From 36673774ee3c18d90c9f497fd9b016c6cc519f8f Mon Sep 17 00:00:00 2001 From: "M. Vefa Bicakci" Date: Wed, 27 Oct 2021 11:11:07 -0400 Subject: [PATCH] iproute-5.12, iptables-1.8.4, and libnftnl-1.1.5 This commit updates iproute from 5.9 to 5.12, iptables from 1.4.21 to 1.8.4, and libnftnl from 1.0.8 to 1.1.5: - iproute 5.9 does not make use of libbpf, which causes the 'tc' utility (provided by iproute-tc) to report BTF debugging symbol-related warnings when eBPF programs are used with tc by the kernel's eBPF sample test programs, even though the programs appear to work: "BTF debug data section '.BTF' rejected: Invalid argument (22)!". - iptables 1.4.21 does not support the --object-pinned option, which is required to be able to use eBPF programs to match packets. - libnftnl >= 1.1.5 is a dependency for recent versions of iptables, and the version of libnftnl in StarlingX's CentOS 7 is 1.0.8. The versions which are used by this commit are the latest versions in CentOS 8-Stream as of this writing. Notes: - iptables software package bundles a version of ebtables different than the legacy version already included in StarlingX. The legacy version supports the broute table and the BROUTING chain and string matching, whereas the iptables version does not. The legacy version is deprecated by this commit based on feedback received from colleagues, mainly to avoid unexpected incompatibilities between ebtables-legacy and iptables' netfilter/nft-based versions. Verification: - All-in-One simplex installation and bootstrap was carried out successfully. - Installation and bootstrap was successful on two separate systems: One system consisting of 2 controller hosts, 4 compute hosts and 2 storage hosts, and another system consisting of 2 controller hosts and 2 compute hosts. - Configuration of aggregated links (after using ifenslave manually) and configuration of virtual function (VF) interfaces (also manually set up) were carried out with the iproute tools successfully as basic sanity tests. - The results of basic ebtables commands (insertion and removal of DROP rules) were observed in "ebtables -L" output and confirmed to take effect in a test bed consisting of two network namespaces connected by bridged interfaces, as a basic sanity test. - Sample eBPF test programs and scripts shipped with the v5.10 kernel were executed successfully, with the caveat that there is a need to install a recent version of LLVM to compile the eBPF test programs. (I built LLVM-13.0 from scratch.) Partial-Bug: #1949217 Depends-On: I24bb7c60e353643add5e63ae7ea7c6516d07c7bf Depends-On: I12d20797db91fecdac409b0535632ac97bd6ad47 Depends-On: If95c2d24c98cb2add5e24548bc45f505c94b4b79 Signed-off-by: M. Vefa Bicakci Change-Id: I63d557112c653d59b88ac3a4798dee0e89246612 --- centos_pkg_dirs | 2 + centos_srpms_3rdparties.lst | 4 +- ...c-Modify-Release-field-for-StarlingX.patch | 20 ++--- networking/iproute/centos/srpm_path | 2 +- networking/iptables/centos/build_srpm.data | 2 + .../iptables/centos/meta_patches/PATCH_ORDER | 2 + ...d-a-patch-for-compat.-with-older-gli.patch | 43 +++++++++++ ...c-Modify-Release-field-for-StarlingX.patch | 29 +++++++ ...s-monitor-fix-build-with-older-glibc.patch | 75 +++++++++++++++++++ networking/iptables/centos/srpm_path | 1 + networking/libnftnl/centos/build_srpm.data | 1 + .../libnftnl/centos/meta_patches/PATCH_ORDER | 1 + ...c-Modify-Release-field-for-StarlingX.patch | 27 +++++++ networking/libnftnl/centos/srpm_path | 1 + 14 files changed, 199 insertions(+), 11 deletions(-) create mode 100644 networking/iptables/centos/build_srpm.data create mode 100644 networking/iptables/centos/meta_patches/PATCH_ORDER create mode 100644 networking/iptables/centos/meta_patches/iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch create mode 100644 networking/iptables/centos/meta_patches/iptables.spec-Modify-Release-field-for-StarlingX.patch create mode 100644 networking/iptables/centos/patches/0013-xtables-monitor-fix-build-with-older-glibc.patch create mode 100644 networking/iptables/centos/srpm_path create mode 100644 networking/libnftnl/centos/build_srpm.data create mode 100644 networking/libnftnl/centos/meta_patches/PATCH_ORDER create mode 100644 networking/libnftnl/centos/meta_patches/libnftnl.spec-Modify-Release-field-for-StarlingX.patch create mode 100644 networking/libnftnl/centos/srpm_path diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 2625e74bc..80da24d65 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -97,3 +97,5 @@ gpu/gpu-operator tools/kexec-tools tools/libbpf networking/iproute +networking/iptables +networking/libnftnl diff --git a/centos_srpms_3rdparties.lst b/centos_srpms_3rdparties.lst index a23f2b1ff..b7040bde9 100644 --- a/centos_srpms_3rdparties.lst +++ b/centos_srpms_3rdparties.lst @@ -1,4 +1,6 @@ -iproute-5.9.0-4.el8.src.rpm#https://vault.centos.org/centos/8.4.2105/BaseOS/Source/SPackages/iproute-5.9.0-4.el8.src.rpm +iproute-5.12.0-4.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/iproute-5.12.0-4.el8.src.rpm +iptables-1.8.4-21.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/iptables-1.8.4-21.el8.src.rpm +libnftnl-1.1.5-4.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/libnftnl-1.1.5-4.el8.src.rpm libvirt-python-4.7.0-1.fc28.src.rpm#https://libvirt.org/sources/python/libvirt-python-4.7.0-1.fc28.src.rpm linuxptp-3.1.1-1.el8.src.rpm#http://vault.centos.org/8-stream/AppStream/Source/SPackages/linuxptp-3.1.1-1.el8.src.rpm python-daemon-2.2.3-7.el8.src.rpm#http://vault.centos.org/8.0.1905/virt/Source/ovirt-44/python-daemon-2.2.3-7.el8.src.rpm diff --git a/networking/iproute/centos/meta_patches/iproute.spec-Modify-Release-field-for-StarlingX.patch b/networking/iproute/centos/meta_patches/iproute.spec-Modify-Release-field-for-StarlingX.patch index 960e876e6..2fa53add3 100644 --- a/networking/iproute/centos/meta_patches/iproute.spec-Modify-Release-field-for-StarlingX.patch +++ b/networking/iproute/centos/meta_patches/iproute.spec-Modify-Release-field-for-StarlingX.patch @@ -1,6 +1,6 @@ -From 36bc0ef90f0b05a91728c5f8633988131af8a0af Mon Sep 17 00:00:00 2001 +From 8b090dec49da1d238ce9e6be1b4b9627707a1c2f Mon Sep 17 00:00:00 2001 From: "M. Vefa Bicakci" -Date: Fri, 22 Oct 2021 16:37:34 -0400 +Date: Wed, 27 Oct 2021 11:59:52 -0400 Subject: [PATCH] iproute.spec: Modify Release field for StarlingX This commit modifies the Release field of the iproute package's spec @@ -12,16 +12,18 @@ Signed-off-by: M. Vefa Bicakci 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/iproute.spec b/SPECS/iproute.spec -index 6ef0b529e0ce..b8f7ad1833df 100644 +index 1b5b5a719fdc..20869a9defbd 100644 --- a/SPECS/iproute.spec +++ b/SPECS/iproute.spec -@@ -1,5 +1,5 @@ - %define rpmversion 5.9.0 --%define specrelease 4%{?dist} -+%define specrelease 4%{?_tis_dist}.%{tis_patch_ver} - %define pkg_release %{specrelease}%{?buildid} - +@@ -1,7 +1,7 @@ Summary: Advanced IP routing and network device configuration tools + Name: iproute + Version: 5.12.0 +-Release: 4%{?dist}%{?buildid} ++Release: 4%{?_tis_dist}.%{tis_patch_ver}%{?buildid} + Group: Applications/System + URL: http://kernel.org/pub/linux/utils/net/%{name}2/ + Source0: http://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{version}.tar.xz -- 2.29.2 diff --git a/networking/iproute/centos/srpm_path b/networking/iproute/centos/srpm_path index 6b59d1f73..35ac27397 100644 --- a/networking/iproute/centos/srpm_path +++ b/networking/iproute/centos/srpm_path @@ -1 +1 @@ -mirror:Source/iproute-5.9.0-4.el8.src.rpm +mirror:Source/iproute-5.12.0-4.el8.src.rpm diff --git a/networking/iptables/centos/build_srpm.data b/networking/iptables/centos/build_srpm.data new file mode 100644 index 000000000..bc37bdcbe --- /dev/null +++ b/networking/iptables/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="$DISTRO/patches/*" +TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/networking/iptables/centos/meta_patches/PATCH_ORDER b/networking/iptables/centos/meta_patches/PATCH_ORDER new file mode 100644 index 000000000..82442ff73 --- /dev/null +++ b/networking/iptables/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,2 @@ +iptables.spec-Modify-Release-field-for-StarlingX.patch +iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch diff --git a/networking/iptables/centos/meta_patches/iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch b/networking/iptables/centos/meta_patches/iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch new file mode 100644 index 000000000..dd8ba8c9a --- /dev/null +++ b/networking/iptables/centos/meta_patches/iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch @@ -0,0 +1,43 @@ +From 281334baa2ea1b21abc9e70fe27980f81a19bca1 Mon Sep 17 00:00:00 2001 +From: "M. Vefa Bicakci" +Date: Wed, 27 Oct 2021 14:45:36 -0400 +Subject: [PATCH] iptables.spec: Add a patch for compat. with older glibc + +This patch avoids the following compilation failures, which according to +the description of the imported patch, occurs due to the older version +of glibc in StarlingX: + +xtables-monitor.c:406:43: error: 'const struct tcphdr' has no member named 'th_sport' + printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); + +xtables-monitor.c:406:66: error: 'const struct tcphdr' has no member named 'th_dport' + printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); + +Signed-off-by: M. Vefa Bicakci +--- + SPECS/iptables.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index cb4ac571791e..befe5ec262f1 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -32,6 +32,7 @@ Source10: ebtables-config + %if 0%{?bootstrap} + Source11: %{url}/files/%{name}-%{version_old}.tar.bz2 + Source12: 0003-extensions-format-security-fixes-in-libip-6-t_icmp.patch ++Source13: 0013-xtables-monitor-fix-build-with-older-glibc.patch + %endif + + Patch01: 0001-iptables-apply-Use-mktemp-instead-of-tempfile.patch +@@ -231,6 +232,7 @@ replacement of the legacy tool. + pushd bootstrap_ver + %{__tar} --strip-components=1 -xf %{SOURCE11} + %{__patch} -p1 <%{SOURCE12} ++%{__patch} -p1 <%{SOURCE13} + popd + %endif + +-- +2.29.2 + diff --git a/networking/iptables/centos/meta_patches/iptables.spec-Modify-Release-field-for-StarlingX.patch b/networking/iptables/centos/meta_patches/iptables.spec-Modify-Release-field-for-StarlingX.patch new file mode 100644 index 000000000..8a2001d42 --- /dev/null +++ b/networking/iptables/centos/meta_patches/iptables.spec-Modify-Release-field-for-StarlingX.patch @@ -0,0 +1,29 @@ +From b64b3b0adc9391431fad330485993981fba5303c Mon Sep 17 00:00:00 2001 +From: "M. Vefa Bicakci" +Date: Wed, 27 Oct 2021 12:30:19 -0400 +Subject: [PATCH] iptables.spec: Modify Release field for StarlingX + +This commit modifies the Release field of the iptables package's spec +file for StarlingX. + +Signed-off-by: M. Vefa Bicakci +--- + SPECS/iptables.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index 58df10b96201..cb4ac571791e 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -17,7 +17,7 @@ Name: iptables + Summary: Tools for managing Linux kernel packet filtering capabilities + URL: http://www.netfilter.org/projects/iptables + Version: 1.8.4 +-Release: 21%{?dist} ++Release: 21%{?_tis_dist}.%{tis_patch_ver} + Source: %{url}/files/%{name}-%{version}.tar.bz2 + Source1: iptables.init + Source2: iptables-config +-- +2.29.2 + diff --git a/networking/iptables/centos/patches/0013-xtables-monitor-fix-build-with-older-glibc.patch b/networking/iptables/centos/patches/0013-xtables-monitor-fix-build-with-older-glibc.patch new file mode 100644 index 000000000..5ed0d2d55 --- /dev/null +++ b/networking/iptables/centos/patches/0013-xtables-monitor-fix-build-with-older-glibc.patch @@ -0,0 +1,75 @@ +From 7c8791edac3e74f6ce0bf21f98bc820db8e55e62 Mon Sep 17 00:00:00 2001 +From: Baruch Siach +Date: Fri, 16 Nov 2018 07:23:32 +0200 +Subject: [PATCH] xtables-monitor: fix build with older glibc + +glibc older than 2.19 only expose BSD style fields of struct tcphdr when +_BSD_SOURCE is define. Current glibc however, warn that _BSD_SOURCE is +deprecated. Migrate to the GNU style of tcphdr fields to make the code +compatible with any glibc version. + +Fix the following build failure: + +xtables-monitor.c: In function 'trace_print_packet': +xtables-monitor.c:406:43: error: 'const struct tcphdr' has no member named 'th_sport' + printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); + ^ +xtables-monitor.c:406:66: error: 'const struct tcphdr' has no member named 'th_dport' + printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); + ^ +... + +Signed-off-by: Baruch Siach +Signed-off-by: Florian Westphal +--- + iptables/xtables-monitor.c | 30 ++++++++++++++---------------- + 1 file changed, 14 insertions(+), 16 deletions(-) + +diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c +index 3b1ca777a28a..5d1611122df5 100644 +--- a/iptables/xtables-monitor.c ++++ b/iptables/xtables-monitor.c +@@ -403,26 +403,24 @@ static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *arg + case IPPROTO_UDP: + if (len < 4) + break; +- printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); ++ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); + break; + case IPPROTO_TCP: + if (len < sizeof(*tcph)) + break; +- printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); +- if (tcph->th_flags & (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG)) { +- if (tcph->th_flags & TH_SYN) +- printf("SYN "); +- if (tcph->th_flags & TH_ACK) +- printf("ACK "); +- if (tcph->th_flags & TH_FIN) +- printf("FIN "); +- if (tcph->th_flags & TH_RST) +- printf("RST "); +- if (tcph->th_flags & TH_PUSH) +- printf("PSH "); +- if (tcph->th_flags & TH_URG) +- printf("URG "); +- } ++ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); ++ if (tcph->syn) ++ printf("SYN "); ++ if (tcph->ack) ++ printf("ACK "); ++ if (tcph->fin) ++ printf("FIN "); ++ if (tcph->rst) ++ printf("RST "); ++ if (tcph->psh) ++ printf("PSH "); ++ if (tcph->urg) ++ printf("URG "); + break; + default: + break; +-- +2.29.2 + diff --git a/networking/iptables/centos/srpm_path b/networking/iptables/centos/srpm_path new file mode 100644 index 000000000..59817419c --- /dev/null +++ b/networking/iptables/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/iptables-1.8.4-21.el8.src.rpm diff --git a/networking/libnftnl/centos/build_srpm.data b/networking/libnftnl/centos/build_srpm.data new file mode 100644 index 000000000..69abd61b8 --- /dev/null +++ b/networking/libnftnl/centos/build_srpm.data @@ -0,0 +1 @@ +TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/networking/libnftnl/centos/meta_patches/PATCH_ORDER b/networking/libnftnl/centos/meta_patches/PATCH_ORDER new file mode 100644 index 000000000..37890c563 --- /dev/null +++ b/networking/libnftnl/centos/meta_patches/PATCH_ORDER @@ -0,0 +1 @@ +libnftnl.spec-Modify-Release-field-for-StarlingX.patch diff --git a/networking/libnftnl/centos/meta_patches/libnftnl.spec-Modify-Release-field-for-StarlingX.patch b/networking/libnftnl/centos/meta_patches/libnftnl.spec-Modify-Release-field-for-StarlingX.patch new file mode 100644 index 000000000..f14379711 --- /dev/null +++ b/networking/libnftnl/centos/meta_patches/libnftnl.spec-Modify-Release-field-for-StarlingX.patch @@ -0,0 +1,27 @@ +From 1f7f2beb8a94133938891fdff1fdd179603dd120 Mon Sep 17 00:00:00 2001 +From: "M. Vefa Bicakci" +Date: Wed, 27 Oct 2021 13:38:14 -0400 +Subject: [PATCH] libnftnl.spec: Modify Release field for StarlingX + +This commit modifies the Release field of the libnftnl package's spec +file for StarlingX. + +Signed-off-by: M. Vefa Bicakci +--- + SPECS/libnftnl.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/libnftnl.spec b/SPECS/libnftnl.spec +index 4769895895b7..19681de0c2af 100644 +--- a/SPECS/libnftnl.spec ++++ b/SPECS/libnftnl.spec +@@ -1,5 +1,5 @@ + %define rpmversion 1.1.5 +-%define specrelease 4%{?dist} ++%define specrelease 4%{?_tis_dist}.%{tis_patch_ver} + + Name: libnftnl + Version: %{rpmversion} +-- +2.29.2 + diff --git a/networking/libnftnl/centos/srpm_path b/networking/libnftnl/centos/srpm_path new file mode 100644 index 000000000..50df41020 --- /dev/null +++ b/networking/libnftnl/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/libnftnl-1.1.5-4.el8.src.rpm