1#! /usr/bin/make 2 3# WARNING: 4# only add extensions here that are either present in the kernel, or whose 5# header files are present in the include/linux directory of this iptables 6# package (HW) 7# 8PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL ULOG 9PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS 10 11ifeq ($(DO_SELINUX), 1) 12PF_EXT_SE_SLIB:=SECMARK CONNSECMARK 13PF6_EXT_SE_SLIB:=SECMARK CONNSECMARK 14endif 15 16# Optionals 17PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) 18PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) 19 20PF_EXT_ALL_SLIB:=$(patsubst extensions/libipt_%.c, %, $(wildcard extensions/libipt_*.c)) 21PF6_EXT_ALL_SLIB:=$(patsubst extensions/libip6t_%.c, %, $(wildcard extensions/libip6t_*.c)) 22 23PF_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_match extensions/libipt_$(T).c && echo $(T))) 24PF_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_target extensions/libipt_$(T).c && echo $(T))) 25PF6_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_match6 extensions/libip6t_$(T).c && echo $(T))) 26PF6_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_target6 extensions/libip6t_$(T).c && echo $(T))) 27 28PF_EXT_MAN_MATCHES:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_MATCHES)) 29PF_EXT_MAN_TARGETS:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_TARGETS)) 30PF_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF_EXT_MAN_MATCHES), $(PF_EXT_MAN_ALL_MATCHES)) 31PF_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF_EXT_MAN_TARGETS), $(PF_EXT_MAN_ALL_TARGETS)) 32PF6_EXT_MAN_MATCHES:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_MATCHES)) 33PF6_EXT_MAN_TARGETS:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_TARGETS)) 34PF6_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF6_EXT_MAN_MATCHES), $(PF6_EXT_MAN_ALL_MATCHES)) 35PF6_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF6_EXT_MAN_TARGETS), $(PF6_EXT_MAN_ALL_TARGETS)) 36 37 38allman: 39 @echo ALL_SLIB: $(PF_EXT_ALL_SLIB) 40 @echo ALL_MATCH: $(PF_EXT_MAN_ALL_MATCHES) 41 @echo ALL_TARGET: $(PF_EXT_MAN_ALL_TARGETS) 42 43PF_EXT_SLIB+=$(PF_EXT_SLIB_OPTS) 44PF6_EXT_SLIB+=$(PF6_EXT_SLIB_OPTS) 45 46OPTIONALS+=$(patsubst %,IPv4:%,$(PF_EXT_SLIB_OPTS)) 47OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS)) 48 49ifndef NO_SHARED_LIBS 50SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) 51SHARED_SE_LIBS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).so) 52EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) 53EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) 54 55ifeq ($(DO_IPV6), 1) 56SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) 57SHARED_SE_LIBS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).so) 58EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) 59EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) 60endif 61else # NO_SHARED_LIBS 62EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) 63EXT_OBJS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).o) 64EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) 65EXT_FUNC+=$(foreach T,$(PF_EXT_SE_SLIB),ipt_$(T)) 66EXT_OBJS+= extensions/initext.o 67ifeq ($(DO_IPV6), 1) 68EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) 69EXT6_OBJS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).o) 70EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) 71EXT6_FUNC+=$(foreach T,$(PF6_EXT_SE_SLIB),ip6t_$(T)) 72EXT6_OBJS+= extensions/initext6.o 73endif # DO_IPV6 74endif # NO_SHARED_LIBS 75 76ifndef TOPLEVEL_INCLUDED 77local: 78 cd .. && $(MAKE) $(SHARED_LIBS) $(SHARED_SE_LIBS) 79endif 80 81ifdef NO_SHARED_LIBS 82extensions/libext.a: $(EXT_OBJS) 83 rm -f $@; ar crv $@ $(EXT_OBJS) 84 85extensions/libext6.a: $(EXT6_OBJS) 86 rm -f $@; ar crv $@ $(EXT6_OBJS) 87 88extensions/initext.o: extensions/initext.c 89extensions/initext6.o: extensions/initext6.c 90 91extensions/initext.c: extensions/Makefile 92 echo "" > $@ 93 for i in $(EXT_FUNC); do \ 94 echo "extern void $${i}_init(void);" >> $@; \ 95 done 96 echo "void init_extensions(void) {" >> $@ 97 for i in $(EXT_FUNC); do \ 98 echo " $${i}_init();" >> $@; \ 99 done 100 echo "}" >> $@ 101 102extensions/initext6.c: extensions/Makefile 103 echo "" > $@ 104 for i in $(EXT6_FUNC); do \ 105 echo "extern void $${i}_init(void);" >> $@; \ 106 done 107 echo "void init_extensions(void) {" >> $@ 108 for i in $(EXT6_FUNC); do \ 109 echo " $${i}_init();" >> $@; \ 110 done 111 echo "}" >> $@ 112 113extensions/lib%.o: extensions/lib%.c 114 $(CC) $(CFLAGS) -D_INIT=$*_init -c -o $@ $< 115 116endif 117 118EXTRAS += extensions/libipt_targets.man 119extensions/libipt_targets.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_TARGETS)) 120 @for ext in $(PF_EXT_MAN_TARGETS); do \ 121 echo ".SS $$ext" ;\ 122 cat extensions/libipt_$$ext.man ;\ 123 done >extensions/libipt_targets.man 124 @if [ -n "$(PF_EXT_MAN_EXTRA_TARGETS)" ]; then \ 125 extra=$(PF_EXT_MAN_EXTRA_TARGETS) ;\ 126 for ext in $${extra:-""}; do \ 127 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ 128 cat extensions/libipt_$$ext.man ;\ 129 done ;\ 130 fi >>extensions/libipt_targets.man 131 132EXTRAS += extensions/libipt_matches.man 133extensions/libipt_matches.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_MATCHES)) 134 @for ext in $(PF_EXT_MAN_MATCHES); do \ 135 echo ".SS $$ext" ;\ 136 cat extensions/libipt_$$ext.man ;\ 137 done >extensions/libipt_matches.man 138 @if [ -n "$(PF_EXT_MAN_EXTRA_MATCHES)" ]; then \ 139 extra=$(PF_EXT_MAN_EXTRA_MATCHES) ;\ 140 for ext in $${extra:-""}; do \ 141 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ 142 cat extensions/libipt_$$ext.man ;\ 143 done ;\ 144 fi >>extensions/libipt_matches.man 145 146EXTRAS += extensions/libip6t_targets.man 147extensions/libip6t_targets.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_TARGETS)) 148 @for ext in $(PF6_EXT_MAN_TARGETS); do \ 149 echo ".SS $$ext" ;\ 150 cat extensions/libip6t_$$ext.man ;\ 151 done >extensions/libip6t_targets.man 152 @if [ -n "$(PF6_EXT_MAN_EXTRA_TARGETS)" ]; then \ 153 extra=$(PF6_EXT_MAN_EXTRA_TARGETS) ;\ 154 for ext in $${extra:-""}; do \ 155 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ 156 cat extensions/libip6t_$$ext.man ;\ 157 done ;\ 158 fi >>extensions/libip6t_targets.man 159 160EXTRAS += extensions/libip6t_matches.man 161extensions/libip6t_matches.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_MATCHES)) 162 @for ext in $(PF6_EXT_MAN_MATCHES); do \ 163 echo ".SS $$ext" ;\ 164 cat extensions/libip6t_$$ext.man ;\ 165 done >extensions/libip6t_matches.man 166 @if [ -n "$(PF6_EXT_MAN_EXTRA_MATCHES)" ]; then \ 167 extra=$(PF6_EXT_MAN_EXTRA_MATCHES) ;\ 168 for ext in $${extra:-""}; do \ 169 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\ 170 cat extensions/libip6t_$$ext.man ;\ 171 done ;\ 172 fi >>extensions/libip6t_matches.man 173 174$(DESTDIR)$(LIBDIR)/iptables/libipt_%.so: extensions/libipt_%.so 175 @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables 176 cp $< $@ 177 178$(DESTDIR)$(LIBDIR)/iptables/libip6t_%.so: extensions/libip6t_%.so 179 @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables 180 cp $< $@ 181