netfilter: Add queue support for nftables

This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule

Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 77b4c6c79bbd3e0b410cb3b336b20ac3d2cc3ddc..889beb7a983073f0e3c51b2e6e0aa55aed359def 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -355,6 +355,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_INET, $(P_XT)nft_fib
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV4, $(P_V4)nft_fib_ipv4),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib_ipv6),))
 
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
 
 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 22a9f8e2a62a62679f9affc0aa4e92388630d9e1..aacf5948b1ef247115052b053ea03bf272e381a4 100644 (file)
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -1167,3 +1167,15 @@ define KernelPackage/nft-fib
 endef
 
 $(eval $(call KernelPackage,nft-fib))
+
+
+define KernelPackage/nft-queue
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables queue support
+  DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
+  FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
+  KCONFIG:=$(KCONFIG_NFT_QUEUE)
+endef
+
+$(eval $(call KernelPackage,nft-queue))