X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=package%2Fkernel%2Flinux%2Fmodules%2Fnetfilter.mk;h=3b26ad1fbf3e261d84ae18216c51c87c53579c06;hp=4e4c85f45c41a560fdf4e4cad4fac2c3048b8263;hb=fbeae9d891e7661cfb9f9d5209f9656234466127;hpb=4ebf19b48fafc8d94e14e4ba779969613b241a6a diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 4e4c85f45c..3b26ad1fbf 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -10,15 +10,41 @@ NF_MENU:=Netfilter Extensions NF_KMOD:=1 include $(INCLUDE_DIR)/netfilter.mk -define KernelPackage/ipt-core + +define KernelPackage/nf-ipt SUBMENU:=$(NF_MENU) - TITLE:=Netfilter core + TITLE:=Iptables core KCONFIG:= \ CONFIG_NETFILTER=y \ CONFIG_NETFILTER_ADVANCED=y \ - $(KCONFIG_IPT_CORE) + $(KCONFIG_NF_IPT) + FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m))) +endef + +$(eval $(call KernelPackage,nf-ipt)) + + +define KernelPackage/nf-ipt6 + SUBMENU:=$(NF_MENU) + TITLE:=Ip6tables core + KCONFIG:=$(KCONFIG_NF_IPT6) + FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m))) + DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6 +endef + +$(eval $(call KernelPackage,nf-ipt6)) + + + +define KernelPackage/ipt-core + SUBMENU:=$(NF_MENU) + TITLE:=Iptables core + KCONFIG:=$(KCONFIG_IPT_CORE) FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m))) + DEPENDS:=+kmod-nf-ipt endef define KernelPackage/ipt-core/description @@ -36,9 +62,60 @@ endef $(eval $(call KernelPackage,ipt-core)) +define KernelPackage/nf-conntrack + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter connection tracking + KCONFIG:= \ + CONFIG_NETFILTER=y \ + CONFIG_NETFILTER_ADVANCED=y \ + CONFIG_NF_CONNTRACK_ZONES=y \ + $(KCONFIG_NF_CONNTRACK) + FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m))) +endef + +$(eval $(call KernelPackage,nf-conntrack)) + + +define KernelPackage/nf-conntrack6 + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter IPv6 connection tracking + KCONFIG:=$(KCONFIG_NF_CONNTRACK6) + DEPENDS:=@IPV6 +kmod-nf-conntrack + FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m))) +endef + +$(eval $(call KernelPackage,nf-conntrack6)) + + +define KernelPackage/nf-nat + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter NAT + KCONFIG:=$(KCONFIG_NF_NAT) + DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt + FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m))) +endef + +$(eval $(call KernelPackage,nf-nat)) + + +define KernelPackage/nf-nat6 + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter IPV6-NAT + KCONFIG:=$(KCONFIG_NF_NAT6) + DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat + FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m))) +endef + +$(eval $(call KernelPackage,nf-nat6)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) - DEPENDS+= kmod-ipt-core $(1) + DEPENDS+= +kmod-ipt-core $(1) endef @@ -46,8 +123,8 @@ define KernelPackage/ipt-conntrack TITLE:=Basic connection tracking modules KCONFIG:=$(KCONFIG_IPT_CONNTRACK) FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m))) - $(call AddDepends/ipt) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m))) + $(call AddDepends/ipt,+kmod-nf-conntrack) endef define KernelPackage/ipt-conntrack/description @@ -67,7 +144,7 @@ define KernelPackage/ipt-conntrack-extra TITLE:=Extra connection tracking modules KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA) FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m))) $(call AddDepends/ipt,+kmod-ipt-conntrack) endef @@ -88,14 +165,13 @@ define KernelPackage/ipt-filter TITLE:=Modules for packet content inspection KCONFIG:=$(KCONFIG_IPT_FILTER) FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m))) - $(call AddDepends/ipt,+kmod-lib-textsearch) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m))) + $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack) endef define KernelPackage/ipt-filter/description Netfilter (IPv4) kernel modules for packet content inspection Includes: - - layer7 - string endef @@ -106,7 +182,7 @@ define KernelPackage/ipt-ipopt TITLE:=Modules for matching/changing IP packet options KCONFIG:=$(KCONFIG_IPT_IPOPT) FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m))) $(call AddDepends/ipt) endef @@ -133,7 +209,7 @@ define KernelPackage/ipt-ipsec TITLE:=Modules for matching IPSec packets KCONFIG:=$(KCONFIG_IPT_IPSEC) FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m))) $(call AddDepends/ipt) endef @@ -147,13 +223,61 @@ endef $(eval $(call KernelPackage,ipt-ipsec)) +IPSET_MODULES:= \ + ipset/ip_set \ + ipset/ip_set_bitmap_ip \ + ipset/ip_set_bitmap_ipmac \ + ipset/ip_set_bitmap_port \ + ipset/ip_set_hash_ip \ + ipset/ip_set_hash_ipmark \ + ipset/ip_set_hash_ipport \ + ipset/ip_set_hash_ipportip \ + ipset/ip_set_hash_ipportnet \ + ipset/ip_set_hash_mac \ + ipset/ip_set_hash_netportnet \ + ipset/ip_set_hash_net \ + ipset/ip_set_hash_netnet \ + ipset/ip_set_hash_netport \ + ipset/ip_set_hash_netiface \ + ipset/ip_set_list_set \ + xt_set + +define KernelPackage/ipt-ipset + SUBMENU:=Netfilter Extensions + TITLE:=IPset netfilter modules + DEPENDS+= +kmod-ipt-core +kmod-nfnetlink + KCONFIG:= \ + CONFIG_IP_SET \ + CONFIG_IP_SET_MAX=256 \ + CONFIG_NETFILTER_XT_SET \ + CONFIG_IP_SET_BITMAP_IP \ + CONFIG_IP_SET_BITMAP_IPMAC \ + CONFIG_IP_SET_BITMAP_PORT \ + CONFIG_IP_SET_HASH_IP \ + CONFIG_IP_SET_HASH_IPMARK \ + CONFIG_IP_SET_HASH_IPPORT \ + CONFIG_IP_SET_HASH_IPPORTIP \ + CONFIG_IP_SET_HASH_IPPORTNET \ + CONFIG_IP_SET_HASH_MAC \ + CONFIG_IP_SET_HASH_NET \ + CONFIG_IP_SET_HASH_NETNET \ + CONFIG_IP_SET_HASH_NETIFACE \ + CONFIG_IP_SET_HASH_NETPORT \ + CONFIG_IP_SET_HASH_NETPORTNET \ + CONFIG_IP_SET_LIST_SET \ + CONFIG_NET_EMATCH_IPSET=n + FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) +endef +$(eval $(call KernelPackage,ipt-ipset)) + define KernelPackage/ipt-nat TITLE:=Basic NAT targets KCONFIG:=$(KCONFIG_IPT_NAT) FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m))) - $(call AddDepends/ipt,+kmod-ipt-conntrack) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m))) + $(call AddDepends/ipt,+kmod-nf-nat) endef define KernelPackage/ipt-nat/description @@ -165,11 +289,51 @@ endef $(eval $(call KernelPackage,ipt-nat)) +define KernelPackage/ipt-raw + TITLE:=Netfilter IPv4 raw table support + KCONFIG:=CONFIG_IP_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko + AUTOLOAD:=$(call AutoProbe,iptable_raw) + $(call AddDepends/ipt) +endef + +$(eval $(call KernelPackage,ipt-raw)) + + +define KernelPackage/ipt-raw6 + TITLE:=Netfilter IPv6 raw table support + KCONFIG:=CONFIG_IP6_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko + AUTOLOAD:=$(call AutoProbe,ip6table_raw) + $(call AddDepends/ipt,+kmod-ip6tables) +endef + +$(eval $(call KernelPackage,ipt-raw6)) + + +define KernelPackage/ipt-nat6 + TITLE:=IPv6 NAT targets + KCONFIG:=$(KCONFIG_IPT_NAT6) + FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m))) + $(call AddDepends/ipt,+kmod-nf-nat6) + $(call AddDepends/ipt,+kmod-ipt-conntrack) + $(call AddDepends/ipt,+kmod-ipt-nat) + $(call AddDepends/ipt,+kmod-ip6tables) +endef + +define KernelPackage/ipt-nat6/description + Netfilter (IPv6) kernel modules for NAT targets +endef + +$(eval $(call KernelPackage,ipt-nat6)) + + define KernelPackage/ipt-nat-extra TITLE:=Extra NAT targets KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA) FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m))) $(call AddDepends/ipt,+kmod-ipt-nat) endef @@ -183,72 +347,56 @@ endef $(eval $(call KernelPackage,ipt-nat-extra)) -define KernelPackage/ipt-nathelper +define KernelPackage/nf-nathelper + SUBMENU:=$(NF_MENU) TITLE:=Basic Conntrack and NAT helpers - KCONFIG:=$(KCONFIG_IPT_NATHELPER) - FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m))) - $(call AddDepends/ipt,+kmod-ipt-nat) + KCONFIG:=$(KCONFIG_NF_NATHELPER) + FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m))) + DEPENDS:=+kmod-nf-nat endef -define KernelPackage/ipt-nathelper/description +define KernelPackage/nf-nathelper/description Default Netfilter (IPv4) Conntrack and NAT helpers Includes: - ftp - - irc - - tftp endef -$(eval $(call KernelPackage,ipt-nathelper)) +$(eval $(call KernelPackage,nf-nathelper)) -define KernelPackage/ipt-nathelper-extra +define KernelPackage/nf-nathelper-extra + SUBMENU:=$(NF_MENU) TITLE:=Extra Conntrack and NAT helpers - KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA) - FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m))) - $(call AddDepends/ipt,+kmod-ipt-nat +kmod-lib-textsearch) + KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA) + FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m))) + DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch endef -define KernelPackage/ipt-nathelper-extra/description +define KernelPackage/nf-nathelper-extra/description Extra Netfilter (IPv4) Conntrack and NAT helpers Includes: - amanda - h323 + - irc - mms - pptp - proto_gre - sip - snmp_basic + - tftp - broadcast endef -$(eval $(call KernelPackage,ipt-nathelper-extra)) - - -define KernelPackage/ipt-queue - TITLE:=Module for user-space packet queueing - KCONFIG:=$(KCONFIG_IPT_QUEUE) - DEPENDS:=@!LINUX_3_6 - FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m))) - $(call AddDepends/ipt) -endef - -define KernelPackage/ipt-queue/description - Netfilter (IPv4) module for user-space packet queueing - Includes: - - QUEUE -endef - -$(eval $(call KernelPackage,ipt-queue)) +$(eval $(call KernelPackage,nf-nathelper-extra)) define KernelPackage/ipt-ulog TITLE:=Module for user-space packet logging KCONFIG:=$(KCONFIG_IPT_ULOG) FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m))) $(call AddDepends/ipt) endef @@ -261,13 +409,46 @@ endef $(eval $(call KernelPackage,ipt-ulog)) +define KernelPackage/ipt-nflog + TITLE:=Module for user-space packet logging + KCONFIG:=$(KCONFIG_IPT_NFLOG) + FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m))) + $(call AddDepends/ipt,+kmod-nfnetlink-log) +endef + +define KernelPackage/ipt-nflog/description + Netfilter module for user-space packet logging + Includes: + - NFLOG +endef + +$(eval $(call KernelPackage,ipt-nflog)) + + +define KernelPackage/ipt-nfqueue + TITLE:=Module for user-space packet queuing + KCONFIG:=$(KCONFIG_IPT_NFQUEUE) + FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m))) + $(call AddDepends/ipt,+kmod-nfnetlink-queue) +endef + +define KernelPackage/ipt-nfqueue/description + Netfilter module for user-space packet queuing + Includes: + - NFQUEUE +endef + +$(eval $(call KernelPackage,ipt-nfqueue)) + + define KernelPackage/ipt-debug TITLE:=Module for debugging/development KCONFIG:=$(KCONFIG_IPT_DEBUG) - DEFAULT:=n FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_DEBUG-m))) - $(call AddDepends/ipt) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m))) + $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6) endef define KernelPackage/ipt-debug/description @@ -283,7 +464,7 @@ define KernelPackage/ipt-led TITLE:=Module to trigger a LED with a Netfilter rule KCONFIG:=$(KCONFIG_IPT_LED) FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,61,$(notdir $(IPT_LED-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m))) $(call AddDepends/ipt) endef @@ -295,15 +476,13 @@ $(eval $(call KernelPackage,ipt-led)) define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+IPV6:kmod-ipv6 + DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables KCONFIG:= \ - CONFIG_NETFILTER_TPROXY \ CONFIG_NETFILTER_XT_MATCH_SOCKET \ CONFIG_NETFILTER_XT_TARGET_TPROXY FILES:= \ - $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \ $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,50,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) $(call AddDepends/ipt) endef @@ -315,12 +494,13 @@ $(eval $(call KernelPackage,ipt-tproxy)) define KernelPackage/ipt-tee TITLE:=TEE support + DEPENDS:=+kmod-ipt-conntrack KCONFIG:= \ CONFIG_NETFILTER_XT_TARGET_TEE FILES:= \ $(LINUX_DIR)/net/netfilter/xt_TEE.ko \ $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_TEE-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m))) $(call AddDepends/ipt) endef @@ -338,7 +518,7 @@ define KernelPackage/ipt-u32 FILES:= \ $(LINUX_DIR)/net/netfilter/xt_u32.ko \ $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_U32-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m))) $(call AddDepends/ipt) endef @@ -353,7 +533,7 @@ define KernelPackage/ipt-iprange TITLE:=Module for matching ip ranges KCONFIG:=$(KCONFIG_IPT_IPRANGE) FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m))) $(call AddDepends/ipt) endef @@ -365,13 +545,61 @@ endef $(eval $(call KernelPackage,ipt-iprange)) +define KernelPackage/ipt-cluster + TITLE:=Module for matching cluster + KCONFIG:=$(KCONFIG_IPT_CLUSTER) + FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-cluster/description + Netfilter (IPv4/IPv6) module for matching cluster + This option allows you to build work-load-sharing clusters of + network servers/stateful firewalls without having a dedicated + load-balancing router/server/switch. Basically, this match returns + true when the packet must be handled by this cluster node. Thus, + all nodes see all packets and this match decides which node handles + what packets. The work-load sharing algorithm is based on source + address hashing. + + This module is usable for ipv4 and ipv6. + + To use it also enable iptables-mod-cluster + + see `iptables -m cluster --help` for more information. +endef + +$(eval $(call KernelPackage,ipt-cluster)) + +define KernelPackage/ipt-clusterip + TITLE:=Module for CLUSTERIP + KCONFIG:=$(KCONFIG_IPT_CLUSTERIP) + FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m))) + $(call AddDepends/ipt,+kmod-nf-conntrack) +endef + +define KernelPackage/ipt-clusterip/description + Netfilter (IPv4-only) module for CLUSTERIP + The CLUSTERIP target allows you to build load-balancing clusters of + network servers without having a dedicated load-balancing + router/server/switch. + + To use it also enable iptables-mod-clusterip + + see `iptables -j CLUSTERIP --help` for more information. +endef + +$(eval $(call KernelPackage,ipt-clusterip)) + define KernelPackage/ipt-extra TITLE:=Extra modules KCONFIG:=$(KCONFIG_IPT_EXTRA) FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m))) - $(call AddDepends/ipt) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m))) + $(call AddDepends/ipt,+kmod-br-netfilter) endef define KernelPackage/ipt-extra/description @@ -390,10 +618,10 @@ $(eval $(call KernelPackage,ipt-extra)) define KernelPackage/ip6tables SUBMENU:=$(NF_MENU) TITLE:=IPv6 modules - DEPENDS:=+kmod-ipv6 + DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack KCONFIG:=$(KCONFIG_IPT_IPV6) FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m))) + AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m))) endef define KernelPackage/ip6tables/description @@ -402,15 +630,31 @@ endef $(eval $(call KernelPackage,ip6tables)) +define KernelPackage/ip6tables-extra + SUBMENU:=$(NF_MENU) + TITLE:=Extra IPv6 modules + DEPENDS:=+kmod-ip6tables + KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA) + FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m))) +endef + +define KernelPackage/ip6tables-extra/description + Netfilter IPv6 extra header matching modules +endef + +$(eval $(call KernelPackage,ip6tables-extra)) + ARP_MODULES = arp_tables arpt_mangle arptable_filter define KernelPackage/arptables SUBMENU:=$(NF_MENU) TITLE:=ARP firewalling modules + DEPENDS:=+kmod-ipt-core FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko KCONFIG:=CONFIG_IP_NF_ARPTABLES \ CONFIG_IP_NF_ARPFILTER \ CONFIG_IP_NF_ARP_MANGLE - AUTOLOAD:=$(call AutoLoad,49,$(ARP_MODULES)) + AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES)) endef define KernelPackage/arptables/description @@ -420,13 +664,26 @@ endef $(eval $(call KernelPackage,arptables)) +define KernelPackage/br-netfilter + SUBMENU:=$(NF_MENU) + TITLE:=Bridge netfilter support modules + HIDDEN:=1 + DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER + AUTOLOAD:=$(call AutoProbe,br_netfilter) +endef + +$(eval $(call KernelPackage,br-netfilter)) + + define KernelPackage/ebtables SUBMENU:=$(NF_MENU) TITLE:=Bridge firewalling modules + DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) - KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \ - $(KCONFIG_EBTABLES) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m))) + KCONFIG:=$(KCONFIG_EBTABLES) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) endef define KernelPackage/ebtables/description @@ -448,7 +705,7 @@ define KernelPackage/ebtables-ipv4 TITLE:=ebtables: IPv4 support FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko) KCONFIG:=$(KCONFIG_EBTABLES_IP4) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m))) $(call AddDepends/ebtables) endef @@ -464,7 +721,7 @@ define KernelPackage/ebtables-ipv6 TITLE:=ebtables: IPv6 support FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko) KCONFIG:=$(KCONFIG_EBTABLES_IP6) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m))) $(call AddDepends/ebtables) endef @@ -480,7 +737,7 @@ define KernelPackage/ebtables-watchers TITLE:=ebtables: watchers support FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko) KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m))) $(call AddDepends/ebtables) endef @@ -495,10 +752,9 @@ $(eval $(call KernelPackage,ebtables-watchers)) define KernelPackage/nfnetlink SUBMENU:=$(NF_MENU) TITLE:=Netlink-based userspace interface - DEPENDS:=+kmod-ipt-core - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK - AUTOLOAD:=$(call AutoLoad,48,nfnetlink) + FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m))) endef define KernelPackage/nfnetlink/description @@ -516,14 +772,16 @@ endef define KernelPackage/nfnetlink-log TITLE:=Netfilter LOG over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG - AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log) + FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_LOG) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-log/description Kernel modules support for logging packets via NFNETLINK + Includes: + - NFLOG endef $(eval $(call KernelPackage,nfnetlink-log)) @@ -531,14 +789,16 @@ $(eval $(call KernelPackage,nfnetlink-log)) define KernelPackage/nfnetlink-queue TITLE:=Netfilter QUEUE over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE - AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue) + FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-queue/description Kernel modules support for queueing packets via NFNETLINK + Includes: + - NFQUEUE endef $(eval $(call KernelPackage,nfnetlink-queue)) @@ -547,8 +807,8 @@ $(eval $(call KernelPackage,nfnetlink-queue)) define KernelPackage/nf-conntrack-netlink TITLE:=Connection tracking netlink interface FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko - KCONFIG:=CONFIG_NF_CT_NETLINK - AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink) + KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y + AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink) $(call AddDepends/nfnetlink,+kmod-ipt-conntrack) endef @@ -562,9 +822,10 @@ $(eval $(call KernelPackage,nf-conntrack-netlink)) define KernelPackage/ipt-hashlimit SUBMENU:=$(NF_MENU) TITLE:=Netfilter hashlimit match + DEPENDS:=+kmod-ipt-core KCONFIG:=$(KCONFIG_IPT_HASHLIMIT) FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko - AUTOLOAD:=$(call AutoLoad,50,xt_hashlimit) + AUTOLOAD:=$(call AutoProbe,xt_hashlimit) $(call KernelPackage/ipt) endef @@ -573,3 +834,69 @@ define KernelPackage/ipt-hashlimit/description endef $(eval $(call KernelPackage,ipt-hashlimit)) + +define KernelPackage/ipt-rpfilter + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter rpfilter match + DEPENDS:=+kmod-ipt-core + KCONFIG:=$(KCONFIG_IPT_RPFILTER) + FILES:=$(realpath \ + $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko) + AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter) + $(call KernelPackage/ipt) +endef + +define KernelPackage/ipt-rpfilter/description + Kernel modules support for the Netfilter rpfilter match +endef + +$(eval $(call KernelPackage,ipt-rpfilter)) + + +define KernelPackage/nft-core + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables support + DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6 + FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m))) + KCONFIG:= \ + CONFIG_NETFILTER=y \ + CONFIG_NETFILTER_ADVANCED=y \ + CONFIG_NFT_COMPAT=n \ + CONFIG_NFT_QUEUE=n \ + CONFIG_NF_TABLES_ARP=n \ + CONFIG_NF_TABLES_BRIDGE=n \ + $(KCONFIG_NFT_CORE) +endef + +define KernelPackage/nft-core/description + Kernel module support for nftables +endef + +$(eval $(call KernelPackage,nft-core)) + + +define KernelPackage/nft-nat + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables NAT support + DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6 + FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m))) + KCONFIG:=$(KCONFIG_NFT_NAT) +endef + +$(eval $(call KernelPackage,nft-nat)) + + +define KernelPackage/nft-nat6 + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables IPv6-NAT support + DEPENDS:=+kmod-nft-core +kmod-nf-nat6 + FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) + KCONFIG:=$(KCONFIG_NFT_NAT6) +endef + +$(eval $(call KernelPackage,nft-nat6)) +