projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: backport netfilter NAT offload support to 4.14
[openwrt/staging/dedeckeh.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 $(eval $(call KernelPackage,nf-conntrack))
105
106
107 define KernelPackage/nf-conntrack6
108 SUBMENU:=$(NF_MENU)
109 TITLE:=Netfilter IPv6 connection tracking
110 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
111 DEPENDS:=@IPV6 +kmod-nf-conntrack
112 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
114 endef
115
116 $(eval $(call KernelPackage,nf-conntrack6))
117
118
119 define KernelPackage/nf-nat
120 SUBMENU:=$(NF_MENU)
121 TITLE:=Netfilter NAT
122 KCONFIG:=$(KCONFIG_NF_NAT)
123 DEPENDS:=+kmod-nf-conntrack
124 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
126 endef
127
128 $(eval $(call KernelPackage,nf-nat))
129
130
131 define KernelPackage/nf-nat6
132 SUBMENU:=$(NF_MENU)
133 TITLE:=Netfilter IPV6-NAT
134 KCONFIG:=$(KCONFIG_NF_NAT6)
135 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
136 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
137 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
138 endef
139
140 $(eval $(call KernelPackage,nf-nat6))
141
142
143 define KernelPackage/nf-flow
144 SUBMENU:=$(NF_MENU)
145 TITLE:=Netfilter flowtable support
146 KCONFIG:= \
147 CONFIG_NETFILTER_INGRESS=y \
148 CONFIG_NF_FLOW_TABLE \
149 CONFIG_NF_FLOW_TABLE_HW
150 DEPENDS:=+kmod-nf-conntrack +kmod-nft-core @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
151 FILES:= \
152 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
153 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
154 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
155 endef
156
157 $(eval $(call KernelPackage,nf-flow))
158
159
160 define AddDepends/ipt
161 SUBMENU:=$(NF_MENU)
162 DEPENDS+= +kmod-ipt-core $(1)
163 endef
164
165
166 define KernelPackage/ipt-conntrack
167 TITLE:=Basic connection tracking modules
168 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
169 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
170 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
171 $(call AddDepends/ipt,+kmod-nf-conntrack)
172 endef
173
174 define KernelPackage/ipt-conntrack/description
175 Netfilter (IPv4) kernel modules for connection tracking
176 Includes:
177 - conntrack
178 - defrag
179 - iptables_raw
180 - NOTRACK
181 - state
182 endef
183
184 $(eval $(call KernelPackage,ipt-conntrack))
185
186
187 define KernelPackage/ipt-conntrack-extra
188 TITLE:=Extra connection tracking modules
189 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
190 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
191 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
192 $(call AddDepends/ipt,+kmod-ipt-conntrack)
193 endef
194
195 define KernelPackage/ipt-conntrack-extra/description
196 Netfilter (IPv4) extra kernel modules for connection tracking
197 Includes:
198 - connbytes
199 - connmark/CONNMARK
200 - conntrack
201 - helper
202 - recent
203 endef
204
205 $(eval $(call KernelPackage,ipt-conntrack-extra))
206
207 define KernelPackage/ipt-conntrack-label
208 TITLE:=Module for handling connection tracking labels
209 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
210 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
211 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
212 $(call AddDepends/ipt,+kmod-ipt-conntrack)
213 endef
214
215 define KernelPackage/ipt-conntrack-label/description
216 Netfilter (IPv4) module for handling connection tracking labels
217 Includes:
218 - connlabel
219 endef
220
221 $(eval $(call KernelPackage,ipt-conntrack-label))
222
223 define KernelPackage/ipt-filter
224 TITLE:=Modules for packet content inspection
225 KCONFIG:=$(KCONFIG_IPT_FILTER)
226 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
227 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
228 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
229 endef
230
231 define KernelPackage/ipt-filter/description
232 Netfilter (IPv4) kernel modules for packet content inspection
233 Includes:
234 - string
235 endef
236
237 $(eval $(call KernelPackage,ipt-filter))
238
239
240 define KernelPackage/ipt-ipopt
241 TITLE:=Modules for matching/changing IP packet options
242 KCONFIG:=$(KCONFIG_IPT_IPOPT)
243 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
244 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
245 $(call AddDepends/ipt)
246 endef
247
248 define KernelPackage/ipt-ipopt/description
249 Netfilter (IPv4) modules for matching/changing IP packet options
250 Includes:
251 - CLASSIFY
252 - dscp/DSCP
253 - ecn/ECN
254 - hl/HL
255 - length
256 - mark/MARK
257 - statistic
258 - tcpmss
259 - time
260 - ttl/TTL
261 - unclean
262 endef
263
264 $(eval $(call KernelPackage,ipt-ipopt))
265
266
267 define KernelPackage/ipt-ipsec
268 TITLE:=Modules for matching IPSec packets
269 KCONFIG:=$(KCONFIG_IPT_IPSEC)
270 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
271 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
272 $(call AddDepends/ipt)
273 endef
274
275 define KernelPackage/ipt-ipsec/description
276 Netfilter (IPv4) modules for matching IPSec packets
277 Includes:
278 - ah
279 - esp
280 - policy
281 endef
282
283 $(eval $(call KernelPackage,ipt-ipsec))
284
285 IPSET_MODULES:= \
286 ipset/ip_set \
287 ipset/ip_set_bitmap_ip \
288 ipset/ip_set_bitmap_ipmac \
289 ipset/ip_set_bitmap_port \
290 ipset/ip_set_hash_ip \
291 ipset/ip_set_hash_ipmark \
292 ipset/ip_set_hash_ipport \
293 ipset/ip_set_hash_ipportip \
294 ipset/ip_set_hash_ipportnet \
295 ipset/ip_set_hash_mac \
296 ipset/ip_set_hash_netportnet \
297 ipset/ip_set_hash_net \
298 ipset/ip_set_hash_netnet \
299 ipset/ip_set_hash_netport \
300 ipset/ip_set_hash_netiface \
301 ipset/ip_set_list_set \
302 xt_set
303
304 define KernelPackage/ipt-ipset
305 SUBMENU:=Netfilter Extensions
306 TITLE:=IPset netfilter modules
307 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
308 KCONFIG:= \
309 CONFIG_IP_SET \
310 CONFIG_IP_SET_MAX=256 \
311 CONFIG_NETFILTER_XT_SET \
312 CONFIG_IP_SET_BITMAP_IP \
313 CONFIG_IP_SET_BITMAP_IPMAC \
314 CONFIG_IP_SET_BITMAP_PORT \
315 CONFIG_IP_SET_HASH_IP \
316 CONFIG_IP_SET_HASH_IPMARK \
317 CONFIG_IP_SET_HASH_IPPORT \
318 CONFIG_IP_SET_HASH_IPPORTIP \
319 CONFIG_IP_SET_HASH_IPPORTNET \
320 CONFIG_IP_SET_HASH_MAC \
321 CONFIG_IP_SET_HASH_NET \
322 CONFIG_IP_SET_HASH_NETNET \
323 CONFIG_IP_SET_HASH_NETIFACE \
324 CONFIG_IP_SET_HASH_NETPORT \
325 CONFIG_IP_SET_HASH_NETPORTNET \
326 CONFIG_IP_SET_LIST_SET \
327 CONFIG_NET_EMATCH_IPSET=n
328 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
329 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
330 endef
331 $(eval $(call KernelPackage,ipt-ipset))
332
333
334 define KernelPackage/ipt-nat
335 TITLE:=Basic NAT targets
336 KCONFIG:=$(KCONFIG_IPT_NAT)
337 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
338 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
339 $(call AddDepends/ipt,+kmod-nf-nat)
340 endef
341
342 define KernelPackage/ipt-nat/description
343 Netfilter (IPv4) kernel modules for basic NAT targets
344 Includes:
345 - MASQUERADE
346 endef
347
348 $(eval $(call KernelPackage,ipt-nat))
349
350
351 define KernelPackage/ipt-raw
352 TITLE:=Netfilter IPv4 raw table support
353 KCONFIG:=CONFIG_IP_NF_RAW
354 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
355 AUTOLOAD:=$(call AutoProbe,iptable_raw)
356 $(call AddDepends/ipt)
357 endef
358
359 $(eval $(call KernelPackage,ipt-raw))
360
361
362 define KernelPackage/ipt-raw6
363 TITLE:=Netfilter IPv6 raw table support
364 KCONFIG:=CONFIG_IP6_NF_RAW
365 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
366 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
367 $(call AddDepends/ipt,+kmod-ip6tables)
368 endef
369
370 $(eval $(call KernelPackage,ipt-raw6))
371
372
373 define KernelPackage/ipt-nat6
374 TITLE:=IPv6 NAT targets
375 KCONFIG:=$(KCONFIG_IPT_NAT6)
376 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
377 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
378 $(call AddDepends/ipt,+kmod-nf-nat6)
379 $(call AddDepends/ipt,+kmod-ipt-conntrack)
380 $(call AddDepends/ipt,+kmod-ipt-nat)
381 $(call AddDepends/ipt,+kmod-ip6tables)
382 endef
383
384 define KernelPackage/ipt-nat6/description
385 Netfilter (IPv6) kernel modules for NAT targets
386 endef
387
388 $(eval $(call KernelPackage,ipt-nat6))
389
390
391 define KernelPackage/ipt-nat-extra
392 TITLE:=Extra NAT targets
393 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
394 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
395 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
396 $(call AddDepends/ipt,+kmod-ipt-nat)
397 endef
398
399 define KernelPackage/ipt-nat-extra/description
400 Netfilter (IPv4) kernel modules for extra NAT targets
401 Includes:
402 - NETMAP
403 - REDIRECT
404 endef
405
406 $(eval $(call KernelPackage,ipt-nat-extra))
407
408
409 define KernelPackage/nf-nathelper
410 SUBMENU:=$(NF_MENU)
411 TITLE:=Basic Conntrack and NAT helpers
412 KCONFIG:=$(KCONFIG_NF_NATHELPER)
413 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
414 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
415 DEPENDS:=+kmod-nf-nat
416 endef
417
418 define KernelPackage/nf-nathelper/description
419 Default Netfilter (IPv4) Conntrack and NAT helpers
420 Includes:
421 - ftp
422 endef
423
424 $(eval $(call KernelPackage,nf-nathelper))
425
426
427 define KernelPackage/nf-nathelper-extra
428 SUBMENU:=$(NF_MENU)
429 TITLE:=Extra Conntrack and NAT helpers
430 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
431 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
432 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
433 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
434 endef
435
436 define KernelPackage/nf-nathelper-extra/description
437 Extra Netfilter (IPv4) Conntrack and NAT helpers
438 Includes:
439 - amanda
440 - h323
441 - irc
442 - mms
443 - pptp
444 - proto_gre
445 - sip
446 - snmp_basic
447 - tftp
448 - broadcast
449 endef
450
451 $(eval $(call KernelPackage,nf-nathelper-extra))
452
453
454 define KernelPackage/ipt-ulog
455 TITLE:=Module for user-space packet logging
456 KCONFIG:=$(KCONFIG_IPT_ULOG)
457 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
458 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
459 $(call AddDepends/ipt)
460 endef
461
462 define KernelPackage/ipt-ulog/description
463 Netfilter (IPv4) module for user-space packet logging
464 Includes:
465 - ULOG
466 endef
467
468 $(eval $(call KernelPackage,ipt-ulog))
469
470
471 define KernelPackage/ipt-nflog
472 TITLE:=Module for user-space packet logging
473 KCONFIG:=$(KCONFIG_IPT_NFLOG)
474 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
475 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
476 $(call AddDepends/ipt,+kmod-nfnetlink-log)
477 endef
478
479 define KernelPackage/ipt-nflog/description
480 Netfilter module for user-space packet logging
481 Includes:
482 - NFLOG
483 endef
484
485 $(eval $(call KernelPackage,ipt-nflog))
486
487
488 define KernelPackage/ipt-nfqueue
489 TITLE:=Module for user-space packet queuing
490 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
491 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
492 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
493 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
494 endef
495
496 define KernelPackage/ipt-nfqueue/description
497 Netfilter module for user-space packet queuing
498 Includes:
499 - NFQUEUE
500 endef
501
502 $(eval $(call KernelPackage,ipt-nfqueue))
503
504
505 define KernelPackage/ipt-debug
506 TITLE:=Module for debugging/development
507 KCONFIG:=$(KCONFIG_IPT_DEBUG)
508 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
509 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
510 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
511 endef
512
513 define KernelPackage/ipt-debug/description
514 Netfilter modules for debugging/development of the firewall
515 Includes:
516 - TRACE
517 endef
518
519 $(eval $(call KernelPackage,ipt-debug))
520
521
522 define KernelPackage/ipt-led
523 TITLE:=Module to trigger a LED with a Netfilter rule
524 KCONFIG:=$(KCONFIG_IPT_LED)
525 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
526 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
527 $(call AddDepends/ipt)
528 endef
529
530 define KernelPackage/ipt-led/description
531 Netfilter target to trigger a LED when a network packet is matched.
532 endef
533
534 $(eval $(call KernelPackage,ipt-led))
535
536 define KernelPackage/ipt-tproxy
537 TITLE:=Transparent proxying support
538 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
539 KCONFIG:= \
540 CONFIG_NETFILTER_XT_MATCH_SOCKET \
541 CONFIG_NETFILTER_XT_TARGET_TPROXY
542 FILES:= \
543 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
544 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
545 $(call AddDepends/ipt)
546 endef
547
548 define KernelPackage/ipt-tproxy/description
549 Kernel modules for Transparent Proxying
550 endef
551
552 $(eval $(call KernelPackage,ipt-tproxy))
553
554 define KernelPackage/ipt-tee
555 TITLE:=TEE support
556 DEPENDS:=+kmod-ipt-conntrack
557 KCONFIG:= \
558 CONFIG_NETFILTER_XT_TARGET_TEE
559 FILES:= \
560 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
561 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
562 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
563 $(call AddDepends/ipt)
564 endef
565
566 define KernelPackage/ipt-tee/description
567 Kernel modules for TEE
568 endef
569
570 $(eval $(call KernelPackage,ipt-tee))
571
572
573 define KernelPackage/ipt-u32
574 TITLE:=U32 support
575 KCONFIG:= \
576 CONFIG_NETFILTER_XT_MATCH_U32
577 FILES:= \
578 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
579 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
580 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
581 $(call AddDepends/ipt)
582 endef
583
584 define KernelPackage/ipt-u32/description
585 Kernel modules for U32
586 endef
587
588 $(eval $(call KernelPackage,ipt-u32))
589
590 define KernelPackage/ipt-checksum
591 TITLE:=CHECKSUM support
592 KCONFIG:= \
593 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
594 FILES:= \
595 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
596 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
597 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
598 $(call AddDepends/ipt)
599 endef
600
601 define KernelPackage/ipt-checksum/description
602 Kernel modules for CHECKSUM fillin target
603 endef
604
605 $(eval $(call KernelPackage,ipt-checksum))
606
607
608 define KernelPackage/ipt-iprange
609 TITLE:=Module for matching ip ranges
610 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
611 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
612 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
613 $(call AddDepends/ipt)
614 endef
615
616 define KernelPackage/ipt-iprange/description
617 Netfilter (IPv4) module for matching ip ranges
618 Includes:
619 - iprange
620 endef
621
622 $(eval $(call KernelPackage,ipt-iprange))
623
624 define KernelPackage/ipt-cluster
625 TITLE:=Module for matching cluster
626 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
627 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
628 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
629 $(call AddDepends/ipt)
630 endef
631
632 define KernelPackage/ipt-cluster/description
633 Netfilter (IPv4/IPv6) module for matching cluster
634 This option allows you to build work-load-sharing clusters of
635 network servers/stateful firewalls without having a dedicated
636 load-balancing router/server/switch. Basically, this match returns
637 true when the packet must be handled by this cluster node. Thus,
638 all nodes see all packets and this match decides which node handles
639 what packets. The work-load sharing algorithm is based on source
640 address hashing.
641
642 This module is usable for ipv4 and ipv6.
643
644 To use it also enable iptables-mod-cluster
645
646 see `iptables -m cluster --help` for more information.
647 endef
648
649 $(eval $(call KernelPackage,ipt-cluster))
650
651 define KernelPackage/ipt-clusterip
652 TITLE:=Module for CLUSTERIP
653 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
654 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
655 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
656 $(call AddDepends/ipt,+kmod-nf-conntrack)
657 endef
658
659 define KernelPackage/ipt-clusterip/description
660 Netfilter (IPv4-only) module for CLUSTERIP
661 The CLUSTERIP target allows you to build load-balancing clusters of
662 network servers without having a dedicated load-balancing
663 router/server/switch.
664
665 To use it also enable iptables-mod-clusterip
666
667 see `iptables -j CLUSTERIP --help` for more information.
668 endef
669
670 $(eval $(call KernelPackage,ipt-clusterip))
671
672
673 define KernelPackage/ipt-extra
674 TITLE:=Extra modules
675 KCONFIG:=$(KCONFIG_IPT_EXTRA)
676 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
677 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
678 $(call AddDepends/ipt,+kmod-br-netfilter)
679 endef
680
681 define KernelPackage/ipt-extra/description
682 Other Netfilter (IPv4) kernel modules
683 Includes:
684 - addrtype
685 - owner
686 - physdev (if bridge support was enabled in kernel)
687 - pkttype
688 - quota
689 endef
690
691 $(eval $(call KernelPackage,ipt-extra))
692
693
694 define KernelPackage/ip6tables
695 SUBMENU:=$(NF_MENU)
696 TITLE:=IPv6 modules
697 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
698 KCONFIG:=$(KCONFIG_IPT_IPV6)
699 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
700 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
701 endef
702
703 define KernelPackage/ip6tables/description
704 Netfilter IPv6 firewalling support
705 endef
706
707 $(eval $(call KernelPackage,ip6tables))
708
709 define KernelPackage/ip6tables-extra
710 SUBMENU:=$(NF_MENU)
711 TITLE:=Extra IPv6 modules
712 DEPENDS:=+kmod-ip6tables
713 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
714 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
715 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
716 endef
717
718 define KernelPackage/ip6tables-extra/description
719 Netfilter IPv6 extra header matching modules
720 endef
721
722 $(eval $(call KernelPackage,ip6tables-extra))
723
724 ARP_MODULES = arp_tables arpt_mangle arptable_filter
725 define KernelPackage/arptables
726 SUBMENU:=$(NF_MENU)
727 TITLE:=ARP firewalling modules
728 DEPENDS:=+kmod-ipt-core
729 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
730 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
731 CONFIG_IP_NF_ARPFILTER \
732 CONFIG_IP_NF_ARP_MANGLE
733 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
734 endef
735
736 define KernelPackage/arptables/description
737 Kernel modules for ARP firewalling
738 endef
739
740 $(eval $(call KernelPackage,arptables))
741
742
743 define KernelPackage/br-netfilter
744 SUBMENU:=$(NF_MENU)
745 TITLE:=Bridge netfilter support modules
746 HIDDEN:=1
747 DEPENDS:=+kmod-ipt-core
748 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
749 KCONFIG:=CONFIG_BRIDGE_NETFILTER
750 AUTOLOAD:=$(call AutoProbe,br_netfilter)
751 endef
752
753 $(eval $(call KernelPackage,br-netfilter))
754
755
756 define KernelPackage/ebtables
757 SUBMENU:=$(NF_MENU)
758 TITLE:=Bridge firewalling modules
759 DEPENDS:=+kmod-ipt-core +kmod-br-netfilter
760 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
761 KCONFIG:=$(KCONFIG_EBTABLES)
762 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
763 endef
764
765 define KernelPackage/ebtables/description
766 ebtables is a general, extensible frame/packet identification
767 framework. It provides you to do Ethernet
768 filtering/NAT/brouting on the Ethernet bridge.
769 endef
770
771 $(eval $(call KernelPackage,ebtables))
772
773
774 define AddDepends/ebtables
775 SUBMENU:=$(NF_MENU)
776 DEPENDS+=kmod-ebtables $(1)
777 endef
778
779
780 define KernelPackage/ebtables-ipv4
781 TITLE:=ebtables: IPv4 support
782 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
783 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
784 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
785 $(call AddDepends/ebtables)
786 endef
787
788 define KernelPackage/ebtables-ipv4/description
789 This option adds the IPv4 support to ebtables, which allows basic
790 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
791 endef
792
793 $(eval $(call KernelPackage,ebtables-ipv4))
794
795
796 define KernelPackage/ebtables-ipv6
797 TITLE:=ebtables: IPv6 support
798 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
799 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
800 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
801 $(call AddDepends/ebtables)
802 endef
803
804 define KernelPackage/ebtables-ipv6/description
805 This option adds the IPv6 support to ebtables, which allows basic
806 IPv6 header field filtering and target support.
807 endef
808
809 $(eval $(call KernelPackage,ebtables-ipv6))
810
811
812 define KernelPackage/ebtables-watchers
813 TITLE:=ebtables: watchers support
814 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
815 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
816 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
817 $(call AddDepends/ebtables)
818 endef
819
820 define KernelPackage/ebtables-watchers/description
821 This option adds the log watchers, that you can use in any rule
822 in any ebtables table.
823 endef
824
825 $(eval $(call KernelPackage,ebtables-watchers))
826
827
828 define KernelPackage/nfnetlink
829 SUBMENU:=$(NF_MENU)
830 TITLE:=Netlink-based userspace interface
831 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
832 KCONFIG:=$(KCONFIG_NFNETLINK)
833 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
834 endef
835
836 define KernelPackage/nfnetlink/description
837 Kernel modules support for a netlink-based userspace interface
838 endef
839
840 $(eval $(call KernelPackage,nfnetlink))
841
842
843 define AddDepends/nfnetlink
844 SUBMENU:=$(NF_MENU)
845 DEPENDS+=+kmod-nfnetlink $(1)
846 endef
847
848
849 define KernelPackage/nfnetlink-log
850 TITLE:=Netfilter LOG over NFNETLINK interface
851 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
852 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
853 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
854 $(call AddDepends/nfnetlink)
855 endef
856
857 define KernelPackage/nfnetlink-log/description
858 Kernel modules support for logging packets via NFNETLINK
859 Includes:
860 - NFLOG
861 endef
862
863 $(eval $(call KernelPackage,nfnetlink-log))
864
865
866 define KernelPackage/nfnetlink-queue
867 TITLE:=Netfilter QUEUE over NFNETLINK interface
868 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
869 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
870 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
871 $(call AddDepends/nfnetlink)
872 endef
873
874 define KernelPackage/nfnetlink-queue/description
875 Kernel modules support for queueing packets via NFNETLINK
876 Includes:
877 - NFQUEUE
878 endef
879
880 $(eval $(call KernelPackage,nfnetlink-queue))
881
882
883 define KernelPackage/nf-conntrack-netlink
884 TITLE:=Connection tracking netlink interface
885 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
886 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
887 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
888 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
889 endef
890
891 define KernelPackage/nf-conntrack-netlink/description
892 Kernel modules support for a netlink-based connection tracking
893 userspace interface
894 endef
895
896 $(eval $(call KernelPackage,nf-conntrack-netlink))
897
898 define KernelPackage/ipt-hashlimit
899 SUBMENU:=$(NF_MENU)
900 TITLE:=Netfilter hashlimit match
901 DEPENDS:=+kmod-ipt-core
902 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
903 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
904 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
905 $(call KernelPackage/ipt)
906 endef
907
908 define KernelPackage/ipt-hashlimit/description
909 Kernel modules support for the hashlimit bucket match module
910 endef
911
912 $(eval $(call KernelPackage,ipt-hashlimit))
913
914 define KernelPackage/ipt-rpfilter
915 SUBMENU:=$(NF_MENU)
916 TITLE:=Netfilter rpfilter match
917 DEPENDS:=+kmod-ipt-core
918 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
919 FILES:=$(realpath \
920 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
921 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
922 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
923 $(call KernelPackage/ipt)
924 endef
925
926 define KernelPackage/ipt-rpfilter/description
927 Kernel modules support for the Netfilter rpfilter match
928 endef
929
930 $(eval $(call KernelPackage,ipt-rpfilter))
931
932
933 define KernelPackage/nft-core
934 SUBMENU:=$(NF_MENU)
935 TITLE:=Netfilter nf_tables support
936 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
937 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
938 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
939 KCONFIG:= \
940 CONFIG_NFT_COMPAT=n \
941 CONFIG_NFT_QUEUE=n \
942 $(KCONFIG_NFT_CORE)
943 endef
944
945 define KernelPackage/nft-core/description
946 Kernel module support for nftables
947 endef
948
949 $(eval $(call KernelPackage,nft-core))
950
951
952 define KernelPackage/nft-arp
953 SUBMENU:=$(NF_MENU)
954 TITLE:=Netfilter nf_tables ARP table support
955 DEPENDS:=+kmod-nft-core
956 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
957 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
958 KCONFIG:=$(KCONFIG_NFT_ARP)
959 endef
960
961 $(eval $(call KernelPackage,nft-arp))
962
963
964 define KernelPackage/nft-bridge
965 SUBMENU:=$(NF_MENU)
966 TITLE:=Netfilter nf_tables bridge table support
967 DEPENDS:=+kmod-nft-core
968 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
969 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
970 KCONFIG:= \
971 CONFIG_NF_LOG_BRIDGE=n \
972 $(KCONFIG_NFT_BRIDGE)
973 endef
974
975 $(eval $(call KernelPackage,nft-bridge))
976
977
978 define KernelPackage/nft-nat
979 SUBMENU:=$(NF_MENU)
980 TITLE:=Netfilter nf_tables NAT support
981 DEPENDS:=+kmod-nft-core +kmod-nf-nat
982 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
983 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
984 KCONFIG:=$(KCONFIG_NFT_NAT)
985 endef
986
987 $(eval $(call KernelPackage,nft-nat))
988
989
990 define KernelPackage/nft-offload
991 SUBMENU:=$(NF_MENU)
992 TITLE:=Netfilter nf_tables routing/NAT offload support
993 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
994 KCONFIG:= \
995 CONFIG_NF_FLOW_TABLE_INET \
996 CONFIG_NF_FLOW_TABLE_IPV4 \
997 CONFIG_NF_FLOW_TABLE_IPV6 \
998 CONFIG_NFT_FLOW_OFFLOAD
999 FILES:= \
1000 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1001 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1002 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1003 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1004 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1005 endef
1006
1007 $(eval $(call KernelPackage,nft-offload))
1008
1009
1010 define KernelPackage/nft-nat6
1011 SUBMENU:=$(NF_MENU)
1012 TITLE:=Netfilter nf_tables IPv6-NAT support
1013 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1014 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1015 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1016 KCONFIG:=$(KCONFIG_NFT_NAT6)
1017 endef
1018
1019 $(eval $(call KernelPackage,nft-nat6))
Staging tree of dedeckeh