From: Felix Fietkau <nbd@openwrt.org>
Date: Wed, 22 Feb 2012 01:47:48 +0000 (+0000)
Subject: iptables: make it possible to dynamically configure built-in statically linked extens... 
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=d85a504d3c187537e17c47d38924bf117f590f76;p=openwrt%2Fstaging%2Fneocturne.git

iptables: make it possible to dynamically configure built-in statically linked extensions, fold -mod-conntrack and -mod-nat into the default package. saves about 8k on an ar71xx default squashfs

SVN-Revision: 30676
---

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 978154b3f7..54cb8dc4a9 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -19,7 +19,7 @@ define Package/firewall
   URL:=http://openwrt.org/
   TITLE:=OpenWrt firewall
   MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
-  DEPENDS:=+iptables +iptables-mod-conntrack +iptables-mod-nat
+  DEPENDS:=+iptables +kmod-ipt-conntrack +kmod-ipt-nat
   PKGARCH:=all
 endef
 
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 24c428c4fe..026df266ba 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -79,26 +79,6 @@ IPv4 firewall administration tool.
 
 endef
 
-define Package/iptables-mod-conntrack
-$(call Package/iptables/Module, +kmod-ipt-conntrack)
-  TITLE:=Basic connection tracking extensions
-endef
-
-define Package/iptables-mod-conntrack/description
-Basic iptables extensions for connection tracking.
-
- Matches:
-  - state
-  - conntrack
-
- Targets:
-  - NOTRACK
-
- Tables:
-  - raw
-
-endef
-
 define Package/iptables-mod-conntrack-extra
 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
   TITLE:=Extra connection tracking extensions
@@ -192,24 +172,6 @@ IPset iptables extensions.
 
 endef
 
-define Package/iptables-mod-nat
-$(call Package/iptables/Module, +kmod-ipt-nat)
-  TITLE:=Basic NAT extensions
-endef
-
-define Package/iptables-mod-nat/description
-iptables extensions for basic NAT targets.
-
- Targets:
-  - SNAT
-  - DNAT
-  - MASQUERADE
-
- Tables:
-  - nat
-
-endef
-
 define Package/iptables-mod-nat-extra
 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
   TITLE:=Extra NAT extensions
@@ -394,13 +356,15 @@ CONFIGURE_ARGS += \
 	$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
 	--enable-libipq \
 	--with-kernel="$(LINUX_DIR)" \
-	--with-xtlibdir=/usr/lib/iptables
+	--with-xtlibdir=/usr/lib/iptables \
+	--enable-static
 
 MAKE_FLAGS := \
 	$(TARGET_CONFIGURE_OPTS) \
 	COPT_FLAGS="$(TARGET_CFLAGS)" \
 	KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
 	KBUILD_OUTPUT="$(LINUX_DIR)" \
+	BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include
@@ -431,13 +395,6 @@ define Package/iptables/install
 	$(LN) iptables $(1)/usr/sbin/iptables-save
 	$(LN) iptables $(1)/usr/sbin/iptables-restore
 	$(INSTALL_DIR) $(1)/usr/lib/iptables
-	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
-		for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
-			if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
-				$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
-			fi; \
-		done \
-	)
 endef
 
 define Package/ip6tables/install
@@ -496,14 +453,12 @@ L7_INSTALL:=\
 
 
 $(eval $(call BuildPackage,iptables))
-$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
 $(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
-$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
diff --git a/package/iptables/patches/200-configurable_builtin.patch b/package/iptables/patches/200-configurable_builtin.patch
new file mode 100644
index 0000000000..e61d8ab765
--- /dev/null
+++ b/package/iptables/patches/200-configurable_builtin.patch
@@ -0,0 +1,56 @@
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -40,9 +40,24 @@
+ pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
+ pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
+ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
+-pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+-pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+-pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
++
++ifdef BUILTIN_MODULES
++pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod})
++pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod})
++pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod})
++else
++@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod)
++@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod)
++@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod)
++endif
++
++pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod))
++pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod))
++pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod))
++
++pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_static})
++pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_static})
++pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_static})
+ pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
+ pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+@@ -54,10 +69,10 @@
+ targets := libext4.a libext6.a matches4.man matches6.man \
+            targets4.man targets6.man
+ targets_install :=
+-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
+-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
+-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++libext4_objs := ${pfx_objs} ${pf4_objs}
++libext6_objs := ${pfx_objs} ${pf6_objs}
++targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
+ 
+ .SECONDARY:
+ 
+@@ -107,8 +122,8 @@
+ libext6.a: initext6.o ${libext6_objs}
+ 	${AM_VERBOSE_AR} ${AR} crs $@ $^;
+ 
+-initext_func  := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
+-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
++initext_func  := $(addprefix xt_,${pfx_build_static}) $(addprefix ipt_,${pf4_build_static})
++initext6_func := $(addprefix xt_,${pfx_build_static}) $(addprefix ip6t_,${pf6_build_static})
+ 
+ .initext4.dd: FORCE
+ 	@echo "${initext_func}" >$@.tmp; \