projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netfilter: add bpf match support
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define AddDepends/ipt
166 SUBMENU:=$(NF_MENU)
167 DEPENDS+= +kmod-ipt-core $(1)
168 endef
169
170
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
177 endef
178
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
181 Includes:
182 - conntrack
183 - defrag
184 - iptables_raw
185 - NOTRACK
186 - state
187 endef
188
189 $(eval $(call KernelPackage,ipt-conntrack))
190
191
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
198 endef
199
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
202 Includes:
203 - connbytes
204 - connmark/CONNMARK
205 - conntrack
206 - helper
207 - recent
208 endef
209
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
211
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
218 endef
219
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
222 Includes:
223 - connlabel
224 endef
225
226 $(eval $(call KernelPackage,ipt-conntrack-label))
227
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
234 endef
235
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
238 Includes:
239 - string
240 - bpf
241 endef
242
243 $(eval $(call KernelPackage,ipt-filter))
244
245
246 define KernelPackage/ipt-offload
247 TITLE:=Netfilter routing/NAT offload support
248 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
249 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
250 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
251 $(call AddDepends/ipt,+kmod-nf-flow)
252 endef
253
254 $(eval $(call KernelPackage,ipt-offload))
255
256
257 define KernelPackage/ipt-ipopt
258 TITLE:=Modules for matching/changing IP packet options
259 KCONFIG:=$(KCONFIG_IPT_IPOPT)
260 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
262 $(call AddDepends/ipt)
263 endef
264
265 define KernelPackage/ipt-ipopt/description
266 Netfilter (IPv4) modules for matching/changing IP packet options
267 Includes:
268 - CLASSIFY
269 - dscp/DSCP
270 - ecn/ECN
271 - hl/HL
272 - length
273 - mark/MARK
274 - statistic
275 - tcpmss
276 - time
277 - ttl/TTL
278 - unclean
279 endef
280
281 $(eval $(call KernelPackage,ipt-ipopt))
282
283
284 define KernelPackage/ipt-ipsec
285 TITLE:=Modules for matching IPSec packets
286 KCONFIG:=$(KCONFIG_IPT_IPSEC)
287 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
288 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
289 $(call AddDepends/ipt)
290 endef
291
292 define KernelPackage/ipt-ipsec/description
293 Netfilter (IPv4) modules for matching IPSec packets
294 Includes:
295 - ah
296 - esp
297 - policy
298 endef
299
300 $(eval $(call KernelPackage,ipt-ipsec))
301
302 IPSET_MODULES:= \
303 ipset/ip_set \
304 ipset/ip_set_bitmap_ip \
305 ipset/ip_set_bitmap_ipmac \
306 ipset/ip_set_bitmap_port \
307 ipset/ip_set_hash_ip \
308 ipset/ip_set_hash_ipmark \
309 ipset/ip_set_hash_ipport \
310 ipset/ip_set_hash_ipportip \
311 ipset/ip_set_hash_ipportnet \
312 ipset/ip_set_hash_mac \
313 ipset/ip_set_hash_netportnet \
314 ipset/ip_set_hash_net \
315 ipset/ip_set_hash_netnet \
316 ipset/ip_set_hash_netport \
317 ipset/ip_set_hash_netiface \
318 ipset/ip_set_list_set \
319 xt_set
320
321 define KernelPackage/ipt-ipset
322 SUBMENU:=Netfilter Extensions
323 TITLE:=IPset netfilter modules
324 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
325 KCONFIG:= \
326 CONFIG_IP_SET \
327 CONFIG_IP_SET_MAX=256 \
328 CONFIG_NETFILTER_XT_SET \
329 CONFIG_IP_SET_BITMAP_IP \
330 CONFIG_IP_SET_BITMAP_IPMAC \
331 CONFIG_IP_SET_BITMAP_PORT \
332 CONFIG_IP_SET_HASH_IP \
333 CONFIG_IP_SET_HASH_IPMARK \
334 CONFIG_IP_SET_HASH_IPPORT \
335 CONFIG_IP_SET_HASH_IPPORTIP \
336 CONFIG_IP_SET_HASH_IPPORTNET \
337 CONFIG_IP_SET_HASH_MAC \
338 CONFIG_IP_SET_HASH_NET \
339 CONFIG_IP_SET_HASH_NETNET \
340 CONFIG_IP_SET_HASH_NETIFACE \
341 CONFIG_IP_SET_HASH_NETPORT \
342 CONFIG_IP_SET_HASH_NETPORTNET \
343 CONFIG_IP_SET_LIST_SET \
344 CONFIG_NET_EMATCH_IPSET=n
345 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
346 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
347 endef
348 $(eval $(call KernelPackage,ipt-ipset))
349
350
351 define KernelPackage/ipt-nat
352 TITLE:=Basic NAT targets
353 KCONFIG:=$(KCONFIG_IPT_NAT)
354 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
355 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
356 $(call AddDepends/ipt,+kmod-nf-nat)
357 endef
358
359 define KernelPackage/ipt-nat/description
360 Netfilter (IPv4) kernel modules for basic NAT targets
361 Includes:
362 - MASQUERADE
363 endef
364
365 $(eval $(call KernelPackage,ipt-nat))
366
367
368 define KernelPackage/ipt-raw
369 TITLE:=Netfilter IPv4 raw table support
370 KCONFIG:=CONFIG_IP_NF_RAW
371 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
372 AUTOLOAD:=$(call AutoProbe,iptable_raw)
373 $(call AddDepends/ipt)
374 endef
375
376 $(eval $(call KernelPackage,ipt-raw))
377
378
379 define KernelPackage/ipt-raw6
380 TITLE:=Netfilter IPv6 raw table support
381 KCONFIG:=CONFIG_IP6_NF_RAW
382 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
383 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
384 $(call AddDepends/ipt,+kmod-ip6tables)
385 endef
386
387 $(eval $(call KernelPackage,ipt-raw6))
388
389
390 define KernelPackage/ipt-nat6
391 TITLE:=IPv6 NAT targets
392 KCONFIG:=$(KCONFIG_IPT_NAT6)
393 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
394 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
395 $(call AddDepends/ipt,+kmod-nf-nat6)
396 $(call AddDepends/ipt,+kmod-ipt-conntrack)
397 $(call AddDepends/ipt,+kmod-ipt-nat)
398 $(call AddDepends/ipt,+kmod-ip6tables)
399 endef
400
401 define KernelPackage/ipt-nat6/description
402 Netfilter (IPv6) kernel modules for NAT targets
403 endef
404
405 $(eval $(call KernelPackage,ipt-nat6))
406
407
408 define KernelPackage/ipt-nat-extra
409 TITLE:=Extra NAT targets
410 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
411 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
412 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
413 $(call AddDepends/ipt,+kmod-ipt-nat)
414 endef
415
416 define KernelPackage/ipt-nat-extra/description
417 Netfilter (IPv4) kernel modules for extra NAT targets
418 Includes:
419 - NETMAP
420 - REDIRECT
421 endef
422
423 $(eval $(call KernelPackage,ipt-nat-extra))
424
425
426 define KernelPackage/nf-nathelper
427 SUBMENU:=$(NF_MENU)
428 TITLE:=Basic Conntrack and NAT helpers
429 KCONFIG:=$(KCONFIG_NF_NATHELPER)
430 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
431 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
432 DEPENDS:=+kmod-nf-nat
433 endef
434
435 define KernelPackage/nf-nathelper/description
436 Default Netfilter (IPv4) Conntrack and NAT helpers
437 Includes:
438 - ftp
439 endef
440
441 $(eval $(call KernelPackage,nf-nathelper))
442
443
444 define KernelPackage/nf-nathelper-extra
445 SUBMENU:=$(NF_MENU)
446 TITLE:=Extra Conntrack and NAT helpers
447 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
448 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
449 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
450 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
451 endef
452
453 define KernelPackage/nf-nathelper-extra/description
454 Extra Netfilter (IPv4) Conntrack and NAT helpers
455 Includes:
456 - amanda
457 - h323
458 - irc
459 - mms
460 - pptp
461 - proto_gre
462 - sip
463 - snmp_basic
464 - tftp
465 - broadcast
466 endef
467
468 $(eval $(call KernelPackage,nf-nathelper-extra))
469
470
471 define KernelPackage/ipt-ulog
472 TITLE:=Module for user-space packet logging
473 KCONFIG:=$(KCONFIG_IPT_ULOG)
474 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
475 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
476 $(call AddDepends/ipt)
477 endef
478
479 define KernelPackage/ipt-ulog/description
480 Netfilter (IPv4) module for user-space packet logging
481 Includes:
482 - ULOG
483 endef
484
485 $(eval $(call KernelPackage,ipt-ulog))
486
487
488 define KernelPackage/ipt-nflog
489 TITLE:=Module for user-space packet logging
490 KCONFIG:=$(KCONFIG_IPT_NFLOG)
491 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
492 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
493 $(call AddDepends/ipt,+kmod-nfnetlink-log)
494 endef
495
496 define KernelPackage/ipt-nflog/description
497 Netfilter module for user-space packet logging
498 Includes:
499 - NFLOG
500 endef
501
502 $(eval $(call KernelPackage,ipt-nflog))
503
504
505 define KernelPackage/ipt-nfqueue
506 TITLE:=Module for user-space packet queuing
507 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
508 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
509 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
510 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
511 endef
512
513 define KernelPackage/ipt-nfqueue/description
514 Netfilter module for user-space packet queuing
515 Includes:
516 - NFQUEUE
517 endef
518
519 $(eval $(call KernelPackage,ipt-nfqueue))
520
521
522 define KernelPackage/ipt-debug
523 TITLE:=Module for debugging/development
524 KCONFIG:=$(KCONFIG_IPT_DEBUG)
525 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
526 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
527 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
528 endef
529
530 define KernelPackage/ipt-debug/description
531 Netfilter modules for debugging/development of the firewall
532 Includes:
533 - TRACE
534 endef
535
536 $(eval $(call KernelPackage,ipt-debug))
537
538
539 define KernelPackage/ipt-led
540 TITLE:=Module to trigger a LED with a Netfilter rule
541 KCONFIG:=$(KCONFIG_IPT_LED)
542 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
543 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
544 $(call AddDepends/ipt)
545 endef
546
547 define KernelPackage/ipt-led/description
548 Netfilter target to trigger a LED when a network packet is matched.
549 endef
550
551 $(eval $(call KernelPackage,ipt-led))
552
553 define KernelPackage/ipt-tproxy
554 TITLE:=Transparent proxying support
555 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
556 KCONFIG:= \
557 CONFIG_NETFILTER_XT_MATCH_SOCKET \
558 CONFIG_NETFILTER_XT_TARGET_TPROXY
559 FILES:= \
560 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
561 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
562 $(call AddDepends/ipt)
563 endef
564
565 define KernelPackage/ipt-tproxy/description
566 Kernel modules for Transparent Proxying
567 endef
568
569 $(eval $(call KernelPackage,ipt-tproxy))
570
571 define KernelPackage/ipt-tee
572 TITLE:=TEE support
573 DEPENDS:=+kmod-ipt-conntrack
574 KCONFIG:= \
575 CONFIG_NETFILTER_XT_TARGET_TEE
576 FILES:= \
577 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
578 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
579 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
580 $(call AddDepends/ipt)
581 endef
582
583 define KernelPackage/ipt-tee/description
584 Kernel modules for TEE
585 endef
586
587 $(eval $(call KernelPackage,ipt-tee))
588
589
590 define KernelPackage/ipt-u32
591 TITLE:=U32 support
592 KCONFIG:= \
593 CONFIG_NETFILTER_XT_MATCH_U32
594 FILES:= \
595 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
596 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
597 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
598 $(call AddDepends/ipt)
599 endef
600
601 define KernelPackage/ipt-u32/description
602 Kernel modules for U32
603 endef
604
605 $(eval $(call KernelPackage,ipt-u32))
606
607 define KernelPackage/ipt-checksum
608 TITLE:=CHECKSUM support
609 KCONFIG:= \
610 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
611 FILES:= \
612 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
613 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
614 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
615 $(call AddDepends/ipt)
616 endef
617
618 define KernelPackage/ipt-checksum/description
619 Kernel modules for CHECKSUM fillin target
620 endef
621
622 $(eval $(call KernelPackage,ipt-checksum))
623
624
625 define KernelPackage/ipt-iprange
626 TITLE:=Module for matching ip ranges
627 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
628 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
629 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
630 $(call AddDepends/ipt)
631 endef
632
633 define KernelPackage/ipt-iprange/description
634 Netfilter (IPv4) module for matching ip ranges
635 Includes:
636 - iprange
637 endef
638
639 $(eval $(call KernelPackage,ipt-iprange))
640
641 define KernelPackage/ipt-cluster
642 TITLE:=Module for matching cluster
643 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
644 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
645 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
646 $(call AddDepends/ipt,+kmod-nf-conntrack)
647 endef
648
649 define KernelPackage/ipt-cluster/description
650 Netfilter (IPv4/IPv6) module for matching cluster
651 This option allows you to build work-load-sharing clusters of
652 network servers/stateful firewalls without having a dedicated
653 load-balancing router/server/switch. Basically, this match returns
654 true when the packet must be handled by this cluster node. Thus,
655 all nodes see all packets and this match decides which node handles
656 what packets. The work-load sharing algorithm is based on source
657 address hashing.
658
659 This module is usable for ipv4 and ipv6.
660
661 To use it also enable iptables-mod-cluster
662
663 see `iptables -m cluster --help` for more information.
664 endef
665
666 $(eval $(call KernelPackage,ipt-cluster))
667
668 define KernelPackage/ipt-clusterip
669 TITLE:=Module for CLUSTERIP
670 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
671 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
672 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
673 $(call AddDepends/ipt,+kmod-nf-conntrack)
674 endef
675
676 define KernelPackage/ipt-clusterip/description
677 Netfilter (IPv4-only) module for CLUSTERIP
678 The CLUSTERIP target allows you to build load-balancing clusters of
679 network servers without having a dedicated load-balancing
680 router/server/switch.
681
682 To use it also enable iptables-mod-clusterip
683
684 see `iptables -j CLUSTERIP --help` for more information.
685 endef
686
687 $(eval $(call KernelPackage,ipt-clusterip))
688
689
690 define KernelPackage/ipt-extra
691 TITLE:=Extra modules
692 KCONFIG:=$(KCONFIG_IPT_EXTRA)
693 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
694 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
695 $(call AddDepends/ipt)
696 endef
697
698 define KernelPackage/ipt-extra/description
699 Other Netfilter (IPv4) kernel modules
700 Includes:
701 - addrtype
702 - owner
703 - pkttype
704 - quota
705 endef
706
707 $(eval $(call KernelPackage,ipt-extra))
708
709
710 define KernelPackage/ipt-physdev
711 TITLE:=physdev module
712 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
713 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
714 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
715 $(call AddDepends/ipt,+kmod-br-netfilter)
716 endef
717
718 define KernelPackage/ipt-physdev/description
719 The iptables physdev kernel module
720 endef
721
722 $(eval $(call KernelPackage,ipt-physdev))
723
724
725 define KernelPackage/ip6tables
726 SUBMENU:=$(NF_MENU)
727 TITLE:=IPv6 modules
728 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
729 KCONFIG:=$(KCONFIG_IPT_IPV6)
730 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
731 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
732 endef
733
734 define KernelPackage/ip6tables/description
735 Netfilter IPv6 firewalling support
736 endef
737
738 $(eval $(call KernelPackage,ip6tables))
739
740 define KernelPackage/ip6tables-extra
741 SUBMENU:=$(NF_MENU)
742 TITLE:=Extra IPv6 modules
743 DEPENDS:=+kmod-ip6tables
744 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
745 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
746 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
747 endef
748
749 define KernelPackage/ip6tables-extra/description
750 Netfilter IPv6 extra header matching modules
751 endef
752
753 $(eval $(call KernelPackage,ip6tables-extra))
754
755 ARP_MODULES = arp_tables arpt_mangle arptable_filter
756 define KernelPackage/arptables
757 SUBMENU:=$(NF_MENU)
758 TITLE:=ARP firewalling modules
759 DEPENDS:=+kmod-ipt-core
760 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
761 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
762 CONFIG_IP_NF_ARPFILTER \
763 CONFIG_IP_NF_ARP_MANGLE
764 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
765 endef
766
767 define KernelPackage/arptables/description
768 Kernel modules for ARP firewalling
769 endef
770
771 $(eval $(call KernelPackage,arptables))
772
773
774 define KernelPackage/br-netfilter
775 SUBMENU:=$(NF_MENU)
776 TITLE:=Bridge netfilter support modules
777 DEPENDS:=+kmod-ipt-core
778 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
779 KCONFIG:=CONFIG_BRIDGE_NETFILTER
780 AUTOLOAD:=$(call AutoProbe,br_netfilter)
781 endef
782
783 define KernelPackage/br-netfilter/install
784 $(INSTALL_DIR) $(1)/etc/sysctl.d
785 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
786 endef
787
788 $(eval $(call KernelPackage,br-netfilter))
789
790
791 define KernelPackage/ebtables
792 SUBMENU:=$(NF_MENU)
793 TITLE:=Bridge firewalling modules
794 DEPENDS:=+kmod-ipt-core
795 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
796 KCONFIG:=$(KCONFIG_EBTABLES)
797 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
798 endef
799
800 define KernelPackage/ebtables/description
801 ebtables is a general, extensible frame/packet identification
802 framework. It provides you to do Ethernet
803 filtering/NAT/brouting on the Ethernet bridge.
804 endef
805
806 $(eval $(call KernelPackage,ebtables))
807
808
809 define AddDepends/ebtables
810 SUBMENU:=$(NF_MENU)
811 DEPENDS+= +kmod-ebtables $(1)
812 endef
813
814
815 define KernelPackage/ebtables-ipv4
816 TITLE:=ebtables: IPv4 support
817 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
818 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
819 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
820 $(call AddDepends/ebtables)
821 endef
822
823 define KernelPackage/ebtables-ipv4/description
824 This option adds the IPv4 support to ebtables, which allows basic
825 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
826 endef
827
828 $(eval $(call KernelPackage,ebtables-ipv4))
829
830
831 define KernelPackage/ebtables-ipv6
832 TITLE:=ebtables: IPv6 support
833 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
834 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
835 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
836 $(call AddDepends/ebtables)
837 endef
838
839 define KernelPackage/ebtables-ipv6/description
840 This option adds the IPv6 support to ebtables, which allows basic
841 IPv6 header field filtering and target support.
842 endef
843
844 $(eval $(call KernelPackage,ebtables-ipv6))
845
846
847 define KernelPackage/ebtables-watchers
848 TITLE:=ebtables: watchers support
849 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
850 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
851 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
852 $(call AddDepends/ebtables)
853 endef
854
855 define KernelPackage/ebtables-watchers/description
856 This option adds the log watchers, that you can use in any rule
857 in any ebtables table.
858 endef
859
860 $(eval $(call KernelPackage,ebtables-watchers))
861
862
863 define KernelPackage/nfnetlink
864 SUBMENU:=$(NF_MENU)
865 TITLE:=Netlink-based userspace interface
866 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
867 KCONFIG:=$(KCONFIG_NFNETLINK)
868 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
869 endef
870
871 define KernelPackage/nfnetlink/description
872 Kernel modules support for a netlink-based userspace interface
873 endef
874
875 $(eval $(call KernelPackage,nfnetlink))
876
877
878 define AddDepends/nfnetlink
879 SUBMENU:=$(NF_MENU)
880 DEPENDS+=+kmod-nfnetlink $(1)
881 endef
882
883
884 define KernelPackage/nfnetlink-log
885 TITLE:=Netfilter LOG over NFNETLINK interface
886 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
887 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
888 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
889 $(call AddDepends/nfnetlink)
890 endef
891
892 define KernelPackage/nfnetlink-log/description
893 Kernel modules support for logging packets via NFNETLINK
894 Includes:
895 - NFLOG
896 endef
897
898 $(eval $(call KernelPackage,nfnetlink-log))
899
900
901 define KernelPackage/nfnetlink-queue
902 TITLE:=Netfilter QUEUE over NFNETLINK interface
903 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
904 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
905 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
906 $(call AddDepends/nfnetlink)
907 endef
908
909 define KernelPackage/nfnetlink-queue/description
910 Kernel modules support for queueing packets via NFNETLINK
911 Includes:
912 - NFQUEUE
913 endef
914
915 $(eval $(call KernelPackage,nfnetlink-queue))
916
917
918 define KernelPackage/nf-conntrack-netlink
919 TITLE:=Connection tracking netlink interface
920 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
921 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
922 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
923 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
924 endef
925
926 define KernelPackage/nf-conntrack-netlink/description
927 Kernel modules support for a netlink-based connection tracking
928 userspace interface
929 endef
930
931 $(eval $(call KernelPackage,nf-conntrack-netlink))
932
933 define KernelPackage/ipt-hashlimit
934 SUBMENU:=$(NF_MENU)
935 TITLE:=Netfilter hashlimit match
936 DEPENDS:=+kmod-ipt-core
937 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
938 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
939 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
940 $(call KernelPackage/ipt)
941 endef
942
943 define KernelPackage/ipt-hashlimit/description
944 Kernel modules support for the hashlimit bucket match module
945 endef
946
947 $(eval $(call KernelPackage,ipt-hashlimit))
948
949 define KernelPackage/ipt-rpfilter
950 SUBMENU:=$(NF_MENU)
951 TITLE:=Netfilter rpfilter match
952 DEPENDS:=+kmod-ipt-core
953 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
954 FILES:=$(realpath \
955 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
956 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
957 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
958 $(call KernelPackage/ipt)
959 endef
960
961 define KernelPackage/ipt-rpfilter/description
962 Kernel modules support for the Netfilter rpfilter match
963 endef
964
965 $(eval $(call KernelPackage,ipt-rpfilter))
966
967
968 define KernelPackage/nft-core
969 SUBMENU:=$(NF_MENU)
970 TITLE:=Netfilter nf_tables support
971 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
972 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
973 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
974 KCONFIG:= \
975 CONFIG_NFT_COMPAT=n \
976 CONFIG_NFT_QUEUE=n \
977 $(KCONFIG_NFT_CORE)
978 endef
979
980 define KernelPackage/nft-core/description
981 Kernel module support for nftables
982 endef
983
984 $(eval $(call KernelPackage,nft-core))
985
986
987 define KernelPackage/nft-arp
988 SUBMENU:=$(NF_MENU)
989 TITLE:=Netfilter nf_tables ARP table support
990 DEPENDS:=+kmod-nft-core
991 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
992 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
993 KCONFIG:=$(KCONFIG_NFT_ARP)
994 endef
995
996 $(eval $(call KernelPackage,nft-arp))
997
998
999 define KernelPackage/nft-bridge
1000 SUBMENU:=$(NF_MENU)
1001 TITLE:=Netfilter nf_tables bridge table support
1002 DEPENDS:=+kmod-nft-core
1003 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1004 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1005 KCONFIG:= \
1006 CONFIG_NF_LOG_BRIDGE=n \
1007 $(KCONFIG_NFT_BRIDGE)
1008 endef
1009
1010 $(eval $(call KernelPackage,nft-bridge))
1011
1012
1013 define KernelPackage/nft-nat
1014 SUBMENU:=$(NF_MENU)
1015 TITLE:=Netfilter nf_tables NAT support
1016 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1017 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1018 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1019 KCONFIG:=$(KCONFIG_NFT_NAT)
1020 endef
1021
1022 $(eval $(call KernelPackage,nft-nat))
1023
1024
1025 define KernelPackage/nft-offload
1026 SUBMENU:=$(NF_MENU)
1027 TITLE:=Netfilter nf_tables routing/NAT offload support
1028 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1029 KCONFIG:= \
1030 CONFIG_NF_FLOW_TABLE_INET \
1031 CONFIG_NF_FLOW_TABLE_IPV4 \
1032 CONFIG_NF_FLOW_TABLE_IPV6 \
1033 CONFIG_NFT_FLOW_OFFLOAD
1034 FILES:= \
1035 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1036 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1037 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1038 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1039 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1040 endef
1041
1042 $(eval $(call KernelPackage,nft-offload))
1043
1044
1045 define KernelPackage/nft-nat6
1046 SUBMENU:=$(NF_MENU)
1047 TITLE:=Netfilter nf_tables IPv6-NAT support
1048 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1049 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1050 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1051 KCONFIG:=$(KCONFIG_NFT_NAT6)
1052 endef
1053
1054 $(eval $(call KernelPackage,nft-nat6))
OpenWrt Source Repository