IPT [PATCH] yay, autotools!

IPT [PATCH] yay, autotools!

[Jan Engelhardt]

	“The Reason For Holding Off 1.4.0”

Converts the iptables build infrastructure to autotools.

Many important changes. Should read INSTALL as a start.

	- iptables-static will be a multi binary. I doubt you want split
	binaries on embedded anyway (diskspace constraints).

	- A new binary, iptables-mtss is built (semi-static, with glibc but
	without plugins).

	I do not think iptables-static makes any sense (neither now nor
	before this move to autotools), because ld rightly tells me that
	building with -static will cause loading of glibc parts /anyway/
	because of getserv*() in xt_dccp and so on.

	- Can build both (full, semi-)static and dynamic at the same time

	- not so happy with .*-test yet, but I really wanted to get rid of
	the fixed module list in extensions/Makefile because it's just a
	.rej PITA.

	- any reason not to always build ipv6 unconditionally?

	- I think we should move all manuals to libxt_*.man or perhaps
	even *.man, would reduce Makefile LOC.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>

Patch instructions:
 delete Makefile
 delete extensions/Makefile
 delete libiptc/Makefile
 create autogen.sh with mode 0755
 rename libipt_dscp_helper.c to dscp_helper.c (delete hunks before applying)

---
 INSTALL                         |   46 ++++----
 Makefile.am                     |  106 ++++++++++++++++++++
 autogen.sh                      |    4 
 configure.ac                    |   51 +++++++++
 extensions/.condition-test      |    5 
 extensions/.condition-test6     |    5 
 extensions/.set-test            |    4 
 extensions/GNUmakefile.in       |  207 ++++++++++++++++++++++++++++++++++++++++
 extensions/dscp_helper.c        |   81 +++++++++++++++
 extensions/libipt_dscp_helper.c |   81 ---------------
 extensions/libxt_DSCP.c         |    2 
 extensions/libxt_dscp.c         |    2 
 include/xtables.h               |   13 +-
 13 files changed, 491 insertions(+), 116 deletions(-)

Index: iptables/INSTALL
===================================================================
--- iptables.orig/INSTALL
+++ iptables/INSTALL
@@ -5,15 +5,21 @@ FOLLOW THESE STEPS:
    in a seperate package, called patch-o-matic.  It is available from
    ftp://ftp.netfilter.org/pub/patch-o-matic/
 
-1) Next, make the package.
-	% make KERNEL_DIR=<<where-you-built-your-kernel>>
+1) Next, make the package. If you use a standard distribution kernel,
+   just run ./configure.
 
-2) Finally, you need to to install the shared libraries, and the binary:
-	# make install KERNEL_DIR=<<where-you-built-your-kernel>>
+   If you want to build against an own kernel tree:
 
-If you are a developer, you can install the headers, development libraries
-and associated development man pages, with:
-	# make install-devel
+	$ ./configure --with-kernel=/home/jengelh/mykernel
+
+   or whereever you put it. If you are using a dedicated kernel build
+   directory, you use:
+
+	$ ./configure --with-kbuild=<<where-built>> --with-ksource=<<source>>
+
+2) Finally, you need to install the binaries and shared libraries:
+
+	# make install
 
 That's it!
 ================================================================
@@ -21,27 +27,23 @@ PROBLEMS YOU MAY ENCOUNTER:
 
 1) This package requires a 2.4.4 kernel, or above.
 
-2) If you get the kernel directory wrong, you may see a message like:
-	Please try `make KERNEL_DIR=path-to-correct-kernel'
+2) If you get the kernel directory wrong, you may get compile failures.
 
 3) If you want to specify alternate directories for installation
 (instead of /usr/local/ bin lib man), do this:
 
-	% make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man
-	# make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install
+	$ ./configure --prefix=/usr
+	$ make
+	# make install
 
-4) If you want to build a statically linked version of the iptables binary,
+4) The make process will automatically build a multipurpose binary under the
+   names iptables-multi and ip6tables-multi.
+
+5) If you want to build a statically linked version of the iptables binary,
    without the need for loading the plugins at runtime (e.g. for an embedded
    device or router-on-a-disk), please use
 
-	% make NO_SHARED_LIBS=1
-
-5) If you want to build a single BusyBox style multipurpose binary instead of
-   the individual iptables, iptables-save and iptables-restore binaries, then
-   please use
-
-	% make DO_MULTI=1
+	$ ./configure --enable-static
 
-NOTE: make sure you build with at least the correct LIBDIR=
-specification, otherwise iptables(8) won't know where to find the
-dynamic objects.
+   which will build both a semi-static multi binary (iptables-mtss, uses
+   libc but not plugins) and a fully static multi binary (iptables-static).
Index: iptables/Makefile.am
===================================================================
--- /dev/null
+++ iptables/Makefile.am
@@ -0,0 +1,106 @@
+# -*- Makefile -*-
+
+AUTOMAKE_OPTIONS = foreign subdir-objects
+AM_CFLAGS        = ${regular_CFLAGS} -I${top_srcdir}/include
+SUBDIRS          = extensions
+
+if DO_IPV6
+libip6tc_SOURCES = libiptc/libip6tc.c
+endif
+libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c ${libip6tc_SOURCES}
+
+# iptables, dynamic
+iptables_SOURCES          = iptables-standalone.c iptables.c xtables.c
+iptables_LDFLAGS          = -rdynamic
+iptables_LDADD            = -ldl libiptc/libiptc.a extensions/libext4.a
+
+iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
+                            iptables-restore.c iptables-xml.c \
+                            iptables-standalone.c iptables.c xtables.c
+iptables_multi_CFLAGS     = ${AM_CFLAGS} -DIPTABLES_MULTI
+iptables_multi_LDFLAGS    = ${iptables_LDFLAGS}
+iptables_multi_LDADD      = ${iptables_LDADD}
+
+iptables_restore_SOURCES  = iptables-restore.c iptables.c xtables.c
+iptables_restore_LDFLAGS  = ${iptables_LDFLAGS}
+iptables_restore_LDADD    = ${iptables_LDADD}
+
+iptables_save_SOURCES     = iptables-save.c iptables.c xtables.c
+iptables_save_LDFLAGS     = ${iptables_LDFLAGS}
+iptables_save_LDADD       = ${iptables_LDADD}
+
+# iptables-multi, semi-static
+iptables_mtss_SOURCES     = ${iptables_multi_SOURCES}
+iptables_mtss_CFLAGS      = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
+iptables_mtss_LDADD       = libiptc/libiptc.a extensions/libext4.a
+
+# iptables-multi, fully static
+iptables_static_SOURCES   = ${iptables_mtss_SOURCES}
+iptables_static_CFLAGS    = ${iptables_mtss_CFLAGS}
+iptables_static_LDFLAGS   = -Xcompiler -static
+iptables_static_LDADD     = libiptc/libiptc.a extensions/libext4.a
+
+iptables_xml_SOURCES      = iptables-xml.c
+
+# ip6tables, dynamic
+ip6tables_SOURCES         = ip6tables-standalone.c ip6tables.c xtables.c
+ip6tables_LDFLAGS         = -rdynamic
+ip6tables_LDADD           = -ldl libiptc/libiptc.a extensions/libext6.a
+
+ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
+                            ip6tables-restore.c ip6tables-standalone.c \
+                            ip6tables.c xtables.c
+ip6tables_multi_CFLAGS    = ${AM_CFLAGS} -DIPTABLES_MULTI
+ip6tables_multi_LDFLAGS   = ${ip6tables_LDFLAGS}
+ip6tables_multi_LDADD     = ${ip6tables_LDADD}
+
+ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c xtables.c
+ip6tables_restore_LDFLAGS = ${ip6tables_LDFLAGS}
+ip6tables_restore_LDADD   = ${ip6tables_LDADD}
+
+ip6tables_save_SOURCES    = ip6tables-save.c ip6tables.c xtables.c
+ip6tables_save_LDFLAGS    = ${ip6tables_LDFLAGS}
+ip6tables_save_LDADD      = ${ip6tables_LDADD}
+
+# iptables-multi, semi-static
+ip6tables_mtss_SOURCES    = ${ip6tables_multi_SOURCES}
+ip6tables_mtss_CFLAGS     = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
+ip6tables_mtss_LDADD      = libiptc/libiptc.a extensions/libext6.a
+
+# iptables-multi, fully static
+ip6tables_static_SOURCES  = ${iptables_mtss_SOURCES}
+ip6tables_static_CFLAGS   = ${iptables_mtss_CFLAGS}
+ip6tables_static_LDFLAGS  = -Xcompiler -static
+ip6tables_static_LDADD    = libiptc/libiptc.a extensions/libext4.a
+
+noinst_LIBRARIES := libiptc/libiptc.a
+bin_PROGRAMS     := iptables-xml
+sbin_PROGRAMS    :=
+noinst_PROGRAMS  :=
+man_MANS         := iptables.8 iptables-restore.8 iptables-save.8 iptables-xml.8
+
+if ENABLE_STATIC
+noinst_PROGRAMS += iptables-mtss iptables-static
+endif
+if ENABLE_SHARED
+sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save
+endif
+
+if DO_IPV6
+man_MANS += ip6tables.8 ip6tables-restore.8 ip6tables-save.8
+if ENABLE_STATIC
+noinst_PROGRAMS += ip6tables-mtss ip6tables-static
+endif
+if ENABLE_SHARED
+sbin_PROGRAMS += ip6tables ip6tables-multi ip6tables-restore ip6tables-save
+endif
+endif
+
+iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
+	${AM_VERBOSE_GEN} sed -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
+
+ip6tables.8: ${srcdir}/ip6tables.8.in extensions/matches6.man extensions/targets6.man
+	${AM_VERBOSE_GEN} sed -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
+
+extensions/%:
+	${MAKE} ${AM_MAKEFLAGS} -C $(@D) $(@F)
Index: iptables/autogen.sh
===================================================================
--- /dev/null
+++ iptables/autogen.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+autoreconf -fi;
+rm -Rf autom4te*.cache;
Index: iptables/configure.ac
===================================================================
--- /dev/null
+++ iptables/configure.ac
@@ -0,0 +1,51 @@
+
+AC_INIT(iptables, 1.4.0rc1)
+AC_CONFIG_HEADERS(config.h)
+AC_PROG_INSTALL
+AM_INIT_AUTOMAKE
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+
+AC_ARG_WITH([kernel],
+	AS_HELP_STRING([--with-kernel=PATH],
+	[Path to kernel source/build directory]),
+	[kbuilddir="$withval"; ksourcedir="$withval";])
+AC_ARG_WITH([kbuild],
+	AS_HELP_STRING([--with-kbuild=PATH],
+	[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
+	[kbuilddir="$withval"],
+	[kbuilddir="/lib/modules/$(uname -r)/build"])
+AC_ARG_WITH([ksource],
+	AS_HELP_STRING([--with-ksource=PATH],
+	[Path to kernel source directory [[/lib/modules/CURRENT/source]]]),
+	[ksourcedir="$withval"],
+	[ksourcedir="/lib/modules/$(uname -r)/source"])
+AC_ARG_WITH([iptdir],
+	AS_HELP_STRING([--with-iptdir=PATH],
+	[Path to iptables modules [[LIBEXECDIR/iptables]]]),
+	[iptdir="$withval"],
+	[iptdir="${libexecdir}/iptables"])
+
+AC_CHECK_HEADER([netinet/ip6.h], [do_ipv6=yes], [do_ipv6=no])
+AM_CONDITIONAL([DO_IPV6], [test "$do_ipv6" == "yes"])
+AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" == "yes"])
+AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" == "yes"])
+
+regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \
+	-D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
+	-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
+	-Winline -pipe -DIPTABLES_VERSION=\\\"$PACKAGE_VERSION\\\" \
+	-I\"$kbuilddir/include\" -I\"$ksourcedir/include\""
+
+# Remove workarounds soon
+regular_CFLAGS="$regular_CFLAGS -Wno-aggregate-return \
+	-Wno-missing-declarations -Wno-missing-prototypes \
+	-Wno-redundant-decls -Wno-shadow -Wno-strict-prototypes -Wno-inline"
+
+AC_SUBST([regular_CFLAGS])
+AC_SUBST([kbuilddir])
+AC_SUBST([ksourcedir])
+AC_SUBST([iptdir])
+AC_OUTPUT([Makefile extensions/GNUmakefile])
Index: iptables/extensions/.condition-test
===================================================================
--- iptables.orig/extensions/.condition-test
+++ iptables/extensions/.condition-test
@@ -1,3 +1,4 @@
 #!/bin/sh
-# True if condition is applied.
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h ] && echo condition
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h" ] && \
+echo "condition";
Index: iptables/extensions/.condition-test6
===================================================================
--- iptables.orig/extensions/.condition-test6
+++ iptables/extensions/.condition-test6
@@ -1,3 +1,4 @@
 #!/bin/sh
-# True if condition6 is applied.
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_condition.h ] && echo condition
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_condition.h" ] && \
+echo "condition";
Index: iptables/extensions/.set-test
===================================================================
--- iptables.orig/extensions/.set-test
+++ iptables/extensions/.set-test
@@ -1,2 +1,4 @@
 #! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ip_set.h ] && echo set SET
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv4/ip_set.h" ] && \
+echo "set SET";
Index: iptables/extensions/GNUmakefile.in
===================================================================
--- /dev/null
+++ iptables/extensions/GNUmakefile.in
@@ -0,0 +1,207 @@
+# -*- Makefile -*-
+
+top_srcdir  := @top_srcdir@
+srcdir      := @srcdir@
+ksourcedir  := @ksourcedir@
+prefix      := @prefix@
+exec_prefix := @exec_prefix@
+libdir      := @libdir@
+libexecdir  := @libexecdir@
+iptdir      := @iptdir@
+
+CC             := @CC@
+CCLD           := ${CC}
+CFLAGS         := @CFLAGS@
+LDFLAGS        := @LDFLAGS@
+regular_CFLAGS := @regular_CFLAGS@
+
+AM_CFLAGS      := ${regular_CFLAGS} -I${top_srcdir}/include
+AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
+
+ifeq (${V},)
+AM_LIBTOOL_SILENT = --silent
+AM_VERBOSE_CC     = @echo "  CC      " $@;
+AM_VERBOSE_CCLD   = @echo "  CCLD    " $@;
+AM_VERBOSE_CXX    = @echo "  CXX     " $@;
+AM_VERBOSE_CXXLD  = @echo "  CXXLD   " $@;
+AM_VERBOSE_AR     = @echo "  AR      " $@;
+AM_VERBOSE_GEN    = @echo "  GEN     " $@;
+endif
+
+#
+#	Wildcard module list
+#
+pfx_all_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(wildcard ${srcdir}/libxt_*.c))
+pf4_all_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(wildcard ${srcdir}/libipt_*.c))
+pf6_all_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(wildcard ${srcdir}/libip6t_*.c))
+
+#
+#	Conditional module list
+#
+pfx_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-testx),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+pf4_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-test),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+pf6_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-test6),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+
+#
+#	Conditional modules to build
+#
+pfx_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-testx),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+pf4_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-test),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+pf6_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-test6),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+
+#
+#	Total list of modules to build
+#
+pfx_build_mod := $(filter-out ${pfx_cond_mod},${pfx_all_mod}) ${pfx_bc_mod}
+pf4_build_mod := $(filter-out ${pf4_cond_mod},${pf4_all_mod}) ${pf4_bc_mod}
+pf6_build_mod := $(filter-out ${pf6_cond_mod},${pf6_all_mod}) ${pf6_bc_mod}
+pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
+pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
+pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+
+
+#
+# Building blocks
+#
+targets := libext4.a libext6.a matches4.man matches6.man \
+           targets4.man targets6.man
+targets_install :=
+@ENABLE_SHARED_TRUE@ targets += ${pfx_solibs} ${pf4_solibs}
+@ENABLE_SHARED_TRUE@ targets_install += ${pfx_solibs} ${pf4_solibs}
+@ENABLE_SHARED_TRUE@@DO_IPV6_TRUE@ targets += ${pf6_solibs}
+@ENABLE_SHARED_TRUE@@DO_IPV6_TRUE@ targets_install += ${pf6_solibs}
+
+@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
+@ENABLE_STATIC_TRUE@@DO_IPV6_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+
+.SECONDARY:
+
+.PHONY: all install clean distclean
+
+all: ${targets}
+
+install: ${targets_install}
+	@mkdir -p "${DESTDIR}${iptdir}";
+	install -pm0755 $^ "${DESTDIR}${iptdir}/";
+
+clean:
+	rm -f *.o *.oo *.so *.a *.man initext4.c initext6.c;
+
+distclean: clean
+	rm -f .*.d .*.dd;
+
+%.o: %.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} ${CFLAGS} -o $@ -c $<;
+
+-include .*.d
+
+
+#
+#	Shared libraries
+#
+lib%.so: lib%.oo
+	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<;
+
+lib%.oo: ${srcdir}/lib%.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+
+
+#
+#	Static bits
+#
+#	If static building is disabled, libext*.a will still be generated,
+#	but will be empty. This is good since we can do with less case
+#	handling code in the Makefiles.
+#
+lib%.o: ${srcdir}/lib%.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=$*_init ${CFLAGS} -o $@ -c $<;
+
+libext4.a: initext4.o ${libext4_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
+libext6.a: initext6.o ${libext6_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
+initext_func  := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
+initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
+
+.initext4.dd:
+	@echo "${initext_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
+.initext6.dd:
+	@echo "${initext6_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
+initext4.c: .initext4.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext_func}; do \
+		echo "extern void $${i}_init(void);" >>$@; \
+	done; \
+	echo -en "void init_extensions(void)\n""{\n" >>$@; \
+	for i in ${initext_func}; do \
+		echo -e "\t""$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+initext6.c: .initext6.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext6_func}; do \
+		echo "extern void $${i}_init(void);" >>$@; \
+	done; \
+	echo -en "void init_extensions(void)\n""{\n" >>$@; \
+	for i in ${initext6_func}; do \
+		echo -e "\t""$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+#
+#	Manual pages
+#
+ex_matches = $(sort $(shell echo $(1) | grep -Eo '\b[a-z0-9]+\b'))
+ex_targets = $(sort $(shell echo $(1) | grep -Eo '\b[A-Z0-9]+\b'))
+man_run    = \
+	${AM_VERBOSE_GEN} \
+	for ext in $(1); do \
+		f="${srcdir}/libxt_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+		f="${srcdir}/libipt_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+		f="${srcdir}/libip6t_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+	done >$@;
+
+matches4.man: .initext4.dd
+	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod}))
+
+matches6.man: .initext6.dd
+	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf6_build_mod}))
+
+targets4.man: .initext4.dd
+	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod}))
+
+targets6.man: .initext6.dd
+	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf6_build_mod}))
Index: iptables/extensions/dscp_helper.c
===================================================================
--- /dev/null
+++ iptables/extensions/dscp_helper.c
@@ -0,0 +1,81 @@
+/*
+ * DiffServ classname <-> DiffServ codepoint mapping functions.
+ *
+ * The latest list of the mappings can be found at:
+ * <http://www.iana.org/assignments/dscp-registry>
+ *
+ * This code is released under the GNU GPL v2, 1991
+ *
+ * Author: Iain Barnes
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+
+
+static const struct ds_class
+{
+	const char *name;
+	unsigned int dscp;
+} ds_classes[] =
+{
+	{ "CS0", 0x00 },
+	{ "CS1", 0x08 },
+	{ "CS2", 0x10 },
+	{ "CS3", 0x18 },
+	{ "CS4", 0x20 },
+	{ "CS5", 0x28 },
+	{ "CS6", 0x30 },
+	{ "CS7", 0x38 },
+	{ "BE", 0x00 },
+	{ "AF11", 0x0a },
+	{ "AF12", 0x0c },
+	{ "AF13", 0x0e },
+	{ "AF21", 0x12 },
+	{ "AF22", 0x14 },
+	{ "AF23", 0x16 },
+	{ "AF31", 0x1a },
+	{ "AF32", 0x1c },
+	{ "AF33", 0x1e },
+	{ "AF41", 0x22 },
+	{ "AF42", 0x24 },
+	{ "AF43", 0x26 },
+	{ "EF", 0x2e }
+};
+
+
+
+static unsigned int
+class_to_dscp(const char *name)
+{
+	int i;
+
+	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
+		if (!strncasecmp(name, ds_classes[i].name,
+					strlen(ds_classes[i].name)))
+			return ds_classes[i].dscp;
+	}
+
+	exit_error(PARAMETER_PROBLEM,
+			"Invalid DSCP value `%s'\n", name);
+}
+
+
+#if 0
+static const char *
+dscp_to_name(unsigned int dscp)
+{
+	int i;
+
+	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
+		if (dscp == ds_classes[i].dscp)
+			return ds_classes[i].name;
+	}
+
+
+	exit_error(PARAMETER_PROBLEM,
+			"Invalid DSCP value `%d'\n", dscp);
+}
+#endif
+
Index: iptables/extensions/libipt_dscp_helper.c
===================================================================
--- iptables.orig/extensions/libipt_dscp_helper.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * DiffServ classname <-> DiffServ codepoint mapping functions.
- *
- * The latest list of the mappings can be found at:
- * <http://www.iana.org/assignments/dscp-registry>
- *
- * This code is released under the GNU GPL v2, 1991
- * 
- * Author: Iain Barnes
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <xtables.h>
-
-
-static const struct ds_class
-{
-	const char *name;
-	unsigned int dscp;
-} ds_classes[] = 
-{
-	{ "CS0", 0x00 },
-	{ "CS1", 0x08 },
-	{ "CS2", 0x10 },
-	{ "CS3", 0x18 },
-	{ "CS4", 0x20 },
-	{ "CS5", 0x28 },
-	{ "CS6", 0x30 },
-	{ "CS7", 0x38 },
-	{ "BE", 0x00 },
-	{ "AF11", 0x0a },
-	{ "AF12", 0x0c },
-	{ "AF13", 0x0e },
-	{ "AF21", 0x12 },
-	{ "AF22", 0x14 },
-	{ "AF23", 0x16 },
-	{ "AF31", 0x1a },
-	{ "AF32", 0x1c },
-	{ "AF33", 0x1e },
-	{ "AF41", 0x22 },
-	{ "AF42", 0x24 },
-	{ "AF43", 0x26 },
-	{ "EF", 0x2e }
-};
-
-
-
-static unsigned int 
-class_to_dscp(const char *name)
-{
-	int i;
-
-	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
-		if (!strncasecmp(name, ds_classes[i].name,
-					strlen(ds_classes[i].name))) 
-			return ds_classes[i].dscp;
-	}
-
-	exit_error(PARAMETER_PROBLEM, 
-			"Invalid DSCP value `%s'\n", name);
-}
-
-
-#if 0
-static const char *
-dscp_to_name(unsigned int dscp)
-{
-	int i;
-
-	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
-		if (dscp == ds_classes[i].dscp)
-			return ds_classes[i].name;
-	}
-
-	
-	exit_error(PARAMETER_PROBLEM,
-			"Invalid DSCP value `%d'\n", dscp);
-}
-#endif
-
Index: iptables/extensions/libxt_DSCP.c
===================================================================
--- iptables.orig/extensions/libxt_DSCP.c
+++ iptables/extensions/libxt_DSCP.c
@@ -19,7 +19,7 @@
 #include <linux/netfilter/xt_DSCP.h>
 
 /* This is evil, but it's my code - HW*/
-#include "libipt_dscp_helper.c"
+#include "dscp_helper.c"
 
 static void DSCP_help(void)
 {
Index: iptables/extensions/libxt_dscp.c
===================================================================
--- iptables.orig/extensions/libxt_dscp.c
+++ iptables/extensions/libxt_dscp.c
@@ -22,7 +22,7 @@
 #include <linux/netfilter/xt_dscp.h>
 
 /* This is evil, but it's my code - HW*/
-#include "libipt_dscp_helper.c"
+#include "dscp_helper.c"
 
 static void dscp_help(void)
 {
Index: iptables/include/xtables.h
===================================================================
--- iptables.orig/include/xtables.h
+++ iptables/include/xtables.h
@@ -225,13 +225,14 @@ void exit_error(enum exittype, const cha
 							  format(printf,2,3)));
 extern const char *program_name, *program_version;
 
-#define _init __attribute__((constructor)) my_init
 #ifdef NO_SHARED_LIBS
-# ifdef _INIT
-#  undef _init
-#  define _init _INIT
-# endif
-  extern void init_extensions(void);
+#	ifdef _INIT
+#		undef _init
+#		define _init _INIT
+#	endif
+	extern void init_extensions(void);
+#else
+#	define _init __attribute__((constructor)) _INIT
 #endif
 
 #define __be32	u_int32_t
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IPT [PATCH] yay, autotools!

[Philip Craig]

Jan Engelhardt wrote:
> 	- iptables-static will be a multi binary. I doubt you want split
> 	binaries on embedded anyway (diskspace constraints).

Agreed.

> 	- A new binary, iptables-mtss is built (semi-static, with glibc but
> 	without plugins).
> 
> 	I do not think iptables-static makes any sense (neither now nor
> 	before this move to autotools), because ld rightly tells me that
> 	building with -static will cause loading of glibc parts /anyway/
> 	because of getserv*() in xt_dccp and so on.

Yes.  The NO_SHARED_LIBS option originally did the equivalent of iptables-mtss,
but it seems that got changed somewhere along the line.

Re: IPT [PATCH] yay, autotools!

[Patrick McHardy]

Jan Engelhardt wrote:
> 	"The Reason For Holding Off 1.4.0"
> 
> Converts the iptables build infrastructure to autotools.

Oh joy :)

> Many important changes. Should read INSTALL as a start.
> 
> 	- iptables-static will be a multi binary. I doubt you want split
> 	binaries on embedded anyway (diskspace constraints).
> 
> 	- A new binary, iptables-mtss is built (semi-static, with glibc but
> 	without plugins).
> 
> 	I do not think iptables-static makes any sense (neither now nor
> 	before this move to autotools), because ld rightly tells me that
> 	building with -static will cause loading of glibc parts /anyway/
> 	because of getserv*() in xt_dccp and so on.

Well, the reason for linking statically is IMO not to be able to run
without a libc but to avoid having tons of shared object files.

> 
> 	- Can build both (full, semi-)static and dynamic at the same time
> 
> 	- not so happy with .*-test yet, but I really wanted to get rid of
> 	the fixed module list in extensions/Makefile because it's just a
> 	.rej PITA.


We only have two .test files left, and frankly I think the concept
sucks, if you look at the lists you'll find plenty of reports of
people missing extensions because their distribution built against
an old kernel. Thats why I included the headers and moved to
unconditional building for every single extension that is or has
been supported by mainline kernel.

> 	- any reason not to always build ipv6 unconditionally?

I can't think of one.
> 
> 	- I think we should move all manuals to libxt_*.man or perhaps
> 	even *.man, would reduce Makefile LOC.

You mean for the ones where we have an IPv4 and IPv6 version, but
no xtables extension? I'm not sure they're all similar ...

> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
> 
> Patch instructions:
>  delete Makefile
>  delete extensions/Makefile
>  delete libiptc/Makefile
>  create autogen.sh with mode 0755
>  rename libipt_dscp_helper.c to dscp_helper.c (delete hunks before applying)


In general, I don't have an opinion on this patch other that
I think all the autotool stuff is way to complicated. Your
patch looks reasonable simple, so I'm not objecting, but I'd
like to hear some arguments what this is buying us. I assume
the changes above could also be achieved with some simple
changes to the existing Makefile.

Re: IPT [PATCH] yay, autotools!

[Jan Engelhardt]

On Nov 28 2007 09:48, Patrick McHardy wrote:
>> 
>> Converts the iptables build infrastructure to autotools.
>
> Oh joy :)
>
>> Many important changes. Should read INSTALL as a start.
>> 
>>  - iptables-static will be a multi binary. I doubt you want split
>>  binaries on embedded anyway (diskspace constraints).
>> 
>>  - A new binary, iptables-mtss is built (semi-static, with glibc but
>>  without plugins).
>> 
>>  I do not think iptables-static makes any sense (neither now nor
>>  before this move to autotools), because ld rightly tells me that
>>  building with -static will cause loading of glibc parts /anyway/
>>  because of getserv*() in xt_dccp and so on.
>
> Well, the reason for linking statically is IMO not to be able to run
> without a libc but to avoid having tons of shared object files.
>
Ah. Then I'll just move -mtss to -static.

>>  - not so happy with .*-test yet, but I really wanted to get rid of
>>  the fixed module list in extensions/Makefile because it's just a
>>  .rej PITA.
>
> We only have two .test files left, and frankly I think the concept
> sucks, if you look at the lists you'll find plenty of reports of
> people missing extensions because their distribution built against
> an old kernel. Thats why I included the headers and moved to
> unconditional building for every single extension that is or has
> been supported by mainline kernel.
>
If I can throw the three .*-tests out, the better. But would need to
add ipt_condition.h, ip6t_conditoin, ipt_set and ipt_SET, which
all are not in the kernel at this point. Nuke the modules?

>> 	- any reason not to always build ipv6 unconditionally?
>
> I can't think of one.

Then I'll nuke DO_IPV6, simplifies makefiles.

>>  - I think we should move all manuals to libxt_*.man or perhaps
>>  even *.man, would reduce Makefile LOC.
>
> You mean for the ones where we have an IPv4 and IPv6 version, but
> no xtables extension? I'm not sure they're all similar ...
>
I mean libipt_unclean.man -> libxt_unclean.man. The source file
libipt_unclean.c will persist. As unclean only matches libipt_%
the manpage will only land in iptables.8, not ip6tables.8.

>> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
>> 
>> Patch instructions:
>>  delete Makefile
>>  delete extensions/Makefile
>>  delete libiptc/Makefile
>>  create autogen.sh with mode 0755
>>  rename libipt_dscp_helper.c to dscp_helper.c (delete hunks before applying)
>
> In general, I don't have an opinion on this patch other that
> I think all the autotool stuff is way to complicated. Your
> patch looks reasonable simple, so I'm not objecting, but I'd
> like to hear some arguments what this is buying us.

I followed the shout-out in the original Makefile:

# Need libc6 for this.  FIXME: Should covert to autoconf.
ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES)
DO_IPV6:=1
endif

So I did that. Though now that is gone, it has lost a bit of appeal,
but it is still very nice. Main benefit is that you only need to
specify what to build, and do not care about the 'install' target, or
how to call GCC. Just the bare minimum, which is cflags,
ldflags/ldadd (and then not always).

Makfile: 272 LOC
Makefile.am: 101 LOC (with ipv6 ifdef)

In the old days, I used to compile my kernels from scratch, but that
got tedius when having more than a handful of machines.

Same for makefiles, once I had a fair number of them, updating every
single Makefile with a new idea I had (quick autodeps using -MMD,
silence (AM_VERBOSE_*), common compiler flags), I had to dig up all
Makefiles and adjust them.  It took much convincing to go autotools
there, but if a program just does not compile because two linux
distros have their stuff in different places and there is no
pkgconfig, you will be thankful. 

> I assume
> the changes above could also be achieved with some simple
> changes to the existing Makefile.

You would have to pass all flags to make on every invocation (bitten
me before, forgot to use COPT_FLAGSwhat=-ggdb3), with ./configure you
can specify it once for all (and during make, if you really desire
so).
You can also run make from within extensions/ which was not
previously possible.
Building static and shared besides each other would require yet
more compilation rules in the toplevel ./Makefile where autotools can
take over doing the right thing.


BTW, libipq inside iptables seems to be totally unused, is it still needed?

Re: IPT [PATCH] yay, autotools!

[Patrick McHardy]

Jan Engelhardt wrote:
> On Nov 28 2007 09:48, Patrick McHardy wrote:
>>> Converts the iptables build infrastructure to autotools.
>> Oh joy :)
>>
>>> Many important changes. Should read INSTALL as a start.
>>>
>>>  - iptables-static will be a multi binary. I doubt you want split
>>>  binaries on embedded anyway (diskspace constraints).
>>>
>>>  - A new binary, iptables-mtss is built (semi-static, with glibc but
>>>  without plugins).
>>>
>>>  I do not think iptables-static makes any sense (neither now nor
>>>  before this move to autotools), because ld rightly tells me that
>>>  building with -static will cause loading of glibc parts /anyway/
>>>  because of getserv*() in xt_dccp and so on.
>> Well, the reason for linking statically is IMO not to be able to run
>> without a libc but to avoid having tons of shared object files.
>>
> Ah. Then I'll just move -mtss to -static.
> 
>>>  - not so happy with .*-test yet, but I really wanted to get rid of
>>>  the fixed module list in extensions/Makefile because it's just a
>>>  .rej PITA.
>> We only have two .test files left, and frankly I think the concept
>> sucks, if you look at the lists you'll find plenty of reports of
>> people missing extensions because their distribution built against
>> an old kernel. Thats why I included the headers and moved to
>> unconditional building for every single extension that is or has
>> been supported by mainline kernel.
>>
> If I can throw the three .*-tests out, the better. But would need to
> add ipt_condition.h, ip6t_conditoin, ipt_set and ipt_SET, which
> all are not in the kernel at this point. Nuke the modules?


For condition, sure. For set lets hear Jozsef's opinion, but since
the kernel has to be patched anyway I think it shouldn't be much
trouble to move the userspace part to pomng as well if it can't
be supported.

>>> 	- any reason not to always build ipv6 unconditionally?
>> I can't think of one.
> 
> Then I'll nuke DO_IPV6, simplifies makefiles.
> 
>>>  - I think we should move all manuals to libxt_*.man or perhaps
>>>  even *.man, would reduce Makefile LOC.
>> You mean for the ones where we have an IPv4 and IPv6 version, but
>> no xtables extension? I'm not sure they're all similar ...
>>
> I mean libipt_unclean.man -> libxt_unclean.man. The source file
> libipt_unclean.c will persist. As unclean only matches libipt_%
> the manpage will only land in iptables.8, not ip6tables.8.


Then whats the advantage? Similar to the kernel, I think we should
only use xt_ for things that actually support more than one
address family.

>> In general, I don't have an opinion on this patch other that
>> I think all the autotool stuff is way to complicated. Your
>> patch looks reasonable simple, so I'm not objecting, but I'd
>> like to hear some arguments what this is buying us.
> 
> I followed the shout-out in the original Makefile:
> 
> # Need libc6 for this.  FIXME: Should covert to autoconf.
> ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES)
> DO_IPV6:=1
> endif

Fair enough :)

> So I did that. Though now that is gone, it has lost a bit of appeal,
> but it is still very nice. Main benefit is that you only need to
> specify what to build, and do not care about the 'install' target, or
> how to call GCC. Just the bare minimum, which is cflags,
> ldflags/ldadd (and then not always).
> 
> Makfile: 272 LOC
> Makefile.am: 101 LOC (with ipv6 ifdef)
> 
> In the old days, I used to compile my kernels from scratch, but that
> got tedius when having more than a handful of machines.
> 
> Same for makefiles, once I had a fair number of them, updating every
> single Makefile with a new idea I had (quick autodeps using -MMD,
> silence (AM_VERBOSE_*), common compiler flags), I had to dig up all
> Makefiles and adjust them.  It took much convincing to go autotools
> there, but if a program just does not compile because two linux
> distros have their stuff in different places and there is no
> pkgconfig, you will be thankful. 
> 
>> I assume
>> the changes above could also be achieved with some simple
>> changes to the existing Makefile.
> 
> You would have to pass all flags to make on every invocation (bitten
> me before, forgot to use COPT_FLAGSwhat=-ggdb3), with ./configure you
> can specify it once for all (and during make, if you really desire
> so).
> You can also run make from within extensions/ which was not
> previously possible.
> Building static and shared besides each other would require yet
> more compilation rules in the toplevel ./Makefile where autotools can
> take over doing the right thing.


OK fine.

> BTW, libipq inside iptables seems to be totally unused, is it still needed?


Yes, people are still using it and the nfnetlink_queue compat library
is still nonfunctional.

Re: IPT [PATCH] yay, autotools!

[Jan Engelhardt]

On Nov 28 2007 12:25, Patrick McHardy wrote:
>> > >  - I think we should move all manuals to libxt_*.man or perhaps
>> > >  even *.man, would reduce Makefile LOC.
>> > You mean for the ones where we have an IPv4 and IPv6 version, but
>> > no xtables extension? I'm not sure they're all similar ...
>> >
>> I mean libipt_unclean.man -> libxt_unclean.man. The source file
>> libipt_unclean.c will persist. As unclean only matches libipt_%
>> the manpage will only land in iptables.8, not ip6tables.8.
>
> Then whats the advantage? Similar to the kernel, I think we should
> only use xt_ for things that actually support more than one
> address family.

Well, just look at it:

        for ext in $(1); do \
                f="${srcdir}/libxt_$$ext.man"; \
                if [ -f "$$f" ]; then \
                        echo ".SS $$ext"; \
                        cat "$$f"; \
                        continue; \
                fi; \
                f="${srcdir}/libipt_$$ext.man"; \
                if [ -f "$$f" ]; then \
                        echo ".SS $$ext"; \
                        cat "$$f"; \
                        continue; \
                fi; \
                f="${srcdir}/libip6t_$$ext.man"; \
                if [ -f "$$f" ]; then \
                        echo ".SS $$ext"; \
                        cat "$$f"; \
                        continue; \
                fi; \
        done >$@;

could be reduced to 1/3 of its size.

>> BTW, libipq inside iptables seems to be totally unused, is it still needed?
>
> Yes, people are still using it and the nfnetlink_queue compat library
> is still nonfunctional.
>
but *iptables* itself does not use it, does it? in which case
libipq should probably move to its own tarball, that is what
I was proposing.

Re: IPT [PATCH] yay, autotools!

[Patrick McHardy]

Jan Engelhardt wrote:
> On Nov 28 2007 12:25, Patrick McHardy wrote:
>>>>>  - I think we should move all manuals to libxt_*.man or perhaps
>>>>>  even *.man, would reduce Makefile LOC.
>>>> You mean for the ones where we have an IPv4 and IPv6 version, but
>>>> no xtables extension? I'm not sure they're all similar ...
>>>>
>>> I mean libipt_unclean.man -> libxt_unclean.man. The source file
>>> libipt_unclean.c will persist. As unclean only matches libipt_%
>>> the manpage will only land in iptables.8, not ip6tables.8.
>> Then whats the advantage? Similar to the kernel, I think we should
>> only use xt_ for things that actually support more than one
>> address family.
> 
> Well, just look at it:
> 
>         for ext in $(1); do \
>                 f="${srcdir}/libxt_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>                 f="${srcdir}/libipt_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>                 f="${srcdir}/libip6t_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>         done >$@;
> 
> could be reduced to 1/3 of its size.

size isn't everything :)

>>> BTW, libipq inside iptables seems to be totally unused, is it still needed?
>> Yes, people are still using it and the nfnetlink_queue compat library
>> is still nonfunctional.
>>
> but *iptables* itself does not use it, does it? in which case
> libipq should probably move to its own tarball, that is what
> I was proposing.


We could do that I guess, though I'm expecting a bunch of complaints
from people who are used to get it from the iptables source.

Re: IPT [PATCH] yay, autotools!

[Jan Engelhardt]

On Nov 28 2007 12:58, Patrick McHardy wrote:
>> but *iptables* itself does not use it, does it? in which case
>> libipq should probably move to its own tarball, that is what
>> I was proposing.
>
>
> We could do that I guess, though I'm expecting a bunch of complaints
> from people who are used to get it from the iptables source.
>
>

ok will add libipq to the makefile...

IPT [PATCH] autotools, number 2

[Jan Engelhardt]

	“Round 2.”

Converts the iptables build infrastructure to autotools.

	- Can build both static and dynamic at the same time

	- iptables-static will be a multi-binary, semi-static
	  (link against libc but w/o dynamic plugins)

	- Always build IPv6 modules unconditionally

	- not happy with .*-test as it interferes with wildcarding

	- consider INSTALL

	(- consider enhancing your automake installation by
	  automake-tranquility.diff to get kbuild-style silent building)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>

Patch instructions:
 delete Makefile
 delete Rules.make
 delete extensions/Makefile
 delete libiptc/Makefile
 create autogen.sh with mode 0755
 rename libipt_dscp_helper.c to dscp_helper.c (delete hunks before applying)

---
 INSTALL                         |   47 +++++----
 Makefile.am                     |   89 +++++++++++++++++
 autogen.sh                      |    4 
 configure.ac                    |   54 ++++++++++
 extensions/.condition-test      |    5 
 extensions/.condition-test6     |    5 
 extensions/.set-test            |    4 
 extensions/GNUmakefile.in       |  204 ++++++++++++++++++++++++++++++++++++++++
 extensions/dscp_helper.c        |   81 +++++++++++++++
 extensions/libipt_dscp_helper.c |   81 ---------------
 extensions/libxt_DSCP.c         |    2 
 extensions/libxt_dscp.c         |    2 
 include/xtables.h               |   13 +-
 libipq/Makefile.am              |   11 ++
 14 files changed, 487 insertions(+), 115 deletions(-)

Index: iptables/INSTALL
===================================================================
--- iptables.orig/INSTALL
+++ iptables/INSTALL
@@ -5,15 +5,21 @@ FOLLOW THESE STEPS:
    in a seperate package, called patch-o-matic.  It is available from
    ftp://ftp.netfilter.org/pub/patch-o-matic/
 
-1) Next, make the package.
-	% make KERNEL_DIR=<<where-you-built-your-kernel>>
+1) Next, make the package. If you use a standard distribution kernel,
+   just run ./configure.
 
-2) Finally, you need to to install the shared libraries, and the binary:
-	# make install KERNEL_DIR=<<where-you-built-your-kernel>>
+   If you want to build against an own kernel tree:
 
-If you are a developer, you can install the headers, development libraries
-and associated development man pages, with:
-	# make install-devel
+	$ ./configure --with-kernel=/home/jengelh/mykernel
+
+   or whereever you put it. If you are using a dedicated kernel build
+   directory, you use:
+
+	$ ./configure --with-kbuild=<<where-built>> --with-ksource=<<source>>
+
+2) Finally, you need to install the binaries and shared libraries:
+
+	# make install
 
 That's it!
 ================================================================
@@ -21,27 +27,26 @@ PROBLEMS YOU MAY ENCOUNTER:
 
 1) This package requires a 2.4.4 kernel, or above.
 
-2) If you get the kernel directory wrong, you may see a message like:
-	Please try `make KERNEL_DIR=path-to-correct-kernel'
+2) If you get the kernel directory wrong, you may get compile failures.
 
 3) If you want to specify alternate directories for installation
 (instead of /usr/local/ bin lib man), do this:
 
-	% make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man
-	# make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install
+	$ ./configure --prefix=/usr
+	$ make
+	# make install
+
+4) The make process will automatically build a multipurpose binary under the
+   names iptables-multi and ip6tables-multi.
 
-4) If you want to build a statically linked version of the iptables binary,
+5) If you want to build a statically linked version of the iptables binary,
    without the need for loading the plugins at runtime (e.g. for an embedded
    device or router-on-a-disk), please use
 
-	% make NO_SHARED_LIBS=1
-
-5) If you want to build a single BusyBox style multipurpose binary instead of
-   the individual iptables, iptables-save and iptables-restore binaries, then
-   please use
+	$ ./configure --enable-static
 
-	% make DO_MULTI=1
+   which will build both a semi-static multi binary (iptables-mtss, uses
+   libc but not plugins) and a fully static multi binary (iptables-static).
 
-NOTE: make sure you build with at least the correct LIBDIR=
-specification, otherwise iptables(8) won't know where to find the
-dynamic objects.
+6) If you want to install libipq (old interface), add --enable-devel to
+   ./configure.
Index: iptables/Makefile.am
===================================================================
--- /dev/null
+++ iptables/Makefile.am
@@ -0,0 +1,89 @@
+# -*- Makefile -*-
+
+AUTOMAKE_OPTIONS = foreign subdir-objects
+AM_CFLAGS        = ${regular_CFLAGS} -I${top_srcdir}/include
+SUBDIRS         := extensions
+if ENABLE_DEVEL
+SUBDIRS         += libipq
+endif
+
+# libiptc
+libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
+
+# iptables, dynamic
+iptables_SOURCES          = iptables-standalone.c iptables.c xtables.c
+iptables_LDFLAGS          = -rdynamic
+iptables_LDADD            = -ldl libiptc/libiptc.a extensions/libext4.a
+
+iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
+                            iptables-restore.c iptables-xml.c \
+                            iptables-standalone.c iptables.c xtables.c
+iptables_multi_CFLAGS     = ${AM_CFLAGS} -DIPTABLES_MULTI
+iptables_multi_LDFLAGS    = ${iptables_LDFLAGS}
+iptables_multi_LDADD      = ${iptables_LDADD}
+
+iptables_restore_SOURCES  = iptables-restore.c iptables.c xtables.c
+iptables_restore_LDFLAGS  = ${iptables_LDFLAGS}
+iptables_restore_LDADD    = ${iptables_LDADD}
+
+iptables_save_SOURCES     = iptables-save.c iptables.c xtables.c
+iptables_save_LDFLAGS     = ${iptables_LDFLAGS}
+iptables_save_LDADD       = ${iptables_LDADD}
+
+# iptables-multi, semi-static
+iptables_static_SOURCES   = ${iptables_multi_SOURCES}
+iptables_static_CFLAGS    = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
+iptables_static_LDADD     = libiptc/libiptc.a extensions/libext4.a
+
+iptables_xml_SOURCES      = iptables-xml.c
+
+# ip6tables, dynamic
+ip6tables_SOURCES         = ip6tables-standalone.c ip6tables.c xtables.c
+ip6tables_LDFLAGS         = -rdynamic
+ip6tables_LDADD           = -ldl libiptc/libiptc.a extensions/libext6.a
+
+ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
+                            ip6tables-restore.c ip6tables-standalone.c \
+                            ip6tables.c xtables.c
+ip6tables_multi_CFLAGS    = ${AM_CFLAGS} -DIPTABLES_MULTI
+ip6tables_multi_LDFLAGS   = ${ip6tables_LDFLAGS}
+ip6tables_multi_LDADD     = ${ip6tables_LDADD}
+
+ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c xtables.c
+ip6tables_restore_LDFLAGS = ${ip6tables_LDFLAGS}
+ip6tables_restore_LDADD   = ${ip6tables_LDADD}
+
+ip6tables_save_SOURCES    = ip6tables-save.c ip6tables.c xtables.c
+ip6tables_save_LDFLAGS    = ${ip6tables_LDFLAGS}
+ip6tables_save_LDADD      = ${ip6tables_LDADD}
+
+# iptables-multi, semi-static
+ip6tables_static_SOURCES    = ${ip6tables_multi_SOURCES}
+ip6tables_static_CFLAGS     = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
+ip6tables_static_LDADD      = libiptc/libiptc.a extensions/libext6.a
+
+noinst_LIBRARIES := libiptc/libiptc.a
+bin_PROGRAMS     := iptables-xml
+sbin_PROGRAMS    :=
+noinst_PROGRAMS  :=
+man_MANS         := iptables.8 iptables-restore.8 iptables-save.8 \
+                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
+                    ip6tables-save.8
+CLEANFILES       := iptables.8 ip6tables.8
+
+if ENABLE_STATIC
+sbin_PROGRAMS += iptables-static ip6tables-static
+endif
+if ENABLE_SHARED
+sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save \
+                 ip6tables ip6tables-multi ip6tables-restore ip6tables-save
+endif
+
+iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
+	${AM_VERBOSE_GEN} sed -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
+
+ip6tables.8: ${srcdir}/ip6tables.8.in extensions/matches6.man extensions/targets6.man
+	${AM_VERBOSE_GEN} sed -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
+
+extensions/%:
+	${MAKE} ${AM_MAKEFLAGS} -C $(@D) $(@F)
Index: iptables/autogen.sh
===================================================================
--- /dev/null
+++ iptables/autogen.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+autoreconf -fi;
+rm -Rf autom4te*.cache;
Index: iptables/configure.ac
===================================================================
--- /dev/null
+++ iptables/configure.ac
@@ -0,0 +1,54 @@
+
+AC_INIT(iptables, 1.4.0rc1)
+AC_CONFIG_HEADERS(config.h)
+AC_PROG_INSTALL
+AM_INIT_AUTOMAKE
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+
+AC_ARG_WITH([kernel],
+	AS_HELP_STRING([--with-kernel=PATH],
+	[Path to kernel source/build directory]),
+	[kbuilddir="$withval"; ksourcedir="$withval";])
+AC_ARG_WITH([kbuild],
+	AS_HELP_STRING([--with-kbuild=PATH],
+	[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
+	[kbuilddir="$withval"],
+	[kbuilddir="/lib/modules/$(uname -r)/build"])
+AC_ARG_WITH([ksource],
+	AS_HELP_STRING([--with-ksource=PATH],
+	[Path to kernel source directory [[/lib/modules/CURRENT/source]]]),
+	[ksourcedir="$withval"],
+	[ksourcedir="/lib/modules/$(uname -r)/source"])
+AC_ARG_WITH([iptdir],
+	AS_HELP_STRING([--with-iptdir=PATH],
+	[Path to iptables modules [[LIBEXECDIR/iptables]]]),
+	[iptdir="$withval"],
+	[iptdir="${libexecdir}/iptables"])
+AC_ARG_ENABLE([devel],
+	AS_HELP_STRING([--enable-devel],
+	[Build and install development files (libipq, libipq-devel, iptables-devel)]))
+
+AC_CHECK_HEADER([netinet/ip6.h], [], [AC_MSG_ERROR(but we need that for IPv6)])
+AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" == "yes"])
+AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" == "yes"])
+AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" == "yes"])
+
+regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \
+	-D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
+	-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
+	-Winline -pipe -DIPTABLES_VERSION=\\\"$PACKAGE_VERSION\\\" \
+	-I\"$kbuilddir/include\" -I\"$ksourcedir/include\""
+
+# Remove workarounds soon
+regular_CFLAGS="$regular_CFLAGS -Wno-aggregate-return \
+	-Wno-missing-declarations -Wno-missing-prototypes \
+	-Wno-redundant-decls -Wno-shadow -Wno-strict-prototypes -Wno-inline"
+
+AC_SUBST([regular_CFLAGS])
+AC_SUBST([kbuilddir])
+AC_SUBST([ksourcedir])
+AC_SUBST([iptdir])
+AC_OUTPUT([Makefile extensions/GNUmakefile libipq/Makefile])
Index: iptables/extensions/.condition-test
===================================================================
--- iptables.orig/extensions/.condition-test
+++ iptables/extensions/.condition-test
@@ -1,3 +1,4 @@
 #!/bin/sh
-# True if condition is applied.
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h ] && echo condition
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h" ] && \
+echo "condition";
Index: iptables/extensions/.condition-test6
===================================================================
--- iptables.orig/extensions/.condition-test6
+++ iptables/extensions/.condition-test6
@@ -1,3 +1,4 @@
 #!/bin/sh
-# True if condition6 is applied.
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_condition.h ] && echo condition
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_condition.h" ] && \
+echo "condition";
Index: iptables/extensions/.set-test
===================================================================
--- iptables.orig/extensions/.set-test
+++ iptables/extensions/.set-test
@@ -1,2 +1,4 @@
 #! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ip_set.h ] && echo set SET
+[ "$1" == "provides" -o \
+-f "$KERNEL_DIR/include/linux/netfilter_ipv4/ip_set.h" ] && \
+echo "set SET";
Index: iptables/extensions/GNUmakefile.in
===================================================================
--- /dev/null
+++ iptables/extensions/GNUmakefile.in
@@ -0,0 +1,204 @@
+# -*- Makefile -*-
+
+top_srcdir  := @top_srcdir@
+srcdir      := @srcdir@
+ksourcedir  := @ksourcedir@
+prefix      := @prefix@
+exec_prefix := @exec_prefix@
+libdir      := @libdir@
+libexecdir  := @libexecdir@
+iptdir      := @iptdir@
+
+CC             := @CC@
+CCLD           := ${CC}
+CFLAGS         := @CFLAGS@
+LDFLAGS        := @LDFLAGS@
+regular_CFLAGS := @regular_CFLAGS@
+
+AM_CFLAGS      := ${regular_CFLAGS} -I${top_srcdir}/include
+AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
+
+ifeq (${V},)
+AM_LIBTOOL_SILENT = --silent
+AM_VERBOSE_CC     = @echo "  CC      " $@;
+AM_VERBOSE_CCLD   = @echo "  CCLD    " $@;
+AM_VERBOSE_CXX    = @echo "  CXX     " $@;
+AM_VERBOSE_CXXLD  = @echo "  CXXLD   " $@;
+AM_VERBOSE_AR     = @echo "  AR      " $@;
+AM_VERBOSE_GEN    = @echo "  GEN     " $@;
+endif
+
+#
+#	Wildcard module list
+#
+pfx_all_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(wildcard ${srcdir}/libxt_*.c))
+pf4_all_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(wildcard ${srcdir}/libipt_*.c))
+pf6_all_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(wildcard ${srcdir}/libip6t_*.c))
+
+#
+#	Conditional module list
+#
+pfx_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-testx),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+pf4_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-test),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+pf6_cond_mod := $(foreach i,$(wildcard ${srcdir}/.*-test6),$(shell KERNEL_DIR=${ksourcedir} ${i} provides))
+
+#
+#	Conditional modules to build
+#
+pfx_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-testx),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+pf4_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-test),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+pf6_bc_mod := $(foreach i,$(wildcard ${srcdir}/.*-test6),$(shell KERNEL_DIR=${ksourcedir} ${i}))
+
+#
+#	Total list of modules to build
+#
+pfx_build_mod := $(filter-out ${pfx_cond_mod},${pfx_all_mod}) ${pfx_bc_mod}
+pf4_build_mod := $(filter-out ${pf4_cond_mod},${pf4_all_mod}) ${pf4_bc_mod}
+pf6_build_mod := $(filter-out ${pf6_cond_mod},${pf6_all_mod}) ${pf6_bc_mod}
+pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
+pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
+pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+
+
+#
+# Building blocks
+#
+targets := libext4.a libext6.a matches4.man matches6.man \
+           targets4.man targets6.man
+targets_install :=
+@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
+@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+@ENABLE_SHARED_TRUE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
+@ENABLE_SHARED_TRUE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
+
+.SECONDARY:
+
+.PHONY: all install clean distclean
+
+all: ${targets}
+
+install: ${targets_install}
+	@mkdir -p "${DESTDIR}${iptdir}";
+	install -pm0755 $^ "${DESTDIR}${iptdir}/";
+
+clean:
+	rm -f *.o *.oo *.so *.a *.man initext4.c initext6.c;
+
+distclean: clean
+	rm -f .*.d .*.dd;
+
+%.o: %.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} ${CFLAGS} -o $@ -c $<;
+
+-include .*.d
+
+
+#
+#	Shared libraries
+#
+lib%.so: lib%.oo
+	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<;
+
+lib%.oo: ${srcdir}/lib%.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+
+
+#
+#	Static bits
+#
+#	If static building is disabled, libext*.a will still be generated,
+#	but will be empty. This is good since we can do with less case
+#	handling code in the Makefiles.
+#
+lib%.o: ${srcdir}/lib%.c
+	${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=$*_init ${CFLAGS} -o $@ -c $<;
+
+libext4.a: initext4.o ${libext4_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
+libext6.a: initext6.o ${libext6_objs}
+	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
+initext_func  := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
+initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
+
+.initext4.dd:
+	@echo "${initext_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
+.initext6.dd:
+	@echo "${initext6_func}" >$@.tmp; \
+	cmp -s $@ $@.tmp || mv $@.tmp $@; \
+	rm -f $@.tmp;
+
+initext4.c: .initext4.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext_func}; do \
+		echo "extern void $${i}_init(void);" >>$@; \
+	done; \
+	echo -en "void init_extensions(void)\n""{\n" >>$@; \
+	for i in ${initext_func}; do \
+		echo -e "\t""$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+initext6.c: .initext6.dd
+	${AM_VERBOSE_GEN}
+	@( \
+	echo "" >$@; \
+	for i in ${initext6_func}; do \
+		echo "extern void $${i}_init(void);" >>$@; \
+	done; \
+	echo -en "void init_extensions(void)\n""{\n" >>$@; \
+	for i in ${initext6_func}; do \
+		echo -e "\t""$${i}_init();" >>$@; \
+	done; \
+	echo "}" >>$@; \
+	);
+
+#
+#	Manual pages
+#
+ex_matches = $(sort $(shell echo $(1) | grep -Eo '\b[a-z0-9]+\b'))
+ex_targets = $(sort $(shell echo $(1) | grep -Eo '\b[A-Z0-9]+\b'))
+man_run    = \
+	${AM_VERBOSE_GEN} \
+	for ext in $(1); do \
+		f="${srcdir}/libxt_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+		f="${srcdir}/libipt_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+		f="${srcdir}/libip6t_$$ext.man"; \
+		if [ -f "$$f" ]; then \
+			echo ".SS $$ext"; \
+			cat "$$f"; \
+			continue; \
+		fi; \
+	done >$@;
+
+matches4.man: .initext4.dd
+	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod}))
+
+matches6.man: .initext6.dd
+	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf6_build_mod}))
+
+targets4.man: .initext4.dd
+	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod}))
+
+targets6.man: .initext6.dd
+	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf6_build_mod}))
Index: iptables/extensions/dscp_helper.c
===================================================================
--- /dev/null
+++ iptables/extensions/dscp_helper.c
@@ -0,0 +1,81 @@
+/*
+ * DiffServ classname <-> DiffServ codepoint mapping functions.
+ *
+ * The latest list of the mappings can be found at:
+ * <http://www.iana.org/assignments/dscp-registry>
+ *
+ * This code is released under the GNU GPL v2, 1991
+ *
+ * Author: Iain Barnes
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+
+
+static const struct ds_class
+{
+	const char *name;
+	unsigned int dscp;
+} ds_classes[] =
+{
+	{ "CS0", 0x00 },
+	{ "CS1", 0x08 },
+	{ "CS2", 0x10 },
+	{ "CS3", 0x18 },
+	{ "CS4", 0x20 },
+	{ "CS5", 0x28 },
+	{ "CS6", 0x30 },
+	{ "CS7", 0x38 },
+	{ "BE", 0x00 },
+	{ "AF11", 0x0a },
+	{ "AF12", 0x0c },
+	{ "AF13", 0x0e },
+	{ "AF21", 0x12 },
+	{ "AF22", 0x14 },
+	{ "AF23", 0x16 },
+	{ "AF31", 0x1a },
+	{ "AF32", 0x1c },
+	{ "AF33", 0x1e },
+	{ "AF41", 0x22 },
+	{ "AF42", 0x24 },
+	{ "AF43", 0x26 },
+	{ "EF", 0x2e }
+};
+
+
+
+static unsigned int
+class_to_dscp(const char *name)
+{
+	int i;
+
+	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
+		if (!strncasecmp(name, ds_classes[i].name,
+					strlen(ds_classes[i].name)))
+			return ds_classes[i].dscp;
+	}
+
+	exit_error(PARAMETER_PROBLEM,
+			"Invalid DSCP value `%s'\n", name);
+}
+
+
+#if 0
+static const char *
+dscp_to_name(unsigned int dscp)
+{
+	int i;
+
+	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
+		if (dscp == ds_classes[i].dscp)
+			return ds_classes[i].name;
+	}
+
+
+	exit_error(PARAMETER_PROBLEM,
+			"Invalid DSCP value `%d'\n", dscp);
+}
+#endif
+
Index: iptables/extensions/libipt_dscp_helper.c
===================================================================
--- iptables.orig/extensions/libipt_dscp_helper.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * DiffServ classname <-> DiffServ codepoint mapping functions.
- *
- * The latest list of the mappings can be found at:
- * <http://www.iana.org/assignments/dscp-registry>
- *
- * This code is released under the GNU GPL v2, 1991
- * 
- * Author: Iain Barnes
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <xtables.h>
-
-
-static const struct ds_class
-{
-	const char *name;
-	unsigned int dscp;
-} ds_classes[] = 
-{
-	{ "CS0", 0x00 },
-	{ "CS1", 0x08 },
-	{ "CS2", 0x10 },
-	{ "CS3", 0x18 },
-	{ "CS4", 0x20 },
-	{ "CS5", 0x28 },
-	{ "CS6", 0x30 },
-	{ "CS7", 0x38 },
-	{ "BE", 0x00 },
-	{ "AF11", 0x0a },
-	{ "AF12", 0x0c },
-	{ "AF13", 0x0e },
-	{ "AF21", 0x12 },
-	{ "AF22", 0x14 },
-	{ "AF23", 0x16 },
-	{ "AF31", 0x1a },
-	{ "AF32", 0x1c },
-	{ "AF33", 0x1e },
-	{ "AF41", 0x22 },
-	{ "AF42", 0x24 },
-	{ "AF43", 0x26 },
-	{ "EF", 0x2e }
-};
-
-
-
-static unsigned int 
-class_to_dscp(const char *name)
-{
-	int i;
-
-	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
-		if (!strncasecmp(name, ds_classes[i].name,
-					strlen(ds_classes[i].name))) 
-			return ds_classes[i].dscp;
-	}
-
-	exit_error(PARAMETER_PROBLEM, 
-			"Invalid DSCP value `%s'\n", name);
-}
-
-
-#if 0
-static const char *
-dscp_to_name(unsigned int dscp)
-{
-	int i;
-
-	for (i = 0; i < sizeof(ds_classes) / sizeof(struct ds_class); i++) {
-		if (dscp == ds_classes[i].dscp)
-			return ds_classes[i].name;
-	}
-
-	
-	exit_error(PARAMETER_PROBLEM,
-			"Invalid DSCP value `%d'\n", dscp);
-}
-#endif
-
Index: iptables/extensions/libxt_DSCP.c
===================================================================
--- iptables.orig/extensions/libxt_DSCP.c
+++ iptables/extensions/libxt_DSCP.c
@@ -19,7 +19,7 @@
 #include <linux/netfilter/xt_DSCP.h>
 
 /* This is evil, but it's my code - HW*/
-#include "libipt_dscp_helper.c"
+#include "dscp_helper.c"
 
 static void DSCP_help(void)
 {
Index: iptables/extensions/libxt_dscp.c
===================================================================
--- iptables.orig/extensions/libxt_dscp.c
+++ iptables/extensions/libxt_dscp.c
@@ -22,7 +22,7 @@
 #include <linux/netfilter/xt_dscp.h>
 
 /* This is evil, but it's my code - HW*/
-#include "libipt_dscp_helper.c"
+#include "dscp_helper.c"
 
 static void dscp_help(void)
 {
Index: iptables/include/xtables.h
===================================================================
--- iptables.orig/include/xtables.h
+++ iptables/include/xtables.h
@@ -225,13 +225,14 @@ void exit_error(enum exittype, const cha
 							  format(printf,2,3)));
 extern const char *program_name, *program_version;
 
-#define _init __attribute__((constructor)) my_init
 #ifdef NO_SHARED_LIBS
-# ifdef _INIT
-#  undef _init
-#  define _init _INIT
-# endif
-  extern void init_extensions(void);
+#	ifdef _INIT
+#		undef _init
+#		define _init _INIT
+#	endif
+	extern void init_extensions(void);
+#else
+#	define _init __attribute__((constructor)) _INIT
 #endif
 
 #define __be32	u_int32_t
Index: iptables/libipq/Makefile.am
===================================================================
--- /dev/null
+++ iptables/libipq/Makefile.am
@@ -0,0 +1,11 @@
+# -*- Makefile -*-
+
+AM_CFLAGS = ${regular_CFLAGS} -I${top_srcdir}/include
+
+libipq_a_SOURCES = libipq.c
+lib_LIBRARIES    = libipq.a
+include_HEADERS  = ${top_srcdir}/include/libipq/libipq.h
+man_MANS         = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \
+                   ipq_get_msgerr.3 ipq_get_packet.3 ipq_message_type.3 \
+                   ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \
+                   libipq.3
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IPT [PATCH] yay, autotools!

[Laszlo Attila Toth]

Jan Engelhardt írta:
> On Nov 28 2007 12:25, Patrick McHardy wrote:
>>>>>  - I think we should move all manuals to libxt_*.man or perhaps
>>>>>  even *.man, would reduce Makefile LOC.
>>>> You mean for the ones where we have an IPv4 and IPv6 version, but
>>>> no xtables extension? I'm not sure they're all similar ...
>>>>
>>> I mean libipt_unclean.man -> libxt_unclean.man. The source file
>>> libipt_unclean.c will persist. As unclean only matches libipt_%
>>> the manpage will only land in iptables.8, not ip6tables.8.
>> Then whats the advantage? Similar to the kernel, I think we should
>> only use xt_ for things that actually support more than one
>> address family.
> 
> Well, just look at it:
> 
>         for ext in $(1); do \
>                 f="${srcdir}/libxt_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>                 f="${srcdir}/libipt_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>                 f="${srcdir}/libip6t_$$ext.man"; \
>                 if [ -f "$$f" ]; then \
>                         echo ".SS $$ext"; \
>                         cat "$$f"; \
>                         continue; \
>                 fi; \
>         done >$@;
> 
> could be reduced to 1/3 of its size.
> 

What happens if the difference of the IPv4 and IPv6 version is a single 
option? In this case the man page cannot be the same, but the xt_ prefix 
is reasonable for the source file and this code fails (using ipt_...man 
instead of ip6t_...man).

Attila
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IPT [PATCH] yay, autotools!

[Jozsef Kadlecsik]

On Wed, 28 Nov 2007, Patrick McHardy wrote:

> > If I can throw the three .*-tests out, the better. But would need to
> > add ipt_condition.h, ip6t_conditoin, ipt_set and ipt_SET, which
> > all are not in the kernel at this point. Nuke the modules?
> 
> For condition, sure. For set lets hear Jozsef's opinion, but since
> the kernel has to be patched anyway I think it shouldn't be much
> trouble to move the userspace part to pomng as well if it can't
> be supported.

No problem from my part, go ahead.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary