package/kernel/linux/modules/netfilter.mk

   1
   2 #
   3 # Copyright (C) 2006-2010 OpenWrt.org
   4 #
   5 # This is free software, licensed under the GNU General Public License v2.
   6 # See /LICENSE for more information.
   7 #
   8
   9 NF_MENU:=Netfilter Extensions
  10 NF_KMOD:=1
  11 include $(INCLUDE_DIR)/netfilter.mk
  12
  13
  14 define KernelPackage/nf-ipt
  15   SUBMENU:=$(NF_MENU)
  16   TITLE:=Iptables core
  17   KCONFIG:= \
  18         CONFIG_NETFILTER=y \
  19         CONFIG_NETFILTER_ADVANCED=y \
  20         $(KCONFIG_NF_IPT)
  21   FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
  22   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
  23 endef
  24
  25 $(eval $(call KernelPackage,nf-ipt))
  26
  27
  28 define KernelPackage/nf-ipt6
  29   SUBMENU:=$(NF_MENU)
  30   TITLE:=Ip6tables core
  31   KCONFIG:=$(KCONFIG_NF_IPT6)
  32   FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
  33   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
  34   DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
  35 endef
  36
  37 $(eval $(call KernelPackage,nf-ipt6))
  38
  39
  40
  41 define KernelPackage/ipt-core
  42   SUBMENU:=$(NF_MENU)
  43   TITLE:=Iptables core
  44   KCONFIG:=$(KCONFIG_IPT_CORE)
  45   FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
  46   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
  47   DEPENDS:=+kmod-nf-ipt
  48 endef
  49
  50 define KernelPackage/ipt-core/description
  51  Netfilter core kernel modules
  52  Includes:
  53  - comment
  54  - limit
  55  - LOG
  56  - mac
  57  - multiport
  58  - REJECT
  59  - TCPMSS
  60 endef
  61
  62 $(eval $(call KernelPackage,ipt-core))
  63
  64
  65 define KernelPackage/nf-conntrack
  66   SUBMENU:=$(NF_MENU)
  67   TITLE:=Netfilter connection tracking
  68   KCONFIG:= \
  69         CONFIG_NETFILTER=y \
  70         CONFIG_NETFILTER_ADVANCED=y \
  71         CONFIG_NF_CONNTRACK_ZONES=y \
  72         $(KCONFIG_NF_CONNTRACK)
  73   FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
  74   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
  75 endef
  76
  77 $(eval $(call KernelPackage,nf-conntrack))
  78
  79
  80 define KernelPackage/nf-conntrack6
  81   SUBMENU:=$(NF_MENU)
  82   TITLE:=Netfilter IPv6 connection tracking
  83   KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
  84   DEPENDS:=@IPV6 +kmod-nf-conntrack
  85   FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
  86   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
  87 endef
  88
  89 $(eval $(call KernelPackage,nf-conntrack6))
  90
  91
  92 define KernelPackage/nf-nat
  93   SUBMENU:=$(NF_MENU)
  94   TITLE:=Netfilter NAT
  95   KCONFIG:=$(KCONFIG_NF_NAT)
  96   DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
  97   FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
  98   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
  99 endef
 100
 101 $(eval $(call KernelPackage,nf-nat))
 102
 103
 104 define KernelPackage/nf-nat6
 105   SUBMENU:=$(NF_MENU)
 106   TITLE:=Netfilter IPV6-NAT
 107   KCONFIG:=$(KCONFIG_NF_NAT6)
 108   DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
 109   FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 110   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
 111 endef
 112
 113 $(eval $(call KernelPackage,nf-nat6))
 114
 115
 116 define AddDepends/ipt
 117   SUBMENU:=$(NF_MENU)
 118   DEPENDS+= +kmod-ipt-core $(1)
 119 endef
 120
 121
 122 define KernelPackage/ipt-conntrack
 123   TITLE:=Basic connection tracking modules
 124   KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
 125   FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
 126   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
 127   $(call AddDepends/ipt,+kmod-nf-conntrack)
 128 endef
 129
 130 define KernelPackage/ipt-conntrack/description
 131  Netfilter (IPv4) kernel modules for connection tracking
 132  Includes:
 133  - conntrack
 134  - defrag
 135  - iptables_raw
 136  - NOTRACK
 137  - state
 138 endef
 139
 140 $(eval $(call KernelPackage,ipt-conntrack))
 141
 142
 143 define KernelPackage/ipt-conntrack-extra
 144   TITLE:=Extra connection tracking modules
 145   KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
 146   FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 147   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
 148   $(call AddDepends/ipt,+kmod-ipt-conntrack)
 149 endef
 150
 151 define KernelPackage/ipt-conntrack-extra/description
 152  Netfilter (IPv4) extra kernel modules for connection tracking
 153  Includes:
 154  - connbytes
 155  - connmark/CONNMARK
 156  - conntrack
 157  - helper
 158  - recent
 159 endef
 160
 161 $(eval $(call KernelPackage,ipt-conntrack-extra))
 162
 163
 164 define KernelPackage/ipt-filter
 165   TITLE:=Modules for packet content inspection
 166   KCONFIG:=$(KCONFIG_IPT_FILTER)
 167   FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
 168   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
 169   $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
 170 endef
 171
 172 define KernelPackage/ipt-filter/description
 173  Netfilter (IPv4) kernel modules for packet content inspection
 174  Includes:
 175  - string
 176 endef
 177
 178 $(eval $(call KernelPackage,ipt-filter))
 179
 180
 181 define KernelPackage/ipt-ipopt
 182   TITLE:=Modules for matching/changing IP packet options
 183   KCONFIG:=$(KCONFIG_IPT_IPOPT)
 184   FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
 185   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
 186   $(call AddDepends/ipt)
 187 endef
 188
 189 define KernelPackage/ipt-ipopt/description
 190  Netfilter (IPv4) modules for matching/changing IP packet options
 191  Includes:
 192  - CLASSIFY
 193  - dscp/DSCP
 194  - ecn/ECN
 195  - hl/HL
 196  - length
 197  - mark/MARK
 198  - statistic
 199  - tcpmss
 200  - time
 201  - ttl/TTL
 202  - unclean
 203 endef
 204
 205 $(eval $(call KernelPackage,ipt-ipopt))
 206
 207
 208 define KernelPackage/ipt-ipsec
 209   TITLE:=Modules for matching IPSec packets
 210   KCONFIG:=$(KCONFIG_IPT_IPSEC)
 211   FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
 212   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
 213   $(call AddDepends/ipt)
 214 endef
 215
 216 define KernelPackage/ipt-ipsec/description
 217  Netfilter (IPv4) modules for matching IPSec packets
 218  Includes:
 219  - ah
 220  - esp
 221  - policy
 222 endef
 223
 224 $(eval $(call KernelPackage,ipt-ipsec))
 225
 226 IPSET_MODULES:= \
 227         ipset/ip_set \
 228         ipset/ip_set_bitmap_ip \
 229         ipset/ip_set_bitmap_ipmac \
 230         ipset/ip_set_bitmap_port \
 231         ipset/ip_set_hash_ip \
 232         ipset/ip_set_hash_ipmark \
 233         ipset/ip_set_hash_ipport \
 234         ipset/ip_set_hash_ipportip \
 235         ipset/ip_set_hash_ipportnet \
 236         ipset/ip_set_hash_mac \
 237         ipset/ip_set_hash_netportnet \
 238         ipset/ip_set_hash_net \
 239         ipset/ip_set_hash_netnet \
 240         ipset/ip_set_hash_netport \
 241         ipset/ip_set_hash_netiface \
 242         ipset/ip_set_list_set \
 243         xt_set
 244
 245 define KernelPackage/ipt-ipset
 246   SUBMENU:=Netfilter Extensions
 247   TITLE:=IPset netfilter modules
 248   DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
 249   KCONFIG:= \
 250         CONFIG_IP_SET \
 251         CONFIG_IP_SET_MAX=256 \
 252         CONFIG_NETFILTER_XT_SET \
 253         CONFIG_IP_SET_BITMAP_IP \
 254         CONFIG_IP_SET_BITMAP_IPMAC \
 255         CONFIG_IP_SET_BITMAP_PORT \
 256         CONFIG_IP_SET_HASH_IP \
 257         CONFIG_IP_SET_HASH_IPMARK \
 258         CONFIG_IP_SET_HASH_IPPORT \
 259         CONFIG_IP_SET_HASH_IPPORTIP \
 260         CONFIG_IP_SET_HASH_IPPORTNET \
 261         CONFIG_IP_SET_HASH_MAC \
 262         CONFIG_IP_SET_HASH_NET \
 263         CONFIG_IP_SET_HASH_NETNET \
 264         CONFIG_IP_SET_HASH_NETIFACE \
 265         CONFIG_IP_SET_HASH_NETPORT \
 266         CONFIG_IP_SET_HASH_NETPORTNET \
 267         CONFIG_IP_SET_LIST_SET \
 268         CONFIG_NET_EMATCH_IPSET=n
 269   FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
 270   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
 271 endef
 272 $(eval $(call KernelPackage,ipt-ipset))
 273
 274
 275 define KernelPackage/ipt-nat
 276   TITLE:=Basic NAT targets
 277   KCONFIG:=$(KCONFIG_IPT_NAT)
 278   FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
 279   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
 280   $(call AddDepends/ipt,+kmod-nf-nat)
 281 endef
 282
 283 define KernelPackage/ipt-nat/description
 284  Netfilter (IPv4) kernel modules for basic NAT targets
 285  Includes:
 286  - MASQUERADE
 287 endef
 288
 289 $(eval $(call KernelPackage,ipt-nat))
 290
 291
 292 define KernelPackage/ipt-raw
 293   TITLE:=Netfilter IPv4 raw table support
 294   KCONFIG:=CONFIG_IP_NF_RAW
 295   FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
 296   AUTOLOAD:=$(call AutoProbe,iptable_raw)
 297   $(call AddDepends/ipt)
 298 endef
 299
 300 $(eval $(call KernelPackage,ipt-raw))
 301
 302
 303 define KernelPackage/ipt-raw6
 304   TITLE:=Netfilter IPv6 raw table support
 305   KCONFIG:=CONFIG_IP6_NF_RAW
 306   FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
 307   AUTOLOAD:=$(call AutoProbe,ip6table_raw)
 308   $(call AddDepends/ipt,+kmod-ip6tables)
 309 endef
 310
 311 $(eval $(call KernelPackage,ipt-raw6))
 312
 313
 314 define KernelPackage/ipt-nat6
 315   TITLE:=IPv6 NAT targets
 316   KCONFIG:=$(KCONFIG_IPT_NAT6)
 317   FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 318   AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
 319   $(call AddDepends/ipt,+kmod-nf-nat6)
 320   $(call AddDepends/ipt,+kmod-ipt-conntrack)
 321   $(call AddDepends/ipt,+kmod-ipt-nat)
 322   $(call AddDepends/ipt,+kmod-ip6tables)
 323 endef
 324
 325 define KernelPackage/ipt-nat6/description
 326  Netfilter (IPv6) kernel modules for NAT targets
 327 endef
 328
 329 $(eval $(call KernelPackage,ipt-nat6))
 330
 331
 332 define KernelPackage/ipt-nat-extra
 333   TITLE:=Extra NAT targets
 334   KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
 335   FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 336   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
 337   $(call AddDepends/ipt,+kmod-ipt-nat)
 338 endef
 339
 340 define KernelPackage/ipt-nat-extra/description
 341  Netfilter (IPv4) kernel modules for extra NAT targets
 342  Includes:
 343  - NETMAP
 344  - REDIRECT
 345 endef
 346
 347 $(eval $(call KernelPackage,ipt-nat-extra))
 348
 349
 350 define KernelPackage/nf-nathelper
 351   SUBMENU:=$(NF_MENU)
 352   TITLE:=Basic Conntrack and NAT helpers
 353   KCONFIG:=$(KCONFIG_NF_NATHELPER)
 354   FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
 355   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
 356   DEPENDS:=+kmod-nf-nat
 357 endef
 358
 359 define KernelPackage/nf-nathelper/description
 360  Default Netfilter (IPv4) Conntrack and NAT helpers
 361  Includes:
 362  - ftp
 363 endef
 364
 365 $(eval $(call KernelPackage,nf-nathelper))
 366
 367
 368 define KernelPackage/nf-nathelper-extra
 369   SUBMENU:=$(NF_MENU)
 370   TITLE:=Extra Conntrack and NAT helpers
 371   KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
 372   FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 373   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
 374   DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
 375 endef
 376
 377 define KernelPackage/nf-nathelper-extra/description
 378  Extra Netfilter (IPv4) Conntrack and NAT helpers
 379  Includes:
 380  - amanda
 381  - h323
 382  - irc
 383  - mms
 384  - pptp
 385  - proto_gre
 386  - sip
 387  - snmp_basic
 388  - tftp
 389  - broadcast
 390 endef
 391
 392 $(eval $(call KernelPackage,nf-nathelper-extra))
 393
 394
 395 define KernelPackage/ipt-ulog
 396   TITLE:=Module for user-space packet logging
 397   KCONFIG:=$(KCONFIG_IPT_ULOG)
 398   FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
 399   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
 400   $(call AddDepends/ipt)
 401 endef
 402
 403 define KernelPackage/ipt-ulog/description
 404  Netfilter (IPv4) module for user-space packet logging
 405  Includes:
 406  - ULOG
 407 endef
 408
 409 $(eval $(call KernelPackage,ipt-ulog))
 410
 411
 412 define KernelPackage/ipt-nflog
 413   TITLE:=Module for user-space packet logging
 414   KCONFIG:=$(KCONFIG_IPT_NFLOG)
 415   FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
 416   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
 417   $(call AddDepends/ipt,+kmod-nfnetlink-log)
 418 endef
 419
 420 define KernelPackage/ipt-nflog/description
 421  Netfilter module for user-space packet logging
 422  Includes:
 423  - NFLOG
 424 endef
 425
 426 $(eval $(call KernelPackage,ipt-nflog))
 427
 428
 429 define KernelPackage/ipt-nfqueue
 430   TITLE:=Module for user-space packet queuing
 431   KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
 432   FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
 433   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
 434   $(call AddDepends/ipt,+kmod-nfnetlink-queue)
 435 endef
 436
 437 define KernelPackage/ipt-nfqueue/description
 438  Netfilter module for user-space packet queuing
 439  Includes:
 440  - NFQUEUE
 441 endef
 442
 443 $(eval $(call KernelPackage,ipt-nfqueue))
 444
 445
 446 define KernelPackage/ipt-debug
 447   TITLE:=Module for debugging/development
 448   KCONFIG:=$(KCONFIG_IPT_DEBUG)
 449   FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
 450   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
 451   $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
 452 endef
 453
 454 define KernelPackage/ipt-debug/description
 455  Netfilter modules for debugging/development of the firewall
 456  Includes:
 457  - TRACE
 458 endef
 459
 460 $(eval $(call KernelPackage,ipt-debug))
 461
 462
 463 define KernelPackage/ipt-led
 464   TITLE:=Module to trigger a LED with a Netfilter rule
 465   KCONFIG:=$(KCONFIG_IPT_LED)
 466   FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
 467   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
 468   $(call AddDepends/ipt)
 469 endef
 470
 471 define KernelPackage/ipt-led/description
 472  Netfilter target to trigger a LED when a network packet is matched.
 473 endef
 474
 475 $(eval $(call KernelPackage,ipt-led))
 476
 477 define KernelPackage/ipt-tproxy
 478   TITLE:=Transparent proxying support
 479   DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
 480   KCONFIG:= \
 481         CONFIG_NETFILTER_XT_MATCH_SOCKET \
 482         CONFIG_NETFILTER_XT_TARGET_TPROXY
 483   FILES:= \
 484         $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
 485   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
 486   $(call AddDepends/ipt)
 487 endef
 488
 489 define KernelPackage/ipt-tproxy/description
 490   Kernel modules for Transparent Proxying
 491 endef
 492
 493 $(eval $(call KernelPackage,ipt-tproxy))
 494
 495 define KernelPackage/ipt-tee
 496   TITLE:=TEE support
 497   DEPENDS:=+kmod-ipt-conntrack
 498   KCONFIG:= \
 499         CONFIG_NETFILTER_XT_TARGET_TEE
 500   FILES:= \
 501         $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
 502         $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
 503   AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
 504   $(call AddDepends/ipt)
 505 endef
 506
 507 define KernelPackage/ipt-tee/description
 508   Kernel modules for TEE
 509 endef
 510
 511 $(eval $(call KernelPackage,ipt-tee))
 512
 513
 514 define KernelPackage/ipt-u32
 515   TITLE:=U32 support
 516   KCONFIG:= \
 517         CONFIG_NETFILTER_XT_MATCH_U32
 518   FILES:= \
 519         $(LINUX_DIR)/net/netfilter/xt_u32.ko \
 520         $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
 521   AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
 522   $(call AddDepends/ipt)
 523 endef
 524
 525 define KernelPackage/ipt-u32/description
 526   Kernel modules for U32
 527 endef
 528
 529 $(eval $(call KernelPackage,ipt-u32))
 530
 531
 532 define KernelPackage/ipt-iprange
 533   TITLE:=Module for matching ip ranges
 534   KCONFIG:=$(KCONFIG_IPT_IPRANGE)
 535   FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
 536   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
 537   $(call AddDepends/ipt)
 538 endef
 539
 540 define KernelPackage/ipt-iprange/description
 541  Netfilter (IPv4) module for matching ip ranges
 542  Includes:
 543  - iprange
 544 endef
 545
 546 $(eval $(call KernelPackage,ipt-iprange))
 547
 548 define KernelPackage/ipt-cluster
 549   TITLE:=Module for matching cluster
 550   KCONFIG:=$(KCONFIG_IPT_CLUSTER)
 551   FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
 552   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
 553   $(call AddDepends/ipt)
 554 endef
 555
 556 define KernelPackage/ipt-cluster/description
 557  Netfilter (IPv4/IPv6) module for matching cluster
 558  This option allows you to build work-load-sharing clusters of
 559  network servers/stateful firewalls without having a dedicated
 560  load-balancing router/server/switch. Basically, this match returns
 561  true when the packet must be handled by this cluster node. Thus,
 562  all nodes see all packets and this match decides which node handles
 563  what packets. The work-load sharing algorithm is based on source
 564  address hashing.
 565
 566  This module is usable for ipv4 and ipv6.
 567
 568  To use it also enable iptables-mod-cluster
 569
 570  see `iptables -m cluster --help` for more information.
 571 endef
 572
 573 $(eval $(call KernelPackage,ipt-cluster))
 574
 575 define KernelPackage/ipt-clusterip
 576   TITLE:=Module for CLUSTERIP
 577   KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
 578   FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
 579   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
 580   $(call AddDepends/ipt,+kmod-nf-conntrack)
 581 endef
 582
 583 define KernelPackage/ipt-clusterip/description
 584  Netfilter (IPv4-only) module for CLUSTERIP
 585  The CLUSTERIP target allows you to build load-balancing clusters of
 586  network servers without having a dedicated load-balancing
 587  router/server/switch.
 588
 589  To use it also enable iptables-mod-clusterip
 590
 591  see `iptables -j CLUSTERIP --help` for more information.
 592 endef
 593
 594 $(eval $(call KernelPackage,ipt-clusterip))
 595
 596
 597 define KernelPackage/ipt-extra
 598   TITLE:=Extra modules
 599   KCONFIG:=$(KCONFIG_IPT_EXTRA)
 600   FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 601   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
 602   $(call AddDepends/ipt,+kmod-br-netfilter)
 603 endef
 604
 605 define KernelPackage/ipt-extra/description
 606  Other Netfilter (IPv4) kernel modules
 607  Includes:
 608  - addrtype
 609  - owner
 610  - physdev (if bridge support was enabled in kernel)
 611  - pkttype
 612  - quota
 613 endef
 614
 615 $(eval $(call KernelPackage,ipt-extra))
 616
 617
 618 define KernelPackage/ip6tables
 619   SUBMENU:=$(NF_MENU)
 620   TITLE:=IPv6 modules
 621   DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
 622   KCONFIG:=$(KCONFIG_IPT_IPV6)
 623   FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
 624   AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
 625 endef
 626
 627 define KernelPackage/ip6tables/description
 628  Netfilter IPv6 firewalling support
 629 endef
 630
 631 $(eval $(call KernelPackage,ip6tables))
 632
 633 define KernelPackage/ip6tables-extra
 634   SUBMENU:=$(NF_MENU)
 635   TITLE:=Extra IPv6 modules
 636   DEPENDS:=+kmod-ip6tables
 637   KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
 638   FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 639   AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
 640 endef
 641
 642 define KernelPackage/ip6tables-extra/description
 643  Netfilter IPv6 extra header matching modules
 644 endef
 645
 646 $(eval $(call KernelPackage,ip6tables-extra))
 647
 648 ARP_MODULES = arp_tables arpt_mangle arptable_filter
 649 define KernelPackage/arptables
 650   SUBMENU:=$(NF_MENU)
 651   TITLE:=ARP firewalling modules
 652   DEPENDS:=+kmod-ipt-core
 653   FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
 654   KCONFIG:=CONFIG_IP_NF_ARPTABLES \
 655     CONFIG_IP_NF_ARPFILTER \
 656     CONFIG_IP_NF_ARP_MANGLE
 657   AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
 658 endef
 659
 660 define KernelPackage/arptables/description
 661  Kernel modules for ARP firewalling
 662 endef
 663
 664 $(eval $(call KernelPackage,arptables))
 665
 666
 667 define KernelPackage/br-netfilter
 668   SUBMENU:=$(NF_MENU)
 669   TITLE:=Bridge netfilter support modules
 670   HIDDEN:=1
 671   DEPENDS:=+kmod-ipt-core +kmod-bridge
 672   FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
 673   KCONFIG:=CONFIG_BRIDGE_NETFILTER
 674   AUTOLOAD:=$(call AutoProbe,br_netfilter)
 675 endef
 676
 677 $(eval $(call KernelPackage,br-netfilter))
 678
 679
 680 define KernelPackage/ebtables
 681   SUBMENU:=$(NF_MENU)
 682   TITLE:=Bridge firewalling modules
 683   DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter
 684   FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
 685   KCONFIG:=$(KCONFIG_EBTABLES)
 686   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
 687 endef
 688
 689 define KernelPackage/ebtables/description
 690   ebtables is a general, extensible frame/packet identification
 691   framework. It provides you to do Ethernet
 692   filtering/NAT/brouting on the Ethernet bridge.
 693 endef
 694
 695 $(eval $(call KernelPackage,ebtables))
 696
 697
 698 define AddDepends/ebtables
 699   SUBMENU:=$(NF_MENU)
 700   DEPENDS+=kmod-ebtables $(1)
 701 endef
 702
 703
 704 define KernelPackage/ebtables-ipv4
 705   TITLE:=ebtables: IPv4 support
 706   FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
 707   KCONFIG:=$(KCONFIG_EBTABLES_IP4)
 708   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
 709   $(call AddDepends/ebtables)
 710 endef
 711
 712 define KernelPackage/ebtables-ipv4/description
 713  This option adds the IPv4 support to ebtables, which allows basic
 714  IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
 715 endef
 716
 717 $(eval $(call KernelPackage,ebtables-ipv4))
 718
 719
 720 define KernelPackage/ebtables-ipv6
 721   TITLE:=ebtables: IPv6 support
 722   FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
 723   KCONFIG:=$(KCONFIG_EBTABLES_IP6)
 724   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
 725   $(call AddDepends/ebtables)
 726 endef
 727
 728 define KernelPackage/ebtables-ipv6/description
 729  This option adds the IPv6 support to ebtables, which allows basic
 730  IPv6 header field filtering and target support.
 731 endef
 732
 733 $(eval $(call KernelPackage,ebtables-ipv6))
 734
 735
 736 define KernelPackage/ebtables-watchers
 737   TITLE:=ebtables: watchers support
 738   FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
 739   KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
 740   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
 741   $(call AddDepends/ebtables)
 742 endef
 743
 744 define KernelPackage/ebtables-watchers/description
 745  This option adds the log watchers, that you can use in any rule
 746  in any ebtables table.
 747 endef
 748
 749 $(eval $(call KernelPackage,ebtables-watchers))
 750
 751
 752 define KernelPackage/nfnetlink
 753   SUBMENU:=$(NF_MENU)
 754   TITLE:=Netlink-based userspace interface
 755   FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
 756   KCONFIG:=$(KCONFIG_NFNETLINK)
 757   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
 758 endef
 759
 760 define KernelPackage/nfnetlink/description
 761  Kernel modules support for a netlink-based userspace interface
 762 endef
 763
 764 $(eval $(call KernelPackage,nfnetlink))
 765
 766
 767 define AddDepends/nfnetlink
 768   SUBMENU:=$(NF_MENU)
 769   DEPENDS+=+kmod-nfnetlink $(1)
 770 endef
 771
 772
 773 define KernelPackage/nfnetlink-log
 774   TITLE:=Netfilter LOG over NFNETLINK interface
 775   FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
 776   KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
 777   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
 778   $(call AddDepends/nfnetlink)
 779 endef
 780
 781 define KernelPackage/nfnetlink-log/description
 782  Kernel modules support for logging packets via NFNETLINK
 783  Includes:
 784  - NFLOG
 785 endef
 786
 787 $(eval $(call KernelPackage,nfnetlink-log))
 788
 789
 790 define KernelPackage/nfnetlink-queue
 791   TITLE:=Netfilter QUEUE over NFNETLINK interface
 792   FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
 793   KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
 794   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
 795   $(call AddDepends/nfnetlink)
 796 endef
 797
 798 define KernelPackage/nfnetlink-queue/description
 799  Kernel modules support for queueing packets via NFNETLINK
 800  Includes:
 801  - NFQUEUE
 802 endef
 803
 804 $(eval $(call KernelPackage,nfnetlink-queue))
 805
 806
 807 define KernelPackage/nf-conntrack-netlink
 808   TITLE:=Connection tracking netlink interface
 809   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
 810   KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
 811   AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
 812   $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
 813 endef
 814
 815 define KernelPackage/nf-conntrack-netlink/description
 816  Kernel modules support for a netlink-based connection tracking
 817  userspace interface
 818 endef
 819
 820 $(eval $(call KernelPackage,nf-conntrack-netlink))
 821
 822 define KernelPackage/ipt-hashlimit
 823   SUBMENU:=$(NF_MENU)
 824   TITLE:=Netfilter hashlimit match
 825   DEPENDS:=+kmod-ipt-core
 826   KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
 827   FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
 828   AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
 829   $(call KernelPackage/ipt)
 830 endef
 831
 832 define KernelPackage/ipt-hashlimit/description
 833  Kernel modules support for the hashlimit bucket match module
 834 endef
 835
 836 $(eval $(call KernelPackage,ipt-hashlimit))
 837
 838 define KernelPackage/ipt-rpfilter
 839   SUBMENU:=$(NF_MENU)
 840   TITLE:=Netfilter rpfilter match
 841   DEPENDS:=+kmod-ipt-core
 842   KCONFIG:=$(KCONFIG_IPT_RPFILTER)
 843   FILES:=$(realpath \
 844         $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
 845         $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
 846   AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
 847   $(call KernelPackage/ipt)
 848 endef
 849
 850 define KernelPackage/ipt-rpfilter/description
 851  Kernel modules support for the Netfilter rpfilter match
 852 endef
 853
 854 $(eval $(call KernelPackage,ipt-rpfilter))
 855
 856
 857 define KernelPackage/nft-core
 858   SUBMENU:=$(NF_MENU)
 859   TITLE:=Netfilter nf_tables support
 860   DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6
 861   FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
 862   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
 863   KCONFIG:= \
 864         CONFIG_NETFILTER=y \
 865         CONFIG_NETFILTER_ADVANCED=y \
 866         CONFIG_NFT_COMPAT=n \
 867         CONFIG_NFT_QUEUE=n \
 868         CONFIG_NF_TABLES_ARP=n \
 869         CONFIG_NF_TABLES_BRIDGE=n \
 870         $(KCONFIG_NFT_CORE)
 871 endef
 872
 873 define KernelPackage/nft-core/description
 874  Kernel module support for nftables
 875 endef
 876
 877 $(eval $(call KernelPackage,nft-core))
 878
 879
 880 define KernelPackage/nft-nat
 881   SUBMENU:=$(NF_MENU)
 882   TITLE:=Netfilter nf_tables NAT support
 883   DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6
 884   FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
 885   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
 886   KCONFIG:=$(KCONFIG_NFT_NAT)
 887 endef
 888
 889 $(eval $(call KernelPackage,nft-nat))
 890
 891
 892 define KernelPackage/nft-nat6
 893   SUBMENU:=$(NF_MENU)
 894   TITLE:=Netfilter nf_tables IPv6-NAT support
 895   DEPENDS:=+kmod-nft-core +kmod-nf-nat6
 896   FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 897   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
 898   KCONFIG:=$(KCONFIG_NFT_NAT6)
 899 endef
 900
 901 $(eval $(call KernelPackage,nft-nat6))
 902