diff -purN -X dontdiff iptables-1.3.3-20051019.o/extensions/libip6t_LOG.c iptables-1.3.3-20051019.w/extensions/libip6t_LOG.c --- iptables-1.3.3-20051019.o/extensions/libip6t_LOG.c 2005-07-10 11:06:21.000000000 -0400 +++ iptables-1.3.3-20051019.w/extensions/libip6t_LOG.c 2005-10-22 21:34:48.000000000 -0400 @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -28,7 +29,8 @@ help(void) " --log-tcp-sequence Log TCP sequence numbers.\n\n" " --log-tcp-options Log TCP options.\n\n" " --log-ip-options Log IP options.\n\n" -" --log-uid Log UID owning the local socket.\n\n", +" --log-uid Log UID owning the local socket.\n\n" +" --log-context Log SELinux context of local socket.\n\n", IPTABLES_VERSION); } @@ -39,6 +41,7 @@ static struct option opts[] = { { .name = "log-tcp-options", .has_arg = 0, .flag = 0, .val = '2' }, { .name = "log-ip-options", .has_arg = 0, .flag = 0, .val = '3' }, { .name = "log-uid", .has_arg = 0, .flag = 0, .val = '4' }, + { .name = "log-context", .has_arg = 0, .flag = 0, .val = '5' }, { .name = 0 } }; @@ -105,6 +108,7 @@ parse_level(const char *level) #define IP6T_LOG_OPT_TCPOPT 0x08 #define IP6T_LOG_OPT_IPOPT 0x10 #define IP6T_LOG_OPT_UID 0x20 +#define IP6T_LOG_OPT_CTX 0x40 /* Function which parses command options; returns true if it ate an option */ @@ -188,6 +192,18 @@ parse(int c, char **argv, int invert, un *flags |= IP6T_LOG_OPT_UID; break; + case '5': + if (!is_selinux_enabled()) + exit_error(PARAMETER_PROBLEM, + "--log-context invalid because SELinux is disabled in the kernel"); + + if (*flags & IP6T_LOG_OPT_CTX) + exit_error(PARAMETER_PROBLEM, + "Can't specify --log-context twice"); + loginfo->logflags |= IP6T_LOG_CTX; + *flags |= IP6T_LOG_OPT_CTX; + break; + default: return 0; } @@ -233,6 +249,8 @@ print(const struct ip6t_ip6 *ip, printf("ip-options "); if (loginfo->logflags & IP6T_LOG_UID) printf("uid "); + if (loginfo->logflags & IP6T_LOG_CTX) + printf("--log-context "); if (loginfo->logflags & ~(IP6T_LOG_MASK)) printf("unknown-flags "); } @@ -262,6 +280,8 @@ save(const struct ip6t_ip6 *ip, const st printf("--log-ip-options "); if (loginfo->logflags & IP6T_LOG_UID) printf("--log-uid "); + if (loginfo->logflags & IP6T_LOG_CTX) + printf("--log-context "); } static diff -purN -X dontdiff iptables-1.3.3-20051019.o/extensions/libip6t_owner.c iptables-1.3.3-20051019.w/extensions/libip6t_owner.c --- iptables-1.3.3-20051019.o/extensions/libip6t_owner.c 2005-06-29 12:54:16.000000000 -0400 +++ iptables-1.3.3-20051019.w/extensions/libip6t_owner.c 2005-10-25 01:03:22.000000000 -0400 @@ -8,6 +8,7 @@ #include #include +#include #include /* Function which prints out usage message. */ @@ -22,6 +23,7 @@ help(void) "[!] --pid-owner processid Match local pid\n" "[!] --sid-owner sessionid Match local sid\n" "[!] --cmd-owner name Match local command name\n" +"[!] --ctx-owner context Match SELinux security context (SELinux must be enabled in kernel)\n" "\n", IPTABLES_VERSION); #else @@ -31,6 +33,7 @@ IPTABLES_VERSION); "[!] --gid-owner groupid Match local gid\n" "[!] --pid-owner processid Match local pid\n" "[!] --sid-owner sessionid Match local sid\n" +"[!] --ctx-owner context Match SELinux security context (SELinux must be enabled in kernel)\n" "\n", IPTABLES_VERSION); #endif /* IP6T_OWNER_COMM */ @@ -44,6 +47,7 @@ static struct option opts[] = { #ifdef IP6T_OWNER_COMM { "cmd-owner", 1, 0, '5' }, #endif + { "ctx-owner", 1, 0, '6' }, {0} }; @@ -129,6 +133,20 @@ parse(int c, char **argv, int invert, un *flags = 1; break; #endif + case '6': + if (!is_selinux_enabled()) + exit_error(PARAMETER_PROBLEM, "OWNER CTX is invalid because SELinux is disabled in the kernel. Having a bad day?"); + + check_inverse(optarg, &invert, &optind, 0); + if(strlen(optarg) > sizeof(ownerinfo->ctx)) + exit_error(PARAMETER_PROBLEM, "OWNER CTX `%s' too long, max %u characters", optarg, (unsigned int)sizeof(ownerinfo->ctx)); + strncpy(ownerinfo->ctx, optarg, sizeof(ownerinfo->ctx)); + ownerinfo->ctx[sizeof(ownerinfo->ctx)-1] = '\0'; + if (invert) + ownerinfo->invert |= IP6T_OWNER_CTX; + ownerinfo->match |= IP6T_OWNER_CTX; + *flags = 1; + break; default: return 0; @@ -182,6 +200,9 @@ print_item(struct ip6t_owner_info *info, printf("%.*s ", (int)sizeof(info->comm), info->comm); break; #endif + case IP6T_OWNER_CTX: + printf("%.*s ", (int)sizeof(info->ctx), info->ctx); + break; default: break; } @@ -212,6 +233,7 @@ print(const struct ip6t_ip6 *ip, #ifdef IP6T_OWNER_COMM print_item(info, IP6T_OWNER_COMM, numeric, "OWNER CMD match "); #endif + print_item(info, IP6T_OWNER_CTX, numeric, "OWNER CTX match "); } /* Saves the union ip6t_matchinfo in parsable form to stdout. */ @@ -227,6 +249,7 @@ save(const struct ip6t_ip6 *ip, const st #ifdef IP6T_OWNER_COMM print_item(info, IP6T_OWNER_COMM, 0, "--cmd-owner "); #endif + print_item(info, IP6T_OWNER_CTX, 0, "--ctx-owner "); } static struct ip6tables_match owner = { diff -purN -X dontdiff iptables-1.3.3-20051019.o/extensions/libipt_LOG.c iptables-1.3.3-20051019.w/extensions/libipt_LOG.c --- iptables-1.3.3-20051019.o/extensions/libipt_LOG.c 2005-04-01 02:07:00.000000000 -0500 +++ iptables-1.3.3-20051019.w/extensions/libipt_LOG.c 2005-10-22 21:33:17.000000000 -0400 @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -28,7 +29,8 @@ help(void) " --log-tcp-sequence Log TCP sequence numbers.\n\n" " --log-tcp-options Log TCP options.\n\n" " --log-ip-options Log IP options.\n\n" -" --log-uid Log UID owning the local socket.\n\n", +" --log-uid Log UID owning the local socket.\n\n" +" --log-context Log SELinux context of local socket.\n\n", IPTABLES_VERSION); } @@ -39,6 +41,7 @@ static struct option opts[] = { { .name = "log-tcp-options", .has_arg = 0, .flag = 0, .val = '2' }, { .name = "log-ip-options", .has_arg = 0, .flag = 0, .val = '3' }, { .name = "log-uid", .has_arg = 0, .flag = 0, .val = '4' }, + { .name = "log-context", .has_arg = 0, .flag = 0, .val = '5' }, { .name = 0 } }; @@ -105,6 +108,7 @@ parse_level(const char *level) #define IPT_LOG_OPT_TCPOPT 0x08 #define IPT_LOG_OPT_IPOPT 0x10 #define IPT_LOG_OPT_UID 0x20 +#define IPT_LOG_OPT_CTX 0x40 /* Function which parses command options; returns true if it ate an option */ @@ -188,6 +192,19 @@ parse(int c, char **argv, int invert, un *flags |= IPT_LOG_OPT_UID; break; + case '5': + if (!is_selinux_enabled()) + exit_error(PARAMETER_PROBLEM, + "--log-context invalid because SELinux is disabled in the kernel"); + + if (*flags & IPT_LOG_OPT_CTX) + exit_error(PARAMETER_PROBLEM, + "Can't specify --log-context twice"); + + loginfo->logflags |= IPT_LOG_CTX; + *flags |= IPT_LOG_OPT_CTX; + break; + default: return 0; } @@ -233,6 +250,8 @@ print(const struct ipt_ip *ip, printf("ip-options "); if (loginfo->logflags & IPT_LOG_UID) printf("uid "); + if (loginfo->logflags & IPT_LOG_CTX) + printf("context "); if (loginfo->logflags & ~(IPT_LOG_MASK)) printf("unknown-flags "); } @@ -262,6 +281,8 @@ save(const struct ipt_ip *ip, const stru printf("--log-ip-options "); if (loginfo->logflags & IPT_LOG_UID) printf("--log-uid "); + if (loginfo->logflags & IPT_LOG_CTX) + printf("--log-context "); } static diff -purN -X dontdiff iptables-1.3.3-20051019.o/extensions/libipt_owner.c iptables-1.3.3-20051019.w/extensions/libipt_owner.c --- iptables-1.3.3-20051019.o/extensions/libipt_owner.c 2005-02-14 08:13:04.000000000 -0500 +++ iptables-1.3.3-20051019.w/extensions/libipt_owner.c 2005-10-22 23:53:49.000000000 -0400 @@ -8,6 +8,7 @@ #include #include +#include #include /* Function which prints out usage message. */ @@ -22,6 +23,7 @@ help(void) "[!] --pid-owner processid Match local pid\n" "[!] --sid-owner sessionid Match local sid\n" "[!] --cmd-owner name Match local command name\n" +"[!] --ctx-owner context Match SELinux security context (SELinux must be enabled in kernel)\n" "NOTE: pid, sid and command matching are broken on SMP\n" "\n", IPTABLES_VERSION); @@ -32,6 +34,7 @@ IPTABLES_VERSION); "[!] --gid-owner groupid Match local gid\n" "[!] --pid-owner processid Match local pid\n" "[!] --sid-owner sessionid Match local sid\n" +"[!] --ctx-owner context Match SELinux security context (SELinux must be enabled in kernel)\n" "NOTE: pid and sid matching are broken on SMP\n" "\n", IPTABLES_VERSION); @@ -46,6 +49,7 @@ static struct option opts[] = { #ifdef IPT_OWNER_COMM { "cmd-owner", 1, 0, '5' }, #endif + { "ctx-owner", 1, 0, '6' }, {0} }; @@ -131,6 +135,21 @@ parse(int c, char **argv, int invert, un break; #endif + case '6': + if (!is_selinux_enabled()) + exit_error(PARAMETER_PROBLEM, "OWNER CTX is invalid because SELinux is disabled in the kernel. Having a bad day?"); + + check_inverse(optarg, &invert, &optind, 0); + if(strlen(optarg) > sizeof(ownerinfo->ctx)) + exit_error(PARAMETER_PROBLEM, "OWNER CTX `%s' too long, max %u characters", optarg, (unsigned int)sizeof(ownerinfo->ctx)); + strncpy(ownerinfo->ctx, optarg, sizeof(ownerinfo->ctx)); + ownerinfo->ctx[sizeof(ownerinfo->ctx)-1] = '\0'; + if (invert) + ownerinfo->invert |= IPT_OWNER_CTX; + ownerinfo->match |= IPT_OWNER_CTX; + *flags = 1; + break; + default: return 0; } @@ -183,6 +202,9 @@ print_item(struct ipt_owner_info *info, printf("%.*s ", (int)sizeof(info->comm), info->comm); break; #endif + case IPT_OWNER_CTX: + printf("%.*s ", (int)sizeof(info->ctx), info->ctx); + break; default: break; } @@ -213,6 +235,7 @@ print(const struct ipt_ip *ip, #ifdef IPT_OWNER_COMM print_item(info, IPT_OWNER_COMM, numeric, "OWNER CMD match "); #endif + print_item(info, IPT_OWNER_CTX, numeric, "OWNER CTX match "); } /* Saves the union ipt_matchinfo in parsable form to stdout. */ @@ -228,6 +251,7 @@ save(const struct ipt_ip *ip, const stru #ifdef IPT_OWNER_COMM print_item(info, IPT_OWNER_COMM, 0, "--cmd-owner "); #endif + print_item(info, IPT_OWNER_CTX, 0, "--ctx-owner "); } static struct iptables_match owner = { diff -purN -X dontdiff iptables-1.3.3-20051019.o/extensions/Makefile iptables-1.3.3-20051019.w/extensions/Makefile --- iptables-1.3.3-20051019.o/extensions/Makefile 2005-07-19 17:44:58.000000000 -0400 +++ iptables-1.3.3-20051019.w/extensions/Makefile 2005-10-25 01:02:01.000000000 -0400 @@ -5,8 +5,10 @@ # header files are present in the include/linux directory of this iptables # package (HW) # -PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG -PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE +PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG +PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport physdev standard tcp udp HL NFQUEUE MARK TRACE +PF_EXT_SE_SLIB:=LOG owner +PF6_EXT_SE_SLIB:=LOG owner # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) @@ -43,26 +45,34 @@ OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT ifndef NO_SHARED_LIBS SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) ifeq ($(DO_IPV6), 1) SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) endif else # NO_SHARED_LIBS EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) +EXT_OBJS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).o) EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) +EXT_FUNC+=$(foreach T,$(PF_EXT_SE_SLIB),ipt_$(T)) EXT_OBJS+= extensions/initext.o ifeq ($(DO_IPV6), 1) EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) +EXT6_OBJS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).o) EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) +EXT6_FUNC+=$(foreach T,$(PF6_EXT_SE_SLIB),ip6t_$(T)) EXT6_OBJS+= extensions/initext6.o endif # DO_IPV6 endif # NO_SHARED_LIBS ifndef TOPLEVEL_INCLUDED local: - cd .. && $(MAKE) $(SHARED_LIBS) + cd .. && $(MAKE) $(SHARED_LIBS) $(SHARED_SE_LIBS) endif ifdef NO_SHARED_LIBS diff -purN -X dontdiff iptables-1.3.3-20051019.o/include/iptables_common.h iptables-1.3.3-20051019.w/include/iptables_common.h --- iptables-1.3.3-20051019.o/include/iptables_common.h 2005-09-11 13:32:39.000000000 -0400 +++ iptables-1.3.3-20051019.w/include/iptables_common.h 2005-10-20 02:29:14.000000000 -0400 @@ -2,6 +2,12 @@ #define _IPTABLES_COMMON_H /* Shared definitions between ipv4 and ipv6. */ +#include + +#ifndef aligned_u64 +#define aligned_u64 unsigned long long __attribute__((aligned(8))) +#endif + enum exittype { OTHER_PROBLEM = 1, PARAMETER_PROBLEM, diff -purN -X dontdiff iptables-1.3.3-20051019.o/libiptc/libip4tc.c iptables-1.3.3-20051019.w/libiptc/libip4tc.c --- iptables-1.3.3-20051019.o/libiptc/libip4tc.c 2005-06-23 04:51:18.000000000 -0400 +++ iptables-1.3.3-20051019.w/libiptc/libip4tc.c 2005-10-22 10:19:46.000000000 -0400 @@ -39,6 +39,7 @@ typedef unsigned int socklen_t; #ifdef NF_IP_DROPPING #define HOOK_DROPPING NF_IP_DROPPING #endif +#define HOOK_SOCKET NF_IP_SOCKET_IN #define STRUCT_ENTRY_TARGET struct ipt_entry_target #define STRUCT_ENTRY struct ipt_entry diff -purN -X dontdiff iptables-1.3.3-20051019.o/libiptc/libip6tc.c iptables-1.3.3-20051019.w/libiptc/libip6tc.c --- iptables-1.3.3-20051019.o/libiptc/libip6tc.c 2005-06-23 04:51:18.000000000 -0400 +++ iptables-1.3.3-20051019.w/libiptc/libip6tc.c 2005-10-22 10:19:46.000000000 -0400 @@ -34,6 +34,7 @@ typedef unsigned int socklen_t; #define HOOK_FORWARD NF_IP6_FORWARD #define HOOK_LOCAL_OUT NF_IP6_LOCAL_OUT #define HOOK_POST_ROUTING NF_IP6_POST_ROUTING +#define HOOK_SOCKET NF_IP6_SOCKET_IN #define STRUCT_ENTRY_TARGET struct ip6t_entry_target #define STRUCT_ENTRY struct ip6t_entry diff -purN -X dontdiff iptables-1.3.3-20051019.o/libiptc/libiptc.c iptables-1.3.3-20051019.w/libiptc/libiptc.c --- iptables-1.3.3-20051019.o/libiptc/libiptc.c 2005-07-31 03:04:59.000000000 -0400 +++ iptables-1.3.3-20051019.w/libiptc/libiptc.c 2005-10-22 10:19:46.000000000 -0400 @@ -57,6 +57,7 @@ static const char *hooknames[] #ifdef HOOK_DROPPING [HOOK_DROPPING] "DROPPING" #endif + [HOOK_SOCKET] "SOCKET" }; /* Convenience structures */ @@ -919,18 +920,20 @@ TC_DUMP_ENTRIES(const TC_HANDLE_T handle printf("libiptc v%s. %u bytes.\n", IPTABLES_VERSION, handle->entries->size); printf("Table `%s'\n", handle->info.name); - printf("Hooks: pre/in/fwd/out/post = %u/%u/%u/%u/%u\n", + printf("Hooks: pre/in/fwd/out/post/sock = %u/%u/%u/%u/%u/%u\n", handle->info.hook_entry[HOOK_PRE_ROUTING], handle->info.hook_entry[HOOK_LOCAL_IN], handle->info.hook_entry[HOOK_FORWARD], handle->info.hook_entry[HOOK_LOCAL_OUT], - handle->info.hook_entry[HOOK_POST_ROUTING]); - printf("Underflows: pre/in/fwd/out/post = %u/%u/%u/%u/%u\n", + handle->info.hook_entry[HOOK_POST_ROUTING], + handle->info.hook_entry[HOOK_SOCKET_IN]); + printf("Underflows: pre/in/fwd/out/post/sock = %u/%u/%u/%u/%u/%u\n", handle->info.underflow[HOOK_PRE_ROUTING], handle->info.underflow[HOOK_LOCAL_IN], handle->info.underflow[HOOK_FORWARD], handle->info.underflow[HOOK_LOCAL_OUT], - handle->info.underflow[HOOK_POST_ROUTING]); + handle->info.underflow[HOOK_POST_ROUTING], + handle->info.underflow[HOOK_SOCKET_IN]); ENTRY_ITERATE(handle->entries->entrytable, handle->entries->size, dump_entry, handle); diff -purN -X dontdiff iptables-1.3.3-20051019.o/Makefile iptables-1.3.3-20051019.w/Makefile --- iptables-1.3.3-20051019.o/Makefile 2005-10-19 17:55:05.000000000 -0400 +++ iptables-1.3.3-20051019.w/Makefile 2005-10-22 11:03:25.000000000 -0400 @@ -31,6 +31,11 @@ ifeq ($(shell [ -f /usr/include/netinet/ DO_IPV6:=1 endif +# Enable linking to libselinux via enviornment 'DO_SELINUX=1' +ifndef DO_SELINUX +DO_SELINUX=0 +endif + COPT_FLAGS:=-O2 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG @@ -93,17 +98,24 @@ endif ifndef NO_SHARED_LIBS DEPFILES = $(SHARED_LIBS:%.so=%.d) +DEPFILES += $(SHARED_SE_LIBS:%.so=%.d) SH_CFLAGS:=$(CFLAGS) -fPIC STATIC_LIBS = STATIC6_LIBS = LDFLAGS = -rdynamic LDLIBS = -ldl -lnsl +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif else DEPFILES = $(EXT_OBJS:%.o=%.d) STATIC_LIBS = extensions/libext.a STATIC6_LIBS = extensions/libext6.a LDFLAGS = -static -LDLIBS = +LDLIBS = +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif endif .PHONY: default diff -purN -X dontdiff iptables-1.3.3-20051019.o/Rules.make iptables-1.3.3-20051019.w/Rules.make --- iptables-1.3.3-20051019.o/Rules.make 2004-05-26 11:46:27.000000000 -0400 +++ iptables-1.3.3-20051019.w/Rules.make 2005-10-22 10:58:11.000000000 -0400 @@ -1,12 +1,12 @@ #! /usr/bin/make -all: $(SHARED_LIBS) $(EXTRAS) +all: $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) experimental: $(EXTRAS_EXP) # Have to handle extensions which no longer exist. clean: $(EXTRA_CLEANS) - rm -f $(SHARED_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) + rm -f $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) $(SHARED_SE_LIBS:%.so=%_sh.o) rm -f extensions/initext.c extensions/initext6.c @find . -name '*.[ao]' -o -name '*.so' | xargs rm -f @@ -33,6 +33,13 @@ $(SHARED_LIBS:%.so=%.d): %.d: %.c $(SHARED_LIBS): %.so : %_sh.o $(LD) -shared $(EXT_LDFLAGS) -o $@ $< +$(SHARED_SE_LIBS:%.so=%.d): %.d: %.c + @-$(CC) -M -MG $(CFLAGS) $< | \ + sed -e 's@^.*\.o:@$*.d $*_sh.o:@' > $@ + +$(SHARED_SE_LIBS): %.so : %_sh.o + $(LD) -shared $(EXT_LDFLAGS) -o $@ $< $(LDLIBS) + %_sh.o : %.c $(CC) $(SH_CFLAGS) -o $@ -c $<