projects / openwrt / staging / ldir.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: modules: adapt for kernel 6.1
[openwrt/staging/ldir.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42 define KernelPackage/nf-conncount
43 SUBMENU:=$(NF_MENU)
44 TITLE:=Netfilter conncount support
45 KCONFIG:=$(KCONFIG_NF_CONNCOUNT)
46 HIDDEN:=1
47 DEPENDS:=+kmod-nf-conntrack
48 FILES:=$(foreach mod,$(NF_CONNCOUNT-m),$(LINUX_DIR)/net/$(mod).ko)
49 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNCOUNT-m)))
50 endef
51
52 $(eval $(call KernelPackage,nf-conncount))
53
54 define KernelPackage/nf-ipt
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Iptables core
57 KCONFIG:=$(KCONFIG_NF_IPT)
58 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
60 endef
61
62 $(eval $(call KernelPackage,nf-ipt))
63
64
65 define KernelPackage/nf-ipt6
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Ip6tables core
68 KCONFIG:=$(KCONFIG_NF_IPT6)
69 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
70 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
71 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
72 endef
73
74 $(eval $(call KernelPackage,nf-ipt6))
75
76
77
78 define KernelPackage/ipt-core
79 SUBMENU:=$(NF_MENU)
80 TITLE:=Iptables core
81 KCONFIG:=$(KCONFIG_IPT_CORE)
82 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
83 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
84 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
85 endef
86
87 define KernelPackage/ipt-core/description
88 Netfilter core kernel modules
89 Includes:
90 - comment
91 - limit
92 - LOG
93 - mac
94 - multiport
95 - REJECT
96 - TCPMSS
97 endef
98
99 $(eval $(call KernelPackage,ipt-core))
100
101
102 define KernelPackage/nf-conntrack
103 SUBMENU:=$(NF_MENU)
104 TITLE:=Netfilter connection tracking
105 KCONFIG:= \
106 CONFIG_NETFILTER=y \
107 CONFIG_NETFILTER_ADVANCED=y \
108 CONFIG_NF_CONNTRACK_MARK=y \
109 CONFIG_NF_CONNTRACK_ZONES=y \
110 $(KCONFIG_NF_CONNTRACK)
111 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
112 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
113 endef
114
115 define KernelPackage/nf-conntrack/install
116 $(INSTALL_DIR) $(1)/etc/sysctl.d
117 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
118 endef
119
120 $(eval $(call KernelPackage,nf-conntrack))
121
122
123 define KernelPackage/nf-conntrack6
124 SUBMENU:=$(NF_MENU)
125 TITLE:=Netfilter IPv6 connection tracking
126 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
127 DEPENDS:=@IPV6 +kmod-nf-conntrack
128 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-conntrack6))
133
134
135 define KernelPackage/nf-log
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter Logging
138 KCONFIG:=$(KCONFIG_NF_LOG)
139 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
140 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
141 endef
142
143 $(eval $(call KernelPackage,nf-log))
144
145
146 define KernelPackage/nf-log6
147 SUBMENU:=$(NF_MENU)
148 TITLE:=Netfilter IPV6 Logging
149 KCONFIG:=$(KCONFIG_NF_LOG6)
150 DEPENDS:=@IPV6 +kmod-nf-log
151 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
152 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
153 endef
154
155 $(eval $(call KernelPackage,nf-log6))
156
157
158 define KernelPackage/nf-nat
159 SUBMENU:=$(NF_MENU)
160 TITLE:=Netfilter NAT
161 KCONFIG:=$(KCONFIG_NF_NAT)
162 DEPENDS:=+kmod-nf-conntrack
163 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
164 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
165 endef
166
167 $(eval $(call KernelPackage,nf-nat))
168
169
170 define KernelPackage/nf-nat6
171 SUBMENU:=$(NF_MENU)
172 TITLE:=Netfilter IPV6-NAT
173 KCONFIG:=$(KCONFIG_NF_NAT6)
174 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
175 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
176 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
177 endef
178
179 $(eval $(call KernelPackage,nf-nat6))
180
181
182 define KernelPackage/nf-flow
183 SUBMENU:=$(NF_MENU)
184 TITLE:=Netfilter flowtable support
185 KCONFIG:= \
186 CONFIG_NETFILTER_INGRESS=y \
187 CONFIG_NF_FLOW_TABLE \
188 CONFIG_NF_FLOW_TABLE_HW
189 DEPENDS:=+kmod-nf-conntrack
190 FILES:= $(LINUX_DIR)/net/netfilter/nf_flow_table.ko
191 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
192 endef
193
194 $(eval $(call KernelPackage,nf-flow))
195
196
197 define KernelPackage/nf-socket
198 SUBMENU:=$(NF_MENU)
199 TITLE:=Netfilter socket lookup support
200 KCONFIG:= $(KCOFNIG_NF_SOCKET)
201 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
202 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
203 endef
204
205 $(eval $(call KernelPackage,nf-socket))
206
207
208 define KernelPackage/nf-tproxy
209 SUBMENU:=$(NF_MENU)
210 TITLE:=Netfilter tproxy support
211 KCONFIG:= $(KCOFNIG_NF_TPROXY)
212 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
213 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
214 endef
215
216 $(eval $(call KernelPackage,nf-tproxy))
217
218
219 define AddDepends/ipt
220 SUBMENU:=$(NF_MENU)
221 DEPENDS+= +kmod-ipt-core $(1)
222 endef
223
224
225 define KernelPackage/ipt-conntrack
226 TITLE:=Basic connection tracking modules
227 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
228 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
229 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
230 $(call AddDepends/ipt,+kmod-nf-conntrack)
231 endef
232
233 define KernelPackage/ipt-conntrack/description
234 Netfilter (IPv4) kernel modules for connection tracking
235 Includes:
236 - conntrack
237 - defrag
238 - iptables_raw
239 - NOTRACK
240 - state
241 endef
242
243 $(eval $(call KernelPackage,ipt-conntrack))
244
245
246 define KernelPackage/ipt-conntrack-extra
247 TITLE:=Extra connection tracking modules
248 DEPENDS:=+kmod-nf-conncount
249 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
250 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
251 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
252 $(call AddDepends/ipt,+kmod-ipt-conntrack)
253 endef
254
255 define KernelPackage/ipt-conntrack-extra/description
256 Netfilter (IPv4) extra kernel modules for connection tracking
257 Includes:
258 - connbytes
259 - connmark/CONNMARK
260 - conntrack
261 - helper
262 - recent
263 endef
264
265 $(eval $(call KernelPackage,ipt-conntrack-extra))
266
267 define KernelPackage/ipt-conntrack-label
268 TITLE:=Module for handling connection tracking labels
269 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
270 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
271 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
272 $(call AddDepends/ipt,+kmod-ipt-conntrack)
273 endef
274
275 define KernelPackage/ipt-conntrack-label/description
276 Netfilter (IPv4) module for handling connection tracking labels
277 Includes:
278 - connlabel
279 endef
280
281 $(eval $(call KernelPackage,ipt-conntrack-label))
282
283 define KernelPackage/ipt-filter
284 TITLE:=Modules for packet content inspection
285 KCONFIG:=$(KCONFIG_IPT_FILTER)
286 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
287 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
288 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
289 endef
290
291 define KernelPackage/ipt-filter/description
292 Netfilter (IPv4) kernel modules for packet content inspection
293 Includes:
294 - string
295 - bpf
296 endef
297
298 $(eval $(call KernelPackage,ipt-filter))
299
300
301 define KernelPackage/ipt-offload
302 TITLE:=Netfilter routing/NAT offload support
303 KCONFIG:=$(KCONFIG_IPT_FLOW)
304 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
305 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
306 $(call AddDepends/ipt,+kmod-nf-flow)
307 endef
308
309 $(eval $(call KernelPackage,ipt-offload))
310
311
312 define KernelPackage/ipt-ipopt
313 TITLE:=Modules for matching/changing IP packet options
314 KCONFIG:=$(KCONFIG_IPT_IPOPT)
315 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
316 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
317 $(call AddDepends/ipt)
318 endef
319
320 define KernelPackage/ipt-ipopt/description
321 Netfilter (IPv4) modules for matching/changing IP packet options
322 Includes:
323 - CLASSIFY
324 - dscp/DSCP
325 - ecn/ECN
326 - hl/HL
327 - length
328 - mark/MARK
329 - statistic
330 - tcpmss
331 - time
332 - ttl/TTL
333 - unclean
334 endef
335
336 $(eval $(call KernelPackage,ipt-ipopt))
337
338
339 define KernelPackage/ipt-ipsec
340 TITLE:=Modules for matching IPSec packets
341 KCONFIG:=$(KCONFIG_IPT_IPSEC)
342 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
343 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
344 $(call AddDepends/ipt)
345 endef
346
347 define KernelPackage/ipt-ipsec/description
348 Netfilter (IPv4) modules for matching IPSec packets
349 Includes:
350 - ah
351 - esp
352 - policy
353 endef
354
355 $(eval $(call KernelPackage,ipt-ipsec))
356
357 IPSET_MODULES:= \
358 ipset/ip_set \
359 ipset/ip_set_bitmap_ip \
360 ipset/ip_set_bitmap_ipmac \
361 ipset/ip_set_bitmap_port \
362 ipset/ip_set_hash_ip \
363 ipset/ip_set_hash_ipmac \
364 ipset/ip_set_hash_ipmark \
365 ipset/ip_set_hash_ipport \
366 ipset/ip_set_hash_ipportip \
367 ipset/ip_set_hash_ipportnet \
368 ipset/ip_set_hash_mac \
369 ipset/ip_set_hash_netportnet \
370 ipset/ip_set_hash_net \
371 ipset/ip_set_hash_netnet \
372 ipset/ip_set_hash_netport \
373 ipset/ip_set_hash_netiface \
374 ipset/ip_set_list_set \
375 xt_set
376
377 define KernelPackage/ipt-ipset
378 SUBMENU:=Netfilter Extensions
379 TITLE:=IPset netfilter modules
380 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
381 KCONFIG:= \
382 CONFIG_IP_SET \
383 CONFIG_IP_SET_MAX=256 \
384 CONFIG_NETFILTER_XT_SET \
385 CONFIG_IP_SET_BITMAP_IP \
386 CONFIG_IP_SET_BITMAP_IPMAC \
387 CONFIG_IP_SET_BITMAP_PORT \
388 CONFIG_IP_SET_HASH_IP \
389 CONFIG_IP_SET_HASH_IPMAC \
390 CONFIG_IP_SET_HASH_IPMARK \
391 CONFIG_IP_SET_HASH_IPPORT \
392 CONFIG_IP_SET_HASH_IPPORTIP \
393 CONFIG_IP_SET_HASH_IPPORTNET \
394 CONFIG_IP_SET_HASH_MAC \
395 CONFIG_IP_SET_HASH_NET \
396 CONFIG_IP_SET_HASH_NETNET \
397 CONFIG_IP_SET_HASH_NETIFACE \
398 CONFIG_IP_SET_HASH_NETPORT \
399 CONFIG_IP_SET_HASH_NETPORTNET \
400 CONFIG_IP_SET_LIST_SET \
401 CONFIG_NET_EMATCH_IPSET=n
402 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
403 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
404 endef
405 $(eval $(call KernelPackage,ipt-ipset))
406
407
408 IPVS_MODULES:= \
409 ipvs/ip_vs \
410 ipvs/ip_vs_lc \
411 ipvs/ip_vs_wlc \
412 ipvs/ip_vs_rr \
413 ipvs/ip_vs_wrr \
414 ipvs/ip_vs_lblc \
415 ipvs/ip_vs_lblcr \
416 ipvs/ip_vs_dh \
417 ipvs/ip_vs_sh \
418 ipvs/ip_vs_fo \
419 ipvs/ip_vs_ovf \
420 ipvs/ip_vs_nq \
421 ipvs/ip_vs_sed \
422 xt_ipvs
423
424 define KernelPackage/nf-ipvs
425 SUBMENU:=Netfilter Extensions
426 TITLE:=IP Virtual Server modules
427 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
428 KCONFIG:= \
429 CONFIG_IP_VS \
430 CONFIG_IP_VS_IPV6=y \
431 CONFIG_IP_VS_DEBUG=n \
432 CONFIG_IP_VS_PROTO_TCP=y \
433 CONFIG_IP_VS_PROTO_UDP=y \
434 CONFIG_IP_VS_PROTO_AH_ESP=y \
435 CONFIG_IP_VS_PROTO_ESP=y \
436 CONFIG_IP_VS_PROTO_AH=y \
437 CONFIG_IP_VS_PROTO_SCTP=y \
438 CONFIG_IP_VS_TAB_BITS=12 \
439 CONFIG_IP_VS_RR \
440 CONFIG_IP_VS_WRR \
441 CONFIG_IP_VS_LC \
442 CONFIG_IP_VS_WLC \
443 CONFIG_IP_VS_FO \
444 CONFIG_IP_VS_OVF \
445 CONFIG_IP_VS_LBLC \
446 CONFIG_IP_VS_LBLCR \
447 CONFIG_IP_VS_DH \
448 CONFIG_IP_VS_SH \
449 CONFIG_IP_VS_SED \
450 CONFIG_IP_VS_NQ \
451 CONFIG_IP_VS_SH_TAB_BITS=8 \
452 CONFIG_IP_VS_NFCT=y \
453 CONFIG_NETFILTER_XT_MATCH_IPVS
454 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
455 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
456 endef
457
458 define KernelPackage/nf-ipvs/description
459 IPVS (IP Virtual Server) implements transport-layer load balancing inside
460 the Linux kernel so called Layer-4 switching.
461 endef
462
463 $(eval $(call KernelPackage,nf-ipvs))
464
465
466 define KernelPackage/nf-ipvs-ftp
467 SUBMENU:=$(NF_MENU)
468 TITLE:=Virtual Server FTP protocol support
469 KCONFIG:=CONFIG_IP_VS_FTP
470 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
471 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
472 endef
473
474 define KernelPackage/nf-ipvs-ftp/description
475 In the virtual server via Network Address Translation,
476 the IP address and port number of real servers cannot be sent to
477 clients in ftp connections directly, so FTP protocol helper is
478 required for tracking the connection and mangling it back to that of
479 virtual service.
480 endef
481
482 $(eval $(call KernelPackage,nf-ipvs-ftp))
483
484
485 define KernelPackage/nf-ipvs-sip
486 SUBMENU:=$(NF_MENU)
487 TITLE:=Virtual Server SIP protocol support
488 KCONFIG:=CONFIG_IP_VS_PE_SIP
489 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
490 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
491 endef
492
493 define KernelPackage/nf-ipvs-sip/description
494 Allow persistence based on the SIP Call-ID
495 endef
496
497 $(eval $(call KernelPackage,nf-ipvs-sip))
498
499
500 define KernelPackage/ipt-nat
501 TITLE:=Basic NAT targets
502 KCONFIG:=$(KCONFIG_IPT_NAT)
503 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
504 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
505 $(call AddDepends/ipt,+kmod-nf-nat)
506 endef
507
508 define KernelPackage/ipt-nat/description
509 Netfilter (IPv4) kernel modules for basic NAT targets
510 Includes:
511 - MASQUERADE
512 endef
513
514 $(eval $(call KernelPackage,ipt-nat))
515
516
517 define KernelPackage/ipt-raw
518 TITLE:=Netfilter IPv4 raw table support
519 KCONFIG:=CONFIG_IP_NF_RAW
520 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
521 AUTOLOAD:=$(call AutoProbe,iptable_raw)
522 $(call AddDepends/ipt)
523 endef
524
525 $(eval $(call KernelPackage,ipt-raw))
526
527
528 define KernelPackage/ipt-raw6
529 TITLE:=Netfilter IPv6 raw table support
530 DEPENDS:=@IPV6
531 KCONFIG:=CONFIG_IP6_NF_RAW
532 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
533 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
534 $(call AddDepends/ipt,+kmod-ip6tables)
535 endef
536
537 $(eval $(call KernelPackage,ipt-raw6))
538
539
540 define KernelPackage/ipt-nat6
541 TITLE:=IPv6 NAT targets
542 DEPENDS:=@IPV6
543 KCONFIG:=$(KCONFIG_IPT_NAT6)
544 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
545 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
546 $(call AddDepends/ipt,+kmod-nf-nat6)
547 $(call AddDepends/ipt,+kmod-ipt-conntrack)
548 $(call AddDepends/ipt,+kmod-ipt-nat)
549 $(call AddDepends/ipt,+kmod-ip6tables)
550 endef
551
552 define KernelPackage/ipt-nat6/description
553 Netfilter (IPv6) kernel modules for NAT targets
554 endef
555
556 $(eval $(call KernelPackage,ipt-nat6))
557
558
559 define KernelPackage/ipt-nat-extra
560 TITLE:=Extra NAT targets
561 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
562 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
563 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
564 $(call AddDepends/ipt,+kmod-ipt-nat)
565 endef
566
567 define KernelPackage/ipt-nat-extra/description
568 Netfilter (IPv4) kernel modules for extra NAT targets
569 Includes:
570 - NETMAP
571 - REDIRECT
572 endef
573
574 $(eval $(call KernelPackage,ipt-nat-extra))
575
576
577 define KernelPackage/nf-nathelper
578 SUBMENU:=$(NF_MENU)
579 TITLE:=Basic Conntrack and NAT helpers
580 KCONFIG:=$(KCONFIG_NF_NATHELPER)
581 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
582 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
583 DEPENDS:=+kmod-nf-nat
584 endef
585
586 define KernelPackage/nf-nathelper/description
587 Default Netfilter (IPv4) Conntrack and NAT helpers
588 Includes:
589 - ftp
590 endef
591
592 $(eval $(call KernelPackage,nf-nathelper))
593
594
595 define KernelPackage/nf-nathelper-extra
596 SUBMENU:=$(NF_MENU)
597 TITLE:=Extra Conntrack and NAT helpers
598 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
599 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
600 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
601 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
602 endef
603
604 define KernelPackage/nf-nathelper-extra/description
605 Extra Netfilter (IPv4) Conntrack and NAT helpers
606 Includes:
607 - amanda
608 - h323
609 - irc
610 - mms
611 - pptp
612 - proto_gre
613 - sip
614 - snmp_basic
615 - tftp
616 - broadcast
617 endef
618
619 $(eval $(call KernelPackage,nf-nathelper-extra))
620
621
622 define KernelPackage/ipt-nflog
623 TITLE:=Module for user-space packet logging
624 KCONFIG:=$(KCONFIG_IPT_NFLOG)
625 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
626 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
627 $(call AddDepends/ipt,+kmod-nfnetlink-log)
628 endef
629
630 define KernelPackage/ipt-nflog/description
631 Netfilter module for user-space packet logging
632 Includes:
633 - NFLOG
634 endef
635
636 $(eval $(call KernelPackage,ipt-nflog))
637
638
639 define KernelPackage/ipt-nfqueue
640 TITLE:=Module for user-space packet queuing
641 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
642 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
643 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
644 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
645 endef
646
647 define KernelPackage/ipt-nfqueue/description
648 Netfilter module for user-space packet queuing
649 Includes:
650 - NFQUEUE
651 endef
652
653 $(eval $(call KernelPackage,ipt-nfqueue))
654
655
656 define KernelPackage/ipt-debug
657 TITLE:=Module for debugging/development
658 KCONFIG:=$(KCONFIG_IPT_DEBUG)
659 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
660 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
661 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
662 endef
663
664 define KernelPackage/ipt-debug/description
665 Netfilter modules for debugging/development of the firewall
666 Includes:
667 - TRACE
668 endef
669
670 $(eval $(call KernelPackage,ipt-debug))
671
672
673 define KernelPackage/ipt-led
674 TITLE:=Module to trigger a LED with a Netfilter rule
675 KCONFIG:=$(KCONFIG_IPT_LED)
676 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
677 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
678 $(call AddDepends/ipt)
679 endef
680
681 define KernelPackage/ipt-led/description
682 Netfilter target to trigger a LED when a network packet is matched.
683 endef
684
685 $(eval $(call KernelPackage,ipt-led))
686
687 define KernelPackage/ipt-socket
688 TITLE:=Iptables socket matching support
689 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
690 KCONFIG:=$(KCONFIG_IPT_SOCKET)
691 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
692 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
693 $(call AddDepends/ipt)
694 endef
695
696 define KernelPackage/ipt-socket/description
697 Kernel modules for socket matching
698 endef
699
700 $(eval $(call KernelPackage,ipt-socket))
701
702 define KernelPackage/ipt-tproxy
703 TITLE:=Transparent proxying support
704 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
705 KCONFIG:=$(KCONFIG_IPT_TPROXY)
706 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
707 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
708 $(call AddDepends/ipt)
709 endef
710
711 define KernelPackage/ipt-tproxy/description
712 Kernel modules for Transparent Proxying
713 endef
714
715 $(eval $(call KernelPackage,ipt-tproxy))
716
717 define KernelPackage/ipt-tee
718 TITLE:=TEE support
719 DEPENDS:=+kmod-ipt-conntrack
720 KCONFIG:=$(KCONFIG_IPT_TEE)
721 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
722 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
723 $(call AddDepends/ipt)
724 endef
725
726 define KernelPackage/ipt-tee/description
727 Kernel modules for TEE
728 endef
729
730 $(eval $(call KernelPackage,ipt-tee))
731
732
733 define KernelPackage/ipt-u32
734 TITLE:=U32 support
735 KCONFIG:=$(KCONFIG_IPT_U32)
736 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
737 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
738 $(call AddDepends/ipt)
739 endef
740
741 define KernelPackage/ipt-u32/description
742 Kernel modules for U32
743 endef
744
745 $(eval $(call KernelPackage,ipt-u32))
746
747 define KernelPackage/ipt-checksum
748 TITLE:=CHECKSUM support
749 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
750 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
751 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
752 $(call AddDepends/ipt)
753 endef
754
755 define KernelPackage/ipt-checksum/description
756 Kernel modules for CHECKSUM fillin target
757 endef
758
759 $(eval $(call KernelPackage,ipt-checksum))
760
761
762 define KernelPackage/ipt-iprange
763 TITLE:=Module for matching ip ranges
764 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
765 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
766 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
767 $(call AddDepends/ipt)
768 endef
769
770 define KernelPackage/ipt-iprange/description
771 Netfilter (IPv4) module for matching ip ranges
772 Includes:
773 - iprange
774 endef
775
776 $(eval $(call KernelPackage,ipt-iprange))
777
778 define KernelPackage/ipt-cluster
779 TITLE:=Module for matching cluster
780 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
781 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
782 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
783 $(call AddDepends/ipt,+kmod-nf-conntrack)
784 endef
785
786 define KernelPackage/ipt-cluster/description
787 Netfilter (IPv4/IPv6) module for matching cluster
788 This option allows you to build work-load-sharing clusters of
789 network servers/stateful firewalls without having a dedicated
790 load-balancing router/server/switch. Basically, this match returns
791 true when the packet must be handled by this cluster node. Thus,
792 all nodes see all packets and this match decides which node handles
793 what packets. The work-load sharing algorithm is based on source
794 address hashing.
795
796 This module is usable for ipv4 and ipv6.
797
798 To use it also enable iptables-mod-cluster
799
800 see `iptables -m cluster --help` for more information.
801 endef
802
803 $(eval $(call KernelPackage,ipt-cluster))
804
805 define KernelPackage/ipt-clusterip
806 TITLE:=Module for CLUSTERIP
807 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
808 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
809 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
810 $(call AddDepends/ipt,+kmod-nf-conntrack)
811 endef
812
813 define KernelPackage/ipt-clusterip/description
814 Netfilter (IPv4-only) module for CLUSTERIP
815 The CLUSTERIP target allows you to build load-balancing clusters of
816 network servers without having a dedicated load-balancing
817 router/server/switch.
818
819 To use it also enable iptables-mod-clusterip
820
821 see `iptables -j CLUSTERIP --help` for more information.
822 endef
823
824 $(eval $(call KernelPackage,ipt-clusterip))
825
826
827 define KernelPackage/ipt-extra
828 TITLE:=Extra modules
829 KCONFIG:=$(KCONFIG_IPT_EXTRA)
830 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
831 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
832 $(call AddDepends/ipt)
833 endef
834
835 define KernelPackage/ipt-extra/description
836 Other Netfilter (IPv4) kernel modules
837 Includes:
838 - addrtype
839 - owner
840 - pkttype
841 - quota
842 endef
843
844 $(eval $(call KernelPackage,ipt-extra))
845
846
847 define KernelPackage/ipt-physdev
848 TITLE:=physdev module
849 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
850 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
851 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
852 $(call AddDepends/ipt,+kmod-br-netfilter)
853 endef
854
855 define KernelPackage/ipt-physdev/description
856 The iptables physdev kernel module
857 endef
858
859 $(eval $(call KernelPackage,ipt-physdev))
860
861
862 define KernelPackage/ip6tables
863 SUBMENU:=$(NF_MENU)
864 TITLE:=IPv6 modules
865 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
866 KCONFIG:=$(KCONFIG_IPT_IPV6)
867 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
868 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
869 endef
870
871 define KernelPackage/ip6tables/description
872 Netfilter IPv6 firewalling support
873 endef
874
875 $(eval $(call KernelPackage,ip6tables))
876
877 define KernelPackage/ip6tables-extra
878 SUBMENU:=$(NF_MENU)
879 TITLE:=Extra IPv6 modules
880 DEPENDS:=@IPV6 +kmod-ip6tables
881 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
882 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
883 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
884 endef
885
886 define KernelPackage/ip6tables-extra/description
887 Netfilter IPv6 extra header matching modules
888 endef
889
890 $(eval $(call KernelPackage,ip6tables-extra))
891
892 ARP_MODULES = arp_tables arpt_mangle arptable_filter
893 define KernelPackage/arptables
894 SUBMENU:=$(NF_MENU)
895 TITLE:=ARP firewalling modules
896 DEPENDS:=+kmod-ipt-core
897 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
898 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
899 CONFIG_IP_NF_ARPFILTER \
900 CONFIG_IP_NF_ARP_MANGLE
901 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
902 endef
903
904 define KernelPackage/arptables/description
905 Kernel modules for ARP firewalling
906 endef
907
908 $(eval $(call KernelPackage,arptables))
909
910
911 define KernelPackage/br-netfilter
912 SUBMENU:=$(NF_MENU)
913 TITLE:=Bridge netfilter support modules
914 DEPENDS:=+kmod-ipt-core
915 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
916 KCONFIG:=CONFIG_BRIDGE_NETFILTER
917 AUTOLOAD:=$(call AutoProbe,br_netfilter)
918 endef
919
920 define KernelPackage/br-netfilter/install
921 $(INSTALL_DIR) $(1)/etc/sysctl.d
922 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
923 endef
924
925 $(eval $(call KernelPackage,br-netfilter))
926
927
928 define KernelPackage/ebtables
929 SUBMENU:=$(NF_MENU)
930 TITLE:=Bridge firewalling modules
931 DEPENDS:=+kmod-ipt-core
932 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
933 KCONFIG:=$(KCONFIG_EBTABLES)
934 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
935 endef
936
937 define KernelPackage/ebtables/description
938 ebtables is a general, extensible frame/packet identification
939 framework. It provides you to do Ethernet
940 filtering/NAT/brouting on the Ethernet bridge.
941 endef
942
943 $(eval $(call KernelPackage,ebtables))
944
945
946 define AddDepends/ebtables
947 SUBMENU:=$(NF_MENU)
948 DEPENDS+= +kmod-ebtables $(1)
949 endef
950
951
952 define KernelPackage/ebtables-ipv4
953 TITLE:=ebtables: IPv4 support
954 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
955 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
956 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
957 $(call AddDepends/ebtables)
958 endef
959
960 define KernelPackage/ebtables-ipv4/description
961 This option adds the IPv4 support to ebtables, which allows basic
962 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
963 endef
964
965 $(eval $(call KernelPackage,ebtables-ipv4))
966
967
968 define KernelPackage/ebtables-ipv6
969 TITLE:=ebtables: IPv6 support
970 DEPENDS:=@IPV6
971 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
972 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
973 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
974 $(call AddDepends/ebtables)
975 endef
976
977 define KernelPackage/ebtables-ipv6/description
978 This option adds the IPv6 support to ebtables, which allows basic
979 IPv6 header field filtering and target support.
980 endef
981
982 $(eval $(call KernelPackage,ebtables-ipv6))
983
984
985 define KernelPackage/ebtables-watchers
986 TITLE:=ebtables: watchers support
987 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
988 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
989 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
990 $(call AddDepends/ebtables)
991 endef
992
993 define KernelPackage/ebtables-watchers/description
994 This option adds the log watchers, that you can use in any rule
995 in any ebtables table.
996 endef
997
998 $(eval $(call KernelPackage,ebtables-watchers))
999
1000
1001 define KernelPackage/nfnetlink
1002 SUBMENU:=$(NF_MENU)
1003 TITLE:=Netlink-based userspace interface
1004 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
1005 KCONFIG:=$(KCONFIG_NFNETLINK)
1006 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
1007 endef
1008
1009 define KernelPackage/nfnetlink/description
1010 Kernel modules support for a netlink-based userspace interface
1011 endef
1012
1013 $(eval $(call KernelPackage,nfnetlink))
1014
1015
1016 define AddDepends/nfnetlink
1017 SUBMENU:=$(NF_MENU)
1018 DEPENDS+=+kmod-nfnetlink $(1)
1019 endef
1020
1021
1022 define KernelPackage/nfnetlink-log
1023 TITLE:=Netfilter LOG over NFNETLINK interface
1024 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1025 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1026 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1027 $(call AddDepends/nfnetlink)
1028 endef
1029
1030 define KernelPackage/nfnetlink-log/description
1031 Kernel modules support for logging packets via NFNETLINK
1032 Includes:
1033 - NFLOG
1034 endef
1035
1036 $(eval $(call KernelPackage,nfnetlink-log))
1037
1038
1039 define KernelPackage/nfnetlink-queue
1040 TITLE:=Netfilter QUEUE over NFNETLINK interface
1041 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1042 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1043 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1044 $(call AddDepends/nfnetlink)
1045 endef
1046
1047 define KernelPackage/nfnetlink-queue/description
1048 Kernel modules support for queueing packets via NFNETLINK
1049 Includes:
1050 - NFQUEUE
1051 endef
1052
1053 $(eval $(call KernelPackage,nfnetlink-queue))
1054
1055
1056 define KernelPackage/nf-conntrack-netlink
1057 TITLE:=Connection tracking netlink interface
1058 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1059 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1060 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1061 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1062 endef
1063
1064 define KernelPackage/nf-conntrack-netlink/description
1065 Kernel modules support for a netlink-based connection tracking
1066 userspace interface
1067 endef
1068
1069 $(eval $(call KernelPackage,nf-conntrack-netlink))
1070
1071 define KernelPackage/ipt-hashlimit
1072 SUBMENU:=$(NF_MENU)
1073 TITLE:=Netfilter hashlimit match
1074 DEPENDS:=+kmod-ipt-core
1075 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1076 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1077 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1078 $(call KernelPackage/ipt)
1079 endef
1080
1081 define KernelPackage/ipt-hashlimit/description
1082 Kernel modules support for the hashlimit bucket match module
1083 endef
1084
1085 $(eval $(call KernelPackage,ipt-hashlimit))
1086
1087 define KernelPackage/ipt-rpfilter
1088 SUBMENU:=$(NF_MENU)
1089 TITLE:=Netfilter rpfilter match
1090 DEPENDS:=+kmod-ipt-core
1091 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1092 FILES:=$(realpath \
1093 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1094 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1095 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1096 $(call KernelPackage/ipt)
1097 endef
1098
1099 define KernelPackage/ipt-rpfilter/description
1100 Kernel modules support for the Netfilter rpfilter match
1101 endef
1102
1103 $(eval $(call KernelPackage,ipt-rpfilter))
1104
1105
1106 define KernelPackage/nft-core
1107 SUBMENU:=$(NF_MENU)
1108 TITLE:=Netfilter nf_tables support
1109 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1110 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1111 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1112 KCONFIG:= \
1113 CONFIG_NFT_COMPAT=n \
1114 CONFIG_NFT_QUEUE=n \
1115 $(KCONFIG_NFT_CORE)
1116 endef
1117
1118 define KernelPackage/nft-core/description
1119 Kernel module support for nftables
1120 endef
1121
1122 $(eval $(call KernelPackage,nft-core))
1123
1124
1125 define KernelPackage/nft-arp
1126 SUBMENU:=$(NF_MENU)
1127 TITLE:=Netfilter nf_tables ARP table support
1128 DEPENDS:=+kmod-nft-core
1129 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1131 KCONFIG:=$(KCONFIG_NFT_ARP)
1132 endef
1133
1134 $(eval $(call KernelPackage,nft-arp))
1135
1136
1137 define KernelPackage/nft-bridge
1138 SUBMENU:=$(NF_MENU)
1139 TITLE:=Netfilter nf_tables bridge table support
1140 DEPENDS:=+kmod-nft-core
1141 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1143 KCONFIG:= \
1144 $(KCONFIG_NFT_BRIDGE)
1145 endef
1146
1147 $(eval $(call KernelPackage,nft-bridge))
1148
1149
1150 define KernelPackage/nft-nat
1151 SUBMENU:=$(NF_MENU)
1152 TITLE:=Netfilter nf_tables NAT support
1153 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1154 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1155 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1156 KCONFIG:=$(KCONFIG_NFT_NAT)
1157 endef
1158
1159 $(eval $(call KernelPackage,nft-nat))
1160
1161
1162 define KernelPackage/nft-offload
1163 SUBMENU:=$(NF_MENU)
1164 TITLE:=Netfilter nf_tables routing/NAT offload support
1165 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1166 KCONFIG:= \
1167 CONFIG_NF_FLOW_TABLE_INET \
1168 CONFIG_NF_FLOW_TABLE_IPV4@lt5.17 \
1169 CONFIG_NF_FLOW_TABLE_IPV6@lt5.17 \
1170 CONFIG_NFT_FLOW_OFFLOAD
1171 FILES:= \
1172 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1173 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko@lt5.17 \
1174 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko@lt5.17 \
1175 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1176 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4@lt5.17 nf_flow_table_ipv6@lt5.17 nft_flow_offload)
1177 endef
1178
1179 $(eval $(call KernelPackage,nft-offload))
1180
1181
1182 define KernelPackage/nft-netdev
1183 SUBMENU:=$(NF_MENU)
1184 TITLE:=Netfilter nf_tables netdev support
1185 DEPENDS:=+kmod-nft-core
1186 KCONFIG:= \
1187 CONFIG_NETFILTER_INGRESS=y \
1188 CONFIG_NF_TABLES_NETDEV \
1189 CONFIG_NF_DUP_NETDEV \
1190 CONFIG_NFT_DUP_NETDEV \
1191 CONFIG_NFT_FWD_NETDEV
1192 FILES:= \
1193 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1194 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1195 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1196 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1197 endef
1198
1199 $(eval $(call KernelPackage,nft-netdev))
1200
1201
1202 define KernelPackage/nft-fib
1203 SUBMENU:=$(NF_MENU)
1204 TITLE:=Netfilter nf_tables fib support
1205 DEPENDS:=+kmod-nft-core
1206 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1207 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1208 KCONFIG:=$(KCONFIG_NFT_FIB)
1209 endef
1210
1211 $(eval $(call KernelPackage,nft-fib))
1212
1213
1214 define KernelPackage/nft-queue
1215 SUBMENU:=$(NF_MENU)
1216 TITLE:=Netfilter nf_tables queue support
1217 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1218 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1219 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1220 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1221 endef
1222
1223 $(eval $(call KernelPackage,nft-queue))
1224
1225 define KernelPackage/nft-socket
1226 SUBMENU:=$(NF_MENU)
1227 TITLE:=Netfilter nf_tables socket support
1228 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1229 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1230 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1231 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1232 endef
1233
1234 $(eval $(call KernelPackage,nft-socket))
1235
1236 define KernelPackage/nft-tproxy
1237 SUBMENU:=$(NF_MENU)
1238 TITLE:=Netfilter nf_tables tproxy support
1239 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1240 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1241 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1242 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1243 endef
1244
1245 $(eval $(call KernelPackage,nft-tproxy))
1246
1247 define KernelPackage/nft-compat
1248 SUBMENU:=$(NF_MENU)
1249 TITLE:=Netfilter nf_tables compat support
1250 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1251 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1252 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1253 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1254 endef
1255
1256 $(eval $(call KernelPackage,nft-compat))
1257
1258 define KernelPackage/nft-xfrm
1259 SUBMENU:=$(NF_MENU)
1260 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1261 DEPENDS:=+kmod-nft-core
1262 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1263 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1264 KCONFIG:=$(KCONFIG_NFT_XFRM)
1265 endef
1266
1267 $(eval $(call KernelPackage,nft-xfrm))
1268
1269 define KernelPackage/nft-connlimit
1270 SUBMENU:=$(NF_MENU)
1271 TITLE:=Netfilter nf_tables connlimit support
1272 DEPENDS:=+kmod-nft-core +kmod-nf-conncount
1273 FILES:=$(foreach mod,$(NFT_CONNLIMIT-m),$(LINUX_DIR)/net/$(mod).ko)
1274 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CONNLIMIT-m)))
1275 KCONFIG:=$(KCONFIG_NFT_CONNLIMIT)
1276 endef
1277
1278 $(eval $(call KernelPackage,nft-connlimit))
Kevin D-Bs staging tree