X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=package%2Fkernel%2Flinux%2Fmodules%2Fnetfilter.mk;h=ee5be9a655b30f3e96f4c6e675b1c5665a2d06e9;hp=ca3427152f5e00a945ba403f167ff29f1b8594c2;hb=f640ed73f9c550d993c46d3191990f0b17134200;hpb=352c74fcb416b98e2dd44be3881fe5a48be0e71d diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index ca3427152f..ee5be9a655 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -140,6 +140,23 @@ endef $(eval $(call KernelPackage,nf-nat6)) +define KernelPackage/nf-flow + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter flowtable support + KCONFIG:= \ + CONFIG_NETFILTER_INGRESS=y \ + CONFIG_NF_FLOW_TABLE \ + CONFIG_NF_FLOW_TABLE_HW + DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9 + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ + $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko + AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw) +endef + +$(eval $(call KernelPackage,nf-flow)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -187,6 +204,21 @@ endef $(eval $(call KernelPackage,ipt-conntrack-extra)) +define KernelPackage/ipt-conntrack-label + TITLE:=Module for handling connection tracking labels + KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL) + FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m))) + $(call AddDepends/ipt,+kmod-ipt-conntrack) +endef + +define KernelPackage/ipt-conntrack-label/description + Netfilter (IPv4) module for handling connection tracking labels + Includes: + - connlabel +endef + +$(eval $(call KernelPackage,ipt-conntrack-label)) define KernelPackage/ipt-filter TITLE:=Modules for packet content inspection @@ -205,6 +237,17 @@ endef $(eval $(call KernelPackage,ipt-filter)) +define KernelPackage/ipt-offload + TITLE:=Netfilter routing/NAT offload support + KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD + FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m))) + $(call AddDepends/ipt,+kmod-nf-flow) +endef + +$(eval $(call KernelPackage,ipt-offload)) + + define KernelPackage/ipt-ipopt TITLE:=Modules for matching/changing IP packet options KCONFIG:=$(KCONFIG_IPT_IPOPT) @@ -503,7 +546,7 @@ $(eval $(call KernelPackage,ipt-led)) define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables + DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables KCONFIG:= \ CONFIG_NETFILTER_XT_MATCH_SOCKET \ CONFIG_NETFILTER_XT_TARGET_TPROXY @@ -711,7 +754,6 @@ $(eval $(call KernelPackage,arptables)) define KernelPackage/br-netfilter SUBMENU:=$(NF_MENU) TITLE:=Bridge netfilter support modules - HIDDEN:=1 DEPENDS:=+kmod-ipt-core FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko KCONFIG:=CONFIG_BRIDGE_NETFILTER @@ -741,7 +783,7 @@ $(eval $(call KernelPackage,ebtables)) define AddDepends/ebtables SUBMENU:=$(NF_MENU) - DEPENDS+=kmod-ebtables $(1) + DEPENDS+= +kmod-ebtables $(1) endef @@ -955,6 +997,26 @@ endef $(eval $(call KernelPackage,nft-nat)) +define KernelPackage/nft-offload + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables routing/NAT offload support + DEPENDS:=+kmod-nf-flow +kmod-nft-nat + KCONFIG:= \ + CONFIG_NF_FLOW_TABLE_INET \ + CONFIG_NF_FLOW_TABLE_IPV4 \ + CONFIG_NF_FLOW_TABLE_IPV6 \ + CONFIG_NFT_FLOW_OFFLOAD + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \ + $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \ + $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko + AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload) +endef + +$(eval $(call KernelPackage,nft-offload)) + + define KernelPackage/nft-nat6 SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables IPv6-NAT support