mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-24 02:48:26 +02:00
iptables: make it possible to dynamically configure built-in statically linked extensions, fold -mod-conntrack and -mod-nat into the default package. saves about 8k on an ar71xx default squashfs
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30676 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
417df6b3c3
commit
22c94fc859
@ -19,7 +19,7 @@ define Package/firewall
|
|||||||
URL:=http://openwrt.org/
|
URL:=http://openwrt.org/
|
||||||
TITLE:=OpenWrt firewall
|
TITLE:=OpenWrt firewall
|
||||||
MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
|
MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
|
||||||
DEPENDS:=+iptables +iptables-mod-conntrack +iptables-mod-nat
|
DEPENDS:=+iptables +kmod-ipt-conntrack +kmod-ipt-nat
|
||||||
PKGARCH:=all
|
PKGARCH:=all
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
@ -79,26 +79,6 @@ IPv4 firewall administration tool.
|
|||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/iptables-mod-conntrack
|
|
||||||
$(call Package/iptables/Module, +kmod-ipt-conntrack)
|
|
||||||
TITLE:=Basic connection tracking extensions
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-conntrack/description
|
|
||||||
Basic iptables extensions for connection tracking.
|
|
||||||
|
|
||||||
Matches:
|
|
||||||
- state
|
|
||||||
- conntrack
|
|
||||||
|
|
||||||
Targets:
|
|
||||||
- NOTRACK
|
|
||||||
|
|
||||||
Tables:
|
|
||||||
- raw
|
|
||||||
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-conntrack-extra
|
define Package/iptables-mod-conntrack-extra
|
||||||
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
|
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
|
||||||
TITLE:=Extra connection tracking extensions
|
TITLE:=Extra connection tracking extensions
|
||||||
@ -192,24 +172,6 @@ IPset iptables extensions.
|
|||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/iptables-mod-nat
|
|
||||||
$(call Package/iptables/Module, +kmod-ipt-nat)
|
|
||||||
TITLE:=Basic NAT extensions
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-nat/description
|
|
||||||
iptables extensions for basic NAT targets.
|
|
||||||
|
|
||||||
Targets:
|
|
||||||
- SNAT
|
|
||||||
- DNAT
|
|
||||||
- MASQUERADE
|
|
||||||
|
|
||||||
Tables:
|
|
||||||
- nat
|
|
||||||
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-nat-extra
|
define Package/iptables-mod-nat-extra
|
||||||
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
|
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
|
||||||
TITLE:=Extra NAT extensions
|
TITLE:=Extra NAT extensions
|
||||||
@ -394,13 +356,15 @@ CONFIGURE_ARGS += \
|
|||||||
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
|
$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
|
||||||
--enable-libipq \
|
--enable-libipq \
|
||||||
--with-kernel="$(LINUX_DIR)" \
|
--with-kernel="$(LINUX_DIR)" \
|
||||||
--with-xtlibdir=/usr/lib/iptables
|
--with-xtlibdir=/usr/lib/iptables \
|
||||||
|
--enable-static
|
||||||
|
|
||||||
MAKE_FLAGS := \
|
MAKE_FLAGS := \
|
||||||
$(TARGET_CONFIGURE_OPTS) \
|
$(TARGET_CONFIGURE_OPTS) \
|
||||||
COPT_FLAGS="$(TARGET_CFLAGS)" \
|
COPT_FLAGS="$(TARGET_CFLAGS)" \
|
||||||
KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
|
KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
|
||||||
KBUILD_OUTPUT="$(LINUX_DIR)" \
|
KBUILD_OUTPUT="$(LINUX_DIR)" \
|
||||||
|
BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
|
||||||
|
|
||||||
define Build/InstallDev
|
define Build/InstallDev
|
||||||
$(INSTALL_DIR) $(1)/usr/include
|
$(INSTALL_DIR) $(1)/usr/include
|
||||||
@ -431,13 +395,6 @@ define Package/iptables/install
|
|||||||
$(LN) iptables $(1)/usr/sbin/iptables-save
|
$(LN) iptables $(1)/usr/sbin/iptables-save
|
||||||
$(LN) iptables $(1)/usr/sbin/iptables-restore
|
$(LN) iptables $(1)/usr/sbin/iptables-restore
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/iptables
|
$(INSTALL_DIR) $(1)/usr/lib/iptables
|
||||||
(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
|
|
||||||
for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
|
|
||||||
if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
|
|
||||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
|
|
||||||
fi; \
|
|
||||||
done \
|
|
||||||
)
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/ip6tables/install
|
define Package/ip6tables/install
|
||||||
@ -496,14 +453,12 @@ L7_INSTALL:=\
|
|||||||
|
|
||||||
|
|
||||||
$(eval $(call BuildPackage,iptables))
|
$(eval $(call BuildPackage,iptables))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
|
|
||||||
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
|
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
|
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
|
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
|
$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
|
|
||||||
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
||||||
|
56
package/iptables/patches/200-configurable_builtin.patch
Normal file
56
package/iptables/patches/200-configurable_builtin.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
--- a/extensions/GNUmakefile.in
|
||||||
|
+++ b/extensions/GNUmakefile.in
|
||||||
|
@@ -40,9 +40,24 @@
|
||||||
|
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
|
||||||
|
pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
|
||||||
|
pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
|
||||||
|
-pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
|
||||||
|
-pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
|
||||||
|
-pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
|
||||||
|
+
|
||||||
|
+ifdef BUILTIN_MODULES
|
||||||
|
+pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod})
|
||||||
|
+pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod})
|
||||||
|
+pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod})
|
||||||
|
+else
|
||||||
|
+@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod)
|
||||||
|
+@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod)
|
||||||
|
+@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod)
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
+pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod))
|
||||||
|
+pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod))
|
||||||
|
+pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod))
|
||||||
|
+
|
||||||
|
+pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static})
|
||||||
|
+pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static})
|
||||||
|
+pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static})
|
||||||
|
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
|
||||||
|
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
|
||||||
|
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
|
||||||
|
@@ -54,10 +69,10 @@
|
||||||
|
targets := libext4.a libext6.a matches4.man matches6.man \
|
||||||
|
targets4.man targets6.man
|
||||||
|
targets_install :=
|
||||||
|
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
|
||||||
|
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
|
||||||
|
-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||||
|
-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||||
|
+libext4_objs := ${pfx_objs} ${pf4_objs}
|
||||||
|
+libext6_objs := ${pfx_objs} ${pf6_objs}
|
||||||
|
+targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||||
|
+targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||||
|
|
||||||
|
.SECONDARY:
|
||||||
|
|
||||||
|
@@ -107,8 +122,8 @@
|
||||||
|
libext6.a: initext6.o ${libext6_objs}
|
||||||
|
${AM_VERBOSE_AR} ${AR} crs $@ $^;
|
||||||
|
|
||||||
|
-initext_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
|
||||||
|
-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
|
||||||
|
+initext_func := $(addprefix xt_,${pfx_build_static}) $(addprefix ipt_,${pf4_build_static})
|
||||||
|
+initext6_func := $(addprefix xt_,${pfx_build_static}) $(addprefix ip6t_,${pf6_build_static})
|
||||||
|
|
||||||
|
.initext4.dd: FORCE
|
||||||
|
@echo "${initext_func}" >$@.tmp; \
|
Loading…
Reference in New Issue
Block a user