kernel: make most modules use AutoProbe
[openwrt/svn-archive/archive.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13 define KernelPackage/ipt-core
14 SUBMENU:=$(NF_MENU)
15 TITLE:=Netfilter core
16 KCONFIG:= \
17 CONFIG_NETFILTER=y \
18 CONFIG_NETFILTER_ADVANCED=y \
19 $(KCONFIG_IPT_CORE)
20 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
21 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
22 endef
23
24 define KernelPackage/ipt-core/description
25 Netfilter core kernel modules
26 Includes:
27 - comment
28 - limit
29 - LOG
30 - mac
31 - multiport
32 - REJECT
33 - TCPMSS
34 endef
35
36 $(eval $(call KernelPackage,ipt-core))
37
38
39 define AddDepends/ipt
40 SUBMENU:=$(NF_MENU)
41 DEPENDS+= +kmod-ipt-core $(1)
42 endef
43
44
45 define KernelPackage/ipt-conntrack
46 TITLE:=Basic connection tracking modules
47 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
48 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
49 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
50 $(call AddDepends/ipt)
51 endef
52
53 define KernelPackage/ipt-conntrack/description
54 Netfilter (IPv4) kernel modules for connection tracking
55 Includes:
56 - conntrack
57 - defrag
58 - iptables_raw
59 - NOTRACK
60 - state
61 endef
62
63 $(eval $(call KernelPackage,ipt-conntrack))
64
65
66 define KernelPackage/ipt-conntrack-extra
67 TITLE:=Extra connection tracking modules
68 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
69 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
70 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
71 $(call AddDepends/ipt,+kmod-ipt-conntrack)
72 endef
73
74 define KernelPackage/ipt-conntrack-extra/description
75 Netfilter (IPv4) extra kernel modules for connection tracking
76 Includes:
77 - connbytes
78 - connmark/CONNMARK
79 - conntrack
80 - helper
81 - recent
82 endef
83
84 $(eval $(call KernelPackage,ipt-conntrack-extra))
85
86
87 define KernelPackage/ipt-filter
88 TITLE:=Modules for packet content inspection
89 KCONFIG:=$(KCONFIG_IPT_FILTER)
90 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
91 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
92 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
93 endef
94
95 define KernelPackage/ipt-filter/description
96 Netfilter (IPv4) kernel modules for packet content inspection
97 Includes:
98 - layer7
99 - string
100 endef
101
102 $(eval $(call KernelPackage,ipt-filter))
103
104
105 define KernelPackage/ipt-ipopt
106 TITLE:=Modules for matching/changing IP packet options
107 KCONFIG:=$(KCONFIG_IPT_IPOPT)
108 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
110 $(call AddDepends/ipt)
111 endef
112
113 define KernelPackage/ipt-ipopt/description
114 Netfilter (IPv4) modules for matching/changing IP packet options
115 Includes:
116 - CLASSIFY
117 - dscp/DSCP
118 - ecn/ECN
119 - hl/HL
120 - length
121 - mark/MARK
122 - statistic
123 - tcpmss
124 - time
125 - ttl/TTL
126 - unclean
127 endef
128
129 $(eval $(call KernelPackage,ipt-ipopt))
130
131
132 define KernelPackage/ipt-ipsec
133 TITLE:=Modules for matching IPSec packets
134 KCONFIG:=$(KCONFIG_IPT_IPSEC)
135 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
136 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
137 $(call AddDepends/ipt)
138 endef
139
140 define KernelPackage/ipt-ipsec/description
141 Netfilter (IPv4) modules for matching IPSec packets
142 Includes:
143 - ah
144 - esp
145 - policy
146 endef
147
148 $(eval $(call KernelPackage,ipt-ipsec))
149
150
151 define KernelPackage/ipt-nat
152 TITLE:=Basic NAT targets
153 KCONFIG:=$(KCONFIG_IPT_NAT)
154 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
155 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
156 $(call AddDepends/ipt,+kmod-ipt-conntrack)
157 endef
158
159 define KernelPackage/ipt-nat/description
160 Netfilter (IPv4) kernel modules for basic NAT targets
161 Includes:
162 - MASQUERADE
163 endef
164
165 $(eval $(call KernelPackage,ipt-nat))
166
167
168 define KernelPackage/ipt-nat6
169 TITLE:=IPv6 NAT targets
170 KCONFIG:=$(KCONFIG_IPT_NAT6)
171 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
172 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
173 $(call AddDepends/ipt,+kmod-ipt-conntrack)
174 $(call AddDepends/ipt,+kmod-ipt-nat)
175 $(call AddDepends/ipt,+kmod-ip6tables)
176 endef
177
178 define KernelPackage/ipt-nat6/description
179 Netfilter (IPv6) kernel modules for NAT targets
180 endef
181
182 $(eval $(call KernelPackage,ipt-nat6))
183
184
185 define KernelPackage/ipt-nat-extra
186 TITLE:=Extra NAT targets
187 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
188 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
189 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
190 $(call AddDepends/ipt,+kmod-ipt-nat)
191 endef
192
193 define KernelPackage/ipt-nat-extra/description
194 Netfilter (IPv4) kernel modules for extra NAT targets
195 Includes:
196 - NETMAP
197 - REDIRECT
198 endef
199
200 $(eval $(call KernelPackage,ipt-nat-extra))
201
202
203 define KernelPackage/ipt-nathelper
204 TITLE:=Basic Conntrack and NAT helpers
205 KCONFIG:=$(KCONFIG_IPT_NATHELPER)
206 FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
207 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NATHELPER-m)))
208 $(call AddDepends/ipt,+kmod-ipt-nat)
209 endef
210
211 define KernelPackage/ipt-nathelper/description
212 Default Netfilter (IPv4) Conntrack and NAT helpers
213 Includes:
214 - ftp
215 - irc
216 - tftp
217 endef
218
219 $(eval $(call KernelPackage,ipt-nathelper))
220
221
222 define KernelPackage/ipt-nathelper-extra
223 TITLE:=Extra Conntrack and NAT helpers
224 KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
225 FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
226 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NATHELPER_EXTRA-m)))
227 $(call AddDepends/ipt,+kmod-ipt-nat +kmod-lib-textsearch)
228 endef
229
230 define KernelPackage/ipt-nathelper-extra/description
231 Extra Netfilter (IPv4) Conntrack and NAT helpers
232 Includes:
233 - amanda
234 - h323
235 - mms
236 - pptp
237 - proto_gre
238 - sip
239 - snmp_basic
240 - broadcast
241 endef
242
243 $(eval $(call KernelPackage,ipt-nathelper-extra))
244
245
246 define KernelPackage/ipt-queue
247 TITLE:=Module for user-space packet queueing
248 KCONFIG:=$(KCONFIG_IPT_QUEUE)
249 DEPENDS:=@!LINUX_3_6
250 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
251 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_QUEUE-m)))
252 $(call AddDepends/ipt)
253 endef
254
255 define KernelPackage/ipt-queue/description
256 Netfilter (IPv4) module for user-space packet queueing
257 Includes:
258 - QUEUE
259 endef
260
261 $(eval $(call KernelPackage,ipt-queue))
262
263
264 define KernelPackage/ipt-ulog
265 TITLE:=Module for user-space packet logging
266 KCONFIG:=$(KCONFIG_IPT_ULOG)
267 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
268 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
269 $(call AddDepends/ipt)
270 endef
271
272 define KernelPackage/ipt-ulog/description
273 Netfilter (IPv4) module for user-space packet logging
274 Includes:
275 - ULOG
276 endef
277
278 $(eval $(call KernelPackage,ipt-ulog))
279
280
281 define KernelPackage/ipt-debug
282 TITLE:=Module for debugging/development
283 KCONFIG:=$(KCONFIG_IPT_DEBUG)
284 DEFAULT:=n
285 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
286 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
287 $(call AddDepends/ipt)
288 endef
289
290 define KernelPackage/ipt-debug/description
291 Netfilter modules for debugging/development of the firewall
292 Includes:
293 - TRACE
294 endef
295
296 $(eval $(call KernelPackage,ipt-debug))
297
298
299 define KernelPackage/ipt-led
300 TITLE:=Module to trigger a LED with a Netfilter rule
301 KCONFIG:=$(KCONFIG_IPT_LED)
302 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
303 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
304 $(call AddDepends/ipt)
305 endef
306
307 define KernelPackage/ipt-led/description
308 Netfilter target to trigger a LED when a network packet is matched.
309 endef
310
311 $(eval $(call KernelPackage,ipt-led))
312
313 define KernelPackage/ipt-tproxy
314 TITLE:=Transparent proxying support
315 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
316 KCONFIG:= \
317 CONFIG_NETFILTER_TPROXY \
318 CONFIG_NETFILTER_XT_MATCH_SOCKET \
319 CONFIG_NETFILTER_XT_TARGET_TPROXY
320 FILES:= \
321 $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \
322 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
323 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
324 $(call AddDepends/ipt)
325 endef
326
327 define KernelPackage/ipt-tproxy/description
328 Kernel modules for Transparent Proxying
329 endef
330
331 $(eval $(call KernelPackage,ipt-tproxy))
332
333 define KernelPackage/ipt-tee
334 TITLE:=TEE support
335 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
336 KCONFIG:= \
337 CONFIG_NETFILTER_XT_TARGET_TEE
338 FILES:= \
339 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
340 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
341 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
342 $(call AddDepends/ipt)
343 endef
344
345 define KernelPackage/ipt-tee/description
346 Kernel modules for TEE
347 endef
348
349 $(eval $(call KernelPackage,ipt-tee))
350
351
352 define KernelPackage/ipt-u32
353 TITLE:=U32 support
354 KCONFIG:= \
355 CONFIG_NETFILTER_XT_MATCH_U32
356 FILES:= \
357 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
358 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
359 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
360 $(call AddDepends/ipt)
361 endef
362
363 define KernelPackage/ipt-u32/description
364 Kernel modules for U32
365 endef
366
367 $(eval $(call KernelPackage,ipt-u32))
368
369
370 define KernelPackage/ipt-iprange
371 TITLE:=Module for matching ip ranges
372 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
373 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
374 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
375 $(call AddDepends/ipt)
376 endef
377
378 define KernelPackage/ipt-iprange/description
379 Netfilter (IPv4) module for matching ip ranges
380 Includes:
381 - iprange
382 endef
383
384 $(eval $(call KernelPackage,ipt-iprange))
385
386
387 define KernelPackage/ipt-extra
388 TITLE:=Extra modules
389 KCONFIG:=$(KCONFIG_IPT_EXTRA)
390 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
391 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
392 $(call AddDepends/ipt)
393 endef
394
395 define KernelPackage/ipt-extra/description
396 Other Netfilter (IPv4) kernel modules
397 Includes:
398 - addrtype
399 - owner
400 - physdev (if bridge support was enabled in kernel)
401 - pkttype
402 - quota
403 endef
404
405 $(eval $(call KernelPackage,ipt-extra))
406
407
408 define KernelPackage/ip6tables
409 SUBMENU:=$(NF_MENU)
410 TITLE:=IPv6 modules
411 DEPENDS:=+kmod-ipv6 +kmod-ipt-core +kmod-ipt-conntrack
412 KCONFIG:=$(KCONFIG_IPT_IPV6)
413 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
414 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
415 endef
416
417 define KernelPackage/ip6tables/description
418 Netfilter IPv6 firewalling support
419 endef
420
421 $(eval $(call KernelPackage,ip6tables))
422
423 ARP_MODULES = arp_tables arpt_mangle arptable_filter
424 define KernelPackage/arptables
425 SUBMENU:=$(NF_MENU)
426 TITLE:=ARP firewalling modules
427 DEPENDS:=+kmod-ipt-core
428 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
429 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
430 CONFIG_IP_NF_ARPFILTER \
431 CONFIG_IP_NF_ARP_MANGLE
432 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
433 endef
434
435 define KernelPackage/arptables/description
436 Kernel modules for ARP firewalling
437 endef
438
439 $(eval $(call KernelPackage,arptables))
440
441
442 define KernelPackage/ebtables
443 SUBMENU:=$(NF_MENU)
444 TITLE:=Bridge firewalling modules
445 DEPENDS:=+kmod-ipt-core +kmod-bridge
446 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
447 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
448 $(KCONFIG_EBTABLES)
449 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
450 endef
451
452 define KernelPackage/ebtables/description
453 ebtables is a general, extensible frame/packet identification
454 framework. It provides you to do Ethernet
455 filtering/NAT/brouting on the Ethernet bridge.
456 endef
457
458 $(eval $(call KernelPackage,ebtables))
459
460
461 define AddDepends/ebtables
462 SUBMENU:=$(NF_MENU)
463 DEPENDS+=kmod-ebtables $(1)
464 endef
465
466
467 define KernelPackage/ebtables-ipv4
468 TITLE:=ebtables: IPv4 support
469 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
470 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
471 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
472 $(call AddDepends/ebtables)
473 endef
474
475 define KernelPackage/ebtables-ipv4/description
476 This option adds the IPv4 support to ebtables, which allows basic
477 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
478 endef
479
480 $(eval $(call KernelPackage,ebtables-ipv4))
481
482
483 define KernelPackage/ebtables-ipv6
484 TITLE:=ebtables: IPv6 support
485 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
486 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
487 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
488 $(call AddDepends/ebtables)
489 endef
490
491 define KernelPackage/ebtables-ipv6/description
492 This option adds the IPv6 support to ebtables, which allows basic
493 IPv6 header field filtering and target support.
494 endef
495
496 $(eval $(call KernelPackage,ebtables-ipv6))
497
498
499 define KernelPackage/ebtables-watchers
500 TITLE:=ebtables: watchers support
501 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
502 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
503 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
504 $(call AddDepends/ebtables)
505 endef
506
507 define KernelPackage/ebtables-watchers/description
508 This option adds the log watchers, that you can use in any rule
509 in any ebtables table.
510 endef
511
512 $(eval $(call KernelPackage,ebtables-watchers))
513
514
515 define KernelPackage/nfnetlink
516 SUBMENU:=$(NF_MENU)
517 TITLE:=Netlink-based userspace interface
518 DEPENDS:=+kmod-ipt-core
519 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
520 KCONFIG:=CONFIG_NETFILTER_NETLINK
521 AUTOLOAD:=$(call AutoProbe,nfnetlink)
522 endef
523
524 define KernelPackage/nfnetlink/description
525 Kernel modules support for a netlink-based userspace interface
526 endef
527
528 $(eval $(call KernelPackage,nfnetlink))
529
530
531 define AddDepends/nfnetlink
532 SUBMENU:=$(NF_MENU)
533 DEPENDS+=+kmod-nfnetlink $(1)
534 endef
535
536
537 define KernelPackage/nfnetlink-log
538 TITLE:=Netfilter LOG over NFNETLINK interface
539 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
540 KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
541 AUTOLOAD:=$(call AutoProbe,nfnetlink_log)
542 $(call AddDepends/nfnetlink)
543 endef
544
545 define KernelPackage/nfnetlink-log/description
546 Kernel modules support for logging packets via NFNETLINK
547 endef
548
549 $(eval $(call KernelPackage,nfnetlink-log))
550
551
552 define KernelPackage/nfnetlink-queue
553 TITLE:=Netfilter QUEUE over NFNETLINK interface
554 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
555 KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
556 AUTOLOAD:=$(call AutoProbe,nfnetlink_queue)
557 $(call AddDepends/nfnetlink)
558 endef
559
560 define KernelPackage/nfnetlink-queue/description
561 Kernel modules support for queueing packets via NFNETLINK
562 endef
563
564 $(eval $(call KernelPackage,nfnetlink-queue))
565
566
567 define KernelPackage/nf-conntrack-netlink
568 TITLE:=Connection tracking netlink interface
569 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
570 KCONFIG:=CONFIG_NF_CT_NETLINK
571 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
572 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
573 endef
574
575 define KernelPackage/nf-conntrack-netlink/description
576 Kernel modules support for a netlink-based connection tracking
577 userspace interface
578 endef
579
580 $(eval $(call KernelPackage,nf-conntrack-netlink))
581
582 define KernelPackage/ipt-hashlimit
583 SUBMENU:=$(NF_MENU)
584 TITLE:=Netfilter hashlimit match
585 DEPENDS:=+kmod-ipt-core
586 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
587 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
588 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
589 $(call KernelPackage/ipt)
590 endef
591
592 define KernelPackage/ipt-hashlimit/description
593 Kernel modules support for the hashlimit bucket match module
594 endef
595
596 $(eval $(call KernelPackage,ipt-hashlimit))