projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nf-conntrack: allow querying conntrack info in nfqueue
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define AddDepends/ipt
166 SUBMENU:=$(NF_MENU)
167 DEPENDS+= +kmod-ipt-core $(1)
168 endef
169
170
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
177 endef
178
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
181 Includes:
182 - conntrack
183 - defrag
184 - iptables_raw
185 - NOTRACK
186 - state
187 endef
188
189 $(eval $(call KernelPackage,ipt-conntrack))
190
191
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
198 endef
199
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
202 Includes:
203 - connbytes
204 - connmark/CONNMARK
205 - conntrack
206 - helper
207 - recent
208 endef
209
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
211
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
218 endef
219
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
222 Includes:
223 - connlabel
224 endef
225
226 $(eval $(call KernelPackage,ipt-conntrack-label))
227
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
234 endef
235
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
238 Includes:
239 - string
240 - bpf
241 endef
242
243 $(eval $(call KernelPackage,ipt-filter))
244
245
246 define KernelPackage/ipt-offload
247 TITLE:=Netfilter routing/NAT offload support
248 KCONFIG:=$(KCONFIG_IPT_FLOW)
249 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
250 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
251 $(call AddDepends/ipt,+kmod-nf-flow)
252 endef
253
254 $(eval $(call KernelPackage,ipt-offload))
255
256
257 define KernelPackage/ipt-ipopt
258 TITLE:=Modules for matching/changing IP packet options
259 KCONFIG:=$(KCONFIG_IPT_IPOPT)
260 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
262 $(call AddDepends/ipt)
263 endef
264
265 define KernelPackage/ipt-ipopt/description
266 Netfilter (IPv4) modules for matching/changing IP packet options
267 Includes:
268 - CLASSIFY
269 - dscp/DSCP
270 - ecn/ECN
271 - hl/HL
272 - length
273 - mark/MARK
274 - statistic
275 - tcpmss
276 - time
277 - ttl/TTL
278 - unclean
279 endef
280
281 $(eval $(call KernelPackage,ipt-ipopt))
282
283
284 define KernelPackage/ipt-ipsec
285 TITLE:=Modules for matching IPSec packets
286 KCONFIG:=$(KCONFIG_IPT_IPSEC)
287 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
288 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
289 $(call AddDepends/ipt)
290 endef
291
292 define KernelPackage/ipt-ipsec/description
293 Netfilter (IPv4) modules for matching IPSec packets
294 Includes:
295 - ah
296 - esp
297 - policy
298 endef
299
300 $(eval $(call KernelPackage,ipt-ipsec))
301
302 IPSET_MODULES:= \
303 ipset/ip_set \
304 ipset/ip_set_bitmap_ip \
305 ipset/ip_set_bitmap_ipmac \
306 ipset/ip_set_bitmap_port \
307 ipset/ip_set_hash_ip \
308 ipset/ip_set_hash_ipmark \
309 ipset/ip_set_hash_ipport \
310 ipset/ip_set_hash_ipportip \
311 ipset/ip_set_hash_ipportnet \
312 ipset/ip_set_hash_mac \
313 ipset/ip_set_hash_netportnet \
314 ipset/ip_set_hash_net \
315 ipset/ip_set_hash_netnet \
316 ipset/ip_set_hash_netport \
317 ipset/ip_set_hash_netiface \
318 ipset/ip_set_list_set \
319 xt_set
320
321 define KernelPackage/ipt-ipset
322 SUBMENU:=Netfilter Extensions
323 TITLE:=IPset netfilter modules
324 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
325 KCONFIG:= \
326 CONFIG_IP_SET \
327 CONFIG_IP_SET_MAX=256 \
328 CONFIG_NETFILTER_XT_SET \
329 CONFIG_IP_SET_BITMAP_IP \
330 CONFIG_IP_SET_BITMAP_IPMAC \
331 CONFIG_IP_SET_BITMAP_PORT \
332 CONFIG_IP_SET_HASH_IP \
333 CONFIG_IP_SET_HASH_IPMAC \
334 CONFIG_IP_SET_HASH_IPMARK \
335 CONFIG_IP_SET_HASH_IPPORT \
336 CONFIG_IP_SET_HASH_IPPORTIP \
337 CONFIG_IP_SET_HASH_IPPORTNET \
338 CONFIG_IP_SET_HASH_MAC \
339 CONFIG_IP_SET_HASH_NET \
340 CONFIG_IP_SET_HASH_NETNET \
341 CONFIG_IP_SET_HASH_NETIFACE \
342 CONFIG_IP_SET_HASH_NETPORT \
343 CONFIG_IP_SET_HASH_NETPORTNET \
344 CONFIG_IP_SET_LIST_SET \
345 CONFIG_NET_EMATCH_IPSET=n
346 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
347 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
348 endef
349 $(eval $(call KernelPackage,ipt-ipset))
350
351
352 IPVS_MODULES:= \
353 ipvs/ip_vs \
354 ipvs/ip_vs_lc \
355 ipvs/ip_vs_wlc \
356 ipvs/ip_vs_rr \
357 ipvs/ip_vs_wrr \
358 ipvs/ip_vs_lblc \
359 ipvs/ip_vs_lblcr \
360 ipvs/ip_vs_dh \
361 ipvs/ip_vs_sh \
362 ipvs/ip_vs_fo \
363 ipvs/ip_vs_ovf \
364 ipvs/ip_vs_nq \
365 ipvs/ip_vs_sed \
366 xt_ipvs
367
368 define KernelPackage/nf-ipvs
369 SUBMENU:=Netfilter Extensions
370 TITLE:=IP Virtual Server modules
371 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
372 KCONFIG:= \
373 CONFIG_IP_VS \
374 CONFIG_IP_VS_IPV6=y \
375 CONFIG_IP_VS_DEBUG=n \
376 CONFIG_IP_VS_PROTO_TCP=y \
377 CONFIG_IP_VS_PROTO_UDP=y \
378 CONFIG_IP_VS_PROTO_AH_ESP=y \
379 CONFIG_IP_VS_PROTO_ESP=y \
380 CONFIG_IP_VS_PROTO_AH=y \
381 CONFIG_IP_VS_PROTO_SCTP=y \
382 CONFIG_IP_VS_TAB_BITS=12 \
383 CONFIG_IP_VS_RR \
384 CONFIG_IP_VS_WRR \
385 CONFIG_IP_VS_LC \
386 CONFIG_IP_VS_WLC \
387 CONFIG_IP_VS_FO \
388 CONFIG_IP_VS_OVF \
389 CONFIG_IP_VS_LBLC \
390 CONFIG_IP_VS_LBLCR \
391 CONFIG_IP_VS_DH \
392 CONFIG_IP_VS_SH \
393 CONFIG_IP_VS_SED \
394 CONFIG_IP_VS_NQ \
395 CONFIG_IP_VS_SH_TAB_BITS=8 \
396 CONFIG_IP_VS_NFCT=y \
397 CONFIG_NETFILTER_XT_MATCH_IPVS
398 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
399 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
400 endef
401
402 define KernelPackage/nf-ipvs/description
403 IPVS (IP Virtual Server) implements transport-layer load balancing inside
404 the Linux kernel so called Layer-4 switching.
405 endef
406
407 $(eval $(call KernelPackage,nf-ipvs))
408
409
410 define KernelPackage/nf-ipvs-ftp
411 SUBMENU:=$(NF_MENU)
412 TITLE:=Virtual Server FTP protocol support
413 KCONFIG:=CONFIG_IP_VS_FTP
414 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
415 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
416 endef
417
418 define KernelPackage/nf-ipvs-ftp/description
419 In the virtual server via Network Address Translation,
420 the IP address and port number of real servers cannot be sent to
421 clients in ftp connections directly, so FTP protocol helper is
422 required for tracking the connection and mangling it back to that of
423 virtual service.
424 endef
425
426 $(eval $(call KernelPackage,nf-ipvs-ftp))
427
428
429 define KernelPackage/nf-ipvs-sip
430 SUBMENU:=$(NF_MENU)
431 TITLE:=Virtual Server SIP protocol support
432 KCONFIG:=CONFIG_IP_VS_PE_SIP
433 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
434 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
435 endef
436
437 define KernelPackage/nf-ipvs-sip/description
438 Allow persistence based on the SIP Call-ID
439 endef
440
441 $(eval $(call KernelPackage,nf-ipvs-sip))
442
443
444 define KernelPackage/ipt-nat
445 TITLE:=Basic NAT targets
446 KCONFIG:=$(KCONFIG_IPT_NAT)
447 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
448 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
449 $(call AddDepends/ipt,+kmod-nf-nat)
450 endef
451
452 define KernelPackage/ipt-nat/description
453 Netfilter (IPv4) kernel modules for basic NAT targets
454 Includes:
455 - MASQUERADE
456 endef
457
458 $(eval $(call KernelPackage,ipt-nat))
459
460
461 define KernelPackage/ipt-raw
462 TITLE:=Netfilter IPv4 raw table support
463 KCONFIG:=CONFIG_IP_NF_RAW
464 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
465 AUTOLOAD:=$(call AutoProbe,iptable_raw)
466 $(call AddDepends/ipt)
467 endef
468
469 $(eval $(call KernelPackage,ipt-raw))
470
471
472 define KernelPackage/ipt-raw6
473 TITLE:=Netfilter IPv6 raw table support
474 DEPENDS:=@IPV6
475 KCONFIG:=CONFIG_IP6_NF_RAW
476 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
477 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
478 $(call AddDepends/ipt,+kmod-ip6tables)
479 endef
480
481 $(eval $(call KernelPackage,ipt-raw6))
482
483
484 define KernelPackage/ipt-nat6
485 TITLE:=IPv6 NAT targets
486 DEPENDS:=@IPV6
487 KCONFIG:=$(KCONFIG_IPT_NAT6)
488 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
489 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
490 $(call AddDepends/ipt,+kmod-nf-nat6)
491 $(call AddDepends/ipt,+kmod-ipt-conntrack)
492 $(call AddDepends/ipt,+kmod-ipt-nat)
493 $(call AddDepends/ipt,+kmod-ip6tables)
494 endef
495
496 define KernelPackage/ipt-nat6/description
497 Netfilter (IPv6) kernel modules for NAT targets
498 endef
499
500 $(eval $(call KernelPackage,ipt-nat6))
501
502
503 define KernelPackage/ipt-nat-extra
504 TITLE:=Extra NAT targets
505 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
506 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
507 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
508 $(call AddDepends/ipt,+kmod-ipt-nat)
509 endef
510
511 define KernelPackage/ipt-nat-extra/description
512 Netfilter (IPv4) kernel modules for extra NAT targets
513 Includes:
514 - NETMAP
515 - REDIRECT
516 endef
517
518 $(eval $(call KernelPackage,ipt-nat-extra))
519
520
521 define KernelPackage/nf-nathelper
522 SUBMENU:=$(NF_MENU)
523 TITLE:=Basic Conntrack and NAT helpers
524 KCONFIG:=$(KCONFIG_NF_NATHELPER)
525 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
526 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
527 DEPENDS:=+kmod-nf-nat
528 endef
529
530 define KernelPackage/nf-nathelper/description
531 Default Netfilter (IPv4) Conntrack and NAT helpers
532 Includes:
533 - ftp
534 endef
535
536 $(eval $(call KernelPackage,nf-nathelper))
537
538
539 define KernelPackage/nf-nathelper-extra
540 SUBMENU:=$(NF_MENU)
541 TITLE:=Extra Conntrack and NAT helpers
542 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
543 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
544 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
545 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +kmod-asn1-decoder
546 endef
547
548 define KernelPackage/nf-nathelper-extra/description
549 Extra Netfilter (IPv4) Conntrack and NAT helpers
550 Includes:
551 - amanda
552 - h323
553 - irc
554 - mms
555 - pptp
556 - proto_gre
557 - sip
558 - snmp_basic
559 - tftp
560 - broadcast
561 endef
562
563 $(eval $(call KernelPackage,nf-nathelper-extra))
564
565
566 define KernelPackage/ipt-ulog
567 TITLE:=Module for user-space packet logging
568 KCONFIG:=$(KCONFIG_IPT_ULOG)
569 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
570 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
571 $(call AddDepends/ipt)
572 endef
573
574 define KernelPackage/ipt-ulog/description
575 Netfilter (IPv4) module for user-space packet logging
576 Includes:
577 - ULOG
578 endef
579
580 $(eval $(call KernelPackage,ipt-ulog))
581
582
583 define KernelPackage/ipt-nflog
584 TITLE:=Module for user-space packet logging
585 KCONFIG:=$(KCONFIG_IPT_NFLOG)
586 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
587 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
588 $(call AddDepends/ipt,+kmod-nfnetlink-log)
589 endef
590
591 define KernelPackage/ipt-nflog/description
592 Netfilter module for user-space packet logging
593 Includes:
594 - NFLOG
595 endef
596
597 $(eval $(call KernelPackage,ipt-nflog))
598
599
600 define KernelPackage/ipt-nfqueue
601 TITLE:=Module for user-space packet queuing
602 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
603 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
604 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
605 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
606 endef
607
608 define KernelPackage/ipt-nfqueue/description
609 Netfilter module for user-space packet queuing
610 Includes:
611 - NFQUEUE
612 endef
613
614 $(eval $(call KernelPackage,ipt-nfqueue))
615
616
617 define KernelPackage/ipt-debug
618 TITLE:=Module for debugging/development
619 KCONFIG:=$(KCONFIG_IPT_DEBUG)
620 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
621 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
622 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
623 endef
624
625 define KernelPackage/ipt-debug/description
626 Netfilter modules for debugging/development of the firewall
627 Includes:
628 - TRACE
629 endef
630
631 $(eval $(call KernelPackage,ipt-debug))
632
633
634 define KernelPackage/ipt-led
635 TITLE:=Module to trigger a LED with a Netfilter rule
636 KCONFIG:=$(KCONFIG_IPT_LED)
637 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
638 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
639 $(call AddDepends/ipt)
640 endef
641
642 define KernelPackage/ipt-led/description
643 Netfilter target to trigger a LED when a network packet is matched.
644 endef
645
646 $(eval $(call KernelPackage,ipt-led))
647
648 define KernelPackage/ipt-tproxy
649 TITLE:=Transparent proxying support
650 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
651 KCONFIG:=$(KCONFIG_IPT_TPROXY)
652 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
653 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
654 $(call AddDepends/ipt)
655 endef
656
657 define KernelPackage/ipt-tproxy/description
658 Kernel modules for Transparent Proxying
659 endef
660
661 $(eval $(call KernelPackage,ipt-tproxy))
662
663 define KernelPackage/ipt-tee
664 TITLE:=TEE support
665 DEPENDS:=+kmod-ipt-conntrack
666 KCONFIG:=$(KCONFIG_IPT_TEE)
667 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
668 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
669 $(call AddDepends/ipt)
670 endef
671
672 define KernelPackage/ipt-tee/description
673 Kernel modules for TEE
674 endef
675
676 $(eval $(call KernelPackage,ipt-tee))
677
678
679 define KernelPackage/ipt-u32
680 TITLE:=U32 support
681 KCONFIG:=$(KCONFIG_IPT_U32)
682 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
683 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
684 $(call AddDepends/ipt)
685 endef
686
687 define KernelPackage/ipt-u32/description
688 Kernel modules for U32
689 endef
690
691 $(eval $(call KernelPackage,ipt-u32))
692
693 define KernelPackage/ipt-checksum
694 TITLE:=CHECKSUM support
695 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
696 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
697 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
698 $(call AddDepends/ipt)
699 endef
700
701 define KernelPackage/ipt-checksum/description
702 Kernel modules for CHECKSUM fillin target
703 endef
704
705 $(eval $(call KernelPackage,ipt-checksum))
706
707
708 define KernelPackage/ipt-iprange
709 TITLE:=Module for matching ip ranges
710 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
711 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
712 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
713 $(call AddDepends/ipt)
714 endef
715
716 define KernelPackage/ipt-iprange/description
717 Netfilter (IPv4) module for matching ip ranges
718 Includes:
719 - iprange
720 endef
721
722 $(eval $(call KernelPackage,ipt-iprange))
723
724 define KernelPackage/ipt-cluster
725 TITLE:=Module for matching cluster
726 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
727 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
728 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
729 $(call AddDepends/ipt,+kmod-nf-conntrack)
730 endef
731
732 define KernelPackage/ipt-cluster/description
733 Netfilter (IPv4/IPv6) module for matching cluster
734 This option allows you to build work-load-sharing clusters of
735 network servers/stateful firewalls without having a dedicated
736 load-balancing router/server/switch. Basically, this match returns
737 true when the packet must be handled by this cluster node. Thus,
738 all nodes see all packets and this match decides which node handles
739 what packets. The work-load sharing algorithm is based on source
740 address hashing.
741
742 This module is usable for ipv4 and ipv6.
743
744 To use it also enable iptables-mod-cluster
745
746 see `iptables -m cluster --help` for more information.
747 endef
748
749 $(eval $(call KernelPackage,ipt-cluster))
750
751 define KernelPackage/ipt-clusterip
752 TITLE:=Module for CLUSTERIP
753 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
754 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
755 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
756 $(call AddDepends/ipt,+kmod-nf-conntrack)
757 endef
758
759 define KernelPackage/ipt-clusterip/description
760 Netfilter (IPv4-only) module for CLUSTERIP
761 The CLUSTERIP target allows you to build load-balancing clusters of
762 network servers without having a dedicated load-balancing
763 router/server/switch.
764
765 To use it also enable iptables-mod-clusterip
766
767 see `iptables -j CLUSTERIP --help` for more information.
768 endef
769
770 $(eval $(call KernelPackage,ipt-clusterip))
771
772
773 define KernelPackage/ipt-extra
774 TITLE:=Extra modules
775 KCONFIG:=$(KCONFIG_IPT_EXTRA)
776 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
777 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
778 $(call AddDepends/ipt)
779 endef
780
781 define KernelPackage/ipt-extra/description
782 Other Netfilter (IPv4) kernel modules
783 Includes:
784 - addrtype
785 - owner
786 - pkttype
787 - quota
788 endef
789
790 $(eval $(call KernelPackage,ipt-extra))
791
792
793 define KernelPackage/ipt-physdev
794 TITLE:=physdev module
795 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
796 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
797 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
798 $(call AddDepends/ipt,+kmod-br-netfilter)
799 endef
800
801 define KernelPackage/ipt-physdev/description
802 The iptables physdev kernel module
803 endef
804
805 $(eval $(call KernelPackage,ipt-physdev))
806
807
808 define KernelPackage/ip6tables
809 SUBMENU:=$(NF_MENU)
810 TITLE:=IPv6 modules
811 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
812 KCONFIG:=$(KCONFIG_IPT_IPV6)
813 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
814 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
815 endef
816
817 define KernelPackage/ip6tables/description
818 Netfilter IPv6 firewalling support
819 endef
820
821 $(eval $(call KernelPackage,ip6tables))
822
823 define KernelPackage/ip6tables-extra
824 SUBMENU:=$(NF_MENU)
825 TITLE:=Extra IPv6 modules
826 DEPENDS:=@IPV6 +kmod-ip6tables
827 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
828 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
829 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
830 endef
831
832 define KernelPackage/ip6tables-extra/description
833 Netfilter IPv6 extra header matching modules
834 endef
835
836 $(eval $(call KernelPackage,ip6tables-extra))
837
838 ARP_MODULES = arp_tables arpt_mangle arptable_filter
839 define KernelPackage/arptables
840 SUBMENU:=$(NF_MENU)
841 TITLE:=ARP firewalling modules
842 DEPENDS:=+kmod-ipt-core
843 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
844 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
845 CONFIG_IP_NF_ARPFILTER \
846 CONFIG_IP_NF_ARP_MANGLE
847 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
848 endef
849
850 define KernelPackage/arptables/description
851 Kernel modules for ARP firewalling
852 endef
853
854 $(eval $(call KernelPackage,arptables))
855
856
857 define KernelPackage/br-netfilter
858 SUBMENU:=$(NF_MENU)
859 TITLE:=Bridge netfilter support modules
860 DEPENDS:=+kmod-ipt-core
861 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
862 KCONFIG:=CONFIG_BRIDGE_NETFILTER
863 AUTOLOAD:=$(call AutoProbe,br_netfilter)
864 endef
865
866 define KernelPackage/br-netfilter/install
867 $(INSTALL_DIR) $(1)/etc/sysctl.d
868 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
869 endef
870
871 $(eval $(call KernelPackage,br-netfilter))
872
873
874 define KernelPackage/ebtables
875 SUBMENU:=$(NF_MENU)
876 TITLE:=Bridge firewalling modules
877 DEPENDS:=+kmod-ipt-core
878 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
879 KCONFIG:=$(KCONFIG_EBTABLES)
880 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
881 endef
882
883 define KernelPackage/ebtables/description
884 ebtables is a general, extensible frame/packet identification
885 framework. It provides you to do Ethernet
886 filtering/NAT/brouting on the Ethernet bridge.
887 endef
888
889 $(eval $(call KernelPackage,ebtables))
890
891
892 define AddDepends/ebtables
893 SUBMENU:=$(NF_MENU)
894 DEPENDS+= +kmod-ebtables $(1)
895 endef
896
897
898 define KernelPackage/ebtables-ipv4
899 TITLE:=ebtables: IPv4 support
900 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
901 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
902 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
903 $(call AddDepends/ebtables)
904 endef
905
906 define KernelPackage/ebtables-ipv4/description
907 This option adds the IPv4 support to ebtables, which allows basic
908 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
909 endef
910
911 $(eval $(call KernelPackage,ebtables-ipv4))
912
913
914 define KernelPackage/ebtables-ipv6
915 TITLE:=ebtables: IPv6 support
916 DEPENDS:=@IPV6
917 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
918 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
919 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
920 $(call AddDepends/ebtables)
921 endef
922
923 define KernelPackage/ebtables-ipv6/description
924 This option adds the IPv6 support to ebtables, which allows basic
925 IPv6 header field filtering and target support.
926 endef
927
928 $(eval $(call KernelPackage,ebtables-ipv6))
929
930
931 define KernelPackage/ebtables-watchers
932 TITLE:=ebtables: watchers support
933 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
934 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
935 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
936 $(call AddDepends/ebtables)
937 endef
938
939 define KernelPackage/ebtables-watchers/description
940 This option adds the log watchers, that you can use in any rule
941 in any ebtables table.
942 endef
943
944 $(eval $(call KernelPackage,ebtables-watchers))
945
946
947 define KernelPackage/nfnetlink
948 SUBMENU:=$(NF_MENU)
949 TITLE:=Netlink-based userspace interface
950 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
951 KCONFIG:=$(KCONFIG_NFNETLINK)
952 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
953 endef
954
955 define KernelPackage/nfnetlink/description
956 Kernel modules support for a netlink-based userspace interface
957 endef
958
959 $(eval $(call KernelPackage,nfnetlink))
960
961
962 define AddDepends/nfnetlink
963 SUBMENU:=$(NF_MENU)
964 DEPENDS+=+kmod-nfnetlink $(1)
965 endef
966
967
968 define KernelPackage/nfnetlink-log
969 TITLE:=Netfilter LOG over NFNETLINK interface
970 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
971 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
972 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
973 $(call AddDepends/nfnetlink)
974 endef
975
976 define KernelPackage/nfnetlink-log/description
977 Kernel modules support for logging packets via NFNETLINK
978 Includes:
979 - NFLOG
980 endef
981
982 $(eval $(call KernelPackage,nfnetlink-log))
983
984
985 define KernelPackage/nfnetlink-queue
986 TITLE:=Netfilter QUEUE over NFNETLINK interface
987 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
988 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
989 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
990 $(call AddDepends/nfnetlink)
991 endef
992
993 define KernelPackage/nfnetlink-queue/description
994 Kernel modules support for queueing packets via NFNETLINK
995 Includes:
996 - NFQUEUE
997 endef
998
999 $(eval $(call KernelPackage,nfnetlink-queue))
1000
1001
1002 define KernelPackage/nf-conntrack-netlink
1003 TITLE:=Connection tracking netlink interface
1004 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1005 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1006 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1007 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
1008 endef
1009
1010 define KernelPackage/nf-conntrack-netlink/description
1011 Kernel modules support for a netlink-based connection tracking
1012 userspace interface
1013 endef
1014
1015 $(eval $(call KernelPackage,nf-conntrack-netlink))
1016
1017 define KernelPackage/ipt-hashlimit
1018 SUBMENU:=$(NF_MENU)
1019 TITLE:=Netfilter hashlimit match
1020 DEPENDS:=+kmod-ipt-core
1021 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1022 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1023 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1024 $(call KernelPackage/ipt)
1025 endef
1026
1027 define KernelPackage/ipt-hashlimit/description
1028 Kernel modules support for the hashlimit bucket match module
1029 endef
1030
1031 $(eval $(call KernelPackage,ipt-hashlimit))
1032
1033 define KernelPackage/ipt-rpfilter
1034 SUBMENU:=$(NF_MENU)
1035 TITLE:=Netfilter rpfilter match
1036 DEPENDS:=+kmod-ipt-core
1037 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1038 FILES:=$(realpath \
1039 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1040 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1041 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1042 $(call KernelPackage/ipt)
1043 endef
1044
1045 define KernelPackage/ipt-rpfilter/description
1046 Kernel modules support for the Netfilter rpfilter match
1047 endef
1048
1049 $(eval $(call KernelPackage,ipt-rpfilter))
1050
1051
1052 define KernelPackage/nft-core
1053 SUBMENU:=$(NF_MENU)
1054 TITLE:=Netfilter nf_tables support
1055 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat
1056 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1057 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1058 KCONFIG:= \
1059 CONFIG_NFT_COMPAT=n \
1060 CONFIG_NFT_QUEUE=n \
1061 $(KCONFIG_NFT_CORE)
1062 endef
1063
1064 define KernelPackage/nft-core/description
1065 Kernel module support for nftables
1066 endef
1067
1068 $(eval $(call KernelPackage,nft-core))
1069
1070
1071 define KernelPackage/nft-arp
1072 SUBMENU:=$(NF_MENU)
1073 TITLE:=Netfilter nf_tables ARP table support
1074 DEPENDS:=+kmod-nft-core
1075 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1076 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1077 KCONFIG:=$(KCONFIG_NFT_ARP)
1078 endef
1079
1080 $(eval $(call KernelPackage,nft-arp))
1081
1082
1083 define KernelPackage/nft-bridge
1084 SUBMENU:=$(NF_MENU)
1085 TITLE:=Netfilter nf_tables bridge table support
1086 DEPENDS:=+kmod-nft-core
1087 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1088 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1089 KCONFIG:= \
1090 CONFIG_NF_LOG_BRIDGE=n \
1091 $(KCONFIG_NFT_BRIDGE)
1092 endef
1093
1094 $(eval $(call KernelPackage,nft-bridge))
1095
1096
1097 define KernelPackage/nft-nat
1098 SUBMENU:=$(NF_MENU)
1099 TITLE:=Netfilter nf_tables NAT support
1100 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1101 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1102 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1103 KCONFIG:=$(KCONFIG_NFT_NAT)
1104 endef
1105
1106 $(eval $(call KernelPackage,nft-nat))
1107
1108
1109 define KernelPackage/nft-offload
1110 SUBMENU:=$(NF_MENU)
1111 TITLE:=Netfilter nf_tables routing/NAT offload support
1112 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1113 KCONFIG:= \
1114 CONFIG_NF_FLOW_TABLE_INET \
1115 CONFIG_NF_FLOW_TABLE_IPV4 \
1116 CONFIG_NF_FLOW_TABLE_IPV6 \
1117 CONFIG_NFT_FLOW_OFFLOAD
1118 FILES:= \
1119 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1120 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1121 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1122 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1123 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1124 endef
1125
1126 $(eval $(call KernelPackage,nft-offload))
1127
1128
1129 define KernelPackage/nft-nat6
1130 SUBMENU:=$(NF_MENU)
1131 TITLE:=Netfilter nf_tables IPv6-NAT support
1132 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1133 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1134 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1135 KCONFIG:=$(KCONFIG_NFT_NAT6)
1136 endef
1137
1138 $(eval $(call KernelPackage,nft-nat6))
1139
1140 define KernelPackage/nft-netdev
1141 SUBMENU:=$(NF_MENU)
1142 TITLE:=Netfilter nf_tables netdev support
1143 DEPENDS:=+kmod-nft-core
1144 KCONFIG:= \
1145 CONFIG_NETFILTER_INGRESS=y \
1146 CONFIG_NF_TABLES_NETDEV \
1147 CONFIG_NF_DUP_NETDEV \
1148 CONFIG_NFT_DUP_NETDEV \
1149 CONFIG_NFT_FWD_NETDEV
1150 FILES:= \
1151 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1152 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1153 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1154 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1155 endef
1156
1157 $(eval $(call KernelPackage,nft-netdev))
1158
1159
1160 define KernelPackage/nft-fib
1161 SUBMENU:=$(NF_MENU)
1162 TITLE:=Netfilter nf_tables fib support
1163 DEPENDS:=+kmod-nft-core
1164 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1166 KCONFIG:=$(KCONFIG_NFT_FIB)
1167 endef
1168
1169 $(eval $(call KernelPackage,nft-fib))
1170
1171
1172 define KernelPackage/nft-queue
1173 SUBMENU:=$(NF_MENU)
1174 TITLE:=Netfilter nf_tables queue support
1175 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1176 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1177 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1178 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1179 endef
1180
1181 $(eval $(call KernelPackage,nft-queue))
OpenWrt Source Repository