projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: kmod-nft-nat6: Remove package
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-log
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter Logging
127 KCONFIG:=$(KCONFIG_NF_LOG)
128 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-log))
133
134
135 define KernelPackage/nf-log6
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter IPV6 Logging
138 KCONFIG:=$(KCONFIG_NF_LOG6)
139 DEPENDS:=@IPV6 +kmod-nf-log
140 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
141 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
142 endef
143
144 $(eval $(call KernelPackage,nf-log6))
145
146
147 define KernelPackage/nf-nat
148 SUBMENU:=$(NF_MENU)
149 TITLE:=Netfilter NAT
150 KCONFIG:=$(KCONFIG_NF_NAT)
151 DEPENDS:=+kmod-nf-conntrack
152 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
154 endef
155
156 $(eval $(call KernelPackage,nf-nat))
157
158
159 define KernelPackage/nf-nat6
160 SUBMENU:=$(NF_MENU)
161 TITLE:=Netfilter IPV6-NAT
162 KCONFIG:=$(KCONFIG_NF_NAT6)
163 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
164 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
166 endef
167
168 $(eval $(call KernelPackage,nf-nat6))
169
170
171 define KernelPackage/nf-flow
172 SUBMENU:=$(NF_MENU)
173 TITLE:=Netfilter flowtable support
174 KCONFIG:= \
175 CONFIG_NETFILTER_INGRESS=y \
176 CONFIG_NF_FLOW_TABLE \
177 CONFIG_NF_FLOW_TABLE_HW
178 DEPENDS:=+kmod-nf-conntrack
179 FILES:= \
180 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
181 $(if $(CONFIG_LINUX_5_4),$(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko)
182 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
183 endef
184
185 $(eval $(call KernelPackage,nf-flow))
186
187
188 define KernelPackage/nf-socket
189 SUBMENU:=$(NF_MENU)
190 TITLE:=Netfilter socket lookup support
191 KCONFIG:= $(KCOFNIG_NF_SOCKET)
192 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
193 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
194 endef
195
196 $(eval $(call KernelPackage,nf-socket))
197
198
199 define KernelPackage/nf-tproxy
200 SUBMENU:=$(NF_MENU)
201 TITLE:=Netfilter tproxy support
202 KCONFIG:= $(KCOFNIG_NF_TPROXY)
203 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
204 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
205 endef
206
207 $(eval $(call KernelPackage,nf-tproxy))
208
209
210 define AddDepends/ipt
211 SUBMENU:=$(NF_MENU)
212 DEPENDS+= +kmod-ipt-core $(1)
213 endef
214
215
216 define KernelPackage/ipt-conntrack
217 TITLE:=Basic connection tracking modules
218 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
219 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
220 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
221 $(call AddDepends/ipt,+kmod-nf-conntrack)
222 endef
223
224 define KernelPackage/ipt-conntrack/description
225 Netfilter (IPv4) kernel modules for connection tracking
226 Includes:
227 - conntrack
228 - defrag
229 - iptables_raw
230 - NOTRACK
231 - state
232 endef
233
234 $(eval $(call KernelPackage,ipt-conntrack))
235
236
237 define KernelPackage/ipt-conntrack-extra
238 TITLE:=Extra connection tracking modules
239 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
240 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
241 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
242 $(call AddDepends/ipt,+kmod-ipt-conntrack)
243 endef
244
245 define KernelPackage/ipt-conntrack-extra/description
246 Netfilter (IPv4) extra kernel modules for connection tracking
247 Includes:
248 - connbytes
249 - connmark/CONNMARK
250 - conntrack
251 - helper
252 - recent
253 endef
254
255 $(eval $(call KernelPackage,ipt-conntrack-extra))
256
257 define KernelPackage/ipt-conntrack-label
258 TITLE:=Module for handling connection tracking labels
259 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
260 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
262 $(call AddDepends/ipt,+kmod-ipt-conntrack)
263 endef
264
265 define KernelPackage/ipt-conntrack-label/description
266 Netfilter (IPv4) module for handling connection tracking labels
267 Includes:
268 - connlabel
269 endef
270
271 $(eval $(call KernelPackage,ipt-conntrack-label))
272
273 define KernelPackage/ipt-filter
274 TITLE:=Modules for packet content inspection
275 KCONFIG:=$(KCONFIG_IPT_FILTER)
276 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
277 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
278 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
279 endef
280
281 define KernelPackage/ipt-filter/description
282 Netfilter (IPv4) kernel modules for packet content inspection
283 Includes:
284 - string
285 - bpf
286 endef
287
288 $(eval $(call KernelPackage,ipt-filter))
289
290
291 define KernelPackage/ipt-offload
292 TITLE:=Netfilter routing/NAT offload support
293 KCONFIG:=$(KCONFIG_IPT_FLOW)
294 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
295 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
296 $(call AddDepends/ipt,+kmod-nf-flow)
297 endef
298
299 $(eval $(call KernelPackage,ipt-offload))
300
301
302 define KernelPackage/ipt-ipopt
303 TITLE:=Modules for matching/changing IP packet options
304 KCONFIG:=$(KCONFIG_IPT_IPOPT)
305 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
306 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
307 $(call AddDepends/ipt)
308 endef
309
310 define KernelPackage/ipt-ipopt/description
311 Netfilter (IPv4) modules for matching/changing IP packet options
312 Includes:
313 - CLASSIFY
314 - dscp/DSCP
315 - ecn/ECN
316 - hl/HL
317 - length
318 - mark/MARK
319 - statistic
320 - tcpmss
321 - time
322 - ttl/TTL
323 - unclean
324 endef
325
326 $(eval $(call KernelPackage,ipt-ipopt))
327
328
329 define KernelPackage/ipt-ipsec
330 TITLE:=Modules for matching IPSec packets
331 KCONFIG:=$(KCONFIG_IPT_IPSEC)
332 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
333 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
334 $(call AddDepends/ipt)
335 endef
336
337 define KernelPackage/ipt-ipsec/description
338 Netfilter (IPv4) modules for matching IPSec packets
339 Includes:
340 - ah
341 - esp
342 - policy
343 endef
344
345 $(eval $(call KernelPackage,ipt-ipsec))
346
347 IPSET_MODULES:= \
348 ipset/ip_set \
349 ipset/ip_set_bitmap_ip \
350 ipset/ip_set_bitmap_ipmac \
351 ipset/ip_set_bitmap_port \
352 ipset/ip_set_hash_ip \
353 ipset/ip_set_hash_ipmac \
354 ipset/ip_set_hash_ipmark \
355 ipset/ip_set_hash_ipport \
356 ipset/ip_set_hash_ipportip \
357 ipset/ip_set_hash_ipportnet \
358 ipset/ip_set_hash_mac \
359 ipset/ip_set_hash_netportnet \
360 ipset/ip_set_hash_net \
361 ipset/ip_set_hash_netnet \
362 ipset/ip_set_hash_netport \
363 ipset/ip_set_hash_netiface \
364 ipset/ip_set_list_set \
365 xt_set
366
367 define KernelPackage/ipt-ipset
368 SUBMENU:=Netfilter Extensions
369 TITLE:=IPset netfilter modules
370 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
371 KCONFIG:= \
372 CONFIG_IP_SET \
373 CONFIG_IP_SET_MAX=256 \
374 CONFIG_NETFILTER_XT_SET \
375 CONFIG_IP_SET_BITMAP_IP \
376 CONFIG_IP_SET_BITMAP_IPMAC \
377 CONFIG_IP_SET_BITMAP_PORT \
378 CONFIG_IP_SET_HASH_IP \
379 CONFIG_IP_SET_HASH_IPMAC \
380 CONFIG_IP_SET_HASH_IPMARK \
381 CONFIG_IP_SET_HASH_IPPORT \
382 CONFIG_IP_SET_HASH_IPPORTIP \
383 CONFIG_IP_SET_HASH_IPPORTNET \
384 CONFIG_IP_SET_HASH_MAC \
385 CONFIG_IP_SET_HASH_NET \
386 CONFIG_IP_SET_HASH_NETNET \
387 CONFIG_IP_SET_HASH_NETIFACE \
388 CONFIG_IP_SET_HASH_NETPORT \
389 CONFIG_IP_SET_HASH_NETPORTNET \
390 CONFIG_IP_SET_LIST_SET \
391 CONFIG_NET_EMATCH_IPSET=n
392 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
393 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
394 endef
395 $(eval $(call KernelPackage,ipt-ipset))
396
397
398 IPVS_MODULES:= \
399 ipvs/ip_vs \
400 ipvs/ip_vs_lc \
401 ipvs/ip_vs_wlc \
402 ipvs/ip_vs_rr \
403 ipvs/ip_vs_wrr \
404 ipvs/ip_vs_lblc \
405 ipvs/ip_vs_lblcr \
406 ipvs/ip_vs_dh \
407 ipvs/ip_vs_sh \
408 ipvs/ip_vs_fo \
409 ipvs/ip_vs_ovf \
410 ipvs/ip_vs_nq \
411 ipvs/ip_vs_sed \
412 xt_ipvs
413
414 define KernelPackage/nf-ipvs
415 SUBMENU:=Netfilter Extensions
416 TITLE:=IP Virtual Server modules
417 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
418 KCONFIG:= \
419 CONFIG_IP_VS \
420 CONFIG_IP_VS_IPV6=y \
421 CONFIG_IP_VS_DEBUG=n \
422 CONFIG_IP_VS_PROTO_TCP=y \
423 CONFIG_IP_VS_PROTO_UDP=y \
424 CONFIG_IP_VS_PROTO_AH_ESP=y \
425 CONFIG_IP_VS_PROTO_ESP=y \
426 CONFIG_IP_VS_PROTO_AH=y \
427 CONFIG_IP_VS_PROTO_SCTP=y \
428 CONFIG_IP_VS_TAB_BITS=12 \
429 CONFIG_IP_VS_RR \
430 CONFIG_IP_VS_WRR \
431 CONFIG_IP_VS_LC \
432 CONFIG_IP_VS_WLC \
433 CONFIG_IP_VS_FO \
434 CONFIG_IP_VS_OVF \
435 CONFIG_IP_VS_LBLC \
436 CONFIG_IP_VS_LBLCR \
437 CONFIG_IP_VS_DH \
438 CONFIG_IP_VS_SH \
439 CONFIG_IP_VS_SED \
440 CONFIG_IP_VS_NQ \
441 CONFIG_IP_VS_SH_TAB_BITS=8 \
442 CONFIG_IP_VS_NFCT=y \
443 CONFIG_NETFILTER_XT_MATCH_IPVS
444 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
445 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
446 endef
447
448 define KernelPackage/nf-ipvs/description
449 IPVS (IP Virtual Server) implements transport-layer load balancing inside
450 the Linux kernel so called Layer-4 switching.
451 endef
452
453 $(eval $(call KernelPackage,nf-ipvs))
454
455
456 define KernelPackage/nf-ipvs-ftp
457 SUBMENU:=$(NF_MENU)
458 TITLE:=Virtual Server FTP protocol support
459 KCONFIG:=CONFIG_IP_VS_FTP
460 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
461 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
462 endef
463
464 define KernelPackage/nf-ipvs-ftp/description
465 In the virtual server via Network Address Translation,
466 the IP address and port number of real servers cannot be sent to
467 clients in ftp connections directly, so FTP protocol helper is
468 required for tracking the connection and mangling it back to that of
469 virtual service.
470 endef
471
472 $(eval $(call KernelPackage,nf-ipvs-ftp))
473
474
475 define KernelPackage/nf-ipvs-sip
476 SUBMENU:=$(NF_MENU)
477 TITLE:=Virtual Server SIP protocol support
478 KCONFIG:=CONFIG_IP_VS_PE_SIP
479 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
480 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
481 endef
482
483 define KernelPackage/nf-ipvs-sip/description
484 Allow persistence based on the SIP Call-ID
485 endef
486
487 $(eval $(call KernelPackage,nf-ipvs-sip))
488
489
490 define KernelPackage/ipt-nat
491 TITLE:=Basic NAT targets
492 KCONFIG:=$(KCONFIG_IPT_NAT)
493 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
494 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
495 $(call AddDepends/ipt,+kmod-nf-nat)
496 endef
497
498 define KernelPackage/ipt-nat/description
499 Netfilter (IPv4) kernel modules for basic NAT targets
500 Includes:
501 - MASQUERADE
502 endef
503
504 $(eval $(call KernelPackage,ipt-nat))
505
506
507 define KernelPackage/ipt-raw
508 TITLE:=Netfilter IPv4 raw table support
509 KCONFIG:=CONFIG_IP_NF_RAW
510 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
511 AUTOLOAD:=$(call AutoProbe,iptable_raw)
512 $(call AddDepends/ipt)
513 endef
514
515 $(eval $(call KernelPackage,ipt-raw))
516
517
518 define KernelPackage/ipt-raw6
519 TITLE:=Netfilter IPv6 raw table support
520 DEPENDS:=@IPV6
521 KCONFIG:=CONFIG_IP6_NF_RAW
522 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
523 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
524 $(call AddDepends/ipt,+kmod-ip6tables)
525 endef
526
527 $(eval $(call KernelPackage,ipt-raw6))
528
529
530 define KernelPackage/ipt-nat6
531 TITLE:=IPv6 NAT targets
532 DEPENDS:=@IPV6
533 KCONFIG:=$(KCONFIG_IPT_NAT6)
534 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
535 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
536 $(call AddDepends/ipt,+kmod-nf-nat6)
537 $(call AddDepends/ipt,+kmod-ipt-conntrack)
538 $(call AddDepends/ipt,+kmod-ipt-nat)
539 $(call AddDepends/ipt,+kmod-ip6tables)
540 endef
541
542 define KernelPackage/ipt-nat6/description
543 Netfilter (IPv6) kernel modules for NAT targets
544 endef
545
546 $(eval $(call KernelPackage,ipt-nat6))
547
548
549 define KernelPackage/ipt-nat-extra
550 TITLE:=Extra NAT targets
551 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
552 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
553 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
554 $(call AddDepends/ipt,+kmod-ipt-nat)
555 endef
556
557 define KernelPackage/ipt-nat-extra/description
558 Netfilter (IPv4) kernel modules for extra NAT targets
559 Includes:
560 - NETMAP
561 - REDIRECT
562 endef
563
564 $(eval $(call KernelPackage,ipt-nat-extra))
565
566
567 define KernelPackage/nf-nathelper
568 SUBMENU:=$(NF_MENU)
569 TITLE:=Basic Conntrack and NAT helpers
570 KCONFIG:=$(KCONFIG_NF_NATHELPER)
571 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
572 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
573 DEPENDS:=+kmod-nf-nat
574 endef
575
576 define KernelPackage/nf-nathelper/description
577 Default Netfilter (IPv4) Conntrack and NAT helpers
578 Includes:
579 - ftp
580 endef
581
582 $(eval $(call KernelPackage,nf-nathelper))
583
584
585 define KernelPackage/nf-nathelper-extra
586 SUBMENU:=$(NF_MENU)
587 TITLE:=Extra Conntrack and NAT helpers
588 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
589 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
590 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
591 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
592 endef
593
594 define KernelPackage/nf-nathelper-extra/description
595 Extra Netfilter (IPv4) Conntrack and NAT helpers
596 Includes:
597 - amanda
598 - h323
599 - irc
600 - mms
601 - pptp
602 - proto_gre
603 - sip
604 - snmp_basic
605 - tftp
606 - broadcast
607 endef
608
609 $(eval $(call KernelPackage,nf-nathelper-extra))
610
611
612 define KernelPackage/ipt-ulog
613 TITLE:=Module for user-space packet logging
614 KCONFIG:=$(KCONFIG_IPT_ULOG)
615 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
616 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
617 $(call AddDepends/ipt)
618 endef
619
620 define KernelPackage/ipt-ulog/description
621 Netfilter (IPv4) module for user-space packet logging
622 Includes:
623 - ULOG
624 endef
625
626 $(eval $(call KernelPackage,ipt-ulog))
627
628
629 define KernelPackage/ipt-nflog
630 TITLE:=Module for user-space packet logging
631 KCONFIG:=$(KCONFIG_IPT_NFLOG)
632 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
633 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
634 $(call AddDepends/ipt,+kmod-nfnetlink-log)
635 endef
636
637 define KernelPackage/ipt-nflog/description
638 Netfilter module for user-space packet logging
639 Includes:
640 - NFLOG
641 endef
642
643 $(eval $(call KernelPackage,ipt-nflog))
644
645
646 define KernelPackage/ipt-nfqueue
647 TITLE:=Module for user-space packet queuing
648 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
649 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
650 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
651 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
652 endef
653
654 define KernelPackage/ipt-nfqueue/description
655 Netfilter module for user-space packet queuing
656 Includes:
657 - NFQUEUE
658 endef
659
660 $(eval $(call KernelPackage,ipt-nfqueue))
661
662
663 define KernelPackage/ipt-debug
664 TITLE:=Module for debugging/development
665 KCONFIG:=$(KCONFIG_IPT_DEBUG)
666 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
667 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
668 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
669 endef
670
671 define KernelPackage/ipt-debug/description
672 Netfilter modules for debugging/development of the firewall
673 Includes:
674 - TRACE
675 endef
676
677 $(eval $(call KernelPackage,ipt-debug))
678
679
680 define KernelPackage/ipt-led
681 TITLE:=Module to trigger a LED with a Netfilter rule
682 KCONFIG:=$(KCONFIG_IPT_LED)
683 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
684 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
685 $(call AddDepends/ipt)
686 endef
687
688 define KernelPackage/ipt-led/description
689 Netfilter target to trigger a LED when a network packet is matched.
690 endef
691
692 $(eval $(call KernelPackage,ipt-led))
693
694 define KernelPackage/ipt-socket
695 TITLE:=Iptables socket matching support
696 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
697 KCONFIG:=$(KCONFIG_IPT_SOCKET)
698 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
699 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
700 $(call AddDepends/ipt)
701 endef
702
703 define KernelPackage/ipt-socket/description
704 Kernel modules for socket matching
705 endef
706
707 $(eval $(call KernelPackage,ipt-socket))
708
709 define KernelPackage/ipt-tproxy
710 TITLE:=Transparent proxying support
711 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
712 KCONFIG:=$(KCONFIG_IPT_TPROXY)
713 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
714 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
715 $(call AddDepends/ipt)
716 endef
717
718 define KernelPackage/ipt-tproxy/description
719 Kernel modules for Transparent Proxying
720 endef
721
722 $(eval $(call KernelPackage,ipt-tproxy))
723
724 define KernelPackage/ipt-tee
725 TITLE:=TEE support
726 DEPENDS:=+kmod-ipt-conntrack
727 KCONFIG:=$(KCONFIG_IPT_TEE)
728 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
729 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
730 $(call AddDepends/ipt)
731 endef
732
733 define KernelPackage/ipt-tee/description
734 Kernel modules for TEE
735 endef
736
737 $(eval $(call KernelPackage,ipt-tee))
738
739
740 define KernelPackage/ipt-u32
741 TITLE:=U32 support
742 KCONFIG:=$(KCONFIG_IPT_U32)
743 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
744 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
745 $(call AddDepends/ipt)
746 endef
747
748 define KernelPackage/ipt-u32/description
749 Kernel modules for U32
750 endef
751
752 $(eval $(call KernelPackage,ipt-u32))
753
754 define KernelPackage/ipt-checksum
755 TITLE:=CHECKSUM support
756 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
757 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
758 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
759 $(call AddDepends/ipt)
760 endef
761
762 define KernelPackage/ipt-checksum/description
763 Kernel modules for CHECKSUM fillin target
764 endef
765
766 $(eval $(call KernelPackage,ipt-checksum))
767
768
769 define KernelPackage/ipt-iprange
770 TITLE:=Module for matching ip ranges
771 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
772 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
773 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
774 $(call AddDepends/ipt)
775 endef
776
777 define KernelPackage/ipt-iprange/description
778 Netfilter (IPv4) module for matching ip ranges
779 Includes:
780 - iprange
781 endef
782
783 $(eval $(call KernelPackage,ipt-iprange))
784
785 define KernelPackage/ipt-cluster
786 TITLE:=Module for matching cluster
787 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
788 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
789 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
790 $(call AddDepends/ipt,+kmod-nf-conntrack)
791 endef
792
793 define KernelPackage/ipt-cluster/description
794 Netfilter (IPv4/IPv6) module for matching cluster
795 This option allows you to build work-load-sharing clusters of
796 network servers/stateful firewalls without having a dedicated
797 load-balancing router/server/switch. Basically, this match returns
798 true when the packet must be handled by this cluster node. Thus,
799 all nodes see all packets and this match decides which node handles
800 what packets. The work-load sharing algorithm is based on source
801 address hashing.
802
803 This module is usable for ipv4 and ipv6.
804
805 To use it also enable iptables-mod-cluster
806
807 see `iptables -m cluster --help` for more information.
808 endef
809
810 $(eval $(call KernelPackage,ipt-cluster))
811
812 define KernelPackage/ipt-clusterip
813 TITLE:=Module for CLUSTERIP
814 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
815 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
816 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
817 $(call AddDepends/ipt,+kmod-nf-conntrack)
818 endef
819
820 define KernelPackage/ipt-clusterip/description
821 Netfilter (IPv4-only) module for CLUSTERIP
822 The CLUSTERIP target allows you to build load-balancing clusters of
823 network servers without having a dedicated load-balancing
824 router/server/switch.
825
826 To use it also enable iptables-mod-clusterip
827
828 see `iptables -j CLUSTERIP --help` for more information.
829 endef
830
831 $(eval $(call KernelPackage,ipt-clusterip))
832
833
834 define KernelPackage/ipt-extra
835 TITLE:=Extra modules
836 KCONFIG:=$(KCONFIG_IPT_EXTRA)
837 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
838 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
839 $(call AddDepends/ipt)
840 endef
841
842 define KernelPackage/ipt-extra/description
843 Other Netfilter (IPv4) kernel modules
844 Includes:
845 - addrtype
846 - owner
847 - pkttype
848 - quota
849 endef
850
851 $(eval $(call KernelPackage,ipt-extra))
852
853
854 define KernelPackage/ipt-physdev
855 TITLE:=physdev module
856 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
857 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
858 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
859 $(call AddDepends/ipt,+kmod-br-netfilter)
860 endef
861
862 define KernelPackage/ipt-physdev/description
863 The iptables physdev kernel module
864 endef
865
866 $(eval $(call KernelPackage,ipt-physdev))
867
868
869 define KernelPackage/ip6tables
870 SUBMENU:=$(NF_MENU)
871 TITLE:=IPv6 modules
872 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
873 KCONFIG:=$(KCONFIG_IPT_IPV6)
874 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
875 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
876 endef
877
878 define KernelPackage/ip6tables/description
879 Netfilter IPv6 firewalling support
880 endef
881
882 $(eval $(call KernelPackage,ip6tables))
883
884 define KernelPackage/ip6tables-extra
885 SUBMENU:=$(NF_MENU)
886 TITLE:=Extra IPv6 modules
887 DEPENDS:=@IPV6 +kmod-ip6tables
888 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
889 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
890 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
891 endef
892
893 define KernelPackage/ip6tables-extra/description
894 Netfilter IPv6 extra header matching modules
895 endef
896
897 $(eval $(call KernelPackage,ip6tables-extra))
898
899 ARP_MODULES = arp_tables arpt_mangle arptable_filter
900 define KernelPackage/arptables
901 SUBMENU:=$(NF_MENU)
902 TITLE:=ARP firewalling modules
903 DEPENDS:=+kmod-ipt-core
904 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
905 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
906 CONFIG_IP_NF_ARPFILTER \
907 CONFIG_IP_NF_ARP_MANGLE
908 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
909 endef
910
911 define KernelPackage/arptables/description
912 Kernel modules for ARP firewalling
913 endef
914
915 $(eval $(call KernelPackage,arptables))
916
917
918 define KernelPackage/br-netfilter
919 SUBMENU:=$(NF_MENU)
920 TITLE:=Bridge netfilter support modules
921 DEPENDS:=+kmod-ipt-core
922 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
923 KCONFIG:=CONFIG_BRIDGE_NETFILTER
924 AUTOLOAD:=$(call AutoProbe,br_netfilter)
925 endef
926
927 define KernelPackage/br-netfilter/install
928 $(INSTALL_DIR) $(1)/etc/sysctl.d
929 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
930 endef
931
932 $(eval $(call KernelPackage,br-netfilter))
933
934
935 define KernelPackage/ebtables
936 SUBMENU:=$(NF_MENU)
937 TITLE:=Bridge firewalling modules
938 DEPENDS:=+kmod-ipt-core
939 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
940 KCONFIG:=$(KCONFIG_EBTABLES)
941 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
942 endef
943
944 define KernelPackage/ebtables/description
945 ebtables is a general, extensible frame/packet identification
946 framework. It provides you to do Ethernet
947 filtering/NAT/brouting on the Ethernet bridge.
948 endef
949
950 $(eval $(call KernelPackage,ebtables))
951
952
953 define AddDepends/ebtables
954 SUBMENU:=$(NF_MENU)
955 DEPENDS+= +kmod-ebtables $(1)
956 endef
957
958
959 define KernelPackage/ebtables-ipv4
960 TITLE:=ebtables: IPv4 support
961 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
962 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
963 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
964 $(call AddDepends/ebtables)
965 endef
966
967 define KernelPackage/ebtables-ipv4/description
968 This option adds the IPv4 support to ebtables, which allows basic
969 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
970 endef
971
972 $(eval $(call KernelPackage,ebtables-ipv4))
973
974
975 define KernelPackage/ebtables-ipv6
976 TITLE:=ebtables: IPv6 support
977 DEPENDS:=@IPV6
978 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
979 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
980 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
981 $(call AddDepends/ebtables)
982 endef
983
984 define KernelPackage/ebtables-ipv6/description
985 This option adds the IPv6 support to ebtables, which allows basic
986 IPv6 header field filtering and target support.
987 endef
988
989 $(eval $(call KernelPackage,ebtables-ipv6))
990
991
992 define KernelPackage/ebtables-watchers
993 TITLE:=ebtables: watchers support
994 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
995 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
996 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
997 $(call AddDepends/ebtables)
998 endef
999
1000 define KernelPackage/ebtables-watchers/description
1001 This option adds the log watchers, that you can use in any rule
1002 in any ebtables table.
1003 endef
1004
1005 $(eval $(call KernelPackage,ebtables-watchers))
1006
1007
1008 define KernelPackage/nfnetlink
1009 SUBMENU:=$(NF_MENU)
1010 TITLE:=Netlink-based userspace interface
1011 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
1012 KCONFIG:=$(KCONFIG_NFNETLINK)
1013 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
1014 endef
1015
1016 define KernelPackage/nfnetlink/description
1017 Kernel modules support for a netlink-based userspace interface
1018 endef
1019
1020 $(eval $(call KernelPackage,nfnetlink))
1021
1022
1023 define AddDepends/nfnetlink
1024 SUBMENU:=$(NF_MENU)
1025 DEPENDS+=+kmod-nfnetlink $(1)
1026 endef
1027
1028
1029 define KernelPackage/nfnetlink-log
1030 TITLE:=Netfilter LOG over NFNETLINK interface
1031 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1032 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1033 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1034 $(call AddDepends/nfnetlink)
1035 endef
1036
1037 define KernelPackage/nfnetlink-log/description
1038 Kernel modules support for logging packets via NFNETLINK
1039 Includes:
1040 - NFLOG
1041 endef
1042
1043 $(eval $(call KernelPackage,nfnetlink-log))
1044
1045
1046 define KernelPackage/nfnetlink-queue
1047 TITLE:=Netfilter QUEUE over NFNETLINK interface
1048 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1049 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1050 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1051 $(call AddDepends/nfnetlink)
1052 endef
1053
1054 define KernelPackage/nfnetlink-queue/description
1055 Kernel modules support for queueing packets via NFNETLINK
1056 Includes:
1057 - NFQUEUE
1058 endef
1059
1060 $(eval $(call KernelPackage,nfnetlink-queue))
1061
1062
1063 define KernelPackage/nf-conntrack-netlink
1064 TITLE:=Connection tracking netlink interface
1065 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1066 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1067 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1068 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1069 endef
1070
1071 define KernelPackage/nf-conntrack-netlink/description
1072 Kernel modules support for a netlink-based connection tracking
1073 userspace interface
1074 endef
1075
1076 $(eval $(call KernelPackage,nf-conntrack-netlink))
1077
1078 define KernelPackage/ipt-hashlimit
1079 SUBMENU:=$(NF_MENU)
1080 TITLE:=Netfilter hashlimit match
1081 DEPENDS:=+kmod-ipt-core
1082 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1083 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1084 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1085 $(call KernelPackage/ipt)
1086 endef
1087
1088 define KernelPackage/ipt-hashlimit/description
1089 Kernel modules support for the hashlimit bucket match module
1090 endef
1091
1092 $(eval $(call KernelPackage,ipt-hashlimit))
1093
1094 define KernelPackage/ipt-rpfilter
1095 SUBMENU:=$(NF_MENU)
1096 TITLE:=Netfilter rpfilter match
1097 DEPENDS:=+kmod-ipt-core
1098 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1099 FILES:=$(realpath \
1100 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1101 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1102 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1103 $(call KernelPackage/ipt)
1104 endef
1105
1106 define KernelPackage/ipt-rpfilter/description
1107 Kernel modules support for the Netfilter rpfilter match
1108 endef
1109
1110 $(eval $(call KernelPackage,ipt-rpfilter))
1111
1112
1113 define KernelPackage/nft-core
1114 SUBMENU:=$(NF_MENU)
1115 TITLE:=Netfilter nf_tables support
1116 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1117 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1119 KCONFIG:= \
1120 CONFIG_NFT_COMPAT=n \
1121 CONFIG_NFT_QUEUE=n \
1122 $(KCONFIG_NFT_CORE)
1123 endef
1124
1125 define KernelPackage/nft-core/description
1126 Kernel module support for nftables
1127 endef
1128
1129 $(eval $(call KernelPackage,nft-core))
1130
1131
1132 define KernelPackage/nft-arp
1133 SUBMENU:=$(NF_MENU)
1134 TITLE:=Netfilter nf_tables ARP table support
1135 DEPENDS:=+kmod-nft-core
1136 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1137 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1138 KCONFIG:=$(KCONFIG_NFT_ARP)
1139 endef
1140
1141 $(eval $(call KernelPackage,nft-arp))
1142
1143
1144 define KernelPackage/nft-bridge
1145 SUBMENU:=$(NF_MENU)
1146 TITLE:=Netfilter nf_tables bridge table support
1147 DEPENDS:=+kmod-nft-core
1148 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1149 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1150 KCONFIG:= \
1151 CONFIG_NF_LOG_BRIDGE=n \
1152 $(KCONFIG_NFT_BRIDGE)
1153 endef
1154
1155 $(eval $(call KernelPackage,nft-bridge))
1156
1157
1158 define KernelPackage/nft-nat
1159 SUBMENU:=$(NF_MENU)
1160 TITLE:=Netfilter nf_tables NAT support
1161 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1162 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1163 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1164 KCONFIG:=$(KCONFIG_NFT_NAT)
1165 endef
1166
1167 $(eval $(call KernelPackage,nft-nat))
1168
1169
1170 define KernelPackage/nft-offload
1171 SUBMENU:=$(NF_MENU)
1172 TITLE:=Netfilter nf_tables routing/NAT offload support
1173 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1174 KCONFIG:= \
1175 CONFIG_NF_FLOW_TABLE_INET \
1176 CONFIG_NF_FLOW_TABLE_IPV4 \
1177 CONFIG_NF_FLOW_TABLE_IPV6 \
1178 CONFIG_NFT_FLOW_OFFLOAD
1179 FILES:= \
1180 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1181 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1182 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1183 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1184 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1185 endef
1186
1187 $(eval $(call KernelPackage,nft-offload))
1188
1189
1190 define KernelPackage/nft-netdev
1191 SUBMENU:=$(NF_MENU)
1192 TITLE:=Netfilter nf_tables netdev support
1193 DEPENDS:=+kmod-nft-core
1194 KCONFIG:= \
1195 CONFIG_NETFILTER_INGRESS=y \
1196 CONFIG_NF_TABLES_NETDEV \
1197 CONFIG_NF_DUP_NETDEV \
1198 CONFIG_NFT_DUP_NETDEV \
1199 CONFIG_NFT_FWD_NETDEV
1200 FILES:= \
1201 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1202 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1203 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1204 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1205 endef
1206
1207 $(eval $(call KernelPackage,nft-netdev))
1208
1209
1210 define KernelPackage/nft-fib
1211 SUBMENU:=$(NF_MENU)
1212 TITLE:=Netfilter nf_tables fib support
1213 DEPENDS:=+kmod-nft-core
1214 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1215 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1216 KCONFIG:=$(KCONFIG_NFT_FIB)
1217 endef
1218
1219 $(eval $(call KernelPackage,nft-fib))
1220
1221
1222 define KernelPackage/nft-queue
1223 SUBMENU:=$(NF_MENU)
1224 TITLE:=Netfilter nf_tables queue support
1225 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1226 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1227 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1228 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1229 endef
1230
1231 $(eval $(call KernelPackage,nft-queue))
1232
1233 define KernelPackage/nft-socket
1234 SUBMENU:=$(NF_MENU)
1235 TITLE:=Netfilter nf_tables socket support
1236 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1237 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1238 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1239 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1240 endef
1241
1242 $(eval $(call KernelPackage,nft-socket))
1243
1244 define KernelPackage/nft-tproxy
1245 SUBMENU:=$(NF_MENU)
1246 TITLE:=Netfilter nf_tables tproxy support
1247 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1248 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1249 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1250 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1251 endef
1252
1253 $(eval $(call KernelPackage,nft-tproxy))
1254
1255 define KernelPackage/nft-compat
1256 SUBMENU:=$(NF_MENU)
1257 TITLE:=Netfilter nf_tables compat support
1258 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1259 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1260 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1261 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1262 endef
1263
1264 $(eval $(call KernelPackage,nft-compat))
1265
1266 define KernelPackage/nft-xfrm
1267 SUBMENU:=$(NF_MENU)
1268 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1269 DEPENDS:=+kmod-nft-core
1270 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1271 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1272 KCONFIG:=$(KCONFIG_NFT_XFRM)
1273 endef
1274
1275 $(eval $(call KernelPackage,nft-xfrm))
OpenWrt Source Repository