nftables: introduce experimental nftables
authorSteven Barth <cyrus@openwrt.org>
Wed, 17 Sep 2014 12:11:06 +0000 (12:11 +0000)
committerSteven Barth <cyrus@openwrt.org>
Wed, 17 Sep 2014 12:11:06 +0000 (12:11 +0000)
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42598

package/network/utils/nftables/Makefile [new file with mode: 0644]
package/network/utils/nftables/patches/100-no-interactive.patch [new file with mode: 0644]

diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile
new file mode 100644 (file)
index 0000000..8fccc65
--- /dev/null
@@ -0,0 +1,39 @@
+# Copyright (C) 2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nftables
+PKG_VERSION:=0.3+2014-09-11
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=git://git.netfilter.org/nftables
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=ae355b89e7b74c28de753bf2878a8e189030ad47
+PKG_MAINTAINER:=Steven Barth <steven@midlink.org>
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nftables
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Firewall
+  TITLE:=nftables packet filtering userspace utility
+  DEPENDS:=+kmod-nft-core +kmod-nft-nat +libnftnl +libgmp
+  URL:=http://netfilter.org/projects/nftables/
+endef
+
+
+define Package/nftables/install
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(CP) $(PKG_BUILD_DIR)/src/nft $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,nftables))
diff --git a/package/network/utils/nftables/patches/100-no-interactive.patch b/package/network/utils/nftables/patches/100-no-interactive.patch
new file mode 100644 (file)
index 0000000..47eb32c
--- /dev/null
@@ -0,0 +1,38 @@
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -3,7 +3,6 @@ PROGRAMS               += nft
+ nft-destdir           := @sbindir@
+ nft-obj                       += main.o
+-nft-obj                       += cli.o
+ nft-obj                       += rule.o
+ nft-obj                       += statement.o
+ nft-obj                       += datatype.o
+--- a/src/main.c
++++ b/src/main.c
+@@ -334,7 +334,7 @@ int main(int argc, char * const *argv)
+               if (scanner_read_file(scanner, filename, &internal_location) < 0)
+                       goto out;
+       } else if (interactive) {
+-              cli_init(&state);
++              fprintf(stderr, "%s: interactive mode not supported\n", argv[0]);
+               return 0;
+       } else {
+               fprintf(stderr, "%s: no command specified\n", argv[0]);
+--- a/configure.ac
++++ b/configure.ac
+@@ -71,13 +71,11 @@ AC_CHECK_LIB([nftnl], [nft_rule_alloc],
+ AC_CHECK_LIB([gmp], [__gmpz_init], ,
+            AC_MSG_ERROR([No suitable version of libgmp found]))
+-AC_CHECK_LIB([readline], [readline], ,
+-           AC_MSG_ERROR([No suitable version of libreadline found]))
+ # Checks for header files.
+ AC_HEADER_STDC
+ AC_HEADER_ASSERT
+-AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h libintl.h limits.h malloc.h \
++AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h limits.h malloc.h \
+                 netdb.h netinet/in.h netinet/ip.h netinet/ip6.h \
+                 netinet/tcp.h netinet/udp.h netinet/ip_icmp.h \
+                 stddef.h stdint.h stdlib.h string.h unistd.h], ,