domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a8d62a4eb1ce53beb901b212ce7e474eb70341ca
openwrt_NSS_ACW/package/network/utils/iptables/Makefile
Kevin Darbyshire-Bryant d7613bd02f iptables: update to 1.8.4 
Bump to iptable 1.8.4 and address packaging issue as mentioned in the
original bump/revert cycle.

"This reverts commit 10cbc896c0.
The updated iptables package does not build due to the following error
encountered on the buildbots:
    cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory

The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump."

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-15 15:55:56 +00:00

692 lines
17 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
PKG_VERSION:=1.8.4
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0
PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
include $(INCLUDE_DIR)/package.mk
ifeq ($(DUMP),)
-include $(LINUX_DIR)/.config
include $(INCLUDE_DIR)/netfilter.mk
STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
endif
define Package/iptables/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
URL:=https://netfilter.org/
endef
define Package/iptables/Module
$(call Package/iptables/Default)
DEPENDS:=iptables $(1)
endef
define Package/iptables
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool
MENU:=1
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
endef
define Package/iptables/config
config IPTABLES_CONNLABEL
bool "Enable Connlabel support"
default n
help
This enable connlabel support in iptables.
config IPTABLES_NFTABLES
bool "Enable Nftables support"
default n
help
This enable nftables support in iptables.
endef
define Package/iptables/description
IP firewall administration tool.
Matches:
- icmp
- tcp
- udp
- comment
- conntrack
- limit
- mac
- mark
- multiport
- set
- state
- time
Targets:
- ACCEPT
- CT
- DNAT
- DROP
- REJECT
- FLOWOFFLOAD
- LOG
- MARK
- MASQUERADE
- REDIRECT
- SET
- SNAT
- TCPMSS
Tables:
- filter
- mangle
- nat
- raw
endef
define Package/iptables-nft
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool nft
DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft
endef
define Package/iptables-nft/description
Extra iptables nftables nft binaries.
iptables-nft
iptables-nft-restore
iptables-nft-save
iptables-translate
iptables-restore-translate
endef
define Package/iptables-mod-conntrack-extra
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
TITLE:=Extra connection tracking extensions
endef
define Package/iptables-mod-conntrack-extra/description
Extra iptables extensions for connection tracking.
Matches:
- connbytes
- connlimit
- connmark
- recent
- helper
Targets:
- CONNMARK
endef
define Package/iptables-mod-conntrack-label
$(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
TITLE:=Connection tracking labeling extension
DEFAULT:=y if IPTABLES_CONNLABEL
endef
define Package/iptables-mod-conntrack-label/description
Match and set label(s) on connection tracking entries
Matches:
- connlabel
endef
define Package/iptables-mod-filter
$(call Package/iptables/Module, +kmod-ipt-filter)
TITLE:=Content inspection extensions
endef
define Package/iptables-mod-filter/description
iptables extensions for packet content inspection.
Includes support for:
Matches:
- string
- bpf
endef
define Package/iptables-mod-ipopt
$(call Package/iptables/Module, +kmod-ipt-ipopt)
TITLE:=IP/Packet option extensions
endef
define Package/iptables-mod-ipopt/description
iptables extensions for matching/changing IP packet options.
Matches:
- dscp
- ecn
- length
- statistic
- tcpmss
- unclean
- hl
Targets:
- DSCP
- CLASSIFY
- ECN
- HL
endef
define Package/iptables-mod-ipsec
$(call Package/iptables/Module, +kmod-ipt-ipsec)
TITLE:=IPsec extensions
endef
define Package/iptables-mod-ipsec/description
iptables extensions for matching ipsec traffic.
Matches:
- ah
- esp
- policy
endef
define Package/iptables-mod-nat-extra
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
TITLE:=Extra NAT extensions
endef
define Package/iptables-mod-nat-extra/description
iptables extensions for extra NAT targets.
Targets:
- MIRROR
- NETMAP
endef
define Package/iptables-mod-ulog
$(call Package/iptables/Module, +kmod-ipt-ulog)
TITLE:=user-space packet logging
endef
define Package/iptables-mod-ulog/description
iptables extensions for user-space packet logging.
Targets:
- ULOG
endef
define Package/iptables-mod-nflog
$(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
TITLE:=Netfilter NFLOG target
endef
define Package/iptables-mod-nflog/description
iptables extension for user-space logging via NFNETLINK.
Includes:
- libxt_NFLOG
endef
define Package/iptables-mod-trace
$(call Package/iptables/Module, +kmod-ipt-debug)
TITLE:=Netfilter TRACE target
endef
define Package/iptables-mod-trace/description
iptables extension for TRACE target
Includes:
- libxt_TRACE
endef
define Package/iptables-mod-nfqueue
$(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
TITLE:=Netfilter NFQUEUE target
endef
define Package/iptables-mod-nfqueue/description
iptables extension for user-space queuing via NFNETLINK.
Includes:
- libxt_NFQUEUE
endef
define Package/iptables-mod-hashlimit
$(call Package/iptables/Module, +kmod-ipt-hashlimit)
TITLE:=hashlimit matching
endef
define Package/iptables-mod-hashlimit/description
iptables extensions for hashlimit matching
Matches:
- hashlimit
endef
define Package/iptables-mod-rpfilter
$(call Package/iptables/Module, +kmod-ipt-rpfilter)
TITLE:=rpfilter iptables extension
endef
define Package/iptables-mod-rpfilter/description
iptables extensions for reverse path filter test on a packet
Matches:
- rpfilter
endef
define Package/iptables-mod-iprange
$(call Package/iptables/Module, +kmod-ipt-iprange)
TITLE:=IP range extension
endef
define Package/iptables-mod-iprange/description
iptables extensions for matching ip ranges.
Matches:
- iprange
endef
define Package/iptables-mod-cluster
$(call Package/iptables/Module, +kmod-ipt-cluster)
TITLE:=Match cluster extension
endef
define Package/iptables-mod-cluster/description
iptables extensions for matching cluster.
Netfilter (IPv4/IPv6) module for matching cluster
This option allows you to build work-load-sharing clusters of
network servers/stateful firewalls without having a dedicated
load-balancing router/server/switch. Basically, this match returns
true when the packet must be handled by this cluster node. Thus,
all nodes see all packets and this match decides which node handles
what packets. The work-load sharing algorithm is based on source
address hashing.
This module is usable for ipv4 and ipv6.
If you select it, it enables kmod-ipt-cluster.
see `iptables -m cluster --help` for more information.
endef
define Package/iptables-mod-clusterip
$(call Package/iptables/Module, +kmod-ipt-clusterip)
TITLE:=Clusterip extension
endef
define Package/iptables-mod-clusterip/description
iptables extensions for CLUSTERIP.
The CLUSTERIP target allows you to build load-balancing clusters of
network servers without having a dedicated load-balancing
router/server/switch.
If you select it, it enables kmod-ipt-clusterip.
see `iptables -j CLUSTERIP --help` for more information.
endef
define Package/iptables-mod-extra
$(call Package/iptables/Module, +kmod-ipt-extra)
TITLE:=Other extra iptables extensions
endef
define Package/iptables-mod-extra/description
Other extra iptables extensions.
Matches:
- addrtype
- condition
- owner
- pkttype
- quota
endef
define Package/iptables-mod-physdev
$(call Package/iptables/Module, +kmod-ipt-physdev)
TITLE:=physdev iptables extension
endef
define Package/iptables-mod-physdev/description
The iptables physdev match.
endef
define Package/iptables-mod-led
$(call Package/iptables/Module, +kmod-ipt-led)
TITLE:=LED trigger iptables extension
endef
define Package/iptables-mod-led/description
iptables extension for triggering a LED.
Targets:
- LED
endef
define Package/iptables-mod-tproxy
$(call Package/iptables/Module, +kmod-ipt-tproxy)
TITLE:=Transparent proxy iptables extensions
endef
define Package/iptables-mod-tproxy/description
Transparent proxy iptables extensions.
Matches:
- socket
Targets:
- TPROXY
endef
define Package/iptables-mod-tee
$(call Package/iptables/Module, +kmod-ipt-tee)
TITLE:=TEE iptables extensions
endef
define Package/iptables-mod-tee/description
TEE iptables extensions.
Targets:
- TEE
endef
define Package/iptables-mod-u32
$(call Package/iptables/Module, +kmod-ipt-u32)
TITLE:=U32 iptables extensions
endef
define Package/iptables-mod-u32/description
U32 iptables extensions.
Matches:
- u32
endef
define Package/iptables-mod-checksum
$(call Package/iptables/Module, +kmod-ipt-checksum)
TITLE:=IP CHECKSUM target extension
endef
define Package/iptables-mod-checksum/description
iptables extension for the CHECKSUM calculation target
endef
define Package/ip6tables
$(call Package/iptables/Default)
DEPENDS:=@IPV6 +kmod-ip6tables +iptables
CATEGORY:=Network
TITLE:=IPv6 firewall administration tool
MENU:=1
endef
define Package/ip6tables-nft
$(call Package/iptables/Default)
DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft
TITLE:=IP firewall administration tool nft
endef
define Package/ip6tables-nft/description
Extra ip6tables nftables nft binaries.
iptables-nft
iptables-nft-restore
iptables-nft-save
iptables-translate
iptables-restore-translate
endef
define Package/ip6tables-extra
$(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ip6tables-extra
TITLE:=IPv6 header matching modules
endef
define Package/ip6tables-mod-extra/description
iptables header matching modules for IPv6
endef
define Package/ip6tables-mod-nat
$(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ipt-nat6
TITLE:=IPv6 NAT extensions
endef
define Package/ip6tables-mod-nat/description
iptables extensions for IPv6-NAT targets.
endef
define Package/libip4tc
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptc library
ABI_VERSION:=2
DEPENDS:=+libxtables
endef
define Package/libip6tc
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptc library
ABI_VERSION:=2
DEPENDS:=+libxtables
endef
define Package/libxtables
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
ABI_VERSION:=12
DEPENDS:= \
+IPTABLES_CONNLABEL:libnetfilter-conntrack \
+IPTABLES_NFTABLES:libnftnl
endef
define Package/libxtables-nft
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables nft library
ABI_VERSION:=12
DEPENDS:=libxtables
endef
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
$(TARGET_CPPFLAGS)
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
-ffunction-sections -fdata-sections \
-DNO_LEGACY
TARGET_LDFLAGS += \
-Wl,--gc-sections
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
--enable-devel \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
--with-xt-lock-name=/var/run/xtables.lock \
$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
$(if $(CONFIG_IPV6),,--disable-ipv6)
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
COPT_FLAGS="$(TARGET_CFLAGS)" \
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
define Build/Configure/rebuild
$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
rm -f $(PKG_BUILD_DIR)/.config_*
rm -f $(PKG_BUILD_DIR)/.configured_*
touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
endef
endif
define Build/Configure
$(Build/Configure/rebuild)
$(Build/Configure/Default)
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DIR) $(1)/usr/include/iptables
$(INSTALL_DIR) $(1)/usr/include/net/netfilter
# XXX: iptables header fixup, some headers are not installed by iptables anymore
$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
# XXX: needed by firewall3
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
endef
define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
define Package/iptables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
define Package/ip6tables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
endef
define Package/libip6tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
endef
define Package/libxtables/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef
define Package/libxtables-nft/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
endef
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
fi; \
done
$(3)
endef
$$(eval $$(call BuildPackage,$(1)))
endef
$(eval $(call BuildPackage,iptables))
$(eval $(call BuildPackage,iptables-nft))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
$(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
$(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
$(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
$(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
$(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPackage,ip6tables-nft))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libxtables))
$(eval $(call BuildPackage,libxtables-nft))
Reference in New Issue View Git Blame Copy Permalink