projects / openwrt / staging / xback.git / blob
? search:


22b7dbd28588d150fa8606dee75ebebd79574ab1
[openwrt/staging/xback.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt +kmod-nf-log6
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt +kmod-nf-log
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-log
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter Logging
127 KCONFIG:=$(KCONFIG_NF_LOG)
128 FILES:=$(foreach mod,$(NF_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
129 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG-m)))
130 endef
131
132 $(eval $(call KernelPackage,nf-log))
133
134
135 define KernelPackage/nf-log6
136 SUBMENU:=$(NF_MENU)
137 TITLE:=Netfilter IPV6 Logging
138 KCONFIG:=$(KCONFIG_NF_LOG6)
139 DEPENDS:=@IPV6 +kmod-nf-log
140 FILES:=$(foreach mod,$(NF_LOG6-m),$(LINUX_DIR)/net/$(mod).ko)
141 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_LOG6-m)))
142 endef
143
144 $(eval $(call KernelPackage,nf-log6))
145
146
147 define KernelPackage/nf-nat
148 SUBMENU:=$(NF_MENU)
149 TITLE:=Netfilter NAT
150 KCONFIG:=$(KCONFIG_NF_NAT)
151 DEPENDS:=+kmod-nf-conntrack
152 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
154 endef
155
156 $(eval $(call KernelPackage,nf-nat))
157
158
159 define KernelPackage/nf-nat6
160 SUBMENU:=$(NF_MENU)
161 TITLE:=Netfilter IPV6-NAT
162 KCONFIG:=$(KCONFIG_NF_NAT6)
163 DEPENDS:=@IPV6 +kmod-nf-conntrack6 +kmod-nf-nat
164 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
165 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
166 endef
167
168 $(eval $(call KernelPackage,nf-nat6))
169
170
171 define KernelPackage/nf-flow
172 SUBMENU:=$(NF_MENU)
173 TITLE:=Netfilter flowtable support
174 KCONFIG:= \
175 CONFIG_NETFILTER_INGRESS=y \
176 CONFIG_NF_FLOW_TABLE \
177 CONFIG_NF_FLOW_TABLE_HW
178 DEPENDS:=+kmod-nf-conntrack
179 FILES:= $(LINUX_DIR)/net/netfilter/nf_flow_table.ko
180 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
181 endef
182
183 $(eval $(call KernelPackage,nf-flow))
184
185
186 define KernelPackage/nf-socket
187 SUBMENU:=$(NF_MENU)
188 TITLE:=Netfilter socket lookup support
189 KCONFIG:= $(KCOFNIG_NF_SOCKET)
190 FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
191 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
192 endef
193
194 $(eval $(call KernelPackage,nf-socket))
195
196
197 define KernelPackage/nf-tproxy
198 SUBMENU:=$(NF_MENU)
199 TITLE:=Netfilter tproxy support
200 KCONFIG:= $(KCOFNIG_NF_TPROXY)
201 FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
202 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
203 endef
204
205 $(eval $(call KernelPackage,nf-tproxy))
206
207
208 define AddDepends/ipt
209 SUBMENU:=$(NF_MENU)
210 DEPENDS+= +kmod-ipt-core $(1)
211 endef
212
213
214 define KernelPackage/ipt-conntrack
215 TITLE:=Basic connection tracking modules
216 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
217 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
218 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
219 $(call AddDepends/ipt,+kmod-nf-conntrack)
220 endef
221
222 define KernelPackage/ipt-conntrack/description
223 Netfilter (IPv4) kernel modules for connection tracking
224 Includes:
225 - conntrack
226 - defrag
227 - iptables_raw
228 - NOTRACK
229 - state
230 endef
231
232 $(eval $(call KernelPackage,ipt-conntrack))
233
234
235 define KernelPackage/ipt-conntrack-extra
236 TITLE:=Extra connection tracking modules
237 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
238 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
239 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
240 $(call AddDepends/ipt,+kmod-ipt-conntrack)
241 endef
242
243 define KernelPackage/ipt-conntrack-extra/description
244 Netfilter (IPv4) extra kernel modules for connection tracking
245 Includes:
246 - connbytes
247 - connmark/CONNMARK
248 - conntrack
249 - helper
250 - recent
251 endef
252
253 $(eval $(call KernelPackage,ipt-conntrack-extra))
254
255 define KernelPackage/ipt-conntrack-label
256 TITLE:=Module for handling connection tracking labels
257 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
258 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
259 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
260 $(call AddDepends/ipt,+kmod-ipt-conntrack)
261 endef
262
263 define KernelPackage/ipt-conntrack-label/description
264 Netfilter (IPv4) module for handling connection tracking labels
265 Includes:
266 - connlabel
267 endef
268
269 $(eval $(call KernelPackage,ipt-conntrack-label))
270
271 define KernelPackage/ipt-filter
272 TITLE:=Modules for packet content inspection
273 KCONFIG:=$(KCONFIG_IPT_FILTER)
274 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
275 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
276 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
277 endef
278
279 define KernelPackage/ipt-filter/description
280 Netfilter (IPv4) kernel modules for packet content inspection
281 Includes:
282 - string
283 - bpf
284 endef
285
286 $(eval $(call KernelPackage,ipt-filter))
287
288
289 define KernelPackage/ipt-offload
290 TITLE:=Netfilter routing/NAT offload support
291 KCONFIG:=$(KCONFIG_IPT_FLOW)
292 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
293 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
294 $(call AddDepends/ipt,+kmod-nf-flow)
295 endef
296
297 $(eval $(call KernelPackage,ipt-offload))
298
299
300 define KernelPackage/ipt-ipopt
301 TITLE:=Modules for matching/changing IP packet options
302 KCONFIG:=$(KCONFIG_IPT_IPOPT)
303 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
304 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
305 $(call AddDepends/ipt)
306 endef
307
308 define KernelPackage/ipt-ipopt/description
309 Netfilter (IPv4) modules for matching/changing IP packet options
310 Includes:
311 - CLASSIFY
312 - dscp/DSCP
313 - ecn/ECN
314 - hl/HL
315 - length
316 - mark/MARK
317 - statistic
318 - tcpmss
319 - time
320 - ttl/TTL
321 - unclean
322 endef
323
324 $(eval $(call KernelPackage,ipt-ipopt))
325
326
327 define KernelPackage/ipt-ipsec
328 TITLE:=Modules for matching IPSec packets
329 KCONFIG:=$(KCONFIG_IPT_IPSEC)
330 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
331 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
332 $(call AddDepends/ipt)
333 endef
334
335 define KernelPackage/ipt-ipsec/description
336 Netfilter (IPv4) modules for matching IPSec packets
337 Includes:
338 - ah
339 - esp
340 - policy
341 endef
342
343 $(eval $(call KernelPackage,ipt-ipsec))
344
345 IPSET_MODULES:= \
346 ipset/ip_set \
347 ipset/ip_set_bitmap_ip \
348 ipset/ip_set_bitmap_ipmac \
349 ipset/ip_set_bitmap_port \
350 ipset/ip_set_hash_ip \
351 ipset/ip_set_hash_ipmac \
352 ipset/ip_set_hash_ipmark \
353 ipset/ip_set_hash_ipport \
354 ipset/ip_set_hash_ipportip \
355 ipset/ip_set_hash_ipportnet \
356 ipset/ip_set_hash_mac \
357 ipset/ip_set_hash_netportnet \
358 ipset/ip_set_hash_net \
359 ipset/ip_set_hash_netnet \
360 ipset/ip_set_hash_netport \
361 ipset/ip_set_hash_netiface \
362 ipset/ip_set_list_set \
363 xt_set
364
365 define KernelPackage/ipt-ipset
366 SUBMENU:=Netfilter Extensions
367 TITLE:=IPset netfilter modules
368 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
369 KCONFIG:= \
370 CONFIG_IP_SET \
371 CONFIG_IP_SET_MAX=256 \
372 CONFIG_NETFILTER_XT_SET \
373 CONFIG_IP_SET_BITMAP_IP \
374 CONFIG_IP_SET_BITMAP_IPMAC \
375 CONFIG_IP_SET_BITMAP_PORT \
376 CONFIG_IP_SET_HASH_IP \
377 CONFIG_IP_SET_HASH_IPMAC \
378 CONFIG_IP_SET_HASH_IPMARK \
379 CONFIG_IP_SET_HASH_IPPORT \
380 CONFIG_IP_SET_HASH_IPPORTIP \
381 CONFIG_IP_SET_HASH_IPPORTNET \
382 CONFIG_IP_SET_HASH_MAC \
383 CONFIG_IP_SET_HASH_NET \
384 CONFIG_IP_SET_HASH_NETNET \
385 CONFIG_IP_SET_HASH_NETIFACE \
386 CONFIG_IP_SET_HASH_NETPORT \
387 CONFIG_IP_SET_HASH_NETPORTNET \
388 CONFIG_IP_SET_LIST_SET \
389 CONFIG_NET_EMATCH_IPSET=n
390 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
391 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
392 endef
393 $(eval $(call KernelPackage,ipt-ipset))
394
395
396 IPVS_MODULES:= \
397 ipvs/ip_vs \
398 ipvs/ip_vs_lc \
399 ipvs/ip_vs_wlc \
400 ipvs/ip_vs_rr \
401 ipvs/ip_vs_wrr \
402 ipvs/ip_vs_lblc \
403 ipvs/ip_vs_lblcr \
404 ipvs/ip_vs_dh \
405 ipvs/ip_vs_sh \
406 ipvs/ip_vs_fo \
407 ipvs/ip_vs_ovf \
408 ipvs/ip_vs_nq \
409 ipvs/ip_vs_sed \
410 xt_ipvs
411
412 define KernelPackage/nf-ipvs
413 SUBMENU:=Netfilter Extensions
414 TITLE:=IP Virtual Server modules
415 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
416 KCONFIG:= \
417 CONFIG_IP_VS \
418 CONFIG_IP_VS_IPV6=y \
419 CONFIG_IP_VS_DEBUG=n \
420 CONFIG_IP_VS_PROTO_TCP=y \
421 CONFIG_IP_VS_PROTO_UDP=y \
422 CONFIG_IP_VS_PROTO_AH_ESP=y \
423 CONFIG_IP_VS_PROTO_ESP=y \
424 CONFIG_IP_VS_PROTO_AH=y \
425 CONFIG_IP_VS_PROTO_SCTP=y \
426 CONFIG_IP_VS_TAB_BITS=12 \
427 CONFIG_IP_VS_RR \
428 CONFIG_IP_VS_WRR \
429 CONFIG_IP_VS_LC \
430 CONFIG_IP_VS_WLC \
431 CONFIG_IP_VS_FO \
432 CONFIG_IP_VS_OVF \
433 CONFIG_IP_VS_LBLC \
434 CONFIG_IP_VS_LBLCR \
435 CONFIG_IP_VS_DH \
436 CONFIG_IP_VS_SH \
437 CONFIG_IP_VS_SED \
438 CONFIG_IP_VS_NQ \
439 CONFIG_IP_VS_SH_TAB_BITS=8 \
440 CONFIG_IP_VS_NFCT=y \
441 CONFIG_NETFILTER_XT_MATCH_IPVS
442 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
443 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
444 endef
445
446 define KernelPackage/nf-ipvs/description
447 IPVS (IP Virtual Server) implements transport-layer load balancing inside
448 the Linux kernel so called Layer-4 switching.
449 endef
450
451 $(eval $(call KernelPackage,nf-ipvs))
452
453
454 define KernelPackage/nf-ipvs-ftp
455 SUBMENU:=$(NF_MENU)
456 TITLE:=Virtual Server FTP protocol support
457 KCONFIG:=CONFIG_IP_VS_FTP
458 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
459 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
460 endef
461
462 define KernelPackage/nf-ipvs-ftp/description
463 In the virtual server via Network Address Translation,
464 the IP address and port number of real servers cannot be sent to
465 clients in ftp connections directly, so FTP protocol helper is
466 required for tracking the connection and mangling it back to that of
467 virtual service.
468 endef
469
470 $(eval $(call KernelPackage,nf-ipvs-ftp))
471
472
473 define KernelPackage/nf-ipvs-sip
474 SUBMENU:=$(NF_MENU)
475 TITLE:=Virtual Server SIP protocol support
476 KCONFIG:=CONFIG_IP_VS_PE_SIP
477 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
478 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
479 endef
480
481 define KernelPackage/nf-ipvs-sip/description
482 Allow persistence based on the SIP Call-ID
483 endef
484
485 $(eval $(call KernelPackage,nf-ipvs-sip))
486
487
488 define KernelPackage/ipt-nat
489 TITLE:=Basic NAT targets
490 KCONFIG:=$(KCONFIG_IPT_NAT)
491 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
492 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
493 $(call AddDepends/ipt,+kmod-nf-nat)
494 endef
495
496 define KernelPackage/ipt-nat/description
497 Netfilter (IPv4) kernel modules for basic NAT targets
498 Includes:
499 - MASQUERADE
500 endef
501
502 $(eval $(call KernelPackage,ipt-nat))
503
504
505 define KernelPackage/ipt-raw
506 TITLE:=Netfilter IPv4 raw table support
507 KCONFIG:=CONFIG_IP_NF_RAW
508 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
509 AUTOLOAD:=$(call AutoProbe,iptable_raw)
510 $(call AddDepends/ipt)
511 endef
512
513 $(eval $(call KernelPackage,ipt-raw))
514
515
516 define KernelPackage/ipt-raw6
517 TITLE:=Netfilter IPv6 raw table support
518 DEPENDS:=@IPV6
519 KCONFIG:=CONFIG_IP6_NF_RAW
520 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
521 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
522 $(call AddDepends/ipt,+kmod-ip6tables)
523 endef
524
525 $(eval $(call KernelPackage,ipt-raw6))
526
527
528 define KernelPackage/ipt-nat6
529 TITLE:=IPv6 NAT targets
530 DEPENDS:=@IPV6
531 KCONFIG:=$(KCONFIG_IPT_NAT6)
532 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
533 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
534 $(call AddDepends/ipt,+kmod-nf-nat6)
535 $(call AddDepends/ipt,+kmod-ipt-conntrack)
536 $(call AddDepends/ipt,+kmod-ipt-nat)
537 $(call AddDepends/ipt,+kmod-ip6tables)
538 endef
539
540 define KernelPackage/ipt-nat6/description
541 Netfilter (IPv6) kernel modules for NAT targets
542 endef
543
544 $(eval $(call KernelPackage,ipt-nat6))
545
546
547 define KernelPackage/ipt-nat-extra
548 TITLE:=Extra NAT targets
549 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
550 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
551 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
552 $(call AddDepends/ipt,+kmod-ipt-nat)
553 endef
554
555 define KernelPackage/ipt-nat-extra/description
556 Netfilter (IPv4) kernel modules for extra NAT targets
557 Includes:
558 - NETMAP
559 - REDIRECT
560 endef
561
562 $(eval $(call KernelPackage,ipt-nat-extra))
563
564
565 define KernelPackage/nf-nathelper
566 SUBMENU:=$(NF_MENU)
567 TITLE:=Basic Conntrack and NAT helpers
568 KCONFIG:=$(KCONFIG_NF_NATHELPER)
569 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
570 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
571 DEPENDS:=+kmod-nf-nat
572 endef
573
574 define KernelPackage/nf-nathelper/description
575 Default Netfilter (IPv4) Conntrack and NAT helpers
576 Includes:
577 - ftp
578 endef
579
580 $(eval $(call KernelPackage,nf-nathelper))
581
582
583 define KernelPackage/nf-nathelper-extra
584 SUBMENU:=$(NF_MENU)
585 TITLE:=Extra Conntrack and NAT helpers
586 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
587 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
588 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
589 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-asn1-decoder
590 endef
591
592 define KernelPackage/nf-nathelper-extra/description
593 Extra Netfilter (IPv4) Conntrack and NAT helpers
594 Includes:
595 - amanda
596 - h323
597 - irc
598 - mms
599 - pptp
600 - proto_gre
601 - sip
602 - snmp_basic
603 - tftp
604 - broadcast
605 endef
606
607 $(eval $(call KernelPackage,nf-nathelper-extra))
608
609
610 define KernelPackage/ipt-ulog
611 TITLE:=Module for user-space packet logging
612 KCONFIG:=$(KCONFIG_IPT_ULOG)
613 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
614 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
615 $(call AddDepends/ipt)
616 endef
617
618 define KernelPackage/ipt-ulog/description
619 Netfilter (IPv4) module for user-space packet logging
620 Includes:
621 - ULOG
622 endef
623
624 $(eval $(call KernelPackage,ipt-ulog))
625
626
627 define KernelPackage/ipt-nflog
628 TITLE:=Module for user-space packet logging
629 KCONFIG:=$(KCONFIG_IPT_NFLOG)
630 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
631 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
632 $(call AddDepends/ipt,+kmod-nfnetlink-log)
633 endef
634
635 define KernelPackage/ipt-nflog/description
636 Netfilter module for user-space packet logging
637 Includes:
638 - NFLOG
639 endef
640
641 $(eval $(call KernelPackage,ipt-nflog))
642
643
644 define KernelPackage/ipt-nfqueue
645 TITLE:=Module for user-space packet queuing
646 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
647 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
648 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
649 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
650 endef
651
652 define KernelPackage/ipt-nfqueue/description
653 Netfilter module for user-space packet queuing
654 Includes:
655 - NFQUEUE
656 endef
657
658 $(eval $(call KernelPackage,ipt-nfqueue))
659
660
661 define KernelPackage/ipt-debug
662 TITLE:=Module for debugging/development
663 KCONFIG:=$(KCONFIG_IPT_DEBUG)
664 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
665 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
666 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
667 endef
668
669 define KernelPackage/ipt-debug/description
670 Netfilter modules for debugging/development of the firewall
671 Includes:
672 - TRACE
673 endef
674
675 $(eval $(call KernelPackage,ipt-debug))
676
677
678 define KernelPackage/ipt-led
679 TITLE:=Module to trigger a LED with a Netfilter rule
680 KCONFIG:=$(KCONFIG_IPT_LED)
681 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
682 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
683 $(call AddDepends/ipt)
684 endef
685
686 define KernelPackage/ipt-led/description
687 Netfilter target to trigger a LED when a network packet is matched.
688 endef
689
690 $(eval $(call KernelPackage,ipt-led))
691
692 define KernelPackage/ipt-socket
693 TITLE:=Iptables socket matching support
694 DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
695 KCONFIG:=$(KCONFIG_IPT_SOCKET)
696 FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
697 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
698 $(call AddDepends/ipt)
699 endef
700
701 define KernelPackage/ipt-socket/description
702 Kernel modules for socket matching
703 endef
704
705 $(eval $(call KernelPackage,ipt-socket))
706
707 define KernelPackage/ipt-tproxy
708 TITLE:=Transparent proxying support
709 DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
710 KCONFIG:=$(KCONFIG_IPT_TPROXY)
711 FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
712 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
713 $(call AddDepends/ipt)
714 endef
715
716 define KernelPackage/ipt-tproxy/description
717 Kernel modules for Transparent Proxying
718 endef
719
720 $(eval $(call KernelPackage,ipt-tproxy))
721
722 define KernelPackage/ipt-tee
723 TITLE:=TEE support
724 DEPENDS:=+kmod-ipt-conntrack
725 KCONFIG:=$(KCONFIG_IPT_TEE)
726 FILES:=$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
727 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
728 $(call AddDepends/ipt)
729 endef
730
731 define KernelPackage/ipt-tee/description
732 Kernel modules for TEE
733 endef
734
735 $(eval $(call KernelPackage,ipt-tee))
736
737
738 define KernelPackage/ipt-u32
739 TITLE:=U32 support
740 KCONFIG:=$(KCONFIG_IPT_U32)
741 FILES:=$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
742 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
743 $(call AddDepends/ipt)
744 endef
745
746 define KernelPackage/ipt-u32/description
747 Kernel modules for U32
748 endef
749
750 $(eval $(call KernelPackage,ipt-u32))
751
752 define KernelPackage/ipt-checksum
753 TITLE:=CHECKSUM support
754 KCONFIG:=$(KCONFIG_IPT_CHECKSUM)
755 FILES:=$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
756 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
757 $(call AddDepends/ipt)
758 endef
759
760 define KernelPackage/ipt-checksum/description
761 Kernel modules for CHECKSUM fillin target
762 endef
763
764 $(eval $(call KernelPackage,ipt-checksum))
765
766
767 define KernelPackage/ipt-iprange
768 TITLE:=Module for matching ip ranges
769 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
770 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
771 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
772 $(call AddDepends/ipt)
773 endef
774
775 define KernelPackage/ipt-iprange/description
776 Netfilter (IPv4) module for matching ip ranges
777 Includes:
778 - iprange
779 endef
780
781 $(eval $(call KernelPackage,ipt-iprange))
782
783 define KernelPackage/ipt-cluster
784 TITLE:=Module for matching cluster
785 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
786 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
787 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
788 $(call AddDepends/ipt,+kmod-nf-conntrack)
789 endef
790
791 define KernelPackage/ipt-cluster/description
792 Netfilter (IPv4/IPv6) module for matching cluster
793 This option allows you to build work-load-sharing clusters of
794 network servers/stateful firewalls without having a dedicated
795 load-balancing router/server/switch. Basically, this match returns
796 true when the packet must be handled by this cluster node. Thus,
797 all nodes see all packets and this match decides which node handles
798 what packets. The work-load sharing algorithm is based on source
799 address hashing.
800
801 This module is usable for ipv4 and ipv6.
802
803 To use it also enable iptables-mod-cluster
804
805 see `iptables -m cluster --help` for more information.
806 endef
807
808 $(eval $(call KernelPackage,ipt-cluster))
809
810 define KernelPackage/ipt-clusterip
811 TITLE:=Module for CLUSTERIP
812 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
813 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
814 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
815 $(call AddDepends/ipt,+kmod-nf-conntrack)
816 endef
817
818 define KernelPackage/ipt-clusterip/description
819 Netfilter (IPv4-only) module for CLUSTERIP
820 The CLUSTERIP target allows you to build load-balancing clusters of
821 network servers without having a dedicated load-balancing
822 router/server/switch.
823
824 To use it also enable iptables-mod-clusterip
825
826 see `iptables -j CLUSTERIP --help` for more information.
827 endef
828
829 $(eval $(call KernelPackage,ipt-clusterip))
830
831
832 define KernelPackage/ipt-extra
833 TITLE:=Extra modules
834 KCONFIG:=$(KCONFIG_IPT_EXTRA)
835 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
836 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
837 $(call AddDepends/ipt)
838 endef
839
840 define KernelPackage/ipt-extra/description
841 Other Netfilter (IPv4) kernel modules
842 Includes:
843 - addrtype
844 - owner
845 - pkttype
846 - quota
847 endef
848
849 $(eval $(call KernelPackage,ipt-extra))
850
851
852 define KernelPackage/ipt-physdev
853 TITLE:=physdev module
854 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
855 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
856 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
857 $(call AddDepends/ipt,+kmod-br-netfilter)
858 endef
859
860 define KernelPackage/ipt-physdev/description
861 The iptables physdev kernel module
862 endef
863
864 $(eval $(call KernelPackage,ipt-physdev))
865
866
867 define KernelPackage/ip6tables
868 SUBMENU:=$(NF_MENU)
869 TITLE:=IPv6 modules
870 DEPENDS:=@IPV6 +kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
871 KCONFIG:=$(KCONFIG_IPT_IPV6)
872 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
873 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
874 endef
875
876 define KernelPackage/ip6tables/description
877 Netfilter IPv6 firewalling support
878 endef
879
880 $(eval $(call KernelPackage,ip6tables))
881
882 define KernelPackage/ip6tables-extra
883 SUBMENU:=$(NF_MENU)
884 TITLE:=Extra IPv6 modules
885 DEPENDS:=@IPV6 +kmod-ip6tables
886 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
887 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
888 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
889 endef
890
891 define KernelPackage/ip6tables-extra/description
892 Netfilter IPv6 extra header matching modules
893 endef
894
895 $(eval $(call KernelPackage,ip6tables-extra))
896
897 ARP_MODULES = arp_tables arpt_mangle arptable_filter
898 define KernelPackage/arptables
899 SUBMENU:=$(NF_MENU)
900 TITLE:=ARP firewalling modules
901 DEPENDS:=+kmod-ipt-core
902 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
903 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
904 CONFIG_IP_NF_ARPFILTER \
905 CONFIG_IP_NF_ARP_MANGLE
906 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
907 endef
908
909 define KernelPackage/arptables/description
910 Kernel modules for ARP firewalling
911 endef
912
913 $(eval $(call KernelPackage,arptables))
914
915
916 define KernelPackage/br-netfilter
917 SUBMENU:=$(NF_MENU)
918 TITLE:=Bridge netfilter support modules
919 DEPENDS:=+kmod-ipt-core
920 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
921 KCONFIG:=CONFIG_BRIDGE_NETFILTER
922 AUTOLOAD:=$(call AutoProbe,br_netfilter)
923 endef
924
925 define KernelPackage/br-netfilter/install
926 $(INSTALL_DIR) $(1)/etc/sysctl.d
927 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
928 endef
929
930 $(eval $(call KernelPackage,br-netfilter))
931
932
933 define KernelPackage/ebtables
934 SUBMENU:=$(NF_MENU)
935 TITLE:=Bridge firewalling modules
936 DEPENDS:=+kmod-ipt-core
937 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
938 KCONFIG:=$(KCONFIG_EBTABLES)
939 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
940 endef
941
942 define KernelPackage/ebtables/description
943 ebtables is a general, extensible frame/packet identification
944 framework. It provides you to do Ethernet
945 filtering/NAT/brouting on the Ethernet bridge.
946 endef
947
948 $(eval $(call KernelPackage,ebtables))
949
950
951 define AddDepends/ebtables
952 SUBMENU:=$(NF_MENU)
953 DEPENDS+= +kmod-ebtables $(1)
954 endef
955
956
957 define KernelPackage/ebtables-ipv4
958 TITLE:=ebtables: IPv4 support
959 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
960 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
961 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
962 $(call AddDepends/ebtables)
963 endef
964
965 define KernelPackage/ebtables-ipv4/description
966 This option adds the IPv4 support to ebtables, which allows basic
967 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
968 endef
969
970 $(eval $(call KernelPackage,ebtables-ipv4))
971
972
973 define KernelPackage/ebtables-ipv6
974 TITLE:=ebtables: IPv6 support
975 DEPENDS:=@IPV6
976 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
977 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
978 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
979 $(call AddDepends/ebtables)
980 endef
981
982 define KernelPackage/ebtables-ipv6/description
983 This option adds the IPv6 support to ebtables, which allows basic
984 IPv6 header field filtering and target support.
985 endef
986
987 $(eval $(call KernelPackage,ebtables-ipv6))
988
989
990 define KernelPackage/ebtables-watchers
991 TITLE:=ebtables: watchers support
992 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
993 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
994 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
995 $(call AddDepends/ebtables)
996 endef
997
998 define KernelPackage/ebtables-watchers/description
999 This option adds the log watchers, that you can use in any rule
1000 in any ebtables table.
1001 endef
1002
1003 $(eval $(call KernelPackage,ebtables-watchers))
1004
1005
1006 define KernelPackage/nfnetlink
1007 SUBMENU:=$(NF_MENU)
1008 TITLE:=Netlink-based userspace interface
1009 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
1010 KCONFIG:=$(KCONFIG_NFNETLINK)
1011 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
1012 endef
1013
1014 define KernelPackage/nfnetlink/description
1015 Kernel modules support for a netlink-based userspace interface
1016 endef
1017
1018 $(eval $(call KernelPackage,nfnetlink))
1019
1020
1021 define AddDepends/nfnetlink
1022 SUBMENU:=$(NF_MENU)
1023 DEPENDS+=+kmod-nfnetlink $(1)
1024 endef
1025
1026
1027 define KernelPackage/nfnetlink-log
1028 TITLE:=Netfilter LOG over NFNETLINK interface
1029 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
1030 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
1031 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
1032 $(call AddDepends/nfnetlink)
1033 endef
1034
1035 define KernelPackage/nfnetlink-log/description
1036 Kernel modules support for logging packets via NFNETLINK
1037 Includes:
1038 - NFLOG
1039 endef
1040
1041 $(eval $(call KernelPackage,nfnetlink-log))
1042
1043
1044 define KernelPackage/nfnetlink-queue
1045 TITLE:=Netfilter QUEUE over NFNETLINK interface
1046 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1047 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
1048 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
1049 $(call AddDepends/nfnetlink)
1050 endef
1051
1052 define KernelPackage/nfnetlink-queue/description
1053 Kernel modules support for queueing packets via NFNETLINK
1054 Includes:
1055 - NFQUEUE
1056 endef
1057
1058 $(eval $(call KernelPackage,nfnetlink-queue))
1059
1060
1061 define KernelPackage/nf-conntrack-netlink
1062 TITLE:=Connection tracking netlink interface
1063 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1064 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
1065 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1066 $(call AddDepends/nfnetlink,+kmod-nf-conntrack)
1067 endef
1068
1069 define KernelPackage/nf-conntrack-netlink/description
1070 Kernel modules support for a netlink-based connection tracking
1071 userspace interface
1072 endef
1073
1074 $(eval $(call KernelPackage,nf-conntrack-netlink))
1075
1076 define KernelPackage/ipt-hashlimit
1077 SUBMENU:=$(NF_MENU)
1078 TITLE:=Netfilter hashlimit match
1079 DEPENDS:=+kmod-ipt-core
1080 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1081 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1082 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1083 $(call KernelPackage/ipt)
1084 endef
1085
1086 define KernelPackage/ipt-hashlimit/description
1087 Kernel modules support for the hashlimit bucket match module
1088 endef
1089
1090 $(eval $(call KernelPackage,ipt-hashlimit))
1091
1092 define KernelPackage/ipt-rpfilter
1093 SUBMENU:=$(NF_MENU)
1094 TITLE:=Netfilter rpfilter match
1095 DEPENDS:=+kmod-ipt-core
1096 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1097 FILES:=$(realpath \
1098 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1099 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1100 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1101 $(call KernelPackage/ipt)
1102 endef
1103
1104 define KernelPackage/ipt-rpfilter/description
1105 Kernel modules support for the Netfilter rpfilter match
1106 endef
1107
1108 $(eval $(call KernelPackage,ipt-rpfilter))
1109
1110
1111 define KernelPackage/nft-core
1112 SUBMENU:=$(NF_MENU)
1113 TITLE:=Netfilter nf_tables support
1114 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +IPV6:kmod-nf-reject6 +IPV6:kmod-nf-conntrack6 +kmod-nf-nat +kmod-nf-log +IPV6:kmod-nf-log6 +kmod-lib-crc32c
1115 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1116 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1117 KCONFIG:= \
1118 CONFIG_NFT_COMPAT=n \
1119 CONFIG_NFT_QUEUE=n \
1120 $(KCONFIG_NFT_CORE)
1121 endef
1122
1123 define KernelPackage/nft-core/description
1124 Kernel module support for nftables
1125 endef
1126
1127 $(eval $(call KernelPackage,nft-core))
1128
1129
1130 define KernelPackage/nft-arp
1131 SUBMENU:=$(NF_MENU)
1132 TITLE:=Netfilter nf_tables ARP table support
1133 DEPENDS:=+kmod-nft-core
1134 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1135 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1136 KCONFIG:=$(KCONFIG_NFT_ARP)
1137 endef
1138
1139 $(eval $(call KernelPackage,nft-arp))
1140
1141
1142 define KernelPackage/nft-bridge
1143 SUBMENU:=$(NF_MENU)
1144 TITLE:=Netfilter nf_tables bridge table support
1145 DEPENDS:=+kmod-nft-core
1146 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1147 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1148 KCONFIG:= \
1149 CONFIG_NF_LOG_BRIDGE=n@lt5.13 \
1150 $(KCONFIG_NFT_BRIDGE)
1151 endef
1152
1153 $(eval $(call KernelPackage,nft-bridge))
1154
1155
1156 define KernelPackage/nft-nat
1157 SUBMENU:=$(NF_MENU)
1158 TITLE:=Netfilter nf_tables NAT support
1159 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1160 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1161 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1162 KCONFIG:=$(KCONFIG_NFT_NAT)
1163 endef
1164
1165 $(eval $(call KernelPackage,nft-nat))
1166
1167
1168 define KernelPackage/nft-offload
1169 SUBMENU:=$(NF_MENU)
1170 TITLE:=Netfilter nf_tables routing/NAT offload support
1171 DEPENDS:=@IPV6 +kmod-nf-flow +kmod-nft-nat
1172 KCONFIG:= \
1173 CONFIG_NF_FLOW_TABLE_INET \
1174 CONFIG_NF_FLOW_TABLE_IPV4 \
1175 CONFIG_NF_FLOW_TABLE_IPV6 \
1176 CONFIG_NFT_FLOW_OFFLOAD
1177 FILES:= \
1178 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1179 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1180 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1181 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1182 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1183 endef
1184
1185 $(eval $(call KernelPackage,nft-offload))
1186
1187
1188 define KernelPackage/nft-nat6
1189 SUBMENU:=$(NF_MENU)
1190 TITLE:=Netfilter nf_tables IPv6-NAT support
1191 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1192 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1193 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1194 KCONFIG:=$(KCONFIG_NFT_NAT6)
1195 endef
1196
1197 $(eval $(call KernelPackage,nft-nat6))
1198
1199 define KernelPackage/nft-netdev
1200 SUBMENU:=$(NF_MENU)
1201 TITLE:=Netfilter nf_tables netdev support
1202 DEPENDS:=+kmod-nft-core
1203 KCONFIG:= \
1204 CONFIG_NETFILTER_INGRESS=y \
1205 CONFIG_NF_TABLES_NETDEV \
1206 CONFIG_NF_DUP_NETDEV \
1207 CONFIG_NFT_DUP_NETDEV \
1208 CONFIG_NFT_FWD_NETDEV
1209 FILES:= \
1210 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1211 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1212 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1213 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1214 endef
1215
1216 $(eval $(call KernelPackage,nft-netdev))
1217
1218
1219 define KernelPackage/nft-fib
1220 SUBMENU:=$(NF_MENU)
1221 TITLE:=Netfilter nf_tables fib support
1222 DEPENDS:=+kmod-nft-core
1223 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1224 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1225 KCONFIG:=$(KCONFIG_NFT_FIB)
1226 endef
1227
1228 $(eval $(call KernelPackage,nft-fib))
1229
1230
1231 define KernelPackage/nft-queue
1232 SUBMENU:=$(NF_MENU)
1233 TITLE:=Netfilter nf_tables queue support
1234 DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
1235 FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
1236 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
1237 KCONFIG:=$(KCONFIG_NFT_QUEUE)
1238 endef
1239
1240 $(eval $(call KernelPackage,nft-queue))
1241
1242 define KernelPackage/nft-socket
1243 SUBMENU:=$(NF_MENU)
1244 TITLE:=Netfilter nf_tables socket support
1245 DEPENDS:=+kmod-nft-core +kmod-nf-socket
1246 FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
1247 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
1248 KCONFIG:=$(KCONFIG_NFT_SOCKET)
1249 endef
1250
1251 $(eval $(call KernelPackage,nft-socket))
1252
1253 define KernelPackage/nft-tproxy
1254 SUBMENU:=$(NF_MENU)
1255 TITLE:=Netfilter nf_tables tproxy support
1256 DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
1257 FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
1258 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
1259 KCONFIG:=$(KCONFIG_NFT_TPROXY)
1260 endef
1261
1262 $(eval $(call KernelPackage,nft-tproxy))
1263
1264 define KernelPackage/nft-compat
1265 SUBMENU:=$(NF_MENU)
1266 TITLE:=Netfilter nf_tables compat support
1267 DEPENDS:=+kmod-nft-core +kmod-nf-ipt
1268 FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
1269 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
1270 KCONFIG:=$(KCONFIG_NFT_COMPAT)
1271 endef
1272
1273 $(eval $(call KernelPackage,nft-compat))
1274
1275 define KernelPackage/nft-xfrm
1276 SUBMENU:=$(NF_MENU)
1277 TITLE:=Netfilter nf_tables xfrm support (ipsec)
1278 DEPENDS:=+kmod-nft-core
1279 FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
1280 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
1281 KCONFIG:=$(KCONFIG_NFT_XFRM)
1282 endef
1283
1284 $(eval $(call KernelPackage,nft-xfrm))
Staging tree of Koen Vandeputte