4 # only add extensions here that are either present in the kernel, or whose
5 # header files are present in the include/linux directory of this iptables
8 PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL ULOG
9 PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS
11 ifeq ($(DO_SELINUX), 1)
12 PF_EXT_SE_SLIB:=SECMARK CONNSECMARK
13 PF6_EXT_SE_SLIB:=SECMARK CONNSECMARK
17 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
18 PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
20 PF_EXT_ALL_SLIB:=$(patsubst extensions/libipt_%.c, %, $(wildcard extensions/libipt_*.c))
21 PF6_EXT_ALL_SLIB:=$(patsubst extensions/libip6t_%.c, %, $(wildcard extensions/libip6t_*.c))
23 PF_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_match extensions/libipt_$(T).c && echo $(T)))
24 PF_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF_EXT_ALL_SLIB),$(shell test -f extensions/libipt_$(T).man && grep -q register_target extensions/libipt_$(T).c && echo $(T)))
25 PF6_EXT_MAN_ALL_MATCHES:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_match6 extensions/libip6t_$(T).c && echo $(T)))
26 PF6_EXT_MAN_ALL_TARGETS:=$(foreach T,$(PF6_EXT_ALL_SLIB),$(shell test -f extensions/libip6t_$(T).man && grep -q register_target6 extensions/libip6t_$(T).c && echo $(T)))
28 PF_EXT_MAN_MATCHES:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_MATCHES))
29 PF_EXT_MAN_TARGETS:=$(filter $(PF_EXT_ALL_SLIB), $(PF_EXT_MAN_ALL_TARGETS))
30 PF_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF_EXT_MAN_MATCHES), $(PF_EXT_MAN_ALL_MATCHES))
31 PF_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF_EXT_MAN_TARGETS), $(PF_EXT_MAN_ALL_TARGETS))
32 PF6_EXT_MAN_MATCHES:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_MATCHES))
33 PF6_EXT_MAN_TARGETS:=$(filter $(PF6_EXT_ALL_SLIB), $(PF6_EXT_MAN_ALL_TARGETS))
34 PF6_EXT_MAN_EXTRA_MATCHES:=$(filter-out $(PF6_EXT_MAN_MATCHES), $(PF6_EXT_MAN_ALL_MATCHES))
35 PF6_EXT_MAN_EXTRA_TARGETS:=$(filter-out $(PF6_EXT_MAN_TARGETS), $(PF6_EXT_MAN_ALL_TARGETS))
39 @echo ALL_SLIB: $(PF_EXT_ALL_SLIB)
40 @echo ALL_MATCH: $(PF_EXT_MAN_ALL_MATCHES)
41 @echo ALL_TARGET: $(PF_EXT_MAN_ALL_TARGETS)
43 PF_EXT_SLIB+=$(PF_EXT_SLIB_OPTS)
44 PF6_EXT_SLIB+=$(PF6_EXT_SLIB_OPTS)
46 OPTIONALS+=$(patsubst %,IPv4:%,$(PF_EXT_SLIB_OPTS))
47 OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS))
50 SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so)
51 SHARED_SE_LIBS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).so)
52 EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so)
53 EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so)
56 SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so)
57 SHARED_SE_LIBS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).so)
58 EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so)
59 EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so)
62 EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o)
63 EXT_OBJS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).o)
64 EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T))
65 EXT_FUNC+=$(foreach T,$(PF_EXT_SE_SLIB),ipt_$(T))
66 EXT_OBJS+= extensions/initext.o
68 EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o)
69 EXT6_OBJS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).o)
70 EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T))
71 EXT6_FUNC+=$(foreach T,$(PF6_EXT_SE_SLIB),ip6t_$(T))
72 EXT6_OBJS+= extensions/initext6.o
74 endif # NO_SHARED_LIBS
76 ifndef TOPLEVEL_INCLUDED
78 cd .. && $(MAKE) $(SHARED_LIBS) $(SHARED_SE_LIBS)
82 extensions/libext.a: $(EXT_OBJS)
83 rm -f $@; ar crv $@ $(EXT_OBJS)
85 extensions/libext6.a: $(EXT6_OBJS)
86 rm -f $@; ar crv $@ $(EXT6_OBJS)
88 extensions/initext.o: extensions/initext.c
89 extensions/initext6.o: extensions/initext6.c
91 extensions/initext.c: extensions/Makefile
93 for i in $(EXT_FUNC); do \
94 echo "extern void $${i}_init(void);" >> $@; \
96 echo "void init_extensions(void) {" >> $@
97 for i in $(EXT_FUNC); do \
98 echo " $${i}_init();" >> $@; \
102 extensions/initext6.c: extensions/Makefile
104 for i in $(EXT6_FUNC); do \
105 echo "extern void $${i}_init(void);" >> $@; \
107 echo "void init_extensions(void) {" >> $@
108 for i in $(EXT6_FUNC); do \
109 echo " $${i}_init();" >> $@; \
113 extensions/lib%.o: extensions/lib%.c
114 $(CC) $(CFLAGS) -D_INIT=$*_init -c -o $@ $<
118 EXTRAS += extensions/libipt_targets.man
119 extensions/libipt_targets.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_TARGETS))
120 @for ext in $(PF_EXT_MAN_TARGETS); do \
122 cat extensions/libipt_$$ext.man ;\
123 done >extensions/libipt_targets.man
124 @if [ -n "$(PF_EXT_MAN_EXTRA_TARGETS)" ]; then \
125 extra=$(PF_EXT_MAN_EXTRA_TARGETS) ;\
126 for ext in $${extra:-""}; do \
127 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\
128 cat extensions/libipt_$$ext.man ;\
130 fi >>extensions/libipt_targets.man
132 EXTRAS += extensions/libipt_matches.man
133 extensions/libipt_matches.man: $(patsubst %,extensions/libipt_%.man,$(PF_EXT_MAN_ALL_MATCHES))
134 @for ext in $(PF_EXT_MAN_MATCHES); do \
136 cat extensions/libipt_$$ext.man ;\
137 done >extensions/libipt_matches.man
138 @if [ -n "$(PF_EXT_MAN_EXTRA_MATCHES)" ]; then \
139 extra=$(PF_EXT_MAN_EXTRA_MATCHES) ;\
140 for ext in $${extra:-""}; do \
141 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\
142 cat extensions/libipt_$$ext.man ;\
144 fi >>extensions/libipt_matches.man
146 EXTRAS += extensions/libip6t_targets.man
147 extensions/libip6t_targets.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_TARGETS))
148 @for ext in $(PF6_EXT_MAN_TARGETS); do \
150 cat extensions/libip6t_$$ext.man ;\
151 done >extensions/libip6t_targets.man
152 @if [ -n "$(PF6_EXT_MAN_EXTRA_TARGETS)" ]; then \
153 extra=$(PF6_EXT_MAN_EXTRA_TARGETS) ;\
154 for ext in $${extra:-""}; do \
155 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\
156 cat extensions/libip6t_$$ext.man ;\
158 fi >>extensions/libip6t_targets.man
160 EXTRAS += extensions/libip6t_matches.man
161 extensions/libip6t_matches.man: $(patsubst %, extensions/libip6t_%.man, $(PF6_EXT_MAN_ALL_MATCHES))
162 @for ext in $(PF6_EXT_MAN_MATCHES); do \
164 cat extensions/libip6t_$$ext.man ;\
165 done >extensions/libip6t_matches.man
166 @if [ -n "$(PF6_EXT_MAN_EXTRA_MATCHES)" ]; then \
167 extra=$(PF6_EXT_MAN_EXTRA_MATCHES) ;\
168 for ext in $${extra:-""}; do \
169 echo ".SS $$ext (not supported, see Patch-O-Matic)" ;\
170 cat extensions/libip6t_$$ext.man ;\
172 fi >>extensions/libip6t_matches.man
174 $(DESTDIR)$(LIBDIR)/iptables/libipt_%.so: extensions/libipt_%.so
175 @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables
178 $(DESTDIR)$(LIBDIR)/iptables/libip6t_%.so: extensions/libip6t_%.so
179 @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables