1
2AC_INIT([iptables], [1.6.1])
3
4# See libtool.info "Libtool's versioning system"
5libxtables_vcurrent=12
6libxtables_vage=0
7
8AC_CONFIG_AUX_DIR([build-aux])
9AC_CONFIG_HEADERS([config.h])
10AC_CONFIG_MACRO_DIR([m4])
11AC_PROG_INSTALL
12AM_INIT_AUTOMAKE([-Wall])
13AC_PROG_CC
14AM_PROG_CC_C_O
15AC_DISABLE_STATIC
16m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
17AM_PROG_LIBTOOL
18
19AC_ARG_WITH([kernel],
20	AS_HELP_STRING([--with-kernel=PATH],
21	[Path to kernel source/build directory]),
22	[kbuilddir="$withval"; ksourcedir="$withval";])
23AC_ARG_WITH([kbuild],
24	AS_HELP_STRING([--with-kbuild=PATH],
25	[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
26	[kbuilddir="$withval"])
27AC_ARG_WITH([ksource],
28	AS_HELP_STRING([--with-ksource=PATH],
29	[Path to kernel source directory [[/lib/modules/CURRENT/source]]]),
30	[ksourcedir="$withval"])
31AC_ARG_WITH([xtlibdir],
32	AS_HELP_STRING([--with-xtlibdir=PATH],
33	[Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]),
34	[xtlibdir="$withval"],
35	[xtlibdir="${libdir}/xtables"])
36AC_ARG_ENABLE([ipv4],
37	AS_HELP_STRING([--disable-ipv4], [Do not build iptables]),
38	[enable_ipv4="$enableval"], [enable_ipv4="yes"])
39AC_ARG_ENABLE([ipv6],
40	AS_HELP_STRING([--disable-ipv6], [Do not build ip6tables]),
41	[enable_ipv6="$enableval"], [enable_ipv6="yes"])
42AC_ARG_ENABLE([largefile],
43	AS_HELP_STRING([--disable-largefile], [Do not build largefile support]),
44	[enable_largefile="$enableval"],
45	[enable_largefile="yes";
46	largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
47AC_ARG_ENABLE([devel],
48	AS_HELP_STRING([--enable-devel],
49	[Install Xtables development headers]),
50	[enable_devel="$enableval"], [enable_devel="yes"])
51AC_ARG_ENABLE([libipq],
52	AS_HELP_STRING([--enable-libipq], [Build and install libipq]),
53	[enable_libipq="$enableval"], [enable_libipq="no"])
54AC_ARG_ENABLE([bpf-compiler],
55	AS_HELP_STRING([--enable-bpf-compiler], [Build bpf compiler]),
56	[enable_bpfc="$enableval"], [enable_bpfc="no"])
57AC_ARG_ENABLE([nfsynproxy],
58	AS_HELP_STRING([--enable-nfsynproxy], [Build SYNPROXY configuration tool]),
59	[enable_nfsynproxy="$enableval"], [enable_nfsynproxy="no"])
60AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
61	[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
62	[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
63AC_ARG_ENABLE([nftables],
64	AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
65	[enable_nftables="$enableval"], [enable_nftables="yes"])
66AC_ARG_ENABLE([connlabel],
67	AS_HELP_STRING([--disable-connlabel],
68	[Do not build libnetfilter_conntrack]),
69	[enable_connlabel="$enableval"], [enable_connlabel="yes"])
70AC_ARG_WITH([xt-lock-name], AS_HELP_STRING([--with-xt-lock-name=PATH],
71	[Path to the xtables lock [[/run/xtables.lock]]]),
72	[xt_lock_name="$withval"],
73	[xt_lock_name="/run/xtables.lock"])
74
75libiptc_LDFLAGS2="";
76AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
77	[libiptc_LDFLAGS2="-Wl,--no-as-needed"])
78AC_SUBST([libiptc_LDFLAGS2])
79
80AC_MSG_CHECKING([whether $LD knows -Wl,--no-undefined])
81saved_LDFLAGS="$LDFLAGS";
82LDFLAGS="-Wl,--no-undefined";
83AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {}])],
84	[noundef_LDFLAGS="$LDFLAGS"; AC_MSG_RESULT([yes])],
85	[AC_MSG_RESULT([no])]
86)
87LDFLAGS="$saved_LDFLAGS";
88
89blacklist_modules=""
90blacklist_x_modules=""
91blacklist_b_modules=""
92blacklist_a_modules=""
93blacklist_4_modules=""
94blacklist_6_modules=""
95
96AC_CHECK_HEADERS([linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h linux/bpf.h])
97if test "$ac_cv_header_linux_dccp_h" != "yes"; then
98	blacklist_modules="$blacklist_modules dccp";
99fi;
100if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
101	blacklist_modules="$blacklist_modules ipvs";
102fi;
103
104AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
105
106AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"])
107AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"])
108AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"])
109AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"])
110AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
111AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
112AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
113AM_CONDITIONAL([ENABLE_BPFC], [test "$enable_bpfc" = "yes"])
114AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"])
115AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"])
116AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"])
117
118if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
119	AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
120fi
121
122PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
123	[nfnetlink=1], [nfnetlink=0])
124AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
125
126if test "x$enable_nftables" = "xyes"; then
127	PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
128
129	if test "$mnl" = 0;
130	then
131		echo "*** Error: No suitable libmnl found. ***"
132		echo "    Please install the 'libmnl' package"
133		echo "    Or consider --disable-nftables to skip"
134		echo "    iptables-compat over nftables support."
135		exit 1
136	fi
137
138	PKG_CHECK_MODULES([libnftnl], [libnftnl >= 1.0.5], [nftables=1], [nftables=0])
139
140	if test "$nftables" = 0;
141	then
142		echo "*** Error: no suitable libnftnl found. ***"
143		echo "    Please install the 'libnftnl' package"
144		echo "    Or consider --disable-nftables to skip"
145		echo "    iptables-compat over nftables support."
146		exit 1
147	fi
148
149	AM_PROG_LEX
150	AC_PROG_YACC
151
152	if test -z "$ac_cv_prog_YACC"
153	then
154		echo "*** Error: No suitable bison/yacc found. ***"
155		echo "    Please install the 'bison' package."
156		exit 1
157	fi
158	if test -z "$ac_cv_prog_LEX"
159	then
160	        echo "*** Error: No suitable flex/lex found. ***"
161	        echo "    Please install the 'flex' package."
162	        exit 1
163	fi
164fi
165
166AM_CONDITIONAL([HAVE_LIBMNL], [test "$mnl" = 1])
167AM_CONDITIONAL([HAVE_LIBNFTNL], [test "$nftables" = 1])
168
169if test "$nftables" != 1; then
170	blacklist_b_modules="$blacklist_b_modules limit mark nflog mangle"
171	blacklist_a_modules="$blacklist_a_modules mangle"
172fi
173
174if test "x$enable_connlabel" = "xyes"; then
175	PKG_CHECK_MODULES([libnetfilter_conntrack],
176		[libnetfilter_conntrack >= 1.0.6],
177		[nfconntrack=1], [nfconntrack=0])
178
179	if test "$nfconntrack" -ne 1; then
180		blacklist_modules="$blacklist_modules connlabel";
181		echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
182		enable_connlabel="no";
183	fi;
184else
185	blacklist_modules="$blacklist_modules connlabel";
186fi;
187
188AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
189
190AC_SUBST([blacklist_modules])
191AC_SUBST([blacklist_x_modules])
192AC_SUBST([blacklist_b_modules])
193AC_SUBST([blacklist_a_modules])
194AC_SUBST([blacklist_4_modules])
195AC_SUBST([blacklist_6_modules])
196
197regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
198	-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
199	-Winline -pipe";
200regular_CPPFLAGS="${largefile_cppflags} -D_REENTRANT \
201	-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
202kinclude_CPPFLAGS="";
203if [[ -n "$kbuilddir" ]]; then
204	kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$kbuilddir/include/uapi -I$kbuilddir/include";
205fi;
206if [[ -n "$ksourcedir" ]]; then
207	kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$ksourcedir/include/uapi -I$ksourcedir/include";
208fi;
209pkgdatadir='${datadir}/xtables';
210
211define([EXPAND_VARIABLE],
212[$2=[$]$1
213if test $prefix = 'NONE'; then
214	prefix="/usr/local"
215fi
216while true; do
217  case "[$]$2" in
218    *\[$]* ) eval "$2=[$]$2" ;;
219    *) break ;;
220  esac
221done
222eval "$2=[$]$2"
223])dnl EXPAND_VARIABLE
224
225AC_SUBST([regular_CFLAGS])
226AC_SUBST([regular_CPPFLAGS])
227AC_SUBST([noundef_LDFLAGS])
228AC_SUBST([kinclude_CPPFLAGS])
229AC_SUBST([kbuilddir])
230AC_SUBST([ksourcedir])
231AC_SUBST([xtlibdir])
232AC_SUBST([pkgconfigdir])
233AC_SUBST([pkgdatadir])
234AC_SUBST([libxtables_vcurrent])
235AC_SUBST([libxtables_vage])
236libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
237AC_SUBST([libxtables_vmajor])
238
239AC_DEFINE_UNQUOTED([XT_LOCK_NAME], "${xt_lock_name}",
240	[Location of the iptables lock file])
241
242AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
243	iptables/Makefile iptables/xtables.pc
244	iptables/iptables.8 iptables/iptables-extensions.8.tmpl
245	iptables/iptables-save.8 iptables/iptables-restore.8
246	iptables/iptables-apply.8 iptables/iptables-xml.1
247	libipq/Makefile libipq/libipq.pc
248	libiptc/Makefile libiptc/libiptc.pc
249	libiptc/libip4tc.pc libiptc/libip6tc.pc
250	libxtables/Makefile utils/Makefile
251	include/xtables-version.h include/iptables/internal.h])
252AC_OUTPUT
253
254
255EXPAND_VARIABLE(xtlibdir, e_xtlibdir)
256EXPAND_VARIABLE(pkgconfigdir, e_pkgconfigdir)
257
258echo "
259Iptables Configuration:
260  IPv4 support:				${enable_ipv4}
261  IPv6 support:				${enable_ipv6}
262  Devel support:			${enable_devel}
263  IPQ support:				${enable_libipq}
264  Large file support:			${enable_largefile}
265  BPF utils support:			${enable_bpfc}
266  nfsynproxy util support:		${enable_nfsynproxy}
267  nftables support:			${enable_nftables}
268  connlabel support:			${enable_connlabel}
269
270Build parameters:
271  Put plugins into executable (static):	${enable_static}
272  Support plugins via dlopen (shared):	${enable_shared}
273  Installation prefix (--prefix):	${prefix}
274  Xtables extension directory:		${e_xtlibdir}
275  Pkg-config directory:			${e_pkgconfigdir}
276  Xtables lock file:			${xt_lock_name}"
277
278if [[ -n "$ksourcedir" ]]; then
279	echo "  Kernel source directory:		${ksourcedir}"
280fi;
281if [[ -n "$kbuilddir" ]]; then
282	echo "  Kernel build directory:		${kbuilddir}"
283fi;
284
285echo "  Host:					${host}
286  GCC binary:				${CC}"
287
288test x"$blacklist_modules" = "x" || echo "
289Iptables modules that will not be built: $blacklist_modules"
290