48db5d05994e933e8455de9274afefe5d5ab7041
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 $(eval $(call KernelPackage,nf-conntrack))
105
106
107 define KernelPackage/nf-conntrack6
108 SUBMENU:=$(NF_MENU)
109 TITLE:=Netfilter IPv6 connection tracking
110 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
111 DEPENDS:=@IPV6 +kmod-nf-conntrack
112 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
114 endef
115
116 $(eval $(call KernelPackage,nf-conntrack6))
117
118
119 define KernelPackage/nf-nat
120 SUBMENU:=$(NF_MENU)
121 TITLE:=Netfilter NAT
122 KCONFIG:=$(KCONFIG_NF_NAT)
123 DEPENDS:=+kmod-nf-conntrack
124 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
126 endef
127
128 $(eval $(call KernelPackage,nf-nat))
129
130
131 define KernelPackage/nf-nat6
132 SUBMENU:=$(NF_MENU)
133 TITLE:=Netfilter IPV6-NAT
134 KCONFIG:=$(KCONFIG_NF_NAT6)
135 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
136 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
137 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
138 endef
139
140 $(eval $(call KernelPackage,nf-nat6))
141
142
143 define KernelPackage/nf-flow
144 SUBMENU:=$(NF_MENU)
145 TITLE:=Netfilter flowtable support
146 KCONFIG:= \
147 CONFIG_NETFILTER_INGRESS=y \
148 CONFIG_NF_FLOW_TABLE \
149 CONFIG_NF_FLOW_TABLE_HW
150 DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
151 FILES:= \
152 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
153 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
154 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
155 endef
156
157 $(eval $(call KernelPackage,nf-flow))
158
159
160 define AddDepends/ipt
161 SUBMENU:=$(NF_MENU)
162 DEPENDS+= +kmod-ipt-core $(1)
163 endef
164
165
166 define KernelPackage/ipt-conntrack
167 TITLE:=Basic connection tracking modules
168 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
169 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
170 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
171 $(call AddDepends/ipt,+kmod-nf-conntrack)
172 endef
173
174 define KernelPackage/ipt-conntrack/description
175 Netfilter (IPv4) kernel modules for connection tracking
176 Includes:
177 - conntrack
178 - defrag
179 - iptables_raw
180 - NOTRACK
181 - state
182 endef
183
184 $(eval $(call KernelPackage,ipt-conntrack))
185
186
187 define KernelPackage/ipt-conntrack-extra
188 TITLE:=Extra connection tracking modules
189 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
190 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
191 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
192 $(call AddDepends/ipt,+kmod-ipt-conntrack)
193 endef
194
195 define KernelPackage/ipt-conntrack-extra/description
196 Netfilter (IPv4) extra kernel modules for connection tracking
197 Includes:
198 - connbytes
199 - connmark/CONNMARK
200 - conntrack
201 - helper
202 - recent
203 endef
204
205 $(eval $(call KernelPackage,ipt-conntrack-extra))
206
207 define KernelPackage/ipt-conntrack-label
208 TITLE:=Module for handling connection tracking labels
209 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
210 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
211 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
212 $(call AddDepends/ipt,+kmod-ipt-conntrack)
213 endef
214
215 define KernelPackage/ipt-conntrack-label/description
216 Netfilter (IPv4) module for handling connection tracking labels
217 Includes:
218 - connlabel
219 endef
220
221 $(eval $(call KernelPackage,ipt-conntrack-label))
222
223 define KernelPackage/ipt-filter
224 TITLE:=Modules for packet content inspection
225 KCONFIG:=$(KCONFIG_IPT_FILTER)
226 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
227 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
228 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
229 endef
230
231 define KernelPackage/ipt-filter/description
232 Netfilter (IPv4) kernel modules for packet content inspection
233 Includes:
234 - string
235 endef
236
237 $(eval $(call KernelPackage,ipt-filter))
238
239
240 define KernelPackage/ipt-offload
241 TITLE:=Netfilter routing/NAT offload support
242 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
243 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
244 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
245 $(call AddDepends/ipt,+kmod-nf-flow)
246 endef
247
248 $(eval $(call KernelPackage,ipt-offload))
249
250
251 define KernelPackage/ipt-ipopt
252 TITLE:=Modules for matching/changing IP packet options
253 KCONFIG:=$(KCONFIG_IPT_IPOPT)
254 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
255 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
256 $(call AddDepends/ipt)
257 endef
258
259 define KernelPackage/ipt-ipopt/description
260 Netfilter (IPv4) modules for matching/changing IP packet options
261 Includes:
262 - CLASSIFY
263 - dscp/DSCP
264 - ecn/ECN
265 - hl/HL
266 - length
267 - mark/MARK
268 - statistic
269 - tcpmss
270 - time
271 - ttl/TTL
272 - unclean
273 endef
274
275 $(eval $(call KernelPackage,ipt-ipopt))
276
277
278 define KernelPackage/ipt-ipsec
279 TITLE:=Modules for matching IPSec packets
280 KCONFIG:=$(KCONFIG_IPT_IPSEC)
281 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
282 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
283 $(call AddDepends/ipt)
284 endef
285
286 define KernelPackage/ipt-ipsec/description
287 Netfilter (IPv4) modules for matching IPSec packets
288 Includes:
289 - ah
290 - esp
291 - policy
292 endef
293
294 $(eval $(call KernelPackage,ipt-ipsec))
295
296 IPSET_MODULES:= \
297 ipset/ip_set \
298 ipset/ip_set_bitmap_ip \
299 ipset/ip_set_bitmap_ipmac \
300 ipset/ip_set_bitmap_port \
301 ipset/ip_set_hash_ip \
302 ipset/ip_set_hash_ipmark \
303 ipset/ip_set_hash_ipport \
304 ipset/ip_set_hash_ipportip \
305 ipset/ip_set_hash_ipportnet \
306 ipset/ip_set_hash_mac \
307 ipset/ip_set_hash_netportnet \
308 ipset/ip_set_hash_net \
309 ipset/ip_set_hash_netnet \
310 ipset/ip_set_hash_netport \
311 ipset/ip_set_hash_netiface \
312 ipset/ip_set_list_set \
313 xt_set
314
315 define KernelPackage/ipt-ipset
316 SUBMENU:=Netfilter Extensions
317 TITLE:=IPset netfilter modules
318 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
319 KCONFIG:= \
320 CONFIG_IP_SET \
321 CONFIG_IP_SET_MAX=256 \
322 CONFIG_NETFILTER_XT_SET \
323 CONFIG_IP_SET_BITMAP_IP \
324 CONFIG_IP_SET_BITMAP_IPMAC \
325 CONFIG_IP_SET_BITMAP_PORT \
326 CONFIG_IP_SET_HASH_IP \
327 CONFIG_IP_SET_HASH_IPMARK \
328 CONFIG_IP_SET_HASH_IPPORT \
329 CONFIG_IP_SET_HASH_IPPORTIP \
330 CONFIG_IP_SET_HASH_IPPORTNET \
331 CONFIG_IP_SET_HASH_MAC \
332 CONFIG_IP_SET_HASH_NET \
333 CONFIG_IP_SET_HASH_NETNET \
334 CONFIG_IP_SET_HASH_NETIFACE \
335 CONFIG_IP_SET_HASH_NETPORT \
336 CONFIG_IP_SET_HASH_NETPORTNET \
337 CONFIG_IP_SET_LIST_SET \
338 CONFIG_NET_EMATCH_IPSET=n
339 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
340 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
341 endef
342 $(eval $(call KernelPackage,ipt-ipset))
343
344
345 define KernelPackage/ipt-nat
346 TITLE:=Basic NAT targets
347 KCONFIG:=$(KCONFIG_IPT_NAT)
348 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
349 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
350 $(call AddDepends/ipt,+kmod-nf-nat)
351 endef
352
353 define KernelPackage/ipt-nat/description
354 Netfilter (IPv4) kernel modules for basic NAT targets
355 Includes:
356 - MASQUERADE
357 endef
358
359 $(eval $(call KernelPackage,ipt-nat))
360
361
362 define KernelPackage/ipt-raw
363 TITLE:=Netfilter IPv4 raw table support
364 KCONFIG:=CONFIG_IP_NF_RAW
365 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
366 AUTOLOAD:=$(call AutoProbe,iptable_raw)
367 $(call AddDepends/ipt)
368 endef
369
370 $(eval $(call KernelPackage,ipt-raw))
371
372
373 define KernelPackage/ipt-raw6
374 TITLE:=Netfilter IPv6 raw table support
375 KCONFIG:=CONFIG_IP6_NF_RAW
376 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
377 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
378 $(call AddDepends/ipt,+kmod-ip6tables)
379 endef
380
381 $(eval $(call KernelPackage,ipt-raw6))
382
383
384 define KernelPackage/ipt-nat6
385 TITLE:=IPv6 NAT targets
386 KCONFIG:=$(KCONFIG_IPT_NAT6)
387 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
388 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
389 $(call AddDepends/ipt,+kmod-nf-nat6)
390 $(call AddDepends/ipt,+kmod-ipt-conntrack)
391 $(call AddDepends/ipt,+kmod-ipt-nat)
392 $(call AddDepends/ipt,+kmod-ip6tables)
393 endef
394
395 define KernelPackage/ipt-nat6/description
396 Netfilter (IPv6) kernel modules for NAT targets
397 endef
398
399 $(eval $(call KernelPackage,ipt-nat6))
400
401
402 define KernelPackage/ipt-nat-extra
403 TITLE:=Extra NAT targets
404 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
405 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
406 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
407 $(call AddDepends/ipt,+kmod-ipt-nat)
408 endef
409
410 define KernelPackage/ipt-nat-extra/description
411 Netfilter (IPv4) kernel modules for extra NAT targets
412 Includes:
413 - NETMAP
414 - REDIRECT
415 endef
416
417 $(eval $(call KernelPackage,ipt-nat-extra))
418
419
420 define KernelPackage/nf-nathelper
421 SUBMENU:=$(NF_MENU)
422 TITLE:=Basic Conntrack and NAT helpers
423 KCONFIG:=$(KCONFIG_NF_NATHELPER)
424 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
425 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
426 DEPENDS:=+kmod-nf-nat
427 endef
428
429 define KernelPackage/nf-nathelper/description
430 Default Netfilter (IPv4) Conntrack and NAT helpers
431 Includes:
432 - ftp
433 endef
434
435 $(eval $(call KernelPackage,nf-nathelper))
436
437
438 define KernelPackage/nf-nathelper-extra
439 SUBMENU:=$(NF_MENU)
440 TITLE:=Extra Conntrack and NAT helpers
441 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
442 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
443 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
444 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
445 endef
446
447 define KernelPackage/nf-nathelper-extra/description
448 Extra Netfilter (IPv4) Conntrack and NAT helpers
449 Includes:
450 - amanda
451 - h323
452 - irc
453 - mms
454 - pptp
455 - proto_gre
456 - sip
457 - snmp_basic
458 - tftp
459 - broadcast
460 endef
461
462 $(eval $(call KernelPackage,nf-nathelper-extra))
463
464
465 define KernelPackage/ipt-ulog
466 TITLE:=Module for user-space packet logging
467 KCONFIG:=$(KCONFIG_IPT_ULOG)
468 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
469 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
470 $(call AddDepends/ipt)
471 endef
472
473 define KernelPackage/ipt-ulog/description
474 Netfilter (IPv4) module for user-space packet logging
475 Includes:
476 - ULOG
477 endef
478
479 $(eval $(call KernelPackage,ipt-ulog))
480
481
482 define KernelPackage/ipt-nflog
483 TITLE:=Module for user-space packet logging
484 KCONFIG:=$(KCONFIG_IPT_NFLOG)
485 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
486 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
487 $(call AddDepends/ipt,+kmod-nfnetlink-log)
488 endef
489
490 define KernelPackage/ipt-nflog/description
491 Netfilter module for user-space packet logging
492 Includes:
493 - NFLOG
494 endef
495
496 $(eval $(call KernelPackage,ipt-nflog))
497
498
499 define KernelPackage/ipt-nfqueue
500 TITLE:=Module for user-space packet queuing
501 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
502 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
503 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
504 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
505 endef
506
507 define KernelPackage/ipt-nfqueue/description
508 Netfilter module for user-space packet queuing
509 Includes:
510 - NFQUEUE
511 endef
512
513 $(eval $(call KernelPackage,ipt-nfqueue))
514
515
516 define KernelPackage/ipt-debug
517 TITLE:=Module for debugging/development
518 KCONFIG:=$(KCONFIG_IPT_DEBUG)
519 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
520 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
521 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
522 endef
523
524 define KernelPackage/ipt-debug/description
525 Netfilter modules for debugging/development of the firewall
526 Includes:
527 - TRACE
528 endef
529
530 $(eval $(call KernelPackage,ipt-debug))
531
532
533 define KernelPackage/ipt-led
534 TITLE:=Module to trigger a LED with a Netfilter rule
535 KCONFIG:=$(KCONFIG_IPT_LED)
536 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
537 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
538 $(call AddDepends/ipt)
539 endef
540
541 define KernelPackage/ipt-led/description
542 Netfilter target to trigger a LED when a network packet is matched.
543 endef
544
545 $(eval $(call KernelPackage,ipt-led))
546
547 define KernelPackage/ipt-tproxy
548 TITLE:=Transparent proxying support
549 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
550 KCONFIG:= \
551 CONFIG_NETFILTER_XT_MATCH_SOCKET \
552 CONFIG_NETFILTER_XT_TARGET_TPROXY
553 FILES:= \
554 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
555 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
556 $(call AddDepends/ipt)
557 endef
558
559 define KernelPackage/ipt-tproxy/description
560 Kernel modules for Transparent Proxying
561 endef
562
563 $(eval $(call KernelPackage,ipt-tproxy))
564
565 define KernelPackage/ipt-tee
566 TITLE:=TEE support
567 DEPENDS:=+kmod-ipt-conntrack
568 KCONFIG:= \
569 CONFIG_NETFILTER_XT_TARGET_TEE
570 FILES:= \
571 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
572 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
573 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
574 $(call AddDepends/ipt)
575 endef
576
577 define KernelPackage/ipt-tee/description
578 Kernel modules for TEE
579 endef
580
581 $(eval $(call KernelPackage,ipt-tee))
582
583
584 define KernelPackage/ipt-u32
585 TITLE:=U32 support
586 KCONFIG:= \
587 CONFIG_NETFILTER_XT_MATCH_U32
588 FILES:= \
589 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
590 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
591 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
592 $(call AddDepends/ipt)
593 endef
594
595 define KernelPackage/ipt-u32/description
596 Kernel modules for U32
597 endef
598
599 $(eval $(call KernelPackage,ipt-u32))
600
601 define KernelPackage/ipt-checksum
602 TITLE:=CHECKSUM support
603 KCONFIG:= \
604 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
605 FILES:= \
606 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
607 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
608 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
609 $(call AddDepends/ipt)
610 endef
611
612 define KernelPackage/ipt-checksum/description
613 Kernel modules for CHECKSUM fillin target
614 endef
615
616 $(eval $(call KernelPackage,ipt-checksum))
617
618
619 define KernelPackage/ipt-iprange
620 TITLE:=Module for matching ip ranges
621 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
622 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
623 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
624 $(call AddDepends/ipt)
625 endef
626
627 define KernelPackage/ipt-iprange/description
628 Netfilter (IPv4) module for matching ip ranges
629 Includes:
630 - iprange
631 endef
632
633 $(eval $(call KernelPackage,ipt-iprange))
634
635 define KernelPackage/ipt-cluster
636 TITLE:=Module for matching cluster
637 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
638 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
639 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
640 $(call AddDepends/ipt)
641 endef
642
643 define KernelPackage/ipt-cluster/description
644 Netfilter (IPv4/IPv6) module for matching cluster
645 This option allows you to build work-load-sharing clusters of
646 network servers/stateful firewalls without having a dedicated
647 load-balancing router/server/switch. Basically, this match returns
648 true when the packet must be handled by this cluster node. Thus,
649 all nodes see all packets and this match decides which node handles
650 what packets. The work-load sharing algorithm is based on source
651 address hashing.
652
653 This module is usable for ipv4 and ipv6.
654
655 To use it also enable iptables-mod-cluster
656
657 see `iptables -m cluster --help` for more information.
658 endef
659
660 $(eval $(call KernelPackage,ipt-cluster))
661
662 define KernelPackage/ipt-clusterip
663 TITLE:=Module for CLUSTERIP
664 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
665 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
666 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
667 $(call AddDepends/ipt,+kmod-nf-conntrack)
668 endef
669
670 define KernelPackage/ipt-clusterip/description
671 Netfilter (IPv4-only) module for CLUSTERIP
672 The CLUSTERIP target allows you to build load-balancing clusters of
673 network servers without having a dedicated load-balancing
674 router/server/switch.
675
676 To use it also enable iptables-mod-clusterip
677
678 see `iptables -j CLUSTERIP --help` for more information.
679 endef
680
681 $(eval $(call KernelPackage,ipt-clusterip))
682
683
684 define KernelPackage/ipt-extra
685 TITLE:=Extra modules
686 KCONFIG:=$(KCONFIG_IPT_EXTRA)
687 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
688 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
689 $(call AddDepends/ipt,+kmod-br-netfilter)
690 endef
691
692 define KernelPackage/ipt-extra/description
693 Other Netfilter (IPv4) kernel modules
694 Includes:
695 - addrtype
696 - owner
697 - physdev (if bridge support was enabled in kernel)
698 - pkttype
699 - quota
700 endef
701
702 $(eval $(call KernelPackage,ipt-extra))
703
704
705 define KernelPackage/ip6tables
706 SUBMENU:=$(NF_MENU)
707 TITLE:=IPv6 modules
708 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
709 KCONFIG:=$(KCONFIG_IPT_IPV6)
710 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
711 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
712 endef
713
714 define KernelPackage/ip6tables/description
715 Netfilter IPv6 firewalling support
716 endef
717
718 $(eval $(call KernelPackage,ip6tables))
719
720 define KernelPackage/ip6tables-extra
721 SUBMENU:=$(NF_MENU)
722 TITLE:=Extra IPv6 modules
723 DEPENDS:=+kmod-ip6tables
724 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
725 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
726 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
727 endef
728
729 define KernelPackage/ip6tables-extra/description
730 Netfilter IPv6 extra header matching modules
731 endef
732
733 $(eval $(call KernelPackage,ip6tables-extra))
734
735 ARP_MODULES = arp_tables arpt_mangle arptable_filter
736 define KernelPackage/arptables
737 SUBMENU:=$(NF_MENU)
738 TITLE:=ARP firewalling modules
739 DEPENDS:=+kmod-ipt-core
740 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
741 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
742 CONFIG_IP_NF_ARPFILTER \
743 CONFIG_IP_NF_ARP_MANGLE
744 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
745 endef
746
747 define KernelPackage/arptables/description
748 Kernel modules for ARP firewalling
749 endef
750
751 $(eval $(call KernelPackage,arptables))
752
753
754 define KernelPackage/br-netfilter
755 SUBMENU:=$(NF_MENU)
756 TITLE:=Bridge netfilter support modules
757 DEPENDS:=+kmod-ipt-core
758 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
759 KCONFIG:=CONFIG_BRIDGE_NETFILTER
760 AUTOLOAD:=$(call AutoProbe,br_netfilter)
761 endef
762
763 $(eval $(call KernelPackage,br-netfilter))
764
765
766 define KernelPackage/ebtables
767 SUBMENU:=$(NF_MENU)
768 TITLE:=Bridge firewalling modules
769 DEPENDS:=+kmod-ipt-core
770 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
771 KCONFIG:=$(KCONFIG_EBTABLES)
772 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
773 endef
774
775 define KernelPackage/ebtables/description
776 ebtables is a general, extensible frame/packet identification
777 framework. It provides you to do Ethernet
778 filtering/NAT/brouting on the Ethernet bridge.
779 endef
780
781 $(eval $(call KernelPackage,ebtables))
782
783
784 define AddDepends/ebtables
785 SUBMENU:=$(NF_MENU)
786 DEPENDS+= +kmod-ebtables $(1)
787 endef
788
789
790 define KernelPackage/ebtables-ipv4
791 TITLE:=ebtables: IPv4 support
792 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
793 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
794 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
795 $(call AddDepends/ebtables)
796 endef
797
798 define KernelPackage/ebtables-ipv4/description
799 This option adds the IPv4 support to ebtables, which allows basic
800 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
801 endef
802
803 $(eval $(call KernelPackage,ebtables-ipv4))
804
805
806 define KernelPackage/ebtables-ipv6
807 TITLE:=ebtables: IPv6 support
808 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
809 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
810 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
811 $(call AddDepends/ebtables)
812 endef
813
814 define KernelPackage/ebtables-ipv6/description
815 This option adds the IPv6 support to ebtables, which allows basic
816 IPv6 header field filtering and target support.
817 endef
818
819 $(eval $(call KernelPackage,ebtables-ipv6))
820
821
822 define KernelPackage/ebtables-watchers
823 TITLE:=ebtables: watchers support
824 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
825 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
826 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
827 $(call AddDepends/ebtables)
828 endef
829
830 define KernelPackage/ebtables-watchers/description
831 This option adds the log watchers, that you can use in any rule
832 in any ebtables table.
833 endef
834
835 $(eval $(call KernelPackage,ebtables-watchers))
836
837
838 define KernelPackage/nfnetlink
839 SUBMENU:=$(NF_MENU)
840 TITLE:=Netlink-based userspace interface
841 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
842 KCONFIG:=$(KCONFIG_NFNETLINK)
843 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
844 endef
845
846 define KernelPackage/nfnetlink/description
847 Kernel modules support for a netlink-based userspace interface
848 endef
849
850 $(eval $(call KernelPackage,nfnetlink))
851
852
853 define AddDepends/nfnetlink
854 SUBMENU:=$(NF_MENU)
855 DEPENDS+=+kmod-nfnetlink $(1)
856 endef
857
858
859 define KernelPackage/nfnetlink-log
860 TITLE:=Netfilter LOG over NFNETLINK interface
861 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
862 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
863 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
864 $(call AddDepends/nfnetlink)
865 endef
866
867 define KernelPackage/nfnetlink-log/description
868 Kernel modules support for logging packets via NFNETLINK
869 Includes:
870 - NFLOG
871 endef
872
873 $(eval $(call KernelPackage,nfnetlink-log))
874
875
876 define KernelPackage/nfnetlink-queue
877 TITLE:=Netfilter QUEUE over NFNETLINK interface
878 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
879 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
880 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
881 $(call AddDepends/nfnetlink)
882 endef
883
884 define KernelPackage/nfnetlink-queue/description
885 Kernel modules support for queueing packets via NFNETLINK
886 Includes:
887 - NFQUEUE
888 endef
889
890 $(eval $(call KernelPackage,nfnetlink-queue))
891
892
893 define KernelPackage/nf-conntrack-netlink
894 TITLE:=Connection tracking netlink interface
895 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
896 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
897 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
898 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
899 endef
900
901 define KernelPackage/nf-conntrack-netlink/description
902 Kernel modules support for a netlink-based connection tracking
903 userspace interface
904 endef
905
906 $(eval $(call KernelPackage,nf-conntrack-netlink))
907
908 define KernelPackage/ipt-hashlimit
909 SUBMENU:=$(NF_MENU)
910 TITLE:=Netfilter hashlimit match
911 DEPENDS:=+kmod-ipt-core
912 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
913 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
914 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
915 $(call KernelPackage/ipt)
916 endef
917
918 define KernelPackage/ipt-hashlimit/description
919 Kernel modules support for the hashlimit bucket match module
920 endef
921
922 $(eval $(call KernelPackage,ipt-hashlimit))
923
924 define KernelPackage/ipt-rpfilter
925 SUBMENU:=$(NF_MENU)
926 TITLE:=Netfilter rpfilter match
927 DEPENDS:=+kmod-ipt-core
928 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
929 FILES:=$(realpath \
930 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
931 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
932 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
933 $(call KernelPackage/ipt)
934 endef
935
936 define KernelPackage/ipt-rpfilter/description
937 Kernel modules support for the Netfilter rpfilter match
938 endef
939
940 $(eval $(call KernelPackage,ipt-rpfilter))
941
942
943 define KernelPackage/nft-core
944 SUBMENU:=$(NF_MENU)
945 TITLE:=Netfilter nf_tables support
946 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
947 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
948 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
949 KCONFIG:= \
950 CONFIG_NFT_COMPAT=n \
951 CONFIG_NFT_QUEUE=n \
952 $(KCONFIG_NFT_CORE)
953 endef
954
955 define KernelPackage/nft-core/description
956 Kernel module support for nftables
957 endef
958
959 $(eval $(call KernelPackage,nft-core))
960
961
962 define KernelPackage/nft-arp
963 SUBMENU:=$(NF_MENU)
964 TITLE:=Netfilter nf_tables ARP table support
965 DEPENDS:=+kmod-nft-core
966 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
967 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
968 KCONFIG:=$(KCONFIG_NFT_ARP)
969 endef
970
971 $(eval $(call KernelPackage,nft-arp))
972
973
974 define KernelPackage/nft-bridge
975 SUBMENU:=$(NF_MENU)
976 TITLE:=Netfilter nf_tables bridge table support
977 DEPENDS:=+kmod-nft-core
978 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
979 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
980 KCONFIG:= \
981 CONFIG_NF_LOG_BRIDGE=n \
982 $(KCONFIG_NFT_BRIDGE)
983 endef
984
985 $(eval $(call KernelPackage,nft-bridge))
986
987
988 define KernelPackage/nft-nat
989 SUBMENU:=$(NF_MENU)
990 TITLE:=Netfilter nf_tables NAT support
991 DEPENDS:=+kmod-nft-core +kmod-nf-nat
992 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
993 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
994 KCONFIG:=$(KCONFIG_NFT_NAT)
995 endef
996
997 $(eval $(call KernelPackage,nft-nat))
998
999
1000 define KernelPackage/nft-offload
1001 SUBMENU:=$(NF_MENU)
1002 TITLE:=Netfilter nf_tables routing/NAT offload support
1003 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1004 KCONFIG:= \
1005 CONFIG_NF_FLOW_TABLE_INET \
1006 CONFIG_NF_FLOW_TABLE_IPV4 \
1007 CONFIG_NF_FLOW_TABLE_IPV6 \
1008 CONFIG_NFT_FLOW_OFFLOAD
1009 FILES:= \
1010 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1011 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1012 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1013 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1014 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1015 endef
1016
1017 $(eval $(call KernelPackage,nft-offload))
1018
1019
1020 define KernelPackage/nft-nat6
1021 SUBMENU:=$(NF_MENU)
1022 TITLE:=Netfilter nf_tables IPv6-NAT support
1023 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1024 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1025 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1026 KCONFIG:=$(KCONFIG_NFT_NAT6)
1027 endef
1028
1029 $(eval $(call KernelPackage,nft-nat6))