折腾nftables的那点事儿 (一)
0赞最近因为一个项目,要折腾一下linux下的iptables。好久没有用这个东西了,感觉也不会有啥问题,所以连想都没想就开始弄。开启内核选项,交叉编译iptables,移植运行后才发现。我靠~不支持了,需要用新的nftables。奶奶的,我老了,被时代所淘汰了。nfatbles是个啥,就是取代iptables的。好吧,那就弄吧,弄起来才知道,麻烦啊,尤其是移植到arm板子上。
主要涉及到以下几个方面:
- 交叉编译工具
- 内核netfilter配置
- 所需的组件交叉编译(flex、bsion、libmnl、libnftnl、gmp、readline)
- nftables交叉编译
- nftables基本使用
(一) 交叉编译工具: 我使用的系统是ubuntu16.04 x32, 我将交叉编译工具安装在/opt下,具体版本如下
因为我使用的是zsh,所以我将环境变量添加到了~/.zshrc下
1 export PATH=/opt/toolchain/bin:$PATH
(二)先折腾内核,开启内核netfilter选项如图,按以下步骤执行
下面开始进入netfilter的配置选项,这里可以根据具体的需求开始相应的配置,这里我为了测试nftables,将开始所有的选项
开始选项有两种方式:一种是[*] ,另一种是[M]。前者是内核运行起来以后自动包含了netfilter的模块功能。后者是以*.ko的方式存在,在需要的时候
使用insmod *.ko的方式启用,ko文件是有依赖关系的,在加载ko文件的时候需要提供modules.dep文件,如下图
modules.dep文件内容如下
好了,接下来我是按照[*]的方式加载模块的,为了验证nftables的各种功能,我开启了所有模块,下图是主要配置项,
红色方块内部的选项根据需求开启。
如上配置也可以直接修改内核源码路径下的.config文件,设置方法如下
CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_NETFILTER_ADVANCED=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CONNTRACK_LABELS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_SNMP=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NF_CT_NETLINK_TIMEOUT=y CONFIG_NF_CT_NETLINK_HELPER=y CONFIG_NETFILTER_NETLINK_QUEUE_CT=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_SIP=y CONFIG_NF_NAT_TFTP=y CONFIG_NETFILTER_SYNPROXY=y CONFIG_NF_TABLES=y CONFIG_NF_TABLES_INET=y CONFIG_NFT_EXTHDR=y CONFIG_NFT_META=y CONFIG_NFT_CT=y CONFIG_NFT_RBTREE=y CONFIG_NFT_HASH=y CONFIG_NFT_COUNTER=y CONFIG_NFT_LOG=y CONFIG_NFT_LIMIT=y # CONFIG_NFT_NAT is not set CONFIG_NFT_QUEUE=m CONFIG_NFT_REJECT=y CONFIG_NFT_REJECT_INET=y CONFIG_NFT_COMPAT=y CONFIG_NETFILTER_XTABLES=y # # Xtables combined modules # CONFIG_NETFILTER_XT_MARK=y CONFIG_NETFILTER_XT_CONNMARK=y # CONFIG_NETFILTER_XT_SET is not set # # Xtables targets # # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y # CONFIG_NETFILTER_XT_TARGET_CT is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_HMARK=y CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y CONFIG_NETFILTER_XT_TARGET_LED=y CONFIG_NETFILTER_XT_TARGET_LOG=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NETMAP=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_REDIRECT=y CONFIG_NETFILTER_XT_TARGET_TEE=y # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set # # Xtables matches # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y CONFIG_NETFILTER_XT_MATCH_BPF=y CONFIG_NETFILTER_XT_MATCH_CGROUP=y CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_CPU=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ECN=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPCOMP=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_L2TP=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_RECENT=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_SOCKET=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_IP_SET=y CONFIG_IP_SET_MAX=256 CONFIG_IP_SET_BITMAP_IP=y CONFIG_IP_SET_BITMAP_IPMAC=y CONFIG_IP_SET_BITMAP_PORT=y CONFIG_IP_SET_HASH_IP=y CONFIG_IP_SET_HASH_IPPORT=y CONFIG_IP_SET_HASH_IPPORTIP=y CONFIG_IP_SET_HASH_IPPORTNET=y CONFIG_IP_SET_HASH_NETPORTNET=y CONFIG_IP_SET_HASH_NET=y CONFIG_IP_SET_HASH_NETNET=y CONFIG_IP_SET_HASH_NETPORT=y CONFIG_IP_SET_HASH_NETIFACE=y CONFIG_IP_SET_LIST_SET=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_NF_TABLES_IPV4=y CONFIG_NFT_CHAIN_ROUTE_IPV4=y CONFIG_NFT_REJECT_IPV4=y CONFIG_NF_TABLES_ARP=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_RPFILTER=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_SYNPROXY=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT_IPV4=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y CONFIG_NF_TABLES_IPV6=y CONFIG_NFT_CHAIN_ROUTE_IPV6=y CONFIG_NFT_REJECT_IPV6=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y # CONFIG_IP6_NF_MATCH_RPFILTER is not set CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_TARGET_SYNPROXY=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_NF_NAT_IPV6=y CONFIG_IP6_NF_TARGET_MASQUERADE=y CONFIG_IP6_NF_TARGET_NPT=y CONFIG_NF_TABLES_BRIDGE=y
以上配置完毕后,netfilter就设置完毕了,重新编译内核,生成zImage,烧写到开发板上。
(三) 交叉编译必须的组件:nftables的正常运行需要以下组件,下面每个程序编译完毕后需要将安装路径里面生成的内容添加到交叉编译工具链中,这样依赖它的程序才能找到相应的头文件和库文件
- 交叉编译flex-2.5.38:需要修改conf.in文件,否则提示找不到malloc和realloc两个函数
sed -i 's/#undef malloc//g' conf.in sed -i 's/#undef realloc//g' conf.in ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=安装路径 make -j6 make install
- 交叉编译bison-3.0.4
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译gmp-6.1.1
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译libmnl-1.0.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译libnftnl-1.0.6
1 LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j6 3 make install
- 交叉编译readline-6.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --prefix=$root_release_path 2 make -j6 3 make install
(四)交叉编译nftables-0.6
LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \ LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \ LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \ LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \ ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \ --prefix=$root_release_path
交叉编译玩nftables之后,请将上面的交叉编译的组件和nftables文件移植到到开发板上,越久是$root_release_path路径的所有文件按照系统目录结构拷贝上去,
千万记得,内核是你重新编译过的内核。
下面我提供一个编译脚本,根据自己的情况可以修改,这里支持安装必要的开发包、交叉编译部分源码包
1 #!/bin/bash 2 3 # author : nanye 2016/06/28 4 # compile these source pacakge under ubunt 16.04 x32 5 # please make sure that your system is connected to internet 6 # 7 8 root_path=$PWD 9 root_tar_path=$root_path'/src' 10 root_release_path=$root_path'/release' 11 root_build_path=$root_path'/build' 12 crosstool_path=`which arm-linux-gnueabihf-g++` 13 compile_args=$1 14 15 # help information 16 if [ "$compile_args" = "-h" ] 17 then 18 echo "./compile [openssl | snmp | iptables | sqlite | pam | orderd | zhttpd 19 flex | bison | gmp | libmnl | libnftnl | readline | nftables]" 20 echo " no args for compiling all package" 21 exit 22 fi 23 24 # need to compile source module 25 module_name=( 26 [1]=openssl-1.0.2h 27 [2]=net-snmp-5.7.2 28 [3]=iptables-1.4.18 29 [4]=sqlite 30 [5]=Linux-PAM-1.3.0 31 [6]=orderd 32 [7]=zhttpd 33 [8]=flex-2.5.38 34 [9]=bison-3.0.4 35 [10]=gmp-6.1.1 36 [11]=libmnl-1.0.3 37 [12]=libnftnl-1.0.6 38 [13]=readline-6.3 39 [14]=nftables-0.6 40 ) 41 42 # install package 43 package_name=( 44 [1]=g++ 45 [2]=build-essential 46 [3]=texlive 47 [4]=gettext 48 [5]=m4 49 [6]=help2man 50 [7]=indent 51 [8]=autopoint 52 [9]=makeinfo 53 [10]=odblatex 54 [11]=docbook2x 55 [12]=flex 56 [13]=bison 57 [14]=automake 58 [15]=autoconf 59 ) 60 for var in ${package_name[@]}; 61 do 62 echo -e "\e[0;32;1m[info] : install $var\e[0m" 63 sudo apt-get install $var 64 done 65 66 67 # check crosstool exist 68 if [ "$crosstool_path" = "" ] 69 then 70 echo -e "\e[0;31;1m[erro] : have no crosstool in /opt/toolchain\e[0m" 71 exit 72 fi 73 74 # create release dirrent 75 if [ ! -d $root_release_path ] 76 then 77 echo -e "\e[0;32;1m[info] : create release success\e[0m" 78 mkdir $PWD'/release' 79 fi 80 81 # create build dirrent 82 if [ ! -d $root_build_path ] 83 then 84 echo -e "\e[0;32;1m[info] : create build success\e[0m" 85 mkdir $PWD'/build' 86 fi 87 88 # compile openssl 89 if [ "$compile_args" = "" ] || [ "$compile_args" = "openssl" ] 90 then 91 cd $root_build_path 92 echo -e "\e[0;32;1m[info] : tar xf ${module_name[1]}.tar.gz to build\e[0m" 93 tar xf $root_tar_path'/'${module_name[1]}.tar.gz 94 cd $root_build_path'/'${module_name[1]} 95 /bin/bash config shared no-asm --prefix=$root_release_path 96 sed -i 's/PLATFORM=linux-elf/PLATFORM=linux-elf-arm/g' Makefile 97 sed -i 's/CC= gcc/CC= arm-linux-gnueabihf-gcc/g' Makefile 98 sed -i 's/AR= ar/AR= arm-linux-gnueabihf-ar/g' Makefile 99 sed -i 's/RANLIB= /usr/bin/ranlib/RANLIB= arm-linux-gnueabihf-ranlib/g' Makefile 100 sed -i 's/NM= nm/NM= arm-linux-gnueabihf-nm/g' Makefile 101 sed -i 's/MAKEDEPPROG= gcc/MAKEDEPPROG= arm-linux-gnueabihf-gcc/g' Makefile 102 make -j4 103 make install 104 fi 105 106 # compile net-snmp 107 if [ "$compile_args" = "" ] || [ "$compile_args" = "snmp" ] 108 then 109 cd $root_build_path 110 echo -e "\e[0;32;1m[info] : tar xf ${module_name[2]}.tar.gz to build\e[0m" 111 tar xf $root_tar_path'/'${module_name[2]}.tar.gz 112 cd $root_build_path'/'${module_name[2]} 113 CC=arm-linux-gnueabihf-gcc ./configure --build=i686-linux \ 114 --host=arm-linux --disable-manuals --enable-mfd-rewrites \ 115 --enable-shared=no --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable' \ 116 --with-cc=arm-linux-gnueabihf-gcc --with-ar=arm-linux-gnueabihf-ar \ 117 --prefix=$root_release_path 118 make -j4 119 make install 120 fi 121 122 # compile iptables 123 if [ "$compile_args" = "" ] || [ "$compile_args" = "iptables" ] 124 then 125 cd $root_build_path 126 echo -e "\e[0;32;1m[info] : tar xf ${module_name[3]}.tar.gz to build\e[0m" 127 tar xf $root_tar_path'/'${module_name[3]}.tar.gz 128 cd $root_build_path'/'${module_name[3]} 129 ./configure --host=arm-linux-gnueabihf \ 130 --disable-static --enable-shared \ 131 --prefix=$root_release_path 132 make -j4 133 make install 134 fi 135 136 # compile sqlite 137 if [ "$compile_args" = "" ] || [ "$compile_args" = "sqlite" ] 138 then 139 cd $root_build_path 140 echo -e "\e[0;32;1m[info] : tar xf ${module_name[4]}.tar.gz to build\e[0m" 141 tar xf $root_tar_path'/'${module_name[4]}.tar.gz 142 cd $root_build_path'/'${module_name[4]} 143 ./configure --disable-tcl --host=arm-linux-gnueabihf \ 144 --prefix=$root_release_path 145 make -j4 146 make install 147 fi 148 149 # compile pam 150 if [ "$compile_args" = "" ] || [ "$compile_args" = "pam" ] 151 then 152 cd $root_build_path 153 echo -e "\e[0;32;1m[info] : tar xf ${module_name[5]}.tar.gz to build\e[0m" 154 tar xf $root_tar_path'/'${module_name[5]}.tar.gz 155 cd $root_build_path'/'${module_name[5]} 156 ./configure --host=arm-linux-gnueabihf --disable-static --enable-shared \ 157 --prefix=$root_release_path 158 make -j4 159 make install 160 fi 161 162 # compile orderd 163 if [ "$compile_args" = "" ] || [ "$compile_args" = "orderd" ] 164 then 165 cp -r $root_tar_path/${module_name[6]} $root_build_path 166 cd $root_build_path/${module_name[6]}/src 167 make 168 if [ ! -d $root_release_path/sbin ] 169 then 170 mkdir $root_release_path/sbin 171 fi 172 cp orderd $root_release_path/sbin 173 fi 174 175 # compile zhttpd 176 if [ "$compile_args" = "" ] || [ "$compile_args" = "zhttpd" ] 177 then 178 cp -r $root_tar_path/${module_name[7]} $root_build_path 179 cd $root_build_path/${module_name[7]} 180 make 181 if [ ! -d $root_release_path/sbin ] 182 then 183 mkdir $root_release_path/sbin 184 fi 185 cp zhttpd $root_release_path/sbin 186 fi 187 188 # compile flex 189 if [ "$compile_args" = "" ] || [ "$compile_args" = "flex" ] 190 then 191 cd $root_build_path 192 echo -e "\e[0;32;1m[info] : tar xf ${module_name[8]}.tar.gz to build\e[0m" 193 tar xf $root_tar_path'/'${module_name[8]}.tar.gz 194 cd $root_build_path'/'${module_name[8]} 195 sed -i 's/#undef malloc//g' conf.in 196 sed -i 's/#undef realloc//g' conf.in 197 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \ 198 --prefix=$root_release_path 199 make -j6 200 make install 201 fi 202 203 # compile bison 204 if [ "$compile_args" = "" ] || [ "$compile_args" = "bison" ] 205 then 206 cd $root_build_path 207 echo -e "\e[0;32;1m[info] : tar xf ${module_name[9]}.tar.gz to build\e[0m" 208 tar xf $root_tar_path'/'${module_name[9]}.tar.gz 209 cd $root_build_path'/'${module_name[9]} 210 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \ 211 --prefix=$root_release_path 212 make -j6 213 make install 214 cp $root_build_path/${module_name[9]}/lib/libbison.a $root_release_path/lib 215 fi 216 217 # compile gmp 218 if [ "$compile_args" = "" ] || [ "$compile_args" = "gmp" ] 219 then 220 cd $root_build_path 221 echo -e "\e[0;32;1m[info] : tar xf ${module_name[10]}.tar.gz to build\e[0m" 222 tar xf $root_tar_path'/'${module_name[10]}.tar.gz 223 cd $root_build_path'/'${module_name[10]} 224 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \ 225 --prefix=$root_release_path 226 make -j6 227 make install 228 fi 229 230 # compile libmnl 231 if [ "$compile_args" = "" ] || [ "$compile_args" = "libmnl" ] 232 then 233 cd $root_build_path 234 echo -e "\e[0;32;1m[info] : tar xf ${module_name[11]}.tar.gz to build\e[0m" 235 tar xf $root_tar_path'/'${module_name[11]}.tar.bz2 236 cd $root_build_path'/'${module_name[11]} 237 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \ 238 --prefix=$root_release_path 239 make -j6 240 make install 241 fi 242 243 244 # compile libnftnl 245 if [ "$compile_args" = "" ] || [ "$compile_args" = "libnftnl" ] 246 then 247 cd $root_build_path 248 echo -e "\e[0;32;1m[info] : tar xf ${module_name[12]}.tar.gz to build\e[0m" 249 tar xf $root_tar_path'/'${module_name[12]}.tar.bz2 250 cd $root_build_path'/'${module_name[12]} 251 export LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" 252 export LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" 253 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \ 254 --prefix=$root_release_path 255 make -j6 256 make install 257 fi 258 259 # compile readline 260 if [ "$compile_args" = "" ] || [ "$compile_args" = "readline" ] 261 then 262 cd $root_build_path 263 echo -e "\e[0;32;1m[info] : tar xf ${module_name[13]}.tar.gz to build\e[0m" 264 tar xf $root_tar_path'/'${module_name[13]}.tar.gz 265 cd $root_build_path'/'${module_name[13]} 266 sed -i '6324s/yes/no/g' configure 267 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc \ 268 --prefix=$root_release_path 269 make -j6 270 make install 271 fi 272 273 274 # compile nftables 275 if [ "$compile_args" = "" ] || [ "$compile_args" = "nftables" ] 276 then 277 cd $root_build_path 278 echo -e "\e[0;32;1m[info] : tar xf ${module_name[14]}.tar.gz to build\e[0m" 279 tar xf $root_tar_path'/'${module_name[14]}.tar.bz2 280 cd $root_build_path'/'${module_name[14]} 281 LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \ 282 LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \ 283 LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \ 284 LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \ 285 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \ 286 --prefix=$root_release_path 287 make -j6 288 make install 289 fi 290 291 292 # strip bin file and delete unuseful files 293 arm-linux-gnueabihf-strip $root_release_path/bin/* 294 arm-linux-gnueabihf-strip $root_release_path/sbin/* 295 arm-linux-gnueabihf-strip $root_release_path/lib/*.a 296 arm-linux-gnueabihf-strip $root_release_path/lib/*.so.* 297 rm -rf $root_release_path/share/man 298 rm -rf $root_release_path/ssl/man