Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org --- config/rootfiles/common/iproute2 | 42 ++++++- lfs/iproute2 | 7 +- src/patches/iproute2-4.7.0_remove_arpd.patch | 176 +++++++++++++++++++++++++++ 3 files changed, 219 insertions(+), 6 deletions(-) create mode 100644 src/patches/iproute2-4.7.0_remove_arpd.patch
diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2 index 93dcaff..2339d83 100644 --- a/config/rootfiles/common/iproute2 +++ b/config/rootfiles/common/iproute2 @@ -1,4 +1,5 @@ #etc/iproute2 +etc/iproute2/bpf_pinning etc/iproute2/ematch_map etc/iproute2/group etc/iproute2/nl_protos @@ -28,7 +29,10 @@ sbin/tc #usr/lib/tc/normal.dist #usr/lib/tc/pareto.dist #usr/lib/tc/paretonormal.dist -usr/sbin/arpd +#usr/sbin/arpd +#usr/share/bash-completion +#usr/share/bash-completion/completions +usr/share/bash-completion/completions/tc #usr/share/doc/iproute2 #usr/share/doc/iproute2/SNAPSHOT.tex #usr/share/doc/iproute2/api-ip6-flowlabels.tex @@ -60,17 +64,23 @@ usr/sbin/arpd #usr/share/doc/iproute2/preamble.tex #usr/share/doc/iproute2/rtstat.sgml #usr/share/doc/iproute2/ss.sgml +#usr/share/doc/iproute2/tc-filters.tex #usr/share/man/man3/libnetlink.3 #usr/share/man/man7/tc-hfsc.7 -#usr/share/man/man8/arpd.8 #usr/share/man/man8/bridge.8 #usr/share/man/man8/ctstat.8 +#usr/share/man/man8/devlink-dev.8 +#usr/share/man/man8/devlink-monitor.8 +#usr/share/man/man8/devlink-port.8 +#usr/share/man/man8/devlink-sb.8 +#usr/share/man/man8/devlink.8 #usr/share/man/man8/ip-address.8 #usr/share/man/man8/ip-addrlabel.8 #usr/share/man/man8/ip-fou.8 #usr/share/man/man8/ip-gue.8 #usr/share/man/man8/ip-l2tp.8 #usr/share/man/man8/ip-link.8 +#usr/share/man/man8/ip-macsec.8 #usr/share/man/man8/ip-maddress.8 #usr/share/man/man8/ip-monitor.8 #usr/share/man/man8/ip-mroute.8 @@ -91,29 +101,55 @@ usr/sbin/arpd #usr/share/man/man8/routel.8 #usr/share/man/man8/rtacct.8 #usr/share/man/man8/rtmon.8 +#usr/share/man/man8/rtpr.8 #usr/share/man/man8/rtstat.8 #usr/share/man/man8/ss.8 +#usr/share/man/man8/tc-basic.8 #usr/share/man/man8/tc-bfifo.8 #usr/share/man/man8/tc-bpf.8 #usr/share/man/man8/tc-cbq-details.8 #usr/share/man/man8/tc-cbq.8 +#usr/share/man/man8/tc-cgroup.8 #usr/share/man/man8/tc-choke.8 #usr/share/man/man8/tc-codel.8 +#usr/share/man/man8/tc-connmark.8 +#usr/share/man/man8/tc-csum.8 #usr/share/man/man8/tc-drr.8 #usr/share/man/man8/tc-ematch.8 +#usr/share/man/man8/tc-flow.8 +#usr/share/man/man8/tc-flower.8 +#usr/share/man/man8/tc-fq.8 #usr/share/man/man8/tc-fq_codel.8 +#usr/share/man/man8/tc-fw.8 #usr/share/man/man8/tc-hfsc.8 #usr/share/man/man8/tc-htb.8 +#usr/share/man/man8/tc-mirred.8 #usr/share/man/man8/tc-mqprio.8 +#usr/share/man/man8/tc-nat.8 #usr/share/man/man8/tc-netem.8 +#usr/share/man/man8/tc-pedit.8 #usr/share/man/man8/tc-pfifo.8 #usr/share/man/man8/tc-pfifo_fast.8 #usr/share/man/man8/tc-pie.8 +#usr/share/man/man8/tc-police.8 #usr/share/man/man8/tc-prio.8 #usr/share/man/man8/tc-red.8 +#usr/share/man/man8/tc-route.8 #usr/share/man/man8/tc-sfb.8 #usr/share/man/man8/tc-sfq.8 +#usr/share/man/man8/tc-simple.8 +#usr/share/man/man8/tc-skbedit.8 #usr/share/man/man8/tc-stab.8 #usr/share/man/man8/tc-tbf.8 +#usr/share/man/man8/tc-tcindex.8 +#usr/share/man/man8/tc-u32.8 +#usr/share/man/man8/tc-vlan.8 +#usr/share/man/man8/tc-xt.8 #usr/share/man/man8/tc.8 -var/lib/arpd +#usr/share/man/man8/tipc-bearer.8 +#usr/share/man/man8/tipc-link.8 +#usr/share/man/man8/tipc-media.8 +#usr/share/man/man8/tipc-nametable.8 +#usr/share/man/man8/tipc-node.8 +#usr/share/man/man8/tipc-socket.8 +#usr/share/man/man8/tipc.8 diff --git a/lfs/iproute2 b/lfs/iproute2 index 51f1f3d..47ce077 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.2.0 +VER = 4.7.0
THISAPP = iproute2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 51c54cc3245eff451154938fbc0f64f5 +$(DL_FILE)_MD5 = d4b205830cdc2702f8a0cbd6232129cd
install : $(TARGET)
@@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)_remove_arpd.patch cd $(DIR_APP) && make $(MAKETUNING) SBINDIR=/sbin cd $(DIR_APP) && make SBINDIR=/sbin install cd $(DIR_APP) && mv -v /sbin/arpd /usr/sbin diff --git a/src/patches/iproute2-4.7.0_remove_arpd.patch b/src/patches/iproute2-4.7.0_remove_arpd.patch new file mode 100644 index 0000000..786c031 --- /dev/null +++ b/src/patches/iproute2-4.7.0_remove_arpd.patch @@ -0,0 +1,176 @@ +diff -Naur a/doc/arpd.sgml b/doc/arpd.sgml +--- a/doc/arpd.sgml ++++ b/doc/arpd.sgml +@@ -1,130 +0,0 @@ +-<!doctype linuxdoc system> +- +-<article> +- +-<title>ARPD Daemon +-<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/ +-<date>some_negative_number, 20 Sep 2001 +-<abstract> +-<tt/arpd/ is daemon collecting gratuitous ARP information, saving +-it on local disk and feeding it to kernel on demand to avoid +-redundant broadcasting due to limited size of kernel ARP cache. +-</abstract> +- +- +-<p><bf/Description/ +- +-<p>The format of the command is: +- +-<tscreen><verb> +- arpd OPTIONS [ INTERFACE [ INTERFACE ... ] ] +-</verb></tscreen> +- +-<p> <tt/OPTIONS/ are: +- +-<itemize> +- +-<item><tt/-l/ - dump <tt/arpd/ database to stdout and exit. Output consists +-of three columns: interface index, IP address and MAC address. +-Negative entries for dead hosts are also shown, in this case MAC address +-is replaced by word <tt/FAILED/ followed by colon and time when the fact +-that host is dead was proven the last time. +- +-<item><tt/-f FILE/ - read and load <tt/arpd/ database from <tt/FILE/ +-in text format similar dumped by option <tt/-l/. Exit after load, +-probably listing resulting database, if option <tt/-l/ is also given. +-If <tt/FILE/ is <tt/-/, <tt/stdin/ is read to get ARP table. +- +-<item><tt/-b DATABASE/ - location of database file. Default location is +-<tt>/var/lib/arpd/arpd.db</tt>. +- +-<item><tt/-a NUMBER/ - <tt/arpd/ not only passively listens ARP on wire, but +-also send brodcast queries itself. <tt/NUMBER/ is number of such queries +-to make before destination is considered as dead. When <tt/arpd/ is started +-as kernel helper (i.e. with <tt/app_solicit/ enabled in <tt/sysctl/ +-or even with option <tt/-k/) without this option and still did not learn enough +-information, you can observe 1 second gaps in service. Not fatal, but +-not good. +- +-<item><tt/-k/ - suppress sending broadcast queries by kernel. It takes +-sense together with option <tt/-a/. +- +-<item><tt/-n TIME/ - timeout of negative cache. When resolution fails <tt/arpd/ +-suppresses further attempts to resolve for this period. It makes sense +-only together with option <tt/-k/. This timeout should not be too much +-longer than boot time of a typical host not supporting gratuitous ARP. +-Default value is 60 seconds. +- +-<item><tt/-R RATE/ - maximal steady rate of broadcasts sent by <tt/arpd/ +-in packets per second. Default value is 1. +- +-<item><tt/-B NUMBER/ - number of broadcasts sent by <tt/arpd/ back to back. +-Default value is 3. Together with option <tt/-R/ this option allows +-to police broadcasting not to exceed <tt/B+R*T/ over any interval +-of time <tt/T/. +- +-</itemize> +- +-<p><tt/INTERFACE/ is name of networking inteface to watch. +-If no interfaces given, <tt/arpd/ monitors all the interfaces. +-In this case <tt/arpd/ does not adjust <tt/sysctl/ parameters, +-it is supposed user does this himself after <tt/arpd/ is started. +- +- +-<p> Signals +- +-<p> <tt/arpd/ exits gracefully syncing database and restoring adjusted +-<tt/sysctl/ parameters, when receives <tt/SIGINT/ or <tt/SIGTERM/. +-<tt/SIGHUP/ syncs database to disk. <tt/SIGUSR1/ sends some statistics +-to <tt/syslog/. Effect of another signals is undefined, they may corrupt +-database and leave <tt/sysctl/ parameters in an unpredictable state. +- +-<p> Note +- +-<p> In order to <tt/arpd/ be able to serve as ARP resolver, kernel must be +-compiled with the option <tt/CONFIG_ARPD/ and, in the case when interface list +-is not given on command line, variable <tt/app_solicit/ +-on interfaces of interest should be set in <tt>/proc/sys/net/ipv4/neigh/*</tt>. +-If this is not made <tt/arpd/ still collects gratuitous ARP information +-in its database. +- +-<p> Examples +- +-<enum> +-<item> Start <tt/arpd/ to collect gratuitous ARP, but not messing +-with kernel functionality: +- +-<tscreen><verb> +- arpd -b /var/tmp/arpd.db +-</verb></tscreen> +- +-<item> Look at result after some time: +- +-<tscreen><verb> +- killall arpd +- arpd -l -b /var/tmp/arpd.db +-</verb></tscreen> +- +-<item> To enable kernel helper, leaving leading role to kernel: +- +-<tscreen><verb> +- arpd -b /var/tmp/arpd.db -a 1 eth0 eth1 +-</verb></tscreen> +- +-<item> Completely replace kernel resolution on interfaces <tt/eth0/ +-and <tt/eth1/. In this case kernel still does unicast probing to +-validate entries, but all the broadcast activity is suppressed +-and made under authority of <tt/arpd/: +- +-<tscreen><verb> +- arpd -b /var/tmp/arpd.db -a 3 -k eth0 eth1 +-</verb></tscreen> +- +-This is mode which <tt/arpd/ is supposed to work normally. +-It is not default just to prevent occasional enabling of too aggressive +-mode occasionally. +- +-</enum> +- +-</article> +- +diff -Naur a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -9,7 +9,6 @@ + DATADIR?=$(PREFIX)/share + DOCDIR?=$(DATADIR)/doc/iproute2 + MANDIR?=$(DATADIR)/man +-ARPDDIR?=/var/lib/arpd + KERNEL_INCLUDE?=/usr/include + BASH_COMPDIR?=$(DATADIR)/bash-completion/completions + +@@ -62,7 +61,6 @@ + install: all + install -m 0755 -d $(DESTDIR)$(SBINDIR) + install -m 0755 -d $(DESTDIR)$(CONFDIR) +- install -m 0755 -d $(DESTDIR)$(ARPDDIR) + install -m 0755 -d $(DESTDIR)$(DOCDIR)/examples + install -m 0755 -d $(DESTDIR)$(DOCDIR)/examples/diffserv + install -m 0644 README.iproute2+tc $(shell find examples -maxdepth 1 -type f) \ +diff -Naur a/man/man8/Makefile b/man/man8/Makefile +--- a/man/man8/Makefile ++++ b/man/man8/Makefile +@@ -1,6 +1,6 @@ + TARGETS = ip-address.8 ip-link.8 ip-route.8 + +-MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 \ ++MAN8PAGES = $(TARGETS) ip.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 \ + tc.8 tc-bfifo.8 tc-bpf.8 tc-cbq.8 tc-cbq-details.8 tc-choke.8 tc-codel.8 \ + tc-fq.8 \ + tc-drr.8 tc-ematch.8 tc-fq_codel.8 tc-hfsc.8 tc-htb.8 tc-pie.8 \ +diff -Naur a/tc/Makefile b/tc/Makefile +--- a/tc/Makefile ++++ b/tc/Makefile +@@ -89,7 +89,7 @@ + CFLAGS += -DTC_CONFIG_XT_H + TCSO += m_xt_old.so + else +- TCMODULES += m_ipt.o ++ TCMODULES += + endif + endif + endif