projects / openwrt / openwrt.git / blob
? search:


f45845750075f01f3a51a01a2fa657ce664560cf
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-ipt
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Iptables core
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_IPT)
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-ipt))
26
27
28 define KernelPackage/nf-ipt6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Ip6tables core
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
35 endef
36
37 $(eval $(call KernelPackage,nf-ipt6))
38
39
40
41 define KernelPackage/ipt-core
42 SUBMENU:=$(NF_MENU)
43 TITLE:=Iptables core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
47 DEPENDS:=+kmod-nf-ipt
48 endef
49
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
52 Includes:
53 - comment
54 - limit
55 - LOG
56 - mac
57 - multiport
58 - REJECT
59 - TCPMSS
60 endef
61
62 $(eval $(call KernelPackage,ipt-core))
63
64
65 define KernelPackage/nf-conntrack
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Netfilter connection tracking
68 KCONFIG:= \
69 CONFIG_NETFILTER=y \
70 CONFIG_NETFILTER_ADVANCED=y \
71 CONFIG_NF_CONNTRACK_MARK=y \
72 CONFIG_NF_CONNTRACK_ZONES=y \
73 $(KCONFIG_NF_CONNTRACK)
74 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
75 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 endef
77
78 $(eval $(call KernelPackage,nf-conntrack))
79
80
81 define KernelPackage/nf-conntrack6
82 SUBMENU:=$(NF_MENU)
83 TITLE:=Netfilter IPv6 connection tracking
84 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
85 DEPENDS:=@IPV6 +kmod-nf-conntrack
86 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
87 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 endef
89
90 $(eval $(call KernelPackage,nf-conntrack6))
91
92
93 define KernelPackage/nf-nat
94 SUBMENU:=$(NF_MENU)
95 TITLE:=Netfilter NAT
96 KCONFIG:=$(KCONFIG_NF_NAT)
97 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
98 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
99 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 endef
101
102 $(eval $(call KernelPackage,nf-nat))
103
104
105 define KernelPackage/nf-nat6
106 SUBMENU:=$(NF_MENU)
107 TITLE:=Netfilter IPV6-NAT
108 KCONFIG:=$(KCONFIG_NF_NAT6)
109 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
110 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
111 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 endef
113
114 $(eval $(call KernelPackage,nf-nat6))
115
116
117 define AddDepends/ipt
118 SUBMENU:=$(NF_MENU)
119 DEPENDS+= +kmod-ipt-core $(1)
120 endef
121
122
123 define KernelPackage/ipt-conntrack
124 TITLE:=Basic connection tracking modules
125 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
126 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
127 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
128 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 endef
130
131 define KernelPackage/ipt-conntrack/description
132 Netfilter (IPv4) kernel modules for connection tracking
133 Includes:
134 - conntrack
135 - defrag
136 - iptables_raw
137 - NOTRACK
138 - state
139 endef
140
141 $(eval $(call KernelPackage,ipt-conntrack))
142
143
144 define KernelPackage/ipt-conntrack-extra
145 TITLE:=Extra connection tracking modules
146 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
147 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
148 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
149 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 endef
151
152 define KernelPackage/ipt-conntrack-extra/description
153 Netfilter (IPv4) extra kernel modules for connection tracking
154 Includes:
155 - connbytes
156 - connmark/CONNMARK
157 - conntrack
158 - helper
159 - recent
160 endef
161
162 $(eval $(call KernelPackage,ipt-conntrack-extra))
163
164
165 define KernelPackage/ipt-filter
166 TITLE:=Modules for packet content inspection
167 KCONFIG:=$(KCONFIG_IPT_FILTER)
168 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
169 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
170 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 endef
172
173 define KernelPackage/ipt-filter/description
174 Netfilter (IPv4) kernel modules for packet content inspection
175 Includes:
176 - string
177 endef
178
179 $(eval $(call KernelPackage,ipt-filter))
180
181
182 define KernelPackage/ipt-ipopt
183 TITLE:=Modules for matching/changing IP packet options
184 KCONFIG:=$(KCONFIG_IPT_IPOPT)
185 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
186 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
187 $(call AddDepends/ipt)
188 endef
189
190 define KernelPackage/ipt-ipopt/description
191 Netfilter (IPv4) modules for matching/changing IP packet options
192 Includes:
193 - CLASSIFY
194 - dscp/DSCP
195 - ecn/ECN
196 - hl/HL
197 - length
198 - mark/MARK
199 - statistic
200 - tcpmss
201 - time
202 - ttl/TTL
203 - unclean
204 endef
205
206 $(eval $(call KernelPackage,ipt-ipopt))
207
208
209 define KernelPackage/ipt-ipsec
210 TITLE:=Modules for matching IPSec packets
211 KCONFIG:=$(KCONFIG_IPT_IPSEC)
212 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
213 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
214 $(call AddDepends/ipt)
215 endef
216
217 define KernelPackage/ipt-ipsec/description
218 Netfilter (IPv4) modules for matching IPSec packets
219 Includes:
220 - ah
221 - esp
222 - policy
223 endef
224
225 $(eval $(call KernelPackage,ipt-ipsec))
226
227 IPSET_MODULES:= \
228 ipset/ip_set \
229 ipset/ip_set_bitmap_ip \
230 ipset/ip_set_bitmap_ipmac \
231 ipset/ip_set_bitmap_port \
232 ipset/ip_set_hash_ip \
233 ipset/ip_set_hash_ipmark \
234 ipset/ip_set_hash_ipport \
235 ipset/ip_set_hash_ipportip \
236 ipset/ip_set_hash_ipportnet \
237 ipset/ip_set_hash_mac \
238 ipset/ip_set_hash_netportnet \
239 ipset/ip_set_hash_net \
240 ipset/ip_set_hash_netnet \
241 ipset/ip_set_hash_netport \
242 ipset/ip_set_hash_netiface \
243 ipset/ip_set_list_set \
244 xt_set
245
246 define KernelPackage/ipt-ipset
247 SUBMENU:=Netfilter Extensions
248 TITLE:=IPset netfilter modules
249 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
250 KCONFIG:= \
251 CONFIG_IP_SET \
252 CONFIG_IP_SET_MAX=256 \
253 CONFIG_NETFILTER_XT_SET \
254 CONFIG_IP_SET_BITMAP_IP \
255 CONFIG_IP_SET_BITMAP_IPMAC \
256 CONFIG_IP_SET_BITMAP_PORT \
257 CONFIG_IP_SET_HASH_IP \
258 CONFIG_IP_SET_HASH_IPMARK \
259 CONFIG_IP_SET_HASH_IPPORT \
260 CONFIG_IP_SET_HASH_IPPORTIP \
261 CONFIG_IP_SET_HASH_IPPORTNET \
262 CONFIG_IP_SET_HASH_MAC \
263 CONFIG_IP_SET_HASH_NET \
264 CONFIG_IP_SET_HASH_NETNET \
265 CONFIG_IP_SET_HASH_NETIFACE \
266 CONFIG_IP_SET_HASH_NETPORT \
267 CONFIG_IP_SET_HASH_NETPORTNET \
268 CONFIG_IP_SET_LIST_SET \
269 CONFIG_NET_EMATCH_IPSET=n
270 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
271 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
272 endef
273 $(eval $(call KernelPackage,ipt-ipset))
274
275
276 define KernelPackage/ipt-nat
277 TITLE:=Basic NAT targets
278 KCONFIG:=$(KCONFIG_IPT_NAT)
279 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
280 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
281 $(call AddDepends/ipt,+kmod-nf-nat)
282 endef
283
284 define KernelPackage/ipt-nat/description
285 Netfilter (IPv4) kernel modules for basic NAT targets
286 Includes:
287 - MASQUERADE
288 endef
289
290 $(eval $(call KernelPackage,ipt-nat))
291
292
293 define KernelPackage/ipt-raw
294 TITLE:=Netfilter IPv4 raw table support
295 KCONFIG:=CONFIG_IP_NF_RAW
296 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
297 AUTOLOAD:=$(call AutoProbe,iptable_raw)
298 $(call AddDepends/ipt)
299 endef
300
301 $(eval $(call KernelPackage,ipt-raw))
302
303
304 define KernelPackage/ipt-raw6
305 TITLE:=Netfilter IPv6 raw table support
306 KCONFIG:=CONFIG_IP6_NF_RAW
307 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
308 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
309 $(call AddDepends/ipt,+kmod-ip6tables)
310 endef
311
312 $(eval $(call KernelPackage,ipt-raw6))
313
314
315 define KernelPackage/ipt-nat6
316 TITLE:=IPv6 NAT targets
317 KCONFIG:=$(KCONFIG_IPT_NAT6)
318 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
319 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
320 $(call AddDepends/ipt,+kmod-nf-nat6)
321 $(call AddDepends/ipt,+kmod-ipt-conntrack)
322 $(call AddDepends/ipt,+kmod-ipt-nat)
323 $(call AddDepends/ipt,+kmod-ip6tables)
324 endef
325
326 define KernelPackage/ipt-nat6/description
327 Netfilter (IPv6) kernel modules for NAT targets
328 endef
329
330 $(eval $(call KernelPackage,ipt-nat6))
331
332
333 define KernelPackage/ipt-nat-extra
334 TITLE:=Extra NAT targets
335 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
336 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
337 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
338 $(call AddDepends/ipt,+kmod-ipt-nat)
339 endef
340
341 define KernelPackage/ipt-nat-extra/description
342 Netfilter (IPv4) kernel modules for extra NAT targets
343 Includes:
344 - NETMAP
345 - REDIRECT
346 endef
347
348 $(eval $(call KernelPackage,ipt-nat-extra))
349
350
351 define KernelPackage/nf-nathelper
352 SUBMENU:=$(NF_MENU)
353 TITLE:=Basic Conntrack and NAT helpers
354 KCONFIG:=$(KCONFIG_NF_NATHELPER)
355 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
356 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
357 DEPENDS:=+kmod-nf-nat
358 endef
359
360 define KernelPackage/nf-nathelper/description
361 Default Netfilter (IPv4) Conntrack and NAT helpers
362 Includes:
363 - ftp
364 endef
365
366 $(eval $(call KernelPackage,nf-nathelper))
367
368
369 define KernelPackage/nf-nathelper-extra
370 SUBMENU:=$(NF_MENU)
371 TITLE:=Extra Conntrack and NAT helpers
372 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
373 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
374 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
375 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
376 endef
377
378 define KernelPackage/nf-nathelper-extra/description
379 Extra Netfilter (IPv4) Conntrack and NAT helpers
380 Includes:
381 - amanda
382 - h323
383 - irc
384 - mms
385 - pptp
386 - proto_gre
387 - sip
388 - snmp_basic
389 - tftp
390 - broadcast
391 endef
392
393 $(eval $(call KernelPackage,nf-nathelper-extra))
394
395
396 define KernelPackage/ipt-ulog
397 TITLE:=Module for user-space packet logging
398 KCONFIG:=$(KCONFIG_IPT_ULOG)
399 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
400 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
401 $(call AddDepends/ipt)
402 endef
403
404 define KernelPackage/ipt-ulog/description
405 Netfilter (IPv4) module for user-space packet logging
406 Includes:
407 - ULOG
408 endef
409
410 $(eval $(call KernelPackage,ipt-ulog))
411
412
413 define KernelPackage/ipt-nflog
414 TITLE:=Module for user-space packet logging
415 KCONFIG:=$(KCONFIG_IPT_NFLOG)
416 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
417 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
418 $(call AddDepends/ipt,+kmod-nfnetlink-log)
419 endef
420
421 define KernelPackage/ipt-nflog/description
422 Netfilter module for user-space packet logging
423 Includes:
424 - NFLOG
425 endef
426
427 $(eval $(call KernelPackage,ipt-nflog))
428
429
430 define KernelPackage/ipt-nfqueue
431 TITLE:=Module for user-space packet queuing
432 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
433 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
434 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
435 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
436 endef
437
438 define KernelPackage/ipt-nfqueue/description
439 Netfilter module for user-space packet queuing
440 Includes:
441 - NFQUEUE
442 endef
443
444 $(eval $(call KernelPackage,ipt-nfqueue))
445
446
447 define KernelPackage/ipt-debug
448 TITLE:=Module for debugging/development
449 KCONFIG:=$(KCONFIG_IPT_DEBUG)
450 DEFAULT:=n
451 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
452 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
453 $(call AddDepends/ipt)
454 endef
455
456 define KernelPackage/ipt-debug/description
457 Netfilter modules for debugging/development of the firewall
458 Includes:
459 - TRACE
460 endef
461
462 $(eval $(call KernelPackage,ipt-debug))
463
464
465 define KernelPackage/ipt-led
466 TITLE:=Module to trigger a LED with a Netfilter rule
467 KCONFIG:=$(KCONFIG_IPT_LED)
468 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
469 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
470 $(call AddDepends/ipt)
471 endef
472
473 define KernelPackage/ipt-led/description
474 Netfilter target to trigger a LED when a network packet is matched.
475 endef
476
477 $(eval $(call KernelPackage,ipt-led))
478
479 define KernelPackage/ipt-tproxy
480 TITLE:=Transparent proxying support
481 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
482 KCONFIG:= \
483 CONFIG_NETFILTER_XT_MATCH_SOCKET \
484 CONFIG_NETFILTER_XT_TARGET_TPROXY
485 FILES:= \
486 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
487 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
488 $(call AddDepends/ipt)
489 endef
490
491 define KernelPackage/ipt-tproxy/description
492 Kernel modules for Transparent Proxying
493 endef
494
495 $(eval $(call KernelPackage,ipt-tproxy))
496
497 define KernelPackage/ipt-tee
498 TITLE:=TEE support
499 DEPENDS:=+kmod-ipt-conntrack
500 KCONFIG:= \
501 CONFIG_NETFILTER_XT_TARGET_TEE
502 FILES:= \
503 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
504 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
505 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
506 $(call AddDepends/ipt)
507 endef
508
509 define KernelPackage/ipt-tee/description
510 Kernel modules for TEE
511 endef
512
513 $(eval $(call KernelPackage,ipt-tee))
514
515
516 define KernelPackage/ipt-u32
517 TITLE:=U32 support
518 KCONFIG:= \
519 CONFIG_NETFILTER_XT_MATCH_U32
520 FILES:= \
521 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
522 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
523 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
524 $(call AddDepends/ipt)
525 endef
526
527 define KernelPackage/ipt-u32/description
528 Kernel modules for U32
529 endef
530
531 $(eval $(call KernelPackage,ipt-u32))
532
533 define KernelPackage/ipt-checksum
534 TITLE:=CHECKSUM support
535 KCONFIG:= \
536 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
537 FILES:= \
538 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
539 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
540 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
541 $(call AddDepends/ipt)
542 endef
543
544 define KernelPackage/ipt-checksum/description
545 Kernel modules for CHECKSUM fillin target
546 endef
547
548 $(eval $(call KernelPackage,ipt-checksum))
549
550
551 define KernelPackage/ipt-iprange
552 TITLE:=Module for matching ip ranges
553 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
554 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
555 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
556 $(call AddDepends/ipt)
557 endef
558
559 define KernelPackage/ipt-iprange/description
560 Netfilter (IPv4) module for matching ip ranges
561 Includes:
562 - iprange
563 endef
564
565 $(eval $(call KernelPackage,ipt-iprange))
566
567 define KernelPackage/ipt-cluster
568 TITLE:=Module for matching cluster
569 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
570 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
571 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
572 $(call AddDepends/ipt)
573 endef
574
575 define KernelPackage/ipt-cluster/description
576 Netfilter (IPv4/IPv6) module for matching cluster
577 This option allows you to build work-load-sharing clusters of
578 network servers/stateful firewalls without having a dedicated
579 load-balancing router/server/switch. Basically, this match returns
580 true when the packet must be handled by this cluster node. Thus,
581 all nodes see all packets and this match decides which node handles
582 what packets. The work-load sharing algorithm is based on source
583 address hashing.
584
585 This module is usable for ipv4 and ipv6.
586
587 To use it also enable iptables-mod-cluster
588
589 see `iptables -m cluster --help` for more information.
590 endef
591
592 $(eval $(call KernelPackage,ipt-cluster))
593
594 define KernelPackage/ipt-clusterip
595 TITLE:=Module for CLUSTERIP
596 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
597 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
598 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
599 $(call AddDepends/ipt,+kmod-nf-conntrack)
600 endef
601
602 define KernelPackage/ipt-clusterip/description
603 Netfilter (IPv4-only) module for CLUSTERIP
604 The CLUSTERIP target allows you to build load-balancing clusters of
605 network servers without having a dedicated load-balancing
606 router/server/switch.
607
608 To use it also enable iptables-mod-clusterip
609
610 see `iptables -j CLUSTERIP --help` for more information.
611 endef
612
613 $(eval $(call KernelPackage,ipt-clusterip))
614
615
616 define KernelPackage/ipt-extra
617 TITLE:=Extra modules
618 KCONFIG:=$(KCONFIG_IPT_EXTRA)
619 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
620 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
621 $(call AddDepends/ipt,+kmod-br-netfilter)
622 endef
623
624 define KernelPackage/ipt-extra/description
625 Other Netfilter (IPv4) kernel modules
626 Includes:
627 - addrtype
628 - owner
629 - physdev (if bridge support was enabled in kernel)
630 - pkttype
631 - quota
632 endef
633
634 $(eval $(call KernelPackage,ipt-extra))
635
636
637 define KernelPackage/ip6tables
638 SUBMENU:=$(NF_MENU)
639 TITLE:=IPv6 modules
640 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
641 KCONFIG:=$(KCONFIG_IPT_IPV6)
642 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
643 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
644 endef
645
646 define KernelPackage/ip6tables/description
647 Netfilter IPv6 firewalling support
648 endef
649
650 $(eval $(call KernelPackage,ip6tables))
651
652 define KernelPackage/ip6tables-extra
653 SUBMENU:=$(NF_MENU)
654 TITLE:=Extra IPv6 modules
655 DEPENDS:=+kmod-ip6tables
656 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
657 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
658 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
659 endef
660
661 define KernelPackage/ip6tables-extra/description
662 Netfilter IPv6 extra header matching modules
663 endef
664
665 $(eval $(call KernelPackage,ip6tables-extra))
666
667 ARP_MODULES = arp_tables arpt_mangle arptable_filter
668 define KernelPackage/arptables
669 SUBMENU:=$(NF_MENU)
670 TITLE:=ARP firewalling modules
671 DEPENDS:=+kmod-ipt-core
672 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
673 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
674 CONFIG_IP_NF_ARPFILTER \
675 CONFIG_IP_NF_ARP_MANGLE
676 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
677 endef
678
679 define KernelPackage/arptables/description
680 Kernel modules for ARP firewalling
681 endef
682
683 $(eval $(call KernelPackage,arptables))
684
685
686 define KernelPackage/br-netfilter
687 SUBMENU:=$(NF_MENU)
688 TITLE:=Bridge netfilter support modules
689 HIDDEN:=1
690 DEPENDS:=+kmod-ipt-core
691 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
692 KCONFIG:=CONFIG_BRIDGE_NETFILTER
693 AUTOLOAD:=$(call AutoProbe,br_netfilter)
694 endef
695
696 $(eval $(call KernelPackage,br-netfilter))
697
698
699 define KernelPackage/ebtables
700 SUBMENU:=$(NF_MENU)
701 TITLE:=Bridge firewalling modules
702 DEPENDS:=+kmod-ipt-core +kmod-br-netfilter
703 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
704 KCONFIG:=$(KCONFIG_EBTABLES)
705 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
706 endef
707
708 define KernelPackage/ebtables/description
709 ebtables is a general, extensible frame/packet identification
710 framework. It provides you to do Ethernet
711 filtering/NAT/brouting on the Ethernet bridge.
712 endef
713
714 $(eval $(call KernelPackage,ebtables))
715
716
717 define AddDepends/ebtables
718 SUBMENU:=$(NF_MENU)
719 DEPENDS+=kmod-ebtables $(1)
720 endef
721
722
723 define KernelPackage/ebtables-ipv4
724 TITLE:=ebtables: IPv4 support
725 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
726 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
727 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
728 $(call AddDepends/ebtables)
729 endef
730
731 define KernelPackage/ebtables-ipv4/description
732 This option adds the IPv4 support to ebtables, which allows basic
733 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
734 endef
735
736 $(eval $(call KernelPackage,ebtables-ipv4))
737
738
739 define KernelPackage/ebtables-ipv6
740 TITLE:=ebtables: IPv6 support
741 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
742 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
743 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
744 $(call AddDepends/ebtables)
745 endef
746
747 define KernelPackage/ebtables-ipv6/description
748 This option adds the IPv6 support to ebtables, which allows basic
749 IPv6 header field filtering and target support.
750 endef
751
752 $(eval $(call KernelPackage,ebtables-ipv6))
753
754
755 define KernelPackage/ebtables-watchers
756 TITLE:=ebtables: watchers support
757 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
758 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
759 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
760 $(call AddDepends/ebtables)
761 endef
762
763 define KernelPackage/ebtables-watchers/description
764 This option adds the log watchers, that you can use in any rule
765 in any ebtables table.
766 endef
767
768 $(eval $(call KernelPackage,ebtables-watchers))
769
770
771 define KernelPackage/nfnetlink
772 SUBMENU:=$(NF_MENU)
773 TITLE:=Netlink-based userspace interface
774 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
775 KCONFIG:=$(KCONFIG_NFNETLINK)
776 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
777 endef
778
779 define KernelPackage/nfnetlink/description
780 Kernel modules support for a netlink-based userspace interface
781 endef
782
783 $(eval $(call KernelPackage,nfnetlink))
784
785
786 define AddDepends/nfnetlink
787 SUBMENU:=$(NF_MENU)
788 DEPENDS+=+kmod-nfnetlink $(1)
789 endef
790
791
792 define KernelPackage/nfnetlink-log
793 TITLE:=Netfilter LOG over NFNETLINK interface
794 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
795 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
796 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
797 $(call AddDepends/nfnetlink)
798 endef
799
800 define KernelPackage/nfnetlink-log/description
801 Kernel modules support for logging packets via NFNETLINK
802 Includes:
803 - NFLOG
804 endef
805
806 $(eval $(call KernelPackage,nfnetlink-log))
807
808
809 define KernelPackage/nfnetlink-queue
810 TITLE:=Netfilter QUEUE over NFNETLINK interface
811 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
812 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
813 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
814 $(call AddDepends/nfnetlink)
815 endef
816
817 define KernelPackage/nfnetlink-queue/description
818 Kernel modules support for queueing packets via NFNETLINK
819 Includes:
820 - NFQUEUE
821 endef
822
823 $(eval $(call KernelPackage,nfnetlink-queue))
824
825
826 define KernelPackage/nf-conntrack-netlink
827 TITLE:=Connection tracking netlink interface
828 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
829 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
830 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
831 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
832 endef
833
834 define KernelPackage/nf-conntrack-netlink/description
835 Kernel modules support for a netlink-based connection tracking
836 userspace interface
837 endef
838
839 $(eval $(call KernelPackage,nf-conntrack-netlink))
840
841 define KernelPackage/ipt-hashlimit
842 SUBMENU:=$(NF_MENU)
843 TITLE:=Netfilter hashlimit match
844 DEPENDS:=+kmod-ipt-core
845 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
846 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
847 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
848 $(call KernelPackage/ipt)
849 endef
850
851 define KernelPackage/ipt-hashlimit/description
852 Kernel modules support for the hashlimit bucket match module
853 endef
854
855 $(eval $(call KernelPackage,ipt-hashlimit))
856
857 define KernelPackage/ipt-rpfilter
858 SUBMENU:=$(NF_MENU)
859 TITLE:=Netfilter rpfilter match
860 DEPENDS:=+kmod-ipt-core
861 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
862 FILES:=$(realpath \
863 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
864 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
865 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
866 $(call KernelPackage/ipt)
867 endef
868
869 define KernelPackage/ipt-rpfilter/description
870 Kernel modules support for the Netfilter rpfilter match
871 endef
872
873 $(eval $(call KernelPackage,ipt-rpfilter))
874
875
876 define KernelPackage/nft-core
877 SUBMENU:=$(NF_MENU)
878 TITLE:=Netfilter nf_tables support
879 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6
880 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
881 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
882 KCONFIG:= \
883 CONFIG_NETFILTER=y \
884 CONFIG_NETFILTER_ADVANCED=y \
885 CONFIG_NFT_COMPAT=n \
886 CONFIG_NFT_QUEUE=n \
887 CONFIG_NF_TABLES_ARP=n \
888 CONFIG_NF_TABLES_BRIDGE=n \
889 $(KCONFIG_NFT_CORE)
890 endef
891
892 define KernelPackage/nft-core/description
893 Kernel module support for nftables
894 endef
895
896 $(eval $(call KernelPackage,nft-core))
897
898
899 define KernelPackage/nft-nat
900 SUBMENU:=$(NF_MENU)
901 TITLE:=Netfilter nf_tables NAT support
902 DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6
903 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
904 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
905 KCONFIG:=$(KCONFIG_NFT_NAT)
906 endef
907
908 $(eval $(call KernelPackage,nft-nat))
909
910
911 define KernelPackage/nft-nat6
912 SUBMENU:=$(NF_MENU)
913 TITLE:=Netfilter nf_tables IPv6-NAT support
914 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
915 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
916 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
917 KCONFIG:=$(KCONFIG_NFT_NAT6)
918 endef
919
920 $(eval $(call KernelPackage,nft-nat6))
921
OpenWrt Source Repository