDIR=${KERNEL_DIR} \
-DLUA=5.3 \
-DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \
-DCPACK_TYPE=Debian12 ..
make
cpack -G DEB
# rename resulting Debian package according git description
mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb

107
packages/linux-kernel/build-intel-ixgbe.sh
View File

@ -1,107 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel ixgbe is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.20.3/ixgbe-5.20.3.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="ixgbe"
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//')
DRIVER_VERSION_EXTRA=""
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbe.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}/src
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/
echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel"
sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbe_main.c
sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbe_main.c
# See https://vyos.dev/T6155
echo "I: always enable allow_unsupported_sfp for all NICs by default"
patch -l -p1 < ../../patches/ixgbe/allow_unsupported_sfp.patch
# See https://vyos.dev/T6162
echo "I: add 1000BASE-BX support"
patch -l -p1 < ../../patches/ixgbe/add_1000base-bx_support.patch
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install
if [ "x$?" != "x0" ]; then
exit 1
fi
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

100
packages/linux-kernel/build-intel-ixgbevf.sh
View File

@ -1,100 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel ixgbevf is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/4.18.9/ixgbevf-4.18.9.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="ixgbevf"
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//')
DRIVER_VERSION_EXTRA=""
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbevf.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}/src
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/
echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel"
sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbevf_main.c
sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbevf_main.c
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install
if [ "x$?" != "x0" ]; then
exit 1
fi
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

111
packages/linux-kernel/build-intel-qat.sh
View File

@ -1,111 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel-QAT is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="QAT"
DRIVER_NAME_EXTRA="L."
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | awk -F${DRIVER_NAME_EXTRA} '{print $2}')
DRIVER_VERSION_EXTRA="-0"
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-qat.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
mkdir -p \
${DEBIAN_DIR}/lib/firmware \
${DEBIAN_DIR}/usr/sbin \
${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu \
${DEBIAN_DIR}/etc/init.d
KERNEL_SOURCE_ROOT=${KERNEL_DIR} ./configure --enable-kapi --enable-qat-lkcf
make -j $(getconf _NPROCESSORS_ONLN) all
make INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} \
qat-driver-install adf-ctl-all
if [ "x$?" != "x0" ]; then
exit 1
fi
cp quickassist/qat/fw/*.bin ${DEBIAN_DIR}/lib/firmware
cp build/*.so ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu
cp build/adf_ctl ${DEBIAN_DIR}/usr/sbin
cp quickassist/build_system/build_files/qat_service ${DEBIAN_DIR}/etc/init.d
cp build/usdm_drv.ko ${DEBIAN_DIR}/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/updates/drivers
chmod 644 ${DEBIAN_DIR}/lib/firmware/*
chmod 755 ${DEBIAN_DIR}/etc/init.d/* ${DEBIAN_DIR}/usr/local/bin/*
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION}${DRIVER_VERSION_EXTRA} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

98
packages/linux-kernel/build-jool.py
View File

@ -1,98 +0,0 @@
#!/usr/bin/env python3
from tomllib import loads as toml_loads
from requests import get
from pathlib import Path
from subprocess import run
def find_arch() -> str:
tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True)
return tmp.stdout.decode().strip()
# dependency modifier
def add_depends(package_dir: str, package_name: str,
depends: list[str]) -> None:
"""Add dependencies to a package
Args:
package_dir (str): a directory where package sources are located
package_name (str): a name of package
depends (list[str]): a list of dependencies to add
"""
depends_list: str = ', '.join(depends)
depends_line: str = f'misc:Depends={depends_list}\n'
substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars')
substvars_file.write_text(depends_line)
# find kernel version and source path
arch: str = find_arch()
defaults_file: str = Path('../../data/defaults.toml').read_text()
architecture_file: str = Path(f'../../data/architectures/{arch}.toml').read_text()
KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version')
KERNEL_FLAVOR: str = toml_loads(architecture_file).get('kernel_flavor')
KERNEL_SRC: str = Path.cwd().as_posix() + '/linux'
# define variables
PACKAGE_NAME: str = 'jool'
PACKAGE_VERSION: str = '4.1.9+bf4c7e3669'
PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}'
SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz'
SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz'
# download sources
sources_archive = Path(SOURCES_ARCHIVE)
sources_archive.write_bytes(get(SOURCES_URL).content)
# prepare sources
debmake_cmd: list[str] = [
'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p',
PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE
]
run(debmake_cmd)
# add kernel to dependencies
add_depends(PACKAGE_DIR, PACKAGE_NAME,
[f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}'])
# configure build rules
build_rules_text: str = f'''#!/usr/bin/make -f
# config
export KERNEL_DIR := {KERNEL_SRC}
PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME}
KVER := {KERNEL_VER}-{KERNEL_FLAVOR}
MODULES_DIR := extra
# main packaging script based on dh7 syntax
%:
dh $@
override_dh_clean:
dh_clean --exclude=debian/{PACKAGE_NAME}.substvars
override_dh_prep:
dh_prep --exclude=debian/{PACKAGE_NAME}.substvars
# override_dh_auto_clean:
# make -C src/mod clean
override_dh_auto_build:
dh_auto_build $@
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules
override_dh_auto_install:
dh_auto_install $@
install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko
install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko
install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko
'''
bild_rules = Path(f'{PACKAGE_DIR}/debian/rules')
bild_rules.write_text(build_rules_text)
# build a package
debuild_cmd: list[str] = ['debuild']
run(debuild_cmd, cwd=PACKAGE_DIR)

56
packages/linux-kernel/build-kernel.sh
View File

@ -1,56 +0,0 @@
#!/bin/bash
CWD=$(pwd)
KERNEL_SRC=linux
set -e
if [ ! -d ${KERNEL_SRC} ]; then
echo "Linux Kernel source directory does not exists, please 'git clone'"
exit 1
fi
echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source"
cp -rv arch/ ${KERNEL_SRC}/
cd ${KERNEL_SRC}
echo "I: clean modified files"
git reset --hard HEAD
KERNEL_VERSION=$(make kernelversion)
KERNEL_SUFFIX=-$(dpkg --print-architecture)-vyos
# VyOS requires some small Kernel Patches - apply them here
# It's easier to habe them here and make use of the upstream
# repository instead of maintaining a full Kernel Fork.
# Saving time/resources is essential :-)
PATCH_DIR=${CWD}/patches/kernel
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: make vyos_defconfig"
# Select Kernel configuration - currently there is only one
make vyos_defconfig
echo "I: Generate environment file containing Kernel variable"
cat << EOF >${CWD}/kernel-vars
#!/bin/sh
export KERNEL_VERSION=${KERNEL_VERSION}
export KERNEL_SUFFIX=${KERNEL_SUFFIX}
export KERNEL_DIR=${CWD}/${KERNEL_SRC}
EOF
echo "I: Build Debian Kernel package"
touch .scmversion
make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN)
cd $CWD
if [[ $? == 0 ]]; then
for package in $(ls linux-*.deb)
do
ln -sf linux-kernel/$package ..
done
fi

98
packages/linux-kernel/build-linux-firmware.sh
View File

@ -1,98 +0,0 @@
#!/bin/bash
# All selected drivers are then precomfiled "make drivers/foo/bar.i" and we grep for
# the magic word "UNIQUE_ID_firmware" which identifies firmware files.
CWD=$(pwd)
LINUX_SRC="linux"
LINUX_FIRMWARE="linux-firmware"
KERNEL_VAR_FILE=${CWD}/kernel-vars
if [ ! -d ${LINUX_SRC} ]; then
echo "Kernel source missing"
exit 1
fi
if [ ! -d ${LINUX_FIRMWARE} ]; then
echo "Linux firmware repository missing"
exit 1
fi
. ${KERNEL_VAR_FILE}
result=()
# Retrieve firmware blobs from source files
FW_FILES=$(find ${LINUX_SRC}/debian/linux-image/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/kernel/drivers/net -name *.ko | xargs modinfo | grep "^firmware:" | awk '{print $2}')
# Debian package will use the descriptive Git commit as version
GIT_COMMIT=$(cd ${CWD}/${LINUX_FIRMWARE}; git describe --always)
VYOS_FIRMWARE_NAME="vyos-linux-firmware"
VYOS_FIRMWARE_DIR="${VYOS_FIRMWARE_NAME}_${GIT_COMMIT}-0_all"
if [ -d ${VYOS_FIRMWARE_DIR} ]; then
# remove Debian package folder and deb file from previous runs
rm -rf ${VYOS_FIRMWARE_DIR}*
fi
mkdir -p ${VYOS_FIRMWARE_DIR}
# Install firmware files to build directory
LINUX_FIRMWARE_BUILD_DIR="${LINUX_FIRMWARE}_${GIT_COMMIT}"
if [ -d ${LINUX_FIRMWARE_BUILD_DIR} ]; then
rm -rf "${LINUX_FIRMWARE_BUILD_DIR}"
fi
mkdir -p "${LINUX_FIRMWARE_BUILD_DIR}"
(
cd ${LINUX_FIRMWARE}
./copy-firmware.sh "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}"
)
# Copy firmware file from linux firmware build directory into
# assembly folder for the vyos-firmware package
SED_REPLACE="s@${CWD}/${LINUX_FIRMWARE}/@@"
for FILE_PATTERN in ${FW_FILES}; do
find "${LINUX_FIRMWARE_BUILD_DIR}" -path "*/${FILE_PATTERN}" -print0 | while IFS= read -r -d $'\0' FILE; do
TARGET="$(echo "${FILE}" | sed "s/${LINUX_FIRMWARE_BUILD_DIR}\///g")"
TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${TARGET}")"
# If file is a symlink install the symlink target as well
if [ -h "${FILE}" ]; then
if [ ! -f "${TARGET_DIR}/$(basename "${TARGET}")" ]; then
if [ -f "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then
mkdir -p "${TARGET_DIR}"
echo "I: install firmware: ${TARGET}"
cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}"
# If file links to other folder which this script not cover. Create folder and copy together.
if [ -L "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then
REALPATH_TARGET=$(realpath --relative-to="${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}")
REALPATH_TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${REALPATH_TARGET}")"
mkdir -p "${REALPATH_TARGET_DIR}"
echo "I: install firmware: ${REALPATH_TARGET}"
cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${REALPATH_TARGET}" "${REALPATH_TARGET_DIR}"
fi
else
echo "I: firmware file not found: ${TARGET}"
fi
fi
fi
if [ -f "${FILE}" ]; then
mkdir -p "${TARGET_DIR}"
echo "I: install firmware: ${TARGET}"
cp -P "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}"
else
echo "I: firmware file not found: ${TARGET}"
fi
done
done
echo "I: Create linux-firmware package"
rm -f ${VYOS_FIRMWARE_NAME}_*.deb
fpm --input-type dir --output-type deb --name ${VYOS_FIRMWARE_NAME} \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Binary firmware for various drivers in the Linux kernel" \
--architecture all --version ${GIT_COMMIT} --deb-compression gz -C ${VYOS_FIRMWARE_DIR}
rm -rf "${LINUX_FIRMWARE_BUILD_DIR}"
rm -rf ${VYOS_FIRMWARE_DIR}

38
packages/linux-kernel/build-nat-rtsp.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
SRC=${CWD}/nat-rtsp
if [ ! -d ${SRC} ]; then
echo "nat-rtsp source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
cd ${SRC} && make KERNELDIR=$KERNEL_DIR
# Copy binary to package directory
DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
mkdir -p ${DEBIAN_DIR}
cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR}
DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst"
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
# Build Debian Package
fpm --input-type dir --output-type deb --name nat-rtsp \
--version $(git describe --tags --always) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Connection tracking and NAT support for RTSP" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--after-install ${DEBIAN_POSTINST} \
--license "GPL2" --chdir tmp
mv *.deb ..

33
packages/linux-kernel/build-openvpn-dco.sh
View File

@ -1,33 +0,0 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
SRC=${CWD}/ovpn-dco
if [ ! -d ${SRC} ]; then
echo "OpenVPN DCO source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
cd ${SRC} && make KERNEL_SRC=$KERNEL_DIR
# Copy binary to package directory
DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
mkdir -p ${DEBIAN_DIR}
cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR}
# Build Debian Package
fpm --input-type dir --output-type deb --name openvpn-dco \
--version $(git describe | sed s/^v//) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "OpenVPN Data Channel Offload" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" --chdir tmp
mv *.deb ..

1
packages/ndppd/.gitignore vendored
View File

@ -1 +0,0 @@
ndppd/

32
packages/ndppd/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2020-2021 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'ndppd',
'scmCommit': 'debian/0.2.5-6',
'scmUrl': 'https://salsa.debian.org/debian/ndppd',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('ndppd', pkgList, null, true, "**/packages/ndppd/**")

20
packages/ndppd/build.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=ndppd
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
PATCH_DIR=${CWD}/patches
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b -d

83
packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch
View File

@ -1,83 +0,0 @@
From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001
From: Henning Surmeier <me@hensur.de>
Date: Sun, 9 Jan 2022 20:35:15 +0100
Subject: [PATCH 1/2] skip route table if there is no auto rule
---
src/ndppd.cc | 3 ++-
src/rule.cc | 8 ++++++++
src/rule.h | 4 ++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/ndppd.cc b/src/ndppd.cc
index bec9656..b303721 100644
--- a/src/ndppd.cc
+++ b/src/ndppd.cc
@@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[])
t1.tv_sec = t2.tv_sec;
t1.tv_usec = t2.tv_usec;
- route::update(elapsed_time);
+ if (rule::any_auto())
+ route::update(elapsed_time);
session::update_all(elapsed_time);
}
diff --git a/src/rule.cc b/src/rule.cc
index 9e72480..a1e8376 100644
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -24,6 +24,8 @@
NDPPD_NS_BEGIN
+bool rule::_any_aut = false;
+
rule::rule()
{
}
@@ -49,6 +51,7 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
ru->_pr = pr;
ru->_addr = addr;
ru->_aut = aut;
+ _any_aut = _any_aut || aut;
logger::debug()
<< "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr
@@ -57,6 +60,11 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
return ru;
}
+bool rule::any_auto()
+{
+ return _any_aut;
+}
+
const address& rule::addr() const
{
return _addr;
diff --git a/src/rule.h b/src/rule.h
index 6663066..ca2aa36 100644
--- a/src/rule.h
+++ b/src/rule.h
@@ -42,6 +42,8 @@ public:
bool check(const address& addr) const;
+ static bool any_auto();
+
private:
weak_ptr<rule> _ptr;
@@ -53,6 +55,8 @@ private:
bool _aut;
+ static bool _any_aut;
+
rule();
};
--
2.34.1

25
packages/ndppd/patches/0002-set-vyos-version.patch
View File

@ -1,25 +0,0 @@
From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001
From: Henning Surmeier <me@hensur.de>
Date: Tue, 11 Jan 2022 13:05:47 +0100
Subject: [PATCH 2/2] set -vyos version
---
src/ndppd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ndppd.h b/src/ndppd.h
index 008726c..61ed950 100644
--- a/src/ndppd.h
+++ b/src/ndppd.h
@@ -21,7 +21,7 @@
#define NDPPD_NS_BEGIN namespace ndppd {
#define NDPPD_NS_END }
-#define NDPPD_VERSION "0.2.4"
+#define NDPPD_VERSION "0.2.5-vyos"
#include <assert.h>
--
2.34.1

1
packages/net-snmp/.gitignore vendored
View File

@ -1 +0,0 @@
net-snmp/

30
packages/net-snmp/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@circinus')_
def pkgList = [
['name': 'net-snmp',
'scmCommit': 'debian/5.9.4+dfsg-1',
'scmUrl': 'https://salsa.debian.org/debian/net-snmp',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('net-snmp', pkgList, null, true, "**/packages/net-snmp/**")

30
packages/net-snmp/build.sh
View File

@ -1,30 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=net-snmp
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
PATCH_DIR=${CWD}/patches
if [ -d $PATCH_DIR ]; then
echo "I: Apply SNMP patches not in main repository:"
for patch in $(ls ${PATCH_DIR})
do
cp ${PATCH_DIR}/${patch} debian/patches
echo ${patch} >> debian/patches/series
done
fi
echo "I: Build Debian net-snmp Package"
# We need "|| true" to fix an issue wioth the make system
#make[2]: Leaving directory '/vyos/vyos-build/packages/net-snmp/net-snmp/snmplib'
#making clean in /vyos/vyos-build/packages/net-snmp/net-snmp/agent
#make[2]: Entering directory '/vyos/vyos-build/packages/net-snmp/net-snmp/agent'
#make[2]: *** No rule to make target 'clean'. Stop.
dpkg-buildpackage -us -uc -tc -b || true

119
packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch
View File

@ -1,119 +0,0 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

3
packages/netfilter/.gitignore vendored
View File

@ -1,3 +0,0 @@
/pkg-libnftnl/
/pkg-nftables/

39
packages/netfilter/Jenkinsfile vendored
View File

@ -1,39 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
// libnftnl
['name': 'pkg-libnftnl',
'scmCommit': 'debian/1.2.6-2',
'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'],
// nftables
['name': 'pkg-nftables',
'scmCommit': 'debian/1.0.9-1',
'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git',
'buildCmd': '''sudo dpkg -i ../libnftnl*.deb;
sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends";
../build.py'''],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('Netfilter', pkgList, null, true)

55
packages/netfilter/build.py
View File

@ -1,55 +0,0 @@
#!/usr/bin/env python3
from pathlib import Path
from shutil import copy as copy_file
from subprocess import run
# copy patches
def apply_deb_patches() -> None:
"""Apply patches to sources directory
"""
package_dir: str = Path.cwd().name
current_dir: str = Path.cwd().as_posix()
patches_dir = Path(f'../patches/{package_dir}')
patches_dir_dst = Path(f'{current_dir}/debian/patches')
if not patches_dir_dst.exists():
patches_dir_dst.mkdir(parents = True)
if patches_dir.exists():
patches_list = list(patches_dir.iterdir())
patches_list.sort()
series_file = Path(f'{patches_dir_dst.as_posix()}/series')
if series_file.exists():
series_data: str = series_file.read_text()
else:
series_data = ''
for patch_file in patches_list:
print(f'Applying patch: {patch_file.name}')
copy_file(patch_file, f'{patches_dir_dst.as_posix()}')
series_data = f'{series_data}\n{patch_file.name}'
series_file.write_text(series_data)
def build_package() -> bool:
"""Build a package
Returns:
bool: build status
"""
build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b']
build_status: int = run(build_cmd).returncode
if build_status:
return False
return True
# build a package
if __name__ == '__main__':
apply_deb_patches()
if not build_package():
exit(1)
exit()

118
packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch
View File

@ -1,118 +0,0 @@
From d392ddf243dcbf8a34726c777d2c669b1e8bfa85 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 2 Nov 2023 15:34:13 +0100
Subject: meta: fix hour decoding when timezone offset is negative
Brian Davidson says:
meta hour rules don't display properly after being created when the
hour is on or after 00:00 UTC. The netlink debug looks correct for
seconds past midnight UTC, but displaying the rules looks like an
overflow or a byte order problem. I am in UTC-0400, so today, 20:00
and later exhibits the problem, while 19:00 and earlier hours are
fine.
meta.c only ever worked when the delta to UTC is positive.
We need to add in case the second counter turns negative after
offset adjustment.
Also add a test case for this.
Fixes: f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'")
Reported-by: Brian Davidson <davidson.brian@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/meta.c | 11 ++++-
.../shell/testcases/listing/dumps/meta_time.nodump | 0
tests/shell/testcases/listing/meta_time | 52 ++++++++++++++++++++++
3 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644 tests/shell/testcases/listing/dumps/meta_time.nodump
create mode 100755 tests/shell/testcases/listing/meta_time
diff --git a/src/meta.c b/src/meta.c
index b578d5e2..7846aefe 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -495,9 +495,16 @@ static void hour_type_print(const struct expr *expr, struct output_ctx *octx)
/* Obtain current tm, so that we can add tm_gmtoff */
ts = time(NULL);
- if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm))
- seconds = (seconds + cur_tm.tm_gmtoff) % SECONDS_PER_DAY;
+ if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) {
+ int32_t adj = seconds + cur_tm.tm_gmtoff;
+ if (adj < 0)
+ adj += SECONDS_PER_DAY;
+ else if (adj >= SECONDS_PER_DAY)
+ adj -= SECONDS_PER_DAY;
+
+ seconds = adj;
+ }
minutes = seconds / 60;
seconds %= 60;
hours = minutes / 60;
diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/shell/testcases/listing/meta_time b/tests/shell/testcases/listing/meta_time
new file mode 100755
index 00000000..a9761998
--- /dev/null
+++ b/tests/shell/testcases/listing/meta_time
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -e
+
+TMP1=$(mktemp)
+TMP2=$(mktemp)
+
+cleanup()
+{
+ rm -f "$TMP1"
+ rm -f "$TMP2"
+}
+
+check_decode()
+{
+ TZ=$1 $NFT list chain t c | grep meta > "$TMP2"
+ diff -u "$TMP1" "$TMP2"
+}
+
+trap cleanup EXIT
+
+$NFT -f - <<EOF
+table t {
+ chain c {
+ }
+}
+EOF
+
+for i in $(seq -w 0 23); do
+ TZ=UTC $NFT add rule t c meta hour "$i:00"-"$i:59"
+done
+
+# Check decoding in UTC, this mirrors 1:1 what should have been added.
+for i in $(seq 0 23); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+
+check_decode UTC
+
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 23 0 23 59 > "$TMP1"
+for i in $(seq 0 22); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+check_decode UTC+1
+
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 1 0 1 59 > "$TMP1"
+for i in $(seq 2 23); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 0 0 0 59 >> "$TMP1"
+
+check_decode UTC-1
--
cgit v1.2.3

1
packages/opennhrp/.gitignore vendored
View File

@ -1 +0,0 @@
opennhrp/

30
packages/opennhrp/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2021 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'opennhrp',
'scmCommit': '613277f',
'scmUrl': 'https://git.code.sf.net/p/opennhrp/code',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('opennhrp', pkgList, null, true, "**/packages/opennhrp/**")

30
packages/opennhrp/build.sh
View File

@ -1,30 +0,0 @@
#!/bin/sh
SRC=opennhrp
if [ ! -d $SRC ]; then
echo "source directory $SRC does not exist!"
echo "$ git clone https://git.code.sf.net/p/opennhrp/code opennhrp"
exit 1
fi
cd $SRC
INSTALL_DIR=debian
if [ -d $INSTALL_DIR ]; then
rm -rf $INSTALL_DIR
fi
make clean
make
install --directory debian/etc debian/usr/sbin
install --mode 0644 etc/racoon-ph1dead.sh debian/etc
install --mode 0644 etc/racoon-ph1down.sh debian/etc
install --strip --mode 0755 nhrp/opennhrp debian/usr/sbin
install --strip --mode 0755 nhrp/opennhrpctl debian/usr/sbin
# Version' field value 'v0.14-20-g613277f': version number does not start with digit
# "cut" first character from version string
fpm --input-type dir --output-type deb --name opennhrp \
--version $(git describe --always | cut -c2-) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "NBMA Next Hop Resolution Protocol daemon" \
--license "MIT" -C $INSTALL_DIR --package ..

1
packages/openvpn-otp/.gitignore vendored
View File

@ -1 +0,0 @@
openvpn-otp/

31
packages/openvpn-otp/Jenkinsfile vendored
View File

@ -1,31 +0,0 @@
// Copyright (C) 2020-2021 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'openvpn-otp',
'scmCommit': 'master',
'scmUrl': 'https://github.com/evgeny-gridasov/openvpn-otp',
'buildCmd': 'cd ..; ./build-openvpn-otp.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('openvpn-otp', pkgList, null, true, "**/packages/openvpn-otp/**")

36
packages/openvpn-otp/build-openvpn-otp.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
set -e
CWD=$(pwd)
SRC=openvpn-otp
if [ ! -d ${SRC} ]; then
echo "source directory does not exists, please 'git clone'"
exit 1
fi
for pkt in debhelper libssl-dev openvpn
do
dpkg -s $pkt 2>&1 >/dev/null
if [ $? -ne 0 ]; then
echo "Package $pkt not installed - required"
exit 1
fi
done
# Build instructions as per https://github.com/evgeny-gridasov/openvpn-otp/blob/master/README.md
cd ${SRC}
./autogen.sh
./configure --prefix=/usr
make
# install
mkdir -p usr/lib/openvpn
cp src/.libs/openvpn-otp.so usr/lib/openvpn
fpm --input-type dir --output-type deb --name openvpn-otp \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "OpenVPN OTP Authentication support." \
--depends openvpn --architecture $(dpkg --print-architecture) \
--version $(git describe --tags --always | cut -c2-) --deb-compression gz usr
cp *.deb ${CWD}

1
packages/owamp/.gitignore vendored
View File

@ -1 +0,0 @@
owamp/

32
packages/owamp/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2022 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'owamp',
'scmCommit': 'v4.4.6',
'scmUrl': 'https://github.com/perfsonar/owamp',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('owamp', pkgList, null, true, "**/packages/owamp/**")

16
packages/owamp/build.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh -x
CWD=$(pwd)
set -e
SRC=owamp
if [ ! -d ${SRC} ]; then
echo "source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
echo "I: Retrieve version information from Git"
# Build owamp-client owamp-server twamp-client twamp-server
echo "I: Build VyOS owamp Packages"
dpkg-buildpackage -us -uc -tc -b

2
packages/pam_tacplus/.gitignore vendored
View File

@ -1,2 +0,0 @@
pam_tacplus/
pam_tacplus-debian/

34
packages/pam_tacplus/Jenkinsfile vendored
View File

@ -1,34 +0,0 @@
// Copyright (C) 2022 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'pam_tacplus-debian',
'scmCommit': '50c6fd7',
'scmUrl': 'https://github.com/kravietz/pam_tacplus-debian',
'buildCmd': '/bin/true'],
['name': 'pam_tacplus',
'scmCommit': '4f91b0d',
'scmUrl': 'https://github.com/kravietz/pam_tacplus',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('pam_tacplus', pkgList, null, true, "**/packages/pam_tacplus/**")

16
packages/pam_tacplus/build.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC=pam_tacplus
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
cp -a ../pam_tacplus-debian debian
rm -f debian/compat
sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"
dpkg-buildpackage -uc -us -tc -b -d

1
packages/pmacct/.gitignore vendored
View File

@ -1 +0,0 @@
pmacct/

33
packages/pmacct/Jenkinsfile vendored
View File

@ -1,33 +0,0 @@
// Copyright (C) 2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def package_name = 'pmacct'
// "sudo apt-get remove git -y" is necessary for solving this issue https://vyos.dev/T5663
def pkgList = [
['name': "${package_name}",
'scmCommit': 'debian/1.7.7-1',
'scmUrl': 'https://salsa.debian.org/debian/pmacct.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get remove git -y; ../build.py'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage("${package_name}", pkgList, null, true, "**/packages/pmacct/**")

49
packages/pmacct/build.py
View File

@ -1,49 +0,0 @@
#!/usr/bin/env python3
from pathlib import Path
from shutil import copy as copy_file
from subprocess import run
# copy patches
def apply_deb_patches() -> None:
"""Apply patches to sources directory
"""
patches_dir = Path('../patches')
current_dir: str = Path.cwd().as_posix()
if patches_dir.exists():
patches_list = list(patches_dir.iterdir())
patches_list.sort()
series_file = Path(f'{current_dir}/debian/patches/series')
series_data = ''
for patch_file in patches_list:
print(f'Applying patch: {patch_file.name}')
copy_file(patch_file, f'{current_dir}/debian/patches/')
if series_file.exists():
series_data: str = series_file.read_text()
series_data = f'{series_data}\n{patch_file.name}'
series_file.write_text(series_data)
def build_package() -> bool:
"""Build a package
Returns:
bool: build status
"""
build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b']
build_status: int = run(build_cmd).returncode
if build_status:
return False
return True
# build a package
if __name__ == '__main__':
apply_deb_patches()
if not build_package():
exit(1)
exit()

49
packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch
View File

@ -1,49 +0,0 @@
From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001
From: Paolo Lucente <pl+github@pmacct.net>
Date: Fri, 4 Mar 2022 22:07:29 +0000
Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed
and 'flows' primitive was enabled. To address Issue #586
---
src/nl.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/nl.c b/src/nl.c
index c42689ed..6a3da94b 100644
--- a/src/nl.c
+++ b/src/nl.c
@@ -1,6 +1,6 @@
/*
pmacct (Promiscuous mode IP Accounting package)
- pmacct is Copyright (C) 2003-2021 by Paolo Lucente
+ pmacct is Copyright (C) 2003-2022 by Paolo Lucente
*/
/*
@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs)
}
}
else {
- if (pptrs->l4_proto != IPPROTO_ICMP) {
- pptrs->tlh_ptr = dummy_tlhdr;
- }
-
+ pptrs->tlh_ptr = dummy_tlhdr;
if (off < caplen) pptrs->payload_ptr = ptr;
}
@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs)
}
}
else {
- if (pptrs->l4_proto != IPPROTO_ICMPV6) {
- pptrs->tlh_ptr = dummy_tlhdr;
- }
-
+ pptrs->tlh_ptr = dummy_tlhdr;
if (off < caplen) pptrs->payload_ptr = ptr;
}
--
2.34.1

1
packages/podman/.gitignore vendored
View File

@ -1 +0,0 @@
podman/

31
packages/podman/Jenkinsfile vendored
View File

@ -1,31 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'podman',
'scmCommit': 'v4.9.5',
'scmUrl': 'https://github.com/containers/podman',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('podman', pkgList, null, true, "**/packages/podman/**")

32
packages/podman/build.sh
View File

@ -1,32 +0,0 @@
#!/bin/bash
export PATH=/opt/go/bin:$PATH
SRC=podman
if [ ! -d $SRC ]; then
echo "source directory $SRC does not exist!"
exit 1
fi
sudo apt-get install -y libseccomp-dev libgpgme-dev
cd $SRC
echo "I: installing dependencies"
make install.tools
echo "I: building podman"
make podman-release
tar xf podman-release-$(dpkg --print-architecture).tar.gz
# retrieve version number from podman archive folder: podman-v4.9.5/
# remove leading podman string
VERSION=$(ls -d podman-v* | cut -c9-)
fpm --input-type dir --output-type deb --name podman \
--version $VERSION --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Engine to run OCI-based containers in Pods" \
--depends conmon --depends crun --depends netavark --depends libgpgme11 \
--depends fuse-overlayfs --depends golang-github-containers-common \
--license "Apache License 2.0" -C podman-v$VERSION --package ..

1
packages/pyhumps/.gitignore vendored
View File

@ -1 +0,0 @@
humps/

30
packages/pyhumps/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2022 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'humps',
'scmCommit': 'v3.8.0',
'scmUrl': 'https://github.com/nficano/humps.git',
'buildCmd': 'python setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb ..'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('humps', pkgList, null, false, "**/packages/pyhumps/**")

2
packages/radvd/.gitignore vendored
View File

@ -1,2 +0,0 @@
radvd/
*.deb

30
packages/radvd/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'radvd',
'scmCommit': 'f2de4764559',
'scmUrl': 'https://github.com/radvd-project/radvd',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('radvd', pkgList, null, true, "**/packages/radvd/**")

29
packages/radvd/build.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
SRC=radvd
if [ ! -d $SRC ]; then
echo "source directory $SRC does not exist!"
echo "$ git clone https://github.com/radvd-project/radvd"
exit 1
fi
cd $SRC
INSTALL_DIR=debian
if [ -d $INSTALL_DIR ]; then
rm -rf $INSTALL_DIR
fi
./autogen.sh
./configure
make
install --directory debian/lib/systemd/system debian/usr/sbin
install --mode 0644 radvd.service debian/lib/systemd/system
install --strip --mode 0755 radvd debian/usr/sbin
# Version' field value 'v0.14-20-g613277f': version number does not start with digit
# "cut" first character from version string
fpm --input-type dir --output-type deb --name radvd \
--version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "RADVD router advertisement daemon" \
--license "RADVD" -C $INSTALL_DIR --package ..

1
packages/strongswan/.gitignore vendored
View File

@ -1 +0,0 @@
strongswan/

30
packages/strongswan/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2021-2023 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'strongswan',
'scmCommit': 'debian/5.9.11-2',
'scmUrl': 'https://salsa.debian.org/debian/strongswan.git',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('strongswan', pkgList, null, true, "**/packages/strongswan/**")

56
packages/strongswan/build.sh
View File

@ -1,56 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
# extracted build dependencies, as autogenerationg and installing them will fail :/
sudo apt-get install -y bison \
bzip2 \
debhelper-compat \
dh-apparmor \
dpkg-dev \
flex \
gperf \
libiptc-dev \
libcap-dev \
libcurl3-dev \
libgcrypt20-dev \
libgmp3-dev \
libkrb5-dev \
libldap2-dev \
libnm-dev \
libpam0g-dev \
libsqlite3-dev \
libssl-dev \
libsystemd-dev \
libtool \
libtss2-dev \
libxml2-dev \
pkg-config \
po-debconf \
systemd \
libsystemd-dev \
tzdata
SRC=strongswan
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
PATCH_DIR=${CWD}/patches
if [ -d $PATCH_DIR ]; then
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${patch} to main repository"
cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/
echo ${patch} >> ${SRC}/debian/patches/series
done
fi
cd ${SRC}
echo "I: bump version"
dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b -d

579
packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch
View File

@ -1,579 +0,0 @@
From db627ec8a8e72bc6b23dc8ab00f4e6b4f448d01c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:41:58 +0300
Subject: [PATCH 1/3] charon: add optional source and remote overrides for
initiate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This introduces support for specifying optional IKE SA specific
source and remote address for child sa initiation. This allows
to initiate wildcard connection for known address via vici.
In addition this allows impler implementation of trap-any patches
and is a prerequisite for dmvpn support.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
src/charon-cmd/cmd/cmd_connection.c | 2 +-
src/libcharon/control/controller.c | 42 +++++++++++-
src/libcharon/control/controller.h | 3 +
src/libcharon/plugins/stroke/stroke_control.c | 5 +-
src/libcharon/plugins/vici/vici_config.c | 2 +-
src/libcharon/plugins/vici/vici_control.c | 64 ++++++++++++++++---
.../processing/jobs/start_action_job.c | 2 +-
src/libcharon/sa/ike_sa_manager.c | 50 ++++++++++++++-
src/libcharon/sa/ike_sa_manager.h | 8 ++-
src/libcharon/sa/trap_manager.c | 44 +++++--------
src/swanctl/commands/initiate.c | 40 +++++++++++-
11 files changed, 215 insertions(+), 47 deletions(-)
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index 2e2cb3c..b9369a8 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
child_cfg = create_child_cfg(this, peer_cfg);
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
- controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS)
+ NULL, NULL, controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS)
{
terminate(pid);
}
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 027f48e..4ce8616 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -15,6 +15,28 @@
* for more details.
*/
+/*
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include "controller.h"
#include <sys/types.h>
@@ -107,6 +129,16 @@ struct interface_listener_t {
*/
ike_sa_t *ike_sa;
+ /**
+ * Our host hint.
+ */
+ host_t *my_host;
+
+ /**
+ * Other host hint.
+ */
+ host_t *other_host;
+
/**
* unique ID, used for various methods
*/
@@ -417,10 +449,15 @@ METHOD(job_t, initiate_execute, job_requeue_t,
ike_sa_t *ike_sa;
interface_listener_t *listener = &job->listener;
peer_cfg_t *peer_cfg = listener->peer_cfg;
+ host_t *my_host = listener->my_host;
+ host_t *other_host = listener->other_host;
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
- peer_cfg);
+ peer_cfg, my_host, other_host);
peer_cfg->destroy(peer_cfg);
+ DESTROY_IF(my_host);
+ DESTROY_IF(other_host);
+
if (!ike_sa)
{
DESTROY_IF(listener->child_cfg);
@@ -499,6 +536,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
METHOD(controller_t, initiate, status_t,
private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ host_t *my_host, host_t *other_host,
controller_cb_t callback, void *param, level_t max_level, u_int timeout,
bool limits)
{
@@ -523,6 +561,8 @@ METHOD(controller_t, initiate, status_t,
.status = FAILED,
.child_cfg = child_cfg,
.peer_cfg = peer_cfg,
+ .my_host = my_host ? my_host->clone(my_host) : NULL,
+ .other_host = other_host ? other_host->clone(other_host) : NULL,
.lock = spinlock_create(),
.options.limits = limits,
},
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
index 36a1d46..a130fbb 100644
--- a/src/libcharon/control/controller.h
+++ b/src/libcharon/control/controller.h
@@ -81,6 +81,8 @@ struct controller_t {
*
* @param peer_cfg peer_cfg to use for IKE_SA setup
* @param child_cfg optional child_cfg to set up CHILD_SA from
+ * @param my_host optional address hint for source
+ * @param other_host optional address hint for destination
* @param cb logging callback
* @param param parameter to include in each call of cb
* @param max_level maximum log level for which cb is invoked
@@ -95,6 +97,7 @@ struct controller_t {
*/
status_t (*initiate)(controller_t *this,
peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ host_t *my_host, host_t *other_host,
controller_cb_t callback, void *param,
level_t max_level, u_int timeout, bool limits);
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 2824c93..21ff6b3 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
if (msg->output_verbosity < 0)
{
charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
- NULL, NULL, 0, 0, FALSE);
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
}
else
{
@@ -117,7 +117,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
status_t status;
status = charon->controller->initiate(charon->controller,
- peer_cfg, child_cfg, (controller_cb_t)stroke_log,
+ peer_cfg, child_cfg, NULL, NULL,
+ (controller_cb_t)stroke_log,
&info, msg->output_verbosity, this->timeout, FALSE);
switch (status)
{
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 5221225..b1486e3 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -2252,7 +2252,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
charon->controller->initiate(charon->controller,
peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
- NULL, NULL, 0, 0, FALSE);
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
}
}
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index 1c236d2..811d8db 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -15,6 +15,28 @@
* for more details.
*/
+/*
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include "vici_control.h"
#include "vici_builder.h"
@@ -173,9 +195,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
CALLBACK(initiate, vici_message_t*,
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
{
+ vici_message_t* msg;
peer_cfg_t *peer_cfg = NULL;
child_cfg_t *child_cfg;
- char *child, *ike, *type, *sa;
+ host_t *my_host = NULL, *other_host = NULL;
+ char *child, *ike, *type, *sa, *my_host_str, *other_host_str;
int timeout;
bool limits;
controller_cb_t log_cb = NULL;
@@ -189,6 +213,8 @@ CALLBACK(initiate, vici_message_t*,
timeout = request->get_int(request, 0, "timeout");
limits = request->get_bool(request, FALSE, "init-limits");
log.level = request->get_int(request, 1, "loglevel");
+ my_host_str = request->get_str(request, NULL, "my-host");
+ other_host_str = request->get_str(request, NULL, "other-host");
if (!child && !ike)
{
@@ -199,31 +225,52 @@ CALLBACK(initiate, vici_message_t*,
log_cb = (controller_cb_t)log_vici;
}
+ if (my_host_str)
+ {
+ my_host = host_create_from_string(my_host_str, 0);
+ }
+ if (other_host_str)
+ {
+ other_host = host_create_from_string(other_host_str, 0);
+ }
+
+
type = child ? "CHILD_SA" : "IKE_SA";
sa = child ?: ike;
child_cfg = find_child_cfg(child, ike, &peer_cfg);
- DBG1(DBG_CFG, "vici initiate %s '%s'", type, sa);
+ DBG1(DBG_CFG, "vici initiate %s '%s', me %H, other %H, limits %d", type, sa, my_host, other_host, limits);
if (!peer_cfg)
{
- return send_reply(this, "%s config '%s' not found", type, sa);
+ msg = send_reply(this, "%s config '%s' not found", type, sa);
+ goto ret;
}
- switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
- log_cb, &log, log.level, timeout, limits))
+ switch (charon->controller->initiate(charon->controller,
+ peer_cfg, child_cfg,
+ my_host, other_host,
+ log_cb, &log, log.level, timeout, limits))
{
case SUCCESS:
- return send_reply(this, NULL);
+ msg = send_reply(this, NULL);
+ break;
case OUT_OF_RES:
- return send_reply(this, "%s '%s' not established after %dms", type,
+ msg = send_reply(this, "%s '%s' not established after %dms", type,
sa, timeout);
+ break;
case INVALID_STATE:
- return send_reply(this, "establishing %s '%s' not possible at the "
+ msg = send_reply(this, "establishing %s '%s' not possible at the "
"moment due to limits", type, sa);
+ break;
case FAILED:
default:
- return send_reply(this, "establishing %s '%s' failed", type, sa);
+ msg = send_reply(this, "establishing %s '%s' failed", type, sa);
+ break;
}
+ret:
+ if (my_host) my_host->destroy(my_host);
+ if (other_host) other_host->destroy(other_host);
+ return msg;
}
/**
diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
index 122e5ce..dec458c 100644
--- a/src/libcharon/processing/jobs/start_action_job.c
+++ b/src/libcharon/processing/jobs/start_action_job.c
@@ -84,7 +84,7 @@ METHOD(job_t, execute, job_requeue_t,
charon->controller->initiate(charon->controller,
peer_cfg->get_ref(peer_cfg),
child_cfg->get_ref(child_cfg),
- NULL, NULL, 0, 0, FALSE);
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
}
}
children->destroy(children);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index fc31c2a..51e28bc 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -16,6 +16,28 @@
* for more details.
*/
+/*
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include <string.h>
#include <inttypes.h>
@@ -1497,7 +1519,8 @@ typedef struct {
} config_entry_t;
METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
- private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg)
+ private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg,
+ host_t *my_host, host_t *other_host)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -1508,7 +1531,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
u_int segment;
int i;
- DBG2(DBG_MGR, "checkout IKE_SA by config");
+ if (my_host && my_host->get_port(my_host) == 0)
+ {
+ my_host->set_port(my_host, IKEV2_UDP_PORT);
+ }
+ if (other_host && other_host->get_port(other_host) == 0)
+ {
+ other_host->set_port(other_host, IKEV2_UDP_PORT);
+ }
+
+ DBG2(DBG_MGR, "checkout IKE_SA by config '%s', me %H, other %H",
+ peer_cfg->get_name(peer_cfg), my_host, other_host);
if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1)
{ /* IKE_SA reuse disabled by config (not possible for IKEv1) */
@@ -1566,6 +1599,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
continue;
}
+ if (my_host && !my_host->ip_equals(my_host, entry->ike_sa->get_my_host(entry->ike_sa)))
+ {
+ continue;
+ }
+ if (other_host && !other_host->ip_equals(other_host, entry->ike_sa->get_other_host(entry->ike_sa)))
+ {
+ continue;
+ }
+
current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
if (current_peer && current_peer->equals(current_peer, peer_cfg))
{
@@ -1592,6 +1634,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
{
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
checkout_new(this, ike_sa);
+ if (my_host || other_host)
+ {
+ ike_sa->update_hosts(ike_sa, my_host, other_host, TRUE);
+ }
}
}
charon->bus->set_sa(charon->bus, ike_sa);
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 004cc22..50f8246 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -123,7 +123,8 @@ struct ike_sa_manager_t {
ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message);
/**
- * Checkout an IKE_SA for initiation by a peer_config.
+ * Checkout an IKE_SA for initiation by a peer_config and optional
+ * source and remote host addresses.
*
* To initiate, a CHILD_SA may be established within an existing IKE_SA.
* This call checks for an existing IKE_SA by comparing the configuration.
@@ -136,9 +137,12 @@ struct ike_sa_manager_t {
* @note The peer_config is always set on the returned IKE_SA.
*
* @param peer_cfg configuration used to find an existing IKE_SA
+ * @param my_host source host address for wildcard peer_cfg
+ * @param other_host remote host address for wildcard peer_cfg
* @return checked out/created IKE_SA
*/
- ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg);
+ ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg,
+ host_t *my_host, host_t *other_host);
/**
* Reset initiator SPI.
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index d8d8a42..e7c906e 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void,
peer_cfg_t *peer;
child_cfg_t *child;
ike_sa_t *ike_sa;
- host_t *host;
+ host_t *host, *my_host = NULL, *other_host = NULL;
bool wildcard, ignore = FALSE;
this->lock->read_lock(this->lock);
@@ -600,37 +600,27 @@ METHOD(trap_manager_t, acquire, void,
this->lock->unlock(this->lock);
if (wildcard)
- { /* the peer config would match IKE_SAs with other peers */
- ike_sa = charon->ike_sa_manager->create_new(charon->ike_sa_manager,
- peer->get_ike_version(peer), TRUE);
- if (ike_sa)
- {
- ike_cfg_t *ike_cfg;
- uint16_t port;
- uint8_t mask;
-
- ike_sa->set_peer_cfg(ike_sa, peer);
- ike_cfg = ike_sa->get_ike_cfg(ike_sa);
-
- port = ike_cfg->get_other_port(ike_cfg);
- data->dst->to_subnet(data->dst, &host, &mask);
- host->set_port(host, port);
- ike_sa->set_other_host(ike_sa, host);
-
- port = ike_cfg->get_my_port(ike_cfg);
- data->src->to_subnet(data->src, &host, &mask);
- host->set_port(host, port);
- ike_sa->set_my_host(ike_sa, host);
-
- charon->bus->set_sa(charon->bus, ike_sa);
- }
- }
- else
{
- ike_sa = charon->ike_sa_manager->checkout_by_config(
- charon->ike_sa_manager, peer);
+ ike_cfg_t *ike_cfg;
+ uint16_t port;
+ uint8_t mask;
+
+ ike_cfg = peer->get_ike_cfg(peer);
+
+ port = ike_cfg->get_other_port(ike_cfg);
+ data->dst->to_subnet(data->dst, &other_host, &mask);
+ other_host->set_port(other_host, port);
+
+ port = ike_cfg->get_my_port(ike_cfg);
+ data->src->to_subnet(data->src, &my_host, &mask);
+ my_host->set_port(my_host, port);
}
+ ike_sa = charon->ike_sa_manager->checkout_by_config(
+ charon->ike_sa_manager, peer,
+ my_host, other_host);
peer->destroy(peer);
+ DESTROY_IF(my_host);
+ DESTROY_IF(other_host);
if (ike_sa)
{
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index e0fffb9..dcaded5 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -14,6 +14,28 @@
* for more details.
*/
+/*
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include "command.h"
#include <errno.h>
@@ -38,7 +60,7 @@ static int initiate(vici_conn_t *conn)
vici_req_t *req;
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
- char *arg, *child = NULL, *ike = NULL;
+ char *arg, *child = NULL, *ike = NULL, *my_host = NULL, *other_host = NULL;
int ret = 0, timeout = 0, level = 1;
while (TRUE)
@@ -65,6 +87,12 @@ static int initiate(vici_conn_t *conn)
case 'l':
level = atoi(arg);
continue;
+ case 'S':
+ my_host = arg;
+ continue;
+ case 'R':
+ other_host = arg;
+ continue;
case EOF:
break;
default:
@@ -88,6 +116,14 @@ static int initiate(vici_conn_t *conn)
{
vici_add_key_valuef(req, "ike", "%s", ike);
}
+ if (my_host)
+ {
+ vici_add_key_valuef(req, "my-host", "%s", my_host);
+ }
+ if (other_host)
+ {
+ vici_add_key_valuef(req, "other-host", "%s", other_host);
+ }
if (timeout)
{
vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
@@ -134,6 +170,8 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"child", 'c', 1, "initiate a CHILD_SA configuration"},
{"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"},
+ {"source", 'S', 1, "override source address"},
+ {"remote", 'R', 1, "override remote address"},
{"timeout", 't', 1, "timeout in seconds before detaching"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},

140
packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch
View File

@ -1,140 +0,0 @@
From 39d537b875e907c63a54d5de8ba6d2ea0ede4604 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:05 +0300
Subject: [PATCH 2/3] vici: send certificates for ike-sa events
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
src/libcharon/plugins/vici/vici_query.c | 50 +++++++++++++++++++++----
1 file changed, 42 insertions(+), 8 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index bacb7b101..19acc0789 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -402,7 +402,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
* List details of an IKE_SA
*/
static void list_ike(private_vici_query_t *this, vici_builder_t *b,
- ike_sa_t *ike_sa, time_t now)
+ ike_sa_t *ike_sa, time_t now, bool add_certs)
{
time_t t;
ike_sa_id_t *id;
@@ -411,6 +411,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
uint32_t if_id;
uint16_t alg, ks;
host_t *host;
+ auth_cfg_t *auth_cfg;
+ enumerator_t *enumerator;
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa));
@@ -420,11 +422,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "local-host", "%H", host);
b->add_kv(b, "local-port", "%d", host->get_port(host));
b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa));
+ if (add_certs)
+ {
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
+ if (enumerator->enumerate(enumerator, &auth_cfg))
+ {
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
+ chunk_t encoding;
+
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
+ {
+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding);
+ free(encoding.ptr);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
host = ike_sa->get_other_host(ike_sa);
b->add_kv(b, "remote-host", "%H", host);
b->add_kv(b, "remote-port", "%d", host->get_port(host));
b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa));
+ if (add_certs)
+ {
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
+ if (enumerator->enumerate(enumerator, &auth_cfg))
+ {
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
+ chunk_t encoding;
+
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
+ {
+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding);
+ free(encoding.ptr);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
eap = ike_sa->get_other_eap_id(ike_sa);
@@ -556,7 +590,7 @@ CALLBACK(list_sas, vici_message_t*,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, TRUE);
b->begin_section(b, "child-sas");
csas = ike_sa->create_child_sa_enumerator(ike_sa);
@@ -1774,7 +1808,7 @@ METHOD(listener_t, ike_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, up);
b->end_section(b);
this->dispatcher->raise_event(this->dispatcher,
@@ -1799,10 +1833,10 @@ METHOD(listener_t, ike_rekey, bool,
b = vici_builder_create();
b->begin_section(b, old->get_name(old));
b->begin_section(b, "old");
- list_ike(this, b, old, now);
+ list_ike(this, b, old, now, TRUE);
b->end_section(b);
b->begin_section(b, "new");
- list_ike(this, b, new, now);
+ list_ike(this, b, new, now, TRUE);
b->end_section(b);
b->end_section(b);
@@ -1833,7 +1867,7 @@ METHOD(listener_t, ike_update, bool,
b->add_kv(b, "remote-port", "%d", remote->get_port(remote));
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, TRUE);
b->end_section(b);
this->dispatcher->raise_event(this->dispatcher,
@@ -1863,7 +1897,7 @@ METHOD(listener_t, child_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, up);
b->begin_section(b, "child-sas");
snprintf(buf, sizeof(buf), "%s-%u", child_sa->get_name(child_sa),
@@ -1898,7 +1932,7 @@ METHOD(listener_t, child_rekey, bool,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, TRUE);
b->begin_section(b, "child-sas");
b->begin_section(b, old->get_name(old));
--
2.38.1

159
packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch
View File

@ -1,159 +0,0 @@
From df6b501ed29b838efde0f1cb1c906ab9befc7b45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:11 +0300
Subject: [PATCH 3/3] vici: add support for individual sa state changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Useful for monitoring and tracking full SA.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++
1 file changed, 105 insertions(+)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 19acc0789..e008885f7 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1774,8 +1774,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-update", reg);
+ this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg);
+ this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg);
this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-installing", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-updating", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeying", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg);
manage_command(this, "list-sas", list_sas, reg);
manage_command(this, "list-policies", list_policies, reg);
manage_command(this, "list-conns", list_conns, reg);
@@ -1876,6 +1884,45 @@ METHOD(listener_t, ike_update, bool,
return TRUE;
}
+METHOD(listener_t, ike_state_change, bool,
+ private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
+{
+ char *event;
+ vici_builder_t *b;
+ time_t now;
+
+ switch (state)
+ {
+ case IKE_ESTABLISHED:
+ event = "ike-state-established";
+ break;
+ case IKE_DESTROYING:
+ event = "ike-state-destroying";
+ break;
+ default:
+ return TRUE;
+ }
+
+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+ {
+ return TRUE;
+ }
+
+ now = time_monotonic(NULL);
+
+ b = vici_builder_create();
+ b->begin_section(b, ike_sa->get_name(ike_sa));
+ list_ike(this, b, ike_sa, now, state != IKE_DESTROYING);
+ b->begin_section(b, "child-sas");
+ b->end_section(b);
+ b->end_section(b);
+
+ this->dispatcher->raise_event(this->dispatcher,
+ event, 0, b->finalize(b));
+
+ return TRUE;
+}
+
METHOD(listener_t, child_updown, bool,
private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
{
@@ -1955,6 +2002,62 @@ METHOD(listener_t, child_rekey, bool,
return TRUE;
}
+METHOD(listener_t, child_state_change, bool,
+ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state)
+{
+ char *event;
+ vici_builder_t *b;
+ time_t now;
+
+ switch (state)
+ {
+ case CHILD_INSTALLING:
+ event = "child-state-installing";
+ break;
+ case CHILD_INSTALLED:
+ event = "child-state-installed";
+ break;
+ case CHILD_UPDATING:
+ event = "child-state-updating";
+ break;
+ case CHILD_REKEYING:
+ event = "child-state-rekeying";
+ break;
+ case CHILD_REKEYED:
+ event = "child-state-rekeyed";
+ break;
+ case CHILD_DESTROYING:
+ event = "child-state-destroying";
+ break;
+ default:
+ return TRUE;
+ }
+
+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+ {
+ return TRUE;
+ }
+
+ now = time_monotonic(NULL);
+
+ b = vici_builder_create();
+ b->begin_section(b, ike_sa->get_name(ike_sa));
+ list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING);
+ b->begin_section(b, "child-sas");
+
+ b->begin_section(b, child_sa->get_name(child_sa));
+ list_child(this, b, child_sa, now);
+ b->end_section(b);
+
+ b->end_section(b);
+ b->end_section(b);
+
+ this->dispatcher->raise_event(this->dispatcher,
+ event, 0, b->finalize(b));
+
+ return TRUE;
+}
+
METHOD(vici_query_t, destroy, void,
private_vici_query_t *this)
{
@@ -1975,8 +2078,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
.ike_update = _ike_update,
+ .ike_state_change = _ike_state_change,
.child_updown = _child_updown,
.child_rekey = _child_rekey,
+ .child_state_change = _child_state_change,
},
.destroy = _destroy,
},
--
2.38.1

115
packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch
View File

@ -1,115 +0,0 @@
From ee6c0b3ff6e3df5c7aef628621e19a813ff308ed Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 27 Dec 2022 13:36:43 +0000
Subject: [PATCH] VyOS: disable options enabled by Debian that are unused
VyOS does not implement CLI options for all options exposed by Debian.
The following options need to be disabled for the DMVPN patchset:
- mediation
- nm
In addition we have no LED, LDAP and SQL configuration knows, thus we spare
the plugins.
---
debian/libcharon-extra-plugins.install | 3 ---
debian/libstrongswan-extra-plugins.install | 3 ---
debian/rules | 11 ++++++++++-
debian/strongswan-nm.install | 2 --
4 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install
index 94fbabd88..068708ecb 100644
--- a/debian/libcharon-extra-plugins.install
+++ b/debian/libcharon-extra-plugins.install
@@ -13,7 +13,6 @@ usr/lib/ipsec/plugins/libstrongswan-error-notify.so
usr/lib/ipsec/plugins/libstrongswan-forecast.so
usr/lib/ipsec/plugins/libstrongswan-ha.so
usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so
-usr/lib/ipsec/plugins/libstrongswan-led.so
usr/lib/ipsec/plugins/libstrongswan-lookip.so
#usr/lib/ipsec/plugins/libstrongswan-medsrv.so
#usr/lib/ipsec/plugins/libstrongswan-medcli.so
@@ -36,7 +35,6 @@ usr/share/strongswan/templates/config/plugins/error-notify.conf
usr/share/strongswan/templates/config/plugins/forecast.conf
usr/share/strongswan/templates/config/plugins/ha.conf
usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf
-usr/share/strongswan/templates/config/plugins/led.conf
usr/share/strongswan/templates/config/plugins/lookip.conf
#usr/share/strongswan/templates/config/plugins/medsrv.conf
#usr/share/strongswan/templates/config/plugins/medcli.conf
@@ -60,7 +58,6 @@ etc/strongswan.d/charon/error-notify.conf
etc/strongswan.d/charon/forecast.conf
etc/strongswan.d/charon/ha.conf
etc/strongswan.d/charon/kernel-libipsec.conf
-etc/strongswan.d/charon/led.conf
etc/strongswan.d/charon/lookip.conf
#etc/strongswan.d/charon/medsrv.conf
#etc/strongswan.d/charon/medcli.conf
diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
index 2846e2155..00cd0a146 100644
--- a/debian/libstrongswan-extra-plugins.install
+++ b/debian/libstrongswan-extra-plugins.install
@@ -8,7 +8,6 @@ usr/lib/ipsec/plugins/libstrongswan-ctr.so
usr/lib/ipsec/plugins/libstrongswan-curl.so
usr/lib/ipsec/plugins/libstrongswan-curve25519.so
usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
-usr/lib/ipsec/plugins/libstrongswan-ldap.so
usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
usr/lib/ipsec/plugins/libstrongswan-tpm.so
@@ -20,7 +19,6 @@ usr/share/strongswan/templates/config/plugins/ctr.conf
usr/share/strongswan/templates/config/plugins/curl.conf
usr/share/strongswan/templates/config/plugins/curve25519.conf
usr/share/strongswan/templates/config/plugins/gcrypt.conf
-usr/share/strongswan/templates/config/plugins/ldap.conf
usr/share/strongswan/templates/config/plugins/pkcs11.conf
usr/share/strongswan/templates/config/plugins/test-vectors.conf
usr/share/strongswan/templates/config/plugins/tpm.conf
@@ -31,7 +29,6 @@ etc/strongswan.d/charon/ctr.conf
etc/strongswan.d/charon/curl.conf
etc/strongswan.d/charon/curve25519.conf
etc/strongswan.d/charon/gcrypt.conf
-etc/strongswan.d/charon/ldap.conf
etc/strongswan.d/charon/pkcs11.conf
etc/strongswan.d/charon/test-vectors.conf
etc/strongswan.d/charon/tpm.conf
diff --git a/debian/rules b/debian/rules
index 2fed1f10f..fa0d21a0c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,6 +3,15 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,-O1
#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+CONFIGUREARGS_VYOS := --disable-warnings \
+ --disable-ldap \
+ --disable-led \
+ --disable-nm \
+ --disable-mediation \
+ --disable-mysql \
+ --disable-sqlite \
+ --disable-sql
+
CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
--enable-addrblock \
--enable-agent \
@@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,)
override_dh_auto_configure:
- dh_auto_configure -- $(CONFIGUREARGS)
+ dh_auto_configure -- $(CONFIGUREARGS) $(CONFIGUREARGS_VYOS)
override_dh_auto_clean:
dh_auto_clean
diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install
index b0c05d94f..e69de29bb 100644
--- a/debian/strongswan-nm.install
+++ b/debian/strongswan-nm.install
@@ -1,2 +0,0 @@
-usr/lib/ipsec/charon-nm
-usr/share/dbus-1/system.d/nm-strongswan-service.conf
--
2.30.2

1
packages/telegraf/.gitignore vendored
View File

@ -1 +0,0 @@
telegraf/

32
packages/telegraf/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2020-2021 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
// NOTE: we can build with -d as the libbpf dependency is installed manually
// and not via a DEB package
def pkgList = [
['name': 'telegraf',
'scmCommit': 'v1.28.3',
'scmUrl': 'https://github.com/influxdata/telegraf.git',
'buildCmd': 'cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('telegraf', pkgList, null, false, "**/packages/telegraf/**")

27
packages/telegraf/build.sh
View File

@ -1,27 +0,0 @@
#!/bin/sh
CWD=$(pwd)
set -e
BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH)
SRC=telegraf
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
PLUGIN_DIR=${CWD}/plugins
echo "I: Selecting Input plugins"
cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go
echo "I: Selecting Output plugins"
cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go
echo "I: Build Debian ${BUILD_ARCH} package"
cd ${SRC}
export PATH=/opt/go/bin:$PATH
# Generate default telegraf config
go run ./cmd/telegraf config > etc/telegraf.conf
LDFLAGS=-w make "${BUILD_ARCH}.deb"

72
packages/telegraf/plugins/inputs/all/all.go
View File

@ -1,72 +0,0 @@
package all
import (
//Blank imports for plugins to register themselves
_ "github.com/influxdata/telegraf/plugins/inputs/azure_storage_queue"
_ "github.com/influxdata/telegraf/plugins/inputs/bond"
_ "github.com/influxdata/telegraf/plugins/inputs/cgroup"
_ "github.com/influxdata/telegraf/plugins/inputs/chrony"
_ "github.com/influxdata/telegraf/plugins/inputs/conntrack"
_ "github.com/influxdata/telegraf/plugins/inputs/cpu"
_ "github.com/influxdata/telegraf/plugins/inputs/disk"
_ "github.com/influxdata/telegraf/plugins/inputs/diskio"
_ "github.com/influxdata/telegraf/plugins/inputs/disque"
_ "github.com/influxdata/telegraf/plugins/inputs/dmcache"
_ "github.com/influxdata/telegraf/plugins/inputs/dns_query"
_ "github.com/influxdata/telegraf/plugins/inputs/docker"
_ "github.com/influxdata/telegraf/plugins/inputs/docker_log"
_ "github.com/influxdata/telegraf/plugins/inputs/ethtool"
_ "github.com/influxdata/telegraf/plugins/inputs/exec"
_ "github.com/influxdata/telegraf/plugins/inputs/execd"
_ "github.com/influxdata/telegraf/plugins/inputs/file"
_ "github.com/influxdata/telegraf/plugins/inputs/filecount"
_ "github.com/influxdata/telegraf/plugins/inputs/filestat"
_ "github.com/influxdata/telegraf/plugins/inputs/fireboard"
_ "github.com/influxdata/telegraf/plugins/inputs/hddtemp"
_ "github.com/influxdata/telegraf/plugins/inputs/hugepages"
_ "github.com/influxdata/telegraf/plugins/inputs/influxdb"
_ "github.com/influxdata/telegraf/plugins/inputs/influxdb_listener"
_ "github.com/influxdata/telegraf/plugins/inputs/influxdb_v2_listener"
_ "github.com/influxdata/telegraf/plugins/inputs/intel_pmu"
_ "github.com/influxdata/telegraf/plugins/inputs/intel_powerstat"
_ "github.com/influxdata/telegraf/plugins/inputs/intel_rdt"
_ "github.com/influxdata/telegraf/plugins/inputs/internal"
_ "github.com/influxdata/telegraf/plugins/inputs/internet_speed"
_ "github.com/influxdata/telegraf/plugins/inputs/interrupts"
_ "github.com/influxdata/telegraf/plugins/inputs/ipmi_sensor"
_ "github.com/influxdata/telegraf/plugins/inputs/ipset"
_ "github.com/influxdata/telegraf/plugins/inputs/iptables"
_ "github.com/influxdata/telegraf/plugins/inputs/ipvs"
_ "github.com/influxdata/telegraf/plugins/inputs/kernel"
_ "github.com/influxdata/telegraf/plugins/inputs/kernel_vmstat"
_ "github.com/influxdata/telegraf/plugins/inputs/mdstat"
_ "github.com/influxdata/telegraf/plugins/inputs/mem"
_ "github.com/influxdata/telegraf/plugins/inputs/net"
_ "github.com/influxdata/telegraf/plugins/inputs/netstat"
_ "github.com/influxdata/telegraf/plugins/inputs/nstat"
_ "github.com/influxdata/telegraf/plugins/inputs/ping"
_ "github.com/influxdata/telegraf/plugins/inputs/powerdns_recursor"
_ "github.com/influxdata/telegraf/plugins/inputs/processes"
_ "github.com/influxdata/telegraf/plugins/inputs/procstat"
_ "github.com/influxdata/telegraf/plugins/inputs/sensors"
_ "github.com/influxdata/telegraf/plugins/inputs/sflow"
_ "github.com/influxdata/telegraf/plugins/inputs/slab"
_ "github.com/influxdata/telegraf/plugins/inputs/smart"
_ "github.com/influxdata/telegraf/plugins/inputs/snmp"
_ "github.com/influxdata/telegraf/plugins/inputs/snmp_legacy"
_ "github.com/influxdata/telegraf/plugins/inputs/snmp_trap"
_ "github.com/influxdata/telegraf/plugins/inputs/socket_listener"
_ "github.com/influxdata/telegraf/plugins/inputs/socketstat"
_ "github.com/influxdata/telegraf/plugins/inputs/syslog"
_ "github.com/influxdata/telegraf/plugins/inputs/sysstat"
_ "github.com/influxdata/telegraf/plugins/inputs/system"
_ "github.com/influxdata/telegraf/plugins/inputs/systemd_units"
_ "github.com/influxdata/telegraf/plugins/inputs/tail"
_ "github.com/influxdata/telegraf/plugins/inputs/tcp_listener"
_ "github.com/influxdata/telegraf/plugins/inputs/temp"
_ "github.com/influxdata/telegraf/plugins/inputs/twemproxy"
_ "github.com/influxdata/telegraf/plugins/inputs/udp_listener"
_ "github.com/influxdata/telegraf/plugins/inputs/wireguard"
_ "github.com/influxdata/telegraf/plugins/inputs/wireless"
_ "github.com/influxdata/telegraf/plugins/inputs/x509_cert"
)

9
packages/telegraf/plugins/outputs/all/all.go
View File

@ -1,9 +0,0 @@
package all
import (
//Blank imports for plugins to register themselves
_ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer"
_ "github.com/influxdata/telegraf/plugins/outputs/http"
_ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2"
_ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client"
)

32
packages/waagent/Jenkinsfile vendored
View File

@ -1,32 +0,0 @@
// Copyright (C) 2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def package_name = 'waagent'
def pkgList = [
['name': "${package_name}",
'scmCommit': 'debian/2.9.1.1-2',
'scmUrl': 'https://salsa.debian.org/cloud-team/waagent.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get install --yes --no-install-recommends dpkg-source-gitarchive; ../build.py'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage("${package_name}", pkgList, null, false, "**/packages/waagent/**")

50
packages/waagent/build.py
View File

@ -1,50 +0,0 @@
#!/usr/bin/env python3
from pathlib import Path
from shutil import copy as copy_file
from subprocess import run
# copy patches
def apply_deb_patches() -> None:
"""Apply patches to sources directory
"""
patches_dir = Path('../patches')
current_dir: str = Path.cwd().as_posix()
if patches_dir.exists():
patches_list = list(patches_dir.iterdir())
patches_list.sort()
Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True)
series_file = Path(f'{current_dir}/debian/patches/series')
series_data = ''
for patch_file in patches_list:
print(f'Applying patch: {patch_file.name}')
copy_file(patch_file, f'{current_dir}/debian/patches/')
if series_file.exists():
series_data: str = series_file.read_text()
series_data = f'{series_data}\n{patch_file.name}'
series_file.write_text(series_data)
def build_package() -> bool:
"""Build a package
Returns:
bool: build status
"""
build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b']
build_status: int = run(build_cmd).returncode
if build_status:
return False
return True
# build a package
if __name__ == '__main__':
apply_deb_patches()
if not build_package():
exit(1)
exit()

1
packages/wide-dhcpv6/.gitignore vendored
View File

@ -1 +0,0 @@
wide-dhcpv6/

30
packages/wide-dhcpv6/Jenkinsfile vendored
View File

@ -1,30 +0,0 @@
// Copyright (C) 2020-2021 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
def pkgList = [
['name': 'wide-dhcpv6',
'scmCommit': 'debian/20080615-23',
'scmUrl': 'https://salsa.debian.org/debian/wide-dhcpv6',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]
// Start package build using library function from https://github.com/vyos/vyos-build
buildPackage('wide-dhcpv6', pkgList, null, true, "**/packages/wide-dhcpv6/**")

Some files were not shown because too many files have changed in this diff Show More