projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
qoriq: add kernel 6.1 support
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack @!LINUX_4_9
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define AddDepends/ipt
166 SUBMENU:=$(NF_MENU)
167 DEPENDS+= +kmod-ipt-core $(1)
168 endef
169
170
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
177 endef
178
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
181 Includes:
182 - conntrack
183 - defrag
184 - iptables_raw
185 - NOTRACK
186 - state
187 endef
188
189 $(eval $(call KernelPackage,ipt-conntrack))
190
191
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
198 endef
199
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
202 Includes:
203 - connbytes
204 - connmark/CONNMARK
205 - conntrack
206 - helper
207 - recent
208 endef
209
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
211
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
218 endef
219
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
222 Includes:
223 - connlabel
224 endef
225
226 $(eval $(call KernelPackage,ipt-conntrack-label))
227
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
234 endef
235
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
238 Includes:
239 - string
240 - bpf
241 endef
242
243 $(eval $(call KernelPackage,ipt-filter))
244
245
246 define KernelPackage/ipt-offload
247 TITLE:=Netfilter routing/NAT offload support
248 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
249 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
250 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
251 $(call AddDepends/ipt,+kmod-nf-flow)
252 endef
253
254 $(eval $(call KernelPackage,ipt-offload))
255
256
257 define KernelPackage/ipt-ipopt
258 TITLE:=Modules for matching/changing IP packet options
259 KCONFIG:=$(KCONFIG_IPT_IPOPT)
260 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
262 $(call AddDepends/ipt)
263 endef
264
265 define KernelPackage/ipt-ipopt/description
266 Netfilter (IPv4) modules for matching/changing IP packet options
267 Includes:
268 - CLASSIFY
269 - dscp/DSCP
270 - ecn/ECN
271 - hl/HL
272 - length
273 - mark/MARK
274 - statistic
275 - tcpmss
276 - time
277 - ttl/TTL
278 - unclean
279 endef
280
281 $(eval $(call KernelPackage,ipt-ipopt))
282
283
284 define KernelPackage/ipt-ipsec
285 TITLE:=Modules for matching IPSec packets
286 KCONFIG:=$(KCONFIG_IPT_IPSEC)
287 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
288 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
289 $(call AddDepends/ipt)
290 endef
291
292 define KernelPackage/ipt-ipsec/description
293 Netfilter (IPv4) modules for matching IPSec packets
294 Includes:
295 - ah
296 - esp
297 - policy
298 endef
299
300 $(eval $(call KernelPackage,ipt-ipsec))
301
302 IPSET_MODULES:= \
303 ipset/ip_set \
304 ipset/ip_set_bitmap_ip \
305 ipset/ip_set_bitmap_ipmac \
306 ipset/ip_set_bitmap_port \
307 ipset/ip_set_hash_ip \
308 ipset/ip_set_hash_ipmark \
309 ipset/ip_set_hash_ipport \
310 ipset/ip_set_hash_ipportip \
311 ipset/ip_set_hash_ipportnet \
312 ipset/ip_set_hash_mac \
313 ipset/ip_set_hash_netportnet \
314 ipset/ip_set_hash_net \
315 ipset/ip_set_hash_netnet \
316 ipset/ip_set_hash_netport \
317 ipset/ip_set_hash_netiface \
318 ipset/ip_set_list_set \
319 xt_set
320
321 define KernelPackage/ipt-ipset
322 SUBMENU:=Netfilter Extensions
323 TITLE:=IPset netfilter modules
324 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
325 KCONFIG:= \
326 CONFIG_IP_SET \
327 CONFIG_IP_SET_MAX=256 \
328 CONFIG_NETFILTER_XT_SET \
329 CONFIG_IP_SET_BITMAP_IP \
330 CONFIG_IP_SET_BITMAP_IPMAC \
331 CONFIG_IP_SET_BITMAP_PORT \
332 CONFIG_IP_SET_HASH_IP \
333 CONFIG_IP_SET_HASH_IPMAC \
334 CONFIG_IP_SET_HASH_IPMARK \
335 CONFIG_IP_SET_HASH_IPPORT \
336 CONFIG_IP_SET_HASH_IPPORTIP \
337 CONFIG_IP_SET_HASH_IPPORTNET \
338 CONFIG_IP_SET_HASH_MAC \
339 CONFIG_IP_SET_HASH_NET \
340 CONFIG_IP_SET_HASH_NETNET \
341 CONFIG_IP_SET_HASH_NETIFACE \
342 CONFIG_IP_SET_HASH_NETPORT \
343 CONFIG_IP_SET_HASH_NETPORTNET \
344 CONFIG_IP_SET_LIST_SET \
345 CONFIG_NET_EMATCH_IPSET=n
346 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
347 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
348 endef
349 $(eval $(call KernelPackage,ipt-ipset))
350
351
352 IPVS_MODULES:= \
353 ipvs/ip_vs \
354 ipvs/ip_vs_lc \
355 ipvs/ip_vs_wlc \
356 ipvs/ip_vs_rr \
357 ipvs/ip_vs_wrr \
358 ipvs/ip_vs_lblc \
359 ipvs/ip_vs_lblcr \
360 ipvs/ip_vs_dh \
361 ipvs/ip_vs_sh \
362 ipvs/ip_vs_fo \
363 ipvs/ip_vs_ovf \
364 ipvs/ip_vs_nq \
365 ipvs/ip_vs_sed \
366 xt_ipvs
367
368 define KernelPackage/nf-ipvs
369 SUBMENU:=Netfilter Extensions
370 TITLE:=IP Virtual Server modules
371 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack +LINUX_4_14:kmod-nf-conntrack6
372 KCONFIG:= \
373 CONFIG_IP_VS \
374 CONFIG_IP_VS_IPV6=y \
375 CONFIG_IP_VS_DEBUG=n \
376 CONFIG_IP_VS_PROTO_TCP=y \
377 CONFIG_IP_VS_PROTO_UDP=y \
378 CONFIG_IP_VS_PROTO_AH_ESP=y \
379 CONFIG_IP_VS_PROTO_ESP=y \
380 CONFIG_IP_VS_PROTO_AH=y \
381 CONFIG_IP_VS_PROTO_SCTP=y \
382 CONFIG_IP_VS_TAB_BITS=12 \
383 CONFIG_IP_VS_RR \
384 CONFIG_IP_VS_WRR \
385 CONFIG_IP_VS_LC \
386 CONFIG_IP_VS_WLC \
387 CONFIG_IP_VS_FO \
388 CONFIG_IP_VS_OVF \
389 CONFIG_IP_VS_LBLC \
390 CONFIG_IP_VS_LBLCR \
391 CONFIG_IP_VS_DH \
392 CONFIG_IP_VS_SH \
393 CONFIG_IP_VS_SED \
394 CONFIG_IP_VS_NQ \
395 CONFIG_IP_VS_SH_TAB_BITS=8 \
396 CONFIG_IP_VS_NFCT=y \
397 CONFIG_NETFILTER_XT_MATCH_IPVS
398 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
399 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
400 endef
401
402 define KernelPackage/nf-ipvs/description
403 IPVS (IP Virtual Server) implements transport-layer load balancing inside
404 the Linux kernel so called Layer-4 switching.
405 endef
406
407 $(eval $(call KernelPackage,nf-ipvs))
408
409
410 define KernelPackage/nf-ipvs-ftp
411 SUBMENU:=$(NF_MENU)
412 TITLE:=Virtual Server FTP protocol support
413 KCONFIG:=CONFIG_IP_VS_FTP
414 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
415 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
416 endef
417
418 define KernelPackage/nf-ipvs-ftp/description
419 In the virtual server via Network Address Translation,
420 the IP address and port number of real servers cannot be sent to
421 clients in ftp connections directly, so FTP protocol helper is
422 required for tracking the connection and mangling it back to that of
423 virtual service.
424 endef
425
426 $(eval $(call KernelPackage,nf-ipvs-ftp))
427
428
429 define KernelPackage/nf-ipvs-sip
430 SUBMENU:=$(NF_MENU)
431 TITLE:=Virtual Server SIP protocol support
432 KCONFIG:=CONFIG_IP_VS_PE_SIP
433 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
434 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
435 endef
436
437 define KernelPackage/nf-ipvs-sip/description
438 Allow persistence based on the SIP Call-ID
439 endef
440
441 $(eval $(call KernelPackage,nf-ipvs-sip))
442
443
444 define KernelPackage/ipt-nat
445 TITLE:=Basic NAT targets
446 KCONFIG:=$(KCONFIG_IPT_NAT)
447 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
448 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
449 $(call AddDepends/ipt,+kmod-nf-nat)
450 endef
451
452 define KernelPackage/ipt-nat/description
453 Netfilter (IPv4) kernel modules for basic NAT targets
454 Includes:
455 - MASQUERADE
456 endef
457
458 $(eval $(call KernelPackage,ipt-nat))
459
460
461 define KernelPackage/ipt-raw
462 TITLE:=Netfilter IPv4 raw table support
463 KCONFIG:=CONFIG_IP_NF_RAW
464 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
465 AUTOLOAD:=$(call AutoProbe,iptable_raw)
466 $(call AddDepends/ipt)
467 endef
468
469 $(eval $(call KernelPackage,ipt-raw))
470
471
472 define KernelPackage/ipt-raw6
473 TITLE:=Netfilter IPv6 raw table support
474 KCONFIG:=CONFIG_IP6_NF_RAW
475 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
476 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
477 $(call AddDepends/ipt,+kmod-ip6tables)
478 endef
479
480 $(eval $(call KernelPackage,ipt-raw6))
481
482
483 define KernelPackage/ipt-nat6
484 TITLE:=IPv6 NAT targets
485 KCONFIG:=$(KCONFIG_IPT_NAT6)
486 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
487 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
488 $(call AddDepends/ipt,+kmod-nf-nat6)
489 $(call AddDepends/ipt,+kmod-ipt-conntrack)
490 $(call AddDepends/ipt,+kmod-ipt-nat)
491 $(call AddDepends/ipt,+kmod-ip6tables)
492 endef
493
494 define KernelPackage/ipt-nat6/description
495 Netfilter (IPv6) kernel modules for NAT targets
496 endef
497
498 $(eval $(call KernelPackage,ipt-nat6))
499
500
501 define KernelPackage/ipt-nat-extra
502 TITLE:=Extra NAT targets
503 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
504 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
505 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
506 $(call AddDepends/ipt,+kmod-ipt-nat)
507 endef
508
509 define KernelPackage/ipt-nat-extra/description
510 Netfilter (IPv4) kernel modules for extra NAT targets
511 Includes:
512 - NETMAP
513 - REDIRECT
514 endef
515
516 $(eval $(call KernelPackage,ipt-nat-extra))
517
518
519 define KernelPackage/nf-nathelper
520 SUBMENU:=$(NF_MENU)
521 TITLE:=Basic Conntrack and NAT helpers
522 KCONFIG:=$(KCONFIG_NF_NATHELPER)
523 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
524 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
525 DEPENDS:=+kmod-nf-nat
526 endef
527
528 define KernelPackage/nf-nathelper/description
529 Default Netfilter (IPv4) Conntrack and NAT helpers
530 Includes:
531 - ftp
532 endef
533
534 $(eval $(call KernelPackage,nf-nathelper))
535
536
537 define KernelPackage/nf-nathelper-extra
538 SUBMENU:=$(NF_MENU)
539 TITLE:=Extra Conntrack and NAT helpers
540 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
541 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
542 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
543 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +LINUX_4_19:kmod-asn1-decoder
544 endef
545
546 define KernelPackage/nf-nathelper-extra/description
547 Extra Netfilter (IPv4) Conntrack and NAT helpers
548 Includes:
549 - amanda
550 - h323
551 - irc
552 - mms
553 - pptp
554 - proto_gre
555 - sip
556 - snmp_basic
557 - tftp
558 - broadcast
559 endef
560
561 $(eval $(call KernelPackage,nf-nathelper-extra))
562
563
564 define KernelPackage/ipt-ulog
565 TITLE:=Module for user-space packet logging
566 KCONFIG:=$(KCONFIG_IPT_ULOG)
567 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
568 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
569 $(call AddDepends/ipt)
570 endef
571
572 define KernelPackage/ipt-ulog/description
573 Netfilter (IPv4) module for user-space packet logging
574 Includes:
575 - ULOG
576 endef
577
578 $(eval $(call KernelPackage,ipt-ulog))
579
580
581 define KernelPackage/ipt-nflog
582 TITLE:=Module for user-space packet logging
583 KCONFIG:=$(KCONFIG_IPT_NFLOG)
584 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
585 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
586 $(call AddDepends/ipt,+kmod-nfnetlink-log)
587 endef
588
589 define KernelPackage/ipt-nflog/description
590 Netfilter module for user-space packet logging
591 Includes:
592 - NFLOG
593 endef
594
595 $(eval $(call KernelPackage,ipt-nflog))
596
597
598 define KernelPackage/ipt-nfqueue
599 TITLE:=Module for user-space packet queuing
600 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
601 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
602 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
603 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
604 endef
605
606 define KernelPackage/ipt-nfqueue/description
607 Netfilter module for user-space packet queuing
608 Includes:
609 - NFQUEUE
610 endef
611
612 $(eval $(call KernelPackage,ipt-nfqueue))
613
614
615 define KernelPackage/ipt-debug
616 TITLE:=Module for debugging/development
617 KCONFIG:=$(KCONFIG_IPT_DEBUG)
618 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
619 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
620 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
621 endef
622
623 define KernelPackage/ipt-debug/description
624 Netfilter modules for debugging/development of the firewall
625 Includes:
626 - TRACE
627 endef
628
629 $(eval $(call KernelPackage,ipt-debug))
630
631
632 define KernelPackage/ipt-led
633 TITLE:=Module to trigger a LED with a Netfilter rule
634 KCONFIG:=$(KCONFIG_IPT_LED)
635 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
636 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
637 $(call AddDepends/ipt)
638 endef
639
640 define KernelPackage/ipt-led/description
641 Netfilter target to trigger a LED when a network packet is matched.
642 endef
643
644 $(eval $(call KernelPackage,ipt-led))
645
646 define KernelPackage/ipt-tproxy
647 TITLE:=Transparent proxying support
648 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
649 KCONFIG:= \
650 CONFIG_NF_SOCKET_IPV4 \
651 CONFIG_NF_SOCKET_IPV6 \
652 CONFIG_NETFILTER_XT_MATCH_SOCKET \
653 CONFIG_NETFILTER_XT_TARGET_TPROXY
654 FILES:= \
655 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
656 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
657 $(call AddDepends/ipt)
658 endef
659
660 define KernelPackage/ipt-tproxy/description
661 Kernel modules for Transparent Proxying
662 endef
663
664 $(eval $(call KernelPackage,ipt-tproxy))
665
666 define KernelPackage/ipt-tee
667 TITLE:=TEE support
668 DEPENDS:=+kmod-ipt-conntrack
669 KCONFIG:= \
670 CONFIG_NETFILTER_XT_TARGET_TEE
671 FILES:= \
672 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
673 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
674 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
675 $(call AddDepends/ipt)
676 endef
677
678 define KernelPackage/ipt-tee/description
679 Kernel modules for TEE
680 endef
681
682 $(eval $(call KernelPackage,ipt-tee))
683
684
685 define KernelPackage/ipt-u32
686 TITLE:=U32 support
687 KCONFIG:= \
688 CONFIG_NETFILTER_XT_MATCH_U32
689 FILES:= \
690 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
691 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
692 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
693 $(call AddDepends/ipt)
694 endef
695
696 define KernelPackage/ipt-u32/description
697 Kernel modules for U32
698 endef
699
700 $(eval $(call KernelPackage,ipt-u32))
701
702 define KernelPackage/ipt-checksum
703 TITLE:=CHECKSUM support
704 KCONFIG:= \
705 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
706 FILES:= \
707 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
708 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
709 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
710 $(call AddDepends/ipt)
711 endef
712
713 define KernelPackage/ipt-checksum/description
714 Kernel modules for CHECKSUM fillin target
715 endef
716
717 $(eval $(call KernelPackage,ipt-checksum))
718
719
720 define KernelPackage/ipt-iprange
721 TITLE:=Module for matching ip ranges
722 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
723 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
724 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
725 $(call AddDepends/ipt)
726 endef
727
728 define KernelPackage/ipt-iprange/description
729 Netfilter (IPv4) module for matching ip ranges
730 Includes:
731 - iprange
732 endef
733
734 $(eval $(call KernelPackage,ipt-iprange))
735
736 define KernelPackage/ipt-cluster
737 TITLE:=Module for matching cluster
738 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
739 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
740 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
741 $(call AddDepends/ipt,+kmod-nf-conntrack)
742 endef
743
744 define KernelPackage/ipt-cluster/description
745 Netfilter (IPv4/IPv6) module for matching cluster
746 This option allows you to build work-load-sharing clusters of
747 network servers/stateful firewalls without having a dedicated
748 load-balancing router/server/switch. Basically, this match returns
749 true when the packet must be handled by this cluster node. Thus,
750 all nodes see all packets and this match decides which node handles
751 what packets. The work-load sharing algorithm is based on source
752 address hashing.
753
754 This module is usable for ipv4 and ipv6.
755
756 To use it also enable iptables-mod-cluster
757
758 see `iptables -m cluster --help` for more information.
759 endef
760
761 $(eval $(call KernelPackage,ipt-cluster))
762
763 define KernelPackage/ipt-clusterip
764 TITLE:=Module for CLUSTERIP
765 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
766 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
767 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
768 $(call AddDepends/ipt,+kmod-nf-conntrack)
769 endef
770
771 define KernelPackage/ipt-clusterip/description
772 Netfilter (IPv4-only) module for CLUSTERIP
773 The CLUSTERIP target allows you to build load-balancing clusters of
774 network servers without having a dedicated load-balancing
775 router/server/switch.
776
777 To use it also enable iptables-mod-clusterip
778
779 see `iptables -j CLUSTERIP --help` for more information.
780 endef
781
782 $(eval $(call KernelPackage,ipt-clusterip))
783
784
785 define KernelPackage/ipt-extra
786 TITLE:=Extra modules
787 KCONFIG:=$(KCONFIG_IPT_EXTRA)
788 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
789 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
790 $(call AddDepends/ipt)
791 endef
792
793 define KernelPackage/ipt-extra/description
794 Other Netfilter (IPv4) kernel modules
795 Includes:
796 - addrtype
797 - owner
798 - pkttype
799 - quota
800 endef
801
802 $(eval $(call KernelPackage,ipt-extra))
803
804
805 define KernelPackage/ipt-physdev
806 TITLE:=physdev module
807 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
808 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
809 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
810 $(call AddDepends/ipt,+kmod-br-netfilter)
811 endef
812
813 define KernelPackage/ipt-physdev/description
814 The iptables physdev kernel module
815 endef
816
817 $(eval $(call KernelPackage,ipt-physdev))
818
819
820 define KernelPackage/ip6tables
821 SUBMENU:=$(NF_MENU)
822 TITLE:=IPv6 modules
823 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
824 KCONFIG:=$(KCONFIG_IPT_IPV6)
825 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
826 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
827 endef
828
829 define KernelPackage/ip6tables/description
830 Netfilter IPv6 firewalling support
831 endef
832
833 $(eval $(call KernelPackage,ip6tables))
834
835 define KernelPackage/ip6tables-extra
836 SUBMENU:=$(NF_MENU)
837 TITLE:=Extra IPv6 modules
838 DEPENDS:=+kmod-ip6tables
839 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
840 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
841 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
842 endef
843
844 define KernelPackage/ip6tables-extra/description
845 Netfilter IPv6 extra header matching modules
846 endef
847
848 $(eval $(call KernelPackage,ip6tables-extra))
849
850 ARP_MODULES = arp_tables arpt_mangle arptable_filter
851 define KernelPackage/arptables
852 SUBMENU:=$(NF_MENU)
853 TITLE:=ARP firewalling modules
854 DEPENDS:=+kmod-ipt-core
855 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
856 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
857 CONFIG_IP_NF_ARPFILTER \
858 CONFIG_IP_NF_ARP_MANGLE
859 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
860 endef
861
862 define KernelPackage/arptables/description
863 Kernel modules for ARP firewalling
864 endef
865
866 $(eval $(call KernelPackage,arptables))
867
868
869 define KernelPackage/br-netfilter
870 SUBMENU:=$(NF_MENU)
871 TITLE:=Bridge netfilter support modules
872 DEPENDS:=+kmod-ipt-core
873 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
874 KCONFIG:=CONFIG_BRIDGE_NETFILTER
875 AUTOLOAD:=$(call AutoProbe,br_netfilter)
876 endef
877
878 define KernelPackage/br-netfilter/install
879 $(INSTALL_DIR) $(1)/etc/sysctl.d
880 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
881 endef
882
883 $(eval $(call KernelPackage,br-netfilter))
884
885
886 define KernelPackage/ebtables
887 SUBMENU:=$(NF_MENU)
888 TITLE:=Bridge firewalling modules
889 DEPENDS:=+kmod-ipt-core
890 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
891 KCONFIG:=$(KCONFIG_EBTABLES)
892 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
893 endef
894
895 define KernelPackage/ebtables/description
896 ebtables is a general, extensible frame/packet identification
897 framework. It provides you to do Ethernet
898 filtering/NAT/brouting on the Ethernet bridge.
899 endef
900
901 $(eval $(call KernelPackage,ebtables))
902
903
904 define AddDepends/ebtables
905 SUBMENU:=$(NF_MENU)
906 DEPENDS+= +kmod-ebtables $(1)
907 endef
908
909
910 define KernelPackage/ebtables-ipv4
911 TITLE:=ebtables: IPv4 support
912 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
913 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
914 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
915 $(call AddDepends/ebtables)
916 endef
917
918 define KernelPackage/ebtables-ipv4/description
919 This option adds the IPv4 support to ebtables, which allows basic
920 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
921 endef
922
923 $(eval $(call KernelPackage,ebtables-ipv4))
924
925
926 define KernelPackage/ebtables-ipv6
927 TITLE:=ebtables: IPv6 support
928 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
929 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
930 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
931 $(call AddDepends/ebtables)
932 endef
933
934 define KernelPackage/ebtables-ipv6/description
935 This option adds the IPv6 support to ebtables, which allows basic
936 IPv6 header field filtering and target support.
937 endef
938
939 $(eval $(call KernelPackage,ebtables-ipv6))
940
941
942 define KernelPackage/ebtables-watchers
943 TITLE:=ebtables: watchers support
944 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
945 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
946 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
947 $(call AddDepends/ebtables)
948 endef
949
950 define KernelPackage/ebtables-watchers/description
951 This option adds the log watchers, that you can use in any rule
952 in any ebtables table.
953 endef
954
955 $(eval $(call KernelPackage,ebtables-watchers))
956
957
958 define KernelPackage/nfnetlink
959 SUBMENU:=$(NF_MENU)
960 TITLE:=Netlink-based userspace interface
961 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
962 KCONFIG:=$(KCONFIG_NFNETLINK)
963 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
964 endef
965
966 define KernelPackage/nfnetlink/description
967 Kernel modules support for a netlink-based userspace interface
968 endef
969
970 $(eval $(call KernelPackage,nfnetlink))
971
972
973 define AddDepends/nfnetlink
974 SUBMENU:=$(NF_MENU)
975 DEPENDS+=+kmod-nfnetlink $(1)
976 endef
977
978
979 define KernelPackage/nfnetlink-log
980 TITLE:=Netfilter LOG over NFNETLINK interface
981 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
982 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
983 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
984 $(call AddDepends/nfnetlink)
985 endef
986
987 define KernelPackage/nfnetlink-log/description
988 Kernel modules support for logging packets via NFNETLINK
989 Includes:
990 - NFLOG
991 endef
992
993 $(eval $(call KernelPackage,nfnetlink-log))
994
995
996 define KernelPackage/nfnetlink-queue
997 TITLE:=Netfilter QUEUE over NFNETLINK interface
998 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
999 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1000 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1001 $(call AddDepends/nfnetlink)
1002 endef
1003
1004 define KernelPackage/nfnetlink-queue/description
1005 Kernel modules support for queueing packets via NFNETLINK
1006 Includes:
1007 - NFQUEUE
1008 endef
1009
1010 $(eval $(call KernelPackage,nfnetlink-queue))
1011
1012
1013 define KernelPackage/nf-conntrack-netlink
1014 TITLE:=Connection tracking netlink interface
1015 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1016 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
1017 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1018 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
1019 endef
1020
1021 define KernelPackage/nf-conntrack-netlink/description
1022 Kernel modules support for a netlink-based connection tracking
1023 userspace interface
1024 endef
1025
1026 $(eval $(call KernelPackage,nf-conntrack-netlink))
1027
1028 define KernelPackage/ipt-hashlimit
1029 SUBMENU:=$(NF_MENU)
1030 TITLE:=Netfilter hashlimit match
1031 DEPENDS:=+kmod-ipt-core
1032 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1033 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1034 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1035 $(call KernelPackage/ipt)
1036 endef
1037
1038 define KernelPackage/ipt-hashlimit/description
1039 Kernel modules support for the hashlimit bucket match module
1040 endef
1041
1042 $(eval $(call KernelPackage,ipt-hashlimit))
1043
1044 define KernelPackage/ipt-rpfilter
1045 SUBMENU:=$(NF_MENU)
1046 TITLE:=Netfilter rpfilter match
1047 DEPENDS:=+kmod-ipt-core
1048 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1049 FILES:=$(realpath \
1050 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1051 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1052 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1053 $(call KernelPackage/ipt)
1054 endef
1055
1056 define KernelPackage/ipt-rpfilter/description
1057 Kernel modules support for the Netfilter rpfilter match
1058 endef
1059
1060 $(eval $(call KernelPackage,ipt-rpfilter))
1061
1062
1063 define KernelPackage/nft-core
1064 SUBMENU:=$(NF_MENU)
1065 TITLE:=Netfilter nf_tables support
1066 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
1067 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1068 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1069 KCONFIG:= \
1070 CONFIG_NFT_COMPAT=n \
1071 CONFIG_NFT_QUEUE=n \
1072 $(KCONFIG_NFT_CORE)
1073 endef
1074
1075 define KernelPackage/nft-core/description
1076 Kernel module support for nftables
1077 endef
1078
1079 $(eval $(call KernelPackage,nft-core))
1080
1081
1082 define KernelPackage/nft-arp
1083 SUBMENU:=$(NF_MENU)
1084 TITLE:=Netfilter nf_tables ARP table support
1085 DEPENDS:=+kmod-nft-core
1086 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1087 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1088 KCONFIG:=$(KCONFIG_NFT_ARP)
1089 endef
1090
1091 $(eval $(call KernelPackage,nft-arp))
1092
1093
1094 define KernelPackage/nft-bridge
1095 SUBMENU:=$(NF_MENU)
1096 TITLE:=Netfilter nf_tables bridge table support
1097 DEPENDS:=+kmod-nft-core
1098 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1099 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1100 KCONFIG:= \
1101 CONFIG_NF_LOG_BRIDGE=n \
1102 $(KCONFIG_NFT_BRIDGE)
1103 endef
1104
1105 $(eval $(call KernelPackage,nft-bridge))
1106
1107
1108 define KernelPackage/nft-nat
1109 SUBMENU:=$(NF_MENU)
1110 TITLE:=Netfilter nf_tables NAT support
1111 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1112 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1114 KCONFIG:=$(KCONFIG_NFT_NAT)
1115 endef
1116
1117 $(eval $(call KernelPackage,nft-nat))
1118
1119
1120 define KernelPackage/nft-offload
1121 SUBMENU:=$(NF_MENU)
1122 TITLE:=Netfilter nf_tables routing/NAT offload support
1123 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1124 KCONFIG:= \
1125 CONFIG_NF_FLOW_TABLE_INET \
1126 CONFIG_NF_FLOW_TABLE_IPV4 \
1127 CONFIG_NF_FLOW_TABLE_IPV6 \
1128 CONFIG_NFT_FLOW_OFFLOAD
1129 FILES:= \
1130 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1131 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1132 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1133 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1134 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1135 endef
1136
1137 $(eval $(call KernelPackage,nft-offload))
1138
1139
1140 define KernelPackage/nft-nat6
1141 SUBMENU:=$(NF_MENU)
1142 TITLE:=Netfilter nf_tables IPv6-NAT support
1143 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1144 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1145 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1146 KCONFIG:=$(KCONFIG_NFT_NAT6)
1147 endef
1148
1149 $(eval $(call KernelPackage,nft-nat6))
1150
1151 define KernelPackage/nft-netdev
1152 SUBMENU:=$(NF_MENU)
1153 TITLE:=Netfilter nf_tables netdev support
1154 DEPENDS:=+kmod-nft-core
1155 KCONFIG:= \
1156 CONFIG_NETFILTER_INGRESS=y \
1157 CONFIG_NF_TABLES_NETDEV \
1158 CONFIG_NF_DUP_NETDEV \
1159 CONFIG_NFT_DUP_NETDEV \
1160 CONFIG_NFT_FWD_NETDEV
1161 FILES:= \
1162 $(LINUX_DIR)/net/netfilter/nf_tables_netdev.ko@lt4.17 \
1163 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1164 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1165 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1166 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1167 endef
1168
1169 $(eval $(call KernelPackage,nft-netdev))
1170
1171
1172 define KernelPackage/nft-fib
1173 SUBMENU:=$(NF_MENU)
1174 TITLE:=Netfilter nf_tables fib support
1175 DEPENDS:=+kmod-nft-core
1176 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1177 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1178 KCONFIG:=$(KCONFIG_NFT_FIB)
1179 endef
1180
1181 $(eval $(call KernelPackage,nft-fib))
OpenWrt Source Repository