include Config
-VER = 1.3.5
+VER = 1.3.7
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
-DL_FROM = http://ftp.netfilter.org/pub/iptables
+DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
# Top-level Rules
###############################################################################
objects = $(DL_FILE) \
- iptables-1.3.0-imq1.diff \
- netfilter-layer7-v2.6.tar.gz \
+ netfilter-layer7-v2.9.tar.gz \
libnfnetlink-0.0.25.tar.bz2 \
libnetfilter_queue-0.0.13.tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-iptables-1.3.0-imq1.diff = $(URL_IPFIRE)/iptables-1.3.0-imq1.diff
-netfilter-layer7-v2.6.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz
+netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
-$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
-iptables-1.3.0-imq1.diff_MD5 = 9adae8be9562775a176fc1b275b3cb29
-netfilter-layer7-v2.6.tar.gz_MD5 = 58135cd1aafaf4ae2fa478159206f064
+$(DL_FILE)_MD5 = dd965bdacbb86ce2a6498829fddda6b7
+netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
# iptables-fixed.tar.gz is made in the linux kernel build process
- @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13
+ @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13
@cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz
- @cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/iptables-layer7-2.6.patch
+ cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.9.tar.gz
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.9/iptables-layer7-2.9.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_DL)/iptables-1.3.0-imq1.diff
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.3.6-imq.diff
chmod +x $(DIR_APP)/extensions/.IMQ-test* $(DIR_APP)/extensions/.layer7-test*
# hack to disable IPv6 compilation as the configuration variable does not work when ip6.h is present
cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make
cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install
- @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13
+ @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.13
@$(POSTBUILD)
--- /dev/null
+--- iptables-1.3.6.orig/extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970\r
++++ iptables-1.3.6/extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003\r
+@@ -0,0 +1,3 @@\r
++#!/bin/sh\r
++# True if IMQ target patch is applied.\r
++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ\r
+--- iptables-1.3.6.orig/extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970\r
++++ iptables-1.3.6/extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003\r
+@@ -0,0 +1,101 @@\r
++/* Shared library add-on to iptables to add IMQ target support. */\r
++#include <stdio.h>\r
++#include <string.h>\r
++#include <stdlib.h>\r
++#include <getopt.h>\r
++\r
++#include <ip6tables.h>\r
++#include <linux/netfilter_ipv6/ip6_tables.h>\r
++#include <linux/netfilter_ipv6/ip6t_IMQ.h>\r
++\r
++/* Function which prints out usage message. */\r
++static void\r
++help(void)\r
++{\r
++ printf(\r
++"IMQ target v%s options:\n"\r
++" --todev <N> enqueue to imq<N>, defaults to 0\n", \r
++IPTABLES_VERSION);\r
++}\r
++\r
++static struct option opts[] = {\r
++ { "todev", 1, 0, '1' },\r
++ { 0 }\r
++};\r
++\r
++/* Initialize the target. */\r
++static void\r
++init(struct ip6t_entry_target *t, unsigned int *nfcache)\r
++{\r
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;\r
++\r
++ mr->todev = 0;\r
++ *nfcache |= NFC_UNKNOWN;\r
++}\r
++\r
++/* Function which parses command options; returns true if it\r
++ ate an option */\r
++static int\r
++parse(int c, char **argv, int invert, unsigned int *flags,\r
++ const struct ip6t_entry *entry,\r
++ struct ip6t_entry_target **target)\r
++{\r
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;\r
++ \r
++ switch(c) {\r
++ case '1':\r
++ if (check_inverse(optarg, &invert, NULL, 0))\r
++ exit_error(PARAMETER_PROBLEM,\r
++ "Unexpected `!' after --todev");\r
++ mr->todev=atoi(optarg);\r
++ break;\r
++ default:\r
++ return 0;\r
++ }\r
++ return 1;\r
++}\r
++\r
++static void\r
++final_check(unsigned int flags)\r
++{\r
++}\r
++\r
++/* Prints out the targinfo. */\r
++static void\r
++print(const struct ip6t_ip6 *ip,\r
++ const struct ip6t_entry_target *target,\r
++ int numeric)\r
++{\r
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;\r
++\r
++ printf("IMQ: todev %u ", mr->todev);\r
++}\r
++\r
++/* Saves the union ipt_targinfo in parsable form to stdout. */\r
++static void\r
++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)\r
++{\r
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;\r
++\r
++ printf("--todev %u", mr->todev);\r
++}\r
++\r
++static struct ip6tables_target imq = {\r
++ .next = NULL,\r
++ .name = "IMQ",\r
++ .version = IPTABLES_VERSION,\r
++ .size = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),\r
++ .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),\r
++ .help = &help,\r
++ .init = &init,\r
++ .parse = &parse,\r
++ .final_check = &final_check,\r
++ .print = &print,\r
++ .save = &save,\r
++ .extra_opts = opts\r
++};\r
++\r
++static __attribute__((constructor)) void _init(void)\r
++{\r
++ register_target6(&imq);\r
++}\r
+--- iptables-1.3.6.orig/extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970\r
++++ iptables-1.3.6/extensions/.IMQ-test Mon Jun 16 10:12:47 2003\r
+@@ -0,0 +1,3 @@\r
++#!/bin/sh\r
++# True if IMQ target patch is applied.\r
++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ\r
+--- iptables-1.3.6.orig/extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970\r
++++ iptables-1.3.6/extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003\r
+@@ -0,0 +1,101 @@\r
++/* Shared library add-on to iptables to add IMQ target support. */\r
++#include <stdio.h>\r
++#include <string.h>\r
++#include <stdlib.h>\r
++#include <getopt.h>\r
++\r
++#include <iptables.h>\r
++#include <linux/netfilter_ipv4/ip_tables.h>\r
++#include <linux/netfilter_ipv4/ipt_IMQ.h>\r
++\r
++/* Function which prints out usage message. */\r
++static void\r
++help(void)\r
++{\r
++ printf(\r
++"IMQ target v%s options:\n"\r
++" --todev <N> enqueue to imq<N>, defaults to 0\n", \r
++IPTABLES_VERSION);\r
++}\r
++\r
++static struct option opts[] = {\r
++ { "todev", 1, 0, '1' },\r
++ { 0 }\r
++};\r
++\r
++/* Initialize the target. */\r
++static void\r
++init(struct ipt_entry_target *t, unsigned int *nfcache)\r
++{\r
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;\r
++\r
++ mr->todev = 0;\r
++ *nfcache |= NFC_UNKNOWN;\r
++}\r
++\r
++/* Function which parses command options; returns true if it\r
++ ate an option */\r
++static int\r
++parse(int c, char **argv, int invert, unsigned int *flags,\r
++ const struct ipt_entry *entry,\r
++ struct ipt_entry_target **target)\r
++{\r
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;\r
++ \r
++ switch(c) {\r
++ case '1':\r
++ if (check_inverse(optarg, &invert, NULL, 0))\r
++ exit_error(PARAMETER_PROBLEM,\r
++ "Unexpected `!' after --todev");\r
++ mr->todev=atoi(optarg);\r
++ break;\r
++ default:\r
++ return 0;\r
++ }\r
++ return 1;\r
++}\r
++\r
++static void\r
++final_check(unsigned int flags)\r
++{\r
++}\r
++\r
++/* Prints out the targinfo. */\r
++static void\r
++print(const struct ipt_ip *ip,\r
++ const struct ipt_entry_target *target,\r
++ int numeric)\r
++{\r
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;\r
++\r
++ printf("IMQ: todev %u ", mr->todev);\r
++}\r
++\r
++/* Saves the union ipt_targinfo in parsable form to stdout. */\r
++static void\r
++save(const struct ipt_ip *ip, const struct ipt_entry_target *target)\r
++{\r
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;\r
++\r
++ printf("--todev %u", mr->todev);\r
++}\r
++\r
++static struct iptables_target imq = {\r
++ .next = NULL,\r
++ .name = "IMQ",\r
++ .version = IPTABLES_VERSION,\r
++ .size = IPT_ALIGN(sizeof(struct ipt_imq_info)),\r
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_imq_info)),\r
++ .help = &help,\r
++ .init = &init,\r
++ .parse = &parse,\r
++ .final_check = &final_check,\r
++ .print = &print,\r
++ .save = &save,\r
++ .extra_opts = opts\r
++};\r
++\r
++static __attribute__((constructor)) void _init(void)\r
++{\r
++ register_target(&imq);\r
++}\r
+\r