r7557 - in trunk/ipset: . kernel

kadlec at blackhole.kfki.hu kadlec at blackhole.kfki.hu
Thu Jul 3 11:26:51 CEST 2008 

Author: kadlec at blackhole.kfki.hu
Date: 2008-07-03 11:26:50 +0200 (Thu, 03 Jul 2008)
New Revision: 7557

Added:
   trunk/ipset/kernel/Kconfig.ipset
   trunk/ipset/kernel/Makefile.ipset
   trunk/ipset/kernel/patch_kernel
Modified:
   trunk/ipset/Makefile
   trunk/ipset/README
Log:
Support statically linked kernel - no need for pom-ng anymore for ipset at all.


Modified: trunk/ipset/Makefile
===================================================================
--- trunk/ipset/Makefile	2008-07-02 12:42:52 UTC (rev 7556)
+++ trunk/ipset/Makefile	2008-07-03 09:26:50 UTC (rev 7557)
@@ -36,20 +36,30 @@
 INSTALL=$(DESTDIR)$(BINDIR)/ipset $(DESTDIR)$(MANDIR)/man8/ipset.8
 INSTALL+=$(foreach T, $(SETTYPES), $(DESTDIR)$(LIBDIR)/ipset/libipset_$(T).so)
 
-all: $(PROGRAMS) $(SHARED_LIBS)
-	cd kernel; make -C $(KERNEL_DIR) M=`pwd` IP_NF_SET_MAX=$(IP_NF_SET_MAX) IP_NF_SET_HASHSIZE=$(IP_NF_SET_HASHSIZE) modules
+all: binaries modules
 
 .PHONY: tests
 
 tests:
 	cd tests; ./runtest.sh
 
-ipset_install: all $(INSTALL)
+binaries: $(PROGRAMS) $(SHARED_LIBS)
 
-modules_install:
+binaries_install: binaries $(INSTALL)
+
+patch_kernel:
+	cd kernel; ./patch_kernel $(KERNEL_DIR)
+
+modules:
+	@[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Kconfig ] || (echo "Error: the directory '$(KERNEL_DIR)' doesn't look like a Linux 2.6.x kernel source tree." && exit 1)
+	@[ -f $(KERNEL_DIR)/.config ] || (echo "Error: the kernel source in '$(KERNEL_DIR)' must be configured" && exit 1)
+	@[ -f $(KERNEL_DIR)/Module.symvers ] || echo "Warning: you should run 'make modules' in '$(KERNEL_DIR)' beforehand"
+	cd kernel; make -C $(KERNEL_DIR) M=`pwd` IP_NF_SET_MAX=$(IP_NF_SET_MAX) IP_NF_SET_HASHSIZE=$(IP_NF_SET_HASHSIZE) modules
+
+modules_install: modules
 	cd kernel; make -C $(KERNEL_DIR) M=`pwd` modules_install
 
-install: ipset_install modules_install
+install: binaries_install modules_install
 
 clean: $(EXTRA_CLEANS)
 	rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~

Modified: trunk/ipset/README
===================================================================
--- trunk/ipset/README	2008-07-02 12:42:52 UTC (rev 7556)
+++ trunk/ipset/README	2008-07-03 09:26:50 UTC (rev 7557)
@@ -22,4 +22,26 @@
 
    # make KERNEL_DIR=<<where-you-built-your-kernel>> clean
 
-That's it!
+That's it! 
+
+Read the ipset(8) and iptables(8) manpages on how to use ipset 
+and its match and target from iptables.
+
+If you want to build a non-modular kernel, then proceed with the following 
+steps:
+
+1. Compile the ipset binaries
+
+  # make KERNEL_DIR=<<where-you-built-your-kernel>> binaries
+
+2. Install the ipset binaries
+
+  # make KERNEL_DIR=<<where-you-built-your-kernel>> binaries_install
+
+3. Patch your kernel source
+
+  # make KERNEL_DIR=<<where-you-built-your-kernel>> patch_kernel
+
+4. Go to the kernel source and run 'make oldconfig', enable the ipset
+   functionality and compile, install your kernel.
+

Added: trunk/ipset/kernel/Kconfig.ipset
===================================================================
--- trunk/ipset/kernel/Kconfig.ipset	                        (rev 0)
+++ trunk/ipset/kernel/Kconfig.ipset	2008-07-03 09:26:50 UTC (rev 7557)
@@ -0,0 +1,116 @@
+config IP_NF_SET
+	tristate "IP set support"
+	depends on INET && NETFILTER
+	help
+	  This option adds IP set support to the kernel.
+	  In order to define and use sets, you need the userspace utility
+	  ipset(8).
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_MAX
+	int "Maximum number of IP sets"
+	default 256
+	range 2 65534
+	depends on IP_NF_SET
+	help
+	  You can define here default value of the maximum number 
+	  of IP sets for the kernel.
+
+	  The value can be overriden by the 'max_sets' module
+	  parameter of the 'ip_set' module.
+
+config IP_NF_SET_HASHSIZE
+	int "Hash size for bindings of IP sets"
+	default 1024
+	depends on IP_NF_SET
+	help
+	  You can define here default value of the hash size for
+	  bindings of IP sets.
+
+	  The value can be overriden by the 'hash_size' module
+	  parameter of the 'ip_set' module.
+
+config IP_NF_SET_IPMAP
+	tristate "ipmap set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the ipmap set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_MACIPMAP
+	tristate "macipmap set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the macipmap set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_PORTMAP
+	tristate "portmap set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the portmap set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_IPHASH
+	tristate "iphash set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the iphash set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_NETHASH
+	tristate "nethash set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the nethash set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_IPPORTHASH
+	tristate "ipporthash set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the ipporthash set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_IPTREE
+	tristate "iptree set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the iptree set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_SET_IPTREEMAP
+	tristate "iptreemap set support"
+	depends on IP_NF_SET
+	help
+	  This option adds the iptreemap set type support.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_MATCH_SET
+	tristate "set match support"
+	depends on IP_NF_SET
+	help
+	  Set matching matches against given IP sets.
+	  You need the ipset utility to create and set up the sets.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config IP_NF_TARGET_SET
+	tristate "SET target support"
+	depends on IP_NF_SET
+	help
+	  The SET target makes possible to add/delete entries
+	  in IP sets.
+	  You need the ipset utility to create and set up the sets.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+

Added: trunk/ipset/kernel/Makefile.ipset
===================================================================
--- trunk/ipset/kernel/Makefile.ipset	                        (rev 0)
+++ trunk/ipset/kernel/Makefile.ipset	2008-07-03 09:26:50 UTC (rev 7557)
@@ -0,0 +1,14 @@
+# ipset
+obj-$(CONFIG_IP_NF_SET) += ip_set.o
+obj-$(CONFIG_IP_NF_SET_IPMAP) += ip_set_ipmap.o
+obj-$(CONFIG_IP_NF_SET_PORTMAP) += ip_set_portmap.o
+obj-$(CONFIG_IP_NF_SET_MACIPMAP) += ip_set_macipmap.o
+obj-$(CONFIG_IP_NF_SET_IPHASH) += ip_set_iphash.o
+obj-$(CONFIG_IP_NF_SET_NETHASH) += ip_set_nethash.o
+obj-$(CONFIG_IP_NF_SET_IPPORTHASH) += ip_set_ipporthash.o
+obj-$(CONFIG_IP_NF_SET_IPTREE) += ip_set_iptree.o
+obj-$(CONFIG_IP_NF_SET_IPTREEMAP) += ip_set_iptreemap.o
+
+# match and target
+obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
+obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o

Added: trunk/ipset/kernel/patch_kernel
===================================================================
--- trunk/ipset/kernel/patch_kernel	                        (rev 0)
+++ trunk/ipset/kernel/patch_kernel	2008-07-03 09:26:50 UTC (rev 7557)
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# set -e
+
+kconfig() {
+	file=$1/net/ipv4/netfilter/Kconfig
+	if [ "`grep 'config IP_NF_SET' $file`" ]; then
+		return
+	fi
+	mv $file $file.orig
+	grep -v endmenu $file.orig > $file
+	cat Kconfig.ipset >> $file
+	echo "endmenu" >> $file
+}
+
+makefile() {
+	file=$1/net/ipv4/netfilter/Makefile
+	if [ "`grep CONFIG_IP_NF_SET $file`" ]; then
+		return
+	fi
+	cp $file $file.orig
+	cat Makefile.ipset >> $file
+}
+
+tree() {
+	cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/
+	cp *.c $1/net/ipv4/netfilter/
+}
+
+if [ -z "$1" ]; then
+	echo "Error: missing kernel directory parameter."
+	exit 1
+fi
+if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then
+	echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree."
+	exit 1
+fi
+
+tree $1
+kconfig $1
+makefile $1


Property changes on: trunk/ipset/kernel/patch_kernel
___________________________________________________________________
Name: svn:executable
   + *

More information about the netfilter-cvslog mailing list