backport iptables extension split introduced by changeset:2412 (fix ticket:40), bump trunk release number

SVN-Revision: 2435

openwrt/package/iptables/Config.in

@@ -15,23 +15,92 @@ config BR2_PACKAGE_IPTABLES
 	  
 	  http://www.iptables.org/
 
+config BR2_PACKAGE_IPTABLES_EXTRA
+	prompt   "iptables-extra.................. Extra Iptables extensions for IPv4 firewalling (meta-package)"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPTABLES_EXTRA
+	select BR2_PACKAGE_IPTABLES_MOD_CONNTRACK
+	select BR2_PACKAGE_IPTABLES_MOD_EXTRA
+	select BR2_PACKAGE_IPTABLES_MOD_FILTER
+	select BR2_PACKAGE_IPTABLES_MOD_IPOPT
+	select BR2_PACKAGE_IPTABLES_MOD_IPSEC
+	select BR2_PACKAGE_IPTABLES_MOD_NAT
+	select BR2_PACKAGE_IPTABLES_MOD_ULOG
+	help
+	  Extra Iptables extensions for IPv4 firewalling (meta-package)
+
+config BR2_PACKAGE_IPTABLES_MOD_CONNTRACK
+	prompt   "iptables-mod-conntrack.......... Iptables extensions for connection tracking"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_CONNTRACK
+	help
+	  Iptables (IPv4) extensions for connection tracking
+
+config BR2_PACKAGE_IPTABLES_MOD_FILTER
+	prompt   "iptables-mod-filter............. Iptables extension for packet content inspection"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_FILTER
+	help
+	  Iptables (IPv4) extension for packet content inspection
+
+config BR2_PACKAGE_IPTABLES_MOD_IPOPT
+	prompt   "iptables-mod-ipopt.............. Iptables extensions for matching/changing IP packet options"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_IPOPT
+	help
+	  Extra Iptables (IPv4) extensions for matching/changing IP packet options
+
+config BR2_PACKAGE_IPTABLES_MOD_IPSEC
+	prompt   "iptables-mod-ipsec.............. Iptables extensions for matching special IPsec packets"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_IPSEC
+	help
+	  Iptables (IPv4) extensions for matching special IPsec packets
+
+config BR2_PACKAGE_IPTABLES_MOD_NAT
+	prompt   "iptables-mod-nat................ Iptables extensions for different NAT targets"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_NAT
+	help
+	  Iptables (IPv4) extensions for different NAT targets
+
+config BR2_PACKAGE_IPTABLES_MOD_ULOG
+	prompt   "iptables-mod-ulog............... Iptables extensions for user-space packet logging"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_ULOG
+	help
+	  Iptables (IPv4) extensions for user-space packet logging
+
+config BR2_PACKAGE_IPTABLES_MOD_EXTRA
+	prompt   "iptables-mod-extra.............. Other extra Iptables extensions"
+	tristate
+	default m if CONFIG_DEVEL
+	depends BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_KMOD_IPT_EXTRA
+	help
+	  Other extra Iptables (IPv4) extensions
+
 config BR2_PACKAGE_IPTABLES_UTILS
 	prompt   "iptables-utils.................. Save and restore utilities"
 	tristate
 	default m if CONFIG_DEVEL
 	depends BR2_PACKAGE_IPTABLES
 	help
-	  iptables-save and iptables-restore
-	  
-	  http://www.iptables.org/
-
-config BR2_PACKAGE_IPTABLES_EXTRA
-	prompt   "iptables-extra.................. Extra modules not found elsewhere"
-	tristate
-	default m if CONFIG_DEVEL
-	depends BR2_PACKAGE_IPTABLES
-	help
-	  Extra modules for iptables (kernel and user space)
+	  iptables-save and iptables-restore for Iptables (IPv4)
 	  
 	  http://www.iptables.org/
 

openwrt/package/iptables/Makefile

@@ -1,11 +1,10 @@
 # $Id$
 
 include $(TOPDIR)/rules.mk
-include kernelconfig.mk
 
 PKG_NAME:=iptables
 PKG_VERSION:=1.3.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2.1
 PKG_MD5SUM:=86d88455520cfdc56fd7ae27897a80a4
 
 PKG_SOURCE_URL:=http://www.netfilter.org/files \
@@ -18,18 +17,50 @@ PKG_CAT:=bzcat
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
 
+define IPKG_plugin_template
+
+$$(IPKG_$(1)):
+	install -m0755 -d $$(IDIR_$(1))/usr/lib/iptables
+	for m in $(2); do \
+		cp -fpR $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $$(IDIR_$(1))/usr/lib/iptables/ ; \
+	done
+	$(RSTRIP) $$(IDIR_$(1))
+	$(IPKG_BUILD) $$(IDIR_$(1)) $(PACKAGE_DIR)
+
+endef
+
 include $(TOPDIR)/package/rules.mk
+include $(LINUX_DIR)/.config
+include $(TOPDIR)/target/linux/netfilter.mk
 
 $(eval $(call PKG_template,IPTABLES,iptables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 $(eval $(call PKG_template,IPTABLES_EXTRA,iptables-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 $(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 $(eval $(call PKG_template,IP6TABLES,ip6tables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 
+$(eval $(call PKG_template,IPTABLES_MOD_CONNTRACK,iptables-mod-conntrack,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_EXTRA,iptables-mod-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_FILTER,iptables-mod-filter,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IMQ,iptables-mod-img,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IPOPT,iptables-mod-ipopt,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_IPSEC,iptables-mod-ipsec,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_NAT,iptables-mod-nat,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,IPTABLES_MOD_ULOG,iptables-mod-ulog,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_CONNTRACK,$(IPKG_IPTABLES_MOD_CONNTRACK-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_EXTRA,$(IPKG_IPTABLES_MOD_EXTRA-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_FILTER,$(IPKG_IPTABLES_MOD_FILTER-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IMQ,$(IPKG_IPTABLES_MOD_IMQ-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPOPT,$(IPKG_IPTABLES_MOD_IPOPT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPSEC,$(IPKG_IPTABLES_MOD_IPSEC-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_NAT,$(IPKG_IPTABLES_MOD_NAT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_ULOG,$(IPKG_IPTABLES_MOD_ULOG-m)))
+
 $(PKG_BUILD_DIR)/.configured:
 	touch $@
 
 $(PKG_BUILD_DIR)/.built:
-	chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test
+	chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test*
 	mkdir -p $(PKG_INSTALL_DIR)
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		$(TARGET_CONFIGURE_OPTS) \
@@ -44,22 +75,14 @@ $(IPKG_IPTABLES):
 	cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables $(IDIR_IPTABLES)/usr/sbin/
 	install -d -m0755 $(IDIR_IPTABLES)/usr/lib/iptables
 	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
-	 cp -fpR $(patsubst %,libipt_%.so,$(ext-y)) $(IDIR_IPTABLES)/usr/lib/iptables \
+		cp -fpR $(patsubst %,lib%.so,$(IPKG_IPTABLES-y)) $(IDIR_IPTABLES)/usr/lib/iptables/ \
 	)
 	$(RSTRIP) $(IDIR_IPTABLES)
 	$(IPKG_BUILD) $(IDIR_IPTABLES) $(PACKAGE_DIR)
 
-$(IPKG_IPTABLES_EXTRA):
-	install -d -m0755 $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables
-	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
-	 cp -fpR $(patsubst %,libipt_%.so,$(ext-m)) $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables \
-	)
-	$(RSTRIP) $(IDIR_IPTABLES_EXTRA)
-	$(IPKG_BUILD) $(IDIR_IPTABLES_EXTRA) $(PACKAGE_DIR)
-
 $(IPKG_IPTABLES_UTILS):
 	install -d -m0755 $(IDIR_IPTABLES_UTILS)/usr/sbin
-	cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin
+	cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin/
 	$(RSTRIP) $(IDIR_IPTABLES_UTILS)
 	$(IPKG_BUILD) $(IDIR_IPTABLES_UTILS) $(PACKAGE_DIR)
 
@@ -68,14 +91,15 @@ $(IPKG_IP6TABLES):
 	cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(IDIR_IP6TABLES)/usr/sbin/
 	install -d -m0755 $(IDIR_IP6TABLES)/usr/lib/iptables
 	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
-	 cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables \
+		cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables/ \
 	)
 	$(RSTRIP) $(IDIR_IP6TABLES)
 	$(IPKG_BUILD) $(IDIR_IP6TABLES) $(PACKAGE_DIR)
 
 $(STAGING_DIR)/usr/lib/libipq.a: $(PKG_BUILD_DIR)/.built
-	mkdir -p $(STAGING_DIR)/usr/include/ $(STAGING_DIR)/usr/lib/
+	mkdir -p $(STAGING_DIR)/usr/include
 	cp -fpR $(PKG_INSTALL_DIR)/usr/include/libipq.h $(STAGING_DIR)/usr/include/
+	mkdir -p $(STAGING_DIR)/usr/lib
 	cp -fpR $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(STAGING_DIR)/usr/lib/
 
 install-dev: $(STAGING_DIR)/usr/lib/libipq.a

openwrt/package/iptables/ipkg/iptables-extra.control

@@ -1,5 +1,5 @@
 Package: iptables-extra
 Priority: optional
 Section: net
-Description: Extra plugins for iptables
-Depends: kmod-iptables-extra
+Depends: kmod-iptables-extra, iptables-mod-conntrack, iptables-mod-extra, iptables-mod-filter, iptables-mod-ipopt, iptables-mod-ipsec, iptables-mod-nat, iptables-mod-ulog
+Description: Other extra Iptables extensions (meta-package)

openwrt/package/iptables/ipkg/iptables-mod-conntrack.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-conntrack
+Priority: optional
+Section: net
+Depends: kmod-ipt-conntrack
+Description: Iptables (IPv4) extensions for connection tracking

openwrt/package/iptables/ipkg/iptables-mod-extra.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-extra
+Priority: optional
+Section: net
+Depends: kmod-ipt-extra
+Description: Other extra Iptables (IPv4) extensions

openwrt/package/iptables/ipkg/iptables-mod-filter.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-filter
+Priority: optional
+Section: net
+Depends: kmod-ipt-filter
+Description: Iptables (IPv4) extension for packet content inspection

openwrt/package/iptables/ipkg/iptables-mod-ipopt.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-ipopt
+Priority: optional
+Section: net
+Depends: kmod-ipt-ipopt
+Description: Iptables (IPv4) extensions for matching/changing IP packet options

openwrt/package/iptables/ipkg/iptables-mod-ipsec.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-ipsec
+Priority: optional
+Section: net
+Depends: kmod-ipt-ipsec
+Description: Iptables (IPv4) extensions for matching special IPsec packets

openwrt/package/iptables/ipkg/iptables-mod-nat.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-nat
+Priority: optional
+Section: net
+Depends: kmod-ipt-nat
+Description: Iptables (IPv4) extensions for different NAT targets

openwrt/package/iptables/ipkg/iptables-mod-ulog.control

@@ -0,0 +1,5 @@
+Package: iptables-mod-ulog
+Priority: optional
+Section: net
+Depends: kmod-ipt-ulog
+Description: Iptables (IPv4) extension for user-space packet logging

openwrt/package/iptables/ipkg/iptables-utils.control

@@ -1,4 +1,4 @@
 Package: iptables-utils
 Priority: optional
 Section: net
-Description: iptables-save and iptables-restore
+Description: iptables-save and iptables-restore for Iptables (IPv4)

openwrt/package/iptables/kernelconfig.mk

@@ -1,43 +0,0 @@
-include $(LINUX_DIR)/.config
-
-# translate linux kernel config to filenames
-ext-$(CONFIG_IP_NF_NAT) += SNAT DNAT
-ext-$(CONFIG_IP_NF_MATCH_LIMIT) += limit
-ext-$(CONFIG_IP_NF_MATCH_MAC) += mac
-ext-$(CONFIG_IP_NF_MATCH_PKTTYPE) += pkttype
-ext-$(CONFIG_IP_NF_MATCH_MARK) += mark
-ext-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
-ext-$(CONFIG_IP_NF_MATCH_TOS) += tos
-ext-$(CONFIG_IP_NF_MATCH_RECENT) += recent
-ext-$(CONFIG_IP_NF_MATCH_ECN) += ecn
-ext-$(CONFIG_IP_NF_MATCH_IPP2P) += ipp2p
-ext-$(CONFIG_IP_NF_MATCH_SET) += set
-ext-$(CONFIG_IP_NF_MATCH_DSCP) += dscp
-ext-$(CONFIG_IP_NF_MATCH_AH_ESP) += ah esp
-ext-$(CONFIG_IP_NF_MATCH_LENGTH) += length
-ext-$(CONFIG_IP_NF_MATCH_TTL) += ttl
-ext-$(CONFIG_IP_NF_MATCH_TCPMSS) += tcpmss
-ext-$(CONFIG_IP_NF_MATCH_HELPER) += helper
-ext-$(CONFIG_IP_NF_MATCH_CONNMARK) += connmark
-#ext-$(CONFIG_IP_NF_MATCH_STATE) += state
-#ext-$(CONFIG_IP_NF_MATCH_CONNTRACK) += conntrack
-ext-$(CONFIG_IP_NF_MATCH_UNCLEAN) += unclean
-ext-$(CONFIG_IP_NF_MATCH_OWNER) += owner
-ext-$(CONFIG_IP_NF_MATCH_PHYSDEV) += physdev
-ext-$(CONFIG_IP_NF_MATCH_LAYER7) += layer7
-#ext-$(CONFIG_IP_NF_TARGET_MASQUERADE) += MASQUERADE
-ext-$(CONFIG_IP_NF_TARGET_REDIRECT) += REDIRECT
-ext-$(CONFIG_IP_NF_TARGET_REJECT) += REJECT
-ext-$(CONFIG_IP_NF_TARGET_TOS) += TOS
-ext-$(CONFIG_IP_NF_TARGET_ECN) += ECN
-ext-$(CONFIG_IP_NF_TARGET_DSCP) += DSCP
-ext-$(CONFIG_IP_NF_TARGET_MARK) += MARK
-#ext-$(CONFIG_IP_NF_TARGET_LOG) += LOG
-ext-$(CONFIG_IP_NF_TARGET_ULOG) += ULOG
-#ext-$(CONFIG_IP_NF_TARGET_TCPMSS) += TCPMSS
-ext-$(CONFIG_IP_NF_TARGET_NETMAP) += NETMAP
-ext-$(CONFIG_IP_NF_TARGET_CONNMARK) += CONNMARK
-
-# add extensions that don't depend on kernel config
-ext-m += TTL
-ext-y += icmp standard tcp udp state MASQUERADE conntrack TCPMSS LOG