折腾nftables的那点事儿 (一)
0赞
发表于 7/1/2016 10:18:27 AM
阅读(4610)
最近因为一个项目,要折腾一下linux下的iptables。好久没有用这个东西了,感觉也不会有啥问题,所以连想都没想就开始弄。开启内核选项,交叉编译iptables,移植运行后才发现。我靠~不支持了,需要用新的nftables。奶奶的,我老了,被时代所淘汰了。nfatbles是个啥,就是取代iptables的。好吧,那就弄吧,弄起来才知道,麻烦啊,尤其是移植到arm板子上。
主要涉及到以下几个方面:
- 交叉编译工具
- 内核netfilter配置
- 所需的组件交叉编译(flex、bsion、libmnl、libnftnl、gmp、readline)
- nftables交叉编译
- nftables基本使用
(一) 交叉编译工具: 我使用的系统是ubuntu16.04 x32, 我将交叉编译工具安装在/opt下,具体版本如下
因为我使用的是zsh,所以我将环境变量添加到了~/.zshrc下
1 export PATH=/opt/toolchain/bin:$PATH
(二)先折腾内核,开启内核netfilter选项如图,按以下步骤执行
下面开始进入netfilter的配置选项,这里可以根据具体的需求开始相应的配置,这里我为了测试nftables,将开始所有的选项
开始选项有两种方式:一种是[*] ,另一种是[M]。前者是内核运行起来以后自动包含了netfilter的模块功能。后者是以*.ko的方式存在,在需要的时候
使用insmod *.ko的方式启用,ko文件是有依赖关系的,在加载ko文件的时候需要提供modules.dep文件,如下图
modules.dep文件内容如下
好了,接下来我是按照[*]的方式加载模块的,为了验证nftables的各种功能,我开启了所有模块,下图是主要配置项,
红色方块内部的选项根据需求开启。
如上配置也可以直接修改内核源码路径下的.config文件,设置方法如下
CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_NETFILTER_ADVANCED=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CONNTRACK_LABELS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_SNMP=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NF_CT_NETLINK_TIMEOUT=y CONFIG_NF_CT_NETLINK_HELPER=y CONFIG_NETFILTER_NETLINK_QUEUE_CT=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_SIP=y CONFIG_NF_NAT_TFTP=y CONFIG_NETFILTER_SYNPROXY=y CONFIG_NF_TABLES=y CONFIG_NF_TABLES_INET=y CONFIG_NFT_EXTHDR=y CONFIG_NFT_META=y CONFIG_NFT_CT=y CONFIG_NFT_RBTREE=y CONFIG_NFT_HASH=y CONFIG_NFT_COUNTER=y CONFIG_NFT_LOG=y CONFIG_NFT_LIMIT=y # CONFIG_NFT_NAT is not set CONFIG_NFT_QUEUE=m CONFIG_NFT_REJECT=y CONFIG_NFT_REJECT_INET=y CONFIG_NFT_COMPAT=y CONFIG_NETFILTER_XTABLES=y # # Xtables combined modules # CONFIG_NETFILTER_XT_MARK=y CONFIG_NETFILTER_XT_CONNMARK=y # CONFIG_NETFILTER_XT_SET is not set # # Xtables targets # # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y # CONFIG_NETFILTER_XT_TARGET_CT is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_HMARK=y CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y CONFIG_NETFILTER_XT_TARGET_LED=y CONFIG_NETFILTER_XT_TARGET_LOG=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NETMAP=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_REDIRECT=y CONFIG_NETFILTER_XT_TARGET_TEE=y # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set # # Xtables matches # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y CONFIG_NETFILTER_XT_MATCH_BPF=y CONFIG_NETFILTER_XT_MATCH_CGROUP=y CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_CPU=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ECN=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPCOMP=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_L2TP=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_RECENT=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_SOCKET=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_IP_SET=y CONFIG_IP_SET_MAX=256 CONFIG_IP_SET_BITMAP_IP=y CONFIG_IP_SET_BITMAP_IPMAC=y CONFIG_IP_SET_BITMAP_PORT=y CONFIG_IP_SET_HASH_IP=y CONFIG_IP_SET_HASH_IPPORT=y CONFIG_IP_SET_HASH_IPPORTIP=y CONFIG_IP_SET_HASH_IPPORTNET=y CONFIG_IP_SET_HASH_NETPORTNET=y CONFIG_IP_SET_HASH_NET=y CONFIG_IP_SET_HASH_NETNET=y CONFIG_IP_SET_HASH_NETPORT=y CONFIG_IP_SET_HASH_NETIFACE=y CONFIG_IP_SET_LIST_SET=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_NF_TABLES_IPV4=y CONFIG_NFT_CHAIN_ROUTE_IPV4=y CONFIG_NFT_REJECT_IPV4=y CONFIG_NF_TABLES_ARP=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_RPFILTER=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_SYNPROXY=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT_IPV4=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y CONFIG_NF_TABLES_IPV6=y CONFIG_NFT_CHAIN_ROUTE_IPV6=y CONFIG_NFT_REJECT_IPV6=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y # CONFIG_IP6_NF_MATCH_RPFILTER is not set CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_TARGET_SYNPROXY=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_NF_NAT_IPV6=y CONFIG_IP6_NF_TARGET_MASQUERADE=y CONFIG_IP6_NF_TARGET_NPT=y CONFIG_NF_TABLES_BRIDGE=y
以上配置完毕后,netfilter就设置完毕了,重新编译内核,生成zImage,烧写到开发板上。
(三) 交叉编译必须的组件:nftables的正常运行需要以下组件,下面每个程序编译完毕后需要将安装路径里面生成的内容添加到交叉编译工具链中,这样依赖它的程序才能找到相应的头文件和库文件
- 交叉编译flex-2.5.38:需要修改conf.in文件,否则提示找不到malloc和realloc两个函数
sed -i 's/#undef malloc//g' conf.in sed -i 's/#undef realloc//g' conf.in ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=安装路径 make -j6 make install
- 交叉编译bison-3.0.4
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译gmp-6.1.1
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译libmnl-1.0.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译libnftnl-1.0.6
1 LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译readline-6.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --prefix=$root_release_path 2 make -j6 3 make install
(四)交叉编译nftables-0.6
LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \
LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \
LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \
LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \
./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \
--prefix=$root_release_path
交叉编译玩nftables之后,请将上面的交叉编译的组件和nftables文件移植到到开发板上,越久是$root_release_path路径的所有文件按照系统目录结构拷贝上去,
千万记得,内核是你重新编译过的内核。
下面我提供一个编译脚本,根据自己的情况可以修改,这里支持安装必要的开发包、交叉编译部分源码包
1 #!/bin/bash
2
3 # author : nanye 2016/06/28
4 # compile these source pacakge under ubunt 16.04 x32
5 # please make sure that your system is connected to internet
6 #
7
8 root_path=$PWD
9 root_tar_path=$root_path'/src'
10 root_release_path=$root_path'/release'
11 root_build_path=$root_path'/build'
12 crosstool_path=`which arm-linux-gnueabihf-g++`
13 compile_args=$1
14
15 # help information
16 if [ "$compile_args" = "-h" ]
17 then
18 echo "./compile [openssl | snmp | iptables | sqlite | pam | orderd | zhttpd
19 flex | bison | gmp | libmnl | libnftnl | readline | nftables]"
20 echo " no args for compiling all package"
21 exit
22 fi
23
24 # need to compile source module
25 module_name=(
26 [1]=openssl-1.0.2h
27 [2]=net-snmp-5.7.2
28 [3]=iptables-1.4.18
29 [4]=sqlite
30 [5]=Linux-PAM-1.3.0
31 [6]=orderd
32 [7]=zhttpd
33 [8]=flex-2.5.38
34 [9]=bison-3.0.4
35 [10]=gmp-6.1.1
36 [11]=libmnl-1.0.3
37 [12]=libnftnl-1.0.6
38 [13]=readline-6.3
39 [14]=nftables-0.6
40 )
41
42 # install package
43 package_name=(
44 [1]=g++
45 [2]=build-essential
46 [3]=texlive
47 [4]=gettext
48 [5]=m4
49 [6]=help2man
50 [7]=indent
51 [8]=autopoint
52 [9]=makeinfo
53 [10]=odblatex
54 [11]=docbook2x
55 [12]=flex
56 [13]=bison
57 [14]=automake
58 [15]=autoconf
59 )
60 for var in ${package_name[@]};
61 do
62 echo -e "\e[0;32;1m[info] : install $var\e[0m"
63 sudo apt-get install $var
64 done
65
66
67 # check crosstool exist
68 if [ "$crosstool_path" = "" ]
69 then
70 echo -e "\e[0;31;1m[erro] : have no crosstool in /opt/toolchain\e[0m"
71 exit
72 fi
73
74 # create release dirrent
75 if [ ! -d $root_release_path ]
76 then
77 echo -e "\e[0;32;1m[info] : create release success\e[0m"
78 mkdir $PWD'/release'
79 fi
80
81 # create build dirrent
82 if [ ! -d $root_build_path ]
83 then
84 echo -e "\e[0;32;1m[info] : create build success\e[0m"
85 mkdir $PWD'/build'
86 fi
87
88 # compile openssl
89 if [ "$compile_args" = "" ] || [ "$compile_args" = "openssl" ]
90 then
91 cd $root_build_path
92 echo -e "\e[0;32;1m[info] : tar xf ${module_name[1]}.tar.gz to build\e[0m"
93 tar xf $root_tar_path'/'${module_name[1]}.tar.gz
94 cd $root_build_path'/'${module_name[1]}
95 /bin/bash config shared no-asm --prefix=$root_release_path
96 sed -i 's/PLATFORM=linux-elf/PLATFORM=linux-elf-arm/g' Makefile
97 sed -i 's/CC= gcc/CC= arm-linux-gnueabihf-gcc/g' Makefile
98 sed -i 's/AR= ar/AR= arm-linux-gnueabihf-ar/g' Makefile
99 sed -i 's/RANLIB= /usr/bin/ranlib/RANLIB= arm-linux-gnueabihf-ranlib/g' Makefile
100 sed -i 's/NM= nm/NM= arm-linux-gnueabihf-nm/g' Makefile
101 sed -i 's/MAKEDEPPROG= gcc/MAKEDEPPROG= arm-linux-gnueabihf-gcc/g' Makefile
102 make -j4
103 make install
104 fi
105
106 # compile net-snmp
107 if [ "$compile_args" = "" ] || [ "$compile_args" = "snmp" ]
108 then
109 cd $root_build_path
110 echo -e "\e[0;32;1m[info] : tar xf ${module_name[2]}.tar.gz to build\e[0m"
111 tar xf $root_tar_path'/'${module_name[2]}.tar.gz
112 cd $root_build_path'/'${module_name[2]}
113 CC=arm-linux-gnueabihf-gcc ./configure --build=i686-linux \
114 --host=arm-linux --disable-manuals --enable-mfd-rewrites \
115 --enable-shared=no --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable' \
116 --with-cc=arm-linux-gnueabihf-gcc --with-ar=arm-linux-gnueabihf-ar \
117 --prefix=$root_release_path
118 make -j4
119 make install
120 fi
121
122 # compile iptables
123 if [ "$compile_args" = "" ] || [ "$compile_args" = "iptables" ]
124 then
125 cd $root_build_path
126 echo -e "\e[0;32;1m[info] : tar xf ${module_name[3]}.tar.gz to build\e[0m"
127 tar xf $root_tar_path'/'${module_name[3]}.tar.gz
128 cd $root_build_path'/'${module_name[3]}
129 ./configure --host=arm-linux-gnueabihf \
130 --disable-static --enable-shared \
131 --prefix=$root_release_path
132 make -j4
133 make install
134 fi
135
136 # compile sqlite
137 if [ "$compile_args" = "" ] || [ "$compile_args" = "sqlite" ]
138 then
139 cd $root_build_path
140 echo -e "\e[0;32;1m[info] : tar xf ${module_name[4]}.tar.gz to build\e[0m"
141 tar xf $root_tar_path'/'${module_name[4]}.tar.gz
142 cd $root_build_path'/'${module_name[4]}
143 ./configure --disable-tcl --host=arm-linux-gnueabihf \
144 --prefix=$root_release_path
145 make -j4
146 make install
147 fi
148
149 # compile pam
150 if [ "$compile_args" = "" ] || [ "$compile_args" = "pam" ]
151 then
152 cd $root_build_path
153 echo -e "\e[0;32;1m[info] : tar xf ${module_name[5]}.tar.gz to build\e[0m"
154 tar xf $root_tar_path'/'${module_name[5]}.tar.gz
155 cd $root_build_path'/'${module_name[5]}
156 ./configure --host=arm-linux-gnueabihf --disable-static --enable-shared \
157 --prefix=$root_release_path
158 make -j4
159 make install
160 fi
161
162 # compile orderd
163 if [ "$compile_args" = "" ] || [ "$compile_args" = "orderd" ]
164 then
165 cp -r $root_tar_path/${module_name[6]} $root_build_path
166 cd $root_build_path/${module_name[6]}/src
167 make
168 if [ ! -d $root_release_path/sbin ]
169 then
170 mkdir $root_release_path/sbin
171 fi
172 cp orderd $root_release_path/sbin
173 fi
174
175 # compile zhttpd
176 if [ "$compile_args" = "" ] || [ "$compile_args" = "zhttpd" ]
177 then
178 cp -r $root_tar_path/${module_name[7]} $root_build_path
179 cd $root_build_path/${module_name[7]}
180 make
181 if [ ! -d $root_release_path/sbin ]
182 then
183 mkdir $root_release_path/sbin
184 fi
185 cp zhttpd $root_release_path/sbin
186 fi
187
188 # compile flex
189 if [ "$compile_args" = "" ] || [ "$compile_args" = "flex" ]
190 then
191 cd $root_build_path
192 echo -e "\e[0;32;1m[info] : tar xf ${module_name[8]}.tar.gz to build\e[0m"
193 tar xf $root_tar_path'/'${module_name[8]}.tar.gz
194 cd $root_build_path'/'${module_name[8]}
195 sed -i 's/#undef malloc//g' conf.in
196 sed -i 's/#undef realloc//g' conf.in
197 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \
198 --prefix=$root_release_path
199 make -j6
200 make install
201 fi
202
203 # compile bison
204 if [ "$compile_args" = "" ] || [ "$compile_args" = "bison" ]
205 then
206 cd $root_build_path
207 echo -e "\e[0;32;1m[info] : tar xf ${module_name[9]}.tar.gz to build\e[0m"
208 tar xf $root_tar_path'/'${module_name[9]}.tar.gz
209 cd $root_build_path'/'${module_name[9]}
210 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \
211 --prefix=$root_release_path
212 make -j6
213 make install
214 cp $root_build_path/${module_name[9]}/lib/libbison.a $root_release_path/lib
215 fi
216
217 # compile gmp
218 if [ "$compile_args" = "" ] || [ "$compile_args" = "gmp" ]
219 then
220 cd $root_build_path
221 echo -e "\e[0;32;1m[info] : tar xf ${module_name[10]}.tar.gz to build\e[0m"
222 tar xf $root_tar_path'/'${module_name[10]}.tar.gz
223 cd $root_build_path'/'${module_name[10]}
224 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \
225 --prefix=$root_release_path
226 make -j6
227 make install
228 fi
229
230 # compile libmnl
231 if [ "$compile_args" = "" ] || [ "$compile_args" = "libmnl" ]
232 then
233 cd $root_build_path
234 echo -e "\e[0;32;1m[info] : tar xf ${module_name[11]}.tar.gz to build\e[0m"
235 tar xf $root_tar_path'/'${module_name[11]}.tar.bz2
236 cd $root_build_path'/'${module_name[11]}
237 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \
238 --prefix=$root_release_path
239 make -j6
240 make install
241 fi
242
243
244 # compile libnftnl
245 if [ "$compile_args" = "" ] || [ "$compile_args" = "libnftnl" ]
246 then
247 cd $root_build_path
248 echo -e "\e[0;32;1m[info] : tar xf ${module_name[12]}.tar.gz to build\e[0m"
249 tar xf $root_tar_path'/'${module_name[12]}.tar.bz2
250 cd $root_build_path'/'${module_name[12]}
251 export LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/"
252 export LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl"
253 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \
254 --prefix=$root_release_path
255 make -j6
256 make install
257 fi
258
259 # compile readline
260 if [ "$compile_args" = "" ] || [ "$compile_args" = "readline" ]
261 then
262 cd $root_build_path
263 echo -e "\e[0;32;1m[info] : tar xf ${module_name[13]}.tar.gz to build\e[0m"
264 tar xf $root_tar_path'/'${module_name[13]}.tar.gz
265 cd $root_build_path'/'${module_name[13]}
266 sed -i '6324s/yes/no/g' configure
267 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc \
268 --prefix=$root_release_path
269 make -j6
270 make install
271 fi
272
273
274 # compile nftables
275 if [ "$compile_args" = "" ] || [ "$compile_args" = "nftables" ]
276 then
277 cd $root_build_path
278 echo -e "\e[0;32;1m[info] : tar xf ${module_name[14]}.tar.gz to build\e[0m"
279 tar xf $root_tar_path'/'${module_name[14]}.tar.bz2
280 cd $root_build_path'/'${module_name[14]}
281 LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \
282 LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \
283 LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \
284 LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \
285 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \
286 --prefix=$root_release_path
287 make -j6
288 make install
289 fi
290
291
292 # strip bin file and delete unuseful files
293 arm-linux-gnueabihf-strip $root_release_path/bin/*
294 arm-linux-gnueabihf-strip $root_release_path/sbin/*
295 arm-linux-gnueabihf-strip $root_release_path/lib/*.a
296 arm-linux-gnueabihf-strip $root_release_path/lib/*.so.*
297 rm -rf $root_release_path/share/man
298 rm -rf $root_release_path/ssl/man
