你的位置:首页 > 操作系统

[操作系统]折腾nftables的那点事儿 (一)


  最近因为一个项目,要折腾一下linux下的iptables。好久没有用这个东西了,感觉也不会有啥问题,所以连想都没想就开始弄。开启内核选项,交叉编译iptables,移植运行后才发现。我靠~不支持了,需要用新的nftables。奶奶的,我老了,被时代所淘汰了。nfatbles是个啥,就是取代iptables的。好吧,那就弄吧,弄起来才知道,麻烦啊,尤其是移植到arm板子上。

主要涉及到以下几个方面:

  • 交叉编译工具
  • 内核netfilter配置
  • 所需的组件交叉编译(flex、bsion、libmnl、libnftnl、gmp、readline)
  • nftables交叉编译
  • nftables基本使用

(一) 交叉编译工具: 我使用的系统是ubuntu16.04 x32, 我将交叉编译工具安装在/opt下,具体版本如下

因为我使用的是zsh,所以我将环境变量添加到了~/.zshrc下

1 export PATH=/opt/toolchain/bin:$PATH

 

(二)先折腾内核,开启内核netfilter选项如图,按以下步骤执行

下面开始进入netfilter的配置选项,这里可以根据具体的需求开始相应的配置,这里我为了测试nftables,将开始所有的选项

开始选项有两种方式:一种是[*] ,另一种是[M]。前者是内核运行起来以后自动包含了netfilter的模块功能。后者是以*.ko的方式存在,在需要的时候

使用insmod *.ko的方式启用,ko文件是有依赖关系的,在加载ko文件的时候需要提供modules.dep文件,如下图

 modules.dep文件内容如下

好了,接下来我是按照[*]的方式加载模块的,为了验证nftables的各种功能,我开启了所有模块,下图是主要配置项,

红色方块内部的选项根据需求开启。

 

如上配置也可以直接修改内核源码路径下的.config文件,设置方法如下

CONFIG_NETFILTER=yCONFIG_NETFILTER_DEBUG=yCONFIG_NETFILTER_ADVANCED=y## Core Netfilter Configuration#CONFIG_NETFILTER_NETLINK=yCONFIG_NETFILTER_NETLINK_ACCT=yCONFIG_NETFILTER_NETLINK_QUEUE=yCONFIG_NETFILTER_NETLINK_LOG=yCONFIG_NF_CONNTRACK=yCONFIG_NF_CONNTRACK_MARK=yCONFIG_NF_CONNTRACK_PROCFS=yCONFIG_NF_CONNTRACK_EVENTS=yCONFIG_NF_CONNTRACK_TIMEOUT=yCONFIG_NF_CONNTRACK_TIMESTAMP=yCONFIG_NF_CONNTRACK_LABELS=yCONFIG_NF_CT_PROTO_DCCP=yCONFIG_NF_CT_PROTO_GRE=yCONFIG_NF_CT_PROTO_SCTP=yCONFIG_NF_CT_PROTO_UDPLITE=yCONFIG_NF_CONNTRACK_AMANDA=yCONFIG_NF_CONNTRACK_FTP=yCONFIG_NF_CONNTRACK_H323=yCONFIG_NF_CONNTRACK_IRC=yCONFIG_NF_CONNTRACK_BROADCAST=yCONFIG_NF_CONNTRACK_NETBIOS_NS=yCONFIG_NF_CONNTRACK_SNMP=yCONFIG_NF_CONNTRACK_PPTP=yCONFIG_NF_CONNTRACK_SANE=yCONFIG_NF_CONNTRACK_SIP=yCONFIG_NF_CONNTRACK_TFTP=yCONFIG_NF_CT_NETLINK=yCONFIG_NF_CT_NETLINK_TIMEOUT=yCONFIG_NF_CT_NETLINK_HELPER=yCONFIG_NETFILTER_NETLINK_QUEUE_CT=yCONFIG_NF_NAT=yCONFIG_NF_NAT_NEEDED=yCONFIG_NF_NAT_PROTO_DCCP=yCONFIG_NF_NAT_PROTO_UDPLITE=yCONFIG_NF_NAT_PROTO_SCTP=yCONFIG_NF_NAT_AMANDA=yCONFIG_NF_NAT_FTP=yCONFIG_NF_NAT_IRC=yCONFIG_NF_NAT_SIP=yCONFIG_NF_NAT_TFTP=yCONFIG_NETFILTER_SYNPROXY=yCONFIG_NF_TABLES=yCONFIG_NF_TABLES_INET=yCONFIG_NFT_EXTHDR=yCONFIG_NFT_META=yCONFIG_NFT_CT=yCONFIG_NFT_RBTREE=yCONFIG_NFT_HASH=yCONFIG_NFT_COUNTER=yCONFIG_NFT_LOG=yCONFIG_NFT_LIMIT=y# CONFIG_NFT_NAT is not setCONFIG_NFT_QUEUE=mCONFIG_NFT_REJECT=yCONFIG_NFT_REJECT_INET=yCONFIG_NFT_COMPAT=yCONFIG_NETFILTER_XTABLES=y## Xtables combined modules#CONFIG_NETFILTER_XT_MARK=yCONFIG_NETFILTER_XT_CONNMARK=y# CONFIG_NETFILTER_XT_SET is not set## Xtables targets## CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not setCONFIG_NETFILTER_XT_TARGET_CLASSIFY=yCONFIG_NETFILTER_XT_TARGET_CONNMARK=y# CONFIG_NETFILTER_XT_TARGET_CT is not set# CONFIG_NETFILTER_XT_TARGET_DSCP is not setCONFIG_NETFILTER_XT_TARGET_HL=yCONFIG_NETFILTER_XT_TARGET_HMARK=yCONFIG_NETFILTER_XT_TARGET_IDLETIMER=yCONFIG_NETFILTER_XT_TARGET_LED=yCONFIG_NETFILTER_XT_TARGET_LOG=yCONFIG_NETFILTER_XT_TARGET_MARK=yCONFIG_NETFILTER_XT_TARGET_NETMAP=yCONFIG_NETFILTER_XT_TARGET_NFLOG=yCONFIG_NETFILTER_XT_TARGET_NFQUEUE=y# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not setCONFIG_NETFILTER_XT_TARGET_RATEEST=yCONFIG_NETFILTER_XT_TARGET_REDIRECT=yCONFIG_NETFILTER_XT_TARGET_TEE=y# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set# CONFIG_NETFILTER_XT_TARGET_TRACE is not setCONFIG_NETFILTER_XT_TARGET_TCPMSS=y# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set## Xtables matches#CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=yCONFIG_NETFILTER_XT_MATCH_BPF=yCONFIG_NETFILTER_XT_MATCH_CGROUP=yCONFIG_NETFILTER_XT_MATCH_CLUSTER=yCONFIG_NETFILTER_XT_MATCH_COMMENT=yCONFIG_NETFILTER_XT_MATCH_CONNBYTES=yCONFIG_NETFILTER_XT_MATCH_CONNLABEL=yCONFIG_NETFILTER_XT_MATCH_CONNLIMIT=yCONFIG_NETFILTER_XT_MATCH_CONNMARK=yCONFIG_NETFILTER_XT_MATCH_CONNTRACK=yCONFIG_NETFILTER_XT_MATCH_CPU=yCONFIG_NETFILTER_XT_MATCH_DCCP=yCONFIG_NETFILTER_XT_MATCH_DEVGROUP=yCONFIG_NETFILTER_XT_MATCH_DSCP=yCONFIG_NETFILTER_XT_MATCH_ECN=yCONFIG_NETFILTER_XT_MATCH_ESP=yCONFIG_NETFILTER_XT_MATCH_HASHLIMIT=yCONFIG_NETFILTER_XT_MATCH_HELPER=yCONFIG_NETFILTER_XT_MATCH_HL=yCONFIG_NETFILTER_XT_MATCH_IPCOMP=yCONFIG_NETFILTER_XT_MATCH_IPRANGE=yCONFIG_NETFILTER_XT_MATCH_L2TP=yCONFIG_NETFILTER_XT_MATCH_LENGTH=yCONFIG_NETFILTER_XT_MATCH_LIMIT=yCONFIG_NETFILTER_XT_MATCH_MAC=yCONFIG_NETFILTER_XT_MATCH_MARK=yCONFIG_NETFILTER_XT_MATCH_MULTIPORT=yCONFIG_NETFILTER_XT_MATCH_NFACCT=yCONFIG_NETFILTER_XT_MATCH_OSF=yCONFIG_NETFILTER_XT_MATCH_OWNER=yCONFIG_NETFILTER_XT_MATCH_POLICY=yCONFIG_NETFILTER_XT_MATCH_PKTTYPE=yCONFIG_NETFILTER_XT_MATCH_QUOTA=yCONFIG_NETFILTER_XT_MATCH_RATEEST=yCONFIG_NETFILTER_XT_MATCH_REALM=yCONFIG_NETFILTER_XT_MATCH_RECENT=yCONFIG_NETFILTER_XT_MATCH_SCTP=yCONFIG_NETFILTER_XT_MATCH_SOCKET=yCONFIG_NETFILTER_XT_MATCH_STATE=yCONFIG_NETFILTER_XT_MATCH_STATISTIC=yCONFIG_NETFILTER_XT_MATCH_STRING=yCONFIG_NETFILTER_XT_MATCH_TCPMSS=yCONFIG_NETFILTER_XT_MATCH_TIME=yCONFIG_NETFILTER_XT_MATCH_U32=yCONFIG_IP_SET=yCONFIG_IP_SET_MAX=256CONFIG_IP_SET_BITMAP_IP=yCONFIG_IP_SET_BITMAP_IPMAC=yCONFIG_IP_SET_BITMAP_PORT=yCONFIG_IP_SET_HASH_IP=yCONFIG_IP_SET_HASH_IPPORT=yCONFIG_IP_SET_HASH_IPPORTIP=yCONFIG_IP_SET_HASH_IPPORTNET=yCONFIG_IP_SET_HASH_NETPORTNET=yCONFIG_IP_SET_HASH_NET=yCONFIG_IP_SET_HASH_NETNET=yCONFIG_IP_SET_HASH_NETPORT=yCONFIG_IP_SET_HASH_NETIFACE=yCONFIG_IP_SET_LIST_SET=y# CONFIG_IP_VS is not set## IP: Netfilter Configuration#CONFIG_NF_DEFRAG_IPV4=yCONFIG_NF_CONNTRACK_IPV4=yCONFIG_NF_CONNTRACK_PROC_COMPAT=yCONFIG_NF_TABLES_IPV4=yCONFIG_NFT_CHAIN_ROUTE_IPV4=yCONFIG_NFT_REJECT_IPV4=yCONFIG_NF_TABLES_ARP=yCONFIG_IP_NF_IPTABLES=yCONFIG_IP_NF_MATCH_AH=yCONFIG_IP_NF_MATCH_ECN=yCONFIG_IP_NF_MATCH_RPFILTER=yCONFIG_IP_NF_MATCH_TTL=yCONFIG_IP_NF_FILTER=yCONFIG_IP_NF_TARGET_REJECT=yCONFIG_IP_NF_TARGET_SYNPROXY=yCONFIG_IP_NF_TARGET_ULOG=yCONFIG_NF_NAT_IPV4=yCONFIG_IP_NF_TARGET_MASQUERADE=yCONFIG_IP_NF_TARGET_NETMAP=yCONFIG_IP_NF_TARGET_REDIRECT=yCONFIG_NF_NAT_SNMP_BASIC=yCONFIG_NF_NAT_PROTO_GRE=yCONFIG_NF_NAT_PPTP=yCONFIG_NF_NAT_H323=yCONFIG_IP_NF_MANGLE=yCONFIG_IP_NF_TARGET_CLUSTERIP=yCONFIG_IP_NF_TARGET_ECN=yCONFIG_IP_NF_TARGET_TTL=yCONFIG_IP_NF_RAW=yCONFIG_IP_NF_ARPTABLES=yCONFIG_IP_NF_ARPFILTER=yCONFIG_IP_NF_ARP_MANGLE=y## IPv6: Netfilter Configuration#CONFIG_NF_DEFRAG_IPV6=yCONFIG_NF_CONNTRACK_IPV6=yCONFIG_NF_TABLES_IPV6=yCONFIG_NFT_CHAIN_ROUTE_IPV6=yCONFIG_NFT_REJECT_IPV6=yCONFIG_IP6_NF_IPTABLES=yCONFIG_IP6_NF_MATCH_AH=yCONFIG_IP6_NF_MATCH_EUI64=yCONFIG_IP6_NF_MATCH_FRAG=yCONFIG_IP6_NF_MATCH_OPTS=yCONFIG_IP6_NF_MATCH_HL=yCONFIG_IP6_NF_MATCH_IPV6HEADER=yCONFIG_IP6_NF_MATCH_MH=y# CONFIG_IP6_NF_MATCH_RPFILTER is not setCONFIG_IP6_NF_MATCH_RT=yCONFIG_IP6_NF_TARGET_HL=yCONFIG_IP6_NF_FILTER=yCONFIG_IP6_NF_TARGET_REJECT=yCONFIG_IP6_NF_TARGET_SYNPROXY=yCONFIG_IP6_NF_MANGLE=yCONFIG_IP6_NF_RAW=yCONFIG_NF_NAT_IPV6=yCONFIG_IP6_NF_TARGET_MASQUERADE=yCONFIG_IP6_NF_TARGET_NPT=yCONFIG_NF_TABLES_BRIDGE=y

以上配置完毕后,netfilter就设置完毕了,重新编译内核,生成zImage,烧写到开发板上。 

 

(三) 交叉编译必须的组件:nftables的正常运行需要以下组件,下面每个程序编译完毕后需要将安装路径里面生成的内容添加到交叉编译工具链中,这样依赖它的程序才能找到相应的头文件和库文件

  • 交叉编译flex-2.5.38:需要修改conf.in文件,否则提示找不到malloc和realloc两个函数
sed -i 's/#undef malloc//g' conf.insed -i 's/#undef realloc//g' conf.in./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=安装路径make -j6make install

  • 交叉编译bison-3.0.4
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path2 make -j63 make install

  • 交叉编译gmp-6.1.1
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path2 make -j63 make install

  • 交叉编译libmnl-1.0.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path2 make -j63 make install

  • 交叉编译libnftnl-1.0.6
1 LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld --prefix=$root_release_path 2 make -j63 make install

  • 交叉编译readline-6.3
1 ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc     --prefix=$root_release_path2 make -j63 make install

 

(四)交叉编译nftables-0.6

  LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \    LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \    LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \    LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \    ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \    --prefix=$root_release_path

交叉编译玩nftables之后,请将上面的交叉编译的组件和nftables文件移植到到开发板上,越久是$root_release_path路径的所有文件按照系统目录结构拷贝上去,

千万记得,内核是你重新编译过的内核。

下面我提供一个编译脚本,根据自己的情况可以修改,这里支持安装必要的开发包、交叉编译部分源码包

 1 #!/bin/bash 2  3 # author : nanye  2016/06/28 4 # compile these source pacakge under ubunt 16.04 x32 5 # please make sure that your system is connected to internet 6 # 7  8 root_path=$PWD 9 root_tar_path=$root_path'/src' 10 root_release_path=$root_path'/release' 11 root_build_path=$root_path'/build' 12 crosstool_path=`which arm-linux-gnueabihf-g++` 13 compile_args=$1 14  15 # help information 16 if [ "$compile_args" = "-h" ] 17 then 18   echo "./compile [openssl | snmp | iptables | sqlite | pam | orderd | zhttpd 19           flex | bison | gmp | libmnl | libnftnl | readline | nftables]" 20   echo "     no args for compiling all package" 21   exit 22 fi 23  24 # need to compile source module 25 module_name=( 26 [1]=openssl-1.0.2h 27 [2]=net-snmp-5.7.2 28 [3]=iptables-1.4.18 29 [4]=sqlite 30 [5]=Linux-PAM-1.3.0 31 [6]=orderd 32 [7]=zhttpd 33 [8]=flex-2.5.38 34 [9]=bison-3.0.4 35 [10]=gmp-6.1.1 36 [11]=libmnl-1.0.3 37 [12]=libnftnl-1.0.6 38 [13]=readline-6.3 39 [14]=nftables-0.6 40 ) 41  42 # install package 43 package_name=( 44 [1]=g++ 45 [2]=build-essential 46 [3]=texlive 47 [4]=gettext 48 [5]=m4 49 [6]=help2man 50 [7]=indent 51 [8]=autopoint 52 [9]=makeinfo 53 [10]=odblatex 54 [11]=docbook2x 55 [12]=flex 56 [13]=bison 57 [14]=automake 58 [15]=autoconf 59 ) 60 for var in ${package_name[@]}; 61 do 62   echo -e "\e[0;32;1m[info] : install $var\e[0m" 63   sudo apt-get install $var 64 done 65  66  67 # check crosstool exist 68 if [ "$crosstool_path" = "" ] 69 then 70   echo -e "\e[0;31;1m[erro] : have no crosstool in /opt/toolchain\e[0m" 71   exit 72 fi 73  74 # create release dirrent 75 if [ ! -d $root_release_path ] 76 then 77   echo -e "\e[0;32;1m[info] : create release success\e[0m" 78   mkdir $PWD'/release' 79 fi 80  81 # create build dirrent 82 if [ ! -d $root_build_path ] 83 then 84   echo -e "\e[0;32;1m[info] : create build success\e[0m" 85   mkdir $PWD'/build' 86 fi 87  88 # compile openssl 89 if [ "$compile_args" = "" ] || [ "$compile_args" = "openssl" ] 90 then 91   cd $root_build_path 92   echo -e "\e[0;32;1m[info] : tar xf ${module_name[1]}.tar.gz to build\e[0m" 93   tar xf $root_tar_path'/'${module_name[1]}.tar.gz 94   cd $root_build_path'/'${module_name[1]} 95   /bin/bash config shared no-asm --prefix=$root_release_path 96   sed -i 's/PLATFORM=linux-elf/PLATFORM=linux-elf-arm/g' Makefile 97   sed -i 's/CC= gcc/CC= arm-linux-gnueabihf-gcc/g' Makefile 98   sed -i 's/AR= ar/AR= arm-linux-gnueabihf-ar/g' Makefile 99   sed -i 's/RANLIB= /usr/bin/ranlib/RANLIB= arm-linux-gnueabihf-ranlib/g' Makefile100   sed -i 's/NM= nm/NM= arm-linux-gnueabihf-nm/g' Makefile101   sed -i 's/MAKEDEPPROG= gcc/MAKEDEPPROG= arm-linux-gnueabihf-gcc/g' Makefile102   make -j4103   make install104 fi105 106 # compile net-snmp107 if [ "$compile_args" = "" ] || [ "$compile_args" = "snmp" ]108 then109   cd $root_build_path110   echo -e "\e[0;32;1m[info] : tar xf ${module_name[2]}.tar.gz to build\e[0m"111   tar xf $root_tar_path'/'${module_name[2]}.tar.gz112   cd $root_build_path'/'${module_name[2]}113   CC=arm-linux-gnueabihf-gcc ./configure --build=i686-linux \114     --host=arm-linux --disable-manuals --enable-mfd-rewrites \115     --enable-shared=no --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable' \116     --with-cc=arm-linux-gnueabihf-gcc --with-ar=arm-linux-gnueabihf-ar \117     --prefix=$root_release_path118   make -j4119   make install120 fi121 122 # compile iptables123 if [ "$compile_args" = "" ] || [ "$compile_args" = "iptables" ]124 then125   cd $root_build_path126   echo -e "\e[0;32;1m[info] : tar xf ${module_name[3]}.tar.gz to build\e[0m"127   tar xf $root_tar_path'/'${module_name[3]}.tar.gz128   cd $root_build_path'/'${module_name[3]}129   ./configure --host=arm-linux-gnueabihf \130     --disable-static --enable-shared \131     --prefix=$root_release_path132   make -j4133   make install134 fi135 136 # compile sqlite137 if [ "$compile_args" = "" ] || [ "$compile_args" = "sqlite" ]138 then139   cd $root_build_path140   echo -e "\e[0;32;1m[info] : tar xf ${module_name[4]}.tar.gz to build\e[0m"141   tar xf $root_tar_path'/'${module_name[4]}.tar.gz142   cd $root_build_path'/'${module_name[4]}143   ./configure --disable-tcl --host=arm-linux-gnueabihf \144     --prefix=$root_release_path145   make -j4146   make install147 fi148 149 # compile pam150 if [ "$compile_args" = "" ] || [ "$compile_args" = "pam" ]151 then152   cd $root_build_path153   echo -e "\e[0;32;1m[info] : tar xf ${module_name[5]}.tar.gz to build\e[0m"154   tar xf $root_tar_path'/'${module_name[5]}.tar.gz155   cd $root_build_path'/'${module_name[5]}156   ./configure --host=arm-linux-gnueabihf --disable-static --enable-shared \157     --prefix=$root_release_path158   make -j4159   make install160 fi161 162 # compile orderd163 if [ "$compile_args" = "" ] || [ "$compile_args" = "orderd" ]164 then165   cp -r $root_tar_path/${module_name[6]} $root_build_path166   cd $root_build_path/${module_name[6]}/src167   make168   if [ ! -d $root_release_path/sbin ]169   then170     mkdir $root_release_path/sbin171   fi172   cp orderd $root_release_path/sbin173 fi174 175 # compile zhttpd176 if [ "$compile_args" = "" ] || [ "$compile_args" = "zhttpd" ]177 then178   cp -r $root_tar_path/${module_name[7]} $root_build_path179   cd $root_build_path/${module_name[7]}180   make181   if [ ! -d $root_release_path/sbin ]182   then183     mkdir $root_release_path/sbin184   fi185   cp zhttpd $root_release_path/sbin186 fi187 188 # compile flex189 if [ "$compile_args" = "" ] || [ "$compile_args" = "flex" ]190 then191   cd $root_build_path192   echo -e "\e[0;32;1m[info] : tar xf ${module_name[8]}.tar.gz to build\e[0m"193   tar xf $root_tar_path'/'${module_name[8]}.tar.gz194   cd $root_build_path'/'${module_name[8]}195   sed -i 's/#undef malloc//g' conf.in196   sed -i 's/#undef realloc//g' conf.in197   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \198     --prefix=$root_release_path199   make -j6200   make install201 fi202 203 # compile bison204 if [ "$compile_args" = "" ] || [ "$compile_args" = "bison" ]205 then206   cd $root_build_path207   echo -e "\e[0;32;1m[info] : tar xf ${module_name[9]}.tar.gz to build\e[0m"208   tar xf $root_tar_path'/'${module_name[9]}.tar.gz209   cd $root_build_path'/'${module_name[9]}210   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \211     --prefix=$root_release_path212   make -j6213   make install214   cp $root_build_path/${module_name[9]}/lib/libbison.a $root_release_path/lib215 fi216 217 # compile gmp218 if [ "$compile_args" = "" ] || [ "$compile_args" = "gmp" ]219 then220   cd $root_build_path221   echo -e "\e[0;32;1m[info] : tar xf ${module_name[10]}.tar.gz to build\e[0m"222   tar xf $root_tar_path'/'${module_name[10]}.tar.gz223   cd $root_build_path'/'${module_name[10]}224   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \225     --prefix=$root_release_path226   make -j6227   make install228 fi229 230 # compile libmnl231 if [ "$compile_args" = "" ] || [ "$compile_args" = "libmnl" ]232 then233   cd $root_build_path234   echo -e "\e[0;32;1m[info] : tar xf ${module_name[11]}.tar.gz to build\e[0m"235   tar xf $root_tar_path'/'${module_name[11]}.tar.bz2236   cd $root_build_path'/'${module_name[11]}237   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \238     --prefix=$root_release_path239   make -j6240   make install241 fi242 243 244 # compile libnftnl245 if [ "$compile_args" = "" ] || [ "$compile_args" = "libnftnl" ]246 then247   cd $root_build_path248   echo -e "\e[0;32;1m[info] : tar xf ${module_name[12]}.tar.gz to build\e[0m"249   tar xf $root_tar_path'/'${module_name[12]}.tar.bz2250   cd $root_build_path'/'${module_name[12]}251   export LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/"252   export LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" 253   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --with-gnu-ld \254     --prefix=$root_release_path255   make -j6256   make install257 fi258 259 # compile readline260 if [ "$compile_args" = "" ] || [ "$compile_args" = "readline" ]261 then262   cd $root_build_path263   echo -e "\e[0;32;1m[info] : tar xf ${module_name[13]}.tar.gz to build\e[0m"264   tar xf $root_tar_path'/'${module_name[13]}.tar.gz265   cd $root_build_path'/'${module_name[13]}266   sed -i '6324s/yes/no/g' configure267   ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc \268     --prefix=$root_release_path269   make -j6270   make install271 fi272 273 274 # compile nftables275 if [ "$compile_args" = "" ] || [ "$compile_args" = "nftables" ]276 then277   cd $root_build_path278   echo -e "\e[0;32;1m[info] : tar xf ${module_name[14]}.tar.gz to build\e[0m"279   tar xf $root_tar_path'/'${module_name[14]}.tar.bz2280   cd $root_build_path'/'${module_name[14]}281   LIBMNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libmnl/" \282     LIBMNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lmnl" \283     LIBNFTNL_CFLAGS="-I/opt/toolchain/arm-linux-gnueabihf/include/libnftnl/" \284     LIBNFTNL_LIBS="-L/opt/toolchain/arm-linux-gnueabihf/lib -lnftnl" \285     ./configure --host=arm-linux-gnueabihf CC=arm-linux-gnueabihf-gcc --without-cli \286     --prefix=$root_release_path287   make -j6288   make install289 fi290 291 292 # strip bin file and delete unuseful files293 arm-linux-gnueabihf-strip $root_release_path/bin/*294 arm-linux-gnueabihf-strip $root_release_path/sbin/*295 arm-linux-gnueabihf-strip $root_release_path/lib/*.a296 arm-linux-gnueabihf-strip $root_release_path/lib/*.so.*297 rm -rf $root_release_path/share/man298 rm -rf $root_release_path/ssl/man