projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
iptables: Support building connlabel module
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 $(eval $(call KernelPackage,nf-conntrack))
105
106
107 define KernelPackage/nf-conntrack6
108 SUBMENU:=$(NF_MENU)
109 TITLE:=Netfilter IPv6 connection tracking
110 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
111 DEPENDS:=@IPV6 +kmod-nf-conntrack
112 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
114 endef
115
116 $(eval $(call KernelPackage,nf-conntrack6))
117
118
119 define KernelPackage/nf-nat
120 SUBMENU:=$(NF_MENU)
121 TITLE:=Netfilter NAT
122 KCONFIG:=$(KCONFIG_NF_NAT)
123 DEPENDS:=+kmod-nf-conntrack
124 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
126 endef
127
128 $(eval $(call KernelPackage,nf-nat))
129
130
131 define KernelPackage/nf-nat6
132 SUBMENU:=$(NF_MENU)
133 TITLE:=Netfilter IPV6-NAT
134 KCONFIG:=$(KCONFIG_NF_NAT6)
135 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
136 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
137 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
138 endef
139
140 $(eval $(call KernelPackage,nf-nat6))
141
142
143 define AddDepends/ipt
144 SUBMENU:=$(NF_MENU)
145 DEPENDS+= +kmod-ipt-core $(1)
146 endef
147
148
149 define KernelPackage/ipt-conntrack
150 TITLE:=Basic connection tracking modules
151 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
152 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
154 $(call AddDepends/ipt,+kmod-nf-conntrack)
155 endef
156
157 define KernelPackage/ipt-conntrack/description
158 Netfilter (IPv4) kernel modules for connection tracking
159 Includes:
160 - conntrack
161 - defrag
162 - iptables_raw
163 - NOTRACK
164 - state
165 endef
166
167 $(eval $(call KernelPackage,ipt-conntrack))
168
169
170 define KernelPackage/ipt-conntrack-extra
171 TITLE:=Extra connection tracking modules
172 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
173 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
174 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
175 $(call AddDepends/ipt,+kmod-ipt-conntrack)
176 endef
177
178 define KernelPackage/ipt-conntrack-extra/description
179 Netfilter (IPv4) extra kernel modules for connection tracking
180 Includes:
181 - connbytes
182 - connmark/CONNMARK
183 - conntrack
184 - helper
185 - recent
186 endef
187
188 $(eval $(call KernelPackage,ipt-conntrack-extra))
189
190 define KernelPackage/ipt-conntrack-label
191 TITLE:=Module for handling connection tracking labels
192 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
193 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
194 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
195 $(call AddDepends/ipt,+kmod-ipt-conntrack)
196 endef
197
198 define KernelPackage/ipt-conntrack-label/description
199 Netfilter (IPv4) module for handling connection tracking labels
200 Includes:
201 - connlabel
202 endef
203
204 $(eval $(call KernelPackage,ipt-conntrack-label))
205
206 define KernelPackage/ipt-filter
207 TITLE:=Modules for packet content inspection
208 KCONFIG:=$(KCONFIG_IPT_FILTER)
209 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
210 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
211 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
212 endef
213
214 define KernelPackage/ipt-filter/description
215 Netfilter (IPv4) kernel modules for packet content inspection
216 Includes:
217 - string
218 endef
219
220 $(eval $(call KernelPackage,ipt-filter))
221
222
223 define KernelPackage/ipt-ipopt
224 TITLE:=Modules for matching/changing IP packet options
225 KCONFIG:=$(KCONFIG_IPT_IPOPT)
226 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
227 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
228 $(call AddDepends/ipt)
229 endef
230
231 define KernelPackage/ipt-ipopt/description
232 Netfilter (IPv4) modules for matching/changing IP packet options
233 Includes:
234 - CLASSIFY
235 - dscp/DSCP
236 - ecn/ECN
237 - hl/HL
238 - length
239 - mark/MARK
240 - statistic
241 - tcpmss
242 - time
243 - ttl/TTL
244 - unclean
245 endef
246
247 $(eval $(call KernelPackage,ipt-ipopt))
248
249
250 define KernelPackage/ipt-ipsec
251 TITLE:=Modules for matching IPSec packets
252 KCONFIG:=$(KCONFIG_IPT_IPSEC)
253 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
254 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
255 $(call AddDepends/ipt)
256 endef
257
258 define KernelPackage/ipt-ipsec/description
259 Netfilter (IPv4) modules for matching IPSec packets
260 Includes:
261 - ah
262 - esp
263 - policy
264 endef
265
266 $(eval $(call KernelPackage,ipt-ipsec))
267
268 IPSET_MODULES:= \
269 ipset/ip_set \
270 ipset/ip_set_bitmap_ip \
271 ipset/ip_set_bitmap_ipmac \
272 ipset/ip_set_bitmap_port \
273 ipset/ip_set_hash_ip \
274 ipset/ip_set_hash_ipmark \
275 ipset/ip_set_hash_ipport \
276 ipset/ip_set_hash_ipportip \
277 ipset/ip_set_hash_ipportnet \
278 ipset/ip_set_hash_mac \
279 ipset/ip_set_hash_netportnet \
280 ipset/ip_set_hash_net \
281 ipset/ip_set_hash_netnet \
282 ipset/ip_set_hash_netport \
283 ipset/ip_set_hash_netiface \
284 ipset/ip_set_list_set \
285 xt_set
286
287 define KernelPackage/ipt-ipset
288 SUBMENU:=Netfilter Extensions
289 TITLE:=IPset netfilter modules
290 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
291 KCONFIG:= \
292 CONFIG_IP_SET \
293 CONFIG_IP_SET_MAX=256 \
294 CONFIG_NETFILTER_XT_SET \
295 CONFIG_IP_SET_BITMAP_IP \
296 CONFIG_IP_SET_BITMAP_IPMAC \
297 CONFIG_IP_SET_BITMAP_PORT \
298 CONFIG_IP_SET_HASH_IP \
299 CONFIG_IP_SET_HASH_IPMARK \
300 CONFIG_IP_SET_HASH_IPPORT \
301 CONFIG_IP_SET_HASH_IPPORTIP \
302 CONFIG_IP_SET_HASH_IPPORTNET \
303 CONFIG_IP_SET_HASH_MAC \
304 CONFIG_IP_SET_HASH_NET \
305 CONFIG_IP_SET_HASH_NETNET \
306 CONFIG_IP_SET_HASH_NETIFACE \
307 CONFIG_IP_SET_HASH_NETPORT \
308 CONFIG_IP_SET_HASH_NETPORTNET \
309 CONFIG_IP_SET_LIST_SET \
310 CONFIG_NET_EMATCH_IPSET=n
311 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
312 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
313 endef
314 $(eval $(call KernelPackage,ipt-ipset))
315
316
317 define KernelPackage/ipt-nat
318 TITLE:=Basic NAT targets
319 KCONFIG:=$(KCONFIG_IPT_NAT)
320 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
321 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
322 $(call AddDepends/ipt,+kmod-nf-nat)
323 endef
324
325 define KernelPackage/ipt-nat/description
326 Netfilter (IPv4) kernel modules for basic NAT targets
327 Includes:
328 - MASQUERADE
329 endef
330
331 $(eval $(call KernelPackage,ipt-nat))
332
333
334 define KernelPackage/ipt-raw
335 TITLE:=Netfilter IPv4 raw table support
336 KCONFIG:=CONFIG_IP_NF_RAW
337 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
338 AUTOLOAD:=$(call AutoProbe,iptable_raw)
339 $(call AddDepends/ipt)
340 endef
341
342 $(eval $(call KernelPackage,ipt-raw))
343
344
345 define KernelPackage/ipt-raw6
346 TITLE:=Netfilter IPv6 raw table support
347 KCONFIG:=CONFIG_IP6_NF_RAW
348 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
349 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
350 $(call AddDepends/ipt,+kmod-ip6tables)
351 endef
352
353 $(eval $(call KernelPackage,ipt-raw6))
354
355
356 define KernelPackage/ipt-nat6
357 TITLE:=IPv6 NAT targets
358 KCONFIG:=$(KCONFIG_IPT_NAT6)
359 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
360 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
361 $(call AddDepends/ipt,+kmod-nf-nat6)
362 $(call AddDepends/ipt,+kmod-ipt-conntrack)
363 $(call AddDepends/ipt,+kmod-ipt-nat)
364 $(call AddDepends/ipt,+kmod-ip6tables)
365 endef
366
367 define KernelPackage/ipt-nat6/description
368 Netfilter (IPv6) kernel modules for NAT targets
369 endef
370
371 $(eval $(call KernelPackage,ipt-nat6))
372
373
374 define KernelPackage/ipt-nat-extra
375 TITLE:=Extra NAT targets
376 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
377 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
378 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
379 $(call AddDepends/ipt,+kmod-ipt-nat)
380 endef
381
382 define KernelPackage/ipt-nat-extra/description
383 Netfilter (IPv4) kernel modules for extra NAT targets
384 Includes:
385 - NETMAP
386 - REDIRECT
387 endef
388
389 $(eval $(call KernelPackage,ipt-nat-extra))
390
391
392 define KernelPackage/nf-nathelper
393 SUBMENU:=$(NF_MENU)
394 TITLE:=Basic Conntrack and NAT helpers
395 KCONFIG:=$(KCONFIG_NF_NATHELPER)
396 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
397 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
398 DEPENDS:=+kmod-nf-nat
399 endef
400
401 define KernelPackage/nf-nathelper/description
402 Default Netfilter (IPv4) Conntrack and NAT helpers
403 Includes:
404 - ftp
405 endef
406
407 $(eval $(call KernelPackage,nf-nathelper))
408
409
410 define KernelPackage/nf-nathelper-extra
411 SUBMENU:=$(NF_MENU)
412 TITLE:=Extra Conntrack and NAT helpers
413 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
414 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
415 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
416 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
417 endef
418
419 define KernelPackage/nf-nathelper-extra/description
420 Extra Netfilter (IPv4) Conntrack and NAT helpers
421 Includes:
422 - amanda
423 - h323
424 - irc
425 - mms
426 - pptp
427 - proto_gre
428 - sip
429 - snmp_basic
430 - tftp
431 - broadcast
432 endef
433
434 $(eval $(call KernelPackage,nf-nathelper-extra))
435
436
437 define KernelPackage/ipt-ulog
438 TITLE:=Module for user-space packet logging
439 KCONFIG:=$(KCONFIG_IPT_ULOG)
440 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
441 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
442 $(call AddDepends/ipt)
443 endef
444
445 define KernelPackage/ipt-ulog/description
446 Netfilter (IPv4) module for user-space packet logging
447 Includes:
448 - ULOG
449 endef
450
451 $(eval $(call KernelPackage,ipt-ulog))
452
453
454 define KernelPackage/ipt-nflog
455 TITLE:=Module for user-space packet logging
456 KCONFIG:=$(KCONFIG_IPT_NFLOG)
457 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
458 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
459 $(call AddDepends/ipt,+kmod-nfnetlink-log)
460 endef
461
462 define KernelPackage/ipt-nflog/description
463 Netfilter module for user-space packet logging
464 Includes:
465 - NFLOG
466 endef
467
468 $(eval $(call KernelPackage,ipt-nflog))
469
470
471 define KernelPackage/ipt-nfqueue
472 TITLE:=Module for user-space packet queuing
473 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
474 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
475 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
476 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
477 endef
478
479 define KernelPackage/ipt-nfqueue/description
480 Netfilter module for user-space packet queuing
481 Includes:
482 - NFQUEUE
483 endef
484
485 $(eval $(call KernelPackage,ipt-nfqueue))
486
487
488 define KernelPackage/ipt-debug
489 TITLE:=Module for debugging/development
490 KCONFIG:=$(KCONFIG_IPT_DEBUG)
491 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
492 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
493 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
494 endef
495
496 define KernelPackage/ipt-debug/description
497 Netfilter modules for debugging/development of the firewall
498 Includes:
499 - TRACE
500 endef
501
502 $(eval $(call KernelPackage,ipt-debug))
503
504
505 define KernelPackage/ipt-led
506 TITLE:=Module to trigger a LED with a Netfilter rule
507 KCONFIG:=$(KCONFIG_IPT_LED)
508 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
509 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
510 $(call AddDepends/ipt)
511 endef
512
513 define KernelPackage/ipt-led/description
514 Netfilter target to trigger a LED when a network packet is matched.
515 endef
516
517 $(eval $(call KernelPackage,ipt-led))
518
519 define KernelPackage/ipt-tproxy
520 TITLE:=Transparent proxying support
521 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
522 KCONFIG:= \
523 CONFIG_NETFILTER_XT_MATCH_SOCKET \
524 CONFIG_NETFILTER_XT_TARGET_TPROXY
525 FILES:= \
526 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
527 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
528 $(call AddDepends/ipt)
529 endef
530
531 define KernelPackage/ipt-tproxy/description
532 Kernel modules for Transparent Proxying
533 endef
534
535 $(eval $(call KernelPackage,ipt-tproxy))
536
537 define KernelPackage/ipt-tee
538 TITLE:=TEE support
539 DEPENDS:=+kmod-ipt-conntrack
540 KCONFIG:= \
541 CONFIG_NETFILTER_XT_TARGET_TEE
542 FILES:= \
543 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
544 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
545 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
546 $(call AddDepends/ipt)
547 endef
548
549 define KernelPackage/ipt-tee/description
550 Kernel modules for TEE
551 endef
552
553 $(eval $(call KernelPackage,ipt-tee))
554
555
556 define KernelPackage/ipt-u32
557 TITLE:=U32 support
558 KCONFIG:= \
559 CONFIG_NETFILTER_XT_MATCH_U32
560 FILES:= \
561 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
562 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
563 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
564 $(call AddDepends/ipt)
565 endef
566
567 define KernelPackage/ipt-u32/description
568 Kernel modules for U32
569 endef
570
571 $(eval $(call KernelPackage,ipt-u32))
572
573 define KernelPackage/ipt-checksum
574 TITLE:=CHECKSUM support
575 KCONFIG:= \
576 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
577 FILES:= \
578 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
579 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
580 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
581 $(call AddDepends/ipt)
582 endef
583
584 define KernelPackage/ipt-checksum/description
585 Kernel modules for CHECKSUM fillin target
586 endef
587
588 $(eval $(call KernelPackage,ipt-checksum))
589
590
591 define KernelPackage/ipt-iprange
592 TITLE:=Module for matching ip ranges
593 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
594 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
595 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
596 $(call AddDepends/ipt)
597 endef
598
599 define KernelPackage/ipt-iprange/description
600 Netfilter (IPv4) module for matching ip ranges
601 Includes:
602 - iprange
603 endef
604
605 $(eval $(call KernelPackage,ipt-iprange))
606
607 define KernelPackage/ipt-cluster
608 TITLE:=Module for matching cluster
609 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
610 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
611 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
612 $(call AddDepends/ipt)
613 endef
614
615 define KernelPackage/ipt-cluster/description
616 Netfilter (IPv4/IPv6) module for matching cluster
617 This option allows you to build work-load-sharing clusters of
618 network servers/stateful firewalls without having a dedicated
619 load-balancing router/server/switch. Basically, this match returns
620 true when the packet must be handled by this cluster node. Thus,
621 all nodes see all packets and this match decides which node handles
622 what packets. The work-load sharing algorithm is based on source
623 address hashing.
624
625 This module is usable for ipv4 and ipv6.
626
627 To use it also enable iptables-mod-cluster
628
629 see `iptables -m cluster --help` for more information.
630 endef
631
632 $(eval $(call KernelPackage,ipt-cluster))
633
634 define KernelPackage/ipt-clusterip
635 TITLE:=Module for CLUSTERIP
636 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
637 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
638 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
639 $(call AddDepends/ipt,+kmod-nf-conntrack)
640 endef
641
642 define KernelPackage/ipt-clusterip/description
643 Netfilter (IPv4-only) module for CLUSTERIP
644 The CLUSTERIP target allows you to build load-balancing clusters of
645 network servers without having a dedicated load-balancing
646 router/server/switch.
647
648 To use it also enable iptables-mod-clusterip
649
650 see `iptables -j CLUSTERIP --help` for more information.
651 endef
652
653 $(eval $(call KernelPackage,ipt-clusterip))
654
655
656 define KernelPackage/ipt-extra
657 TITLE:=Extra modules
658 KCONFIG:=$(KCONFIG_IPT_EXTRA)
659 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
660 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
661 $(call AddDepends/ipt,+kmod-br-netfilter)
662 endef
663
664 define KernelPackage/ipt-extra/description
665 Other Netfilter (IPv4) kernel modules
666 Includes:
667 - addrtype
668 - owner
669 - physdev (if bridge support was enabled in kernel)
670 - pkttype
671 - quota
672 endef
673
674 $(eval $(call KernelPackage,ipt-extra))
675
676
677 define KernelPackage/ip6tables
678 SUBMENU:=$(NF_MENU)
679 TITLE:=IPv6 modules
680 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
681 KCONFIG:=$(KCONFIG_IPT_IPV6)
682 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
683 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
684 endef
685
686 define KernelPackage/ip6tables/description
687 Netfilter IPv6 firewalling support
688 endef
689
690 $(eval $(call KernelPackage,ip6tables))
691
692 define KernelPackage/ip6tables-extra
693 SUBMENU:=$(NF_MENU)
694 TITLE:=Extra IPv6 modules
695 DEPENDS:=+kmod-ip6tables
696 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
697 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
698 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
699 endef
700
701 define KernelPackage/ip6tables-extra/description
702 Netfilter IPv6 extra header matching modules
703 endef
704
705 $(eval $(call KernelPackage,ip6tables-extra))
706
707 ARP_MODULES = arp_tables arpt_mangle arptable_filter
708 define KernelPackage/arptables
709 SUBMENU:=$(NF_MENU)
710 TITLE:=ARP firewalling modules
711 DEPENDS:=+kmod-ipt-core
712 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
713 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
714 CONFIG_IP_NF_ARPFILTER \
715 CONFIG_IP_NF_ARP_MANGLE
716 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
717 endef
718
719 define KernelPackage/arptables/description
720 Kernel modules for ARP firewalling
721 endef
722
723 $(eval $(call KernelPackage,arptables))
724
725
726 define KernelPackage/br-netfilter
727 SUBMENU:=$(NF_MENU)
728 TITLE:=Bridge netfilter support modules
729 HIDDEN:=1
730 DEPENDS:=+kmod-ipt-core
731 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
732 KCONFIG:=CONFIG_BRIDGE_NETFILTER
733 AUTOLOAD:=$(call AutoProbe,br_netfilter)
734 endef
735
736 $(eval $(call KernelPackage,br-netfilter))
737
738
739 define KernelPackage/ebtables
740 SUBMENU:=$(NF_MENU)
741 TITLE:=Bridge firewalling modules
742 DEPENDS:=+kmod-ipt-core +kmod-br-netfilter
743 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
744 KCONFIG:=$(KCONFIG_EBTABLES)
745 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
746 endef
747
748 define KernelPackage/ebtables/description
749 ebtables is a general, extensible frame/packet identification
750 framework. It provides you to do Ethernet
751 filtering/NAT/brouting on the Ethernet bridge.
752 endef
753
754 $(eval $(call KernelPackage,ebtables))
755
756
757 define AddDepends/ebtables
758 SUBMENU:=$(NF_MENU)
759 DEPENDS+=kmod-ebtables $(1)
760 endef
761
762
763 define KernelPackage/ebtables-ipv4
764 TITLE:=ebtables: IPv4 support
765 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
766 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
767 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
768 $(call AddDepends/ebtables)
769 endef
770
771 define KernelPackage/ebtables-ipv4/description
772 This option adds the IPv4 support to ebtables, which allows basic
773 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
774 endef
775
776 $(eval $(call KernelPackage,ebtables-ipv4))
777
778
779 define KernelPackage/ebtables-ipv6
780 TITLE:=ebtables: IPv6 support
781 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
782 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
783 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
784 $(call AddDepends/ebtables)
785 endef
786
787 define KernelPackage/ebtables-ipv6/description
788 This option adds the IPv6 support to ebtables, which allows basic
789 IPv6 header field filtering and target support.
790 endef
791
792 $(eval $(call KernelPackage,ebtables-ipv6))
793
794
795 define KernelPackage/ebtables-watchers
796 TITLE:=ebtables: watchers support
797 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
798 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
799 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
800 $(call AddDepends/ebtables)
801 endef
802
803 define KernelPackage/ebtables-watchers/description
804 This option adds the log watchers, that you can use in any rule
805 in any ebtables table.
806 endef
807
808 $(eval $(call KernelPackage,ebtables-watchers))
809
810
811 define KernelPackage/nfnetlink
812 SUBMENU:=$(NF_MENU)
813 TITLE:=Netlink-based userspace interface
814 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
815 KCONFIG:=$(KCONFIG_NFNETLINK)
816 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
817 endef
818
819 define KernelPackage/nfnetlink/description
820 Kernel modules support for a netlink-based userspace interface
821 endef
822
823 $(eval $(call KernelPackage,nfnetlink))
824
825
826 define AddDepends/nfnetlink
827 SUBMENU:=$(NF_MENU)
828 DEPENDS+=+kmod-nfnetlink $(1)
829 endef
830
831
832 define KernelPackage/nfnetlink-log
833 TITLE:=Netfilter LOG over NFNETLINK interface
834 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
835 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
836 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
837 $(call AddDepends/nfnetlink)
838 endef
839
840 define KernelPackage/nfnetlink-log/description
841 Kernel modules support for logging packets via NFNETLINK
842 Includes:
843 - NFLOG
844 endef
845
846 $(eval $(call KernelPackage,nfnetlink-log))
847
848
849 define KernelPackage/nfnetlink-queue
850 TITLE:=Netfilter QUEUE over NFNETLINK interface
851 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
852 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
853 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
854 $(call AddDepends/nfnetlink)
855 endef
856
857 define KernelPackage/nfnetlink-queue/description
858 Kernel modules support for queueing packets via NFNETLINK
859 Includes:
860 - NFQUEUE
861 endef
862
863 $(eval $(call KernelPackage,nfnetlink-queue))
864
865
866 define KernelPackage/nf-conntrack-netlink
867 TITLE:=Connection tracking netlink interface
868 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
869 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
870 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
871 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
872 endef
873
874 define KernelPackage/nf-conntrack-netlink/description
875 Kernel modules support for a netlink-based connection tracking
876 userspace interface
877 endef
878
879 $(eval $(call KernelPackage,nf-conntrack-netlink))
880
881 define KernelPackage/ipt-hashlimit
882 SUBMENU:=$(NF_MENU)
883 TITLE:=Netfilter hashlimit match
884 DEPENDS:=+kmod-ipt-core
885 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
886 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
887 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
888 $(call KernelPackage/ipt)
889 endef
890
891 define KernelPackage/ipt-hashlimit/description
892 Kernel modules support for the hashlimit bucket match module
893 endef
894
895 $(eval $(call KernelPackage,ipt-hashlimit))
896
897 define KernelPackage/ipt-rpfilter
898 SUBMENU:=$(NF_MENU)
899 TITLE:=Netfilter rpfilter match
900 DEPENDS:=+kmod-ipt-core
901 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
902 FILES:=$(realpath \
903 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
904 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
905 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
906 $(call KernelPackage/ipt)
907 endef
908
909 define KernelPackage/ipt-rpfilter/description
910 Kernel modules support for the Netfilter rpfilter match
911 endef
912
913 $(eval $(call KernelPackage,ipt-rpfilter))
914
915
916 define KernelPackage/nft-core
917 SUBMENU:=$(NF_MENU)
918 TITLE:=Netfilter nf_tables support
919 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
920 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
921 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
922 KCONFIG:= \
923 CONFIG_NFT_COMPAT=n \
924 CONFIG_NFT_QUEUE=n \
925 $(KCONFIG_NFT_CORE)
926 endef
927
928 define KernelPackage/nft-core/description
929 Kernel module support for nftables
930 endef
931
932 $(eval $(call KernelPackage,nft-core))
933
934
935 define KernelPackage/nft-arp
936 SUBMENU:=$(NF_MENU)
937 TITLE:=Netfilter nf_tables ARP table support
938 DEPENDS:=+kmod-nft-core
939 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
940 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
941 KCONFIG:=$(KCONFIG_NFT_ARP)
942 endef
943
944 $(eval $(call KernelPackage,nft-arp))
945
946
947 define KernelPackage/nft-bridge
948 SUBMENU:=$(NF_MENU)
949 TITLE:=Netfilter nf_tables bridge table support
950 DEPENDS:=+kmod-nft-core
951 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
952 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
953 KCONFIG:= \
954 CONFIG_NF_LOG_BRIDGE=n \
955 $(KCONFIG_NFT_BRIDGE)
956 endef
957
958 $(eval $(call KernelPackage,nft-bridge))
959
960
961 define KernelPackage/nft-nat
962 SUBMENU:=$(NF_MENU)
963 TITLE:=Netfilter nf_tables NAT support
964 DEPENDS:=+kmod-nft-core +kmod-nf-nat
965 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
966 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
967 KCONFIG:=$(KCONFIG_NFT_NAT)
968 endef
969
970 $(eval $(call KernelPackage,nft-nat))
971
972
973 define KernelPackage/nft-nat6
974 SUBMENU:=$(NF_MENU)
975 TITLE:=Netfilter nf_tables IPv6-NAT support
976 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
977 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
978 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
979 KCONFIG:=$(KCONFIG_NFT_NAT6)
980 endef
981
982 $(eval $(call KernelPackage,nft-nat6))
OpenWrt Source Repository