# $Id$

PNAME="iptables"
PVER="1.8.3"
PBUILD="r1"

PCAT="net-misc"

DESCRIPTION="iptables is used to create internet firewalls based on stateless and stateful packet filtering."
HOMEPAGE="http://www.netfilter.org/"

DEPEND=">= net-libs/libmnl-1
	>= net-libs/libnftnl-1
	>= net-libs/libpcap-1.9"

# runtime deps to satisfy builds against iptables
ALX_DEV_DEPEND=">= net-libs/libmnl-dev-1
	>= net-libs/libnftnl-dev-1
	>= net-libs/libpcap-dev-1.9"

SDEPEND=">= virtual/kernel-headers
	>= sys-dev/flex-2.6
	>= sys-dev/bison-3
	${ALX_DEV_DEPEND}"

SRCFILE="${PNAME}-${PVER}.tar.bz2"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

ALX_PKG_KEEP="usr/$(mlibdir)/*.so.*
	usr/$(mlibdir)/iptables
	usr/$(mlibdir)/xtables
	usr/lib/systemd
	var/lib etc usr/bin usr/sbin"
sminclude mtools mbuild systemd alx-split
msetfeature "!check"

# cvs revisions
SCRIPT_REV=1.4
CONFD_REV=1.2
SVC_REV=1.2

SRC_URI=(
	http://www.netfilter.org/projects/${PNAME}/files/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/iptables.sh-${SCRIPT_REV}
	mirror://${PNAME}/iptables.confd-${CONFD_REV}
	mirror://${PNAME}/iptables.service-${SVC_REV}
)

# exclude rc versions
UP2DATE="updatecmd http://www.netfilter.org/projects/${PNAME}/files | grep -v '.*rc.*' | highesttarball"

src_compile()
{
	cd ${SRCDIR}

	mconfigure \
		--libexecdir=/usr/$(mlibdir) \
		--without-kernel \
		--enable-devel \
		--enable-libipq \
		--enable-nftables \
		--enable-bpf-compiler \
		--enable-nfsynproxy \
		|| die

	# fix parallel make errors
	make -C iptables xtables-config-parser.h || die

	mmake || die
}

alx_generic_src_install()
{
	cd ${SRCDIR}
	mmake DESTDIR=${BINDIR} install || die

	# installs headers
	minstalldir /usr/include/libiptc || die
	minstalldir /usr/$(mlibdir) || die
	minstalldir /usr/$(mlibdir)/iptables || die
	minstallfile include/iptables.h /usr/include || die
	minstallfile include/ip6tables.h /usr/include || die
	minstallfile include/iptables/internal.h /usr/include/iptables || die
# the makefile seems to handle them now correctly
#	minstallfile libiptc/libiptc.a /usr/$(mlibdir) || die
#	minstallfile include/libiptc/\*.h /usr/include/libiptc || die

	# install iptables rc & conf.d for ipv4
	minstallconf iptables.confd-${CONFD_REV} iptables || die
	minstalldir /usr/lib/systemd || die
	minstallexec -s iptables.sh-${SCRIPT_REV} /usr/lib/systemd/magellan-iptables || die
	minstallunit iptables.service-${SVC_REV} iptables.service || die

	# now for ipv6; some line needs to be seded
	minstallconf iptables.confd-${CONFD_REV} ip6tables || die
	minstallexec -s iptables.sh-${SCRIPT_REV} /usr/lib/systemd/magellan-ip6tables || die
	minstallunit iptables.service-${SVC_REV} ip6tables.service || die

	# fix iptables-cmds for ipv6
	sed -i -e "s:^\(SVC_NAME=\).*:\1ip6tables:" \
		-e "s:^\(IPTABLES=\).*:\1/usr/bin/ip6tables:" \
		-e "s:^\(IPTABLES_SAVE=\).*:\1/usr/bin/ip6tables-save:" \
		-e "s:^\(IPTABLES_RESTORE=\).*:\1/usr/bin/ip6tables-restore:" \
		-e "s:^\(IPTABLES_PROC=\).*:\1/proc/net/ip6_tables_names:" \
		${BINDIR}/usr/lib/systemd/magellan-ip6tables || die
	sed -i -e "s:IPv4:IPv6:g" \
		-e "s:iptables:ip6tables:g" \
		${BINDIR}/usr/lib/systemd/system/ip6tables.service || die
	sed -i -e "s:iptables:ip6tables:g" \
		${BINDIR}/etc/conf.d/ip6tables || die

	# prevents removing of iptables-save default path
	mkeepdir /var/lib/iptables || die
	mkeepdir /var/lib/ip6tables || die

	# docs
	minstalldocs COPYING INCOMPATIBILITIES || die
}