1# uncomment this to get a fully statically linked version
2# NO_SHARED_LIBS = 1
3
4# uncomment this to disable IPv6 support
5# DO_IPV6 = 0
6
7######################################################################
8# YOU SHOULD NOT NEED TO TOUCH ANYTHING BELOW THIS LINE
9######################################################################
10
11# Standard part of Makefile for topdir.
12TOPLEVEL_INCLUDED=YES
13
14ifndef KERNEL_DIR
15KERNEL_DIR="/lib/modules/$(shell uname -r)/build"
16endif
17IPTABLES_VERSION:=1.3.8
18OLD_IPTABLES_VERSION:=1.3.7
19
20PREFIX:=/usr/local
21LIBDIR:=$(PREFIX)/lib
22BINDIR:=$(PREFIX)/sbin
23MANDIR:=$(PREFIX)/man
24INCDIR:=$(PREFIX)/include
25
26# directory for new iptables releases
27RELEASE_DIR:=/tmp
28
29ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES)
30DO_IPV6:=1
31endif
32
33# Enable linking to libselinux via enviornment 'DO_SELINUX=1'
34ifndef DO_SELINUX
35DO_SELINUX=0
36endif
37
38COPT_FLAGS:=-O2
39CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
40
41ifdef NO_SHARED_LIBS
42CFLAGS += -DNO_SHARED_LIBS=1
43endif
44
45EXTRAS+=iptables iptables.o iptables.8
46EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8
47
48# No longer experimental.
49ifneq ($(DO_MULTI), 1)
50EXTRAS+=iptables-save iptables-restore iptables-xml
51endif
52EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/iptables-xml $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
53
54ifeq ($(DO_IPV6), 1)
55EXTRAS+=ip6tables ip6tables.o ip6tables.8
56EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
57EXTRAS_EXP+=ip6tables-save ip6tables-restore
58EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
59endif
60
61# Sparc64 hack
62ifeq ($(shell uname -m),sparc64)
63	POINTERTEST:=1
64	32bituser := $(shell echo -e "\#include <stdio.h>\n\#if !defined(__sparcv9) && !defined(__arch64__) && !defined(_LP64)\nuserspace_is_32bit\n\#endif" | $(CC) $(CFLAGS) -E - | grep userspace_is_32bit)
65	ifdef 32bituser
66		# The kernel is 64-bit, even though userspace is 32.
67		CFLAGS+=-DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
68	else
69		EXT_LDFLAGS+=-Wl,-m,elf64_sparc
70	endif
71endif
72
73# Alpha only has 64bit userspace and fails the test below
74ifeq ($(shell uname -m), alpha)
75	POINTERTEST:=1
76endif
77
78# Generic test if arch wasn't found above
79ifneq ($(POINTERTEST),1)
80	# Try to determine if kernel is 64bit and we are compiling for 32bit
81	ifeq ($(shell [ -d $(KERNEL_DIR)/include/asm ] && echo YES), YES)
82		64bitkernel := $(shell echo -e "\#include <asm/types.h>\n\#if BITS_PER_LONG == 64\nkernel_is_64bits\n\#endif" | $(CC) $(CFLAGS) -D__KERNEL__ -E - | grep kernel_is_64bits)
83		ifdef 64bitkernel
84			32bituser := $(shell echo -e "\#include <stdio.h>\n\#if !defined(__arch64__) && !defined(_LP64)\nuserspace_is_32bit\n\#endif" | $(CC) $(CFLAGS) -E - | grep userspace_is_32bit)
85			ifdef 32bituser
86				CFLAGS+=-DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
87			endif
88		endif
89	else
90		CFLAGS+=-D_UNKNOWN_KERNEL_POINTER_SIZE
91	endif
92endif
93
94ifndef IPT_LIBDIR
95IPT_LIBDIR:=$(LIBDIR)/iptables
96endif
97
98ifndef NO_SHARED_LIBS
99DEPFILES = $(SHARED_LIBS:%.so=%.d)
100DEPFILES += $(SHARED_SE_LIBS:%.so=%.d)
101SH_CFLAGS:=$(CFLAGS) -fPIC
102STATIC_LIBS  =
103STATIC6_LIBS =
104LDFLAGS      = -rdynamic
105LDLIBS       = -ldl
106ifeq ($(DO_SELINUX), 1)
107LDLIBS       += -lselinux
108endif
109else
110DEPFILES = $(EXT_OBJS:%.o=%.d)
111STATIC_LIBS  = extensions/libext.a
112STATIC6_LIBS = extensions/libext6.a
113LDFLAGS      = -static
114LDLIBS	     =
115ifeq ($(DO_SELINUX), 1)
116LDLIBS       += -lselinux
117endif
118endif
119
120.PHONY: default
121default: print-extensions all
122
123.PHONY: print-extensions
124print-extensions:
125	@[ -n "$(OPTIONALS)" ] && echo Extensions found: $(OPTIONALS)
126
127iptables.o: iptables.c
128	$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
129
130ifeq ($(DO_MULTI), 1)
131iptables: iptables-multi.c iptables-save.c iptables-restore.c iptables-xml.c iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
132	$(CC) $(CFLAGS) -DIPTABLES_MULTI -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
133else
134iptables: iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
135	$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
136endif
137
138$(DESTDIR)$(BINDIR)/iptables: iptables
139	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
140	cp $< $@
141
142iptables-save: iptables-save.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
143	$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
144
145ifeq ($(DO_MULTI), 1)
146$(DESTDIR)$(BINDIR)/iptables-save: iptables
147	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
148	ln -sf $< $@
149else
150$(DESTDIR)$(BINDIR)/iptables-save: iptables-save
151	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
152	cp $< $@
153endif
154
155iptables-restore: iptables-restore.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
156	$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
157
158ifeq ($(DO_MULTI), 1)
159$(DESTDIR)$(BINDIR)/iptables-restore: iptables
160	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
161	ln -sf $< $@
162else
163$(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore
164	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
165	cp $< $@
166endif
167
168iptables-xml: iptables-xml.c #iptables.o # $(STATIC_LIBS) libiptc/libiptc.a
169	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
170
171ifeq ($(DO_MULTI), 1)
172$(DESTDIR)$(BINDIR)/iptables-xml: iptables
173	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
174	ln -sf $< $@
175else
176$(DESTDIR)$(BINDIR)/iptables-xml: iptables-xml
177	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
178	cp $< $@
179endif
180
181ip6tables.o: ip6tables.c
182	$(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
183
184ip6tables: ip6tables-standalone.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
185	$(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
186
187$(DESTDIR)$(BINDIR)/ip6tables: ip6tables
188	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
189	cp $< $@
190
191ip6tables-save: ip6tables-save.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
192	$(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
193
194$(DESTDIR)$(BINDIR)/ip6tables-save: ip6tables-save
195	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
196	cp $< $@
197
198ip6tables-restore: ip6tables-restore.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
199	$(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
200
201$(DESTDIR)$(BINDIR)/ip6tables-restore: ip6tables-restore
202	@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
203	cp $< $@
204
205$(DESTDIR)$(MANDIR)/man8/%.8: %.8
206	@[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
207	cp $< $@
208
209EXTRA_DEPENDS+=iptables-standalone.d iptables.d
210
211iptables-standalone.d iptables.d: %.d: %.c
212	@-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d $*.o:@' > $@
213
214iptables.8: iptables.8.in extensions/libipt_matches.man extensions/libipt_targets.man
215	sed -e '/@MATCH@/ r extensions/libipt_matches.man' -e '/@TARGET@/ r extensions/libipt_targets.man' iptables.8.in >iptables.8
216
217ip6tables.8: ip6tables.8.in extensions/libip6t_matches.man extensions/libip6t_targets.man
218	sed -e '/@MATCH@/ r extensions/libip6t_matches.man' -e '/@TARGET@/ r extensions/libip6t_targets.man' ip6tables.8.in >ip6tables.8
219
220# Development Targets
221.PHONY: install-devel-man3
222install-devel-man3: $(DEVEL_MAN3)
223	@[ -d $(DESTDIR)$(MANDIR)/man3 ] || mkdir -p $(DESTDIR)$(MANDIR)/man3
224	@cp -v $(DEVEL_MAN3) $(DESTDIR)$(MANDIR)/man3
225
226.PHONY: install-devel-headers
227install-devel-headers: $(DEVEL_HEADERS)
228	@[ -d $(DESTDIR)$(INCDIR) ] || mkdir -p $(DESTDIR)$(INCDIR)
229	@cp -v $(DEVEL_HEADERS) $(DESTDIR)$(INCDIR)
230
231.PHONY: install-devel-libs
232install-devel-libs: $(DEVEL_LIBS)
233	@[ -d $(DESTDIR)$(LIBDIR) ] || mkdir -p $(DESTDIR)$(LIBDIR)
234	@cp -v $(DEVEL_LIBS) $(DESTDIR)$(LIBDIR)
235
236.PHONY: install-devel
237install-devel: all install-devel-man3 install-devel-headers install-devel-libs
238
239.PHONY: distclean
240distclean: clean
241	@rm -f TAGS `find . -name '*~' -o -name '.*~'` `find . -name '*.rej'` `find . -name '*.d'` .makefirst
242
243# Rusty's distro magic.
244.PHONY: distrib
245distrib: check distclean delrelease $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 diff md5sums # nowhitespace
246
247# Makefile must not define:
248# -g -pg -DIPTC_DEBUG
249.PHONY: check
250check:
251	@if echo $(CFLAGS) | egrep -e '(^|[[:space:]])(-g|-pg|-DIPTC_DEBUG)([[:space:]]|$)' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi
252
253.PHONY: nowhitespace
254nowhitespace:
255	@if grep -n '[ 	]$$' `find . -name 'Makefile' -o -name '*.[ch]'`; then exit 1; else exit 0; fi
256
257.PHONY: delrelease
258delrelease:
259	rm -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
260
261$(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2:
262	cd .. && ln -sf iptables iptables-$(IPTABLES_VERSION) && tar cvf - --exclude .svn iptables-$(IPTABLES_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(IPTABLES_VERSION)
263
264.PHONY: diff
265diff: $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
266	@mkdir /tmp/diffdir
267	@cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
268	@set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(OLD_IPTABLES_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2; diff -urN iptables-$(OLD_IPTABLES_VERSION) iptables-$(IPTABLES_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2
269	@rm -rf /tmp/diffdir
270
271.PHONY: md5sums
272md5sums:
273	cd $(RELEASE_DIR)/ && md5sum patch-iptables-*-$(IPTABLES_VERSION).bz2 iptables-$(IPTABLES_VERSION).tar.bz2
274
275# $(wildcard) fails wierdly with make v.3.78.1.
276include $(shell echo */Makefile)
277include Rules.make
278