projects / openwrt / openwrt.git / blob
? search:


55226bf62953024e906c75e6d88d105249772b6a
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define AddDepends/ipt
166 SUBMENU:=$(NF_MENU)
167 DEPENDS+= +kmod-ipt-core $(1)
168 endef
169
170
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
177 endef
178
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
181 Includes:
182 - conntrack
183 - defrag
184 - iptables_raw
185 - NOTRACK
186 - state
187 endef
188
189 $(eval $(call KernelPackage,ipt-conntrack))
190
191
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
198 endef
199
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
202 Includes:
203 - connbytes
204 - connmark/CONNMARK
205 - conntrack
206 - helper
207 - recent
208 endef
209
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
211
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
218 endef
219
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
222 Includes:
223 - connlabel
224 endef
225
226 $(eval $(call KernelPackage,ipt-conntrack-label))
227
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
234 endef
235
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
238 Includes:
239 - string
240 endef
241
242 $(eval $(call KernelPackage,ipt-filter))
243
244
245 define KernelPackage/ipt-offload
246 TITLE:=Netfilter routing/NAT offload support
247 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
248 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
249 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
250 $(call AddDepends/ipt,+kmod-nf-flow)
251 endef
252
253 $(eval $(call KernelPackage,ipt-offload))
254
255
256 define KernelPackage/ipt-ipopt
257 TITLE:=Modules for matching/changing IP packet options
258 KCONFIG:=$(KCONFIG_IPT_IPOPT)
259 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
260 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
261 $(call AddDepends/ipt)
262 endef
263
264 define KernelPackage/ipt-ipopt/description
265 Netfilter (IPv4) modules for matching/changing IP packet options
266 Includes:
267 - CLASSIFY
268 - dscp/DSCP
269 - ecn/ECN
270 - hl/HL
271 - length
272 - mark/MARK
273 - statistic
274 - tcpmss
275 - time
276 - ttl/TTL
277 - unclean
278 endef
279
280 $(eval $(call KernelPackage,ipt-ipopt))
281
282
283 define KernelPackage/ipt-ipsec
284 TITLE:=Modules for matching IPSec packets
285 KCONFIG:=$(KCONFIG_IPT_IPSEC)
286 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
287 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
288 $(call AddDepends/ipt)
289 endef
290
291 define KernelPackage/ipt-ipsec/description
292 Netfilter (IPv4) modules for matching IPSec packets
293 Includes:
294 - ah
295 - esp
296 - policy
297 endef
298
299 $(eval $(call KernelPackage,ipt-ipsec))
300
301 IPSET_MODULES:= \
302 ipset/ip_set \
303 ipset/ip_set_bitmap_ip \
304 ipset/ip_set_bitmap_ipmac \
305 ipset/ip_set_bitmap_port \
306 ipset/ip_set_hash_ip \
307 ipset/ip_set_hash_ipmark \
308 ipset/ip_set_hash_ipport \
309 ipset/ip_set_hash_ipportip \
310 ipset/ip_set_hash_ipportnet \
311 ipset/ip_set_hash_mac \
312 ipset/ip_set_hash_netportnet \
313 ipset/ip_set_hash_net \
314 ipset/ip_set_hash_netnet \
315 ipset/ip_set_hash_netport \
316 ipset/ip_set_hash_netiface \
317 ipset/ip_set_list_set \
318 xt_set
319
320 define KernelPackage/ipt-ipset
321 SUBMENU:=Netfilter Extensions
322 TITLE:=IPset netfilter modules
323 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
324 KCONFIG:= \
325 CONFIG_IP_SET \
326 CONFIG_IP_SET_MAX=256 \
327 CONFIG_NETFILTER_XT_SET \
328 CONFIG_IP_SET_BITMAP_IP \
329 CONFIG_IP_SET_BITMAP_IPMAC \
330 CONFIG_IP_SET_BITMAP_PORT \
331 CONFIG_IP_SET_HASH_IP \
332 CONFIG_IP_SET_HASH_IPMARK \
333 CONFIG_IP_SET_HASH_IPPORT \
334 CONFIG_IP_SET_HASH_IPPORTIP \
335 CONFIG_IP_SET_HASH_IPPORTNET \
336 CONFIG_IP_SET_HASH_MAC \
337 CONFIG_IP_SET_HASH_NET \
338 CONFIG_IP_SET_HASH_NETNET \
339 CONFIG_IP_SET_HASH_NETIFACE \
340 CONFIG_IP_SET_HASH_NETPORT \
341 CONFIG_IP_SET_HASH_NETPORTNET \
342 CONFIG_IP_SET_LIST_SET \
343 CONFIG_NET_EMATCH_IPSET=n
344 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
345 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
346 endef
347 $(eval $(call KernelPackage,ipt-ipset))
348
349
350 define KernelPackage/ipt-nat
351 TITLE:=Basic NAT targets
352 KCONFIG:=$(KCONFIG_IPT_NAT)
353 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
354 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
355 $(call AddDepends/ipt,+kmod-nf-nat)
356 endef
357
358 define KernelPackage/ipt-nat/description
359 Netfilter (IPv4) kernel modules for basic NAT targets
360 Includes:
361 - MASQUERADE
362 endef
363
364 $(eval $(call KernelPackage,ipt-nat))
365
366
367 define KernelPackage/ipt-raw
368 TITLE:=Netfilter IPv4 raw table support
369 KCONFIG:=CONFIG_IP_NF_RAW
370 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
371 AUTOLOAD:=$(call AutoProbe,iptable_raw)
372 $(call AddDepends/ipt)
373 endef
374
375 $(eval $(call KernelPackage,ipt-raw))
376
377
378 define KernelPackage/ipt-raw6
379 TITLE:=Netfilter IPv6 raw table support
380 KCONFIG:=CONFIG_IP6_NF_RAW
381 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
382 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
383 $(call AddDepends/ipt,+kmod-ip6tables)
384 endef
385
386 $(eval $(call KernelPackage,ipt-raw6))
387
388
389 define KernelPackage/ipt-nat6
390 TITLE:=IPv6 NAT targets
391 KCONFIG:=$(KCONFIG_IPT_NAT6)
392 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
393 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
394 $(call AddDepends/ipt,+kmod-nf-nat6)
395 $(call AddDepends/ipt,+kmod-ipt-conntrack)
396 $(call AddDepends/ipt,+kmod-ipt-nat)
397 $(call AddDepends/ipt,+kmod-ip6tables)
398 endef
399
400 define KernelPackage/ipt-nat6/description
401 Netfilter (IPv6) kernel modules for NAT targets
402 endef
403
404 $(eval $(call KernelPackage,ipt-nat6))
405
406
407 define KernelPackage/ipt-nat-extra
408 TITLE:=Extra NAT targets
409 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
410 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
411 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
412 $(call AddDepends/ipt,+kmod-ipt-nat)
413 endef
414
415 define KernelPackage/ipt-nat-extra/description
416 Netfilter (IPv4) kernel modules for extra NAT targets
417 Includes:
418 - NETMAP
419 - REDIRECT
420 endef
421
422 $(eval $(call KernelPackage,ipt-nat-extra))
423
424
425 define KernelPackage/nf-nathelper
426 SUBMENU:=$(NF_MENU)
427 TITLE:=Basic Conntrack and NAT helpers
428 KCONFIG:=$(KCONFIG_NF_NATHELPER)
429 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
430 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
431 DEPENDS:=+kmod-nf-nat
432 endef
433
434 define KernelPackage/nf-nathelper/description
435 Default Netfilter (IPv4) Conntrack and NAT helpers
436 Includes:
437 - ftp
438 endef
439
440 $(eval $(call KernelPackage,nf-nathelper))
441
442
443 define KernelPackage/nf-nathelper-extra
444 SUBMENU:=$(NF_MENU)
445 TITLE:=Extra Conntrack and NAT helpers
446 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
447 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
448 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
449 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
450 endef
451
452 define KernelPackage/nf-nathelper-extra/description
453 Extra Netfilter (IPv4) Conntrack and NAT helpers
454 Includes:
455 - amanda
456 - h323
457 - irc
458 - mms
459 - pptp
460 - proto_gre
461 - sip
462 - snmp_basic
463 - tftp
464 - broadcast
465 endef
466
467 $(eval $(call KernelPackage,nf-nathelper-extra))
468
469
470 define KernelPackage/ipt-ulog
471 TITLE:=Module for user-space packet logging
472 KCONFIG:=$(KCONFIG_IPT_ULOG)
473 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
474 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
475 $(call AddDepends/ipt)
476 endef
477
478 define KernelPackage/ipt-ulog/description
479 Netfilter (IPv4) module for user-space packet logging
480 Includes:
481 - ULOG
482 endef
483
484 $(eval $(call KernelPackage,ipt-ulog))
485
486
487 define KernelPackage/ipt-nflog
488 TITLE:=Module for user-space packet logging
489 KCONFIG:=$(KCONFIG_IPT_NFLOG)
490 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
491 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
492 $(call AddDepends/ipt,+kmod-nfnetlink-log)
493 endef
494
495 define KernelPackage/ipt-nflog/description
496 Netfilter module for user-space packet logging
497 Includes:
498 - NFLOG
499 endef
500
501 $(eval $(call KernelPackage,ipt-nflog))
502
503
504 define KernelPackage/ipt-nfqueue
505 TITLE:=Module for user-space packet queuing
506 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
507 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
508 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
509 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
510 endef
511
512 define KernelPackage/ipt-nfqueue/description
513 Netfilter module for user-space packet queuing
514 Includes:
515 - NFQUEUE
516 endef
517
518 $(eval $(call KernelPackage,ipt-nfqueue))
519
520
521 define KernelPackage/ipt-debug
522 TITLE:=Module for debugging/development
523 KCONFIG:=$(KCONFIG_IPT_DEBUG)
524 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
525 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
526 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
527 endef
528
529 define KernelPackage/ipt-debug/description
530 Netfilter modules for debugging/development of the firewall
531 Includes:
532 - TRACE
533 endef
534
535 $(eval $(call KernelPackage,ipt-debug))
536
537
538 define KernelPackage/ipt-led
539 TITLE:=Module to trigger a LED with a Netfilter rule
540 KCONFIG:=$(KCONFIG_IPT_LED)
541 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
542 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
543 $(call AddDepends/ipt)
544 endef
545
546 define KernelPackage/ipt-led/description
547 Netfilter target to trigger a LED when a network packet is matched.
548 endef
549
550 $(eval $(call KernelPackage,ipt-led))
551
552 define KernelPackage/ipt-tproxy
553 TITLE:=Transparent proxying support
554 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
555 KCONFIG:= \
556 CONFIG_NETFILTER_XT_MATCH_SOCKET \
557 CONFIG_NETFILTER_XT_TARGET_TPROXY
558 FILES:= \
559 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
560 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
561 $(call AddDepends/ipt)
562 endef
563
564 define KernelPackage/ipt-tproxy/description
565 Kernel modules for Transparent Proxying
566 endef
567
568 $(eval $(call KernelPackage,ipt-tproxy))
569
570 define KernelPackage/ipt-tee
571 TITLE:=TEE support
572 DEPENDS:=+kmod-ipt-conntrack
573 KCONFIG:= \
574 CONFIG_NETFILTER_XT_TARGET_TEE
575 FILES:= \
576 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
577 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
578 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
579 $(call AddDepends/ipt)
580 endef
581
582 define KernelPackage/ipt-tee/description
583 Kernel modules for TEE
584 endef
585
586 $(eval $(call KernelPackage,ipt-tee))
587
588
589 define KernelPackage/ipt-u32
590 TITLE:=U32 support
591 KCONFIG:= \
592 CONFIG_NETFILTER_XT_MATCH_U32
593 FILES:= \
594 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
595 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
596 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
597 $(call AddDepends/ipt)
598 endef
599
600 define KernelPackage/ipt-u32/description
601 Kernel modules for U32
602 endef
603
604 $(eval $(call KernelPackage,ipt-u32))
605
606 define KernelPackage/ipt-checksum
607 TITLE:=CHECKSUM support
608 KCONFIG:= \
609 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
610 FILES:= \
611 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
612 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
613 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
614 $(call AddDepends/ipt)
615 endef
616
617 define KernelPackage/ipt-checksum/description
618 Kernel modules for CHECKSUM fillin target
619 endef
620
621 $(eval $(call KernelPackage,ipt-checksum))
622
623
624 define KernelPackage/ipt-iprange
625 TITLE:=Module for matching ip ranges
626 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
627 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
628 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
629 $(call AddDepends/ipt)
630 endef
631
632 define KernelPackage/ipt-iprange/description
633 Netfilter (IPv4) module for matching ip ranges
634 Includes:
635 - iprange
636 endef
637
638 $(eval $(call KernelPackage,ipt-iprange))
639
640 define KernelPackage/ipt-cluster
641 TITLE:=Module for matching cluster
642 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
643 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
644 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
645 $(call AddDepends/ipt,+kmod-nf-conntrack)
646 endef
647
648 define KernelPackage/ipt-cluster/description
649 Netfilter (IPv4/IPv6) module for matching cluster
650 This option allows you to build work-load-sharing clusters of
651 network servers/stateful firewalls without having a dedicated
652 load-balancing router/server/switch. Basically, this match returns
653 true when the packet must be handled by this cluster node. Thus,
654 all nodes see all packets and this match decides which node handles
655 what packets. The work-load sharing algorithm is based on source
656 address hashing.
657
658 This module is usable for ipv4 and ipv6.
659
660 To use it also enable iptables-mod-cluster
661
662 see `iptables -m cluster --help` for more information.
663 endef
664
665 $(eval $(call KernelPackage,ipt-cluster))
666
667 define KernelPackage/ipt-clusterip
668 TITLE:=Module for CLUSTERIP
669 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
670 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
671 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
672 $(call AddDepends/ipt,+kmod-nf-conntrack)
673 endef
674
675 define KernelPackage/ipt-clusterip/description
676 Netfilter (IPv4-only) module for CLUSTERIP
677 The CLUSTERIP target allows you to build load-balancing clusters of
678 network servers without having a dedicated load-balancing
679 router/server/switch.
680
681 To use it also enable iptables-mod-clusterip
682
683 see `iptables -j CLUSTERIP --help` for more information.
684 endef
685
686 $(eval $(call KernelPackage,ipt-clusterip))
687
688
689 define KernelPackage/ipt-extra
690 TITLE:=Extra modules
691 KCONFIG:=$(KCONFIG_IPT_EXTRA)
692 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
693 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
694 $(call AddDepends/ipt)
695 endef
696
697 define KernelPackage/ipt-extra/description
698 Other Netfilter (IPv4) kernel modules
699 Includes:
700 - addrtype
701 - owner
702 - pkttype
703 - quota
704 endef
705
706 $(eval $(call KernelPackage,ipt-extra))
707
708
709 define KernelPackage/ipt-physdev
710 TITLE:=physdev module
711 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
712 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
713 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
714 $(call AddDepends/ipt,+kmod-br-netfilter)
715 endef
716
717 define KernelPackage/ipt-physdev/description
718 The iptables physdev kernel module
719 endef
720
721 $(eval $(call KernelPackage,ipt-physdev))
722
723
724 define KernelPackage/ip6tables
725 SUBMENU:=$(NF_MENU)
726 TITLE:=IPv6 modules
727 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
728 KCONFIG:=$(KCONFIG_IPT_IPV6)
729 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
730 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
731 endef
732
733 define KernelPackage/ip6tables/description
734 Netfilter IPv6 firewalling support
735 endef
736
737 $(eval $(call KernelPackage,ip6tables))
738
739 define KernelPackage/ip6tables-extra
740 SUBMENU:=$(NF_MENU)
741 TITLE:=Extra IPv6 modules
742 DEPENDS:=+kmod-ip6tables
743 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
744 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
745 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
746 endef
747
748 define KernelPackage/ip6tables-extra/description
749 Netfilter IPv6 extra header matching modules
750 endef
751
752 $(eval $(call KernelPackage,ip6tables-extra))
753
754 ARP_MODULES = arp_tables arpt_mangle arptable_filter
755 define KernelPackage/arptables
756 SUBMENU:=$(NF_MENU)
757 TITLE:=ARP firewalling modules
758 DEPENDS:=+kmod-ipt-core
759 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
760 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
761 CONFIG_IP_NF_ARPFILTER \
762 CONFIG_IP_NF_ARP_MANGLE
763 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
764 endef
765
766 define KernelPackage/arptables/description
767 Kernel modules for ARP firewalling
768 endef
769
770 $(eval $(call KernelPackage,arptables))
771
772
773 define KernelPackage/br-netfilter
774 SUBMENU:=$(NF_MENU)
775 TITLE:=Bridge netfilter support modules
776 DEPENDS:=+kmod-ipt-core
777 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
778 KCONFIG:=CONFIG_BRIDGE_NETFILTER
779 AUTOLOAD:=$(call AutoProbe,br_netfilter)
780 endef
781
782 define KernelPackage/br-netfilter/install
783 $(INSTALL_DIR) $(1)/etc/sysctl.d
784 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
785 endef
786
787 $(eval $(call KernelPackage,br-netfilter))
788
789
790 define KernelPackage/ebtables
791 SUBMENU:=$(NF_MENU)
792 TITLE:=Bridge firewalling modules
793 DEPENDS:=+kmod-ipt-core
794 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
795 KCONFIG:=$(KCONFIG_EBTABLES)
796 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
797 endef
798
799 define KernelPackage/ebtables/description
800 ebtables is a general, extensible frame/packet identification
801 framework. It provides you to do Ethernet
802 filtering/NAT/brouting on the Ethernet bridge.
803 endef
804
805 $(eval $(call KernelPackage,ebtables))
806
807
808 define AddDepends/ebtables
809 SUBMENU:=$(NF_MENU)
810 DEPENDS+= +kmod-ebtables $(1)
811 endef
812
813
814 define KernelPackage/ebtables-ipv4
815 TITLE:=ebtables: IPv4 support
816 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
817 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
818 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
819 $(call AddDepends/ebtables)
820 endef
821
822 define KernelPackage/ebtables-ipv4/description
823 This option adds the IPv4 support to ebtables, which allows basic
824 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
825 endef
826
827 $(eval $(call KernelPackage,ebtables-ipv4))
828
829
830 define KernelPackage/ebtables-ipv6
831 TITLE:=ebtables: IPv6 support
832 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
833 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
834 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
835 $(call AddDepends/ebtables)
836 endef
837
838 define KernelPackage/ebtables-ipv6/description
839 This option adds the IPv6 support to ebtables, which allows basic
840 IPv6 header field filtering and target support.
841 endef
842
843 $(eval $(call KernelPackage,ebtables-ipv6))
844
845
846 define KernelPackage/ebtables-watchers
847 TITLE:=ebtables: watchers support
848 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
849 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
850 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
851 $(call AddDepends/ebtables)
852 endef
853
854 define KernelPackage/ebtables-watchers/description
855 This option adds the log watchers, that you can use in any rule
856 in any ebtables table.
857 endef
858
859 $(eval $(call KernelPackage,ebtables-watchers))
860
861
862 define KernelPackage/nfnetlink
863 SUBMENU:=$(NF_MENU)
864 TITLE:=Netlink-based userspace interface
865 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
866 KCONFIG:=$(KCONFIG_NFNETLINK)
867 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
868 endef
869
870 define KernelPackage/nfnetlink/description
871 Kernel modules support for a netlink-based userspace interface
872 endef
873
874 $(eval $(call KernelPackage,nfnetlink))
875
876
877 define AddDepends/nfnetlink
878 SUBMENU:=$(NF_MENU)
879 DEPENDS+=+kmod-nfnetlink $(1)
880 endef
881
882
883 define KernelPackage/nfnetlink-log
884 TITLE:=Netfilter LOG over NFNETLINK interface
885 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
886 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
887 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
888 $(call AddDepends/nfnetlink)
889 endef
890
891 define KernelPackage/nfnetlink-log/description
892 Kernel modules support for logging packets via NFNETLINK
893 Includes:
894 - NFLOG
895 endef
896
897 $(eval $(call KernelPackage,nfnetlink-log))
898
899
900 define KernelPackage/nfnetlink-queue
901 TITLE:=Netfilter QUEUE over NFNETLINK interface
902 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
903 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
904 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
905 $(call AddDepends/nfnetlink)
906 endef
907
908 define KernelPackage/nfnetlink-queue/description
909 Kernel modules support for queueing packets via NFNETLINK
910 Includes:
911 - NFQUEUE
912 endef
913
914 $(eval $(call KernelPackage,nfnetlink-queue))
915
916
917 define KernelPackage/nf-conntrack-netlink
918 TITLE:=Connection tracking netlink interface
919 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
920 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
921 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
922 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
923 endef
924
925 define KernelPackage/nf-conntrack-netlink/description
926 Kernel modules support for a netlink-based connection tracking
927 userspace interface
928 endef
929
930 $(eval $(call KernelPackage,nf-conntrack-netlink))
931
932 define KernelPackage/ipt-hashlimit
933 SUBMENU:=$(NF_MENU)
934 TITLE:=Netfilter hashlimit match
935 DEPENDS:=+kmod-ipt-core
936 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
937 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
938 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
939 $(call KernelPackage/ipt)
940 endef
941
942 define KernelPackage/ipt-hashlimit/description
943 Kernel modules support for the hashlimit bucket match module
944 endef
945
946 $(eval $(call KernelPackage,ipt-hashlimit))
947
948 define KernelPackage/ipt-rpfilter
949 SUBMENU:=$(NF_MENU)
950 TITLE:=Netfilter rpfilter match
951 DEPENDS:=+kmod-ipt-core
952 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
953 FILES:=$(realpath \
954 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
955 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
956 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
957 $(call KernelPackage/ipt)
958 endef
959
960 define KernelPackage/ipt-rpfilter/description
961 Kernel modules support for the Netfilter rpfilter match
962 endef
963
964 $(eval $(call KernelPackage,ipt-rpfilter))
965
966
967 define KernelPackage/nft-core
968 SUBMENU:=$(NF_MENU)
969 TITLE:=Netfilter nf_tables support
970 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
971 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
972 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
973 KCONFIG:= \
974 CONFIG_NFT_COMPAT=n \
975 CONFIG_NFT_QUEUE=n \
976 $(KCONFIG_NFT_CORE)
977 endef
978
979 define KernelPackage/nft-core/description
980 Kernel module support for nftables
981 endef
982
983 $(eval $(call KernelPackage,nft-core))
984
985
986 define KernelPackage/nft-arp
987 SUBMENU:=$(NF_MENU)
988 TITLE:=Netfilter nf_tables ARP table support
989 DEPENDS:=+kmod-nft-core
990 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
991 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
992 KCONFIG:=$(KCONFIG_NFT_ARP)
993 endef
994
995 $(eval $(call KernelPackage,nft-arp))
996
997
998 define KernelPackage/nft-bridge
999 SUBMENU:=$(NF_MENU)
1000 TITLE:=Netfilter nf_tables bridge table support
1001 DEPENDS:=+kmod-nft-core
1002 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1003 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1004 KCONFIG:= \
1005 CONFIG_NF_LOG_BRIDGE=n \
1006 $(KCONFIG_NFT_BRIDGE)
1007 endef
1008
1009 $(eval $(call KernelPackage,nft-bridge))
1010
1011
1012 define KernelPackage/nft-nat
1013 SUBMENU:=$(NF_MENU)
1014 TITLE:=Netfilter nf_tables NAT support
1015 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1016 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1017 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1018 KCONFIG:=$(KCONFIG_NFT_NAT)
1019 endef
1020
1021 $(eval $(call KernelPackage,nft-nat))
1022
1023
1024 define KernelPackage/nft-offload
1025 SUBMENU:=$(NF_MENU)
1026 TITLE:=Netfilter nf_tables routing/NAT offload support
1027 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1028 KCONFIG:= \
1029 CONFIG_NF_FLOW_TABLE_INET \
1030 CONFIG_NF_FLOW_TABLE_IPV4 \
1031 CONFIG_NF_FLOW_TABLE_IPV6 \
1032 CONFIG_NFT_FLOW_OFFLOAD
1033 FILES:= \
1034 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1035 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1036 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1037 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1038 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1039 endef
1040
1041 $(eval $(call KernelPackage,nft-offload))
1042
1043
1044 define KernelPackage/nft-nat6
1045 SUBMENU:=$(NF_MENU)
1046 TITLE:=Netfilter nf_tables IPv6-NAT support
1047 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1048 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1049 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1050 KCONFIG:=$(KCONFIG_NFT_NAT6)
1051 endef
1052
1053 $(eval $(call KernelPackage,nft-nat6))
OpenWrt Source Repository