add support for USB Ethernet and nftables

.github/workflows/build.yml

@@ -20,7 +20,7 @@ jobs:
         run: |
           sudo apt-get update &&
           sudo apt-get install -y --no-install-recommends \
-            build-essential \
+            build-essential autoconf \
             device-tree-compiler \
             gperf g++-multilib gcc-multilib \
             libnl-3-dev libdbus-1-dev libelf-dev libmpc-dev dwarves

README.md

@@ -19,7 +19,7 @@ An official build system for JetKVM firmware, enabling you to compile and custom
 ```bash
 sudo apt-get update &&
 sudo apt-get install -y --no-install-recommends \
-  build-essential \
+  build-essential autoconf autotools-dev \
   device-tree-compiler \
   gperf g++-multilib gcc-multilib \
   libnl-3-dev libdbus-1-dev libelf-dev libmpc-dev dwarves \

project/cfg/BoardConfig_IPC/BoardConfig-EMMC-NONE-RV1106_JETKVM_V2.mk

@@ -94,3 +94,4 @@ export RK_ENABLE_ROCKCHIP_TEST=n
 
 export RK_ENABLE_SAMPLE=n
 
+export RK_ENABLE_NFTABLES=y

sysdrv/.gitignore

@@ -20,6 +20,8 @@ tools/board/sysstat/sysstat-*/
 tools/board/toolkits/openssl/openssl-*/
 tools/board/toolkits/zlib/zlib-*/
 tools/board/valgrind/valgrind-*/
+tools/board/nftables/lib*/
+tools/board/nftables/nftables*/
 tools/pc/toolkits/resource_tool
 util-linux-*/
 source/busybox/objs_config_normal/

sysdrv/Makefile.param

@@ -313,3 +313,7 @@ $(eval $(call MACRO_CHECK_ENABLE_PKG, RK_ENABLE_FIO))
 # Enable build EXFATPROGS
 CONFIG_SYSDRV_ENABLE_EXFATPROGS=n
 $(eval $(call MACRO_CHECK_ENABLE_PKG, RK_ENABLE_EXFATPROGS))
+
+# Enable build nftables
+CONFIG_SYSDRV_ENABLE_NFTABLES=n
+$(eval $(call MACRO_CHECK_ENABLE_PKG, RK_ENABLE_NFTABLES))

sysdrv/source/kernel/arch/arm/configs/rv1106-jetkvm-v2_defconfig

@@ -53,12 +53,18 @@ CONFIG_PACKET=y
 CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_IP_MULTICAST=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_IP_FIB_TRIE_STATS=y
+CONFIG_IP_MULTIPLE_TABLES=y
+CONFIG_IP_ROUTE_MULTIPATH=y
+CONFIG_IP_ROUTE_VERBOSE=y
 CONFIG_NET_IPIP=y
 CONFIG_NET_IPGRE_DEMUX=m
 CONFIG_NET_IPGRE=m
 CONFIG_NET_IPGRE_BROADCAST=y
 CONFIG_NET_FOU_IP_TUNNELS=y
 CONFIG_INET_DIAG=m
+CONFIG_INET_UDP_DIAG=m
 CONFIG_TCP_CONG_ADVANCED=y
 CONFIG_TCP_CONG_LP=m
 CONFIG_TCP_CONG_BBR=m
@@ -69,6 +75,157 @@ CONFIG_IPV6_VTI=m
 CONFIG_IPV6_MULTIPLE_TABLES=y
 CONFIG_IPV6_MROUTE=y
 CONFIG_MPTCP=y
+CONFIG_NETFILTER=y
+CONFIG_NETFILTER_NETLINK_OSF=m
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_NETDEV=m
+CONFIG_NF_CONNTRACK_TIMEOUT=y
+CONFIG_NF_CONNTRACK_TIMESTAMP=y
+CONFIG_NF_CT_NETLINK=m
+CONFIG_NF_CT_NETLINK_TIMEOUT=m
+CONFIG_NF_CT_NETLINK_HELPER=m
+CONFIG_NETFILTER_NETLINK_GLUE_CT=y
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NFT_NUMGEN=m
+CONFIG_NFT_CT=y
+CONFIG_NFT_FLOW_OFFLOAD=m
+CONFIG_NFT_COUNTER=m
+CONFIG_NFT_CONNLIMIT=m
+CONFIG_NFT_LOG=m
+CONFIG_NFT_LIMIT=m
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REDIR=m
+CONFIG_NFT_NAT=y
+CONFIG_NFT_TUNNEL=m
+CONFIG_NFT_OBJREF=m
+CONFIG_NFT_QUEUE=m
+CONFIG_NFT_QUOTA=m
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_COMPAT=m
+CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB_INET=m
+CONFIG_NFT_XFRM=m
+CONFIG_NFT_SOCKET=m
+CONFIG_NFT_TPROXY=m
+CONFIG_NFT_SYNPROXY=m
+CONFIG_NFT_DUP_NETDEV=m
+CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
+CONFIG_NF_FLOW_TABLE_INET=m
+CONFIG_NF_FLOW_TABLE=y
+CONFIG_NETFILTER_XT_SET=m
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
+CONFIG_NETFILTER_XT_TARGET_DSCP=m
+CONFIG_NETFILTER_XT_TARGET_HMARK=m
+CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
+CONFIG_NETFILTER_XT_TARGET_LED=m
+CONFIG_NETFILTER_XT_TARGET_LOG=m
+CONFIG_NETFILTER_XT_TARGET_MARK=m
+CONFIG_NETFILTER_XT_TARGET_NFLOG=m
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
+CONFIG_NETFILTER_XT_TARGET_RATEEST=m
+CONFIG_NETFILTER_XT_TARGET_TEE=m
+CONFIG_NETFILTER_XT_TARGET_TPROXY=m
+CONFIG_NETFILTER_XT_TARGET_TRACE=m
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
+CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NETFILTER_XT_MATCH_CGROUP=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
+CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+CONFIG_NETFILTER_XT_MATCH_CPU=m
+CONFIG_NETFILTER_XT_MATCH_DCCP=m
+CONFIG_NETFILTER_XT_MATCH_DSCP=m
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=m
+CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
+CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_NFACCT=m
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
+CONFIG_NETFILTER_XT_MATCH_SOCKET=m
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
+CONFIG_NETFILTER_XT_MATCH_STRING=m
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+CONFIG_NETFILTER_XT_MATCH_TIME=m
+CONFIG_NETFILTER_XT_MATCH_U32=m
+CONFIG_IP_SET=m
+CONFIG_IP_SET_BITMAP_IP=m
+CONFIG_IP_SET_BITMAP_IPMAC=m
+CONFIG_IP_SET_BITMAP_PORT=m
+CONFIG_IP_SET_HASH_IP=m
+CONFIG_IP_SET_HASH_IPMARK=m
+CONFIG_IP_SET_HASH_IPPORT=m
+CONFIG_IP_SET_HASH_IPPORTIP=m
+CONFIG_IP_SET_HASH_IPPORTNET=m
+CONFIG_IP_SET_HASH_IPMAC=m
+CONFIG_IP_SET_HASH_MAC=m
+CONFIG_IP_SET_HASH_NETPORTNET=m
+CONFIG_IP_SET_HASH_NET=m
+CONFIG_IP_SET_HASH_NETNET=m
+CONFIG_IP_SET_HASH_NETPORT=m
+CONFIG_IP_SET_HASH_NETIFACE=m
+CONFIG_IP_SET_LIST_SET=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=y
+CONFIG_NF_FLOW_TABLE_IPV4=m
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=m
+CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_TTL=m
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_IP_NF_TARGET_SYNPROXY=m
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_CLUSTERIP=m
+CONFIG_IP_NF_TARGET_ECN=m
+CONFIG_IP_NF_TARGET_TTL=m
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=m
+CONFIG_IP_NF_ARPFILTER=m
+CONFIG_IP_NF_ARP_MANGLE=m
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
+CONFIG_NF_FLOW_TABLE_IPV6=m
+CONFIG_IP6_NF_IPTABLES=m
+CONFIG_IP6_NF_MATCH_AH=m
+CONFIG_IP6_NF_MATCH_EUI64=m
+CONFIG_IP6_NF_MATCH_FRAG=m
+CONFIG_IP6_NF_MATCH_OPTS=m
+CONFIG_IP6_NF_MATCH_HL=m
+CONFIG_IP6_NF_MATCH_IPV6HEADER=m
+CONFIG_IP6_NF_MATCH_MH=m
+CONFIG_IP6_NF_MATCH_RT=m
+CONFIG_IP6_NF_MATCH_SRH=m
+CONFIG_IP6_NF_TARGET_HL=m
+CONFIG_IP6_NF_FILTER=m
+CONFIG_IP6_NF_TARGET_REJECT=m
+CONFIG_IP6_NF_TARGET_SYNPROXY=m
+CONFIG_IP6_NF_MANGLE=m
+CONFIG_IP6_NF_RAW=m
+CONFIG_IP6_NF_NAT=m
+CONFIG_IP6_NF_TARGET_MASQUERADE=m
+CONFIG_IP6_NF_TARGET_NPT=m
+CONFIG_NF_CONNTRACK_BRIDGE=m
 CONFIG_NETLINK_DIAG=m
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
@@ -259,13 +416,19 @@ CONFIG_USB_CONFIGFS=y
 CONFIG_USB_CONFIGFS_UEVENT=y
 CONFIG_USB_CONFIGFS_SERIAL=y
 CONFIG_USB_CONFIGFS_ACM=y
+CONFIG_USB_CONFIGFS_OBEX=y
+CONFIG_USB_CONFIGFS_NCM=y
+CONFIG_USB_CONFIGFS_ECM=y
+CONFIG_USB_CONFIGFS_ECM_SUBSET=y
 CONFIG_USB_CONFIGFS_RNDIS=y
+CONFIG_USB_CONFIGFS_EEM=y
 CONFIG_USB_CONFIGFS_MASS_STORAGE=y
 CONFIG_USB_CONFIGFS_F_FS=y
 CONFIG_USB_CONFIGFS_F_UAC1=y
 CONFIG_USB_CONFIGFS_F_UAC2=y
 CONFIG_USB_CONFIGFS_F_HID=y
 CONFIG_USB_CONFIGFS_F_UVC=y
+CONFIG_USB_CONFIGFS_F_PRINTER=y
 CONFIG_MMC=y
 # CONFIG_PWRSEQ_EMMC is not set
 CONFIG_MMC_BLOCK_MINORS=32
@@ -364,4 +527,4 @@ CONFIG_DEBUG_FS=y
 # CONFIG_DEBUG_MISC is not set
 # CONFIG_SCHED_DEBUG is not set
 # CONFIG_FTRACE is not set
-# CONFIG_RUNTIME_TESTING_MENU is not set
+# CONFIG_RUNTIME_TESTING_MENU is not set

sysdrv/tools/board/Makefile.tools.board.mk

@@ -13,6 +13,7 @@ tools_board-builds: \
 		board-build-i2c_tools \
 		board-build-dosfstools \
 		board-build-exfatprogs \
+		board-build-nftables \
 		board-build-mtd_utils \
 		board-build-dropbear
 	@echo "build tools board done"
@@ -34,6 +35,7 @@ tools_board-clean:
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/i2c-tools distclean
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/dosfstools distclean
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/exfatprogs distclean
+	$(MAKE) -C $(SYSDRV_DIR)/tools/board/nftables distclean
 
 board-build-toolkits:
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/toolkits
@@ -110,5 +112,11 @@ ifeq ($(ENABLE_EXFATPROGS),y)
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/exfatprogs;
 endif
 
+
+board-build-nftables:
+ifeq ($(ENABLE_NFTABLES),y)
+	$(MAKE) -C $(SYSDRV_DIR)/tools/board/nftables;
+endif
+
 board-build-dropbear:
 	$(MAKE) -C $(SYSDRV_DIR)/tools/board/dropbear;

sysdrv/tools/board/nftables/Makefile

@@ -0,0 +1,92 @@
+
+ifeq ($(SYSDRV_PARAM), )
+    SYSDRV_PARAM:=../../../Makefile.param
+    include $(SYSDRV_PARAM)
+endif
+
+export LC_ALL=C
+SHELL:=/bin/bash
+
+CURRENT_DIR := $(shell pwd)
+PKG_TARBALL := nftables-1.1.1.tar.xz
+PKG_NAME := nftables-1.1.1
+PKG_BIN := out
+
+DEPS_OUTPUT_DIR := $(CURRENT_DIR)/out
+
+LIBMNL_TARBALL := libmnl-1.0.5.tar.bz2
+LIBMNL_NAME := libmnl-1.0.5
+
+LIBNFTNL_TARBALL := libnftnl-1.2.8.tar.xz
+LIBNFTNL_NAME := libnftnl-1.2.8
+
+NFT_CROSS_CFLAGS := $(SYSDRV_CROSS_CFLAGS)
+NFT_CROSS_CFLAGS += -I$(DEPS_OUTPUT_DIR)/include
+NFT_CROSS_CFLAGS += -I$(DEPS_OUTPUT_DIR)/include/libmnl
+NFT_CROSS_CFLAGS += -I$(DEPS_OUTPUT_DIR)/include/libnftl
+
+# this isn't a typo
+NFT_CROSS_LDFLAGS := $(SYSDRV_CROSS_CFLAGS)
+NFT_CROSS_LDFLAGS += -Wl,-rpath-link=$(DEPS_OUTPUT_DIR)/lib
+
+LIBMNL_CFLAGS := -I$(DEPS_OUTPUT_DIR)/include/libmnl
+LIBMNL_LIBS := -L$(DEPS_OUTPUT_DIR)/lib -lmnl -Wl,-rpath-link=$(DEPS_OUTPUT_DIR)/lib
+
+LIBNFTNL_CFLAGS := -I$(DEPS_OUTPUT_DIR)/include/libnftnl
+LIBNFTNL_LIBS := -L$(DEPS_OUTPUT_DIR)/lib -lnftnl -Wl,-rpath-link=$(DEPS_OUTPUT_DIR)/lib
+
+all: libmnl nftables
+	$(call MAROC_COPY_PKG_TO_SYSDRV_OUTPUT, $(SYSDRV_DIR_OUT_ROOTFS), $(PKG_BIN))
+
+nftables: libmnl libnftnl
+	test -f $(PKG_BIN)/usr/sbin/nft || (\
+	rm -rf $(CURRENT_DIR)/$(PKG_NAME); \
+	tar -xf $(PKG_TARBALL); \
+	mkdir -p $(CURRENT_DIR)/$(PKG_NAME)/$(PKG_BIN); \
+	mkdir -p $(CURRENT_DIR)/$(PKG_BIN)/usr/; \
+	pushd $(CURRENT_DIR)/$(PKG_NAME)/; \
+		LIBNFTNL_CFLAGS="$(LIBNFTNL_CFLAGS)" LIBNFTNL_LIBS="$(LIBNFTNL_LIBS)" \
+		LIBMNL_CFLAGS="$(LIBMNL_CFLAGS)" LIBMNL_LIBS="$(LIBMNL_LIBS)" \
+		./configure --host=$(SYSDRV_CROSS) --target=$(SYSDRV_CROSS) CFLAGS="$(NFT_CROSS_CFLAGS)" \
+			LDFLAGS="$(NFT_CROSS_LDFLAGS)" --prefix=$(CURRENT_DIR)/$(PKG_BIN) \
+			--with-mini-gmp --without-cli --disable-debug --disable-man-doc; \
+		make -j$(SYSDRV_JOBS) || exit -1; \
+		make install; \
+		mv $(CURRENT_DIR)/$(PKG_BIN)/sbin $(CURRENT_DIR)/$(PKG_BIN)/usr ; \
+		mkdir -p $(CURRENT_DIR)/$(PKG_BIN)/usr/lib; \
+		cp $(DEPS_OUTPUT_DIR)/lib/*.so* $(CURRENT_DIR)/$(PKG_BIN)/usr/lib; \
+	popd; )
+
+libnftnl: libmnl
+	@test -f $(DEPS_OUTPUT_DIR)/lib/libnftnl.so || (\
+	rm -rf $(CURRENT_DIR)/$(LIBNFTNL_NAME); \
+	tar -xf $(LIBNFTNL_TARBALL); \
+	mkdir -p $(DEPS_OUTPUT_DIR); \
+	pushd $(CURRENT_DIR)/$(LIBNFTNL_NAME); \
+		echo "CFLAGS=$(SYSDRV_CROSS_CFLAGS)"; \
+		./configure --host=$(SYSDRV_CROSS) --target=$(SYSDRV_CROSS) CFLAGS="$(SYSDRV_CROSS_CFLAGS)" \
+			LDFLAGS="$(SYSDRV_CROSS_CFLAGS)" --prefix=$(DEPS_OUTPUT_DIR) > /dev/null; \
+		make -j$(SYSDRV_JOBS) || (exit -1 && echo "Error building libnftnl"); \
+		make install; \
+		echo "Finished building libnftnl"; \
+	popd; )
+
+libmnl:
+	@test -f $(DEPS_OUTPUT_DIR)/lib/libmnl.so | (\
+	rm -rf $(CURRENT_DIR)/$(LIBMNL_NAME); \
+	tar -xf $(LIBMNL_TARBALL); \
+	mkdir -p $(DEPS_OUTPUT_DIR); \
+	pushd $(CURRENT_DIR)/$(LIBMNL_NAME); \
+		echo "CFLAGS=$(SYSDRV_CROSS_CFLAGS)"; \
+		./configure --host=$(SYSDRV_CROSS) --target=$(SYSDRV_CROSS) CFLAGS="$(SYSDRV_CROSS_CFLAGS)" \
+			LDFLAGS="$(SYSDRV_CROSS_CFLAGS)" --prefix=$(DEPS_OUTPUT_DIR) > /dev/null; \
+		make -j$(SYSDRV_JOBS) || (exit -1 && echo "Error building libmnl"); \
+		make install; \
+		echo "Finished building libmnl"; \
+	popd; )
+
+clean: distclean
+
+distclean:
+	-rm -rf $(PKG_NAME) $(PKG_BIN)
+