From 79aba16c69e42498275c56a3d889a78efb22ae6d Mon Sep 17 00:00:00 2001
From: nico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 11 Nov 2005 21:15:16 +0000
Subject: [PATCH] backport iptables extension split introduced by
changeset:2412 (fix ticket:40), bump trunk release number
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2435 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
package/iptables/Config.in | 85 +++++++++++++++++--
package/iptables/Makefile | 54 ++++++++----
package/iptables/ipkg/iptables-extra.control | 4 +-
.../ipkg/iptables-mod-conntrack.control | 5 ++
.../iptables/ipkg/iptables-mod-extra.control | 5 ++
.../iptables/ipkg/iptables-mod-filter.control | 5 ++
.../iptables/ipkg/iptables-mod-ipopt.control | 5 ++
.../iptables/ipkg/iptables-mod-ipsec.control | 5 ++
.../iptables/ipkg/iptables-mod-nat.control | 5 ++
.../iptables/ipkg/iptables-mod-ulog.control | 5 ++
package/iptables/ipkg/iptables-utils.control | 2 +-
package/iptables/kernelconfig.mk | 43 ----------
12 files changed, 154 insertions(+), 69 deletions(-)
create mode 100644 package/iptables/ipkg/iptables-mod-conntrack.control
create mode 100644 package/iptables/ipkg/iptables-mod-extra.control
create mode 100644 package/iptables/ipkg/iptables-mod-filter.control
create mode 100644 package/iptables/ipkg/iptables-mod-ipopt.control
create mode 100644 package/iptables/ipkg/iptables-mod-ipsec.control
create mode 100644 package/iptables/ipkg/iptables-mod-nat.control
create mode 100644 package/iptables/ipkg/iptables-mod-ulog.control
delete mode 100644 package/iptables/kernelconfig.mk
diff --git a/package/iptables/Config.in b/package/iptables/Config.in
index 9529cd5cc..d89fcbaf3 100644
--- a/package/iptables/Config.in
+++ b/package/iptables/Config.in
@@ -15,23 +15,92 @@ config BR2_PACKAGE_IPTABLES
http://www.iptables.org/
-config BR2_PACKAGE_IPTABLES_UTILS
- prompt "iptables-utils.................. Save and restore utilities"
+config BR2_PACKAGE_IPTABLES_EXTRA
+ prompt "iptables-extra.................. Extra Iptables extensions for IPv4 firewalling (meta-package)"
tristate
default m if CONFIG_DEVEL
depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPTABLES_EXTRA
+ select BR2_PACKAGE_IPTABLES_MOD_CONNTRACK
+ select BR2_PACKAGE_IPTABLES_MOD_EXTRA
+ select BR2_PACKAGE_IPTABLES_MOD_FILTER
+ select BR2_PACKAGE_IPTABLES_MOD_IPOPT
+ select BR2_PACKAGE_IPTABLES_MOD_IPSEC
+ select BR2_PACKAGE_IPTABLES_MOD_NAT
+ select BR2_PACKAGE_IPTABLES_MOD_ULOG
help
- iptables-save and iptables-restore
-
- http://www.iptables.org/
+ Extra Iptables extensions for IPv4 firewalling (meta-package)
-config BR2_PACKAGE_IPTABLES_EXTRA
- prompt "iptables-extra.................. Extra modules not found elsewhere"
+config BR2_PACKAGE_IPTABLES_MOD_CONNTRACK
+ prompt "iptables-mod-conntrack.......... Iptables extensions for connection tracking"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_CONNTRACK
+ help
+ Iptables (IPv4) extensions for connection tracking
+
+config BR2_PACKAGE_IPTABLES_MOD_FILTER
+ prompt "iptables-mod-filter............. Iptables extension for packet content inspection"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_FILTER
+ help
+ Iptables (IPv4) extension for packet content inspection
+
+config BR2_PACKAGE_IPTABLES_MOD_IPOPT
+ prompt "iptables-mod-ipopt.............. Iptables extensions for matching/changing IP packet options"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_IPOPT
+ help
+ Extra Iptables (IPv4) extensions for matching/changing IP packet options
+
+config BR2_PACKAGE_IPTABLES_MOD_IPSEC
+ prompt "iptables-mod-ipsec.............. Iptables extensions for matching special IPsec packets"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_IPSEC
+ help
+ Iptables (IPv4) extensions for matching special IPsec packets
+
+config BR2_PACKAGE_IPTABLES_MOD_NAT
+ prompt "iptables-mod-nat................ Iptables extensions for different NAT targets"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_NAT
+ help
+ Iptables (IPv4) extensions for different NAT targets
+
+config BR2_PACKAGE_IPTABLES_MOD_ULOG
+ prompt "iptables-mod-ulog............... Iptables extensions for user-space packet logging"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_ULOG
+ help
+ Iptables (IPv4) extensions for user-space packet logging
+
+config BR2_PACKAGE_IPTABLES_MOD_EXTRA
+ prompt "iptables-mod-extra.............. Other extra Iptables extensions"
+ tristate
+ default m if CONFIG_DEVEL
+ depends BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_KMOD_IPT_EXTRA
+ help
+ Other extra Iptables (IPv4) extensions
+
+config BR2_PACKAGE_IPTABLES_UTILS
+ prompt "iptables-utils.................. Save and restore utilities"
tristate
default m if CONFIG_DEVEL
depends BR2_PACKAGE_IPTABLES
help
- Extra modules for iptables (kernel and user space)
+ iptables-save and iptables-restore for Iptables (IPv4)
http://www.iptables.org/
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index e40fa8e7d..a14d71a6f 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -1,11 +1,10 @@
# $Id$
include $(TOPDIR)/rules.mk
-include kernelconfig.mk
PKG_NAME:=iptables
PKG_VERSION:=1.3.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2.1
PKG_MD5SUM:=86d88455520cfdc56fd7ae27897a80a4
PKG_SOURCE_URL:=http://www.netfilter.org/files \
@@ -18,18 +17,50 @@ PKG_CAT:=bzcat
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+define IPKG_plugin_template
+
+$$(IPKG_$(1)):
+ install -m0755 -d $$(IDIR_$(1))/usr/lib/iptables
+ for m in $(2); do \
+ cp -fpR $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $$(IDIR_$(1))/usr/lib/iptables/ ; \
+ done
+ $(RSTRIP) $$(IDIR_$(1))
+ $(IPKG_BUILD) $$(IDIR_$(1)) $(PACKAGE_DIR)
+
+endef
+
include $(TOPDIR)/package/rules.mk
+include $(LINUX_DIR)/.config
+include $(TOPDIR)/target/linux/netfilter.mk
$(eval $(call PKG_template,IPTABLES,iptables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
$(eval $(call PKG_template,IPTABLES_EXTRA,iptables-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
$(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
$(eval $(call PKG_template,IP6TABLES,ip6tables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_CONNTRACK,iptables-mod-conntrack,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_EXTRA,iptables-mod-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_FILTER,iptables-mod-filter,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IMQ,iptables-mod-img,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IPOPT,iptables-mod-ipopt,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IPSEC,iptables-mod-ipsec,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_NAT,iptables-mod-nat,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_ULOG,iptables-mod-ulog,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_CONNTRACK,$(IPKG_IPTABLES_MOD_CONNTRACK-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_EXTRA,$(IPKG_IPTABLES_MOD_EXTRA-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_FILTER,$(IPKG_IPTABLES_MOD_FILTER-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IMQ,$(IPKG_IPTABLES_MOD_IMQ-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPOPT,$(IPKG_IPTABLES_MOD_IPOPT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPSEC,$(IPKG_IPTABLES_MOD_IPSEC-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_NAT,$(IPKG_IPTABLES_MOD_NAT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_ULOG,$(IPKG_IPTABLES_MOD_ULOG-m)))
+
$(PKG_BUILD_DIR)/.configured:
touch $@
$(PKG_BUILD_DIR)/.built:
- chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test
+ chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test*
mkdir -p $(PKG_INSTALL_DIR)
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
@@ -44,22 +75,14 @@ $(IPKG_IPTABLES):
cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables $(IDIR_IPTABLES)/usr/sbin/
install -d -m0755 $(IDIR_IPTABLES)/usr/lib/iptables
(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
- cp -fpR $(patsubst %,libipt_%.so,$(ext-y)) $(IDIR_IPTABLES)/usr/lib/iptables \
+ cp -fpR $(patsubst %,lib%.so,$(IPKG_IPTABLES-y)) $(IDIR_IPTABLES)/usr/lib/iptables/ \
)
$(RSTRIP) $(IDIR_IPTABLES)
$(IPKG_BUILD) $(IDIR_IPTABLES) $(PACKAGE_DIR)
-$(IPKG_IPTABLES_EXTRA):
- install -d -m0755 $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables
- (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
- cp -fpR $(patsubst %,libipt_%.so,$(ext-m)) $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables \
- )
- $(RSTRIP) $(IDIR_IPTABLES_EXTRA)
- $(IPKG_BUILD) $(IDIR_IPTABLES_EXTRA) $(PACKAGE_DIR)
-
$(IPKG_IPTABLES_UTILS):
install -d -m0755 $(IDIR_IPTABLES_UTILS)/usr/sbin
- cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin
+ cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin/
$(RSTRIP) $(IDIR_IPTABLES_UTILS)
$(IPKG_BUILD) $(IDIR_IPTABLES_UTILS) $(PACKAGE_DIR)
@@ -68,14 +91,15 @@ $(IPKG_IP6TABLES):
cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(IDIR_IP6TABLES)/usr/sbin/
install -d -m0755 $(IDIR_IP6TABLES)/usr/lib/iptables
(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
- cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables \
+ cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables/ \
)
$(RSTRIP) $(IDIR_IP6TABLES)
$(IPKG_BUILD) $(IDIR_IP6TABLES) $(PACKAGE_DIR)
$(STAGING_DIR)/usr/lib/libipq.a: $(PKG_BUILD_DIR)/.built
- mkdir -p $(STAGING_DIR)/usr/include/ $(STAGING_DIR)/usr/lib/
+ mkdir -p $(STAGING_DIR)/usr/include
cp -fpR $(PKG_INSTALL_DIR)/usr/include/libipq.h $(STAGING_DIR)/usr/include/
+ mkdir -p $(STAGING_DIR)/usr/lib
cp -fpR $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(STAGING_DIR)/usr/lib/
install-dev: $(STAGING_DIR)/usr/lib/libipq.a
diff --git a/package/iptables/ipkg/iptables-extra.control b/package/iptables/ipkg/iptables-extra.control
index 02feaf014..de04e4a51 100644
--- a/package/iptables/ipkg/iptables-extra.control
+++ b/package/iptables/ipkg/iptables-extra.control
@@ -1,5 +1,5 @@
Package: iptables-extra
Priority: optional
Section: net
-Description: Extra plugins for iptables
-Depends: kmod-iptables-extra
+Depends: kmod-iptables-extra, iptables-mod-conntrack, iptables-mod-extra, iptables-mod-filter, iptables-mod-ipopt, iptables-mod-ipsec, iptables-mod-nat, iptables-mod-ulog
+Description: Other extra Iptables extensions (meta-package)
diff --git a/package/iptables/ipkg/iptables-mod-conntrack.control b/package/iptables/ipkg/iptables-mod-conntrack.control
new file mode 100644
index 000000000..35f2afaac
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-conntrack.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-conntrack
+Priority: optional
+Section: net
+Depends: kmod-ipt-conntrack
+Description: Iptables (IPv4) extensions for connection tracking
diff --git a/package/iptables/ipkg/iptables-mod-extra.control b/package/iptables/ipkg/iptables-mod-extra.control
new file mode 100644
index 000000000..7111eab88
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-extra.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-extra
+Priority: optional
+Section: net
+Depends: kmod-ipt-extra
+Description: Other extra Iptables (IPv4) extensions
diff --git a/package/iptables/ipkg/iptables-mod-filter.control b/package/iptables/ipkg/iptables-mod-filter.control
new file mode 100644
index 000000000..30add3172
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-filter.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-filter
+Priority: optional
+Section: net
+Depends: kmod-ipt-filter
+Description: Iptables (IPv4) extension for packet content inspection
diff --git a/package/iptables/ipkg/iptables-mod-ipopt.control b/package/iptables/ipkg/iptables-mod-ipopt.control
new file mode 100644
index 000000000..4a8c72f40
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-ipopt.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-ipopt
+Priority: optional
+Section: net
+Depends: kmod-ipt-ipopt
+Description: Iptables (IPv4) extensions for matching/changing IP packet options
diff --git a/package/iptables/ipkg/iptables-mod-ipsec.control b/package/iptables/ipkg/iptables-mod-ipsec.control
new file mode 100644
index 000000000..caf8f182c
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-ipsec.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-ipsec
+Priority: optional
+Section: net
+Depends: kmod-ipt-ipsec
+Description: Iptables (IPv4) extensions for matching special IPsec packets
diff --git a/package/iptables/ipkg/iptables-mod-nat.control b/package/iptables/ipkg/iptables-mod-nat.control
new file mode 100644
index 000000000..f9d961333
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-nat.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-nat
+Priority: optional
+Section: net
+Depends: kmod-ipt-nat
+Description: Iptables (IPv4) extensions for different NAT targets
diff --git a/package/iptables/ipkg/iptables-mod-ulog.control b/package/iptables/ipkg/iptables-mod-ulog.control
new file mode 100644
index 000000000..b0aaa3d11
--- /dev/null
+++ b/package/iptables/ipkg/iptables-mod-ulog.control
@@ -0,0 +1,5 @@
+Package: iptables-mod-ulog
+Priority: optional
+Section: net
+Depends: kmod-ipt-ulog
+Description: Iptables (IPv4) extension for user-space packet logging
diff --git a/package/iptables/ipkg/iptables-utils.control b/package/iptables/ipkg/iptables-utils.control
index a56992488..6bbb2ed35 100644
--- a/package/iptables/ipkg/iptables-utils.control
+++ b/package/iptables/ipkg/iptables-utils.control
@@ -1,4 +1,4 @@
Package: iptables-utils
Priority: optional
Section: net
-Description: iptables-save and iptables-restore
+Description: iptables-save and iptables-restore for Iptables (IPv4)
diff --git a/package/iptables/kernelconfig.mk b/package/iptables/kernelconfig.mk
deleted file mode 100644
index 90d8bb521..000000000
--- a/package/iptables/kernelconfig.mk
+++ /dev/null
@@ -1,43 +0,0 @@
-include $(LINUX_DIR)/.config
-
-# translate linux kernel config to filenames
-ext-$(CONFIG_IP_NF_NAT) += SNAT DNAT
-ext-$(CONFIG_IP_NF_MATCH_LIMIT) += limit
-ext-$(CONFIG_IP_NF_MATCH_MAC) += mac
-ext-$(CONFIG_IP_NF_MATCH_PKTTYPE) += pkttype
-ext-$(CONFIG_IP_NF_MATCH_MARK) += mark
-ext-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
-ext-$(CONFIG_IP_NF_MATCH_TOS) += tos
-ext-$(CONFIG_IP_NF_MATCH_RECENT) += recent
-ext-$(CONFIG_IP_NF_MATCH_ECN) += ecn
-ext-$(CONFIG_IP_NF_MATCH_IPP2P) += ipp2p
-ext-$(CONFIG_IP_NF_MATCH_SET) += set
-ext-$(CONFIG_IP_NF_MATCH_DSCP) += dscp
-ext-$(CONFIG_IP_NF_MATCH_AH_ESP) += ah esp
-ext-$(CONFIG_IP_NF_MATCH_LENGTH) += length
-ext-$(CONFIG_IP_NF_MATCH_TTL) += ttl
-ext-$(CONFIG_IP_NF_MATCH_TCPMSS) += tcpmss
-ext-$(CONFIG_IP_NF_MATCH_HELPER) += helper
-ext-$(CONFIG_IP_NF_MATCH_CONNMARK) += connmark
-#ext-$(CONFIG_IP_NF_MATCH_STATE) += state
-#ext-$(CONFIG_IP_NF_MATCH_CONNTRACK) += conntrack
-ext-$(CONFIG_IP_NF_MATCH_UNCLEAN) += unclean
-ext-$(CONFIG_IP_NF_MATCH_OWNER) += owner
-ext-$(CONFIG_IP_NF_MATCH_PHYSDEV) += physdev
-ext-$(CONFIG_IP_NF_MATCH_LAYER7) += layer7
-#ext-$(CONFIG_IP_NF_TARGET_MASQUERADE) += MASQUERADE
-ext-$(CONFIG_IP_NF_TARGET_REDIRECT) += REDIRECT
-ext-$(CONFIG_IP_NF_TARGET_REJECT) += REJECT
-ext-$(CONFIG_IP_NF_TARGET_TOS) += TOS
-ext-$(CONFIG_IP_NF_TARGET_ECN) += ECN
-ext-$(CONFIG_IP_NF_TARGET_DSCP) += DSCP
-ext-$(CONFIG_IP_NF_TARGET_MARK) += MARK
-#ext-$(CONFIG_IP_NF_TARGET_LOG) += LOG
-ext-$(CONFIG_IP_NF_TARGET_ULOG) += ULOG
-#ext-$(CONFIG_IP_NF_TARGET_TCPMSS) += TCPMSS
-ext-$(CONFIG_IP_NF_TARGET_NETMAP) += NETMAP
-ext-$(CONFIG_IP_NF_TARGET_CONNMARK) += CONNMARK
-
-# add extensions that don't depend on kernel config
-ext-m += TTL
-ext-y += icmp standard tcp udp state MASQUERADE conntrack TCPMSS LOG
--
2.20.1