X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fkernel%2Flinux%2Fmodules%2Fnetfilter.mk;h=b46fcebc0896c6810b91b142d41227e046128c2b;hb=HEAD;hp=22b7dbd28588d150fa8606dee75ebebd79574ab1;hpb=6a2e9f3da6d0f0f3ae382db1e77a65c2f0e67d24;p=openwrt%2Fopenwrt.git diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 22b7dbd285..76697f5d2f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1,6 +1,6 @@ # -# Copyright (C) 2006-2010 OpenWrt.org +# Copyright (C) 2006-2023 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -39,6 +39,17 @@ endef $(eval $(call KernelPackage,nf-reject6)) +define KernelPackage/nf-conncount + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter conncount support + KCONFIG:=$(KCONFIG_NF_CONNCOUNT) + HIDDEN:=1 + DEPENDS:=+kmod-nf-conntrack + FILES:=$(foreach mod,$(NF_CONNCOUNT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNCOUNT-m))) +endef + +$(eval $(call KernelPackage,nf-conncount)) define KernelPackage/nf-ipt SUBMENU:=$(NF_MENU) @@ -186,7 +197,7 @@ $(eval $(call KernelPackage,nf-flow)) define KernelPackage/nf-socket SUBMENU:=$(NF_MENU) TITLE:=Netfilter socket lookup support - KCONFIG:= $(KCOFNIG_NF_SOCKET) + KCONFIG:= $(KCONFIG_NF_SOCKET) FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m))) endef @@ -197,7 +208,7 @@ $(eval $(call KernelPackage,nf-socket)) define KernelPackage/nf-tproxy SUBMENU:=$(NF_MENU) TITLE:=Netfilter tproxy support - KCONFIG:= $(KCOFNIG_NF_TPROXY) + KCONFIG:= $(KCONFIG_NF_TPROXY) FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m))) endef @@ -234,6 +245,7 @@ $(eval $(call KernelPackage,ipt-conntrack)) define KernelPackage/ipt-conntrack-extra TITLE:=Extra connection tracking modules + DEPENDS:=+kmod-nf-conncount KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA) FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m))) @@ -607,23 +619,6 @@ endef $(eval $(call KernelPackage,nf-nathelper-extra)) -define KernelPackage/ipt-ulog - TITLE:=Module for user-space packet logging - KCONFIG:=$(KCONFIG_IPT_ULOG) - FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m))) - $(call AddDepends/ipt) -endef - -define KernelPackage/ipt-ulog/description - Netfilter (IPv4) module for user-space packet logging - Includes: - - ULOG -endef - -$(eval $(call KernelPackage,ipt-ulog)) - - define KernelPackage/ipt-nflog TITLE:=Module for user-space packet logging KCONFIG:=$(KCONFIG_IPT_NFLOG) @@ -812,7 +807,7 @@ define KernelPackage/ipt-clusterip KCONFIG:=$(KCONFIG_IPT_CLUSTERIP) FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m))) - $(call AddDepends/ipt,+kmod-nf-conntrack) + $(call AddDepends/ipt,+kmod-nf-conntrack @LINUX_5_15||LINUX_6_1) endef define KernelPackage/ipt-clusterip/description @@ -1146,13 +1141,32 @@ define KernelPackage/nft-bridge FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m))) KCONFIG:= \ - CONFIG_NF_LOG_BRIDGE=n@lt5.13 \ $(KCONFIG_NFT_BRIDGE) endef $(eval $(call KernelPackage,nft-bridge)) +define KernelPackage/nft-dup-inet + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables dup in ip/ip6/inet family support + DEPENDS:=+kmod-nft-core +kmod-nf-conntrack +IPV6:kmod-nf-conntrack6 + KCONFIG:= \ + CONFIG_NF_DUP_IPV4 \ + CONFIG_NF_DUP_IPV6 \ + CONFIG_NFT_DUP_IPV4 \ + CONFIG_NFT_DUP_IPV6 + FILES:= \ + $(LINUX_DIR)/net/ipv4/netfilter/nf_dup_ipv4.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/nf_dup_ipv6.ko \ + $(LINUX_DIR)/net/ipv4/netfilter/nft_dup_ipv4.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/nft_dup_ipv6.ko + AUTOLOAD:=$(call AutoProbe,nf_dup_ipv4 nf_dup_ipv6 nft_dup_ipv4 nft_dup_ipv6) +endef + +$(eval $(call KernelPackage,nft-dup-inet)) + + define KernelPackage/nft-nat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables NAT support @@ -1171,31 +1185,20 @@ define KernelPackage/nft-offload DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat KCONFIG:= \ CONFIG_NF_FLOW_TABLE_INET \ - CONFIG_NF_FLOW_TABLE_IPV4 \ - CONFIG_NF_FLOW_TABLE_IPV6 \ + CONFIG_NF_FLOW_TABLE_IPV4@lt5.17 \ + CONFIG_NF_FLOW_TABLE_IPV6@lt5.17 \ CONFIG_NFT_FLOW_OFFLOAD FILES:= \ $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \ - $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \ - $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \ + $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko@lt5.17 \ + $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko@lt5.17 \ $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko - AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload) + AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4@lt5.17 nf_flow_table_ipv6@lt5.17 nft_flow_offload) endef $(eval $(call KernelPackage,nft-offload)) -define KernelPackage/nft-nat6 - SUBMENU:=$(NF_MENU) - TITLE:=Netfilter nf_tables IPv6-NAT support - DEPENDS:=+kmod-nft-nat +kmod-nf-nat6 - FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) - KCONFIG:=$(KCONFIG_NFT_NAT6) -endef - -$(eval $(call KernelPackage,nft-nat6)) - define KernelPackage/nft-netdev SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables netdev support @@ -1282,3 +1285,14 @@ define KernelPackage/nft-xfrm endef $(eval $(call KernelPackage,nft-xfrm)) + +define KernelPackage/nft-connlimit + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables connlimit support + DEPENDS:=+kmod-nft-core +kmod-nf-conncount + FILES:=$(foreach mod,$(NFT_CONNLIMIT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CONNLIMIT-m))) + KCONFIG:=$(KCONFIG_NFT_CONNLIMIT) +endef + +$(eval $(call KernelPackage,nft-connlimit))