275 lines
9.1 KiB
Plaintext
275 lines
9.1 KiB
Plaintext
|
|
||
|
AC_INIT([iptables], [1.8.7])
|
||
|
|
||
|
# See libtool.info "Libtool's versioning system"
|
||
|
libxtables_vcurrent=16
|
||
|
libxtables_vage=4
|
||
|
|
||
|
AC_CONFIG_AUX_DIR([build-aux])
|
||
|
AC_CONFIG_HEADERS([config.h])
|
||
|
AC_CONFIG_MACRO_DIR([m4])
|
||
|
AC_PROG_INSTALL
|
||
|
AM_INIT_AUTOMAKE([-Wall])
|
||
|
AC_PROG_CC
|
||
|
AM_PROG_CC_C_O
|
||
|
AC_DISABLE_STATIC
|
||
|
m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
|
||
|
AM_PROG_LIBTOOL
|
||
|
|
||
|
AC_ARG_WITH([kernel],
|
||
|
AS_HELP_STRING([--with-kernel=PATH],
|
||
|
[Path to kernel source/build directory]),
|
||
|
[kbuilddir="$withval"; ksourcedir="$withval";])
|
||
|
AC_ARG_WITH([kbuild],
|
||
|
AS_HELP_STRING([--with-kbuild=PATH],
|
||
|
[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
|
||
|
[kbuilddir="$withval"])
|
||
|
AC_ARG_WITH([ksource],
|
||
|
AS_HELP_STRING([--with-ksource=PATH],
|
||
|
[Path to kernel source directory [[/lib/modules/CURRENT/source]]]),
|
||
|
[ksourcedir="$withval"])
|
||
|
AC_ARG_WITH([xtlibdir],
|
||
|
AS_HELP_STRING([--with-xtlibdir=PATH],
|
||
|
[Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]),
|
||
|
[xtlibdir="$withval"],
|
||
|
[xtlibdir="${libdir}/xtables"])
|
||
|
AC_ARG_ENABLE([ipv4],
|
||
|
AS_HELP_STRING([--disable-ipv4], [Do not build iptables]),
|
||
|
[enable_ipv4="$enableval"], [enable_ipv4="yes"])
|
||
|
AC_ARG_ENABLE([ipv6],
|
||
|
AS_HELP_STRING([--disable-ipv6], [Do not build ip6tables]),
|
||
|
[enable_ipv6="$enableval"], [enable_ipv6="yes"])
|
||
|
AC_ARG_ENABLE([largefile],
|
||
|
AS_HELP_STRING([--disable-largefile], [Do not build largefile support]),
|
||
|
[enable_largefile="$enableval"],
|
||
|
[enable_largefile="yes"])
|
||
|
AS_IF([test "$enable_largefile" = "yes"], [largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
|
||
|
|
||
|
AC_ARG_ENABLE([devel],
|
||
|
AS_HELP_STRING([--enable-devel],
|
||
|
[Install Xtables development headers]),
|
||
|
[enable_devel="$enableval"], [enable_devel="yes"])
|
||
|
AC_ARG_ENABLE([libipq],
|
||
|
AS_HELP_STRING([--enable-libipq], [Build and install libipq]),
|
||
|
[enable_libipq="$enableval"], [enable_libipq="no"])
|
||
|
AC_ARG_ENABLE([bpf-compiler],
|
||
|
AS_HELP_STRING([--enable-bpf-compiler], [Build bpf compiler]),
|
||
|
[enable_bpfc="$enableval"], [enable_bpfc="no"])
|
||
|
AC_ARG_ENABLE([nfsynproxy],
|
||
|
AS_HELP_STRING([--enable-nfsynproxy], [Build SYNPROXY configuration tool]),
|
||
|
[enable_nfsynproxy="$enableval"], [enable_nfsynproxy="no"])
|
||
|
AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
|
||
|
[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
|
||
|
[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
|
||
|
AC_ARG_ENABLE([nftables],
|
||
|
AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
|
||
|
[enable_nftables="$enableval"], [enable_nftables="yes"])
|
||
|
AC_ARG_ENABLE([connlabel],
|
||
|
AS_HELP_STRING([--disable-connlabel],
|
||
|
[Do not build libnetfilter_conntrack]),
|
||
|
[enable_connlabel="$enableval"], [enable_connlabel="yes"])
|
||
|
AC_ARG_WITH([xt-lock-name], AS_HELP_STRING([--with-xt-lock-name=PATH],
|
||
|
[Path to the xtables lock [[/run/xtables.lock]]]),
|
||
|
[xt_lock_name="$withval"],
|
||
|
[xt_lock_name="/run/xtables.lock"])
|
||
|
|
||
|
AC_MSG_CHECKING([whether $LD knows -Wl,--no-undefined])
|
||
|
saved_LDFLAGS="$LDFLAGS";
|
||
|
LDFLAGS="-Wl,--no-undefined";
|
||
|
AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {}])],
|
||
|
[noundef_LDFLAGS="$LDFLAGS"; AC_MSG_RESULT([yes])],
|
||
|
[AC_MSG_RESULT([no])]
|
||
|
)
|
||
|
LDFLAGS="$saved_LDFLAGS";
|
||
|
|
||
|
blacklist_modules=""
|
||
|
blacklist_x_modules=""
|
||
|
blacklist_b_modules=""
|
||
|
blacklist_a_modules=""
|
||
|
blacklist_4_modules=""
|
||
|
blacklist_6_modules=""
|
||
|
|
||
|
AC_CHECK_HEADERS([linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h linux/bpf.h])
|
||
|
if test "$ac_cv_header_linux_dccp_h" != "yes"; then
|
||
|
blacklist_modules="$blacklist_modules dccp";
|
||
|
fi;
|
||
|
if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
|
||
|
blacklist_modules="$blacklist_modules ipvs";
|
||
|
fi;
|
||
|
|
||
|
AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
|
||
|
|
||
|
AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_BPFC], [test "$enable_bpfc" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"])
|
||
|
AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"])
|
||
|
|
||
|
if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
|
||
|
AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
|
||
|
fi
|
||
|
|
||
|
PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
|
||
|
[nfnetlink=1], [nfnetlink=0])
|
||
|
AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
|
||
|
|
||
|
if test "x$enable_nftables" = "xyes"; then
|
||
|
PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
|
||
|
|
||
|
if test "$mnl" = 0;
|
||
|
then
|
||
|
echo "*** Error: No suitable libmnl found. ***"
|
||
|
echo " Please install the 'libmnl' package"
|
||
|
echo " Or consider --disable-nftables to skip"
|
||
|
echo " iptables-compat over nftables support."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
PKG_CHECK_MODULES([libnftnl], [libnftnl >= 1.1.6], [nftables=1], [nftables=0])
|
||
|
|
||
|
if test "$nftables" = 0;
|
||
|
then
|
||
|
echo "*** Error: no suitable libnftnl found. ***"
|
||
|
echo " Please install the 'libnftnl' package"
|
||
|
echo " Or consider --disable-nftables to skip"
|
||
|
echo " iptables-compat over nftables support."
|
||
|
exit 1
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
AM_CONDITIONAL([HAVE_LIBMNL], [test "$mnl" = 1])
|
||
|
AM_CONDITIONAL([HAVE_LIBNFTNL], [test "$nftables" = 1])
|
||
|
|
||
|
if test "$nftables" != 1; then
|
||
|
blacklist_b_modules="$blacklist_b_modules limit mark nflog mangle"
|
||
|
blacklist_a_modules="$blacklist_a_modules mangle"
|
||
|
fi
|
||
|
|
||
|
if test "x$enable_connlabel" = "xyes"; then
|
||
|
PKG_CHECK_MODULES([libnetfilter_conntrack],
|
||
|
[libnetfilter_conntrack >= 1.0.6],
|
||
|
[nfconntrack=1], [nfconntrack=0])
|
||
|
|
||
|
if test "$nfconntrack" -ne 1; then
|
||
|
blacklist_modules="$blacklist_modules connlabel";
|
||
|
echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
|
||
|
enable_connlabel="no";
|
||
|
fi;
|
||
|
else
|
||
|
blacklist_modules="$blacklist_modules connlabel";
|
||
|
fi;
|
||
|
|
||
|
AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
|
||
|
|
||
|
AC_SUBST([blacklist_modules])
|
||
|
AC_SUBST([blacklist_x_modules])
|
||
|
AC_SUBST([blacklist_b_modules])
|
||
|
AC_SUBST([blacklist_a_modules])
|
||
|
AC_SUBST([blacklist_4_modules])
|
||
|
AC_SUBST([blacklist_6_modules])
|
||
|
|
||
|
regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
|
||
|
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
|
||
|
-Wlogical-op \
|
||
|
-Winline -pipe";
|
||
|
regular_CPPFLAGS="${largefile_cppflags} -D_REENTRANT \
|
||
|
-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
|
||
|
kinclude_CPPFLAGS="";
|
||
|
if [[ -n "$kbuilddir" ]]; then
|
||
|
kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$kbuilddir/include/uapi -I$kbuilddir/include";
|
||
|
fi;
|
||
|
if [[ -n "$ksourcedir" ]]; then
|
||
|
kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$ksourcedir/include/uapi -I$ksourcedir/include";
|
||
|
fi;
|
||
|
pkgdatadir='${datadir}/xtables';
|
||
|
|
||
|
define([EXPAND_VARIABLE],
|
||
|
[$2=[$]$1
|
||
|
if test $prefix = 'NONE'; then
|
||
|
prefix="/usr/local"
|
||
|
fi
|
||
|
while true; do
|
||
|
case "[$]$2" in
|
||
|
*\[$]* ) eval "$2=[$]$2" ;;
|
||
|
*) break ;;
|
||
|
esac
|
||
|
done
|
||
|
eval "$2=[$]$2"
|
||
|
])dnl EXPAND_VARIABLE
|
||
|
|
||
|
AC_SUBST([regular_CFLAGS])
|
||
|
AC_SUBST([regular_CPPFLAGS])
|
||
|
AC_SUBST([noundef_LDFLAGS])
|
||
|
AC_SUBST([kinclude_CPPFLAGS])
|
||
|
AC_SUBST([kbuilddir])
|
||
|
AC_SUBST([ksourcedir])
|
||
|
AC_SUBST([xtlibdir])
|
||
|
AC_SUBST([pkgconfigdir])
|
||
|
AC_SUBST([pkgdatadir])
|
||
|
AC_SUBST([libxtables_vcurrent])
|
||
|
AC_SUBST([libxtables_vage])
|
||
|
libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
|
||
|
AC_SUBST([libxtables_vmajor])
|
||
|
|
||
|
AC_DEFINE_UNQUOTED([XT_LOCK_NAME], "${xt_lock_name}",
|
||
|
[Location of the iptables lock file])
|
||
|
AC_SUBST([XT_LOCK_NAME], "${xt_lock_name}")
|
||
|
|
||
|
AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
|
||
|
iptables/Makefile iptables/xtables.pc
|
||
|
iptables/iptables.8 iptables/iptables-extensions.8.tmpl
|
||
|
iptables/iptables-save.8 iptables/iptables-restore.8
|
||
|
iptables/iptables-apply.8 iptables/iptables-xml.1
|
||
|
libipq/Makefile libipq/libipq.pc
|
||
|
libiptc/Makefile libiptc/libiptc.pc
|
||
|
libiptc/libip4tc.pc libiptc/libip6tc.pc
|
||
|
libxtables/Makefile utils/Makefile
|
||
|
include/xtables-version.h
|
||
|
iptables/xtables-monitor.8
|
||
|
utils/nfnl_osf.8
|
||
|
utils/nfbpf_compile.8])
|
||
|
AC_OUTPUT
|
||
|
|
||
|
|
||
|
EXPAND_VARIABLE(xtlibdir, e_xtlibdir)
|
||
|
EXPAND_VARIABLE(pkgconfigdir, e_pkgconfigdir)
|
||
|
|
||
|
echo "
|
||
|
Iptables Configuration:
|
||
|
IPv4 support: ${enable_ipv4}
|
||
|
IPv6 support: ${enable_ipv6}
|
||
|
Devel support: ${enable_devel}
|
||
|
IPQ support: ${enable_libipq}
|
||
|
Large file support: ${enable_largefile}
|
||
|
BPF utils support: ${enable_bpfc}
|
||
|
nfsynproxy util support: ${enable_nfsynproxy}
|
||
|
nftables support: ${enable_nftables}
|
||
|
connlabel support: ${enable_connlabel}
|
||
|
|
||
|
Build parameters:
|
||
|
Put plugins into executable (static): ${enable_static}
|
||
|
Support plugins via dlopen (shared): ${enable_shared}
|
||
|
Installation prefix (--prefix): ${prefix}
|
||
|
Xtables extension directory: ${e_xtlibdir}
|
||
|
Pkg-config directory: ${e_pkgconfigdir}
|
||
|
Xtables lock file: ${xt_lock_name}"
|
||
|
|
||
|
if [[ -n "$ksourcedir" ]]; then
|
||
|
echo " Kernel source directory: ${ksourcedir}"
|
||
|
fi;
|
||
|
if [[ -n "$kbuilddir" ]]; then
|
||
|
echo " Kernel build directory: ${kbuilddir}"
|
||
|
fi;
|
||
|
|
||
|
echo " Host: ${host}
|
||
|
GCC binary: ${CC}"
|
||
|
|
||
|
test x"$blacklist_modules" = "x" || echo "
|
||
|
Iptables modules that will not be built: $blacklist_modules"
|