source: trunk/package/iptables/Makefile @ 26977

Last change on this file since 26977 was 26977, checked in by jow, 5 years ago

[netfilter] package u32 match and TEE target, patches by Maxim Uvarov

  • Property svn:copyright set to Copyright (C) 2006 OpenWrt.org
  • Property svn:eol-style set to native
File size: 11.7 KB
Line 
1#
2# Copyright (C) 2006-2011 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9include $(INCLUDE_DIR)/kernel.mk
10
11PKG_NAME:=iptables
12PKG_VERSION:=1.4.10
13PKG_RELEASE:=2
14
15PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
16PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18        ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19        ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20        ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22PKG_FIXUP:=autoreconf
23PKG_INSTALL:=1
24PKG_BUILD_PARALLEL:=1
25
26include $(INCLUDE_DIR)/package.mk
27ifeq ($(DUMP),)
28  -include $(LINUX_DIR)/.config
29  include $(INCLUDE_DIR)/netfilter.mk
30  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
31endif
32
33
34define Package/iptables/Default
35  SECTION:=net
36  CATEGORY:=Network
37  SUBMENU:=Firewall
38  URL:=http://netfilter.org/
39endef
40
41define Package/iptables/Module
42$(call Package/iptables/Default)
43  DEPENDS:=iptables $(1)
44endef
45
46define Package/iptables
47$(call Package/iptables/Default)
48  TITLE:=IPv4 firewall administration tool
49  MENU:=1
50  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
51endef
52
53define Package/iptables/description
54IPv4 firewall administration tool.
55Includes support for:
56- comment
57- limit
58- LOG
59- mac
60- multiport
61- REJECT
62- TCPMSS
63endef
64
65define Package/iptables-mod-conntrack
66$(call Package/iptables/Module, +kmod-ipt-conntrack)
67  TITLE:=Basic connection tracking extensions
68endef
69
70define Package/iptables-mod-conntrack/description
71Basic iptables extensions for connection tracking.
72Includes:
73- state
74- raw
75- NOTRACK
76endef
77
78define Package/iptables-mod-conntrack-extra
79$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
80  TITLE:=Extra connection tracking extensions
81endef
82
83define Package/iptables-mod-conntrack-extra/description
84Extra iptables extensions for connection tracking.
85Includes:
86- libipt_conntrack
87- libipt_helper
88- libipt_connmark/CONNMARK
89endef
90
91define Package/iptables-mod-filter
92$(call Package/iptables/Module, +kmod-ipt-filter)
93  TITLE:=Content inspection extensions
94endef
95
96define Package/iptables-mod-filter/description
97iptables extensions for packet content inspection.
98Includes:
99- libipt_string
100- libipt_layer7
101endef
102
103define Package/iptables-mod-ipopt
104$(call Package/iptables/Module, +kmod-ipt-ipopt)
105  TITLE:=IP/Packet option extensions
106endef
107
108define Package/iptables-mod-ipopt/description
109iptables extensions for matching/changing IP packet options.
110Includes:
111- libipt_CLASSIFY
112- libipt_dscp/DSCP
113- libipt_ecn/ECN
114- libipt_length
115- libipt_mac
116- libipt_mark/MARK
117- libipt_statistic
118- libipt_tcpmms
119- libipt_tos/TOS
120- libipt_ttl/TTL
121- libipt_unclean
122endef
123
124define Package/iptables-mod-ipsec
125$(call Package/iptables/Module, +kmod-ipt-ipsec)
126  TITLE:=IPsec extensions
127endef
128
129define Package/iptables-mod-ipsec/description
130iptables extensions for matching ipsec traffic.
131Includes:
132- libipt_ah
133- libipt_esp
134- libipt_policy
135endef
136
137define Package/iptables-mod-ipset
138$(call Package/iptables/Module,)
139  TITLE:=IPset iptables extensions
140endef
141
142define Package/iptables-mod-ipset/description
143IPset iptables extensions.
144Includes:
145- libipt_set
146- libipt_SET
147endef
148
149define Package/iptables-mod-nat
150$(call Package/iptables/Module, +kmod-ipt-nat)
151  TITLE:=Basic NAT extensions
152endef
153
154define Package/iptables-mod-nat/description
155iptables extensions for basic NAT targets.
156Includes:
157- MASQUERADE
158- SNAT
159- DNAT
160endef
161
162define Package/iptables-mod-nat-extra
163$(call Package/iptables/Module, +kmod-ipt-nat-extra)
164  TITLE:=Extra NAT extensions
165endef
166
167define Package/iptables-mod-nat-extra/description
168iptables extensions for extra NAT targets.
169Includes:
170- REDIRECT
171endef
172
173define Package/iptables-mod-ulog
174$(call Package/iptables/Module, +kmod-ipt-ulog)
175  TITLE:=user-space packet logging
176endef
177
178define Package/iptables-mod-ulog/description
179iptables extensions for user-space packet logging.
180Includes:
181- libipt_ULOG
182endef
183
184define Package/iptables-mod-hashlimit
185$(call Package/iptables/Module, +kmod-ipt-hashlimit)
186  TITLE:=hashlimit matching
187endef
188
189define Package/iptables-mod-hashlimit/description
190iptables extensions for hashlimit matching
191Includes:
192- libipt_hashlimit
193endef
194
195define Package/iptables-mod-iprange
196$(call Package/iptables/Module, +kmod-ipt-iprange)
197  TITLE:=IP range extension
198endef
199
200define Package/iptables-mod-iprange/description
201iptables extensions for matching ip ranges.
202Includes:
203- libipt_iprange
204endef
205
206define Package/iptables-mod-extra
207$(call Package/iptables/Module, +kmod-ipt-extra)
208  TITLE:=Other extra iptables extensions
209endef
210
211define Package/iptables-mod-extra/description
212Other extra iptables extensions.
213Includes:
214- libipt_owner
215- libipt_physdev
216- libipt_pkttype
217- libipt_recent
218endef
219
220define Package/iptables-mod-tproxy
221$(call Package/iptables/Module, +kmod-ipt-tproxy)
222  TITLE:=Transparent proxy iptables extensions
223endef
224
225define Package/iptables-mod-tproxy/description
226Transparent proxy iptables extensions.
227Includes:
228- libxt_socket
229- libxt_TPROXY
230endef
231
232define Package/iptables-mod-tee
233$(call Package/iptables/Module, +kmod-ipt-tee)
234  TITLE:=TEE iptables extensions
235endef
236
237define Package/iptables-mod-tee/description
238TEE iptables extensions.
239Includes:
240- libxt_TEE
241endef
242
243define Package/iptables-mod-u32
244$(call Package/iptables/Module, +kmod-ipt-u32)
245  TITLE:=U32 iptables extensions
246endef
247
248define Package/iptables-mod-u32/description
249U32 iptables extensions.
250Includes:
251- libxt_u32
252endef
253
254define Package/iptables-utils
255$(call Package/iptables/Module, )
256  TITLE:=iptables save and restore utilities
257endef
258
259define Package/ip6tables
260$(call Package/iptables/Default)
261  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
262  CATEGORY:=IPv6
263  TITLE:=IPv6 firewall administration tool
264  MENU:=1
265endef
266
267define Package/ip6tables-utils
268$(call Package/iptables/Default)
269  DEPENDS:=ip6tables
270  CATEGORY:=IPv6
271  TITLE:=ip6tables save and restore utilities
272endef
273
274define Package/libiptc
275$(call Package/iptables/Default)
276  SECTION:=libs
277  CATEGORY:=Libraries
278  DEPENDS:=+libip4tc +libip6tc
279  TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
280endef
281
282define Package/libip4tc
283$(call Package/iptables/Default)
284  SECTION:=libs
285  CATEGORY:=Libraries
286  TITLE:=IPv4 firewall - shared libiptc library
287endef
288
289define Package/libip6tc
290$(call Package/iptables/Default)
291  SECTION:=libs
292  CATEGORY:=Libraries
293  TITLE:=IPv6 firewall - shared libiptc library
294endef
295
296define Package/libxtables
297 $(call Package/iptables/Default)
298 SECTION:=libs
299 CATEGORY:=Libraries
300 TITLE:=IPv4/IPv6 firewall - shared xtables library
301endef
302
303define Package/libipq
304  $(call Package/iptables/Default)
305  SECTION:=libs
306  CATEGORY:=Libraries
307  TITLE:=IPv4/IPv6 firewall - shared libipq library
308endef
309
310TARGET_CPPFLAGS := \
311        -I$(PKG_BUILD_DIR)/include \
312        -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
313        $(TARGET_CPPFLAGS)
314
315TARGET_CFLAGS += \
316        -I$(PKG_BUILD_DIR)/include \
317        -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
318
319CONFIGURE_ARGS += \
320        --enable-shared \
321        --enable-devel \
322        --enable-ipv6 \
323        --enable-libipq \
324        --with-kernel="$(LINUX_DIR)" \
325        --with-xtlibdir=/usr/lib/iptables
326
327MAKE_FLAGS := \
328        $(TARGET_CONFIGURE_OPTS) \
329        COPT_FLAGS="$(TARGET_CFLAGS)" \
330        LDFLAGS="-rdynamic" \
331        KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
332        KBUILD_OUTPUT="$(LINUX_DIR)" \
333
334define Build/InstallDev
335        $(INSTALL_DIR) $(1)/usr/include
336        $(INSTALL_DIR) $(1)/usr/include/iptables
337        $(INSTALL_DIR) $(1)/usr/include/net/netfilter
338
339        # XXX: iptables header fixup, some headers are not installed by iptables anymore
340        $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
341        $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
342        $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
343        $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
344        $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
345        $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
346
347        $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
348        $(INSTALL_DIR) $(1)/usr/lib
349        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
350        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
351        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
352        $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
353        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
354        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
355endef
356
357define Package/iptables/install
358        $(INSTALL_DIR) $(1)/usr/sbin
359        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
360        $(INSTALL_DIR) $(1)/usr/lib/iptables
361        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
362                for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
363                        if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
364                                $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
365                        fi; \
366                done \
367        )
368endef
369
370define Package/iptables-utils/install
371        $(INSTALL_DIR) $(1)/usr/sbin
372        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(1)/usr/sbin/
373endef
374
375define Package/ip6tables/install
376        $(INSTALL_DIR) $(1)/usr/sbin
377        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
378        $(INSTALL_DIR) $(1)/usr/lib/iptables
379        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
380                $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
381        )
382endef
383
384define Package/ip6tables-utils/install
385        $(INSTALL_DIR) $(1)/usr/sbin
386        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-{save,restore} $(1)/usr/sbin/
387endef
388
389define Package/libiptc/install
390        $(INSTALL_DIR) $(1)/usr/lib
391        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
392endef
393
394define Package/libip4tc/install
395        $(INSTALL_DIR) $(1)/usr/lib
396        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
397endef
398
399define Package/libip6tc/install
400        $(INSTALL_DIR) $(1)/usr/lib
401        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
402endef
403
404define Package/libxtables/install
405        $(INSTALL_DIR) $(1)/usr/lib
406        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
407endef
408
409define Package/libipq/install
410        $(INSTALL_DIR) $(1)/usr/lib
411        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
412endef
413
414define BuildPlugin
415  define Package/$(1)/install
416        $(INSTALL_DIR) $$(1)/usr/lib/iptables
417        for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
418                if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
419                        $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
420                fi; \
421        done
422        $(3)
423  endef
424
425  $$(eval $$(call BuildPackage,$(1)))
426endef
427
428L7_INSTALL:=\
429        $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
430        $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
431
432
433$(eval $(call BuildPackage,iptables))
434$(eval $(call BuildPackage,iptables-utils))
435$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
436$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
437$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
438$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
439$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
440$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
441$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
442$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
443$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
444$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
445$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
446$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
447$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
448$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
449$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
450$(eval $(call BuildPackage,ip6tables))
451$(eval $(call BuildPackage,ip6tables-utils))
452$(eval $(call BuildPackage,libiptc))
453$(eval $(call BuildPackage,libip4tc))
454$(eval $(call BuildPackage,libip6tc))
455$(eval $(call BuildPackage,libxtables))
456$(eval $(call BuildPackage,libipq))
Note: See TracBrowser for help on using the repository browser.