projects / openwrt / openwrt.git / blob
? search:


097c0cab03d529c464c627cc5a0dbdd39d5b280b
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-ipt
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Iptables core
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_IPT)
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-ipt))
26
27
28 define KernelPackage/nf-ipt6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Ip6tables core
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
35 endef
36
37 $(eval $(call KernelPackage,nf-ipt6))
38
39
40
41 define KernelPackage/ipt-core
42 SUBMENU:=$(NF_MENU)
43 TITLE:=Iptables core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
47 DEPENDS:=+kmod-nf-ipt
48 endef
49
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
52 Includes:
53 - comment
54 - limit
55 - LOG
56 - mac
57 - multiport
58 - REJECT
59 - TCPMSS
60 endef
61
62 $(eval $(call KernelPackage,ipt-core))
63
64
65 define KernelPackage/nf-conntrack
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Netfilter connection tracking
68 KCONFIG:= \
69 CONFIG_NETFILTER=y \
70 CONFIG_NETFILTER_ADVANCED=y \
71 CONFIG_NF_CONNTRACK_MARK=y \
72 CONFIG_NF_CONNTRACK_ZONES=y \
73 $(KCONFIG_NF_CONNTRACK)
74 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
75 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 endef
77
78 $(eval $(call KernelPackage,nf-conntrack))
79
80
81 define KernelPackage/nf-conntrack6
82 SUBMENU:=$(NF_MENU)
83 TITLE:=Netfilter IPv6 connection tracking
84 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
85 DEPENDS:=@IPV6 +kmod-nf-conntrack
86 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
87 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 endef
89
90 $(eval $(call KernelPackage,nf-conntrack6))
91
92
93 define KernelPackage/nf-nat
94 SUBMENU:=$(NF_MENU)
95 TITLE:=Netfilter NAT
96 KCONFIG:=$(KCONFIG_NF_NAT)
97 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
98 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
99 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 endef
101
102 $(eval $(call KernelPackage,nf-nat))
103
104
105 define KernelPackage/nf-nat6
106 SUBMENU:=$(NF_MENU)
107 TITLE:=Netfilter IPV6-NAT
108 KCONFIG:=$(KCONFIG_NF_NAT6)
109 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
110 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
111 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 endef
113
114 $(eval $(call KernelPackage,nf-nat6))
115
116
117 define AddDepends/ipt
118 SUBMENU:=$(NF_MENU)
119 DEPENDS+= +kmod-ipt-core $(1)
120 endef
121
122
123 define KernelPackage/ipt-conntrack
124 TITLE:=Basic connection tracking modules
125 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
126 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
127 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
128 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 endef
130
131 define KernelPackage/ipt-conntrack/description
132 Netfilter (IPv4) kernel modules for connection tracking
133 Includes:
134 - conntrack
135 - defrag
136 - iptables_raw
137 - NOTRACK
138 - state
139 endef
140
141 $(eval $(call KernelPackage,ipt-conntrack))
142
143
144 define KernelPackage/ipt-conntrack-extra
145 TITLE:=Extra connection tracking modules
146 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
147 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
148 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
149 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 endef
151
152 define KernelPackage/ipt-conntrack-extra/description
153 Netfilter (IPv4) extra kernel modules for connection tracking
154 Includes:
155 - connbytes
156 - connmark/CONNMARK
157 - conntrack
158 - helper
159 - recent
160 endef
161
162 $(eval $(call KernelPackage,ipt-conntrack-extra))
163
164
165 define KernelPackage/ipt-filter
166 TITLE:=Modules for packet content inspection
167 KCONFIG:=$(KCONFIG_IPT_FILTER)
168 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
169 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
170 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 endef
172
173 define KernelPackage/ipt-filter/description
174 Netfilter (IPv4) kernel modules for packet content inspection
175 Includes:
176 - string
177 endef
178
179 $(eval $(call KernelPackage,ipt-filter))
180
181
182 define KernelPackage/ipt-ipopt
183 TITLE:=Modules for matching/changing IP packet options
184 KCONFIG:=$(KCONFIG_IPT_IPOPT)
185 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
186 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
187 $(call AddDepends/ipt)
188 endef
189
190 define KernelPackage/ipt-ipopt/description
191 Netfilter (IPv4) modules for matching/changing IP packet options
192 Includes:
193 - CLASSIFY
194 - dscp/DSCP
195 - ecn/ECN
196 - hl/HL
197 - length
198 - mark/MARK
199 - statistic
200 - tcpmss
201 - time
202 - ttl/TTL
203 - unclean
204 endef
205
206 $(eval $(call KernelPackage,ipt-ipopt))
207
208
209 define KernelPackage/ipt-ipsec
210 TITLE:=Modules for matching IPSec packets
211 KCONFIG:=$(KCONFIG_IPT_IPSEC)
212 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
213 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
214 $(call AddDepends/ipt)
215 endef
216
217 define KernelPackage/ipt-ipsec/description
218 Netfilter (IPv4) modules for matching IPSec packets
219 Includes:
220 - ah
221 - esp
222 - policy
223 endef
224
225 $(eval $(call KernelPackage,ipt-ipsec))
226
227 IPSET_MODULES:= \
228 ipset/ip_set \
229 ipset/ip_set_bitmap_ip \
230 ipset/ip_set_bitmap_ipmac \
231 ipset/ip_set_bitmap_port \
232 ipset/ip_set_hash_ip \
233 ipset/ip_set_hash_ipmark \
234 ipset/ip_set_hash_ipport \
235 ipset/ip_set_hash_ipportip \
236 ipset/ip_set_hash_ipportnet \
237 ipset/ip_set_hash_mac \
238 ipset/ip_set_hash_netportnet \
239 ipset/ip_set_hash_net \
240 ipset/ip_set_hash_netnet \
241 ipset/ip_set_hash_netport \
242 ipset/ip_set_hash_netiface \
243 ipset/ip_set_list_set \
244 xt_set
245
246 define KernelPackage/ipt-ipset
247 SUBMENU:=Netfilter Extensions
248 TITLE:=IPset netfilter modules
249 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
250 KCONFIG:= \
251 CONFIG_IP_SET \
252 CONFIG_IP_SET_MAX=256 \
253 CONFIG_NETFILTER_XT_SET \
254 CONFIG_IP_SET_BITMAP_IP \
255 CONFIG_IP_SET_BITMAP_IPMAC \
256 CONFIG_IP_SET_BITMAP_PORT \
257 CONFIG_IP_SET_HASH_IP \
258 CONFIG_IP_SET_HASH_IPMARK \
259 CONFIG_IP_SET_HASH_IPPORT \
260 CONFIG_IP_SET_HASH_IPPORTIP \
261 CONFIG_IP_SET_HASH_IPPORTNET \
262 CONFIG_IP_SET_HASH_MAC \
263 CONFIG_IP_SET_HASH_NET \
264 CONFIG_IP_SET_HASH_NETNET \
265 CONFIG_IP_SET_HASH_NETIFACE \
266 CONFIG_IP_SET_HASH_NETPORT \
267 CONFIG_IP_SET_HASH_NETPORTNET \
268 CONFIG_IP_SET_LIST_SET \
269 CONFIG_NET_EMATCH_IPSET=n
270 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
271 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
272 endef
273 $(eval $(call KernelPackage,ipt-ipset))
274
275
276 define KernelPackage/ipt-nat
277 TITLE:=Basic NAT targets
278 KCONFIG:=$(KCONFIG_IPT_NAT)
279 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
280 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
281 $(call AddDepends/ipt,+kmod-nf-nat)
282 endef
283
284 define KernelPackage/ipt-nat/description
285 Netfilter (IPv4) kernel modules for basic NAT targets
286 Includes:
287 - MASQUERADE
288 endef
289
290 $(eval $(call KernelPackage,ipt-nat))
291
292
293 define KernelPackage/ipt-raw
294 TITLE:=Netfilter IPv4 raw table support
295 KCONFIG:=CONFIG_IP_NF_RAW
296 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
297 AUTOLOAD:=$(call AutoProbe,iptable_raw)
298 $(call AddDepends/ipt)
299 endef
300
301 $(eval $(call KernelPackage,ipt-raw))
302
303
304 define KernelPackage/ipt-raw6
305 TITLE:=Netfilter IPv6 raw table support
306 KCONFIG:=CONFIG_IP6_NF_RAW
307 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
308 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
309 $(call AddDepends/ipt,+kmod-ip6tables)
310 endef
311
312 $(eval $(call KernelPackage,ipt-raw6))
313
314
315 define KernelPackage/ipt-nat6
316 TITLE:=IPv6 NAT targets
317 KCONFIG:=$(KCONFIG_IPT_NAT6)
318 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
319 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
320 $(call AddDepends/ipt,+kmod-nf-nat6)
321 $(call AddDepends/ipt,+kmod-ipt-conntrack)
322 $(call AddDepends/ipt,+kmod-ipt-nat)
323 $(call AddDepends/ipt,+kmod-ip6tables)
324 endef
325
326 define KernelPackage/ipt-nat6/description
327 Netfilter (IPv6) kernel modules for NAT targets
328 endef
329
330 $(eval $(call KernelPackage,ipt-nat6))
331
332
333 define KernelPackage/ipt-nat-extra
334 TITLE:=Extra NAT targets
335 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
336 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
337 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
338 $(call AddDepends/ipt,+kmod-ipt-nat)
339 endef
340
341 define KernelPackage/ipt-nat-extra/description
342 Netfilter (IPv4) kernel modules for extra NAT targets
343 Includes:
344 - NETMAP
345 - REDIRECT
346 endef
347
348 $(eval $(call KernelPackage,ipt-nat-extra))
349
350
351 define KernelPackage/nf-nathelper
352 SUBMENU:=$(NF_MENU)
353 TITLE:=Basic Conntrack and NAT helpers
354 KCONFIG:=$(KCONFIG_NF_NATHELPER)
355 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
356 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
357 DEPENDS:=+kmod-nf-nat
358 endef
359
360 define KernelPackage/nf-nathelper/description
361 Default Netfilter (IPv4) Conntrack and NAT helpers
362 Includes:
363 - ftp
364 endef
365
366 $(eval $(call KernelPackage,nf-nathelper))
367
368
369 define KernelPackage/nf-nathelper-extra
370 SUBMENU:=$(NF_MENU)
371 TITLE:=Extra Conntrack and NAT helpers
372 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
373 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
374 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
375 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
376 endef
377
378 define KernelPackage/nf-nathelper-extra/description
379 Extra Netfilter (IPv4) Conntrack and NAT helpers
380 Includes:
381 - amanda
382 - h323
383 - irc
384 - mms
385 - pptp
386 - proto_gre
387 - sip
388 - snmp_basic
389 - tftp
390 - broadcast
391 endef
392
393 $(eval $(call KernelPackage,nf-nathelper-extra))
394
395
396 define KernelPackage/ipt-ulog
397 TITLE:=Module for user-space packet logging
398 KCONFIG:=$(KCONFIG_IPT_ULOG)
399 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
400 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
401 $(call AddDepends/ipt)
402 endef
403
404 define KernelPackage/ipt-ulog/description
405 Netfilter (IPv4) module for user-space packet logging
406 Includes:
407 - ULOG
408 endef
409
410 $(eval $(call KernelPackage,ipt-ulog))
411
412
413 define KernelPackage/ipt-nflog
414 TITLE:=Module for user-space packet logging
415 KCONFIG:=$(KCONFIG_IPT_NFLOG)
416 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
417 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
418 $(call AddDepends/ipt,+kmod-nfnetlink-log)
419 endef
420
421 define KernelPackage/ipt-nflog/description
422 Netfilter module for user-space packet logging
423 Includes:
424 - NFLOG
425 endef
426
427 $(eval $(call KernelPackage,ipt-nflog))
428
429
430 define KernelPackage/ipt-nfqueue
431 TITLE:=Module for user-space packet queuing
432 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
433 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
434 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
435 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
436 endef
437
438 define KernelPackage/ipt-nfqueue/description
439 Netfilter module for user-space packet queuing
440 Includes:
441 - NFQUEUE
442 endef
443
444 $(eval $(call KernelPackage,ipt-nfqueue))
445
446
447 define KernelPackage/ipt-debug
448 TITLE:=Module for debugging/development
449 KCONFIG:=$(KCONFIG_IPT_DEBUG)
450 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
451 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
452 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
453 endef
454
455 define KernelPackage/ipt-debug/description
456 Netfilter modules for debugging/development of the firewall
457 Includes:
458 - TRACE
459 endef
460
461 $(eval $(call KernelPackage,ipt-debug))
462
463
464 define KernelPackage/ipt-led
465 TITLE:=Module to trigger a LED with a Netfilter rule
466 KCONFIG:=$(KCONFIG_IPT_LED)
467 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
468 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
469 $(call AddDepends/ipt)
470 endef
471
472 define KernelPackage/ipt-led/description
473 Netfilter target to trigger a LED when a network packet is matched.
474 endef
475
476 $(eval $(call KernelPackage,ipt-led))
477
478 define KernelPackage/ipt-tproxy
479 TITLE:=Transparent proxying support
480 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
481 KCONFIG:= \
482 CONFIG_NETFILTER_XT_MATCH_SOCKET \
483 CONFIG_NETFILTER_XT_TARGET_TPROXY
484 FILES:= \
485 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
486 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
487 $(call AddDepends/ipt)
488 endef
489
490 define KernelPackage/ipt-tproxy/description
491 Kernel modules for Transparent Proxying
492 endef
493
494 $(eval $(call KernelPackage,ipt-tproxy))
495
496 define KernelPackage/ipt-tee
497 TITLE:=TEE support
498 DEPENDS:=+kmod-ipt-conntrack
499 KCONFIG:= \
500 CONFIG_NETFILTER_XT_TARGET_TEE
501 FILES:= \
502 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
503 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
504 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
505 $(call AddDepends/ipt)
506 endef
507
508 define KernelPackage/ipt-tee/description
509 Kernel modules for TEE
510 endef
511
512 $(eval $(call KernelPackage,ipt-tee))
513
514
515 define KernelPackage/ipt-u32
516 TITLE:=U32 support
517 KCONFIG:= \
518 CONFIG_NETFILTER_XT_MATCH_U32
519 FILES:= \
520 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
521 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
522 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
523 $(call AddDepends/ipt)
524 endef
525
526 define KernelPackage/ipt-u32/description
527 Kernel modules for U32
528 endef
529
530 $(eval $(call KernelPackage,ipt-u32))
531
532 define KernelPackage/ipt-checksum
533 TITLE:=CHECKSUM support
534 KCONFIG:= \
535 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
536 FILES:= \
537 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
538 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
539 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
540 $(call AddDepends/ipt)
541 endef
542
543 define KernelPackage/ipt-checksum/description
544 Kernel modules for CHECKSUM fillin target
545 endef
546
547 $(eval $(call KernelPackage,ipt-checksum))
548
549
550 define KernelPackage/ipt-iprange
551 TITLE:=Module for matching ip ranges
552 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
553 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
554 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
555 $(call AddDepends/ipt)
556 endef
557
558 define KernelPackage/ipt-iprange/description
559 Netfilter (IPv4) module for matching ip ranges
560 Includes:
561 - iprange
562 endef
563
564 $(eval $(call KernelPackage,ipt-iprange))
565
566 define KernelPackage/ipt-cluster
567 TITLE:=Module for matching cluster
568 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
569 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
570 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
571 $(call AddDepends/ipt)
572 endef
573
574 define KernelPackage/ipt-cluster/description
575 Netfilter (IPv4/IPv6) module for matching cluster
576 This option allows you to build work-load-sharing clusters of
577 network servers/stateful firewalls without having a dedicated
578 load-balancing router/server/switch. Basically, this match returns
579 true when the packet must be handled by this cluster node. Thus,
580 all nodes see all packets and this match decides which node handles
581 what packets. The work-load sharing algorithm is based on source
582 address hashing.
583
584 This module is usable for ipv4 and ipv6.
585
586 To use it also enable iptables-mod-cluster
587
588 see `iptables -m cluster --help` for more information.
589 endef
590
591 $(eval $(call KernelPackage,ipt-cluster))
592
593 define KernelPackage/ipt-clusterip
594 TITLE:=Module for CLUSTERIP
595 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
596 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
597 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
598 $(call AddDepends/ipt,+kmod-nf-conntrack)
599 endef
600
601 define KernelPackage/ipt-clusterip/description
602 Netfilter (IPv4-only) module for CLUSTERIP
603 The CLUSTERIP target allows you to build load-balancing clusters of
604 network servers without having a dedicated load-balancing
605 router/server/switch.
606
607 To use it also enable iptables-mod-clusterip
608
609 see `iptables -j CLUSTERIP --help` for more information.
610 endef
611
612 $(eval $(call KernelPackage,ipt-clusterip))
613
614
615 define KernelPackage/ipt-extra
616 TITLE:=Extra modules
617 KCONFIG:=$(KCONFIG_IPT_EXTRA)
618 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
619 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
620 $(call AddDepends/ipt,+kmod-br-netfilter)
621 endef
622
623 define KernelPackage/ipt-extra/description
624 Other Netfilter (IPv4) kernel modules
625 Includes:
626 - addrtype
627 - owner
628 - physdev (if bridge support was enabled in kernel)
629 - pkttype
630 - quota
631 endef
632
633 $(eval $(call KernelPackage,ipt-extra))
634
635
636 define KernelPackage/ip6tables
637 SUBMENU:=$(NF_MENU)
638 TITLE:=IPv6 modules
639 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
640 KCONFIG:=$(KCONFIG_IPT_IPV6)
641 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
642 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
643 endef
644
645 define KernelPackage/ip6tables/description
646 Netfilter IPv6 firewalling support
647 endef
648
649 $(eval $(call KernelPackage,ip6tables))
650
651 define KernelPackage/ip6tables-extra
652 SUBMENU:=$(NF_MENU)
653 TITLE:=Extra IPv6 modules
654 DEPENDS:=+kmod-ip6tables
655 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
656 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
657 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
658 endef
659
660 define KernelPackage/ip6tables-extra/description
661 Netfilter IPv6 extra header matching modules
662 endef
663
664 $(eval $(call KernelPackage,ip6tables-extra))
665
666 ARP_MODULES = arp_tables arpt_mangle arptable_filter
667 define KernelPackage/arptables
668 SUBMENU:=$(NF_MENU)
669 TITLE:=ARP firewalling modules
670 DEPENDS:=+kmod-ipt-core
671 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
672 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
673 CONFIG_IP_NF_ARPFILTER \
674 CONFIG_IP_NF_ARP_MANGLE
675 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
676 endef
677
678 define KernelPackage/arptables/description
679 Kernel modules for ARP firewalling
680 endef
681
682 $(eval $(call KernelPackage,arptables))
683
684
685 define KernelPackage/br-netfilter
686 SUBMENU:=$(NF_MENU)
687 TITLE:=Bridge netfilter support modules
688 HIDDEN:=1
689 DEPENDS:=+kmod-ipt-core
690 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
691 KCONFIG:=CONFIG_BRIDGE_NETFILTER
692 AUTOLOAD:=$(call AutoProbe,br_netfilter)
693 endef
694
695 $(eval $(call KernelPackage,br-netfilter))
696
697
698 define KernelPackage/ebtables
699 SUBMENU:=$(NF_MENU)
700 TITLE:=Bridge firewalling modules
701 DEPENDS:=+kmod-ipt-core +kmod-br-netfilter
702 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
703 KCONFIG:=$(KCONFIG_EBTABLES)
704 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
705 endef
706
707 define KernelPackage/ebtables/description
708 ebtables is a general, extensible frame/packet identification
709 framework. It provides you to do Ethernet
710 filtering/NAT/brouting on the Ethernet bridge.
711 endef
712
713 $(eval $(call KernelPackage,ebtables))
714
715
716 define AddDepends/ebtables
717 SUBMENU:=$(NF_MENU)
718 DEPENDS+=kmod-ebtables $(1)
719 endef
720
721
722 define KernelPackage/ebtables-ipv4
723 TITLE:=ebtables: IPv4 support
724 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
725 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
726 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
727 $(call AddDepends/ebtables)
728 endef
729
730 define KernelPackage/ebtables-ipv4/description
731 This option adds the IPv4 support to ebtables, which allows basic
732 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
733 endef
734
735 $(eval $(call KernelPackage,ebtables-ipv4))
736
737
738 define KernelPackage/ebtables-ipv6
739 TITLE:=ebtables: IPv6 support
740 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
741 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
742 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
743 $(call AddDepends/ebtables)
744 endef
745
746 define KernelPackage/ebtables-ipv6/description
747 This option adds the IPv6 support to ebtables, which allows basic
748 IPv6 header field filtering and target support.
749 endef
750
751 $(eval $(call KernelPackage,ebtables-ipv6))
752
753
754 define KernelPackage/ebtables-watchers
755 TITLE:=ebtables: watchers support
756 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
757 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
758 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
759 $(call AddDepends/ebtables)
760 endef
761
762 define KernelPackage/ebtables-watchers/description
763 This option adds the log watchers, that you can use in any rule
764 in any ebtables table.
765 endef
766
767 $(eval $(call KernelPackage,ebtables-watchers))
768
769
770 define KernelPackage/nfnetlink
771 SUBMENU:=$(NF_MENU)
772 TITLE:=Netlink-based userspace interface
773 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
774 KCONFIG:=$(KCONFIG_NFNETLINK)
775 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
776 endef
777
778 define KernelPackage/nfnetlink/description
779 Kernel modules support for a netlink-based userspace interface
780 endef
781
782 $(eval $(call KernelPackage,nfnetlink))
783
784
785 define AddDepends/nfnetlink
786 SUBMENU:=$(NF_MENU)
787 DEPENDS+=+kmod-nfnetlink $(1)
788 endef
789
790
791 define KernelPackage/nfnetlink-log
792 TITLE:=Netfilter LOG over NFNETLINK interface
793 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
794 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
795 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
796 $(call AddDepends/nfnetlink)
797 endef
798
799 define KernelPackage/nfnetlink-log/description
800 Kernel modules support for logging packets via NFNETLINK
801 Includes:
802 - NFLOG
803 endef
804
805 $(eval $(call KernelPackage,nfnetlink-log))
806
807
808 define KernelPackage/nfnetlink-queue
809 TITLE:=Netfilter QUEUE over NFNETLINK interface
810 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
811 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
812 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
813 $(call AddDepends/nfnetlink)
814 endef
815
816 define KernelPackage/nfnetlink-queue/description
817 Kernel modules support for queueing packets via NFNETLINK
818 Includes:
819 - NFQUEUE
820 endef
821
822 $(eval $(call KernelPackage,nfnetlink-queue))
823
824
825 define KernelPackage/nf-conntrack-netlink
826 TITLE:=Connection tracking netlink interface
827 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
828 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
829 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
830 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
831 endef
832
833 define KernelPackage/nf-conntrack-netlink/description
834 Kernel modules support for a netlink-based connection tracking
835 userspace interface
836 endef
837
838 $(eval $(call KernelPackage,nf-conntrack-netlink))
839
840 define KernelPackage/ipt-hashlimit
841 SUBMENU:=$(NF_MENU)
842 TITLE:=Netfilter hashlimit match
843 DEPENDS:=+kmod-ipt-core
844 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
845 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
846 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
847 $(call KernelPackage/ipt)
848 endef
849
850 define KernelPackage/ipt-hashlimit/description
851 Kernel modules support for the hashlimit bucket match module
852 endef
853
854 $(eval $(call KernelPackage,ipt-hashlimit))
855
856 define KernelPackage/ipt-rpfilter
857 SUBMENU:=$(NF_MENU)
858 TITLE:=Netfilter rpfilter match
859 DEPENDS:=+kmod-ipt-core
860 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
861 FILES:=$(realpath \
862 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
863 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
864 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
865 $(call KernelPackage/ipt)
866 endef
867
868 define KernelPackage/ipt-rpfilter/description
869 Kernel modules support for the Netfilter rpfilter match
870 endef
871
872 $(eval $(call KernelPackage,ipt-rpfilter))
873
874
875 define KernelPackage/nft-core
876 SUBMENU:=$(NF_MENU)
877 TITLE:=Netfilter nf_tables support
878 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6
879 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
880 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
881 KCONFIG:= \
882 CONFIG_NETFILTER=y \
883 CONFIG_NETFILTER_ADVANCED=y \
884 CONFIG_NFT_COMPAT=n \
885 CONFIG_NFT_QUEUE=n \
886 CONFIG_NF_TABLES_ARP=n \
887 CONFIG_NF_TABLES_BRIDGE=n \
888 $(KCONFIG_NFT_CORE)
889 endef
890
891 define KernelPackage/nft-core/description
892 Kernel module support for nftables
893 endef
894
895 $(eval $(call KernelPackage,nft-core))
896
897
898 define KernelPackage/nft-nat
899 SUBMENU:=$(NF_MENU)
900 TITLE:=Netfilter nf_tables NAT support
901 DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6
902 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
903 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
904 KCONFIG:=$(KCONFIG_NFT_NAT)
905 endef
906
907 $(eval $(call KernelPackage,nft-nat))
908
909
910 define KernelPackage/nft-nat6
911 SUBMENU:=$(NF_MENU)
912 TITLE:=Netfilter nf_tables IPv6-NAT support
913 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
914 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
915 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
916 KCONFIG:=$(KCONFIG_NFT_NAT6)
917 endef
918
919 $(eval $(call KernelPackage,nft-nat6))
920
OpenWrt Source Repository