From 4b12762864fb6f4ba06dd8c62d633ab9352c075c Mon Sep 17 00:00:00 2001 From: zsdc Date: Thu, 28 Sep 2023 14:58:47 +0300 Subject: pmacct: T5618: Added build rules for custom pmacct package The current version of pmacct in Debian (`1.7.7-1`) contains the bug which leads to a crash when IMT is enabled and ICMP traffic is forwarded through a router. This commit adds our build with an extra patch, which solves the problem: https://github.com/pmacct/pmacct/commit/73af9545ea33cd87846306f648f634063ac41765 (cherry picked from commit d5f6445381c44a99459f45e74b792e250d727f44) --- packages/pmacct/Jenkinsfile | 33 +++++++++++++++ packages/pmacct/build.py | 49 ++++++++++++++++++++++ ...-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch | 49 ++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 packages/pmacct/Jenkinsfile create mode 100755 packages/pmacct/build.py create mode 100644 packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch (limited to 'packages') diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile new file mode 100644 index 00000000..9b7e8c3e --- /dev/null +++ b/packages/pmacct/Jenkinsfile @@ -0,0 +1,33 @@ +// Copyright (C) 2023 VyOS maintainers and contributors +// +// This program is free software; you can redistribute it and/or modify +// in order to easy exprort images built to "external" world +// it under the terms of the GNU General Public License version 2 or later as +// published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +@NonCPS + +// Using a version specifier library, use 'current' branch. The underscore (_) +// is not a typo! You need this underscore if the line immediately after the +// @Library annotation is not an import statement! +@Library('vyos-build@current')_ + +def package_name = 'pmacct' + +def pkgList = [ + ['name': "${package_name}", + 'scmCommit': 'debian/1.7.7-1', + 'scmUrl': 'https://salsa.debian.org/debian/pmacct.git', + 'buildCmd': "../build.py"], +] + +// Start package build using library function from https://github.com/vyos/vyos-build +buildPackage("${package_name}", pkgList, null, true, "**/packages/pmacct/**") diff --git a/packages/pmacct/build.py b/packages/pmacct/build.py new file mode 100755 index 00000000..2445eb12 --- /dev/null +++ b/packages/pmacct/build.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 + +from pathlib import Path +from shutil import copy as copy_file +from subprocess import run + + +# copy patches +def apply_deb_patches() -> None: + """Apply patches to sources directory + """ + patches_dir = Path('../patches') + current_dir: str = Path.cwd().as_posix() + if patches_dir.exists(): + patches_list = list(patches_dir.iterdir()) + patches_list.sort() + series_file = Path(f'{current_dir}/debian/patches/series') + series_data = '' + for patch_file in patches_list: + print(f'Applying patch: {patch_file.name}') + copy_file(patch_file, f'{current_dir}/debian/patches/') + if series_file.exists(): + series_data: str = series_file.read_text() + series_data = f'{series_data}\n{patch_file.name}' + series_file.write_text(series_data) + + +def build_package() -> bool: + """Build a package + + Returns: + bool: build status + """ + build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] + build_status: int = run(build_cmd).returncode + + if not build_status: + return False + return True + + +# build a package +if __name__ == '__main__': + apply_deb_patches() + + if not build_package(): + exit(1) + + exit() diff --git a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch new file mode 100644 index 00000000..cb5f7399 --- /dev/null +++ b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch @@ -0,0 +1,49 @@ +From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001 +From: Paolo Lucente +Date: Fri, 4 Mar 2022 22:07:29 +0000 +Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed + and 'flows' primitive was enabled. To address Issue #586 + +--- + src/nl.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/src/nl.c b/src/nl.c +index c42689ed..6a3da94b 100644 +--- a/src/nl.c ++++ b/src/nl.c +@@ -1,6 +1,6 @@ + /* + pmacct (Promiscuous mode IP Accounting package) +- pmacct is Copyright (C) 2003-2021 by Paolo Lucente ++ pmacct is Copyright (C) 2003-2022 by Paolo Lucente + */ + + /* +@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs) + } + } + else { +- if (pptrs->l4_proto != IPPROTO_ICMP) { +- pptrs->tlh_ptr = dummy_tlhdr; +- } +- ++ pptrs->tlh_ptr = dummy_tlhdr; + if (off < caplen) pptrs->payload_ptr = ptr; + } + +@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs) + } + } + else { +- if (pptrs->l4_proto != IPPROTO_ICMPV6) { +- pptrs->tlh_ptr = dummy_tlhdr; +- } +- ++ pptrs->tlh_ptr = dummy_tlhdr; + if (off < caplen) pptrs->payload_ptr = ptr; + } + +-- +2.34.1 + -- cgit v1.2.3 From c0720f2acfb5bf5ca12cb02881710424c6ee9b3d Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Thu, 28 Sep 2023 21:03:09 +0200 Subject: pmacct: T5618: install build time dependencies (cherry picked from commit 3c313a62e72023a68ab523400b1da3e8a1a6fd29) --- packages/pmacct/.gitignore | 1 + packages/pmacct/Jenkinsfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 packages/pmacct/.gitignore (limited to 'packages') diff --git a/packages/pmacct/.gitignore b/packages/pmacct/.gitignore new file mode 100644 index 00000000..c2274717 --- /dev/null +++ b/packages/pmacct/.gitignore @@ -0,0 +1 @@ +pmacct/ diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile index 9b7e8c3e..af767b32 100644 --- a/packages/pmacct/Jenkinsfile +++ b/packages/pmacct/Jenkinsfile @@ -26,7 +26,7 @@ def pkgList = [ ['name': "${package_name}", 'scmCommit': 'debian/1.7.7-1', 'scmUrl': 'https://salsa.debian.org/debian/pmacct.git', - 'buildCmd': "../build.py"], + 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'], ] // Start package build using library function from https://github.com/vyos/vyos-build -- cgit v1.2.3 From 4a1945534dd99cf43ac89850e26664a1cfcf26b1 Mon Sep 17 00:00:00 2001 From: zsdc Date: Thu, 28 Sep 2023 22:44:49 +0300 Subject: pmacct: T5618: Fixed mistake in pmacct build script Removed extra `not` in the `if` condition of the build script which inverts the return code. (cherry picked from commit 59e34c855e7d96b8abd4ab94d212a57901ed6bc1) --- packages/pmacct/build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages') diff --git a/packages/pmacct/build.py b/packages/pmacct/build.py index 2445eb12..0f666392 100755 --- a/packages/pmacct/build.py +++ b/packages/pmacct/build.py @@ -34,7 +34,7 @@ def build_package() -> bool: build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] build_status: int = run(build_cmd).returncode - if not build_status: + if build_status: return False return True -- cgit v1.2.3