projects / openwrt / staging / ansuel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: clean-up after kernel 5.4 removal
[openwrt/staging/ansuel.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-log
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter Logging
127 KCONFIG:=$(KCONFIG_NF_LOG)
128 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-log))
133
134
135 define KernelPackage/nf-log6
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter IPV6 Logging
138 KCONFIG:=$(KCONFIG_NF_LOG6)
139 DEPENDS:=@IPV6 +kmod-nf-log
140 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
141 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
142 endef
143
144 $(eval $(call KernelPackage,nf-log6))
145
146
147 define KernelPackage/nf-nat
148 SUBMENU:=$(NF_MENU)
149 TITLE:=Netfilter NAT
150 KCONFIG:=$(KCONFIG_NF_NAT)
151 DEPENDS:=+kmod-nf-conntrack
152 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
154 endef
155
156 $(eval $(call KernelPackage,nf-nat))
157
158
159 define KernelPackage/nf-nat6
160 SUBMENU:=$(NF_MENU)
161 TITLE:=Netfilter IPV6-NAT
162 KCONFIG:=$(KCONFIG_NF_NAT6)
163 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
164 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
166 endef
167
168 $(eval $(call KernelPackage,nf-nat6))
169
170
171 define KernelPackage/nf-flow
172 SUBMENU:=$(NF_MENU)
173 TITLE:=Netfilter flowtable support
174 KCONFIG:= \
175 CONFIG_NETFILTER_INGRESS=y \
176 CONFIG_NF_FLOW_TABLE \
177 CONFIG_NF_FLOW_TABLE_HW
178 DEPENDS:=+kmod-nf-conntrack
179 FILES:= $(LINUX_DIR)/net/netfilter/nf_flow_table.ko
180 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
181 endef
182
183 $(eval $(call KernelPackage,nf-flow))
184
185
186 define KernelPackage/nf-socket
187 SUBMENU:=$(NF_MENU)
188 TITLE:=Netfilter socket lookup support
189 KCONFIG:= $(KCOFNIG_NF_SOCKET)
190 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
191 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
192 endef
193
194 $(eval $(call KernelPackage,nf-socket))
195
196
197 define KernelPackage/nf-tproxy
198 SUBMENU:=$(NF_MENU)
199 TITLE:=Netfilter tproxy support
200 KCONFIG:= $(KCOFNIG_NF_TPROXY)
201 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
202 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
203 endef
204
205 $(eval $(call KernelPackage,nf-tproxy))
206
207
208 define AddDepends/ipt
209 SUBMENU:=$(NF_MENU)
210 DEPENDS+= +kmod-ipt-core $(1)
211 endef
212
213
214 define KernelPackage/ipt-conntrack
215 TITLE:=Basic connection tracking modules
216 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
217 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
218 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
219 $(call AddDepends/ipt,+kmod-nf-conntrack)
220 endef
221
222 define KernelPackage/ipt-conntrack/description
223 Netfilter (IPv4) kernel modules for connection tracking
224 Includes:
225 - conntrack
226 - defrag
227 - iptables_raw
228 - NOTRACK
229 - state
230 endef
231
232 $(eval $(call KernelPackage,ipt-conntrack))
233
234
235 define KernelPackage/ipt-conntrack-extra
236 TITLE:=Extra connection tracking modules
237 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
238 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
239 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
240 $(call AddDepends/ipt,+kmod-ipt-conntrack)
241 endef
242
243 define KernelPackage/ipt-conntrack-extra/description
244 Netfilter (IPv4) extra kernel modules for connection tracking
245 Includes:
246 - connbytes
247 - connmark/CONNMARK
248 - conntrack
249 - helper
250 - recent
251 endef
252
253 $(eval $(call KernelPackage,ipt-conntrack-extra))
254
255 define KernelPackage/ipt-conntrack-label
256 TITLE:=Module for handling connection tracking labels
257 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
258 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
259 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
260 $(call AddDepends/ipt,+kmod-ipt-conntrack)
261 endef
262
263 define KernelPackage/ipt-conntrack-label/description
264 Netfilter (IPv4) module for handling connection tracking labels
265 Includes:
266 - connlabel
267 endef
268
269 $(eval $(call KernelPackage,ipt-conntrack-label))
270
271 define KernelPackage/ipt-filter
272 TITLE:=Modules for packet content inspection
273 KCONFIG:=$(KCONFIG_IPT_FILTER)
274 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
275 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
276 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
277 endef
278
279 define KernelPackage/ipt-filter/description
280 Netfilter (IPv4) kernel modules for packet content inspection
281 Includes:
282 - string
283 - bpf
284 endef
285
286 $(eval $(call KernelPackage,ipt-filter))
287
288
289 define KernelPackage/ipt-offload
290 TITLE:=Netfilter routing/NAT offload support
291 KCONFIG:=$(KCONFIG_IPT_FLOW)
292 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
293 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
294 $(call AddDepends/ipt,+kmod-nf-flow)
295 endef
296
297 $(eval $(call KernelPackage,ipt-offload))
298
299
300 define KernelPackage/ipt-ipopt
301 TITLE:=Modules for matching/changing IP packet options
302 KCONFIG:=$(KCONFIG_IPT_IPOPT)
303 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
304 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
305 $(call AddDepends/ipt)
306 endef
307
308 define KernelPackage/ipt-ipopt/description
309 Netfilter (IPv4) modules for matching/changing IP packet options
310 Includes:
311 - CLASSIFY
312 - dscp/DSCP
313 - ecn/ECN
314 - hl/HL
315 - length
316 - mark/MARK
317 - statistic
318 - tcpmss
319 - time
320 - ttl/TTL
321 - unclean
322 endef
323
324 $(eval $(call KernelPackage,ipt-ipopt))
325
326
327 define KernelPackage/ipt-ipsec
328 TITLE:=Modules for matching IPSec packets
329 KCONFIG:=$(KCONFIG_IPT_IPSEC)
330 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
331 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
332 $(call AddDepends/ipt)
333 endef
334
335 define KernelPackage/ipt-ipsec/description
336 Netfilter (IPv4) modules for matching IPSec packets
337 Includes:
338 - ah
339 - esp
340 - policy
341 endef
342
343 $(eval $(call KernelPackage,ipt-ipsec))
344
345 IPSET_MODULES:= \
346 ipset/ip_set \
347 ipset/ip_set_bitmap_ip \
348 ipset/ip_set_bitmap_ipmac \
349 ipset/ip_set_bitmap_port \
350 ipset/ip_set_hash_ip \
351 ipset/ip_set_hash_ipmark \
352 ipset/ip_set_hash_ipport \
353 ipset/ip_set_hash_ipportip \
354 ipset/ip_set_hash_ipportnet \
355 ipset/ip_set_hash_mac \
356 ipset/ip_set_hash_netportnet \
357 ipset/ip_set_hash_net \
358 ipset/ip_set_hash_netnet \
359 ipset/ip_set_hash_netport \
360 ipset/ip_set_hash_netiface \
361 ipset/ip_set_list_set \
362 xt_set
363
364 define KernelPackage/ipt-ipset
365 SUBMENU:=Netfilter Extensions
366 TITLE:=IPset netfilter modules
367 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
368 KCONFIG:= \
369 CONFIG_IP_SET \
370 CONFIG_IP_SET_MAX=256 \
371 CONFIG_NETFILTER_XT_SET \
372 CONFIG_IP_SET_BITMAP_IP \
373 CONFIG_IP_SET_BITMAP_IPMAC \
374 CONFIG_IP_SET_BITMAP_PORT \
375 CONFIG_IP_SET_HASH_IP \
376 CONFIG_IP_SET_HASH_IPMAC \
377 CONFIG_IP_SET_HASH_IPMARK \
378 CONFIG_IP_SET_HASH_IPPORT \
379 CONFIG_IP_SET_HASH_IPPORTIP \
380 CONFIG_IP_SET_HASH_IPPORTNET \
381 CONFIG_IP_SET_HASH_MAC \
382 CONFIG_IP_SET_HASH_NET \
383 CONFIG_IP_SET_HASH_NETNET \
384 CONFIG_IP_SET_HASH_NETIFACE \
385 CONFIG_IP_SET_HASH_NETPORT \
386 CONFIG_IP_SET_HASH_NETPORTNET \
387 CONFIG_IP_SET_LIST_SET \
388 CONFIG_NET_EMATCH_IPSET=n
389 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
390 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
391 endef
392 $(eval $(call KernelPackage,ipt-ipset))
393
394
395 IPVS_MODULES:= \
396 ipvs/ip_vs \
397 ipvs/ip_vs_lc \
398 ipvs/ip_vs_wlc \
399 ipvs/ip_vs_rr \
400 ipvs/ip_vs_wrr \
401 ipvs/ip_vs_lblc \
402 ipvs/ip_vs_lblcr \
403 ipvs/ip_vs_dh \
404 ipvs/ip_vs_sh \
405 ipvs/ip_vs_fo \
406 ipvs/ip_vs_ovf \
407 ipvs/ip_vs_nq \
408 ipvs/ip_vs_sed \
409 xt_ipvs
410
411 define KernelPackage/nf-ipvs
412 SUBMENU:=Netfilter Extensions
413 TITLE:=IP Virtual Server modules
414 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
415 KCONFIG:= \
416 CONFIG_IP_VS \
417 CONFIG_IP_VS_IPV6=y \
418 CONFIG_IP_VS_DEBUG=n \
419 CONFIG_IP_VS_PROTO_TCP=y \
420 CONFIG_IP_VS_PROTO_UDP=y \
421 CONFIG_IP_VS_PROTO_AH_ESP=y \
422 CONFIG_IP_VS_PROTO_ESP=y \
423 CONFIG_IP_VS_PROTO_AH=y \
424 CONFIG_IP_VS_PROTO_SCTP=y \
425 CONFIG_IP_VS_TAB_BITS=12 \
426 CONFIG_IP_VS_RR \
427 CONFIG_IP_VS_WRR \
428 CONFIG_IP_VS_LC \
429 CONFIG_IP_VS_WLC \
430 CONFIG_IP_VS_FO \
431 CONFIG_IP_VS_OVF \
432 CONFIG_IP_VS_LBLC \
433 CONFIG_IP_VS_LBLCR \
434 CONFIG_IP_VS_DH \
435 CONFIG_IP_VS_SH \
436 CONFIG_IP_VS_SED \
437 CONFIG_IP_VS_NQ \
438 CONFIG_IP_VS_SH_TAB_BITS=8 \
439 CONFIG_IP_VS_NFCT=y \
440 CONFIG_NETFILTER_XT_MATCH_IPVS
441 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
442 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
443 endef
444
445 define KernelPackage/nf-ipvs/description
446 IPVS (IP Virtual Server) implements transport-layer load balancing inside
447 the Linux kernel so called Layer-4 switching.
448 endef
449
450 $(eval $(call KernelPackage,nf-ipvs))
451
452
453 define KernelPackage/nf-ipvs-ftp
454 SUBMENU:=$(NF_MENU)
455 TITLE:=Virtual Server FTP protocol support
456 KCONFIG:=CONFIG_IP_VS_FTP
457 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
458 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
459 endef
460
461 define KernelPackage/nf-ipvs-ftp/description
462 In the virtual server via Network Address Translation,
463 the IP address and port number of real servers cannot be sent to
464 clients in ftp connections directly, so FTP protocol helper is
465 required for tracking the connection and mangling it back to that of
466 virtual service.
467 endef
468
469 $(eval $(call KernelPackage,nf-ipvs-ftp))
470
471
472 define KernelPackage/nf-ipvs-sip
473 SUBMENU:=$(NF_MENU)
474 TITLE:=Virtual Server SIP protocol support
475 KCONFIG:=CONFIG_IP_VS_PE_SIP
476 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
477 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
478 endef
479
480 define KernelPackage/nf-ipvs-sip/description
481 Allow persistence based on the SIP Call-ID
482 endef
483
484 $(eval $(call KernelPackage,nf-ipvs-sip))
485
486
487 define KernelPackage/ipt-nat
488 TITLE:=Basic NAT targets
489 KCONFIG:=$(KCONFIG_IPT_NAT)
490 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
491 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
492 $(call AddDepends/ipt,+kmod-nf-nat)
493 endef
494
495 define KernelPackage/ipt-nat/description
496 Netfilter (IPv4) kernel modules for basic NAT targets
497 Includes:
498 - MASQUERADE
499 endef
500
501 $(eval $(call KernelPackage,ipt-nat))
502
503
504 define KernelPackage/ipt-raw
505 TITLE:=Netfilter IPv4 raw table support
506 KCONFIG:=CONFIG_IP_NF_RAW
507 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
508 AUTOLOAD:=$(call AutoProbe,iptable_raw)
509 $(call AddDepends/ipt)
510 endef
511
512 $(eval $(call KernelPackage,ipt-raw))
513
514
515 define KernelPackage/ipt-raw6
516 TITLE:=Netfilter IPv6 raw table support
517 DEPENDS:=@IPV6
518 KCONFIG:=CONFIG_IP6_NF_RAW
519 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
520 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
521 $(call AddDepends/ipt,+kmod-ip6tables)
522 endef
523
524 $(eval $(call KernelPackage,ipt-raw6))
525
526
527 define KernelPackage/ipt-nat6
528 TITLE:=IPv6 NAT targets
529 DEPENDS:=@IPV6
530 KCONFIG:=$(KCONFIG_IPT_NAT6)
531 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
532 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
533 $(call AddDepends/ipt,+kmod-nf-nat6)
534 $(call AddDepends/ipt,+kmod-ipt-conntrack)
535 $(call AddDepends/ipt,+kmod-ipt-nat)
536 $(call AddDepends/ipt,+kmod-ip6tables)
537 endef
538
539 define KernelPackage/ipt-nat6/description
540 Netfilter (IPv6) kernel modules for NAT targets
541 endef
542
543 $(eval $(call KernelPackage,ipt-nat6))
544
545
546 define KernelPackage/ipt-nat-extra
547 TITLE:=Extra NAT targets
548 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
549 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
550 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
551 $(call AddDepends/ipt,+kmod-ipt-nat)
552 endef
553
554 define KernelPackage/ipt-nat-extra/description
555 Netfilter (IPv4) kernel modules for extra NAT targets
556 Includes:
557 - NETMAP
558 - REDIRECT
559 endef
560
561 $(eval $(call KernelPackage,ipt-nat-extra))
562
563
564 define KernelPackage/nf-nathelper
565 SUBMENU:=$(NF_MENU)
566 TITLE:=Basic Conntrack and NAT helpers
567 KCONFIG:=$(KCONFIG_NF_NATHELPER)
568 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
569 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
570 DEPENDS:=+kmod-nf-nat
571 endef
572
573 define KernelPackage/nf-nathelper/description
574 Default Netfilter (IPv4) Conntrack and NAT helpers
575 Includes:
576 - ftp
577 endef
578
579 $(eval $(call KernelPackage,nf-nathelper))
580
581
582 define KernelPackage/nf-nathelper-extra
583 SUBMENU:=$(NF_MENU)
584 TITLE:=Extra Conntrack and NAT helpers
585 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
586 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
587 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
588 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
589 endef
590
591 define KernelPackage/nf-nathelper-extra/description
592 Extra Netfilter (IPv4) Conntrack and NAT helpers
593 Includes:
594 - amanda
595 - h323
596 - irc
597 - mms
598 - pptp
599 - proto_gre
600 - sip
601 - snmp_basic
602 - tftp
603 - broadcast
604 endef
605
606 $(eval $(call KernelPackage,nf-nathelper-extra))
607
608
609 define KernelPackage/ipt-ulog
610 TITLE:=Module for user-space packet logging
611 KCONFIG:=$(KCONFIG_IPT_ULOG)
612 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
613 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
614 $(call AddDepends/ipt)
615 endef
616
617 define KernelPackage/ipt-ulog/description
618 Netfilter (IPv4) module for user-space packet logging
619 Includes:
620 - ULOG
621 endef
622
623 $(eval $(call KernelPackage,ipt-ulog))
624
625
626 define KernelPackage/ipt-nflog
627 TITLE:=Module for user-space packet logging
628 KCONFIG:=$(KCONFIG_IPT_NFLOG)
629 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
630 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
631 $(call AddDepends/ipt,+kmod-nfnetlink-log)
632 endef
633
634 define KernelPackage/ipt-nflog/description
635 Netfilter module for user-space packet logging
636 Includes:
637 - NFLOG
638 endef
639
640 $(eval $(call KernelPackage,ipt-nflog))
641
642
643 define KernelPackage/ipt-nfqueue
644 TITLE:=Module for user-space packet queuing
645 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
646 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
647 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
648 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
649 endef
650
651 define KernelPackage/ipt-nfqueue/description
652 Netfilter module for user-space packet queuing
653 Includes:
654 - NFQUEUE
655 endef
656
657 $(eval $(call KernelPackage,ipt-nfqueue))
658
659
660 define KernelPackage/ipt-debug
661 TITLE:=Module for debugging/development
662 KCONFIG:=$(KCONFIG_IPT_DEBUG)
663 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
664 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
665 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
666 endef
667
668 define KernelPackage/ipt-debug/description
669 Netfilter modules for debugging/development of the firewall
670 Includes:
671 - TRACE
672 endef
673
674 $(eval $(call KernelPackage,ipt-debug))
675
676
677 define KernelPackage/ipt-led
678 TITLE:=Module to trigger a LED with a Netfilter rule
679 KCONFIG:=$(KCONFIG_IPT_LED)
680 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
681 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
682 $(call AddDepends/ipt)
683 endef
684
685 define KernelPackage/ipt-led/description
686 Netfilter target to trigger a LED when a network packet is matched.
687 endef
688
689 $(eval $(call KernelPackage,ipt-led))
690
691 define KernelPackage/ipt-socket
692 TITLE:=Iptables socket matching support
693 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
694 KCONFIG:=$(KCONFIG_IPT_SOCKET)
695 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
696 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
697 $(call AddDepends/ipt)
698 endef
699
700 define KernelPackage/ipt-socket/description
701 Kernel modules for socket matching
702 endef
703
704 $(eval $(call KernelPackage,ipt-socket))
705
706 define KernelPackage/ipt-tproxy
707 TITLE:=Transparent proxying support
708 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
709 KCONFIG:=$(KCONFIG_IPT_TPROXY)
710 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
711 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
712 $(call AddDepends/ipt)
713 endef
714
715 define KernelPackage/ipt-tproxy/description
716 Kernel modules for Transparent Proxying
717 endef
718
719 $(eval $(call KernelPackage,ipt-tproxy))
720
721 define KernelPackage/ipt-tee
722 TITLE:=TEE support
723 DEPENDS:=+kmod-ipt-conntrack
724 KCONFIG:=$(KCONFIG_IPT_TEE)
725 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
726 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
727 $(call AddDepends/ipt)
728 endef
729
730 define KernelPackage/ipt-tee/description
731 Kernel modules for TEE
732 endef
733
734 $(eval $(call KernelPackage,ipt-tee))
735
736
737 define KernelPackage/ipt-u32
738 TITLE:=U32 support
739 KCONFIG:=$(KCONFIG_IPT_U32)
740 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
741 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
742 $(call AddDepends/ipt)
743 endef
744
745 define KernelPackage/ipt-u32/description
746 Kernel modules for U32
747 endef
748
749 $(eval $(call KernelPackage,ipt-u32))
750
751 define KernelPackage/ipt-checksum
752 TITLE:=CHECKSUM support
753 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
754 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
755 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
756 $(call AddDepends/ipt)
757 endef
758
759 define KernelPackage/ipt-checksum/description
760 Kernel modules for CHECKSUM fillin target
761 endef
762
763 $(eval $(call KernelPackage,ipt-checksum))
764
765
766 define KernelPackage/ipt-iprange
767 TITLE:=Module for matching ip ranges
768 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
769 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
770 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
771 $(call AddDepends/ipt)
772 endef
773
774 define KernelPackage/ipt-iprange/description
775 Netfilter (IPv4) module for matching ip ranges
776 Includes:
777 - iprange
778 endef
779
780 $(eval $(call KernelPackage,ipt-iprange))
781
782 define KernelPackage/ipt-cluster
783 TITLE:=Module for matching cluster
784 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
785 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
786 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
787 $(call AddDepends/ipt,+kmod-nf-conntrack)
788 endef
789
790 define KernelPackage/ipt-cluster/description
791 Netfilter (IPv4/IPv6) module for matching cluster
792 This option allows you to build work-load-sharing clusters of
793 network servers/stateful firewalls without having a dedicated
794 load-balancing router/server/switch. Basically, this match returns
795 true when the packet must be handled by this cluster node. Thus,
796 all nodes see all packets and this match decides which node handles
797 what packets. The work-load sharing algorithm is based on source
798 address hashing.
799
800 This module is usable for ipv4 and ipv6.
801
802 To use it also enable iptables-mod-cluster
803
804 see `iptables -m cluster --help` for more information.
805 endef
806
807 $(eval $(call KernelPackage,ipt-cluster))
808
809 define KernelPackage/ipt-clusterip
810 TITLE:=Module for CLUSTERIP
811 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
812 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
813 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
814 $(call AddDepends/ipt,+kmod-nf-conntrack)
815 endef
816
817 define KernelPackage/ipt-clusterip/description
818 Netfilter (IPv4-only) module for CLUSTERIP
819 The CLUSTERIP target allows you to build load-balancing clusters of
820 network servers without having a dedicated load-balancing
821 router/server/switch.
822
823 To use it also enable iptables-mod-clusterip
824
825 see `iptables -j CLUSTERIP --help` for more information.
826 endef
827
828 $(eval $(call KernelPackage,ipt-clusterip))
829
830
831 define KernelPackage/ipt-extra
832 TITLE:=Extra modules
833 KCONFIG:=$(KCONFIG_IPT_EXTRA)
834 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
835 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
836 $(call AddDepends/ipt)
837 endef
838
839 define KernelPackage/ipt-extra/description
840 Other Netfilter (IPv4) kernel modules
841 Includes:
842 - addrtype
843 - owner
844 - pkttype
845 - quota
846 endef
847
848 $(eval $(call KernelPackage,ipt-extra))
849
850
851 define KernelPackage/ipt-physdev
852 TITLE:=physdev module
853 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
854 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
855 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
856 $(call AddDepends/ipt,+kmod-br-netfilter)
857 endef
858
859 define KernelPackage/ipt-physdev/description
860 The iptables physdev kernel module
861 endef
862
863 $(eval $(call KernelPackage,ipt-physdev))
864
865
866 define KernelPackage/ip6tables
867 SUBMENU:=$(NF_MENU)
868 TITLE:=IPv6 modules
869 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
870 KCONFIG:=$(KCONFIG_IPT_IPV6)
871 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
872 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
873 endef
874
875 define KernelPackage/ip6tables/description
876 Netfilter IPv6 firewalling support
877 endef
878
879 $(eval $(call KernelPackage,ip6tables))
880
881 define KernelPackage/ip6tables-extra
882 SUBMENU:=$(NF_MENU)
883 TITLE:=Extra IPv6 modules
884 DEPENDS:=@IPV6 +kmod-ip6tables
885 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
886 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
887 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
888 endef
889
890 define KernelPackage/ip6tables-extra/description
891 Netfilter IPv6 extra header matching modules
892 endef
893
894 $(eval $(call KernelPackage,ip6tables-extra))
895
896 ARP_MODULES = arp_tables arpt_mangle arptable_filter
897 define KernelPackage/arptables
898 SUBMENU:=$(NF_MENU)
899 TITLE:=ARP firewalling modules
900 DEPENDS:=+kmod-ipt-core
901 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
902 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
903 CONFIG_IP_NF_ARPFILTER \
904 CONFIG_IP_NF_ARP_MANGLE
905 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
906 endef
907
908 define KernelPackage/arptables/description
909 Kernel modules for ARP firewalling
910 endef
911
912 $(eval $(call KernelPackage,arptables))
913
914
915 define KernelPackage/br-netfilter
916 SUBMENU:=$(NF_MENU)
917 TITLE:=Bridge netfilter support modules
918 DEPENDS:=+kmod-ipt-core
919 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
920 KCONFIG:=CONFIG_BRIDGE_NETFILTER
921 AUTOLOAD:=$(call AutoProbe,br_netfilter)
922 endef
923
924 define KernelPackage/br-netfilter/install
925 $(INSTALL_DIR) $(1)/etc/sysctl.d
926 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
927 endef
928
929 $(eval $(call KernelPackage,br-netfilter))
930
931
932 define KernelPackage/ebtables
933 SUBMENU:=$(NF_MENU)
934 TITLE:=Bridge firewalling modules
935 DEPENDS:=+kmod-ipt-core
936 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
937 KCONFIG:=$(KCONFIG_EBTABLES)
938 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
939 endef
940
941 define KernelPackage/ebtables/description
942 ebtables is a general, extensible frame/packet identification
943 framework. It provides you to do Ethernet
944 filtering/NAT/brouting on the Ethernet bridge.
945 endef
946
947 $(eval $(call KernelPackage,ebtables))
948
949
950 define AddDepends/ebtables
951 SUBMENU:=$(NF_MENU)
952 DEPENDS+= +kmod-ebtables $(1)
953 endef
954
955
956 define KernelPackage/ebtables-ipv4
957 TITLE:=ebtables: IPv4 support
958 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
959 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
960 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
961 $(call AddDepends/ebtables)
962 endef
963
964 define KernelPackage/ebtables-ipv4/description
965 This option adds the IPv4 support to ebtables, which allows basic
966 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
967 endef
968
969 $(eval $(call KernelPackage,ebtables-ipv4))
970
971
972 define KernelPackage/ebtables-ipv6
973 TITLE:=ebtables: IPv6 support
974 DEPENDS:=@IPV6
975 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
976 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
977 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
978 $(call AddDepends/ebtables)
979 endef
980
981 define KernelPackage/ebtables-ipv6/description
982 This option adds the IPv6 support to ebtables, which allows basic
983 IPv6 header field filtering and target support.
984 endef
985
986 $(eval $(call KernelPackage,ebtables-ipv6))
987
988
989 define KernelPackage/ebtables-watchers
990 TITLE:=ebtables: watchers support
991 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
992 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
993 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
994 $(call AddDepends/ebtables)
995 endef
996
997 define KernelPackage/ebtables-watchers/description
998 This option adds the log watchers, that you can use in any rule
999 in any ebtables table.
1000 endef
1001
1002 $(eval $(call KernelPackage,ebtables-watchers))
1003
1004
1005 define KernelPackage/nfnetlink
1006 SUBMENU:=$(NF_MENU)
1007 TITLE:=Netlink-based userspace interface
1008 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
1009 KCONFIG:=$(KCONFIG_NFNETLINK)
1010 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
1011 endef
1012
1013 define KernelPackage/nfnetlink/description
1014 Kernel modules support for a netlink-based userspace interface
1015 endef
1016
1017 $(eval $(call KernelPackage,nfnetlink))
1018
1019
1020 define AddDepends/nfnetlink
1021 SUBMENU:=$(NF_MENU)
1022 DEPENDS+=+kmod-nfnetlink $(1)
1023 endef
1024
1025
1026 define KernelPackage/nfnetlink-log
1027 TITLE:=Netfilter LOG over NFNETLINK interface
1028 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1029 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1030 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1031 $(call AddDepends/nfnetlink)
1032 endef
1033
1034 define KernelPackage/nfnetlink-log/description
1035 Kernel modules support for logging packets via NFNETLINK
1036 Includes:
1037 - NFLOG
1038 endef
1039
1040 $(eval $(call KernelPackage,nfnetlink-log))
1041
1042
1043 define KernelPackage/nfnetlink-queue
1044 TITLE:=Netfilter QUEUE over NFNETLINK interface
1045 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1046 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1047 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1048 $(call AddDepends/nfnetlink)
1049 endef
1050
1051 define KernelPackage/nfnetlink-queue/description
1052 Kernel modules support for queueing packets via NFNETLINK
1053 Includes:
1054 - NFQUEUE
1055 endef
1056
1057 $(eval $(call KernelPackage,nfnetlink-queue))
1058
1059
1060 define KernelPackage/nf-conntrack-netlink
1061 TITLE:=Connection tracking netlink interface
1062 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1063 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1064 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1065 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1066 endef
1067
1068 define KernelPackage/nf-conntrack-netlink/description
1069 Kernel modules support for a netlink-based connection tracking
1070 userspace interface
1071 endef
1072
1073 $(eval $(call KernelPackage,nf-conntrack-netlink))
1074
1075 define KernelPackage/ipt-hashlimit
1076 SUBMENU:=$(NF_MENU)
1077 TITLE:=Netfilter hashlimit match
1078 DEPENDS:=+kmod-ipt-core
1079 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1080 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1081 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1082 $(call KernelPackage/ipt)
1083 endef
1084
1085 define KernelPackage/ipt-hashlimit/description
1086 Kernel modules support for the hashlimit bucket match module
1087 endef
1088
1089 $(eval $(call KernelPackage,ipt-hashlimit))
1090
1091 define KernelPackage/ipt-rpfilter
1092 SUBMENU:=$(NF_MENU)
1093 TITLE:=Netfilter rpfilter match
1094 DEPENDS:=+kmod-ipt-core
1095 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1096 FILES:=$(realpath \
1097 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1098 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1099 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1100 $(call KernelPackage/ipt)
1101 endef
1102
1103 define KernelPackage/ipt-rpfilter/description
1104 Kernel modules support for the Netfilter rpfilter match
1105 endef
1106
1107 $(eval $(call KernelPackage,ipt-rpfilter))
1108
1109
1110 define KernelPackage/nft-core
1111 SUBMENU:=$(NF_MENU)
1112 TITLE:=Netfilter nf_tables support
1113 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1114 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1115 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1116 KCONFIG:= \
1117 CONFIG_NFT_COMPAT=n \
1118 CONFIG_NFT_QUEUE=n \
1119 $(KCONFIG_NFT_CORE)
1120 endef
1121
1122 define KernelPackage/nft-core/description
1123 Kernel module support for nftables
1124 endef
1125
1126 $(eval $(call KernelPackage,nft-core))
1127
1128
1129 define KernelPackage/nft-arp
1130 SUBMENU:=$(NF_MENU)
1131 TITLE:=Netfilter nf_tables ARP table support
1132 DEPENDS:=+kmod-nft-core
1133 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1134 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1135 KCONFIG:=$(KCONFIG_NFT_ARP)
1136 endef
1137
1138 $(eval $(call KernelPackage,nft-arp))
1139
1140
1141 define KernelPackage/nft-bridge
1142 SUBMENU:=$(NF_MENU)
1143 TITLE:=Netfilter nf_tables bridge table support
1144 DEPENDS:=+kmod-nft-core
1145 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1146 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1147 KCONFIG:= \
1148 CONFIG_NF_LOG_BRIDGE=n@lt5.13 \
1149 $(KCONFIG_NFT_BRIDGE)
1150 endef
1151
1152 $(eval $(call KernelPackage,nft-bridge))
1153
1154
1155 define KernelPackage/nft-nat
1156 SUBMENU:=$(NF_MENU)
1157 TITLE:=Netfilter nf_tables NAT support
1158 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1159 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1160 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1161 KCONFIG:=$(KCONFIG_NFT_NAT)
1162 endef
1163
1164 $(eval $(call KernelPackage,nft-nat))
1165
1166
1167 define KernelPackage/nft-offload
1168 SUBMENU:=$(NF_MENU)
1169 TITLE:=Netfilter nf_tables routing/NAT offload support
1170 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1171 KCONFIG:= \
1172 CONFIG_NF_FLOW_TABLE_INET \
1173 CONFIG_NF_FLOW_TABLE_IPV4 \
1174 CONFIG_NF_FLOW_TABLE_IPV6 \
1175 CONFIG_NFT_FLOW_OFFLOAD
1176 FILES:= \
1177 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1178 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1179 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1180 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1181 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1182 endef
1183
1184 $(eval $(call KernelPackage,nft-offload))
1185
1186
1187 define KernelPackage/nft-nat6
1188 SUBMENU:=$(NF_MENU)
1189 TITLE:=Netfilter nf_tables IPv6-NAT support
1190 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1191 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1192 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1193 KCONFIG:=$(KCONFIG_NFT_NAT6)
1194 endef
1195
1196 $(eval $(call KernelPackage,nft-nat6))
1197
1198 define KernelPackage/nft-netdev
1199 SUBMENU:=$(NF_MENU)
1200 TITLE:=Netfilter nf_tables netdev support
1201 DEPENDS:=+kmod-nft-core
1202 KCONFIG:= \
1203 CONFIG_NETFILTER_INGRESS=y \
1204 CONFIG_NF_TABLES_NETDEV \
1205 CONFIG_NF_DUP_NETDEV \
1206 CONFIG_NFT_DUP_NETDEV \
1207 CONFIG_NFT_FWD_NETDEV
1208 FILES:= \
1209 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1210 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1211 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1212 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1213 endef
1214
1215 $(eval $(call KernelPackage,nft-netdev))
1216
1217
1218 define KernelPackage/nft-fib
1219 SUBMENU:=$(NF_MENU)
1220 TITLE:=Netfilter nf_tables fib support
1221 DEPENDS:=+kmod-nft-core
1222 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1223 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1224 KCONFIG:=$(KCONFIG_NFT_FIB)
1225 endef
1226
1227 $(eval $(call KernelPackage,nft-fib))
1228
1229
1230 define KernelPackage/nft-queue
1231 SUBMENU:=$(NF_MENU)
1232 TITLE:=Netfilter nf_tables queue support
1233 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1234 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1235 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1236 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1237 endef
1238
1239 $(eval $(call KernelPackage,nft-queue))
1240
1241 define KernelPackage/nft-socket
1242 SUBMENU:=$(NF_MENU)
1243 TITLE:=Netfilter nf_tables socket support
1244 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1245 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1246 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1247 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1248 endef
1249
1250 $(eval $(call KernelPackage,nft-socket))
1251
1252 define KernelPackage/nft-tproxy
1253 SUBMENU:=$(NF_MENU)
1254 TITLE:=Netfilter nf_tables tproxy support
1255 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1256 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1257 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1258 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1259 endef
1260
1261 $(eval $(call KernelPackage,nft-tproxy))
1262
1263 define KernelPackage/nft-compat
1264 SUBMENU:=$(NF_MENU)
1265 TITLE:=Netfilter nf_tables compat support
1266 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1267 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1268 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1269 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1270 endef
1271
1272 $(eval $(call KernelPackage,nft-compat))
1273
1274 define KernelPackage/nft-xfrm
1275 SUBMENU:=$(NF_MENU)
1276 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1277 DEPENDS:=+kmod-nft-core
1278 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1279 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1280 KCONFIG:=$(KCONFIG_NFT_XFRM)
1281 endef
1282
1283 $(eval $(call KernelPackage,nft-xfrm))
Staging tree of Christian Marangi