projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netfilter: kmod-nft-xfrm
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-log
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter Logging
127 KCONFIG:=$(KCONFIG_NF_LOG)
128 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-log))
133
134
135 define KernelPackage/nf-log6
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter IPV6 Logging
138 KCONFIG:=$(KCONFIG_NF_LOG6)
139 DEPENDS:=@IPV6 +kmod-nf-log
140 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
141 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
142 endef
143
144 $(eval $(call KernelPackage,nf-log6))
145
146
147 define KernelPackage/nf-nat
148 SUBMENU:=$(NF_MENU)
149 TITLE:=Netfilter NAT
150 KCONFIG:=$(KCONFIG_NF_NAT)
151 DEPENDS:=+kmod-nf-conntrack
152 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
154 endef
155
156 $(eval $(call KernelPackage,nf-nat))
157
158
159 define KernelPackage/nf-nat6
160 SUBMENU:=$(NF_MENU)
161 TITLE:=Netfilter IPV6-NAT
162 KCONFIG:=$(KCONFIG_NF_NAT6)
163 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
164 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
166 endef
167
168 $(eval $(call KernelPackage,nf-nat6))
169
170
171 define KernelPackage/nf-flow
172 SUBMENU:=$(NF_MENU)
173 TITLE:=Netfilter flowtable support
174 KCONFIG:= \
175 CONFIG_NETFILTER_INGRESS=y \
176 CONFIG_NF_FLOW_TABLE \
177 CONFIG_NF_FLOW_TABLE_HW
178 DEPENDS:=+kmod-nf-conntrack
179 FILES:= \
180 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
181 $(if $(CONFIG_LINUX_5_4),$(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko)
182 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
183 endef
184
185 $(eval $(call KernelPackage,nf-flow))
186
187
188 define KernelPackage/nf-socket
189 SUBMENU:=$(NF_MENU)
190 TITLE:=Netfilter socket lookup support
191 KCONFIG:= $(KCOFNIG_NF_SOCKET)
192 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
193 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
194 endef
195
196 $(eval $(call KernelPackage,nf-socket))
197
198
199 define KernelPackage/nf-tproxy
200 SUBMENU:=$(NF_MENU)
201 TITLE:=Netfilter tproxy support
202 KCONFIG:= $(KCOFNIG_NF_TPROXY)
203 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
204 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
205 endef
206
207 $(eval $(call KernelPackage,nf-tproxy))
208
209
210 define AddDepends/ipt
211 SUBMENU:=$(NF_MENU)
212 DEPENDS+= +kmod-ipt-core $(1)
213 endef
214
215
216 define KernelPackage/ipt-conntrack
217 TITLE:=Basic connection tracking modules
218 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
219 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
220 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
221 $(call AddDepends/ipt,+kmod-nf-conntrack)
222 endef
223
224 define KernelPackage/ipt-conntrack/description
225 Netfilter (IPv4) kernel modules for connection tracking
226 Includes:
227 - conntrack
228 - defrag
229 - iptables_raw
230 - NOTRACK
231 - state
232 endef
233
234 $(eval $(call KernelPackage,ipt-conntrack))
235
236
237 define KernelPackage/ipt-conntrack-extra
238 TITLE:=Extra connection tracking modules
239 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
240 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
241 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
242 $(call AddDepends/ipt,+kmod-ipt-conntrack)
243 endef
244
245 define KernelPackage/ipt-conntrack-extra/description
246 Netfilter (IPv4) extra kernel modules for connection tracking
247 Includes:
248 - connbytes
249 - connmark/CONNMARK
250 - conntrack
251 - helper
252 - recent
253 endef
254
255 $(eval $(call KernelPackage,ipt-conntrack-extra))
256
257 define KernelPackage/ipt-conntrack-label
258 TITLE:=Module for handling connection tracking labels
259 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
260 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
262 $(call AddDepends/ipt,+kmod-ipt-conntrack)
263 endef
264
265 define KernelPackage/ipt-conntrack-label/description
266 Netfilter (IPv4) module for handling connection tracking labels
267 Includes:
268 - connlabel
269 endef
270
271 $(eval $(call KernelPackage,ipt-conntrack-label))
272
273 define KernelPackage/ipt-filter
274 TITLE:=Modules for packet content inspection
275 KCONFIG:=$(KCONFIG_IPT_FILTER)
276 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
277 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
278 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
279 endef
280
281 define KernelPackage/ipt-filter/description
282 Netfilter (IPv4) kernel modules for packet content inspection
283 Includes:
284 - string
285 - bpf
286 endef
287
288 $(eval $(call KernelPackage,ipt-filter))
289
290
291 define KernelPackage/ipt-offload
292 TITLE:=Netfilter routing/NAT offload support
293 KCONFIG:=$(KCONFIG_IPT_FLOW)
294 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
295 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
296 $(call AddDepends/ipt,+kmod-nf-flow)
297 endef
298
299 $(eval $(call KernelPackage,ipt-offload))
300
301
302 define KernelPackage/ipt-ipopt
303 TITLE:=Modules for matching/changing IP packet options
304 KCONFIG:=$(KCONFIG_IPT_IPOPT)
305 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
306 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
307 $(call AddDepends/ipt)
308 endef
309
310 define KernelPackage/ipt-ipopt/description
311 Netfilter (IPv4) modules for matching/changing IP packet options
312 Includes:
313 - CLASSIFY
314 - dscp/DSCP
315 - ecn/ECN
316 - hl/HL
317 - length
318 - mark/MARK
319 - statistic
320 - tcpmss
321 - time
322 - ttl/TTL
323 - unclean
324 endef
325
326 $(eval $(call KernelPackage,ipt-ipopt))
327
328
329 define KernelPackage/ipt-ipsec
330 TITLE:=Modules for matching IPSec packets
331 KCONFIG:=$(KCONFIG_IPT_IPSEC)
332 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
333 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
334 $(call AddDepends/ipt)
335 endef
336
337 define KernelPackage/ipt-ipsec/description
338 Netfilter (IPv4) modules for matching IPSec packets
339 Includes:
340 - ah
341 - esp
342 - policy
343 endef
344
345 $(eval $(call KernelPackage,ipt-ipsec))
346
347 IPSET_MODULES:= \
348 ipset/ip_set \
349 ipset/ip_set_bitmap_ip \
350 ipset/ip_set_bitmap_ipmac \
351 ipset/ip_set_bitmap_port \
352 ipset/ip_set_hash_ip \
353 ipset/ip_set_hash_ipmark \
354 ipset/ip_set_hash_ipport \
355 ipset/ip_set_hash_ipportip \
356 ipset/ip_set_hash_ipportnet \
357 ipset/ip_set_hash_mac \
358 ipset/ip_set_hash_netportnet \
359 ipset/ip_set_hash_net \
360 ipset/ip_set_hash_netnet \
361 ipset/ip_set_hash_netport \
362 ipset/ip_set_hash_netiface \
363 ipset/ip_set_list_set \
364 xt_set
365
366 define KernelPackage/ipt-ipset
367 SUBMENU:=Netfilter Extensions
368 TITLE:=IPset netfilter modules
369 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
370 KCONFIG:= \
371 CONFIG_IP_SET \
372 CONFIG_IP_SET_MAX=256 \
373 CONFIG_NETFILTER_XT_SET \
374 CONFIG_IP_SET_BITMAP_IP \
375 CONFIG_IP_SET_BITMAP_IPMAC \
376 CONFIG_IP_SET_BITMAP_PORT \
377 CONFIG_IP_SET_HASH_IP \
378 CONFIG_IP_SET_HASH_IPMAC \
379 CONFIG_IP_SET_HASH_IPMARK \
380 CONFIG_IP_SET_HASH_IPPORT \
381 CONFIG_IP_SET_HASH_IPPORTIP \
382 CONFIG_IP_SET_HASH_IPPORTNET \
383 CONFIG_IP_SET_HASH_MAC \
384 CONFIG_IP_SET_HASH_NET \
385 CONFIG_IP_SET_HASH_NETNET \
386 CONFIG_IP_SET_HASH_NETIFACE \
387 CONFIG_IP_SET_HASH_NETPORT \
388 CONFIG_IP_SET_HASH_NETPORTNET \
389 CONFIG_IP_SET_LIST_SET \
390 CONFIG_NET_EMATCH_IPSET=n
391 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
392 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
393 endef
394 $(eval $(call KernelPackage,ipt-ipset))
395
396
397 IPVS_MODULES:= \
398 ipvs/ip_vs \
399 ipvs/ip_vs_lc \
400 ipvs/ip_vs_wlc \
401 ipvs/ip_vs_rr \
402 ipvs/ip_vs_wrr \
403 ipvs/ip_vs_lblc \
404 ipvs/ip_vs_lblcr \
405 ipvs/ip_vs_dh \
406 ipvs/ip_vs_sh \
407 ipvs/ip_vs_fo \
408 ipvs/ip_vs_ovf \
409 ipvs/ip_vs_nq \
410 ipvs/ip_vs_sed \
411 xt_ipvs
412
413 define KernelPackage/nf-ipvs
414 SUBMENU:=Netfilter Extensions
415 TITLE:=IP Virtual Server modules
416 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
417 KCONFIG:= \
418 CONFIG_IP_VS \
419 CONFIG_IP_VS_IPV6=y \
420 CONFIG_IP_VS_DEBUG=n \
421 CONFIG_IP_VS_PROTO_TCP=y \
422 CONFIG_IP_VS_PROTO_UDP=y \
423 CONFIG_IP_VS_PROTO_AH_ESP=y \
424 CONFIG_IP_VS_PROTO_ESP=y \
425 CONFIG_IP_VS_PROTO_AH=y \
426 CONFIG_IP_VS_PROTO_SCTP=y \
427 CONFIG_IP_VS_TAB_BITS=12 \
428 CONFIG_IP_VS_RR \
429 CONFIG_IP_VS_WRR \
430 CONFIG_IP_VS_LC \
431 CONFIG_IP_VS_WLC \
432 CONFIG_IP_VS_FO \
433 CONFIG_IP_VS_OVF \
434 CONFIG_IP_VS_LBLC \
435 CONFIG_IP_VS_LBLCR \
436 CONFIG_IP_VS_DH \
437 CONFIG_IP_VS_SH \
438 CONFIG_IP_VS_SED \
439 CONFIG_IP_VS_NQ \
440 CONFIG_IP_VS_SH_TAB_BITS=8 \
441 CONFIG_IP_VS_NFCT=y \
442 CONFIG_NETFILTER_XT_MATCH_IPVS
443 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
444 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
445 endef
446
447 define KernelPackage/nf-ipvs/description
448 IPVS (IP Virtual Server) implements transport-layer load balancing inside
449 the Linux kernel so called Layer-4 switching.
450 endef
451
452 $(eval $(call KernelPackage,nf-ipvs))
453
454
455 define KernelPackage/nf-ipvs-ftp
456 SUBMENU:=$(NF_MENU)
457 TITLE:=Virtual Server FTP protocol support
458 KCONFIG:=CONFIG_IP_VS_FTP
459 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
460 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
461 endef
462
463 define KernelPackage/nf-ipvs-ftp/description
464 In the virtual server via Network Address Translation,
465 the IP address and port number of real servers cannot be sent to
466 clients in ftp connections directly, so FTP protocol helper is
467 required for tracking the connection and mangling it back to that of
468 virtual service.
469 endef
470
471 $(eval $(call KernelPackage,nf-ipvs-ftp))
472
473
474 define KernelPackage/nf-ipvs-sip
475 SUBMENU:=$(NF_MENU)
476 TITLE:=Virtual Server SIP protocol support
477 KCONFIG:=CONFIG_IP_VS_PE_SIP
478 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
479 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
480 endef
481
482 define KernelPackage/nf-ipvs-sip/description
483 Allow persistence based on the SIP Call-ID
484 endef
485
486 $(eval $(call KernelPackage,nf-ipvs-sip))
487
488
489 define KernelPackage/ipt-nat
490 TITLE:=Basic NAT targets
491 KCONFIG:=$(KCONFIG_IPT_NAT)
492 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
493 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
494 $(call AddDepends/ipt,+kmod-nf-nat)
495 endef
496
497 define KernelPackage/ipt-nat/description
498 Netfilter (IPv4) kernel modules for basic NAT targets
499 Includes:
500 - MASQUERADE
501 endef
502
503 $(eval $(call KernelPackage,ipt-nat))
504
505
506 define KernelPackage/ipt-raw
507 TITLE:=Netfilter IPv4 raw table support
508 KCONFIG:=CONFIG_IP_NF_RAW
509 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
510 AUTOLOAD:=$(call AutoProbe,iptable_raw)
511 $(call AddDepends/ipt)
512 endef
513
514 $(eval $(call KernelPackage,ipt-raw))
515
516
517 define KernelPackage/ipt-raw6
518 TITLE:=Netfilter IPv6 raw table support
519 DEPENDS:=@IPV6
520 KCONFIG:=CONFIG_IP6_NF_RAW
521 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
522 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
523 $(call AddDepends/ipt,+kmod-ip6tables)
524 endef
525
526 $(eval $(call KernelPackage,ipt-raw6))
527
528
529 define KernelPackage/ipt-nat6
530 TITLE:=IPv6 NAT targets
531 DEPENDS:=@IPV6
532 KCONFIG:=$(KCONFIG_IPT_NAT6)
533 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
534 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
535 $(call AddDepends/ipt,+kmod-nf-nat6)
536 $(call AddDepends/ipt,+kmod-ipt-conntrack)
537 $(call AddDepends/ipt,+kmod-ipt-nat)
538 $(call AddDepends/ipt,+kmod-ip6tables)
539 endef
540
541 define KernelPackage/ipt-nat6/description
542 Netfilter (IPv6) kernel modules for NAT targets
543 endef
544
545 $(eval $(call KernelPackage,ipt-nat6))
546
547
548 define KernelPackage/ipt-nat-extra
549 TITLE:=Extra NAT targets
550 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
551 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
552 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
553 $(call AddDepends/ipt,+kmod-ipt-nat)
554 endef
555
556 define KernelPackage/ipt-nat-extra/description
557 Netfilter (IPv4) kernel modules for extra NAT targets
558 Includes:
559 - NETMAP
560 - REDIRECT
561 endef
562
563 $(eval $(call KernelPackage,ipt-nat-extra))
564
565
566 define KernelPackage/nf-nathelper
567 SUBMENU:=$(NF_MENU)
568 TITLE:=Basic Conntrack and NAT helpers
569 KCONFIG:=$(KCONFIG_NF_NATHELPER)
570 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
571 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
572 DEPENDS:=+kmod-nf-nat
573 endef
574
575 define KernelPackage/nf-nathelper/description
576 Default Netfilter (IPv4) Conntrack and NAT helpers
577 Includes:
578 - ftp
579 endef
580
581 $(eval $(call KernelPackage,nf-nathelper))
582
583
584 define KernelPackage/nf-nathelper-extra
585 SUBMENU:=$(NF_MENU)
586 TITLE:=Extra Conntrack and NAT helpers
587 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
588 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
589 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
590 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
591 endef
592
593 define KernelPackage/nf-nathelper-extra/description
594 Extra Netfilter (IPv4) Conntrack and NAT helpers
595 Includes:
596 - amanda
597 - h323
598 - irc
599 - mms
600 - pptp
601 - proto_gre
602 - sip
603 - snmp_basic
604 - tftp
605 - broadcast
606 endef
607
608 $(eval $(call KernelPackage,nf-nathelper-extra))
609
610
611 define KernelPackage/ipt-ulog
612 TITLE:=Module for user-space packet logging
613 KCONFIG:=$(KCONFIG_IPT_ULOG)
614 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
615 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
616 $(call AddDepends/ipt)
617 endef
618
619 define KernelPackage/ipt-ulog/description
620 Netfilter (IPv4) module for user-space packet logging
621 Includes:
622 - ULOG
623 endef
624
625 $(eval $(call KernelPackage,ipt-ulog))
626
627
628 define KernelPackage/ipt-nflog
629 TITLE:=Module for user-space packet logging
630 KCONFIG:=$(KCONFIG_IPT_NFLOG)
631 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
632 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
633 $(call AddDepends/ipt,+kmod-nfnetlink-log)
634 endef
635
636 define KernelPackage/ipt-nflog/description
637 Netfilter module for user-space packet logging
638 Includes:
639 - NFLOG
640 endef
641
642 $(eval $(call KernelPackage,ipt-nflog))
643
644
645 define KernelPackage/ipt-nfqueue
646 TITLE:=Module for user-space packet queuing
647 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
648 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
649 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
650 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
651 endef
652
653 define KernelPackage/ipt-nfqueue/description
654 Netfilter module for user-space packet queuing
655 Includes:
656 - NFQUEUE
657 endef
658
659 $(eval $(call KernelPackage,ipt-nfqueue))
660
661
662 define KernelPackage/ipt-debug
663 TITLE:=Module for debugging/development
664 KCONFIG:=$(KCONFIG_IPT_DEBUG)
665 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
666 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
667 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
668 endef
669
670 define KernelPackage/ipt-debug/description
671 Netfilter modules for debugging/development of the firewall
672 Includes:
673 - TRACE
674 endef
675
676 $(eval $(call KernelPackage,ipt-debug))
677
678
679 define KernelPackage/ipt-led
680 TITLE:=Module to trigger a LED with a Netfilter rule
681 KCONFIG:=$(KCONFIG_IPT_LED)
682 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
683 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
684 $(call AddDepends/ipt)
685 endef
686
687 define KernelPackage/ipt-led/description
688 Netfilter target to trigger a LED when a network packet is matched.
689 endef
690
691 $(eval $(call KernelPackage,ipt-led))
692
693 define KernelPackage/ipt-socket
694 TITLE:=Iptables socket matching support
695 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
696 KCONFIG:=$(KCONFIG_IPT_SOCKET)
697 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
698 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
699 $(call AddDepends/ipt)
700 endef
701
702 define KernelPackage/ipt-socket/description
703 Kernel modules for socket matching
704 endef
705
706 $(eval $(call KernelPackage,ipt-socket))
707
708 define KernelPackage/ipt-tproxy
709 TITLE:=Transparent proxying support
710 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
711 KCONFIG:=$(KCONFIG_IPT_TPROXY)
712 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
713 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
714 $(call AddDepends/ipt)
715 endef
716
717 define KernelPackage/ipt-tproxy/description
718 Kernel modules for Transparent Proxying
719 endef
720
721 $(eval $(call KernelPackage,ipt-tproxy))
722
723 define KernelPackage/ipt-tee
724 TITLE:=TEE support
725 DEPENDS:=+kmod-ipt-conntrack
726 KCONFIG:=$(KCONFIG_IPT_TEE)
727 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
728 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
729 $(call AddDepends/ipt)
730 endef
731
732 define KernelPackage/ipt-tee/description
733 Kernel modules for TEE
734 endef
735
736 $(eval $(call KernelPackage,ipt-tee))
737
738
739 define KernelPackage/ipt-u32
740 TITLE:=U32 support
741 KCONFIG:=$(KCONFIG_IPT_U32)
742 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
743 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
744 $(call AddDepends/ipt)
745 endef
746
747 define KernelPackage/ipt-u32/description
748 Kernel modules for U32
749 endef
750
751 $(eval $(call KernelPackage,ipt-u32))
752
753 define KernelPackage/ipt-checksum
754 TITLE:=CHECKSUM support
755 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
756 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
757 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
758 $(call AddDepends/ipt)
759 endef
760
761 define KernelPackage/ipt-checksum/description
762 Kernel modules for CHECKSUM fillin target
763 endef
764
765 $(eval $(call KernelPackage,ipt-checksum))
766
767
768 define KernelPackage/ipt-iprange
769 TITLE:=Module for matching ip ranges
770 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
771 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
772 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
773 $(call AddDepends/ipt)
774 endef
775
776 define KernelPackage/ipt-iprange/description
777 Netfilter (IPv4) module for matching ip ranges
778 Includes:
779 - iprange
780 endef
781
782 $(eval $(call KernelPackage,ipt-iprange))
783
784 define KernelPackage/ipt-cluster
785 TITLE:=Module for matching cluster
786 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
787 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
788 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
789 $(call AddDepends/ipt,+kmod-nf-conntrack)
790 endef
791
792 define KernelPackage/ipt-cluster/description
793 Netfilter (IPv4/IPv6) module for matching cluster
794 This option allows you to build work-load-sharing clusters of
795 network servers/stateful firewalls without having a dedicated
796 load-balancing router/server/switch. Basically, this match returns
797 true when the packet must be handled by this cluster node. Thus,
798 all nodes see all packets and this match decides which node handles
799 what packets. The work-load sharing algorithm is based on source
800 address hashing.
801
802 This module is usable for ipv4 and ipv6.
803
804 To use it also enable iptables-mod-cluster
805
806 see `iptables -m cluster --help` for more information.
807 endef
808
809 $(eval $(call KernelPackage,ipt-cluster))
810
811 define KernelPackage/ipt-clusterip
812 TITLE:=Module for CLUSTERIP
813 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
814 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
815 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
816 $(call AddDepends/ipt,+kmod-nf-conntrack)
817 endef
818
819 define KernelPackage/ipt-clusterip/description
820 Netfilter (IPv4-only) module for CLUSTERIP
821 The CLUSTERIP target allows you to build load-balancing clusters of
822 network servers without having a dedicated load-balancing
823 router/server/switch.
824
825 To use it also enable iptables-mod-clusterip
826
827 see `iptables -j CLUSTERIP --help` for more information.
828 endef
829
830 $(eval $(call KernelPackage,ipt-clusterip))
831
832
833 define KernelPackage/ipt-extra
834 TITLE:=Extra modules
835 KCONFIG:=$(KCONFIG_IPT_EXTRA)
836 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
837 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
838 $(call AddDepends/ipt)
839 endef
840
841 define KernelPackage/ipt-extra/description
842 Other Netfilter (IPv4) kernel modules
843 Includes:
844 - addrtype
845 - owner
846 - pkttype
847 - quota
848 endef
849
850 $(eval $(call KernelPackage,ipt-extra))
851
852
853 define KernelPackage/ipt-physdev
854 TITLE:=physdev module
855 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
856 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
857 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
858 $(call AddDepends/ipt,+kmod-br-netfilter)
859 endef
860
861 define KernelPackage/ipt-physdev/description
862 The iptables physdev kernel module
863 endef
864
865 $(eval $(call KernelPackage,ipt-physdev))
866
867
868 define KernelPackage/ip6tables
869 SUBMENU:=$(NF_MENU)
870 TITLE:=IPv6 modules
871 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
872 KCONFIG:=$(KCONFIG_IPT_IPV6)
873 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
874 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
875 endef
876
877 define KernelPackage/ip6tables/description
878 Netfilter IPv6 firewalling support
879 endef
880
881 $(eval $(call KernelPackage,ip6tables))
882
883 define KernelPackage/ip6tables-extra
884 SUBMENU:=$(NF_MENU)
885 TITLE:=Extra IPv6 modules
886 DEPENDS:=@IPV6 +kmod-ip6tables
887 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
888 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
889 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
890 endef
891
892 define KernelPackage/ip6tables-extra/description
893 Netfilter IPv6 extra header matching modules
894 endef
895
896 $(eval $(call KernelPackage,ip6tables-extra))
897
898 ARP_MODULES = arp_tables arpt_mangle arptable_filter
899 define KernelPackage/arptables
900 SUBMENU:=$(NF_MENU)
901 TITLE:=ARP firewalling modules
902 DEPENDS:=+kmod-ipt-core
903 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
904 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
905 CONFIG_IP_NF_ARPFILTER \
906 CONFIG_IP_NF_ARP_MANGLE
907 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
908 endef
909
910 define KernelPackage/arptables/description
911 Kernel modules for ARP firewalling
912 endef
913
914 $(eval $(call KernelPackage,arptables))
915
916
917 define KernelPackage/br-netfilter
918 SUBMENU:=$(NF_MENU)
919 TITLE:=Bridge netfilter support modules
920 DEPENDS:=+kmod-ipt-core
921 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
922 KCONFIG:=CONFIG_BRIDGE_NETFILTER
923 AUTOLOAD:=$(call AutoProbe,br_netfilter)
924 endef
925
926 define KernelPackage/br-netfilter/install
927 $(INSTALL_DIR) $(1)/etc/sysctl.d
928 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
929 endef
930
931 $(eval $(call KernelPackage,br-netfilter))
932
933
934 define KernelPackage/ebtables
935 SUBMENU:=$(NF_MENU)
936 TITLE:=Bridge firewalling modules
937 DEPENDS:=+kmod-ipt-core
938 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
939 KCONFIG:=$(KCONFIG_EBTABLES)
940 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
941 endef
942
943 define KernelPackage/ebtables/description
944 ebtables is a general, extensible frame/packet identification
945 framework. It provides you to do Ethernet
946 filtering/NAT/brouting on the Ethernet bridge.
947 endef
948
949 $(eval $(call KernelPackage,ebtables))
950
951
952 define AddDepends/ebtables
953 SUBMENU:=$(NF_MENU)
954 DEPENDS+= +kmod-ebtables $(1)
955 endef
956
957
958 define KernelPackage/ebtables-ipv4
959 TITLE:=ebtables: IPv4 support
960 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
961 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
962 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
963 $(call AddDepends/ebtables)
964 endef
965
966 define KernelPackage/ebtables-ipv4/description
967 This option adds the IPv4 support to ebtables, which allows basic
968 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
969 endef
970
971 $(eval $(call KernelPackage,ebtables-ipv4))
972
973
974 define KernelPackage/ebtables-ipv6
975 TITLE:=ebtables: IPv6 support
976 DEPENDS:=@IPV6
977 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
978 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
979 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
980 $(call AddDepends/ebtables)
981 endef
982
983 define KernelPackage/ebtables-ipv6/description
984 This option adds the IPv6 support to ebtables, which allows basic
985 IPv6 header field filtering and target support.
986 endef
987
988 $(eval $(call KernelPackage,ebtables-ipv6))
989
990
991 define KernelPackage/ebtables-watchers
992 TITLE:=ebtables: watchers support
993 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
994 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
995 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
996 $(call AddDepends/ebtables)
997 endef
998
999 define KernelPackage/ebtables-watchers/description
1000 This option adds the log watchers, that you can use in any rule
1001 in any ebtables table.
1002 endef
1003
1004 $(eval $(call KernelPackage,ebtables-watchers))
1005
1006
1007 define KernelPackage/nfnetlink
1008 SUBMENU:=$(NF_MENU)
1009 TITLE:=Netlink-based userspace interface
1010 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
1011 KCONFIG:=$(KCONFIG_NFNETLINK)
1012 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
1013 endef
1014
1015 define KernelPackage/nfnetlink/description
1016 Kernel modules support for a netlink-based userspace interface
1017 endef
1018
1019 $(eval $(call KernelPackage,nfnetlink))
1020
1021
1022 define AddDepends/nfnetlink
1023 SUBMENU:=$(NF_MENU)
1024 DEPENDS+=+kmod-nfnetlink $(1)
1025 endef
1026
1027
1028 define KernelPackage/nfnetlink-log
1029 TITLE:=Netfilter LOG over NFNETLINK interface
1030 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1031 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1032 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1033 $(call AddDepends/nfnetlink)
1034 endef
1035
1036 define KernelPackage/nfnetlink-log/description
1037 Kernel modules support for logging packets via NFNETLINK
1038 Includes:
1039 - NFLOG
1040 endef
1041
1042 $(eval $(call KernelPackage,nfnetlink-log))
1043
1044
1045 define KernelPackage/nfnetlink-queue
1046 TITLE:=Netfilter QUEUE over NFNETLINK interface
1047 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1048 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1049 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1050 $(call AddDepends/nfnetlink)
1051 endef
1052
1053 define KernelPackage/nfnetlink-queue/description
1054 Kernel modules support for queueing packets via NFNETLINK
1055 Includes:
1056 - NFQUEUE
1057 endef
1058
1059 $(eval $(call KernelPackage,nfnetlink-queue))
1060
1061
1062 define KernelPackage/nf-conntrack-netlink
1063 TITLE:=Connection tracking netlink interface
1064 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1065 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1066 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1067 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1068 endef
1069
1070 define KernelPackage/nf-conntrack-netlink/description
1071 Kernel modules support for a netlink-based connection tracking
1072 userspace interface
1073 endef
1074
1075 $(eval $(call KernelPackage,nf-conntrack-netlink))
1076
1077 define KernelPackage/ipt-hashlimit
1078 SUBMENU:=$(NF_MENU)
1079 TITLE:=Netfilter hashlimit match
1080 DEPENDS:=+kmod-ipt-core
1081 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1082 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1083 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1084 $(call KernelPackage/ipt)
1085 endef
1086
1087 define KernelPackage/ipt-hashlimit/description
1088 Kernel modules support for the hashlimit bucket match module
1089 endef
1090
1091 $(eval $(call KernelPackage,ipt-hashlimit))
1092
1093 define KernelPackage/ipt-rpfilter
1094 SUBMENU:=$(NF_MENU)
1095 TITLE:=Netfilter rpfilter match
1096 DEPENDS:=+kmod-ipt-core
1097 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1098 FILES:=$(realpath \
1099 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1100 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1101 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1102 $(call KernelPackage/ipt)
1103 endef
1104
1105 define KernelPackage/ipt-rpfilter/description
1106 Kernel modules support for the Netfilter rpfilter match
1107 endef
1108
1109 $(eval $(call KernelPackage,ipt-rpfilter))
1110
1111
1112 define KernelPackage/nft-core
1113 SUBMENU:=$(NF_MENU)
1114 TITLE:=Netfilter nf_tables support
1115 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1116 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1117 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1118 KCONFIG:= \
1119 CONFIG_NFT_COMPAT=n \
1120 CONFIG_NFT_QUEUE=n \
1121 $(KCONFIG_NFT_CORE)
1122 endef
1123
1124 define KernelPackage/nft-core/description
1125 Kernel module support for nftables
1126 endef
1127
1128 $(eval $(call KernelPackage,nft-core))
1129
1130
1131 define KernelPackage/nft-arp
1132 SUBMENU:=$(NF_MENU)
1133 TITLE:=Netfilter nf_tables ARP table support
1134 DEPENDS:=+kmod-nft-core
1135 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1136 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1137 KCONFIG:=$(KCONFIG_NFT_ARP)
1138 endef
1139
1140 $(eval $(call KernelPackage,nft-arp))
1141
1142
1143 define KernelPackage/nft-bridge
1144 SUBMENU:=$(NF_MENU)
1145 TITLE:=Netfilter nf_tables bridge table support
1146 DEPENDS:=+kmod-nft-core
1147 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1148 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1149 KCONFIG:= \
1150 CONFIG_NF_LOG_BRIDGE=n@lt5.13 \
1151 $(KCONFIG_NFT_BRIDGE)
1152 endef
1153
1154 $(eval $(call KernelPackage,nft-bridge))
1155
1156
1157 define KernelPackage/nft-nat
1158 SUBMENU:=$(NF_MENU)
1159 TITLE:=Netfilter nf_tables NAT support
1160 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1161 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1162 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1163 KCONFIG:=$(KCONFIG_NFT_NAT)
1164 endef
1165
1166 $(eval $(call KernelPackage,nft-nat))
1167
1168
1169 define KernelPackage/nft-offload
1170 SUBMENU:=$(NF_MENU)
1171 TITLE:=Netfilter nf_tables routing/NAT offload support
1172 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1173 KCONFIG:= \
1174 CONFIG_NF_FLOW_TABLE_INET \
1175 CONFIG_NF_FLOW_TABLE_IPV4 \
1176 CONFIG_NF_FLOW_TABLE_IPV6 \
1177 CONFIG_NFT_FLOW_OFFLOAD
1178 FILES:= \
1179 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1180 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1181 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1182 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1183 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1184 endef
1185
1186 $(eval $(call KernelPackage,nft-offload))
1187
1188
1189 define KernelPackage/nft-nat6
1190 SUBMENU:=$(NF_MENU)
1191 TITLE:=Netfilter nf_tables IPv6-NAT support
1192 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1193 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1194 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1195 KCONFIG:=$(KCONFIG_NFT_NAT6)
1196 endef
1197
1198 $(eval $(call KernelPackage,nft-nat6))
1199
1200 define KernelPackage/nft-netdev
1201 SUBMENU:=$(NF_MENU)
1202 TITLE:=Netfilter nf_tables netdev support
1203 DEPENDS:=+kmod-nft-core
1204 KCONFIG:= \
1205 CONFIG_NETFILTER_INGRESS=y \
1206 CONFIG_NF_TABLES_NETDEV \
1207 CONFIG_NF_DUP_NETDEV \
1208 CONFIG_NFT_DUP_NETDEV \
1209 CONFIG_NFT_FWD_NETDEV
1210 FILES:= \
1211 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1212 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1213 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1214 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1215 endef
1216
1217 $(eval $(call KernelPackage,nft-netdev))
1218
1219
1220 define KernelPackage/nft-fib
1221 SUBMENU:=$(NF_MENU)
1222 TITLE:=Netfilter nf_tables fib support
1223 DEPENDS:=+kmod-nft-core
1224 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1225 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1226 KCONFIG:=$(KCONFIG_NFT_FIB)
1227 endef
1228
1229 $(eval $(call KernelPackage,nft-fib))
1230
1231
1232 define KernelPackage/nft-queue
1233 SUBMENU:=$(NF_MENU)
1234 TITLE:=Netfilter nf_tables queue support
1235 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1236 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1237 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1238 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1239 endef
1240
1241 $(eval $(call KernelPackage,nft-queue))
1242
1243 define KernelPackage/nft-socket
1244 SUBMENU:=$(NF_MENU)
1245 TITLE:=Netfilter nf_tables socket support
1246 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1247 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1248 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1249 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1250 endef
1251
1252 $(eval $(call KernelPackage,nft-socket))
1253
1254 define KernelPackage/nft-tproxy
1255 SUBMENU:=$(NF_MENU)
1256 TITLE:=Netfilter nf_tables tproxy support
1257 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1258 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1259 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1260 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1261 endef
1262
1263 $(eval $(call KernelPackage,nft-tproxy))
1264
1265 define KernelPackage/nft-compat
1266 SUBMENU:=$(NF_MENU)
1267 TITLE:=Netfilter nf_tables compat support
1268 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1269 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1270 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1271 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1272 endef
1273
1274 $(eval $(call KernelPackage,nft-compat))
1275
1276 define KernelPackage/nft-xfrm
1277 SUBMENU:=$(NF_MENU)
1278 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1279 DEPENDS:=+kmod-nft-core
1280 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1281 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1282 KCONFIG:=$(KCONFIG_NFT_XFRM)
1283 endef
1284
1285 $(eval $(call KernelPackage,nft-xfrm))
OpenWrt Source Repository