2022-06-01 05:53:35 +00:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2014-09-17 12:11:06 +00:00
|
|
|
#
|
2022-06-01 05:53:35 +00:00
|
|
|
# Copyright (C) 2015 OpenWrt.org
|
2014-09-17 12:11:06 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
|
|
|
|
PKG_NAME:=nftables
|
nftables: update to 1.0.3
Remove backport:
- 001-examples-compile-with-make-check.patch
87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-01 05:43:13 +00:00
|
|
|
PKG_VERSION:=1.0.3
|
|
|
|
PKG_RELEASE:=1
|
2014-09-17 12:11:06 +00:00
|
|
|
|
2017-12-20 17:22:52 +00:00
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
|
|
|
PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files
|
nftables: update to 1.0.3
Remove backport:
- 001-examples-compile-with-make-check.patch
87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-01 05:43:13 +00:00
|
|
|
PKG_HASH:=47c4eba0105ebd3ffa89553e0702ccb34d8906a91f72ced58ab0d992b29c7748
|
2022-06-01 05:53:35 +00:00
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
PKG_MAINTAINER:=
|
2014-10-21 20:00:56 +00:00
|
|
|
PKG_LICENSE:=GPL-2.0
|
2022-06-01 05:53:35 +00:00
|
|
|
PKG_LICENSE_FILES:=COPYING
|
2014-09-17 12:11:06 +00:00
|
|
|
|
|
|
|
PKG_FIXUP:=autoreconf
|
2018-05-15 03:42:29 +00:00
|
|
|
PKG_INSTALL:=1
|
2014-09-17 12:11:06 +00:00
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
|
2017-12-20 17:22:52 +00:00
|
|
|
DISABLE_NLS:=
|
|
|
|
|
2014-10-06 06:24:53 +00:00
|
|
|
CONFIGURE_ARGS += \
|
2018-05-15 03:42:29 +00:00
|
|
|
--disable-debug \
|
|
|
|
--disable-man-doc \
|
2015-01-08 11:31:36 +00:00
|
|
|
--with-mini-gmp \
|
2014-10-21 20:00:56 +00:00
|
|
|
--without-cli \
|
2020-03-25 09:13:46 +00:00
|
|
|
--disable-python
|
2014-10-06 06:24:53 +00:00
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
define Package/nftables/Default
|
2014-09-17 12:11:06 +00:00
|
|
|
SECTION:=net
|
|
|
|
CATEGORY:=Network
|
|
|
|
SUBMENU:=Firewall
|
2020-03-25 09:13:46 +00:00
|
|
|
TITLE:=nftables userspace utility
|
|
|
|
DEPENDS:=+kmod-nft-core +libnftnl
|
2014-09-17 12:11:06 +00:00
|
|
|
URL:=http://netfilter.org/projects/nftables/
|
2020-03-25 09:13:46 +00:00
|
|
|
PROVIDES:=nftables
|
2014-09-17 12:11:06 +00:00
|
|
|
endef
|
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
define Package/nftables-nojson
|
|
|
|
$(Package/nftables/Default)
|
|
|
|
TITLE+= no JSON support
|
|
|
|
VARIANT:=nojson
|
|
|
|
DEFAULT_VARIANT:=1
|
2022-04-07 20:47:38 +00:00
|
|
|
CONFLICTS:=nftables-json
|
2018-07-31 09:09:34 +00:00
|
|
|
endef
|
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
define Package/nftables-json
|
|
|
|
$(Package/nftables/Default)
|
|
|
|
TITLE+= with JSON support
|
|
|
|
VARIANT:=json
|
|
|
|
DEPENDS+=+jansson
|
|
|
|
endef
|
|
|
|
|
|
|
|
ifeq ($(BUILD_VARIANT),json)
|
|
|
|
CONFIGURE_ARGS += --with-json
|
2018-07-31 09:09:34 +00:00
|
|
|
endif
|
|
|
|
|
2020-09-01 12:05:12 +00:00
|
|
|
TARGET_CFLAGS += -flto
|
|
|
|
TARGET_LDFLAGS += -flto
|
|
|
|
|
2021-10-04 07:47:32 +00:00
|
|
|
define Build/InstallDev
|
|
|
|
$(INSTALL_DIR) $(1)/usr/lib $(1)/usr/include
|
|
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
|
|
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/include/nftables $(1)/usr/include/
|
2021-11-29 20:30:42 +00:00
|
|
|
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
|
|
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnftables.pc \
|
|
|
|
$(1)/usr/lib/pkgconfig/
|
2021-10-04 07:47:32 +00:00
|
|
|
endef
|
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
define Package/nftables/install/Default
|
2014-09-17 12:11:06 +00:00
|
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
2018-05-15 03:42:29 +00:00
|
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/nft $(1)/usr/sbin/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/lib
|
|
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
|
2014-09-17 12:11:06 +00:00
|
|
|
endef
|
|
|
|
|
2020-03-25 09:13:46 +00:00
|
|
|
Package/nftables-nojson/install = $(Package/nftables/install/Default)
|
|
|
|
Package/nftables-json/install = $(Package/nftables/install/Default)
|
|
|
|
|
|
|
|
$(eval $(call BuildPackage,nftables-nojson))
|
|
|
|
$(eval $(call BuildPackage,nftables-json))
|