Added GitLab CI

.ci_scripts/cross-compile/Dockerfile

-# Dockerfile describing the container used to
-# cross-compile the projet for OpenWrt,
-# in GitHub Actions.
-# The default platform is the TP-Link WDR4900.
-
-# Base image: Ubuntu 22.04 LTS
-FROM ubuntu:22.04
-
-# Set build configuration variables
-ARG VERSION=v22.03.5
-ARG ROUTER=tl-wdr4900
-ARG TOOLCHAIN_DIR=toolchain-powerpc_8540_gcc-11.2.0_musl
-ARG TARGET_DIR=target-powerpc_8540_musl
-
-# Set initial working directory
-ENV HOME=/root
-WORKDIR ${HOME}
-
-# Install dependencies
-RUN apt-get update && \
-    apt-get install -y \
-    build-essential \
-    clang \
-    flex \
-    bison \
-    g++ \
-    gawk \
-    gcc-multilib \
-    gettext \
-    git \
-    libncurses5-dev \
-    libssl-dev \
-    python3-distutils \
-    rsync \
-    unzip \
-    zlib1g-dev \
-    file \
-    wget \
-    cmake \
-    python3-pip
-
-# Clone OpenWrt repository
-ENV OPENWRT_HOME=${HOME}/openwrt
-RUN git clone https://git.openwrt.org/openwrt/openwrt.git ${OPENWRT_HOME}
-WORKDIR ${OPENWRT_HOME}
-RUN git checkout ${VERSION}
-
-# Update and install feeds
-RUN ${OPENWRT_HOME}/scripts/feeds update -a
-RUN ${OPENWRT_HOME}/scripts/feeds install -a
-
-# Configure OpenWrt toolchain
-COPY openwrt/${ROUTER}/config/config-minimal ${OPENWRT_HOME}/.config
-ENV FORCE_UNSAFE_CONFIGURE=1
-RUN make defconfig
-RUN make download
-RUN make -j $(($(nproc)+1))
-ENV STAGING_DIR=${OPENWRT_HOME}/staging_dir
-ENV TOOLCHAIN_PATH=${STAGING_DIR}/${TOOLCHAIN_DIR}
-ENV TARGET_PATH=${STAGING_DIR}/${TARGET_DIR}
-ENV C_INCLUDE_PATH=${TARGET_PATH}/usr/include
-ENV LD_LIBRARY_PATH=${TARGET_PATH}/usr/lib
-ENV PATH=${TOOLCHAIN_PATH}/bin:$PATH
-
-# Get ready for next steps
-WORKDIR ${HOME}

.ci_scripts/firewall-test/add_nft_rules.sh

 EXITCODE=0
 
-for nft_script in $GITHUB_WORKSPACE/devices/*/firewall*.nft
+for nft_script in devices/*/firewall*.nft
 do
     # Try adding the ruleset
     sudo nft -f "$nft_script"

.ci_scripts/firewall-test/run_cppcheck.sh

 EXITCODE=0
-PARSERS_DIR="$GITHUB_WORKSPACE/src/parsers"
+PARSERS_DIR="src/parsers"
 
 # Pattern matching on all source files
 for file in $(find "$GITHUB_WORKSPACE"/include "$GITHUB_WORKSPACE"/src "$GITHUB_WORKSPACE"/devices "$GITHUB_WORKSPACE"/test "$PARSERS_DIR"/include "$PARSERS_DIR"/src "$PARSERS_DIR"/test -name *.h -o -name *.c)

.ci_scripts/firewall-test/run_exec.sh

@@ -2,7 +2,7 @@
 
 # Constants
 TIMEOUT=5  # seconds
-BIN_DIR="$GITHUB_WORKSPACE/bin"
+BIN_DIR="bin"
 
 # Ensure globbing expands to an empty list if no matches are found
 shopt -s nullglob

.ci_scripts/firewall-test/run_tests.sh

 EXITCODE=0
-PARSERS_DIR="$GITHUB_WORKSPACE/src/parsers"
-VALGRIND_SUPP="$GITHUB_WORKSPACE/.ci_scripts/firewall-test/valgrind.supp"
+PARSERS_DIR="src/parsers"
+VALGRIND_SUPP=".ci_scripts/firewall-test/valgrind.supp"
 
 PREFIX=""
 for file in "$GITHUB_WORKSPACE"/bin/test/* "$PARSERS_DIR"/bin/test/*

.ci_scripts/firewall-test/translate_profiles.sh

 # NFQueue start index
 NFQ_ID_START=0
 
-for DEVICE in $GITHUB_WORKSPACE/devices/*
+for DEVICE in devices/*
 do
     if [ -d $DEVICE ]
     then
-        python3 "$GITHUB_WORKSPACE/src/translator/translator.py" "$DEVICE/profile.yaml" $NFQ_ID_START
+        python3 "src/translator/translator.py" "$DEVICE/profile.yaml" $NFQ_ID_START
         NFQ_ID_START=$((NFQ_ID_START+1000))
     fi
 done

.gitignore

@@ -16,6 +16,7 @@ docs
 .vscode/
 .vagrant/
 __pycache__/
+.venv
 
 # PCAP traces
 **/traces/

.gitlab-ci.yml

+variables:
+  GIT_SUBMODULE_STRATEGY: recursive
+
+
+# Natively build and test the project
+job-native-build:
+  script:
+    - sudo .ci_scripts/native-build/install_packages.sh
+    - python3 -m venv .venv
+    - source .venv/bin/activate
+    - pip3 install -r requirements.txt
+    - .ci_scripts/firewall-test/translate_profiles.sh
+    - firewall/build.sh -C firewall
+    - .ci_scripts/native-build/run_tests.sh
+    - .ci_scripts/native-build/run_tests.sh valgrind
+    - .ci_scripts/native-build/run_cppcheck.sh
+    - .ci_scripts/native-build/add_nft_rules.sh
+    - .ci_scripts/native-build/run_exec.sh
+
+
+# Cross-compile the project for the TL-WDR4900 router
+job-cross-compilation:
+  script:
+    - python3 -m venv .venv
+    - source .venv/bin/activate
+    - pip3 install -r requirements.txt
+    - .ci_scripts/firewall-test/translate_profiles.sh
+    - docker compose run cross-compilation /home/user/iot-firewall/docker_cmd.sh tl-wdr4900 $(id -u $USER) $(id -g $USER)

docker-compose.yaml

 services:
-  openwrt:
+  cross-compilation:
     image: fdekeers/openwrt_tl-wdr4900
     #image: fdekeers/openwrt_linksys-wrt1200ac
     container_name: openwrt-firewall
@@ -8,6 +8,6 @@ services:
       #- ROUTER=linksys-wrt1200ac
     volumes:
       - .:/home/user/iot-firewall
-    command: ["/home/user/iot-firewall/build.sh", "-t", "/home/user/iot-firewall/openwrt/tl-wdr4900/tl-wdr4900.cmake"]
-    #command: ["/home/user/iot-firewall/build.sh", "-t", "/home/user/iot-firewall/openwrt/linksys-wrt1200ac/linksys-wrt1200ac.cmake"]
+    command: ["/home/user/iot-firewall/docker_cmd.sh", "tl-wdr4900", "1000", "1000"]
+    #command: ["/home/user/iot-firewall/docker_cmd.sh", "linksys-wrt1200ac", "1000", "1000"]
     restart: no

docker_cmd.sh

+#!/bin/bash
+
+# Script to run inside the cross-compilation Docker container.
+
+
+# Base directory
+BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+
+
+### ARGUMENTS ###
+
+# Print usage information
+usage() {
+    echo "Usage: $0 ROUTER NEW_ID NEW_GID" 1>&2
+    exit 1
+}
+
+# Verify number of arguments
+if [[ $# -ne 2 ]] && [[ $# -ne 3 ]]; then
+    usage
+fi
+
+## Get command line arguments
+ROUTER=$1
+NEW_UID=$2
+# GID (optional)
+# If not provided, equal to UID
+if [[ $# -eq 2 ]]; then
+    NEW_GID=$NEW_UID
+elif [[ $# -eq 3 ]]; then
+    NEW_GID=$3
+fi
+
+
+### MAIN ###
+
+# Cross-compile sources
+"$BASE_DIR"/build.sh -C "$BASE_DIR" -t "$BASE_DIR"/firewall/openwrt/$ROUTER/$ROUTER.cmake
+
+# Change perimissions
+ROOT_UID=0
+for DIR in build bin; do
+    DIR="$BASE_DIR"/$DIR
+    find $DIR -uid $ROOT_UID -exec chown -h $NEW_UID {} \;
+    find $DIR -gid $ROOT_UID -exec chgrp -h $NEW_GID {} \;
+done

parsers @ d052494c

-Subproject commit 746030e98cab5d64007c71b21aa113db77175959
+Subproject commit d052494c48b97becbd08b114bafa58f59471f567