X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fstaging%2Fdedeckeh.git;a=blobdiff_plain;f=package%2Fkernel%2Flinux%2Fmodules%2Fnetfilter.mk;h=25715be5d1c443649b377779d708410e75f4a466;hp=a0a19b23a95fd0bb84e42605e08d540244115642;hb=2b6eab507a2679a7be70740dd7f42860c59bec9e;hpb=4454a3fb6375cf1adf17f63a54cd7660bc40caa7 diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index a0a19b23a9..25715be5d1 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -11,13 +11,39 @@ NF_KMOD:=1 include $(INCLUDE_DIR)/netfilter.mk -define KernelPackage/nf-ipt +define KernelPackage/nf-reject SUBMENU:=$(NF_MENU) - TITLE:=Iptables core + TITLE:=Netfilter IPv4 reject support KCONFIG:= \ - CONFIG_NETFILTER=y \ + CONFIG_NETFILTER=y \ CONFIG_NETFILTER_ADVANCED=y \ - $(KCONFIG_NF_IPT) + $(KCONFIG_NF_REJECT) + FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m))) +endef + +$(eval $(call KernelPackage,nf-reject)) + + +define KernelPackage/nf-reject6 + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter IPv6 reject support + KCONFIG:= \ + CONFIG_NETFILTER=y \ + CONFIG_NETFILTER_ADVANCED=y \ + $(KCONFIG_NF_REJECT6) + DEPENDS:=@IPV6 + FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m))) +endef + +$(eval $(call KernelPackage,nf-reject6)) + + +define KernelPackage/nf-ipt + SUBMENU:=$(NF_MENU) + TITLE:=Iptables core + KCONFIG:=$(KCONFIG_NF_IPT) FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m))) endef @@ -31,7 +57,7 @@ define KernelPackage/nf-ipt6 KCONFIG:=$(KCONFIG_NF_IPT6) FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m))) - DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6 + DEPENDS:=+kmod-nf-ipt endef $(eval $(call KernelPackage,nf-ipt6)) @@ -44,7 +70,7 @@ define KernelPackage/ipt-core KCONFIG:=$(KCONFIG_IPT_CORE) FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m))) - DEPENDS:=+kmod-nf-ipt + DEPENDS:=+kmod-nf-reject +kmod-nf-ipt endef define KernelPackage/ipt-core/description @@ -68,11 +94,18 @@ define KernelPackage/nf-conntrack KCONFIG:= \ CONFIG_NETFILTER=y \ CONFIG_NETFILTER_ADVANCED=y \ + CONFIG_NF_CONNTRACK_MARK=y \ + CONFIG_NF_CONNTRACK_ZONES=y \ $(KCONFIG_NF_CONNTRACK) FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m))) endef +define KernelPackage/nf-conntrack/install + $(INSTALL_DIR) $(1)/etc/sysctl.d + $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf +endef + $(eval $(call KernelPackage,nf-conntrack)) @@ -92,7 +125,7 @@ define KernelPackage/nf-nat SUBMENU:=$(NF_MENU) TITLE:=Netfilter NAT KCONFIG:=$(KCONFIG_NF_NAT) - DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt + DEPENDS:=+kmod-nf-conntrack FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m))) endef @@ -104,7 +137,7 @@ define KernelPackage/nf-nat6 SUBMENU:=$(NF_MENU) TITLE:=Netfilter IPV6-NAT KCONFIG:=$(KCONFIG_NF_NAT6) - DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat + DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m))) endef @@ -112,6 +145,23 @@ endef $(eval $(call KernelPackage,nf-nat6)) +define KernelPackage/nf-flow + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter flowtable support + KCONFIG:= \ + CONFIG_NETFILTER_INGRESS=y \ + CONFIG_NF_FLOW_TABLE \ + CONFIG_NF_FLOW_TABLE_HW + DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_9 + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ + $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko + AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw) +endef + +$(eval $(call KernelPackage,nf-flow)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -159,6 +209,21 @@ endef $(eval $(call KernelPackage,ipt-conntrack-extra)) +define KernelPackage/ipt-conntrack-label + TITLE:=Module for handling connection tracking labels + KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL) + FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m))) + $(call AddDepends/ipt,+kmod-ipt-conntrack) +endef + +define KernelPackage/ipt-conntrack-label/description + Netfilter (IPv4) module for handling connection tracking labels + Includes: + - connlabel +endef + +$(eval $(call KernelPackage,ipt-conntrack-label)) define KernelPackage/ipt-filter TITLE:=Modules for packet content inspection @@ -172,11 +237,23 @@ define KernelPackage/ipt-filter/description Netfilter (IPv4) kernel modules for packet content inspection Includes: - string + - bpf endef $(eval $(call KernelPackage,ipt-filter)) +define KernelPackage/ipt-offload + TITLE:=Netfilter routing/NAT offload support + KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD + FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m))) + $(call AddDepends/ipt,+kmod-nf-flow) +endef + +$(eval $(call KernelPackage,ipt-offload)) + + define KernelPackage/ipt-ipopt TITLE:=Modules for matching/changing IP packet options KCONFIG:=$(KCONFIG_IPT_IPOPT) @@ -271,6 +348,98 @@ endef $(eval $(call KernelPackage,ipt-ipset)) +IPVS_MODULES:= \ + ipvs/ip_vs \ + ipvs/ip_vs_lc \ + ipvs/ip_vs_wlc \ + ipvs/ip_vs_rr \ + ipvs/ip_vs_wrr \ + ipvs/ip_vs_lblc \ + ipvs/ip_vs_lblcr \ + ipvs/ip_vs_dh \ + ipvs/ip_vs_sh \ + ipvs/ip_vs_fo \ + ipvs/ip_vs_ovf \ + ipvs/ip_vs_nq \ + ipvs/ip_vs_sed \ + xt_ipvs + +define KernelPackage/nf-ipvs + SUBMENU:=Netfilter Extensions + TITLE:=IP Virtual Server modules + DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack + KCONFIG:= \ + CONFIG_IP_VS \ + CONFIG_IP_VS_IPV6=y \ + CONFIG_IP_VS_DEBUG=n \ + CONFIG_IP_VS_PROTO_TCP=y \ + CONFIG_IP_VS_PROTO_UDP=y \ + CONFIG_IP_VS_PROTO_AH_ESP=y \ + CONFIG_IP_VS_PROTO_ESP=y \ + CONFIG_IP_VS_PROTO_AH=y \ + CONFIG_IP_VS_PROTO_SCTP=y \ + CONFIG_IP_VS_TAB_BITS=12 \ + CONFIG_IP_VS_RR \ + CONFIG_IP_VS_WRR \ + CONFIG_IP_VS_LC \ + CONFIG_IP_VS_WLC \ + CONFIG_IP_VS_FO \ + CONFIG_IP_VS_OVF \ + CONFIG_IP_VS_LBLC \ + CONFIG_IP_VS_LBLCR \ + CONFIG_IP_VS_DH \ + CONFIG_IP_VS_SH \ + CONFIG_IP_VS_SED \ + CONFIG_IP_VS_NQ \ + CONFIG_IP_VS_SH_TAB_BITS=8 \ + CONFIG_IP_VS_NFCT=y \ + CONFIG_NETFILTER_XT_MATCH_IPVS + FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko) + $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack) +endef + +define KernelPackage/nf-ipvs/description + IPVS (IP Virtual Server) implements transport-layer load balancing inside + the Linux kernel so called Layer-4 switching. +endef + +$(eval $(call KernelPackage,nf-ipvs)) + + +define KernelPackage/nf-ipvs-ftp + SUBMENU:=$(NF_MENU) + TITLE:=Virtual Server FTP protocol support + KCONFIG:=CONFIG_IP_VS_FTP + DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper + FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko +endef + +define KernelPackage/nf-ipvs-ftp/description + In the virtual server via Network Address Translation, + the IP address and port number of real servers cannot be sent to + clients in ftp connections directly, so FTP protocol helper is + required for tracking the connection and mangling it back to that of + virtual service. +endef + +$(eval $(call KernelPackage,nf-ipvs-ftp)) + + +define KernelPackage/nf-ipvs-sip + SUBMENU:=$(NF_MENU) + TITLE:=Virtual Server SIP protocol support + KCONFIG:=CONFIG_IP_VS_PE_SIP + DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra + FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko +endef + +define KernelPackage/nf-ipvs-sip/description + Allow persistence based on the SIP Call-ID +endef + +$(eval $(call KernelPackage,nf-ipvs-sip)) + + define KernelPackage/ipt-nat TITLE:=Basic NAT targets KCONFIG:=$(KCONFIG_IPT_NAT) @@ -288,6 +457,28 @@ endef $(eval $(call KernelPackage,ipt-nat)) +define KernelPackage/ipt-raw + TITLE:=Netfilter IPv4 raw table support + KCONFIG:=CONFIG_IP_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko + AUTOLOAD:=$(call AutoProbe,iptable_raw) + $(call AddDepends/ipt) +endef + +$(eval $(call KernelPackage,ipt-raw)) + + +define KernelPackage/ipt-raw6 + TITLE:=Netfilter IPv6 raw table support + KCONFIG:=CONFIG_IP6_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko + AUTOLOAD:=$(call AutoProbe,ip6table_raw) + $(call AddDepends/ipt,+kmod-ip6tables) +endef + +$(eval $(call KernelPackage,ipt-raw6)) + + define KernelPackage/ipt-nat6 TITLE:=IPv6 NAT targets KCONFIG:=$(KCONFIG_IPT_NAT6) @@ -337,8 +528,6 @@ define KernelPackage/nf-nathelper/description Default Netfilter (IPv4) Conntrack and NAT helpers Includes: - ftp - - irc - - tftp endef $(eval $(call KernelPackage,nf-nathelper)) @@ -350,7 +539,7 @@ define KernelPackage/nf-nathelper-extra KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA) FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m))) - DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch + DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +LINUX_4_19:kmod-asn1-decoder endef define KernelPackage/nf-nathelper-extra/description @@ -358,11 +547,13 @@ define KernelPackage/nf-nathelper-extra/description Includes: - amanda - h323 + - irc - mms - pptp - proto_gre - sip - snmp_basic + - tftp - broadcast endef @@ -423,10 +614,9 @@ $(eval $(call KernelPackage,ipt-nfqueue)) define KernelPackage/ipt-debug TITLE:=Module for debugging/development KCONFIG:=$(KCONFIG_IPT_DEBUG) - DEFAULT:=n FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m))) - $(call AddDepends/ipt) + $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6) endef define KernelPackage/ipt-debug/description @@ -454,14 +644,13 @@ $(eval $(call KernelPackage,ipt-led)) define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables + DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables KCONFIG:= \ - CONFIG_NETFILTER_TPROXY \ CONFIG_NETFILTER_XT_MATCH_SOCKET \ CONFIG_NETFILTER_XT_TARGET_TPROXY FILES:= \ $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) $(call AddDepends/ipt) endef @@ -473,7 +662,7 @@ $(eval $(call KernelPackage,ipt-tproxy)) define KernelPackage/ipt-tee TITLE:=TEE support - DEPENDS:=+kmod-ipt-conntrack @!LINUX_4_4 + DEPENDS:=+kmod-ipt-conntrack KCONFIG:= \ CONFIG_NETFILTER_XT_TARGET_TEE FILES:= \ @@ -507,6 +696,23 @@ endef $(eval $(call KernelPackage,ipt-u32)) +define KernelPackage/ipt-checksum + TITLE:=CHECKSUM support + KCONFIG:= \ + CONFIG_NETFILTER_XT_TARGET_CHECKSUM + FILES:= \ + $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \ + $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-checksum/description + Kernel modules for CHECKSUM fillin target +endef + +$(eval $(call KernelPackage,ipt-checksum)) + define KernelPackage/ipt-iprange TITLE:=Module for matching ip ranges @@ -529,7 +735,7 @@ define KernelPackage/ipt-cluster KCONFIG:=$(KCONFIG_IPT_CLUSTER) FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m))) - $(call AddDepends/ipt) + $(call AddDepends/ipt,+kmod-nf-conntrack) endef define KernelPackage/ipt-cluster/description @@ -586,7 +792,6 @@ define KernelPackage/ipt-extra/description Includes: - addrtype - owner - - physdev (if bridge support was enabled in kernel) - pkttype - quota endef @@ -594,10 +799,25 @@ endef $(eval $(call KernelPackage,ipt-extra)) +define KernelPackage/ipt-physdev + TITLE:=physdev module + KCONFIG:=$(KCONFIG_IPT_PHYSDEV) + FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m))) + $(call AddDepends/ipt,+kmod-br-netfilter) +endef + +define KernelPackage/ipt-physdev/description + The iptables physdev kernel module +endef + +$(eval $(call KernelPackage,ipt-physdev)) + + define KernelPackage/ip6tables SUBMENU:=$(NF_MENU) TITLE:=IPv6 modules - DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack + DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core KCONFIG:=$(KCONFIG_IPT_IPV6) FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m))) @@ -643,13 +863,29 @@ endef $(eval $(call KernelPackage,arptables)) +define KernelPackage/br-netfilter + SUBMENU:=$(NF_MENU) + TITLE:=Bridge netfilter support modules + DEPENDS:=+kmod-ipt-core + FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER + AUTOLOAD:=$(call AutoProbe,br_netfilter) +endef + +define KernelPackage/br-netfilter/install + $(INSTALL_DIR) $(1)/etc/sysctl.d + $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf +endef + +$(eval $(call KernelPackage,br-netfilter)) + + define KernelPackage/ebtables SUBMENU:=$(NF_MENU) TITLE:=Bridge firewalling modules - DEPENDS:=+kmod-ipt-core +kmod-bridge + DEPENDS:=+kmod-ipt-core FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) - KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \ - $(KCONFIG_EBTABLES) + KCONFIG:=$(KCONFIG_EBTABLES) AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) endef @@ -664,7 +900,7 @@ $(eval $(call KernelPackage,ebtables)) define AddDepends/ebtables SUBMENU:=$(NF_MENU) - DEPENDS+=kmod-ebtables $(1) + DEPENDS+= +kmod-ebtables $(1) endef @@ -802,20 +1038,34 @@ endef $(eval $(call KernelPackage,ipt-hashlimit)) +define KernelPackage/ipt-rpfilter + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter rpfilter match + DEPENDS:=+kmod-ipt-core + KCONFIG:=$(KCONFIG_IPT_RPFILTER) + FILES:=$(realpath \ + $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko) + AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter) + $(call KernelPackage/ipt) +endef + +define KernelPackage/ipt-rpfilter/description + Kernel modules support for the Netfilter rpfilter match +endef + +$(eval $(call KernelPackage,ipt-rpfilter)) + define KernelPackage/nft-core SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables support - DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 + DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m))) KCONFIG:= \ - CONFIG_NETFILTER=y \ - CONFIG_NETFILTER_ADVANCED=y \ CONFIG_NFT_COMPAT=n \ CONFIG_NFT_QUEUE=n \ - CONFIG_NF_TABLES_ARP=n \ - CONFIG_NF_TABLES_BRIDGE=n \ $(KCONFIG_NFT_CORE) endef @@ -826,6 +1076,32 @@ endef $(eval $(call KernelPackage,nft-core)) +define KernelPackage/nft-arp + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables ARP table support + DEPENDS:=+kmod-nft-core + FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m))) + KCONFIG:=$(KCONFIG_NFT_ARP) +endef + +$(eval $(call KernelPackage,nft-arp)) + + +define KernelPackage/nft-bridge + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables bridge table support + DEPENDS:=+kmod-nft-core + FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m))) + KCONFIG:= \ + CONFIG_NF_LOG_BRIDGE=n \ + $(KCONFIG_NFT_BRIDGE) +endef + +$(eval $(call KernelPackage,nft-bridge)) + + define KernelPackage/nft-nat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables NAT support @@ -838,10 +1114,30 @@ endef $(eval $(call KernelPackage,nft-nat)) +define KernelPackage/nft-offload + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables routing/NAT offload support + DEPENDS:=+kmod-nf-flow +kmod-nft-nat + KCONFIG:= \ + CONFIG_NF_FLOW_TABLE_INET \ + CONFIG_NF_FLOW_TABLE_IPV4 \ + CONFIG_NF_FLOW_TABLE_IPV6 \ + CONFIG_NFT_FLOW_OFFLOAD + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \ + $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \ + $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \ + $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko + AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload) +endef + +$(eval $(call KernelPackage,nft-offload)) + + define KernelPackage/nft-nat6 SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables IPv6-NAT support - DEPENDS:=+kmod-nft-core +kmod-nf-nat6 + DEPENDS:=+kmod-nft-nat +kmod-nf-nat6 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) KCONFIG:=$(KCONFIG_NFT_NAT6) @@ -849,3 +1145,34 @@ endef $(eval $(call KernelPackage,nft-nat6)) +define KernelPackage/nft-netdev + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables netdev support + DEPENDS:=+kmod-nft-core + KCONFIG:= \ + CONFIG_NETFILTER_INGRESS=y \ + CONFIG_NF_TABLES_NETDEV \ + CONFIG_NF_DUP_NETDEV \ + CONFIG_NFT_DUP_NETDEV \ + CONFIG_NFT_FWD_NETDEV + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_tables_netdev.ko@lt4.17 \ + $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \ + $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \ + $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko + AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev) +endef + +$(eval $(call KernelPackage,nft-netdev)) + + +define KernelPackage/nft-fib + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables fib support + DEPENDS:=+kmod-nft-core + FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m))) + KCONFIG:=$(KCONFIG_NFT_FIB) +endef + +$(eval $(call KernelPackage,nft-fib))