projects / openwrt / staging / wigyori.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add PKG_CPE_ID ids to package and tools
[openwrt/staging/wigyori.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.6.1
13 PKG_RELEASE:=1
14
15 PKG_SOURCE_PROTO:=git
16 PKG_SOURCE_URL:=https://git.netfilter.org/iptables
17 PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487
18 PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14
19
20 PKG_FIXUP:=autoreconf
21
22 PKG_INSTALL:=1
23 PKG_BUILD_PARALLEL:=1
24 PKG_LICENSE:=GPL-2.0
25 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
26
27 include $(INCLUDE_DIR)/package.mk
28 ifeq ($(DUMP),)
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
32 endif
33
34
35 define Package/iptables/Default
36 SECTION:=net
37 CATEGORY:=Network
38 SUBMENU:=Firewall
39 URL:=http://netfilter.org/
40 endef
41
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=iptables $(1)
45 endef
46
47 define Package/iptables
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
50 MENU:=1
51 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
52 endef
53
54 define Package/iptables/config
55 config IPTABLES_CONNLABEL
56 bool "Enable Connlabel support"
57 default n
58 help
59 This enable connlabel support in iptables.
60
61 config IPTABLES_NFTABLES
62 bool "Enable Nftables support"
63 default n
64 help
65 This enable nftables support in iptables.
66 endef
67
68 define Package/iptables/description
69 IP firewall administration tool.
70
71 Matches:
72 - icmp
73 - tcp
74 - udp
75 - comment
76 - conntrack
77 - limit
78 - mac
79 - mark
80 - multiport
81 - set
82 - state
83 - time
84
85 Targets:
86 - ACCEPT
87 - CT
88 - DNAT
89 - DROP
90 - REJECT
91 - LOG
92 - MARK
93 - MASQUERADE
94 - REDIRECT
95 - SET
96 - SNAT
97 - TCPMSS
98
99 Tables:
100 - filter
101 - mangle
102 - nat
103 - raw
104
105 endef
106
107 define Package/iptables-mod-conntrack-extra
108 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
109 TITLE:=Extra connection tracking extensions
110 endef
111
112 define Package/iptables-mod-conntrack-extra/description
113 Extra iptables extensions for connection tracking.
114
115 Matches:
116 - connbytes
117 - connlimit
118 - connmark
119 - recent
120 - helper
121
122 Targets:
123 - CONNMARK
124
125 endef
126
127 define Package/iptables-mod-filter
128 $(call Package/iptables/Module, +kmod-ipt-filter)
129 TITLE:=Content inspection extensions
130 endef
131
132 define Package/iptables-mod-filter/description
133 iptables extensions for packet content inspection.
134 Includes support for:
135
136 Matches:
137 - string
138
139 endef
140
141 define Package/iptables-mod-ipopt
142 $(call Package/iptables/Module, +kmod-ipt-ipopt)
143 TITLE:=IP/Packet option extensions
144 endef
145
146 define Package/iptables-mod-ipopt/description
147 iptables extensions for matching/changing IP packet options.
148
149 Matches:
150 - dscp
151 - ecn
152 - length
153 - statistic
154 - tcpmss
155 - unclean
156 - hl
157
158 Targets:
159 - DSCP
160 - CLASSIFY
161 - ECN
162 - HL
163
164 endef
165
166 define Package/iptables-mod-ipsec
167 $(call Package/iptables/Module, +kmod-ipt-ipsec)
168 TITLE:=IPsec extensions
169 endef
170
171 define Package/iptables-mod-ipsec/description
172 iptables extensions for matching ipsec traffic.
173
174 Matches:
175 - ah
176 - esp
177 - policy
178
179 endef
180
181 define Package/iptables-mod-nat-extra
182 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
183 TITLE:=Extra NAT extensions
184 endef
185
186 define Package/iptables-mod-nat-extra/description
187 iptables extensions for extra NAT targets.
188
189 Targets:
190 - MIRROR
191 - NETMAP
192 endef
193
194 define Package/iptables-mod-ulog
195 $(call Package/iptables/Module, +kmod-ipt-ulog)
196 TITLE:=user-space packet logging
197 endef
198
199 define Package/iptables-mod-ulog/description
200 iptables extensions for user-space packet logging.
201
202 Targets:
203 - ULOG
204
205 endef
206
207 define Package/iptables-mod-nflog
208 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
209 TITLE:=Netfilter NFLOG target
210 endef
211
212 define Package/iptables-mod-nflog/description
213 iptables extension for user-space logging via NFNETLINK.
214
215 Includes:
216 - libxt_NFLOG
217
218 endef
219
220 define Package/iptables-mod-trace
221 $(call Package/iptables/Module, +kmod-ipt-debug +kmod-ipt-raw)
222 TITLE:=Netfilter TRACE target
223 endef
224
225 define Package/iptables-mod-trace/description
226 iptables extension for TRACE target
227
228 Includes:
229 - libxt_TRACE
230
231 endef
232
233
234 define Package/iptables-mod-nfqueue
235 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
236 TITLE:=Netfilter NFQUEUE target
237 endef
238
239 define Package/iptables-mod-nfqueue/description
240 iptables extension for user-space queuing via NFNETLINK.
241
242 Includes:
243 - libxt_NFQUEUE
244
245 endef
246
247 define Package/iptables-mod-hashlimit
248 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
249 TITLE:=hashlimit matching
250 endef
251
252 define Package/iptables-mod-hashlimit/description
253 iptables extensions for hashlimit matching
254
255 Matches:
256 - hashlimit
257
258 endef
259
260 define Package/iptables-mod-rpfilter
261 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
262 TITLE:=rpfilter iptables extension
263 endef
264
265 define Package/iptables-mod-rpfilter/description
266 iptables extensions for reverse path filter test on a packet
267
268 Matches:
269 - rpfilter
270
271 endef
272
273 define Package/iptables-mod-iprange
274 $(call Package/iptables/Module, +kmod-ipt-iprange)
275 TITLE:=IP range extension
276 endef
277
278 define Package/iptables-mod-iprange/description
279 iptables extensions for matching ip ranges.
280
281 Matches:
282 - iprange
283
284 endef
285
286 define Package/iptables-mod-cluster
287 $(call Package/iptables/Module, +kmod-ipt-cluster)
288 TITLE:=Match cluster extension
289 endef
290
291 define Package/iptables-mod-cluster/description
292 iptables extensions for matching cluster.
293
294 Netfilter (IPv4/IPv6) module for matching cluster
295 This option allows you to build work-load-sharing clusters of
296 network servers/stateful firewalls without having a dedicated
297 load-balancing router/server/switch. Basically, this match returns
298 true when the packet must be handled by this cluster node. Thus,
299 all nodes see all packets and this match decides which node handles
300 what packets. The work-load sharing algorithm is based on source
301 address hashing.
302
303 This module is usable for ipv4 and ipv6.
304
305 If you select it, it enables kmod-ipt-cluster.
306
307 see `iptables -m cluster --help` for more information.
308 endef
309
310 define Package/iptables-mod-clusterip
311 $(call Package/iptables/Module, +kmod-ipt-clusterip)
312 TITLE:=Clusterip extension
313 endef
314
315 define Package/iptables-mod-clusterip/description
316 iptables extensions for CLUSTERIP.
317 The CLUSTERIP target allows you to build load-balancing clusters of
318 network servers without having a dedicated load-balancing
319 router/server/switch.
320
321 If you select it, it enables kmod-ipt-clusterip.
322
323 see `iptables -j CLUSTERIP --help` for more information.
324 endef
325
326 define Package/iptables-mod-extra
327 $(call Package/iptables/Module, +kmod-ipt-extra)
328 TITLE:=Other extra iptables extensions
329 endef
330
331 define Package/iptables-mod-extra/description
332 Other extra iptables extensions.
333
334 Matches:
335 - addrtype
336 - condition
337 - owner
338 - physdev (if ebtables is enabled)
339 - pkttype
340 - quota
341
342 endef
343
344 define Package/iptables-mod-led
345 $(call Package/iptables/Module, +kmod-ipt-led)
346 TITLE:=LED trigger iptables extension
347 endef
348
349 define Package/iptables-mod-led/description
350 iptables extension for triggering a LED.
351
352 Targets:
353 - LED
354
355 endef
356
357 define Package/iptables-mod-tproxy
358 $(call Package/iptables/Module, +kmod-ipt-tproxy)
359 TITLE:=Transparent proxy iptables extensions
360 endef
361
362 define Package/iptables-mod-tproxy/description
363 Transparent proxy iptables extensions.
364
365 Matches:
366 - socket
367
368 Targets:
369 - TPROXY
370
371 endef
372
373 define Package/iptables-mod-tee
374 $(call Package/iptables/Module, +kmod-ipt-tee)
375 TITLE:=TEE iptables extensions
376 endef
377
378 define Package/iptables-mod-tee/description
379 TEE iptables extensions.
380
381 Targets:
382 - TEE
383
384 endef
385
386 define Package/iptables-mod-u32
387 $(call Package/iptables/Module, +kmod-ipt-u32)
388 TITLE:=U32 iptables extensions
389 endef
390
391 define Package/iptables-mod-u32/description
392 U32 iptables extensions.
393
394 Matches:
395 - u32
396
397 endef
398
399 define Package/iptables-mod-checksum
400 $(call Package/iptables/Module, +kmod-ipt-checksum)
401 TITLE:=IP CHECKSUM target extension
402 endef
403
404 define Package/iptables-mod-checksum/description
405 iptables extension for the CHECKSUM calculation target
406 endef
407
408 define Package/ip6tables
409 $(call Package/iptables/Default)
410 DEPENDS:=@IPV6 +kmod-ip6tables +iptables
411 CATEGORY:=Network
412 TITLE:=IPv6 firewall administration tool
413 MENU:=1
414 endef
415
416
417 define Package/ip6tables-extra
418 $(call Package/iptables/Default)
419 DEPENDS:=ip6tables +kmod-ip6tables-extra
420 TITLE:=IPv6 header matching modules
421 endef
422
423 define Package/ip6tables-mod-extra/description
424 iptables header matching modules for IPv6
425 endef
426
427 define Package/ip6tables-mod-nat
428 $(call Package/iptables/Default)
429 DEPENDS:=ip6tables +kmod-ipt-nat6
430 TITLE:=IPv6 NAT extensions
431 endef
432
433 define Package/ip6tables-mod-nat/description
434 iptables extensions for IPv6-NAT targets.
435 endef
436
437 define Package/libiptc
438 $(call Package/iptables/Default)
439 SECTION:=libs
440 CATEGORY:=Libraries
441 DEPENDS:=+libip4tc +libip6tc +libxtables
442 ABI_VERSION:=$(PKG_VERSION)
443 TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
444 endef
445
446 define Package/libip4tc
447 $(call Package/iptables/Default)
448 SECTION:=libs
449 CATEGORY:=Libraries
450 TITLE:=IPv4 firewall - shared libiptc library
451 ABI_VERSION:=$(PKG_VERSION)
452 DEPENDS:=+libxtables
453 endef
454
455 define Package/libip6tc
456 $(call Package/iptables/Default)
457 SECTION:=libs
458 CATEGORY:=Libraries
459 TITLE:=IPv6 firewall - shared libiptc library
460 ABI_VERSION:=$(PKG_VERSION)
461 DEPENDS:=+libxtables
462 endef
463
464 define Package/libxtables
465 $(call Package/iptables/Default)
466 SECTION:=libs
467 CATEGORY:=Libraries
468 TITLE:=IPv4/IPv6 firewall - shared xtables library
469 ABI_VERSION:=$(PKG_VERSION)
470 DEPENDS:= \
471 +IPTABLES_CONNLABEL:libnetfilter-conntrack \
472 +IPTABLES_NFTABLES:libnftnl
473 endef
474
475 TARGET_CPPFLAGS := \
476 -I$(PKG_BUILD_DIR)/include \
477 -I$(LINUX_DIR)/user_headers/include \
478 $(TARGET_CPPFLAGS)
479
480 TARGET_CFLAGS += \
481 -I$(PKG_BUILD_DIR)/include \
482 -I$(LINUX_DIR)/user_headers/include \
483 -ffunction-sections -fdata-sections \
484 -DNO_LEGACY
485
486 TARGET_LDFLAGS += \
487 -Wl,--gc-sections
488
489 CONFIGURE_ARGS += \
490 --enable-shared \
491 --enable-static \
492 --enable-devel \
493 --with-kernel="$(LINUX_DIR)/user_headers" \
494 --with-xtlibdir=/usr/lib/iptables \
495 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
496 $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
497 $(if $(CONFIG_IPV6),,--disable-ipv6)
498
499 MAKE_FLAGS := \
500 $(TARGET_CONFIGURE_OPTS) \
501 COPT_FLAGS="$(TARGET_CFLAGS)" \
502 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
503 KBUILD_OUTPUT="$(LINUX_DIR)" \
504 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
505
506 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
507 define Build/Configure/rebuild
508 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
509 rm -f $(PKG_BUILD_DIR)/.config_*
510 rm -f $(PKG_BUILD_DIR)/.configured_*
511 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
512 endef
513 endif
514
515 define Build/Configure
516 $(Build/Configure/rebuild)
517 $(Build/Configure/Default)
518 endef
519
520 define Build/InstallDev
521 $(INSTALL_DIR) $(1)/usr/include
522 $(INSTALL_DIR) $(1)/usr/include/iptables
523 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
524
525 # XXX: iptables header fixup, some headers are not installed by iptables anymore
526 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
527 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
528 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
529 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
530 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
531
532 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
533 $(INSTALL_DIR) $(1)/usr/lib
534 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
535 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
536 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
537 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
538 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
539
540 # XXX: needed by firewall3
541 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
542 endef
543
544 define Package/iptables/install
545 $(INSTALL_DIR) $(1)/usr/sbin
546 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
547 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
548 $(INSTALL_DIR) $(1)/usr/lib/iptables
549 endef
550
551 define Package/ip6tables/install
552 $(INSTALL_DIR) $(1)/usr/sbin
553 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
554 endef
555
556 define Package/libiptc/install
557 $(INSTALL_DIR) $(1)/usr/lib
558 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
559 endef
560
561 define Package/libip4tc/install
562 $(INSTALL_DIR) $(1)/usr/lib
563 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
564 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
565 endef
566
567 define Package/libip6tc/install
568 $(INSTALL_DIR) $(1)/usr/lib
569 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
570 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
571 endef
572
573 define Package/libxtables/install
574 $(INSTALL_DIR) $(1)/usr/lib
575 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
576 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
577 endef
578
579 define BuildPlugin
580 define Package/$(1)/install
581 $(INSTALL_DIR) $$(1)/usr/lib/iptables
582 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
583 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
584 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
585 fi; \
586 done
587 $(3)
588 endef
589
590 $$(eval $$(call BuildPackage,$(1)))
591 endef
592
593 $(eval $(call BuildPackage,iptables))
594 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
595 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
596 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
597 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
598 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
599 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
600 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
601 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
602 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
603 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
604 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
605 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
606 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
607 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
608 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
609 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
610 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
611 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
612 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
613 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
614 $(eval $(call BuildPackage,ip6tables))
615 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
616 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
617 $(eval $(call BuildPackage,libiptc))
618 $(eval $(call BuildPackage,libip4tc))
619 $(eval $(call BuildPackage,libip6tc))
620 $(eval $(call BuildPackage,libxtables))
Staging tree of Zoltan Herpai