projects / openwrt / staging / yousong.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: remove obsolete kernel version dependencies
[openwrt/staging/yousong.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-ipt
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Iptables core
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_IPT)
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-ipt))
26
27
28 define KernelPackage/nf-ipt6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Ip6tables core
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
35 endef
36
37 $(eval $(call KernelPackage,nf-ipt6))
38
39
40
41 define KernelPackage/ipt-core
42 SUBMENU:=$(NF_MENU)
43 TITLE:=Iptables core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
47 DEPENDS:=+kmod-nf-ipt
48 endef
49
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
52 Includes:
53 - comment
54 - limit
55 - LOG
56 - mac
57 - multiport
58 - REJECT
59 - TCPMSS
60 endef
61
62 $(eval $(call KernelPackage,ipt-core))
63
64
65 define KernelPackage/nf-conntrack
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Netfilter connection tracking
68 KCONFIG:= \
69 CONFIG_NETFILTER=y \
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
74 endef
75
76 $(eval $(call KernelPackage,nf-conntrack))
77
78
79 define KernelPackage/nf-conntrack6
80 SUBMENU:=$(NF_MENU)
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
86 endef
87
88 $(eval $(call KernelPackage,nf-conntrack6))
89
90
91 define KernelPackage/nf-nat
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter NAT
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
98 endef
99
100 $(eval $(call KernelPackage,nf-nat))
101
102
103 define KernelPackage/nf-nat6
104 SUBMENU:=$(NF_MENU)
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
110 endef
111
112 $(eval $(call KernelPackage,nf-nat6))
113
114
115 define AddDepends/ipt
116 SUBMENU:=$(NF_MENU)
117 DEPENDS+= +kmod-ipt-core $(1)
118 endef
119
120
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
127 endef
128
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
131 Includes:
132 - conntrack
133 - defrag
134 - iptables_raw
135 - NOTRACK
136 - state
137 endef
138
139 $(eval $(call KernelPackage,ipt-conntrack))
140
141
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
148 endef
149
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
152 Includes:
153 - connbytes
154 - connmark/CONNMARK
155 - conntrack
156 - helper
157 - recent
158 endef
159
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
161
162
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
169 endef
170
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
173 Includes:
174 - layer7
175 - string
176 endef
177
178 $(eval $(call KernelPackage,ipt-filter))
179
180
181 define KernelPackage/ipt-ipopt
182 TITLE:=Modules for matching/changing IP packet options
183 KCONFIG:=$(KCONFIG_IPT_IPOPT)
184 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
185 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
186 $(call AddDepends/ipt)
187 endef
188
189 define KernelPackage/ipt-ipopt/description
190 Netfilter (IPv4) modules for matching/changing IP packet options
191 Includes:
192 - CLASSIFY
193 - dscp/DSCP
194 - ecn/ECN
195 - hl/HL
196 - length
197 - mark/MARK
198 - statistic
199 - tcpmss
200 - time
201 - ttl/TTL
202 - unclean
203 endef
204
205 $(eval $(call KernelPackage,ipt-ipopt))
206
207
208 define KernelPackage/ipt-ipsec
209 TITLE:=Modules for matching IPSec packets
210 KCONFIG:=$(KCONFIG_IPT_IPSEC)
211 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
213 $(call AddDepends/ipt)
214 endef
215
216 define KernelPackage/ipt-ipsec/description
217 Netfilter (IPv4) modules for matching IPSec packets
218 Includes:
219 - ah
220 - esp
221 - policy
222 endef
223
224 $(eval $(call KernelPackage,ipt-ipsec))
225
226 IPSET_MODULES:= \
227 ipset/ip_set \
228 ipset/ip_set_bitmap_ip \
229 ipset/ip_set_bitmap_ipmac \
230 ipset/ip_set_bitmap_port \
231 ipset/ip_set_hash_ip \
232 ipset/ip_set_hash_ipmark \
233 ipset/ip_set_hash_ipport \
234 ipset/ip_set_hash_ipportip \
235 ipset/ip_set_hash_ipportnet \
236 ipset/ip_set_hash_mac \
237 ipset/ip_set_hash_netportnet \
238 ipset/ip_set_hash_net \
239 ipset/ip_set_hash_netnet \
240 ipset/ip_set_hash_netport \
241 ipset/ip_set_hash_netiface \
242 ipset/ip_set_list_set \
243 xt_set
244
245 define KernelPackage/ipt-ipset
246 SUBMENU:=Netfilter Extensions
247 TITLE:=IPset netfilter modules
248 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
249 KCONFIG:= \
250 CONFIG_IP_SET \
251 CONFIG_IP_SET_MAX=256 \
252 CONFIG_NETFILTER_XT_SET \
253 CONFIG_IP_SET_BITMAP_IP \
254 CONFIG_IP_SET_BITMAP_IPMAC \
255 CONFIG_IP_SET_BITMAP_PORT \
256 CONFIG_IP_SET_HASH_IP \
257 CONFIG_IP_SET_HASH_IPMARK \
258 CONFIG_IP_SET_HASH_IPPORT \
259 CONFIG_IP_SET_HASH_IPPORTIP \
260 CONFIG_IP_SET_HASH_IPPORTNET \
261 CONFIG_IP_SET_HASH_MAC \
262 CONFIG_IP_SET_HASH_NET \
263 CONFIG_IP_SET_HASH_NETNET \
264 CONFIG_IP_SET_HASH_NETIFACE \
265 CONFIG_IP_SET_HASH_NETPORT \
266 CONFIG_IP_SET_HASH_NETPORTNET \
267 CONFIG_IP_SET_LIST_SET \
268 CONFIG_NET_EMATCH_IPSET=n
269 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
270 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
271 endef
272 $(eval $(call KernelPackage,ipt-ipset))
273
274
275 define KernelPackage/ipt-nat
276 TITLE:=Basic NAT targets
277 KCONFIG:=$(KCONFIG_IPT_NAT)
278 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
279 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
280 $(call AddDepends/ipt,+kmod-nf-nat)
281 endef
282
283 define KernelPackage/ipt-nat/description
284 Netfilter (IPv4) kernel modules for basic NAT targets
285 Includes:
286 - MASQUERADE
287 endef
288
289 $(eval $(call KernelPackage,ipt-nat))
290
291
292 define KernelPackage/ipt-nat6
293 TITLE:=IPv6 NAT targets
294 KCONFIG:=$(KCONFIG_IPT_NAT6)
295 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
296 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
297 $(call AddDepends/ipt,+kmod-nf-nat6)
298 $(call AddDepends/ipt,+kmod-ipt-conntrack)
299 $(call AddDepends/ipt,+kmod-ipt-nat)
300 $(call AddDepends/ipt,+kmod-ip6tables)
301 endef
302
303 define KernelPackage/ipt-nat6/description
304 Netfilter (IPv6) kernel modules for NAT targets
305 endef
306
307 $(eval $(call KernelPackage,ipt-nat6))
308
309
310 define KernelPackage/ipt-nat-extra
311 TITLE:=Extra NAT targets
312 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
313 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
314 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
315 $(call AddDepends/ipt,+kmod-ipt-nat)
316 endef
317
318 define KernelPackage/ipt-nat-extra/description
319 Netfilter (IPv4) kernel modules for extra NAT targets
320 Includes:
321 - NETMAP
322 - REDIRECT
323 endef
324
325 $(eval $(call KernelPackage,ipt-nat-extra))
326
327
328 define KernelPackage/nf-nathelper
329 SUBMENU:=$(NF_MENU)
330 TITLE:=Basic Conntrack and NAT helpers
331 KCONFIG:=$(KCONFIG_NF_NATHELPER)
332 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
333 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
334 DEPENDS:=+kmod-nf-nat
335 endef
336
337 define KernelPackage/nf-nathelper/description
338 Default Netfilter (IPv4) Conntrack and NAT helpers
339 Includes:
340 - ftp
341 - irc
342 - tftp
343 endef
344
345 $(eval $(call KernelPackage,nf-nathelper))
346
347
348 define KernelPackage/nf-nathelper-extra
349 SUBMENU:=$(NF_MENU)
350 TITLE:=Extra Conntrack and NAT helpers
351 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
352 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
353 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
354 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
355 endef
356
357 define KernelPackage/nf-nathelper-extra/description
358 Extra Netfilter (IPv4) Conntrack and NAT helpers
359 Includes:
360 - amanda
361 - h323
362 - mms
363 - pptp
364 - proto_gre
365 - sip
366 - snmp_basic
367 - broadcast
368 endef
369
370 $(eval $(call KernelPackage,nf-nathelper-extra))
371
372
373 define KernelPackage/ipt-queue
374 TITLE:=Module for user-space packet queueing
375 KCONFIG:=$(KCONFIG_IPT_QUEUE)
376 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
377 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_QUEUE-m)))
378 $(call AddDepends/ipt)
379 endef
380
381 define KernelPackage/ipt-queue/description
382 Netfilter (IPv4) module for user-space packet queueing
383 Includes:
384 - QUEUE
385 endef
386
387 $(eval $(call KernelPackage,ipt-queue))
388
389
390 define KernelPackage/ipt-ulog
391 TITLE:=Module for user-space packet logging
392 KCONFIG:=$(KCONFIG_IPT_ULOG)
393 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
394 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
395 $(call AddDepends/ipt)
396 endef
397
398 define KernelPackage/ipt-ulog/description
399 Netfilter (IPv4) module for user-space packet logging
400 Includes:
401 - ULOG
402 endef
403
404 $(eval $(call KernelPackage,ipt-ulog))
405
406
407 define KernelPackage/ipt-nflog
408 TITLE:=Module for user-space packet logging
409 KCONFIG:=$(KCONFIG_IPT_NFLOG)
410 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
411 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
412 $(call AddDepends/ipt,+kmod-nfnetlink-log)
413 endef
414
415 define KernelPackage/ipt-nflog/description
416 Netfilter module for user-space packet logging
417 Includes:
418 - NFLOG
419 endef
420
421 $(eval $(call KernelPackage,ipt-nflog))
422
423
424 define KernelPackage/ipt-nfqueue
425 TITLE:=Module for user-space packet queuing
426 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
427 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
428 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
429 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
430 endef
431
432 define KernelPackage/ipt-nfqueue/description
433 Netfilter module for user-space packet queuing
434 Includes:
435 - NFQUEUE
436 endef
437
438 $(eval $(call KernelPackage,ipt-nfqueue))
439
440
441 define KernelPackage/ipt-debug
442 TITLE:=Module for debugging/development
443 KCONFIG:=$(KCONFIG_IPT_DEBUG)
444 DEFAULT:=n
445 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
446 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
447 $(call AddDepends/ipt)
448 endef
449
450 define KernelPackage/ipt-debug/description
451 Netfilter modules for debugging/development of the firewall
452 Includes:
453 - TRACE
454 endef
455
456 $(eval $(call KernelPackage,ipt-debug))
457
458
459 define KernelPackage/ipt-led
460 TITLE:=Module to trigger a LED with a Netfilter rule
461 KCONFIG:=$(KCONFIG_IPT_LED)
462 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
463 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
464 $(call AddDepends/ipt)
465 endef
466
467 define KernelPackage/ipt-led/description
468 Netfilter target to trigger a LED when a network packet is matched.
469 endef
470
471 $(eval $(call KernelPackage,ipt-led))
472
473 define KernelPackage/ipt-tproxy
474 TITLE:=Transparent proxying support
475 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
476 KCONFIG:= \
477 CONFIG_NETFILTER_TPROXY \
478 CONFIG_NETFILTER_XT_MATCH_SOCKET \
479 CONFIG_NETFILTER_XT_TARGET_TPROXY
480 FILES:= \
481 $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
482 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
483 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
484 $(call AddDepends/ipt)
485 endef
486
487 define KernelPackage/ipt-tproxy/description
488 Kernel modules for Transparent Proxying
489 endef
490
491 $(eval $(call KernelPackage,ipt-tproxy))
492
493 define KernelPackage/ipt-tee
494 TITLE:=TEE support
495 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
496 KCONFIG:= \
497 CONFIG_NETFILTER_XT_TARGET_TEE
498 FILES:= \
499 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
500 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
501 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
502 $(call AddDepends/ipt)
503 endef
504
505 define KernelPackage/ipt-tee/description
506 Kernel modules for TEE
507 endef
508
509 $(eval $(call KernelPackage,ipt-tee))
510
511
512 define KernelPackage/ipt-u32
513 TITLE:=U32 support
514 KCONFIG:= \
515 CONFIG_NETFILTER_XT_MATCH_U32
516 FILES:= \
517 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
518 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
519 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
520 $(call AddDepends/ipt)
521 endef
522
523 define KernelPackage/ipt-u32/description
524 Kernel modules for U32
525 endef
526
527 $(eval $(call KernelPackage,ipt-u32))
528
529
530 define KernelPackage/ipt-iprange
531 TITLE:=Module for matching ip ranges
532 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
533 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
534 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
535 $(call AddDepends/ipt)
536 endef
537
538 define KernelPackage/ipt-iprange/description
539 Netfilter (IPv4) module for matching ip ranges
540 Includes:
541 - iprange
542 endef
543
544 $(eval $(call KernelPackage,ipt-iprange))
545
546 define KernelPackage/ipt-cluster
547 TITLE:=Module for matching cluster
548 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
549 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
550 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
551 $(call AddDepends/ipt)
552 endef
553
554 define KernelPackage/ipt-cluster/description
555 Netfilter (IPv4/IPv6) module for matching cluster
556 This option allows you to build work-load-sharing clusters of
557 network servers/stateful firewalls without having a dedicated
558 load-balancing router/server/switch. Basically, this match returns
559 true when the packet must be handled by this cluster node. Thus,
560 all nodes see all packets and this match decides which node handles
561 what packets. The work-load sharing algorithm is based on source
562 address hashing.
563
564 This module is usable for ipv4 and ipv6.
565
566 To use it also enable iptables-mod-cluster
567
568 see `iptables -m cluster --help` for more information.
569 endef
570
571 $(eval $(call KernelPackage,ipt-cluster))
572
573 define KernelPackage/ipt-clusterip
574 TITLE:=Module for CLUSTERIP
575 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
576 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
577 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
578 $(call AddDepends/ipt,+kmod-nf-conntrack)
579 endef
580
581 define KernelPackage/ipt-clusterip/description
582 Netfilter (IPv4-only) module for CLUSTERIP
583 The CLUSTERIP target allows you to build load-balancing clusters of
584 network servers without having a dedicated load-balancing
585 router/server/switch.
586
587 To use it also enable iptables-mod-clusterip
588
589 see `iptables -j CLUSTERIP --help` for more information.
590 endef
591
592 $(eval $(call KernelPackage,ipt-clusterip))
593
594
595 define KernelPackage/ipt-extra
596 TITLE:=Extra modules
597 KCONFIG:=$(KCONFIG_IPT_EXTRA)
598 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
599 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
600 $(call AddDepends/ipt)
601 endef
602
603 define KernelPackage/ipt-extra/description
604 Other Netfilter (IPv4) kernel modules
605 Includes:
606 - addrtype
607 - owner
608 - physdev (if bridge support was enabled in kernel)
609 - pkttype
610 - quota
611 endef
612
613 $(eval $(call KernelPackage,ipt-extra))
614
615
616 define KernelPackage/ip6tables
617 SUBMENU:=$(NF_MENU)
618 TITLE:=IPv6 modules
619 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
620 KCONFIG:=$(KCONFIG_IPT_IPV6)
621 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
622 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
623 endef
624
625 define KernelPackage/ip6tables/description
626 Netfilter IPv6 firewalling support
627 endef
628
629 $(eval $(call KernelPackage,ip6tables))
630
631 define KernelPackage/ip6tables-extra
632 SUBMENU:=$(NF_MENU)
633 TITLE:=Extra IPv6 modules
634 DEPENDS:=+kmod-ip6tables
635 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
636 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
637 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
638 endef
639
640 define KernelPackage/ip6tables-extra/description
641 Netfilter IPv6 extra header matching modules
642 endef
643
644 $(eval $(call KernelPackage,ip6tables-extra))
645
646 ARP_MODULES = arp_tables arpt_mangle arptable_filter
647 define KernelPackage/arptables
648 SUBMENU:=$(NF_MENU)
649 TITLE:=ARP firewalling modules
650 DEPENDS:=+kmod-ipt-core
651 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
652 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
653 CONFIG_IP_NF_ARPFILTER \
654 CONFIG_IP_NF_ARP_MANGLE
655 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
656 endef
657
658 define KernelPackage/arptables/description
659 Kernel modules for ARP firewalling
660 endef
661
662 $(eval $(call KernelPackage,arptables))
663
664
665 define KernelPackage/ebtables
666 SUBMENU:=$(NF_MENU)
667 TITLE:=Bridge firewalling modules
668 DEPENDS:=+kmod-ipt-core +kmod-bridge
669 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
670 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
671 $(KCONFIG_EBTABLES)
672 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
673 endef
674
675 define KernelPackage/ebtables/description
676 ebtables is a general, extensible frame/packet identification
677 framework. It provides you to do Ethernet
678 filtering/NAT/brouting on the Ethernet bridge.
679 endef
680
681 $(eval $(call KernelPackage,ebtables))
682
683
684 define AddDepends/ebtables
685 SUBMENU:=$(NF_MENU)
686 DEPENDS+=kmod-ebtables $(1)
687 endef
688
689
690 define KernelPackage/ebtables-ipv4
691 TITLE:=ebtables: IPv4 support
692 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
693 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
694 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
695 $(call AddDepends/ebtables)
696 endef
697
698 define KernelPackage/ebtables-ipv4/description
699 This option adds the IPv4 support to ebtables, which allows basic
700 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
701 endef
702
703 $(eval $(call KernelPackage,ebtables-ipv4))
704
705
706 define KernelPackage/ebtables-ipv6
707 TITLE:=ebtables: IPv6 support
708 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
709 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
710 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
711 $(call AddDepends/ebtables)
712 endef
713
714 define KernelPackage/ebtables-ipv6/description
715 This option adds the IPv6 support to ebtables, which allows basic
716 IPv6 header field filtering and target support.
717 endef
718
719 $(eval $(call KernelPackage,ebtables-ipv6))
720
721
722 define KernelPackage/ebtables-watchers
723 TITLE:=ebtables: watchers support
724 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
725 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
726 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
727 $(call AddDepends/ebtables)
728 endef
729
730 define KernelPackage/ebtables-watchers/description
731 This option adds the log watchers, that you can use in any rule
732 in any ebtables table.
733 endef
734
735 $(eval $(call KernelPackage,ebtables-watchers))
736
737
738 define KernelPackage/nfnetlink
739 SUBMENU:=$(NF_MENU)
740 TITLE:=Netlink-based userspace interface
741 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
742 KCONFIG:=$(KCONFIG_NFNETLINK)
743 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
744 endef
745
746 define KernelPackage/nfnetlink/description
747 Kernel modules support for a netlink-based userspace interface
748 endef
749
750 $(eval $(call KernelPackage,nfnetlink))
751
752
753 define AddDepends/nfnetlink
754 SUBMENU:=$(NF_MENU)
755 DEPENDS+=+kmod-nfnetlink $(1)
756 endef
757
758
759 define KernelPackage/nfnetlink-log
760 TITLE:=Netfilter LOG over NFNETLINK interface
761 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
762 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
763 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
764 $(call AddDepends/nfnetlink)
765 endef
766
767 define KernelPackage/nfnetlink-log/description
768 Kernel modules support for logging packets via NFNETLINK
769 Includes:
770 - NFLOG
771 endef
772
773 $(eval $(call KernelPackage,nfnetlink-log))
774
775
776 define KernelPackage/nfnetlink-queue
777 TITLE:=Netfilter QUEUE over NFNETLINK interface
778 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
779 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
780 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
781 $(call AddDepends/nfnetlink)
782 endef
783
784 define KernelPackage/nfnetlink-queue/description
785 Kernel modules support for queueing packets via NFNETLINK
786 Includes:
787 - NFQUEUE
788 endef
789
790 $(eval $(call KernelPackage,nfnetlink-queue))
791
792
793 define KernelPackage/nf-conntrack-netlink
794 TITLE:=Connection tracking netlink interface
795 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
796 KCONFIG:=CONFIG_NF_CT_NETLINK
797 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
798 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
799 endef
800
801 define KernelPackage/nf-conntrack-netlink/description
802 Kernel modules support for a netlink-based connection tracking
803 userspace interface
804 endef
805
806 $(eval $(call KernelPackage,nf-conntrack-netlink))
807
808 define KernelPackage/ipt-hashlimit
809 SUBMENU:=$(NF_MENU)
810 TITLE:=Netfilter hashlimit match
811 DEPENDS:=+kmod-ipt-core
812 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
813 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
814 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
815 $(call KernelPackage/ipt)
816 endef
817
818 define KernelPackage/ipt-hashlimit/description
819 Kernel modules support for the hashlimit bucket match module
820 endef
821
822 $(eval $(call KernelPackage,ipt-hashlimit))
823
824
825 define KernelPackage/nft-core
826 SUBMENU:=$(NF_MENU)
827 TITLE:=Netfilter nf_tables support
828 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
829 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
830 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
831 KCONFIG:= \
832 CONFIG_NETFILTER=y \
833 CONFIG_NETFILTER_ADVANCED=y \
834 CONFIG_NFT_COMPAT=n \
835 CONFIG_NFT_QUEUE=n \
836 CONFIG_NF_TABLES_ARP=n \
837 CONFIG_NF_TABLES_BRIDGE=n \
838 $(KCONFIG_NFT_CORE)
839 endef
840
841 define KernelPackage/nft-core/description
842 Kernel module support for nftables
843 endef
844
845 $(eval $(call KernelPackage,nft-core))
846
847
848 define KernelPackage/nft-nat
849 SUBMENU:=$(NF_MENU)
850 TITLE:=Netfilter nf_tables NAT support
851 DEPENDS:=+kmod-nft-core +kmod-nf-nat
852 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
853 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
854 KCONFIG:=$(KCONFIG_NFT_NAT)
855 endef
856
857 $(eval $(call KernelPackage,nft-nat))
858
859
860 define KernelPackage/nft-nat6
861 SUBMENU:=$(NF_MENU)
862 TITLE:=Netfilter nf_tables IPv6-NAT support
863 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
864 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
865 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
866 KCONFIG:=$(KCONFIG_NFT_NAT6)
867 endef
868
869 $(eval $(call KernelPackage,nft-nat6))
870
Yousong Zhou staging tree