summaryrefslogtreecommitdiffstats
path: root/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* src: add xt compat supportPablo Neira Ayuso2016-07-131-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This patch allows to list a ruleset containing xt extensions loaded through iptables-compat-restore tool. Example: $ iptables-save > ruleset $ cat ruleset *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m multiport --dports 80,81 -j REJECT COMMIT $ sudo iptables-compat-restore ruleset $ sudo nft list rulseset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ip protocol tcp tcp dport { 80,81} counter packets 0 bytes 0 reject } chain FORWARD { type filter hook forward priority 0; policy drop; } chain OUTPUT { type filter hook output priority 0; policy accept; } } A translation of the extension is shown if this is available. In other case, match or target definition is preceded by a hash. For example, classify target has not translation: $ sudo nft list chain mangle POSTROUTING table ip mangle { chain POSTROUTING { type filter hook postrouting priority -150; policy accept; ip protocol tcp tcp dport 80 counter packets 0 bytes 0 # CLASSIFY set 20:10 ^^^ } } If the whole ruleset is translatable, the users can (re)load it using "nft -f" and get nft native support for all their rules. This patch is joint work by the authors listed below. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.hPablo Neira Ayuso2016-07-131-0/+4
| | | | | | | | | The xt over nft support that comes in follow up patches need this, and update the corresponding Makefile.am. Based on patch from Arturo Borrero Gonzalez. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: configure.ac: Replace magic dblatex dep.Nicholas Vinson2016-07-031-6/+13
| | | | | | | | | Add a configure switch to enable and disable PDF document generation. This switch is to replace the current method of automatically detecting dblatex and building the PDF documentation when present. Signed-off-by: Nicholas Vinson <nvinson234@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Bump version to v0.6Pablo Neira Ayuso2016-06-011-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Bump version to v0.5v0.5Pablo Neira Ayuso2015-09-161-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use new symbols in libnftnlPablo Neira Ayuso2015-09-161-1/+1
| | | | | | | | | Adapt the nftables code to use the new symbols in libnftnl. This patch contains quite some renaming to reserve the nft_ prefix for our high level library. Explicitly request libnftnl 1.0.5 at configure stage. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: fix --enable-debugPablo Neira Ayuso2015-07-141-2/+2
| | | | | | | | | | As the documentation indicates "The most common mistake for this macro is to consider the two actions as action-if-enabled and action-if-disabled." Use AS_IF in the action-if-present to check the real argument that we're getting from the user. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add --with-mini-gmp switch to disable linking libgmpSteven Barth2015-01-081-3/+9
| | | | | | | | | | This allows to disable linking the >400 KB big libgmp and replace it with the builtin mini-gmp which only increases size by ~30KB. Enabling this selectively decreases debugging verbosity (pr_debug). Signed-off-by: Steven Barth <cyrus@openwrt.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Bump version to v0.4v0.4Pablo Neira Ayuso2014-12-151-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: restore --disable-debugPablo Neira Ayuso2014-12-151-4/+6
| | | | | | | | Fix fallout from the automake conversion. Display after configuration if it is enabled or not. Reported-by: Steven Barth <cyrus@openwrt.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add autotools support for the 'files' subdirGiorgio Dal Molin2014-11-121-0/+2
| | | | | | | | Added support to install some 'nft' scripts under '${sysconfdir}/nftables', typically '/etc/nftables'. Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add autotools support for the 'doc' subdirGiorgio Dal Molin2014-11-121-21/+17
| | | | | | | | | | | | | | | | | | | | 'nft' documentation is originally contained in the XML file 'doc/nft.xml'. Processing this file with the proper tools we can obtain a PDF document, 'nft.pdf', and a unix man page, 'nft.8'. To produce the PDF we need the tool 'dblatex' (current release pypi.python.org/pypi/dblatex/0.3.5). To produce the man page we use the tool 'docbook2man'; it is part of the package 'docbook2X' (docbook2x.sourceforge.net). On some linux distributions the tool can have slightly different names as 'docbook2x-man' or 'db2x_docbook2man' so we search for all three names and use the first one found and issue the command: # ${DB2MAN} --xinclude $< Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: autotools conversionPablo Neira Ayuso2014-11-121-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) This removes former Makefiles and install-sh (which is now automagically imported via autoreconf). Makefile.defs.in Makefile.in Makefile.rules.in src/Makefile.in install-sh (now automagically imported via autoreconf). 2) CFLAGS are left almost same, they are integrated into Make_global.am. Use AM_CPPFLAGS to set the CFLAGS set by pkgconfig. 3) Add m4 directory to the tree which only contains the .gitignore file. Update .gitignore file to skip autogenerated files. 4) include <config.h> whenever required. 5) Minor adjustments to scanner.l and parser_bison.y to compile cleanly with autotools. 6) Add %option outfile=lex.yy.c to scanner.l, otherwise I hit this error here: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -DDEFAULT_INCLUDE_PATH="\"/usr/etc\"" -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wsign-compare -Winit-self -Wformat-nonliteral -Wformat-security -Wmissing-format-attribute -Wcast-align -Wundef -Wbad-function-cast -g -O2 -MT mnl.o -MD -MP -MF $depbase.Tpo -c -o mnl.o mnl.c &&\ mv -f $depbase.Tpo $depbase.Po /bin/sh ../build-aux/ylwrap scanner.l lex.yy.c scanner.c -- flex make[3]: *** [scanner.c] Error 1 make[3]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/pablo/devel/scm/git-netfilter/nftables' make: *** [all] Error 2 7) Add Makefile.am for include/ (contributed by Giorgio Dal Molin). The doc/ and files/ conversion to automake will come in follow up patches but 'make distcheck' already works. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use AC_PROG_YACC and AM_PROG_LEXPablo Neira Ayuso2014-11-101-12/+15
| | | | | | To check for bison and flex installed on the system. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use PKG_CHECK_MODULES to check for libmnl and libnftnlPablo Neira Ayuso2014-11-101-5/+2
| | | | | | Also check for required library versions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove unnecessary libintl.h checkSteven Barth2014-10-101-1/+1
| | | | | | | | | | | | configure.ac checks for libintl.h which is not used and may cause unnecessary trouble with e.g. embedded toolchains. The only reference to libintl.h can be found in parser.c as generated by bison however an include does not happen as parser.h defines YYENABLE_NLS to be 0. Signed-off-by: Steven Barth <cyrus@openwrt.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: allow disabling libreadline-supportSteven Barth2014-10-101-0/+6
| | | | | | | This makes nftables a bit more embedded-friendly. Signed-off-by: Steven Barth <cyrus@openwrt.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Bump version to v0.3v0.3Pablo Neira Ayuso2014-06-301-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Bump version to v0.2v0.2Patrick McHardy2014-04-141-2/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix documentation buildPatrick McHardy2014-04-141-5/+17
| | | | | | | | Handle the docbook2x-man mess that is called differently on different distributions. Also switch to dblatex since db2pdf is unable to handle XML on Fedora (and probably other distributions). Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: drop AC_FUNC_MALLOC/REALLOCFlorian Westphal2014-04-101-2/+0
| | | | | | | | | | | | | | | | | | | Two issues with these: 1. They compile & run a test program, which won't work when cross-compiling 2. When libnftnl has just been installed and is not (yet) in linker path, the test fails since loader won't find libnftnl. In that case configure will succeed without obvious errors, but config.h re-defines malloc/realloc with rpl_ prefix, which then results in a linker error ("undefined reference to `rpl_realloc'") on 'make'. These macros are only useful to check that malloc(0) returns non-NULL and that realloc(NULL, ... works. For nftables the former is irrelevant and the latter a safe assumption, so lets just remove them. Signed-off-by: Florian Westphal <fw@strlen.de>
* bump release number to 0.100Pablo Neira Ayuso2014-01-201-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* build: use libnftnl instead of libnftables in configure.inPablo Neira Ayuso2014-01-201-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nftables: version 0.099v0.099Patrick McHardy2014-01-201-2/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* use new libnftnl library namePablo Neira Ayuso2014-01-201-1/+1
| | | | | | Adapt the current code to use the new library name libnftnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: replace interpreter during installationArturo Borrero Gonzalez2014-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | | Many systems (for example Debian) don't recognice `#!nft -f' as a valid interpreter. A short way to handle this is to provide the full path to the interpreter in the shebang. That is what this patch does: update the shebang's path during installation. For example, if you are installing under /usr/local, the shebang becomes: #!/usr/local/sbin/nft -f If using --prefix=/, then: #!/sbin/nft -f NOTE: If the shebang in source files are changed in a future, this sed script should be updated as well. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use libnftablesPablo Neira Ayuso2013-06-241-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This patch migrates nft to use the libnftables library, that is used by the iptables over nftables compat utility as well. Most of the conversion was pretty straight forward. Some small significant changes happened in the handling of set element and immediate data abstraction that libnl provides. libnftables is a bit more granular since it splits the struct nfnl_nft_data into three attributes: verdict, chain and plain data (used in maps). I have added a new file src/mnl.c that contains the low level netlink communication that now resides in nftables source tree instead of the library. This should help to implement the batching support using libmnl in follow up patches. I also spent some significant amount of time running my tests to make sure that we don't increase the number of bugs that we already have (I plan to provide a list of those that I have detected and diagnosed, so anyone else can help us to fix them). As a side effect, this change should also prepare the ground for JSON and XML support anytime soon. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* meta: replace rtnl_tc_handle2str and rtnl_tc_str2handlePablo Neira Ayuso2013-06-241-3/+0
| | | | | | | Provide replacements for rtnl_tc_handle2str and rtnl_tc_str2handle, it removes the dependency with libnl-route. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-181-0/+99