package/iptables/Makefile

   1 #
   2 # Copyright (C) 2006-2009 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9 include $(INCLUDE_DIR)/kernel.mk
  10
  11 PKG_NAME:=iptables
  12 PKG_VERSION:=1.4.4
  13 PKG_RELEASE:=2
  14
  15 PKG_MD5SUM:=08cd9196881657ea0615d926334cb7e9
  16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
  17 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
  18         ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
  19         ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
  20         ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
  21
  22 PKG_FIXUP = libtool
  23
  24 include $(INCLUDE_DIR)/package.mk
  25 ifeq ($(DUMP),)
  26   -include $(LINUX_DIR)/.config
  27   include $(INCLUDE_DIR)/netfilter.mk
  28   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
  29 endif
  30
  31
  32 define Package/iptables/Default
  33   SECTION:=net
  34   CATEGORY:=Base system
  35   URL:=http://netfilter.org/
  36 endef
  37
  38 define Package/iptables/Module
  39 $(call Package/iptables/Default)
  40   DEPENDS:=iptables $(1)
  41 endef
  42
  43 define Package/iptables
  44 $(call Package/iptables/Default)
  45   TITLE:=IPv4 firewall administration tool
  46   MENU:=1
  47   DEPENDS+= +kmod-ipt-core +libiptc +libxtables
  48 endef
  49
  50 define Package/iptables/description
  51  IPv4 firewall administration tool.
  52  Includes support for:
  53  - limit
  54  - LOG
  55  - mac
  56  - multiport
  57  - REJECT
  58  - TCPMSS
  59 endef
  60
  61 define Package/iptables-mod-conntrack
  62 $(call Package/iptables/Module, +kmod-ipt-conntrack)
  63   TITLE:=Basic connection tracking extensions
  64 endef
  65
  66 define Package/iptables-mod-conntrack/description
  67  Basic iptables extensions for connection tracking.
  68  Includes:
  69  - state
  70 endef
  71
  72 define Package/iptables-mod-conntrack-extra
  73 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
  74   TITLE:=Extra connection tracking extensions
  75 endef
  76
  77 define Package/iptables-mod-conntrack-extra/description
  78  Extra iptables extensions for connection tracking.
  79  Includes:
  80  - libipt_conntrack
  81  - libipt_helper
  82  - libipt_connmark/CONNMARK
  83 endef
  84
  85 define Package/iptables-mod-filter
  86 $(call Package/iptables/Module, +kmod-ipt-filter)
  87   TITLE:=Content inspection extensions
  88 endef
  89
  90 define Package/iptables-mod-filter/description
  91  iptables extensions for packet content inspection.
  92  Includes:
  93  - libipt_string
  94  - libipt_layer7
  95 endef
  96
  97 define Package/iptables-mod-imq
  98 $(call Package/iptables/Module, +kmod-ipt-imq)
  99   TITLE:=IMQ support
 100 endef
 101
 102 define Package/iptables-mod-imq/description
 103  iptables extension for IMQ support.
 104  Includes:
 105  - libipt_IMQ
 106 endef
 107
 108 define Package/iptables-mod-ipopt
 109 $(call Package/iptables/Module, +kmod-ipt-ipopt)
 110   TITLE:=IP/Packet option extensions
 111 endef
 112
 113 define Package/iptables-mod-ipopt/description
 114  iptables extensions for matching/changing IP packet options.
 115  Includes:
 116  - libipt_CLASSIFY
 117  - libipt_dscp/DSCP
 118  - libipt_ecn/ECN
 119  - libipt_length
 120  - libipt_mac
 121  - libipt_mark/MARK
 122  - libipt_statistic
 123  - libipt_tcpmms
 124  - libipt_tos/TOS
 125  - libipt_ttl/TTL
 126  - libipt_unclean
 127 endef
 128
 129 define Package/iptables-mod-ipsec
 130 $(call Package/iptables/Module, +kmod-ipt-ipsec)
 131   TITLE:=IPsec extensions
 132 endef
 133
 134 define Package/iptables-mod-ipsec/description
 135  iptables extensions for matching ipsec traffic.
 136  Includes:
 137  - libipt_ah
 138  - libipt_esp
 139  - libipt_policy
 140 endef
 141
 142 define Package/iptables-mod-nat
 143 $(call Package/iptables/Module, +kmod-ipt-nat)
 144   TITLE:=Basic NAT extensions
 145 endef
 146
 147 define Package/iptables-mod-nat/description
 148  iptables extensions for basic NAT targets.
 149  Includes:
 150  - MASQUERADE
 151  - SNAT
 152  - DNAT
 153 endef
 154
 155 define Package/iptables-mod-nat-extra
 156 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
 157   TITLE:=Extra NAT extensions
 158 endef
 159
 160 define Package/iptables-mod-nat-extra/description
 161  iptables extensions for extra NAT targets.
 162  Includes:
 163  - REDIRECT
 164 endef
 165
 166 define Package/iptables-mod-ulog
 167 $(call Package/iptables/Module, +kmod-ipt-ulog)
 168   TITLE:=user-space packet logging
 169 endef
 170
 171 define Package/iptables-mod-ulog/description
 172  iptables extensions for user-space packet logging.
 173  Includes:
 174  - libipt_ULOG
 175 endef
 176
 177 define Package/iptables-mod-iprange
 178 $(call Package/iptables/Module, +kmod-ipt-iprange)
 179   TITLE:=IP range extension
 180 endef
 181
 182 define Package/iptables-mod-iprange/description
 183  iptables extensions for matching ip ranges.
 184  Includes:
 185  - libipt_iprange
 186 endef
 187
 188 define Package/iptables-mod-extra
 189 $(call Package/iptables/Module, +kmod-ipt-extra)
 190   TITLE:=Other extra iptables extensions
 191 endef
 192
 193 define Package/iptables-mod-extra/description
 194  other extra iptables extensions.
 195  Includes:
 196  - libipt_owner
 197  - libipt_physdev
 198  - libipt_pkttype
 199  - libipt_recent
 200  - iptable_raw
 201  - libipt_NOTRACK
 202 endef
 203
 204 define Package/iptables-utils
 205 $(call Package/iptables/Module, )
 206   TITLE:=iptables save and restore utilities
 207 endef
 208
 209 define Package/ip6tables
 210 $(call Package/iptables/Default)
 211   DEPENDS:=+kmod-ip6tables
 212   CATEGORY:=IPv6
 213   TITLE:=IPv6 firewall administration tool
 214   MENU:=1
 215 endef
 216
 217 define Package/ip6tables-utils
 218 $(call Package/iptables/Default)
 219   DEPENDS:=ip6tables
 220   CATEGORY:=IPv6
 221   TITLE:=ip6tables save and restore utilities
 222 endef
 223
 224 define Package/libiptc
 225 $(call Package/iptables/Default)
 226   SECTION:=libs
 227   CATEGORY:=Libraries
 228   TITLE:=IPv4/IPv6 firewall - shared libiptc library
 229 endef
 230
 231 define Package/libxtables
 232  $(call Package/iptables/Default)
 233  SECTION:=libs
 234  CATEGORY:=Libraries
 235  TITLE:=IPv4/IPv6 firewall - shared xtables library
 236 endef
 237
 238
 239 TARGET_CPPFLAGS := \
 240         -I$(PKG_BUILD_DIR)/include \
 241         -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
 242         $(TARGET_CPPFLAGS)
 243
 244 CONFIGURE_ARGS += \
 245         --enable-shared \
 246         --enable-static \
 247         --enable-devel \
 248         --enable-ipv6 \
 249         --with-kernel="$(LINUX_DIR)" \
 250         --with-xtlibdir=/usr/lib/iptables
 251
 252 IPTABLES_MAKEOPTS = \
 253                 $(TARGET_CONFIGURE_OPTS) \
 254                 COPT_FLAGS="$(TARGET_CFLAGS)" \
 255                 LDFLAGS="-rdynamic -static-libgcc" \
 256                 KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
 257                 KBUILD_OUTPUT="$(LINUX_DIR)" \
 258                 DESTDIR="$(PKG_INSTALL_DIR)" \
 259                 all install $(MAKE_TARGETS)
 260
 261 define Build/Compile
 262         mkdir -p $(PKG_INSTALL_DIR)
 263         $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS)
 264         $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS)
 265 endef
 266
 267 define Build/InstallDev
 268         mkdir -p $(1)/usr/include
 269         mkdir -p $(1)/usr/include/iptables
 270         mkdir -p $(1)/usr/include/net/netfilter
 271
 272         # XXX: iptables header fixup, some headers are not installed by iptables anymore
 273         $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
 274         $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
 275         $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
 276         $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
 277         $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
 278         $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
 279
 280         $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
 281         mkdir -p $(1)/usr/lib
 282         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.{a,so*} $(1)/usr/lib/
 283         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.{a,so*} $(1)/usr/lib/
 284         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(1)/usr/lib/
 285         mkdir -p $(1)/usr/lib/pkgconfig
 286         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
 287         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
 288 endef
 289
 290 define Package/iptables/install
 291         $(INSTALL_DIR) $(1)/usr/sbin
 292         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
 293         $(INSTALL_DIR) $(1)/usr/lib/iptables
 294         (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
 295                 for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
 296                         if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
 297                                 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
 298                         fi; \
 299                 done \
 300         )
 301 endef
 302
 303 define Package/iptables-utils/install
 304         $(INSTALL_DIR) $(1)/usr/sbin
 305         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(1)/usr/sbin/
 306 endef
 307
 308 define Package/ip6tables/install
 309         $(INSTALL_DIR) $(1)/usr/sbin
 310         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
 311         $(INSTALL_DIR) $(1)/usr/lib/iptables
 312         (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
 313                 $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
 314         )
 315 endef
 316
 317 define Package/ip6tables-utils/install
 318         $(INSTALL_DIR) $(1)/usr/sbin
 319         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-{save,restore} $(1)/usr/sbin/
 320 endef
 321
 322 define Package/libiptc/install
 323         $(INSTALL_DIR) $(1)/usr/lib
 324         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
 325 endef
 326
 327 define Package/libxtables/install
 328         $(INSTALL_DIR) $(1)/usr/lib
 329         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
 330 endef
 331
 332 define BuildPlugin
 333   define Package/$(1)/install
 334         $(INSTALL_DIR) $$(1)/usr/lib/iptables
 335         for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
 336                 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
 337                         $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
 338                 fi; \
 339         done
 340         $(3)
 341   endef
 342
 343   $$(eval $$(call BuildPackage,$(1)))
 344 endef
 345
 346 L7_INSTALL:=\
 347         $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
 348         $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
 349
 350
 351 $(eval $(call BuildPackage,iptables))
 352 $(eval $(call BuildPackage,iptables-utils))
 353 $(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
 354 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
 355 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
 356 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
 357 $(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
 358 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
 359 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
 360 $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
 361 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
 362 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
 363 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
 364 $(eval $(call BuildPackage,ip6tables))
 365 $(eval $(call BuildPackage,ip6tables-utils))
 366 $(eval $(call BuildPackage,libiptc))
 367 $(eval $(call BuildPackage,libxtables))