projects / openwrt / openwrt.git / blob
? search:


7200af769f8c856975731b845b809ec22899e844
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(if $(CONFIG_LINUX_5_4),$(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko)
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define KernelPackage/nf-socket
166 SUBMENU:=$(NF_MENU)
167 TITLE:=Netfilter socket lookup support
168 KCONFIG:= $(KCOFNIG_NF_SOCKET)
169 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
170 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
171 endef
172
173 $(eval $(call KernelPackage,nf-socket))
174
175
176 define KernelPackage/nf-tproxy
177 SUBMENU:=$(NF_MENU)
178 TITLE:=Netfilter tproxy support
179 KCONFIG:= $(KCOFNIG_NF_TPROXY)
180 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
181 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
182 endef
183
184 $(eval $(call KernelPackage,nf-tproxy))
185
186
187 define AddDepends/ipt
188 SUBMENU:=$(NF_MENU)
189 DEPENDS+= +kmod-ipt-core $(1)
190 endef
191
192
193 define KernelPackage/ipt-conntrack
194 TITLE:=Basic connection tracking modules
195 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
196 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
197 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
198 $(call AddDepends/ipt,+kmod-nf-conntrack)
199 endef
200
201 define KernelPackage/ipt-conntrack/description
202 Netfilter (IPv4) kernel modules for connection tracking
203 Includes:
204 - conntrack
205 - defrag
206 - iptables_raw
207 - NOTRACK
208 - state
209 endef
210
211 $(eval $(call KernelPackage,ipt-conntrack))
212
213
214 define KernelPackage/ipt-conntrack-extra
215 TITLE:=Extra connection tracking modules
216 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
217 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
218 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
219 $(call AddDepends/ipt,+kmod-ipt-conntrack)
220 endef
221
222 define KernelPackage/ipt-conntrack-extra/description
223 Netfilter (IPv4) extra kernel modules for connection tracking
224 Includes:
225 - connbytes
226 - connmark/CONNMARK
227 - conntrack
228 - helper
229 - recent
230 endef
231
232 $(eval $(call KernelPackage,ipt-conntrack-extra))
233
234 define KernelPackage/ipt-conntrack-label
235 TITLE:=Module for handling connection tracking labels
236 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
237 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
238 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
239 $(call AddDepends/ipt,+kmod-ipt-conntrack)
240 endef
241
242 define KernelPackage/ipt-conntrack-label/description
243 Netfilter (IPv4) module for handling connection tracking labels
244 Includes:
245 - connlabel
246 endef
247
248 $(eval $(call KernelPackage,ipt-conntrack-label))
249
250 define KernelPackage/ipt-filter
251 TITLE:=Modules for packet content inspection
252 KCONFIG:=$(KCONFIG_IPT_FILTER)
253 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
254 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
255 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
256 endef
257
258 define KernelPackage/ipt-filter/description
259 Netfilter (IPv4) kernel modules for packet content inspection
260 Includes:
261 - string
262 - bpf
263 endef
264
265 $(eval $(call KernelPackage,ipt-filter))
266
267
268 define KernelPackage/ipt-offload
269 TITLE:=Netfilter routing/NAT offload support
270 KCONFIG:=$(KCONFIG_IPT_FLOW)
271 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
272 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
273 $(call AddDepends/ipt,+kmod-nf-flow)
274 endef
275
276 $(eval $(call KernelPackage,ipt-offload))
277
278
279 define KernelPackage/ipt-ipopt
280 TITLE:=Modules for matching/changing IP packet options
281 KCONFIG:=$(KCONFIG_IPT_IPOPT)
282 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
283 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
284 $(call AddDepends/ipt)
285 endef
286
287 define KernelPackage/ipt-ipopt/description
288 Netfilter (IPv4) modules for matching/changing IP packet options
289 Includes:
290 - CLASSIFY
291 - dscp/DSCP
292 - ecn/ECN
293 - hl/HL
294 - length
295 - mark/MARK
296 - statistic
297 - tcpmss
298 - time
299 - ttl/TTL
300 - unclean
301 endef
302
303 $(eval $(call KernelPackage,ipt-ipopt))
304
305
306 define KernelPackage/ipt-ipsec
307 TITLE:=Modules for matching IPSec packets
308 KCONFIG:=$(KCONFIG_IPT_IPSEC)
309 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
310 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
311 $(call AddDepends/ipt)
312 endef
313
314 define KernelPackage/ipt-ipsec/description
315 Netfilter (IPv4) modules for matching IPSec packets
316 Includes:
317 - ah
318 - esp
319 - policy
320 endef
321
322 $(eval $(call KernelPackage,ipt-ipsec))
323
324 IPSET_MODULES:= \
325 ipset/ip_set \
326 ipset/ip_set_bitmap_ip \
327 ipset/ip_set_bitmap_ipmac \
328 ipset/ip_set_bitmap_port \
329 ipset/ip_set_hash_ip \
330 ipset/ip_set_hash_ipmark \
331 ipset/ip_set_hash_ipport \
332 ipset/ip_set_hash_ipportip \
333 ipset/ip_set_hash_ipportnet \
334 ipset/ip_set_hash_mac \
335 ipset/ip_set_hash_netportnet \
336 ipset/ip_set_hash_net \
337 ipset/ip_set_hash_netnet \
338 ipset/ip_set_hash_netport \
339 ipset/ip_set_hash_netiface \
340 ipset/ip_set_list_set \
341 xt_set
342
343 define KernelPackage/ipt-ipset
344 SUBMENU:=Netfilter Extensions
345 TITLE:=IPset netfilter modules
346 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
347 KCONFIG:= \
348 CONFIG_IP_SET \
349 CONFIG_IP_SET_MAX=256 \
350 CONFIG_NETFILTER_XT_SET \
351 CONFIG_IP_SET_BITMAP_IP \
352 CONFIG_IP_SET_BITMAP_IPMAC \
353 CONFIG_IP_SET_BITMAP_PORT \
354 CONFIG_IP_SET_HASH_IP \
355 CONFIG_IP_SET_HASH_IPMAC \
356 CONFIG_IP_SET_HASH_IPMARK \
357 CONFIG_IP_SET_HASH_IPPORT \
358 CONFIG_IP_SET_HASH_IPPORTIP \
359 CONFIG_IP_SET_HASH_IPPORTNET \
360 CONFIG_IP_SET_HASH_MAC \
361 CONFIG_IP_SET_HASH_NET \
362 CONFIG_IP_SET_HASH_NETNET \
363 CONFIG_IP_SET_HASH_NETIFACE \
364 CONFIG_IP_SET_HASH_NETPORT \
365 CONFIG_IP_SET_HASH_NETPORTNET \
366 CONFIG_IP_SET_LIST_SET \
367 CONFIG_NET_EMATCH_IPSET=n
368 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
369 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
370 endef
371 $(eval $(call KernelPackage,ipt-ipset))
372
373
374 IPVS_MODULES:= \
375 ipvs/ip_vs \
376 ipvs/ip_vs_lc \
377 ipvs/ip_vs_wlc \
378 ipvs/ip_vs_rr \
379 ipvs/ip_vs_wrr \
380 ipvs/ip_vs_lblc \
381 ipvs/ip_vs_lblcr \
382 ipvs/ip_vs_dh \
383 ipvs/ip_vs_sh \
384 ipvs/ip_vs_fo \
385 ipvs/ip_vs_ovf \
386 ipvs/ip_vs_nq \
387 ipvs/ip_vs_sed \
388 xt_ipvs
389
390 define KernelPackage/nf-ipvs
391 SUBMENU:=Netfilter Extensions
392 TITLE:=IP Virtual Server modules
393 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
394 KCONFIG:= \
395 CONFIG_IP_VS \
396 CONFIG_IP_VS_IPV6=y \
397 CONFIG_IP_VS_DEBUG=n \
398 CONFIG_IP_VS_PROTO_TCP=y \
399 CONFIG_IP_VS_PROTO_UDP=y \
400 CONFIG_IP_VS_PROTO_AH_ESP=y \
401 CONFIG_IP_VS_PROTO_ESP=y \
402 CONFIG_IP_VS_PROTO_AH=y \
403 CONFIG_IP_VS_PROTO_SCTP=y \
404 CONFIG_IP_VS_TAB_BITS=12 \
405 CONFIG_IP_VS_RR \
406 CONFIG_IP_VS_WRR \
407 CONFIG_IP_VS_LC \
408 CONFIG_IP_VS_WLC \
409 CONFIG_IP_VS_FO \
410 CONFIG_IP_VS_OVF \
411 CONFIG_IP_VS_LBLC \
412 CONFIG_IP_VS_LBLCR \
413 CONFIG_IP_VS_DH \
414 CONFIG_IP_VS_SH \
415 CONFIG_IP_VS_SED \
416 CONFIG_IP_VS_NQ \
417 CONFIG_IP_VS_SH_TAB_BITS=8 \
418 CONFIG_IP_VS_NFCT=y \
419 CONFIG_NETFILTER_XT_MATCH_IPVS
420 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
421 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
422 endef
423
424 define KernelPackage/nf-ipvs/description
425 IPVS (IP Virtual Server) implements transport-layer load balancing inside
426 the Linux kernel so called Layer-4 switching.
427 endef
428
429 $(eval $(call KernelPackage,nf-ipvs))
430
431
432 define KernelPackage/nf-ipvs-ftp
433 SUBMENU:=$(NF_MENU)
434 TITLE:=Virtual Server FTP protocol support
435 KCONFIG:=CONFIG_IP_VS_FTP
436 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
437 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
438 endef
439
440 define KernelPackage/nf-ipvs-ftp/description
441 In the virtual server via Network Address Translation,
442 the IP address and port number of real servers cannot be sent to
443 clients in ftp connections directly, so FTP protocol helper is
444 required for tracking the connection and mangling it back to that of
445 virtual service.
446 endef
447
448 $(eval $(call KernelPackage,nf-ipvs-ftp))
449
450
451 define KernelPackage/nf-ipvs-sip
452 SUBMENU:=$(NF_MENU)
453 TITLE:=Virtual Server SIP protocol support
454 KCONFIG:=CONFIG_IP_VS_PE_SIP
455 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
456 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
457 endef
458
459 define KernelPackage/nf-ipvs-sip/description
460 Allow persistence based on the SIP Call-ID
461 endef
462
463 $(eval $(call KernelPackage,nf-ipvs-sip))
464
465
466 define KernelPackage/ipt-nat
467 TITLE:=Basic NAT targets
468 KCONFIG:=$(KCONFIG_IPT_NAT)
469 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
470 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
471 $(call AddDepends/ipt,+kmod-nf-nat)
472 endef
473
474 define KernelPackage/ipt-nat/description
475 Netfilter (IPv4) kernel modules for basic NAT targets
476 Includes:
477 - MASQUERADE
478 endef
479
480 $(eval $(call KernelPackage,ipt-nat))
481
482
483 define KernelPackage/ipt-raw
484 TITLE:=Netfilter IPv4 raw table support
485 KCONFIG:=CONFIG_IP_NF_RAW
486 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
487 AUTOLOAD:=$(call AutoProbe,iptable_raw)
488 $(call AddDepends/ipt)
489 endef
490
491 $(eval $(call KernelPackage,ipt-raw))
492
493
494 define KernelPackage/ipt-raw6
495 TITLE:=Netfilter IPv6 raw table support
496 DEPENDS:=@IPV6
497 KCONFIG:=CONFIG_IP6_NF_RAW
498 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
499 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
500 $(call AddDepends/ipt,+kmod-ip6tables)
501 endef
502
503 $(eval $(call KernelPackage,ipt-raw6))
504
505
506 define KernelPackage/ipt-nat6
507 TITLE:=IPv6 NAT targets
508 DEPENDS:=@IPV6
509 KCONFIG:=$(KCONFIG_IPT_NAT6)
510 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
511 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
512 $(call AddDepends/ipt,+kmod-nf-nat6)
513 $(call AddDepends/ipt,+kmod-ipt-conntrack)
514 $(call AddDepends/ipt,+kmod-ipt-nat)
515 $(call AddDepends/ipt,+kmod-ip6tables)
516 endef
517
518 define KernelPackage/ipt-nat6/description
519 Netfilter (IPv6) kernel modules for NAT targets
520 endef
521
522 $(eval $(call KernelPackage,ipt-nat6))
523
524
525 define KernelPackage/ipt-nat-extra
526 TITLE:=Extra NAT targets
527 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
528 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
529 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
530 $(call AddDepends/ipt,+kmod-ipt-nat)
531 endef
532
533 define KernelPackage/ipt-nat-extra/description
534 Netfilter (IPv4) kernel modules for extra NAT targets
535 Includes:
536 - NETMAP
537 - REDIRECT
538 endef
539
540 $(eval $(call KernelPackage,ipt-nat-extra))
541
542
543 define KernelPackage/nf-nathelper
544 SUBMENU:=$(NF_MENU)
545 TITLE:=Basic Conntrack and NAT helpers
546 KCONFIG:=$(KCONFIG_NF_NATHELPER)
547 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
548 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
549 DEPENDS:=+kmod-nf-nat
550 endef
551
552 define KernelPackage/nf-nathelper/description
553 Default Netfilter (IPv4) Conntrack and NAT helpers
554 Includes:
555 - ftp
556 endef
557
558 $(eval $(call KernelPackage,nf-nathelper))
559
560
561 define KernelPackage/nf-nathelper-extra
562 SUBMENU:=$(NF_MENU)
563 TITLE:=Extra Conntrack and NAT helpers
564 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
565 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
566 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
567 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
568 endef
569
570 define KernelPackage/nf-nathelper-extra/description
571 Extra Netfilter (IPv4) Conntrack and NAT helpers
572 Includes:
573 - amanda
574 - h323
575 - irc
576 - mms
577 - pptp
578 - proto_gre
579 - sip
580 - snmp_basic
581 - tftp
582 - broadcast
583 endef
584
585 $(eval $(call KernelPackage,nf-nathelper-extra))
586
587
588 define KernelPackage/ipt-ulog
589 TITLE:=Module for user-space packet logging
590 KCONFIG:=$(KCONFIG_IPT_ULOG)
591 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
592 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
593 $(call AddDepends/ipt)
594 endef
595
596 define KernelPackage/ipt-ulog/description
597 Netfilter (IPv4) module for user-space packet logging
598 Includes:
599 - ULOG
600 endef
601
602 $(eval $(call KernelPackage,ipt-ulog))
603
604
605 define KernelPackage/ipt-nflog
606 TITLE:=Module for user-space packet logging
607 KCONFIG:=$(KCONFIG_IPT_NFLOG)
608 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
609 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
610 $(call AddDepends/ipt,+kmod-nfnetlink-log)
611 endef
612
613 define KernelPackage/ipt-nflog/description
614 Netfilter module for user-space packet logging
615 Includes:
616 - NFLOG
617 endef
618
619 $(eval $(call KernelPackage,ipt-nflog))
620
621
622 define KernelPackage/ipt-nfqueue
623 TITLE:=Module for user-space packet queuing
624 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
625 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
626 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
627 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
628 endef
629
630 define KernelPackage/ipt-nfqueue/description
631 Netfilter module for user-space packet queuing
632 Includes:
633 - NFQUEUE
634 endef
635
636 $(eval $(call KernelPackage,ipt-nfqueue))
637
638
639 define KernelPackage/ipt-debug
640 TITLE:=Module for debugging/development
641 KCONFIG:=$(KCONFIG_IPT_DEBUG)
642 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
643 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
644 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
645 endef
646
647 define KernelPackage/ipt-debug/description
648 Netfilter modules for debugging/development of the firewall
649 Includes:
650 - TRACE
651 endef
652
653 $(eval $(call KernelPackage,ipt-debug))
654
655
656 define KernelPackage/ipt-led
657 TITLE:=Module to trigger a LED with a Netfilter rule
658 KCONFIG:=$(KCONFIG_IPT_LED)
659 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
660 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
661 $(call AddDepends/ipt)
662 endef
663
664 define KernelPackage/ipt-led/description
665 Netfilter target to trigger a LED when a network packet is matched.
666 endef
667
668 $(eval $(call KernelPackage,ipt-led))
669
670 define KernelPackage/ipt-socket
671 TITLE:=Iptables socket matching support
672 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
673 KCONFIG:=$(KCONFIG_IPT_SOCKET)
674 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
675 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
676 $(call AddDepends/ipt)
677 endef
678
679 define KernelPackage/ipt-socket/description
680 Kernel modules for socket matching
681 endef
682
683 $(eval $(call KernelPackage,ipt-socket))
684
685 define KernelPackage/ipt-tproxy
686 TITLE:=Transparent proxying support
687 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
688 KCONFIG:=$(KCONFIG_IPT_TPROXY)
689 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
690 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
691 $(call AddDepends/ipt)
692 endef
693
694 define KernelPackage/ipt-tproxy/description
695 Kernel modules for Transparent Proxying
696 endef
697
698 $(eval $(call KernelPackage,ipt-tproxy))
699
700 define KernelPackage/ipt-tee
701 TITLE:=TEE support
702 DEPENDS:=+kmod-ipt-conntrack
703 KCONFIG:=$(KCONFIG_IPT_TEE)
704 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
705 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
706 $(call AddDepends/ipt)
707 endef
708
709 define KernelPackage/ipt-tee/description
710 Kernel modules for TEE
711 endef
712
713 $(eval $(call KernelPackage,ipt-tee))
714
715
716 define KernelPackage/ipt-u32
717 TITLE:=U32 support
718 KCONFIG:=$(KCONFIG_IPT_U32)
719 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
720 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
721 $(call AddDepends/ipt)
722 endef
723
724 define KernelPackage/ipt-u32/description
725 Kernel modules for U32
726 endef
727
728 $(eval $(call KernelPackage,ipt-u32))
729
730 define KernelPackage/ipt-checksum
731 TITLE:=CHECKSUM support
732 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
733 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
734 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
735 $(call AddDepends/ipt)
736 endef
737
738 define KernelPackage/ipt-checksum/description
739 Kernel modules for CHECKSUM fillin target
740 endef
741
742 $(eval $(call KernelPackage,ipt-checksum))
743
744
745 define KernelPackage/ipt-iprange
746 TITLE:=Module for matching ip ranges
747 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
748 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
749 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
750 $(call AddDepends/ipt)
751 endef
752
753 define KernelPackage/ipt-iprange/description
754 Netfilter (IPv4) module for matching ip ranges
755 Includes:
756 - iprange
757 endef
758
759 $(eval $(call KernelPackage,ipt-iprange))
760
761 define KernelPackage/ipt-cluster
762 TITLE:=Module for matching cluster
763 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
764 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
765 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
766 $(call AddDepends/ipt,+kmod-nf-conntrack)
767 endef
768
769 define KernelPackage/ipt-cluster/description
770 Netfilter (IPv4/IPv6) module for matching cluster
771 This option allows you to build work-load-sharing clusters of
772 network servers/stateful firewalls without having a dedicated
773 load-balancing router/server/switch. Basically, this match returns
774 true when the packet must be handled by this cluster node. Thus,
775 all nodes see all packets and this match decides which node handles
776 what packets. The work-load sharing algorithm is based on source
777 address hashing.
778
779 This module is usable for ipv4 and ipv6.
780
781 To use it also enable iptables-mod-cluster
782
783 see `iptables -m cluster --help` for more information.
784 endef
785
786 $(eval $(call KernelPackage,ipt-cluster))
787
788 define KernelPackage/ipt-clusterip
789 TITLE:=Module for CLUSTERIP
790 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
791 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
792 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
793 $(call AddDepends/ipt,+kmod-nf-conntrack)
794 endef
795
796 define KernelPackage/ipt-clusterip/description
797 Netfilter (IPv4-only) module for CLUSTERIP
798 The CLUSTERIP target allows you to build load-balancing clusters of
799 network servers without having a dedicated load-balancing
800 router/server/switch.
801
802 To use it also enable iptables-mod-clusterip
803
804 see `iptables -j CLUSTERIP --help` for more information.
805 endef
806
807 $(eval $(call KernelPackage,ipt-clusterip))
808
809
810 define KernelPackage/ipt-extra
811 TITLE:=Extra modules
812 KCONFIG:=$(KCONFIG_IPT_EXTRA)
813 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
814 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
815 $(call AddDepends/ipt)
816 endef
817
818 define KernelPackage/ipt-extra/description
819 Other Netfilter (IPv4) kernel modules
820 Includes:
821 - addrtype
822 - owner
823 - pkttype
824 - quota
825 endef
826
827 $(eval $(call KernelPackage,ipt-extra))
828
829
830 define KernelPackage/ipt-physdev
831 TITLE:=physdev module
832 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
833 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
834 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
835 $(call AddDepends/ipt,+kmod-br-netfilter)
836 endef
837
838 define KernelPackage/ipt-physdev/description
839 The iptables physdev kernel module
840 endef
841
842 $(eval $(call KernelPackage,ipt-physdev))
843
844
845 define KernelPackage/ip6tables
846 SUBMENU:=$(NF_MENU)
847 TITLE:=IPv6 modules
848 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
849 KCONFIG:=$(KCONFIG_IPT_IPV6)
850 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
851 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
852 endef
853
854 define KernelPackage/ip6tables/description
855 Netfilter IPv6 firewalling support
856 endef
857
858 $(eval $(call KernelPackage,ip6tables))
859
860 define KernelPackage/ip6tables-extra
861 SUBMENU:=$(NF_MENU)
862 TITLE:=Extra IPv6 modules
863 DEPENDS:=@IPV6 +kmod-ip6tables
864 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
865 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
866 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
867 endef
868
869 define KernelPackage/ip6tables-extra/description
870 Netfilter IPv6 extra header matching modules
871 endef
872
873 $(eval $(call KernelPackage,ip6tables-extra))
874
875 ARP_MODULES = arp_tables arpt_mangle arptable_filter
876 define KernelPackage/arptables
877 SUBMENU:=$(NF_MENU)
878 TITLE:=ARP firewalling modules
879 DEPENDS:=+kmod-ipt-core
880 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
881 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
882 CONFIG_IP_NF_ARPFILTER \
883 CONFIG_IP_NF_ARP_MANGLE
884 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
885 endef
886
887 define KernelPackage/arptables/description
888 Kernel modules for ARP firewalling
889 endef
890
891 $(eval $(call KernelPackage,arptables))
892
893
894 define KernelPackage/br-netfilter
895 SUBMENU:=$(NF_MENU)
896 TITLE:=Bridge netfilter support modules
897 DEPENDS:=+kmod-ipt-core
898 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
899 KCONFIG:=CONFIG_BRIDGE_NETFILTER
900 AUTOLOAD:=$(call AutoProbe,br_netfilter)
901 endef
902
903 define KernelPackage/br-netfilter/install
904 $(INSTALL_DIR) $(1)/etc/sysctl.d
905 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
906 endef
907
908 $(eval $(call KernelPackage,br-netfilter))
909
910
911 define KernelPackage/ebtables
912 SUBMENU:=$(NF_MENU)
913 TITLE:=Bridge firewalling modules
914 DEPENDS:=+kmod-ipt-core
915 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
916 KCONFIG:=$(KCONFIG_EBTABLES)
917 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
918 endef
919
920 define KernelPackage/ebtables/description
921 ebtables is a general, extensible frame/packet identification
922 framework. It provides you to do Ethernet
923 filtering/NAT/brouting on the Ethernet bridge.
924 endef
925
926 $(eval $(call KernelPackage,ebtables))
927
928
929 define AddDepends/ebtables
930 SUBMENU:=$(NF_MENU)
931 DEPENDS+= +kmod-ebtables $(1)
932 endef
933
934
935 define KernelPackage/ebtables-ipv4
936 TITLE:=ebtables: IPv4 support
937 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
938 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
939 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
940 $(call AddDepends/ebtables)
941 endef
942
943 define KernelPackage/ebtables-ipv4/description
944 This option adds the IPv4 support to ebtables, which allows basic
945 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
946 endef
947
948 $(eval $(call KernelPackage,ebtables-ipv4))
949
950
951 define KernelPackage/ebtables-ipv6
952 TITLE:=ebtables: IPv6 support
953 DEPENDS:=@IPV6
954 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
955 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
956 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
957 $(call AddDepends/ebtables)
958 endef
959
960 define KernelPackage/ebtables-ipv6/description
961 This option adds the IPv6 support to ebtables, which allows basic
962 IPv6 header field filtering and target support.
963 endef
964
965 $(eval $(call KernelPackage,ebtables-ipv6))
966
967
968 define KernelPackage/ebtables-watchers
969 TITLE:=ebtables: watchers support
970 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
971 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
972 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
973 $(call AddDepends/ebtables)
974 endef
975
976 define KernelPackage/ebtables-watchers/description
977 This option adds the log watchers, that you can use in any rule
978 in any ebtables table.
979 endef
980
981 $(eval $(call KernelPackage,ebtables-watchers))
982
983
984 define KernelPackage/nfnetlink
985 SUBMENU:=$(NF_MENU)
986 TITLE:=Netlink-based userspace interface
987 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
988 KCONFIG:=$(KCONFIG_NFNETLINK)
989 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
990 endef
991
992 define KernelPackage/nfnetlink/description
993 Kernel modules support for a netlink-based userspace interface
994 endef
995
996 $(eval $(call KernelPackage,nfnetlink))
997
998
999 define AddDepends/nfnetlink
1000 SUBMENU:=$(NF_MENU)
1001 DEPENDS+=+kmod-nfnetlink $(1)
1002 endef
1003
1004
1005 define KernelPackage/nfnetlink-log
1006 TITLE:=Netfilter LOG over NFNETLINK interface
1007 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1008 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1009 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1010 $(call AddDepends/nfnetlink)
1011 endef
1012
1013 define KernelPackage/nfnetlink-log/description
1014 Kernel modules support for logging packets via NFNETLINK
1015 Includes:
1016 - NFLOG
1017 endef
1018
1019 $(eval $(call KernelPackage,nfnetlink-log))
1020
1021
1022 define KernelPackage/nfnetlink-queue
1023 TITLE:=Netfilter QUEUE over NFNETLINK interface
1024 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1025 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1026 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1027 $(call AddDepends/nfnetlink)
1028 endef
1029
1030 define KernelPackage/nfnetlink-queue/description
1031 Kernel modules support for queueing packets via NFNETLINK
1032 Includes:
1033 - NFQUEUE
1034 endef
1035
1036 $(eval $(call KernelPackage,nfnetlink-queue))
1037
1038
1039 define KernelPackage/nf-conntrack-netlink
1040 TITLE:=Connection tracking netlink interface
1041 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1042 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1043 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1044 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1045 endef
1046
1047 define KernelPackage/nf-conntrack-netlink/description
1048 Kernel modules support for a netlink-based connection tracking
1049 userspace interface
1050 endef
1051
1052 $(eval $(call KernelPackage,nf-conntrack-netlink))
1053
1054 define KernelPackage/ipt-hashlimit
1055 SUBMENU:=$(NF_MENU)
1056 TITLE:=Netfilter hashlimit match
1057 DEPENDS:=+kmod-ipt-core
1058 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1059 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1060 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1061 $(call KernelPackage/ipt)
1062 endef
1063
1064 define KernelPackage/ipt-hashlimit/description
1065 Kernel modules support for the hashlimit bucket match module
1066 endef
1067
1068 $(eval $(call KernelPackage,ipt-hashlimit))
1069
1070 define KernelPackage/ipt-rpfilter
1071 SUBMENU:=$(NF_MENU)
1072 TITLE:=Netfilter rpfilter match
1073 DEPENDS:=+kmod-ipt-core
1074 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1075 FILES:=$(realpath \
1076 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1077 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1078 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1079 $(call KernelPackage/ipt)
1080 endef
1081
1082 define KernelPackage/ipt-rpfilter/description
1083 Kernel modules support for the Netfilter rpfilter match
1084 endef
1085
1086 $(eval $(call KernelPackage,ipt-rpfilter))
1087
1088
1089 define KernelPackage/nft-core
1090 SUBMENU:=$(NF_MENU)
1091 TITLE:=Netfilter nf_tables support
1092 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-lib-crc32c
1093 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1094 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1095 KCONFIG:= \
1096 CONFIG_NFT_COMPAT=n \
1097 CONFIG_NFT_QUEUE=n \
1098 $(KCONFIG_NFT_CORE)
1099 endef
1100
1101 define KernelPackage/nft-core/description
1102 Kernel module support for nftables
1103 endef
1104
1105 $(eval $(call KernelPackage,nft-core))
1106
1107
1108 define KernelPackage/nft-arp
1109 SUBMENU:=$(NF_MENU)
1110 TITLE:=Netfilter nf_tables ARP table support
1111 DEPENDS:=+kmod-nft-core
1112 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1114 KCONFIG:=$(KCONFIG_NFT_ARP)
1115 endef
1116
1117 $(eval $(call KernelPackage,nft-arp))
1118
1119
1120 define KernelPackage/nft-bridge
1121 SUBMENU:=$(NF_MENU)
1122 TITLE:=Netfilter nf_tables bridge table support
1123 DEPENDS:=+kmod-nft-core
1124 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1125 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1126 KCONFIG:= \
1127 CONFIG_NF_LOG_BRIDGE=n \
1128 $(KCONFIG_NFT_BRIDGE)
1129 endef
1130
1131 $(eval $(call KernelPackage,nft-bridge))
1132
1133
1134 define KernelPackage/nft-nat
1135 SUBMENU:=$(NF_MENU)
1136 TITLE:=Netfilter nf_tables NAT support
1137 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1138 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1139 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1140 KCONFIG:=$(KCONFIG_NFT_NAT)
1141 endef
1142
1143 $(eval $(call KernelPackage,nft-nat))
1144
1145
1146 define KernelPackage/nft-offload
1147 SUBMENU:=$(NF_MENU)
1148 TITLE:=Netfilter nf_tables routing/NAT offload support
1149 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1150 KCONFIG:= \
1151 CONFIG_NF_FLOW_TABLE_INET \
1152 CONFIG_NF_FLOW_TABLE_IPV4 \
1153 CONFIG_NF_FLOW_TABLE_IPV6 \
1154 CONFIG_NFT_FLOW_OFFLOAD
1155 FILES:= \
1156 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1157 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1158 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1159 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1160 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1161 endef
1162
1163 $(eval $(call KernelPackage,nft-offload))
1164
1165
1166 define KernelPackage/nft-nat6
1167 SUBMENU:=$(NF_MENU)
1168 TITLE:=Netfilter nf_tables IPv6-NAT support
1169 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1170 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1171 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1172 KCONFIG:=$(KCONFIG_NFT_NAT6)
1173 endef
1174
1175 $(eval $(call KernelPackage,nft-nat6))
1176
1177 define KernelPackage/nft-netdev
1178 SUBMENU:=$(NF_MENU)
1179 TITLE:=Netfilter nf_tables netdev support
1180 DEPENDS:=+kmod-nft-core
1181 KCONFIG:= \
1182 CONFIG_NETFILTER_INGRESS=y \
1183 CONFIG_NF_TABLES_NETDEV \
1184 CONFIG_NF_DUP_NETDEV \
1185 CONFIG_NFT_DUP_NETDEV \
1186 CONFIG_NFT_FWD_NETDEV
1187 FILES:= \
1188 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1189 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1190 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1191 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1192 endef
1193
1194 $(eval $(call KernelPackage,nft-netdev))
1195
1196
1197 define KernelPackage/nft-fib
1198 SUBMENU:=$(NF_MENU)
1199 TITLE:=Netfilter nf_tables fib support
1200 DEPENDS:=+kmod-nft-core
1201 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1202 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1203 KCONFIG:=$(KCONFIG_NFT_FIB)
1204 endef
1205
1206 $(eval $(call KernelPackage,nft-fib))
1207
1208
1209 define KernelPackage/nft-queue
1210 SUBMENU:=$(NF_MENU)
1211 TITLE:=Netfilter nf_tables queue support
1212 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1213 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1214 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1215 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1216 endef
1217
1218 $(eval $(call KernelPackage,nft-queue))
1219
1220 define KernelPackage/nft-socket
1221 SUBMENU:=$(NF_MENU)
1222 TITLE:=Netfilter nf_tables socket support
1223 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1224 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1225 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1226 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1227 endef
1228
1229 $(eval $(call KernelPackage,nft-socket))
1230
1231 define KernelPackage/nft-compat
1232 SUBMENU:=$(NF_MENU)
1233 TITLE:=Netfilter nf_tables compat support
1234 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1235 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1236 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1237 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1238 endef
1239
1240 $(eval $(call KernelPackage,nft-compat))
OpenWrt Source Repository