#! /usr/bin/make # WARNING: # only add extensions here that are either present in the kernel, or whose # header files are present in the include/linux directory of this iptables # package (HW) # PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNLOG CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK TRACE # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) PF_EXT_ALL_SLIB:=$(patsubst extensions/libipt_%.c, %, $(wildcard extensions/libipt_*.c)) PF6_EXT_ALL_SLIB:=$(patsubst extensions/libip6t_%.c, %, $(wildcard extensions/libip6t_*.c)) PF_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_match extensions/libipt_$(T).c && echo $(T))) PF_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_target extensions/libipt_$(T).c && echo $(T))) PF6_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_match6 extensions/libip6t_$(T).c && echo $(T))) PF6_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_target6 extensions/libip6t_$(T).c && echo $(T))) PF_EXT_MAN_MATCHES:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_MATCHES)) PF_EXT_MAN_TARGETS:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_TARGETS)) PF_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF_EXT_MAN_MATCHES), $(PF_EXT_MAN_ALL_MATCHES)) PF_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF_EXT_MAN_TARGETS), $(PF_EXT_MAN_ALL_TARGETS)) PF6_EXT_MAN_MATCHES:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_MATCHES)) PF6_EXT_MAN_TARGETS:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_TARGETS)) PF6_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF6_EXT_MAN_MATCHES), $(PF6_EXT_MAN_ALL_MATCHES)) PF6_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF6_EXT_MAN_TARGETS), $(PF6_EXT_MAN_ALL_TARGETS)) allman: @echo ALL_SLIB: $(PF_EXT_ALL_SLIB) @echo ALL_MATCH: $(PF_EXT_MAN_ALL_MATCHES) @echo ALL_TARGET: $(PF_EXT_MAN_ALL_TARGETS) PF_EXT_SLIB+=$(PF_EXT_SLIB_OPTS) PF6_EXT_SLIB+=$(PF6_EXT_SLIB_OPTS) OPTIONALS+=$(patsubst %,IPv4:%,$(PF_EXT_SLIB_OPTS)) OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS)) ifdef NO_SHARED_LIBS # Only build matches/targets for the current kernel config include $(KERNEL_DIR)/.config lower=$(shell echo $(1) | tr [:upper:] [:lower:]) upper=$(shell echo $(1) | tr [:lower:] [:upper:]) TEST_CONFIG=$(patsubst y_%,%,$(filter y_%,$(foreach i,$(1),$(CONFIG_$(2)_$(i))_$(i)))) PF_EXT_SLIB_BASE:=tcp udp icmp standard PF_EXT_SLIB_CONFIG:=$(sort $(call upper,$(filter-out $(PF_EXT_SLIB_BASE),$(PF_EXT_SLIB)))) PF_EXT_SLIB:=$(PF_EXT_SLIB_BASE) PF_EXT_SLIB+=$(call lower,$(call TEST_CONFIG,$(PF_EXT_SLIB_CONFIG),IP_NF_MATCH)) PF_EXT_SLIB+=$(call TEST_CONFIG,$(PF_EXT_SLIB_CONFIG),IP_NF_TARGET) PF6_EXT_SLIB_BASE:=tcp udp icmpv6 standard PF6_EXT_SLIB_CONFIG:=$(sort $(call upper,$(filter-out $(PF6_EXT_SLIB_BASE),$(PF6_EXT_SLIB)))) PF6_EXT_SLIB:=$(PF6_EXT_SLIB_BASE) PF6_EXT_SLIB+=$(call lower,$(call TEST_CONFIG,$(PF6_EXT_SLIB_CONFIG),IP6_NF_MATCH)) PF6_EXT_SLIB+=$(call TEST_CONFIG,$(PF6_EXT_SLIB_CONFIG),IP6_NF_TARGET) ifdef CONFIG_IP_NF_NAT PF_EXT_SLIB+=SNAT DNAT endif ifdef CONFIG_IP_NF_MATCH_AH_ESP PF_EXT_SLIB+=ah esp endif PF_EXT_SLIB+=authd endif ifndef NO_SHARED_LIBS SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) ifeq ($(DO_IPV6), 1) SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) endif else # NO_SHARED_LIBS EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) EXT_OBJS+= extensions/initext.o ifeq ($(DO_IPV6), 1) EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) EXT6_OBJS+= extensions/initext6.o endif # DO_IPV6 endif # NO_SHARED_LIBS ifndef TOPLEVEL_INCLUDED local: cd .. && $(MAKE) $(SHARED_LIBS) endif ifdef NO_SHARED_LIBS extensions/libext.a: $(EXT_OBJS) rm -f $@ $(CROSS)ar crv $@ $(EXT_OBJS) $(CROSS)ranlib $@ extensions/libext6.a: $(EXT6_OBJS) rm -f $@ $(CROSS)ar crv $@ $(EXT6_OBJS) $(CROSS)ranlib $@ extensions/initext.o: extensions/initext.c extensions/initext6.o: extensions/initext6.c extensions/initext.c: extensions/Makefile echo "" > $@ for i in $(EXT_FUNC); do \ echo "extern void $${i}_init(void);" >> $@; \ done echo "void init_extensions(void) {" >> $@ for i in $(EXT_FUNC); do \ echo " $${i}_init();" >> $@; \ done echo "}" >> $@ extensions/initext6.c: extensions/Makefile echo "" > $@ for i in $(EXT6_FUNC); do \ echo "extern void $${i}_init(void);" >> $@; \ done echo "void init_extensions(void) {" >> $@ for i in $(EXT6_FUNC); do \ echo " $${i}_init();" >> $@; \ done echo "}" >> $@ extensions/lib%.o: extensions/lib%.c $(CC) $(CFLAGS) -D_INIT=$*_init -c -o $@ $< endif EXTRAS += extensions/libipt_targets.man extensions/libipt_targets.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_TARGETS)) @for ext in $(PF_EXT_MAN_TARGETS); do \ echo ".SS $$ext" ;\ cat extensions/libipt_$$ext.man ;\ done >extensions/libipt_targets.man @if [ -n "$(PF_EXT_MAN_EXTRA_TARGETS)" ]; then \ extra=$(PF_EXT_MAN_EXTRA_TARGETS) ;\ for ext in $${extra:-""}; do \ echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ cat extensions/libipt_$$ext.man ;\ done ;\ fi >>extensions/libipt_targets.man EXTRAS += extensions/libipt_matches.man extensions/libipt_matches.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_MATCHES)) @for ext in $(PF_EXT_MAN_MATCHES); do \ echo ".SS $$ext" ;\ cat extensions/libipt_$$ext.man ;\ done >extensions/libipt_matches.man @if [ -n "$(PF_EXT_MAN_EXTRA_MATCHES)" ]; then \ extra=$(PF_EXT_MAN_EXTRA_MATCHES) ;\ for ext in $${extra:-""}; do \ echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ cat extensions/libipt_$$ext.man ;\ done ;\ fi >>extensions/libipt_matches.man EXTRAS += extensions/libip6t_targets.man extensions/libip6t_targets.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_TARGETS)) @for ext in $(PF6_EXT_MAN_TARGETS); do \ echo ".SS $$ext" ;\ cat extensions/libip6t_$$ext.man ;\ done >extensions/libip6t_targets.man @if [ -n "$(PF6_EXT_MAN_EXTRA_TARGETS)" ]; then \ extra=$(PF6_EXT_MAN_EXTRA_TARGETS) ;\ for ext in $${extra:-""}; do \ echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ cat extensions/libip6t_$$ext.man ;\ done ;\ fi >>extensions/libip6t_targets.man EXTRAS += extensions/libip6t_matches.man extensions/libip6t_matches.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_MATCHES)) @for ext in $(PF6_EXT_MAN_MATCHES); do \ echo ".SS $$ext" ;\ cat extensions/libip6t_$$ext.man ;\ done >extensions/libip6t_matches.man @if [ -n "$(PF6_EXT_MAN_EXTRA_MATCHES)" ]; then \ extra=$(PF6_EXT_MAN_EXTRA_MATCHES) ;\ for ext in $${extra:-""}; do \ echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ cat extensions/libip6t_$$ext.man ;\ done ;\ fi >>extensions/libip6t_matches.man $(DESTDIR)$(LIBDIR)/iptables/libipt_%.so: extensions/libipt_%.so @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables cp $< $@ $(DESTDIR)$(LIBDIR)/iptables/libip6t_%.so: extensions/libip6t_%.so @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables cp $< $@