From fc80ef3613465e60257a5ddf0674debe45b09180 Mon Sep 17 00:00:00 2001
From: Tony Ambardar <itugrok@yahoo.com>
Date: Thu, 13 Dec 2018 11:48:55 -0800
Subject: [PATCH] iproute2: tc: enable and fix support for using .so plugins
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
---
 package/network/utils/iproute2/Makefile       |   7 +-
 .../patches/135-sync-iptables-header.patch    | 101 ++++++++++++++++++
 2 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 package/network/utils/iproute2/patches/135-sync-iptables-header.patch

diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile
index a9bcfd40a0..6e20e34dd8 100644
--- a/package/network/utils/iproute2/Makefile
+++ b/package/network/utils/iproute2/Makefile
@@ -106,6 +106,7 @@ endif
 
 ifeq ($(BUILD_VARIANT),tc)
   HAVE_ELF:=y
+  SHARED_LIBS:=y
 endif
 
 ifdef CONFIG_PACKAGE_devlink
@@ -127,7 +128,7 @@ TARGET_CPPFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny
 
 MAKE_FLAGS += \
 	KERNEL_INCLUDE="$(LINUX_DIR)/user_headers/include" \
-	SHARED_LIBS="" \
+	SHARED_LIBS=$(SHARED_LIBS) \
 	IP_CONFIG_TINY=$(IP_CONFIG_TINY) \
 	HAVE_ELF=$(HAVE_ELF) \
 	HAVE_MNL=$(HAVE_MNL) \
@@ -164,6 +165,10 @@ define Package/tc/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) ./files/15-teql $(1)/etc/hotplug.d/iface/
+ifeq ($(SHARED_LIBS),y)
+	$(INSTALL_DIR) $(1)/usr/lib/tc
+	$(CP) $(PKG_BUILD_DIR)/tc/*.so $(1)/usr/lib/tc
+endif
 endef
 
 # ensure other packages are only saved during 'tiny' builds.
diff --git a/package/network/utils/iproute2/patches/135-sync-iptables-header.patch b/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
new file mode 100644
index 0000000000..a04d8ac742
--- /dev/null
+++ b/package/network/utils/iproute2/patches/135-sync-iptables-header.patch
@@ -0,0 +1,101 @@
+Description: Sync header from iptables
+ The current versions in several suites have the same content:
+  - 1.6.1-2 (unstable)
+Bug: https://bugs.debian.org/868059
+Forwarded: not-needed
+Author: Cyril Brulebois <cyril@debamax.com>
+Last-Update: 2017-11-22
+--- a/include/xtables.h
++++ b/include/xtables.h
+@@ -205,9 +205,24 @@ enum xtables_ext_flags {
+ 	XTABLES_EXT_ALIAS = 1 << 0,
+ };
+ 
++struct xt_xlate;
++
++struct xt_xlate_mt_params {
++	const void			*ip;
++	const struct xt_entry_match	*match;
++	int				numeric;
++	bool				escape_quotes;
++};
++
++struct xt_xlate_tg_params {
++	const void			*ip;
++	const struct xt_entry_target	*target;
++	int				numeric;
++	bool				escape_quotes;
++};
++
+ /* Include file for additions: new matches and targets. */
+-struct xtables_match
+-{
++struct xtables_match {
+ 	/*
+ 	 * ABI/API version this module requires. Must be first member,
+ 	 * as the rest of this struct may be subject to ABI changes.
+@@ -269,6 +284,10 @@ struct xtables_match
+ 	void (*x6_fcheck)(struct xt_fcheck_call *);
+ 	const struct xt_option_entry *x6_options;
+ 
++	/* Translate iptables to nft */
++	int (*xlate)(struct xt_xlate *xl,
++		     const struct xt_xlate_mt_params *params);
++
+ 	/* Size of per-extension instance extra "global" scratch space */
+ 	size_t udata_size;
+ 
+@@ -280,8 +299,7 @@ struct xtables_match
+ 	unsigned int loaded; /* simulate loading so options are merged properly */
+ };
+ 
+-struct xtables_target
+-{
++struct xtables_target {
+ 	/*
+ 	 * ABI/API version this module requires. Must be first member,
+ 	 * as the rest of this struct may be subject to ABI changes.
+@@ -346,6 +364,10 @@ struct xtables_target
+ 	void (*x6_fcheck)(struct xt_fcheck_call *);
+ 	const struct xt_option_entry *x6_options;
+ 
++	/* Translate iptables to nft */
++	int (*xlate)(struct xt_xlate *xl,
++		     const struct xt_xlate_tg_params *params);
++
+ 	size_t udata_size;
+ 
+ 	/* Ignore these men behind the curtain: */
+@@ -406,6 +428,17 @@ struct xtables_globals
+ 
+ #define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
+ 
++/*
++ * enum op-
++ *
++ * For writing clean nftables translations code
++ */
++enum xt_op {
++	XT_OP_EQ,
++	XT_OP_NEQ,
++	XT_OP_MAX,
++};
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -548,6 +581,14 @@ extern void xtables_lmap_free(struct xta
+ extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
+ extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
+ 
++/* xlate infrastructure */
++struct xt_xlate *xt_xlate_alloc(int size);
++void xt_xlate_free(struct xt_xlate *xl);
++void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
++void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
++const char *xt_xlate_get_comment(struct xt_xlate *xl);
++const char *xt_xlate_get(struct xt_xlate *xl);
++
+ #ifdef XTABLES_INTERNAL
+ 
+ /* Shipped modules rely on this... */
-- 
2.30.2