projects / openwrt / staging / hauke.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: kmod-ipt-ulog: Remove package
[openwrt/staging/hauke.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-log
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter Logging
127 KCONFIG:=$(KCONFIG_NF_LOG)
128 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-log))
133
134
135 define KernelPackage/nf-log6
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter IPV6 Logging
138 KCONFIG:=$(KCONFIG_NF_LOG6)
139 DEPENDS:=@IPV6 +kmod-nf-log
140 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
141 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
142 endef
143
144 $(eval $(call KernelPackage,nf-log6))
145
146
147 define KernelPackage/nf-nat
148 SUBMENU:=$(NF_MENU)
149 TITLE:=Netfilter NAT
150 KCONFIG:=$(KCONFIG_NF_NAT)
151 DEPENDS:=+kmod-nf-conntrack
152 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
154 endef
155
156 $(eval $(call KernelPackage,nf-nat))
157
158
159 define KernelPackage/nf-nat6
160 SUBMENU:=$(NF_MENU)
161 TITLE:=Netfilter IPV6-NAT
162 KCONFIG:=$(KCONFIG_NF_NAT6)
163 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
164 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
166 endef
167
168 $(eval $(call KernelPackage,nf-nat6))
169
170
171 define KernelPackage/nf-flow
172 SUBMENU:=$(NF_MENU)
173 TITLE:=Netfilter flowtable support
174 KCONFIG:= \
175 CONFIG_NETFILTER_INGRESS=y \
176 CONFIG_NF_FLOW_TABLE \
177 CONFIG_NF_FLOW_TABLE_HW
178 DEPENDS:=+kmod-nf-conntrack
179 FILES:= $(LINUX_DIR)/net/netfilter/nf_flow_table.ko
180 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
181 endef
182
183 $(eval $(call KernelPackage,nf-flow))
184
185
186 define KernelPackage/nf-socket
187 SUBMENU:=$(NF_MENU)
188 TITLE:=Netfilter socket lookup support
189 KCONFIG:= $(KCOFNIG_NF_SOCKET)
190 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
191 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
192 endef
193
194 $(eval $(call KernelPackage,nf-socket))
195
196
197 define KernelPackage/nf-tproxy
198 SUBMENU:=$(NF_MENU)
199 TITLE:=Netfilter tproxy support
200 KCONFIG:= $(KCOFNIG_NF_TPROXY)
201 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
202 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
203 endef
204
205 $(eval $(call KernelPackage,nf-tproxy))
206
207
208 define AddDepends/ipt
209 SUBMENU:=$(NF_MENU)
210 DEPENDS+= +kmod-ipt-core $(1)
211 endef
212
213
214 define KernelPackage/ipt-conntrack
215 TITLE:=Basic connection tracking modules
216 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
217 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
218 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
219 $(call AddDepends/ipt,+kmod-nf-conntrack)
220 endef
221
222 define KernelPackage/ipt-conntrack/description
223 Netfilter (IPv4) kernel modules for connection tracking
224 Includes:
225 - conntrack
226 - defrag
227 - iptables_raw
228 - NOTRACK
229 - state
230 endef
231
232 $(eval $(call KernelPackage,ipt-conntrack))
233
234
235 define KernelPackage/ipt-conntrack-extra
236 TITLE:=Extra connection tracking modules
237 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
238 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
239 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
240 $(call AddDepends/ipt,+kmod-ipt-conntrack)
241 endef
242
243 define KernelPackage/ipt-conntrack-extra/description
244 Netfilter (IPv4) extra kernel modules for connection tracking
245 Includes:
246 - connbytes
247 - connmark/CONNMARK
248 - conntrack
249 - helper
250 - recent
251 endef
252
253 $(eval $(call KernelPackage,ipt-conntrack-extra))
254
255 define KernelPackage/ipt-conntrack-label
256 TITLE:=Module for handling connection tracking labels
257 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
258 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
259 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
260 $(call AddDepends/ipt,+kmod-ipt-conntrack)
261 endef
262
263 define KernelPackage/ipt-conntrack-label/description
264 Netfilter (IPv4) module for handling connection tracking labels
265 Includes:
266 - connlabel
267 endef
268
269 $(eval $(call KernelPackage,ipt-conntrack-label))
270
271 define KernelPackage/ipt-filter
272 TITLE:=Modules for packet content inspection
273 KCONFIG:=$(KCONFIG_IPT_FILTER)
274 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
275 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
276 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
277 endef
278
279 define KernelPackage/ipt-filter/description
280 Netfilter (IPv4) kernel modules for packet content inspection
281 Includes:
282 - string
283 - bpf
284 endef
285
286 $(eval $(call KernelPackage,ipt-filter))
287
288
289 define KernelPackage/ipt-offload
290 TITLE:=Netfilter routing/NAT offload support
291 KCONFIG:=$(KCONFIG_IPT_FLOW)
292 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
293 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
294 $(call AddDepends/ipt,+kmod-nf-flow)
295 endef
296
297 $(eval $(call KernelPackage,ipt-offload))
298
299
300 define KernelPackage/ipt-ipopt
301 TITLE:=Modules for matching/changing IP packet options
302 KCONFIG:=$(KCONFIG_IPT_IPOPT)
303 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
304 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
305 $(call AddDepends/ipt)
306 endef
307
308 define KernelPackage/ipt-ipopt/description
309 Netfilter (IPv4) modules for matching/changing IP packet options
310 Includes:
311 - CLASSIFY
312 - dscp/DSCP
313 - ecn/ECN
314 - hl/HL
315 - length
316 - mark/MARK
317 - statistic
318 - tcpmss
319 - time
320 - ttl/TTL
321 - unclean
322 endef
323
324 $(eval $(call KernelPackage,ipt-ipopt))
325
326
327 define KernelPackage/ipt-ipsec
328 TITLE:=Modules for matching IPSec packets
329 KCONFIG:=$(KCONFIG_IPT_IPSEC)
330 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
331 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
332 $(call AddDepends/ipt)
333 endef
334
335 define KernelPackage/ipt-ipsec/description
336 Netfilter (IPv4) modules for matching IPSec packets
337 Includes:
338 - ah
339 - esp
340 - policy
341 endef
342
343 $(eval $(call KernelPackage,ipt-ipsec))
344
345 IPSET_MODULES:= \
346 ipset/ip_set \
347 ipset/ip_set_bitmap_ip \
348 ipset/ip_set_bitmap_ipmac \
349 ipset/ip_set_bitmap_port \
350 ipset/ip_set_hash_ip \
351 ipset/ip_set_hash_ipmac \
352 ipset/ip_set_hash_ipmark \
353 ipset/ip_set_hash_ipport \
354 ipset/ip_set_hash_ipportip \
355 ipset/ip_set_hash_ipportnet \
356 ipset/ip_set_hash_mac \
357 ipset/ip_set_hash_netportnet \
358 ipset/ip_set_hash_net \
359 ipset/ip_set_hash_netnet \
360 ipset/ip_set_hash_netport \
361 ipset/ip_set_hash_netiface \
362 ipset/ip_set_list_set \
363 xt_set
364
365 define KernelPackage/ipt-ipset
366 SUBMENU:=Netfilter Extensions
367 TITLE:=IPset netfilter modules
368 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
369 KCONFIG:= \
370 CONFIG_IP_SET \
371 CONFIG_IP_SET_MAX=256 \
372 CONFIG_NETFILTER_XT_SET \
373 CONFIG_IP_SET_BITMAP_IP \
374 CONFIG_IP_SET_BITMAP_IPMAC \
375 CONFIG_IP_SET_BITMAP_PORT \
376 CONFIG_IP_SET_HASH_IP \
377 CONFIG_IP_SET_HASH_IPMAC \
378 CONFIG_IP_SET_HASH_IPMARK \
379 CONFIG_IP_SET_HASH_IPPORT \
380 CONFIG_IP_SET_HASH_IPPORTIP \
381 CONFIG_IP_SET_HASH_IPPORTNET \
382 CONFIG_IP_SET_HASH_MAC \
383 CONFIG_IP_SET_HASH_NET \
384 CONFIG_IP_SET_HASH_NETNET \
385 CONFIG_IP_SET_HASH_NETIFACE \
386 CONFIG_IP_SET_HASH_NETPORT \
387 CONFIG_IP_SET_HASH_NETPORTNET \
388 CONFIG_IP_SET_LIST_SET \
389 CONFIG_NET_EMATCH_IPSET=n
390 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
391 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
392 endef
393 $(eval $(call KernelPackage,ipt-ipset))
394
395
396 IPVS_MODULES:= \
397 ipvs/ip_vs \
398 ipvs/ip_vs_lc \
399 ipvs/ip_vs_wlc \
400 ipvs/ip_vs_rr \
401 ipvs/ip_vs_wrr \
402 ipvs/ip_vs_lblc \
403 ipvs/ip_vs_lblcr \
404 ipvs/ip_vs_dh \
405 ipvs/ip_vs_sh \
406 ipvs/ip_vs_fo \
407 ipvs/ip_vs_ovf \
408 ipvs/ip_vs_nq \
409 ipvs/ip_vs_sed \
410 xt_ipvs
411
412 define KernelPackage/nf-ipvs
413 SUBMENU:=Netfilter Extensions
414 TITLE:=IP Virtual Server modules
415 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
416 KCONFIG:= \
417 CONFIG_IP_VS \
418 CONFIG_IP_VS_IPV6=y \
419 CONFIG_IP_VS_DEBUG=n \
420 CONFIG_IP_VS_PROTO_TCP=y \
421 CONFIG_IP_VS_PROTO_UDP=y \
422 CONFIG_IP_VS_PROTO_AH_ESP=y \
423 CONFIG_IP_VS_PROTO_ESP=y \
424 CONFIG_IP_VS_PROTO_AH=y \
425 CONFIG_IP_VS_PROTO_SCTP=y \
426 CONFIG_IP_VS_TAB_BITS=12 \
427 CONFIG_IP_VS_RR \
428 CONFIG_IP_VS_WRR \
429 CONFIG_IP_VS_LC \
430 CONFIG_IP_VS_WLC \
431 CONFIG_IP_VS_FO \
432 CONFIG_IP_VS_OVF \
433 CONFIG_IP_VS_LBLC \
434 CONFIG_IP_VS_LBLCR \
435 CONFIG_IP_VS_DH \
436 CONFIG_IP_VS_SH \
437 CONFIG_IP_VS_SED \
438 CONFIG_IP_VS_NQ \
439 CONFIG_IP_VS_SH_TAB_BITS=8 \
440 CONFIG_IP_VS_NFCT=y \
441 CONFIG_NETFILTER_XT_MATCH_IPVS
442 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
443 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
444 endef
445
446 define KernelPackage/nf-ipvs/description
447 IPVS (IP Virtual Server) implements transport-layer load balancing inside
448 the Linux kernel so called Layer-4 switching.
449 endef
450
451 $(eval $(call KernelPackage,nf-ipvs))
452
453
454 define KernelPackage/nf-ipvs-ftp
455 SUBMENU:=$(NF_MENU)
456 TITLE:=Virtual Server FTP protocol support
457 KCONFIG:=CONFIG_IP_VS_FTP
458 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
459 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
460 endef
461
462 define KernelPackage/nf-ipvs-ftp/description
463 In the virtual server via Network Address Translation,
464 the IP address and port number of real servers cannot be sent to
465 clients in ftp connections directly, so FTP protocol helper is
466 required for tracking the connection and mangling it back to that of
467 virtual service.
468 endef
469
470 $(eval $(call KernelPackage,nf-ipvs-ftp))
471
472
473 define KernelPackage/nf-ipvs-sip
474 SUBMENU:=$(NF_MENU)
475 TITLE:=Virtual Server SIP protocol support
476 KCONFIG:=CONFIG_IP_VS_PE_SIP
477 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
478 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
479 endef
480
481 define KernelPackage/nf-ipvs-sip/description
482 Allow persistence based on the SIP Call-ID
483 endef
484
485 $(eval $(call KernelPackage,nf-ipvs-sip))
486
487
488 define KernelPackage/ipt-nat
489 TITLE:=Basic NAT targets
490 KCONFIG:=$(KCONFIG_IPT_NAT)
491 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
492 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
493 $(call AddDepends/ipt,+kmod-nf-nat)
494 endef
495
496 define KernelPackage/ipt-nat/description
497 Netfilter (IPv4) kernel modules for basic NAT targets
498 Includes:
499 - MASQUERADE
500 endef
501
502 $(eval $(call KernelPackage,ipt-nat))
503
504
505 define KernelPackage/ipt-raw
506 TITLE:=Netfilter IPv4 raw table support
507 KCONFIG:=CONFIG_IP_NF_RAW
508 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
509 AUTOLOAD:=$(call AutoProbe,iptable_raw)
510 $(call AddDepends/ipt)
511 endef
512
513 $(eval $(call KernelPackage,ipt-raw))
514
515
516 define KernelPackage/ipt-raw6
517 TITLE:=Netfilter IPv6 raw table support
518 DEPENDS:=@IPV6
519 KCONFIG:=CONFIG_IP6_NF_RAW
520 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
521 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
522 $(call AddDepends/ipt,+kmod-ip6tables)
523 endef
524
525 $(eval $(call KernelPackage,ipt-raw6))
526
527
528 define KernelPackage/ipt-nat6
529 TITLE:=IPv6 NAT targets
530 DEPENDS:=@IPV6
531 KCONFIG:=$(KCONFIG_IPT_NAT6)
532 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
533 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
534 $(call AddDepends/ipt,+kmod-nf-nat6)
535 $(call AddDepends/ipt,+kmod-ipt-conntrack)
536 $(call AddDepends/ipt,+kmod-ipt-nat)
537 $(call AddDepends/ipt,+kmod-ip6tables)
538 endef
539
540 define KernelPackage/ipt-nat6/description
541 Netfilter (IPv6) kernel modules for NAT targets
542 endef
543
544 $(eval $(call KernelPackage,ipt-nat6))
545
546
547 define KernelPackage/ipt-nat-extra
548 TITLE:=Extra NAT targets
549 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
550 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
551 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
552 $(call AddDepends/ipt,+kmod-ipt-nat)
553 endef
554
555 define KernelPackage/ipt-nat-extra/description
556 Netfilter (IPv4) kernel modules for extra NAT targets
557 Includes:
558 - NETMAP
559 - REDIRECT
560 endef
561
562 $(eval $(call KernelPackage,ipt-nat-extra))
563
564
565 define KernelPackage/nf-nathelper
566 SUBMENU:=$(NF_MENU)
567 TITLE:=Basic Conntrack and NAT helpers
568 KCONFIG:=$(KCONFIG_NF_NATHELPER)
569 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
570 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
571 DEPENDS:=+kmod-nf-nat
572 endef
573
574 define KernelPackage/nf-nathelper/description
575 Default Netfilter (IPv4) Conntrack and NAT helpers
576 Includes:
577 - ftp
578 endef
579
580 $(eval $(call KernelPackage,nf-nathelper))
581
582
583 define KernelPackage/nf-nathelper-extra
584 SUBMENU:=$(NF_MENU)
585 TITLE:=Extra Conntrack and NAT helpers
586 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
587 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
588 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
589 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
590 endef
591
592 define KernelPackage/nf-nathelper-extra/description
593 Extra Netfilter (IPv4) Conntrack and NAT helpers
594 Includes:
595 - amanda
596 - h323
597 - irc
598 - mms
599 - pptp
600 - proto_gre
601 - sip
602 - snmp_basic
603 - tftp
604 - broadcast
605 endef
606
607 $(eval $(call KernelPackage,nf-nathelper-extra))
608
609
610 define KernelPackage/ipt-nflog
611 TITLE:=Module for user-space packet logging
612 KCONFIG:=$(KCONFIG_IPT_NFLOG)
613 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
614 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
615 $(call AddDepends/ipt,+kmod-nfnetlink-log)
616 endef
617
618 define KernelPackage/ipt-nflog/description
619 Netfilter module for user-space packet logging
620 Includes:
621 - NFLOG
622 endef
623
624 $(eval $(call KernelPackage,ipt-nflog))
625
626
627 define KernelPackage/ipt-nfqueue
628 TITLE:=Module for user-space packet queuing
629 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
630 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
631 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
632 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
633 endef
634
635 define KernelPackage/ipt-nfqueue/description
636 Netfilter module for user-space packet queuing
637 Includes:
638 - NFQUEUE
639 endef
640
641 $(eval $(call KernelPackage,ipt-nfqueue))
642
643
644 define KernelPackage/ipt-debug
645 TITLE:=Module for debugging/development
646 KCONFIG:=$(KCONFIG_IPT_DEBUG)
647 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
648 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
649 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
650 endef
651
652 define KernelPackage/ipt-debug/description
653 Netfilter modules for debugging/development of the firewall
654 Includes:
655 - TRACE
656 endef
657
658 $(eval $(call KernelPackage,ipt-debug))
659
660
661 define KernelPackage/ipt-led
662 TITLE:=Module to trigger a LED with a Netfilter rule
663 KCONFIG:=$(KCONFIG_IPT_LED)
664 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
665 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
666 $(call AddDepends/ipt)
667 endef
668
669 define KernelPackage/ipt-led/description
670 Netfilter target to trigger a LED when a network packet is matched.
671 endef
672
673 $(eval $(call KernelPackage,ipt-led))
674
675 define KernelPackage/ipt-socket
676 TITLE:=Iptables socket matching support
677 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
678 KCONFIG:=$(KCONFIG_IPT_SOCKET)
679 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
680 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
681 $(call AddDepends/ipt)
682 endef
683
684 define KernelPackage/ipt-socket/description
685 Kernel modules for socket matching
686 endef
687
688 $(eval $(call KernelPackage,ipt-socket))
689
690 define KernelPackage/ipt-tproxy
691 TITLE:=Transparent proxying support
692 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
693 KCONFIG:=$(KCONFIG_IPT_TPROXY)
694 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
695 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
696 $(call AddDepends/ipt)
697 endef
698
699 define KernelPackage/ipt-tproxy/description
700 Kernel modules for Transparent Proxying
701 endef
702
703 $(eval $(call KernelPackage,ipt-tproxy))
704
705 define KernelPackage/ipt-tee
706 TITLE:=TEE support
707 DEPENDS:=+kmod-ipt-conntrack
708 KCONFIG:=$(KCONFIG_IPT_TEE)
709 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
710 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
711 $(call AddDepends/ipt)
712 endef
713
714 define KernelPackage/ipt-tee/description
715 Kernel modules for TEE
716 endef
717
718 $(eval $(call KernelPackage,ipt-tee))
719
720
721 define KernelPackage/ipt-u32
722 TITLE:=U32 support
723 KCONFIG:=$(KCONFIG_IPT_U32)
724 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
725 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
726 $(call AddDepends/ipt)
727 endef
728
729 define KernelPackage/ipt-u32/description
730 Kernel modules for U32
731 endef
732
733 $(eval $(call KernelPackage,ipt-u32))
734
735 define KernelPackage/ipt-checksum
736 TITLE:=CHECKSUM support
737 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
738 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
739 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
740 $(call AddDepends/ipt)
741 endef
742
743 define KernelPackage/ipt-checksum/description
744 Kernel modules for CHECKSUM fillin target
745 endef
746
747 $(eval $(call KernelPackage,ipt-checksum))
748
749
750 define KernelPackage/ipt-iprange
751 TITLE:=Module for matching ip ranges
752 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
753 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
754 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
755 $(call AddDepends/ipt)
756 endef
757
758 define KernelPackage/ipt-iprange/description
759 Netfilter (IPv4) module for matching ip ranges
760 Includes:
761 - iprange
762 endef
763
764 $(eval $(call KernelPackage,ipt-iprange))
765
766 define KernelPackage/ipt-cluster
767 TITLE:=Module for matching cluster
768 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
769 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
770 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
771 $(call AddDepends/ipt,+kmod-nf-conntrack)
772 endef
773
774 define KernelPackage/ipt-cluster/description
775 Netfilter (IPv4/IPv6) module for matching cluster
776 This option allows you to build work-load-sharing clusters of
777 network servers/stateful firewalls without having a dedicated
778 load-balancing router/server/switch. Basically, this match returns
779 true when the packet must be handled by this cluster node. Thus,
780 all nodes see all packets and this match decides which node handles
781 what packets. The work-load sharing algorithm is based on source
782 address hashing.
783
784 This module is usable for ipv4 and ipv6.
785
786 To use it also enable iptables-mod-cluster
787
788 see `iptables -m cluster --help` for more information.
789 endef
790
791 $(eval $(call KernelPackage,ipt-cluster))
792
793 define KernelPackage/ipt-clusterip
794 TITLE:=Module for CLUSTERIP
795 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
796 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
797 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
798 $(call AddDepends/ipt,+kmod-nf-conntrack)
799 endef
800
801 define KernelPackage/ipt-clusterip/description
802 Netfilter (IPv4-only) module for CLUSTERIP
803 The CLUSTERIP target allows you to build load-balancing clusters of
804 network servers without having a dedicated load-balancing
805 router/server/switch.
806
807 To use it also enable iptables-mod-clusterip
808
809 see `iptables -j CLUSTERIP --help` for more information.
810 endef
811
812 $(eval $(call KernelPackage,ipt-clusterip))
813
814
815 define KernelPackage/ipt-extra
816 TITLE:=Extra modules
817 KCONFIG:=$(KCONFIG_IPT_EXTRA)
818 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
819 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
820 $(call AddDepends/ipt)
821 endef
822
823 define KernelPackage/ipt-extra/description
824 Other Netfilter (IPv4) kernel modules
825 Includes:
826 - addrtype
827 - owner
828 - pkttype
829 - quota
830 endef
831
832 $(eval $(call KernelPackage,ipt-extra))
833
834
835 define KernelPackage/ipt-physdev
836 TITLE:=physdev module
837 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
838 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
839 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
840 $(call AddDepends/ipt,+kmod-br-netfilter)
841 endef
842
843 define KernelPackage/ipt-physdev/description
844 The iptables physdev kernel module
845 endef
846
847 $(eval $(call KernelPackage,ipt-physdev))
848
849
850 define KernelPackage/ip6tables
851 SUBMENU:=$(NF_MENU)
852 TITLE:=IPv6 modules
853 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
854 KCONFIG:=$(KCONFIG_IPT_IPV6)
855 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
856 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
857 endef
858
859 define KernelPackage/ip6tables/description
860 Netfilter IPv6 firewalling support
861 endef
862
863 $(eval $(call KernelPackage,ip6tables))
864
865 define KernelPackage/ip6tables-extra
866 SUBMENU:=$(NF_MENU)
867 TITLE:=Extra IPv6 modules
868 DEPENDS:=@IPV6 +kmod-ip6tables
869 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
870 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
871 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
872 endef
873
874 define KernelPackage/ip6tables-extra/description
875 Netfilter IPv6 extra header matching modules
876 endef
877
878 $(eval $(call KernelPackage,ip6tables-extra))
879
880 ARP_MODULES = arp_tables arpt_mangle arptable_filter
881 define KernelPackage/arptables
882 SUBMENU:=$(NF_MENU)
883 TITLE:=ARP firewalling modules
884 DEPENDS:=+kmod-ipt-core
885 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
886 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
887 CONFIG_IP_NF_ARPFILTER \
888 CONFIG_IP_NF_ARP_MANGLE
889 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
890 endef
891
892 define KernelPackage/arptables/description
893 Kernel modules for ARP firewalling
894 endef
895
896 $(eval $(call KernelPackage,arptables))
897
898
899 define KernelPackage/br-netfilter
900 SUBMENU:=$(NF_MENU)
901 TITLE:=Bridge netfilter support modules
902 DEPENDS:=+kmod-ipt-core
903 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
904 KCONFIG:=CONFIG_BRIDGE_NETFILTER
905 AUTOLOAD:=$(call AutoProbe,br_netfilter)
906 endef
907
908 define KernelPackage/br-netfilter/install
909 $(INSTALL_DIR) $(1)/etc/sysctl.d
910 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
911 endef
912
913 $(eval $(call KernelPackage,br-netfilter))
914
915
916 define KernelPackage/ebtables
917 SUBMENU:=$(NF_MENU)
918 TITLE:=Bridge firewalling modules
919 DEPENDS:=+kmod-ipt-core
920 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
921 KCONFIG:=$(KCONFIG_EBTABLES)
922 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
923 endef
924
925 define KernelPackage/ebtables/description
926 ebtables is a general, extensible frame/packet identification
927 framework. It provides you to do Ethernet
928 filtering/NAT/brouting on the Ethernet bridge.
929 endef
930
931 $(eval $(call KernelPackage,ebtables))
932
933
934 define AddDepends/ebtables
935 SUBMENU:=$(NF_MENU)
936 DEPENDS+= +kmod-ebtables $(1)
937 endef
938
939
940 define KernelPackage/ebtables-ipv4
941 TITLE:=ebtables: IPv4 support
942 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
943 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
944 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
945 $(call AddDepends/ebtables)
946 endef
947
948 define KernelPackage/ebtables-ipv4/description
949 This option adds the IPv4 support to ebtables, which allows basic
950 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
951 endef
952
953 $(eval $(call KernelPackage,ebtables-ipv4))
954
955
956 define KernelPackage/ebtables-ipv6
957 TITLE:=ebtables: IPv6 support
958 DEPENDS:=@IPV6
959 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
960 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
961 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
962 $(call AddDepends/ebtables)
963 endef
964
965 define KernelPackage/ebtables-ipv6/description
966 This option adds the IPv6 support to ebtables, which allows basic
967 IPv6 header field filtering and target support.
968 endef
969
970 $(eval $(call KernelPackage,ebtables-ipv6))
971
972
973 define KernelPackage/ebtables-watchers
974 TITLE:=ebtables: watchers support
975 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
976 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
977 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
978 $(call AddDepends/ebtables)
979 endef
980
981 define KernelPackage/ebtables-watchers/description
982 This option adds the log watchers, that you can use in any rule
983 in any ebtables table.
984 endef
985
986 $(eval $(call KernelPackage,ebtables-watchers))
987
988
989 define KernelPackage/nfnetlink
990 SUBMENU:=$(NF_MENU)
991 TITLE:=Netlink-based userspace interface
992 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
993 KCONFIG:=$(KCONFIG_NFNETLINK)
994 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
995 endef
996
997 define KernelPackage/nfnetlink/description
998 Kernel modules support for a netlink-based userspace interface
999 endef
1000
1001 $(eval $(call KernelPackage,nfnetlink))
1002
1003
1004 define AddDepends/nfnetlink
1005 SUBMENU:=$(NF_MENU)
1006 DEPENDS+=+kmod-nfnetlink $(1)
1007 endef
1008
1009
1010 define KernelPackage/nfnetlink-log
1011 TITLE:=Netfilter LOG over NFNETLINK interface
1012 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1013 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1014 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1015 $(call AddDepends/nfnetlink)
1016 endef
1017
1018 define KernelPackage/nfnetlink-log/description
1019 Kernel modules support for logging packets via NFNETLINK
1020 Includes:
1021 - NFLOG
1022 endef
1023
1024 $(eval $(call KernelPackage,nfnetlink-log))
1025
1026
1027 define KernelPackage/nfnetlink-queue
1028 TITLE:=Netfilter QUEUE over NFNETLINK interface
1029 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1030 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1031 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1032 $(call AddDepends/nfnetlink)
1033 endef
1034
1035 define KernelPackage/nfnetlink-queue/description
1036 Kernel modules support for queueing packets via NFNETLINK
1037 Includes:
1038 - NFQUEUE
1039 endef
1040
1041 $(eval $(call KernelPackage,nfnetlink-queue))
1042
1043
1044 define KernelPackage/nf-conntrack-netlink
1045 TITLE:=Connection tracking netlink interface
1046 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1047 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1048 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1049 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1050 endef
1051
1052 define KernelPackage/nf-conntrack-netlink/description
1053 Kernel modules support for a netlink-based connection tracking
1054 userspace interface
1055 endef
1056
1057 $(eval $(call KernelPackage,nf-conntrack-netlink))
1058
1059 define KernelPackage/ipt-hashlimit
1060 SUBMENU:=$(NF_MENU)
1061 TITLE:=Netfilter hashlimit match
1062 DEPENDS:=+kmod-ipt-core
1063 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1064 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1065 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1066 $(call KernelPackage/ipt)
1067 endef
1068
1069 define KernelPackage/ipt-hashlimit/description
1070 Kernel modules support for the hashlimit bucket match module
1071 endef
1072
1073 $(eval $(call KernelPackage,ipt-hashlimit))
1074
1075 define KernelPackage/ipt-rpfilter
1076 SUBMENU:=$(NF_MENU)
1077 TITLE:=Netfilter rpfilter match
1078 DEPENDS:=+kmod-ipt-core
1079 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1080 FILES:=$(realpath \
1081 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1082 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1083 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1084 $(call KernelPackage/ipt)
1085 endef
1086
1087 define KernelPackage/ipt-rpfilter/description
1088 Kernel modules support for the Netfilter rpfilter match
1089 endef
1090
1091 $(eval $(call KernelPackage,ipt-rpfilter))
1092
1093
1094 define KernelPackage/nft-core
1095 SUBMENU:=$(NF_MENU)
1096 TITLE:=Netfilter nf_tables support
1097 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1098 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1099 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1100 KCONFIG:= \
1101 CONFIG_NFT_COMPAT=n \
1102 CONFIG_NFT_QUEUE=n \
1103 $(KCONFIG_NFT_CORE)
1104 endef
1105
1106 define KernelPackage/nft-core/description
1107 Kernel module support for nftables
1108 endef
1109
1110 $(eval $(call KernelPackage,nft-core))
1111
1112
1113 define KernelPackage/nft-arp
1114 SUBMENU:=$(NF_MENU)
1115 TITLE:=Netfilter nf_tables ARP table support
1116 DEPENDS:=+kmod-nft-core
1117 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1119 KCONFIG:=$(KCONFIG_NFT_ARP)
1120 endef
1121
1122 $(eval $(call KernelPackage,nft-arp))
1123
1124
1125 define KernelPackage/nft-bridge
1126 SUBMENU:=$(NF_MENU)
1127 TITLE:=Netfilter nf_tables bridge table support
1128 DEPENDS:=+kmod-nft-core
1129 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1131 KCONFIG:= \
1132 CONFIG_NF_LOG_BRIDGE=n@lt5.13 \
1133 $(KCONFIG_NFT_BRIDGE)
1134 endef
1135
1136 $(eval $(call KernelPackage,nft-bridge))
1137
1138
1139 define KernelPackage/nft-nat
1140 SUBMENU:=$(NF_MENU)
1141 TITLE:=Netfilter nf_tables NAT support
1142 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1143 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1144 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1145 KCONFIG:=$(KCONFIG_NFT_NAT)
1146 endef
1147
1148 $(eval $(call KernelPackage,nft-nat))
1149
1150
1151 define KernelPackage/nft-offload
1152 SUBMENU:=$(NF_MENU)
1153 TITLE:=Netfilter nf_tables routing/NAT offload support
1154 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1155 KCONFIG:= \
1156 CONFIG_NF_FLOW_TABLE_INET \
1157 CONFIG_NF_FLOW_TABLE_IPV4 \
1158 CONFIG_NF_FLOW_TABLE_IPV6 \
1159 CONFIG_NFT_FLOW_OFFLOAD
1160 FILES:= \
1161 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1162 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1163 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1164 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1165 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1166 endef
1167
1168 $(eval $(call KernelPackage,nft-offload))
1169
1170
1171 define KernelPackage/nft-netdev
1172 SUBMENU:=$(NF_MENU)
1173 TITLE:=Netfilter nf_tables netdev support
1174 DEPENDS:=+kmod-nft-core
1175 KCONFIG:= \
1176 CONFIG_NETFILTER_INGRESS=y \
1177 CONFIG_NF_TABLES_NETDEV \
1178 CONFIG_NF_DUP_NETDEV \
1179 CONFIG_NFT_DUP_NETDEV \
1180 CONFIG_NFT_FWD_NETDEV
1181 FILES:= \
1182 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1183 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1184 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1185 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1186 endef
1187
1188 $(eval $(call KernelPackage,nft-netdev))
1189
1190
1191 define KernelPackage/nft-fib
1192 SUBMENU:=$(NF_MENU)
1193 TITLE:=Netfilter nf_tables fib support
1194 DEPENDS:=+kmod-nft-core
1195 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1196 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1197 KCONFIG:=$(KCONFIG_NFT_FIB)
1198 endef
1199
1200 $(eval $(call KernelPackage,nft-fib))
1201
1202
1203 define KernelPackage/nft-queue
1204 SUBMENU:=$(NF_MENU)
1205 TITLE:=Netfilter nf_tables queue support
1206 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1207 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1208 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1209 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1210 endef
1211
1212 $(eval $(call KernelPackage,nft-queue))
1213
1214 define KernelPackage/nft-socket
1215 SUBMENU:=$(NF_MENU)
1216 TITLE:=Netfilter nf_tables socket support
1217 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1218 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1219 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1220 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1221 endef
1222
1223 $(eval $(call KernelPackage,nft-socket))
1224
1225 define KernelPackage/nft-tproxy
1226 SUBMENU:=$(NF_MENU)
1227 TITLE:=Netfilter nf_tables tproxy support
1228 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1229 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1230 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1231 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1232 endef
1233
1234 $(eval $(call KernelPackage,nft-tproxy))
1235
1236 define KernelPackage/nft-compat
1237 SUBMENU:=$(NF_MENU)
1238 TITLE:=Netfilter nf_tables compat support
1239 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1240 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1241 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1242 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1243 endef
1244
1245 $(eval $(call KernelPackage,nft-compat))
1246
1247 define KernelPackage/nft-xfrm
1248 SUBMENU:=$(NF_MENU)
1249 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1250 DEPENDS:=+kmod-nft-core
1251 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1252 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1253 KCONFIG:=$(KCONFIG_NFT_XFRM)
1254 endef
1255
1256 $(eval $(call KernelPackage,nft-xfrm))
Hauke Mehrtens staging tree