summaryrefslogtreecommitdiffstats
path: root/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* build: no recursive make for "doc/Makefile.am"Thomas Haller2023-11-021-1/+0
| | | | | | | | Merge the Makefile.am under "doc/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: no recursive make for "examples/Makefile.am"Thomas Haller2023-11-021-1/+0
| | | | | | | | Merge the Makefile.am under "examples/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: no recursive make for "src/Makefile.am"Thomas Haller2023-11-021-1/+0
| | | | | | | | Merge the Makefile.am under "src/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: no recursive make for "files/**/Makefile.am"Thomas Haller2023-11-021-4/+0
| | | | | | | | Merge the Makefile.am under "files/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: no recursive make for "py/Makefile.am"Thomas Haller2023-11-021-1/+0
| | | | | | | | Merge the Makefile.am under "py/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: no recursive-make for "include/**/Makefile.am"Thomas Haller2023-11-021-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch from recursive-make to a single top-level Makefile. This is the first step, the following patches will continue this. Unlike meson's subdir() or C's #include, automake's SUBDIRS= does not include a Makefile. Instead, it calls `make -C $dir`. https://www.gnu.org/software/make/manual/html_node/Recursion.html https://www.gnu.org/software/automake/manual/html_node/Subdirectories.html See also, "Recursive Make Considered Harmful". https://accu.org/journals/overload/14/71/miller_2004/ This has several problems, which we an avoid with a single Makefile: - recursive-make is harder to maintain and understand as a whole. Recursive-make makes sense, when there are truly independent sub-projects. Which is not the case here. The project needs to be considered as a whole and not one directory at a time. When we add unit tests (which we should), those would reside in separate directories but have dependencies between directories. With a single Makefile, we see all at once. The build setup has an inherent complexity, and that complexity is not necessarily reduced by splitting it into more files. On the contrary it helps to have it all in once place, provided that it's sensibly structured, named and organized. - typing `make` prints irrelevant "Entering directory" messages. So much so, that at the end of the build, the terminal is filled with such messages and we have to scroll to see what even happened. - with recursive-make, during build we see: make[3]: Entering directory '.../nftables/src' CC meta.lo meta.c:13:2: error: #warning hello test [-Werror=cpp] 13 | #warning hello test | ^~~~~~~ With a single Makefile we get CC src/meta.lo src/meta.c:13:2: error: #warning hello test [-Werror=cpp] 13 | #warning hello test | ^~~~~~~ This shows the full filename -- assuming that the developer works from the top level directory. The full name is useful, for example to copy+paste into the terminal. - single Makefile is also faster: $ make && perf stat -r 200 -B make -j I measure 35msec vs. 80msec. - recursive-make limits parallel make. You have to craft the SUBDIRS= in the correct order. The dependencies between directories are limited, as make only sees "LDADD = $(top_builddir)/src/libnftables.la" and not the deeper dependencies for the library. - I presume, some people like recursive-make because of `make -C $subdir` to only rebuild one directory. Rebuilding the entire tree is already very fast, so this feature seems not relevant. Also, as dependency handling is limited, we might wrongly not rebuild a target. For example, make check touch src/meta.c make -C examples check does not rebuild "examples/nft-json-file". What we now can do with single Makefile (and better than before), is `make examples/nft-json-file`, which works as desired and rebuilds all dependencies. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* build: Bump version to 1.0.9v1.0.9Pablo Neira Ayuso2023-10-191-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: drop AM_PROG_CC_C_O autoconf checkThomas Haller2023-08-251-1/+0
| | | | | | | | | | | | This macro is obsolete since automake 1.14 (2013). It might have been unnecessary even before, in practice only gcc/clang are supported compilers. [1] https://www.gnu.org/software/automake/manual/html_node/Public-Macros.html#index-AM_005fPROG_005fCC_005fC_005fO [2] https://lists.gnu.org/archive/html/info-gnu/2013-06/msg00009.html Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: use AC_USE_SYSTEM_EXTENSIONS to get _GNU_SOURCEThomas Haller2023-08-251-0/+3
| | | | | | | | | | | | | | | | | Let "configure" detect which features are available. Also, nftables is a Linux project, so portability beyond gcc/clang and glibc/musl is less relevant. And even if it were, then feature detection by "configure" would still be preferable. Use AC_USE_SYSTEM_EXTENSIONS ([1]). Available since autoconf 2.60, from 2006 ([2]). [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Posix-Variants.html#index-AC_005fUSE_005fSYSTEM_005fEXTENSIONS-1046 [2] https://lists.gnu.org/archive/html/autoconf/2006-06/msg00111.html Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nftutils: add and use wrappers for getprotoby{name,number}_r(), ↵Thomas Haller2023-08-201-0/+4
| | | | | | | | | | | | | | | getservbyport_r() We should aim to use the thread-safe variants of getprotoby{name,number} and getservbyport(). However, they may not be available with other libc, so it requires a configure check. As that is cumbersome, add wrappers that do that at one place. These wrappers are thread-safe, if libc provides the reentrant versions. Use them. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: remove setup.py integration with autotoolsPablo Neira Ayuso2023-07-311-26/+0
| | | | | | | | | | | | | With Python distutils and setuptools going deprecated, remove integration with autotools. This integration is causing issues in modern environments. Note that setup.py is still left in place under the py/ folder. Update INSTALL file to refer to Python support and setup.py. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.8v1.0.8Pablo Neira Ayuso2023-07-141-3/+3
| | | | | | | Update dependency on libnftnl >= 1.2.6 which contains support for meta broute. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.7v1.0.7Pablo Neira Ayuso2023-03-131-3/+3
| | | | | | | Update dependency on libnftnl >= 1.2.5 which contains support for inner header matching. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.6v1.0.6Pablo Neira Ayuso2022-12-211-3/+3
| | | | | | Update dependency on libnftnl >= 1.2.4 which contains fixes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Makefile: Create LZMA-compressed dist-filesPhil Sutter2022-12-091-1/+1
| | | | | | | | Use a more modern alternative to bzip2. Suggested-by: Jan Engelhardt <jengelh@inai.de> Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Phil Sutter <phil@nwl.cc>
* build: Bump version to 1.0.5v1.0.5Pablo Neira Ayuso2022-08-091-3/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.4v1.0.4Pablo Neira Ayuso2022-06-071-3/+3
| | | | | | Bump libnftnl dependency to fix --debug with new TCP reset support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.3v1.0.3Pablo Neira Ayuso2022-05-311-2/+2
| | | | | | Still requires libnftnl 1.2.1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.2Pablo Neira Ayuso2022-02-211-2/+2
| | | | | | Still requires libnftnl 1.2.1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add libnftables example programPablo Neira Ayuso2022-02-171-0/+1
| | | | | | | Create an example folder to add example source code files to show how to use libnftables. Add first example program using the buffer API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: fix autoconf warningsJeremy Sowden2021-12-151-5/+3
| | | | | | | | | | | | | | | | | | | | | | | autoconf complains about three obsolete macros. `AC_CONFIG_HEADER` has been superseded by `AC_CONFIG_HEADERS`, so replace it. `AM_PROG_LEX` calls `AC_PROG_LEX` with no arguments, but this usage is deprecated. The only difference between `AM_PROG_LEX` and `AC_PROG_LEX` is that the former defines `$LEX` as "./build-aux/missing lex" if no lex is found to ensure a useful error is reported when make is run. How- ever, the configure script checks that we have a working lex and exits with an error if none is available, so `$LEX` will never be called and we can replace `AM_PROG_LEX` with `AC_PROG_LEX`. `AM_PROG_LIBTOOL` has been superseded by `LT_INIT`, which is already in configure.ac, so remove it. We can also replace `AC_DISABLE_STATIC` with an argument to `LT_INIT`. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to 1.0.1v1.0.1Pablo Neira Ayuso2021-11-181-3/+3
| | | | | | Requires libnftnl 1.2.1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: default to libedit for cliPablo Neira Ayuso2021-10-251-1/+1
| | | | | | | readline support only compiles for libreadline5, set libedit as default library. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v1.0.0v1.0.0Pablo Neira Ayuso2021-08-171-2/+2
| | | | | | | Update libversion since new API has been added in 9edaa6a51eab ("src: add --define key=value"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.9v0.9.9Pablo Neira Ayuso2021-05-251-3/+3
| | | | | | | | Update release name based on the Fearless Fosdick series: Prudence Pimpleton. Bump dependencies on libnftnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.8v0.9.8Pablo Neira Ayuso2021-01-151-3/+3
| | | | | | | | | | | Update release name based on the Fearless Fosdick series: E.D.S. E.D.S. is the robotic "Electronic Detective Substitute" appearing in the "Hole Story". Bump dependencies on libnftnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cli: add libedit supportPablo Neira Ayuso2021-01-051-1/+6
| | | | | | | | Extend cli to support for libedit readline shim code: ./configure --with-cli=editline Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: search for python3Pablo Neira Ayuso2020-12-151-1/+1
| | | | | | | Eric Garver says: "It would probably be better to use the automake macro AM_PATH_PYTHON. [...] The above is fine for now." Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.7v0.9.7Pablo Neira Ayuso2020-10-261-3/+3
| | | | | | | | Update release name based on the Fearless Fosdick series: Anyface. Bump dependencies on libnftnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.6v0.9.6Pablo Neira Ayuso2020-06-151-2/+2
| | | | | | | | | | v0.9.5 broke 'vmap' support: https://bugzilla.kernel.org/show_bug.cgi?id=208093 Release new version to fix this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.5v0.9.5Pablo Neira Ayuso2020-06-061-4/+4
| | | | | | | | Update release name based on Jazz series, Gene Krupa's "Capital Idea". Bump dependencies on libmnl and libnftnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Fix doc build, restore A2X assignment for doc/MakefileStefano Brivio2020-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4f2813a313ae ("build: Include generated man pages in dist tarball") skips AC_CHECK_PROG for A2X altogether if doc/nft.8 is already present. Now, starting from a clean situation, we can have this sequence: ./configure # doc/nft.8 not there, A2X set in doc/Makefile make # builds doc/nft.8 ./configure # doc/nft.8 is there, A2X left empty in doc/Makefile make clean # removes doc/nft.8 make resulting in: [...] GEN nft.8 /bin/sh: -L: command not found make[2]: *** [Makefile:639: nft.8] Error 127 and the only way to get out of this is to issue ./configure again after make clean, which is rather unexpected. Instead of skipping AC_CHECK_PROG when doc/nft.8 is present, keep it and simply avoid returning failure if a2x(1) is not available but doc/nft.8 was built, so that A2X is properly set in doc/Makefile whenever needed. Fixes: 4f2813a313ae ("build: Include generated man pages in dist tarball") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Allow building from tarballs without yacc/lexMatt Turner2020-04-191-2/+2
| | | | | | | | The generated files are included in the tarballs already, but configure.ac was coded to fail if yacc/lex were not found regardless. Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Include generated man pages in dist tarballMatt Turner2020-04-191-1/+1
| | | | | | | | | | | | | | | | | | Most projects ship pre-generated man pages in the distribution tarball so that builders don't need the documentation tools installed, similar to how bison-generated sources are included. To do this, we conditionalize the presence check of a2x on whether nft.8 already exists in the source directory, as it would exist if included in the distribution tarball. Secondly, we move the 'if BUILD_MAN' conditional to around the man page generation rules. This ensures that the man pages are unconditionally installed. Also only add the man pages to CLEANFILES if their generation is enabled. Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.4v0.9.4Pablo Neira Ayuso2020-04-011-3/+3
| | | | | | | | | Update release name based on Jazz series, Jo Jones Trio's "Jive at Five": https://www.youtube.com/watch?v=phFyIKf2h4s&list=PL_i-72Hx6rt7eQ6D_lxoKEUx5Gk7SRfX3&index=13&t=0s Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: nftables 0.9.3 depends on libnftnl 1.1.5Pablo Neira Ayuso2019-12-051-1/+1
| | | | | | | | nftables 0.9.3 requires libnftnl 1.1.5, otherwise compilation breaks: https://bugs.gentoo.org/701976. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Phil Sutter <phil@nwl.cc>
* build: Bump version to v0.9.3v0.9.3Pablo Neira Ayuso2019-12-021-2/+2
| | | | | | | | Update release name based on Jazz series, Count Basie's "Topsy": https://www.youtube.com/watch?v=Up78NJHESKE Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: Install sample scripts from files/examplesPhil Sutter2019-11-191-0/+1
| | | | | | | | | Assuming these are still relevant and useful as a source of inspiration, install them into DATAROOTDIR/doc/nftables/examples. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cli: add linenoise CLI implementation.Jeremy Sowden2019-10-151-3/+12
| | | | | | | | By default, continue to use libreadline, but if `--with-cli=linenoise` is passed to configure, build the linenoise implementation instead. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: remove unused AC_SUBST macros.Jeremy Sowden2019-09-201-2/+0
| | | | | | | | configure.ac contains a couple of AC_SUBST macros which serve no purpose. Remove them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.2v0.9.2Pablo Neira Ayuso2019-08-191-3/+3
| | | | | | | | | Update dependency on libnftnl. Missing nf_synproxy.h in Makefile.am too. Update release name based Jazz series, Fats Waller performing "Scram": https://www.youtube.com/watch?v=c9-noJc9ifI Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: export public symbols onlyArturo Borrero Gonzalez2019-07-011-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Export public symbols (the library API functions) instead of all symbols in the library. This patch introduces the required macros to manage the visibility attributes (mostly copied from libnftnl.git) and also marks each symbol as exported when they need to be public. Also, introduce a .map file for proper symbol versioning. Previous to this patch, libnftables public symbols were: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 | wc -l 527 With this patch, libnftables symbols are: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 libnftables.so.1 libnftables #MINVER# nft_ctx_add_include_path@Base 0.9.1 nft_ctx_buffer_error@Base 0.9.1 nft_ctx_buffer_output@Base 0.9.1 nft_ctx_clear_include_paths@Base 0.9.1 nft_ctx_free@Base 0.9.1 nft_ctx_get_dry_run@Base 0.9.1 nft_ctx_get_error_buffer@Base 0.9.1 nft_ctx_get_output_buffer@Base 0.9.1 nft_ctx_new@Base 0.9.1 nft_ctx_output_get_debug@Base 0.9.1 nft_ctx_output_get_flags@Base 0.9.1 nft_ctx_output_set_debug@Base 0.9.1 nft_ctx_output_set_flags@Base 0.9.1 nft_ctx_set_dry_run@Base 0.9.1 nft_ctx_set_error@Base 0.9.1 nft_ctx_set_output@Base 0.9.1 nft_ctx_unbuffer_error@Base 0.9.1 nft_ctx_unbuffer_output@Base 0.9.1 nft_run_cmd_from_buffer@Base 0.9.1 nft_run_cmd_from_filename@Base 0.9.1 Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: unbreak non-functionality of --disable-pythonJan Engelhardt2019-06-251-4/+7
| | | | | Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Bump version to v0.9.1v0.9.1Pablo Neira Ayuso2019-06-241-3/+3
| | | | | | | | Update dependency on libnftnl. Update release name too: https://www.youtube.com/watch?v=CTV1To1e5w8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: Clean up AC_ARG_{WITH, ENABLE} invocations, s/==/=/Luis Ressel2019-03-181-19/+15
| | | | | | | | | | | | | | | | | | | | * AC_ARG_ENABLE implicitly defines enable_debug; there's no point in performing extra work just to define with_debug with an identical value. * The same applies to with_xtables and with_libxtables. * The AS_IF block in the `AC_ARG_ENABLE([man-doc], ...` invocation is essentially a noop. All it does is to set enable_man_doc to `yes` if has a value that matches neither `yes` nor `no`. (This could happen if a user calls `configure --enable-man-doc=foo`, but that'd be a user error which we don't need to handle.) * The correct operator for equality tests in `test` is `=`. Some implementations also support `==`, but this is not portable. Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure.ac: Fix a2x checkLuis Ressel2019-03-181-6/+3
| | | | | | | | | | | | | | | * If enable_man_doc is set, but a2x can't be found, configure should fail instead of silently disabling man page creation. * The AS_IF block checking $need_a2x is never active (need_a2x has been removed from configure.ac in 13e44a608 and a277479dc). * AC_CHECK_PROG(VAR, ...) is a noop if VAR is already set, allowing the user to explicitly specify the (path to the) binary in VAR. Adjust the AS_IF check to account for this. Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: osf: copy iptables/utils/pf.os into nftables treeFernando Fernandez Mancera2018-08-231-0/+1
| | | | | | | | As we are going to need pf.os file to load OS fingerprints from the incoming nfnl_osf.c, we copy it into the nftables tree directory "files/osf/". Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove PDF documentation generationPablo Neira Ayuso2018-08-171-16/+0
| | | | | | | | This adds unnecessary complexity to our build infrastructure. People can just manually generate them in PDF in case they need too. So let's keep it simple and remove this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: doc: Convert man page source to asciidocArushi Singhal2018-07-261-14/+4
| | | | | | | This patch converts nft.xml into asciidoc markup. Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* python: installation of binding via make installEric Leblond2018-06-201-0/+24
| | | | | | | | | setup.py is used to build and install the python binding. Call to setup.py are done in Makefile to proceed to build and installation. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>