X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=package%2Fnetwork%2Futils%2Fiptables%2FMakefile;h=626b2527619602a50e2df6df64fb466f8d9b578e;hb=deff5fb6c89b58b193bb57ab129cbe441a4404b4;hp=27201b491c4b16a9772582cb33db0b5c0913baf0;hpb=ddbd2cf7813cba765461830bc919a37fb8774387;p=oweals%2Fopenwrt.git diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 27201b491c..626b252761 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -22,6 +22,7 @@ PKG_MD5SUM:=536d048c8e8eeebcd9757d0863ebb0c0 PKG_FIXUP:=autoreconf PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_LICENSE:=GPL-2.0 ifneq ($(CONFIG_EXTERNAL_KERNEL_TREE),"") PATCH_DIR:= @@ -123,7 +124,6 @@ iptables extensions for packet content inspection. Includes support for: Matches: - - layer7 - string endef @@ -246,6 +246,46 @@ iptables extensions for matching ip ranges. endef +define Package/iptables-mod-cluster +$(call Package/iptables/Module, +kmod-ipt-cluster) + TITLE:=Match cluster extension +endef + +define Package/iptables-mod-cluster/description +iptables extensions for matching cluster. + + Netfilter (IPv4/IPv6) module for matching cluster + This option allows you to build work-load-sharing clusters of + network servers/stateful firewalls without having a dedicated + load-balancing router/server/switch. Basically, this match returns + true when the packet must be handled by this cluster node. Thus, + all nodes see all packets and this match decides which node handles + what packets. The work-load sharing algorithm is based on source + address hashing. + + This module is usable for ipv4 and ipv6. + + If you select it, it enables kmod-ipt-cluster. + + see `iptables -m cluster --help` for more information. +endef + +define Package/iptables-mod-clusterip +$(call Package/iptables/Module, +kmod-ipt-clusterip) + TITLE:=Clusterip extension +endef + +define Package/iptables-mod-clusterip/description +iptables extensions for CLUSTERIP. + The CLUSTERIP target allows you to build load-balancing clusters of + network servers without having a dedicated load-balancing + router/server/switch. + + If you select it, it enables kmod-ipt-clusterip. + + see `iptables -j CLUSTERIP --help` for more information. +endef + define Package/iptables-mod-extra $(call Package/iptables/Module, +kmod-ipt-extra) TITLE:=Other extra iptables extensions @@ -352,7 +392,7 @@ define Package/libiptc $(call Package/iptables/Default) SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+libip4tc +IPV6:libip6tc + DEPENDS:=+libip4tc +libip6tc +libxtables TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub) endef @@ -361,6 +401,7 @@ $(call Package/iptables/Default) SECTION:=libs CATEGORY:=Libraries TITLE:=IPv4 firewall - shared libiptc library + DEPENDS:=+libxtables endef define Package/libip6tc @@ -368,6 +409,7 @@ $(call Package/iptables/Default) SECTION:=libs CATEGORY:=Libraries TITLE:=IPv6 firewall - shared libiptc library + DEPENDS:=+libxtables endef define Package/libxtables @@ -385,7 +427,8 @@ TARGET_CPPFLAGS := \ TARGET_CFLAGS += \ -I$(PKG_BUILD_DIR)/include \ -I$(LINUX_DIR)/user_headers/include \ - -ffunction-sections -fdata-sections + -ffunction-sections -fdata-sections \ + -DNO_LEGACY TARGET_LDFLAGS += \ -Wl,--gc-sections @@ -426,8 +469,7 @@ define Build/InstallDev $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/ # XXX: needed by firewall3 - $(INSTALL_DIR) $(1)/usr/lib/iptables - $(CP) $(PKG_BUILD_DIR)/extensions/libext*.a $(1)/usr/lib/iptables/ + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/ endef define Package/iptables/install @@ -450,16 +492,19 @@ endef define Package/libip4tc/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/ endef define Package/libip6tc/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/ endef define Package/libxtables/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/ endef define BuildPlugin @@ -476,19 +521,16 @@ define BuildPlugin $$(eval $$(call BuildPackage,$(1))) endef -L7_INSTALL:=\ - $(INSTALL_DIR) $$(1)/etc/l7-protocols; \ - $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/ - - $(eval $(call BuildPackage,iptables)) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) -$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL))) +$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m))) $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m))) $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m))) $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m))) +$(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m))) +$(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m))) $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m))) $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))