| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Merge the Makefile.am under "doc/" into the toplevel Makefile.am. This
is a step in the effort of dropping recursive make.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Merge the Makefile.am under "examples/" into the toplevel Makefile.am.
This is a step in the effort of dropping recursive make.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Merge the Makefile.am under "src/" into the toplevel Makefile.am. This
is a step in the effort of dropping recursive make.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Merge the Makefile.am under "files/" into the toplevel Makefile.am. This
is a step in the effort of dropping recursive make.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Merge the Makefile.am under "py/" into the toplevel Makefile.am. This is
a step in the effort of dropping recursive make.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch from recursive-make to a single top-level Makefile. This is the
first step, the following patches will continue this.
Unlike meson's subdir() or C's #include, automake's SUBDIRS= does not
include a Makefile. Instead, it calls `make -C $dir`.
https://www.gnu.org/software/make/manual/html_node/Recursion.html
https://www.gnu.org/software/automake/manual/html_node/Subdirectories.html
See also, "Recursive Make Considered Harmful".
https://accu.org/journals/overload/14/71/miller_2004/
This has several problems, which we an avoid with a single Makefile:
- recursive-make is harder to maintain and understand as a whole.
Recursive-make makes sense, when there are truly independent
sub-projects. Which is not the case here. The project needs to be
considered as a whole and not one directory at a time. When
we add unit tests (which we should), those would reside in separate
directories but have dependencies between directories. With a single
Makefile, we see all at once. The build setup has an inherent complexity,
and that complexity is not necessarily reduced by splitting it into more files.
On the contrary it helps to have it all in once place, provided that it's
sensibly structured, named and organized.
- typing `make` prints irrelevant "Entering directory" messages. So much
so, that at the end of the build, the terminal is filled with such
messages and we have to scroll to see what even happened.
- with recursive-make, during build we see:
make[3]: Entering directory '.../nftables/src'
CC meta.lo
meta.c:13:2: error: #warning hello test [-Werror=cpp]
13 | #warning hello test
| ^~~~~~~
With a single Makefile we get
CC src/meta.lo
src/meta.c:13:2: error: #warning hello test [-Werror=cpp]
13 | #warning hello test
| ^~~~~~~
This shows the full filename -- assuming that the developer works from
the top level directory. The full name is useful, for example to
copy+paste into the terminal.
- single Makefile is also faster:
$ make && perf stat -r 200 -B make -j
I measure 35msec vs. 80msec.
- recursive-make limits parallel make. You have to craft the SUBDIRS= in
the correct order. The dependencies between directories are limited,
as make only sees "LDADD = $(top_builddir)/src/libnftables.la" and
not the deeper dependencies for the library.
- I presume, some people like recursive-make because of `make -C $subdir`
to only rebuild one directory. Rebuilding the entire tree is already very
fast, so this feature seems not relevant. Also, as dependency handling
is limited, we might wrongly not rebuild a target. For example,
make check
touch src/meta.c
make -C examples check
does not rebuild "examples/nft-json-file".
What we now can do with single Makefile (and better than before), is
`make examples/nft-json-file`, which works as desired and rebuilds all
dependencies.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With Python distutils and setuptools going deprecated, remove
integration with autotools. This integration is causing issues
in modern environments.
Note that setup.py is still left in place under the py/ folder.
Update INSTALL file to refer to Python support and setup.py.
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Add new examples folder, other `make distcheck' fails.
Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
setup.py is used to build and install the python binding. Call
to setup.py are done in Makefile to proceed to build and
installation.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).
With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.
Resurrect them.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commits d572d59788143945c2a638f12a5227d9b21ce489 and
9f5e49e147219cd161de8cd80cadf8a444969ef0.
Current libnftables API should be stable enough to release it into the
public, and after 4aba100e593f ("rule: reset cache iff there is an
existing cache") we have a simple way to batch commands through this
API.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Concatenate all family/hook examples into a single one by means of includes.
Put all example files under examples/. Use the '.nft' prefix and mark
them as executable files. Use a static shebang declaration, since these
are examples meant for final systems and users.
While at it, refresh also the sets_and_maps.nft example file and also
add the 'netdev-ingress.nft' example file.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This removes libnftables pkg-config file along with the few lines of
code to adjust and install it.
Fixes: d572d59788143 ("Make libnftables a local static library")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This finally creates the libnftables shared object.
For some reason, this causes two compiler warnings to appear:
| parser_bison.y: In function 'nft_parse':
| parser_bison.y:131:3: warning: implicit declaration of function 'nft_set_debug' [-Wimplicit-function-declaration]
| nft_set_debug(1, scanner);
| ^~~~~~~~~~~~~
| parser_bison.c:64:25: warning: implicit declaration of function 'nft_lex' [-Wimplicit-function-declaration]
| #define yylex nft_lex
| ^
| parser_bison.c:4745:16: note: in expansion of macro 'yylex'
| yychar = yylex (&yylval, &yylloc, scanner);
So this patch contains a workaround, namely declaring both functions
in src/parser_bison.y. During linking the objects are found, so this is
rather a matter of cosmetics.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
If we include tests/ in the release tarball, downstream distributors
can run the testsuites themselves while developing the packages.
This way, tests can be run in a more integrated environment and they can
discover errors related to the integration with the given distribution itself.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Added support to install some 'nft' scripts under
'${sysconfdir}/nftables', typically '/etc/nftables'.
Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'nft' documentation is originally contained in the XML file 'doc/nft.xml'.
Processing this file with the proper tools we can obtain a PDF document,
'nft.pdf', and a unix man page, 'nft.8'.
To produce the PDF we need the tool 'dblatex' (current release
pypi.python.org/pypi/dblatex/0.3.5).
To produce the man page we use the tool 'docbook2man'; it is part of the
package 'docbook2X' (docbook2x.sourceforge.net). On some linux
distributions the tool can have slightly different names as 'docbook2x-man'
or 'db2x_docbook2man' so we search for all three names and use the first
one found and issue the command:
# ${DB2MAN} --xinclude $<
Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
1) This removes former Makefiles and install-sh (which is now
automagically imported via autoreconf).
Makefile.defs.in
Makefile.in
Makefile.rules.in
src/Makefile.in
install-sh (now automagically imported via autoreconf).
2) CFLAGS are left almost same, they are integrated into Make_global.am.
Use AM_CPPFLAGS to set the CFLAGS set by pkgconfig.
3) Add m4 directory to the tree which only contains the .gitignore
file. Update .gitignore file to skip autogenerated files.
4) include <config.h> whenever required.
5) Minor adjustments to scanner.l and parser_bison.y to compile cleanly
with autotools.
6) Add %option outfile=lex.yy.c to scanner.l, otherwise I hit this error
here:
gcc -DHAVE_CONFIG_H -I. -I.. -I../include -DDEFAULT_INCLUDE_PATH="\"/usr/etc\"" -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wsign-compare -Winit-self -Wformat-nonliteral -Wformat-security -Wmissing-format-attribute -Wcast-align -Wundef -Wbad-function-cast -g -O2 -MT mnl.o -MD -MP -MF $depbase.Tpo -c -o mnl.o mnl.c &&\
mv -f $depbase.Tpo $depbase.Po
/bin/sh ../build-aux/ylwrap scanner.l lex.yy.c scanner.c -- flex
make[3]: *** [scanner.c] Error 1
make[3]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables/src'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables'
make: *** [all] Error 2
7) Add Makefile.am for include/ (contributed by Giorgio Dal Molin).
The doc/ and files/ conversion to automake will come in follow up
patches but 'make distcheck' already works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|