iptables 1.8.1 support

Makefile

@@ -390,6 +390,7 @@ endef
 # Only some modules have binaries that we install
 # Shouldn't this be specified in the module file?
 bin_modules-$(CONFIG_QBOOT) += qboot
+bin_modules-$(CONFIG_IPTABLES) += iptables
 bin_modules-$(CONFIG_KEXEC) += kexec
 bin_modules-$(CONFIG_TPMTOTP) += tpmtotp
 bin_modules-$(CONFIG_PCIUTILS) += pciutils

modules/iptables

@@ -0,0 +1,38 @@
+modules-$(CONFIG_IPTABLES) += iptables
+
+iptables_version := 1.8.1
+iptables_dir := iptables-$(iptables_version)
+iptables_tar := iptables-$(iptables_version).tar.bz2
+iptables_url := https://netfilter.org/projects/iptables/files/$(iptables_tar)
+iptables_hash := 8fe4f297cf9c9bbab4972f95527f3e484f60c17c61800c9bff562f06c45461d8
+
+iptables_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--build i386-elf-linux \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+	--disable-dependency-tracking \
+	--disable-nftables \
+	--disable-shared \
+	--enable-static \
+
+# Not yet:
+NO=\
+	--enable-bpf-compiler \
+
+# Build and install into the install directory, but we copy out the
+# multi-call binary
+iptables_target := $(MAKE_JOBS) \
+	$(CROSS_TOOLS) \
+	DESTDIR="$(INSTALL)" \
+	install && \
+	cp $(INSTALL)/sbin/iptables $(build)/$(iptables_dir)/iptables/
+
+iptables_output := iptables/iptables
+
+NO-iptables_libraries := \
+	libiptc/.libs/libip4tc.so.0 \
+	libiptc/.libs/libip6tc.so.0 \
+	libxtables/.libs/libxtables.so.12 \
+
+iptables_depends := libnftnl $(musl_dep)

modules/libmnl

@@ -0,0 +1,25 @@
+modules-$(CONFIG_LIBMNL) += libmnl
+
+libmnl_version := 1.0.4
+libmnl_dir := libmnl-$(libmnl_version)
+libmnl_tar := libmnl-$(libmnl_version).tar.bz2
+libmnl_url := https://netfilter.org/projects/libmnl/files/$(libmnl_tar)
+libmnl_hash := 171f89699f286a5854b72b91d06e8f8e3683064c5901fb09d954a9ab6f551f81
+
+libmnl_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--build i386-elf-linux \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+
+# Run one build to generate the executables with the pre-defined
+# exec_prefix and datarootdir, then a second make to install the binaries
+# into our actual target location
+libmnl_target := $(MAKE_JOBS) \
+	$(CROSS_TOOLS) \
+	DESTDIR="$(INSTALL)" \
+	install
+
+libmnl_libraries := src/.libs/libmnl.so
+
+libmnl_depends := $(musl_dep)

modules/libnftnl

@@ -0,0 +1,25 @@
+modules-$(CONFIG_LIBNFTNL) += libnftnl
+
+libnftnl_version := 1.1.1
+libnftnl_dir := libnftnl-$(libnftnl_version)
+libnftnl_tar := libnftnl-$(libnftnl_version).tar.bz2
+libnftnl_url := https://netfilter.org/projects/libnftnl/files/$(libnftnl_tar)
+libnftnl_hash := 5d6a65413f27ec635eedf6aba033f7cf671d462a2afeacc562ba96b19893aff2
+
+libnftnl_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--build i386-elf-linux \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+
+# Run one build to generate the executables with the pre-defined
+# exec_prefix and datarootdir, then a second make to install the binaries
+# into our actual target location
+libnftnl_target := $(MAKE_JOBS) \
+	$(CROSS_TOOLS) \
+	DESTDIR="$(INSTALL)" \
+	install
+
+libnftnl_libraries := src/.libs/libnftnl.so
+
+libnftnl_depends := libmnl $(musl_dep)

patches/iptables-1.8.1.patch

@@ -0,0 +1,25 @@
+diff -u --recursive clean/iptables-1.8.1/include/linux/netfilter.h iptables-1.8.1/include/linux/netfilter.h
+--- clean/iptables-1.8.1/include/linux/netfilter.h	2018-10-22 16:35:23.000000000 -0400
++++ iptables-1.8.1/include/linux/netfilter.h	2018-10-25 18:33:43.473000000 -0400
+@@ -3,8 +3,9 @@
+ 
+ #include <linux/types.h>
+ 
+-#include <linux/in.h>
+-#include <linux/in6.h>
++#include <netinet/in.h>
++//#include <linux/in.h>
++//#include <linux/in6.h>
+ #include <limits.h>
+ 
+ /* Responses from hook functions. */
+diff -u --recursive clean/iptables-1.8.1/iptables/Makefile.in iptables-1.8.1/iptables/Makefile.in
+--- clean/iptables-1.8.1/iptables/Makefile.in	2018-10-23 04:58:09.000000000 -0400
++++ iptables-1.8.1/iptables/Makefile.in	2018-10-25 18:38:38.533000000 -0400
+@@ -1527,3 +1527,6 @@
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:
++
++../extensions/%:
++	$(MAKE) -C $(dir $@) $(notdir $@)