projects / openwrt / staging / lynxis / omap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: Linux IP Virtual Server kernel modules (netfilter.mk patch)
[openwrt/staging/lynxis/omap.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-ipt
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Iptables core
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_IPT)
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-ipt))
26
27
28 define KernelPackage/nf-ipt6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Ip6tables core
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
35 endef
36
37 $(eval $(call KernelPackage,nf-ipt6))
38
39
40
41 define KernelPackage/ipt-core
42 SUBMENU:=$(NF_MENU)
43 TITLE:=Iptables core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
47 DEPENDS:=+kmod-nf-ipt
48 endef
49
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
52 Includes:
53 - comment
54 - limit
55 - LOG
56 - mac
57 - multiport
58 - REJECT
59 - TCPMSS
60 endef
61
62 $(eval $(call KernelPackage,ipt-core))
63
64
65 define KernelPackage/nf-conntrack
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Netfilter connection tracking
68 KCONFIG:= \
69 CONFIG_NETFILTER=y \
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
74 endef
75
76 $(eval $(call KernelPackage,nf-conntrack))
77
78
79 define KernelPackage/nf-conntrack6
80 SUBMENU:=$(NF_MENU)
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=@IPV6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
86 endef
87
88 $(eval $(call KernelPackage,nf-conntrack6))
89
90
91 define KernelPackage/nf-nat
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter NAT
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
98 endef
99
100 $(eval $(call KernelPackage,nf-nat))
101
102
103 define KernelPackage/nf-nat6
104 SUBMENU:=$(NF_MENU)
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
110 endef
111
112 $(eval $(call KernelPackage,nf-nat6))
113
114
115 define AddDepends/ipt
116 SUBMENU:=$(NF_MENU)
117 DEPENDS+= +kmod-ipt-core $(1)
118 endef
119
120
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
127 endef
128
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
131 Includes:
132 - conntrack
133 - defrag
134 - iptables_raw
135 - NOTRACK
136 - state
137 endef
138
139 $(eval $(call KernelPackage,ipt-conntrack))
140
141
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
148 endef
149
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
152 Includes:
153 - connbytes
154 - connmark/CONNMARK
155 - conntrack
156 - helper
157 - recent
158 endef
159
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
161
162
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
169 endef
170
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
173 Includes:
174 - string
175 endef
176
177 $(eval $(call KernelPackage,ipt-filter))
178
179
180 define KernelPackage/ipt-ipopt
181 TITLE:=Modules for matching/changing IP packet options
182 KCONFIG:=$(KCONFIG_IPT_IPOPT)
183 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
184 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
185 $(call AddDepends/ipt)
186 endef
187
188 define KernelPackage/ipt-ipopt/description
189 Netfilter (IPv4) modules for matching/changing IP packet options
190 Includes:
191 - CLASSIFY
192 - dscp/DSCP
193 - ecn/ECN
194 - hl/HL
195 - length
196 - mark/MARK
197 - statistic
198 - tcpmss
199 - time
200 - ttl/TTL
201 - unclean
202 endef
203
204 $(eval $(call KernelPackage,ipt-ipopt))
205
206
207 define KernelPackage/ipt-ipsec
208 TITLE:=Modules for matching IPSec packets
209 KCONFIG:=$(KCONFIG_IPT_IPSEC)
210 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
211 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
212 $(call AddDepends/ipt)
213 endef
214
215 define KernelPackage/ipt-ipsec/description
216 Netfilter (IPv4) modules for matching IPSec packets
217 Includes:
218 - ah
219 - esp
220 - policy
221 endef
222
223 $(eval $(call KernelPackage,ipt-ipsec))
224
225 IPSET_MODULES:= \
226 ipset/ip_set \
227 ipset/ip_set_bitmap_ip \
228 ipset/ip_set_bitmap_ipmac \
229 ipset/ip_set_bitmap_port \
230 ipset/ip_set_hash_ip \
231 ipset/ip_set_hash_ipmark \
232 ipset/ip_set_hash_ipport \
233 ipset/ip_set_hash_ipportip \
234 ipset/ip_set_hash_ipportnet \
235 ipset/ip_set_hash_mac \
236 ipset/ip_set_hash_netportnet \
237 ipset/ip_set_hash_net \
238 ipset/ip_set_hash_netnet \
239 ipset/ip_set_hash_netport \
240 ipset/ip_set_hash_netiface \
241 ipset/ip_set_list_set \
242 xt_set
243
244 define KernelPackage/ipt-ipset
245 SUBMENU:=Netfilter Extensions
246 TITLE:=IPset netfilter modules
247 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
248 KCONFIG:= \
249 CONFIG_IP_SET \
250 CONFIG_IP_SET_MAX=256 \
251 CONFIG_NETFILTER_XT_SET \
252 CONFIG_IP_SET_BITMAP_IP \
253 CONFIG_IP_SET_BITMAP_IPMAC \
254 CONFIG_IP_SET_BITMAP_PORT \
255 CONFIG_IP_SET_HASH_IP \
256 CONFIG_IP_SET_HASH_IPMARK \
257 CONFIG_IP_SET_HASH_IPPORT \
258 CONFIG_IP_SET_HASH_IPPORTIP \
259 CONFIG_IP_SET_HASH_IPPORTNET \
260 CONFIG_IP_SET_HASH_MAC \
261 CONFIG_IP_SET_HASH_NET \
262 CONFIG_IP_SET_HASH_NETNET \
263 CONFIG_IP_SET_HASH_NETIFACE \
264 CONFIG_IP_SET_HASH_NETPORT \
265 CONFIG_IP_SET_HASH_NETPORTNET \
266 CONFIG_IP_SET_LIST_SET \
267 CONFIG_NET_EMATCH_IPSET=n
268 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
269 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
270 endef
271 $(eval $(call KernelPackage,ipt-ipset))
272
273 IPVS_MODULES:= \
274 ip_vs \
275 ip_vs_lc \
276 ip_vs_wlc \
277 ip_vs_rr \
278 ip_vs_wrr \
279 ip_vs_lblc \
280 ip_vs_lblcr \
281 ip_vs_dh \
282 ip_vs_sh \
283 ip_vs_fo \
284 ip_vs_nq \
285 ip_vs_sed
286
287 define KernelPackage/nf-ipvs
288 SUBMENU:=Netfilter Extensions
289 TITLE:=IP Virtual Server modules
290 DEPENDS:=+kmod-lib-crc32c
291 KCONFIG:= \
292 CONFIG_IP_VS \
293 CONFIG_IP_VS_IPV6=y \
294 CONFIG_IP_VS_DEBUG=n \
295 CONFIG_IP_VS_PROTO_TCP=y \
296 CONFIG_IP_VS_PROTO_UDP=y \
297 CONFIG_IP_VS_PROTO_AH_ESP=y \
298 CONFIG_IP_VS_PROTO_ESP=y \
299 CONFIG_IP_VS_PROTO_AH=y \
300 CONFIG_IP_VS_PROTO_SCTP=y \
301 CONFIG_IP_VS_TAB_BITS=12 \
302 CONFIG_IP_VS_RR \
303 CONFIG_IP_VS_WRR \
304 CONFIG_IP_VS_LC \
305 CONFIG_IP_VS_WLC \
306 CONFIG_IP_VS_FO \
307 CONFIG_IP_VS_OVF \
308 CONFIG_IP_VS_LBLC \
309 CONFIG_IP_VS_LBLCR \
310 CONFIG_IP_VS_DH \
311 CONFIG_IP_VS_SH \
312 CONFIG_IP_VS_SED \
313 CONFIG_IP_VS_NQ \
314 CONFIG_IP_VS_SH_TAB_BITS=8 \
315 CONFIG_IP_VS_NFCT=n \
316 CONFIG_NETFILTER_XT_MATCH_IPVS=n
317
318 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/ipvs/$(mod).ko)
319 $(call AddDepends/ipt,+kmod-ipt-conntrack)
320 endef
321 $(eval $(call KernelPackage,nf-ipvs))
322
323 define KernelPackage/nf-ipvs/description
324 IPVS (IP Virtual Server) implements transport-layer load balancing inside the Linux kernel
325 so called Layer-4 switching.
326 endef
327
328 define KernelPackage/ipt-nat
329 TITLE:=Basic NAT targets
330 KCONFIG:=$(KCONFIG_IPT_NAT)
331 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
332 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
333 $(call AddDepends/ipt,+kmod-nf-nat)
334 endef
335
336 define KernelPackage/ipt-nat/description
337 Netfilter (IPv4) kernel modules for basic NAT targets
338 Includes:
339 - MASQUERADE
340 endef
341
342 $(eval $(call KernelPackage,ipt-nat))
343
344
345 define KernelPackage/ipt-nat6
346 TITLE:=IPv6 NAT targets
347 KCONFIG:=$(KCONFIG_IPT_NAT6)
348 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
349 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
350 $(call AddDepends/ipt,+kmod-nf-nat6)
351 $(call AddDepends/ipt,+kmod-ipt-conntrack)
352 $(call AddDepends/ipt,+kmod-ipt-nat)
353 $(call AddDepends/ipt,+kmod-ip6tables)
354 endef
355
356 define KernelPackage/ipt-nat6/description
357 Netfilter (IPv6) kernel modules for NAT targets
358 endef
359
360 $(eval $(call KernelPackage,ipt-nat6))
361
362
363 define KernelPackage/ipt-nat-extra
364 TITLE:=Extra NAT targets
365 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
366 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
367 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
368 $(call AddDepends/ipt,+kmod-ipt-nat)
369 endef
370
371 define KernelPackage/ipt-nat-extra/description
372 Netfilter (IPv4) kernel modules for extra NAT targets
373 Includes:
374 - NETMAP
375 - REDIRECT
376 endef
377
378 $(eval $(call KernelPackage,ipt-nat-extra))
379
380
381 define KernelPackage/nf-nathelper
382 SUBMENU:=$(NF_MENU)
383 TITLE:=Basic Conntrack and NAT helpers
384 KCONFIG:=$(KCONFIG_NF_NATHELPER)
385 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
386 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
387 DEPENDS:=+kmod-nf-nat
388 endef
389
390 define KernelPackage/nf-nathelper/description
391 Default Netfilter (IPv4) Conntrack and NAT helpers
392 Includes:
393 - ftp
394 - irc
395 - tftp
396 endef
397
398 $(eval $(call KernelPackage,nf-nathelper))
399
400
401 define KernelPackage/nf-nathelper-extra
402 SUBMENU:=$(NF_MENU)
403 TITLE:=Extra Conntrack and NAT helpers
404 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
405 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
406 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
407 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
408 endef
409
410 define KernelPackage/nf-nathelper-extra/description
411 Extra Netfilter (IPv4) Conntrack and NAT helpers
412 Includes:
413 - amanda
414 - h323
415 - mms
416 - pptp
417 - proto_gre
418 - sip
419 - snmp_basic
420 - broadcast
421 endef
422
423 $(eval $(call KernelPackage,nf-nathelper-extra))
424
425
426 define KernelPackage/ipt-ulog
427 TITLE:=Module for user-space packet logging
428 KCONFIG:=$(KCONFIG_IPT_ULOG)
429 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
430 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
431 $(call AddDepends/ipt)
432 endef
433
434 define KernelPackage/ipt-ulog/description
435 Netfilter (IPv4) module for user-space packet logging
436 Includes:
437 - ULOG
438 endef
439
440 $(eval $(call KernelPackage,ipt-ulog))
441
442
443 define KernelPackage/ipt-nflog
444 TITLE:=Module for user-space packet logging
445 KCONFIG:=$(KCONFIG_IPT_NFLOG)
446 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
447 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
448 $(call AddDepends/ipt,+kmod-nfnetlink-log)
449 endef
450
451 define KernelPackage/ipt-nflog/description
452 Netfilter module for user-space packet logging
453 Includes:
454 - NFLOG
455 endef
456
457 $(eval $(call KernelPackage,ipt-nflog))
458
459
460 define KernelPackage/ipt-nfqueue
461 TITLE:=Module for user-space packet queuing
462 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
463 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
464 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
465 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
466 endef
467
468 define KernelPackage/ipt-nfqueue/description
469 Netfilter module for user-space packet queuing
470 Includes:
471 - NFQUEUE
472 endef
473
474 $(eval $(call KernelPackage,ipt-nfqueue))
475
476
477 define KernelPackage/ipt-debug
478 TITLE:=Module for debugging/development
479 KCONFIG:=$(KCONFIG_IPT_DEBUG)
480 DEFAULT:=n
481 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
482 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
483 $(call AddDepends/ipt)
484 endef
485
486 define KernelPackage/ipt-debug/description
487 Netfilter modules for debugging/development of the firewall
488 Includes:
489 - TRACE
490 endef
491
492 $(eval $(call KernelPackage,ipt-debug))
493
494
495 define KernelPackage/ipt-led
496 TITLE:=Module to trigger a LED with a Netfilter rule
497 KCONFIG:=$(KCONFIG_IPT_LED)
498 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
499 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
500 $(call AddDepends/ipt)
501 endef
502
503 define KernelPackage/ipt-led/description
504 Netfilter target to trigger a LED when a network packet is matched.
505 endef
506
507 $(eval $(call KernelPackage,ipt-led))
508
509 define KernelPackage/ipt-tproxy
510 TITLE:=Transparent proxying support
511 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
512 KCONFIG:= \
513 CONFIG_NETFILTER_TPROXY \
514 CONFIG_NETFILTER_XT_MATCH_SOCKET \
515 CONFIG_NETFILTER_XT_TARGET_TPROXY
516 FILES:= \
517 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
518 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
519 $(call AddDepends/ipt)
520 endef
521
522 define KernelPackage/ipt-tproxy/description
523 Kernel modules for Transparent Proxying
524 endef
525
526 $(eval $(call KernelPackage,ipt-tproxy))
527
528 define KernelPackage/ipt-tee
529 TITLE:=TEE support
530 DEPENDS:=+kmod-ipt-conntrack @!LINUX_4_4
531 KCONFIG:= \
532 CONFIG_NETFILTER_XT_TARGET_TEE
533 FILES:= \
534 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
535 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
536 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
537 $(call AddDepends/ipt)
538 endef
539
540 define KernelPackage/ipt-tee/description
541 Kernel modules for TEE
542 endef
543
544 $(eval $(call KernelPackage,ipt-tee))
545
546
547 define KernelPackage/ipt-u32
548 TITLE:=U32 support
549 KCONFIG:= \
550 CONFIG_NETFILTER_XT_MATCH_U32
551 FILES:= \
552 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
553 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
554 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
555 $(call AddDepends/ipt)
556 endef
557
558 define KernelPackage/ipt-u32/description
559 Kernel modules for U32
560 endef
561
562 $(eval $(call KernelPackage,ipt-u32))
563
564
565 define KernelPackage/ipt-iprange
566 TITLE:=Module for matching ip ranges
567 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
568 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
569 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
570 $(call AddDepends/ipt)
571 endef
572
573 define KernelPackage/ipt-iprange/description
574 Netfilter (IPv4) module for matching ip ranges
575 Includes:
576 - iprange
577 endef
578
579 $(eval $(call KernelPackage,ipt-iprange))
580
581 define KernelPackage/ipt-cluster
582 TITLE:=Module for matching cluster
583 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
584 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
585 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
586 $(call AddDepends/ipt)
587 endef
588
589 define KernelPackage/ipt-cluster/description
590 Netfilter (IPv4/IPv6) module for matching cluster
591 This option allows you to build work-load-sharing clusters of
592 network servers/stateful firewalls without having a dedicated
593 load-balancing router/server/switch. Basically, this match returns
594 true when the packet must be handled by this cluster node. Thus,
595 all nodes see all packets and this match decides which node handles
596 what packets. The work-load sharing algorithm is based on source
597 address hashing.
598
599 This module is usable for ipv4 and ipv6.
600
601 To use it also enable iptables-mod-cluster
602
603 see `iptables -m cluster --help` for more information.
604 endef
605
606 $(eval $(call KernelPackage,ipt-cluster))
607
608 define KernelPackage/ipt-clusterip
609 TITLE:=Module for CLUSTERIP
610 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
611 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
612 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
613 $(call AddDepends/ipt,+kmod-nf-conntrack)
614 endef
615
616 define KernelPackage/ipt-clusterip/description
617 Netfilter (IPv4-only) module for CLUSTERIP
618 The CLUSTERIP target allows you to build load-balancing clusters of
619 network servers without having a dedicated load-balancing
620 router/server/switch.
621
622 To use it also enable iptables-mod-clusterip
623
624 see `iptables -j CLUSTERIP --help` for more information.
625 endef
626
627 $(eval $(call KernelPackage,ipt-clusterip))
628
629
630 define KernelPackage/ipt-extra
631 TITLE:=Extra modules
632 KCONFIG:=$(KCONFIG_IPT_EXTRA)
633 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
634 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
635 $(call AddDepends/ipt)
636 endef
637
638 define KernelPackage/ipt-extra/description
639 Other Netfilter (IPv4) kernel modules
640 Includes:
641 - addrtype
642 - owner
643 - physdev (if bridge support was enabled in kernel)
644 - pkttype
645 - quota
646 endef
647
648 $(eval $(call KernelPackage,ipt-extra))
649
650
651 define KernelPackage/ip6tables
652 SUBMENU:=$(NF_MENU)
653 TITLE:=IPv6 modules
654 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
655 KCONFIG:=$(KCONFIG_IPT_IPV6)
656 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
657 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
658 endef
659
660 define KernelPackage/ip6tables/description
661 Netfilter IPv6 firewalling support
662 endef
663
664 $(eval $(call KernelPackage,ip6tables))
665
666 define KernelPackage/ip6tables-extra
667 SUBMENU:=$(NF_MENU)
668 TITLE:=Extra IPv6 modules
669 DEPENDS:=+kmod-ip6tables
670 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
671 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
672 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
673 endef
674
675 define KernelPackage/ip6tables-extra/description
676 Netfilter IPv6 extra header matching modules
677 endef
678
679 $(eval $(call KernelPackage,ip6tables-extra))
680
681 ARP_MODULES = arp_tables arpt_mangle arptable_filter
682 define KernelPackage/arptables
683 SUBMENU:=$(NF_MENU)
684 TITLE:=ARP firewalling modules
685 DEPENDS:=+kmod-ipt-core
686 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
687 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
688 CONFIG_IP_NF_ARPFILTER \
689 CONFIG_IP_NF_ARP_MANGLE
690 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
691 endef
692
693 define KernelPackage/arptables/description
694 Kernel modules for ARP firewalling
695 endef
696
697 $(eval $(call KernelPackage,arptables))
698
699
700 define KernelPackage/ebtables
701 SUBMENU:=$(NF_MENU)
702 TITLE:=Bridge firewalling modules
703 DEPENDS:=+kmod-ipt-core +kmod-bridge
704 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
705 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
706 $(KCONFIG_EBTABLES)
707 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
708 endef
709
710 define KernelPackage/ebtables/description
711 ebtables is a general, extensible frame/packet identification
712 framework. It provides you to do Ethernet
713 filtering/NAT/brouting on the Ethernet bridge.
714 endef
715
716 $(eval $(call KernelPackage,ebtables))
717
718
719 define AddDepends/ebtables
720 SUBMENU:=$(NF_MENU)
721 DEPENDS+=kmod-ebtables $(1)
722 endef
723
724
725 define KernelPackage/ebtables-ipv4
726 TITLE:=ebtables: IPv4 support
727 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
728 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
729 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
730 $(call AddDepends/ebtables)
731 endef
732
733 define KernelPackage/ebtables-ipv4/description
734 This option adds the IPv4 support to ebtables, which allows basic
735 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
736 endef
737
738 $(eval $(call KernelPackage,ebtables-ipv4))
739
740
741 define KernelPackage/ebtables-ipv6
742 TITLE:=ebtables: IPv6 support
743 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
744 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
745 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
746 $(call AddDepends/ebtables)
747 endef
748
749 define KernelPackage/ebtables-ipv6/description
750 This option adds the IPv6 support to ebtables, which allows basic
751 IPv6 header field filtering and target support.
752 endef
753
754 $(eval $(call KernelPackage,ebtables-ipv6))
755
756
757 define KernelPackage/ebtables-watchers
758 TITLE:=ebtables: watchers support
759 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
760 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
761 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
762 $(call AddDepends/ebtables)
763 endef
764
765 define KernelPackage/ebtables-watchers/description
766 This option adds the log watchers, that you can use in any rule
767 in any ebtables table.
768 endef
769
770 $(eval $(call KernelPackage,ebtables-watchers))
771
772
773 define KernelPackage/nfnetlink
774 SUBMENU:=$(NF_MENU)
775 TITLE:=Netlink-based userspace interface
776 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
777 KCONFIG:=$(KCONFIG_NFNETLINK)
778 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
779 endef
780
781 define KernelPackage/nfnetlink/description
782 Kernel modules support for a netlink-based userspace interface
783 endef
784
785 $(eval $(call KernelPackage,nfnetlink))
786
787
788 define AddDepends/nfnetlink
789 SUBMENU:=$(NF_MENU)
790 DEPENDS+=+kmod-nfnetlink $(1)
791 endef
792
793
794 define KernelPackage/nfnetlink-log
795 TITLE:=Netfilter LOG over NFNETLINK interface
796 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
797 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
798 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
799 $(call AddDepends/nfnetlink)
800 endef
801
802 define KernelPackage/nfnetlink-log/description
803 Kernel modules support for logging packets via NFNETLINK
804 Includes:
805 - NFLOG
806 endef
807
808 $(eval $(call KernelPackage,nfnetlink-log))
809
810
811 define KernelPackage/nfnetlink-queue
812 TITLE:=Netfilter QUEUE over NFNETLINK interface
813 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
814 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
815 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
816 $(call AddDepends/nfnetlink)
817 endef
818
819 define KernelPackage/nfnetlink-queue/description
820 Kernel modules support for queueing packets via NFNETLINK
821 Includes:
822 - NFQUEUE
823 endef
824
825 $(eval $(call KernelPackage,nfnetlink-queue))
826
827
828 define KernelPackage/nf-conntrack-netlink
829 TITLE:=Connection tracking netlink interface
830 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
831 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
832 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
833 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
834 endef
835
836 define KernelPackage/nf-conntrack-netlink/description
837 Kernel modules support for a netlink-based connection tracking
838 userspace interface
839 endef
840
841 $(eval $(call KernelPackage,nf-conntrack-netlink))
842
843 define KernelPackage/ipt-hashlimit
844 SUBMENU:=$(NF_MENU)
845 TITLE:=Netfilter hashlimit match
846 DEPENDS:=+kmod-ipt-core
847 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
848 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
849 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
850 $(call KernelPackage/ipt)
851 endef
852
853 define KernelPackage/ipt-hashlimit/description
854 Kernel modules support for the hashlimit bucket match module
855 endef
856
857 $(eval $(call KernelPackage,ipt-hashlimit))
858
859
860 define KernelPackage/nft-core
861 SUBMENU:=$(NF_MENU)
862 TITLE:=Netfilter nf_tables support
863 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
864 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
865 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
866 KCONFIG:= \
867 CONFIG_NETFILTER=y \
868 CONFIG_NETFILTER_ADVANCED=y \
869 CONFIG_NFT_COMPAT=n \
870 CONFIG_NFT_QUEUE=n \
871 CONFIG_NF_TABLES_ARP=n \
872 CONFIG_NF_TABLES_BRIDGE=n \
873 $(KCONFIG_NFT_CORE)
874 endef
875
876 define KernelPackage/nft-core/description
877 Kernel module support for nftables
878 endef
879
880 $(eval $(call KernelPackage,nft-core))
881
882
883 define KernelPackage/nft-nat
884 SUBMENU:=$(NF_MENU)
885 TITLE:=Netfilter nf_tables NAT support
886 DEPENDS:=+kmod-nft-core +kmod-nf-nat
887 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
888 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
889 KCONFIG:=$(KCONFIG_NFT_NAT)
890 endef
891
892 $(eval $(call KernelPackage,nft-nat))
893
894
895 define KernelPackage/nft-nat6
896 SUBMENU:=$(NF_MENU)
897 TITLE:=Netfilter nf_tables IPv6-NAT support
898 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
899 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
900 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
901 KCONFIG:=$(KCONFIG_NFT_NAT6)
902 endef
903
904 $(eval $(call KernelPackage,nft-nat6))
905
lynxis staging tree for omap