1# uncomment this to get a fully statically linked version 2# NO_SHARED_LIBS = 1 3 4# uncomment this to disable IPv6 support 5# DO_IPV6 = 0 6 7###################################################################### 8# YOU SHOULD NOT NEED TO TOUCH ANYTHING BELOW THIS LINE 9###################################################################### 10 11# Standard part of Makefile for topdir. 12TOPLEVEL_INCLUDED=YES 13 14ifndef KERNEL_DIR 15KERNEL_DIR="/lib/modules/$(shell uname -r)/build" 16endif 17IPTABLES_VERSION:=1.3.8 18OLD_IPTABLES_VERSION:=1.3.7 19 20PREFIX:=/usr/local 21LIBDIR:=$(PREFIX)/lib 22BINDIR:=$(PREFIX)/sbin 23MANDIR:=$(PREFIX)/man 24INCDIR:=$(PREFIX)/include 25 26# directory for new iptables releases 27RELEASE_DIR:=/tmp 28 29ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES) 30DO_IPV6:=1 31endif 32 33# Enable linking to libselinux via enviornment 'DO_SELINUX=1' 34ifndef DO_SELINUX 35DO_SELINUX=0 36endif 37 38COPT_FLAGS:=-O2 39CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG 40 41ifdef NO_SHARED_LIBS 42CFLAGS += -DNO_SHARED_LIBS=1 43endif 44 45EXTRAS+=iptables iptables.o iptables.8 46EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8 47 48# No longer experimental. 49ifneq ($(DO_MULTI), 1) 50EXTRAS+=iptables-save iptables-restore iptables-xml 51endif 52EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/iptables-xml $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 53 54ifeq ($(DO_IPV6), 1) 55EXTRAS+=ip6tables ip6tables.o ip6tables.8 56EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8 57EXTRAS_EXP+=ip6tables-save ip6tables-restore 58EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8 59endif 60 61# Sparc64 hack 62ifeq ($(shell uname -m),sparc64) 63 POINTERTEST:=1 64 32bituser := $(shell echo -e "\#include <stdio.h>\n\#if !defined(__sparcv9) && !defined(__arch64__) && !defined(_LP64)\nuserspace_is_32bit\n\#endif" | $(CC) $(CFLAGS) -E - | grep userspace_is_32bit) 65 ifdef 32bituser 66 # The kernel is 64-bit, even though userspace is 32. 67 CFLAGS+=-DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 68 else 69 EXT_LDFLAGS+=-Wl,-m,elf64_sparc 70 endif 71endif 72 73# Alpha only has 64bit userspace and fails the test below 74ifeq ($(shell uname -m), alpha) 75 POINTERTEST:=1 76endif 77 78# Generic test if arch wasn't found above 79ifneq ($(POINTERTEST),1) 80 # Try to determine if kernel is 64bit and we are compiling for 32bit 81 ifeq ($(shell [ -d $(KERNEL_DIR)/include/asm ] && echo YES), YES) 82 64bitkernel := $(shell echo -e "\#include <asm/types.h>\n\#if BITS_PER_LONG == 64\nkernel_is_64bits\n\#endif" | $(CC) $(CFLAGS) -D__KERNEL__ -E - | grep kernel_is_64bits) 83 ifdef 64bitkernel 84 32bituser := $(shell echo -e "\#include <stdio.h>\n\#if !defined(__arch64__) && !defined(_LP64)\nuserspace_is_32bit\n\#endif" | $(CC) $(CFLAGS) -E - | grep userspace_is_32bit) 85 ifdef 32bituser 86 CFLAGS+=-DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 87 endif 88 endif 89 else 90 CFLAGS+=-D_UNKNOWN_KERNEL_POINTER_SIZE 91 endif 92endif 93 94ifndef IPT_LIBDIR 95IPT_LIBDIR:=$(LIBDIR)/iptables 96endif 97 98ifndef NO_SHARED_LIBS 99DEPFILES = $(SHARED_LIBS:%.so=%.d) 100DEPFILES += $(SHARED_SE_LIBS:%.so=%.d) 101SH_CFLAGS:=$(CFLAGS) -fPIC 102STATIC_LIBS = 103STATIC6_LIBS = 104LDFLAGS = -rdynamic 105LDLIBS = -ldl 106ifeq ($(DO_SELINUX), 1) 107LDLIBS += -lselinux 108endif 109else 110DEPFILES = $(EXT_OBJS:%.o=%.d) 111STATIC_LIBS = extensions/libext.a 112STATIC6_LIBS = extensions/libext6.a 113LDFLAGS = -static 114LDLIBS = 115ifeq ($(DO_SELINUX), 1) 116LDLIBS += -lselinux 117endif 118endif 119 120.PHONY: default 121default: print-extensions all 122 123.PHONY: print-extensions 124print-extensions: 125 @[ -n "$(OPTIONALS)" ] && echo Extensions found: $(OPTIONALS) 126 127iptables.o: iptables.c 128 $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< 129 130ifeq ($(DO_MULTI), 1) 131iptables: iptables-multi.c iptables-save.c iptables-restore.c iptables-xml.c iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a 132 $(CC) $(CFLAGS) -DIPTABLES_MULTI -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 133else 134iptables: iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a 135 $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 136endif 137 138$(DESTDIR)$(BINDIR)/iptables: iptables 139 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 140 cp $< $@ 141 142iptables-save: iptables-save.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a 143 $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 144 145ifeq ($(DO_MULTI), 1) 146$(DESTDIR)$(BINDIR)/iptables-save: iptables 147 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 148 ln -sf $< $@ 149else 150$(DESTDIR)$(BINDIR)/iptables-save: iptables-save 151 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 152 cp $< $@ 153endif 154 155iptables-restore: iptables-restore.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a 156 $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 157 158ifeq ($(DO_MULTI), 1) 159$(DESTDIR)$(BINDIR)/iptables-restore: iptables 160 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 161 ln -sf $< $@ 162else 163$(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore 164 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 165 cp $< $@ 166endif 167 168iptables-xml: iptables-xml.c #iptables.o # $(STATIC_LIBS) libiptc/libiptc.a 169 $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS) 170 171ifeq ($(DO_MULTI), 1) 172$(DESTDIR)$(BINDIR)/iptables-xml: iptables 173 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 174 ln -sf $< $@ 175else 176$(DESTDIR)$(BINDIR)/iptables-xml: iptables-xml 177 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 178 cp $< $@ 179endif 180 181ip6tables.o: ip6tables.c 182 $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< 183 184ip6tables: ip6tables-standalone.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a 185 $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 186 187$(DESTDIR)$(BINDIR)/ip6tables: ip6tables 188 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 189 cp $< $@ 190 191ip6tables-save: ip6tables-save.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a 192 $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 193 194$(DESTDIR)$(BINDIR)/ip6tables-save: ip6tables-save 195 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 196 cp $< $@ 197 198ip6tables-restore: ip6tables-restore.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a 199 $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) 200 201$(DESTDIR)$(BINDIR)/ip6tables-restore: ip6tables-restore 202 @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 203 cp $< $@ 204 205$(DESTDIR)$(MANDIR)/man8/%.8: %.8 206 @[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 207 cp $< $@ 208 209EXTRA_DEPENDS+=iptables-standalone.d iptables.d 210 211iptables-standalone.d iptables.d: %.d: %.c 212 @-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d $*.o:@' > $@ 213 214iptables.8: iptables.8.in extensions/libipt_matches.man extensions/libipt_targets.man 215 sed -e '/@MATCH@/ r extensions/libipt_matches.man' -e '/@TARGET@/ r extensions/libipt_targets.man' iptables.8.in >iptables.8 216 217ip6tables.8: ip6tables.8.in extensions/libip6t_matches.man extensions/libip6t_targets.man 218 sed -e '/@MATCH@/ r extensions/libip6t_matches.man' -e '/@TARGET@/ r extensions/libip6t_targets.man' ip6tables.8.in >ip6tables.8 219 220# Development Targets 221.PHONY: install-devel-man3 222install-devel-man3: $(DEVEL_MAN3) 223 @[ -d $(DESTDIR)$(MANDIR)/man3 ] || mkdir -p $(DESTDIR)$(MANDIR)/man3 224 @cp -v $(DEVEL_MAN3) $(DESTDIR)$(MANDIR)/man3 225 226.PHONY: install-devel-headers 227install-devel-headers: $(DEVEL_HEADERS) 228 @[ -d $(DESTDIR)$(INCDIR) ] || mkdir -p $(DESTDIR)$(INCDIR) 229 @cp -v $(DEVEL_HEADERS) $(DESTDIR)$(INCDIR) 230 231.PHONY: install-devel-libs 232install-devel-libs: $(DEVEL_LIBS) 233 @[ -d $(DESTDIR)$(LIBDIR) ] || mkdir -p $(DESTDIR)$(LIBDIR) 234 @cp -v $(DEVEL_LIBS) $(DESTDIR)$(LIBDIR) 235 236.PHONY: install-devel 237install-devel: all install-devel-man3 install-devel-headers install-devel-libs 238 239.PHONY: distclean 240distclean: clean 241 @rm -f TAGS `find . -name '*~' -o -name '.*~'` `find . -name '*.rej'` `find . -name '*.d'` .makefirst 242 243# Rusty's distro magic. 244.PHONY: distrib 245distrib: check distclean delrelease $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 diff md5sums # nowhitespace 246 247# Makefile must not define: 248# -g -pg -DIPTC_DEBUG 249.PHONY: check 250check: 251 @if echo $(CFLAGS) | egrep -e '(^|[[:space:]])(-g|-pg|-DIPTC_DEBUG)([[:space:]]|$)' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi 252 253.PHONY: nowhitespace 254nowhitespace: 255 @if grep -n '[ ]$$' `find . -name 'Makefile' -o -name '*.[ch]'`; then exit 1; else exit 0; fi 256 257.PHONY: delrelease 258delrelease: 259 rm -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 260 261$(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2: 262 cd .. && ln -sf iptables iptables-$(IPTABLES_VERSION) && tar cvf - --exclude .svn iptables-$(IPTABLES_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(IPTABLES_VERSION) 263 264.PHONY: diff 265diff: $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 266 @mkdir /tmp/diffdir 267 @cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 268 @set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(OLD_IPTABLES_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2; diff -urN iptables-$(OLD_IPTABLES_VERSION) iptables-$(IPTABLES_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2 269 @rm -rf /tmp/diffdir 270 271.PHONY: md5sums 272md5sums: 273 cd $(RELEASE_DIR)/ && md5sum patch-iptables-*-$(IPTABLES_VERSION).bz2 iptables-$(IPTABLES_VERSION).tar.bz2 274 275# $(wildcard) fails wierdly with make v.3.78.1. 276include $(shell echo */Makefile) 277include Rules.make 278