X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fstaging%2Fwigyori.git;a=blobdiff_plain;f=package%2Fkernel%2Flinux%2Fmodules%2Fnetfilter.mk;h=a5941d231042b5378febcb1ce45638929bfde936;hp=f64808c1bee56931cc0afc2c0a31f0d529c51a68;hb=71f4d8a0959e0f350dabb640b11bf14d57467042;hpb=34eb384597a628350a7db75ae62bd580bd341c36 diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index f64808c1be..a5941d2310 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -68,6 +68,7 @@ define KernelPackage/nf-conntrack KCONFIG:= \ CONFIG_NETFILTER=y \ CONFIG_NETFILTER_ADVANCED=y \ + CONFIG_NF_CONNTRACK_ZONES=y \ $(KCONFIG_NF_CONNTRACK) FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m))) @@ -80,7 +81,7 @@ define KernelPackage/nf-conntrack6 SUBMENU:=$(NF_MENU) TITLE:=Netfilter IPv6 connection tracking KCONFIG:=$(KCONFIG_NF_CONNTRACK6) - DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack + DEPENDS:=@IPV6 +kmod-nf-conntrack FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m))) endef @@ -171,7 +172,6 @@ endef define KernelPackage/ipt-filter/description Netfilter (IPv4) kernel modules for packet content inspection Includes: - - layer7 - string endef @@ -229,11 +229,11 @@ IPSET_MODULES:= \ ipset/ip_set_bitmap_ipmac \ ipset/ip_set_bitmap_port \ ipset/ip_set_hash_ip \ - ipset/ip_set_hash_ipmark@ge3.18 \ + ipset/ip_set_hash_ipmark \ ipset/ip_set_hash_ipport \ ipset/ip_set_hash_ipportip \ ipset/ip_set_hash_ipportnet \ - ipset/ip_set_hash_mac@ge3.18 \ + ipset/ip_set_hash_mac \ ipset/ip_set_hash_netportnet \ ipset/ip_set_hash_net \ ipset/ip_set_hash_netnet \ @@ -289,6 +289,28 @@ endef $(eval $(call KernelPackage,ipt-nat)) +define KernelPackage/ipt-raw + TITLE:=Netfilter IPv4 raw table support + KCONFIG:=CONFIG_IP_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko + AUTOLOAD:=$(call AutoProbe,iptable_raw) + $(call AddDepends/ipt) +endef + +$(eval $(call KernelPackage,ipt-raw)) + + +define KernelPackage/ipt-raw6 + TITLE:=Netfilter IPv6 raw table support + KCONFIG:=CONFIG_IP6_NF_RAW + FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko + AUTOLOAD:=$(call AutoProbe,ip6table_raw) + $(call AddDepends/ipt,+kmod-ip6tables) +endef + +$(eval $(call KernelPackage,ipt-raw6)) + + define KernelPackage/ipt-nat6 TITLE:=IPv6 NAT targets KCONFIG:=$(KCONFIG_IPT_NAT6) @@ -455,15 +477,13 @@ $(eval $(call KernelPackage,ipt-led)) define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables + DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables KCONFIG:= \ - CONFIG_NETFILTER_TPROXY \ CONFIG_NETFILTER_XT_MATCH_SOCKET \ CONFIG_NETFILTER_XT_TARGET_TPROXY FILES:= \ - $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \ $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) $(call AddDepends/ipt) endef @@ -475,7 +495,7 @@ $(eval $(call KernelPackage,ipt-tproxy)) define KernelPackage/ipt-tee TITLE:=TEE support - DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6 + DEPENDS:=+kmod-ipt-conntrack KCONFIG:= \ CONFIG_NETFILTER_XT_TARGET_TEE FILES:= \ @@ -580,7 +600,7 @@ define KernelPackage/ipt-extra KCONFIG:=$(KCONFIG_IPT_EXTRA) FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m))) - $(call AddDepends/ipt) + $(call AddDepends/ipt,+kmod-br-netfilter) endef define KernelPackage/ipt-extra/description @@ -645,13 +665,25 @@ endef $(eval $(call KernelPackage,arptables)) +define KernelPackage/br-netfilter + SUBMENU:=$(NF_MENU) + TITLE:=Bridge netfilter support modules + HIDDEN:=1 + DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER + AUTOLOAD:=$(call AutoProbe,br_netfilter) +endef + +$(eval $(call KernelPackage,br-netfilter)) + + define KernelPackage/ebtables SUBMENU:=$(NF_MENU) TITLE:=Bridge firewalling modules - DEPENDS:=+kmod-ipt-core +kmod-bridge + DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) - KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \ - $(KCONFIG_EBTABLES) + KCONFIG:=$(KCONFIG_EBTABLES) AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) endef @@ -776,7 +808,7 @@ $(eval $(call KernelPackage,nfnetlink-queue)) define KernelPackage/nf-conntrack-netlink TITLE:=Connection tracking netlink interface FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko - KCONFIG:=CONFIG_NF_CT_NETLINK + KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink) $(call AddDepends/nfnetlink,+kmod-ipt-conntrack) endef @@ -808,7 +840,7 @@ $(eval $(call KernelPackage,ipt-hashlimit)) define KernelPackage/nft-core SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables support - DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 + DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m))) KCONFIG:= \ @@ -831,7 +863,7 @@ $(eval $(call KernelPackage,nft-core)) define KernelPackage/nft-nat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables NAT support - DEPENDS:=+kmod-nft-core +kmod-nf-nat + DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m))) KCONFIG:=$(KCONFIG_NFT_NAT)