summaryrefslogtreecommitdiffstats
path: root/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* build: Fix doc build, restore A2X assignment for doc/MakefileStefano Brivio2020-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4f2813a313ae ("build: Include generated man pages in dist tarball") skips AC_CHECK_PROG for A2X altogether if doc/nft.8 is already present. Now, starting from a clean situation, we can have this sequence: ./configure # doc/nft.8 not there, A2X set in doc/Makefile make # builds doc/nft.8 ./configure # doc/nft.8 is there, A2X left empty in doc/Makefile make clean # removes doc/nft.8 make resulting in: [...] GEN nft.8 /bin/sh: -L: command not found make[2]: *** [Makefile:639: nft.8] Error 127 and the only way to get out of this is to issue ./configure again after make clean, which is rather unexpected. Instead of skipping AC_CHECK_PROG when doc/nft.8 is present, keep it and simply avoid returning failure if a2x(1) is not available but doc/nft.8 was built, so that A2X is properly set in doc/Makefile whenever needed. Fixes: 4f2813a313ae ("build: Include generated man pages in dist tarball") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Allow building from tarballs without yacc/lexMatt Turner2020-04-191-2/+2
| | | | | | | | The generated files are included in the tarballs already, but configure.ac was coded to fail if yacc/lex were not found regardless. Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Include generated man pages in dist tarballMatt Turner2020-04-191-1/+1
| | | | | | | | | | | | | | | | | | Most projects ship pre-generated man pages in the distribution tarball so that builders don't need the documentation tools installed, similar to how bison-generated sources are included. To do this, we conditionalize the presence check of a2x on whether nft.8 already exists in the source directory, as it would exist if included in the distribution tarball. Secondly, we move the 'if BUILD_MAN' conditional to around the man page generation rules. This ensures that the man pages are unconditionally installed. Also only add the man pages to CLEANFILES if their generation is enabled. Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.4v0.9.4Pablo Neira Ayuso2020-04-011-3/+3
| | | | | | | | | Update release name based on Jazz series, Jo Jones Trio's "Jive at Five": https://www.youtube.com/watch?v=phFyIKf2h4s&list=PL_i-72Hx6rt7eQ6D_lxoKEUx5Gk7SRfX3&index=13&t=0s Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: nftables 0.9.3 depends on libnftnl 1.1.5Pablo Neira Ayuso2019-12-051-1/+1
| | | | | | | | nftables 0.9.3 requires libnftnl 1.1.5, otherwise compilation breaks: https://bugs.gentoo.org/701976. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Phil Sutter <phil@nwl.cc>
* build: Bump version to v0.9.3v0.9.3Pablo Neira Ayuso2019-12-021-2/+2
| | | | | | | | Update release name based on Jazz series, Count Basie's "Topsy": https://www.youtube.com/watch?v=Up78NJHESKE Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: Install sample scripts from files/examplesPhil Sutter2019-11-191-0/+1
| | | | | | | | | Assuming these are still relevant and useful as a source of inspiration, install them into DATAROOTDIR/doc/nftables/examples. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cli: add linenoise CLI implementation.Jeremy Sowden2019-10-151-3/+12
| | | | | | | | By default, continue to use libreadline, but if `--with-cli=linenoise` is passed to configure, build the linenoise implementation instead. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: remove unused AC_SUBST macros.Jeremy Sowden2019-09-201-2/+0
| | | | | | | | configure.ac contains a couple of AC_SUBST macros which serve no purpose. Remove them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.2v0.9.2Pablo Neira Ayuso2019-08-191-3/+3
| | | | | | | | | Update dependency on libnftnl. Missing nf_synproxy.h in Makefile.am too. Update release name based Jazz series, Fats Waller performing "Scram": https://www.youtube.com/watch?v=c9-noJc9ifI Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: export public symbols onlyArturo Borrero Gonzalez2019-07-011-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Export public symbols (the library API functions) instead of all symbols in the library. This patch introduces the required macros to manage the visibility attributes (mostly copied from libnftnl.git) and also marks each symbol as exported when they need to be public. Also, introduce a .map file for proper symbol versioning. Previous to this patch, libnftables public symbols were: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 | wc -l 527 With this patch, libnftables symbols are: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 libnftables.so.1 libnftables #MINVER# nft_ctx_add_include_path@Base 0.9.1 nft_ctx_buffer_error@Base 0.9.1 nft_ctx_buffer_output@Base 0.9.1 nft_ctx_clear_include_paths@Base 0.9.1 nft_ctx_free@Base 0.9.1 nft_ctx_get_dry_run@Base 0.9.1 nft_ctx_get_error_buffer@Base 0.9.1 nft_ctx_get_output_buffer@Base 0.9.1 nft_ctx_new@Base 0.9.1 nft_ctx_output_get_debug@Base 0.9.1 nft_ctx_output_get_flags@Base 0.9.1 nft_ctx_output_set_debug@Base 0.9.1 nft_ctx_output_set_flags@Base 0.9.1 nft_ctx_set_dry_run@Base 0.9.1 nft_ctx_set_error@Base 0.9.1 nft_ctx_set_output@Base 0.9.1 nft_ctx_unbuffer_error@Base 0.9.1 nft_ctx_unbuffer_output@Base 0.9.1 nft_run_cmd_from_buffer@Base 0.9.1 nft_run_cmd_from_filename@Base 0.9.1 Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: unbreak non-functionality of --disable-pythonJan Engelhardt2019-06-251-4/+7
| | | | | Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.1v0.9.1Pablo Neira Ayuso2019-06-241-3/+3
| | | | | | | | Update dependency on libnftnl. Update release name too: https://www.youtube.com/watch?v=CTV1To1e5w8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: Clean up AC_ARG_{WITH, ENABLE} invocations, s/==/=/Luis Ressel2019-03-181-19/+15
| | | | | | | | | | | | | | | | | | | | * AC_ARG_ENABLE implicitly defines enable_debug; there's no point in performing extra work just to define with_debug with an identical value. * The same applies to with_xtables and with_libxtables. * The AS_IF block in the `AC_ARG_ENABLE([man-doc], ...` invocation is essentially a noop. All it does is to set enable_man_doc to `yes` if has a value that matches neither `yes` nor `no`. (This could happen if a user calls `configure --enable-man-doc=foo`, but that'd be a user error which we don't need to handle.) * The correct operator for equality tests in `test` is `=`. Some implementations also support `==`, but this is not portable. Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: Fix a2x checkLuis Ressel2019-03-181-6/+3
| | | | | | | | | | | | | | | * If enable_man_doc is set, but a2x can't be found, configure should fail instead of silently disabling man page creation. * The AS_IF block checking $need_a2x is never active (need_a2x has been removed from configure.ac in 13e44a608 and a277479dc). * AC_CHECK_PROG(VAR, ...) is a noop if VAR is already set, allowing the user to explicitly specify the (path to the) binary in VAR. Adjust the AS_IF check to account for this. Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: osf: copy iptables/utils/pf.os into nftables treeFernando Fernandez Mancera2018-08-231-0/+1
| | | | | | | | As we are going to need pf.os file to load OS fingerprints from the incoming nfnl_osf.c, we copy it into the nftables tree directory "files/osf/". Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove PDF documentation generationPablo Neira Ayuso2018-08-171-16/+0
| | | | | | | | This adds unnecessary complexity to our build infrastructure. People can just manually generate them in PDF in case they need too. So let's keep it simple and remove this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: doc: Convert man page source to asciidocArushi Singhal2018-07-261-14/+4
| | | | | | | This patch converts nft.xml into asciidoc markup. Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* python: installation of binding via make installEric Leblond2018-06-201-0/+24
| | | | | | | | | setup.py is used to build and install the python binding. Call to setup.py are done in Makefile to proceed to build and installation. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: docbook2man invalid syntax errorEric Leblond2018-06-201-6/+3
| | | | | | | | | docbook2man can not be used with the same option so let's remove it from the alternative. Fedora and debian seems to be fine with that. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: remove useless braces in messagesEric Leblond2018-06-201-2/+2
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: better message when a2x is missingEric Leblond2018-06-201-1/+1
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: Add JSON schema documentationPhil Sutter2018-06-111-0/+10
| | | | | | | | | | The document is written as man page in asciidoc which means this adds another dependency to the build system. Though since the (long-term) plan is to replace the docbook-based nft man page with an asciidoc one anyway, we might ultimately get rid of docbook dependency in exchange. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.0Florian Westphal2018-06-081-2/+2
| | | | | | Update dependency on libnftnl. Signed-off-by: Florian Westphal <fw@strlen.de>
* build: update release namePablo Neira Ayuso2018-06-081-1/+1
| | | | | | | | Dedicated to Al Capp cartoonist: https://en.wikipedia.org/wiki/Fearless_Fosdick Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: fix typo in docbook2x error messageFernando Fernandez Mancera2018-06-051-1/+1
| | | | | | | The correct name is "docbook2x-man" not "docbookx2-man". Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Florian Westphal <fw@strlen.de>
* libnftables: Implement JSON output supportPhil Sutter2018-05-111-1/+13
| | | | | | | | | | | | Although technically there already is support for JSON output via 'nft export json' command, it is hardly useable since it exports all the gory details of nftables VM. Also, libnftables has no control over what is exported since the content comes directly from libnftnl. Instead, implement JSON format support for regular 'nft list' commands. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.8.5v0.8.5Florian Westphal2018-05-101-1/+1
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* files: restore base table skeletonsFlorian Westphal2018-05-081-0/+2
| | | | | | | | | | | | nftables releases until 0.8.2 included base skeleton hooks that were installed into /etc/nftables (sysconfdir). With 0.8.3 and newer these files were moved to the documentation area but apparently some users expect them to be there. Resurrect them. Signed-off-by: Florian Westphal <fw@strlen.de>
* build: Bump version to v0.8.4v0.8.4Florian Westphal2018-05-011-1/+1
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* configure: don't enable xtables when --without-xtables is passedFlorian Westphal2018-04-041-1/+1
| | | | | | | | | | | | | AC_ARG_WITH runs this when EITHER --with-foo or --without-foo is given, so use 'withval'. After this patch: ./configure -> xtables off ./configure --with-xtables -> xtables on ./configure --without-xtables -> xtables off (was on). Reported-by: Alexander Dahl <ada@thorsis.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* Export libnftables (again)Phil Sutter2018-03-211-0/+1
| | | | | | | | | | | | | | This reverts commits d572d59788143945c2a638f12a5227d9b21ce489 and 9f5e49e147219cd161de8cd80cadf8a444969ef0. Current libnftables API should be stable enough to release it into the public, and after 4aba100e593f ("rule: reset cache iff there is an existing cache") we have a simple way to batch commands through this API. Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: bump libnftnl dependencyPablo Neira Ayuso2018-03-061-1/+1
| | | | | | Check for 1.1.0, which includes flowtable symbols. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.8.3v0.8.3Florian Westphal2018-03-031-1/+1
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* configure: misc updatesPablo Neira Ayuso2018-03-031-21/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the following macros: * AC_PREREQ checks for 2.61, which is not supported any contemporary distribution. * AC_COPYRIGHT, autoconf documentation states "in addition to the Free Software Foundation's copyright on the Autoconf macros, parts of your configure are covered by the copyright-notice.". This only refers to the autoconf infrastructure: we are doing simple and standard usage of autoconf infrastructure, we also don't use this macro in other existing userspace software available at netfilter.org. The comment above at the beginning of this file shows text that is available in many configure.ac templates on the Internet. * AC_CANONICAL_HOST, we don't need the canonical host-system type to build this software. * AC_CONFIG_SRCDIR is not used in other userspace software in the tree. * AC_DEFINE _GNU_SOURCE, define this where it's needed instead. * AC_DEFINE _STDC_FORMAT_MACROS is not used in this codebase. * AC_HEADER_STDC checks for ANSI C89 headers, however, we need more than just this C standard, so this doesn't guarantee anything at all. * Remove "Checks for libraries" comment, it's obvious. * AC_HEADER_ASSERT allows us to disable assertions, this is bad because this is helping us to diagnose bugs and incomplete features. * AC_CHECK_HEADERS is checking for an arbitrary list of headers, this still doesn't even guarantee that we can actually do a successful compilation in a broken system. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
* nftables: rearrange files and examplesArturo Borrero Gonzalez2018-02-251-2/+0
| | | | | | | | | | | | | | Concatenate all family/hook examples into a single one by means of includes. Put all example files under examples/. Use the '.nft' prefix and mark them as executable files. Use a static shebang declaration, since these are examples meant for final systems and users. While at it, refresh also the sets_and_maps.nft example file and also add the 'netdev-ingress.nft' example file. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Make missing docbook2man an error if man build requestedVille Skyttä2018-02-141-1/+1
| | | | | | | | | | Previously, if man page build was enabled but no suitable docbook2man or the like tool was found, build failed at a later stage with undescriptive error message. Fail early and explicitly at configure stage instead. Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.8.2v0.8.2Pablo Neira Ayuso2018-02-021-1/+1
| | | | | | | | | This release includes incremental fixes since last release plus meta secpath support. libnftnl 1.0.9 is still OK as dependency, actually it just prints meta secpath as unknown with --debug=netlink but I don't think that is worth a libnftnl library release. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Remove macro AC_CHECK_FUNCSVarsha Rao2018-01-251-3/+0
| | | | | | | | | | Functions memmove, strchr, strerror and strdup are defined in string.h header file. Also, strtoull is defined in stdlib.h header file. These header files are checked by AC_CHECK_HEADERS macro. AC_CHECK_FUNCS macro is not required, so remove it. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Allow to disable man page buildingPhil Sutter2018-01-191-12/+21
| | | | | | | | | | | | Aparently there are distributions which come with incompatible docbook implementations. On those, forced man page creating if required binaries are found leads to build failure. Allow them to conveniently disable man page output instead of having to pass undocumented variables to configure. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Fix help text regarding --enable-debugPhil Sutter2018-01-191-1/+1
| | | | | | | | | Debugging symbols are enabled by default, so list '--disable-debug' in help output rather than '--enable-debug'. This way it is also consistent with the parameter's description. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Eliminate forgotten traces of libnftables exportingPhil Sutter2018-01-191-1/+0
| | | | | | | | | This removes libnftables pkg-config file along with the few lines of code to adjust and install it. Fixes: d572d59788143 ("Make libnftables a local static library") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Remove AC_HEADER_STDBOOL, AC_C_ and AC_TYPE_ macrosVarsha Rao2018-01-191-16/+0
| | | | | | | | | | | | | | | | | The following macros check if particular C types in specific header file exists, these header files defines them and are already included in the source code. So, remove them. AC_HEADER_STDBOOL - stdbool.h AC_TYPE_INT and AC_TYPE_UINT - stdint.h or inttypes.h AC_TYPE_OFF_T and AC_TYPE_UID_T - sys/types.h AC_TYPE_SIZE_T - stddef.h, string.h, stdlib.h or stdio.h Remove AC_C_CONST and AC_C_INLINE as gcc supports inline and const keywords. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.8.1v0.8.1Pablo Neira Ayuso2018-01-111-2/+2
| | | | | | | A release including incremental fixes since last release. Still it needs libnftnl 1.0.9 because of nftnl_expr_fprint(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Split code into frontend and libraryPhil Sutter2017-11-161-0/+4
| | | | | | | | | | | | | | | | | | | | | | | This finally creates the libnftables shared object. For some reason, this causes two compiler warnings to appear: | parser_bison.y: In function 'nft_parse': | parser_bison.y:131:3: warning: implicit declaration of function 'nft_set_debug' [-Wimplicit-function-declaration] | nft_set_debug(1, scanner); | ^~~~~~~~~~~~~ | parser_bison.c:64:25: warning: implicit declaration of function 'nft_lex' [-Wimplicit-function-declaration] | #define yylex nft_lex | ^ | parser_bison.c:4745:16: note: in expansion of macro 'yylex' | yychar = yylex (&yylval, &yylloc, scanner); So this patch contains a workaround, namely declaring both functions in src/parser_bison.y. During linking the objects are found, so this is rather a matter of cosmetics. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Move library stuff out of main.cPhil Sutter2017-10-241-0/+1
| | | | | | | | This creates src/libnftables.c and include/nftables/nftables.h which will become the central elements of libnftables. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Bump version to v0.8v0.8Pablo Neira Ayuso2017-10-101-3/+3
| | | | | | | | | Update libnftnl dependency up to latest (1.0.8). Dedicate this release to Joe Btfsplk [1], the world worst jinx. [1] https://en.wikipedia.org/wiki/Joe_Btfsplk#/media/File:Joe_Btfsplk_Excerpt.png Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove ifdef DEBUG pollutionPablo Neira Ayuso2017-08-231-2/+2
| | | | | | | | | | | | | | | Get rid of lots of ifdef DEBUG pollution in the code. The --debug= option is useful to get feedback from users, so it should be always there. And we really save nothing from keeping this code away from the control plane with a compile time option. Just running tests/shell/ before and after this patch, time shows almost no difference. So this patch leaves --enable-debug around to add debugging symbols in your builds, this is left set on by default. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Require newer version of libxtablesElise Lennion2017-02-051-1/+1
| | | | | | | | | | | | Currently, the configure script requires xtables v1.6.0 when the option --with-xtables is given. However, nftables-0.7 build fails with this version, xtables v1.6.1 is the minimum required to have libxtables support. Fixes(Bug 1110 - Build failure if --with-xtables). Signed-off-by: Elise Lennion <elise.lennion@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: Bump version to v0.7Pablo Neira Ayuso2016-12-201-4/+4
| | | | | | | | | Update libnftnl dependency up to latest (1.0.7). Update my copyright statements. Dedicate this release to Scroodge McDuck [1]. [1] https://en.wikipedia.org/wiki/Scrooge_McDuck#/media/File:ScroogeFirst.jpg Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>