From patchwork Mon Oct 19 12:22:40 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas De Schampheleire <patrickdepinguin@gmail.com>
X-Patchwork-Id: 532267
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 69BAC1402C4
	for <incoming@patchwork.ozlabs.org>;
	Mon, 19 Oct 2015 23:23:10 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=ka55E0rP;
	dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id ADBE38AA18;
	Mon, 19 Oct 2015 12:23:09 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id V9zCOwE9p4Yu; Mon, 19 Oct 2015 12:23:08 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 2A1328A997;
	Mon, 19 Oct 2015 12:23:08 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id 5E4BF1C11B7
	for <buildroot@lists.busybox.net>;
	Mon, 19 Oct 2015 12:23:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 5B16F31C40
	for <buildroot@lists.busybox.net>;
	Mon, 19 Oct 2015 12:23:02 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ori-GfAfWO5H for <buildroot@lists.busybox.net>;
	Mon, 19 Oct 2015 12:23:01 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com
	[209.85.212.169])
	by silver.osuosl.org (Postfix) with ESMTPS id A7A50264E2
	for <buildroot@buildroot.org>; Mon, 19 Oct 2015 12:23:00 +0000 (UTC)
Received: by wikq8 with SMTP id q8so3119954wik.1
	for <buildroot@buildroot.org>; Mon, 19 Oct 2015 05:22:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=j7N7BfwDh6zg9dt5Yk9NBwOiEpl1dOz7CzFM4X7XlCw=;
	b=ka55E0rPm/bBf2xgeOA3UZ9AwjbqcusmASdqfKKujK53yBpff95ZkzZWCTumTFTcQT
	+IfF+GnOHMSispN5wGFrx8JvZiLFUPacC4GB9UGufyEtcx7NUA5ghTUgtNXWsDDMMeuK
	l6brGbOM39bU0i2hzzjAlD0SABug9IOLfuDcq5nv1BOPALDNyo95Whq5/hXB17G+wgvn
	sAODHLVr1tsd75pB9/sMyTeYavoYne3XPJptsI22x6T8P7ZenckxLaqbQWgItjH18RjN
	PcMNlyOf00CRKxmc15ailCtcMQJ5JDjL6u49sZcSoDqqf3HklZxnyfP8Rh7a4+DNAFCE
	hIkg==
X-Received: by 10.180.188.47 with SMTP id fx15mr19881703wic.41.1445257379102;
	Mon, 19 Oct 2015 05:22:59 -0700 (PDT)
Received: from devws164.be.alcatel-lucent.com (alc112.alcatel.be.
	[195.207.101.112]) by smtp.gmail.com with ESMTPSA id
	pl7sm14819566wic.4.2015.10.19.05.22.56
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 19 Oct 2015 05:22:56 -0700 (PDT)
From: Thomas De Schampheleire <patrickdepinguin@gmail.com>
To: buildroot@buildroot.org
Date: Mon, 19 Oct 2015 14:22:40 +0200
Message-Id: <1445257360-31923-1-git-send-email-patrickdepinguin@gmail.com>
X-Mailer: git-send-email 1.9.5
Cc: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Subject: [Buildroot] [PATCH] iptables: add upstream patch fixing the message
	'connlabel.conf not found'
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

From: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>

In iptables versions 1.4.20 and 1.4.21, any call to iptables
would generate a message

    cannot open connlabel.conf, not registering 'connlabel' match: No
        such file or directory

This problem was reported at [1] and subsequently fixed with commit [2], but
no upstream release has been made since. This patch imports the fix into
Buildroot, awaiting a new release of iptables.

[1] http://marc.info/?l=netfilter-devel&m=140990442432002&w=2
[2] http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
---
 .../iptables/0006-fix-connlabel-conf-warning.patch | 72 ++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 package/iptables/0006-fix-connlabel-conf-warning.patch

diff --git a/package/iptables/0006-fix-connlabel-conf-warning.patch b/package/iptables/0006-fix-connlabel-conf-warning.patch
new file mode 100644
index 0000000..872dcb1
--- /dev/null
+++ b/package/iptables/0006-fix-connlabel-conf-warning.patch
@@ -0,0 +1,72 @@
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: extensions: libxt_connlabel: do not open config file from _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'.  Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+[Thomas De Schampheleire: import unchanged into Buildroot]
+Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
++++ b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ 	XTOPT_TABLEEND,
+ };
+ 
++/* cannot do this via _init, else static builds might spew error message
++ * for every iptables invocation.
++ */
++static void connlabel_open(void)
++{
++	if (map)
++		return;
++
++	map = nfct_labelmap_new(NULL);
++	if (!map && errno)
++		xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
++			strerror(errno));
++}
++
+ static void connlabel_mt_parse(struct xt_option_call *cb)
+ {
+ 	struct xt_connlabel_mtinfo *info = cb->data;
+ 	int tmp;
+ 
++	connlabel_open();
+ 	xtables_option_parse(cb);
+ 
+ 	switch (cb->entry->id) {
+@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
+ 
+ static const char *connlabel_get_name(int b)
+ {
+-	const char *name = nfct_labelmap_get_name(map, b);
++	const char *name;
++
++	connlabel_open();
++
++	name = nfct_labelmap_get_name(map, b);
+ 	if (name && strcmp(name, ""))
+ 		return name;
+ 	return NULL;
+@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
+ 
+ void _init(void)
+ {
+-	map = nfct_labelmap_new(NULL);
+-	if (!map) {
+-		fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
+-			connlabel_mt_reg.name, strerror(errno));
+-		return;
+-	}
+ 	xtables_register_match(&connlabel_mt_reg);
+ }
+-- 
+cgit v0.10.1
+