projects / openwrt / staging / hauke.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
iptables: backport patch fixing bug with string module
[openwrt/staging/hauke.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.8.8
13 PKG_RELEASE:=2
14
15 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f
18
19 PKG_FIXUP:=autoreconf
20 PKG_FLAGS:=nonshared
21
22 PKG_INSTALL:=1
23 PKG_BUILD_FLAGS:=gc-sections no-lto
24 PKG_BUILD_PARALLEL:=1
25 PKG_LICENSE:=GPL-2.0
26 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
27
28 include $(INCLUDE_DIR)/package.mk
29 ifeq ($(DUMP),)
30 -include $(LINUX_DIR)/.config
31 include $(INCLUDE_DIR)/netfilter.mk
32 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
33 endif
34
35
36 define Package/iptables/Default
37 SECTION:=net
38 CATEGORY:=Network
39 SUBMENU:=Firewall
40 URL:=https://netfilter.org/
41 endef
42
43 define Package/iptables/Module
44 $(call Package/iptables/Default)
45 DEPENDS:=+libxtables $(1)
46 endef
47
48 define Package/xtables-legacy
49 $(call Package/iptables/Default)
50 TITLE:=IP firewall administration tool
51 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
52 endef
53
54 define Package/iptables-zz-legacy
55 $(call Package/iptables/Default)
56 TITLE:=IP firewall administration tool
57 DEPENDS+= +xtables-legacy
58 PROVIDES:=iptables iptables-legacy
59 ALTERNATIVES:=\
60 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
61 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
62 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
63 endef
64
65 define Package/iptables-zz-legacy/description
66 IP firewall administration tool.
67
68 Matches:
69 - icmp
70 - tcp
71 - udp
72 - comment
73 - conntrack
74 - limit
75 - mac
76 - mark
77 - multiport
78 - set
79 - state
80 - time
81
82 Targets:
83 - ACCEPT
84 - CT
85 - DNAT
86 - DROP
87 - REJECT
88 - FLOWOFFLOAD
89 - LOG
90 - MARK
91 - MASQUERADE
92 - REDIRECT
93 - SET
94 - SNAT
95 - TCPMSS
96
97 Tables:
98 - filter
99 - mangle
100 - nat
101 - raw
102
103 endef
104
105 define Package/xtables-nft
106 $(call Package/iptables/Default)
107 TITLE:=IP firewall administration tool nft
108 DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
109 endef
110
111 define Package/arptables-nft
112 $(call Package/iptables/Default)
113 DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
114 TITLE:=ARP firewall administration tool nft
115 PROVIDES:=arptables
116 ALTERNATIVES:=\
117 300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
118 300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
119 300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
120 endef
121
122 define Package/ebtables-nft
123 $(call Package/iptables/Default)
124 DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
125 TITLE:=Bridge firewall administration tool nft
126 PROVIDES:=ebtables
127 ALTERNATIVES:=\
128 300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
129 300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
130 300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
131 endef
132
133 define Package/iptables-nft
134 $(call Package/iptables/Default)
135 TITLE:=IP firewall administration tool nft
136 DEPENDS:=+kmod-ipt-core +xtables-nft
137 PROVIDES:=iptables
138 ALTERNATIVES:=\
139 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
140 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
141 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
142 endef
143
144 define Package/iptables-nft/description
145 Extra iptables nftables nft binaries.
146 iptables-nft
147 iptables-nft-restore
148 iptables-nft-save
149 iptables-translate
150 iptables-restore-translate
151 endef
152
153 define Package/iptables-mod-conntrack-extra
154 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
155 TITLE:=Extra connection tracking extensions
156 endef
157
158 define Package/iptables-mod-conntrack-extra/description
159 Extra iptables extensions for connection tracking.
160
161 Matches:
162 - connbytes
163 - connlimit
164 - connmark
165 - recent
166 - helper
167
168 Targets:
169 - CONNMARK
170
171 endef
172
173 define Package/iptables-mod-conntrack-label
174 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
175 TITLE:=Connection tracking labeling extension
176 DEFAULT:=y if IPTABLES_CONNLABEL
177 endef
178
179 define Package/iptables-mod-conntrack-label/description
180 Match and set label(s) on connection tracking entries
181
182 Matches:
183 - connlabel
184
185 endef
186
187 define Package/iptables-mod-filter
188 $(call Package/iptables/Module, +kmod-ipt-filter)
189 TITLE:=Content inspection extensions
190 endef
191
192 define Package/iptables-mod-filter/description
193 iptables extensions for packet content inspection.
194 Includes support for:
195
196 Matches:
197 - string
198 - bpf
199
200 endef
201
202 define Package/iptables-mod-ipopt
203 $(call Package/iptables/Module, +kmod-ipt-ipopt)
204 TITLE:=IP/Packet option extensions
205 endef
206
207 define Package/iptables-mod-ipopt/description
208 iptables extensions for matching/changing IP packet options.
209
210 Matches:
211 - dscp
212 - ecn
213 - length
214 - statistic
215 - tcpmss
216 - unclean
217 - hl
218
219 Targets:
220 - DSCP
221 - CLASSIFY
222 - ECN
223 - HL
224
225 endef
226
227 define Package/iptables-mod-ipsec
228 $(call Package/iptables/Module, +kmod-ipt-ipsec)
229 TITLE:=IPsec extensions
230 endef
231
232 define Package/iptables-mod-ipsec/description
233 iptables extensions for matching ipsec traffic.
234
235 Matches:
236 - ah
237 - esp
238 - policy
239
240 endef
241
242 define Package/iptables-mod-nat-extra
243 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
244 TITLE:=Extra NAT extensions
245 endef
246
247 define Package/iptables-mod-nat-extra/description
248 iptables extensions for extra NAT targets.
249
250 Targets:
251 - MIRROR
252 - NETMAP
253 endef
254
255 define Package/iptables-mod-nflog
256 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
257 TITLE:=Netfilter NFLOG target
258 endef
259
260 define Package/iptables-mod-nflog/description
261 iptables extension for user-space logging via NFNETLINK.
262
263 Includes:
264 - libxt_NFLOG
265
266 endef
267
268 define Package/iptables-mod-trace
269 $(call Package/iptables/Module, +kmod-ipt-debug)
270 TITLE:=Netfilter TRACE target
271 endef
272
273 define Package/iptables-mod-trace/description
274 iptables extension for TRACE target
275
276 Includes:
277 - libxt_TRACE
278
279 endef
280
281
282 define Package/iptables-mod-nfqueue
283 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
284 TITLE:=Netfilter NFQUEUE target
285 endef
286
287 define Package/iptables-mod-nfqueue/description
288 iptables extension for user-space queuing via NFNETLINK.
289
290 Includes:
291 - libxt_NFQUEUE
292
293 endef
294
295 define Package/iptables-mod-hashlimit
296 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
297 TITLE:=hashlimit matching
298 endef
299
300 define Package/iptables-mod-hashlimit/description
301 iptables extensions for hashlimit matching
302
303 Matches:
304 - hashlimit
305
306 endef
307
308 define Package/iptables-mod-rpfilter
309 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
310 TITLE:=rpfilter iptables extension
311 endef
312
313 define Package/iptables-mod-rpfilter/description
314 iptables extensions for reverse path filter test on a packet
315
316 Matches:
317 - rpfilter
318
319 endef
320
321 define Package/iptables-mod-iprange
322 $(call Package/iptables/Module, +kmod-ipt-iprange)
323 TITLE:=IP range extension
324 endef
325
326 define Package/iptables-mod-iprange/description
327 iptables extensions for matching ip ranges.
328
329 Matches:
330 - iprange
331
332 endef
333
334 define Package/iptables-mod-cluster
335 $(call Package/iptables/Module, +kmod-ipt-cluster)
336 TITLE:=Match cluster extension
337 endef
338
339 define Package/iptables-mod-cluster/description
340 iptables extensions for matching cluster.
341
342 Netfilter (IPv4/IPv6) module for matching cluster
343 This option allows you to build work-load-sharing clusters of
344 network servers/stateful firewalls without having a dedicated
345 load-balancing router/server/switch. Basically, this match returns
346 true when the packet must be handled by this cluster node. Thus,
347 all nodes see all packets and this match decides which node handles
348 what packets. The work-load sharing algorithm is based on source
349 address hashing.
350
351 This module is usable for ipv4 and ipv6.
352
353 If you select it, it enables kmod-ipt-cluster.
354
355 see `iptables -m cluster --help` for more information.
356 endef
357
358 define Package/iptables-mod-clusterip
359 $(call Package/iptables/Module, +kmod-ipt-clusterip)
360 TITLE:=Clusterip extension
361 endef
362
363 define Package/iptables-mod-clusterip/description
364 iptables extensions for CLUSTERIP.
365 The CLUSTERIP target allows you to build load-balancing clusters of
366 network servers without having a dedicated load-balancing
367 router/server/switch.
368
369 If you select it, it enables kmod-ipt-clusterip.
370
371 see `iptables -j CLUSTERIP --help` for more information.
372 endef
373
374 define Package/iptables-mod-extra
375 $(call Package/iptables/Module, +kmod-ipt-extra)
376 TITLE:=Other extra iptables extensions
377 endef
378
379 define Package/iptables-mod-extra/description
380 Other extra iptables extensions.
381
382 Matches:
383 - addrtype
384 - condition
385 - owner
386 - pkttype
387 - quota
388
389 endef
390
391 define Package/iptables-mod-physdev
392 $(call Package/iptables/Module, +kmod-ipt-physdev)
393 TITLE:=physdev iptables extension
394 endef
395
396 define Package/iptables-mod-physdev/description
397 The iptables physdev match.
398 endef
399
400 define Package/iptables-mod-led
401 $(call Package/iptables/Module, +kmod-ipt-led)
402 TITLE:=LED trigger iptables extension
403 endef
404
405 define Package/iptables-mod-led/description
406 iptables extension for triggering a LED.
407
408 Targets:
409 - LED
410
411 endef
412
413 define Package/iptables-mod-socket
414 $(call Package/iptables/Module, +kmod-ipt-socket)
415 TITLE:=Socket match iptables extensions
416 endef
417
418 define Package/iptables-mod-socket/description
419 Socket match iptables extensions.
420
421 Matches:
422 - socket
423
424 endef
425
426 define Package/iptables-mod-tproxy
427 $(call Package/iptables/Module, +kmod-ipt-tproxy)
428 TITLE:=Transparent proxy iptables extensions
429 endef
430
431 define Package/iptables-mod-tproxy/description
432 Transparent proxy iptables extensions.
433
434 Targets:
435 - TPROXY
436
437 endef
438
439 define Package/iptables-mod-tee
440 $(call Package/iptables/Module, +kmod-ipt-tee)
441 TITLE:=TEE iptables extensions
442 endef
443
444 define Package/iptables-mod-tee/description
445 TEE iptables extensions.
446
447 Targets:
448 - TEE
449
450 endef
451
452 define Package/iptables-mod-u32
453 $(call Package/iptables/Module, +kmod-ipt-u32)
454 TITLE:=U32 iptables extensions
455 endef
456
457 define Package/iptables-mod-u32/description
458 U32 iptables extensions.
459
460 Matches:
461 - u32
462
463 endef
464
465 define Package/iptables-mod-checksum
466 $(call Package/iptables/Module, +kmod-ipt-checksum)
467 TITLE:=IP CHECKSUM target extension
468 endef
469
470 define Package/iptables-mod-checksum/description
471 iptables extension for the CHECKSUM calculation target
472 endef
473
474 define Package/ip6tables-zz-legacy
475 $(call Package/iptables/Default)
476 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
477 CATEGORY:=Network
478 TITLE:=IPv6 firewall administration tool
479 PROVIDES:=ip6tables ip6tables-legacy
480 ALTERNATIVES:=\
481 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
482 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
483 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
484 endef
485
486 define Package/ip6tables-nft
487 $(call Package/iptables/Default)
488 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
489 TITLE:=IP firewall administration tool nft
490 PROVIDES:=ip6tables
491 ALTERNATIVES:=\
492 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
493 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
494 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
495 endef
496
497 define Package/ip6tables-nft/description
498 Extra ip6tables nftables nft binaries.
499 ip6tables-nft
500 ip6tables-nft-restore
501 ip6tables-nft-save
502 ip6tables-translate
503 ip6tables-restore-translate
504 endef
505
506 define Package/ip6tables-extra
507 $(call Package/iptables/Default)
508 DEPENDS:=+libxtables +kmod-ip6tables-extra
509 TITLE:=IPv6 header matching modules
510 endef
511
512 define Package/ip6tables-extra/description
513 iptables header matching modules for IPv6
514 endef
515
516 define Package/ip6tables-mod-nat
517 $(call Package/iptables/Default)
518 DEPENDS:=+libxtables +kmod-ipt-nat6
519 TITLE:=IPv6 NAT extensions
520 endef
521
522 define Package/ip6tables-mod-nat/description
523 iptables extensions for IPv6-NAT targets.
524 endef
525
526 define Package/libip4tc
527 $(call Package/iptables/Default)
528 SECTION:=libs
529 CATEGORY:=Libraries
530 TITLE:=IPv4 firewall - shared libiptc library
531 ABI_VERSION:=2
532 endef
533
534 define Package/libip6tc
535 $(call Package/iptables/Default)
536 SECTION:=libs
537 CATEGORY:=Libraries
538 TITLE:=IPv6 firewall - shared libiptc library
539 ABI_VERSION:=2
540 endef
541
542 define Package/libiptext
543 $(call Package/iptables/Default)
544 SECTION:=libs
545 CATEGORY:=Libraries
546 TITLE:=IPv4 firewall - shared libiptext library
547 ABI_VERSION:=0
548 DEPENDS:=+libxtables
549 endef
550
551 define Package/libiptext6
552 $(call Package/iptables/Default)
553 SECTION:=libs
554 CATEGORY:=Libraries
555 TITLE:=IPv6 firewall - shared libiptext library
556 ABI_VERSION:=0
557 DEPENDS:=+libxtables
558 endef
559
560 define Package/libiptext-nft
561 $(call Package/iptables/Default)
562 SECTION:=libs
563 CATEGORY:=Libraries
564 TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
565 ABI_VERSION:=0
566 DEPENDS:=+libxtables
567 endef
568
569 define Package/libxtables
570 $(call Package/iptables/Default)
571 SECTION:=libs
572 CATEGORY:=Libraries
573 TITLE:=IPv4/IPv6 firewall - shared xtables library
574 MENU:=1
575 ABI_VERSION:=12
576 DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
577 endef
578
579 define Package/libxtables/config
580 config IPTABLES_CONNLABEL
581 bool "Enable Connlabel support"
582 default n
583 help
584 This enable connlabel support in iptables.
585 endef
586
587 TARGET_CPPFLAGS := \
588 -I$(PKG_BUILD_DIR)/include \
589 -I$(LINUX_DIR)/user_headers/include \
590 $(TARGET_CPPFLAGS)
591
592 TARGET_CFLAGS += \
593 -I$(PKG_BUILD_DIR)/include \
594 -I$(LINUX_DIR)/user_headers/include \
595 -DNO_LEGACY
596
597 CONFIGURE_ARGS += \
598 --enable-shared \
599 --enable-static \
600 --enable-devel \
601 --with-kernel="$(LINUX_DIR)/user_headers" \
602 --with-xtlibdir=/usr/lib/iptables \
603 --with-xt-lock-name=/var/run/xtables.lock \
604 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
605 $(if $(CONFIG_IPV6),,--disable-ipv6)
606
607 MAKE_FLAGS := \
608 $(TARGET_CONFIGURE_OPTS) \
609 COPT_FLAGS="$(TARGET_CFLAGS)" \
610 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
611 KBUILD_OUTPUT="$(LINUX_DIR)" \
612 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
613
614 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
615 define Build/Configure/rebuild
616 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
617 rm -f $(PKG_BUILD_DIR)/.config_*
618 rm -f $(PKG_BUILD_DIR)/.configured_*
619 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
620 endef
621 endif
622
623 define Build/Configure
624 $(Build/Configure/rebuild)
625 $(Build/Configure/Default)
626 endef
627
628 define Build/InstallDev
629 $(INSTALL_DIR) $(1)/usr/include
630 $(INSTALL_DIR) $(1)/usr/include/iptables
631 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
632
633 # XXX: iptables header fixup, some headers are not installed by iptables anymore
634 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
635 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
636 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
637 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
638
639 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
640 $(INSTALL_DIR) $(1)/usr/lib
641 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
642 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
643 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
644 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
645 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
646
647 # XXX: needed by firewall3
648 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
649 endef
650
651 define Package/xtables-legacy/install
652 $(INSTALL_DIR) $(1)/usr/sbin
653 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
654 endef
655
656 define Package/iptables-zz-legacy/install
657 $(INSTALL_DIR) $(1)/usr/sbin
658 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
659 $(INSTALL_DIR) $(1)/usr/lib/iptables
660 endef
661
662 define Package/xtables-nft/install
663 $(INSTALL_DIR) $(1)/usr/sbin
664 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
665 endef
666
667 define Package/arptables-nft/install
668 $(INSTALL_DIR) $(1)/usr/sbin
669 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
670 $(INSTALL_DIR) $(1)/usr/lib/iptables
671 $(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
672 endef
673
674 define Package/ebtables-nft/install
675 $(INSTALL_DIR) $(1)/usr/sbin
676 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
677 $(INSTALL_DIR) $(1)/usr/lib/iptables
678 $(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
679 endef
680
681 define Package/iptables-nft/install
682 $(INSTALL_DIR) $(1)/usr/sbin
683 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
684 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
685 endef
686
687 define Package/ip6tables-zz-legacy/install
688 $(INSTALL_DIR) $(1)/usr/sbin
689 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
690 endef
691
692 define Package/ip6tables-nft/install
693 $(INSTALL_DIR) $(1)/usr/sbin
694 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
695 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
696 endef
697
698 define Package/libip4tc/install
699 $(INSTALL_DIR) $(1)/usr/lib
700 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
701 endef
702
703 define Package/libip6tc/install
704 $(INSTALL_DIR) $(1)/usr/lib
705 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
706 endef
707
708 define Package/libiptext/install
709 $(INSTALL_DIR) $(1)/usr/lib
710 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
711 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
712 endef
713
714 define Package/libiptext6/install
715 $(INSTALL_DIR) $(1)/usr/lib
716 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
717 endef
718
719 define Package/libiptext-nft/install
720 $(INSTALL_DIR) $(1)/usr/lib
721 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
722 endef
723
724 define Package/libxtables/install
725 $(INSTALL_DIR) $(1)/usr/lib
726 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
727 endef
728
729 define BuildPlugin
730 define Package/$(1)/install
731 $(INSTALL_DIR) $$(1)/usr/lib/iptables
732 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
733 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
734 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
735 fi; \
736 done
737 $(3)
738 endef
739
740 $$(eval $$(call BuildPackage,$(1)))
741 endef
742
743 $(eval $(call BuildPackage,libxtables))
744 $(eval $(call BuildPackage,libip4tc))
745 $(eval $(call BuildPackage,libip6tc))
746 $(eval $(call BuildPackage,libiptext))
747 $(eval $(call BuildPackage,libiptext6))
748 $(eval $(call BuildPackage,libiptext-nft))
749 $(eval $(call BuildPackage,xtables-legacy))
750 $(eval $(call BuildPackage,xtables-nft))
751 $(eval $(call BuildPackage,arptables-nft))
752 $(eval $(call BuildPackage,ebtables-nft))
753 $(eval $(call BuildPackage,iptables-nft))
754 $(eval $(call BuildPackage,iptables-zz-legacy))
755 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
756 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
757 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
758 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
759 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
760 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
761 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
762 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
763 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
764 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
765 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
766 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
767 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
768 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
769 $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
770 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
771 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
772 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
773 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
774 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
775 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
776 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
777 $(eval $(call BuildPackage,ip6tables-nft))
778 $(eval $(call BuildPackage,ip6tables-zz-legacy))
779 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
780 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
781
Hauke Mehrtens staging tree