diff -purN -X dontdiff iptables-1.3.3-20051019.p/extensions/Makefile iptables-1.3.3-20051019.w/extensions/Makefile --- iptables-1.3.3-20051019.p/extensions/Makefile 2005-07-19 17:44:58.000000000 -0400 +++ iptables-1.3.3-20051019.w/extensions/Makefile 2005-10-22 10:58:11.000000000 -0400 @@ -7,6 +7,8 @@ # PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE +PF_EXT_SE_SLIB:= +PF6_EXT_SE_SLIB:= # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) @@ -43,26 +45,34 @@ OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT ifndef NO_SHARED_LIBS SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) ifeq ($(DO_IPV6), 1) SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) endif else # NO_SHARED_LIBS EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) +EXT_OBJS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).o) EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) +EXT_FUNC+=$(foreach T,$(PF_EXT_SE_SLIB),ipt_$(T)) EXT_OBJS+= extensions/initext.o ifeq ($(DO_IPV6), 1) EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) +EXT6_OBJS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).o) EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) +EXT6_FUNC+=$(foreach T,$(PF6_EXT_SE_SLIB),ip6t_$(T)) EXT6_OBJS+= extensions/initext6.o endif # DO_IPV6 endif # NO_SHARED_LIBS ifndef TOPLEVEL_INCLUDED local: - cd .. && $(MAKE) $(SHARED_LIBS) + cd .. && $(MAKE) $(SHARED_LIBS) $(SHARED_SE_LIBS) endif ifdef NO_SHARED_LIBS diff -purN -X dontdiff iptables-1.3.3-20051019.p/Makefile iptables-1.3.3-20051019.w/Makefile --- iptables-1.3.3-20051019.p/Makefile 2005-10-19 17:55:05.000000000 -0400 +++ iptables-1.3.3-20051019.w/Makefile 2005-10-22 11:03:25.000000000 -0400 @@ -31,6 +31,11 @@ ifeq ($(shell [ -f /usr/include/netinet/ DO_IPV6:=1 endif +# Enable linking to libselinux via enviornment 'DO_SELINUX=1' +ifndef DO_SELINUX +DO_SELINUX=0 +endif + COPT_FLAGS:=-O2 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG @@ -93,17 +98,24 @@ endif ifndef NO_SHARED_LIBS DEPFILES = $(SHARED_LIBS:%.so=%.d) +DEPFILES += $(SHARED_SE_LIBS:%.so=%.d) SH_CFLAGS:=$(CFLAGS) -fPIC STATIC_LIBS = STATIC6_LIBS = LDFLAGS = -rdynamic LDLIBS = -ldl -lnsl +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif else DEPFILES = $(EXT_OBJS:%.o=%.d) STATIC_LIBS = extensions/libext.a STATIC6_LIBS = extensions/libext6.a LDFLAGS = -static -LDLIBS = +LDLIBS = +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif endif .PHONY: default diff -purN -X dontdiff iptables-1.3.3-20051019.p/Rules.make iptables-1.3.3-20051019.w/Rules.make --- iptables-1.3.3-20051019.p/Rules.make 2004-05-26 11:46:27.000000000 -0400 +++ iptables-1.3.3-20051019.w/Rules.make 2005-10-22 10:58:11.000000000 -0400 @@ -1,12 +1,12 @@ #! /usr/bin/make -all: $(SHARED_LIBS) $(EXTRAS) +all: $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) experimental: $(EXTRAS_EXP) # Have to handle extensions which no longer exist. clean: $(EXTRA_CLEANS) - rm -f $(SHARED_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) + rm -f $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) $(SHARED_SE_LIBS:%.so=%_sh.o) rm -f extensions/initext.c extensions/initext6.c @find . -name '*.[ao]' -o -name '*.so' | xargs rm -f @@ -33,6 +33,13 @@ $(SHARED_LIBS:%.so=%.d): %.d: %.c $(SHARED_LIBS): %.so : %_sh.o $(LD) -shared $(EXT_LDFLAGS) -o $@ $< +$(SHARED_SE_LIBS:%.so=%.d): %.d: %.c + @-$(CC) -M -MG $(CFLAGS) $< | \ + sed -e 's@^.*\.o:@$*.d $*_sh.o:@' > $@ + +$(SHARED_SE_LIBS): %.so : %_sh.o + $(LD) -shared $(EXT_LDFLAGS) -o $@ $< $(LDLIBS) + %_sh.o : %.c $(CC) $(SH_CFLAGS) -o $@ -c $<