summaryrefslogtreecommitdiffstats
path: root/extensions/GNUmakefile.in
Commit message (Collapse)AuthorAgeFilesLines
* extensions: Install symlinks as suchPhil Sutter2019-04-031-4/+11
| | | | | | | | | | | | Fake shared objects which are actually symlinks to others are installed using 'install' tool which follows them and therefore installs a copy of the file they point at. Fix this by introducing special handling for them in install target. Reported-by: Wenle Chen <solachenclever@hotmail.com> Fixes: 269655d54e22f ("build: remove symlink-only extensions from static object list") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: don't bother to build libebt/libarp extensions if nft backend ↵Florian Westphal2018-07-101-2/+2
| | | | | | | | was disabled Reported-by: Thomas Deutschmann <whissi@gentoo.org> Tested-by: Thomas Deutschmann <whissi@gentoo.org> Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables: patch to correct linker flag sequenceYogesh Prasad2017-12-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Description This patch will correct the sequence of -pie and -shared options. When used together, -pie should be provided to the linker before -shared. If -pie is provided after -shared, the linker throws an error shown below as example. ------------------------------------------------------------------------- /host/lib/gcc/powerpc-buildroot-linux-gnu/6.4.0/../../../.. /powerpc-buildroot-linux-gnu/bin/ld: BFD (GNU Binutils) 2.28.1 assertion fail elf32-ppc.c:8923 collect2: error: ld returned 1 exit status + ./libxt_SYNPROXY.man make[4]: *** [libxt_TCPOPTSTRIP.so] Error 1 + ./libip6t_mh.man /host/powerpc-buildroot-linux-gnu/sysroot/usr/lib/Scrt1.o:(.data+0x4): undefined reference to `main' /host/lib/gcc/powerpc-buildroot-linux-gnu + ./libxt_TCPMSS.man /6.4.0/../../../../powerpc-buildroot-linux-gnu/bin/ld: BFD (GNU Binutils) 2.28.1 assertion fail elf32-ppc.c:8923 collect2: error: ld returned 1 exit status ------------------------------------------------------------------------- Signed-off-by: Yogesh Prasad <yogesh.prasad@rockwellcollins.com> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Fix two compile errors during out-of-tree buildKeno Fischer2017-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | The first: ``` iptables/extensions/libebt_limit.c:21:26: fatal error: iptables/nft.h: No such file or directory #include "iptables/nft.h" ``` The second: ``` /data/keno/sandbox/iptables/iptables/xtables-config-parser.y:19:32: fatal error: libiptc/linux_list.h: No such file or directory #include <libiptc/linux_list.h> ^ ``` Simply fixed by adding the relevant `-I` directives. Signed-off-by: Keno Fischer <keno@juliacomputing.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: added AR substitutionJordan Yelloz2016-07-011-0/+1
| | | | | | | | | | | | This is to ensure that the correct AR is run in cross-compile jobs. Often a cross-compile build will succeed without this change but it fails on my Gentoo Linux system when I have binutils installed with the "multitarget" USE flag. This change substitues AR with the autotools-supplied AR for the extensions subdirectory. Signed-off-by: Jordan Yelloz <jordan@yelloz.me> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add finer module blacklistingMike Frysinger2015-08-261-5/+5
| | | | | | | | | | | Newer extensions require libnftnl in order to build, but there are no configure or build checks for it, which leads to a bunch of modules failing when libnftnl isn't installed. Add finer grained blacklisting so we can disable modules for specific parts rather than all of them. e.g. We want to blacklist libebt_limit, but not libxt_limit. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: resolve build error involving libnftnlJan Engelhardt2015-07-151-1/+1
| | | | | | | | | | | | | | make[2]: Entering directory '/home/jengelh/code/iptables/extensions' CC libebt_limit.oo In file included from ../iptables/nft.h:5:0, from libebt_limit.c:21: ../iptables/nft-shared.h:6:27: fatal error: libnftnl/rule.h: No such file or directory #include <libnftnl/rule.h> ^ compilation terminated. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* arptables-compat: add mangle target extensionArturo Borrero2015-02-181-8/+38
| | | | | | | | This patch adds support to use the mangle target extensions, along with the required changes in the surrounding code. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add ebt 802_3 extensionArturo Borrero2014-12-231-6/+6
| | | | | | | | | | | | | | This patch adds the first ebtables extension to ebtables-compat. The original 802_3 code is adapted to the xtables environment. I tried to mimic as much as possible the original ebtables code paths. With this patch, ebtables-compat is able to send the 802_3 match to the kernel, but the kernel-to-userspace path is not tested and should be adjusted in follow-up patches. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ebtables-compat: build ebtables extensionsGiuseppe Longo2014-11-241-5/+35
| | | | | | | This permits to build extensions for ebtables-compat layer. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Merge branch 'stable-1.4.20'Florian Westphal2013-11-231-5/+3
|\ | | | | | | | | | | | | | | | | | | | | | | ... to get 76e230e ('iptables: link against libnetfilter_conntrack'), else static build doesn't work. Conflicts: extensions/GNUmakefile.in [ CPPFLAGS was added in master, so keep it ] Reported-By: Gustavo Zacarias <gustavo@zacarias.com.ar>
| * iptables: link against libnetfilter_conntrackJan Engelhardt2013-08-231-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linking currently fails in --enable-static case: ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name': iptables/extensions/libxt_connlabel.c:57: undefined reference to `nfct_labelmap_get_name' [..] It's libxtables.la(libxt_connlabel.o) using libnetfilter_conntrack. If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@ and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty, therefore producing no harm to include unconditionally. Reported-and-tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Florian Westphal <fw@strlen.de>
* | iptables: extensions/GNUMakefile.in use CPPFLAGSLaurence J. Lane2013-09-271-1/+1
|/ | | | | | | | | | "All other Makefiles add CPPFLAGS to ${COMPILE} (automake), but GNUmakefile.in doesn't set it." http://bugs.debian.org/665286 Signed-off-by: Laurence J. Lane <ljlane@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_connlabel: use libnetfilter_conntrackFlorian Westphal2013-07-161-1/+4
| | | | | | | | | | | | | | | | | Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <fw@strlen.de>
* Revert "build: resolve link failure for ip6t_NETMAP"Pablo Neira Ayuso2013-03-291-11/+7
| | | | | | | | | | | | | | | | | | This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. The use of libtool was introduced to resolve linking problems in NETMAP (IPv6 version), but that resulted in RPATH problems reported from distributors and warnings spotted by libtool at linking stage. Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency) fixed the NETMAP issue, let's roll back to our previous stage. A small conflicts in extensions/GNUmakefile.in has been resolved in this revert. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependencyPablo Neira Ayuso2013-03-291-1/+0
| | | | | | | | | This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: resolve link failure for ip6t_NETMAPJan Engelhardt2013-01-021-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | Link stage of libip6t_NETMAP failed since recently. CCLD libip6t_NETMAP.so /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: cannot find -lip6tc libip6t_NETMAP.c uses the "ipv6_prefix_length" function from libip6tc.so; "-lip6tc" is used in the Makefile, but, the directory to it is not specified. Why does the link succeed for some people? Because /usr/lib(64)/libip6tc.so satisfies -lip6tc, but not all environments, especially those without iptables development files, have that file, hence this link error can happen. By suggestion of Mike Frysinger, this patch uses libtool to produce and link the plugins. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Merge branch 'next' branch that contains new features scheduled forPablo Neira Ayuso2012-10-251-1/+1
|\ | | | | | | Linux kernel 3.7
| * extensions: add IPv6 NETMAP extensionPatrick McHardy2012-09-101-1/+1
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | build: remove symlink-only extensions from static object listJan Engelhardt2012-10-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | $ ./configure --enable-static --disable-shared --enable-ipv4 --enable-ipv6 && make [...] make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by "libext.a". Stop. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge branch 'master' of git://git.inai.de/iptablesJan Engelhardt2012-09-301-20/+15
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: extensions/GNUmakefile.in Resolution: trivial, since this was a fuzz 3. Reason: Line added from v1.4.15-16-g33710a5 was in vincinity of changes from v1.4.15-22-g4496801.
| * | doc: deduplicate extension descriptions into a new manpageJan Engelhardt2012-09-301-20/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | iptables.8 and ip6tables.8 had pretty much the same content, with a few protocol-specific deviations here and there. Not only did that bloat the manpages, but it also made it harder to spot differences. Separate out the extension descriptions into a new manpage, which conveniently features differences next to one another (cf. REJECT). Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* | | Merge branch 'master' of git://git.inai.de/iptablesJan Engelhardt2012-09-301-0/+6
|\ \ \ | |/ /
| * | libxt_state: replace as an alias to xt_conntrackJan Engelhardt2012-09-301-1/+3
| | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@inai.de>
| * | libxt_NOTRACK: replace as an alias to CT --notrackJan Engelhardt2012-09-291-0/+4
| |/ | | | | | | | | | | | | Note that we do not need any print/save functions for the alias entries, since the real CT entry will handle this. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* | build: have `make clean` remove dep files tooJan Engelhardt2012-09-101-1/+1
|/ | | | | | | | | | | | | | | | While changing branches, one can hit errors like: make[2]: *** CC libipt_CLUSTERIP.oo No hay ninguna regla para construir el objetivo `../include/net/netfilter/nf_nat.h', necesario para `libipt_DNAT.oo'. Alto. Pablo thinks dep files should be removed on `make clean`, and I concur. (JFI, Note that native automake would not clear its ".deps" directory.) Keep the "distclean: clean" line to keep invocations by automake from the parent directory working. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: link on libxtables and check symbolsJan Engelhardt2011-12-311-11/+3
| | | | | | | | | | | | | Have each extension link against libxtables.so; with this, all home symbols are known at link time and we can use ld's --no-undefined to run the check, dropping the homebrew solution. By having libxtables.so required by extensions, package managers' automatic dependency discovery will become effective so that manual dependencies for distros with split extension packages (e.g. OpenWRT) will not be necessary anymore. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: use delayed expansion on the user-settable variablesJan Engelhardt2011-12-311-21/+21
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: make check stage not fail when building staticallyJan Engelhardt2011-09-191-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: restore build order of modulesJan Engelhardt2011-09-191-2/+2
| | | | | | | | iptables(exe) requires libext.a, but extensions/ require libxtables.la (in iptables/). This circular dependency does not work out, so separate libxtables into its own directory and put it in front. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: sort file list before buildJan Engelhardt2011-09-081-6/+6
| | | | | | | | | Manpage subsections are already sorted for obvious reasons. Since $(wildcard) can actually return results unordered (just what the OS can do) do the sorting with the .o file list too, for developer comfort. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: scan for unreferenced symbolsJan Engelhardt2011-09-031-1/+10
| | | | | | | To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_RATEEST: link with -lmJan Engelhardt2011-09-031-0/+1
| | | | | | | $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_statistic: link with -lmJan Engelhardt2011-09-031-1/+4
| | | | | | | | $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_TCPMSS: restore build with IPv6-less libcsJan Engelhardt2011-07-221-1/+1
| | | | | | | Commit v1.4.10-149-gea2a02f added an netinet/ip6.h include, which is not available on systems without IPv6 header files. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move remaining preprocessor flags to CPPFLAGSMike Frysinger2011-06-011-2/+2
| | | | | References; http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move kinclude's preprocessor flags to kinclude_CPPFLAGSJan Engelhardt2011-06-011-3/+3
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move basic preprocessor flags to regular_CPPFLAGSJan Engelhardt2011-06-011-3/+6
| | | | | | | This is where they belong, after all. References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Move common parts of libext{4,6}.a into libext.aMaciej Żenczykowski2011-04-191-13/+40
| | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* doc: avoid duplicate entries in manpageJan Engelhardt2011-04-061-2/+2
| | | | | | | | | Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use [[:alnum:]], which unfortunately drew matches into the target section, and targets into the match section. [[:upper:]] and [[:lower:]] should have been used instead, of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* v6: rename init_extensions() to init_extensions6()Maciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v4: rename init_extensions() to init_extensions4()Maciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* man pages: allow underscores in match and target namesMaciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: stop on error in subcommandJan Engelhardt2010-12-111-2/+2
| | | | | | | make only evaluates $? of an entire shell invocation. As such, if any command in the chain can fail, $? needs to be thrown, and early so. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix globbing of extensions in other localesJan Engelhardt2010-12-041-2/+2
| | | | | | | | | In the fi_FI locale, [a-z] would not include 'w', for example. Rectify this by using [[:alnum:]] (to counter against different ordering) and forcing the POSIX locale (so that the alphabet has at least the 26 base characters). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-2/+2
| | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix manpage collectionJan Engelhardt2009-06-011-1/+4
| | | | | | | | | | | | Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* manpages: do not include v4-only modules in ip6tables manpageJan Engelhardt2009-05-261-5/+5
| | | | | References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ipv4 iptablesJan Engelhardt2009-04-031-1/+1
| | | | | | This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ip6tablesJan Engelhardt2009-04-031-1/+1
| | | | | | | | This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>