openwrt/package/network/utils/nftables/Makefile

87 lines
2.0 KiB
Makefile
Raw Normal View History

# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2015 OpenWrt.org
#
include $(TOPDIR)/rules.mk
PKG_NAME:=nftables
nftables: update to 1.0.5 Remove upstreamed patch: - 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch Changes: 13248670 build: Bump version to 1.0.5 3432eebd tests/py: disable arp family for queue statement 180ce4d7 meta: don't use non-POSIX formats in strptime() c1c223f1 src: allow anon set concatenation with ether and vlan 87c3041b evaluate: search stacked header list for matching payload dep b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context f680055c tests: add a test case for ether and vlan listing dbd5f348 debug: dump the l2 protocol stack 0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset 89688c94 netlink_delinearize: postprocess binary ands in concatenations 0542a431 netlink_delinearize: allow postprocessing on concatenated elements 8efab552 parser_json: fix device parsing in netdev family 76fae8f5 src: proto: support DF, LE PHB, VA for DSCP 446e76db doc: Document limitations of ipsec expression with xfrm_interface a2ddb38f cache: report an error message if cache initialization fails 649b8ce3 cache: validate handle string length 64c74ba5 cache: prepare nft_cache_evaluate() to return error 46980cdd rule: crash when uncollapsing command with unexisting table or set 8a6cdfaf cache: release pending rules when chain binding lookup fails e17337df evaluate: report missing interval flag when using prefix/range in concatenation 45c097c6 scanner: allow prefix in ip6 scope 6c23bfa5 segtree: fix map listing with interface wildcard 8623772a scanner: don't pop active flex scanner scope 994bf500 parser: add missing synproxy scope closure ed2426bc tests/py: Add a test for failing ipsec after counter 27107b49 evaluate: fix segfault when adding elements to invalid set 0f82b07f mnl: store netlink error location for set elements 15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting f56e901a parser_bison: fix error location for set elements 6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch 5357cb7b intervals: fix crash when trying to remove element in empty set d54510f8 netlink_delinearize: memleak when parsing concatenation data 12a223ce libnftables: release top level scope b91bbf88 optimize: limit statement is not supported yet 45a61a75 optimize: assume verdict is same when rules have no verdict fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational 29e62111 tests: shell: run -c -o on ruleset 887405df optimize: add unsupported statement 8f61a69e optimize: add hash expression support ca8fd77a optimize: add numgen expression support 721efd64 optimize: add binop expression support f7e901a2 optimize: add fib expression support 54b1e49f optimize: add xfrm expression support 0beaea37 optimize: add osf expression support d07fe8e8 optimize: fix verdict map merging 38d48fe5 optimize: fix reject statement f9939f89 optimize: remove comment after merging 8f10f33a optimize: do not print stateful information 3ac932e9 optimize: do not merge rules with set reference in rhs 64ebb03a optimize: do not compare relational expression rhs when collecting statements 59e3a592 intervals: Do not sort cached set elements over and over again d434de8b intervals: do not empty cache for maps 87ba510f intervals: do not report exact overlaps for new elements 498a5f0c rule: collapse set element commands 8fafe4e6 tests: shell: runtime set element automerge 638af0ce Revert "scanner: flags: move to own scope" Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:41:54 +00:00
PKG_VERSION:=1.0.5
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files
nftables: update to 1.0.5 Remove upstreamed patch: - 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch Changes: 13248670 build: Bump version to 1.0.5 3432eebd tests/py: disable arp family for queue statement 180ce4d7 meta: don't use non-POSIX formats in strptime() c1c223f1 src: allow anon set concatenation with ether and vlan 87c3041b evaluate: search stacked header list for matching payload dep b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context f680055c tests: add a test case for ether and vlan listing dbd5f348 debug: dump the l2 protocol stack 0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset 89688c94 netlink_delinearize: postprocess binary ands in concatenations 0542a431 netlink_delinearize: allow postprocessing on concatenated elements 8efab552 parser_json: fix device parsing in netdev family 76fae8f5 src: proto: support DF, LE PHB, VA for DSCP 446e76db doc: Document limitations of ipsec expression with xfrm_interface a2ddb38f cache: report an error message if cache initialization fails 649b8ce3 cache: validate handle string length 64c74ba5 cache: prepare nft_cache_evaluate() to return error 46980cdd rule: crash when uncollapsing command with unexisting table or set 8a6cdfaf cache: release pending rules when chain binding lookup fails e17337df evaluate: report missing interval flag when using prefix/range in concatenation 45c097c6 scanner: allow prefix in ip6 scope 6c23bfa5 segtree: fix map listing with interface wildcard 8623772a scanner: don't pop active flex scanner scope 994bf500 parser: add missing synproxy scope closure ed2426bc tests/py: Add a test for failing ipsec after counter 27107b49 evaluate: fix segfault when adding elements to invalid set 0f82b07f mnl: store netlink error location for set elements 15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting f56e901a parser_bison: fix error location for set elements 6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch 5357cb7b intervals: fix crash when trying to remove element in empty set d54510f8 netlink_delinearize: memleak when parsing concatenation data 12a223ce libnftables: release top level scope b91bbf88 optimize: limit statement is not supported yet 45a61a75 optimize: assume verdict is same when rules have no verdict fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational 29e62111 tests: shell: run -c -o on ruleset 887405df optimize: add unsupported statement 8f61a69e optimize: add hash expression support ca8fd77a optimize: add numgen expression support 721efd64 optimize: add binop expression support f7e901a2 optimize: add fib expression support 54b1e49f optimize: add xfrm expression support 0beaea37 optimize: add osf expression support d07fe8e8 optimize: fix verdict map merging 38d48fe5 optimize: fix reject statement f9939f89 optimize: remove comment after merging 8f10f33a optimize: do not print stateful information 3ac932e9 optimize: do not merge rules with set reference in rhs 64ebb03a optimize: do not compare relational expression rhs when collecting statements 59e3a592 intervals: Do not sort cached set elements over and over again d434de8b intervals: do not empty cache for maps 87ba510f intervals: do not report exact overlaps for new elements 498a5f0c rule: collapse set element commands 8fafe4e6 tests: shell: runtime set element automerge 638af0ce Revert "scanner: flags: move to own scope" Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:41:54 +00:00
PKG_HASH:=8d1b4b18393af43698d10baa25d2b9b6397969beecac7816c35dd0714e4de50a
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
DISABLE_NLS:=
CONFIGURE_ARGS += \
--disable-debug \
--disable-man-doc \
--with-mini-gmp \
--without-cli \
--disable-python
define Package/nftables/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
TITLE:=nftables userspace utility
DEPENDS:=+kmod-nft-core +libnftnl
URL:=http://netfilter.org/projects/nftables/
PROVIDES:=nftables
endef
define Package/nftables-nojson
$(Package/nftables/Default)
TITLE+= no JSON support
VARIANT:=nojson
DEFAULT_VARIANT:=1
CONFLICTS:=nftables-json
endef
define Package/nftables-json
$(Package/nftables/Default)
TITLE+= with JSON support
VARIANT:=json
DEPENDS+=+jansson
endef
ifeq ($(BUILD_VARIANT),json)
CONFIGURE_ARGS += --with-json
endif
TARGET_CFLAGS += -flto
TARGET_LDFLAGS += -flto
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/include/nftables $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnftables.pc \
$(1)/usr/lib/pkgconfig/
endef
define Package/nftables/install/Default
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/nft $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
endef
Package/nftables-nojson/install = $(Package/nftables/install/Default)
Package/nftables-json/install = $(Package/nftables/install/Default)
$(eval $(call BuildPackage,nftables-nojson))
$(eval $(call BuildPackage,nftables-json))