From d5f6445381c44a99459f45e74b792e250d727f44 Mon Sep 17 00:00:00 2001
From: zsdc <taras@vyos.io>
Date: Thu, 28 Sep 2023 14:58:47 +0300
Subject: pmacct: T5618: Added build rules for custom pmacct package

The current version of pmacct in Debian (`1.7.7-1`) contains the bug which leads
to a crash when IMT is enabled and ICMP traffic is forwarded through a router.

This commit adds our build with an extra patch, which solves the problem:
https://github.com/pmacct/pmacct/commit/73af9545ea33cd87846306f648f634063ac41765
---
 packages/pmacct/Jenkinsfile                        | 33 +++++++++++++++
 packages/pmacct/build.py                           | 49 ++++++++++++++++++++++
 ...-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch | 49 ++++++++++++++++++++++
 3 files changed, 131 insertions(+)
 create mode 100644 packages/pmacct/Jenkinsfile
 create mode 100755 packages/pmacct/build.py
 create mode 100644 packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch

(limited to 'packages/pmacct')

diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile
new file mode 100644
index 00000000..9b7e8c3e
--- /dev/null
+++ b/packages/pmacct/Jenkinsfile
@@ -0,0 +1,33 @@
+// Copyright (C) 2023 VyOS maintainers and contributors
+//
+// This program is free software; you can redistribute it and/or modify
+// in order to easy exprort images built to "external" world
+// it under the terms of the GNU General Public License version 2 or later as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+@NonCPS
+
+// Using a version specifier library, use 'current' branch. The underscore (_)
+// is not a typo! You need this underscore if the line immediately after the
+// @Library annotation is not an import statement!
+@Library('vyos-build@current')_
+
+def package_name = 'pmacct'
+
+def pkgList = [
+    ['name': "${package_name}",
+     'scmCommit': 'debian/1.7.7-1',
+     'scmUrl': 'https://salsa.debian.org/debian/pmacct.git',
+     'buildCmd': "../build.py"],
+]
+
+// Start package build using library function from https://github.com/vyos/vyos-build
+buildPackage("${package_name}", pkgList, null, true, "**/packages/pmacct/**")
diff --git a/packages/pmacct/build.py b/packages/pmacct/build.py
new file mode 100755
index 00000000..2445eb12
--- /dev/null
+++ b/packages/pmacct/build.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+
+from pathlib import Path
+from shutil import copy as copy_file
+from subprocess import run
+
+
+# copy patches
+def apply_deb_patches() -> None:
+    """Apply patches to sources directory
+    """
+    patches_dir = Path('../patches')
+    current_dir: str = Path.cwd().as_posix()
+    if patches_dir.exists():
+        patches_list = list(patches_dir.iterdir())
+        patches_list.sort()
+        series_file = Path(f'{current_dir}/debian/patches/series')
+        series_data = ''
+        for patch_file in patches_list:
+            print(f'Applying patch: {patch_file.name}')
+            copy_file(patch_file, f'{current_dir}/debian/patches/')
+            if series_file.exists():
+                series_data: str = series_file.read_text()
+            series_data = f'{series_data}\n{patch_file.name}'
+            series_file.write_text(series_data)
+
+
+def build_package() -> bool:
+    """Build a package
+
+    Returns:
+        bool: build status
+    """
+    build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b']
+    build_status: int = run(build_cmd).returncode
+
+    if not build_status:
+        return False
+    return True
+
+
+# build a package
+if __name__ == '__main__':
+    apply_deb_patches()
+
+    if not build_package():
+        exit(1)
+
+    exit()
diff --git a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch
new file mode 100644
index 00000000..cb5f7399
--- /dev/null
+++ b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch
@@ -0,0 +1,49 @@
+From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001
+From: Paolo Lucente <pl+github@pmacct.net>
+Date: Fri, 4 Mar 2022 22:07:29 +0000
+Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed
+ and 'flows' primitive was enabled. To address Issue #586
+
+---
+ src/nl.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+diff --git a/src/nl.c b/src/nl.c
+index c42689ed..6a3da94b 100644
+--- a/src/nl.c
++++ b/src/nl.c
+@@ -1,6 +1,6 @@
+ /*
+     pmacct (Promiscuous mode IP Accounting package)
+-    pmacct is Copyright (C) 2003-2021 by Paolo Lucente
++    pmacct is Copyright (C) 2003-2022 by Paolo Lucente
+ */
+ 
+ /*
+@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs)
+       }
+     }
+     else {
+-      if (pptrs->l4_proto != IPPROTO_ICMP) {
+-        pptrs->tlh_ptr = dummy_tlhdr;
+-      }
+-
++      pptrs->tlh_ptr = dummy_tlhdr;
+       if (off < caplen) pptrs->payload_ptr = ptr;
+     }
+ 
+@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs)
+       }
+     }
+     else {
+-      if (pptrs->l4_proto != IPPROTO_ICMPV6) {
+-        pptrs->tlh_ptr = dummy_tlhdr;
+-      }
+-
++      pptrs->tlh_ptr = dummy_tlhdr;
+       if (off < caplen) pptrs->payload_ptr = ptr;
+     }
+ 
+-- 
+2.34.1
+
-- 
cgit v1.2.3